tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use server UID to authorize instead of user/pass.

This commit is contained in:
Félix Suárez 2023-07-11 14:38:14 -06:00
parent 01de48631c
commit d17d3bd3eb
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pandora_console/include/api.php
View File

@ -129,6 +129,16 @@ if (empty($apiPassword) === true
// Compat.
$config['id_user'] = 'admin';
$correctLogin = true;
// Bypass credentials if server-auth and api-pass are correct.
} else if (($op === 'get')
&& ($config['server_unique_identifier'] === get_parameter('server_auth'))
&& ($api_password === $apiPassword)
&& ((bool) isInACL($ipOrigin) === true)) {
$config['id_usuario'] = 'admin';
$config['id_user'] = 'admin';
$correctLogin = true;
} else if ((bool) isInACL($ipOrigin) === true) {
// External access.
// Token is valid. Bypass the credentials.

6
pandora_server/lib/PandoraFMS/Core.pm
View File

@ -1707,8 +1707,7 @@ sub pandora_execute_action ($$$$$$$$$;$$) {
my $params = {};
$params->{"apipass"} = $pa_config->{"console_api_pass"};
$params->{"user"} ||= $pa_config->{"console_user"};
$params->{"pass"} ||= $pa_config->{"console_pass"};
$params->{"server_auth"} = $pa_config->{"server_unique_identifier"};
$params->{"op"} = "set";
$params->{"op2"} = "send_report";
$params->{"other_mode"} = "url_encode_separator_|;|";
@ -1739,8 +1738,7 @@ sub pandora_execute_action ($$$$$$$$$;$$) {
my $params = {};
$params->{"apipass"} = $pa_config->{"console_api_pass"};
$params->{"user"} ||= $pa_config->{"console_user"};
$params->{"pass"} ||= $pa_config->{"console_pass"};
$params->{"server_auth"} = $pa_config->{"server_unique_identifier"};
$params->{"op"} = "set";
$params->{"op2"} = "send_report";
$params->{"other_mode"} = "url_encode_separator_|;|";