2010-08-26 Sancho Lerena <slerena@gmail.com>

* include/functions_agents.php: Call to get_agents () with current
    user and without returning "all" group, this avoid to render non-visible
    (ACL) agents in the AJAX control to return an agent.

    * pandoradb.sql: ttrap value* information resized.

    * extensions/users_connected.php: ACL check before show users.

    * operation/events/events_marquee.php: Added ACL check.

    * operation/events/events.php: System events not shown to normal
    users.

    * operation/menu.php: Server view is now only for PM.

    * extras/pandoradb_migrate_v3.1_to_v3.2.sql: ttrap value* alter
    table.

    * general/noaccess.php: Added code to avoid image usage when called
    from different directories than standard.

    * godmode/agentes/agent_manager.php: Proper call to
    get_user_groups().

    * godmode/menu.php: Profiles are now under user management.




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3183 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/ChangeLog

@@ -1,3 +1,28 @@
+2010-08-26  Sancho Lerena  <slerena@gmail.com>
+
+    * include/functions_agents.php: Call to get_agents () with current user
+    and without returning "all" group, this avoid to render non-visible (ACL)
+    agents in the AJAX control to return an agent.
+
+    * pandoradb.sql: ttrap value* information resized.
+
+    * extensions/users_connected.php: ACL check before show users.
+
+    * operation/events/events_marquee.php: Added ACL check.
+
+    * operation/events/events.php: System events not shown to normal users.
+
+    * operation/menu.php: Server view is now only for PM.
+
+    * extras/pandoradb_migrate_v3.1_to_v3.2.sql: ttrap value* alter table.
+
+    * general/noaccess.php: Added code to avoid image usage when called from
+    different directories than standard.
+
+    * godmode/agentes/agent_manager.php: Proper call to get_user_groups().
+
+    * godmode/menu.php: Profiles are now under user management.
+
 2010-08-26  Raúl Mateos   <raulofpandora@gmail.com>
 
 	* godmode/reporting/reporting_builder.list_items.php: Added code to

pandora_console/extensions/users_connected.php

@@ -104,7 +104,11 @@ function users_extension_main_god () {
 
 }
 add_godmode_menu_option (__('Users connected'), 'UM','gusuarios',"users/icon.png");
-add_operation_menu_option(__('Users connected'), 'usuarios',"users/icon.png");
+
+if (isset($config["id_user"]))
+    if (give_acl ($config["id_user"], 0, "UM")) {
+        add_operation_menu_option(__('Users connected'), 'usuarios',"users/icon.png");
+    }
 
 add_extension_godmode_function ('users_extension_main_god');
 add_extension_main_function ('users_extension_main');

pandora_console/extras/pandoradb_migrate_v3.1_to_v3.2.sql

@@ -94,6 +94,8 @@ l', 'onchange', 'unknown');
 
 ALTER TABLE trecon_task ADD `snmp_community` varchar(64) NOT NULL default 'public';
 
+ALTER TABLE ttrap MODIFY value_custom text default '';
+ALTER TABLE ttrap MODIFY value text default '';
 -- -----------------------------------------------------
 -- Table `tagent_custom_fields`
 -- -----------------------------------------------------
@@ -119,3 +121,4 @@ CREATE TABLE IF NOT EXISTS `tagent_custom_data` (
 	ON UPDATE CASCADE ON DELETE CASCADE,
   PRIMARY KEY  (`id_field`, `id_agent`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8
+

pandora_console/general/noaccess.php

@@ -12,15 +12,24 @@
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 
-print_page_header (__('You don\'t have access to this page'), "", false, "", true);
+if (file_exists("images/noaccess.png")){
-
+    print_page_header (__('You don\'t have access to this page'), "", false, "", true);
+} else {
+    echo "<br><br><center><h3>".__('You don\'t have access to this page')."</h3></center>";
+}
 ?>
 
 <div id="noaccess">
 	<div align='center'>
-		<img src='images/noaccess.png' alt='No access'>
+
+<?php
+    if (file_exists("images/noaccess.png")){
+        echo "<img src='images/noaccess.png' alt='No access'>";
+    }
+?>
+
 		<div>&nbsp;</div>
-		<div class="msg"><?php echo __('Access to this page is restricted to authorized users only, please contact system administrator if you need assistance. <br><br>Please know that all attempts to access this page are recorded in security logs of Pandora System Database');?></div>
+		<div class="msg" style='width: 400px'><?php echo __('Access to this page is restricted to authorized users only, please contact system administrator if you need assistance. <br><br>Please know that all attempts to access this page are recorded in security logs of Pandora System Database');?></div>
 	</div>
 </div>
 

pandora_console/godmode/agentes/agent_manager.php

@@ -126,7 +126,7 @@ if ($id_agente) {
 	$table->data[1][1] .= " ". print_checkbox ("delete_ip", 1, false, true).__('Delete selected');	
 }
 
