tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-04-08 18:55:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

2011-05-12 Miguel de Dios <miguel.dedios@artica.es>

Browse Source 
* include/functions.php: added new parameter for the "check_acl" function
	the $id_agent, by default is 0, and this parameter now only is used in the
	enterprise ACL check (as you see in the hook for enterprise into the
	function source). And cleaned source code style.
	
	* include/functions_agents.php, operation/search_modules.php,
	operation/agentes/status_monitor.php,
	operation/agentes/estado_ultimopaquete.php,
	operation/agentes/alerts_status.php, operation/agentes/estado_agente.php,
	operation/agentes/estado_monitores.php, operation/agentes/ver_agente.php,
	godmode/agentes/module_manager.php, godmode/agentes/modificar_agente.php,
	godmode/agentes/configurar_agente.php, godmode/alerts/alert_list.list.php:
	added checks for the ACL enterprise.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4347 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
mdtrooper 2011-05-12 14:33:07 +00:00
parent 9f3c87253e
commit 4efdf57618
14 changed files with 118 additions and 38 deletions

16
pandora_console/ChangeLog

@ -1,3 +1,19 @@
2011-05-12 Miguel de Dios <miguel.dedios@artica.es>
* include/functions.php: added new parameter for the "check_acl" function
the $id_agent, by default is 0, and this parameter now only is used in the
enterprise ACL check (as you see in the hook for enterprise into the
function source). And cleaned source code style.
* include/functions_agents.php, operation/search_modules.php,
operation/agentes/status_monitor.php,
operation/agentes/estado_ultimopaquete.php,
operation/agentes/alerts_status.php, operation/agentes/estado_agente.php,
operation/agentes/estado_monitores.php, operation/agentes/ver_agente.php,
godmode/agentes/module_manager.php, godmode/agentes/modificar_agente.php,
godmode/agentes/configurar_agente.php, godmode/alerts/alert_list.list.php:
added checks for the ACL enterprise.
2011-05-12 Miguel de Dios <miguel.dedios@artica.es>
* include/db/postgresql.php, include/db/mysql.php: fixed the scape of name

2
pandora_console/godmode/agentes/configurar_agente.php

@ -28,7 +28,7 @@ $group = 0;
if ($id_agente)
$group = agents_get_agent_group ($id_agente);
if (! check_acl ($config["id_user"], $group, "AW")) {
if (! check_acl ($config["id_user"], $group, "AW", $id_agente)) {
db_pandora_audit("ACL Violation",
"Trying to access agent manager");
require ("general/noaccess.php");

28
pandora_console/godmode/agentes/modificar_agente.php

@ -224,27 +224,34 @@ if ($ag_group > 0) {
else {
// Admin user get ANY group, even if they doesnt exist
if (check_acl ($config['id_user'], 0, "PM")){
$sql = sprintf ('SELECT COUNT(*) FROM tagente WHERE 1=1 %s', $search_sql);
if (check_acl ($config['id_user'], 0, "PM")) {
$subquery_enterprise = '';
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$subquery_enterprise = subquery_acl_enterprise();
}
$sql = sprintf ('SELECT COUNT(*) FROM tagente WHERE 1=1 %s %s', $search_sql, $subquery_enterprise);
$total_agents = db_get_sql ($sql);
switch ($config["dbtype"]) {
case "mysql":
$sql = sprintf ('SELECT *
FROM tagente WHERE 1=1 %s
ORDER BY %s %s LIMIT %d, %d', $search_sql, $order['field'], $order['order'], $offset, $config["block_size"]);
FROM tagente WHERE 1=1 %s %s
ORDER BY %s %s LIMIT %d, %d', $search_sql, $subquery_enterprise, $order['field'],
$order['order'], $offset, $config["block_size"]);
break;
case "postgresql":
$sql = sprintf ('SELECT *
FROM tagente WHERE 1=1 %s
ORDER BY %s %s LIMIT %d OFFSET %d', $search_sql, $order['field'], $order['order'], $config["block_size"], $offset);
FROM tagente WHERE 1=1 %s %s
ORDER BY %s %s LIMIT %d OFFSET %d', $search_sql, $subquery_enterprise, $order['field'],
$order['order'], $config["block_size"], $offset);
break;
case "oracle":
$set = array ();
$set['limit'] = $config["block_size"];
$set['offset'] = $offset;
$sql = sprintf ('SELECT *
FROM tagente WHERE 1=1 %s
ORDER BY %s %s', $search_sql, $order['field'], $order['order']);
FROM tagente WHERE 1=1 %s %s
ORDER BY %s %s', $search_sql, $subquery_enterprise, $order['field'], $order['order']);
$sql = oracle_recode_query ($sql, $set);
break;
}
@ -339,12 +346,13 @@ if ($agents !== false) {
$iterator = 0;
foreach ($agents as $agent) {
$id_grupo = $agent["id_grupo"];
if (! check_acl ($config["id_user"], $id_grupo, "AW"))
if (! check_acl ($config["id_user"], $id_grupo, "AW", $agent['id_agente']))
continue;
if ($color == 1) {
$tdcolor = "datos";
$color = 0;
}
}
else {
$tdcolor = "datos2";
$color = 1;

