diff --git a/.vagrant-puppet/files/etc/icingaweb/modules/monitoring/config.ini b/.vagrant-puppet/files/etc/icingaweb/modules/monitoring/config.ini new file mode 100644 index 000000000..9b69fe86f --- /dev/null +++ b/.vagrant-puppet/files/etc/icingaweb/modules/monitoring/config.ini @@ -0,0 +1,2 @@ +[security] +protected_customvars = "*pw*,*pass*,community" diff --git a/.vagrant-puppet/manifests/default.pp b/.vagrant-puppet/manifests/default.pp index 86065d8fc..1e1607d29 100644 --- a/.vagrant-puppet/manifests/default.pp +++ b/.vagrant-puppet/manifests/default.pp @@ -735,6 +735,12 @@ file { '/etc/icingaweb/modules/monitoring/backends.ini': group => 'apache', } +file { '/etc/icingaweb/modules/monitoring/config.ini': + source => 'puppet:////vagrant/.vagrant-puppet/files/etc/icingaweb/modules/monitoring/config.ini', + owner => 'apache', + group => 'apache', +} + file { '/etc/icingaweb/modules/monitoring/instances.ini': source => 'puppet:////vagrant/.vagrant-puppet/files/etc/icingaweb/modules/monitoring/instances.ini', owner => 'apache', diff --git a/config/modules/monitoring/config.ini b/config/modules/monitoring/config.ini new file mode 100644 index 000000000..9b69fe86f --- /dev/null +++ b/config/modules/monitoring/config.ini @@ -0,0 +1,2 @@ +[security] +protected_customvars = "*pw*,*pass*,community" diff --git a/modules/monitoring/application/controllers/ConfigController.php b/modules/monitoring/application/controllers/ConfigController.php index c06ded57f..f0982c29a 100644 --- a/modules/monitoring/application/controllers/ConfigController.php +++ b/modules/monitoring/application/controllers/ConfigController.php @@ -14,6 +14,7 @@ use Icinga\Module\Monitoring\Form\Config\Backend\EditBackendForm; use Icinga\Module\Monitoring\Form\Config\Backend\CreateBackendForm; use Icinga\Module\Monitoring\Form\Config\Instance\EditInstanceForm; use Icinga\Module\Monitoring\Form\Config\Instance\CreateInstanceForm; +use Icinga\Module\Monitoring\Form\Config\SecurityForm; use Icinga\Exception\NotReadableError; @@ -216,7 +217,7 @@ class Monitoring_ConfigController extends ModuleActionController /** * Display a form to remove the instance identified by the 'instance' parameter */ - private function writeConfiguration($config, $file) + private function writeConfiguration($config, $file = null) { $target = $this->Config($file)->getConfigFile(); $writer = new PreservingIniWriter(array('filename' => $target, 'config' => $config)); @@ -258,4 +259,25 @@ class Monitoring_ConfigController extends ModuleActionController $instanceCfg = $this->Config('instances'); return $instanceCfg && $instanceCfg->get($instance); } + + public function securityAction() + { + $this->view->tabs = $this->Module()->getConfigTabs()->activate('security'); + + $form = new SecurityForm(); + $form->setConfiguration($this->Config()->get('security')); + $form->setRequest($this->getRequest()); + if ($form->isSubmittedAndValid()) { + $config = $this->Config()->toArray(); + $config['security'] = $form->getConfig(); + if ($this->writeConfiguration(new Zend_Config($config))) { + Notification::success('Configuration modified successfully'); + $this->redirectNow('monitoring/config/security'); + } else { + $this->render('show-configuration'); + return; + } + } + $this->view->form = $form; + } } diff --git a/modules/monitoring/application/forms/Config/SecurityForm.php b/modules/monitoring/application/forms/Config/SecurityForm.php new file mode 100644 index 000000000..74577c0d5 --- /dev/null +++ b/modules/monitoring/application/forms/Config/SecurityForm.php @@ -0,0 +1,59 @@ +addElement( + 'text', + 'protected_customvars', + array( + 'label' => 'Protected Custom Variables', + 'required' => true, + 