tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed setup_auth ticket: 4170 

(cherry picked from commit 3389fa28a3)
This commit is contained in:
daniel 2016-11-04 14:10:07 +01:00
parent f3c21b4612
commit 7fc30b3275
1 changed files with 131 additions and 247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

378
pandora_console/godmode/setup/setup_auth.php
View File

@ -26,11 +26,126 @@ if (! check_acl ($config['id_user'], 0, "PM") && ! is_user_admin ($config['id_us
return; return;
} }
include_once($config['homedir'] . "/include/functions_profile.php");
// Load enterprise extensions // Load enterprise extensions
enterprise_include ('godmode/setup/setup_auth.php'); enterprise_include ('godmode/setup/setup_auth.php');
if (is_ajax ()) {
$change_auth_metod = (bool) get_parameter ('change_auth_metod');
if($change_auth_metod){
$table = new StdClass();
$table->data = array ();
$table->width = '100%';
$table->class = 'databox filters table_result_auth';
$table->size['name'] = '30%';
$table->style['name'] = "font-weight: bold";
$type_auth = (string) get_parameter ('type_auth', '');
//field for all types except mysql
if($type_auth != 'mysql'){
// Fallback to local authentication
$row = array();
$row['name'] = __('Fallback to local authentication')
. ui_print_help_tip(__("Enable this option if you want to fallback to local authentication when remote (ldap etc...) authentication failed."), true);
$row['control'] = __('Yes').' '.html_print_radio_button('fallback_local_auth', 1, '', $config['fallback_local_auth'], true).'  ';
$row['control'] .= __('No').' '.html_print_radio_button('fallback_local_auth', 0, '', $config['fallback_local_auth'], true);
$table->data['fallback_local_auth'] = $row;
// Autocreate remote users
$row = array();
$row['name'] = __('Autocreate remote users');
$row['control'] = __('Yes').' '.html_print_radio_button_extended('autocreate_remote_users', 1, '', $config['autocreate_remote_users'], false, '', '', true).'  ';
$row['control'] .= __('No').' '.html_print_radio_button_extended('autocreate_remote_users', 0, '', $config['autocreate_remote_users'], false, '', '', true);
$table->data['autocreate_remote_users'] = $row;
}
switch ($type_auth) {
case "mysql":
break;
case "ldap":
// LDAP server
$row = array();
$row['name'] = __('LDAP server');
$row['control'] = html_print_input_text('ldap_server', $config['ldap_server'], '', 30, 100, true);
$table->data['ldap_server'] = $row;
// LDAP port
$row = array();
$row['name'] = __('LDAP port');
$row['control'] = html_print_input_text('ldap_port', $config['ldap_port'], '', 10, 100, true);
$table->data['ldap_port'] = $row;
// LDAP version
$ldap_versions = array (1 => 'LDAPv1', 2 => 'LDAPv2', 3 => 'LDAPv3');
$row = array();
$row['name'] = __('LDAP version');
$row['control'] = html_print_select($ldap_versions, 'ldap_version', $config['ldap_version'], '', '', 0, true);
$table->data['ldap_version'] = $row;
// Start TLS
$row = array();
$row['name'] = __('Start TLS');
$row['control'] = __('Yes').' '.html_print_radio_button ('ldap_start_tls', 1, '', $config['ldap_start_tls'], true).'  ';
$row['control'] .= __('No').' '.html_print_radio_button ('ldap_start_tls', 0, '', $config['ldap_start_tls'], true);
$table->data['ldap_start_tls'] = $row;
// Base DN
$row = array();
$row['name'] = __('Base DN');
$row['control'] = html_print_input_text ('ldap_base_dn', $config['ldap_base_dn'], '', 60, 100, true);
$table->data['ldap_base_dn'] = $row;
// Login attribute
$row = array();
$row['name'] = __('Login attribute');
$row['control'] = html_print_input_text ('ldap_login_attr', $config['ldap_login_attr'], '', 60, 100, true);
$table->data['ldap_login_attr'] = $row;
break;
case 'pandora':
case 'babel':
case 'ad':
case 'saml':
case 'integria':
// Add enterprise authentication options
if (enterprise_installed()) {
add_enterprise_auth_options($table, $type_auth);
}
break;
}
// field for all types
// Enable double authentication
// Set default value
set_unless_defined($config['double_auth_enabled'], false);
$row = array();
