From 867ae40b176e193aa5676d934f50f7ba60d1c9e2 Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Fri, 17 Jan 2020 22:58:45 +0100 Subject: [PATCH 1/6] Changed pandora server start for control if is needed add parameters. Also, deleted default parameters --- pandora_server/bin/pandora_server | 109 ++++++++++++++++++++ pandora_server/conf/pandora_server.conf.new | 15 +-- pandora_server/lib/PandoraFMS/Config.pm | 6 -- 3 files changed, 110 insertions(+), 20 deletions(-) diff --git a/pandora_server/bin/pandora_server b/pandora_server/bin/pandora_server index 1ce3e3da5e..ab8acf6106 100755 --- a/pandora_server/bin/pandora_server +++ b/pandora_server/bin/pandora_server @@ -21,6 +21,7 @@ use strict; use warnings; use POSIX qw(strftime); use threads; +use Digest::MD5 qw(md5_hex); # Default lib dir for RPM and DEB packages use lib '/usr/lib/perl5'; @@ -576,6 +577,114 @@ sub main() { pandora_event (\%Config, "Warmup mode for events started.", 0, 0, 0, 0, 0, 'system', 0, $DBH); } + # Console Api pass (if not defined) + if ( !defined($Config{"console_api_pass"}) ) { + $Config{"console_api_pass"} = pandora_get_tconfig_token ($DBH, 'api_password', ''); + + if ( $Config{"console_api_pass"} eq '' ) { + $Config{"console_api_pass"} = '1234'; + db_process_update ($DBH, 'tconfig', {'value' => $Config{"console_api_pass"}}, {'token' => 'api_password'}); + } + } + + # Only if console_api_url has not defined + if( !defined($Config{"console_api_url"}) ) { + my $console_api_url = pandora_get_tconfig_token ($DBH, 'public_url', ''); + + # If console_api_url is empty in database + if ( $console_api_url eq '' ) { + $console_api_url = 'http://localhost/pandora_console/include/api.php'; + logger(\%Config, "Assuming default path for API url: " . $console_api_url, 3); + } + + $Config{"console_api_url"} = $console_api_url; + } + + # Definition of configuration file + my $cfg_file = $Config{'pandora_path'}; + + # Randomized parametrization of console_pass. Must be done here. + if ( !defined($Config{"console_pass"}) ){ + if (open (CFG, ">>$cfg_file")) { + my $valid_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; + my $num_char = 8; + my $randomized_string = ''; + for (my $i = 0; $i < $num_char; $i++) { + $randomized_string .= substr($valid_chars, rand(length($valid_chars)), 1); + } + + $Config{"console_pass"} = $randomized_string; + print CFG "# console_pass: Console password\n"; + print CFG "# To make sure console_api_url, console_api_pass, console_user and console_pass are properly configured run:\n"; + print CFG "# curl '?op=get&op2=test&apipass=&user=&pass='\n"; + print CFG "# It should return a string similar to:\n"; + print CFG "# OK,{VERSION},{BUILD}\n"; + print CFG "console_pass " .$Config{"console_pass"} . "\n"; + + close (CFG); + } else { + logger(\%Config, "[WARNING] Error with configuration file when define `console_pass`: $!", 3); + } + } + + # Only if console_user is not defined + if ( !defined($Config{"console_user"}) ) { + my $pandora_uid = pandora_get_tconfig_token ($DBH, 'pandora_uid', ''); + + if ( $pandora_uid ne '' && $pandora_uid ne 'OFFLINE' ) { + $Config{"console_user"} = "internal_API_$pandora_uid"; + } else { + $Config{"console_user"} = "internal_API"; + } + + # If user not exists in DB, is necessary to create it + if ( get_user_exists($DBH, $Config{"console_user"}) == -1 ) { + + # Definition of API user parameters + my $api_user_parameters = {}; + $api_user_parameters->{'id_user'} = $Config{"console_user"}; + $api_user_parameters->{'password'} = md5_hex($Config{"console_pass"}); + $api_user_parameters->{'comments'} = "Internal user, used for generating reports and email attachments"; + $api_user_parameters->{'is_admin'} = 0; + $api_user_parameters->{'not_login'} = 