tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Recon-task ACL changed. Ticket #2179

This commit is contained in:
Arturo Gonzalez Diaz 2015-07-23 16:27:20 +02:00
parent 681139e2d3
commit 4ede845c1c
2 changed files with 98 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
pandora_console/godmode/servers/manage_recontask.php
View File

@ -35,6 +35,9 @@ if (check_acl ($config['id_user'], 0, "AW")) {
$user_groups = users_get_groups(false, 'AW', true, false, null, 'id_grupo');
$user_groups = array_keys($user_groups);
$user_groups_r = users_get_groups(false, 'AR', true, false, null, 'id_grupo');
$user_groups_r = array_keys($user_groups_r);
// Headers
//ui_print_page_header (__('Manage recontask'), "images/gm_servers.png", false, "", true);
ui_print_page_header (__('Manage recontask'), "images/gm_servers.png", false, "", true, $options);
@ -152,14 +155,24 @@ if (isset($_GET["update"])) {
$reason = '';
if ($name != "") {
if (($id_recon_script == 'NULL') && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
if ((db_get_value_filter ('name', 'trecon_task', array ('name' => $name))) && (!preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))){
$reason = __('Recon-task name already exists and incorrect format in Subnet field');
$result = false;
}
else if(db_get_value_filter ('name', 'trecon_task', array ('name' => $name))){
$reason = __('Recon-task name already exists');
$result = false;
}
else if ((empty($id_recon_script)) && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network)){
$result = db_process_sql_update('trecon_task', $values, $where);
elseif ($id_recon_script != 'NULL')
}
elseif (!empty($id_recon_script)){
$result = db_process_sql_update('trecon_task', $values, $where);
}
else {
if (!preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
$reason = __('Incorrect format in Subnet field');
$result = false;
$result = false;
}
}
else
@ -207,8 +220,21 @@ if (isset($_GET["create"])) {
$name = io_safe_input($name);
$reason = "";
if (($name != "") && (! db_get_value_filter ('name', 'trecon_task', array ('name' => $name)))) {
if (($id_recon_script == 'NULL') && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
if ($name != "") {
if ((db_get_value_filter ('name', 'trecon_task', array ('name' => $name))) && (!preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))){
$reason = __('Recon-task name already exists and incorrect format in Subnet field');
$result = false;
}
else if (!preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network)){
$reason = __('Incorrect format in Subnet field');
$result = false;
}
else if (db_get_value_filter ('name', 'trecon_task', array ('name' => $name))){
$reason = __('Recon-task name already exists');
$result = false;
}
else if (empty($id_recon_script) && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
{
$result = db_process_sql_insert('trecon_task', $values);
@ -217,18 +243,13 @@ if (isset($_GET["create"])) {
elseif ($id_recon_script != 'NULL') {
$result = db_process_sql_insert('trecon_task', $values);
}
else {
if (!preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
$reason = __('Incorrect format in Subnet field');
else{
$reason = __('Error');
$result = false;
}
}
else {
$result = false;
}
if (db_get_value_filter ('name', 'trecon_task', array ('name' => $name))){
$reason = __('Recon-task name already exists');
$reason = 'The field "Task name" is empty';
$result = false;
}
@ -270,86 +291,87 @@ if ($result !== false) {
$table->style[8] = 'text-align: center;';
foreach ($result as $row) {
$data = array();
//$data[0] = '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&crt=update&update='.$row["id_rt"].'&upd='.$row["id_rt"].'"><b>'.$row["name"].'</b></a>';
$data[0] = $row["name"];
if (in_array($row["id_group"], $user_groups_r)){
$data = array();
$data[0] = $row["name"];
if ($row["id_recon_script"] == 0)
$data[1] = $row["subnet"];
else
$data[1] =__("N/A");
if ($row["id_recon_script"] == 0)
$data[1] = $row["subnet"];
else
$data[1] =__("N/A");
if ($row["id_recon_script"] == 0) {
// Network recon task
$data[2] = html_print_image ("images/network.png", true, array ("title" => __('Network recon task')))."&nbsp;&nbsp;";
$data[2] .= network_profiles_get_name ($row["id_network_profile"]);
}
else {
// APP recon task
$data[2] = html_print_image ("images/plugin.png", true). "&nbsp;&nbsp;";
$data[2] .= db_get_sql (sprintf("SELECT name FROM trecon_script WHERE id_recon_script = %d", $row["id_recon_script"]));
