Merge branch 'develop' into feature/password-encryption
This commit is contained in:
Ramon Novoa
commit
4e4eb4df87
|
|
@ -33,7 +33,7 @@ if (isset ($_GET["loginhash"])) {
|
|||
$loginhash_user = str_rot13(get_parameter("loginhash_user", ""));
|
||||
|
||||
if ($config["loginhash_pwd"] != ""
|
||||
&& $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
|
||||
&& $loginhash_data == md5($loginhash_user.io_output_password($config["loginhash_pwd"]))) {
|
||||
db_logon ($loginhash_user, $_SERVER['REMOTE_ADDR']);
|
||||
$_SESSION['id_usuario'] = $loginhash_user;
|
||||
$config["id_user"] = $loginhash_user;
|
||||
|
|
|
|||
|
|
@ -899,11 +899,11 @@ if ($update_module || $create_module) {
|
|||
// New support for snmp v3
|
||||
$tcp_send = (string) get_parameter ('snmp_version');
|
||||
$plugin_user = (string) get_parameter ('snmp3_auth_user');
|
||||
$plugin_pass = (string) get_parameter ('snmp3_auth_pass');
|
||||
$plugin_pass = io_input_password((string) get_parameter ('snmp3_auth_pass'));
|
||||
$plugin_parameter = (string) get_parameter ('snmp3_auth_method');
|
||||
|
||||
$custom_string_1 = (string) get_parameter ('snmp3_privacy_method');
|
||||
$custom_string_2 = (string) get_parameter ('snmp3_privacy_pass');
|
||||
$custom_string_2 = io_input_password((string) get_parameter ('snmp3_privacy_pass'));
|
||||
$custom_string_3 = (string) get_parameter ('snmp3_security_level');
|
||||
}
|
||||
else {
|
||||
|
|
@ -911,11 +911,11 @@ if ($update_module || $create_module) {
|
|||
if (get_parameter('id_module_component_type') == 7)
|
||||
$plugin_pass = (int) get_parameter ('plugin_pass');
|
||||
else
|
||||
$plugin_pass = (string) get_parameter ('plugin_pass');
|
||||
$plugin_pass = io_input_password((string) get_parameter ('plugin_pass'));
|
||||
|
||||
$plugin_parameter = (string) get_parameter ('plugin_parameter');
|
||||
}
|
||||
|
||||
|
||||
$ip_target = (string) get_parameter ('ip_target');
|
||||
$custom_id = (string) get_parameter ('custom_id');
|
||||
$history_data = (int) get_parameter('history_data');
|
||||
|
|
|
|||
|
|
@ -31,7 +31,9 @@ if (is_ajax ()) {
|
|||
|
||||
$component['throw_unknown_events'] =
|
||||
!network_components_is_disable_type_event($id_component, EVENTS_GOING_UNKNOWN);
|
||||
|
||||
|
||||
// Decrypt passwords in the component.
|
||||
$component['plugin_pass'] = io_output_password($component['plugin_pass']);
|
||||
|
||||
echo io_json_mb_encode ($component);
|
||||
return;
|
||||
|
|
@ -144,7 +146,7 @@ require_once ("include/functions_exportserver.php");
|
|||
require_once($config['homedir'] . "/include/functions_modules.php");
|
||||
require_once($config['homedir'] . "/include/functions_agents.php");
|
||||
|
||||
// Using network component to fill some fields
|
||||
// Reading a module
|
||||
if ($id_agent_module) {
|
||||
$module = modules_get_agentmodule ($id_agent_module);
|
||||
$moduletype = $module['id_modulo'];
|
||||
|
|
@ -170,14 +172,14 @@ if ($id_agent_module) {
|
|||
// New support for snmp v3
|
||||
$snmp_version = $module['tcp_send'];
|
||||
$snmp3_auth_user = $module["plugin_user"];
|
||||
$snmp3_auth_pass = $module["plugin_pass"];
|
||||
$snmp3_auth_pass = io_output_password($module["plugin_pass"]);
|
||||
|
||||
// Auth method could be MD5 or SHA
|
||||
$snmp3_auth_method = $module["plugin_parameter"];
|
||||
|
||||
// Privacy method could be DES or AES
|
||||
$snmp3_privacy_method = $module["custom_string_1"];
|
||||
$snmp3_privacy_pass = $module["custom_string_2"];
|
||||
$snmp3_privacy_pass = io_output_password($module["custom_string_2"]);
|
||||
|
||||
// Security level Could be noAuthNoPriv | authNoPriv | authPriv
|
||||
$snmp3_security_level = $module["custom_string_3"];
|
||||
|
|
@ -186,7 +188,7 @@ if ($id_agent_module) {
|
|||
$disabled = $module['disabled'];
|
||||
$id_export = $module['id_export'];
|
||||
$plugin_user = $module['plugin_user'];
|
||||
$plugin_pass = $module['plugin_pass'];
|
||||
$plugin_pass = io_output_password($module['plugin_pass']);
|
||||
$plugin_parameter = $module['plugin_parameter'];
|
||||
$id_plugin = $module['id_plugin'];
|
||||
$post_process = $module['post_process'];
|
||||
|
|
|
|||
|
|
