diff --git a/config.php.default b/config.php.default
index 4f9f2b94c..ca47e97b7 100755
--- a/config.php.default
+++ b/config.php.default
@@ -18,6 +18,15 @@ $config['community'] = "public";
$config['base_url'] = "http://observer2.as8681.net";
+### Authentication model
+$config['auth_mechanism'] = "mysql"; # default, other options: ldap
+
+# LDAP module configuration
+$config['auth_ldap_server'] = "ldap.yourserver.com";
+$config['auth_ldap_port'] = 389;
+$config['auth_ldap_suffix'] = ",ou=People,dc=example,dc=com";
+$config['auth_ldap_prefix'] = "uid=";
+
### Location of executables
$config['rrdtool'] = "/usr/bin/rrdtool";
diff --git a/html/includes/authenticate.inc b/html/includes/authenticate.inc
index 8bc4e0615..d1fc4354d 100644
--- a/html/includes/authenticate.inc
+++ b/html/includes/authenticate.inc
@@ -26,12 +26,39 @@ if($_COOKIE['username'] && $_COOKIE['password']){
$_SESSION['password'] = mres($_COOKIE['password']);
}
+$auth_success = 0;
-$encrypted = md5($_SESSION['password']);
-$sql = "SELECT * FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'";
-$query = mysql_query($sql);
-$row = @mysql_fetch_array($query);
-if($row['username'] && $row['username'] == $_SESSION['username']) {
+if ($config['auth_mechanism'] == "mysql")
+{
+ $encrypted = md5($_SESSION['password']);
+ $sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'";
+ $query = mysql_query($sql);
+ $row = @mysql_fetch_array($query);
+ if($row['username'] && $row['username'] == $_SESSION['username']) {
+ $auth_success = 1;
+ }
+}
+else if ($config['auth_mechanism'] == "ldap")
+{
+ $ds=@ldap_connect($config['auth_ldap_server'],$config['auth_ldap_port']);
+ if ($ds)
+ {
+ if (ldap_bind($ds, $config['auth_ldap_prefix'] . $_SESSION['username'] . $config['auth_ldap_suffix'], $_SESSION['password']))
+ {
+ $auth_success = 1;
+ }
+ }
+}
+else
+{
+ echo "ERROR: no valid auth_mechanism defined.";
+ exit();
+}
+
+if ($auth_success) {
+ $sql = "SELECT * FROM `users` WHERE `username`='".$_SESSION['username']."'";
+ $query = mysql_query($sql);
+ $row = @mysql_fetch_array($query);
$_SESSION['userlevel'] = $row['level'];
$_SESSION['user_id'] = $row['user_id'];
if(!$_SESSION['authenticated']) {
@@ -39,11 +66,12 @@ if($row['username'] && $row['username'] == $_SESSION['username']) {
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'logged in')");
header("Location: ".$_SERVER['REQUEST_URI']);
}
- if(isset($_POST['remember'])){
+ if(isset($_POST['remember'])) {
setcookie("username", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("password", $_SESSION['password'], time()+60*60*24*100, "/");
}
-} elseif ($_SESSION['username']) {
+}
+elseif ($_SESSION['username']) {
$auth_message = "Authentication Failed";
unset ($_SESSION['authenticated']);
mysql_query("INSERT INTO authlog (`user`,`address`,`result`) VALUES ('".$_SESSION['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'authentication failure')");
diff --git a/html/includes/print-menubar.php b/html/includes/print-menubar.php
index cf1e866f4..912f92f41 100644
--- a/html/includes/print-menubar.php
+++ b/html/includes/print-menubar.php
@@ -36,13 +36,6 @@
} ?>
Inventory
-= '10') {
- echo("
-
-
Authlog");
-}
-?>
@@ -204,7 +197,9 @@ echo("
Add User
Remove User
-
Edit User");
+
Edit User
+
+
Authlog");
} ?>
diff --git a/html/pages/front/default.php b/html/pages/front/default.php
index bce44fdb2..f3471ebae 100644
--- a/html/pages/front/default.php
+++ b/html/pages/front/default.php
@@ -22,7 +22,11 @@ function generate_front_box ($type, $content) {
echo("");
+if($_SESSION['userlevel'] == '10') {
$sql = mysql_query("SELECT * FROM `devices` WHERE `status` = '0' AND `ignore` = '0'");
+} else {
+$sql = mysql_query("SELECT * FROM `devices` AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . $_SESSION['user_id'] . "' AND D.status = '0' AND D.ignore = '0'");
+}
while($device = mysql_fetch_array($sql)){
generate_front_box("alert", "
".generatedevicelink($device, shorthost($device['hostname']))."
