From 731d486455f532e6120fda1fc69893f04175d35a Mon Sep 17 00:00:00 2001
From: alejandro-campos <alejandro.campos@artica.es>
Date: Wed, 20 Jan 2021 18:22:43 +0100
Subject: [PATCH] changed behavior of All group and fixed acl vulnerability

---
 .../godmode/alerts/alert_commands.php         |  8 ++-
 .../godmode/alerts/alert_templates.php        |  8 ++-
 .../alerts/configure_alert_command.php        | 19 +++++--
 .../alerts/configure_alert_template.php       | 21 +++++---
 .../godmode/gis_maps/configure_gis_map.php    | 11 ++--
 .../godmode/snmpconsole/snmp_alert.php        | 52 ++++++++++++++-----
 .../operation/gis_maps/gis_map.php            |  8 +--
 .../operation/gis_maps/render_view.php        |  4 +-
 .../operation/visual_console/view.php         |  6 ++-
 9 files changed, 96 insertions(+), 41 deletions(-)

diff --git a/pandora_console/godmode/alerts/alert_commands.php b/pandora_console/godmode/alerts/alert_commands.php
index 53272f6273..001cfc0430 100644
--- a/pandora_console/godmode/alerts/alert_commands.php
+++ b/pandora_console/godmode/alerts/alert_commands.php
@@ -556,7 +556,9 @@ foreach ($commands as $command) {
     $data = [];
 
     $data['name'] = '<span style="font-size: 7.5pt">';
-    if (! $command['internal']) {
+
+    // (IMPORTANT, DO NOT CHANGE!) only users with permissions over "All" group have access to edition of commands belonging to "All" group.
+    if (!$command['internal'] && check_acl_restricted_all($config['id_user'], $command['id_group'], 'LM')) {
         $data['name'] .= '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_command&id='.$command['id'].'&pure='.$pure.'">'.$command['name'].'</a>';
     } else {
         $data['name'] .= $command['name'];
@@ -580,7 +582,9 @@ foreach ($commands as $command) {
     );
     $data['action'] = '';
     $table->cellclass[]['action'] = 'action_buttons';
-    if ($is_central_policies_on_node === false && !$command['internal']) {
+
+    // (IMPORTANT, DO NOT CHANGE!) only users with permissions over "All" group have access to edition of commands belonging to "All" group.
+    if ($is_central_policies_on_node === false && !$command['internal'] && check_acl_restricted_all($config['id_user'], $command['id_group'], 'LM')) {
         $data['action'] = '<span style="display: inline-flex">';
         $data['action'] .= '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/alert_commands&amp;copy_command=1&id='.$command['id'].'&pure='.$pure.'"
 			onClick="if (!confirm(\''.__('Are you sure?').'\')) return false;">'.html_print_image('images/copy.png', true).'</a>';
diff --git a/pandora_console/godmode/alerts/alert_templates.php b/pandora_console/godmode/alerts/alert_templates.php
index cc762068ae..f38682617a 100644
--- a/pandora_console/godmode/alerts/alert_templates.php
+++ b/pandora_console/godmode/alerts/alert_templates.php
@@ -401,13 +401,17 @@ foreach ($templates as $template) {
 
     $data = [];
 
-    $data[0] = '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_template&id='.$template['id'].'&pure='.$pure.'">'.$template['name'].'</a>';
+    if (check_acl_restricted_all($config['id_user'], $template['id_group'], 'LM')) {
+        $data[0] = '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_template&id='.$template['id'].'&pure='.$pure.'">'.$template['name'].'</a>';
+    } else {
+        $data[0] = $template['name'];
+    }
 
     $data[1] = ui_print_group_icon($template['id_group'], true);
     $data[3] = alerts_get_alert_templates_type_name($template['type']);
 
     if (is_central_policies_on_node() === false
-        && check_acl($config['id_user'], $template['id_group'], 'LM')
+        && check_acl_restricted_all($config['id_user'], $template['id_group'], 'LM')
     ) {
         $table->cellclass[][4] = 'action_buttons';
         $data[4] = '<form method="post" action="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_template&pure='.$pure.'" style="display: inline; float: left">';
diff --git a/pandora_console/godmode/alerts/configure_alert_command.php b/pandora_console/godmode/alerts/configure_alert_command.php
index f5596a58eb..2882d260db 100644
--- a/pandora_console/godmode/alerts/configure_alert_command.php
+++ b/pandora_console/godmode/alerts/configure_alert_command.php
@@ -48,15 +48,18 @@ if (is_metaconsole() === true) {
     );
 }
 
