tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/develop' into ent-12019-api-2-0

This commit is contained in:
daniel 2024-02-05 08:05:45 +01:00
parent 54e4b8dbfa 4b40a8e9c5
commit b80f7bdeb1
18 changed files with 289 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pandora_console/extensions/grafana/query.php
View File

@ -23,6 +23,9 @@ if ($headers['Authorization']) {
list($user, $password) = explode(':', base64_decode($headers['Authorization']));
// Prevent sql injection.
$user = mysqli_real_escape_string($config['dbconnection'], $user);
// Check user login
$user_in_db = process_user_login($user, $password, true);

3
pandora_console/extensions/grafana/search.php
View File

@ -24,6 +24,9 @@ if ($headers['Authorization']) {
list($user, $password) = explode(':', base64_decode($headers['Authorization']));
// Prevent sql injection.
$user = mysqli_real_escape_string($config['dbconnection'], $user);
// Check user login
$user_in_db = process_user_login($user, $password, true);

2
pandora_console/extras/mr/68.sql
View File

@ -68,5 +68,7 @@ ADD COLUMN `id_agent_data` int not null default 0 AFTER `script_type`;
ALTER TABLE `tusuario` CHANGE COLUMN `metaconsole_data_section` `metaconsole_data_section` TEXT NOT NULL DEFAULT '' ;
ALTER TABLE `tmensajes` ADD COLUMN `icon_notification` VARCHAR(250) NULL DEFAULT NULL AFTER `url`;
UPDATE `tncm_template` SET `vendors` = CONCAT('["', TRIM(BOTH '"' FROM TRIM(BOTH ']' FROM TRIM(BOTH '[' FROM vendors))), '"]'), `models` = CONCAT('["', TRIM(BOTH '"' FROM TRIM(BOTH ']' FROM TRIM(BOTH '[' FROM models))), '"]');
UPDATE `tncm_agent_data_template` SET `vendors` = CONCAT('["', TRIM(BOTH '"' FROM TRIM(BOTH ']' FROM TRIM(BOTH '[' FROM vendors))), '"]'), `models` = CONCAT('["', TRIM(BOTH '"' FROM TRIM(BOTH ']' FROM TRIM(BOTH '[' FROM models))), '"]');
COMMIT;

