From b8c2fe52b55ff34337361ef0cf5f0c28a67eacf4 Mon Sep 17 00:00:00 2001 From: Calvo Date: Tue, 25 Oct 2022 15:33:22 +0200 Subject: [PATCH 1/2] =?UTF-8?q?Added=20ACL=20to=20ap=C3=AC=20get=20tree=20?= =?UTF-8?q?agents=20plugin=20user=20and=20plugin=20pass?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pandora_console/include/functions_api.php | 24 ++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 90935bbc6d..14a71bfdb8 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -652,8 +652,6 @@ $module_field_column_mampping = [ 'module_id_module' => 'id_modulo as module_id_module', 'module_disabled' => 'disabled as module_disabled', 'module_id_export' => 'id_export as module_id_export', - 'module_plugin_user' => 'plugin_user as module_plugin_user', - 'module_plugin_pass' => 'plugin_pass as module_plugin_pass', 'module_plugin_parameter' => 'plugin_parameter as module_plugin_parameter', 'module_id_plugin' => 'id_plugin as module_id_plugin', 'module_post_process' => 'post_process as module_post_process', @@ -805,8 +803,6 @@ function api_get_tree_agents($trash1, $trahs2, $other, $returnType) 'module_id_module', 'module_disabled', 'module_id_export', - 'module_plugin_user', - 'module_plugin_pass', 'module_plugin_parameter', 'module_id_plugin', 'module_post_process', @@ -1015,9 +1011,9 @@ function api_get_tree_agents($trash1, $trahs2, $other, $returnType) $groups = []; } - $groups = str_replace('\n', $returnReplace, $groups); - foreach ($groups as &$group) { + $group = str_replace('\n', $returnReplace, $group); + $group['type_row'] = 'group'; $returnVar[] = $group; @@ -1033,9 +1029,19 @@ function api_get_tree_agents($trash1, $trahs2, $other, $returnType) $agents = []; } - $agents = str_replace('\n', $returnReplace, $agents); + if ((bool) check_acl($config['id_user'], $id_group, 'AW') === true) { + if (array_search('module_plugin_user', $fields) !== false) { + $module_additional_columns .= ' ,plugin_user as module_plugin_user'; + } + + if (array_search('module_plugin_user', $fields) !== false) { + $module_additional_columns .= ' ,plugin_pass as module_plugin_pass'; + } + } foreach ($agents as $index => &$agent) { + $agent = str_replace('\n', $returnReplace, $agent); + $agent['type_row'] = 'agent'; $returnVar[] = $agent; @@ -1062,9 +1068,9 @@ function api_get_tree_agents($trash1, $trahs2, $other, $returnType) $modules = []; } - $modules = str_replace('\n', $returnReplace, $modules); - foreach ($modules as &$module) { + $module = str_replace('\n', $returnReplace, $module); + $module['type_row'] = 'module'; if ($module['module_macros']) { From 0351886e1b6bd251fd501afa5c720e744d9c9f3f Mon Sep 17 00:00:00 2001 From: Luis Date: Thu, 15 Dec 2022 12:39:06 +0100 Subject: [PATCH 2/2] ACL api get tree agents --- pandora_console/include/functions_api.php | 271 +++++++++++++--------- 1 file changed, 163 insertions(+), 108 deletions(-) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 421348b359..ce6387ffc7 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -604,93 +604,6 @@ function api_get_module_last_value($idAgentModule, $trash1, $other=';', $returnT } -/* - DB column mapping table used by tree_agents (and get module_properties) -*/ - -/* - * Agent related field mappings (output field => column designation for 'tagente'). - * agent_id is not in this list (because it is mandatory). - * agent_id_group is not in this list. - */ -$agent_field_column_mapping = [ - 'agent_name' => 'nombre as agent_name', - 'agent_direction' => 'direccion as agent_direction', - 'agent_comentary' => 'comentarios as agent_comentary', - 'agent_last_contant' => 'ultimo_contacto as agent_last_contant', - 'agent_mode' => 'modo as agent_mode', - 'agent_interval' => 'intervalo as agent_interval', - 'agent_id_os' => 'id_os as agent_id_os', - 'agent_os_version' => 'os_version as agent_os_version', - 'agent_version' => 'agent_version as agent_version', - 'agent_last_remote_contact' => 'ultimo_contacto_remoto as agent_last_remote_contact', - 'agent_disabled' => 'disabled as agent_disabled', - 