@ -946,18 +946,6 @@ function process_manage_edit ($module_name, $agents_select = null) {
|
|||
'each_ff', 'module_ff_interval', 'ff_timeout', 'max_timeout');
|
||||
$values = array ();
|
||||
|
||||
// Specific snmp reused fields
|
||||
if (get_parameter ('tcp_send', '') == 3) {
|
||||
$plugin_user_snmp = get_parameter ('plugin_user_snmp', '');
|
||||
if ($plugin_user_snmp != '') {
|
||||
$values['plugin_user'] = $plugin_user_snmp;
|
||||
}
|
||||
$plugin_pass_snmp = get_parameter ('plugin_pass_snmp', '');
|
||||
if ($plugin_pass_snmp != '') {
|
||||
$values['plugin_pass'] = $plugin_pass_snmp;
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($fields as $field) {
|
||||
$value = get_parameter ($field, '');
|
||||
|
||||
|
|
@ -967,6 +955,11 @@ function process_manage_edit ($module_name, $agents_select = null) {
|
|||
$values[$field] = $value;
|
||||
}
|
||||
break;
|
||||
case 'plugin_pass':
|
||||
if ($value != '') {
|
||||
$values['plugin_pass'] = io_input_password($value);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
if ($value != '') {
|
||||
$values[$field] = $value;
|
||||
|
|
@ -974,6 +967,22 @@ function process_manage_edit ($module_name, $agents_select = null) {
|
|||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Specific snmp reused fields
|
||||
if (get_parameter ('tcp_send', '') == 3) {
|
||||
$plugin_user_snmp = get_parameter ('plugin_user_snmp', '');
|
||||
if ($plugin_user_snmp != '') {
|
||||
$values['plugin_user'] = $plugin_user_snmp;
|
||||
}
|
||||
$plugin_pass_snmp = get_parameter ('plugin_pass_snmp', '');
|
||||
if ($plugin_pass_snmp != '') {
|
||||
$values['plugin_pass'] = io_input_password($plugin_pass_snmp);
|
||||
}
|
||||
$snmp3_privacy_pass = get_parameter ('custom_string_2', '');
|
||||
if ($snmp3_privacy_pass != '') {
|
||||
$values['custom_string_2'] = io_input_password($snmp3_privacy_pass);
|
||||
}
|
||||
}
|
||||
|
||||
$throw_unknown_events = get_parameter('throw_unknown_events', '');
|
||||
if ($throw_unknown_events !== '') {
|
||||
|
|
|
|||
|
|
@ -58,9 +58,8 @@ $id_module_group = (int) get_parameter ('id_module_group');
|
|||
$module_interval = (int) get_parameter ('module_interval');
|
||||
$id_group = (int) get_parameter ('id_group');
|
||||
$plugin_user = (string) get_parameter ('plugin_user');
|
||||
$plugin_pass = (string) get_parameter ('plugin_pass');
|
||||
$plugin_pass = io_input_password((string) get_parameter ('plugin_pass'));
|
||||
$plugin_parameter = (string) get_parameter ('plugin_parameter');
|
||||
|
||||
$macros = (string) get_parameter ('macros');
|
||||
|
||||
if (!empty($macros)) {
|
||||
|
|
@ -117,10 +116,10 @@ else {
|
|||
|
||||
$snmp_version = (string) get_parameter('snmp_version');
|
||||
$snmp3_auth_user = (string) get_parameter('snmp3_auth_user');
|
||||
$snmp3_auth_pass = (string) get_parameter('snmp3_auth_pass');
|
||||
$snmp3_auth_pass = io_input_password((string) get_parameter('snmp3_auth_pass'));
|
||||
$snmp3_auth_method = (string) get_parameter('snmp3_auth_method');
|
||||
$snmp3_privacy_method = (string) get_parameter('snmp3_privacy_method');
|
||||
$snmp3_privacy_pass = (string) get_parameter('snmp3_privacy_pass');
|
||||
$snmp3_privacy_pass = io_input_password((string) get_parameter('snmp3_privacy_pass'));
|
||||
$snmp3_security_level = (string) get_parameter('snmp3_security_level');
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -50,7 +50,11 @@ if (!empty($macros)) {
|
|||
if (!empty($m['help'])) {
|
||||
$data[0] .= ui_print_help_tip ($m['help'], true);
|
||||
}
|
||||
$data[1] = html_print_input_text($m['macro'], $m['value'], '', 15, 60, true);
|
||||
if ($m['hide'] == 1) {
|
||||
$data[1] = html_print_input_text($m['macro'], $m['value'], '', 15, 60, true);
|
||||
} else {
|
||||
$data[1] = html_print_input_text($m['macro'], io_output_password($m['value']), '', 15, 60, true);
|
||||
}
|
||||
$table->colspan['macro'.$m['macro']][1] = 3;
|
||||
$table->rowclass['macro'.$m['macro']] = 'macro_field';
|
||||
|
||||
|
|
|
|||
|
|
@ -361,6 +361,9 @@ if (($create != "") OR ($view != "")) {
|
|||
|
||||
if(isset($macros[$i]['hide'])) {
|
||||
$macro_hide_value_value = $macros[$i]['hide'];
|
||||
|
||||
// Decrypt hidden macros.