1; + + # Profile creation for API purpouses + my $api_profile_parameters = {}; + $api_profile_parameters->{'id_usuario'} = $Config{"console_user"}; + $api_profile_parameters->{'id_perfil'} = 0; + $api_profile_parameters->{'id_grupo'} = 0; + $api_profile_parameters->{'assigned_by'} = "system"; + $api_profile_parameters->{'id_policy'} = 0; + $api_profile_parameters->{'tags'} = "API"; + + # Insert in DB + my $res_tusuario = db_process_insert($DBH, 'id_user', 'tusuario', $api_user_parameters); + my $res_tusuario_perfil = db_process_insert($DBH, 'id_user', 'tusuario_perfil', $api_profile_parameters); + + # If the user was inserted in DB, must write it in configuration file + if ( !$res_tusuario || !$res_tusuario_perfil ) { + logger(\%Config, "Warning. Was not possible creating console user for API.", 3); + } else { + if (open (CFG, ">>$cfg_file")) { + print CFG "# Console User (created for API use)\n"; + print CFG "console_user " . $Config{"console_user"} . "\n"; + close (CFG); + } else { + logger(\%Config, "Warning. Was not possible edit configuration file for add console user", 3); + } + } + } + } + + # Testing API url + my $curl_execution = "'".$Config{'console_api_url'}."?op=get&op2=test&apipass=".$Config{"console_api_pass"}."&user=".$Config{"console_user"}."&pass=".$Config{"console_pass"}."'"; + my @res_testing_api = `curl $curl_execution`; + + if ( $res_testing_api[0] ne 'OK' ) { + logger(\%Config, "Warning! The server does not have access to the API, this can trigger problems in the generation of reports and graphs.", 1); + pandora_event (\%Config, "Server does not have access to the API", 0, 0, 0, 0, 0, 'system', 0, $DBH); + } + # Generate 'going up' events foreach my $server (@Servers) { $server->upEvent (); diff --git a/pandora_server/conf/pandora_server.conf.new b/pandora_server/conf/pandora_server.conf.new index 1906fa72eb..3ba9728c46 100644 --- a/pandora_server/conf/pandora_server.conf.new +++ b/pandora_server/conf/pandora_server.conf.new @@ -558,20 +558,7 @@ async_recovery 1 # Required for some features like the module graphs macros. # console_api_url: Api URL (http://localhost/pandora_console/include/api.php by default) -console_api_url http://localhost/pandora_console/include/api.php - -# console_api_pass: Api pass -# console_api_pass 1234 - -# console_user: Console user name (admin by default) -console_user admin - -# console_pass: Console password (pandora by default) -# To make sure console_api_url, console_api_pass, console_user and console_pass are properly configured run: -# curl "?op=get&op2=test&apipass=&user=&pass=" -# It should return a string similar to: -# OK,{VERSION},{BUILD} -console_pass pandora +# console_api_url http://localhost/pandora_console/include/api.php # Passphrase used to generate the key for password encryption (PANDORA FMS ENTERPRISE ONLY). #encryption_passphrase passphrase diff --git a/pandora_server/lib/PandoraFMS/Config.pm b/pandora_server/lib/PandoraFMS/Config.pm index 3147ee1b91..b325ccbad7 100644 --- a/pandora_server/lib/PandoraFMS/Config.pm +++ b/pandora_server/lib/PandoraFMS/Config.pm @@ -452,12 +452,6 @@ sub pandora_load_config { # Auto-recovery of asynchronous modules. $pa_config->{"async_recovery"} = 1; # 5.1SP1 - # Console API connection - $pa_config->{"console_api_url"} = 'http://localhost/pandora_console/include/api.php'; # 6.0 - $pa_config->{"console_api_pass"} = ''; # 6.0 - $pa_config->{"console_user"} = 'admin'; # 6.0 - $pa_config->{"console_pass"} = 'pandora'; # 6.0 - # Database password encryption passphrase $pa_config->{"encryption_passphrase"} = ''; # 6.0 From 6fdd460f8a0216542a7586b2909c85265f370357 Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Mon, 20 Jan 2020 11:27:39 +0100 Subject: [PATCH 2/6] Solved an internal issue for control the test result --- pandora_server/bin/pandora_server | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pandora_server/bin/pandora_server b/pandora_server/bin/pandora_server index ab8acf6106..c88562946f 100755 --- a/pandora_server/bin/pandora_server +++ b/pandora_server/bin/pandora_server @@ -678,8 +678,8 @@ sub main() { # Testing API url my $curl_execution = "'".