tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-3980-7966-aws-multicuenta-y-mejora-monitorizacion' into 'develop' 

first steps credential store

See merge request artica/pandorafms!2523
This commit is contained in:
Alejandro Fraguas 2019-06-26 11:21:49 +02:00
parent 690b5cd7fd fdf2a983d2
commit 7224974520
19 changed files with 1709 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pandora_console/extras/mr/28.sql
View File

@ -42,4 +42,5 @@ ALTER TABLE `tusuario` ADD COLUMN `ehorus_user_level_user` VARCHAR(60);
ALTER TABLE `tusuario` ADD COLUMN `ehorus_user_level_pass` VARCHAR(45);
ALTER TABLE `tusuario` ADD COLUMN `ehorus_user_level_enabled` TINYINT(1) DEFAULT '1';
COMMIT;

19
pandora_console/extras/mr/29.sql
View File

@ -4,5 +4,24 @@ ALTER TABLE `tmetaconsole_agent` ADD INDEX `id_tagente_idx` (`id_tagente`);
DELETE FROM `ttipo_modulo` WHERE `nombre` LIKE 'log4x';
CREATE TABLE IF NOT EXISTS `tcredential_store` (
`identifier` varchar(100) NOT NULL,
`id_group` mediumint(4) unsigned NOT NULL DEFAULT 0,
`product` enum('CUSTOM', 'AWS', 'AZURE', 'GOOGLE') default 'CUSTOM',
`username` text,
`password` text,
`extra_1` text,
`extra_2` text,
PRIMARY KEY (`identifier`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `tcredential_store` (`identifier`, `id_group`, `product`, `username`, `password`) VALUES ("imported_aws_account", 0, "AWS", (SELECT `value` FROM `tconfig` WHERE `token` = "aws_access_key_id" LIMIT 1), (SELECT `value` FROM `tconfig` WHERE `token` = "aws_secret_access_key" LIMIT 1));
DELETE FROM `tcredential_store` WHERE `username` IS NULL AND `password` IS NULL;
UPDATE `tagente` ta INNER JOIN `tagente` taa on ta.`id_parent` = taa.`id_agente` AND taa.`nombre` IN ("us-east-1", "us-east-2", "us-west-1", "us-west-2", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3", "ap-northeast-1", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-south-1", "sa-east-1") SET ta.nombre = md5(concat((SELECT `username` FROM `tcredential_store` WHERE `identifier` = "imported_aws_account" LIMIT 1), ta.`nombre`));
UPDATE `tagente` SET `nombre` = md5(concat((SELECT `username` FROM `tcredential_store` WHERE `identifier` = "imported_aws_account" LIMIT 1), `nombre`)) WHERE `nombre` IN ("Aws", "us-east-1", "us-east-2", "us-west-1", "us-west-2", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3", "ap-northeast-1", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-south-1", "sa-east-1");
COMMIT;

13
pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql
View File

@ -2192,3 +2192,16 @@ CREATE TABLE `tvisual_console_elements_cache` (
ON UPDATE CASCADE
) engine=InnoDB DEFAULT CHARSET=utf8;
-- ---------------------------------------------------------------------
-- Table `tcredential_store`
-- ---------------------------------------------------------------------
CREATE TABLE IF NOT EXISTS `tcredential_store` (
`identifier` varchar(100) NOT NULL,
`id_group` mediumint(4) unsigned NOT NULL DEFAULT 0,
`product` enum('CUSTOM', 'AWS', 'AZURE', 'GOOGLE') default 'CUSTOM',
`username` text,
`password` text,
`extra_1` text,
`extra_2` text,
PRIMARY KEY (`identifier`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