$row['name'] = __('Double authentication')
. ui_print_help_tip(__("If this option is enabled, the users can use double authentication with their accounts"), true);
$row['control'] = __('Yes') . ' ';
$row['control'] .= html_print_radio_button('double_auth_enabled', 1, '', $config['double_auth_enabled'], true);
$row['control'] .= '  ';
$row['control'] .= __('No') .' ';
$row['control'] .= html_print_radio_button('double_auth_enabled', 0, '', $config['double_auth_enabled'], true);
$table->data['double_auth_enabled'] = $row;
// Session timeout
// Default session timeout
set_when_empty ($config["session_timeout"], 90);
$row = array();
$row['name'] = __('Session timeout (mins)')
. ui_print_help_tip(__("This is defined in minutes"), true);
$row['control'] = html_print_input_text ('session_timeout', $config["session_timeout"], '', 10, 10, true);
$table->data['session_timeout'] = $row;
html_print_table($table);
return;
}
}
include_once($config['homedir'] . "/include/functions_profile.php");
$table = new StdClass(); $table = new StdClass();
$table->data = array (); $table->data = array ();
$table->width = '100%'; $table->width = '100%';
@ -59,183 +174,12 @@ $auth_methods = array ('mysql' => __('Local Pandora FMS'), 'ldap' => __('ldap'))
if (enterprise_installed()) { if (enterprise_installed()) {
add_enterprise_auth_methods($auth_methods); add_enterprise_auth_methods($auth_methods);
} }
$row = array(); $row = array();
$row['name'] = __('Authentication method'); $row['name'] = __('Authentication method');
$row['control'] = html_print_select($auth_methods, 'auth', $config['auth'], '', '', 0, true); $row['control'] = html_print_select($auth_methods, 'auth', $config['auth'], '', '', 0, true);
$table->data['auth'] = $row; $table->data['auth'] = $row;
// Fallback to local authentication
$row = array();
$row['name'] = __('Fallback to local authentication')
. ui_print_help_tip(__("Enable this option if you want to fallback to local authentication when remote (ldap etc...) authentication failed."), true);
$row['control'] = __('Yes').' '.html_print_radio_button('fallback_local_auth', 1, '', $config['fallback_local_auth'], true).'  ';
$row['control'] .= __('No').' '.html_print_radio_button('fallback_local_auth', 0, '', $config['fallback_local_auth'], true);
$table->data['fallback_local_auth'] = $row;
$remote_rows[] = 'fallback_local_auth';
// Autocreate remote users
$row = array();
$row['name'] = __('Autocreate remote users');
$row['control'] = __('Yes').' '.html_print_radio_button_extended('autocreate_remote_users', 1, '', $config['autocreate_remote_users'], false, '', '', true).'  ';
$row['control'] .= __('No').' '.html_print_radio_button_extended('autocreate_remote_users', 0, '', $config['autocreate_remote_users'], false, '', '', true);
$table->data['autocreate_remote_users'] = $row;
$remote_rows[] = 'autocreate_remote_users';
// Autocreate blacklist
$row = array();
$row['name'] = __('Autocreate blacklist') . ui_print_help_icon ('autocreate_blacklist', true);
$row['control'] = html_print_input_text('autocreate_blacklist', $config['autocreate_blacklist'], '', 60, 100, true);
$table->data['autocreate_blacklist'] = $row;
$remote_rows[] = 'autocreate_blacklist';
$autocreate_rows[] = 'autocreate_blacklist';
// Add enterprise authentication options
if (enterprise_installed()) {
$enterprise_auth_options_added = add_enterprise_auth_options($table);
array_merge($auth_methods_added, $enterprise_auth_options_added);
}
// Autocreate profile
$profile_list = profile_get_profiles ();
if ($profile_list === false) {
$profile_list = array ();
}
$row = array();
$row['name'] = __('Autocreate profile');
$row['control'] = html_print_select($profile_list, 'default_remote_profile', $config['default_remote_profile'], '', '', '', true, false, true, '', $config['autocreate_remote_users'] == 0);
$table->data['default_remote_profile'] = $row;
// Autocreate profile group
$row = array();
$row['name'] = __('Autocreate profile group');
