Add generic API functions set access control and traps functions - #2978
This commit is contained in:
parent
3aff162616
commit
2849d62faa
|
@ -30,6 +30,7 @@ include_once($config['homedir'] . "/include/functions_network_components.php");
|
||||||
include_once($config['homedir'] . "/include/functions_netflow.php");
|
include_once($config['homedir'] . "/include/functions_netflow.php");
|
||||||
include_once($config['homedir'] . "/include/functions_servers.php");
|
include_once($config['homedir'] . "/include/functions_servers.php");
|
||||||
include_once($config['homedir'] . "/include/functions_planned_downtimes.php");
|
include_once($config['homedir'] . "/include/functions_planned_downtimes.php");
|
||||||
|
include_once($config['homedir'] . "/include/functions_db.php");
|
||||||
enterprise_include_once ('include/functions_local_components.php');
|
enterprise_include_once ('include/functions_local_components.php');
|
||||||
enterprise_include_once ('include/functions_events.php');
|
enterprise_include_once ('include/functions_events.php');
|
||||||
enterprise_include_once ('include/functions_agents.php');
|
enterprise_include_once ('include/functions_agents.php');
|
||||||
|
@ -11505,7 +11506,282 @@ function util_api_check_agent_and_print_error($id_agent, $returnType, $access =
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function api_get_user_info($thrash1, $thrash2, $other, $returnType) {
|
||||||
|
if (defined ('METACONSOLE')) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$separator = ';';
|
||||||
|
|
||||||
|
$other = json_decode(base64_decode($other['data']),true);
|
||||||
|
|
||||||
|
$sql = 'select * from tusuario where id_user = "'.$other[0]['id_user'].'" and password = "'.$other[0]['password'].'"';
|
||||||
|
|
||||||
|
$user_info = db_get_all_rows_sql($sql);
|
||||||
|
|
||||||
|
if (count($user_info) > 0 and $user_info !== false) {
|
||||||
|
$data = array('type' => 'array', 'data' => $user_info);
|
||||||
|
returnData($returnType, $data, $separator);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
|
||||||
|
This function receives different parameters to process one of these actions the logging process in our application from the records in the audit of pandora fms, to avoid concurrent access of administrator users, and optionally to prohibit access to non-administrator users:
|
||||||
|
|
||||||
|
Parameter 0
|
||||||
|
|
||||||
|
The User ID that attempts the action is used to check the status of the application for access.
|
||||||
|
|
||||||
|
Parameter 1
|
||||||
|
|
||||||
|
Login, logout, exclude, browse.
|
||||||
|
|
||||||
|
These requests receive a response that we can treat as we consider, this function only sends answers, does not perform any action in your application, you must customize them.
|
||||||
|
|
||||||
|
Login action: free (register our access), taken, denied (if you are not an administrator user and parameter four is set to 1, register the expulsion).
|
||||||
|
|
||||||
|
Browse action: It has the same answers as login, but does not register anything in the audit.
|
||||||
|
|
||||||
|
Logout action: It records the deslogeo but does not send a response.
|
||||||
|
|
||||||
|
All other actions do not return a response,
|
||||||
|
|
||||||
|
Parameter 2
|
||||||
|
|
||||||
|
IP address of the application is also used to check the status of the application for access.
|
||||||
|
|
||||||
|
Parameter 3
|
||||||
|
|
||||||
|
Name of the application, it is also used to check the status of the application for access.
|
||||||
|
|
||||||
|
Parameter 4
|
||||||
|
|
||||||
|
If you mark 1 you will avoid the access to the non-administrators users, returning the response `denied' and registering that expulsion in the audit of pandora fms.