632
pandora_console/godmode/groups/credential_store.php Normal file
View File

@ -0,0 +1,632 @@
<?php
/**
* Credentials management view.
*
* @category Credentials management
* @package Pandora FMS
* @subpackage Opensource
* @version 1.0.0
* @license See below
*
* ______ ___ _______ _______ ________
* | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
* |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
*
* ============================================================================
* Copyright (c) 2005-2019 Artica Soluciones Tecnologicas
* Please see http://pandorafms.org for full contribution list
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation for version 2.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* ============================================================================
*/
// Begin.
global $config;
// Check access.
check_login();
if (! check_acl($config['id_user'], 0, 'PM')) {
db_pandora_audit(
'ACL Violation',
'Trying to access event viewer'
);
if (is_ajax()) {
return ['error' => 'noaccess'];
}
include 'general/noaccess.php';
return;
}
// Required files.
ui_require_css_file('credential_store');
require_once $config['homedir'].'/include/functions_credential_store.php';
require_once $config['homedir'].'/include/functions_io.php';
if (is_ajax()) {
$draw = get_parameter('draw', 0);
$filter = get_parameter('filter', []);
$get_key = get_parameter('get_key', 0);
$new_form = get_parameter('new_form', 0);
$new_key = get_parameter('new_key', 0);
$update_key = get_parameter('update_key', 0);
$delete_key = get_parameter('delete_key', 0);
if ($new_form) {
echo print_inputs();
exit;
}
if ($delete_key) {
$identifier = get_parameter('identifier', null);
if (empty($identifier)) {
ajax_msg('error', __('identifier cannot be empty'));
}
if (db_process_sql_delete(
'tcredential_store',
['identifier' => $identifier]
) === false
) {
ajax_msg('error', $config['dbconnection']->error, true);
} else {
ajax_msg('result', $identifier, true);
}
}
if ($update_key) {
$data = get_parameter('values', null);
if ($data === null || !is_array($data)) {
echo json_encode(['error' => __('Invalid parameters, please retry')]);
exit;
}
$values = [];
foreach ($data as $key => $value) {
if ($key == 'identifier') {
$identifier = base64_decode($value);
} else if ($key == 'product') {
$product = base64_decode($value);
} else {
$values[$key] = base64_decode($value);
}
}
if (empty($identifier)) {
ajax_msg('error', __('identifier cannot be empty'));
}
if (empty($product)) {
ajax_msg('error', __('product cannot be empty'));
}
if (db_process_sql_update(
'tcredential_store',
$values,
['identifier' => $identifier]
) === false
) {
ajax_msg('error', $config['dbconnection']->error);
} else {
ajax_msg('result', $identifier);
}
exit;
}
if ($new_key) {
$data = get_parameter('values', null);
if ($data === null || !is_array($data)) {
echo json_encode(['error' => __('Invalid parameters, please retry')]);
exit;
}
$values = [];
foreach ($data as $key => $value) {
$values[$key] = base64_decode($value);
if ($key == 'identifier') {
$values[$key] = preg_replace('/\s+/', '-', trim($values[$key]));
}
}
$identifier = $values['identifier'];
if (empty($identifier)) {
ajax_msg('error', __('identifier cannot be empty'));
}
if (empty($values['product'])) {
ajax_msg('error', __('product cannot be empty'));
}
if (db_process_sql_insert('tcredential_store', $values) === false) {
ajax_msg('error', $config['dbconnection']->error);
} else {
ajax_msg('result', $identifier);
}
exit;
}
if ($get_key) {
$identifier = get_parameter('identifier', null);
$key = get_key($identifier);
echo print_inputs($key);
exit;
}
if ($draw) {
// Datatables offset, limit and order.
$start = get_parameter('start', 0);
$length = get_parameter('length', $config['block_size']);
$order = get_datatable_order(true);
try {
ob_start();
$fields = [
'cs.*',
'tg.nombre as `group`',
];
// Retrieve data.
$data = credentials_get_all(
// Fields.
$fields,
// Filter.
$filter,
// Offset.
$start,
// Limit.
$length,
// Order.
$order['direction'],
// Sort field.
$order['field']
);
// Retrieve counter.
$count = credentials_get_all(
'count',
$filter
);
if ($data) {
$data = array_reduce(
$data,
function ($carry, $item) {
// Transforms array of arrays $data into an array
// of objects, making a post-process of certain fields.
$tmp = (object) $item;
$tmp->username = io_safe_output($tmp->username);
if (empty($tmp->group)) {
$tmp->group = __('All');
} else {
$tmp->group = io_safe_output($tmp->group);
}
$carry[] = $tmp;
return $carry;
}
);
}
// Datatables format: RecordsTotal && recordsfiltered.
echo json_encode(
[
'data' => $data,
'recordsTotal' => $count,
'recordsFiltered' => $count,
]
);
// Capture output.
$response = ob_get_clean();
} catch (Exception $e) {
return json_encode(['error' => $e->getMessage()]);
}
// If not valid, show error with issue.
json_decode($response);
if (json_last_error() == JSON_ERROR_NONE) {
// If valid dump.
echo $response;
} else {
echo json_encode(
['error' => $response]
);
}
exit;
}
exit;
}
// Datatables list.
try {
$columns = [
'group',
'identifier',
'product',
'username',
'options',
];
$column_names = [
__('Group'),
__('Identifier'),
__('Product'),
__('User'),
[
'text' => __('Options'),
'class' => 'action_buttons',
],
];
$table_id = 'keystore';
// Load datatables user interface.
ui_print_datatable(
[
'id' => $table_id,
'class' => 'info_table',
'style' => 'width: 100%',
'columns' => $columns,
'column_names' => $column_names,
'ajax_url' => 'godmode/groups/credential_store',
'ajax_postprocess' => 'process_datatables_item(item)',
'no_sortable_columns' => [-1],
'order' => [
'field' => 'identifier',
'direction' => 'asc',
],
'search_button_class' => 'sub filter float-right',
'form' => [
'inputs' => [
[
'label' => __('Group'),
'type' => 'select',
'id' => 'filter_id_group',
'name' => 'filter_id_group',
'options' => users_get_groups_for_select(
$config['id_user'],
'AR',
true,
true,
false
),
],
[
'label' => __('Free search'),
'type' => 'text',
'class' => 'mw250px',
'id' => 'free_search',
'name' => 'free_search',
],
],
],
]
);
} catch (Exception $e) {
echo $e->getMessage();
}
// Auxiliar div.
$new = '<div id="new_key" style="display: none"><form id="form_new">';
$new .= '</form></div>';
$details = '<div id="info_key" style="display: none"><form id="form_update">';
$details .= '</form></div>';
$aux = '<div id="aux" style="display: none"></div>';
echo $new.$details.$aux;
// Create button.
echo '<div class="w100p flex-content-right">';
html_print_submit_button(
__('Add key'),
'create',
false,
'class="sub next"'
);
echo '</div>';
?>
<script type="text/javascript">
function process_datatables_item(item) {
item.options = '<a href="javascript:" onclick="display_key(\'';
item.options += item.identifier;
item.options += '\')" ><?php echo html_print_image('images/eye.png', true, ['title' => __('Show')]); ?></a>';
item.options += '<a href="javascript:" onclick="delete_key(\'';
item.options += item.identifier;
item.options += '\')" ><?php echo html_print_image('images/cross.png', true, ['title' => __('Delete')]); ?></a>';
}
function handle_response(data) {
var title = "<?php echo __('Success'); ?>";
var text = '';
var failed = 0;
try {
data = JSON.parse(data);
text = data['result'];
} catch (err) {
title = "<?php echo __('Failed'); ?>";
text = err.message;
failed = 1;
}
if (!failed && data['error']) {
title = "<?php echo __('Failed'); ?>";
text = data['error'];
failed = 1;
}
$('#aux').empty();
$('#aux').html(text);
$('#aux').dialog({
width: 450,
position: {
my: 'center',
at: 'center',
of: window,
collision: 'fit'
},
title: title,
buttons: [
{
text: 'OK',
click: function(e) {
if (!failed) {
dt_<?php echo $table_id; ?>.draw(0);
$(".ui-dialog-content").dialog("close");
cleanupDOM();
} else {
$(this).dialog('close');
}
}
}
]
});
}
function delete_key(id) {
$('#aux').empty();
$('#aux').text('<?php echo __('Are you sure?'); ?>');
$('#aux').dialog({
title: '<?php echo __('Delete'); ?> ' + id,
buttons: [
{
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub upd submit-cancel',
text: '<?php echo __('Cancel'); ?>',
click: function(e) {
$(this).dialog('close');
cleanupDOM();
}
},
{
text: 'Delete',
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub ok submit-next',
click: function(e) {
$.ajax({
method: 'post',
url: '<?php echo ui_get_full_url('ajax.php', false, false, false); ?>',
data: {
page: 'godmode/groups/credential_store',
delete_key: 1,
identifier: id
},
datatype: "json",
success: function (data) {
handle_response(data);
},
error: function(e) {
handle_response(e);
}
});
}
}
]
});
}
function display_key(id) {
$('#form_update').empty();
$('#form_update').html('Loading...');
$.ajax({
method: 'post',
url: '<?php echo ui_get_full_url('ajax.php', false, false, false); ?>',
data: {
page: 'godmode/groups/credential_store',
get_key: 1,
identifier: id
},
success: function (data) {
$('#info_key').dialog({
width: 580,
height: 400,
position: {
my: 'center',
at: 'center',
of: window,
collision: 'fit'
},
title: id,
buttons: [
{
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub upd submit-cancel',
text: '<?php echo __('Cancel'); ?>',
click: function(e) {
$(this).dialog('close');
cleanupDOM();
}
},
{
text: 'Update',
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub ok submit-next',
click: function(e) {
var values = {};
$('#form_update :input').each(function() {
values[this.name] = btoa($(this).val());
});
$.ajax({
method: 'post',
url: '<?php echo ui_get_full_url('ajax.php', false, false, false); ?>',
data: {
page: 'godmode/groups/credential_store',
update_key: 1,
values: values
},
datatype: "json",
success: function (data) {
handle_response(data);
},
error: function(e) {
handle_response(e);
}
});
}
}
]
});
$('#form_update').html(data);
}
})
}
function cleanupDOM() {
$('#div-identifier').empty();
$('#div-product').empty();
$('#div-username').empty();
$('#div-password').empty();
$('#div-extra_1').empty();
$('#div-extra_2').empty();
}
function calculate_inputs() {
if ($('#product :selected').val() == "CUSTOM") {
$('#div-username label').text('<?php echo __('Username'); ?>');
$('#div-password label').text('<?php echo __('Password'); ?>');
$('#div-extra_1 label').text('<?php echo __('Extra'); ?>');
$('#div-extra_2 label').text('<?php echo __('Extra (2)'); ?>');
$('#div-extra_1').show();
$('#div-extra_2').show();
} else if ($('#product :selected').val() == "AWS") {
$('#div-username label').text('<?php echo __('Access key ID'); ?>');
$('#div-password label').text('<?php echo __('Secret access key'); ?>');
$('#div-extra_1').hide();
$('#div-extra_2').hide();
} else if ($('#product :selected').val() == "AZURE") {
$('#div-username label').text('<?php echo __('Account ID'); ?>');
$('#div-password label').text('<?php echo __('Password'); ?>');
$('#div-extra_1 label').text('<?php echo __('Tenant or domain name'); ?>');
$('#div-extra_2 label').text('<?php echo __('Subscription id'); ?>');
$('#div-extra_1').show();
$('#div-extra_2').show();
}
}
function add_key() {
// Clear form.
$('#form_update').empty();
$('#form_update').html('Loading...');
$.ajax({
method: 'post',
url: '<?php echo ui_get_full_url('ajax.php', false, false, false); ?>',
data: {
page: 'godmode/groups/credential_store',
new_form: 1
},
success: function(data) {
$('#form_new').html(data);
$('#id_group').val(0);
// By default AWS.
$('#product').val('AWS');
calculate_inputs();
$('#product').on('change', function() {
calculate_inputs()
});
// Show form.
$('#new_key').dialog({
width: 580,
height: 400,
position: {
my: 'center',
at: 'center',
of: window,
collision: 'fit'
},
title: "<?php echo __('Register new key into keystore'); ?>",
buttons: [
{
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub upd submit-cancel',
text: "<?php echo __('Cancel'); ?>",
click: function(e) {
$(this).dialog('close');
cleanupDOM();
}
},
{
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub ok submit-next',
text: 'OK',
click: function(e) {
var values = {};
console.log($('#form_new'));
$('#form_new :input').each(function() {
values[this.name] = btoa($(this).val());
});
$.ajax({
method: 'post',
url: '<?php echo ui_get_full_url('ajax.php', false, false, false); ?>',
data: {
page: 'godmode/groups/credential_store',
new_key: 1,
values: values
},
datatype: "json",
success: function (data) {
handle_response(data);
},
error: function(e) {
handle_response(e);
}
});
}
},
]
});
}
})
}
$(document).ready(function(){
$("#submit-create").on('click', function(){
add_key();
});
});
</script>

