if ($login) { if ($login['attempt_failed'] >= ZBX_LOGIN_ATTEMPTS) { sleep(ZBX_LOGIN_BLOCK); } switch (get_user_auth($login['userid'])) { case GROUP_GUI_ACCESS_INTERNAL: $authentication_type = ZBX_AUTH_INTERNAL; break; case GROUP_GUI_ACCESS_SYSTEM: case GROUP_GUI_ACCESS_DISABLED: default: break; } switch ($authentication_type) { case ZBX_AUTH_LDAP: $login = ldap_authentication($name, get_request('password', '')); break; case ZBX_AUTH_HTTP: $login = true; break; case ZBX_AUTH_INTERNAL: default: $alt_auth = ZBX_AUTH_INTERNAL; $login = true; } } if ($login) { $login = $row = DBfetch(DBselect('SELECT u.userid,u.alias,u.name,u.surname,u.url,u.refresh,u.passwd ' . ' FROM users u, users_groups ug, usrgrp g ' . ' WHERE u.alias=' . zbx_dbstr($name) . (ZBX_AUTH_INTERNAL == $authentication_type ? ' AND u.passwd=' . zbx_dbstr($password) : '') . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID))); } /* update internal pass if it's different if($login && ($row['passwd']!=$password) && (ZBX_AUTH_INTERNAL!=$authentication_type)){
} show_messages($result, S_LDAP . SPACE . S_UPDATED, S_LDAP . SPACE . S_WAS_NOT . SPACE . S_UPDATED); if ($result) { add_audit(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_ZABBIX_CONFIG, S_LDAP); } } else { if (isset($_REQUEST['test'])) { $alias = get_request('user', $USER_DETAILS['alias']); $passwd = get_request('user_password', ''); $config = select_config(); foreach ($config as $id => $value) { if (isset($_REQUEST[$id])) { $ldap_cnf[str_replace('ldap_', '', $id)] = $_REQUEST[$id]; } } $result = ldap_authentication($alias, $passwd, $ldap_cnf); show_messages($result, S_LDAP . SPACE . S_LOGIN . SPACE . S_SUCCESSFUL_SMALL, S_LDAP . SPACE . S_LOGIN . SPACE . S_WAS_NOT . SPACE . S_SUCCESSFUL_SMALL); } } } else { if (ZBX_AUTH_HTTP == $_REQUEST['config']) { if (isset($_REQUEST['save'])) { if (ZBX_AUTH_HTTP == $_REQUEST['authentication_type']) { $sql = 'SELECT COUNT(g.usrgrpid) as cnt_usrgrp FROM usrgrp g WHERE g.gui_access=' . GROUP_GUI_ACCESS_INTERNAL; $res = DBfetch(DBselect($sql)); if ($res['cnt_usrgrp'] > 0) { info('Exists [' . $res['cnt_usrgrp'] . '] groups with [' . S_INTERNAL_S . '] GUI access.'); } } $config = select_config(); $cur_auth_type = $config['authentication_type'];
function user_login($name, $passwd, $auth_type) { global $USER_DETAILS, $ZBX_LOCALNODEID; $password = md5($passwd); $sql = 'SELECT u.userid,u.attempt_failed, u.attempt_clock, u.attempt_ip ' . ' FROM users u ' . ' WHERE u.alias=' . zbx_dbstr($name); //SQL to BLOCK attempts // .' AND ( attempt_failed<'.ZBX_LOGIN_ATTEMPTS. // ' OR (attempt_failed>'.(ZBX_LOGIN_ATTEMPTS-1). // ' AND ('.time().'-attempt_clock)>'.ZBX_LOGIN_BLOCK.'))'; $login = $attempt = DBfetch(DBselect($sql)); if ($name != ZBX_GUEST_USER && zbx_empty($passwd)) { $login = $attempt = false; } if ($login) { if ($login['attempt_failed'] >= ZBX_LOGIN_ATTEMPTS) { sleep(ZBX_LOGIN_BLOCK); } switch (get_user_auth($login['userid'])) { case GROUP_GUI_ACCESS_INTERNAL: $auth_type = ZBX_AUTH_INTERNAL; break; case GROUP_GUI_ACCESS_SYSTEM: case GROUP_GUI_ACCESS_DISABLED: default: break; } switch ($auth_type) { case ZBX_AUTH_LDAP: $login = ldap_authentication($name, $passwd); break; case ZBX_AUTH_HTTP: $login = true; break; case ZBX_AUTH_INTERNAL: default: $alt_auth = ZBX_AUTH_INTERNAL; $login = true; } } if ($login) { $sql = 'SELECT u.userid,u.alias,u.name,u.surname,u.url,u.refresh,u.passwd ' . ' FROM users u, users_groups ug, usrgrp g ' . ' WHERE u.alias=' . zbx_dbstr($name) . (ZBX_AUTH_INTERNAL == $auth_type ? ' AND u.passwd=' . zbx_dbstr($password) : '') . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID); $login = $user = DBfetch(DBselect($sql)); } /* update internal pass if it's different if($login && ($row['passwd']!=$password) && (ZBX_AUTH_INTERNAL!=$auth_type)){ DBexecute('UPDATE users SET passwd='.zbx_dbstr($password).' WHERE userid='.$row['userid']); } */ if ($login) { $login = check_perm2login($user['userid']) && check_perm2system($user['userid']); } if ($login) { $sessionid = zbx_session_start($user['userid'], $name, $password); add_audit(AUDIT_ACTION_LOGIN, AUDIT_RESOURCE_USER, 'Correct login [' . $name . ']'); if (empty($user['url'])) { $user['url'] = get_profile('web.menu.view.last', 'index.php'); } $USER_DETAILS = $user; $login = $sessionid; } else { $user = NULL; $_REQUEST['message'] = 'Login name or password is incorrect'; add_audit(AUDIT_ACTION_LOGIN, AUDIT_RESOURCE_USER, 'Login failed [' . $name . ']'); if ($attempt) { $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $attempt['attempt_failed']++; $sql = 'UPDATE users SET attempt_failed=' . $attempt['attempt_failed'] . ', attempt_clock=' . time() . ', attempt_ip=' . zbx_dbstr($ip) . ' WHERE userid=' . $attempt['userid']; DBexecute($sql); } } return $login; }