2011-05-12 Miguel de Dios <miguel.dedios@artica.es>
* include/functions.php: added new parameter for the "check_acl" function the $id_agent, by default is 0, and this parameter now only is used in the enterprise ACL check (as you see in the hook for enterprise into the function source). And cleaned source code style. * include/functions_agents.php, operation/search_modules.php, operation/agentes/status_monitor.php, operation/agentes/estado_ultimopaquete.php, operation/agentes/alerts_status.php, operation/agentes/estado_agente.php, operation/agentes/estado_monitores.php, operation/agentes/ver_agente.php, godmode/agentes/module_manager.php, godmode/agentes/modificar_agente.php, godmode/agentes/configurar_agente.php, godmode/alerts/alert_list.list.php: added checks for the ACL enterprise. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4347 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
mdtrooper
parent
cb7123c901
commit
1c8c7c8fbe
|
|
@ -1,3 +1,19 @@
|
|||
2011-05-12 Miguel de Dios <miguel.dedios@artica.es>
|
||||
|
||||
* include/functions.php: added new parameter for the "check_acl" function
|
||||
the $id_agent, by default is 0, and this parameter now only is used in the
|
||||
enterprise ACL check (as you see in the hook for enterprise into the
|
||||
function source). And cleaned source code style.
|
||||
|
||||
* include/functions_agents.php, operation/search_modules.php,
|
||||
operation/agentes/status_monitor.php,
|
||||
operation/agentes/estado_ultimopaquete.php,
|
||||
operation/agentes/alerts_status.php, operation/agentes/estado_agente.php,
|
||||
operation/agentes/estado_monitores.php, operation/agentes/ver_agente.php,
|
||||
godmode/agentes/module_manager.php, godmode/agentes/modificar_agente.php,
|
||||
godmode/agentes/configurar_agente.php, godmode/alerts/alert_list.list.php:
|
||||
added checks for the ACL enterprise.
|
||||
|
||||
2011-05-12 Miguel de Dios <miguel.dedios@artica.es>
|
||||
|
||||
* include/db/postgresql.php, include/db/mysql.php: fixed the scape of name
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ $group = 0;
|
|||
if ($id_agente)
|
||||
$group = agents_get_agent_group ($id_agente);
|
||||
|
||||
if (! check_acl ($config["id_user"], $group, "AW")) {
|
||||
if (! check_acl ($config["id_user"], $group, "AW", $id_agente)) {
|
||||
db_pandora_audit("ACL Violation",
|
||||
"Trying to access agent manager");
|
||||
require ("general/noaccess.php");
|
||||
|
|
|
|||
|
|
@ -224,27 +224,34 @@ if ($ag_group > 0) {
|
|||
else {
|
||||
|
||||
// Admin user get ANY group, even if they doesnt exist
|
||||
if (check_acl ($config['id_user'], 0, "PM")){
|
||||
$sql = sprintf ('SELECT COUNT(*) FROM tagente WHERE 1=1 %s', $search_sql);
|
||||
if (check_acl ($config['id_user'], 0, "PM")) {
|
||||
$subquery_enterprise = '';
|
||||
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
|
||||
$subquery_enterprise = subquery_acl_enterprise();
|
||||
}
|
||||
|
||||
$sql = sprintf ('SELECT COUNT(*) FROM tagente WHERE 1=1 %s %s', $search_sql, $subquery_enterprise);
|
||||
$total_agents = db_get_sql ($sql);
|
||||
switch ($config["dbtype"]) {
|
||||
case "mysql":
|
||||
$sql = sprintf ('SELECT *
|
||||
FROM tagente WHERE 1=1 %s
|
||||
ORDER BY %s %s LIMIT %d, %d', $search_sql, $order['field'], $order['order'], $offset, $config["block_size"]);
