Revert "Merge branch…"

This reverts merge request !1899

Former-commit-id: e19c3f43ff8a1a416e339f874d73299406d7e57a
This commit is contained in:
Enrique Camargo 2019-01-11 12:12:51 +01:00
parent 54449f9fb6
commit 1865cc954c
1 changed files with 103 additions and 327 deletions

View File

@ -11871,231 +11871,6 @@ function util_api_check_agent_and_print_error($id_agent, $returnType, $access =
return false;
}
function api_get_user_info($thrash1, $thrash2, $other, $returnType) {
$separator = ';';
$other = json_decode(base64_decode($other['data']),true);
$sql = 'select * from tusuario where id_user = "'.$other[0]['id_user'].'" and password = "'.$other[0]['password'].'"';
$user_info = db_get_all_rows_sql($sql);
if (count($user_info) > 0 and $user_info !== false) {
$data = array('type' => 'array', 'data' => $user_info);
returnData($returnType, $data, $separator);
}
else {
return 0;
}
}
/*
This function receives different parameters to process one of these actions the logging process in our application from the records in the audit of pandora fms, to avoid concurrent access of administrator users, and optionally to prohibit access to non-administrator users:
Parameter 0
The User ID that attempts the action is used to check the status of the application for access.
Parameter 1
Login, logout, exclude, browse.
These requests receive a response that we can treat as we consider, this function only sends answers, does not perform any action in your application, you must customize them.
Login action: free (register our access), taken, denied (if you are not an administrator user and parameter four is set to 1, register the expulsion).
Browse action: It has the same answers as login, but does not register anything in the audit.
Logout action: It records the deslogeo but does not send a response.
All other actions do not return a response,
Parameter 2
IP address of the application is also used to check the status of the application for access.
Parameter 3
Name of the application, it is also used to check the status of the application for access.
Parameter 4
If you mark 1 you will avoid the access to the non-administrators users, returning the response `denied' and registering that expulsion in the audit of pandora fms.
*/
function api_set_access_process($thrash1, $thrash2, $other, $returnType) {
if (defined ('METACONSOLE')) {
return;
}
$other['data'] = explode('|',$other['data']);
$sql = 'select id_usuario,utimestamp from tsesion where descripcion like "%'.$other['data'][2].'%" and accion like "%'.$other['data'][3].' Logon%" and id_usuario IN (select id_user from tusuario where is_admin = 1) and id_usuario != "'.$other['data'][0].'" order by utimestamp DESC limit 1';
$audit_concurrence = db_get_all_rows_sql($sql);
$sql_user = 'select id_usuario,utimestamp from tsesion where descripcion like "%'.$other['data'][2].'%" and accion like "%'.$other['data'][3].' Logon%" and id_usuario IN (select id_user from tusuario where is_admin = 1) and id_usuario = "'.$other['data'][0].'" order by utimestamp DESC limit 1';
$audit_concurrence_user = db_get_all_rows_sql($sql_user);
$sql2 = 'select id_usuario,utimestamp,accion from tsesion where descripcion like "%'.$other['data'][2].'%" and accion like "%'.$other['data'][3].' Logoff%" and id_usuario = "'.$audit_concurrence[0]['id_usuario'].'" order by utimestamp DESC limit 1';
$audit_concurrence_2 = db_get_all_rows_sql($sql2);
//The user trying to log in is an administrator
if(users_is_admin($other['data'][0])){
//The admin user is trying to login
if($other['data'][1] == 'login'){
// Check if there is an administrator user logged in prior to our last login
if($audit_concurrence[0]['utimestamp'] > $audit_concurrence_user[0]['utimestamp']){
// Check if the administrator user logged in later to us has unlogged and left the node free
if($audit_concurrence[0]['utimestamp'] > $audit_concurrence_2[0]['utimestamp']){
// The administrator user logged in later has not yet unlogged
returnData('string', array('type' => 'string', 'data' => 'taken'));
}
else{
// The administrator user logged in later has already unlogged
returnData('string', array('type' => 'string', 'data' => 'free'));
}
}
else{
// There is no administrator user who has logged in since then to log us in.
db_pandora_audit($other['data'][3].' Logon', 'Logged in '.$other['data'][3].' node '.$other['data'][2] , $other['data'][0]);
returnData('string', array('type' => 'string', 'data' => 'free'));
}
}
elseif ($other['data'][1] == 'logout') {
// The administrator user wants to log out
db_pandora_audit($other['data'][3].' Logoff', 'Logout from '.$other['data'][3].' node '.$other['data'][2], $other['data'][0]);
}
elseif ($other['data'][1] == 'exclude') {
// The administrator user has ejected another administrator user who was logged in
db_pandora_audit($other['data'][3].' Logon', 'Logged in '.$other['data'][3].' node '.$other['data'][2] , $other['data'][0]);
db_pandora_audit($other['data'][3].' Logoff', 'Logout from '.$other['data'][3].' node '.$other['data'][2] , $audit_concurrence[0]['id_usuario']);
}
//The admin user is trying to browse
elseif ($other['data'][1] == 'browse') {
// Check if there is an administrator user logged in prior to our last login
if($audit_concurrence[0]['utimestamp'] > $audit_concurrence_user[0]['utimestamp']){
