tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 16:24:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ent 4615 implementar cifrado en los contenedores de credenciales usando el sistema de cifrado interno de pandora

Browse Source
This commit is contained in:
fbsanchez 2019-09-24 11:25:53 +02:00 committed by Daniel Rodriguez
parent 1d58e25a88
commit 7d52614064
10 changed files with 1321 additions and 1010 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

604
pandora_console/godmode/groups/credential_store.php
View File

@ -29,599 +29,43 @@
// Begin. // Begin.
global $config; global $config;
// Check access. require_once $config['homedir'].'/include/class/CredentialStore.class.php';
check_login();
if (! check_acl($config['id_user'], 0, 'PM')) { $ajaxPage = 'godmode/groups/credential_store';
db_pandora_audit(
'ACL Violation',
'Trying to access event viewer'
);
// Control call flow.
try {
// User access and validation is being processed on class constructor.
$cs = new CredentialStore($ajaxPage);
} catch (Exception $e) {
if (is_ajax()) { if (is_ajax()) {
return ['error' => 'noaccess']; echo json_encode(['error' => '[CredentialStore]'.$e->getMessage() ]);
exit;
} else {
echo '[CredentialStore]'.$e->getMessage();
} }
include 'general/noaccess.php'; // Stop this execution, but continue 'globally'.
return; return;
} }
// Required files. // AJAX controller.
ui_require_css_file('credential_store');
require_once $config['homedir'].'/include/functions_credential_store.php';
require_once $config['homedir'].'/include/functions_io.php';
if (is_ajax()) { if (is_ajax()) {
$draw = get_parameter('draw', 0); $method = get_parameter('method');
$filter = get_parameter('filter', []);
$get_key = get_parameter('get_key', 0);
$new_form = get_parameter('new_form', 0);
$new_key = get_parameter('new_key', 0);
$update_key = get_parameter('update_key', 0);
$delete_key = get_parameter('delete_key', 0);
if ($new_form) { if (method_exists($cs, $method) === true) {
echo print_inputs(); if ($cs->ajaxMethod($method) === true) {
exit; $cs->{$method}();
}
if ($delete_key) {
$identifier = get_parameter('identifier', null);
if (empty($identifier)) {
ajax_msg('error', __('identifier cannot be empty'));
}
if (db_process_sql_delete(
'tcredential_store',
['identifier' => $identifier]
) === false
) {
ajax_msg('error', $config['dbconnection']->error, true);
} else { } else {
ajax_msg('result', $identifier, true); $cs->error('Unavailable method.');
} }
} else {
$cs->error('Method not found. ['.$method.']');
} }
if ($update_key) { // Stop any execution.
$data = get_parameter('values', null);
if ($data === null || !is_array($data)) {
echo json_encode(['error' => __('Invalid parameters, please retry')]);
exit;
}
$values = [];
foreach ($data as $key => $value) {
if ($key == 'identifier') {
$identifier = base64_decode($value);
} else if ($key == 'product') {
$product = base64_decode($value);
} else {
$values[$key] = base64_decode($value);
}
}
if (empty($identifier)) {
ajax_msg('error', __('identifier cannot be empty'));
}
if (empty($product)) {
ajax_msg('error', __('product cannot be empty'));
}
if (db_process_sql_update(
'tcredential_store',
$values,
['identifier' => $identifier]
) === false
) {
ajax_msg('error', $config['dbconnection']->error);
} else {
ajax_msg('result', $identifier);
}
exit;
}
if ($new_key) {
$data = get_parameter('values', null);
if ($data === null || !is_array($data)) {
echo json_encode(['error' => __('Invalid parameters, please retry')]);
exit;
}
$values = [];
foreach ($data as $key => $value) {
$values[$key] = base64_decode($value);
if ($key == 'identifier') {
$values[$key] = preg_replace('/\s+/', '-', trim($values[$key]));
}
}
$identifier = $values['identifier'];
if (empty($identifier)) {
ajax_msg('error', __('identifier cannot be empty'));
}
if (empty($values['product'])) {
ajax_msg('error', __('product cannot be empty'));
}
if (db_process_sql_insert('tcredential_store', $values) === false) {
ajax_msg('error', $config['dbconnection']->error);
} else {
ajax_msg('result', $identifier);
}
exit;
}
if ($get_key) {
$identifier = get_parameter('identifier', null);
$key = get_key($identifier);
echo print_inputs($key);
exit;
}
if ($draw) {
// Datatables offset, limit and order.
$start = get_parameter('start', 0);
$length = get_parameter('length', $config['block_size']);