|
||||
FROM tagente WHERE 1=1 %s %s
|
||||
ORDER BY %s %s LIMIT %d, %d', $search_sql, $subquery_enterprise, $order['field'],
|
||||
$order['order'], $offset, $config["block_size"]);
|
||||
break;
|
||||
case "postgresql":
|
||||
$sql = sprintf ('SELECT *
|
||||
FROM tagente WHERE 1=1 %s
|
||||
ORDER BY %s %s LIMIT %d OFFSET %d', $search_sql, $order['field'], $order['order'], $config["block_size"], $offset);
|
||||
FROM tagente WHERE 1=1 %s %s
|
||||
ORDER BY %s %s LIMIT %d OFFSET %d', $search_sql, $subquery_enterprise, $order['field'],
|
||||
$order['order'], $config["block_size"], $offset);
|
||||
break;
|
||||
case "oracle":
|
||||
$set = array ();
|
||||
$set['limit'] = $config["block_size"];
|
||||
$set['offset'] = $offset;
|
||||
$sql = sprintf ('SELECT *
|
||||
FROM tagente WHERE 1=1 %s
|
||||
ORDER BY %s %s', $search_sql, $order['field'], $order['order']);
|
||||
FROM tagente WHERE 1=1 %s %s
|
||||
ORDER BY %s %s', $search_sql, $subquery_enterprise, $order['field'], $order['order']);
|
||||
$sql = oracle_recode_query ($sql, $set);
|
||||
break;
|
||||
}
|
||||
|
|
@ -339,12 +346,13 @@ if ($agents !== false) {
|
|||
$iterator = 0;
|
||||
foreach ($agents as $agent) {
|
||||
$id_grupo = $agent["id_grupo"];
|
||||
if (! check_acl ($config["id_user"], $id_grupo, "AW"))
|
||||
if (! check_acl ($config["id_user"], $id_grupo, "AW", $agent['id_agente']))
|
||||
continue;
|
||||
|
||||
if ($color == 1) {
|
||||
$tdcolor = "datos";
|
||||
$color = 0;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$tdcolor = "datos2";
|
||||
$color = 1;
|
||||
|
|
|
|||
|
|
@ -312,6 +312,10 @@ foreach($tempRows as $row) {
|
|||
}
|
||||
|
||||
foreach ($modules as $module) {
|
||||
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
|
||||
if (!module_in_acl_enterprise($module['id_agente_modulo'])) continue;
|
||||
}
|
||||
|
||||
$type = $module["id_tipo_modulo"];
|
||||
$id_module = $module["id_modulo"];
|
||||
$nombre_modulo = $module["nombre"];
|
||||
|
|
|
|||
|
|
@ -373,6 +373,10 @@ $rowPair = true;
|
|||
$iterator = 0;
|
||||
|
||||
foreach ($simple_alerts as $alert) {
|
||||
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
|
||||
if (!alert_in_acl_enterprise($alert['id'])) continue;
|
||||
}
|
||||
|
||||
if ($alert['disabled']) {
|
||||
$table->rowstyle[$iterator] = 'font-style: italic; color: #aaaaaa;';
|
||||
$table->style[$iterator][1] = 'font-style: italic; color: #aaaaaa;';
|
||||
|
|
|
|||
|
|
@ -925,14 +925,18 @@ function enterprise_include_once ($filename) {
|
|||
|
||||
// Load enterprise extensions
|
||||
$filepath = realpath ($config["homedir"].'/'.ENTERPRISE_DIR.'/'.$filename);
|
||||
|
||||
if ($filepath === false)
|
||||
return ENTERPRISE_NOT_HOOK;
|
||||
|
||||
if (strncmp ($config["homedir"], $filepath, strlen ($config["homedir"])) != 0)
|
||||
return ENTERPRISE_NOT_HOOK;
|
||||
|
||||
if (file_exists ($filepath)) {
|
||||
require_once ($filepath);
|
||||
return true;
|
||||
}
|
||||
|
||||
return ENTERPRISE_NOT_HOOK;
|
||||
}
|
||||
|
||||
|
|
@ -1246,10 +1250,11 @@ function check_login () {
|
|||
* @param int $id_user User id
|
||||
* @param int $id_group Agents group id to check from
|
||||
* @param string $access Access privilege
|
||||
* @param int $id_agent The agent id.
|
||||
*
|
||||
* @return bool 1 if the user has privileges, 0 if not.
