From e7d730ba0d82ee1094a762b5ea6ebf6a554d8f5e Mon Sep 17 00:00:00 2001 From: "alejandro.campos@artica.es" Date: Tue, 19 Oct 2021 19:19:55 +0200 Subject: [PATCH 1/3] fix bug with ldap login in metaconsole --- pandora_console/include/auth/mysql.php | 2 +- pandora_console/include/functions.php | 10 +++++----- pandora_console/operation/users/user_edit.php | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index 4e8f7caa61..bc3bf9916e 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -387,7 +387,7 @@ function process_user_login_remote($login, $pass, $api=false) $pass, $user_info, $permissions, - is_metaconsole() + is_metaconsole() && is_centralized() === false ); } } else { diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index fe79e1420f..934ca95f8e 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -1732,9 +1732,9 @@ function is_management_allowed($hkey='') $nodes = (int) $nodes; } - return ( (is_metaconsole() && (is_centrallised() || $nodes === 0)) - || (!is_metaconsole() && !is_centrallised()) - || (!is_metaconsole() && is_centrallised()) && $hkey == generate_hash_to_api()); + return ( (is_metaconsole() && (is_centralized() || $nodes === 0)) + || (!is_metaconsole() && !is_centralized()) + || (!is_metaconsole() && is_centralized()) && $hkey == generate_hash_to_api()); } @@ -1743,7 +1743,7 @@ function is_management_allowed($hkey='') * * @return boolean */ -function is_centrallised() +function is_centralized() { global $config; @@ -1763,7 +1763,7 @@ function is_centrallised() */ function is_central_policies() { - return is_metaconsole() && is_centrallised(); + return is_metaconsole() && is_centralized(); } diff --git a/pandora_console/operation/users/user_edit.php b/pandora_console/operation/users/user_edit.php index c18c8a103e..af2bee4325 100644 --- a/pandora_console/operation/users/user_edit.php +++ b/pandora_console/operation/users/user_edit.php @@ -452,7 +452,7 @@ if (check_acl($config['id_user'], 0, 'ER')) { $autorefresh_list_out = []; -if (is_metaconsole() === false || is_centrallised() === true) { +if (is_metaconsole() === false || is_centralized() === true) { $autorefresh_list_out['operation/agentes/estado_agente'] = 'Agent detail'; $autorefresh_list_out['operation/agentes/alerts_status'] = 'Alert detail'; $autorefresh_list_out['enterprise/operation/cluster/cluster'] = 'Cluster view'; From 14076efc691be16c75ca44c0fb6b00c7ba228fe5 Mon Sep 17 00:00:00 2001 From: "alejandro.campos@artica.es" Date: Wed, 20 Oct 2021 12:48:42 +0200 Subject: [PATCH 2/3] minor fix --- pandora_console/include/auth/mysql.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index bc3bf9916e..fd09b16f6d 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -373,6 +373,10 @@ function process_user_login_remote($login, $pass, $api=false) return false; } + if (is_metaconsole() === true) { + $user_info['metaconsole_access_node'] = $config['ldap_adv_user_node']; + } + $permissions = fill_permissions_ldap($sr); if (empty($permissions) === true) { $config['auth_error'] = __('User not found in database or incorrect password'); From b4c21cfdca6c514b2db474d3d26e862a13b95818 Mon Sep 17 00:00:00 2001 From: "alejandro.campos@artica.es" Date: Fri, 29 Oct 2021 16:12:23 +0200 Subject: [PATCH 3/3] fixed several bugs in AD authentication in metaconsole --- pandora_console/godmode/users/configure_user.php | 4 +++- pandora_console/include/auth/mysql.php | 16 +++++++++++----- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php index 2757af500e..14e39ccb76 100644 --- a/pandora_console/godmode/users/configure_user.php +++ b/pandora_console/godmode/users/configure_user.php @@ -1321,6 +1321,8 @@ if (isset($double_authentication)) { if ($meta) { enterprise_include_once('include/functions_metaconsole.php'); + $access_node = db_get_value('metaconsole_access_node', 'tusuario', 'id_user', $id); + $metaconsole_agents_manager = '

'.__('Enable agents managment').'

'; $metaconsole_agents_manager .= html_print_checkbox_switch( 'metaconsole_agents_manager', @@ -1342,7 +1344,7 @@ if ($meta) { $metaconsole_access_node .= html_print_checkbox( 'metaconsole_access_node', 1, - $user_info['metaconsole_access_node'], + $access_node, true ).'
'; } diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index fd09b16f6d..2ee9272772 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -349,18 +349,24 @@ function process_user_login_remote($login, $pass, $api=false) return false; } + $user_info = [ + 'fullname' => $login, + 'comments' => 'Imported from '.$config['auth'], + ]; + + if (is_metaconsole() === true) { + $user_info['metaconsole_access_node'] = $config['ad_adv_user_node']; + } + // Create the user. if (enterprise_hook( 'prepare_permissions_groups_of_user_ad', [ $login, $pass, - [ - 'fullname' => $login, - 'comments' => 'Imported from '.$config['auth'], - ], + $user_info, false, - defined('METACONSOLE'), + defined('METACONSOLE') && is_centralized() === false, ] ) === false ) {