From 34a9c2f1f2a52da10c0af2bc23700b7b97e95a68 Mon Sep 17 00:00:00 2001 From: Calvo Date: Tue, 1 Feb 2022 09:37:02 +0100 Subject: [PATCH 1/3] Added token local user to allow enabling local auth at user level --- pandora_console/extras/mr/53.sql | 5 +++++ .../pandoradb_migrate_6.0_to_7.0.mysql.sql | 1 + .../godmode/users/configure_user.php | 17 ++++++++++++++++- pandora_console/include/auth/mysql.php | 7 +++++++ pandora_console/pandoradb.sql | 1 + 5 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 pandora_console/extras/mr/53.sql diff --git a/pandora_console/extras/mr/53.sql b/pandora_console/extras/mr/53.sql new file mode 100644 index 0000000000..17755cb642 --- /dev/null +++ b/pandora_console/extras/mr/53.sql @@ -0,0 +1,5 @@ +START TRANSACTION; +ALTER TABLE `tusuario` ADD COLUMN `local_user` tinyint(1) unsigned NOT NULL DEFAULT 0; + + +COMMIT; \ No newline at end of file diff --git a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql index d6db1ad76e..27565b0b29 100644 --- a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql +++ b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql @@ -1549,6 +1549,7 @@ ALTER TABLE `tusuario` MODIFY COLUMN `default_event_filter` int(10) unsigned NOT DROP INDEX `fk_id_filter`; ALTER TABLE `tusuario` ADD COLUMN `integria_user_level_user` VARCHAR(60); ALTER TABLE `tusuario` ADD COLUMN `integria_user_level_pass` VARCHAR(45); +ALTER TABLE `tusuario` ADD COLUMN `local_user` tinyint(1) unsigned NOT NULL DEFAULT 0; -- --------------------------------------------------------------------- diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php index b91609e257..6fb6428dee 100644 --- a/pandora_console/godmode/users/configure_user.php +++ b/pandora_console/godmode/users/configure_user.php @@ -285,6 +285,7 @@ if ($new_user && $config['admin_can_add_user']) { $user_info['language'] = 'default'; $user_info['timezone'] = ''; $user_info['not_login'] = false; + $user_info['local_user'] = false; $user_info['strict_acl'] = false; $user_info['session_time'] = 0; $user_info['middlename'] = 0; @@ -370,6 +371,7 @@ if ($create_user) { } $values['not_login'] = (bool) get_parameter('not_login', false); + $values['local_user'] = (bool) get_parameter('local_user', false); $values['middlename'] = get_parameter('middlename', 0); $values['strict_acl'] = (bool) get_parameter('strict_acl', false); $values['session_time'] = (int) get_parameter('session_time', 0); @@ -571,6 +573,7 @@ if ($update_user) { } $values['not_login'] = (bool) get_parameter('not_login', false); + $values['local_user'] = (bool) get_parameter('local_user', false); $values['strict_acl'] = (bool) get_parameter('strict_acl', false); $values['session_time'] = (int) get_parameter('session_time', 0); @@ -1212,6 +1215,18 @@ $not_login .= html_print_checkbox_switch( true ).''; +$local_user = '

'.__('Local user').'

'; +$local_user .= ui_print_help_tip( + __('The user with local authentication enabled will always use local authentication.'), + true +); +$local_user .= html_print_checkbox_switch( + 'local_user', + 1, + $user_info['local_user'], + true +).'
'; + $session_time = '

'.__('Session Time'); $session_time .= ui_print_help_tip( __('This is defined in minutes, If you wish a permanent session should putting -1 in this field.'), @@ -1379,7 +1394,7 @@ if ($id != '' && !$is_err) { echo '

