2019-01-30 16:18:44 +01:00
< ? php
2019-12-17 15:23:01 +01:00
/**
2022-10-26 10:51:12 +02:00
* Authentication setup .
2019-12-17 15:23:01 +01:00
*
2022-10-26 10:51:12 +02:00
* @ category Setup
* @ package Pandora FMS
* @ subpackage Enterprise
* @ version 1.0 . 0
* @ license See below
*
* ______ ___ _______ _______ ________
2023-06-08 12:42:10 +02:00
* | __ \ .-----.--.--.--| |.-----.----.-----. | ___ | | | __ |
* | __ /| _ | | _ || _ | _ | _ | | ___ | | __ |
2022-10-26 10:51:12 +02:00
* | ___ | | ___ . _ | __ | __ | _____ || _____ | __ | | ___ . _ | | ___ | | __ | _ | __ | _______ |
*
* ============================================================================
2023-06-08 13:10:16 +02:00
* Copyright ( c ) 2007 - 2023 Pandora FMS , http :// www . pandorafms . com
2022-10-26 10:51:12 +02:00
* This code is NOT free software . This code is NOT licenced under GPL2 licence
* You cannnot redistribute it without written permission of copyright holder .
* ============================================================================
2019-12-17 15:23:01 +01:00
*/
2010-08-10 11:01:06 +02:00
global $config ;
2019-01-30 16:18:44 +01:00
check_login ();
2010-08-10 11:01:06 +02:00
2023-04-20 12:24:52 +02:00
if (( bool ) check_acl ( $config [ 'id_user' ], 0 , 'PM' ) === false && is_user_admin ( $config [ 'id_user' ]) === false ) {
2022-02-01 13:39:18 +01:00
db_pandora_audit (
AUDIT_LOG_ACL_VIOLATION ,
'Trying to access Setup Management'
);
2019-01-30 16:18:44 +01:00
include 'general/noaccess.php' ;
return ;
2010-08-10 11:01:06 +02:00
}
2019-12-17 15:23:01 +01:00
// Load enterprise extensions.
2019-01-30 16:18:44 +01:00
enterprise_include ( 'godmode/setup/setup_auth.php' );
2022-10-26 10:51:12 +02:00
if ( is_ajax () === true ) {
2019-01-30 16:18:44 +01:00
$change_auth_metod = ( bool ) get_parameter ( 'change_auth_metod' );
2022-10-26 10:51:12 +02:00
if ( $change_auth_metod === true ) {
2019-01-30 16:18:44 +01:00
$table = new StdClass ();
$table -> data = [];
$table -> width = '100%' ;
2023-03-22 16:42:03 +01:00
$table -> class = 'databox filters table_result_auth filter-table-adv' ;
2019-01-30 16:18:44 +01:00
$table -> size [ 'name' ] = '30%' ;
$table -> style [ 'name' ] = 'font-weight: bold' ;
$type_auth = ( string ) get_parameter ( 'type_auth' , '' );
2019-12-17 15:23:01 +01:00
// Field for all types except mysql.
2019-01-30 16:18:44 +01:00
if ( $type_auth != 'mysql' ) {
2019-12-17 15:23:01 +01:00
// Fallback to local authentication.
2019-01-30 16:18:44 +01:00
$row = [];
2020-05-29 11:37:06 +02:00
$row [ 'name' ] = __ ( 'Fallback to local authentication' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] = html_print_checkbox_switch (
'fallback_local_auth' ,
1 ,
$config [ 'fallback_local_auth' ],
true
);
2019-01-30 16:18:44 +01:00
$table -> data [ 'fallback_local_auth' ] = $row ;
2022-10-26 10:51:12 +02:00
if ( enterprise_installed () === true ) {
2021-11-23 10:18:20 +01:00
$is_management_allowed = is_management_allowed ();
2019-12-17 15:23:01 +01:00
// Autocreate remote users.
