diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | create/schema/schema.sql | 8 | ||||
| -rw-r--r-- | frontends/php/authentication.php | 182 | ||||
| -rw-r--r-- | frontends/php/config.php | 86 | ||||
| -rw-r--r-- | frontends/php/include/classes/cldap.inc.php | 271 | ||||
| -rw-r--r-- | frontends/php/include/config.inc.php | 288 | ||||
| -rw-r--r-- | frontends/php/include/defines.inc.php | 47 | ||||
| -rw-r--r-- | frontends/php/include/forms.inc.php | 49 | ||||
| -rw-r--r-- | frontends/php/include/locales/en_gb.inc.php | 13 | ||||
| -rw-r--r-- | frontends/php/include/page_header.php | 221 | ||||
| -rw-r--r-- | frontends/php/include/perm.inc.php | 37 | ||||
| -rw-r--r-- | frontends/php/index.php | 36 | ||||
| -rw-r--r-- | frontends/php/users.php | 2 |
13 files changed, 844 insertions, 397 deletions
@@ -1,5 +1,6 @@ Changes for 1.5.1: + - [DEV-145] added Ldap authentication (Artem) - [DEV-147] added support network and disk stats under OpenBSD (Sasha) - [DEV-164] added required server performance info to Status of ZABBIX (Alexei) - [DEV-160] added time filter in "Availability report" (Artem) diff --git a/create/schema/schema.sql b/create/schema/schema.sql index 1248a4a6..afd8f952 100644 --- a/create/schema/schema.sql +++ b/create/schema/schema.sql @@ -356,6 +356,14 @@ FIELD |event_ack_enable|t_integer |'1' |NOT NULL |ZBX_SYNC FIELD |event_expire |t_integer |'7' |NOT NULL |ZBX_SYNC FIELD |event_show_max |t_integer |'100' |NOT NULL |ZBX_SYNC FIELD |default_theme |t_varchar(128) |'default.css' |NOT NULL |ZBX_SYNC +FIELD |authentication_type|t_integer |0 |NOT NULL |ZBX_SYNC +FIELD |ldap_host |t_varchar(255) |'' |NOT NULL |ZBX_SYNC +FIELD |ldap_port |t_integer |389 |NOT NULL |ZBX_SYNC +FIELD |ldap_base_dn |t_varchar(255) |'' |NOT NULL |ZBX_SYNC +FIELD |ldap_bind_dn |t_varchar(255) |'' |NOT NULL |ZBX_SYNC +FIELD |ldap_bind_password|t_varchar(128)|'' |NOT NULL |ZBX_SYNC +FIELD |ldap_search_attribute|t_varchar(128)|''|NOT NULL |ZBX_SYNC + TABLE|functions|functionid|ZBX_SYNC FIELD |functionid |t_id |'0' |NOT NULL |0 diff --git a/frontends/php/authentication.php b/frontends/php/authentication.php new file mode 100644 index 00000000..a19a39d0 --- /dev/null +++ b/frontends/php/authentication.php @@ -0,0 +1,182 @@ +<?php +/* +** ZABBIX +** Copyright (C) 2000-2005 SIA Zabbix +** +** This program is free software; you can redistribute it and/or modify +** it under the terms of the GNU General Public License as published by +** the Free Software Foundation; either version 2 of the License, or +** (at your option) any later version. +** +** This program is distributed in the hope that it will be useful, +** but WITHOUT ANY WARRANTY; without even the implied warranty of +** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +** GNU General Public License for more details. +** +** You should have received a copy of the GNU General Public License +** along with this program; if not, write to the Free Software +** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +**/ +?> +<?php + require_once('include/config.inc.php'); + + $page['title'] = "S_AUTHENTICATION_TO_ZABBIX"; + $page['file'] = 'authentication.php'; + $page['hist_arg'] = array('config'); + +include_once('include/page_header.php'); + +?> +<?php + $fields=array( +// VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION + + 'config'=> array(T_ZBX_INT, O_OPT, NULL, IN('0'), NULL), + +// LDAP form + 'ldap_host'=> array(T_ZBX_STR, O_OPT, NULL, NOT_EMPTY, 'isset({config})&&({config}==0)&&(isset({save})||isset({test}))'), + 'ldap_port'=> array(T_ZBX_INT, O_OPT, NULL, BETWEEN(0,65535), 'isset({config})&&({config}==0)&&(isset({save})||isset({test}))'), + + 'ldap_base_dn'=> array(T_ZBX_STR, O_OPT, NULL, NOT_EMPTY, 'isset({config})&&({config}==0)&&(isset({save})||isset({test}))'), + + 'ldap_bind_dn'=> array(T_ZBX_STR, O_OPT, NULL, NULL, 'isset({config})&&({config}==0)&&(isset({save})||isset({test}))'), + 'ldap_bind_password'=> array(T_ZBX_STR, O_OPT, NULL, NULL, 'isset({config})&&({config}==0)&&(isset({save})||isset({test}))'), + + 'ldap_search_attribute'=> array(T_ZBX_STR, O_OPT, NULL, NOT_EMPTY, 'isset({config})&&({config}==0)&&(isset({save})||isset({test}))'), + + 'authentication_type'=> array(T_ZBX_INT, O_OPT, NULL, IN('0,1'), NULL), + + 'user_password'=> array(T_ZBX_STR, O_OPT, NULL, NOT_EMPTY, 'isset({config})&&({config}==0)&&(isset({authentication_type})||isset({test}))'), + +/* actions */ + 'save'=> array(T_ZBX_STR, O_OPT, P_SYS|P_ACT, NULL, NULL), + 'test'=> array(T_ZBX_STR, O_OPT, P_SYS|P_ACT, NULL, NULL), + +/* other */ + 'form'=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL), + 'form_refresh'=> array(T_ZBX_INT, O_OPT, NULL, NULL, NULL) + ); +?> + +<?php + $_REQUEST['config'] = get_request('config',get_profile('web.authentication.config',0)); + check_fields($fields); + + update_profile('web.authentication.config',$_REQUEST['config']); + + $_REQUEST['authentication_type'] = get_request('authentication_type',ZBX_AUTH_INTERNAL); + + $result = 0; + if($_REQUEST['config']==0){ + if(isset($_REQUEST['save'])){ + + $config=select_config(); + $cur_auth_type = $config['authentication_type'] ; + + foreach($config as $id => $value){ + if(isset($_REQUEST[$id])){ + $config[$id] = $_REQUEST[$id]; + $ldap_cnf[str_replace('ldap_','',$id)] = $_REQUEST[$id]; + } + else{ + unset($config[$id]); + } + } + + $result = true; + if(ZBX_AUTH_LDAP == $config['authentication_type']){ + $result=ldap_authentication($USER_DETAILS['alias'],get_request('user_password',''),$ldap_cnf); + } + +// If we do save and auth_type changed or is set to LDAP, reset all sessions + if($result && (($cur_auth_type<>$config['authentication_type']) || (ZBX_AUTH_LDAP == $config['authentication_type']))){ + DBexecute('DELETE FROM sessions WHERE sessionid<>'.zbx_dbstr($USER_DETAILS['sessionid'])); + } + + if($result){ + $result=update_config($config); + } + + show_messages($result, S_LDAP.SPACE.S_UPDATED, S_LDAP.SPACE.S_WAS_NOT.SPACE.S_UPDATED); + + if($result){ + add_audit(AUDIT_ACTION_UPDATE,AUDIT_RESOURCE_ZABBIX_CONFIG,S_LDAP); + } + } + else if(isset($_REQUEST['test'])){ + $config=select_config(); + foreach($config as $id => $value){ + if(isset($_REQUEST[$id])){ + $ldap_cnf[str_replace('ldap_','',$id)] = $_REQUEST[$id]; + } + } + + $result = ldap_authentication($USER_DETAILS['alias'],get_request('user_password',''),$ldap_cnf); + + show_messages($result, S_LDAP.SPACE.S_LOGIN.SPACE.S_SUCCESSFUL_SMALL, S_LDAP.SPACE.S_LOGIN.SPACE.S_WAS_NOT.SPACE.S_SUCCESSFUL_SMALL); + } + } + show_messages(); +?> +<?php + + $form = new CForm('authentication.php'); + $form->SetMethod('get'); + $cmbConfig = new CCombobox('config',$_REQUEST['config'],'submit()'); + $cmbConfig->AddItem(0,S_LDAP); + + $form->AddItem($cmbConfig); + + show_table_header(S_AUTHENTICATION_TO_ZABBIX, $form); + echo SBR; +?> + +<?php + if($_REQUEST['config']==0){ + $config=select_config(); + + if(isset($_REQUEST['form_refresh'])){ + foreach($config as $id => $value){ + if(isset($_REQUEST[$id])){ + $config[$id] = $_REQUEST[$id]; + } + else{ + unset($config[$id]); + } + } + } + + $form_refresh = get_request('form_refresh',0); + $form_refresh++; + + $frmAuth = new CFormTable(S_LDAP,'authentication.php'); + $frmAuth->SetHelp('web.authentication.php'); + $frmAuth->AddVar('config',get_request('config',0)); + $frmAuth->AddVar('form_refresh',$form_refresh); + + $frmAuth->AddRow(S_LDAP.SPACE.S_HOST, new CTextBox('ldap_host',$config['ldap_host'],64)); + $frmAuth->AddRow(S_PORT, new CNumericBox('ldap_port',$config['ldap_port'],5)); + + $frmAuth->AddRow(S_BASE_DN,new CTextBox('ldap_base_dn',$config['ldap_base_dn'],64)); + $frmAuth->AddRow(S_SEARCH_ATTRIBUTE,new CTextBox('ldap_search_attribute',empty($config['ldap_search_attribute'])?'uid':$config['ldap_search_attribute'])); + + $frmAuth->AddRow(S_BIND_DN.'