$order = get_datatable_order(true);
try {
ob_start();
$fields = [
'cs.*',
'tg.nombre as `group`',
];
// Retrieve data.
$data = credentials_get_all(
// Fields.
$fields,
// Filter.
$filter,
// Offset.
$start,
// Limit.
$length,
// Order.
$order['direction'],
// Sort field.
$order['field']
);
// Retrieve counter.
$count = credentials_get_all(
'count',
$filter
);
if ($data) {
$data = array_reduce(
$data,
function ($carry, $item) {
// Transforms array of arrays $data into an array
// of objects, making a post-process of certain fields.
$tmp = (object) $item;
$tmp->username = io_safe_output($tmp->username);
if (empty($tmp->group)) {
$tmp->group = __('All');
} else {
$tmp->group = io_safe_output($tmp->group);
}
$carry[] = $tmp;
return $carry;
}
);
}
// Datatables format: RecordsTotal && recordsfiltered.
echo json_encode(
[
'data' => $data,
'recordsTotal' => $count,
'recordsFiltered' => $count,
]
);
// Capture output.
$response = ob_get_clean();
} catch (Exception $e) {
return json_encode(['error' => $e->getMessage()]);
}
// If not valid, show error with issue.
json_decode($response);
if (json_last_error() == JSON_ERROR_NONE) {
// If valid dump.
echo $response;
} else {
echo json_encode(
['error' => $response]
);
}
exit;
}
exit; exit;
} else {
// Run.
$cs->run();
} }
// Datatables list.
try {
$columns = [
'group',
'identifier',
'product',
'username',
'options',
];
$column_names = [
__('Group'),
__('Identifier'),
__('Product'),
__('User'),
[
'text' => __('Options'),
'class' => 'action_buttons',
],
];
$table_id = 'keystore';
// Load datatables user interface.
ui_print_datatable(
[
'id' => $table_id,
'class' => 'info_table',
'style' => 'width: 100%',
'columns' => $columns,
'column_names' => $column_names,
'ajax_url' => 'godmode/groups/credential_store',
'ajax_postprocess' => 'process_datatables_item(item)',
'no_sortable_columns' => [-1],
'order' => [
'field' => 'identifier',
'direction' => 'asc',
],
'search_button_class' => 'sub filter float-right',
'form' => [
'inputs' => [
[
'label' => __('Group'),
'type' => 'select',
'id' => 'filter_id_group',
'name' => 'filter_id_group',
'options' => users_get_groups_for_select(
$config['id_user'],
'AR',
true,
true,
false
),
],
[
'label' => __('Free search'),
'type' => 'text',
'class' => 'mw250px',
'id' => 'free_search',
'name' => 'free_search',
],
],
],
]
);
} catch (Exception $e) {
echo $e->getMessage();
}
// Auxiliar div.
$new = '<div id="new_key" style="display: none"><form id="form_new">';
$new .= '</form></div>';
$details = '<div id="info_key" style="display: none"><form id="form_update">';
$details .= '</form></div>';
$aux = '<div id="aux" style="display: none"></div>';
echo $new.$details.$aux;
// Create button.
echo '<div class="w100p flex-content-right">';
html_print_submit_button(
__('Add key'),
'create',
false,
'class="sub next"'
);
echo '</div>';
?>
<script type="text/javascript">
function process_datatables_item(item) {
item.options = '<a href="javascript:" onclick="display_key(\'';
item.options += item.identifier;
item.options += '\')" ><?php echo html_print_image('images/eye.png', true, ['title' => __('Show')]); ?></a>';
item.options += '<a href="javascript:" onclick="delete_key(\'';
item.options += item.identifier;
item.options += '\')" ><?php echo html_print_image('images/cross.png', true, ['title' => __('Delete')]); ?></a>';
}
function handle_response(data) {
var title = "<?php echo __('Success'); ?>";
var text = '';
var failed = 0;
try {
data = JSON.parse(data);
text = data['result'];
} catch (err) {
title = "<?php echo __('Failed'); ?>";
text = err.message;
failed = 1;
}
if (!failed && data['error'] != undefined) {
title = "<?php echo __('Failed'); ?>";
text = data['error'];
failed = 1;
}
$('#aux').empty();
$('#aux').html(text);
$('#aux').dialog({
width: 450,
position: {
my: 'center',
at: 'center',
of: window,
collision: 'fit'
},
title: title,
buttons: [
{
text: 'OK',
click: function(e) {
if (!failed) {
dt_<?php echo $table_id; ?>.draw(0);
$(".ui-dialog-content").dialog("close");
cleanupDOM();
} else {
$(this).dialog('close');
}
}
}
]
});
}
function delete_key(id) {
$('#aux').empty();
$('#aux').text('<?php echo __('Are you sure?'); ?>');
$('#aux').dialog({
title: '<?php echo __('Delete'); ?> ' + id,
buttons: [
{
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub upd submit-cancel',
