diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 0a0a7fc11c..598f31ee26 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,28 @@ +2010-08-26 Sancho Lerena + + * include/functions_agents.php: Call to get_agents () with current user + and without returning "all" group, this avoid to render non-visible (ACL) + agents in the AJAX control to return an agent. + + * pandoradb.sql: ttrap value* information resized. + + * extensions/users_connected.php: ACL check before show users. + + * operation/events/events_marquee.php: Added ACL check. + + * operation/events/events.php: System events not shown to normal users. + + * operation/menu.php: Server view is now only for PM. + + * extras/pandoradb_migrate_v3.1_to_v3.2.sql: ttrap value* alter table. + + * general/noaccess.php: Added code to avoid image usage when called from + different directories than standard. + + * godmode/agentes/agent_manager.php: Proper call to get_user_groups(). + + * godmode/menu.php: Profiles are now under user management. + 2010-08-26 Raúl Mateos * godmode/reporting/reporting_builder.list_items.php: Added code to diff --git a/pandora_console/extensions/users_connected.php b/pandora_console/extensions/users_connected.php index a3eaab2608..6f0cd791a2 100644 --- a/pandora_console/extensions/users_connected.php +++ b/pandora_console/extensions/users_connected.php @@ -104,7 +104,11 @@ function users_extension_main_god () { } add_godmode_menu_option (__('Users connected'), 'UM','gusuarios',"users/icon.png"); -add_operation_menu_option(__('Users connected'), 'usuarios',"users/icon.png"); + +if (isset($config["id_user"])) + if (give_acl ($config["id_user"], 0, "UM")) { + add_operation_menu_option(__('Users connected'), 'usuarios',"users/icon.png"); + } add_extension_godmode_function ('users_extension_main_god'); add_extension_main_function ('users_extension_main'); diff --git a/pandora_console/extras/pandoradb_migrate_v3.1_to_v3.2.sql b/pandora_console/extras/pandoradb_migrate_v3.1_to_v3.2.sql index 9fec66b8bf..ebd124b9f4 100644 --- a/pandora_console/extras/pandoradb_migrate_v3.1_to_v3.2.sql +++ b/pandora_console/extras/pandoradb_migrate_v3.1_to_v3.2.sql @@ -94,6 +94,8 @@ l', 'onchange', 'unknown'); ALTER TABLE trecon_task ADD `snmp_community` varchar(64) NOT NULL default 'public'; +ALTER TABLE ttrap MODIFY value_custom text default ''; +ALTER TABLE ttrap MODIFY value text default ''; -- ----------------------------------------------------- -- Table `tagent_custom_fields` -- ----------------------------------------------------- @@ -119,3 +121,4 @@ CREATE TABLE IF NOT EXISTS `tagent_custom_data` ( ON UPDATE CASCADE ON DELETE CASCADE, PRIMARY KEY (`id_field`, `id_agent`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 + diff --git a/pandora_console/general/noaccess.php b/pandora_console/general/noaccess.php index 9f5b7b2d6d..3d1773bfb4 100644 --- a/pandora_console/general/noaccess.php +++ b/pandora_console/general/noaccess.php @@ -12,15 +12,24 @@ // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. -print_page_header (__('You don\'t have access to this page'), "", false, "", true); - +if (file_exists("images/noaccess.png")){ + print_page_header (__('You don\'t have access to this page'), "", false, "", true); +} else { + echo "

".__('You don\'t have access to this page')."

"; +} ?>
- No access + +"; + } +?> +
 
-

Please know that all attempts to access this page are recorded in security logs of Pandora System Database');?>
+