258
pandora_console/godmode/groups/group_list.php
View File

@ -1,20 +1,36 @@
<?php
/**
* Group management view.
*
* @category Group View
* @package Pandora FMS
* @subpackage Opensource
* @version 1.0.0
* @license See below
*
* ______ ___ _______ _______ ________
* | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
* |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
*
* ============================================================================
* Copyright (c) 2005-2019 Artica Soluciones Tecnologicas
* Please see http://pandorafms.org for full contribution list
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation for version 2.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* ============================================================================
*/
// Pandora FMS - http://pandorafms.com
// ==================================================
// Copyright (c) 2005-2010 Artica Soluciones Tecnologicas
// Please see http://pandorafms.org for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation for version 2.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// Begin.
ui_require_css_file('tree');
ui_require_css_file('fixed-bottom-box');
// Load global vars
// Load global vars.
global $config;
check_login();
@ -76,15 +92,17 @@ if (is_ajax()) {
$recursion = (int) get_parameter('recursion', 0);
$privilege = (string) get_parameter('privilege', '');
$all_agents = (int) get_parameter('all_agents', 0);
// Is is possible add keys prefix to avoid auto sorting in js object conversion
// Is is possible add keys prefix to avoid auto sorting in
// js object conversion.
$keys_prefix = (string) get_parameter('keys_prefix', '');
// This attr is for the operation "bulk alert accions add", it controls the query that take the agents
// from db
// This attr is for the operation "bulk alert accions add", it controls
// the query that take the agents from db.
$add_alert_bulk_op = get_parameter('add_alert_bulk_op', false);
// Ids of agents to be include in the SQL clause as id_agent IN ()
// Ids of agents to be include in the SQL clause as id_agent IN ().
$filter_agents_json = (string) get_parameter('filter_agents_json', '');
$status_agents = (int) get_parameter('status_agents', AGENT_STATUS_ALL);
// Juanma (22/05/2014) Fix: If setted remove void agents from result (by default and for compatibility show void agents)
// Juanma (22/05/2014) Fix: If setted remove void agents from result
// (by default and for compatibility show void agents).
$show_void_agents = (int) get_parameter('show_void_agents', 1);
$serialized = (bool) get_parameter('serialized', false);
$serialized_separator = (string) get_parameter('serialized_separator', '|');
@ -121,7 +139,7 @@ if (is_ajax()) {
$filter['status'] = $status_agents;
}
// Juanma (22/05/2014) Fix: If remove void agents setted
// Juanma (22/05/2014) Fix: If remove void agents set.
$_sql_post = ' 1=1 ';
if ($show_void_agents == 0) {
$_sql_post .= ' AND id_agente IN (SELECT a.id_agente FROM tagente a, tagente_modulo b WHERE a.id_agente=b.id_agente AND b.delete_pending=0) AND \'1\'';
@ -131,8 +149,9 @@ if (is_ajax()) {
$id_groups_get_agents = $id_group;
if ($id_group == 0 && $privilege != '') {
$groups = users_get_groups($config['id_user'], $privilege, false);
// if group ID doesn't matter and $privilege is specified (like 'AW'),
// retruns all agents that current user has $privilege privilege for.
// If group ID doesn't matter and $privilege is specified
// (like 'AW'), retruns all agents that current user has $privilege
// privilege for.
$id_groups_get_agents = array_keys($groups);
}
@ -149,13 +168,13 @@ if (is_ajax()) {
);
$agents_disabled = [];
// Add keys prefix
// Add keys prefix.
if ($keys_prefix !== '') {
foreach ($agents as $k => $v) {
$agents[$keys_prefix.$k] = $v;
unset($agents[$k]);
if ($all_agents) {
// Unserialize to get the status
// Unserialize to get the status.
if ($serialized && is_metaconsole()) {
$agent_info = explode($serialized_separator, $k);
$agent_disabled = db_get_value_filter(
@ -174,7 +193,8 @@ if (is_ajax()) {
['id_agente' => $agent_info[1]]
);
} else if (!$serialized && is_metaconsole()) {
// Cannot retrieve the disabled status. Mark all as not disabled
// Cannot retrieve the disabled status.
// Mark all as not disabled.
$agent_disabled = 0;
} else {
$agent_disabled = db_get_value_filter(
@ -226,11 +246,13 @@ if (! check_acl($config['id_user'], 0, 'PM')) {
}
$sec = defined('METACONSOLE') ? 'advanced' : 'gagente';
$url_tree = "index.php?sec=$sec&sec2=godmode/groups/group_list&tab=tree";
$url_groups = "index.php?sec=$sec&sec2=godmode/groups/group_list&tab=groups";
$url_credbox = 'index.php?sec='.$sec.'&sec2=godmode/groups/group_list&tab=credbox';
$url_tree = 'index.php?sec='.$sec.'&sec2=godmode/groups/group_list&tab=tree';
$url_groups = 'index.php?sec='.$sec.'&sec2=godmode/groups/group_list&tab=groups';
$buttons['tree'] = [
'active' => false,
'text' => "<a href='$url_tree'>".html_print_image(
'text' => '<a href="'.$url_tree.'">'.html_print_image(
'images/gm_massive_operations.png',
true,
[
@ -241,7 +263,7 @@ $buttons['tree'] = [
$buttons['groups'] = [
'active' => false,
'text' => "<a href='$url_groups'>".html_print_image(
'text' => '<a href="'.$url_groups.'">'.html_print_image(
'images/group.png',
true,
[
@ -250,21 +272,38 @@ $buttons['groups'] = [
).'</a>',
];
$buttons['credbox'] = [
'active' => false,
'text' => '<a href="'.$url_credbox.'">'.html_print_image(
'images/key.png',
true,
[
'title' => __('Credential Store'),
]
).'</a>',
];
$tab = (string) get_parameter('tab', 'groups');
// Marks correct tab
$title = __('Groups defined in %s', get_product_name());
// Marks correct tab.
switch ($tab) {
case 'tree':
$buttons['tree']['active'] = true;
break;
case 'credbox':
$buttons['credbox']['active'] = true;
$title = __('Credential store');
break;
case 'groups':
default:
$buttons['groups']['active'] = true;
break;
}
// Header
// Header.
if (defined('METACONSOLE')) {
agents_meta_print_header();
echo '<div class="notify">';
@ -272,7 +311,7 @@ if (defined('METACONSOLE')) {
echo '</div>';
} else {
ui_print_page_header(
__('Groups defined in %s', get_product_name()),
$title,
'images/group.png',
false,
'group_list_tab',
@ -281,12 +320,19 @@ if (defined('METACONSOLE')) {
);
}