|
||||
*/
|
||||
function check_acl($id_user, $id_group, $access) {
|
||||
function check_acl($id_user, $id_group, $access, $id_agent = 0) {
|
||||
if (empty ($id_user)) {
|
||||
//User ID needs to be specified
|
||||
trigger_error ("Security error: check_acl got an empty string for user id", E_USER_WARNING);
|
||||
|
|
@ -1261,7 +1266,7 @@ function check_acl($id_user, $id_group, $access) {
|
|||
else {
|
||||
$id_group = (int) $id_group;
|
||||
}
|
||||
|
||||
|
||||
$parents_id = array($id_group);
|
||||
if ($id_group != 0) {
|
||||
$group = db_get_row_filter('tgrupo', array('id_grupo' => $id_group));
|
||||
|
|
@ -1274,7 +1279,7 @@ function check_acl($id_user, $id_group, $access) {
|
|||
else {
|
||||
$parents_id = array();
|
||||
}
|
||||
|
||||
|
||||
//Joined multiple queries into one. That saves on the query overhead and query cache.
|
||||
if ($id_group == 0) {
|
||||
$query = sprintf("SELECT tperfil.incident_view, tperfil.incident_edit,
|
||||
|
|
@ -1301,9 +1306,9 @@ function check_acl($id_user, $id_group, $access) {
|
|||
}
|
||||
|
||||
$rowdup = db_get_all_rows_sql ($query);
|
||||
|
||||
|
||||
if (empty ($rowdup))
|
||||
return 0;
|
||||
return 0;
|
||||
|
||||
$result = 0;
|
||||
foreach ($rowdup as $row) {
|
||||
|
|
@ -1341,9 +1346,15 @@ function check_acl($id_user, $id_group, $access) {
|
|||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if ($result >= 1)
|
||||
return 1;
|
||||
|
||||
if ($result >= 1) {
|
||||
if ($id_agent != 0) {
|
||||
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
|
||||
return check_acl_policy($id_user, $id_agent);
|
||||
}
|
||||
}
|
||||
else return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -326,7 +326,7 @@ function agents_get_agents ($filter = false, $fields = false, $access = 'AR', $o
|
|||
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
|
||||
$enterprise_include = true;
|
||||
}
|
||||
|
||||
|
||||
if (! is_array ($filter)) {
|
||||
$filter = array ();
|
||||
}
|
||||
|
|
@ -888,6 +888,10 @@ function agents_get_group_agents ($id_group = 0, $search = false, $case = "lower
|
|||
*/
|
||||
function agents_get_modules ($id_agent = null, $details = false, $filter = false, $indexed = true, $get_not_init_modules = true) {
|
||||
global $config;
|
||||
|
||||
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
|
||||
$subquery_enterprise = subquery_acl_enterprise();
|
||||
}
|
||||
|
||||
if ($id_agent === null) {
|
||||
//Extract the agents of group user.
|
||||
|
|
@ -998,20 +1002,22 @@ function agents_get_modules ($id_agent = null, $details = false, $filter = false
|
|||
case "postgresql":
|
||||
$sql = sprintf ('SELECT %s%s
|
||||
FROM tagente_modulo
|
||||
%s
|
||||
%s %s
|
||||
ORDER BY nombre',
|
||||
($details != '*' && $indexed) ? 'id_agente_modulo,' : '',
|
||||
io_safe_output(implode (",", (array) $details)),
|
||||
$where);
|
||||
$where,
|
||||
$subquery_enterprise);
|
||||
break;
|
||||
case "oracle":
|
||||
$sql = sprintf ('SELECT %s%s
|
||||
FROM tagente_modulo
|
||||
%s
|
||||
%s %s
|
||||
ORDER BY dbms_lob.substr(nombre, 4000, 1)',
|
||||
($details != '*' && $indexed) ? 'id_agente_modulo,' : '',
|
||||
io_safe_output(implode (",", (array) $details)),
|
||||
$where);
|
||||
$where,
|
||||
$subquery_enterprise);
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -362,6 +362,10 @@ $table->data = array ();
|
|||
$rowPair = true;
|
||||
$iterator = 0;
|
||||
foreach ($alerts['alerts_simple'] as $alert) {
|
||||
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
|
||||
if (!alert_in_acl_enterprise($alert['id'])) continue;
|
||||
}
|
||||
|
||||
if ($rowPair)
|
||||
$table->rowclass[$iterator] = 'rowPair';