4
pandora_console/godmode/agentes/module_manager.php

@ -312,6 +312,10 @@ foreach($tempRows as $row) {
}
foreach ($modules as $module) {
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
if (!module_in_acl_enterprise($module['id_agente_modulo'])) continue;
}
$type = $module["id_tipo_modulo"];
$id_module = $module["id_modulo"];
$nombre_modulo = $module["nombre"];

4
pandora_console/godmode/alerts/alert_list.list.php

@ -373,6 +373,10 @@ $rowPair = true;
$iterator = 0;
foreach ($simple_alerts as $alert) {
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
if (!alert_in_acl_enterprise($alert['id'])) continue;
}
if ($alert['disabled']) {
$table->rowstyle[$iterator] = 'font-style: italic; color: #aaaaaa;';
$table->style[$iterator][1] = 'font-style: italic; color: #aaaaaa;';

27
pandora_console/include/functions.php

@ -925,14 +925,18 @@ function enterprise_include_once ($filename) {
// Load enterprise extensions
$filepath = realpath ($config["homedir"].'/'.ENTERPRISE_DIR.'/'.$filename);
if ($filepath === false)
return ENTERPRISE_NOT_HOOK;
if (strncmp ($config["homedir"], $filepath, strlen ($config["homedir"])) != 0)
return ENTERPRISE_NOT_HOOK;
if (file_exists ($filepath)) {
require_once ($filepath);
return true;
}
return ENTERPRISE_NOT_HOOK;
}
@ -1246,10 +1250,11 @@ function check_login () {
* @param int $id_user User id
* @param int $id_group Agents group id to check from
* @param string $access Access privilege
* @param int $id_agent The agent id.
*
* @return bool 1 if the user has privileges, 0 if not.
*/
function check_acl($id_user, $id_group, $access) {
function check_acl($id_user, $id_group, $access, $id_agent = 0) {
if (empty ($id_user)) {
//User ID needs to be specified
trigger_error ("Security error: check_acl got an empty string for user id", E_USER_WARNING);
@ -1261,7 +1266,7 @@ function check_acl($id_user, $id_group, $access) {
else {
$id_group = (int) $id_group;
}
$parents_id = array($id_group);
if ($id_group != 0) {
$group = db_get_row_filter('tgrupo', array('id_grupo' => $id_group));
@ -1274,7 +1279,7 @@ function check_acl($id_user, $id_group, $access) {
else {
$parents_id = array();
}
//Joined multiple queries into one. That saves on the query overhead and query cache.
if ($id_group == 0) {
$query = sprintf("SELECT tperfil.incident_view, tperfil.incident_edit,
@ -1301,9 +1306,9 @@ function check_acl($id_user, $id_group, $access) {
}
$rowdup = db_get_all_rows_sql ($query);
if (empty ($rowdup))
return 0;
return 0;
$result = 0;
foreach ($rowdup as $row) {
@ -1341,9 +1346,15 @@ function check_acl($id_user, $id_group, $access) {
break;
}
}
if ($result >= 1)
return 1;
if ($result >= 1) {
if ($id_agent != 0) {
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
return check_acl_policy($id_user, $id_agent);
}
}
else return 1;
}
return 0;
}