-$groups = get_user_groups ($config["id_user"]);
+$groups = get_user_groups ($config["id_user"], "AR",false);
 $agents = get_group_agents (array_keys ($groups));
 
 $table->data[2][0] = __('Parent');

pandora_console/godmode/menu.php

@@ -108,6 +108,15 @@ if (give_acl ($config['id_user'], 0, "UM")) {
 	$menu["gusuarios"]["text"] = __('Manage users');
 	$menu["gusuarios"]["sec2"] = "godmode/users/user_list";
 	$menu["gusuarios"]["id"] = "god-users";
+
+    
+    if (give_acl ($config['id_user'], 0, "PM")) {
+        $sub = array ();
+	    // Manage profiles
+    	$sub["godmode/profiles/profile_list"]["text"] = __('Manage profiles');
+    	$menu["gusuarios"]["sub"] = $sub;
+    }
+
 }
 
 // SNMP console
@@ -157,10 +166,6 @@ if (give_acl ($config['id_user'], 0, "IW")) {
 }
 
 if (give_acl ($config['id_user'], 0, "PM")) {
-	// Manage profiles
-	$menu["gperfiles"]["text"] = __('Manage profiles');
-	$menu["gperfiles"]["sec2"] = "godmode/profiles/profile_list";
-	$menu["gperfiles"]["id"] = "god-profiles";
 
 	// Servers
 	$menu["gservers"]["text"] = __('Manage servers');

pandora_console/include/functions_agents.php

@@ -280,12 +280,14 @@ function get_agent_alerts_compound ($id_agent = false, $filter = '', $options =
  * @return mixed An array with all alerts defined for an agent or false in case no allowed groups are specified.
  */
 function get_agents ($filter = false, $fields = false, $access = 'AR', $order = array('field' => 'nombre', 'order' => 'ASC')) {
+    global $config;
+
 	if (! is_array ($filter)) {
 		$filter = array ();
 	}
 
 	//Get user groups
-	$groups = array_keys (get_user_groups (false, $access));
+	$groups = array_keys (get_user_groups ($config["id_user"], $access, false));
 
 	//If no group specified, get all user groups
 	if (empty ($filter['id_grupo'])) {
@@ -320,7 +322,6 @@ function get_agents ($filter = false, $fields = false, $access = 'AR', $order =
 	}
 	
 	$filter['order'] = $order['field'] . ' ' . $order['order'];
-
 	return get_db_all_rows_filter ('tagente', $filter, $fields);
 }
 

pandora_console/operation/events/events.php

@@ -135,13 +135,12 @@ else{
 
 $id_event = (int) get_parameter ("id_event", -1);
 $pagination = (int) get_parameter ("pagination", $config["block_size"]);
-$groups = get_user_groups ($config["id_user"], "IR");
 $event_view_hr = (int) get_parameter ("event_view_hr", $config["event_view_hr"]);
 $id_user_ack = get_parameter ("id_user_ack", 0);
 $group_rep = (int) get_parameter ("group_rep", 0);
-
 $delete = (bool) get_parameter ("delete");
 $validate = (bool) get_parameter ("validate");
+$groups = get_user_groups ($config["id_user"], "IR");
 
 //Group selection
 if ($ev_group > 0 && in_array ($ev_group, array_keys ($groups))) {
@@ -157,6 +156,10 @@ if ($ev_group > 0 && in_array ($ev_group, array_keys ($groups))) {
 	}
 }
 
+// Skip system messages if user is not PM
+if (!give_acl ($config["id_user"], 0, "PM")) {
+    $sql_post .= " AND id_grupo != 0";
+}
 
 if ($status == 1) {
 	$sql_post .= " AND estado = 1";

pandora_console/operation/events/events_marquee.php

@@ -13,11 +13,11 @@
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 // GNU General Public License for more details.
 