|
||||
$macro_value_value = io_output_password($macro_value_value);
|
||||
}
|
||||
|
||||
$datam = array ();
|
||||
|
|
@ -490,7 +493,11 @@ else {
|
|||
$macros[$i]['macro'] = $macro;
|
||||
$macros[$i]['desc'] = $desc;
|
||||
$macros[$i]['help'] = $help;
|
||||
$macros[$i]['value'] = $value;
|
||||
if ($hide == 1) {
|
||||
$macros[$i]['value'] = io_input_password($value);
|
||||
} else {
|
||||
$macros[$i]['value'] = $value;
|
||||
}
|
||||
$macros[$i]['hide'] = $hide;
|
||||
|
||||
$i++;
|
||||
|
|
@ -545,7 +552,11 @@ else {
|
|||
$macros[$i]['macro'] = $macro;
|
||||
$macros[$i]['desc'] = $desc;
|
||||
$macros[$i]['help'] = $help;
|
||||
$macros[$i]['value'] = $value;
|
||||
if ($hide == 1) {
|
||||
$macros[$i]['value'] = io_input_password($value);
|
||||
} else {
|
||||
$macros[$i]['value'] = $value;
|
||||
}
|
||||
$macros[$i]['hide'] = $hide;
|
||||
$i++;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ $table->data[1][0] = __('Remote config directory') .
|
|||
$table->data[1][1] = html_print_input_text ('remote_config', $config["remote_config"], '', 30, 100, true);
|
||||
|
||||
$table->data[6][0] = __('Auto login (hash) password');
|
||||
$table->data[6][1] = html_print_input_text ('loginhash_pwd', $config["loginhash_pwd"], '', 15, 15, true);
|
||||
$table->data[6][1] = html_print_input_text ('loginhash_pwd', io_output_password($config["loginhash_pwd"]), '', 15, 15, true);
|
||||
|
||||
$table->data[9][0] = __('Time source') . ui_print_help_icon ("timesource", true);
|
||||
$sources["system"] = __('System');
|
||||
|
|
@ -85,7 +85,7 @@ $table->data[15][1] = html_print_textarea('list_ACL_IPs_for_API', 2, 25, $list_A
|
|||
|
||||
$table->data[16][0] = __('API password') .
|
||||
ui_print_help_tip (__("Please be careful if you put a password put https access."), true);
|
||||
$table->data[16][1] = html_print_input_text('api_password', $config['api_password'], '', 25, 255, true);
|
||||
$table->data[16][1] = html_print_input_text('api_password', io_output_password($config['api_password']), '', 25, 255, true);
|
||||
|
||||
$table->data[17][0] = __('Enable GIS features in Pandora Console');
|
||||
$table->data[17][1] = __('Yes').' '.html_print_radio_button ('activate_gis', 1, '', $config["activate_gis"], true).' ';
|
||||
|
|
@ -97,7 +97,7 @@ $table->data[18][1] .= __('No').' '.html_print_radio_button ('i
|
|||
|
||||
if ($config["integria_enabled"]) {
|
||||
require_once('include/functions_incidents.php');
|
||||
$invent = incidents_call_api($config['integria_url']."/include/api.php?user=".$config['id_user']."&pass=".$config['integria_api_password']."&op=get_inventories");
|
||||
$invent = incidents_call_api($config['integria_url']."/include/api.php?user=".$config['id_user']."&pass=".io_output_password($config['integria_api_password'])."&op=get_inventories");
|
||||
$bad_input = false;
|
||||
// Wrong connection to api, bad password
|
||||
if (empty($invent)) {
|
||||
|
|
@ -138,7 +138,7 @@ if ($config["integria_enabled"]) {
|
|||
}
|
||||
|
||||
$table->data[21][0] = __('Integria API password');
|
||||
$table->data[21][1] = html_print_input_text ('integria_api_password', $config["integria_api_password"], '', 25, 25, true);
|
||||
$table->data[21][1] = html_print_input_text ('integria_api_password', io_output_password($config["integria_api_password"]), '', 25, 25, true);
|
||||
|
||||
if (!$bad_input) {
|
||||
foreach ($invent as $inv) {
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ $info = get_parameter('info', '');
|
|||
|
||||
$other = parseOtherParameter($otherSerialize, $otherMode);
|
||||
|
||||
$apiPassword = db_get_value_filter('value', 'tconfig', array('token' => 'api_password'));
|
||||
$apiPassword = io_output_password(db_get_value_filter('value', 'tconfig', array('token' => 'api_password')));
|
||||
|
||||
$correctLogin = false;
|
||||
$user_in_db = null;
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ function mysql_db_get_all_rows_sql ($sql, $search_history_db = false, $cache = t
|
|||
|
||||
// Connect to the history DB
|
||||
if (! isset ($config['history_db_connection']) || $config['history_db_connection'] === false) {
|
||||
$config['history_db_connection'] = db_connect($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], $config['history_db_pass'], $config['history_db_port'], false);
|
||||
$config['history_db_connection'] = db_connect($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], io_output_password($config['history_db_pass']), $config['history_db_port'], false);
|
||||
}
|
||||
if ($config['history_db_connection'] !== false) {
|
||||
$history = mysql_db_process_sql ($sql, 'affected_rows', $config['history_db_connection'], false);
|
||||
|
|
@ -1067,7 +1067,7 @@ function mysql_db_get_table_count($sql, $search_history_db = false) {
|
|||
|
||||
// Connect to the history DB
|
||||
if (! isset ($config['history_db_connection']) || $config['history_db_connection'] === false) {
|
||||
$config['history_db_connection'] = mysql_connect_db ($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], $config['history_db_pass'], $config['history_db_port'], false);
|
||||
$config['history_db_connection'] = mysql_connect_db ($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], io_output_password($config['history_db_pass']), $config['history_db_port'], false);
|
||||
}
|
||||
if ($config['history_db_connection'] !== false) {
|
||||
$history_count = mysql_db_get_value_sql ($sql, $config['history_db_connection']);
|
||||
|
|
@ -1087,4 +1087,4 @@ function mysql_get_fields($table) {
|
|||
|
||||
return db_get_all_rows_sql("SHOW COLUMNS FROM " . $table);
|
||||
}
|
||||
?>
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -166,7 +166,7 @@ function oracle_db_get_all_rows_sql ($sql, $search_history_db = false, $cache =
|
|||
|
||||
// Connect to the history DB
|
||||
if (! isset ($config['history_db_connection']) || $config['history_db_connection'] === false) {
|
||||
$config['history_db_connection'] = db_connect($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], $config['history_db_pass'], $config['history_db_port'], false);
|
||||
$config['history_db_connection'] = db_connect($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], io_output_password($config['history_db_pass']), $config['history_db_port'], false);
|
||||
}
|
||||
if ($config['history_db_connection'] !== false) {
|
||||
$history = oracle_db_process_sql ($sql, 'affected_rows', $config['history_db_connection'], false);
|
||||
|
|
@ -1465,7 +1465,7 @@ function oracle_db_get_table_count($sql, $search_history_db = false) {
|
|||
|
||||
// Connect to the history DB
|
||||
if (! isset ($config['history_db_connection']) || $config['history_db_connection'] === false) {
|
||||
$config['history_db_connection'] = oracle_connect_db ($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], $config['history_db_pass'], $config['history_db_port'], false);
|
||||
$config['history_db_connection'] = oracle_connect_db ($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], io_output_password($config['history_db_pass']), $config['history_db_port'], false);
|
||||
}
|
||||
if ($config['history_db_connection'] !== false) {
|
||||
$history_count = oracle_db_get_value_sql ($sql, $config['history_db_connection']);
|
||||
|
|
@ -1479,4 +1479,4 @@ function oracle_db_get_table_count($sql, $search_history_db = false) {
|
|||
|
||||
return $count;
|
||||
}
|
||||
?>
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -147,7 +147,7 @@ function postgresql_db_get_all_rows_sql ($sql, $search_history_db = false, $cach
|
|||
$history = false;
|
||||
|
||||
// Connect to the history DB
|
||||
$history_db_connection = db_connect($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], $config['history_db_pass'], $config['history_db_port'], false);
|
||||
$history_db_connection = db_connect($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], $config['history_db_pass'], io_output_password($config['history_db_port'], false));
|
||||
if ($history_db_connection !== false) {
|
||||
$history = postgresql_db_process_sql ($sql, 'affected_rows', $config['history_db_connection'], false);
|
||||
}
|
||||
|
|
@ -1086,7 +1086,7 @@ function postgresql_db_get_table_count($sql, $search_history_db = false) {
|
|||
|
||||
// Connect to the history DB
|
||||
if (! isset ($config['history_db_connection']) || $config['history_db_connection'] === false) {
|
||||
$config['history_db_connection'] = postgresql_connect_db ($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], $config['history_db_pass'], $config['history_db_port'], false);
|
||||
$config['history_db_connection'] = postgresql_connect_db ($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], io_output_password($config['history_db_pass']), $config['history_db_port'], false);
|
||||
}
|
||||
if ($config['history_db_connection'] !== false) {
|
||||
$history_count = postgresql_db_get_value_sql ($sql, $config['history_db_connection']);
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ function config_update_config () {
|
|||
$error_update[] = __('Language code for Pandora');
|
||||
if (!config_update_value ('remote_config', (string) get_parameter ('remote_config')))
|
||||
$error_update[] = __('Remote config directory');
|
||||
if (!config_update_value ('loginhash_pwd', (string) get_parameter ('loginhash_pwd')))
|
||||
if (!config_update_value ('loginhash_pwd', io_input_password((string) get_parameter ('loginhash_pwd'))))
|
||||
$error_update[] = __('Auto login (hash) password');
|
||||
|
||||
if (!config_update_value ('timesource', (string) get_parameter ('timesource')))
|
||||
|
|
@ -134,15 +134,15 @@ function config_update_config () {
|
|||
$error_update[] = __('Attachment store');
|
||||
if (!config_update_value ('list_ACL_IPs_for_API', (string) get_parameter('list_ACL_IPs_for_API')))
|
||||
$error_update[] = __('IP list with API access');
|
||||
if (!config_update_value ('api_password', get_parameter('api_password')))
|
||||
$error_update[] = __('Integria API password');
|
||||
if (!config_update_value ('api_password', io_input_password(get_parameter('api_password'))))
|
||||
$error_update[] = __('API password');
|
||||
if (!config_update_value ('activate_gis', (bool) get_parameter ('activate_gis')))
|
||||
$error_update[] = __('Enable GIS features in Pandora Console');