'value' => $this->config->protected_customvars, + 'helptext' => 'Comma separated case insensitive list of protected custom variables.' + . ' Use * as a placeholder for zero or more wildcard characters.' + . ' Existance of those custom variables will be shown, but their values will be masked.' + ) + ); + $this->setSubmitLabel('Save'); + } + + /** + * Set the configuration to be used for initial population of the form + */ + public function setConfiguration($config) + { + $this->config = $config; + } + + /** + * Return the configuration set by this form + * + * @return Zend_Config The configuration set in this form + */ + public function getConfig() + { + $values = $this->getValues(); + return new Zend_Config(array( + 'protected_customvars' => $values['protected_customvars'] + )); + } +} diff --git a/modules/monitoring/application/views/scripts/config/security.phtml b/modules/monitoring/application/views/scripts/config/security.phtml new file mode 100644 index 000000000..71f2a341a --- /dev/null +++ b/modules/monitoring/application/views/scripts/config/security.phtml @@ -0,0 +1,6 @@ +
+ tabs ?> +
+
+ form ?> +
diff --git a/modules/monitoring/application/views/scripts/show/components/customvars.phtml b/modules/monitoring/application/views/scripts/show/components/customvars.phtml index 9eeb4a0ac..d89260e95 100644 --- a/modules/monitoring/application/views/scripts/show/components/customvars.phtml +++ b/modules/monitoring/application/views/scripts/show/components/customvars.phtml @@ -1,16 +1,8 @@ customvars) { return; } - foreach ($object->customvars as $name => $value) { - $name = ucwords(str_replace('_', ' ', strtolower($name))); - if (preg_match('~(?:pw|pass|community)~', strtolower($name))) { - $value = '***'; - } printf( "%s%s\n", $this->escape($name), $this->escape($value) ); } - diff --git a/modules/monitoring/configuration.php b/modules/monitoring/configuration.php index ffd769482..479ee525f 100644 --- a/modules/monitoring/configuration.php +++ b/modules/monitoring/configuration.php @@ -12,4 +12,7 @@ $this->provideConfigTab('backends', array( 'title' => 'Backends', 'url' => 'config' )); - +$this->provideConfigTab('security', array( + 'title' => 'Security', + 'url' => 'config/security' +)); diff --git a/modules/monitoring/library/Monitoring/Object/AbstractObject.php b/modules/monitoring/library/Monitoring/Object/AbstractObject.php index 73314fbc9..483516f9c 100644 --- a/modules/monitoring/library/Monitoring/Object/AbstractObject.php +++ b/modules/monitoring/library/Monitoring/Object/AbstractObject.php @@ -20,6 +20,7 @@ use Icinga\Module\Monitoring\DataView\Comment; use Icinga\Module\Monitoring\DataView\Servicegroup; use Icinga\Module\Monitoring\DataView\Customvar; use Icinga\Web\UrlParams; +use Icinga\Application\Config; abstract class AbstractObject @@ -120,6 +121,17 @@ abstract class AbstractObject public function fetchCustomvars() { + $monitoringSecurity = Config::module('monitoring')->get('security')->toArray(); + $customvars = array(); + foreach (explode(',', $monitoringSecurity['protected_customvars']) as $customvar) { + $nonWildcards = array(); + foreach (explode('*', $customvar) as $nonWildcard) { + $nonWildcards[] = preg_quote($nonWildcard, '/'); + } + $customvars[] = implode('.*', $nonWildcards); + } + $customvars = '/^(' . implode('|', $customvars) . ')$/i'; + $query = Customvar::fromParams(array('backend' => null), array( 'varname', 'varvalue' @@ -136,6 +148,12 @@ abstract class AbstractObject } $this->customvars = $query->getQuery()->fetchPairs(); + foreach ($this->customvars as $name => &$value) { + if (preg_match($customvars, ucwords(str_replace('_', ' ', strtolower($name))))) { + $value = '***'; + } + } + return $this; }