*', new CTextBox('ldap_bind_dn',$config['ldap_bind_dn'],64)); + $frmAuth->AddRow(S_BIND_PASSWORD.'*',new CPassBox('ldap_bind_password',$config['ldap_bind_password'])); + + $action = "javascript: if(confirm('Switching LDAP authentication will delete all current sessions! Continue?')) return true; else return false;"; + $frmAuth->AddRow(S_LDAP.SPACE.S_AUTHENTICATION.SPACE.S_ENABLED, new CCheckBox('authentication_type', $config['authentication_type'],$action,ZBX_AUTH_LDAP)); + + $frmAuth->AddRow(S_TEST.SPACE.S_AUTHENTICATION, ' ['.S_MUST_BE_VALID_SMALL.SPACE.S_LDAP.SPACE.S_USER.']'); + $frmAuth->AddRow(S_LOGIN , new CTextBox('user',$USER_DETAILS['alias'],null,'yes')); + $frmAuth->AddRow(S_USER.SPACE.S_PASSWORD,new CPassBox('user_password')); +// $frmAuth->AddRow( ,new CTextBox('',$config[''])); +// $frmAuth->AddRow( ,new CTextBox('',$config[''])); + + $frmAuth->AddItemToBottomRow(new CButton('save',S_SAVE)); + $frmAuth->AddItemToBottomRow(new CButton('test',S_TEST)); + $frmAuth->Show(); + } + +include_once 'include/page_footer.php'; +?>
\ No newline at end of file diff --git a/frontends/php/config.php b/frontends/php/config.php index c01fc4ed..e144dc09 100644 --- a/frontends/php/config.php +++ b/frontends/php/config.php @@ -81,14 +81,11 @@ include_once "include/page_header.php"; update_profile("web.config.config",$_REQUEST["config"]); $result = 0; - if($_REQUEST["config"]==3) - { + if($_REQUEST["config"]==3){ /* IMAGES ACTIONS */ - if(isset($_REQUEST["save"])) - { + if(isset($_REQUEST["save"])){ $file = isset($_FILES["image"]) && $_FILES["image"]["name"] != "" ? $_FILES["image"] : NULL; - if(isset($_REQUEST["imageid"])) - { + if(isset($_REQUEST["imageid"])){ /* UPDATE */ $result=update_image($_REQUEST["imageid"],$_REQUEST["name"], $_REQUEST["imagetype"],$file); @@ -96,7 +93,8 @@ include_once "include/page_header.php"; $msg_ok = S_IMAGE_UPDATED; $msg_fail = S_CANNOT_UPDATE_IMAGE; $audit_action = "Image [".$_REQUEST["name"]."] updated"; - } else { + } + else { /* ADD */ if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT, PERM_RES_IDS_ARRAY,get_current_nodeid()))) @@ -110,12 +108,12 @@ include_once "include/page_header.php"; $audit_action = "Image [".$_REQUEST["name"]."] added"; } show_messages($result, $msg_ok, $msg_fail); - if($result) - { + if($result){ add_audit(AUDIT_ACTION_UPDATE,AUDIT_RESOURCE_IMAGE,$audit_action); unset($_REQUEST["form"]); } - } elseif(isset($_REQUEST["delete"])&&isset($_REQUEST["imageid"])) { + } + else if(isset($_REQUEST["delete"])&&isset($_REQUEST["imageid"])) { /* DELETE */ $image = get_image_by_imageid($_REQUEST["imageid"]); @@ -129,7 +127,7 @@ include_once "include/page_header.php"; unset($image, $_REQUEST["imageid"]); } } - elseif(isset($_REQUEST["save"]) && ($_REQUEST["config"]==8)){ + else if(isset($_REQUEST["save"]) && ($_REQUEST["config"]==8)){ if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); @@ -143,8 +141,7 @@ include_once "include/page_header.php"; show_messages($result, S_CONFIGURATION_UPDATED, S_CONFIGURATION_WAS_NOT_UPDATED); - if($result) - { + if($result){ $msg = array(); if(!is_null($val = get_request('event_ack_enable'))) $msg[] = S_EVENT_ACKNOWLEDGES.' ['.($val?(S_DISABLED):(S_ENABLED)).']'; @@ -156,7 +153,7 @@ include_once "include/page_header.php"; add_audit(AUDIT_ACTION_UPDATE,AUDIT_RESOURCE_ZABBIX_CONFIG,implode('; ',$msg)); } } - elseif(isset($_REQUEST["save"]) && ($_REQUEST["config"]==9)){ + else if(isset($_REQUEST["save"]) && ($_REQUEST["config"]==9)){ if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); @@ -173,8 +170,7 @@ include_once "include/page_header.php"; add_audit(AUDIT_ACTION_UPDATE,AUDIT_RESOURCE_ZABBIX_CONFIG,$msg); } } - elseif(isset($_REQUEST["save"])&&uint_in_array($_REQUEST["config"],array(0,5,7))) - { + else if(isset($_REQUEST["save"])&&uint_in_array($_REQUEST["config"],array(0,5,7))){ if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); @@ -190,8 +186,7 @@ include_once "include/page_header.php"; $result=update_config($configs); show_messages($result, S_CONFIGURATION_UPDATED, S_CONFIGURATION_WAS_NOT_UPDATED); - if($result) - { + if($result){ $msg = array(); if(!is_null($val = get_request('event_history'))) $msg[] = S_DO_NOT_KEEP_EVENTS_OLDER_THAN.' ['.$val.']'; @@ -201,14 +196,11 @@ include_once "include/page_header.php"; $msg[] = S_REFRESH_UNSUPPORTED_ITEMS.' ['.$val.']'; if(!is_null($val = get_request('work_period'))) $msg[] = S_WORKING_TIME.' ['.$val.']'; - if(!is_null($val = get_request('alert_usrgrpid'))) - { - if(0 == $val) - { + if(!is_null($val = get_request('alert_usrgrpid'))){ + if(0 == $val) { $val = S_NONE; } - else - { + else{ $val = DBfetch(DBselect('select name from usrgrp where usrgrpid='.$val)); $val = $val['name']; } @@ -219,46 +211,38 @@ include_once "include/page_header.php"; add_audit(AUDIT_ACTION_UPDATE,AUDIT_RESOURCE_ZABBIX_CONFIG,implode('; ',$msg)); } } - elseif($_REQUEST["config"]==6) - { + else if($_REQUEST["config"]==6){ $_REQUEST["valuemap"] = get_request("valuemap",array()); - if(isset($_REQUEST["add_map"])) - { + if(isset($_REQUEST["add_map"])){ $added = 0; $cnt = count($_REQUEST["valuemap"]); - for($i=0; $i < $cnt; $i++) - { + for($i=0; $i < $cnt; $i++){ if($_REQUEST["valuemap"][$i]["value"] != $_REQUEST["add_value"]) continue; $_REQUEST["valuemap"][$i]["newvalue"] = $_REQUEST["add_newvalue"]; $added = 1; break; } - if($added == 0) - { + if($added == 0){ array_push($_REQUEST["valuemap"],array( "value" => $_REQUEST["add_value"], "newvalue" => $_REQUEST["add_newvalue"])); } } - elseif(isset($_REQUEST["del_map"])&&isset($_REQUEST["rem_value"])) - { + else if(isset($_REQUEST["del_map"])&&isset($_REQUEST["rem_value"])){ $_REQUEST["valuemap"] = get_request("valuemap",array()); foreach($_REQUEST["rem_value"] as $val) unset($_REQUEST["valuemap"][$val]); } - elseif(isset($_REQUEST["save"])) - { + else if(isset($_REQUEST["save"])){ $mapping = get_request("valuemap",array()); - if(isset($_REQUEST["valuemapid"])) - { + if(isset($_REQUEST["valuemapid"])){ $result = update_valuemap($_REQUEST["valuemapid"],$_REQUEST["mapname"], $mapping); $audit_action = AUDIT_ACTION_UPDATE; $msg_ok = S_VALUE_MAP_UPDATED; $msg_fail = S_CANNNOT_UPDATE_VALUE_MAP; $valuemapid = $_REQUEST["valuemapid"]; } - else - { + else{ if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT, PERM_RES_IDS_ARRAY,get_current_nodeid()))) { @@ -270,16 +254,15 @@ include_once "include/page_header.php"; $msg_fail = S_CANNNOT_ADD_VALUE_MAP; $valuemapid = $result; } - if($result) - { + + if($result){ add_audit($audit_action, AUDIT_RESOURCE_VALUE_MAP, S_VALUE_MAP." [".$_REQUEST["mapname"]."] [".$valuemapid."]"); unset($_REQUEST["form"]); } show_messages($result,$msg_ok, $msg_fail); } - elseif(isset($_REQUEST["delete"]) && isset($_REQUEST["valuemapid"])) - { + else if(isset($_REQUEST["delete"]) && isset($_REQUEST["valuemapid"])){ $result = false; if(($map_data = DBfetch(DBselect('select * from valuemaps where '.DBin_node('valuemapid'). @@ -287,8 +270,7 @@ include_once "include/page_header.php"; { $result = delete_valuemap($_REQUEST["valuemapid"]); } - if($result) - { + if($result){ add_audit(AUDIT_ACTION_DELETE, AUDIT_RESOURCE_VALUE_MAP, S_VALUE_MAP." [".$map_data["name"]."] [".