47
pandora_console/godmode/menu.php
View File

@ -518,7 +518,18 @@ if ($access_console_node === true) {
}
if ((bool) check_acl($config['id_user'], 0, 'PM') === true || (bool) check_acl($config['id_user'], 0, 'DM') === true) {
if ((bool) check_acl($config['id_user'], 0, 'AW') === true) {
$show_ipam = false;
$ipam = db_get_all_rows_sql('SELECT users_operator FROM tipam_network');
foreach ($ipam as $row) {
if (str_contains($row['users_operator'], '-1') || str_contains($row['users_operator'], $config['id_user'])) {
$show_ipam = true;
break;
}
}
}
if ((bool) check_acl($config['id_user'], 0, 'PM') === true || (bool) check_acl($config['id_user'], 0, 'DM') === true || $show_ipam === true) {
$menu_godmode['gextensions']['text'] = __('Admin tools');
$menu_godmode['gextensions']['sec2'] = 'godmode/extensions';
$menu_godmode['gextensions']['id'] = 'god-extensions';
@ -535,8 +546,6 @@ if ((bool) check_acl($config['id_user'], 0, 'PM') === true || (bool) check_acl($
$sub['tools/diagnostics']['text'] = __('Diagnostic info');
$sub['tools/diagnostics']['id'] = 'diagnostic_info';
enterprise_hook('omnishell');
enterprise_hook('ipam_submenu');
$sub['godmode/setup/news']['text'] = __('Site news');
$sub['godmode/setup/news']['id'] = 'site_news';
}
@ -558,9 +567,15 @@ if ((bool) check_acl($config['id_user'], 0, 'PM') === true || (bool) check_acl($
}
}
$sub['godmode/events/configuration_sounds']['text'] = __('Acoustic console setup');
$sub['godmode/events/configuration_sounds']['id'] = 'Acoustic console setup';
$sub['godmode/events/configuration_sounds']['pages'] = ['godmode/events/configuration_sounds'];
if (((bool) check_acl($config['id_user'], 0, 'PM') === true && $access_console_node === true) || $show_ipam === true) {
enterprise_hook('ipam_submenu');
}
if ((bool) check_acl($config['id_user'], 0, 'PM') === true || (bool) check_acl($config['id_user'], 0, 'DM') === true) {
$sub['godmode/events/configuration_sounds']['text'] = __('Acoustic console setup');
$sub['godmode/events/configuration_sounds']['id'] = 'Acoustic console setup';
$sub['godmode/events/configuration_sounds']['pages'] = ['godmode/events/configuration_sounds'];
}
$menu_godmode['gextensions']['sub'] = $sub;
}
@ -638,16 +653,18 @@ if ($access_console_node === true) {
}
// Complete the submenu.
$extension_view = [];
$extension_view['godmode/extensions']['id'] = 'extension_manager_view';
$extension_view['godmode/extensions']['text'] = __('Extension manager view');
$extension_submenu = array_merge($extension_view, $sub2);
if (users_is_admin($config['id_user']) === true) {
$extension_view = [];
$extension_view['godmode/extensions']['id'] = 'extension_manager_view';
$extension_view['godmode/extensions']['text'] = __('Extension manager view');
$extension_submenu = array_merge($extension_view, $sub2);
$sub['godmode/extensions']['sub2'] = $extension_submenu;
$sub['godmode/extensions']['text'] = __('Extension manager');
$sub['godmode/extensions']['id'] = 'extension_manager';
$sub['godmode/extensions']['type'] = 'direct';
$sub['godmode/extensions']['subtype'] = 'nolink';
$sub['godmode/extensions']['sub2'] = $extension_submenu;
$sub['godmode/extensions']['text'] = __('Extension manager');
$sub['godmode/extensions']['id'] = 'extension_manager';
$sub['godmode/extensions']['type'] = 'direct';
$sub['godmode/extensions']['subtype'] = 'nolink';
}
if (is_array($menu_godmode['gextensions']['sub']) === true) {
$submenu = array_merge($menu_godmode['gextensions']['sub'], $sub);

112
pandora_console/godmode/setup/setup_general.php
View File

@ -960,60 +960,6 @@ echo '<legend>'.__('Mail configuration').'</legend>';
);
echo '</form>';
/**
* Print the modal window for the summary of each alerts group
*
* @param string $id Id.
*
* @return void
*/
function print_email_test_modal_window($id)
{
// Email config table.
$table_mail_test = new stdClass();
$table_mail_test->width = '100%';
$table_mail_test->class = 'filter-table-adv';
$table_mail_test->data = [];
$table_mail_test->data[0][] = html_print_label_input_block(
__('Address'),
html_print_input_text(
'email_test_address',
'',
'',
35,
100,
true
)
);
$table_mail_test->data[1][] = '&nbsp&nbsp<span id="email_test_sent_message" class="invisible"><b>Email sent</b></span><span id="email_test_failure_message" class=invisible"><b>Email could not be sent</b></span>';
// $table_mail_test->colspan[2][0] = 2;
$submitButton = html_print_div(
[
'class' => 'action-buttons-right-forced',
'content' => html_print_button(
__('Send'),
'email_test',
false,
'',
[
'icon' => 'cog',
'mode' => 'mini',
],
true
),
],
true
);
echo '<div id="email_test_'.$id.'" title="'.__('Check mail configuration').'" class="invisible">'.html_print_table($table_mail_test, true).$submitButton.'</div>';
}
?>
<script type="text/javascript">
function show_timezone () {
@ -1033,62 +979,6 @@ function show_timezone () {
});
}
function show_email_test(id) {
$('#email_test_sent_message').hide();
$('#email_test_failure_message').hide();
$("#email_test_"+id).dialog({
resizable: true,
draggable: true,
modal: true,
width: 450,
overlay: {
opacity: 0.5,
background: "black"
}
});
}
function perform_email_test () {
$('#email_test_sent_message').hide();
$('#email_test_failure_message').hide();
var test_address = $('#text-email_test_address').val();
params = {
email_smtpServer : $('#text-email_smtpServer').val(),
email_smtpPort : $('#text-email_smtpPort').val(),
email_username : $('#text-email_username').val(),
email_password : $('#password-email_password').val(),
email_encryption : $( "#email_encryption option:selected" ).val(),
email_from_dir : $('#text-email_from_dir').val(),
email_from_name : $('#text-email_from_name').val()
};
$.ajax({
type: "POST",
url: "ajax.php",
data : {
page: "godmode/setup/setup_general",
test_address: test_address,
params: params
},
dataType: "json",
success: function(data) {
if (parseInt(data) === 1) {
$('#email_test_sent_message').show();
$('#email_test_failure_message').hide();
} else {
$('#email_test_failure_message').show();
$('#email_test_sent_message').hide();
}
},
error: function() {
$('#email_test_failure_message').show();
$('#email_test_sent_message').hide();
},
});
}
$(document).ready (function () {
$("#zone").attr("hidden", true);
@ -1146,8 +1036,6 @@ $(document).ready (function () {
}
})
$('#button-email_test').click(perform_email_test);
$("#right_iblacklist").click (function () {
jQuery.each($("select[name='inventory_changes_blacklist_out[]'] option:selected"), function (key, value) {
imodule_name = $(value).html();

