diff --git a/frontends/php/disc_prototypes.php b/frontends/php/disc_prototypes.php index 3f566c8815..139b38e877 100644 --- a/frontends/php/disc_prototypes.php +++ b/frontends/php/disc_prototypes.php @@ -208,19 +208,25 @@ $fields = [ null ], 'http_authtype' => [T_ZBX_INT, O_OPT, null, - IN([HTTPTEST_AUTH_NONE, HTTPTEST_AUTH_BASIC, HTTPTEST_AUTH_NTLM]), + IN([HTTPTEST_AUTH_NONE, HTTPTEST_AUTH_BASIC, HTTPTEST_AUTH_NTLM, + HTTPTEST_AUTH_KERBEROS + ]), null ], 'http_username' => [T_ZBX_STR, O_OPT, null, null, '(isset({add}) || isset({update})) && isset({http_authtype})'. ' && ({http_authtype} == '.HTTPTEST_AUTH_BASIC. - ' || {http_authtype} == '.HTTPTEST_AUTH_NTLM.')', + ' || {http_authtype} == '.HTTPTEST_AUTH_NTLM. + ' || {http_authtype} == '.HTTPTEST_AUTH_KERBEROS. + ')', _('Username') ], 'http_password' => [T_ZBX_STR, O_OPT, null, null, '(isset({add}) || isset({update})) && isset({http_authtype})'. ' && ({http_authtype} == '.HTTPTEST_AUTH_BASIC. - ' || {http_authtype} == '.HTTPTEST_AUTH_NTLM.')', + ' || {http_authtype} == '.HTTPTEST_AUTH_NTLM. + ' || {http_authtype} == '.HTTPTEST_AUTH_KERBEROS. + ')', _('Password') ], // actions diff --git a/frontends/php/host_discovery.php b/frontends/php/host_discovery.php index 51a22b98df..f67d1bb27d 100644 --- a/frontends/php/host_discovery.php +++ b/frontends/php/host_discovery.php @@ -191,19 +191,23 @@ $fields = [ null ], 'http_authtype' => [T_ZBX_INT, O_OPT, null, - IN([HTTPTEST_AUTH_NONE, HTTPTEST_AUTH_BASIC, HTTPTEST_AUTH_NTLM]), + IN([HTTPTEST_AUTH_NONE, HTTPTEST_AUTH_BASIC, HTTPTEST_AUTH_NTLM, + HTTPTEST_AUTH_KERBEROS + ]), null ], 'http_username' => [T_ZBX_STR, O_OPT, null, null, '(isset({add}) || isset({update})) && isset({http_authtype})'. ' && ({http_authtype} == '.HTTPTEST_AUTH_BASIC. - ' || {http_authtype} == '.HTTPTEST_AUTH_NTLM.')', + ' || {http_authtype} == '.HTTPTEST_AUTH_NTLM. + ' || {http_authtype} == '.HTTPTEST_AUTH_KERBEROS.')', _('Username') ], 'http_password' => [T_ZBX_STR, O_OPT, null, null, '(isset({add}) || isset({update})) && isset({http_authtype})'. ' && ({http_authtype} == '.HTTPTEST_AUTH_BASIC. - ' || {http_authtype} == '.HTTPTEST_AUTH_NTLM.')', + ' || {http_authtype} == '.HTTPTEST_AUTH_NTLM. + ' || {http_authtype} == '.HTTPTEST_AUTH_KERBEROS.')', _('Password') ], // actions diff --git a/frontends/php/httpconf.php b/frontends/php/httpconf.php index 00bfdf8771..152134ee7a 100644 --- a/frontends/php/httpconf.php +++ b/frontends/php/httpconf.php @@ -51,16 +51,16 @@ $fields = [ ], 'pairs' => [T_ZBX_STR, O_OPT, P_NO_TRIM, null, null], 'steps' => [T_ZBX_STR, O_OPT, P_NO_TRIM, null, 'isset({add}) || isset({update})', _('Steps')], - 'authentication' => [T_ZBX_INT, O_OPT, null, IN('0,1,2'), 'isset({add}) || isset({update})'], + 'authentication' => [T_ZBX_INT, O_OPT, null, IN('0,1,2,3'), 'isset({add}) || isset({update})'], 'http_user' => [T_ZBX_STR, O_OPT, null, null, '(isset({add}) || isset({update})) && isset({authentication}) && ({authentication}=='.HTTPTEST_AUTH_BASIC. - ' || {authentication}=='.HTTPTEST_AUTH_NTLM. + ' || {authentication}=='.HTTPTEST_AUTH_NTLM.' || {authentication}=='.HTTPTEST_AUTH_KERBEROS. ')', _('User') ], 