Please know that all attempts to access this page are recorded in security logs of Pandora System Database');?>
diff --git a/pandora_console/godmode/agentes/agent_manager.php b/pandora_console/godmode/agentes/agent_manager.php index 183c9cb95f..d22e325b9e 100644 --- a/pandora_console/godmode/agentes/agent_manager.php +++ b/pandora_console/godmode/agentes/agent_manager.php @@ -126,7 +126,7 @@ if ($id_agente) { $table->data[1][1] .= " ". print_checkbox ("delete_ip", 1, false, true).__('Delete selected'); } -$groups = get_user_groups ($config["id_user"]); +$groups = get_user_groups ($config["id_user"], "AR",false); $agents = get_group_agents (array_keys ($groups)); $table->data[2][0] = __('Parent'); diff --git a/pandora_console/godmode/menu.php b/pandora_console/godmode/menu.php index ffb01d77f2..2607bf8ee7 100644 --- a/pandora_console/godmode/menu.php +++ b/pandora_console/godmode/menu.php @@ -108,6 +108,15 @@ if (give_acl ($config['id_user'], 0, "UM")) { $menu["gusuarios"]["text"] = __('Manage users'); $menu["gusuarios"]["sec2"] = "godmode/users/user_list"; $menu["gusuarios"]["id"] = "god-users"; + + + if (give_acl ($config['id_user'], 0, "PM")) { + $sub = array (); + // Manage profiles + $sub["godmode/profiles/profile_list"]["text"] = __('Manage profiles'); + $menu["gusuarios"]["sub"] = $sub; + } + } // SNMP console @@ -157,10 +166,6 @@ if (give_acl ($config['id_user'], 0, "IW")) { } if (give_acl ($config['id_user'], 0, "PM")) { - // Manage profiles - $menu["gperfiles"]["text"] = __('Manage profiles'); - $menu["gperfiles"]["sec2"] = "godmode/profiles/profile_list"; - $menu["gperfiles"]["id"] = "god-profiles"; // Servers $menu["gservers"]["text"] = __('Manage servers'); diff --git a/pandora_console/include/functions_agents.php b/pandora_console/include/functions_agents.php index 3c4ccff841..d23fcbf3a4 100644 --- a/pandora_console/include/functions_agents.php +++ b/pandora_console/include/functions_agents.php @@ -280,12 +280,14 @@ function get_agent_alerts_compound ($id_agent = false, $filter = '', $options = * @return mixed An array with all alerts defined for an agent or false in case no allowed groups are specified. */ function get_agents ($filter = false, $fields = false, $access = 'AR', $order = array('field' => 'nombre', 'order' => 'ASC')) { + global $config; + if (! is_array ($filter)) { $filter = array (); } - + //Get user groups - $groups = array_keys (get_user_groups (false, $access)); + $groups = array_keys (get_user_groups ($config["id_user"], $access, false)); //If no group specified, get all user groups if (empty ($filter['id_grupo'])) { @@ -320,7 +322,6 @@ function get_agents ($filter = false, $fields = false, $access = 'AR', $order = } $filter['order'] = $order['field'] . ' ' . $order['order']; - return get_db_all_rows_filter ('tagente', $filter, $fields); } diff --git a/pandora_console/operation/events/events.php b/pandora_console/operation/events/events.php index 1052e2f319..bed087a712 100644 --- a/pandora_console/operation/events/events.php +++ b/pandora_console/operation/events/events.php @@ -135,13 +135,12 @@ else{ $id_event = (int) get_parameter ("id_event", -1); $pagination = (int) get_parameter ("pagination", $config["block_size"]); -$groups = get_user_groups ($config["id_user"], "IR"); $event_view_hr = (int) get_parameter ("event_view_hr", $config["event_view_hr"]); $id_user_ack = get_parameter ("id_user_ack", 0); $group_rep = (int) get_parameter ("group_rep", 0); - $delete = (bool) get_parameter ("delete"); $validate = (bool) get_parameter ("validate"); +$groups = get_user_groups ($config["id_user"], "IR"); //Group selection if ($ev_group > 0 && in_array ($ev_group, array_keys ($groups))) { @@ -157,6 +156,10 @@ if ($ev_group > 0 && in_array ($ev_group, array_keys ($groups))) { } } +// Skip system messages if user is not PM +if (!give_acl ($config["id_user"], 0, "PM")) { + $sql_post .= " AND id_grupo != 0"; +} if ($status == 1) { $sql_post .