'agent_id_parent' => 'id_parent as agent_id_parent', - 'agent_custom_id' => 'custom_id as agent_custom_id', - 'agent_server_name' => 'server_name as agent_server_name', - 'agent_cascade_protection' => 'cascade_protection as agent_cascade_protection', - 'agent_cascade_protection_module' => 'cascade_protection_module as agent_cascade_protection_module', -]; - -// module related field mappings 1/2 (output field => column for 'tagente_modulo') -// module_id_agent_modulo is not in this list -$module_field_column_mampping = [ - 'module_id_agent' => 'id_agente as module_id_agent', - 'module_id_module_type' => 'id_tipo_modulo as module_id_module_type', - 'module_description' => 'descripcion as module_description', - 'module_name' => 'nombre as module_name', - 'module_max' => 'max as module_max', - 'module_min' => 'min as module_min', - 'module_interval' => 'module_interval', - 'module_tcp_port' => 'tcp_port as module_tcp_port', - 'module_tcp_send' => 'tcp_send as module_tcp_send', - 'module_tcp_rcv' => 'tcp_rcv as module_tcp_rcv', - 'module_snmp_community' => 'snmp_community as module_snmp_community', - 'module_snmp_oid' => 'snmp_oid as module_snmp_oid', - 'module_ip_target' => 'ip_target as module_ip_target', - 'module_id_module_group' => 'id_module_group as module_id_module_group', - 'module_flag' => 'flag as module_flag', - 'module_id_module' => 'id_modulo as module_id_module', - 'module_disabled' => 'disabled as module_disabled', - 'module_id_export' => 'id_export as module_id_export', - 'module_plugin_parameter' => 'plugin_parameter as module_plugin_parameter', - 'module_id_plugin' => 'id_plugin as module_id_plugin', - 'module_post_process' => 'post_process as module_post_process', - 'module_prediction_module' => 'prediction_module as module_prediction_module', - 'module_max_timeout' => 'max_timeout as module_max_timeout', - 'module_max_retries' => 'max_retries as module_max_retries', - 'module_custom_id' => 'custom_id as module_custom_id', - 'module_history_data' => 'history_data as module_history_data', - 'module_min_warning' => 'min_warning as module_min_warning', - 'module_max_warning' => 'max_warning as module_max_warning', - 'module_str_warning' => 'str_warning as module_str_warning', - 'module_min_critical' => 'min_critical as module_min_critical', - 'module_max_critical' => 'max_critical as module_max_critical', - 'module_str_critical' => 'str_critical as module_str_critical', - 'module_min_ff_event' => 'min_ff_event as module_min_ff_event', - 'module_delete_pending' => 'delete_pending as module_delete_pending', - 'module_plugin_macros' => 'macros as module_plugin_macros', - 'module_macros' => 'module_macros as module_macros', - 'module_critical_inverse' => 'critical_inverse as module_critical_inverse', - 'module_warning_inverse' => 'warning_inverse as module_warning_inverse', -]; - -// module related field mappings 2/2 (output field => column for 'tagente_estado') -// module_id_agent_modulo is not in this list -$estado_fields_to_columns_mapping = [ - 'module_id_agent_state' => 'id_agente_estado as module_id_agent_state', - 'module_data' => 'datos as module_data', - 'module_timestamp' => 'timestamp as module_timestamp', - 'module_state' => 'estado as module_state', - 'module_last_try' => 'last_try as module_last_try', - 'module_utimestamp' => 'utimestamp as module_utimestamp', - 'module_current_interval' => 'current_interval as module_current_interval', - 'module_running_by' => 'running_by as module_running_by', - 'module_last_execution_try' => 'last_execution_try as module_last_execution_try', - 'module_status_changes' => 'status_changes as module_status_changes', - 'module_last_status' => 'last_status as module_last_status', -]; - /*** * end of DB column mapping table ***/ @@ -805,6 +718,8 @@ function api_get_tree_agents($trash1, $trahs2, $other, $returnType) 'module_disabled', 'module_id_export', 'module_plugin_parameter', + 'module_plugin_pass', + 'module_plugin_user', 'module_id_plugin', 'module_post_process', 'module_prediction_module', @@ -893,14 +808,88 @@ function api_get_tree_agents($trash1, $trahs2, $other, $returnType) 'alert_actions_id_group', ]; - // agent related field mappings (output field => column designation for 'tagente') - global $agent_field_column_mapping; + /* + * Agent related field mappings (output field => column designation for 'tagente'). + * agent_id is not in this list (because it is mandatory). + * agent_id_group is not in this list. + */ + $agent_field_column_mapping = [ + 'agent_name' => 'nombre as agent_name', + 'agent_direction' => 'direccion as agent_direction', + 'agent_comentary' => 'comentarios as agent_comentary', + 'agent_last_contant' => 'ultimo_contacto as agent_last_contant', + 'agent_mode' => 'modo as agent_mode', + 'agent_interval' => 'intervalo as agent_interval', + 'agent_id_os' => 'id_os as agent_id_os', + 'agent_os_version' => 'os_version as agent_os_version', + 'agent_version' => 'agent_version as agent_version', + 'agent_last_remote_contact' => 'ultimo_contacto_remoto as agent_last_remote_contact', + 'agent_disabled' => 'disabled as agent_disabled', + 'agent_id_parent' => 'id_parent as agent_id_parent', + 'agent_custom_id' => 'custom_id as agent_custom_id', + 'agent_server_name' => 'server_name as agent_server_name', + 'agent_cascade_protection' => 'cascade_protection as agent_cascade_protection', + 'agent_cascade_protection_module' => 'cascade_protection_module as agent_cascade_protection_module', + ]; // module related field mappings 1/2 (output field => column for 'tagente_modulo') - global $module_field_column_mampping; + // module_id_agent_modulo is not in this list + // module_plugin_user, module_plugin_pass, module_plugin_macros are not in this list due to security purposes. + $module_field_column_mapping = [ + 'module_id_agent' => 'id_agente as module_id_agent', + 'module_id_module_type' => 'id_tipo_modulo as module_id_module_type', + 'module_description' => 'descripcion as module_description', + 'module_name' => 'nombre as module_name', + 'module_max' => 'max as module_max', + 'module_min' => 'min as module_min', + 'module_interval' => 'module_interval', + 'module_tcp_port' => 'tcp_port as module_tcp_port', + 'module_tcp_send' => 'tcp_send as module_tcp_send', + 'module_tcp_rcv' => 'tcp_rcv as module_tcp_rcv', + 'module_snmp_community' => 'snmp_community as module_snmp_community', + 'module_snmp_oid' => 'snmp_oid as module_snmp_oid', + 'module_ip_target' => 'ip_target as module_ip_target', + 'module_id_module_group' => 'id_module_group as module_id_module_group', + 'module_flag' => 'flag as module_flag', + 'module_id_module' => 'id_modulo as module_id_module', + 'module_disabled' => 'disabled as module_disabled', + 'module_id_export' => 'id_export as module_id_export', + 'module_plugin_parameter' => 'plugin_parameter as module_plugin_parameter', + 'module_id_plugin' => 'id_plugin as module_id_plugin', + 'module_post_process' => 'post_process as module_post_process', + 'module_prediction_module' => 'prediction_module as module_prediction_module', + 'module_max_timeout' => 'max_timeout as module_max_timeout', + 'module_max_retries' => 'max_retries as module_max_retries', + 'module_custom_id' => 'custom_id as module_custom_id', + 'module_history_data' => 'history_data as module_history_data', + 'module_min_warning' => 'min_warning as module_min_warning', + 'module_max_warning' => 'max_warning as module_max_warning', + 'module_str_warning' => 'str_warning as module_str_warning', + 'module_min_critical' => 'min_critical as module_min_critical', + 'module_max_critical' => 'max_critical as module_max_critical', + 'module_str_critical' => 'str_critical as module_str_critical', + 'module_min_ff_event' => 'min_ff_event as module_min_ff_event', + 'module_delete_pending' => 'delete_pending as module_delete_pending', + 'module_macros' => 'module_macros as module_macros', + 'module_critical_inverse' => 'critical_inverse as module_critical_inverse', + 'module_warning_inverse' => 'warning_inverse as module_warning_inverse', + ]; // module related field mappings 2/2 (output field => column for 'tagente_estado') - global $estado_fields_to_columns_mapping; + // module_id_agent_modulo is not in this list + $estado_fields_to_columns_mapping = [ + 'module_id_agent_state' => 'id_agente_estado as module_id_agent_state', + 'module_data' => 'datos as module_data', + 'module_timestamp' => 'timestamp as module_timestamp', + 'module_state' => 'estado as module_state', + 'module_last_try' => 'last_try as module_last_try', + 'module_utimestamp' => 'utimestamp as module_utimestamp', + 'module_current_interval' => 'current_interval as module_current_interval', + 'module_running_by' => 'running_by as module_running_by', + 'module_last_execution_try' => 'last_execution_try as module_last_execution_try', + 'module_status_changes' => 'status_changes as module_status_changes', + 'module_last_status' => 'last_status as module_last_status', + ]; // alert related field mappings (output field => column for 'talert_template_modules', ... ) $alert_fields_to_columns_mapping = [ @@ -981,8 +970,8 @@ function api_get_tree_agents($trash1, $trahs2, $other, $returnType) $agent_additional_columns .= (', '.$agent_field_column_mapping[$fld] ); } - if (array_key_exists($fld, $module_field_column_mampping)) { - $module_additional_columns .= (', '.$module_field_column_mampping[$fld]); + if (array_key_exists($fld, $module_field_column_mapping)) { + $module_additional_columns .= (', '.$module_field_column_mapping[$fld]); } if (array_key_exists($fld, $estado_fields_to_columns_mapping)) { @@ -1013,6 +1002,10 @@ function api_get_tree_agents($trash1, $trahs2, $other, $returnType) } foreach ($groups as &$group) { + if (check_acl($config['id_user'], $group['group_id'], 'AR') === false) { + continue; + } + $group = str_replace('\n', $returnReplace, $group); $group['type_row'] = 'group'; @@ -1035,9 +1028,13 @@ function api_get_tree_agents($trash1, $trahs2, $other, $returnType) $module_additional_columns .= ' ,plugin_user as module_plugin_user'; } - if (array_search('module_plugin_user', $fields) !== false) { + if (array_search('module_plugin_pass', $fields) !== false) { $module_additional_columns .= ' ,plugin_pass as module_plugin_pass'; } + + if (array_search('module_plugin_macros', $fields) !== false) { + $module_additional_columns .= ' ,macros as module_plugin_macros'; + } } foreach ($agents as $index => &$agent) { @@ -1054,15 +1051,17 @@ function api_get_tree_agents($trash1, $trahs2, $other, $returnType) // SKIP collecting MODULES and ALERTS } + $sql = 'SELECT * + FROM (SELECT id_agente_modulo as module_id_agent_modulo '.$module_additional_columns.' + FROM tagente_modulo t1 + WHERE id_agente = '.$agent['agent_id'].') t1 + INNER JOIN (SELECT id_agente_modulo as module_id_agent_modulo '.$estado_additional_columns.' + FROM tagente_estado + WHERE id_agente = '.$agent['agent_id'].') t2 + ON t1.module_id_agent_modulo = t2.module_id_agent_modulo'; + $modules = db_get_all_rows_sql( - 'SELECT * - FROM (SELECT id_agente_modulo as module_id_agent_modulo '.$module_additional_columns.' - FROM tagente_modulo - WHERE id_agente = '.$agent['agent_id'].') t1 - INNER JOIN (SELECT id_agente_modulo as module_id_agent_modulo '.$estado_additional_columns.' - FROM tagente_estado - WHERE id_agente = '.$agent['agent_id'].') t2 - ON t1.module_id_agent_modulo = t2.module_id_agent_modulo' + $sql ); if ($modules === false) { @@ -1371,10 +1370,66 @@ function get_module_properties($id_module, $fields, $separator, $returnType, $re ]; // module related field mappings 1/2 (output field => column for 'tagente_modulo') - global $module_field_column_mampping; + // module_id_agent_modulo is not in this list + // module_plugin_user, module_plugin_pass, module_plugin_macros are not in this list due to security purposes. + $module_field_column_mapping = [ + 'module_id_agent' => 'id_agente as module_id_agent', + 'module_id_module_type' => 'id_tipo_modulo as module_id_module_type', + 'module_description' => 'descripcion as module_description', + 'module_name' => 'nombre as module_name', + 'module_max' => 'max as