|
||||
if (!config_update_value ('integria_enabled', get_parameter ('integria_enabled')))
|
||||
$error_update[] = __('Enable Integria incidents in Pandora Console');
|
||||
if (!config_update_value ('integria_inventory', get_parameter ('integria_inventory')))
|
||||
$error_update[] = __('Integria inventory');
|
||||
if (!config_update_value ('integria_api_password', get_parameter ('integria_api_password')))
|
||||
if (!config_update_value ('integria_api_password', io_input_password(get_parameter ('integria_api_password'))))
|
||||
$error_update[] = __('Integria API password');
|
||||
if (!config_update_value ('integria_url', get_parameter ('integria_url')))
|
||||
$error_update[] = __('Integria URL');
|
||||
|
|
@ -210,7 +210,7 @@ function config_update_config () {
|
|||
$error_update[] = __('Replication DB database');
|
||||
if (!config_update_value ('replication_dbuser', (string)get_parameter('replication_dbuser')))
|
||||
$error_update[] = __('Replication DB user');
|
||||
if (!config_update_value ('replication_dbpass', (string)get_parameter('replication_dbpass')))
|
||||
if (!config_update_value ('replication_dbpass', io_input_password((string)get_parameter('replication_dbpass'))))
|
||||
$error_update[] = __('Replication DB password');
|
||||
if (!config_update_value ('replication_dbport', (string)get_parameter('replication_dbport')))
|
||||
$error_update[] = __('Replication DB port');
|
||||
|
|
@ -300,7 +300,7 @@ function config_update_config () {
|
|||
$error_update[] = __('Database name');
|
||||
if (!config_update_value ('rpandora_user', get_parameter ('rpandora_user')))
|
||||
$error_update[] = __('User');
|
||||
if (!config_update_value ('rpandora_pass', get_parameter ('rpandora_pass')))
|
||||
if (!config_update_value ('rpandora_pass', io_input_password(get_parameter ('rpandora_pass'))))
|
||||
$error_update[] = __('Password');
|
||||
|
||||
if (!config_update_value ('rbabel_server', get_parameter ('rbabel_server')))
|
||||
|
|
@ -311,7 +311,7 @@ function config_update_config () {
|
|||
$error_update[] = __('Database name');
|
||||
if (!config_update_value ('rbabel_user', get_parameter ('rbabel_user')))
|
||||
$error_update[] = __('User');
|
||||
if (!config_update_value ('rbabel_pass', get_parameter ('rbabel_pass')))
|
||||
if (!config_update_value ('rbabel_pass', io_input_password(get_parameter ('rbabel_pass'))))
|
||||
$error_update[] = __('Password');
|
||||
if (!config_update_value ('rintegria_server', get_parameter ('rintegria_server')))
|
||||
$error_update[] = __('Integria host');
|
||||
|
|
@ -321,7 +321,7 @@ function config_update_config () {
|
|||
$error_update[] = __('Database name');
|
||||
if (!config_update_value ('rintegria_user', get_parameter ('rintegria_user')))
|
||||
$error_update[] = __('User');
|
||||
if (!config_update_value ('rintegria_pass', get_parameter ('rintegria_pass')))
|
||||
if (!config_update_value ('rintegria_pass', io_input_password(get_parameter ('rintegria_pass'))))
|
||||
$error_update[] = __('Password');
|
||||
if (!config_update_value ('double_auth_enabled', get_parameter ('double_auth_enabled')))
|
||||
$error_update[] = __('Double authentication');
|
||||
|
|
@ -588,7 +588,7 @@ function config_update_config () {
|
|||
$error_update[] = __('Database name');
|
||||
if (!config_update_value ('history_db_user', get_parameter ('history_db_user')))
|
||||
$error_update[] = __('Database user');
|
||||
if (!config_update_value ('history_db_pass', get_parameter ('history_db_pass')))
|
||||
if (!config_update_value ('history_db_pass', io_input_password(get_parameter ('history_db_pass'))))
|
||||
$error_update[] = __('Database password');
|
||||
if (!config_update_value ('history_db_days', get_parameter ('history_db_days')))
|
||||
$error_update[] = __('Days');
|
||||
|
|
@ -658,7 +658,7 @@ function config_process_config () {
|
|||
}
|
||||
|
||||
if (!isset ($config['loginhash_pwd'])) {
|
||||
config_update_value ('loginhash_pwd', rand (0, 1000) * rand (0, 1000)."pandorahash");
|
||||
config_update_value ('loginhash_pwd', io_input_password(rand (0, 1000) * rand (0, 1000)."pandorahash"));
|
||||
}
|
||||
|
||||
if (!isset ($config["trap2agent"])) {
|
||||
|
|
|
|||
|
|
@ -440,4 +440,44 @@ function io_json_mb_encode($string){
|
|||
return $v;
|
||||
}
|
||||
|
||||
/*
|
||||
* Prepare the given password to be stored in the Pandora FMS Database,
|
||||
* encrypting it if necessary.
|
||||
*
|
||||
* @param string password Password to be stored.
|
||||
*
|
||||
* @return string The processed password.
|
||||
*/
|
||||
function io_input_password($password) {
|
||||
global $config;
|
||||
|
||||
enterprise_include_once('include/functions_crypto.php');
|
||||
$ciphertext = enterprise_hook('crypto_encrypt', array($password));
|
||||
if ($ciphertext === ENTERPRISE_NOT_HOOK) {
|
||||
return $password;
|
||||
}
|
||||
|
||||
return $ciphertext;
|
||||
}
|
||||
|
||||
/*
|
||||
* Process the given password read from the Pandora FMS Database,
|
||||
* decrypting it if necessary.
|
||||
*
|
||||
* @param string password Password read from the DB.
|
||||
*
|
||||
* @return string The processed password.