2
pandora_console/godmode/users/configure_user.php
View File

@ -770,7 +770,7 @@ if ($update_user) {
$id_user = (string) get_parameter('id_user', '');
if ($password_new != '') {
if ($config['auth'] !== 'mysql') {
if ($config['auth'] !== 'mysql' && $values['local_user'] === false) {
ui_print_error_message(__('It is not possible to change the password because external authentication is being used'));
} else {
$correct_password = false;

32
pandora_console/include/class/ConsoleSupervisor.php
View File

@ -1671,6 +1671,10 @@ class ConsoleSupervisor
ini_get('upload_max_filesize')
);
$PHPpost_max_size = config_return_in_bytes(
ini_get('post_max_size')
);
// PHP configuration.
$PHPmax_input_time = ini_get('max_input_time');
$PHPmemory_limit = config_return_in_bytes(ini_get('memory_limit'));
@ -1678,6 +1682,7 @@ class ConsoleSupervisor
$PHPsafe_mode = ini_get('safe_mode');
$PHPdisable_functions = ini_get('disable_functions');
$PHPupload_max_filesize_min = config_return_in_bytes('800M');
$PHPpost_max_size_min = config_return_in_bytes('800M');
$PHPmemory_limit_min = config_return_in_bytes('800M');
$PHPSerialize_precision = ini_get('serialize_precision');
@ -1728,7 +1733,7 @@ class ConsoleSupervisor
'message' => sprintf(
__('Recommended value is %s'),
'-1 ('.__('Unlimited').')'
).'<br><br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Do not forget to restart Apache process after)'),
).'<br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Do not forget to restart Apache process after)'),
'url' => $url,
'icon_notification' => self::ICON_INFORMATION,
]
@ -1753,7 +1758,7 @@ class ConsoleSupervisor
'message' => sprintf(
__('Recommended value is: %s'),
'0 ('.__('Unlimited').')'
).'<br><br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Dont forget restart apache process after changes)'),
).'<br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Dont forget restart apache process after changes)'),
'url' => $url,
'icon_notification' => self::ICON_INFORMATION,
]
@ -1778,7 +1783,7 @@ class ConsoleSupervisor
'message' => sprintf(
__('Recommended value is: %s'),
sprintf(__('%s or greater'), '800M')
).'<br><br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Dont forget restart apache process after changes)'),
).'<br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Dont forget restart apache process after changes)'),
'url' => $url,
'icon_notification' => self::ICON_INFORMATION,
]
@ -1808,7 +1813,7 @@ class ConsoleSupervisor
'message' => sprintf(
__('Recommended value is: %s'),
sprintf(__('%s or greater'), $recommended_memory)
).'<br><br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator'),
).'<br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator'),
'url' => $url,
'icon_notification' => self::ICON_INFORMATION,
]
@ -1915,6 +1920,25 @@ class ConsoleSupervisor
} else {
$this->cleanNotifications('NOTIF.PHP.VERSION.SUPPORT');
}
if ($PHPpost_max_size < $PHPpost_max_size_min && (int) $PHPpost_max_size !== -1) {
$url = 'https://www.php.net/manual/en/ini.core.php#ini.post-max-size';
$this->notify(
[
'type' => 'NOTIF.PHP.POST_MAX_SIZE',
'title' => __('PHP POST MAX SIZE'),
'message' => sprintf(
__('Recommended value is: %s'),
sprintf(__('%sM or greater'), ($PHPpost_max_size_min / 1024 / 1024))
).'<br>'.__('Please, change it on your PHP configuration file (php.ini) or contact with administrator'),
'url' => $url,
'icon_notification' => self::ICON_HEADSUP,
]
);
} else {
$this->cleanNotifications('NOTIF.PHP.POST_MAX_SIZE');
}
}