$Config{'console_api_url'}."?op=get&op2=test&apipass=".$Config{"console_api_pass"}."&user=".$Config{"console_user"}."&pass=".$Config{"console_pass"}."'"; - my @res_testing_api = `curl $curl_execution`; - + my $exe_testing_api = `curl $curl_execution`; + my @res_testing_api = split(',', $exe_testing_api); if ( $res_testing_api[0] ne 'OK' ) { logger(\%Config, "Warning! The server does not have access to the API, this can trigger problems in the generation of reports and graphs.", 1); pandora_event (\%Config, "Server does not have access to the API", 0, 0, 0, 0, 0, 'system', 0, $DBH); From ee44c74d27e05a726bdb23403014d39bd70f9de9 Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Mon, 20 Jan 2020 12:40:19 +0100 Subject: [PATCH 3/6] Solved issue with user profile creation --- pandora_server/bin/pandora_server | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pandora_server/bin/pandora_server b/pandora_server/bin/pandora_server index c88562946f..e1d2806e0e 100755 --- a/pandora_server/bin/pandora_server +++ b/pandora_server/bin/pandora_server @@ -662,9 +662,7 @@ sub main() { my $res_tusuario_perfil = db_process_insert($DBH, 'id_user', 'tusuario_perfil', $api_profile_parameters); # If the user was inserted in DB, must write it in configuration file - if ( !$res_tusuario || !$res_tusuario_perfil ) { - logger(\%Config, "Warning. Was not possible creating console user for API.", 3); - } else { + if ( $res_tusuario_perfil > 0 ) { if (open (CFG, ">>$cfg_file")) { print CFG "# Console User (created for API use)\n"; print CFG "console_user " . $Config{"console_user"} . "\n"; @@ -672,6 +670,8 @@ sub main() { } else { logger(\%Config, "Warning. Was not possible edit configuration file for add console user", 3); } + } else { + logger(\%Config, "Warning. Was not possible creating console user for API.", 3); } } } From 78fb8748861f0966662367b08ae0800a04be10be Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Wed, 22 Jan 2020 16:33:12 +0100 Subject: [PATCH 4/6] Solved some issues with paramethers --- pandora_server/bin/pandora_server | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/pandora_server/bin/pandora_server b/pandora_server/bin/pandora_server index e1d2806e0e..bc3f5b26c9 100755 --- a/pandora_server/bin/pandora_server +++ b/pandora_server/bin/pandora_server @@ -593,11 +593,11 @@ sub main() { # If console_api_url is empty in database if ( $console_api_url eq '' ) { - $console_api_url = 'http://localhost/pandora_console/include/api.php'; + $console_api_url = 'http://localhost/pandora_console/'; logger(\%Config, "Assuming default path for API url: " . $console_api_url, 3); } - $Config{"console_api_url"} = $console_api_url; + $Config{"console_api_url"} = $console_api_url . 'include/api.php'; } # Definition of configuration file @@ -614,7 +614,7 @@ sub main() { } $Config{"console_pass"} = $randomized_string; - print CFG "# console_pass: Console password\n"; + print CFG "\n# console_pass: Console password\n"; print CFG "# To make sure console_api_url, console_api_pass, console_user and console_pass are properly configured run:\n"; print CFG "# curl '?op=get&op2=test&apipass=&user=&pass='\n"; print CFG "# It should return a string similar to:\n"; @@ -651,11 +651,10 @@ sub main() { # Profile creation for API purpouses my $api_profile_parameters = {}; $api_profile_parameters->{'id_usuario'} = $Config{"console_user"}; - $api_profile_parameters->{'id_perfil'} = 0; + $api_profile_parameters->{'id_perfil'} = 1; $api_profile_parameters->{'id_grupo'} = 0; $api_profile_parameters->{'assigned_by'} = "system"; $api_profile_parameters->{'id_policy'} = 0; - $api_profile_parameters->{'tags'} = "API"; # Insert in DB my $res_tusuario = db_process_insert($DBH, 'id_user', 'tusuario', $api_user_parameters); @@ -664,7 +663,7 @@ sub main() { # If the user was inserted in DB, must write it in configuration file if ( $res_tusuario_perfil > 0 ) { if (open (CFG, ">>$cfg_file")) { - print CFG "# Console User (created for API use)\n"; + print CFG "\n# Console User (created for API use)\n"; print CFG "console_user " . $Config{"console_user"} . "\n"; close (CFG); } else { From 7102b14e8bff641bf35f57d93be485e600b583ed Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Fri, 24 Jan 2020 13:10:02 +0100 Subject: [PATCH 5/6] Refactoring and adding new specs --- .../FreeBSD/pandora_server.conf.new | 12 +------ pandora_server/bin/pandora_server | 32 +++++++++++-------- pandora_server/conf/pandora_server.conf.new | 3 ++ 3 files changed, 22 insertions(+), 25 deletions(-) diff --git a/pandora_server/FreeBSD/pandora_server.conf.new b/pandora_server/FreeBSD/pandora_server.conf.new index 01ff859fa5..9f072621ee 100644 --- a/pandora_server/FreeBSD/pandora_server.conf.new +++ b/pandora_server/FreeBSD/pandora_server.conf.new @@ -507,21 +507,11 @@ async_recovery 1 # Required for some features like the module graphs macros. # console_api_url: Api URL (http://localhost/pandora_console/include/api.php by default) -console_api_url http://localhost/pandora_console/include/api.php +# console_api_url http://localhost/pandora_console/include/api.php # console_api_pass: Api pass # console_api_pass 1234 -# console_user: Console user name (admin by default) -console_user admin - -# console_pass: Console password (pandora by default) -# To make sure console_api_url, console_api_pass, console_user and console_pass are properly configured run: -# curl "?op=get&op2=test&apipass=&user=&pass=" -# It should return a string similar to: -# OK,{VERSION},{BUILD} -console_pass pandora - # Passphrase used to generate the key for password encryption (PANDORA FMS ENTERPRISE ONLY). #encryption_passphrase passphrase diff --git a/pandora_server/bin/pandora_server b/pandora_server/bin/pandora_server index bc3f5b26c9..317f1ef67f 100755 --- a/pandora_server/bin/pandora_server +++ b/pandora_server/bin/pandora_server @@ -577,21 +577,11 @@ sub main() { pandora_event (\%Config, "Warmup mode for events started.", 0, 0, 0, 0, 0, 'system', 0, $DBH); } - # Console Api pass (if not defined) - if ( !defined($Config{"console_api_pass"}) ) { - $Config{"console_api_pass"} = pandora_get_tconfig_token ($DBH, 'api_password', ''); - - if ( $Config{"console_api_pass"} eq '' ) { - $Config{"console_api_pass"} = '1234'; - db_process_update ($DBH, 'tconfig', {'value' => $Config{"console_api_pass"}}, {'token' => 'api_password'}); - } - } - - # Only if console_api_url has not defined + # Only if console_api_url was not defined if( !defined($Config{"console_api_url"}) ) { my $console_api_url = pandora_get_tconfig_token ($DBH, 'public_url', ''); - # If console_api_url is empty in database + # If public_url is empty in database if ( $console_api_url eq '' ) { $console_api_url = 'http://localhost/pandora_console/'; logger(\%Config, "Assuming default path for API url: " . $console_api_url, 3); @@ -600,11 +590,25 @@ sub main() { $Config{"console_api_url"} = $console_api_url . 