$row['control'] = html_print_select_groups($config['id_user'], "AR", true, 'default_remote_group', $config['default_remote_group'], '', '', '', true, false, true, '', $config['autocreate_remote_users'] == 0);
$table->data['default_remote_group'] = $row;
// Autocreate profile tags
$tags = tags_get_all_tags();
$row = array();
$row['name'] = __('Autocreate profile tags');
$row['control'] = html_print_select($tags, 'default_assign_tags[]', explode(',', $config['default_assign_tags']), '', __('Any'), '', true, true);
$table->data['default_assign_tags'] = $row;
if (((int)$config['autocreate_remote_users'] === 1) && ((int)$config['ad_advanced_config'] === 1)) {
$table->rowstyle['default_remote_profile'] = 'display:none;';
$table->rowstyle['default_remote_group'] = 'display:none;';
$table->rowstyle['default_assign_tags'] = 'display:none;';
$no_autocreate_rows[] = 'default_remote_profile';
$no_autocreate_rows[] = 'default_remote_group';
$no_autocreate_rows[] = 'default_assign_tags';
}
else {
$autocreate_rows[] = 'default_remote_profile';
$autocreate_rows[] = 'default_remote_group';
$autocreate_rows[] = 'default_assign_tags';
$remote_rows[] = 'default_remote_group';
$remote_rows[] = 'default_remote_profile';
$remote_rows[] = 'default_assign_tags';
}
// Add the remote class to the remote rows
foreach ($remote_rows as $name) {
if (!isset($table->rowclass[$name]))
$table->rowclass[$name] = '';
$table->rowclass[$name] .= ' remote';
}
// Add the remote class to the no autocreate rows
foreach ($no_autocreate_rows as $name) {
if (!isset($table->rowclass[$name]))
$table->rowclass[$name] = '';
$table->rowclass[$name] .= ' no_autocreate';
}
// Add the autocreate class to the autocreate rows
foreach ($autocreate_rows as $name) {
if (!isset($table->rowclass[$name]))
$table->rowclass[$name] = '';
$table->rowclass[$name] .= ' autocreate';
}
/* ------ LDAP ------ */
// LDAP server
$row = array();
$row['name'] = __('LDAP server');
$row['control'] = html_print_input_text('ldap_server', $config['ldap_server'], '', 30, 100, true);
$table->data['ldap_server'] = $row;
$ldap_rows[] = 'ldap_server';
// LDAP port
$row = array();
$row['name'] = __('LDAP port');
$row['control'] = html_print_input_text('ldap_port', $config['ldap_port'], '', 10, 100, true);
$table->data['ldap_port'] = $row;
$ldap_rows[] = 'ldap_port';
// LDAP version
$ldap_versions = array (1 => 'LDAPv1', 2 => 'LDAPv2', 3 => 'LDAPv3');
$row = array();
$row['name'] = __('LDAP version');
$row['control'] = html_print_select($ldap_versions, 'ldap_version', $config['ldap_version'], '', '', 0, true);
$table->data['ldap_version'] = $row;
$ldap_rows[] = 'ldap_version';
// Start TLS
$row = array();
$row['name'] = __('Start TLS');
$row['control'] = __('Yes').' '.html_print_radio_button ('ldap_start_tls', 1, '', $config['ldap_start_tls'], true).'  ';
$row['control'] .= __('No').' '.html_print_radio_button ('ldap_start_tls', 0, '', $config['ldap_start_tls'], true);
$table->data['ldap_start_tls'] = $row;
$ldap_rows[] = 'ldap_start_tls';
// Base DN
$row = array();
$row['name'] = __('Base DN');
$row['control'] = html_print_input_text ('ldap_base_dn', $config['ldap_base_dn'], '', 60, 100, true);
$table->data['ldap_base_dn'] = $row;
$ldap_rows[] = 'ldap_base_dn';
// Login attribute
$row = array();
$row['name'] = __('Login attribute');
$row['control'] = html_print_input_text ('ldap_login_attr', $config['ldap_login_attr'], '', 60, 100, true);
$table->data['ldap_login_attr'] = $row;
$ldap_rows[] = 'ldap_login_attr';
// Add the ldap class to the LDAP rows
foreach ($ldap_rows as $name) {
if (!isset($table->rowclass[$name]))
$table->rowclass[$name] = '';
$table->rowclass[$name] = ' ' . 'ldap';
}
$auth_methods_added[] = 'ldap';
// Enable double authentication
// Set default value
set_unless_defined($config['double_auth_enabled'], false);
$row = array();
$row['name'] = __('Double authentication')
. ui_print_help_tip(__("If this option is enabled, the users can use double authentication with their accounts"), true);
$row['control'] = __('Yes') . ' ';
$row['control'] .= html_print_radio_button('double_auth_enabled', 1, '', $config['double_auth_enabled'], true);
