tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 07:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/sensitive-custom-vars-6641'

Browse Source 
fixes #6641
This commit is contained in:
Alexander Klimov 2014-08-20 12:29:45 +02:00
commit bb65fb396a
9 changed files with 120 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.vagrant-puppet/files/etc/icingaweb/modules/monitoring/config.ini Normal file
View File

@ -0,0 +1,2 @@
[security]
protected_customvars = "*pw*,*pass*,community"

6
.vagrant-puppet/manifests/default.pp
View File

@ -735,6 +735,12 @@ file { '/etc/icingaweb/modules/monitoring/backends.ini':
group => 'apache', group => 'apache',
} }
file { '/etc/icingaweb/modules/monitoring/config.ini':
source => 'puppet:////vagrant/.vagrant-puppet/files/etc/icingaweb/modules/monitoring/config.ini',
owner => 'apache',
group => 'apache',
}
file { '/etc/icingaweb/modules/monitoring/instances.ini': file { '/etc/icingaweb/modules/monitoring/instances.ini':
source => 'puppet:////vagrant/.vagrant-puppet/files/etc/icingaweb/modules/monitoring/instances.ini', source => 'puppet:////vagrant/.vagrant-puppet/files/etc/icingaweb/modules/monitoring/instances.ini',
owner => 'apache', owner => 'apache',

2
config/modules/monitoring/config.ini Normal file
View File

@ -0,0 +1,2 @@
[security]
protected_customvars = "*pw*,*pass*,community"

24
modules/monitoring/application/controllers/ConfigController.php
View File

@ -14,6 +14,7 @@ use Icinga\Module\Monitoring\Form\Config\Backend\EditBackendForm;
use Icinga\Module\Monitoring\Form\Config\Backend\CreateBackendForm; use Icinga\Module\Monitoring\Form\Config\Backend\CreateBackendForm;
use Icinga\Module\Monitoring\Form\Config\Instance\EditInstanceForm; use Icinga\Module\Monitoring\Form\Config\Instance\EditInstanceForm;
use Icinga\Module\Monitoring\Form\Config\Instance\CreateInstanceForm; use Icinga\Module\Monitoring\Form\Config\Instance\CreateInstanceForm;
use Icinga\Module\Monitoring\Form\Config\SecurityForm;
use Icinga\Exception\NotReadableError; use Icinga\Exception\NotReadableError;
@ -216,7 +217,7 @@ class Monitoring_ConfigController extends ModuleActionController
/** /**
* Display a form to remove the instance identified by the 'instance' parameter * Display a form to remove the instance identified by the 'instance' parameter
*/ */
private function writeConfiguration($config, $file) private function writeConfiguration($config, $file = null)
{ {
$target = $this->Config($file)->getConfigFile(); $target = $this->Config($file)->getConfigFile();
$writer = new PreservingIniWriter(array('filename' => $target, 'config' => $config)); $writer = new PreservingIniWriter(array('filename' => $target, 'config' => $config));
@ -258,4 +259,25 @@ class Monitoring_ConfigController extends ModuleActionController
$instanceCfg = $this->Config('instances'); $instanceCfg = $this->Config('instances');
return $instanceCfg && $instanceCfg->get($instance); return $instanceCfg && $instanceCfg->get($instance);
} }
public function securityAction()
{
$this->view->tabs = $this->Module()->getConfigTabs()->activate('security');
$form = new SecurityForm();
$form->setConfiguration($this->Config()->get('security'));
$form->setRequest($this->getRequest());
if ($form->isSubmittedAndValid()) {
$config = $this->Config()->toArray();
$config['security'] = $form->getConfig();
if ($this->writeConfiguration(new Zend_Config($config))) {
Notification::success('Configuration modified successfully');
$this->redirectNow('monitoring/config/security');
} else {
$this->render('show-configuration');
return;
}
}
$this->view->form = $form;
}
} }

59
modules/monitoring/application/forms/Config/SecurityForm.php Normal file
View File

