1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
<?php
/*
** Zabbix
** Copyright (C) 2001-2019 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**/
class CControllerAuthenticationEdit extends CController {
protected function init() {
$this->disableSIDValidation();
}
/**
* Validate user input.
*
* @return bool
*/
protected function checkInput() {
$fields = [
'form_refresh' => 'string',
'ldap_test_user' => 'string',
'ldap_test_password' => 'string',
'change_bind_password' => 'in 0,1',
'db_authentication_type' => 'string',
'authentication_type' => 'in '.ZBX_AUTH_INTERNAL.','.ZBX_AUTH_LDAP,
'http_case_sensitive' => 'in '.ZBX_AUTH_CASE_INSENSITIVE.','.ZBX_AUTH_CASE_SENSITIVE,
'ldap_case_sensitive' => 'in '.ZBX_AUTH_CASE_INSENSITIVE.','.ZBX_AUTH_CASE_SENSITIVE,
'ldap_configured' => 'in '.ZBX_AUTH_LDAP_DISABLED.','.ZBX_AUTH_LDAP_ENABLED,
'ldap_host' => 'db config.ldap_host',
'ldap_port' => 'int32',
'ldap_base_dn' => 'db config.ldap_base_dn',
'ldap_bind_dn' => 'db config.ldap_bind_dn',
'ldap_search_attribute' => 'db config.ldap_search_attribute',
'ldap_bind_password' => 'db config.ldap_bind_password',
'http_auth_enabled' => 'in '.ZBX_AUTH_HTTP_DISABLED.','.ZBX_AUTH_HTTP_ENABLED,
'http_login_form' => 'in '.ZBX_AUTH_FORM_ZABBIX.','.ZBX_AUTH_FORM_HTTP,
'http_strip_domains' => 'db config.http_strip_domains'
];
$ret = $this->validateInput($fields);
if (!$ret) {
$this->setResponse(new CControllerResponseFatal());
}
return $ret;
}
/**
* Validate is user allowed to change configuration.
*
* @return bool
*/
protected function checkPermissions() {
return $this->getUserType() == USER_TYPE_SUPER_ADMIN;
}
protected function doAction() {
$ldap_status = (new CFrontendSetup())->checkPhpLdapModule();
$data = [
'action_submit' => 'authentication.update',
'action_passw_change' => 'authentication.edit',
'ldap_error' => ($ldap_status['result'] == CFrontendSetup::CHECK_OK) ? '' : $ldap_status['error'],
'ldap_test_password' => '',
'ldap_test_user' => CWebUser::$data['alias'],
'change_bind_password' => 0,
'form_refresh' => 0
];
if ($this->hasInput('form_refresh')) {
$this->getInputs($data, [
'form_refresh',
'change_bind_password',
'db_authentication_type',
'authentication_type',
'http_case_sensitive',
'ldap_case_sensitive',
'ldap_configured',
'ldap_host',
'ldap_port',
'ldap_base_dn',
'ldap_bind_dn',
'ldap_search_attribute',
'ldap_bind_password',
'ldap_test_user',
'ldap_test_password',
'http_auth_enabled',
'http_login_form',
'http_strip_domains'
]);
$data += select_config();
}
else {
$data += select_config();
$data['db_authentication_type'] = $data['authentication_type'];
$data['change_bind_password'] = ($data['ldap_bind_password'] === '') ? 1 : 0;
}
$data['ldap_enabled'] = ($ldap_status['result'] == CFrontendSetup::CHECK_OK
&& $data['ldap_configured'] == ZBX_AUTH_LDAP_ENABLED);
$response = new CControllerResponseData($data);
$response->setTitle(_('Configuration of authentication'));
$this->setResponse($response);
}
}
|