2019-01-30 16:18:44 +01:00
$row = [];
$row [ 'name' ] = __ ( 'Autocreate remote users' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] = html_print_checkbox_switch_extended (
'autocreate_remote_users' ,
1 ,
$config [ 'autocreate_remote_users' ],
2021-11-23 10:18:20 +01:00
( is_metaconsole () === false ) ? ! $is_management_allowed : false ,
2019-12-17 15:23:01 +01:00
'' ,
'' ,
true
) . ' ' ;
2019-01-30 16:18:44 +01:00
$table -> data [ 'autocreate_remote_users' ] = $row ;
2022-12-15 08:48:48 +01:00
$table -> data [ 'csrf_token' ] = html_print_csrf_hidden ();
2019-01-30 16:18:44 +01:00
add_enterprise_auth_autocreate_profiles ( $table , $type_auth );
}
}
switch ( $type_auth ) {
case 'ldap' :
2019-12-17 15:23:01 +01:00
// LDAP server.
2019-01-30 16:18:44 +01:00
$row = [];
$row [ 'name' ] = __ ( 'LDAP server' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] = html_print_input_text (
'ldap_server' ,
$config [ 'ldap_server' ],
'' ,
30 ,
100 ,
2023-03-22 16:42:03 +01:00
true ,
false ,
false ,
'' ,
'w400px'
2019-12-17 15:23:01 +01:00
);
2019-01-30 16:18:44 +01:00
$table -> data [ 'ldap_server' ] = $row ;
2019-12-17 15:23:01 +01:00
// LDAP port.
2019-01-30 16:18:44 +01:00
$row = [];
$row [ 'name' ] = __ ( 'LDAP port' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] = html_print_input_text (
'ldap_port' ,
$config [ 'ldap_port' ],
'' ,
10 ,
100 ,
2023-03-22 16:42:03 +01:00
true ,
false ,
false ,
'' ,
'w400px'
2019-12-17 15:23:01 +01:00
);
2019-01-30 16:18:44 +01:00
$table -> data [ 'ldap_port' ] = $row ;
2019-12-17 15:23:01 +01:00
// LDAP version.
2019-01-30 16:18:44 +01:00
$ldap_versions = [
1 => 'LDAPv1' ,
2 => 'LDAPv2' ,
3 => 'LDAPv3' ,
];
$row = [];
$row [ 'name' ] = __ ( 'LDAP version' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] = html_print_select (
$ldap_versions ,
'ldap_version' ,
$config [ 'ldap_version' ],
'' ,
'' ,
0 ,
2023-03-22 16:42:03 +01:00
true ,
false ,
true ,
'w400px'
2019-12-17 15:23:01 +01:00
);
2019-01-30 16:18:44 +01:00
$table -> data [ 'ldap_version' ] = $row ;
2019-12-17 15:23:01 +01:00
// Start TLS.
2019-01-30 16:18:44 +01:00
$row = [];
$row [ 'name' ] = __ ( 'Start TLS' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] = html_print_checkbox_switch (
'ldap_start_tls' ,
1 ,
$config [ 'ldap_start_tls' ],
true
);
2019-01-30 16:18:44 +01:00
$table -> data [ 'ldap_start_tls' ] = $row ;
2019-12-17 15:23:01 +01:00
// Base DN.
2019-01-30 16:18:44 +01:00
$row = [];
$row [ 'name' ] = __ ( 'Base DN' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] = html_print_input_text (
'ldap_base_dn' ,
$config [ 'ldap_base_dn' ],
'' ,
60 ,
100 ,
true
);
2019-01-30 16:18:44 +01:00
$table -> data [ 'ldap_base_dn' ] = $row ;
2019-12-17 15:23:01 +01:00
// Login attribute.
2019-01-30 16:18:44 +01:00
$row = [];
$row [ 'name' ] = __ ( 'Login attribute' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] = html_print_input_text (
'ldap_login_attr' ,
$config [ 'ldap_login_attr' ],
'' ,
60 ,
100 ,
true
);
2019-01-30 16:18:44 +01:00
$table -> data [ 'ldap_login_attr' ] = $row ;
2019-12-17 15:23:01 +01:00
// Admin LDAP login.
