Zabbix
Public
Source
xxxxxxxxxx $result = $result !== false && $ins_ldap_servers ? API::UserDirectory()->create($ins_ldap_servers) : $result;<?php/*** Copyright (C) 2001-2025 Zabbix SIA**** This program is free software: you can redistribute it and/or modify it under the terms of** the GNU Affero General Public License as published by the Free Software Foundation, version 3.**** This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;** without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.** See the GNU Affero General Public License for more details.**** You should have received a copy of the GNU Affero General Public License along with this program.** If not, see <https://www.gnu.org/licenses/>.**/class CControllerAuthenticationUpdate extends CController { /** * @var CControllerResponseRedirect */ private $response; private const PROVISION_ENABLED_FIELDS = ['group_basedn', 'group_member', 'group_membership', 'group_name', 'user_username', 'user_lastname', 'uer_ref_attr', 'provision_groups', 'provision_media' ]; protected function init() { $this->response = new CControllerResponseRedirect( (new CUrl('zabbix.php'))->setArgument('action', 'authentication.edit') ); } protected function checkInput() { global $ALLOW_HTTP_AUTH; $fields = [ 'form_refresh' => 'int32', 'authentication_type' => 'in '.ZBX_AUTH_INTERNAL.','.ZBX_AUTH_LDAP, 'disabled_usrgrpid' => 'id', 'ldap_auth_enabled' => 'in '.ZBX_AUTH_LDAP_DISABLED.','.ZBX_AUTH_LDAP_ENABLED, 'ldap_servers' => 'array', 'ldap_default_row_index' => 'int32', 'ldap_case_sensitive' => 'in '.ZBX_AUTH_CASE_INSENSITIVE.','.ZBX_AUTH_CASE_SENSITIVE, 'ldap_removed_userdirectoryids' => 'array_id', 'ldap_jit_status' => 'in '.JIT_PROVISIONING_DISABLED.','.JIT_PROVISIONING_ENABLED, 'jit_provision_interval' => 'time_unit_year '.implode(':', [SEC_PER_HOUR, 25 * SEC_PER_YEAR]), 'saml_auth_enabled' => 'in '.ZBX_AUTH_SAML_DISABLED.','.ZBX_AUTH_SAML_ENABLED, 'saml_jit_status' => 'in '.JIT_PROVISIONING_DISABLED.','.JIT_PROVISIONING_ENABLED, 'idp_entityid' => 'db userdirectory_saml.idp_entityid', 'sso_url' => 'db userdirectory_saml.sso_url', 'slo_url' => 'db userdirectory_saml.slo_url', 'username_attribute' => 'db userdirectory_saml.username_attribute', 'sp_entityid' => 'db userdirectory_saml.sp_entityid', 'nameid_format' => 'db userdirectory_saml.nameid_format', 'sign_messages' => 'in 0,1', 'sign_assertions' => 'in 0,1', 'sign_authn_requests' => 'in 0,1', 'sign_logout_requests' => 'in 0,1', 'sign_logout_responses' => 'in 0,1', 'encrypt_nameid' => 'in 0,1', 'encrypt_assertions' => 'in 0,1', 'saml_case_sensitive' => 'in '.ZBX_AUTH_CASE_INSENSITIVE.','.ZBX_AUTH_CASE_SENSITIVE, 'saml_provision_status' => 'in '.JIT_PROVISIONING_DISABLED.','.JIT_PROVISIONING_ENABLED, 'saml_group_name' => 'db userdirectory_saml.group_name', 'saml_user_username' => 'db userdirectory_saml.user_username', 'saml_user_lastname' => 'db userdirectory_saml.user_lastname', 'saml_provision_groups' => 'array', 'saml_provision_media' => 'array', 'scim_status' => 'in '.ZBX_AUTH_SCIM_PROVISIONING_DISABLED.','.ZBX_AUTH_SCIM_PROVISIONING_ENABLED, 'passwd_min_length' => 'int32', 'passwd_check_rules' => 'array', 'mfa_status' => 'in '.MFA_DISABLED.','.MFA_ENABLED, 'mfa_methods' => 'array', 'mfa_default_row_index' => 'int32', 'mfa_removed_mfaids' => 'array_id' ]; if ($ALLOW_HTTP_AUTH) { $fields += [ 'http_auth_enabled' => 'in '.ZBX_AUTH_HTTP_DISABLED.','.ZBX_AUTH_HTTP_ENABLED, 'http_login_form' => 'in '.ZBX_AUTH_FORM_ZABBIX.','.ZBX_AUTH_FORM_HTTP, 'http_strip_domains' => 'setting http_strip_domains', 'http_case_sensitive' => 'in '.ZBX_AUTH_CASE_INSENSITIVE.','.ZBX_AUTH_CASE_SENSITIVE ]; } $ret = $this->validateInput($fields); if ($ret) { $ret = $this->validateLdap() && $this->validateSamlAuth() && $this->validateMfa();