16
pandora_console/include/functions_agents.php

@ -326,7 +326,7 @@ function agents_get_agents ($filter = false, $fields = false, $access = 'AR', $o
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$enterprise_include = true;
}
if (! is_array ($filter)) {
$filter = array ();
}
@ -888,6 +888,10 @@ function agents_get_group_agents ($id_group = 0, $search = false, $case = "lower
*/
function agents_get_modules ($id_agent = null, $details = false, $filter = false, $indexed = true, $get_not_init_modules = true) {
global $config;
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$subquery_enterprise = subquery_acl_enterprise();
}
if ($id_agent === null) {
//Extract the agents of group user.
@ -998,20 +1002,22 @@ function agents_get_modules ($id_agent = null, $details = false, $filter = false
case "postgresql":
$sql = sprintf ('SELECT %s%s
FROM tagente_modulo
%s
%s %s
ORDER BY nombre',
($details != '*' && $indexed) ? 'id_agente_modulo,' : '',
io_safe_output(implode (",", (array) $details)),
$where);
$where,
$subquery_enterprise);
break;
case "oracle":
$sql = sprintf ('SELECT %s%s
FROM tagente_modulo
%s
%s %s
ORDER BY dbms_lob.substr(nombre, 4000, 1)',
($details != '*' && $indexed) ? 'id_agente_modulo,' : '',
io_safe_output(implode (",", (array) $details)),
$where);
$where,
$subquery_enterprise);
break;
}

7
pandora_console/operation/agentes/alerts_status.php

@ -362,6 +362,10 @@ $table->data = array ();
$rowPair = true;
$iterator = 0;
foreach ($alerts['alerts_simple'] as $alert) {
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
if (!alert_in_acl_enterprise($alert['id'])) continue;
}
if ($rowPair)
$table->rowclass[$iterator] = 'rowPair';
else
@ -376,7 +380,8 @@ echo '<form method="post" action="'.$url.'">';
if (!empty ($table->data)) {
ui_pagination ($countAlertsSimple, $url, $offset_simple, 0, false, 'offset_simple');
html_print_table ($table);
} else {
}
else {
echo '<div class="nf">'.__('No simple alerts found').'</div>';
}

18
pandora_console/operation/agentes/estado_agente.php

@ -26,9 +26,9 @@ require_once($config['homedir'] . '/include/functions_modules.php');
check_login ();
if (! check_acl ($config['id_user'], 0, "AR")) {
db_pandora_audit("ACL Violation",
"Trying to access agent main list view");
db_pandora_audit("ACL Violation", "Trying to access agent main list view");
require ("general/noaccess.php");
return;
}
@ -262,11 +262,19 @@ else {
$total_agents = 0;
$agents = false;
if (! empty ($agent_names)) {
if (check_acl ($config['id_user'], 0, "PM")){
$sql = sprintf ('SELECT COUNT(*) FROM tagente WHERE 1=1 %s', $search_sql);
$subquery_enterprise = '';
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$subquery_enterprise = subquery_acl_enterprise();
}
if (check_acl ($config['id_user'], 0, "PM")) {
$sql = sprintf ('SELECT COUNT(*) FROM tagente WHERE 1=1 %s %s', $search_sql, $subquery_enterprise);
$total_agents = db_get_sql ($sql);
$sql = sprintf ('SELECT * FROM tagente WHERE 1=1 %s ORDER BY %s %s LIMIT %d, %d', $search_sql, $order['field'], $order['order'], $offset, $config["block_size"]);
$sql = sprintf ('SELECT * FROM tagente
WHERE 1=1 %s %s
ORDER BY %s %s LIMIT %d, %d', $search_sql, $subquery_enterprise,
$order['field'], $order['order'], $offset, $config["block_size"]);
$agents = db_get_all_rows_sql ($sql);
}

3
pandora_console/operation/agentes/estado_monitores.php

@ -185,6 +185,9 @@ $table->align = array("left","left","left","left","left","center");
$last_modulegroup = 0;
$rowIndex = 0;
foreach ($modules as $module) {
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
if (!module_in_acl_enterprise($module['id_agente_modulo'])) continue;
}
//The code add the row of 1 cell with title of group for to be more organice the list.