@ -0,0 +1,59 @@
<?php
// {{{ICINGA_LICENSE_HEADER}}}
// {{{ICINGA_LICENSE_HEADER}}}
namespace Icinga\Module\Monitoring\Form\Config;
use Zend_Config;
use Icinga\Web\Form;
class SecurityForm extends Form
{
/**
* The configuration to use for populating the form
*/
protected $config;
/**
* Create this form
*
* @see Icinga\Web\Form::create
*/
public function create()
{
$this->addElement(
'text',
'protected_customvars',
array(
'label' => 'Protected Custom Variables',
'required' => true,
'value' => $this->config->protected_customvars,
'helptext' => 'Comma separated case insensitive list of protected custom variables.'
. ' Use * as a placeholder for zero or more wildcard characters.'
. ' Existance of those custom variables will be shown, but their values will be masked.'
)
);
$this->setSubmitLabel('Save');
}
/**
* Set the configuration to be used for initial population of the form
*/
public function setConfiguration($config)
{
$this->config = $config;
}
/**
* Return the configuration set by this form
*
* @return Zend_Config The configuration set in this form
*/
public function getConfig()
{
$values = $this->getValues();
return new Zend_Config(array(
'protected_customvars' => $values['protected_customvars']
));
}
}

6
modules/monitoring/application/views/scripts/config/security.phtml Normal file
View File

@ -0,0 +1,6 @@
<div class="controls">
<?= $this->tabs ?>
</div>
<div class="content">
<?= $this->form ?>
</div>

8
modules/monitoring/application/views/scripts/show/components/customvars.phtml
View File

@ -1,16 +1,8 @@
<?php <?php
if (! $object->customvars) { return; }
foreach ($object->customvars as $name => $value) { foreach ($object->customvars as $name => $value) {
$name = ucwords(str_replace('_', ' ', strtolower($name)));
if (preg_match('~(?:pw|pass|community)~', strtolower($name))) {
$value = '***';
}
printf( printf(
"<tr><th>%s</th><td>%s</td></tr>\n", "<tr><th>%s</th><td>%s</td></tr>\n",
$this->escape($name), $this->escape($name),
$this->escape($value) $this->escape($value)
); );
} }

5
modules/monitoring/configuration.php
View File

@ -12,4 +12,7 @@ $this->provideConfigTab('backends', array(
'title' => 'Backends', 'title' => 'Backends',
'url' => 'config' 'url' => 'config'
)); ));
$this->provideConfigTab('security', array(
'title' => 'Security',
'url' => 'config/security'
));

18
modules/monitoring/library/Monitoring/Object/AbstractObject.php
View File

@ -20,6 +20,7 @@ use Icinga\Module\Monitoring\DataView\Comment;
use Icinga\Module\Monitoring\DataView\Servicegroup; use Icinga\Module\Monitoring\DataView\Servicegroup;
use Icinga\Module\Monitoring\DataView\Customvar; use Icinga\Module\Monitoring\DataView\Customvar;
use Icinga\Web\UrlParams; use Icinga\Web\UrlParams;
use Icinga\Application\Config;
abstract class AbstractObject abstract class AbstractObject
@ -120,6 +121,17 @@ abstract class AbstractObject
public function fetchCustomvars() public function fetchCustomvars()
{ {
$monitoringSecurity = Config::module('monitoring')->get('security')->toArray();
$customvars = array();
foreach (explode(',', $monitoringSecurity['protected_customvars']) as $customvar) {
$nonWildcards = array();
foreach (explode('*', $customvar) as $nonWildcard) {
$nonWildcards[] = preg_quote($nonWildcard, '/');
}
$customvars[] = implode('.*', $nonWildcards);
}
$customvars = '/^(' . implode('|', $customvars) . ')$/i';
$query = Customvar::fromParams(array('backend' => null), array( $query = Customvar::fromParams(array('backend' => null), array(
'varname', 'varname',
'varvalue' 'varvalue'
@ -136,6 +148,12 @@ abstract class AbstractObject
} }
$this->customvars = $query->getQuery()->fetchPairs(); $this->customvars = $query->getQuery()->fetchPairs();
foreach ($this->customvars as $name => &$value) {
if (preg_match($customvars, ucwords(str_replace('_', ' ', strtolower($name))))) {
$value = '***';
}
}
return $this; return $this;
} }