@@ -33,9 +37,12 @@ while($device = mysql_fetch_array($sql)){
}
+if($_SESSION['userlevel'] == '10') {
$sql = mysql_query("SELECT * FROM `interfaces` AS I, `devices` AS D WHERE I.device_id = D.device_id AND ifOperStatus = 'down' AND ifAdminStatus = 'up' AND D.ignore = '0' AND I.ignore = '0'");
+} else {
+$sql = mysql_query("SELECT * FROM `interfaces` AS I, `devices` AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . $_SESSION['user_id'] . "' AND I.device_id = D.device_id AND ifOperStatus = 'down' AND ifAdminStatus = 'up' AND D.ignore = '0' AND I.ignore = '0'");
+}
while($interface = mysql_fetch_array($sql)){
-
generate_front_box("warn", "".generatedevicelink($interface, shorthost($interface['hostname']))."
Port Down
@@ -45,10 +52,9 @@ while($interface = mysql_fetch_array($sql)){
}
+/* FIXME service permissions? seem nonexisting now.. */
$sql = mysql_query("SELECT * FROM `services` AS S, `devices` AS D WHERE S.service_host = D.device_id AND service_status = 'down' AND D.ignore = '0' AND S.service_ignore = '0'");
while($service = mysql_fetch_array($sql)){
-
-
generate_front_box("alert", "".generatedevicelink($service, shorthost($service['hostname']))."
Service Down
".$service['service_type']."
@@ -57,7 +63,11 @@ while($service = mysql_fetch_array($sql)){
}
-$sql = mysql_query("SELECT * FROM `devices` AS D, bgpPeers AS B WHERE bgpPeerState != 'established' AND B.device_id = D.device_id");
+if($_SESSION['userlevel'] == '10') {
+$sql = mysql_query("SELECT * FROM `devices` AS D, bgpPeers AS B WHERE bgpPeerState != 'established' AND B.device_id = D.device_id AND D.ignore = 0");
+} else {
+$sql = mysql_query("SELECT * FROM `devices` AS D, bgpPeers AS B, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . $_SESSION['user_id'] . "' AND bgpPeerState != 'established' AND B.device_id = D.device_id AND D.ignore = 0");
+}
while($peer = mysql_fetch_array($sql)){
generate_front_box("alert", "".generatedevicelink($peer, shorthost($peer['hostname']))."
@@ -68,7 +78,11 @@ while($peer = mysql_fetch_array($sql)){
}
-$sql = mysql_query("SELECT * FROM `devices` WHERE status = '1' AND `uptime` < '84600'");
+if($_SESSION['userlevel'] == '10') {
+$sql = mysql_query("SELECT * FROM `devices` AS D WHERE D.status = '1' AND D.uptime < '84600' AND D.ignore = 0");
+} else {
+$sql = mysql_query("SELECT * FROM `devices` AS D, devices_perms AS P WHERE D.device_id = P.device_id AND P.user_id = '" . $_SESSION['user_id'] . "' AND D.status = '1' AND D.uptime < '84600' AND D.ignore = 0");
+}
while($device = mysql_fetch_array($sql)){
generate_front_box("info", "".generatedevicelink($device, shorthost($device['hostname']))."
Device
Rebooted
diff --git a/includes/discovery/bgp-peers.php b/includes/discovery/bgp-peers.php
index c8daa67b4..d959f4565 100755
--- a/includes/discovery/bgp-peers.php
+++ b/includes/discovery/bgp-peers.php
@@ -1,6 +1,6 @@