|
||||
else
|
||||
|
|
@ -376,7 +380,8 @@ echo '<form method="post" action="'.$url.'">';
|
|||
if (!empty ($table->data)) {
|
||||
ui_pagination ($countAlertsSimple, $url, $offset_simple, 0, false, 'offset_simple');
|
||||
html_print_table ($table);
|
||||
} else {
|
||||
}
|
||||
else {
|
||||
echo '<div class="nf">'.__('No simple alerts found').'</div>';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,9 +26,9 @@ require_once($config['homedir'] . '/include/functions_modules.php');
|
|||
check_login ();
|
||||
|
||||
if (! check_acl ($config['id_user'], 0, "AR")) {
|
||||
db_pandora_audit("ACL Violation",
|
||||
"Trying to access agent main list view");
|
||||
db_pandora_audit("ACL Violation", "Trying to access agent main list view");
|
||||
require ("general/noaccess.php");
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -262,11 +262,19 @@ else {
|
|||
$total_agents = 0;
|
||||
$agents = false;
|
||||
if (! empty ($agent_names)) {
|
||||
if (check_acl ($config['id_user'], 0, "PM")){
|
||||
$sql = sprintf ('SELECT COUNT(*) FROM tagente WHERE 1=1 %s', $search_sql);
|
||||
$subquery_enterprise = '';
|
||||
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
|
||||
$subquery_enterprise = subquery_acl_enterprise();
|
||||
}
|
||||
|
||||
if (check_acl ($config['id_user'], 0, "PM")) {
|
||||
$sql = sprintf ('SELECT COUNT(*) FROM tagente WHERE 1=1 %s %s', $search_sql, $subquery_enterprise);
|
||||
$total_agents = db_get_sql ($sql);
|
||||
|
||||
$sql = sprintf ('SELECT * FROM tagente WHERE 1=1 %s ORDER BY %s %s LIMIT %d, %d', $search_sql, $order['field'], $order['order'], $offset, $config["block_size"]);
|
||||
$sql = sprintf ('SELECT * FROM tagente
|
||||
WHERE 1=1 %s %s
|
||||
ORDER BY %s %s LIMIT %d, %d', $search_sql, $subquery_enterprise,
|
||||
$order['field'], $order['order'], $offset, $config["block_size"]);
|
||||
$agents = db_get_all_rows_sql ($sql);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -185,6 +185,9 @@ $table->align = array("left","left","left","left","left","center");
|
|||
$last_modulegroup = 0;
|
||||
$rowIndex = 0;
|
||||
foreach ($modules as $module) {
|
||||
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
|
||||
if (!module_in_acl_enterprise($module['id_agente_modulo'])) continue;
|
||||
}
|
||||
|
||||
//The code add the row of 1 cell with title of group for to be more organice the list.
|
||||
|
||||
|
|
|
|||
|
|
@ -224,6 +224,11 @@ $texto=''; $last_modulegroup = 0;
|
|||
$color = 1;
|
||||
$write = check_acl ($config['id_user'], $agent['id_grupo'], "AW");
|
||||
foreach ($modules as $module) {
|
||||
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
|
||||
if (!module_in_acl_enterprise($module['id_agente_modulo'])) continue;
|
||||
}
|
||||
|
||||
|
||||
// Calculate table line color
|
||||
if ($color == 1){
|
||||
$tdcolor = "datos";
|
||||
|
|
|
|||
|
|
@ -34,6 +34,12 @@ require_once($config['homedir'] . '/include/functions_users.php');
|
|||
|
||||
$isFunctionPolicies = enterprise_include_once ('include/functions_policies.php');
|
||||
|
||||
//Add the subquery for the ACL enterprise
|
||||
if (ENTERPRISE_NOT_HOOK !== $isFunctionPolicies) {
|
||||
$subquery_enterprise = subquery_acl_enterprise();
|
||||
$subquery_enterprise2 = subquery_acl_enterprise('AND', 'tagente.id_agente');
|
||||
}
|
||||
|
||||
ui_print_page_header ("Monitor detail", "images/bricks.png", false);
|
||||
|
||||
|
||||
|
|
@ -85,7 +91,7 @@ switch ($config["dbtype"]) {
|
|||
$sql = '
|
||||
SELECT distinct(nombre)
|
||||
FROM tagente_modulo
|
||||
WHERE nombre <> "delete_pending" and id_agente in
|
||||
WHERE nombre <> "delete_pending" ' . $subquery_enterprise . ' and id_agente in