$map_data['valuemapid']."]"); unset($_REQUEST["form"]); @@ -334,23 +316,23 @@ include_once "include/page_header.php"; { insert_housekeeper_form(); } - elseif($_REQUEST["config"]==5) + else if($_REQUEST["config"]==5) { insert_other_parameters_form(); } - elseif($_REQUEST["config"]==7) + else if($_REQUEST["config"]==7) { insert_work_period_form(); } - elseif($_REQUEST["config"]==8) + else if($_REQUEST["config"]==8) { insert_event_ack_form(); } - elseif($_REQUEST["config"]==9) + else if($_REQUEST["config"]==9) { insert_themes_form(); } - elseif($_REQUEST["config"]==3) + else if($_REQUEST["config"]==3) { if(isset($_REQUEST["form"])) { @@ -386,7 +368,7 @@ include_once "include/page_header.php"; $table->show(); } } - elseif($_REQUEST["config"]==6) + else if($_REQUEST["config"]==6) { if(isset($_REQUEST["form"])) { diff --git a/frontends/php/include/classes/cldap.inc.php b/frontends/php/include/classes/cldap.inc.php new file mode 100644 index 00000000..b363a452 --- /dev/null +++ b/frontends/php/include/classes/cldap.inc.php @@ -0,0 +1,271 @@ +<?php +/* +** ZABBIX +** Copyright (C) 2000-2008 SIA Zabbix +** +** This program is free software; you can redistribute it and/or modify +** it under the terms of the GNU General Public License as published by +** the Free Software Foundation; either version 2 of the License, or +** (at your option) any later version. +** +** This program is distributed in the hope that it will be useful, +** but WITHOUT ANY WARRANTY; without even the implied warranty of +** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +** GNU General Public License for more details. +** +** You should have received a copy of the GNU General Public License +** along with this program; if not, write to the Free Software +** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +**/ +// Based on LDAP authentication backend from Andreas Gohr <andi@splitbrain.org>, Chris Smith <chris@jalakaic.co.uk> +// Modified by Aly <artem@zabbix.com> +?> +<?php +class CLdap{ + function CLdap($arg=array()){ + $this->ds = false; + $this->info = array(); + + $this->cnf = array( + 'host'=> 'ldap://localhost', + 'port'=> '389', + + 'bind_dn'=> 'uid=admin,ou=system', + 'bind_password'=> 'secret', + + 'base_dn'=> 'ou=users,ou=system', + + 'search_attribute'=> 'uid', + 'userfilter'=> '(%{attr}=%{user})', + + 'groupkey'=> 'cn', + + 'mapping'=> array( + 'alias'=> 'uid', + 'userid'=> 'uidnumber', + 'passwd'=> 'userpassword', + ), + + 'referrals'=> 0, + 'version'=> 3, + + 'starttls'=> false, + 'deref'=> null, + ); + + + if(is_array($arg)){ + $this->cnf = array_merge($this->cnf,$arg); + } + + if(!function_exists('ldap_connect')) { + error('LDAP lib error. Cannot find needed functions'); + return false; + } + } + + function connect(){ +// connection already established + if($this->ds) return true; + + $this->bound = 0; + + if(!$this->ds = ldap_connect($this->cnf['host'],$this->cnf['port'])){ + error("LDAP: couldn't connect to LDAP server"); + return false; + } + +//set protocol version and dependend options + if($this->cnf['version']){ + if(!ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, $this->cnf['version'])){ + error('Setting LDAP Protocol version '.$this->cnf['version'].' failed'); + } + else{ +//use TLS (needs version 3) + if(!empty($this->cnf['starttls'])){ + if(!ldap_start_tls($this->ds)){ + error('Starting TLS failed'); + } + } +// needs version 3 + if(!empty($this->cnf['referrals'])) { + if(!ldap_set_option($this->ds, LDAP_OPT_REFERRALS,$this->cnf['referrals'])){ + error('Setting LDAP referrals to off failed'); + } + } + } + } + +//set deref mode + if(isset($this->cnf['deref'])){ + if(!ldap_set_option($this->ds, LDAP_OPT_DEREF, $this->cnf['deref'])){ + error('Setting LDAP Deref mode '.$this->cnf['deref'].' failed'); + } + } + + return true; + } + + function checkPass($user,$pass){ +// reject empty password + if(empty($pass)) return false; + if(!$this->connect()) return false; + +// indirect user bind + if(!empty($this->cnf['bind_dn']) && !empty($this->cnf['bind_password'])){ +// use superuser credentials + if(!ldap_bind($this->ds,$this->cnf['bind_dn'],$this->cnf['bind_password'])){ + error("LDAP: cannot bind by given DN"); + return false; + } + + $this->bound = 2; + } + else if(!empty($this->cnf['bind_dn']) && !empty($this->cnf['base_dn']) && !empty($this->cnf['userfilter'])){ +// special bind string + $dn = $this->makeFilter($this->cnf['bind_dn'],array('user'=>$user,'host'=>$this->cnf['host'])); + } + else if(strpos($this->cnf['base_dn'], '%{user}')) { +// direct user bind + $dn = $this->makeFilter($this->cnf['base_dn'],array('user'=>$user,'host'=>$this->cnf['host'])); + } + else{ +// Anonymous bind + if(!ldap_bind($this->ds)){ + error("LDAP: can not bind anonymously"); + return false; + } + } + +// Try to bind to with the dn if we have one. + if(!empty($dn)) { +// User/Password bind + if(!ldap_bind($this->ds,$dn,$pass)){ + return false; + } + + $this->bound = 1; + return true; + } + else{ +// See if we can find the user + $this->info = $this->getUserData($user); + + if(empty($this->info['dn'])) { + return false; + } + else { + $dn = $this->info['dn']; + } + +//SDI($dn.' - '.$this->info['passwd'].' : '.$pass); + +// Try to bind with the dn provided + if(!ldap_bind($this->ds,$dn,$pass)){ + return false; + } + + $this->bound = 1; + return true; + } + + return false; + } + + function getUserData($user) { + if(!$this->connect()) return false; + +// force superuser bind if wanted and not bound as superuser yet + if(!empty($this->cnf['bind_dn']) && !empty($this->cnf['bind_password']) && ($this->bound < 2)){ + if(!ldap_bind($this->ds,$this->cnf['bind_dn'],$this->cnf['bind_password'])){ + return false; + } + $this->bound = 2; + } + +// with no superuser creds we continue as user or anonymous here + $info['user'] = $user; + $info['host'] = $this->cnf['host']; + +//get info for given user + $base = $this->makeFilter($this->cnf['base_dn'], $info); + + if(isset($this->cnf['userfilter']) && !empty($this->cnf['userfilter'])) { + $filter = $this->makeFilter($this->cnf['userfilter'], $info); + } + else { + $filter = "(ObjectClass=*)"; + } + + $sr = ldap_search($this->ds, $base, $filter); + $result = ldap_get_entries($this->ds, $sr); + +// Don't accept more or less than one response + if($result['count'] != 1){ +// error('User not found.'); + return false; + } + + $user_result = $result[0]; + ldap_free_result($sr); + +// general user info + $info['dn'] = $user_result['dn']; + $info['name'] = $user_result['cn'][0]; + $info['grps'] = array(); + +// overwrite if other attribs are specified. + if(is_array($this->cnf['mapping'])){ + foreach($this->cnf['mapping'] as $localkey => $key) { + $info[$localkey] = $user_result[$key][0]; + } + } + $user_result = array_merge($info,$user_result); + +//get groups for given user if grouptree is given + if(isset($this->cnf['grouptree']) && isset($this->cnf['groupfilter'])) { + $base = $this->makeFilter($this->cnf['grouptree'], $user_result); + $filter = $this->makeFilter($this->cnf['groupfilter'], $user_result); + + $sr = ldap_search($this->ds, $base, $filter, array($this->cnf['groupkey'])); + + if(!$sr){ + error("LDAP: Reading group memberships failed"); + return false; + } + + $result = ldap_get_entries($this->ds, $sr); + + foreach($result as $grp){ + if(!empty($grp[$this->cnf['groupkey']][0])){ + $info['grps'][] = $grp[$this->cnf['groupkey']][0]; + } + } + } + +// always add the default group to the list of groups + if(isset($conf['defaultgroup']) && !in_array($conf['defaultgroup'],$info['grps'])){ + $info['grps'][] = $conf['defaultgroup']; + } + + return $info; + } + + function makeFilter($filter, $placeholders) { + $placeholders['attr'] = $this->cnf['search_attribute']; + preg_match_all("/%{([^}]+)/", $filter, $matches, PREG_PATTERN_ORDER); +//replace each match + foreach ($matches[1] as $match) { +//take first element if array + if(is_array($placeholders[$match])) { + $value = $placeholders[$match][0]; + } + else{ + $value = $placeholders[$match]; + } + $filter = str_replace('%{'.$match.'}', $value, $filter); + } + return $filter; + } +} +?>