5
pandora_console/operation/agentes/estado_ultimopaquete.php

@ -224,6 +224,11 @@ $texto=''; $last_modulegroup = 0;
$color = 1;
$write = check_acl ($config['id_user'], $agent['id_grupo'], "AW");
foreach ($modules as $module) {
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
if (!module_in_acl_enterprise($module['id_agente_modulo'])) continue;
}
// Calculate table line color
if ($color == 1){
$tdcolor = "datos";

14
pandora_console/operation/agentes/status_monitor.php

@ -34,6 +34,12 @@ require_once($config['homedir'] . '/include/functions_users.php');
$isFunctionPolicies = enterprise_include_once ('include/functions_policies.php');
//Add the subquery for the ACL enterprise
if (ENTERPRISE_NOT_HOOK !== $isFunctionPolicies) {
$subquery_enterprise = subquery_acl_enterprise();
$subquery_enterprise2 = subquery_acl_enterprise('AND', 'tagente.id_agente');
}
ui_print_page_header ("Monitor detail", "images/bricks.png", false);
@ -85,7 +91,7 @@ switch ($config["dbtype"]) {
$sql = '
SELECT distinct(nombre)
FROM tagente_modulo
WHERE nombre <> "delete_pending" and id_agente in
WHERE nombre <> "delete_pending" ' . $subquery_enterprise . ' and id_agente in
(
select id_agente
from tagente where id_grupo IN (
@ -117,7 +123,7 @@ switch ($config["dbtype"]) {
$sql = '
select distinct(nombre)
from tagente_modulo
where nombre <> \'delete_pending\' and id_agente in
where nombre <> \'delete_pending\' ' . $subquery_enterprise . ' and id_agente in
(
select id_agente
from tagente where id_grupo IN (
@ -156,7 +162,7 @@ switch ($config["dbtype"]) {
$sql = '
select nombre
from (select distinct dbms_lob.substr(nombre,4000,1) as nombre, ' . $column_names .' from tagente_modulo)
where nombre <> \'delete_pending\' and id_agente in
where nombre <> \'delete_pending\' ' . $subquery_enterprise . ' and id_agente in
(
select id_agente
from tagente where id_grupo IN (
@ -208,7 +214,7 @@ $sql = " FROM tagente, tagente_modulo, tagente_estado
WHERE tagente.id_agente = tagente_modulo.id_agente
AND tagente_modulo.disabled = 0
AND tagente.disabled = 0
AND tagente_estado.id_agente_modulo = tagente_modulo.id_agente_modulo";
AND tagente_estado.id_agente_modulo = tagente_modulo.id_agente_modulo" . $subquery_enterprise2 ;
// Agent group selector
if ($ag_group > 0 && check_acl ($config["id_user"], $ag_group, "AR")) {

2
pandora_console/operation/agentes/ver_agente.php

@ -342,7 +342,7 @@ if (empty ($id_agente)) {
$agent = db_get_row ('tagente', 'id_agente', $id_agente);
// get group for this id_agente
$id_grupo = $agent['id_grupo'];
if (! check_acl ($config['id_user'], $id_grupo, "AR")) {
if (! check_acl ($config['id_user'], $id_grupo, "AR", $id_agente)) {
db_pandora_audit("ACL Violation",
"Trying to access (read) to agent ".agents_get_name($id_agente));
include ("general/noaccess.php");

10
pandora_console/operation/search_modules.php

@ -18,6 +18,10 @@ global $config;
include_once($config['homedir'] . "/include/functions_modules.php");
include_once($config['homedir'] . '/include/functions_users.php');
$subquery_enterprise = '';
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$subquery_enterprise = subquery_acl_enterprise('', 't1.id_agente', 'AND');
}
$searchModules = check_acl($config['id_user'], 0, "AR");
@ -73,7 +77,7 @@ if ($searchModules) {
ON t3.id_grupo = t2.id_grupo
INNER JOIN tagente_estado AS t4
ON t4.id_agente_modulo = t1.id_agente_modulo
WHERE (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
WHERE ' . $subquery_enterprise . ' (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
OR 0 IN (
SELECT id_grupo
FROM tusuario_perfil
@ -96,7 +100,7 @@ if ($searchModules) {
ON t3.id_grupo = t2.id_grupo
INNER JOIN tagente_estado AS t4
ON t4.id_agente_modulo = t1.id_agente_modulo
WHERE (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
WHERE ' . $subquery_enterprise . ' (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
OR 0 IN (
SELECT id_grupo
FROM tusuario_perfil
@ -119,7 +123,7 @@ if ($searchModules) {
ON t3.id_grupo = t2.id_grupo
INNER JOIN tagente_estado AS t4
ON t4.id_agente_modulo = t1.id_agente_modulo
WHERE (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
WHERE ' . $subquery_enterprise . ' (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
OR 0 IN (
SELECT id_grupo
FROM tusuario_perfil