|
||||
(
|
||||
select id_agente
|
||||
from tagente where id_grupo IN (
|
||||
|
|
@ -117,7 +123,7 @@ switch ($config["dbtype"]) {
|
|||
$sql = '
|
||||
select distinct(nombre)
|
||||
from tagente_modulo
|
||||
where nombre <> \'delete_pending\' and id_agente in
|
||||
where nombre <> \'delete_pending\' ' . $subquery_enterprise . ' and id_agente in
|
||||
(
|
||||
select id_agente
|
||||
from tagente where id_grupo IN (
|
||||
|
|
@ -156,7 +162,7 @@ switch ($config["dbtype"]) {
|
|||
$sql = '
|
||||
select nombre
|
||||
from (select distinct dbms_lob.substr(nombre,4000,1) as nombre, ' . $column_names .' from tagente_modulo)
|
||||
where nombre <> \'delete_pending\' and id_agente in
|
||||
where nombre <> \'delete_pending\' ' . $subquery_enterprise . ' and id_agente in
|
||||
(
|
||||
select id_agente
|
||||
from tagente where id_grupo IN (
|
||||
|
|
@ -208,7 +214,7 @@ $sql = " FROM tagente, tagente_modulo, tagente_estado
|
|||
WHERE tagente.id_agente = tagente_modulo.id_agente
|
||||
AND tagente_modulo.disabled = 0
|
||||
AND tagente.disabled = 0
|
||||
AND tagente_estado.id_agente_modulo = tagente_modulo.id_agente_modulo";
|
||||
AND tagente_estado.id_agente_modulo = tagente_modulo.id_agente_modulo" . $subquery_enterprise2 ;
|
||||
|
||||
// Agent group selector
|
||||
if ($ag_group > 0 && check_acl ($config["id_user"], $ag_group, "AR")) {
|
||||
|
|
|
|||
|
|
@ -342,7 +342,7 @@ if (empty ($id_agente)) {
|
|||
$agent = db_get_row ('tagente', 'id_agente', $id_agente);
|
||||
// get group for this id_agente
|
||||
$id_grupo = $agent['id_grupo'];
|
||||
if (! check_acl ($config['id_user'], $id_grupo, "AR")) {
|
||||
if (! check_acl ($config['id_user'], $id_grupo, "AR", $id_agente)) {
|
||||
db_pandora_audit("ACL Violation",
|
||||
"Trying to access (read) to agent ".agents_get_name($id_agente));
|
||||
include ("general/noaccess.php");
|
||||
|
|
|
|||
|
|
@ -18,6 +18,10 @@ global $config;
|
|||
|
||||
include_once($config['homedir'] . "/include/functions_modules.php");
|
||||
include_once($config['homedir'] . '/include/functions_users.php');
|
||||
$subquery_enterprise = '';
|
||||
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
|
||||
$subquery_enterprise = subquery_acl_enterprise('', 't1.id_agente', 'AND');
|
||||
}
|
||||
|
||||
$searchModules = check_acl($config['id_user'], 0, "AR");
|
||||
|
||||
|
|
@ -73,7 +77,7 @@ if ($searchModules) {
|
|||
ON t3.id_grupo = t2.id_grupo
|
||||
INNER JOIN tagente_estado AS t4
|
||||
ON t4.id_agente_modulo = t1.id_agente_modulo
|
||||
WHERE (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
|
||||
WHERE ' . $subquery_enterprise . ' (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
|
||||
OR 0 IN (
|
||||
SELECT id_grupo
|
||||
FROM tusuario_perfil
|
||||
|
|
@ -96,7 +100,7 @@ if ($searchModules) {
|
|||
ON t3.id_grupo = t2.id_grupo
|
||||
INNER JOIN tagente_estado AS t4
|
||||
ON t4.id_agente_modulo = t1.id_agente_modulo
|
||||
WHERE (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
|
||||
WHERE ' . $subquery_enterprise . ' (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
|
||||
OR 0 IN (
|
||||
SELECT id_grupo
|
||||
FROM tusuario_perfil
|
||||
|
|
@ -119,7 +123,7 @@ if ($searchModules) {
|
|||
ON t3.id_grupo = t2.id_grupo
|
||||
INNER JOIN tagente_estado AS t4
|
||||
ON t4.id_agente_modulo = t1.id_agente_modulo
|
||||
WHERE (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
|
||||
WHERE ' . $subquery_enterprise . ' (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
|
||||
OR 0 IN (
|
||||
SELECT id_grupo
|
||||
FROM tusuario_perfil
|
||||
|
|
|
|||
Loading…
Reference in New Issue