\ No newline at end of file diff --git a/frontends/php/include/config.inc.php b/frontends/php/include/config.inc.php index 88d56923..ae183ae4 100644 --- a/frontends/php/include/config.inc.php +++ b/frontends/php/include/config.inc.php @@ -38,51 +38,51 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! // END OF GLOBALS // Include Classes - require_once("include/classes/ctag.inc.php"); - require_once("include/classes/cvar.inc.php"); - require_once("include/classes/cspan.inc.php"); - require_once("include/classes/cimg.inc.php"); - require_once("include/classes/ccolor.inc.php"); - require_once("include/classes/clink.inc.php"); - require_once("include/classes/chelp.inc.php"); - require_once("include/classes/cbutton.inc.php"); - require_once("include/classes/clist.inc.php"); - require_once("include/classes/ccombobox.inc.php"); - require_once("include/classes/ctable.inc.php"); - require_once("include/classes/ctableinfo.inc.php"); - require_once("include/classes/ctextarea.inc.php"); - require_once("include/classes/ctextbox.inc.php"); - require_once("include/classes/cform.inc.php"); - require_once("include/classes/cfile.inc.php"); - require_once("include/classes/ccheckbox.inc.php"); - require_once("include/classes/cform.inc.php"); - require_once("include/classes/cformtable.inc.php"); - require_once("include/classes/cmap.inc.php"); - require_once("include/classes/cflash.inc.php"); - require_once("include/classes/ciframe.inc.php"); - require_once("include/classes/cpumenu.inc.php"); - require_once("include/classes/graph.inc.php"); + require_once('include/classes/ctag.inc.php'); + require_once('include/classes/cvar.inc.php'); + require_once('include/classes/cspan.inc.php'); + require_once('include/classes/cimg.inc.php'); + require_once('include/classes/ccolor.inc.php'); + require_once('include/classes/cldap.inc.php'); + require_once('include/classes/clink.inc.php'); + require_once('include/classes/chelp.inc.php'); + require_once('include/classes/cbutton.inc.php'); + require_once('include/classes/clist.inc.php'); + require_once('include/classes/ccombobox.inc.php'); + require_once('include/classes/ctable.inc.php'); + require_once('include/classes/ctableinfo.inc.php'); + require_once('include/classes/ctextarea.inc.php'); + require_once('include/classes/ctextbox.inc.php'); + require_once('include/classes/cform.inc.php'); + require_once('include/classes/cfile.inc.php'); + require_once('include/classes/ccheckbox.inc.php'); + require_once('include/classes/cform.inc.php'); + require_once('include/classes/cformtable.inc.php'); + require_once('include/classes/cmap.inc.php'); + require_once('include/classes/cflash.inc.php'); + require_once('include/classes/ciframe.inc.php'); + require_once('include/classes/cpumenu.inc.php'); + require_once('include/classes/graph.inc.php'); require_once('include/classes/cscript.inc.php'); // Include Tactical Overview modules - require_once "include/locales.inc.php"; + require_once 'include/locales.inc.php'; - include_once("include/classes/chostsinfo.mod.php"); - include_once("include/classes/ctriggerinfo.mod.php"); - include_once("include/classes/cserverinfo.mod.php"); - include_once("include/classes/cflashclock.mod.php"); + include_once('include/classes/chostsinfo.mod.php'); + include_once('include/classes/ctriggerinfo.mod.php'); + include_once('include/classes/cserverinfo.mod.php'); + include_once('include/classes/cflashclock.mod.php'); - require_once "include/perm.inc.php"; - require_once "include/audit.inc.php"; - require_once "include/js.inc.php"; + require_once 'include/perm.inc.php'; + require_once 'include/audit.inc.php'; + require_once 'include/js.inc.php'; // Include Validation - require_once "include/validate.inc.php"; + require_once 'include/validate.inc.php'; - function zbx_err_handler($errno, $errstr, $errfile, $errline) - { + function zbx_err_handler($errno, $errstr, $errfile, $errline){ error($errstr.'['.$errfile.':'.$errline.']'); } @@ -115,7 +115,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! if(file_exists($ZBX_CONFIGURATION_FILE) && !isset($_COOKIE['ZBX_CONFIG']) && !isset($DENY_GUI)){ include $ZBX_CONFIGURATION_FILE; - require_once("include/db.inc.php"); + require_once('include/db.inc.php'); $error = ''; if(!DBconnect($error)){ @@ -148,7 +148,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! include $ZBX_CONFIGURATION_FILE; } - require_once("include/db.inc.php"); + require_once('include/db.inc.php'); define('ZBX_PAGE_NO_AUTHERIZATION', true); define('ZBX_DISTRIBUTED', false); @@ -157,18 +157,18 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! if(!defined('ZBX_PAGE_NO_AUTHERIZATION')){ check_authorisation(); - include_once("include/locales/".$USER_DETAILS["lang"].".inc.php"); + include_once('include/locales/'.$USER_DETAILS['lang'].'.inc.php'); process_locales(); } else{ $USER_DETAILS = array( - "alias" =>ZBX_GUEST_USER, - "userid"=>0, - "lang" =>"en_gb", - "type" =>"0", - "node" =>array( - "name" =>'- unknown -', - "nodeid"=>0)); + 'alias' =>ZBX_GUEST_USER, + 'userid'=>0, + 'lang' =>'en_gb', + 'type' =>'0', + 'node' =>array( + 'name' =>'- unknown -', + 'nodeid'=>0)); } // INIT MB Strings if it's available @@ -190,21 +190,21 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! if(isset($DENY_GUI)){ unset($show_warning); - include_once("warning.php"); + include_once('warning.php'); } if(isset($show_setup)){ unset($show_setup); - include_once("setup.php"); + include_once('setup.php'); } else if(isset($show_warning)){ unset($show_warning); - include_once("warning.php"); + include_once('warning.php'); } /********** END INITIALIZATION ************/ - function init_nodes(){ + function init_nodes(){ /* Init CURRENT NODE ID */ global $USER_DETAILS, $ZBX_LOCALNODEID, $ZBX_LOCMASTERID, @@ -219,10 +219,8 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! $ZBX_CURRENT_NODEID = get_cookie('zbx_current_nodeid', $ZBX_LOCALNODEID); // Selected node $ZBX_WITH_SUBNODES = get_cookie('zbx_with_subnodes', false); // Show elements from subnodes - if(isset($_REQUEST['switch_node'])) - { - if($node_data = DBfetch(DBselect("select * from nodes where nodeid=".$_REQUEST['switch_node']))) - { + if(isset($_REQUEST['switch_node'])){ + if($node_data = DBfetch(DBselect("select * from nodes where nodeid=".$_REQUEST['switch_node']))){ $ZBX_CURRENT_NODEID = $_REQUEST['switch_node']; } unset($node_data); @@ -1015,8 +1013,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! * Comments: !!! Don't forget sync code with C !!! * * * ******************************************************************************/ - function reset_items_nextcheck($triggerid) - { + function reset_items_nextcheck($triggerid){ $sql="select itemid from functions where triggerid=$triggerid"; $result=DBselect($sql); while($row=DBfetch($result)) @@ -1028,8 +1025,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! # Update configuration - function update_config($configs) - { + function update_config($configs){ $update = array(); if(isset($configs['work_period']) && !is_null($configs['work_period'])){ @@ -1059,8 +1055,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! } # Show History Graph - - function show_history($itemid,$from,$stime,$period){ + function show_history($itemid,$from,$stime,$period){ $till=date(S_DATE_FORMAT_YMDHMS,time(NULL)-$from*3600); show_table_header(S_TILL.SPACE.$till.' ('.