2019-01-30 16:18:44 +01:00
$row = [];
$row [ 'name' ] = __ ( 'Admin LDAP login' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] = html_print_input_text (
'ldap_admin_login' ,
$config [ 'ldap_admin_login' ],
'' ,
60 ,
100 ,
true
);
2019-01-30 16:18:44 +01:00
$table -> data [ 'ldap_admin_login' ] = $row ;
2019-12-17 15:23:01 +01:00
// Admin LDAP password.
2019-01-30 16:18:44 +01:00
$row = [];
$row [ 'name' ] = __ ( 'Admin LDAP password' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] = html_print_input_password (
'ldap_admin_pass' ,
io_output_password ( $config [ 'ldap_admin_pass' ]),
$alt = '' ,
60 ,
100 ,
2023-03-22 16:42:03 +01:00
true ,
false ,
false ,
'w400px-important'
2020-09-29 10:12:49 +02:00
);
2023-03-22 16:42:03 +01:00
2019-01-30 16:18:44 +01:00
$table -> data [ 'ldap_admin_pass' ] = $row ;
2022-03-29 18:59:27 +02:00
2022-09-22 09:27:08 +02:00
// Ldapsearch timeout.
// Default Ldapsearch timeout.
2023-06-13 13:20:28 +02:00
set_when_empty ( $config [ 'ldap_search_timeout' ], 5 );
2022-09-22 09:27:08 +02:00
$row = [];
$row [ 'name' ] = __ ( 'Ldap search timeout (secs)' );
$row [ 'control' ] = html_print_input_text (
'ldap_search_timeout' ,
$config [ 'ldap_search_timeout' ],
'' ,
10 ,
10 ,
2023-03-22 16:42:03 +01:00
true ,
false ,
false ,
'' ,
'w400px'
2022-09-22 09:27:08 +02:00
);
$table -> data [ 'ldap_search_timeout' ] = $row ;
2022-03-29 18:59:27 +02:00
// Enable/disable secondary ldap.
// Set default value.
set_unless_defined ( $config [ 'secondary_ldap_enabled' ], false );
$row = [];
$row [ 'name' ] = __ ( 'Enable secondary LDAP' );
$row [ 'control' ] .= html_print_checkbox_switch (
'secondary_ldap_enabled' ,
1 ,
$config [ 'secondary_ldap_enabled' ],
true ,
false ,
'showAndHide()'
);
$table -> data [ 'secondary_ldap_enabled' ] = $row ;
$row = [];
// LDAP server.
$row = [];
$row [ 'name' ] = __ ( 'Secondary LDAP server' );
$row [ 'control' ] = html_print_input_text (
'ldap_server_secondary' ,
$config [ 'ldap_server_secondary' ],
'' ,
30 ,
100 ,
2023-03-22 16:42:03 +01:00
true ,
false ,
false ,
'' ,
'w400px'
2022-03-29 18:59:27 +02:00
);
$table -> data [ 'ldap_server_secondary' ] = $row ;
// LDAP port.
$row = [];
$row [ 'name' ] = __ ( 'Secondary LDAP port' );
$row [ 'control' ] = html_print_input_text (
'ldap_port_secondary' ,
$config [ 'ldap_port_secondary' ],
'' ,
10 ,
100 ,
2023-03-22 16:42:03 +01:00
true ,
false ,
false ,
'' ,
'w400px'
2022-03-29 18:59:27 +02:00
);
$table -> data [ 'ldap_port_secondary' ] = $row ;
// LDAP version.
$ldap_versions = [
1 => 'LDAPv1' ,
2 => 'LDAPv2' ,
3 => 'LDAPv3' ,
];
$row = [];
$row [ 'name' ] = __ ( 'Secondary LDAP version' );
$row [ 'control' ] = html_print_select (
$ldap_versions ,
'ldap_version_secondary' ,
$config [ 'ldap_version_secondary' ],
'' ,
'' ,
0 ,
2023-03-22 16:42:03 +01:00
true ,
false ,
true ,
'w400px'
2022-03-29 18:59:27 +02:00
);
$table -> data [ 'ldap_version_secondary' ] = $row ;
// Start TLS.