-error_reporting(E_ALL);
+error_reporting(1);
 
 // Local settings for marquee extension
 
-$MAX_MARQUEE_EVENTS=5;
+$MAX_MARQUEE_EVENTS=10;
 $MARQUEE_INTERVAL=90;
 $MARQUEE_FONT_SIZE="32px";
 $MARQUEE_SPEED=12;
@@ -28,13 +28,40 @@ require_once "../../include/functions.php";
 require_once "../../include/functions_db.php";
 require_once "../../include/functions_api.php";
 
-if(!isInACL($_SERVER['REMOTE_ADDR']))
+session_start ();
+
+// http://es2.php.net/manual/en/ref.session.php#64525
+// Session locking concurrency speedup!
+check_login ();
+
+session_write_close (); 
+
+
+if(!isInACL($_SERVER['REMOTE_ADDR'])){
+    audit_db ('', $_SERVER['REMOTE_ADDR'], "ACL Violation",
+		"Trying to access marquee without ACL Access");
+	require ("../../general/noaccess.php");
 	exit;
+}
 
-$sql = "SELECT evento, timestamp, id_agente FROM tevento ORDER BY utimestamp DESC LIMIT 0 , $MAX_MARQUEE_EVENTS";
+global $config;
 
-$result=mysql_query($sql);
+$config["id_user"] = $_SESSION["id_usuario"];
-while($row=mysql_fetch_array($result,MYSQL_ASSOC)) {
+
+$groups = get_user_groups ($config["id_user"], "AR");
+//Otherwise select all groups the user has rights to.
+$sql_group_filter = " AND id_grupo IN (".implode (",", array_keys ($groups)).")";
+
+// Skip system messages if user is not PM
+if (!give_acl ($config["id_user"], 0, "PM")) {
+    $sql_group_filter .= " AND id_grupo != 0";
+}
+
+	
+$sql = "SELECT evento, timestamp, id_agente FROM tevento WHERE 1=1 $sql_group_filter ORDER BY utimestamp DESC LIMIT 0 , $MAX_MARQUEE_EVENTS";
+
+$result = get_db_all_rows_sql ($sql);
+foreach ($result as $row) {
 	$agente = "";
 	if ($row["id_agente"] != 0){
 		$agente = get_db_sql ("SELECT nombre FROM tagente WHERE id_agente = ". $row["id_agente"]);

pandora_console/operation/menu.php

@@ -115,6 +115,10 @@ if (give_acl ($config['id_user'], 0, "AR")) {
 	
 	$menu["visualc"]["sub"] = $sub;
 	//End of visual console
+}
+
+// Agent read, Server read
+if (give_acl ($config['id_user'], 0, "PM")) {
 
 	// Server view
 	$menu["estado_server"]["text"] = __('Pandora servers');
@@ -182,21 +186,29 @@ if (give_acl ($config['id_user'], 0, "AR")) {
 
 // ANY user can view itself !
 
-// Users
-$menu["usuarios"]["text"] = __('View users');
-$menu["usuarios"]["sec2"] = "operation/users/user";
-$menu["usuarios"]["id"] = "oper-users";
-
-$sub = array ();
-$sub["operation/users/user_edit"]["text"] = __('Edit my user');
-$sub["operation/users/user_edit"]["options"]["name"] = "ver";
-$sub["operation/users/user_edit"]["options"]["value"] = $config["id_user"];
-
 if (give_acl ($config["id_user"], 0, "UM")) {
+
+    // Users
+    $menu["usuarios"]["text"] = __('View users');
+    $menu["usuarios"]["sec2"] = "operation/users/user";
+    $menu["usuarios"]["id"] = "oper-users";
+
+    $sub = array ();
+    $sub["operation/users/user_edit"]["text"] = __('Edit my user');
+    $sub["operation/users/user_edit"]["options"]["name"] = "ver";
+    $sub["operation/users/user_edit"]["options"]["value"] = $config["id_user"];
 	$sub["operation/users/user_statistics"]["text"] = __('Statistics');
+    $menu["usuarios"]["sub"] = $sub;
+} else {
+    // Users
+    $menu["usuarios"]["text"] = __('Edit my user');
+    $menu["usuarios"]["sec2"] = "operation/users/user_edit";
+    $menu["usuarios"]["id"] = "oper-users";
+
+
 }
 
-$menu["usuarios"]["sub"] = $sub;
+
 //End of Users
 
 // Rest of options, all with AR privilege (or should events be with incidents?)

pandora_console/pandoradb.sql

@@ -679,8 +679,8 @@ CREATE TABLE IF NOT EXISTS `ttrap` (
   `oid_custom` varchar(255) default '',
   `type` int(11) NOT NULL default '0',
   `type_custom` varchar(100) default '',
-  `value` varchar(255) default '',
+  `value` text default '',
-  `value_custom` varchar(255) default '',
+  `value_custom` text default '',
   `alerted` smallint(6) NOT NULL default '0',
   `status` smallint(6) NOT NULL default '0',
   `id_usuario` varchar(150) default '',