'http_password' => [T_ZBX_STR, O_OPT, P_NO_TRIM, null, '(isset({add}) || isset({update})) && isset({authentication}) && ({authentication}=='.HTTPTEST_AUTH_BASIC. - ' || {authentication}=='.HTTPTEST_AUTH_NTLM. + ' || {authentication}=='.HTTPTEST_AUTH_NTLM.' || {authentication}=='.HTTPTEST_AUTH_KERBEROS. ')', _('Password') ], diff --git a/frontends/php/include/classes/api/services/CHttpTest.php b/frontends/php/include/classes/api/services/CHttpTest.php index 7191fb5143..2ea1a1cff9 100644 --- a/frontends/php/include/classes/api/services/CHttpTest.php +++ b/frontends/php/include/classes/api/services/CHttpTest.php @@ -287,7 +287,7 @@ class CHttpTest extends CApiService { 'value' => ['type' => API_STRING_UTF8, 'flags' => API_REQUIRED | API_NOT_EMPTY, 'length' => DB::getFieldLength('httptest_field', 'value')] ]], 'status' => ['type' => API_INT32, 'in' => implode(',', [HTTPTEST_STATUS_ACTIVE, HTTPTEST_STATUS_DISABLED])], - 'authentication' => ['type' => API_INT32, 'in' => implode(',', [HTTPTEST_AUTH_NONE, HTTPTEST_AUTH_BASIC, HTTPTEST_AUTH_NTLM])], + 'authentication' => ['type' => API_INT32, 'in' => implode(',', [HTTPTEST_AUTH_NONE, HTTPTEST_AUTH_BASIC, HTTPTEST_AUTH_NTLM, HTTPTEST_AUTH_KERBEROS])], 'http_user' => ['type' => API_STRING_UTF8, 'length' => DB::getFieldLength('httptest', 'http_user')], 'http_password' => ['type' => API_STRING_UTF8, 'length' => DB::getFieldLength('httptest', 'http_password')], 'verify_peer' => ['type' => API_INT32, 'in' => implode(',', [HTTPTEST_VERIFY_PEER_OFF, HTTPTEST_VERIFY_PEER_ON])], @@ -382,7 +382,7 @@ class CHttpTest extends CApiService { 'value' => ['type' => API_STRING_UTF8, 'flags' => API_REQUIRED | API_NOT_EMPTY, 'length' => DB::getFieldLength('httptest_field', 'value')] ]], 'status' => ['type' => API_INT32, 'in' => implode(',', [HTTPTEST_STATUS_ACTIVE, HTTPTEST_STATUS_DISABLED])], - 'authentication' => ['type' => API_INT32, 'in' => implode(',', [HTTPTEST_AUTH_NONE, HTTPTEST_AUTH_BASIC, HTTPTEST_AUTH_NTLM])], + 'authentication' => ['type' => API_INT32, 'in' => implode(',', [HTTPTEST_AUTH_NONE, HTTPTEST_AUTH_BASIC, HTTPTEST_AUTH_NTLM, HTTPTEST_AUTH_KERBEROS])], 'http_user' => ['type' => API_STRING_UTF8, 'length' => DB::getFieldLength('httptest', 'http_user')], 'http_password' => ['type' => API_STRING_UTF8, 'length' => DB::getFieldLength('httptest', 'http_password')], 'verify_peer' => ['type' => API_INT32, 'in' => implode(',', [HTTPTEST_VERIFY_PEER_OFF, HTTPTEST_VERIFY_PEER_ON])], diff --git a/frontends/php/include/classes/api/services/CItemGeneral.php b/frontends/php/include/classes/api/services/CItemGeneral.php index 3d6b7d0606..f080af1442 100644 --- a/frontends/php/include/classes/api/services/CItemGeneral.php +++ b/frontends/php/include/classes/api/services/CItemGeneral.php @@ -1862,14 +1862,17 @@ abstract class CItemGeneral extends CApiService { ], 'authtype' => [ 'type' => API_INT32, - 'in' => implode(',', [HTTPTEST_AUTH_NONE, HTTPTEST_AUTH_BASIC, HTTPTEST_AUTH_NTLM]) + 'in' => implode(',', [ + HTTPTEST_AUTH_NONE, HTTPTEST_AUTH_BASIC, HTTPTEST_AUTH_NTLM, HTTPTEST_AUTH_KERBEROS + ]) ] ]; $data = $item + $db_item; if (array_key_exists('authtype', $data) - && ($data['authtype'] == HTTPTEST_AUTH_BASIC || $data['authtype'] == HTTPTEST_AUTH_NTLM)) { + && ($data['authtype'] == HTTPTEST_AUTH_BASIC || $data['authtype'] == HTTPTEST_AUTH_NTLM + || $data['authtype'] == HTTPTEST_AUTH_KERBEROS)) { $rules += [ 'username' => [ 'type' => API_STRING_UTF8, 'length' => DB::getFieldLength('items', 'username')], 'password' => [ 'type' => API_STRING_UTF8, 'length' => DB::getFieldLength('items', 'password')] diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php index 8c609d8c17..e1cec9cb05 100644 --- a/frontends/php/include/defines.inc.php +++ b/frontends/php/include/defines.inc.php @@ -848,9 +848,10 @@ define('PARAM_TYPE_COUNTS', 1); define('ZBX_DEFAULT_AGENT', 'Zabbix'); define('ZBX_AGENT_OTHER', -1); -define('HTTPTEST_AUTH_NONE', 0); -define('HTTPTEST_AUTH_BASIC', 1); -define('HTTPTEST_AUTH_NTLM', 2); +define('HTTPTEST_AUTH_NONE', 0); +define('HTTPTEST_AUTH_BASIC', 1); +define('HTTPTEST_AUTH_NTLM', 2); +define('HTTPTEST_AUTH_KERBEROS', 3); define('HTTPTEST_STATUS_ACTIVE', 0); define('HTTPTEST_STATUS_DISABLED', 1); diff --git a/frontends/php/include/httptest.inc.php b/frontends/php/include/httptest.inc.php index 3a42587278..508c9fabe5 100644 --- a/frontends/php/include/httptest.inc.php +++ b/frontends/php/include/httptest.inc.php @@ -26,7 +26,8 @@ function httptest_authentications($type = null) { $authentication_types = [ HTTPTEST_AUTH_NONE => _('None'), HTTPTEST_AUTH_BASIC => _('Basic'), - HTTPTEST_AUTH_NTLM => _('NTLM') + HTTPTEST_AUTH_NTLM => _('NTLM'), + HTTPTEST_AUTH_KERBEROS => _('Kerberos') ]; if (is_null($type)) { diff --git a/frontends/php/include/views/configuration.host.discovery.edit.php b/frontends/php/include/views/configuration.host.discovery.edit.php index 70bbe2144d..e808ebad6d 100644 --- a/frontends/php/include/views/configuration.host.discovery.edit.php +++ b/frontends/php/include/views/configuration.host.discovery.edit.php @@ -283,7 +283,8 @@ $itemFormList->addRow( (new CComboBox($data['limited'] ? '' : 'http_authtype', $data['http_authtype'], null, [ HTTPTEST_AUTH_NONE => _('None'), HTTPTEST_AUTH_BASIC => _('Basic'), - HTTPTEST_AUTH_NTLM => _('NTLM') + HTTPTEST_AUTH_NTLM => _('NTLM'), + HTTPTEST_AUTH_KERBEROS => _('Kerberos') ]))->setEnabled(!$data['limited']) ], 'http_authtype_row' diff --git a/frontends/php/include/views/configuration.item.edit.php b/frontends/php/include/views/configuration.item.edit.php index 396d821575..c88caa08bd 100644 --- a/frontends/php/include/views/configuration.item.edit.php +++ b/frontends/php/include/views/configuration.item.edit.php @@ -324,7 +324,8 @@ $itemFormList->addRow( (new CComboBox($readonly ? '' : 'http_authtype', $data['http_authtype'], null, [ HTTPTEST_AUTH_NONE => _('None'), HTTPTEST_AUTH_BASIC => _('Basic'), - HTTPTEST_AUTH_NTLM => _('NTLM') + HTTPTEST_AUTH_NTLM => _('NTLM'), + HTTPTEST_AUTH_KERBEROS => _('Kerberos') ]))->setEnabled(!