|
||||||
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
function api_set_access_process($thrash1, $thrash2, $other, $returnType) {
|
||||||
|
if (defined ('METACONSOLE')) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$other['data'] = explode('|',$other['data']);
|
||||||
|
|
||||||
|
$sql = 'select id_usuario,utimestamp from tsesion where descripcion like "%'.$other['data'][2].'%" and accion like "%'.$other['data'][3].' Logon%" and id_usuario IN (select id_user from tusuario where is_admin = 1) and id_usuario != "'.$other['data'][0].'" order by utimestamp DESC limit 1';
|
||||||
|
$audit_concurrence = db_get_all_rows_sql($sql);
|
||||||
|
$sql_user = 'select id_usuario,utimestamp from tsesion where descripcion like "%'.$other['data'][2].'%" and accion like "%'.$other['data'][3].' Logon%" and id_usuario IN (select id_user from tusuario where is_admin = 1) and id_usuario = "'.$other['data'][0].'" order by utimestamp DESC limit 1';
|
||||||
|
$audit_concurrence_user = db_get_all_rows_sql($sql_user);
|
||||||
|
$sql2 = 'select id_usuario,utimestamp,accion from tsesion where descripcion like "%'.$other['data'][2].'%" and accion like "%'.$other['data'][3].' Logoff%" and id_usuario = "'.$audit_concurrence[0]['id_usuario'].'" order by utimestamp DESC limit 1';
|
||||||
|
$audit_concurrence_2 = db_get_all_rows_sql($sql2);
|
||||||
|
|
||||||
|
//The user trying to log in is an administrator
|
||||||
|
if(users_is_admin($other['data'][0])){
|
||||||
|
//The admin user is trying to login
|
||||||
|
if($other['data'][1] == 'login'){
|
||||||
|
// Check if there is an administrator user logged in prior to our last login
|
||||||
|
if($audit_concurrence[0]['utimestamp'] > $audit_concurrence_user[0]['utimestamp']){
|
||||||
|
// Check if the administrator user logged in later to us has unlogged and left the node free
|
||||||
|
if($audit_concurrence[0]['utimestamp'] > $audit_concurrence_2[0]['utimestamp']){
|
||||||
|
// The administrator user logged in later has not yet unlogged
|
||||||
|
returnData('string', array('type' => 'string', 'data' => 'taken'));
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
// The administrator user logged in later has already unlogged
|
||||||
|
returnData('string', array('type' => 'string', 'data' => 'free'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
// There is no administrator user who has logged in since then to log us in.
|
||||||
|
db_pandora_audit($other['data'][3].' Logon', 'Logged in '.$other['data'][3].' node '.$other['data'][2] , $other['data'][0]);
|
||||||
|
returnData('string', array('type' => 'string', 'data' => 'free'));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
elseif ($other['data'][1] == 'logout') {
|
||||||
|
// The administrator user wants to log out
|
||||||
|
db_pandora_audit($other['data'][3].' Logoff', 'Logout from '.$other['data'][3].' node '.$other['data'][2], $other['data'][0]);
|
||||||
|
}
|
||||||
|
elseif ($other['data'][1] == 'exclude') {
|
||||||
|
// The administrator user has ejected another administrator user who was logged in
|
||||||
|
db_pandora_audit($other['data'][3].' Logon', 'Logged in '.$other['data'][3].' node '.$other['data'][2] , $other['data'][0]);
|
||||||
|
db_pandora_audit($other['data'][3].' Logoff', 'Logout from '.$other['data'][3].' node '.$other['data'][2] , $audit_concurrence[0]['id_usuario']);
|
||||||
|
|
||||||
|
}
|
||||||
|
//The admin user is trying to browse
|
||||||
|
elseif ($other['data'][1] == 'browse') {
|
||||||
|
// Check if there is an administrator user logged in prior to our last login
|
||||||
|
if($audit_concurrence[0]['utimestamp'] > $audit_concurrence_user[0]['utimestamp']){
|
||||||
|
// Check if the administrator user logged in later to us has unlogged and left the node free
|
||||||
|
if($audit_concurrence[0]['utimestamp'] > $audit_concurrence_2[0]['utimestamp']){
|
||||||
|
// The administrator user logged in later has not yet unlogged
|
||||||
|
returnData('string', array('type' => 'string', 'data' => $audit_concurrence[0]['id_usuario']));
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
// The administrator user logged in later has already unlogged
|
||||||
|
returnData('string', array('type' => 'string', 'data' => 'free'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
// There is no administrator user who has logged in since then to log us in.
|
||||||
|
returnData('string', array('type' => 'string', 'data' => 'free'));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
elseif ($other['data'][1] == 'cancelled'){
|
||||||
|
//The administrator user tries to log in having another administrator logged in, but instead of expelling him he cancels his log in.