$row = [];
$row [ 'name' ] = __ ( 'Secondary start TLS' );
$row [ 'control' ] = html_print_checkbox_switch (
'ldap_start_tls_secondary' ,
1 ,
$config [ 'ldap_start_tls_secondary' ],
true
);
$table -> data [ 'ldap_start_tls_secondary' ] = $row ;
// Base DN.
$row = [];
$row [ 'name' ] = __ ( 'Secondary Base DN' );
$row [ 'control' ] = html_print_input_text (
'ldap_base_dn_secondary' ,
$config [ 'ldap_base_dn_secondary' ],
'' ,
60 ,
100 ,
true
);
$table -> data [ 'ldap_base_dn_secondary' ] = $row ;
// Login attribute.
$row = [];
$row [ 'name' ] = __ ( 'Secondary Login attribute' );
$row [ 'control' ] = html_print_input_text (
'ldap_login_attr_secondary' ,
$config [ 'ldap_login_attr_secondary' ],
'' ,
60 ,
100 ,
true
);
$table -> data [ 'ldap_login_attr_secondary' ] = $row ;
// Admin LDAP login.
$row = [];
$row [ 'name' ] = __ ( 'Admin secondary LDAP login' );
$row [ 'control' ] = html_print_input_text (
'ldap_admin_login_secondary' ,
$config [ 'ldap_admin_login_secondary' ],
'' ,
60 ,
100 ,
true
);
$table -> data [ 'ldap_admin_login_secondary' ] = $row ;
// Admin LDAP password.
$row = [];
$row [ 'name' ] = __ ( 'Admin secondary LDAP password' );
$row [ 'control' ] = html_print_input_password (
'ldap_admin_pass_secondary' ,
io_output_password ( $config [ 'ldap_admin_pass_secondary' ]),
$alt = '' ,
60 ,
100 ,
2023-03-22 16:42:03 +01:00
true ,
false ,
false ,
'w400px-important'
2022-03-29 18:59:27 +02:00
);
$table -> data [ 'ldap_admin_pass_secondary' ] = $row ;
2019-01-30 16:18:44 +01:00
break ;
case 'pandora' :
case 'ad' :
case 'saml' :
case 'integria' :
2019-12-17 15:23:01 +01:00
// Add enterprise authentication options.
2022-10-26 10:51:12 +02:00
if ( enterprise_installed () === true ) {
2019-01-30 16:18:44 +01:00
add_enterprise_auth_options ( $table , $type_auth );
}
break ;
2019-12-17 15:23:01 +01:00
2022-10-26 10:51:12 +02:00
case 'mysql' :
2019-12-17 15:23:01 +01:00
default :
// Default case.
break ;
2019-01-30 16:18:44 +01:00
}
2019-12-17 15:23:01 +01:00
// Field for all types.
// Enable double authentication.
// Set default value.
2019-01-30 16:18:44 +01:00
set_unless_defined ( $config [ 'double_auth_enabled' ], false );
$row = [];
2020-05-29 11:37:06 +02:00
$row [ 'name' ] = __ ( 'Double authentication' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] .= html_print_checkbox_switch (
'double_auth_enabled' ,
1 ,
$config [ 'double_auth_enabled' ],
2020-11-26 11:02:48 +01:00
true ,
false ,
'showAndHide()'
2019-12-17 15:23:01 +01:00
);
2019-01-30 16:18:44 +01:00
$table -> data [ 'double_auth_enabled' ] = $row ;
2020-09-30 14:20:57 +02:00
// Enable 2FA for all users.
// Set default value.
2020-11-26 18:11:30 +01:00
set_unless_defined ( $config [ '2FA_all_users' ], false );
$row = [];
$row [ 'name' ] = __ ( 'Force 2FA for all users is enabled' );
$row [ 'control' ] .= html_print_checkbox_switch (
'2FA_all_users' ,
1 ,
$config [ '2FA_all_users' ],
true
);
2022-10-26 10:51:12 +02:00
if (( bool ) $config [ 'double_auth_enabled' ] === false ) {
2020-11-26 18:11:30 +01:00
$table -> rowclass [ '2FA_all_users' ] = 'invisible' ;
} else {
$table -> rowclass [ '2FA_all_users' ] = '' ;
}
2023-06-08 14:06:15 +02:00
$table -> data [ '2FA_all_users' ] = $row ;
// Session timeout behavior.