text: '<?php echo __('Cancel'); ?>',
click: function(e) {
$(this).dialog('close');
cleanupDOM();
}
},
{
text: 'Delete',
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub ok submit-next',
click: function(e) {
$.ajax({
method: 'post',
url: '<?php echo ui_get_full_url('ajax.php', false, false, false); ?>',
data: {
page: 'godmode/groups/credential_store',
delete_key: 1,
identifier: id
},
datatype: "json",
success: function (data) {
handle_response(data);
},
error: function(e) {
handle_response(e);
}
});
}
}
]
});
}
function display_key(id) {
$('#form_update').empty();
$('#form_update').html('Loading...');
$.ajax({
method: 'post',
url: '<?php echo ui_get_full_url('ajax.php', false, false, false); ?>',
data: {
page: 'godmode/groups/credential_store',
get_key: 1,
identifier: id
},
success: function (data) {
$('#info_key').dialog({
width: 580,
height: 400,
position: {
my: 'center',
at: 'center',
of: window,
collision: 'fit'
},
title: id,
buttons: [
{
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub upd submit-cancel',
text: '<?php echo __('Cancel'); ?>',
click: function(e) {
$(this).dialog('close');
cleanupDOM();
}
},
{
text: 'Update',
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub ok submit-next',
click: function(e) {
var values = {};
$('#form_update :input').each(function() {
values[this.name] = btoa($(this).val());
});
$.ajax({
method: 'post',
url: '<?php echo ui_get_full_url('ajax.php', false, false, false); ?>',
data: {
page: 'godmode/groups/credential_store',
update_key: 1,
values: values
},
datatype: "json",
success: function (data) {
handle_response(data);
},
error: function(e) {
handle_response(e);
}
});
}
}
]
});
$('#form_update').html(data);
}
})
}
function cleanupDOM() {
$('#div-identifier').empty();
$('#div-product').empty();
$('#div-username').empty();
$('#div-password').empty();
$('#div-extra_1').empty();
$('#div-extra_2').empty();
}
function calculate_inputs() {
if ($('#product :selected').val() == "CUSTOM") {
$('#div-username label').text('<?php echo __('User'); ?>');
$('#div-password label').text('<?php echo __('Password'); ?>');
$('#div-extra_1').hide();
$('#div-extra_2').hide();
} else if ($('#product :selected').val() == "AWS") {
$('#div-username label').text('<?php echo __('Access key ID'); ?>');
$('#div-password label').text('<?php echo __('Secret access key'); ?>');
$('#div-extra_1').hide();
$('#div-extra_2').hide();
} else if ($('#product :selected').val() == "AZURE") {
$('#div-username label').text('<?php echo __('Client ID'); ?>');
$('#div-password label').text('<?php echo __('Application secret'); ?>');
$('#div-extra_1 label').text('<?php echo __('Tenant or domain name'); ?>');
$('#div-extra_2 label').text('<?php echo __('Subscription id'); ?>');
$('#div-extra_1').show();
$('#div-extra_2').show();
}
}
function add_key() {
// Clear form.
$('#form_update').empty();
$('#form_update').html('Loading...');
$.ajax({
method: 'post',
url: '<?php echo ui_get_full_url('ajax.php', false, false, false); ?>',
data: {
page: 'godmode/groups/credential_store',
new_form: 1
},
success: function(data) {
$('#form_new').html(data);
$('#id_group').val(0);
// By default CUSTOM.
$('#product').val('CUSTOM');
calculate_inputs();
$('#product').on('change', function() {
calculate_inputs()
});
// Show form.
$('#new_key').dialog({
width: 580,
height: 400,
position: {
my: 'center',
at: 'center',
of: window,
collision: 'fit'
},
title: "<?php echo __('Register new key into keystore'); ?>",
buttons: [
{
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub upd submit-cancel',
text: "<?php echo __('Cancel'); ?>",
click: function(e) {
$(this).dialog('close');
cleanupDOM();
}
},
{
class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub ok submit-next',
text: 'OK',
click: function(e) {
var values = {};
$('#form_new :input').each(function() {
values[this.name] = btoa($(this).val());
});
$.ajax({
method: 'post',
url: '<?php echo ui_get_full_url('ajax.php', false, false, false); ?>',
data: {
page: 'godmode/groups/credential_store',
new_key: 1,
values: values
},
datatype: "json",
success: function (data) {
handle_response(data);
},
error: function(e) {
handle_response(e);
}
});
}
},
]
});
}
})
}
$(document).ready(function(){
$("#submit-create").on('click', function(){
add_key();
});
});
</script>