// Load credential store view before parse list-tree forms.
if ($tab == 'credbox') {
include_once __DIR__.'/credential_store.php';
// Stop script.
return;
}
$create_group = (bool) get_parameter('create_group');
$update_group = (bool) get_parameter('update_group');
$delete_group = (bool) get_parameter('delete_group');
$pure = get_parameter('pure', 0);
// Create group
// Create group.
if (($create_group) && (check_acl($config['id_user'], 0, 'PM'))) {
$name = (string) get_parameter('name');
$icon = (string) get_parameter('icon');
@ -301,7 +347,7 @@ if (($create_group) && (check_acl($config['id_user'], 0, 'PM'))) {
$check = db_get_value('nombre', 'tgrupo', 'nombre', $name);
$propagate = (bool) get_parameter('propagate');
// Check if name field is empty
// Check if name field is empty.
if ($name != '') {
if (!$check) {
$values = [
@ -328,12 +374,11 @@ if (($create_group) && (check_acl($config['id_user'], 0, 'PM'))) {
ui_print_error_message(__('Each group must have a different name'));
}
} else {
// $result = false;
ui_print_error_message(__('Group must have a name'));
}
}
// Update group
// Update group.
if ($update_group) {
$id_group = (int) get_parameter('id_group');
$name = (string) get_parameter('name');
@ -349,49 +394,35 @@ if ($update_group) {
$contact = (string) get_parameter('contact');
$other = (string) get_parameter('other');
// Check if name field is empty
// Check if name field is empty.
if ($name != '') {
switch ($config['dbtype']) {
case 'mysql':
$sql = sprintf(
'UPDATE tgrupo SET nombre = "%s",
icon = "%s", disabled = %d, parent = %d, custom_id = "%s", propagate = %d, id_skin = %d, description = "%s", contact = "%s", other = "%s", password = "%s"
WHERE id_grupo = %d',
$name,
empty($icon) ? '' : substr($icon, 0, -4),
!$alerts_enabled,
$id_parent,
$custom_id,
$propagate,
$skin,
$description,
$contact,
$other,
$group_pass,
$id_group
);
break;
case 'postgresql':
case 'oracle':
$sql = sprintf(
'UPDATE tgrupo SET nombre = \'%s\',
icon = \'%s\', disabled = %d, parent = %d, custom_id = \'%s\', propagate = %d, id_skin = %d, description = \'%s\', contact = \'%s\', other = \'%s\'
WHERE id_grupo = %d',
$name,
substr($icon, 0, -4),
!$alerts_enabled,
$id_parent,
$custom_id,
$propagate,
$skin,
$description,
$contact,
$other,
$id_group
);
break;
}
$sql = sprintf(
'UPDATE tgrupo
SET nombre = "%s",
icon = "%s",
disabled = %d,
parent = %d,
custom_id = "%s",
propagate = %d,
id_skin = %d,
description = "%s",
contact = "%s",
other = "%s",
password = "%s"
WHERE id_grupo = %d',
$name,
empty($icon) ? '' : substr($icon, 0, -4),
!$alerts_enabled,
$id_parent,
$custom_id,
$propagate,
$skin,
$description,
$contact,
$other,
$group_pass,
$id_group
);
$result = db_process_sql($sql);
} else {
@ -405,7 +436,7 @@ if ($update_group) {
}
}
// Delete group
// Delete group.
if (($delete_group) && (check_acl($config['id_user'], 0, 'PM'))) {
$id_group = (int) get_parameter('id_group');
@ -445,7 +476,14 @@ if (($delete_group) && (check_acl($config['id_user'], 0, 'PM'))) {
}
}
// Credential store is loaded previously in this document to avoid
// process group tree - list forms.
if ($tab == 'tree') {
/*
* Group tree view.
*/
echo html_print_image(
'images/spinner.gif',
true,
@ -456,6 +494,10 @@ if ($tab == 'tree') {
);
echo "<div id='tree-controller-recipient'></div>";
} else {
/*
* Group list view.
*/
$acl = '';
$search_name = '';
$offset = (int) get_parameter('offset', 0);
@ -463,17 +505,22 @@ if ($tab == 'tree') {
$block_size = $config['block_size'];
if (!empty($search)) {
$search_name = "AND t.nombre LIKE '%$search%'";
$search_name = 'AND t.nombre LIKE "%'.$search.'%"';
}
if (!users_can_manage_group_all('AR')) {
$user_groups_acl = users_get_groups(false, 'AR');
$groups_acl = implode(',', $user_groups_ACL);
if (empty($groups_acl)) {
return ui_print_info_message(['no_close' => true, 'message' => __('There are no defined groups') ]);
return ui_print_info_message(
[
'no_close' => true,
'message' => __('There are no defined groups'),
]
);
}
$acl = "AND t.id_grupo IN ($groups_acl)";
$acl = 'AND t.id_grupo IN ('.$groups_acl.')';
}
$form = "<form method='post' action=''>";
@ -488,29 +535,37 @@ if ($tab == 'tree') {
echo $form;
$groups_sql = "SELECT t.*,
$groups_sql = sprintf(
'SELECT t.*,
p.nombre AS parent_name,
IF(t.parent=p.id_grupo, 1, 0) AS has_child
FROM tgrupo t
LEFT JOIN tgrupo p
FROM tgrupo t
LEFT JOIN tgrupo p
ON t.parent=p.id_grupo
WHERE 1=1
$acl
$search_name
WHERE 1=1
%s
%s
ORDER BY nombre
LIMIT $offset, $block_size
";
LIMIT %d, %d',
$acl,
$search_name,
$offset,
$block_size
);
$groups = db_get_all_rows_sql($groups_sql);
if (!empty($groups)) {
// Count all groups for pagination only saw user and filters
$groups_sql_count = "SELECT count(*)
// Count all groups for pagination only saw user and filters.
$groups_sql_count = sprintf(
'SELECT count(*)
FROM tgrupo t
WHERE 1=1
$acl
$search_name
";
%s
%s',
$acl,
$search_name
);
$groups_count = db_get_value_sql($groups_sql_count);
$table = new StdClass();
@ -545,7 +600,7 @@ if ($tab == 'tree') {
$url = 'index.php?sec=gagente&sec2=godmode/groups/configure_group&id_group='.$group['id_grupo'];
$url_delete = 'index.php?sec=gagente&sec2=godmode/groups/group_list&delete_group=1&id_group='.$group['id_grupo'];
$table->data[$key][0] = $group['id_grupo'];
$table->data[$key][1] = "<a href='$url'>".$group['nombre'].'</a>';
$table->data[$key][1] = '<a href="'.$url.'">'.$group['nombre'].'</a>';
if ($group['icon'] != '') {
$table->data[$key][2] = html_print_image(
'images/groups_small/'.$group['icon'].'.png',
@ -553,22 +608,25 @@ if ($tab == 'tree') {
[
'style' => '',
'class' => 'bot',
'alt' => $group['nombre'],
'alt' => $group['nombre'],
'title' => $group['nombre'],
false, false, false, true
]
],
false,
false,
false,
true
);
} else {
$table->data[$key][2] = '';
}
// reporting_get_group_stats
$table->data[$key][3] = $group['disabled'] ? __('Disabled') : __('Enabled');
// Reporting_get_group_stats.
$table->data[$key][3] = ($group['disabled']) ? __('Disabled') : __('Enabled');
$table->data[$key][4] = $group['parent_name'];
$table->data[$key][5] = $group['description'];
$table->cellclass[$key][6] = 'action_buttons';
$table->data[$key][6] = "<a href='$url'>".html_print_image(
$table->data[$key][6] = '<a href="'.$url.'">'.html_print_image(
'images/config.png',
true,
[