-

Extra info

'.$email.$phone.$not_login.$session_time.'
+

Extra info

'.$email.$phone.$not_login.$local_user.$session_time.'
'.$language.$access_or_pagination.$skin.$home_screen.$default_event_filter.$double_authentication.'
diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index dd223fecc2..cf6a8a274e 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -94,9 +94,16 @@ function process_user_login($login, $pass, $api=false) } // 2. Try local. + $local_user = db_get_value_filter( + 'local_user', + 'tusuario', + ['id_user' => $login] + ); + if ($login_remote === false && ($config['fallback_local_auth'] || is_user_admin($login) + || $local_user || strtolower($config['auth']) == 'mysql') ) { return process_user_login_local($login, $pass, $api); diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql index 0f766eea65..c86ba820d0 100644 --- a/pandora_console/pandoradb.sql +++ b/pandora_console/pandoradb.sql @@ -1288,6 +1288,7 @@ CREATE TABLE IF NOT EXISTS `tusuario` ( `login_blocked` tinyint(1) unsigned NOT NULL default 0, `metaconsole_access` enum('basic','advanced') default 'basic', `not_login` tinyint(1) unsigned NOT NULL DEFAULT 0, + `local_user` tinyint(1) unsigned NOT NULL DEFAULT 0, `metaconsole_agents_manager` tinyint(1) unsigned NOT NULL default 0, `metaconsole_assigned_server` int(10) unsigned NOT NULL default 0, `metaconsole_access_node` tinyint(1) unsigned NOT NULL default 0, From 293c1cfb3a39fcc58fdd133a351ba498633eb0c1 Mon Sep 17 00:00:00 2001 From: Calvo Date: Wed, 2 Feb 2022 10:36:54 +0100 Subject: [PATCH 2/3] Chaged to correct MR --- pandora_console/extras/mr/52.sql | 2 ++ pandora_console/extras/mr/53.sql | 5 ----- 2 files changed, 2 insertions(+), 5 deletions(-) delete mode 100644 pandora_console/extras/mr/53.sql diff --git a/pandora_console/extras/mr/52.sql b/pandora_console/extras/mr/52.sql index d2d5e1be65..5e54865051 100644 --- a/pandora_console/extras/mr/52.sql +++ b/pandora_console/extras/mr/52.sql @@ -1,5 +1,7 @@ START TRANSACTION; + ALTER TABLE `tpolicy_queue` MODIFY COLUMN `progress` int(10) NOT NULL default '0'; CREATE INDEX `IDX_tservice_element` ON `tservice_element`(`id_service`,`id_agente_modulo`); +ALTER TABLE `tusuario` ADD COLUMN `local_user` tinyint(1) unsigned NOT NULL DEFAULT 0; COMMIT; \ No newline at end of file diff --git a/pandora_console/extras/mr/53.sql b/pandora_console/extras/mr/53.sql deleted file mode 100644 index 17755cb642..0000000000 --- a/pandora_console/extras/mr/53.sql +++ /dev/null @@ -1,5 +0,0 @@ -START TRANSACTION; -ALTER TABLE `tusuario` ADD COLUMN `local_user` tinyint(1) unsigned NOT NULL DEFAULT 0; - - -COMMIT; \ No newline at end of file From 3d02febd22365a70f0b0b6c9598f6fc7460208c3 Mon Sep 17 00:00:00 2001 From: Calvo Date: Wed, 16 Feb 2022 14:25:25 +0100 Subject: [PATCH 3/3] Fix local login with local user token enabled --- pandora_console/include/auth/mysql.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index cf6a8a274e..5b05b6573a 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -82,8 +82,15 @@ function process_user_login($login, $pass, $api=false) { global $config; + // 0. Check first is user y set as local user. + $local_user = (bool) db_get_value_filter( + 'local_user', + 'tusuario', + ['id_user' => $login] + ); + // 1. Try remote. - if (strtolower($config['auth']) != 'mysql') { + if ($local_user !== true && strtolower($config['auth']) != 'mysql') { $login_remote = process_user_login_remote( $login, io_safe_output($pass), @@ -94,16 +101,10 @@ function process_user_login($login, $pass, $api=false) } // 2. Try local. - $local_user = db_get_value_filter( - 'local_user', - 'tusuario', - ['id_user' => $login] - ); - if ($login_remote === false && ($config['fallback_local_auth'] || is_user_admin($login) - || $local_user + || $local_user === true || strtolower($config['auth']) == 'mysql') ) { return process_user_login_local($login, $pass, $api);