tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 08:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed the lost hash user in the links from metaconsole to the nodes.

Browse Source
This commit is contained in:
mdtrooper 2014-11-25 11:07:41 +01:00
parent 5a074f3c2f
commit 631f0ee2b7
9 changed files with 44 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/ajax.php
View File

@ -30,7 +30,7 @@ session_start ();
if (isset ($_GET["loginhash"])) { if (isset ($_GET["loginhash"])) {
$loginhash_data = get_parameter("loginhash_data", ""); $loginhash_data = get_parameter("loginhash_data", "");
$loginhash_user = get_parameter("loginhash_user", ""); $loginhash_user = str_rot13(get_parameter("loginhash_user", ""));
if ($config["loginhash_pwd"] != "" if ($config["loginhash_pwd"] != ""
&& $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) { && $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {

2
pandora_console/extras/sample_login.php
View File

@ -10,6 +10,6 @@ $data = md5($data);
echo "DEBUG md5sum $data user $user Pass $pwd<br>"; echo "DEBUG md5sum $data user $user Pass $pwd<br>";
echo '<form name=test method=post action="http://192.168.61.41/pandora_console/index.php?loginhash=auto&sec=estado&sec2=operation/agentes/estado_agente&refr=60">'; echo '<form name=test method=post action="http://192.168.61.41/pandora_console/index.php?loginhash=auto&sec=estado&sec2=operation/agentes/estado_agente&refr=60">';
echo '<input type="hidden" name="loginhash_data" value="'.$data.'">'; echo '<input type="hidden" name="loginhash_data" value="'.$data.'">';
echo '<input type="hidden" name="loginhash_user" value="'.$user.'">'; echo '<input type="hidden" name="loginhash_user" value="' . str_rot13($user) . '">';
echo '<input type="submit">'; echo '<input type="submit">';
echo '</form>'; echo '</form>';

2
pandora_console/include/ajax/reporting.ajax.php
View File

@ -191,7 +191,7 @@ if ($get_metaconsole_hash_data) {
} }
$pwd = $auth_token; // Create HASH login info $pwd = $auth_token; // Create HASH login info
$user = $config["id_user"]; $user = str_rot13($config["id_user"]);
$hashdata = $user . $pwd; $hashdata = $user . $pwd;
$hashdata = md5($hashdata); $hashdata = md5($hashdata);
$url_hash = "&loginhash=auto&loginhash_data=$hashdata&loginhash_user=$user"; $url_hash = "&loginhash=auto&loginhash_data=$hashdata&loginhash_user=$user";

5
pandora_console/include/functions_events.php
View File

@ -1801,7 +1801,10 @@ function events_page_details ($event, $server = "") {
// If server is provided, get the hash parameters // If server is provided, get the hash parameters
if (!empty($server)) { if (!empty($server)) {
$hashdata = metaconsole_get_server_hashdata($server); $hashdata = metaconsole_get_server_hashdata($server);
$hashstring = "&amp;loginhash=auto&loginhash_data=" . $hashdata . "&loginhash_user=" . $config["id_user"]; $hashstring = "&amp;" .
"loginhash=auto&" .
"loginhash_data=" . $hashdata . "&" .
"loginhash_user=" . str_rot13($config["id_user"]);
$serverstring = $server['server_url'] . "/"; $serverstring = $server['server_url'] . "/";
} }
else { else {

12
pandora_console/operation/agentes/interface_traffic_graph_win.php
View File

@ -32,7 +32,7 @@ require_once ($config['homedir'] . '/include/functions_modules.php');
// Hash login process // Hash login process
if (! isset ($config['id_user']) && get_parameter("loginhash", 0)) { if (! isset ($config['id_user']) && get_parameter("loginhash", 0)) {
$loginhash_data = get_parameter("loginhash_data", ""); $loginhash_data = get_parameter("loginhash_data", "");
$loginhash_user = get_parameter("loginhash_user", ""); $loginhash_user = str_rot13(get_parameter("loginhash_user", ""));
if ($config["loginhash_pwd"] != "" && $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) { if ($config["loginhash_pwd"] != "" && $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
db_logon ($loginhash_user, $_SERVER['REMOTE_ADDR']); db_logon ($loginhash_user, $_SERVER['REMOTE_ADDR']);
@ -166,9 +166,13 @@ $interface_traffic_modules = array(
$side_layer_params['body_text'] .= html_print_input_hidden("params", base64_encode($params_json), true); $side_layer_params['body_text'] .= html_print_input_hidden("params", base64_encode($params_json), true);
if (isset($hash_connection_data)) { if (isset($hash_connection_data)) {
$side_layer_params['body_text'] .= html_print_input_hidden("loginhash", "auto", true); $side_layer_params['body_text'] .=
$side_layer_params['body_text'] .= html_print_input_hidden("loginhash_data", $loginhash_data, true); html_print_input_hidden("loginhash", "auto", true);
$side_layer_params['body_text'] .= html_print_input_hidden("loginhash_user", $loginhash_user, true); $side_layer_params['body_text'] .=
html_print_input_hidden("loginhash_data", $loginhash_data, true);
$side_layer_params['body_text'] .=
html_print_input_hidden("loginhash_user",
str_rot13($loginhash_user), true);
} }
// FORM TABLE // FORM TABLE