4
pandora_console/godmode/wizards/DiscoveryTaskList.class.php
View File

@ -699,7 +699,7 @@ class DiscoveryTaskList extends Wizard
if ($script !== false) {
switch ($script['type']) {
case DISCOVERY_SCRIPT_CLOUD_AWS:
return 'wiz=cloud&mode=amazonws&page=1';
return 'wiz=cloud&mode=amazonws&ki='.$task['auth_strings'].'&page=1';
case DISCOVERY_SCRIPT_APP_VMWARE:
return 'wiz=app&mode=vmware&page=0';
@ -722,7 +722,7 @@ class DiscoveryTaskList extends Wizard
case DISCOVERY_CLOUD_AWS:
case DISCOVERY_CLOUD_AWS_EC2:
return 'wiz=cloud&mode=amazonws&page=1';
return 'wiz=cloud&mode=amazonws&ki='.$task['auth_strings'].'&page=1';
case DISCOVERY_CLOUD_AWS_RDS:
return 'wiz=cloud&mode=amazonws&sub=rds&page=0';

2
pandora_console/godmode/wizards/Wizard.main.php
View File

@ -1048,7 +1048,7 @@ class Wizard
*/
public static function printBigButtonsList($list_data)
{
echo '<ul>';
echo '<ul class="bigbuttonlist">';
array_map('self::printBigButtonElement', $list_data);
echo '</ul>';
}

439
pandora_console/include/functions_credential_store.php Normal file
View File

@ -0,0 +1,439 @@
<?php
/**
* Credentials management auxiliary functions.
*
* @category Credentials management library.
* @package Pandora FMS
* @subpackage Opensource
* @version 1.0.0
* @license See below
*
* ______ ___ _______ _______ ________
* | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
* |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
*
* ============================================================================
* Copyright (c) 2005-2019 Artica Soluciones Tecnologicas
* Please see http://pandorafms.org for full contribution list
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation for version 2.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* ============================================================================
*/
// Begin.
/**
* Returns an array with all the credentials matching filter and ACL.
*
* @param array $fields Fields array or 'count' keyword to retrieve count.
* @param array $filter Filters to be applied.
* @param integer $offset Offset (pagination).
* @param integer $limit Limit (pagination).
* @param string $order Sort order.
* @param string $sort_field Sort field.
*
* @return array With all results or false if error.
* @throws Exception On error.
*/
function credentials_get_all(
$fields,
array $filter,
$offset=null,
$limit=null,
$order=null,
$sort_field=null
) {
$sql_filters = [];
$order_by = '';
$pagination = '';
global $config;
$user_is_admin = users_is_admin();
if (!is_array($filter)) {
error_log('[credential_get_all] Filter must be an array.');
throw new Exception('[credential_get_all] Filter must be an array.');
}
$count = false;
if (!is_array($fields) && $fields == 'count') {
$fields = ['cs.*'];
$count = true;
} else if (!is_array($fields)) {
error_log('[credential_get_all] Fields must be an array or "count".');
throw new Exception('[credential_get_all] Fields must be an array or "count".');
}
if (isset($filter['free_search']) && !empty($filter['free_search'])) {
$sql_filters[] = vsprintf(
' AND (lower(cs.username) like lower("%%%s%%")
OR cs.identifier like "%%%s%%"
OR lower(cs.product) like lower("%%%s%%"))',
array_fill(0, 3, $filter['free_search'])
);
}
if (isset($filter['filter_id_group']) && $filter['filter_id_group'] > 0) {
$propagate = db_get_value(
'propagate',
'tgrupo',
'id_grupo',
$filter['filter_id_group']
);
if (!$propagate) {
$sql_filters[] = sprintf(
' AND cs.id_group = %d ',
$filter['filter_id_group']
);
} else {
$groups = [ $filter['filter_id_group'] ];
$childrens = groups_get_childrens($id_group, null, true);
if (!empty($childrens)) {
foreach ($childrens as $child) {
$groups[] = (int) $child['id_grupo'];
}
}
$filter['filter_id_group'] = $groups;
$sql_filters[] = sprintf(
' AND cs.id_group IN (%s) ',
join(',', $filter['filter_id_group'])
);
}
}
if (isset($filter['group_list']) && is_array($filter['group_list'])) {
$sql_filters[] = sprintf(
' AND cs.id_group IN (%s) ',
join(',', $filter['group_list'])
);
}
if (isset($order)) {
$dir = 'asc';
if ($order == 'desc') {
$dir = 'desc';
};
if (in_array(
$sort_field,
[
'group',
'identifier',
'product',
'username',
'options',
]
)
) {
$order_by = sprintf(
'ORDER BY `%s` %s',
$sort_field,
$dir
);
}
}
if (isset($limit) && $limit > 0
&& isset($offset) && $offset >= 0
) {
$pagination = sprintf(
' LIMIT %d OFFSET %d ',
$limit,
$offset
);
}
$sql = sprintf(
'SELECT %s
FROM tcredential_store cs
LEFT JOIN tgrupo tg
ON tg.id_grupo = cs.id_group
WHERE 1=1
%s
%s
%s',
join(',', $fields),
join(',', $sql_filters),
$order_by,
$pagination
);
if ($count) {
$sql = sprintf('SELECT count(*) as n FROM ( %s ) tt', $sql);
return db_get_value_sql($sql);
}
return db_get_all_rows_sql($sql);
}
/**
* Retrieves target key from keystore or false in case of error.
*
* @param string $identifier Key identifier.
*
* @return array Key or false if error.
*/
function get_key($identifier)
{
return db_get_row_filter(
'tcredential_store',
[ 'identifier' => $identifier ]
);
}
/**
* Minor function to dump json message as ajax response.
*
* @param string $type Type: result || error.
* @param string $msg Message.
* @param boolean $delete Deletion messages.
*
* @return void
*/
function ajax_msg($type, $msg, $delete=false)
{
$msg_err = 'Failed while saving: %s';
$msg_ok = 'Successfully saved into keystore ';
if ($delete) {
$msg_err = 'Failed while removing: %s';
$msg_ok = 'Successfully deleted ';
}
if ($type == 'error') {
echo json_encode(
[
$type => ui_print_error_message(
__(
$msg_err,
$msg
),
'',
true
),
]
);
} else {
echo json_encode(
[
$type => ui_print_success_message(
__(
$msg_ok,
$msg
),
'',
true
),
]
);
}
exit;
}
/**
* Generates inputs for new/update forms.
*
* @param array $values Values or null.
*
* @return string Inputs.
*/
function print_inputs($values=null)
{
if (!is_array($values)) {
$values = [];
}
$return = '';
$return .= html_print_input(
[
'label' => __('Identifier'),
'name' => 'identifier',
'input_class' => 'flex-row',
'type' => 'text',
'value' => $values['identifier'],
'disabled' => (bool) $values['identifier'],
'return' => true,
'script' => 'alert(\'puta\')',
]
);
$return .= html_print_input(
[
'label' => __('Group'),
'name' => 'id_group',
'id' => 'id_group',
'input_class' => 'flex-row',
'type' => 'select_groups',
'selected' => $values['id_group'],
'return' => true,
'class' => 'w50p',
]
);
$return .= html_print_input(
[
'label' => __('Product'),
'name' => 'product',
'input_class' => 'flex-row',
'type' => 'select',
'script' => 'calculate_inputs()',
'fields' => [
// 'CUSTOM' => __('Custom'),
'AWS' => __('Aws'),
// 'AZURE' => __('Azure'),
// 'GOOGLE' => __('Google'),
],
'selected' => $values['product'],
'disabled' => (bool) $values['product'],
'return' => true,
]
);
$user_label = __('Username');
$pass_label = __('Password');
$extra_1_label = __('Extra');
$extra_2_label = __('Extra (2)');
$extra1 = true;
$extra2 = true;
// Remember to update credential_store.php also.
switch ($values['product']) {
case 'AWS':
$user_label = __('Access key ID');
$pass_label = __('Secret access key');
$extra1 = false;
$extra2 = false;
break;
case 'AZURE':
$user_label = __('Account ID');
$pass_label = __('Password');
$extra_1_label = __('Tenant or domain name');
$extra_2_label = __('Subscription id');
break;
case 'GOOGLE':
// Need further investigation.
case 'CUSTOM':
default:
// Use defaults.
break;
}
$return .= html_print_input(
[
'label' => $user_label,
'name' => 'username',
'input_class' => 'flex-row',
'type' => 'text',
'value' => $values['username'],
'return' => true,
]
);
$return .= html_print_input(
[
'label' => $pass_label,
'name' => 'password',
'input_class' => 'flex-row',
'type' => 'password',
'value' => $values['password'],
'return' => true,
]
);
if ($extra1) {
$return .= html_print_input(
[
'label' => $extra_1_label,
'name' => 'extra_1',
'input_class' => 'flex-row',
'type' => 'password',
'value' => $values['extra_1'],
'return' => true,
]
);
}
if ($extra2) {
$return .= html_print_input(
[
'label' => $extra_2_label,
'name' => 'extra_2',
'input_class' => 'flex-row',
'type' => 'password',
'value' => $values['extra_2'],
'return' => true,
'display' => $extra2,
]
);
}
return $return;
}
/**
* Retrieve all identifiers available for current user.
*
* @param string $product Target product.
*
* @return array Of account identifiers.
*/
function credentials_list_accounts($product)
{
global $config;
check_login();
include_once $config['homedir'].'/include/functions_users.php';
static $user_groups;
if (!isset($user_groups)) {
$user_groups = users_get_groups(
$config['id_user'],
'AR'
);
// Always add group 'ALL' because 'ALL' group credentials
// must be available for all users.
if (is_array($user_groups)) {
$user_groups = ([0] + array_keys($user_groups));
} else {
$user_groups = [0];
}
}
$creds = credentials_get_all(
['identifier'],
[
'product' => $product,
'group_list' => $user_groups,
]
);
if ($creds === false) {
return [];
}
$ret = array_reduce(
$creds,
function ($carry, $item) {
$carry[$item['identifier']] = $item['identifier'];
return $carry;
}
);
return $ret;
}