// Check if the administrator user logged in later to us has unlogged and left the node free
if($audit_concurrence[0]['utimestamp'] > $audit_concurrence_2[0]['utimestamp']){
// The administrator user logged in later has not yet unlogged
returnData('string', array('type' => 'string', 'data' => $audit_concurrence[0]['id_usuario']));
}
else{
// The administrator user logged in later has already unlogged
returnData('string', array('type' => 'string', 'data' => 'free'));
}
}
else{
// There is no administrator user who has logged in since then to log us in.
returnData('string', array('type' => 'string', 'data' => 'free'));
}
}
elseif ($other['data'][1] == 'cancelled'){
//The administrator user tries to log in having another administrator logged in, but instead of expelling him he cancels his log in.
db_pandora_audit($other['data'][3].' cancelled access', 'Cancelled access in '.$other['data'][3].' node '.$other['data'][2] , $other['data'][0]);
returnData('string', array('type' => 'string', 'data' => 'cancelled'));
}
}
else{
if($other['data'][4] == 1){
//The user trying to log in is not an administrator and is not allowed no admin access
db_pandora_audit($other['data'][3].' denied access', 'Denied access to non-admin user '.$other['data'][3].' node '.$other['data'][2] , $other['data'][0]);
returnData('string', array('type' => 'string', 'data' => 'denied'));
}
else{
//The user trying to log in is not an administrator and is allowed no admin access
if($other['data'][1] == 'login'){
//The user trying to login is not admin, can enter without concurrent use filter
db_pandora_audit($other['data'][3].' Logon', 'Logged in '.$other['data'][3].' node '.$other['data'][2] , $other['data'][0]);
returnData('string', array('type' => 'string', 'data' => 'free'));
}
elseif ($other['data'][1] == 'logout') {
//The user trying to logoff is not admin
db_pandora_audit($other['data'][3].' Logoff', 'Logout from '.$other['data'][3].' node '.$other['data'][2], $other['data'][0]);
}
elseif ($other['data'][1] == 'browse'){
//The user trying to browse in an app page is not admin, can enter without concurrent use filter
returnData('string', array('type' => 'string', 'data' => 'free'));
}
}
}
}
function api_get_traps($thrash1, $thrash2, $other, $returnType) {
if (defined ('METACONSOLE')) {
return;
}
$other['data'] = explode('|',$other['data']);
$other['data'][1] = date("Y-m-d H:i:s",$other['data'][1]);
$sql = 'SELECT * from ttrap where timestamp >= "'.$other['data'][1].'"';
// $sql = 'SELECT * from ttrap where source = "'.$other['data'][0].'" and timestamp >= "'.$other['data'][1].'"';
if($other['data'][4]){
$other['data'][4] = date("Y-m-d H:i:s",$other['data'][4]);
$sql .= ' and timestamp <= "'.$other['data'][4].'"';
}
if($other['data'][2]){
$sql .= ' limit '.$other['data'][2];
}
if($other['data'][3]){
$sql .= ' offset '.$other['data'][3];
}
if($other['data'][5]){
$sql .= ' and status = 0';
}
if(sizeof($other['data']) == 0){
$sql = 'SELECT * from ttrap';
}
$traps = db_get_all_rows_sql($sql);
if($other['data'][6]){
foreach ($traps as $key => $value) {
if(!strpos($value['oid_custom'],$other['data'][6]) && $other['data'][7] == 'false'){
unset($traps[$key]);
}
if(strpos($value['oid_custom'],$other['data'][6]) && $other['data'][7] == 'true'){
unset($traps[$key]);
}
}
}
$traps_json = json_encode($traps);
if (count($traps) > 0 and $traps !== false) {
returnData('string', array('type' => 'string', 'data' => $traps_json));
}
else {
return 0;
}
}
function api_set_validate_traps ($id, $thrash2, $other, $thrash3) {
if (defined ('METACONSOLE')) {
@ -12121,7 +11896,7 @@ function api_set_validate_traps ($id, $thrash2, $other, $thrash3) {
}
}
function api_set_delete_traps ($id, $thrash2, $other, $thrash3) {
function api_set_delete_traps ($id, $thrash2, $other, $thrash3) {
if (defined ('METACONSOLE')) {
return;
@ -12145,9 +11920,7 @@ function api_set_delete_traps ($id, $thrash2, $other, $thrash3) {
}
}
function api_get_group_id_by_name($thrash1, $thrash2, $other, $thrash3) {
function api_get_group_id_by_name($thrash1, $thrash2, $other, $thrash3) {
if (defined ('METACONSOLE')) {
return;
}
@ -12165,9 +11938,9 @@ function api_get_group_id_by_name($thrash1, $thrash2, $other, $thrash3) {
else {
returnError('error_group_name', 'No groups retrieved.');
}
}
}
function api_get_timezone($thrash1, $thrash2, $other, $thrash3) {
function api_get_timezone($thrash1, $thrash2, $other, $thrash3) {
if (defined ('METACONSOLE')) {
return;
}
@ -12187,9 +11960,9 @@ function api_get_timezone($thrash1, $thrash2, $other, $thrash3) {
else {
returnError('error_timezone', 'No timezone retrieved.');
}
}
}
function api_get_language($thrash1, $thrash2, $other, $thrash3) {
function api_get_language($thrash1, $thrash2, $other, $thrash3) {
if (defined ('METACONSOLE')) {
return;
}
@ -12209,9 +11982,9 @@ function api_get_language($thrash1, $thrash2, $other, $thrash3) {
else {
returnError('error_language', 'No language retrieved.');
}
}
}
function api_get_session_timeout($thrash1, $thrash2, $other, $thrash3) {
function api_get_session_timeout($thrash1, $thrash2, $other, $thrash3) {
if (defined ('METACONSOLE')) {
return;
}
@ -12231,6 +12004,9 @@ function api_get_session_timeout($thrash1, $thrash2, $other, $thrash3) {
else {
returnError('error_session_timeout', 'No session timeout retrieved.');
}
}
}
?>