43
pandora_console/include/class/Diagnostics.class.php
View File

@ -483,7 +483,7 @@ class Diagnostics extends Wizard
],
'isEnterprise' => [
'name' => __('Enterprise installed'),
'value' => (enterprise_installed()) ? __('true') : __('false'),
'value' => $this->getStatusLicense(),
],
'customerKey' => [
'name' => __('Update Key'),
@ -505,6 +505,29 @@ class Diagnostics extends Wizard
}
/**
* Return status of license.
*
* @return string
*/
private function getStatusLicense():string
{
global $config;
if (enterprise_installed() === true) {
if (isset($config['license_mode'])
&& (int) $config['license_mode'] === 1
) {
return __('FREE/TRIAL');
} else {
return __('LICENSED');
}
} else {
return __('OpenSource');
}
}
/**
* PHP Status.
*
@ -517,23 +540,31 @@ class Diagnostics extends Wizard
$result = [
'error' => false,
'data' => [
'phpVersion' => [
'phpVersion' => [
'name' => __('PHP Version'),
'value' => phpversion(),
],
'maxExecutionTime' => [
'maxExecutionTime' => [
'name' => __('PHP Max execution time'),
'value' => ini_get('max_execution_time'),
],
'maxInputTime' => [
'maxInputTime' => [
'name' => __('PHP Max input time'),
'value' => ini_get('max_input_time'),
],
'memoryLimit' => [
'memoryLimit' => [
'name' => __('PHP Memory limit'),
'value' => ini_get('memory_limit'),
],
'sessionLifetime' => [
'postMaxSize' => [
'name' => __('PHP Post max size'),
'value' => ini_get('post_max_size'),
],
'uploadMaxFilesize' => [
'name' => __('PHP Upload max file size'),
'value' => ini_get('upload_max_filesize'),
],
'sessionLifetime' => [
'name' => __('Session cookie lifetime'),
'value' => ini_get('session.cookie_lifetime'),
],

49
pandora_console/include/functions_html.php
View File

@ -7691,3 +7691,52 @@ function html_print_wizard_diagnosis(
echo $output;
}
}
/**
* Print the modal window for the summary of each alerts group
*
* @param string $id Id.
*
* @return void
*/
function print_email_test_modal_window($id)
{
// Email config table.
$table_mail_test = new stdClass();
$table_mail_test->width = '100%';
$table_mail_test->class = 'filter-table-adv';
$table_mail_test->data = [];
$table_mail_test->data[0][] = html_print_label_input_block(
__('Address'),
html_print_input_text(
'email_test_address',
'',
'',
35,
100,
true
)
);
$table_mail_test->data[1][] = '&nbsp&nbsp<span id="email_test_sent_message" class="invisible"><b>Email sent</b></span><span id="email_test_failure_message" class=invisible"><b>Email could not be sent</b></span>';
// $table_mail_test->colspan[2][0] = 2;
$submitButton = html_print_div(
[
'class' => 'action-buttons-right-forced',
'content' => html_print_button(
__('Send'),
'email_test',
false,
'perform_email_test()',
[
'icon' => 'cog',
'mode' => 'mini',
],
true
),
],
true
);
echo '<div id="email_test_'.$id.'" title="'.__('Check mail configuration').'" class="invisible">'.html_print_table($table_mail_test, true).$submitButton.'</div>';
}