287
pandora_console/include/functions_html.php
View File

@ -3066,3 +3066,290 @@ function html_print_link_with_params($text, $params=[], $type='text', $style='')
return $html;
}
/**
* Print input using functions html lib.
*
* @param array $data Input definition.
*
* @return string HTML code for desired input.
*/
function html_print_input($data)
{
if (is_array($data) === false) {
return '';
}
$output = '';
if ($data['label']) {
$output = '<div id="div-'.$data['name'].'" ';
$output .= ' class="'.$data['input_class'].'">';
$output .= '<label class="'.$data['label_class'].'">';
$output .= $data['label'];
$output .= '</label>';
if (!$data['return']) {
echo $output;
}
}
switch ($data['type']) {
case 'text':
$output .= html_print_input_text(
$data['name'],
$data['value'],
((isset($data['alt']) === true) ? $data['alt'] : ''),
((isset($data['size']) === true) ? $data['size'] : 50),
((isset($data['maxlength']) === true) ? $data['maxlength'] : 255),
((isset($data['return']) === true) ? $data['return'] : true),
((isset($data['disabled']) === true) ? $data['disabled'] : false),
((isset($data['required']) === true) ? $data['required'] : false),
((isset($data['function']) === true) ? $data['function'] : ''),
((isset($data['class']) === true) ? $data['class'] : ''),
((isset($data['onChange']) === true) ? $data['onChange'] : ''),
((isset($data['autocomplete']) === true) ? $data['autocomplete'] : '')
);
break;
case 'image':
$output .= html_print_input_image(
$data['name'],
$data['src'],
$data['value'],
((isset($data['style']) === true) ? $data['style'] : ''),
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['options']) === true) ? $data['options'] : false)
);
break;
case 'text_extended':
$output .= html_print_input_text_extended(
$data['name'],
$data['value'],
$data['id'],
$data['alt'],
$data['size'],
$data['maxlength'],
$data['disabled'],
$data['script'],
$data['attributes'],
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['password']) === true) ? $data['password'] : false),
((isset($data['function']) === true) ? $data['function'] : '')
);
break;
case 'password':
$output .= html_print_input_password(
$data['name'],
$data['value'],
((isset($data['alt']) === true) ? $data['alt'] : ''),
((isset($data['size']) === true) ? $data['size'] : 50),
((isset($data['maxlength']) === true) ? $data['maxlength'] : 255),
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['disabled']) === true) ? $data['disabled'] : false),
((isset($data['required']) === true) ? $data['required'] : false),
((isset($data['class']) === true) ? $data['class'] : '')
);
break;
case 'text':
$output .= html_print_input_text(
$data['name'],
$data['value'],
((isset($data['alt']) === true) ? $data['alt'] : ''),
((isset($data['size']) === true) ? $data['size'] : 50),
((isset($data['maxlength']) === true) ? $data['maxlength'] : 255),
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['disabled']) === true) ? $data['disabled'] : false),
((isset($data['required']) === true) ? $data['required'] : false),
((isset($data['function']) === true) ? $data['function'] : ''),
((isset($data['class']) === true) ? $data['class'] : ''),
((isset($data['onChange']) === true) ? $data['onChange'] : ''),
((isset($data['autocomplete']) === true) ? $data['autocomplete'] : '')
);
break;
case 'image':
$output .= html_print_input_image(
$data['name'],
$data['src'],
$data['value'],
((isset($data['style']) === true) ? $data['style'] : ''),
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['options']) === true) ? $data['options'] : false)
);
break;
case 'hidden':
$output .= html_print_input_hidden(
$data['name'],
$data['value'],
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['class']) === true) ? $data['class'] : false)
);
break;
case 'hidden_extended':
$output .= html_print_input_hidden_extended(
$data['name'],
$data['value'],
$data['id'],
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['class']) === true) ? $data['class'] : false)
);
break;
case 'color':
$output .= html_print_input_color(
$data['name'],
$data['value'],
((isset($data['class']) === true) ? $data['class'] : false),
((isset($data['return']) === true) ? $data['return'] : false)
);
break;
case 'file':
$output .= html_print_input_file(
$data['name'],
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['options']) === true) ? $data['options'] : false)
);
break;
case 'select':
$output .= html_print_select(
$data['fields'],
$data['name'],
((isset($data['selected']) === true) ? $data['selected'] : ''),
((isset($data['script']) === true) ? $data['script'] : ''),
((isset($data['nothing']) === true) ? $data['nothing'] : ''),
((isset($data['nothing_value']) === true) ? $data['nothing_value'] : 0),
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['multiple']) === true) ? $data['multiple'] : false),
((isset($data['sort']) === true) ? $data['sort'] : true),
((isset($data['class']) === true) ? $data['class'] : ''),
((isset($data['disabled']) === true) ? $data['disabled'] : false),
((isset($data['style']) === true) ? $data['style'] : false),
((isset($data['option_style']) === true) ? $data['option_style'] : false),
((isset($data['size']) === true) ? $data['size'] : false),
((isset($data['modal']) === true) ? $data['modal'] : false),
((isset($data['message']) === true) ? $data['message'] : ''),
((isset($data['select_all']) === true) ? $data['select_all'] : false)
);
break;
case 'select_from_sql':
$output .= html_print_select_from_sql(
$data['sql'],
$data['name'],
((isset($data['selected']) === true) ? $data['selected'] : ''),
((isset($data['script']) === true) ? $data['script'] : ''),
((isset($data['nothing']) === true) ? $data['nothing'] : ''),
((isset($data['nothing_value']) === true) ? $data['nothing_value'] : '0'),
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['multiple']) === true) ? $data['multiple'] : false),
((isset($data['sort']) === true) ? $data['sort'] : true),
((isset($data['disabled']) === true) ? $data['disabled'] : false),
((isset($data['style']) === true) ? $data['style'] : false),
((isset($data['size']) === true) ? $data['size'] : false),
((isset($data['trucate_size']) === true) ? $data['trucate_size'] : GENERIC_SIZE_TEXT)
);
break;
case 'select_groups':
$output .= html_print_select_groups(
((isset($data['id_user']) === true) ? $data['id_user'] : false),
((isset($data['privilege']) === true) ? $data['privilege'] : 'AR'),
((isset($data['returnAllGroup']) === true) ? $data['returnAllGroup'] : true),
$data['name'],
((isset($data['selected']) === true) ? $data['selected'] : ''),
((isset($data['script']) === true) ? $data['script'] : ''),
((isset($data['nothing']) === true) ? $data['nothing'] : ''),
((isset($data['nothing_value']) === true) ? $data['nothing_value'] : 0),
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['multiple']) === true) ? $data['multiple'] : false),
((isset($data['sort']) === true) ? $data['sort'] : true),
((isset($data['class']) === true) ? $data['class'] : ''),
((isset($data['disabled']) === true) ? $data['disabled'] : false),
((isset($data['style']) === true) ? $data['style'] : false),
((isset($data['option_style']) === true) ? $data['option_style'] : false),
((isset($data['id_group']) === true) ? $data['id_group'] : false),
((isset($data['keys_field']) === true) ? $data['keys_field'] : 'id_grupo'),
((isset($data['strict_user']) === true) ? $data['strict_user'] : false),
((isset($data['delete_groups']) === true) ? $data['delete_groups'] : false),
((isset($data['include_groups']) === true) ? $data['include_groups'] : false),
((isset($data['size']) === true) ? $data['size'] : false),
((isset($data['simple_multiple_options']) === true) ? $data['simple_multiple_options'] : false)
);
break;
case 'submit':
$output .= '<div class="action-buttons" style="width: 100%">'.html_print_submit_button(
((isset($data['label']) === true) ? $data['label'] : 'OK'),
((isset($data['name']) === true) ? $data['name'] : ''),
((isset($data['disabled']) === true) ? $data['disabled'] : false),
((isset($data['attributes']) === true) ? $data['attributes'] : ''),
((isset($data['return']) === true) ? $data['return'] : false)
).'</div>';
break;
case 'checkbox':
$output .= html_print_checkbox(
$data['name'],
$data['value'],
((isset($data['checked']) === true) ? $data['checked'] : false),
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['disabled']) === true) ? $data['disabled'] : false),
((isset($data['script']) === true) ? $data['script'] : ''),
((isset($data['disabled_hidden']) === true) ? $data['disabled_hidden'] : false)
);
break;
case 'switch':
$output .= html_print_switch($data);
break;
case 'interval':
$output .= html_print_extended_select_for_time(
$data['name'],
$data['value'],
((isset($data['script']) === true) ? $data['script'] : ''),
((isset($data['nothing']) === true) ? $data['nothing'] : ''),
((isset($data['nothing_value']) === true) ? $data['nothing_value'] : 0),
((isset($data['size']) === true) ? $data['size'] : false),
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['style']) === true) ? $data['selected'] : false),
((isset($data['unique']) === true) ? $data['unique'] : false)
);
break;
case 'textarea':
$output .= html_print_textarea(
$data['name'],
$data['rows'],
$data['columns'],
((isset($data['value']) === true) ? $data['value'] : ''),
((isset($data['attributes']) === true) ? $data['attributes'] : ''),
((isset($data['return']) === true) ? $data['return'] : false),
((isset($data['class']) === true) ? $data['class'] : '')
);
default:
// Ignore.
break;
}
if ($data['label']) {
$output .= '</div>';
if (!$data['return']) {
echo '</div>';
}
}
return $output;
}