|
||||
*/
|
||||
function io_output_password($password) {
|
||||
global $config;
|
||||
|
||||
enterprise_include_once('include/functions_crypto.php');
|
||||
$plaintext = enterprise_hook('crypto_decrypt', array($password));
|
||||
if ($plaintext === ENTERPRISE_NOT_HOOK) {
|
||||
return $password;
|
||||
}
|
||||
|
||||
return $plaintext;
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -454,6 +454,18 @@ function modules_create_agent_module ($id_agent, $name, $values = false, $disabl
|
|||
return ERR_EXIST;
|
||||
}
|
||||
|
||||
// Encrypt passwords
|
||||
if (isset ($values['plugin_pass'])) {
|
||||
$values['plugin_pass'] = io_input_password($values['plugin_pass']);
|
||||
}
|
||||
|
||||
// Encrypt SNMPv3 passwords
|
||||
if (isset ($values['id_tipo_modulo']) && ($values['id_tipo_modulo'] >= 15 && $values['id_tipo_modulo'] <= 18) &&
|
||||
isset ($values['tcp_send']) && ($values['tcp_send'] == 3) &&
|
||||
isset ($values['custom_string_2'])) {
|
||||
$values['custom_string_2'] = io_input_password($values['custom_string_2']);
|
||||
}
|
||||
|
||||
$id_agent_module = db_process_sql_insert ('tagente_modulo', $values);
|
||||
|
||||
if ($id_agent_module === false)
|
||||
|
|
|
|||
|
|
@ -452,7 +452,7 @@ if (! isset ($config['id_user'])) {
|
|||
$loginhash_data = get_parameter("loginhash_data", "");
|
||||
$loginhash_user = str_rot13(get_parameter("loginhash_user", ""));
|
||||
|
||||
if ($config["loginhash_pwd"] != "" && $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
|
||||
if ($config["loginhash_pwd"] != "" && $loginhash_data == md5($loginhash_user.io_output_password($config["loginhash_pwd"]))) {
|
||||
db_logon ($loginhash_user, $_SERVER['REMOTE_ADDR']);
|
||||
$_SESSION['id_usuario'] = $loginhash_user;
|
||||
$config["id_user"] = $loginhash_user;
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ $freestring = get_parameter ("freestring");
|
|||
$connection = get_parameter ("connection", 'main');
|
||||
if ($connection == 'history' && $config['history_db_enabled'] == 1) {
|
||||
if (! isset ($config['history_db_connection']) || $config['history_db_connection'] === false) {
|
||||
$config['history_db_connection'] = db_connect($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], $config['history_db_pass'], $config['history_db_port'], false);
|
||||
$config['history_db_connection'] = db_connect($config['history_db_host'], $config['history_db_name'], $config['history_db_user'], io_output_password($config['history_db_pass']), $config['history_db_port'], false);
|
||||
}
|
||||
$connection_handler = $config['history_db_connection'];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ if (! isset ($config['id_user']) && get_parameter("loginhash", 0)) {
|
|||
$loginhash_data = get_parameter("loginhash_data", "");
|
||||
$loginhash_user = str_rot13(get_parameter("loginhash_user", ""));
|
||||
|
||||
if ($config["loginhash_pwd"] != "" && $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
|
||||
if ($config["loginhash_pwd"] != "" && $loginhash_data == md5($loginhash_user.io_output_password($config["loginhash_pwd"]))) {
|
||||
db_logon ($loginhash_user, $_SERVER['REMOTE_ADDR']);
|
||||
$_SESSION['id_usuario'] = $loginhash_user;
|
||||
$config["id_user"] = $loginhash_user;
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ if (! isset ($config['id_user']) && get_parameter("loginhash", 0)) {
|
|||
$loginhash_user = str_rot13(get_parameter("loginhash_user", ""));
|
||||
|
||||
if ($config["loginhash_pwd"] != ""
|
||||
&& $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
|
||||
&& $loginhash_data == md5($loginhash_user.io_output_password($config["loginhash_pwd"]))) {
|
||||
|
||||
db_logon ($loginhash_user, $_SERVER['REMOTE_ADDR']);
|
||||
$_SESSION['id_usuario'] = $loginhash_user;
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ $id_file = $_GET["id_file"];
|
|||
$filename = $_GET["filename"];
|
||||
$id_user = $_GET["id_user"];
|
||||
|
||||
$integria_api = $config['integria_url']."/include/api.php?return_type=csv&user=".$config['id_user']."&pass=".$config['integria_api_password'];
|
||||
$integria_api = $config['integria_url']."/include/api.php?return_type=csv&user=".$config['id_user']."&pass=".io_output_password($config['integria_api_password']);
|
||||
|
||||
$url = $integria_api."&op=download_file¶ms=".$id_file;
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ $token = ';,;';
|
|||
|
||||
$update_incident = get_parameter('update_incident', 0);
|
||||
|
||||
$integria_api = $config['integria_url']."/include/api.php?return_type=xml&user=".$config['id_user']."&pass=".$config['integria_api_password'];
|
||||
$integria_api = $config['integria_url']."/include/api.php?return_type=xml&user=".$config['id_user']."&pass=".io_output_password($config['integria_api_password']);
|
||||
|
||||
// Header
|
||||
if ($tab == 'list' || $tab == 'editor') {
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ if (! check_acl ($config['id_user'], 0, "IR") == 1) {
|
|||
}
|
||||
ui_print_page_header (__('Statistics'), "images/book_edit.png", false, "", false, "");
|
||||
|
||||
$integria_api = $config['integria_url']."/include/api.php?user=".$config['id_user']."&pass=".$config['integria_api_password'];
|
||||
$integria_api = $config['integria_url']."/include/api.php?user=".$config['id_user']."&pass=".io_output_password($config['integria_api_password']);
|
||||
$op = 'get_stats';
|
||||
$url = "$integria_api&op=$op";
|
||||
|
||||
|
|
@ -59,4 +59,4 @@ echo pie3d_graph($config['flash_charts'], $data, 370, 180,
|
|||
$config['fontpath'], $config['font_size']);
|
||||
|
||||
echo '</table>';
|
||||
?>
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -98,6 +98,9 @@ sub pandora_startup () {
|
|||
# Grab config tokens shared with the console and not in the .conf
|
||||
pandora_get_sharedconfig (\%Config, $DBH);