= " AND estado = 1"; diff --git a/pandora_console/operation/events/events_marquee.php b/pandora_console/operation/events/events_marquee.php index b7a9ab8524..b9f545fd8b 100644 --- a/pandora_console/operation/events/events_marquee.php +++ b/pandora_console/operation/events/events_marquee.php @@ -13,11 +13,11 @@ // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. -error_reporting(E_ALL); +error_reporting(1); // Local settings for marquee extension -$MAX_MARQUEE_EVENTS=5; +$MAX_MARQUEE_EVENTS=10; $MARQUEE_INTERVAL=90; $MARQUEE_FONT_SIZE="32px"; $MARQUEE_SPEED=12; @@ -28,13 +28,40 @@ require_once "../../include/functions.php"; require_once "../../include/functions_db.php"; require_once "../../include/functions_api.php"; -if(!isInACL($_SERVER['REMOTE_ADDR'])) - exit; - -$sql = "SELECT evento, timestamp, id_agente FROM tevento ORDER BY utimestamp DESC LIMIT 0 , $MAX_MARQUEE_EVENTS"; +session_start (); -$result=mysql_query($sql); -while($row=mysql_fetch_array($result,MYSQL_ASSOC)) { +// http://es2.php.net/manual/en/ref.session.php#64525 +// Session locking concurrency speedup! +check_login (); + +session_write_close (); + + +if(!isInACL($_SERVER['REMOTE_ADDR'])){ + audit_db ('', $_SERVER['REMOTE_ADDR'], "ACL Violation", + "Trying to access marquee without ACL Access"); + require ("../../general/noaccess.php"); + exit; +} + +global $config; + +$config["id_user"] = $_SESSION["id_usuario"]; + +$groups = get_user_groups ($config["id_user"], "AR"); +//Otherwise select all groups the user has rights to. +$sql_group_filter = " AND id_grupo IN (".implode (",", array_keys ($groups)).")"; + +// Skip system messages if user is not PM +if (!give_acl ($config["id_user"], 0, "PM")) { + $sql_group_filter .= " AND id_grupo != 0"; +} + + +$sql = "SELECT evento, timestamp, id_agente FROM tevento WHERE 1=1 $sql_group_filter ORDER BY utimestamp DESC LIMIT 0 , $MAX_MARQUEE_EVENTS"; + +$result = get_db_all_rows_sql ($sql); +foreach ($result as $row) { $agente = ""; if ($row["id_agente"] != 0){ $agente = get_db_sql ("SELECT nombre FROM tagente WHERE id_agente = ". $row["id_agente"]); diff --git a/pandora_console/operation/menu.php b/pandora_console/operation/menu.php index 083ae2a3a1..d34efc4342 100644 --- a/pandora_console/operation/menu.php +++ b/pandora_console/operation/menu.php @@ -115,7 +115,11 @@ if (give_acl ($config['id_user'], 0, "AR")) { $menu["visualc"]["sub"] = $sub; //End of visual console - +} + +// Agent read, Server read +if (give_acl ($config['id_user'], 0, "PM")) { + // Server view $menu["estado_server"]["text"] = __('Pandora servers'); $menu["estado_server"]["sec2"] = "operation/servers/view_server"; @@ -182,21 +186,29 @@ if (give_acl ($config['id_user'], 0, "AR")) { // ANY user can view itself ! -// Users -$menu["usuarios"]["text"] = __('View users'); -$menu["usuarios"]["sec2"] = "operation/users/user"; -$menu["usuarios"]["id"] = "oper-users"; - -$sub = array (); -$sub["operation/users/user_edit"]["text"] = __('Edit my user'); -$sub["operation/users/user_edit"]["options"]["name"] = "ver"; -$sub["operation/users/user_edit"]["options"]["value"] = $config["id_user"]; - if (give_acl ($config["id_user"], 0, "UM")) { + + // Users + $menu["usuarios"]["text"] = __('View users'); + $menu["usuarios"]["sec2"] = "operation/users/user"; + $menu["usuarios"]["id"] = "oper-users"; + + $sub = array (); + $sub["operation/users/user_edit"]["text"] = __('Edit my user'); + $sub["operation/users/user_edit"]["options"]["name"] = "ver"; + $sub["operation/users/user_edit"]["options"]["value"] = $config["id_user"]; $sub["operation/users/user_statistics"]["text"] = __('Statistics'); + $menu["usuarios"]["sub"] = $sub; +} else { + // Users + $menu["usuarios"]["text"] = __('Edit my user'); + $menu["usuarios"]["sec2"] = "operation/users/user_edit"; + $menu["usuarios"]["id"] = "oper-users"; + + } -$menu["usuarios"]["sub"] = $sub; + //End of Users // Rest of options, all with AR privilege (or should events be with incidents?) diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql index a33895756d..8fcb702151 100644 --- a/pandora_console/pandoradb.sql +++ b/pandora_console/pandoradb.sql @@ -679,8 +679,8 @@ CREATE TABLE IF NOT EXISTS `ttrap` ( `oid_custom` varchar(255) default '', `type` int(11) NOT NULL default '0', `type_custom` varchar(100) default '', - `value` varchar(255) default '', - `value_custom` varchar(255) default '', + `value` text default '', + `value_custom` text default '', `alerted` smallint(6) NOT NULL default '0', `status` smallint(6) NOT NULL default '0', `id_usuario` varchar(150) default '',