'include/api.php'; } + # Only if console_api_pass was not defined + if ( !defined($Config{"console_api_pass"}) ) { + my $console_api_pass = pandora_get_tconfig_token ($DBH, 'api_password', ''); + + # If api_password is empty in database + if ( $console_api_pass eq '' ) { + $console_api_pass = '1234'; + db_process_update ($DBH, 'tconfig', {'value' => $console_api_pass}, {'token' => 'api_password'}); + } + + $Config{"console_api_pass"} = $console_api_pass; + } + # Definition of configuration file my $cfg_file = $Config{'pandora_path'}; - # Randomized parametrization of console_pass. Must be done here. + # Only if console_pass was not defined. if ( !defined($Config{"console_pass"}) ){ + # Randomized parametrization of console_pass. if (open (CFG, ">>$cfg_file")) { my $valid_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; my $num_char = 8; @@ -627,7 +631,7 @@ sub main() { } } - # Only if console_user is not defined + # Only if console_user was not defined if ( !defined($Config{"console_user"}) ) { my $pandora_uid = pandora_get_tconfig_token ($DBH, 'pandora_uid', ''); diff --git a/pandora_server/conf/pandora_server.conf.new b/pandora_server/conf/pandora_server.conf.new index 3ba9728c46..fd09584076 100644 --- a/pandora_server/conf/pandora_server.conf.new +++ b/pandora_server/conf/pandora_server.conf.new @@ -560,6 +560,9 @@ async_recovery 1 # console_api_url: Api URL (http://localhost/pandora_console/include/api.php by default) # console_api_url http://localhost/pandora_console/include/api.php +# console_api_pass: Api pass +# console_api_pass 1234 + # Passphrase used to generate the key for password encryption (PANDORA FMS ENTERPRISE ONLY). #encryption_passphrase passphrase From c8194166ef2254c90c7f895278457ee984d68b69 Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Mon, 27 Jan 2020 16:19:27 +0100 Subject: [PATCH 6/6] Added console_api_pass write for pandora_server.conf --- pandora_server/bin/pandora_server | 32 ++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/pandora_server/bin/pandora_server b/pandora_server/bin/pandora_server index 317f1ef67f..474f0f9029 100755 --- a/pandora_server/bin/pandora_server +++ b/pandora_server/bin/pandora_server @@ -590,22 +590,44 @@ sub main() { $Config{"console_api_url"} = $console_api_url . 'include/api.php'; } + # Definition of configuration file + my $cfg_file = $Config{'pandora_path'}; + my $cfg_file_output = $Config{'pandora_path'} . "_backup"; + # Only if console_api_pass was not defined if ( !defined($Config{"console_api_pass"}) ) { my $console_api_pass = pandora_get_tconfig_token ($DBH, 'api_password', ''); - # If api_password is empty in database if ( $console_api_pass eq '' ) { $console_api_pass = '1234'; db_process_update ($DBH, 'tconfig', {'value' => $console_api_pass}, {'token' => 'api_password'}); } - + # Definition of console_api_pass in config $Config{"console_api_pass"} = $console_api_pass; + # Watch if paramether is added or not (even if it is commented) + my $console_api_pass_control = undef; + if ( open (CFGin, "<$cfg_file") && open (CFGout, ">>$cfg_file_output") ) { + while(my $row = ) { + if (chomp($row) =~ (m/^#\sconsole_api_pass\s(.*)/i)) { + $console_api_pass_control = 1; + print CFGout "\nconsole_api_pass " .$Config{"console_api_pass"} . "\n"; + } else { + print CFGout "$row\n"; + } + } + # Only if the parameter was not added + if ( !defined($console_api_pass_control) ) { + print CFGout "\n# console_api_pass: Console password\n"; + print CFGout "console_api_pass " .$Config{"console_api_pass"} . "\n"; + } + # Close both files + close (CFGin); + close (CFGout); + # Convert the output file in the original configuration file + rename $cfg_file_output, $cfg_file; + } } - # Definition of configuration file - my $cfg_file = $Config{'pandora_path'}; - # Only if console_pass was not defined. if ( !defined($Config{"console_pass"}) ){ # Randomized parametrization of console_pass.