($period/3600).' HOURs)'); @@ -1086,8 +1081,8 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! } - function get_status(){ - global $DB; + function get_status(){ +// global $DB; $status = array(); // server if( (exec('ps -ef|grep zabbix_server|grep -v grep|wc -l')>0) || (exec('ps -ax|grep zabbix_server|grep -v grep|wc -l')>0) ){ @@ -1206,111 +1201,86 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! $result=DBselect("select i.type, i.delay, count(*),count(*)/i.delay as qps from items i,hosts h where i.status=".ITEM_STATUS_ACTIVE." and i.hostid=h.hostid and h.status=".HOST_STATUS_MONITORED." group by i.type,i.delay order by i.type, i.delay"); $status["qps_total"]=0; - while($row=DBfetch($result)) - { + while($row=DBfetch($result)){ $status["qps_total"]+=$row["qps"]; } return $status; } - function get_resource_name($permission,$id) - { + function get_resource_name($permission,$id){ $res="-"; - if($permission=="Graph") - { - if(isset($id)&&($id!=0)) - { + if($permission=="Graph"){ + if(isset($id)&&($id!=0)){ if($graph=get_graph_by_graphid($id)) $res=$graph["name"]; } - elseif(!isset($id) || $id == 0) - { + else if(!isset($id) || $id == 0){ $res="All graphs"; } } - else if($permission=="Host") - { - if(isset($id)&&($id!=0)) - { + else if($permission=="Host"){ + if(isset($id)&&($id!=0)){ if($host=get_host_by_hostid($id)) $res=$host["host"]; } - elseif(!isset($id) || $id == 0) - { + else if(!isset($id) || $id == 0){ $res="All hosts"; } } - else if($permission=="Screen") - { - if(isset($id)&&($id!=0)) - { + else if($permission=="Screen"){ + if(isset($id)&&($id!=0)){ if($screen=get_screen_by_screenid($id)) $res=$screen["name"]; } - elseif(!isset($id) || $id == 0) - { + else if(!isset($id) || $id == 0){ $res="All screens"; } } - else if($permission=="Item") - { - if(isset($id)&&($id!=0)) - { + else if($permission=="Item"){ + if(isset($id)&&($id!=0)){ if($item=get_item_by_itemid($id)) if($host=get_host_by_hostid($item["hostid"])) $res=$host["host"].":".$item["description"]; } - elseif(!isset($id) || $id == 0) - { + else if(!isset($id) || $id == 0){ $res="All items"; } } - else if($permission=="User") - { - if(isset($id)&&($id!=0)) - { + else if($permission=="User"){ + if(isset($id)&&($id!=0)){ if($user=get_user_by_userid($id)) $res=$user["alias"]; } - elseif(!isset($id) || $id == 0) - { + else if(!isset($id) || $id == 0){ $res="All users"; } } - else if($permission=="Network map") - { - if(isset($id)&&($id!=0)) - { + else if($permission=="Network map"){ + if(isset($id)&&($id!=0)){ if($user=get_sysmap_by_sysmapid($id)) $res=$user["name"]; } - elseif(!isset($id) || $id == 0) + else if(!isset($id) || $id == 0) { $res="All maps"; } } - else if($permission=="Application") - { - if(isset($id)&&($id > 0)) - { + else if($permission=="Application"){ + if(isset($id)&&($id > 0)){ if($app = get_application_by_applicationid($id)) $res = $app["name"]; } - elseif(!isset($id) || $id == 0) - { + else if(!isset($id) || $id == 0){ $res="All applications"; } } - else if($permission=="Service") - { - if(isset($id)&&($id > 0)) - { + else if($permission=="Service"){ + if(isset($id)&&($id > 0)){ if($service = get_service_by_serviceid($id)) $res = $service["name"]; } - elseif(!isset($id) || $id == 0) - { + else if(!isset($id) || $id == 0){ $res="All services"; } } @@ -1321,21 +1291,17 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! return $res; } - function not_empty($var) - { + function not_empty($var){ return ($var == "" ? 0 : 1); } - function empty2null($var) - { + function empty2null($var){ return ($var == "") ? null : $var; } /* Use ImageSetStyle+ImageLIne instead of bugged ImageDashedLine */ - if(function_exists("imagesetstyle")) - { - function DashedLine($image,$x1,$y1,$x2,$y2,$color) - { + if(function_exists("imagesetstyle")){ + function DashedLine($image,$x1,$y1,$x2,$y2,$color){ // Style for dashed lines // $style = array($color, $color, $color, $color, IMG_COLOR_TRANSPARENT, IMG_COLOR_TRANSPARENT, IMG_COLOR_TRANSPARENT, IMG_COLOR_TRANSPARENT); $style = array($color, $color, IMG_COLOR_TRANSPARENT, IMG_COLOR_TRANSPARENT); @@ -1344,16 +1310,13 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! } } - else - { - function DashedLine($image,$x1,$y1,$x2,$y2,$color) - { + else{ + function DashedLine($image,$x1,$y1,$x2,$y2,$color){ ImageDashedLine($image,$x1,$y1,$x2,$y2,$color); } } - function DashedRectangle($image,$x1,$y1,$x2,$y2,$color) - { + function DashedRectangle($image,$x1,$y1,$x2,$y2,$color){ DashedLine($image, $x1,$y1,$x1,$y2,$color); DashedLine($image, $x1,$y2,$x2,$y2,$color); DashedLine($image, $x2,$y2,$x2,$y1,$color); @@ -1361,12 +1324,10 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! } - function add_mapping_to_valuemap($valuemapid, $mappings) - { + function add_mapping_to_valuemap($valuemapid, $mappings){ DBexecute("delete from mappings where valuemapid=$valuemapid"); - foreach($mappings as $map) - { + foreach($mappings as $map){ $mappingid = get_dbid("mappings","mappingid"); $result = DBexecute("insert into mappings (mappingid,valuemapid, value, newvalue)". @@ -1379,8 +1340,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! return TRUE; } - function add_valuemap($name, $mappings) - { + function add_valuemap($name, $mappings){ if(!is_array($mappings)) return FALSE; $valuemapid = get_dbid("valuemaps","valuemapid"); @@ -1393,15 +1353,13 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! if(!$result){ delete_valuemap($valuemapid); } - else - { + else{ $result = $valuemapid; } return $result; } - function update_valuemap($valuemapid, $name, $mappings) - { + function update_valuemap($valuemapid, $name, $mappings){ if(!is_array($mappings)) return FALSE; $result = DBexecute("update valuemaps set name=".zbx_dbstr($name). @@ -1417,22 +1375,19 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! return $result; } - function delete_valuemap($valuemapid) - { + function delete_valuemap($valuemapid){ DBexecute("delete from mappings where valuemapid=$valuemapid"); DBexecute("delete from valuemaps where valuemapid=$valuemapid"); return TRUE; } - function replace_value_by_map($value, $valuemapid) - { + function replace_value_by_map($value, $valuemapid){ if($valuemapid < 1) return $value; $result = DBselect("select newvalue from mappings". " where valuemapid=".zbx_dbstr($valuemapid)." and value=".zbx_dbstr($value)); $row = DBfetch($result); - if($row) - { + if($row){ return $row["newvalue"]." "."($value)"; } return $value; @@ -1452,20 +1407,19 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! return true; } - function set_image_header($format=null) - { + function set_image_header($format=null){ global $IMAGE_FORMAT_DEFAULT; if(is_null($format)) $format = $IMAGE_FORMAT_DEFAULT; if(IMAGE_FORMAT_JPEG == $format) Header( "Content-type: image/jpeg"); if(IMAGE_FORMAT_TEXT == $format) Header( "Content-type: text/html"); - else Header( "Content-type: image/png"); + else Header( "Content-type: image/png"); + Header( "Expires: Mon, 17 Aug 1998 12:51:50 GMT"); } - function ImageOut($image,$format=NULL) - { + function ImageOut($image,$format=NULL){ global $IMAGE_FORMAT_DEFAULT; if(is_null($format)) $format = $IMAGE_FORMAT_DEFAULT; @@ -1487,7 +1441,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! * * author: Eugene Grigorjev */ - function get_cookie($name, $default_value=null){ + function get_cookie($name, $default_value=null){ if(isset($_COOKIE[$name])) return $_COOKIE[$name]; // else return $default_value; @@ -1501,7 +1455,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! * * author: Eugene Grigorjev */ - function zbx_setcookie($name, $value, $time=null){ + function zbx_setcookie($name, $value, $time=null){ setcookie($name, $value, isset($time) ? $time : (0)); $_COOKIE[$name] = $value; } @@ -1514,7 +1468,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! * * author: Aly */ - function zbx_unsetcookie($name){ + function zbx_unsetcookie($name){ zbx_setcookie($name, null, -99999); } @@ -1526,7 +1480,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! * * author: Eugene Grigorjev */ - function zbx_flush_post_cookies($unset=false){ + function zbx_flush_post_cookies($unset=false){ global $ZBX_PAGE_COOKIES; if(isset($ZBX_PAGE_COOKIES)){ @@ -1552,21 +1506,17 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! * * author: Eugene Grigorjev */ - function zbx_set_post_cookie($name, $value, $time=null) - { + function zbx_set_post_cookie($name, $value, $time=null){ global $ZBX_PAGE_COOKIES; $ZBX_PAGE_COOKIES[] = array($name, $value, isset($time) ? $time : (0)); } - function inarr_isset($keys, $array=null) - { + function inarr_isset($keys, $array=null){ if(is_null($array)) $array =& $_REQUEST; - if(is_array($keys)) - { - foreach($keys as $id => $key) - { + if(is_array($keys)){ + foreach($keys as $id => $key){ if( !isset($array[$key]) ) return false; } @@ -1584,10 +1534,8 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! * * author: Eugene Grigorjev */ - function zbx_rksort(&$array, $flags=NULL) - { - if(is_array($array)) - { + function zbx_rksort(&$array, $flags=NULL){ + if(is_array($array)){ foreach($array as $id => $data) zbx_rksort($array[$id]); @@ -1604,8 +1552,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! * * author: Alexei Vladishev */ - function zbx_date2str($format, $timestamp) - { + function zbx_date2str($format, $timestamp){ return ($timestamp==0)?S_NEVER:date($format,$timestamp); } @@ -1617,7 +1564,7 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! * * author: Aly */ - function zbx_date2age($start_date,$end_date=0){ + function zbx_date2age($start_date,$end_date=0){ $start_date=date('U',$start_date); if($end_date) @@ -1636,14 +1583,11 @@ function TODO($msg) { echo "TODO: ".$msg.SBR; } // DEBUG INFO!!! return $str; } - function encode_log($data) - { - if(defined('ZBX_LOG_ENCODING_DEFAULT') && function_exists('mb_convert_encoding')) - { + function encode_log($data){ + if(defined('ZBX_LOG_ENCODING_DEFAULT') && function_exists('mb_convert_encoding')){ $new=mb_convert_encoding($data, S_HTML_CHARSET, ZBX_LOG_ENCODING_DEFAULT); } - else - { + else{ $new = $data; } return $new; diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php index 3126a35f..fd307982 100644 --- a/frontends/php/include/defines.inc.php +++ b/frontends/php/include/defines.inc.php @@ -19,28 +19,8 @@ **/ ?> <?php - define('XML_TAG_ZABBIX_EXPORT', 'zabbix_export'); - define('XML_TAG_HOSTS', 'hosts'); - define('XML_TAG_HOST', 'host'); - define('XML_TAG_HOSTPROFILE', 'host_profile'); - define('XML_TAG_GROUPS', 'groups'); - define('XML_TAG_GROUP', 'group'); - define('XML_TAG_APPLICATIONS', 'applications'); - define('XML_TAG_APPLICATION', 'application'); - define('XML_TAG_ITEMS', 'items'); - define('XML_TAG_ITEM', 'item'); - define('XML_TAG_TEMPLATES', 'templates'); - define('XML_TAG_TEMPLATE', 'template'); - define('XML_TAG_TRIGGERS', 'triggers'); - define('XML_TAG_TRIGGER', 'trigger'); - define('XML_TAG_GRAPHS', 'graphs'); - define('XML_TAG_GRAPH', 'graph'); - define('XML_TAG_GRAPH_ELEMENT', 'graph_element'); - define('XML_TAG_GRAPH_ELEMENTS', 'graph_elements'); - define('XML_TAG_SCREENS', 'screens'); - define('XML_TAG_SCREEN', 'screen'); - define('XML_TAG_SCREEN_ELEMENT', 'screen_element'); - define('XML_TAG_SCREEN_ELEMENTS', 'screen_elements'); + define('ZBX_AUTH_INTERNAL', 0); + define('ZBX_AUTH_LDAP', 1); define('PAGE_TYPE_HTML', 0); define('PAGE_TYPE_IMAGE', 1); @@ -516,6 +496,29 @@ if((ini_get('mbstring.func_overload') > 5)){ /* define('ZBX_LOG_ENCODING_DEFAULT', 'Shift_JIS');*/ define('ZBX_HAVE_IPV6', 1); + + define('XML_TAG_ZABBIX_EXPORT', 'zabbix_export'); + define('XML_TAG_HOSTS', 'hosts'); + define('XML_TAG_HOST', 'host'); + define('XML_TAG_HOSTPROFILE', 'host_profile'); + define('XML_TAG_GROUPS', 'groups'); + define('XML_TAG_GROUP', 'group'); + define('XML_TAG_APPLICATIONS', 'applications'); + define('XML_TAG_APPLICATION', 'application'); + define('XML_TAG_ITEMS', 'items'); + define('XML_TAG_ITEM', 'item'); + define('XML_TAG_TEMPLATES', 'templates'); + define('XML_TAG_TEMPLATE', 'template'); + define('XML_TAG_TRIGGERS', 'triggers'); + define('XML_TAG_TRIGGER', 'trigger'); + define('XML_TAG_GRAPHS', 'graphs'); + define('XML_TAG_GRAPH', 'graph'); + define('XML_TAG_GRAPH_ELEMENT', 'graph_element'); + define('XML_TAG_GRAPH_ELEMENTS', 'graph_elements'); + define('XML_TAG_SCREENS', 'screens'); + define('XML_TAG_SCREEN', 'screen'); + define('XML_TAG_SCREEN_ELEMENT', 'screen_element'); + define('XML_TAG_SCREEN_ELEMENTS', 'screen_elements'); /* Support for PHP5. PHP5 does not have $HTTP_..._VARS */ if (!function_exists('version_compare')) diff --git a/frontends/php/include/forms.inc.php b/frontends/php/include/forms.inc.php index d63f2aed..2bd4d131 100644 --- a/frontends/php/include/forms.inc.php +++ b/frontends/php/include/forms.inc.php @@ -683,9 +683,11 @@ } # Insert form for User - function insert_user_form($userid,$profile=0){ + function insert_user_form($userid,$profile=0){ global $ZBX_LOCALES; global $USER_DETAILS; + + $config = select_config(); $frm_title = S_USER; if(isset($userid)){ @@ -721,8 +723,7 @@ } $db_medias = DBselect('SELECT m.* FROM media m WHERE m.userid='.$userid); - while($db_media = DBfetch($db_medias)) - { + while($db_media = DBfetch($db_medias)){ array_push($user_medias, array( 'mediatypeid' => $db_media['mediatypeid'], 'period' => $db_media['period'], @@ -736,8 +737,7 @@ $new_group_id = 0; $new_group_name = ''; } - else - { + else{ $alias = get_request("alias",""); $name = get_request("name",""); $surname = get_request("surname",""); @@ -766,13 +766,11 @@ $media_type_ids = array(); foreach($user_medias as $one_media) $media_type_ids[$one_media['mediatypeid']] = 1; - if(count($media_type_ids) > 0) - { + if(count($media_type_ids) > 0){ $db_media_types = DBselect('SELECT mt.mediatypeid,mt.description FROM media_type mt'. ' WHERE mt.mediatypeid in ('.implode(',',array_keys($media_type_ids)).')'); - while($db_media_type = DBfetch($db_media_types)) - { + while($db_media_type = DBfetch($db_media_types)){ $media_types[$db_media_type['mediatypeid']] = $db_media_type['description']; } } @@ -790,20 +788,28 @@ $frmUser->AddRow(S_SURNAME, new CTextBox("surname",$surname,20)); } - if(!isset($userid) || isset($change_password)){ - $frmUser->AddRow(S_PASSWORD, new CPassBox("password1",$password1,20)); - $frmUser->AddRow(S_PASSWORD_ONCE_AGAIN, new CPassBox("password2",$password2,20)); - if(isset($change_password)) - $frmUser->AddVar('change_password', $change_password); + if(ZBX_AUTH_INTERNAL == $config['authentication_type']){ + if(!isset($userid) || isset($change_password)){ + $frmUser->AddRow(S_PASSWORD, new CPassBox("password1",$password1,20)); + $frmUser->AddRow(S_PASSWORD_ONCE_AGAIN, new CPassBox("password2",$password2,20)); + if(isset($change_password)) + $frmUser->AddVar('change_password', $change_password); + } + else{ + $passwd_but = new CButton("change_password", S_CHANGE_PASSWORD); + if($alias == ZBX_GUEST_USER){ + $passwd_but->AddOption('disabled','disabled'); + } + $frmUser->AddRow(S_PASSWORD, $passwd_but); + } } else{ - $passwd_but = new CButton("change_password", S_CHANGE_PASSWORD); - if($alias == ZBX_GUEST_USER){ - $passwd_but->AddOption('disabled','disabled'); - } - $frmUser->AddRow(S_PASSWORD, $passwd_but); + if(!isset($userid) || isset($change_password)){ + $frmUser->addVar('password1','zabbix'); + $frmUser->addVar('password2','zabbix'); + } } - + if($profile==0){ global $USER_DETAILS; @@ -4075,8 +4081,7 @@ include_once 'include/discovery.inc.php'; $frmMedia->Show(); } - function insert_housekeeper_form() - { + function insert_housekeeper_form(){ $config=select_config(); $frmHouseKeep = new CFormTable(S_HOUSEKEEPER,"config.php"); diff --git a/frontends/php/include/locales/en_gb.inc.php b/frontends/php/include/locales/en_gb.inc.php index debce0b3..d87c11a1 100644 --- a/frontends/php/include/locales/en_gb.inc.php +++ b/frontends/php/include/locales/en_gb.inc.php @@ -491,6 +491,19 @@ 'S_NODES_BIG'=> 'NODES', 'S_NEW_NODE'=> 'New node', 'S_NO_NODES_DEFINED'=> 'No nodes defined', + +// Authentication + 'S_AUTHENTICATION'=> 'Authentication', + 'S_AUTHENTICATION_TO_ZABBIX'=> 'Authentication to ZABBIX', + 'S_BASE_DN'=> 'Base DN', + 'S_BIND_DN'=> 'Bind DN', + 'S_BIND_PASSWORD'=> 'Bind Password', + 'S_SEARCH_ATTRIBUTE'=> 'Search attribute', + 'S_TEST'=> 'Test', + 'S_WAS_NOT'=> 'was not', + 'S_SUCCESSFUL_SMALL'=> 'successful', + 'S_MUST_BE_VALID_SMALL'=> 'must be valid', + // Latest values 'S_LATEST_VALUES'=> 'Latest values', diff --git a/frontends/php/include/page_header.php b/frontends/php/include/page_header.php index ac23a8c6..7e821999 100644 --- a/frontends/php/include/page_header.php +++ b/frontends/php/include/page_header.php @@ -97,144 +97,144 @@ COpt::profiling_start("page"); */ $ZBX_MENU = array( - "view"=>array( - "label" => S_MONITORING, - "node_perm" => PERM_READ_LIST, - "default_page_id" => 0, - "pages"=>array( + 'view'=>array( + 'label' => S_MONITORING, + 'node_perm' => PERM_READ_LIST, + 'default_page_id' => 0, + 'pages'=>array( array( - "url"=>"dashboard.php", - "label"=>S_DASHBOARD, - "sub_pages"=>array("chart2.php","chart3.php","chart6.php","chart7.php","charts.php","screens.php","maps.php","map.php") + 'url'=>'dashboard.php', + 'label'=>S_DASHBOARD, + 'sub_pages'=>array('chart2.php','chart3.php','chart6.php','chart7.php','charts.php','screens.php','maps.php','map.php') ), - array("url"=>"overview.php" ,"label"=>S_OVERVIEW ), + array('url'=>'overview.php' ,'label'=>S_OVERVIEW ), array( - "url"=>"httpmon.php", - "label"=>S_WEB, - "sub_pages"=>array("httpdetails.php") + 'url'=>'httpmon.php', + 'label'=>S_WEB, + 'sub_pages'=>array('httpdetails.php') ), array( - "url"=>"latest.php", - "label"=>S_LATEST_DATA, - "sub_pages"=>array("history.php","chart.php") + 'url'=>'latest.php', + 'label'=>S_LATEST_DATA, + 'sub_pages'=>array('history.php','chart.php') ), array( - "url"=>"tr_status.php", - "label"=>S_TRIGGERS, - "sub_pages"=>array("acknow.php","tr_comments.php","chart4.php","scripts_exec.php") + 'url'=>'tr_status.php', + 'label'=>S_TRIGGERS, + 'sub_pages'=>array('acknow.php','tr_comments.php','chart4.php','scripts_exec.php') ), array( - "url"=>"events.php", - "label"=>S_EVENTS, - "sub_pages"=>array("tr_events.php") + 'url'=>'events.php', + 'label'=>S_EVENTS, + 'sub_pages'=>array('tr_events.php') ), array( - "url"=>"discovery.php", - "label"=>S_DISCOVERY, - "user_type"=>USER_TYPE_ZABBIX_ADMIN), + 'url'=>'discovery.php', + 'label'=>S_DISCOVERY, + 'user_type'=>USER_TYPE_ZABBIX_ADMIN), array( - "url"=>"srv_status.php", - "label"=>S_IT_SERVICES, + 'url'=>'srv_status.php', + 'label'=>S_IT_SERVICES, 'forse_disable_subnodes' => true, - "sub_pages"=>array("report3.php","report7.php","chart_sla.php","chart5.php") + 'sub_pages'=>array('report3.php','report7.php','chart_sla.php','chart5.php') ), - array("url"=>"vtext.php"), - array("url"=>"chart3.php") + array('url'=>'vtext.php'), + array('url'=>'chart3.php') ) ), - "cm"=>array( - "label" => S_INVENTORY, - "node_perm" => PERM_READ_LIST, - "default_page_id" => 0, - "pages"=>array( - array("url"=>"hostprofiles.php" ,"label"=>S_HOSTS ) + 'cm'=>array( + 'label' => S_INVENTORY, + 'node_perm' => PERM_READ_LIST, + 'default_page_id' => 0, + 'pages'=>array( + array('url'=>'hostprofiles.php' ,'label'=>S_HOSTS ) ) ), - "reports"=>array( - "label" => S_REPORTS, - "node_perm" => PERM_READ_LIST, - "default_page_id" => 0, - "pages"=>array( - array("url"=>"report1.php", "label"=>S_STATUS_OF_ZABBIX ), - array("url"=>"report2.php", "label"=>S_AVAILABILITY_REPORT ), - array("url"=>"report5.php", "label"=>S_TRIGGERS_TOP_100 ) + 'reports'=>array( + 'label' => S_REPORTS, + 'node_perm' => PERM_READ_LIST, + 'default_page_id' => 0, + 'pages'=>array( + array('url'=>'report1.php', 'label'=>S_STATUS_OF_ZABBIX ), + array('url'=>'report2.php', 'label'=>S_AVAILABILITY_REPORT ), + array('url'=>'report5.php', 'label'=>S_TRIGGERS_TOP_100 ) ) ), - "config"=>array( - "label" => S_CONFIGURATION, - "user_type" => USER_TYPE_ZABBIX_ADMIN, - "node_perm" => PERM_READ_LIST, - "default_page_id" => 0, - "forse_disable_subnodes"=> true, - "pages"=>array( + 'config'=>array( + 'label' => S_CONFIGURATION, + 'user_type' => USER_TYPE_ZABBIX_ADMIN, + 'node_perm' => PERM_READ_LIST, + 'default_page_id' => 0, + 'forse_disable_subnodes'=> true, + 'pages'=>array( array( - "url"=>"config.php", - "label"=>S_GENERAL, - "sub_pages"=>array("image.php") + 'url'=>'config.php', + 'label'=>S_GENERAL, + 'sub_pages'=>array('image.php') ), array( - "url"=>"httpconf.php", - "label"=>S_WEB, - "sub_pages"=>array("popup_httpstep.php") + 'url'=>'httpconf.php', + 'label'=>S_WEB, + 'sub_pages'=>array('popup_httpstep.php') ), - array("url"=>"hosts.php" ,"label"=>S_HOSTS), + array('url'=>'hosts.php' ,'label'=>S_HOSTS), array( - "url"=>"items.php", - "label"=>S_ITEMS, - "sub_pages"=>array("tr_logform.php") + 'url'=>'items.php', + 'label'=>S_ITEMS, + 'sub_pages'=>array('tr_logform.php') ), array( - "url"=>"triggers.php", - "label"=>S_TRIGGERS, - "sub_pages"=>array("popup_trexpr.php") + 'url'=>'triggers.php', + 'label'=>S_TRIGGERS, + 'sub_pages'=>array('popup_trexpr.php') ), - array("url"=>"actionconf.php" ,"label"=>S_ACTIONS), - array("url"=>"sysmaps.php" ,"label"=>S_MAPS, - "sub_pages"=>array("sysmap.php","popup_link_tr.php") + array('url'=>'actionconf.php' ,'label'=>S_ACTIONS), + array('url'=>'sysmaps.php' ,'label'=>S_MAPS, + 'sub_pages'=>array('sysmap.php','popup_link_tr.php') ), - array("url"=>"graphs.php" ,"label"=>S_GRAPHS, - "sub_pages"=>array("popup_gitem.php") + array('url'=>'graphs.php' ,'label'=>S_GRAPHS, + 'sub_pages'=>array('popup_gitem.php') ), - array("url"=>"screenconf.php" ,"label"=>S_SCREENS, - "sub_pages"=>array("screenedit.php") + array('url'=>'screenconf.php' ,'label'=>S_SCREENS, + 'sub_pages'=>array('screenedit.php') ), - array("url"=>"services.php" ,"label"=>S_IT_SERVICES, - "sub_pages"=>array("services_form.php") + array('url'=>'services.php' ,'label'=>S_IT_SERVICES, + 'sub_pages'=>array('services_form.php') ), array('url'=>'discoveryconf.php','label'=>S_DISCOVERY), - array("url"=>"exp_imp.php" ,"label"=>S_EXPORT_IMPORT), - array("url"=>"popup.php") + array('url'=>'exp_imp.php' ,'label'=>S_EXPORT_IMPORT), + array('url'=>'popup.php') ) ), - "admin"=>array( - "label" => S_ADMINISTRATION, - "user_type" => USER_TYPE_SUPER_ADMIN, - "node_perm" => PERM_READ_WRITE, - "default_page_id" => 1, - "forse_disable_subnodes"=> true, - "pages"=>array( - ZBX_DISTRIBUTED ? array("url"=>"nodes.php" ,"label"=>S_NODES) : null , - array("url"=>"users.php" ,"label"=>S_USERS , - "sub_pages"=>array("popup_media.php", - "popup_usrgrp.php","popup_right.php","popup_users.php") + 'admin'=>array( + 'label' => S_ADMINISTRATION, + 'user_type' => USER_TYPE_SUPER_ADMIN, + 'node_perm' => PERM_READ_WRITE, + 'default_page_id' => 1, + 'forse_disable_subnodes'=> true, + 'pages'=>array( + ZBX_DISTRIBUTED ? array('url'=>'nodes.php' ,'label'=>S_NODES) : null , + array('url'=>'authentication.php' ,'label'=>S_AUTHENTICATION), + array('url'=>'users.php' ,'label'=>S_USERS , + 'sub_pages'=>array('popup_media.php','popup_usrgrp.php','popup_right.php','popup_users.php') ), - array("url"=>"media_types.php" ,"label"=>S_MEDIA_TYPES ), - array("url"=>"scripts.php" ,"label"=>S_SCRIPTS), - array("url"=>"audit.php" ,"label"=>S_AUDIT ), - array("url"=>"queue.php" ,"label"=>S_QUEUE ), - array("url"=>"report4.php" ,"label"=>S_NOTIFICATIONS ), - array("url"=>"locales.php" ,"label"=>S_LOCALES ), - array("url"=>"instal.php" ,"label"=>S_INSTALLATION , - "sub_pages"=>array("setup.php","warning.php")) + array('url'=>'media_types.php' ,'label'=>S_MEDIA_TYPES ), + array('url'=>'scripts.php' ,'label'=>S_SCRIPTS), + array('url'=>'audit.php' ,'label'=>S_AUDIT ), + array('url'=>'queue.php' ,'label'=>S_QUEUE ), + array('url'=>'report4.php' ,'label'=>S_NOTIFICATIONS ), + array('url'=>'locales.php' ,'label'=>S_LOCALES ), + array('url'=>'instal.php' ,'label'=>S_INSTALLATION , + 'sub_pages'=>array('setup.php','warning.php')) ) ), - "login"=>array( - "label" => S_LOGIN, - "default_page_id" => 0, - "forse_disable_subnodes"=> true, - "pages"=>array( - array("url"=>"index.php", - "sub_pages"=>array("profile.php") + 'login'=>array( + 'label' => S_LOGIN, + 'default_page_id' => 0, + 'forse_disable_subnodes'=> true, + 'pages'=>array( + array('url'=>'index.php', + 'sub_pages'=>array('profile.php') ) ) ) @@ -243,20 +243,17 @@ COpt::profiling_start("page"); $main_menu_row = array(); $sub_menu_row = array(); - foreach($ZBX_MENU as $label=>$sub) - { + foreach($ZBX_MENU as $label=>$sub){ // Check permissions for main menu unset($deny); - if(!defined('ZBX_PAGE_NO_AUTHERIZATION')) - { - if(isset($sub['user_type'])) - { + if(!defined('ZBX_PAGE_NO_AUTHERIZATION')){ + if(isset($sub['user_type'])){ if($USER_DETAILS['type'] < $sub['user_type']) $deny = true; } if(isset($sub['node_perm'])){ - if ( 0 == count(get_accessible_nodes_by_user( + if(0==count(get_accessible_nodes_by_user( $USER_DETAILS, $sub['node_perm'], null, @@ -330,7 +327,7 @@ COpt::profiling_start("page"); } if(isset($menu_url)){ /* active menu */ - $class = "active"; + $class = 'active'; update_profile('web.menu.'.$label.'.last', $menu_url); @@ -354,15 +351,15 @@ COpt::profiling_start("page"); else{ if(isset($deny)) continue; - $class = "horizontal_menu_n"; + $class = 'horizontal_menu_n'; $menu_url = get_profile('web.menu.'.$label.'.last',false); if(!$menu_url) - $menu_url = $sub['pages'][$sub['default_page_id']]["url"]; + $menu_url = $sub['pages'][$sub['default_page_id']]['url']; } - array_push($main_menu_row, new CCol(new CLink($sub['label'], $menu_url, "highlight"),$class)); + array_push($main_menu_row, new CCol(new CLink($sub['label'], $menu_url, 'highlight'),$class)); unset($menu_url, $class); } @@ -372,7 +369,7 @@ COpt::profiling_start("page"); zbx_flush_post_cookies(isset($denyed_page_requested)); - if($page["type"] == PAGE_TYPE_HTML) + if($page['type'] == PAGE_TYPE_HTML) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php index 9576ba2f..c0692cf4 100644 --- a/frontends/php/include/perm.inc.php +++ b/frontends/php/include/perm.inc.php @@ -35,8 +35,7 @@ CHECK USER AUTHORISATION *****************************************/ - function check_authorisation() - { + function check_authorisation(){ global $page; global $PHP_AUTH_USER,$PHP_AUTH_PW; global $USER_DETAILS; @@ -47,9 +46,9 @@ $sessionid = get_cookie("zbx_sessionid"); - if(!is_null($sessionid)) - { - $login = $USER_DETAILS = DBfetch(DBselect('SELECT u.*,s.* FROM sessions s,users u'. + if(!is_null($sessionid)){ + $login = $USER_DETAILS = DBfetch(DBselect('SELECT u.*,s.* '. + ' FROM sessions s,users u'. ' WHERE s.sessionid='.zbx_dbstr($sessionid). ' AND s.userid=u.userid'. ' AND ((s.lastaccess+u.autologout>'.time().') OR (u.autologout=0))'. @@ -60,7 +59,8 @@ } if(!$USER_DETAILS){ - $login = $USER_DETAILS = DBfetch(DBselect('SELECT u.* FROM users u '. + $login = $USER_DETAILS = DBfetch(DBselect('SELECT u.* '. + ' FROM users u '. ' WHERE u.alias='.zbx_dbstr(ZBX_GUEST_USER). ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))); if(!$USER_DETAILS){ @@ -103,8 +103,7 @@ "nodeid"=>0)); } - if(!$login || isset($incorrect_session) || isset($missed_user_guest)) - { + if(!$login || isset($incorrect_session) || isset($missed_user_guest)){ if(isset($incorrect_session)) $message = "Session was ended, please relogin!"; else if(isset($missed_user_guest)){ $row = DBfetch(DBselect('SELECT count(u.userid) as user_cnt FROM users u')); @@ -119,6 +118,28 @@ exit; } } + +/***************************************** + LDAP AUTHENTICATION +*****************************************/ +function ldap_authentication($user,$passwd,$cnf=NULL){ + if(is_null($cnf)){ + $config = select_config(); + foreach($config as $id => $value){ + if(strpos($id,'ldap_') !== false){ + $cnf[str_replace('ldap_','',$id)] = $config[$id]; + } + } + } + + $ldap = new CLdap($cnf); + $ldap->connect(); + + $result = $ldap->checkPass($user,$passwd); + +return $result; +} + /*********************************************** CHECK USER ACCESS TO SYSTEM STATUS diff --git a/frontends/php/index.php b/frontends/php/index.php index 2d25791f..f469e6df 100644 --- a/frontends/php/index.php +++ b/frontends/php/index.php @@ -56,16 +56,36 @@ // return; } - if(isset($_REQUEST["enter"])&&($_REQUEST["enter"]=="Enter")) - { - $name = get_request("name",""); - $password = md5(get_request("password","")); + if(isset($_REQUEST["enter"])&&($_REQUEST["enter"]=="Enter")){ + + $config = select_config(); + + $name = get_request('name',''); + $password = md5(get_request('password','')); + + switch($config['authentication_type']){ + case ZBX_AUTH_LDAP: + $login = ldap_authentication($name,get_request('password','')); + break; + case ZBX_AUTH_INTERNAL: + default: + $alt_auth = ZBX_AUTH_INTERNAL; + $login = true; + } - $login = $row = DBfetch(DBselect('SELECT u.userid,u.alias,u.name,u.surname,u.url,u.refresh '. + if($login){ + $login = $row = DBfetch(DBselect('SELECT u.userid,u.alias,u.name,u.surname,u.url,u.refresh,u.passwd '. ' FROM users u, users_groups ug, usrgrp g '. ' WHERE u.alias='.zbx_dbstr($name). - ' AND u.passwd='.zbx_dbstr($password). + ((ZBX_AUTH_INTERNAL==$config['authentication_type'])?' AND u.passwd='.zbx_dbstr($password):''). ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))); + } + +// update internal pass if it's different + if($login && ($row['passwd']!=$password) && (ZBX_AUTH_INTERNAL!=$config['authentication_type'])){ + DBexecute('UPDATE users SET passwd='.zbx_dbstr($password).' WHERE userid='.zbx_dbstr($row['userid'])); + } + if($login){ $login = (check_perm2login($row['userid']) && check_perm2system($row['userid'])); } @@ -80,9 +100,9 @@ add_audit(AUDIT_ACTION_LOGIN,AUDIT_RESOURCE_USER,"Correct login [".$name."]"); if(empty($row["url"])){ - global $USER_DETAILS; - $USER_DETAILS["alias"] = $row['alias']; + $USER_DETAILS['alias'] = $row['alias']; $USER_DETAILS['userid'] = $row['userid']; + $row["url"] = get_profile('web.menu.view.last','index.php'); unset($USER_DETAILS); } diff --git a/frontends/php/users.php b/frontends/php/users.php index 381dbb66..d67bef1f 100644 --- a/frontends/php/users.php +++ b/frontends/php/users.php @@ -153,7 +153,7 @@ include_once "include/page_header.php"; $_REQUEST["password1"] = get_request("password1", null); $_REQUEST["password2"] = get_request("password2", null); - if(isset($_REQUEST["password1"]) && $_REQUEST["password1"] == "" && $_REQUEST["alias"]!=ZBX_GUEST_USER){ + if(isset($_REQUEST["password1"]) && empty($_REQUEST["password1"]) && $_REQUEST["alias"]!=ZBX_GUEST_USER){ show_error_message(S_ONLY_FOR_GUEST_ALLOWED_EMPTY_PASSWORD); } else if($_REQUEST["password1"]!=$_REQUEST["password2"]){ |