|
||||
|
||||
# Generate the encryption key after reading the passphrase.
|
||||
$Config{"encryption_key"} = enterprise_hook('pandora_get_encryption_key', [\%Config, $Config{"encryption_passphrase"}]);
|
||||
|
||||
pandora_audit (\%Config, 'Pandora FMS Server Daemon starting', 'SYSTEM', 'System', $DBH);
|
||||
|
||||
# Load servers
|
||||
|
|
|
|||
|
|
@ -496,3 +496,7 @@ console_user admin
|
|||
|
||||
# console_pass: Console password (pandora by default)
|
||||
console_pass pandora
|
||||
|
||||
# Passphrase used to generate the key for password encryption (PANDORA FMS ENTERPRISE ONLY).
|
||||
#encryption_passphrase passphrase
|
||||
|
||||
|
|
|
|||
|
|
@ -832,6 +832,9 @@ sub pandora_load_config {
|
|||
elsif ($parametro =~ m/^console_pass\s(.*)/i) {
|
||||
$pa_config->{'console_pass'}= safe_input($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^encryption_passphrase\s(.*)/i) {
|
||||
$pa_config->{'encryption_passphrase'}= safe_input($1);
|
||||
}
|
||||
} # end of loop for parameter #
|
||||
|
||||
# Set to RDBMS' standard port
|
||||
|
|
|
|||
|
|
@ -62,10 +62,14 @@ Exported Functions:
|
|||
|
||||
=item * C<pandora_generate_alerts>
|
||||
|
||||
=item * C<pandora_input_password>
|
||||
|
||||
=item * C<pandora_module_keep_alive>
|
||||
|
||||
=item * C<pandora_module_keep_alive_nd>
|
||||
|
||||
=item * C<pandora_output_password>
|
||||
|
||||
=item * C<pandora_planned_downtime>
|
||||
|
||||
=item * C<pandora_process_alert>
|
||||
|
|
@ -176,12 +180,14 @@ our @EXPORT = qw(
|
|||
pandora_get_module_phone_tags
|
||||
pandora_get_module_email_tags
|
||||
pandora_get_os
|
||||
pandora_input_password
|
||||
pandora_is_master
|
||||
pandora_mark_agent_for_alert_update
|
||||
pandora_mark_agent_for_module_update
|
||||
pandora_module_keep_alive
|
||||
pandora_module_keep_alive_nd
|
||||
pandora_module_unknown
|
||||
pandora_output_password
|
||||
pandora_planned_downtime
|
||||
pandora_planned_downtime_set_quiet_elements
|
||||
pandora_planned_downtime_unset_quiet_elements
|
||||
|
|
@ -2533,7 +2539,7 @@ sub pandora_create_module_from_network_component ($$$$) {
|
|||
$component->{'id_tipo_modulo'} = $component->{'type'};
|
||||
delete $component->{'type'};
|
||||
$component->{'ip_target'} = $addr;
|
||||
|
||||
|
||||
my $module_id = pandora_create_module_from_hash($pa_config, $component, $dbh);
|
||||
|
||||
# Propagate the tags to the module
|
||||
|
|
@ -2568,6 +2574,18 @@ sub pandora_create_module_from_hash ($$$) {
|
|||
if (defined $parameters->{'id_network_component_group'}) {
|
||||
delete $parameters->{'id_network_component_group'};
|
||||
}
|
||||
|
||||
# Encrypt plug-in passwords.
|
||||
if (defined($parameters->{'plugin_pass'})) {
|
||||
$parameters->{'plugin_pass'} = pandora_input_password($pa_config, $parameters->{'plugin_pass'});
|
||||
}
|
||||
|
||||
# Encrypt SNMP v3 passwords.
|
||||
if ($parameters->{'id_tipo_modulo'} >= 15 && $parameters->{'id_tipo_modulo'} <= 18 &&
|
||||
$parameters->{'tcp_send'} == 3) {
|
||||
$parameters->{'custom_string_2'} = pandora_input_password($pa_config, $parameters->{'custom_string_2'});
|
||||
}
|
||||
|
||||
my $module_id = db_process_insert($dbh, 'id_agente_modulo',
|
||||
'tagente_modulo', $parameters);
|
||||
|
||||
|
|
@ -4929,6 +4947,54 @@ sub pandora_create_integria_ticket ($$$$$$$$) {
|
|||
}
|
||||
}
|
||||
|
||||
##########################################################################
|
||||
=head2 C<< pandora_input_password (I<$pa_config>, I<$password>) >>
|
||||
|
||||
Process a password to be stored in the Pandora FMS Database (encrypting it if
|
||||
necessary).