36
pandora_console/include/functions_ui.php
View File

@ -2913,8 +2913,10 @@ function ui_print_datatable(array $parameters)
if (isset($parameters['id'])) {
$table_id = $parameters['id'];
$form_id = 'form_'.$parameters['id'];
} else {
$table_id = uniqid('datatable_');
$form_id = uniqid('datatable_filter_');
}
if (!isset($parameters['columns']) || !is_array($parameters['columns'])) {
@ -3001,8 +3003,6 @@ function ui_print_datatable(array $parameters)
if (isset($parameters['form']) && is_array($parameters['form'])) {
if (isset($parameters['form']['id'])) {
$form_id = $parameters['form']['id'];
} else {
$form_id = uniqid('datatable_filter_');
}
if (isset($parameters['form']['class'])) {
@ -3032,27 +3032,35 @@ function ui_print_datatable(array $parameters)
$filter .= $parameters['form']['html'];
}
$filter .= '<ul class="content">';
$filter .= '<ul class="datatable_filter content">';
foreach ($parameters['form']['inputs'] as $input) {
$filter .= '<li>';
$filter .= '<label>'.$input['label'].'</label>';
if ($input['type'] != 'select') {
$filter .= '<input type="'.$input['type'].'" ';
$filter .= ' style="'.$input['style'].'" ';
$filter .= ' class="'.$input['class'].'" ';
$filter .= ' value="'.$input['value'].'" ';
$filter .= ' name="'.$input['name'].'" id="'.$input['id'].'" />';
} else {
// Select.
$filter .= '<select name="'.$input['name'].'" ';
$filter .= '<select class="'.$input['class'].'"';
$filter .= ' style="'.$input['style'].'" ';
$filter .= ' name="'.$input['name'].'" ';
$filter .= 'id="'.$input['id'].'">';
foreach ($input['options'] as $opt => $selected) {
$filter .= '<option value="'.$opt['value'].'"';
if ($selected) {
$filter .= ' selected="yes" >';
}
foreach ($input['options'] as $key => $opt) {
if (is_array($opt)) {
$filter .= '<option value="'.$opt['value'].'"';
if ($opt['selected']) {
$filter .= ' selected="yes" >';
}
$filter .= __($opt['text']).'</option>';
$filter .= __($opt['text']).'</option>';
} else {
$filter .= '<option value="'.$key.'">'.$opt.'</option>';
}
}
$filter .= '</select>';
@ -3080,7 +3088,7 @@ function ui_print_datatable(array $parameters)
$filter .= '</li>';
$filter .= '</ul></form>';
$filter .= '</ul><div style="clear:both"></div></form>';
$filter = ui_toggle(
$filter,
__('Filter'),
@ -3226,8 +3234,10 @@ function ui_print_datatable(array $parameters)
$.extend(data, {
filter: values,'."\n";
foreach ($parameters['ajax_data'] as $k => $v) {
$js .= $k.':'.json_encode($v).",\n";
if (is_array($parameters['ajax_data'])) {
foreach ($parameters['ajax_data'] as $k => $v) {
$js .= $k.':'.json_encode($v).",\n";
}
}
$js .= 'page: "'.$parameters['ajax_url'].'"