1203
pandora_console/include/class/CredentialStore.class.php Normal file
View File

File diff suppressed because it is too large Load Diff

420
pandora_console/include/functions_credential_store.php
View File

@ -24,422 +24,8 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* ============================================================================ * ============================================================================
*
* Moved to CredentialStore.class.php
*/ */
// Begin. // Deprecated.
/**
* Returns an array with all the credentials matching filter and ACL.
*
* @param array $fields Fields array or 'count' keyword to retrieve count.
* @param array $filter Filters to be applied.
* @param integer $offset Offset (pagination).
* @param integer $limit Limit (pagination).
* @param string $order Sort order.
* @param string $sort_field Sort field.
*
* @return array With all results or false if error.
* @throws Exception On error.
*/
function credentials_get_all(
$fields,
array $filter,
$offset=null,
$limit=null,
$order=null,
$sort_field=null
) {
$sql_filters = [];
$order_by = '';
$pagination = '';
global $config;
if (!is_array($filter)) {
error_log('[credential_get_all] Filter must be an array.');
throw new Exception('[credential_get_all] Filter must be an array.');
}
$count = false;
if (!is_array($fields) && $fields == 'count') {
$fields = ['cs.*'];
$count = true;
} else if (!is_array($fields)) {
error_log('[credential_get_all] Fields must be an array or "count".');
throw new Exception('[credential_get_all] Fields must be an array or "count".');
}
if (isset($filter['product']) && !empty($filter['product'])) {
$sql_filters[] = sprintf(' AND cs.product = "%s"', $filter['product']);
}
if (isset($filter['free_search']) && !empty($filter['free_search'])) {
$sql_filters[] = vsprintf(
' AND (lower(cs.username) like lower("%%%s%%")
OR cs.identifier like "%%%s%%"
OR lower(cs.product) like lower("%%%s%%"))',
array_fill(0, 3, $filter['free_search'])
);
}
if (isset($filter['filter_id_group']) && $filter['filter_id_group'] > 0) {
$propagate = db_get_value(
'propagate',
'tgrupo',
'id_grupo',
$filter['filter_id_group']
);
if (!$propagate) {
$sql_filters[] = sprintf(
' AND cs.id_group = %d ',
$filter['filter_id_group']
);
} else {
$groups = [ $filter['filter_id_group'] ];
$childrens = groups_get_childrens($id_group, null, true);
if (!empty($childrens)) {
foreach ($childrens as $child) {
$groups[] = (int) $child['id_grupo'];
}
}
$filter['filter_id_group'] = $groups;
$sql_filters[] = sprintf(
' AND cs.id_group IN (%s) ',
join(',', $filter['filter_id_group'])
);
}
}
if (isset($filter['group_list']) && is_array($filter['group_list'])) {
$sql_filters[] = sprintf(
' AND cs.id_group IN (%s) ',
join(',', $filter['group_list'])
);
}
if (isset($order)) {
$dir = 'asc';
if ($order == 'desc') {
$dir = 'desc';
};
if (in_array(
$sort_field,
[
'group',
'identifier',
'product',
'username',
'options',
]
)
) {
$order_by = sprintf(
'ORDER BY `%s` %s',
$sort_field,
$dir
);
}
}
if (isset($limit) && $limit > 0
&& isset($offset) && $offset >= 0
) {
$pagination = sprintf(
' LIMIT %d OFFSET %d ',
$limit,
$offset
);
}
$sql = sprintf(
'SELECT %s
FROM tcredential_store cs
LEFT JOIN tgrupo tg
ON tg.id_grupo = cs.id_group
WHERE 1=1
%s
%s
%s',
join(',', $fields),
join(' ', $sql_filters),
$order_by,
$pagination
);
if ($count) {
$sql = sprintf('SELECT count(*) as n FROM ( %s ) tt', $sql);
return db_get_value_sql($sql);
}
return db_get_all_rows_sql($sql);
}
/**
* Retrieves target key from keystore or false in case of error.
*
* @param string $identifier Key identifier.
*
* @return array Key or false if error.
*/
function get_key($identifier)
{
return db_get_row_filter(
'tcredential_store',
[ 'identifier' => $identifier ]
);
}
/**
* Minor function to dump json message as ajax response.
*
* @param string $type Type: result || error.
* @param string $msg Message.
* @param boolean $delete Deletion messages.
*
* @return void