// Set default value.
$row = [];
$options = [
'check_activity' => __ ( 'Check activity' ),
'ignore_activity' => __ ( 'Ignore activity' ),
];
$row [ 'name' ] = __ ( 'Control of timeout session' ) . ui_print_help_tip ( __ ( 'Select \'ignore activity\' to ignore user activity when checking the session.' ), true );
$row [ 'control' ] = html_print_select (
$options ,
'control_session_timeout' ,
$config [ 'control_session_timeout' ],
'' ,
'' ,
0 ,
true
);
$table -> data [ 'session_timeouts' ] = $row ;
2020-11-26 16:25:21 +01:00
2020-09-30 14:20:57 +02:00
2019-12-17 15:23:01 +01:00
// Session timeout.
// Default session timeout.
2019-01-30 16:18:44 +01:00
set_when_empty ( $config [ 'session_timeout' ], 90 );
$row = [];
2020-05-29 11:37:06 +02:00
$row [ 'name' ] = __ ( 'Session timeout (mins)' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] = html_print_input_text (
'session_timeout' ,
$config [ 'session_timeout' ],
'' ,
10 ,
10 ,
2023-03-22 16:42:03 +01:00
true ,
false ,
false ,
'' ,
'w400px'
2019-12-17 15:23:01 +01:00
);
2019-01-30 16:18:44 +01:00
$table -> data [ 'session_timeout' ] = $row ;
html_print_table ( $table );
return ;
}
2016-11-04 14:10:07 +01:00
}
2019-01-30 16:18:44 +01:00
require_once $config [ 'homedir' ] . '/include/functions_profile.php' ;
2016-11-04 14:10:07 +01:00
2015-06-25 10:07:53 +02:00
$table = new StdClass ();
2019-01-30 16:18:44 +01:00
$table -> data = [];
2015-06-25 10:07:53 +02:00
$table -> width = '100%' ;
2023-03-22 16:42:03 +01:00
$table -> class = 'databox filters filter-table-adv' ;
2015-08-13 10:58:23 +02:00
$table -> size [ 'name' ] = '30%' ;
2019-01-30 16:18:44 +01:00
$table -> style [ 'name' ] = 'font-weight: bold' ;
2015-08-13 10:58:23 +02:00
2019-12-17 15:23:01 +01:00
// Auth methods added to the table (doesn't take in account mysql).
2019-01-30 16:18:44 +01:00
$auth_methods_added = [];
2015-08-13 10:58:23 +02:00
2019-12-17 15:23:01 +01:00
// Remote options row names.
// Fill this array for every matched row.
2019-01-30 16:18:44 +01:00
$remote_rows = [];
2015-08-13 10:58:23 +02:00
2019-12-17 15:23:01 +01:00
// Autocreate options row names.
// Fill this array for every matched row.
2019-01-30 16:18:44 +01:00
$autocreate_rows = [];
$no_autocreate_rows = [];
2010-08-10 11:01:06 +02:00
2019-12-17 15:23:01 +01:00
// LDAP data row names.
// Fill this array for every matched row.
2019-01-30 16:18:44 +01:00
$ldap_rows = [];
2015-08-13 10:58:23 +02:00
2019-12-17 15:23:01 +01:00
// Method.
2019-01-30 16:18:44 +01:00
$auth_methods = [
'mysql' => __ ( 'Local %s' , get_product_name ()),
'ldap' => __ ( 'ldap' ),
];
2022-10-26 10:51:12 +02:00
if ( enterprise_installed () === true ) {
2019-01-30 16:18:44 +01:00
add_enterprise_auth_methods ( $auth_methods );
2013-08-07 10:26:26 +02:00
}
2016-11-04 14:10:07 +01:00
2019-01-30 16:18:44 +01:00
$row = [];
2015-08-13 10:58:23 +02:00
$row [ 'name' ] = __ ( 'Authentication method' );
2019-12-17 15:23:01 +01:00
$row [ 'control' ] = html_print_select (
$auth_methods ,
'auth' ,
$config [ 'auth' ],
'' ,
'' ,
0 ,
2023-03-22 16:42:03 +01:00
true ,
false ,
true ,
'w400px'
2019-12-17 15:23:01 +01:00
);
2015-08-13 10:58:23 +02:00
$table -> data [ 'auth' ] = $row ;
2019-12-17 15:23:01 +01:00
// Form.