}
if ($row["id_recon_script"] == 0) {
// Network recon task
$data[2] = html_print_image ("images/network.png", true, array ("title" => __('Network recon task')))."&nbsp;&nbsp;";
$data[2] .= network_profiles_get_name ($row["id_network_profile"]);
}
else {
// APP recon task
$data[2] = html_print_image ("images/plugin.png", true). "&nbsp;&nbsp;";
$data[2] .= db_get_sql (sprintf("SELECT name FROM trecon_script WHERE id_recon_script = %d", $row["id_recon_script"]));
}
// GROUP
if ($row["id_recon_script"] == 0) {
$data[3] = ui_print_group_icon ($row["id_group"], true);
}
else {
$data[3] = "-";
}
// GROUP
if ($row["id_recon_script"] == 0) {
$data[3] = ui_print_group_icon ($row["id_group"], true);
}
else {
$data[3] = "-";
}
// INCIDENT
$data[4] = (($row["create_incident"] == 1) ? __('Yes') : __('No'));
// INCIDENT
$data[4] = (($row["create_incident"] == 1) ? __('Yes') : __('No'));
// OS
if ($row["id_recon_script"] == 0) {
$data[5] =(($row["id_os"] > 0) ? ui_print_os_icon ($row["id_os"], false, true) : __('Any'));
}
else {
$data[5] = "-";
}
// INTERVAL
if ($row["interval_sweep"]==0)
$data[6] = __("Manual");
else
$data[6] =human_time_description_raw($row["interval_sweep"]);
// OS
if ($row["id_recon_script"] == 0) {
$data[5] =(($row["id_os"] > 0) ? ui_print_os_icon ($row["id_os"], false, true) : __('Any'));
}
else {
$data[5] = "-";
}
// INTERVAL
if ($row["interval_sweep"]==0)
$data[6] = __("Manual");
else
$data[6] =human_time_description_raw($row["interval_sweep"]);
// PORTS
if ($row["id_recon_script"] == 0) {
$data[7] = substr($row["recon_ports"],0,15);
}
else {
$data[7] = "-";
}
// PORTS
if ($row["id_recon_script"] == 0) {
$data[7] = substr($row["recon_ports"],0,15);
}
else {
$data[7] = "-";
}
$task_group = $row["id_group"];
$task_group = $row["id_group"];
if (in_array($task_group, $user_groups)){
if (in_array($task_group, $user_groups)){
$data[8] = '<a href="index.php?sec=estado&sec2=operation/servers/recon_view">' . html_print_image("images/eye.png", true) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&delete='.$row["id_rt"].'">' . html_print_image("images/cross.png", true, array("border" => '0')) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&update='.$row["id_rt"].'">' .html_print_image("images/config.png", true) . '</a>';
if($row["disabled"] == 0) {
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=1">' .html_print_image("images/lightbulb.png", true) . '</a>';
}
else {
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=0">' .html_print_image("images/lightbulb_off.png", true) . '</a>';
}
}
// ACTION
$data[8] = '<a href="index.php?sec=estado&sec2=operation/servers/recon_view">' . html_print_image("images/eye.png", true) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&delete='.$row["id_rt"].'">' . html_print_image("images/cross.png", true, array("border" => '0')) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&update='.$row["id_rt"].'">' .html_print_image("images/config.png", true) . '</a>';
if($row["disabled"] == 0) {
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=1">' .html_print_image("images/lightbulb.png", true) . '</a>';
}
else {
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=0">' .html_print_image("images/lightbulb_off.png", true) . '</a>';
}
$table->data[] = $data;
}
// ACTION
$data[8] = '<a href="index.php?sec=estado&sec2=operation/servers/recon_view">' . html_print_image("images/eye.png", true) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&delete='.$row["id_rt"].'">' . html_print_image("images/cross.png", true, array("border" => '0')) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&update='.$row["id_rt"].'">' .html_print_image("images/config.png", true) . '</a>';
if($row["disabled"] == 0) {
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=1">' .html_print_image("images/lightbulb.png", true) . '</a>';
}
else {
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=0">' .html_print_image("images/lightbulb_off.png", true) . '</a>';
}
$table->data[] = $data;
}
html_print_table ($table);

6
pandora_console/godmode/servers/manage_recontask_form.php
View File

@ -62,11 +62,11 @@ if (is_ajax ()) {
}
// Edit mode
if (isset ($_GET["update"]) or (isset($_GET["crt"]))) {
if (isset ($_GET["update"]) or (isset($_GET["upd"]))) {
$update_recon = true;
if (isset ($_GET["crt"])) {
if ($_GET["crt"] != "update") {
if (isset ($_GET["upd"])) {
if ($_GET["upd"] != "update") {
$update_recon = false;
}
else {