From 737f27f78203cc849cb80a3006abef5c9e2801e9 Mon Sep 17 00:00:00 2001 From: Daniel Maya Date: Tue, 20 Sep 2022 11:37:07 +0200 Subject: [PATCH 1/3] #9143 Added license_encryption_key --- pandora_console/godmode/setup/license.php | 45 +++++++++++++++++++++-- pandora_console/include/functions_api.php | 5 +++ 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/pandora_console/godmode/setup/license.php b/pandora_console/godmode/setup/license.php index cd7a8db4cd..73e049b6eb 100644 --- a/pandora_console/godmode/setup/license.php +++ b/pandora_console/godmode/setup/license.php @@ -59,6 +59,8 @@ if (is_metaconsole()) { enterprise_include_once('include/functions_license.php'); } +enterprise_include_once('include/functions_crypto.php'); + if ($renew_license_result !== null) { echo $renew_license_result; } @@ -74,8 +76,32 @@ if ($update_settings) { ); } + $customer_key = $_POST['keys']['customer_key']; + + $license_encryption_key = get_parameter('license_encryption_key', false); + if ($license_encryption_key !== false) { + $check = db_get_value_sql('SELECT `key` FROM tupdate_settings WHERE `key` LIKE "license_encryption_key"'); + if ($check === false) { + db_process_sql_insert( + 'tupdate_settings', + [ + db_escape_key_identifier('value') => $license_encryption_key, + db_escape_key_identifier('key') => 'license_encryption_key', + ] + ); + } else { + db_process_sql_update( + 'tupdate_settings', + [db_escape_key_identifier('value') => $license_encryption_key], + [db_escape_key_identifier('key') => 'license_encryption_key'] + ); + } + + $customer_key = openssl_blowfish_encrypt_hex($customer_key, io_safe_output($license_encryption_key)); + } + // Update the license file. - $result = file_put_contents($config['remote_config'].'/'.LICENSE_FILE, $_POST['keys']['customer_key']); + $result = file_put_contents($config['remote_config'].'/'.LICENSE_FILE, $customer_key); if ($result === false) { ui_print_error_message(__('Failed to Update license file')); } @@ -153,8 +179,21 @@ $table->data[7][1] = html_print_input_text('expires', ($license['nms'] == 1 ? __ $table->data[8][0] = ''.__('Satellite').''; $table->data[8][1] = html_print_input_text('expires', ($license['dhpm'] == 1 ? __('enabled') : __('disabled')), '', 10, 255, true, true); -$table->data[9][0] = ''.__('Licensed to').''; -$table->data[9][1] = html_print_input_text('licensed_to', $license['licensed_to'], '', 64, 255, true, true); +if ($license['dhpm'] == 1) { + $table->data[9][0] = ''.__('License encryption key').''; + $table->data[9][1] = html_print_input_password( + 'license_encryption_key', + io_safe_output($settings->license_encryption_key), + '', + 10, + 255, + true, + false + ); +} + +$table->data[10][0] = ''.__('Licensed to').''; +$table->data[10][1] = html_print_input_text('licensed_to', $license['licensed_to'], '', 64, 255, true, true); html_print_table($table); diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index d711432ef9..b174dc8d57 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -14751,6 +14751,11 @@ function api_set_metaconsole_license_file($key) return; } + $license_encryption_key = db_get_value('value', 'tupdate_settings', '`key`', 'license_encryption_key'); + if ($license_encryption_key !== false) { + $key = openssl_blowfish_encrypt_hex($key, io_safe_output($license_encryption_key)); + } + // Update the license file. $result = file_put_contents($config['remote_config'].'/'.LICENSE_FILE, $key); if ($result === false) { From 197fa4c69a9df7bd8421a8bb1a4ad552431102cf Mon Sep 17 00:00:00 2001 From: Daniel Maya Date: Tue, 20 Sep 2022 15:16:56 +0200 Subject: [PATCH 2/3] #9143 Added help tip --- pandora_console/godmode/setup/license.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pandora_console/godmode/setup/license.php b/pandora_console/godmode/setup/license.php index 73e049b6eb..6dc3df0d10 100644 --- a/pandora_console/godmode/setup/license.php +++ b/pandora_console/godmode/setup/license.php @@ -180,7 +180,10 @@ $table->data[8][0] = ''.__('Satellite').''; $table->data[8][1] = html_print_input_text('expires', ($license['dhpm'] == 1 ? __('enabled') : __('disabled')), '', 10, 255, true, true); if ($license['dhpm'] == 1) { - $table->data[9][0] = ''.__('License encryption key').''; + $table->data[9][0] = ''.__('License encryption key').''.ui_print_help_tip( + __('This key is used to encrypt your Pandora FMS license when it is shared with other Pandora FMS components'), + true + ); $table->data[9][1] = html_print_input_password( 'license_encryption_key', io_safe_output($settings->license_encryption_key), From c650e7df6c9aff7a8a22b29172618268612bdad2 Mon Sep 17 00:00:00 2001 From: Daniel Maya Date: Thu, 29 Sep 2022 11:46:29 +0200 Subject: [PATCH 3/3] #9143 Fixed empty license encryption key --- pandora_console/godmode/setup/license.php | 36 +++++++++++------------ pandora_console/include/functions_api.php | 2 +- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/pandora_console/godmode/setup/license.php b/pandora_console/godmode/setup/license.php index 6dc3df0d10..9be97a8685 100644 --- a/pandora_console/godmode/setup/license.php +++ b/pandora_console/godmode/setup/license.php @@ -78,25 +78,25 @@ if ($update_settings) { $customer_key = $_POST['keys']['customer_key']; - $license_encryption_key = get_parameter('license_encryption_key', false); - if ($license_encryption_key !== false) { - $check = db_get_value_sql('SELECT `key` FROM tupdate_settings WHERE `key` LIKE "license_encryption_key"'); - if ($check === false) { - db_process_sql_insert( - 'tupdate_settings', - [ - db_escape_key_identifier('value') => $license_encryption_key, - db_escape_key_identifier('key') => 'license_encryption_key', - ] - ); - } else { - db_process_sql_update( - 'tupdate_settings', - [db_escape_key_identifier('value') => $license_encryption_key], - [db_escape_key_identifier('key') => 'license_encryption_key'] - ); - } + $license_encryption_key = get_parameter('license_encryption_key', ''); + $check = db_get_value_sql('SELECT `key` FROM tupdate_settings WHERE `key` LIKE "license_encryption_key"'); + if ($check === false) { + db_process_sql_insert( + 'tupdate_settings', + [ + db_escape_key_identifier('value') => $license_encryption_key, + db_escape_key_identifier('key') => 'license_encryption_key', + ] + ); + } else { + db_process_sql_update( + 'tupdate_settings', + [db_escape_key_identifier('value') => $license_encryption_key], + [db_escape_key_identifier('key') => 'license_encryption_key'] + ); + } + if (empty($license_encryption_key) === false) { $customer_key = openssl_blowfish_encrypt_hex($customer_key, io_safe_output($license_encryption_key)); } diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index b174dc8d57..b958ff2c0e 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -14752,7 +14752,7 @@ function api_set_metaconsole_license_file($key) } $license_encryption_key = db_get_value('value', 'tupdate_settings', '`key`', 'license_encryption_key'); - if ($license_encryption_key !== false) { + if (empty($license_encryption_key) === false) { $key = openssl_blowfish_encrypt_hex($key, io_safe_output($license_encryption_key)); }