16
pandora_console/include/functions_menu.php
View File

@ -1230,6 +1230,22 @@ if (is_ajax()) {
<p style="font-size: 10pt;">'.$php_sys->data->memoryLimit->value.'</p>
</th>
</tr>
<tr>
<th style="width: 35%;">
<p><span>'.$php_sys->data->postMaxSize->name.'</span></p>
</th>
<th style="width: 65%;">
<p style="font-size: 10pt;">'.$php_sys->data->postMaxSize->value.'</p>
</th>
</tr>
<tr>
<th style="width: 35%;">
<p><span>'.$php_sys->data->uploadMaxFilesize->name.'</span></p>
</th>
<th style="width: 65%;">
<p style="font-size: 10pt;">'.$php_sys->data->uploadMaxFilesize->value.'</p>
</th>
</tr>
<tr>
<th style="width: 35%;">
<p><span>'.$php_sys->data->sessionLifetime->name.'</span></p>

1
pandora_console/include/functions_notifications.php
View File

@ -133,6 +133,7 @@ function notifications_get_subtypes(?string $source=null)
'NOTIF.PHP.INPUT_TIME',
'NOTIF.PHP.EXECUTION_TIME',
'NOTIF.PHP.UPLOAD_MAX_FILESIZE',
'NOTIF.PHP.POST_MAX_SIZE',
'NOTIF.PHP.MEMORY_LIMIT',
'NOTIF.PHP.DISABLE_FUNCTIONS',
'NOTIF.PHP.CHROMIUM',

19
pandora_console/include/functions_update_manager.php
View File

@ -98,25 +98,6 @@ function update_manager_get_current_package()
}
/**
* Check if a trial license is in use.
*
* @return boolean true if a trial license is in use, false otherwise.
*/
function update_manager_verify_trial()
{
global $config;
if (isset($config['license_licensed_to'])
&& strstr($config['license_licensed_to'], 'info@pandorafms.com') !== false
) {
return true;
}
return false;
}
/**
* Checks if there are packages available to be installed.
*

2
pandora_console/include/functions_visual_map.php
View File

@ -3791,7 +3791,7 @@ function visual_map_get_user_layouts(
$retval = [];
foreach ($layouts as $layout) {
if ($only_names) {
$retval[$layout['id']] = $layout['name'];
$retval[$layout['id']] = io_safe_output($layout['name']);
} else {
$retval[$layout['id']] = $layout;
}

57
pandora_console/include/javascript/pandora.js
View File

@ -2621,3 +2621,60 @@ function christmas_click(flagEasternEgg) {
}, 120000);
}
}
function perform_email_test() {
$("#email_test_sent_message").hide();
$("#email_test_failure_message").hide();
var test_address = $("#text-email_test_address").val();
var params = {
email_smtpServer: $("#text-email_smtpServer").val(),
email_smtpPort: $("#text-email_smtpPort").val(),
email_username: $("#text-email_username").val(),
email_password: $("#password-email_password").val(),
email_encryption: $("#email_encryption option:selected").val(),
email_from_dir: $("#text-email_from_dir").val(),
email_from_name: $("#text-email_from_name").val()
};
$.ajax({
type: "POST",
url: "ajax.php",
data: {
page: "godmode/setup/setup_general",
test_address: test_address,
params: params
},
dataType: "json",
success: function(data) {
if (parseInt(data) === 1) {
$("#email_test_sent_message").show();
$("#email_test_failure_message").hide();
} else {
console.log($("#email_test_failure_message"));
$("#email_test_failure_message").show();
$("#email_test_sent_message").hide();
}
},
error: function() {
$("#email_test_failure_message").show();
$("#email_test_sent_message").hide();
}
});
}
function show_email_test(id) {
$("#email_test_sent_message").hide();
$("#email_test_failure_message").hide();
$("#email_test_" + id).dialog({
resizable: true,
draggable: true,
modal: true,
width: 450,
overlay: {
opacity: 0.5,
background: "black"
}
});
}