*/
function ajax_msg($type, $msg, $delete=false)
{
$msg_err = 'Failed while saving: %s';
$msg_ok = 'Successfully saved into keystore ';
if ($delete) {
$msg_err = 'Failed while removing: %s';
$msg_ok = 'Successfully deleted ';
}
if ($type == 'error') {
echo json_encode(
[
$type => ui_print_error_message(
__(
$msg_err,
$msg
),
'',
true
),
]
);
} else {
echo json_encode(
[
$type => ui_print_success_message(
__(
$msg_ok,
$msg
),
'',
true
),
]
);
}
exit;
}
/**
* Generates inputs for new/update forms.
*
* @param array $values Values or null.
*
* @return string Inputs.
*/
function print_inputs($values=null)
{
if (!is_array($values)) {
$values = [];
}
$return = '';
$return .= html_print_input(
[
'label' => __('Identifier'),
'name' => 'identifier',
'input_class' => 'flex-row',
'type' => 'text',
'value' => $values['identifier'],
'disabled' => (bool) $values['identifier'],
'return' => true,
'script' => 'alert(\'puta\')',
]
);
$return .= html_print_input(
[
'label' => __('Group'),
'name' => 'id_group',
'id' => 'id_group',
'input_class' => 'flex-row',
'type' => 'select_groups',
'selected' => $values['id_group'],
'return' => true,
'class' => 'w50p',
]
);
$return .= html_print_input(
[
'label' => __('Product'),
'name' => 'product',
'input_class' => 'flex-row',
'type' => 'select',
'script' => 'calculate_inputs()',
'fields' => [
'CUSTOM' => __('Custom'),
'AWS' => __('Aws'),
'AZURE' => __('Azure'),
// 'GOOGLE' => __('Google'),
],
'selected' => $values['product'],
'disabled' => (bool) $values['product'],
'return' => true,
]
);
$user_label = __('Username');
$pass_label = __('Password');
$extra_1_label = __('Extra');
$extra_2_label = __('Extra (2)');
$extra1 = true;
$extra2 = true;
// Remember to update credential_store.php also.
switch ($values['product']) {
case 'AWS':
$user_label = __('Access key ID');
$pass_label = __('Secret access key');
$extra1 = false;
$extra2 = false;
break;
case 'AZURE':
$user_label = __('Account ID');
$pass_label = __('Application secret');
$extra_1_label = __('Tenant or domain name');
$extra_2_label = __('Subscription id');
break;
case 'GOOGLE':
// Need further investigation.
case 'CUSTOM':
$user_label = __('Account ID');
$pass_label = __('Password');
$extra1 = false;
$extra2 = false;
default:
// Use defaults.
break;
}
$return .= html_print_input(
[
'label' => $user_label,
'name' => 'username',
'input_class' => 'flex-row',
'type' => 'text',
'value' => $values['username'],
'return' => true,
]
);
$return .= html_print_input(
[
'label' => $pass_label,
'name' => 'password',
'input_class' => 'flex-row',
'type' => 'password',
'value' => $values['password'],
'return' => true,
]
);
if ($extra1) {
$return .= html_print_input(
[
'label' => $extra_1_label,
'name' => 'extra_1',
'input_class' => 'flex-row',
'type' => 'text',
'value' => $values['extra_1'],
'return' => true,
]
);
}
if ($extra2) {
$return .= html_print_input(
[
'label' => $extra_2_label,
'name' => 'extra_2',
'input_class' => 'flex-row',
'type' => 'text',
'value' => $values['extra_2'],
'return' => true,
'display' => $extra2,
]
);
}
return $return;
}
/**
* Retrieve all identifiers available for current user.
*
* @param string $product Target product.
*
* @return array Of account identifiers.
*/
function credentials_list_accounts($product)
{
global $config;
check_login();
include_once $config['homedir'].'/include/functions_users.php';
static $user_groups;
if (!isset($user_groups)) {
$user_groups = users_get_groups(
$config['id_user'],
'AR'
);
// Always add group 'ALL' because 'ALL' group credentials
// must be available for all users.
if (is_array($user_groups)) {
$user_groups = ([0] + array_keys($user_groups));
} else {
$user_groups = [0];
}
}
$creds = credentials_get_all(
['identifier'],
[
'product' => $product,
'group_list' => $user_groups,
]
);
if ($creds === false) {
return [];
}
$ret = array_reduce(
$creds,
function ($carry, $item) {
$carry[$item['identifier']] = $item['identifier'];
return $carry;
}
);
return $ret;
}