$row['control'] .= '  ';
$row['control'] .= __('No') .' ';
$row['control'] .= html_print_radio_button('double_auth_enabled', 0, '', $config['double_auth_enabled'], true);
$table->data['double_auth_enabled'] = $row;
// Session timeout
// Default session timeout
set_when_empty ($config["session_timeout"], 90);
$row = array();
$row['name'] = __('Session timeout (mins)')
. ui_print_help_tip(__("This is defined in minutes"), true);
$row['control'] = html_print_input_text ('session_timeout', $config["session_timeout"], '', 10, 10, true);
$table->data['session_timeout'] = $row;
// Form // Form
echo '<form id="form_setup" method="post">'; echo '<form id="form_setup" method="post">';
@ -249,6 +193,7 @@ else {
} }
html_print_table ($table); html_print_table ($table);
echo '<div id="table_auth_result"></div>';
echo '<div class="action-buttons" style="width: '.$table->width.'">'; echo '<div class="action-buttons" style="width: '.$table->width.'">';
html_print_submit_button (__('Update'), 'update_button', false, 'class="sub upd"'); html_print_submit_button (__('Update'), 'update_button', false, 'class="sub upd"');
echo '</div>'; echo '</div>';
@ -256,79 +201,18 @@ echo '</form>';
?> ?>
<script type="text/javascript"> <script type="text/javascript">
// Get $('#auth').on('change', function(){
var auth_methods = $.map($('select#auth option'), function(option) { console.log('poco a poco');
return option.value; type_auth = $('#auth').val();
}); $.ajax({
// Add the click event and perform it once type: "POST",
// for process the action on the section load url: "<?php echo ui_get_full_url('ajax.php', false, false, false); ?>",
$('input[name="autocreate_remote_users"]').change(show_autocreate_options).change(); data: "page=godmode/setup/setup_auth&change_auth_metod=1&type_auth=" + type_auth,
dataType: "html",
// Add the auth select change event and perform it once success: function(data) {
// for process the action on the section load $('.table_result_auth').remove();
$('select#auth').change(show_selected_rows).change(); $('#table_auth_result').append(data);
// Event callback for the auth select
function show_selected_rows (event) {
var auth_method = $(this).val();
if (auth_method !== 'mysql') {
$('tr.remote').show();
if (auth_method == 'saml') {
$('tr#table2-autocreate_remote_users').hide();
} }
show_autocreate_options(null);
}
else {
$('tr.remote').hide();
$('tr.autocreate').hide();
}
// Hide all the auth methods (except mysql)
_.each(auth_methods, function(value, key) {
if (value !== 'mysql')
$('tr.' + value).hide();
}); });
}).change();
// Show the selected auth method
$('tr.' + auth_method).show();
}
// Event callback for the autocreate remote users radio buttons
function show_autocreate_options(event) {
var remote_auto = $('input:radio[name=autocreate_remote_users]:checked').val();
var authentication_method_value = $('#auth').val();
var disabled = false;
if (authentication_method_value != 'ad')
disabled = true;
if (remote_auto == 0)
disabled = true;
$('select#default_remote_profile').prop('disabled', disabled);
$('select#default_remote_group').prop('disabled', disabled);
$('select#default_assign_tags').prop('disabled', disabled);
$('input#text-autocreate_blacklist').prop('disabled', disabled);
// Show when disabled = false and hide when disabled = true
if (disabled)
$('tr.autocreate').hide();
else
$('tr.autocreate').show();
if (typeof $('input:radio[name=ad_advanced_config]') !== 'undefined') {
advanced_value = $('input:radio[name=ad_advanced_config]:checked').val();
if (disabled) {
$('tr.ad_advanced').hide();
$('tr.no_autocreate').hide();
$('input:radio[name=ad_advanced_config][value=0]').prop('checked', true);
$('input:radio[name=ad_advanced_config][value=1]').prop('checked', false);
$('input:radio[name=ad_advanced_config][value=1]').prop('checked', '');
}
else {
if (advanced_value == 0) {
$('tr.no_autocreate').show();
$('#table4-ad_adv_perms').removeClass("ad");
$('#table4-ad_adv_perms2').removeClass("ad");
}
}
}
}
</script> </script>