2023-03-22 16:42:03 +01:00
echo '<form id="form_setup" class="max_floating_element_size" method="post">' ;
2015-08-13 10:58:23 +02:00
2022-10-26 10:51:12 +02:00
if ( is_metaconsole () === false ) {
2019-01-30 16:18:44 +01:00
html_print_input_hidden ( 'update_config' , 1 );
} else {
2019-12-17 15:23:01 +01:00
// To use it in the metasetup.
2019-01-30 16:18:44 +01:00
html_print_input_hidden ( 'action' , 'save' );
html_print_input_hidden ( 'hash_save_config' , md5 ( 'save' . $config [ 'dbpass' ]));
2015-08-13 10:58:23 +02:00
}
2022-12-15 08:48:48 +01:00
html_print_csrf_hidden ();
2019-01-30 16:18:44 +01:00
html_print_table ( $table );
2022-10-26 10:51:12 +02:00
html_print_div ([ 'id' => 'table_auth_result' ]);
2023-03-22 16:42:03 +01:00
html_print_action_buttons (
html_print_submit_button (
__ ( 'Update' ),
'update_button' ,
false ,
[ 'icon' => 'update' ],
true
)
2019-12-17 15:23:01 +01:00
);
2022-10-26 10:51:12 +02:00
2010-08-10 11:01:06 +02:00
echo '</form>' ;
?>
< script type = " text/javascript " >
2020-09-30 14:20:57 +02:00
2020-11-26 18:11:30 +01:00
function showAndHide () {
if ( $ ( 'input[type=checkbox][name=double_auth_enabled]:checked' ) . val () == 1 ) {
$ ( '#table1-2FA_all_users' ) . removeClass ( 'invisible' );
$ ( '#table1-2FA_all_users-name' ) . removeClass ( 'invisible' );
$ ( '#table1-2FA_all_users-control' ) . removeClass ( 'invisible' );
$ ( '#table1-2FA_all_users' ) . show ();
} else {
$ ( '#table1-2FA_all_users' ) . hide ();
}
2022-03-29 18:59:27 +02:00
if ( $ ( 'input[type=checkbox][name=secondary_ldap_enabled]:checked' ) . val () == 1 ) {
$ ( " tr[id*='ldap_'][id $ ='_secondary'] " ) . show ();
} else {
2023-06-13 12:37:28 +02:00
$ ( " tr[id*='ldap_'][id $ ='_secondary'] " ) . hide ();
}
if ( $ ( 'input[type=checkbox][name=secondary_active_directory]:checked' ) . val () == 1 ) {
$ ( " tr[id*='ad_'][id $ ='_secondary'] " ) . show ();
} else {
$ ( " tr[id*='ad_'][id $ ='_secondary'] " ) . hide ();
2022-03-29 18:59:27 +02:00
}
2020-11-26 11:02:48 +01:00
}
$ ( document ) . ready ( function () {
2020-11-26 18:11:30 +01:00
2020-11-26 11:02:48 +01:00
});
//For change autocreate remote users
2020-11-25 13:07:38 +01:00
2019-01-30 16:18:44 +01:00
$ ( '#auth' ) . on ( 'change' , function (){
type_auth = $ ( '#auth' ) . val ();
$ . ajax ({
type : " POST " ,
url : " <?php echo ui_get_full_url('ajax.php', false, false, false); ?> " ,
data : " page=godmode/setup/setup_auth&change_auth_metod=1&type_auth= " + type_auth ,
dataType : " html " ,
success : function ( data ) {
$ ( '.table_result_auth' ) . remove ();
$ ( '#table_auth_result' ) . append ( data );
2022-03-29 18:59:27 +02:00
showAndHide ();
2019-01-30 16:18:44 +01:00
}
});
}) . change ();
2010-08-10 11:01:06 +02:00
</ script >