8
pandora_console/include/functions_html.php
View File

@ -1475,6 +1475,14 @@ function html_print_input_password(
$attr['class'] = $class; $attr['class'] = $class;
} }
if ($disabled === false) {
// Trick to avoid password completion on most browsers.
if ($autocomplete !== 'on') {
$disabled = true;
$attr['onfocus'] = "this.removeAttribute('readonly');";
}
}
return html_print_input_text_extended($name, $value, 'password-'.$name, $alt, $size, $maxlength, $disabled, '', $attr, $return, true, '', $autocomplete); return html_print_input_text_extended($name, $value, 'password-'.$name, $alt, $size, $maxlength, $disabled, '', $attr, $return, true, '', $autocomplete);
} }

29
pandora_console/include/functions_io.php
View File

@ -507,7 +507,7 @@ function ___($string /*, variable arguments */)
} }
/* /**
* json_encode for multibyte characters. * json_encode for multibyte characters.
* *
* @param string Text string to be encoded. * @param string Text string to be encoded.
@ -528,7 +528,7 @@ function io_json_mb_encode($string, $encode_options=0)
} }
/* /**
* Prepare the given password to be stored in the Pandora FMS Database, * Prepare the given password to be stored in the Pandora FMS Database,
* encrypting it if necessary. * encrypting it if necessary.
* *
@ -541,16 +541,22 @@ function io_input_password($password)
global $config; global $config;
enterprise_include_once('include/functions_crypto.php'); enterprise_include_once('include/functions_crypto.php');
$ciphertext = enterprise_hook('openssl_encrypt_decrypt', ['encrypt', io_safe_output($password)]); $ciphertext = enterprise_hook(
'openssl_encrypt_decrypt',
[
'encrypt',
io_safe_input($password),
]
);
if ($ciphertext === ENTERPRISE_NOT_HOOK) { if ($ciphertext === ENTERPRISE_NOT_HOOK) {
return $password; return io_safe_input($password);
} }
return $ciphertext; return $ciphertext;
} }
/* /**
* Process the given password read from the Pandora FMS Database, * Process the given password read from the Pandora FMS Database,
* decrypting it if necessary. * decrypting it if necessary.
* *
@ -563,10 +569,17 @@ function io_output_password($password)
global $config; global $config;
enterprise_include_once('include/functions_crypto.php'); enterprise_include_once('include/functions_crypto.php');
$plaintext = enterprise_hook('openssl_encrypt_decrypt', ['decrypt', io_safe_output($password)]); $plaintext = enterprise_hook(
'openssl_encrypt_decrypt',
[
'decrypt',
$password,
]
);
if ($plaintext === ENTERPRISE_NOT_HOOK) { if ($plaintext === ENTERPRISE_NOT_HOOK) {
return $password; return io_safe_output($password);
} }
return $plaintext; return io_safe_output($plaintext);
} }