|
||||||
|
db_pandora_audit($other['data'][3].' cancelled access', 'Cancelled access in '.$other['data'][3].' node '.$other['data'][2] , $other['data'][0]);
|
||||||
|
returnData('string', array('type' => 'string', 'data' => 'cancelled'));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
|
||||||
|
if($other['data'][4] == 1){
|
||||||
|
//The user trying to log in is not an administrator and is not allowed no admin access
|
||||||
|
db_pandora_audit($other['data'][3].' denied access', 'Denied access to non-admin user '.$other['data'][3].' node '.$other['data'][2] , $other['data'][0]);
|
||||||
|
returnData('string', array('type' => 'string', 'data' => 'denied'));
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
//The user trying to log in is not an administrator and is allowed no admin access
|
||||||
|
if($other['data'][1] == 'login'){
|
||||||
|
//The user trying to login is not admin, can enter without concurrent use filter
|
||||||
|
db_pandora_audit($other['data'][3].' Logon', 'Logged in '.$other['data'][3].' node '.$other['data'][2] , $other['data'][0]);
|
||||||
|
returnData('string', array('type' => 'string', 'data' => 'free'));
|
||||||
|
|
||||||
|
}
|
||||||
|
elseif ($other['data'][1] == 'logout') {
|
||||||
|
//The user trying to logoff is not admin
|
||||||
|
db_pandora_audit($other['data'][3].' Logoff', 'Logout from '.$other['data'][3].' node '.$other['data'][2], $other['data'][0]);
|
||||||
|
}
|
||||||
|
elseif ($other['data'][1] == 'browse'){
|
||||||
|
//The user trying to browse in an app page is not admin, can enter without concurrent use filter
|
||||||
|
returnData('string', array('type' => 'string', 'data' => 'free'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function api_get_traps($thrash1, $thrash2, $other, $returnType) {
|
||||||
|
|
||||||
|
if (defined ('METACONSOLE')) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$other['data'] = explode('|',$other['data']);
|
||||||
|
|
||||||
|
$other['data'][1] = date("Y-m-d H:i:s",$other['data'][1]);
|
||||||
|
|
||||||
|
$sql = 'SELECT * from ttrap where timestamp >= "'.$other['data'][1].'"';
|
||||||
|
|
||||||
|
// $sql = 'SELECT * from ttrap where source = "'.$other['data'][0].'" and timestamp >= "'.$other['data'][1].'"';
|
||||||
|
|
||||||
|
if($other['data'][4]){
|
||||||
|
$other['data'][4] = date("Y-m-d H:i:s",$other['data'][4]);
|
||||||
|
$sql .= ' and timestamp <= "'.$other['data'][4].'"';
|
||||||
|
}
|
||||||
|
|
||||||
|
if($other['data'][2]){
|
||||||
|
$sql .= ' limit '.$other['data'][2];
|
||||||
|
}
|
||||||
|
|
||||||
|
if($other['data'][3]){
|
||||||
|
$sql .= ' offset '.$other['data'][3];
|
||||||
|
}
|
||||||
|
|
||||||
|
if($other['data'][5]){
|
||||||
|
$sql .= ' and status = 0';
|
||||||
|
}
|
||||||
|
|
||||||
|
if(sizeof($other['data']) == 0){
|
||||||
|
$sql = 'SELECT * from ttrap';
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
$traps = db_get_all_rows_sql($sql);
|
||||||
|
|
||||||
|
if($other['data'][6]){
|
||||||
|
|
||||||
|
foreach ($traps as $key => $value) {
|
||||||
|
|
||||||
|
if(!strpos($value['oid_custom'],$other['data'][6]) && $other['data'][7] == 'false'){
|
||||||
|
unset($traps[$key]);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(strpos($value['oid_custom'],$other['data'][6]) && $other['data'][7] == 'true'){
|
||||||
|
unset($traps[$key]);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
$traps_json = json_encode($traps);
|
||||||
|
|
||||||
|
if (count($traps) > 0 and $traps !== false) {
|
||||||
|
returnData('string', array('type' => 'string', 'data' => $traps_json));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function api_set_validate_traps ($id, $thrash2, $other, $thrash3) {
|
||||||
|
|
||||||
|
if (defined ('METACONSOLE')) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if($id == 'all'){
|
||||||
|
$result = db_process_sql_update('ttrap',array('status' => 1));
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$result = db_process_sql_update('ttrap',
|
||||||
|
array('status' => 1), array('id_trap' => $id));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (is_error($result)) {
|
||||||
|
// TODO: Improve the error returning more info
|
||||||
|
returnError('error_update_trap', __('Error in trap update.'));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
returnData('string',
|
||||||
|
array('type' => 'string',
|
||||||
|
'data' => __('Validated traps.')));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function api_set_delete_traps ($id, $thrash2, $other, $thrash3) {
|
||||||
|
|
||||||
|
if (defined ('METACONSOLE')) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if($id == 'all'){
|
||||||
|
$result = db_process_sql ('delete from ttrap');
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$result = db_process_sql_delete('ttrap',array('id_trap' => $id));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (is_error($result)) {
|
||||||
|
// TODO: Improve the error returning more info
|
||||||
|
returnError('error_delete_trap', __('Error in trap delete.'));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
returnData('string',
|
||||||
|
array('type' => 'string',
|
||||||
|
'data' => __('Deleted traps.')));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue