tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 00:04:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use server UID to authorize instead of user/pass.

Browse Source
This commit is contained in:
Félix Suárez 2023-07-11 14:38:14 -06:00
parent 01de48631c
commit d17d3bd3eb
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pandora_console/include/api.php
View File

@ -118,7 +118,7 @@ if ($info === 'version') {
if (empty($apiPassword) === true if (empty($apiPassword) === true
|| (empty($apiPassword) === false && $api_password === $apiPassword) || (empty($apiPassword) === false && $api_password === $apiPassword)
|| $apiTokenValid === true || $apiTokenValid === true
) { ) {
if (enterprise_hook('metaconsole_validate_origin', [get_parameter('server_auth')]) === true if (enterprise_hook('metaconsole_validate_origin', [get_parameter('server_auth')]) === true
|| enterprise_hook('console_validate_origin', [get_parameter('server_auth')]) === true || enterprise_hook('console_validate_origin', [get_parameter('server_auth')]) === true
) { ) {
@ -129,7 +129,17 @@ if (empty($apiPassword) === true
// Compat. // Compat.
$config['id_user'] = 'admin'; $config['id_user'] = 'admin';
$correctLogin = true; $correctLogin = true;
} else if ((bool) isInACL($ipOrigin) === true) { // Bypass credentials if server-auth and api-pass are correct.
} else if (($op === 'get')
&& ($config['server_unique_identifier'] === get_parameter('server_auth'))
&& ($api_password === $apiPassword)
&& ((bool) isInACL($ipOrigin) === true)) {
$config['id_usuario'] = 'admin';
$config['id_user'] = 'admin';
$correctLogin = true;
} else if ((bool) isInACL($ipOrigin) === true) {
// External access. // External access.
// Token is valid. Bypass the credentials. // Token is valid. Bypass the credentials.
if ($apiTokenValid === true) { if ($apiTokenValid === true) {

6
pandora_server/lib/PandoraFMS/Core.pm
View File

@ -1707,8 +1707,7 @@ sub pandora_execute_action ($$$$$$$$$;$$) {
my $params = {}; my $params = {};
$params->{"apipass"} = $pa_config->{"console_api_pass"}; $params->{"apipass"} = $pa_config->{"console_api_pass"};
$params->{"user"} ||= $pa_config->{"console_user"}; $params->{"server_auth"} = $pa_config->{"server_unique_identifier"};
$params->{"pass"} ||= $pa_config->{"console_pass"};
$params->{"op"} = "set"; $params->{"op"} = "set";
$params->{"op2"} = "send_report"; $params->{"op2"} = "send_report";
$params->{"other_mode"} = "url_encode_separator_|;|"; $params->{"other_mode"} = "url_encode_separator_|;|";
@ -1739,8 +1738,7 @@ sub pandora_execute_action ($$$$$$$$$;$$) {
my $params = {}; my $params = {};
$params->{"apipass"} = $pa_config->{"console_api_pass"}; $params->{"apipass"} = $pa_config->{"console_api_pass"};
$params->{"user"} ||= $pa_config->{"console_user"}; $params->{"server_auth"} = $pa_config->{"server_unique_identifier"};
$params->{"pass"} ||= $pa_config->{"console_pass"};
$params->{"op"} = "set"; $params->{"op"} = "set";
$params->{"op2"} = "send_report"; $params->{"op2"} = "send_report";
$params->{"other_mode"} = "url_encode_separator_|;|"; $params->{"other_mode"} = "url_encode_separator_|;|";