7
pandora_console/update_manager_client/lib/UpdateManager/Client.php
View File

@ -2383,7 +2383,7 @@ class Client
// Retrieve package from UMS.
$this->notify(0, 'Downloading server update '.$version);
$this->post(
$package = $this->post(
[
'action' => 'get_server_package',
'arguments' => ['version' => $version],
@ -2407,6 +2407,11 @@ class Client
return false;
}
if (empty($package) === true) {
$this->lastError = 'Error on Package from UMS';
return false;
}
if ($this->propagateUpdates === true) {
$this->saveSignature(
$signature,

22
pandora_server/conf/tentacle_server.conf.new
View File

@ -5,10 +5,10 @@
# Tentacle have IANA assigned port tpc/41121 as official port.
##########################################################################
# [-a] IPv4 address to listen on. Several IPs cam be selected separating if by comma.
# [-a] IPv4 address to listen on. Several IP adresses can be selected separated by commas.
addresses 0.0.0.0
# [-p] Port to listen on
# [-p] Port number to listen on.
port 41121
# [-c] Maximum number of simultaneous connections
@ -17,19 +17,19 @@ port 41121
# [-d] Run as daemon. 1 true, 0 false
daemon 1
# [-i] Enable insecure mode
# insecure 0
# [-I] Enable insecure mode. 1 true, 0 false.
#insecure 0
# Filters (regexp:dir;regexp:dir...)
# [-i] Filters (regexp:dir;regexp:dir...).
filters .*\.conf:conf;.*\.md5:md5;.*\.zip:collections;.*\.lock:trans;.*\.rcmd:commands
# [-m] Maximum file size allowed by the server in bytes
#max_size 2000000
# max_size 2000000
# [-o] Accept files with a repeated name
# [-o] Accept files with a repeated name. 1 true, 0 false.
# overwrite 0
# [-q] Do not output error messages.
# [-q] No output error messages. 1 true, 0 false.
# quiet 0
# [-r] Number of retries for socket read/write operations
@ -38,10 +38,10 @@ filters .*\.conf:conf;.*\.md5:md5;.*\.zip:collections;.*\.lock:trans;.*\.rcmd:co
# [-s] Storage directory
directory /var/spool/pandora/data_in
# [-b] Address to proxy client requests to
# [-b] IP address proxy client requests to.
# proxy_ip 127.0.0.1
# [-g] Port to proxy client requests to
# [-g] Port number proxy client requests to.
# proxy_port 41121
# [-t] Timeout for socket read/write operations in seconds
@ -71,5 +71,5 @@ log_file /dev/null
# [-w] SSL password. Set to 1 to ask for password by command line
# ssl_password 0
# [-T] Use libwrap library (Authen::Libwrap perl module)
# [-T] Use libwrap library (Authen::Libwrap perl module). 1 true, 0 false.
# use_libwrap 0

8
tentacle/conf/tentacle_server.conf.new
View File

@ -72,4 +72,10 @@ log_file /dev/null
# ssl_password 0
# [-T] Use libwrap library (Authen::Libwrap perl module)
# use_libwrap 0
# use_libwrap 0
# [-z] Restrict to a specific ssl version
# ssl_version TLSv1_3
# [-u] Restrict to a specific ssl cipher
# ssl_cipher AES256-SHA