12
pandora_console/operation/agentes/stat_win.php
View File

@ -31,7 +31,7 @@ require_once ($config['homedir'] . '/include/functions_modules.php');
// Hash login process // Hash login process
if (! isset ($config['id_user']) && get_parameter("loginhash", 0)) { if (! isset ($config['id_user']) && get_parameter("loginhash", 0)) {
$loginhash_data = get_parameter("loginhash_data", ""); $loginhash_data = get_parameter("loginhash_data", "");
$loginhash_user = get_parameter("loginhash_user", ""); $loginhash_user = str_rot13((get_parameter("loginhash_user", ""));
if ($config["loginhash_pwd"] != "" if ($config["loginhash_pwd"] != ""
&& $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) { && $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
@ -220,9 +220,13 @@ $label = base64_decode(get_parameter('label', ''));
$params['body_text'] .= html_print_input_hidden ("label", $label); $params['body_text'] .= html_print_input_hidden ("label", $label);
if (isset($hash_connection_data)) { if (isset($hash_connection_data)) {
$params['body_text'] .= html_print_input_hidden("loginhash", "auto", true); $params['body_text'] .=
$params['body_text'] .= html_print_input_hidden("loginhash_data", $loginhash_data, true); html_print_input_hidden("loginhash", "auto", true);
$params['body_text'] .= html_print_input_hidden("loginhash_user", $loginhash_user, true); $params['body_text'] .=
html_print_input_hidden("loginhash_data", $loginhash_data, true);
$params['body_text'] .=
html_print_input_hidden("loginhash_user",
str_rot13($loginhash_user), true);
} }
$params['body_text'] .= html_print_input_hidden ("id", $id, true); $params['body_text'] .= html_print_input_hidden ("id", $id, true);

20
pandora_console/operation/agentes/status_monitor.php
View File

@ -868,10 +868,13 @@ else {
$console_password = $auth_serialized["console_password"]; $console_password = $auth_serialized["console_password"];
} }
$user = $config["id_user"]; $user = str_rot13($config["id_user"]);
$hashdata = $user.$pwd; $hashdata = $user.$pwd;
$hashdata = md5($hashdata); $hashdata = md5($hashdata);
$url_hash = "&loginhash=auto&loginhash_data=$hashdata&loginhash_user=$user"; $url_hash = "&" .
"loginhash=auto&" .
"loginhash_data=$hashdata&" .
"loginhash_user=$user";
foreach ($result_server as $result_element_key => $result_element_value) { foreach ($result_server as $result_element_key => $result_element_value) {
@ -1052,8 +1055,17 @@ foreach ($result as $row) {
// TODO: Calculate hash access before to use it more simply like other sections. I.E. Events view // TODO: Calculate hash access before to use it more simply like other sections. I.E. Events view
if (defined('METACONSOLE')) { if (defined('METACONSOLE')) {
$agent_link = '<a href="'. $row["server_url"] .'index.php?sec=estado&amp;sec2=operation/agentes/ver_agente&amp;id_agente='. $row["id_agent"] . '&amp;loginhash=auto&amp;loginhash_data=' . $row["hashdata"] . '&amp;loginhash_user=' . $row["user"] . '">'; $agent_link = '<a href="'.
$agent_name = ui_print_truncate_text($row["agent_name"], 'agent_small', false, true, false, '[&hellip;]', 'font-size:7.5pt;'); $row["server_url"] .'index.php?' .
'sec=estado&amp;' .
'sec2=operation/agentes/ver_agente&amp;' .
'id_agente='. $row["id_agent"] . '&amp;' .
'loginhash=auto&amp;' .
'loginhash_data=' . $row["hashdata"] . '&amp;' .
'loginhash_user=' . str_rot13($row["user"]) . '">';
$agent_name = ui_print_truncate_text($row["agent_name"],
'agent_small', false, true, false, '[&hellip;]',
'font-size:7.5pt;');
if (can_user_access_node ()) { if (can_user_access_node ()) {
$data[1] = $agent_link . '<b>' . $agent_name . '</b></a>'; $data[1] = $agent_link . '<b>' . $agent_name . '</b></a>';
} }