module_max', + 'module_min' => 'min as module_min', + 'module_interval' => 'module_interval', + 'module_tcp_port' => 'tcp_port as module_tcp_port', + 'module_tcp_send' => 'tcp_send as module_tcp_send', + 'module_tcp_rcv' => 'tcp_rcv as module_tcp_rcv', + 'module_snmp_community' => 'snmp_community as module_snmp_community', + 'module_snmp_oid' => 'snmp_oid as module_snmp_oid', + 'module_ip_target' => 'ip_target as module_ip_target', + 'module_id_module_group' => 'id_module_group as module_id_module_group', + 'module_flag' => 'flag as module_flag', + 'module_id_module' => 'id_modulo as module_id_module', + 'module_disabled' => 'disabled as module_disabled', + 'module_id_export' => 'id_export as module_id_export', + 'module_plugin_parameter' => 'plugin_parameter as module_plugin_parameter', + 'module_plugin_user' => 'plugin_user as module_plugin_user', + 'module_plugin_pass' => 'plugin_pass as module_plugin_pass', + 'module_plugin_macros' => 'macros as module_plugin_macros', + 'module_id_plugin' => 'id_plugin as module_id_plugin', + 'module_post_process' => 'post_process as module_post_process', + 'module_prediction_module' => 'prediction_module as module_prediction_module', + 'module_max_timeout' => 'max_timeout as module_max_timeout', + 'module_max_retries' => 'max_retries as module_max_retries', + 'module_custom_id' => 'custom_id as module_custom_id', + 'module_history_data' => 'history_data as module_history_data', + 'module_min_warning' => 'min_warning as module_min_warning', + 'module_max_warning' => 'max_warning as module_max_warning', + 'module_str_warning' => 'str_warning as module_str_warning', + 'module_min_critical' => 'min_critical as module_min_critical', + 'module_max_critical' => 'max_critical as module_max_critical', + 'module_str_critical' => 'str_critical as module_str_critical', + 'module_min_ff_event' => 'min_ff_event as module_min_ff_event', + 'module_delete_pending' => 'delete_pending as module_delete_pending', + 'module_macros' => 'module_macros as module_macros', + 'module_critical_inverse' => 'critical_inverse as module_critical_inverse', + 'module_warning_inverse' => 'warning_inverse as module_warning_inverse', + ]; // module related field mappings 2/2 (output field => column for 'tagente_estado') - global $estado_fields_to_columns_mapping; + // module_id_agent_modulo is not in this list + $estado_fields_to_columns_mapping = [ + 'module_id_agent_state' => 'id_agente_estado as module_id_agent_state', + 'module_data' => 'datos as module_data', + 'module_timestamp' => 'timestamp as module_timestamp', + 'module_state' => 'estado as module_state', + 'module_last_try' => 'last_try as module_last_try', + 'module_utimestamp' => 'utimestamp as module_utimestamp', + 'module_current_interval' => 'current_interval as module_current_interval', + 'module_running_by' => 'running_by as module_running_by', + 'module_last_execution_try' => 'last_execution_try as module_last_execution_try', + 'module_status_changes' => 'status_changes as module_status_changes', + 'module_last_status' => 'last_status as module_last_status', + ]; if ($fields == false) { $fields = $module_properties_master_fields; @@ -1384,8 +1439,8 @@ function get_module_properties($id_module, $fields, $separator, $returnType, $re $module_additional_columns = ''; $estado_additional_columns = ''; foreach ($fields as $fld) { - if (array_key_exists($fld, $module_field_column_mampping)) { - $module_additional_columns .= (', '.$module_field_column_mampping[$fld]); + if (array_key_exists($fld, $module_field_column_mapping)) { + $module_additional_columns .= (', '.$module_field_column_mapping[$fld]); } if (array_key_exists($fld, $estado_fields_to_columns_mapping)) { @@ -1410,9 +1465,9 @@ function get_module_properties($id_module, $fields, $separator, $returnType, $re $modules = []; } - $modules = str_replace('\n', $returnReplace, $modules); - foreach ($modules as &$module) { + $module = str_replace('\n', $returnReplace, $module); + $module['type_row'] = 'module'; if ($module['module_macros']) {