$readonly) ], 'http_authtype_row' diff --git a/frontends/php/include/views/configuration.item.prototype.edit.php b/frontends/php/include/views/configuration.item.prototype.edit.php index 65a2986dd8..bcd0530aba 100644 --- a/frontends/php/include/views/configuration.item.prototype.edit.php +++ b/frontends/php/include/views/configuration.item.prototype.edit.php @@ -312,7 +312,8 @@ $itemFormList->addRow( (new CComboBox($readonly ? '' : 'http_authtype', $data['http_authtype'], null, [ HTTPTEST_AUTH_NONE => _('None'), HTTPTEST_AUTH_BASIC => _('Basic'), - HTTPTEST_AUTH_NTLM => _('NTLM') + HTTPTEST_AUTH_NTLM => _('NTLM'), + HTTPTEST_AUTH_KERBEROS => _('Kerberos') ]))->setEnabled(!$readonly) ], 'http_authtype_row' diff --git a/frontends/php/include/views/js/common.item.edit.js.php b/frontends/php/include/views/js/common.item.edit.js.php index cc3d14b015..134ebeb374 100644 --- a/frontends/php/include/views/js/common.item.edit.js.php +++ b/frontends/php/include/views/js/common.item.edit.js.php @@ -401,7 +401,8 @@ zbx_subarray_push($this->data['authTypeVisibility'], ITEM_AUTHTYPE_PUBLICKEY, 'r if (jQuery('#http_authtype').length) { new CViewSwitcher('http_authtype', 'change', ['http_username_row', 'http_password_row'], - HTTPTEST_AUTH_NTLM => ['http_username_row', 'http_password_row'] + HTTPTEST_AUTH_NTLM => ['http_username_row', 'http_password_row'], + HTTPTEST_AUTH_KERBEROS => ['http_username_row', 'http_password_row'] ], true) ?>); } [T_ZBX_INT, O_OPT, null, - IN([HTTPTEST_AUTH_NONE, HTTPTEST_AUTH_BASIC, HTTPTEST_AUTH_NTLM]), + IN([HTTPTEST_AUTH_NONE, HTTPTEST_AUTH_BASIC, HTTPTEST_AUTH_NTLM, + HTTPTEST_AUTH_KERBEROS + ]), null ], 'http_username' => [T_ZBX_STR, O_OPT, null, null, '(isset({add}) || isset({update})) && isset({http_authtype})'. ' && ({http_authtype} == '.HTTPTEST_AUTH_BASIC. - ' || {http_authtype} == '.HTTPTEST_AUTH_NTLM.')', + ' || {http_authtype} == '.HTTPTEST_AUTH_NTLM. + ' || {http_authtype} == '.HTTPTEST_AUTH_KERBEROS.')', _('Username') ], 'http_password' => [T_ZBX_STR, O_OPT, null, null, '(isset({add}) || isset({update})) && isset({http_authtype})'. ' && ({http_authtype} == '.HTTPTEST_AUTH_BASIC. - ' || {http_authtype} == '.HTTPTEST_AUTH_NTLM.')', + ' || {http_authtype} == '.HTTPTEST_AUTH_NTLM. + ' || {http_authtype} == '.HTTPTEST_AUTH_KERBEROS.')', _('Password') ], // actions diff --git a/include/common.h b/include/common.h index 90dce1c133..d3ed05a60a 100644 --- a/include/common.h +++ b/include/common.h @@ -897,7 +897,8 @@ typedef enum { HTTPTEST_AUTH_NONE = 0, HTTPTEST_AUTH_BASIC, - HTTPTEST_AUTH_NTLM + HTTPTEST_AUTH_NTLM, + HTTPTEST_AUTH_NEGOTIATE } zbx_httptest_auth_t; diff --git a/src/libs/zbxhttp/http.c b/src/libs/zbxhttp/http.c index 8a6637ca04..e591032515 100644 --- a/src/libs/zbxhttp/http.c +++ b/src/libs/zbxhttp/http.c @@ -150,6 +150,15 @@ int zbx_http_prepare_auth(CURL *easyhandle, unsigned char authtype, const char * case HTTPTEST_AUTH_NTLM: curlauth = CURLAUTH_NTLM; break; + case HTTPTEST_AUTH_NEGOTIATE: +#if LIBCURL_VERSION_NUM >= 0x072600 + curlauth = CURLAUTH_NEGOTIATE; + break; +#else + *error = zbx_strdup(*error, "Cannot set HTTP server authentication method to" + " negotiate: cURL library support >= 7.38.0 is required"); + return FAIL; +#endif default: THIS_SHOULD_NEVER_HAPPEN; break;