|
||||
|
||||
=cut
|
||||
##########################################################################
|
||||
sub pandora_input_password($$) {
|
||||
my ($pa_config, $password) = @_;
|
||||
|
||||
# Do not attemp to encrypt empty passwords.
|
||||
return '' if ($password eq '');
|
||||
|
||||
# Encryption disabled.
|
||||
return $password if (! defined($pa_config->{'encryption_key'}) || $pa_config->{'encryption_key'} eq '');
|
||||
|
||||
# Encrypt the password.
|
||||
my $encrypted_password = enterprise_hook ('pandora_encrypt', [$pa_config, $password, $pa_config->{'encryption_key'}]);
|
||||
return $password unless defined($encrypted_password);
|
||||
|
||||
return $encrypted_password;
|
||||
}
|
||||
|
||||
##########################################################################
|
||||
=head2 C<< pandora_output_password (I<$pa_config>, I<$password>) >>
|
||||
|
||||
Process a password retrieved from the Pandora FMS Database (decrypting it if
|
||||
necessary).
|
||||
|
||||
=cut
|
||||
##########################################################################
|
||||
sub pandora_output_password($$) {
|
||||
my ($pa_config, $password) = @_;
|
||||
|
||||
# Do not attemp to decrypt empty passwords.
|
||||
return '' if ($password eq '');
|
||||
|
||||
# Encryption disabled.
|
||||
return $password if (! defined($pa_config->{'encryption_key'}) || $pa_config->{'encryption_key'} eq '');
|
||||
|
||||
# Decrypt the password.
|
||||
my $decrypted_password = enterprise_hook ('pandora_decrypt', [$pa_config, $password, $pa_config->{'encryption_key'}]);
|
||||
return $password unless defined($decrypted_password);
|
||||
|
||||
return $decrypted_password;
|
||||
}
|
||||
|
||||
# End of function declaration
|
||||
# End of defined Code
|
||||
|
||||
|
|
|
|||
|
|
@ -344,10 +344,10 @@ sub pandora_query_snmp ($$$) {
|
|||
|
||||
my $snmp_version = $module->{"tcp_send"}; # (1, 2, 2c or 3)
|
||||
my $snmp3_privacy_method = $module->{"custom_string_1"}; # DES/AES
|
||||
my $snmp3_privacy_pass = $module->{"custom_string_2"};
|
||||
my $snmp3_privacy_pass = pandora_output_password($pa_config, $module->{"custom_string_2"});
|
||||
my $snmp3_security_level = $module->{"custom_string_3"}; # noAuthNoPriv|authNoPriv|authPriv
|
||||
my $snmp3_auth_user = $module->{"plugin_user"};
|
||||
my $snmp3_auth_pass = $module->{"plugin_pass"};
|
||||
my $snmp3_auth_pass = pandora_output_password($pa_config, $module->{"plugin_pass"});
|
||||
my $snmp3_auth_method = $module->{"plugin_parameter"}; #MD5/SHA1
|
||||
my $snmp_community = $module->{"snmp_community"};
|
||||
my $snmp_target = $module->{"ip_target"};
|
||||
|
|
|
|||
|
|
@ -186,8 +186,10 @@ sub data_consumer ($$) {
|
|||
{
|
||||
my $macro_field = safe_output($macros{$macro_id}{'macro'});
|
||||
my $macro_desc = safe_output($macros{$macro_id}{'desc'});
|
||||
my $macro_value = safe_output($macros{$macro_id}{'value'});
|
||||
|
||||
my $macro_value = (defined($macros{$macro_id}{'hide'}) && $macros{$macro_id}{'hide'} eq '1') ?
|
||||
pandora_output_password($pa_config, safe_output($macros{$macro_id}{'value'})) :
|
||||
safe_output($macros{$macro_id}{'value'});
|
||||
|
||||
# build parameters to invoke plugin
|
||||
$parameters =~ s/$macros{$macro_id}{'macro'}/$macro_value/g;
|
||||
|
||||
|
|
|
|||
|
|
@ -667,6 +667,9 @@ sub md5 ($) {
|
|||
return "";
|
||||
}
|
||||
|
||||
# Initialize once.
|
||||
md5_init() if (!defined($R[0]));
|
||||
|
||||
# Note: All variables are unsigned 32 bits and wrap modulo 2^32 when calculating
|
||||
|
||||
# Initialize variables
|
||||
|
|
|
|||
|
|
@ -145,7 +145,7 @@ sub data_consumer ($$) {
|
|||
# Build command to execute
|
||||
my $wmi_command = '';
|
||||
if (defined ($module->{'plugin_pass'}) && $module->{'plugin_pass'} ne "") {
|
||||
$wmi_command = $pa_config->{'wmi_client'} . ' -U "' . $module->{'plugin_user'} . '"%"' . $module->{'plugin_pass'} . '"';
|
||||
$wmi_command = $pa_config->{'wmi_client'} . ' -U "' . $module->{'plugin_user'} . '"%"' . pandora_output_password($pa_config, $module->{'plugin_pass'}) . '"';
|
||||
}
|
||||
elsif (defined ($module->{'plugin_user'}) && $module->{'plugin_user'} ne "") {
|
||||
$wmi_command = $pa_config->{'wmi_client'} . ' -U "' . $module->{'plugin_user'} . '"';
|
||||
|
|
|
|||
Loading…
Reference in New Issue