46
tentacle/tentacle_server
View File

@ -187,6 +187,12 @@ my $t_proxy_ip = undef;
# Port to proxy client requests to
my $t_proxy_port = 41121;
# Allowed SSL Cipher
my $t_ssl_cipher= '';
# Allowed SSL Version
my $t_ssl_version= '';
# Proxy socket
my $t_proxy_socket;
@ -230,7 +236,7 @@ sub print_help {
print ("\t-p port\t\tPort to listen on (default $t_port).\n");
print ("\t-q\t\tQuiet. Do now print error messages.\n");
print ("\t-r number\tNumber of retries for network opertions (default $t_retries).\n");
print ("\t-S (install|uninstall|run) Manage the win32 service.\n");
print ("\t-S \t\t(install|uninstall|run) Manage the win32 service.\n");
print ("\t-t time\t\tTime-out for network operations in seconds (default ${t_timeout}s).\n");
print ("\t-v\t\tBe verbose (display errors).\n");
print ("\t-V\t\tBe verbose on hard way (display errors and other info).\n");
@ -239,7 +245,9 @@ sub print_help {
print ("\t-b ip_address\tProxy requests to the given address.\n");
print ("\t-g port\t\tProxy requests to the given port.\n");
print ("\t-T\t\tEnable tcpwrappers support.\n");
print ("\t \t\t(To use this option, 'Authen::Libwrap' should be installed.)\n\n");
print ("\t \t\t(To use this option, 'Authen::Libwrap' should be installed.)\n");
print ("\t-z\t\tRestrict to a specific SSL Version.\n");
print ("\t-u\t\tRestrict to a specific SSL Cipher.\n\n");
}
################################################################################
@ -287,7 +295,7 @@ sub parse_options {
my @t_addresses_tmp;
# Get options
if (getopts ('a:b:c:de:f:F:g:hIi:k:l:m:op:qr:s:S:t:TvVwx:', \%opts) == 0 || defined ($opts{'h'})) {
if (getopts ('a:b:c:de:f:F:g:hIi:k:l:m:op:qr:s:S:t:TvVwx:z:u:', \%opts) == 0 || defined ($opts{'h'})) {
print_help ();
exit 1;
}
@ -547,6 +555,18 @@ sub parse_options {
}
}
# Specific SSL Version
$token_value = get_config_value($opts{'z'}, $CONF->{'ssl_version'});
if (defined ($token_value)) {
$t_ssl_version = $token_value;
}
# Specific SSL Cipher
$token_value = get_config_value($opts{'u'}, $CONF->{'ssl_cipher'});
if (defined ($token_value)) {
$t_ssl_cipher = $token_value;
}
# Win32 service management
if (defined ($opts{'S'})) {
my $service_action = $opts{'S'};
@ -788,13 +808,19 @@ sub stop_server {
sub start_ssl {
my $err;
my %ssl_args = (
SSL_cert_file => $t_ssl_cert,
SSL_key_file => $t_ssl_key,
SSL_passwd_cb => sub {return $t_ssl_pwd},
SSL_server => 1,
SSL_cipher_list => $t_ssl_cipher // '',
SSL_version => $t_ssl_version // '',
);
if ($t_ssl_ca eq '') {
IO::Socket::SSL->start_SSL (
$t_client_socket,
SSL_cert_file => $t_ssl_cert,
SSL_key_file => $t_ssl_key,
SSL_passwd_cb => sub {return $t_ssl_pwd},
SSL_server => 1,
%ssl_args,
# Verify peer
SSL_verify_mode => 0x01,
);
@ -802,11 +828,8 @@ sub start_ssl {
else {
IO::Socket::SSL->start_SSL (
$t_client_socket,
%ssl_args,
SSL_ca_file => $t_ssl_ca,
SSL_cert_file => $t_ssl_cert,
SSL_key_file => $t_ssl_key,
SSL_passwd_cb => sub {return $t_ssl_pwd},
SSL_server => 1,
# Fail verification if no peer certificate exists
SSL_verify_mode => 0x03,
);
@ -820,6 +843,7 @@ sub start_ssl {
print_log ("SSL started for " . $t_client_socket->sockhost ());
}
################################################################################
## SUB accept_connections
## Manage incoming connections.