20
pandora_console/include/javascript/pandora.js
View File

@ -1890,6 +1890,16 @@ function load_modal(settings) {
width = settings.onshow.width; width = settings.onshow.width;
} }
settings.target.html("Loading modal...");
settings.target
.dialog({
title: "Loading",
close: false,
width: 200,
buttons: []
})
.show();
$.ajax({ $.ajax({
method: "post", method: "post",
url: settings.url, url: settings.url,
@ -1898,6 +1908,9 @@ function load_modal(settings) {
data: data, data: data,
success: function(data) { success: function(data) {
settings.target.html(data); settings.target.html(data);
if (settings.onload != undefined) {
settings.onload(data);
}
settings.target.dialog({ settings.target.dialog({
resizable: true, resizable: true,
draggable: true, draggable: true,
@ -1927,6 +1940,9 @@ function load_modal(settings) {
click: function() { click: function() {
if (AJAX_RUNNING) return; if (AJAX_RUNNING) return;
AJAX_RUNNING = 1; AJAX_RUNNING = 1;
if (settings.onsubmit.preaction != undefined) {
settings.onsubmit.preaction();
}
var formdata = new FormData(); var formdata = new FormData();
if (settings.extradata) { if (settings.extradata) {
settings.extradata.forEach(function(item) { settings.extradata.forEach(function(item) {
@ -1954,7 +1970,9 @@ function load_modal(settings) {
contentType: false, contentType: false,
data: formdata, data: formdata,
success: function(data) { success: function(data) {
settings.ajax_callback(data); if (settings.ajax_callback != undefined) {
settings.ajax_callback(data);
}
AJAX_RUNNING = 0; AJAX_RUNNING = 0;
} }
}); });

30
pandora_console/include/styles/credential_store.css
View File

@ -10,3 +10,33 @@
#new_key select { #new_key select {
width: 60%; width: 60%;
} }
ul.wizard li > label:not(.p-switch) {
width: auto;
}
form.top-action-buttons ul.wizard {
display: flex;
flex-direction: row;
}
ul.wizard li {
margin-right: 1em;
}
form.modal ul.wizard li {
display: flex;
flex-direction: row;
width: 90%;
margin: 0 auto;
justify-items: center;
}
form.modal ul.wizard li * {
flex: 1;
}
ul.wizard li.flex-indep {
flex: 1;
margin: 0;
}

2
pandora_server/lib/PandoraFMS/Config.pm
View File

@ -1037,7 +1037,7 @@ sub pandora_load_config {
$pa_config->{'console_pass'}= safe_input(clean_blank($1)); $pa_config->{'console_pass'}= safe_input(clean_blank($1));
} }
elsif ($parametro =~ m/^encryption_passphrase\s(.*)/i) { # 6.0 elsif ($parametro =~ m/^encryption_passphrase\s(.*)/i) { # 6.0
$pa_config->{'encryption_passphrase'}= safe_input(clean_blank($1)); $pa_config->{'encryption_passphrase'} = clean_blank($1);
} }
elsif ($parametro =~ m/^unknown_interval\s+([0-9]*)/i) { # > 5.1SP2 elsif ($parametro =~ m/^unknown_interval\s+([0-9]*)/i) { # > 5.1SP2
$pa_config->{'unknown_interval'}= clean_blank($1); $pa_config->{'unknown_interval'}= clean_blank($1);

13
pandora_server/lib/PandoraFMS/Core.pm
View File

@ -3155,11 +3155,20 @@ sub pandora_get_config_value ($$) {
########################################################################## ##########################################################################
## Get credential from credential store ## Get credential from credential store
########################################################################## ##########################################################################
sub pandora_get_credential ($$) { sub pandora_get_credential ($$$) {
my ($dbh, $identifier) = @_; my ($pa_config, $dbh, $identifier) = @_;
my $key = get_db_single_row($dbh, 'SELECT * FROM tcredential_store WHERE identifier = ?', $identifier); my $key = get_db_single_row($dbh, 'SELECT * FROM tcredential_store WHERE identifier = ?', $identifier);
$key->{'username'} = pandora_output_password(
$pa_config,
safe_output($key->{'username'})
);
$key->{'password'} = pandora_output_password(
$pa_config,
safe_output($key->{'password'})
);
return $key; return $key;
} }

2
pandora_server/lib/PandoraFMS/Tools.pm
View File

@ -624,7 +624,7 @@ sub logger ($$;$) {
$message = safe_output ($message); $message = safe_output ($message);
$level = 1 unless defined ($level); $level = 1 unless defined ($level);
return if ($level > $pa_config->{'verbosity'}); return if (!defined ($pa_config->{'verbosity'}) || $level > $pa_config->{'verbosity'});
if (!defined($pa_config->{'log_file'})) { if (!defined($pa_config->{'log_file'})) {
print strftime ("%Y-%m-%d %H:%M:%S", localtime()) . " [V". $level ."] " . $message . "\n"; print strftime ("%Y-%m-%d %H:%M:%S", localtime()) . " [V". $level ."] " . $message . "\n";