12
pandora_console/include/styles/credential_store.css Normal file
View File

@ -0,0 +1,12 @@
#info_key .flex-row,
#new_key .flex-row {
margin: 1em auto;
max-width: 80%;
}
#info_key input,
#info_key select,
#new_key input,
#new_key select {
width: 60%;
}

9
pandora_console/include/styles/discovery.css
View File

@ -2,6 +2,10 @@
* Discovery css global
*/
ul.bigbuttonlist {
min-height: 200px;
}
li.discovery {
display: inline-block;
float: left;
@ -261,3 +265,8 @@ a.tip {
.discovery_interval_select_width {
width: 90%;
}
a.ext_link {
margin-left: 1em;
font-size: 8pt;
}

6
pandora_console/include/styles/events.css
View File

@ -96,14 +96,12 @@ table.dataTable tbody td {
}
.sorting_desc {
background: url(http://localhost/pandora_console/images/sort_down_green.png)
no-repeat;
background: url(../../images/sort_down_green.png) no-repeat;
background-position-x: left;
background-position-y: center;
}
.sorting_asc {
background: url(http://localhost/pandora_console/images/sort_up_green.png)
no-repeat;
background: url(../../images/sort_up_green.png) no-repeat;
background-position-x: left;
background-position-y: center;
}

4
pandora_console/include/styles/firts_task.css
View File

@ -78,3 +78,7 @@ div.new_task_cluster > div {
#fuerte {
font-size: 12px;
}
.flex-row-baseline * {
margin-right: 1em;
}

13
pandora_console/include/styles/pandora.css
View File

@ -502,6 +502,13 @@ select:-internal-list-box {
.no-text-imp {
font-size: 0 !important;
}
.flex-content-right {
display: flex;
flex-direction: row;
flex-wrap: nowrap;
justify-content: flex-end;
align-content: flex-end;
}
.flex-column {
display: flex;
flex-direction: column;
@ -517,6 +524,12 @@ select:-internal-list-box {
justify-content: space-between;
align-content: center;
}
.flex-row-baseline {
display: flex;
flex-direction: row;
flex-wrap: wrap;
align-items: baseline;
}
.nowrap {
flex-wrap: nowrap;

28
pandora_console/include/styles/tables.css
View File

@ -312,3 +312,31 @@ a.pandora_pagination.current:hover {
border-color: #b6b6b6;
cursor: default;
}
/* Default datatable filter style */
.datatable_filter.content {
display: flex;
flex-direction: row;
flex-wrap: wrap;
align-items: center;
justify-content: space-between;
}
.datatable_filter.content label {
margin-right: 1em;
}
.datatable_filter.content li {
flex: 1 1 auto;
margin: 1em auto;
}
.sorting_desc {
background: url(../../images/sort_down_green.png) no-repeat;
background-position-x: left;
background-position-y: center;
cursor: pointer;
}
.sorting_asc {
background: url(../../images/sort_up_green.png) no-repeat;
background-position-x: left;
background-position-y: center;
cursor: pointer;
}

14
pandora_console/pandoradb.sql
View File

@ -693,6 +693,20 @@ CREATE TABLE IF NOT EXISTS `tgrupo` (
KEY `parent_index` (`parent`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ---------------------------------------------------------------------
-- Table `tcredential_store`
-- ---------------------------------------------------------------------
CREATE TABLE IF NOT EXISTS `tcredential_store` (
`identifier` varchar(100) NOT NULL,
`id_group` mediumint(4) unsigned NOT NULL DEFAULT 0,
`product` enum('CUSTOM', 'AWS', 'AZURE', 'GOOGLE') default 'CUSTOM',
`username` text,
`password` text,
`extra_1` text,
`extra_2` text,
PRIMARY KEY (`identifier`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ---------------------------------------------------------------------
-- Table `tincidencia`
-- ---------------------------------------------------------------------

14
pandora_server/lib/PandoraFMS/Core.pm
View File

@ -185,6 +185,7 @@ our @EXPORT = qw(
pandora_exec_forced_alerts
pandora_generate_alerts
pandora_get_config_value
pandora_get_credential
pandora_get_module_tags
pandora_get_module_url_tags
pandora_get_module_phone_tags
@ -3122,6 +3123,19 @@ sub pandora_get_config_value ($$) {
return (defined ($config_value) ? $config_value : "");
}
##########################################################################
## Get credential from credential store
##########################################################################
sub pandora_get_credential ($$) {
my ($dbh, $identifier) = @_;
my $key = get_db_single_row($dbh, 'SELECT * FROM tcredential_store WHERE identifier = ?', $identifier);
return $key;
}
##########################################################################
=head2 C<< pandora_create_module_tags (I<$pa_config>, I<$dbh>, I<$id_agent_module>, I<$serialized_tags>) >>

76
pandora_server/lib/PandoraFMS/DiscoveryServer.pm
View File

@ -113,10 +113,6 @@ sub run ($) {
print_message ($pa_config, " [*] Starting " . $pa_config->{'rb_product_name'} . " Discovery Server.", 1);
my $threads = $pa_config->{'recon_threads'};
# Prepare some environmental variables.
$ENV{'AWS_ACCESS_KEY_ID'} = pandora_get_config_value($dbh, 'aws_access_key_id');
$ENV{'AWS_SECRET_ACCESS_KEY'} = pandora_get_config_value($dbh, 'aws_secret_access_key');
# Use hightest value
if ($pa_config->{'discovery_threads'} > $pa_config->{'recon_threads'}) {
$threads = $pa_config->{'discovery_threads'};
@ -202,42 +198,46 @@ sub data_consumer ($$) {
my %cnf_extra;
if ($task->{'type'} == DISCOVERY_CLOUD_AWS_EC2
|| $task->{'type'} == DISCOVERY_CLOUD_AWS_RDS) {
$cnf_extra{'aws_access_key_id'} = pandora_get_config_value($dbh, 'aws_access_key_id');
$cnf_extra{'aws_secret_access_key'} = pandora_get_config_value($dbh, 'aws_secret_access_key');
# auth_strings stores the crential identifier to be used.
my $key = pandora_get_credential($dbh, $task->{'auth_strings'});
if (ref($key) eq "HASH") {
$cnf_extra{'aws_access_key_id'} = $key->{'username'};
$cnf_extra{'aws_secret_access_key'} = $key->{'password'};
} else {
# Invalid credential.
return;
}
$cnf_extra{'cloud_util_path'} = pandora_get_config_value($dbh, 'cloud_util_path');
if (!defined($ENV{'AWS_ACCESS_KEY_ID'}) || !defined($ENV{'AWS_SECRET_ACCESS_KEY'})
|| $cnf_extra{'aws_secret_access_key'} ne $ENV{'AWS_ACCESS_KEY_ID'}
|| $cnf_extra{'cloud_util_path'} ne $ENV{'AWS_SECRET_ACCESS_KEY'}) {
# Environmental data is out of date. Create a tmp file to manage
# credentials. Perl limitation. We cannot update ENV here.
$cnf_extra{'creds_file'} = $pa_config->{'temporal'} . '/tmp_discovery.' . md5($task->{'id_rt'} . $task->{'name'} . time());
eval {
open(my $__file_cfg, '> '. $cnf_extra{'creds_file'}) or die($!);
print $__file_cfg $cnf_extra{'aws_access_key_id'} . "\n";
print $__file_cfg $cnf_extra{'aws_secret_access_key'} . "\n";
close($__file_cfg);
set_file_permissions(
$pa_config,
$cnf_extra{'creds_file'},
"0600"
);
};
if ($@) {
logger(
$pa_config,
'Cannot instantiate configuration file for task: ' . safe_output($task->{'name'}),
5
);
# A server restart will override ENV definition (see run)
logger(
$pa_config,
'Cannot execute Discovery task: ' . safe_output($task->{'name'}) . '. Please restart the server.',
1
);
# Skip this task.
return;
}
# Pass credentials by file due Perl limitations. We cannot update ENV here.
$cnf_extra{'creds_file'} = $pa_config->{'temporal'} . '/tmp_discovery.' . md5($task->{'id_rt'} . $task->{'name'} . time());
eval {
open(my $__file_cfg, '> '. $cnf_extra{'creds_file'}) or die($!);
print $__file_cfg $cnf_extra{'aws_access_key_id'} . "\n";
print $__file_cfg $cnf_extra{'aws_secret_access_key'} . "\n";
close($__file_cfg);
set_file_permissions(
$pa_config,
$cnf_extra{'creds_file'},
"0600"
);
};
if ($@) {
logger(
$pa_config,
'Cannot instantiate configuration file for task: ' . safe_output($task->{'name'}),
5
);
# A server restart will override ENV definition (see run)
logger(
$pa_config,
'Cannot execute Discovery task: ' . safe_output($task->{'name'}) . '. Please restart the server.',
1
);
# Skip this task.
return;
}
}