-
-if ($update_command) {
-    $id = (int) get_parameter('id');
+if ($id > 0) {
     $alert = alerts_get_alert_command($id);
-    if ($alert['internal']) {
+
+    if ($alert['internal'] || !check_acl_restricted_all($config['id_user'], $alert['id_group'], 'LM')) {
         db_pandora_audit('ACL Violation', 'Trying to access Alert Management');
         include 'general/noaccess.php';
         exit;
     }
+}
+
+if ($update_command) {
+    $alert = alerts_get_alert_command($id);
 
     $name = (string) get_parameter('name');
     $command = (string) get_parameter('command');
@@ -216,12 +219,18 @@ $table->data['command'][1] = html_print_textarea(
     $is_central_policies_on_node
 );
 
+$return_all_group = false;
+
+if (users_can_manage_group_all('LM') === true) {
+    $return_all_group = true;
+}
+
 $table->colspan['group'][1] = 3;
 $table->data['group'][0] = __('Group');
 $table->data['group'][1] = '<div class="w250px inline">'.html_print_select_groups(
     false,
     'LM',
-    true,
+    $return_all_group,
     'id_group',
     $id_group,
     false,
diff --git a/pandora_console/godmode/alerts/configure_alert_template.php b/pandora_console/godmode/alerts/configure_alert_template.php
index 4d4966878c..57c4cb98cb 100644
--- a/pandora_console/godmode/alerts/configure_alert_template.php
+++ b/pandora_console/godmode/alerts/configure_alert_template.php
@@ -55,6 +55,15 @@ if (defined('METACONSOLE')) {
 if ($a_template !== false) {
     // If user tries to duplicate/edit a template with group=ALL
     if ($a_template['id_group'] == 0) {
+        if (users_can_manage_group_all('LM') === false) {
+                db_pandora_audit(
+                    'ACL Violation',
+                    'Trying to access Alert Management'
+                );
+            include 'general/noaccess.php';
+            exit;
+        }
+
         // Header
         if (defined('METACONSOLE')) {
             alerts_meta_print_header();
@@ -1091,18 +1100,18 @@ if ($step == 2) {
     $table->data[0][1] .= '&nbsp;&nbsp;'.__('Group');
     $groups = users_get_groups();
     $own_info = get_user_info($config['id_user']);
-    // Only display group "All" if user is administrator or has "PM" privileges.
-    if ($own_info['is_admin'] || check_acl($config['id_user'], 0, 'PM')) {
-        $display_all_group = true;
-    } else {
-        $display_all_group = false;
+
+    $return_all_group = false;
+
+    if (users_can_manage_group_all('LM') === true) {
+        $return_all_group = true;
     }
 
     $table->data[0][1] .= '&nbsp;';
     $table->data[0][1] .= '<div class="w250px inline">'.html_print_select_groups(
         false,
         'AR',
-        $display_all_group,
+        $return_all_group,
         'id_group',
         $id_group,
         '',
diff --git a/pandora_console/godmode/gis_maps/configure_gis_map.php b/pandora_console/godmode/gis_maps/configure_gis_map.php
index 4fb38b3d38..1a0625d030 100644
--- a/pandora_console/godmode/gis_maps/configure_gis_map.php
+++ b/pandora_console/godmode/gis_maps/configure_gis_map.php
@@ -461,14 +461,15 @@ $table->data[1][1] = "<table style='padding:0px;' class='no-class' border='0' id
 	</tr> ".gis_add_conection_maps_in_form($map_connection_list).'
 </table>';
 $own_info = get_user_info($config['id_user']);
-if ($own_info['is_admin'] || check_acl($config['id_user'], 0, 'MM')) {
-    $display_all_group = true;
-} else {
-    $display_all_group = false;
+
+$return_all_group = false;
+
+if (users_can_manage_group_all('MM') === true) {
+    $return_all_group = true;
 }
 
 $table->data[2][0] = __('Group');
-$table->data[2][1] = html_print_select_groups(false, 'IW', $display_all_group, 'map_group_id', $map_group_id, '', '', '', true);
+$table->data[2][1] = html_print_select_groups(false, 'IW', $return_all_group, 'map_group_id', $map_group_id, '', '', '', true);
 
 $table->data[3][0] = __('Default zoom');
 $table->data[3][1] = html_print_input_text('map_zoom_level', $map_zoom_level, '', 2, 4, true).html_print_input_hidden('map_levels_zoom', $map_levels_zoom, true);
diff --git a/pandora_console/godmode/snmpconsole/snmp_alert.php b/pandora_console/godmode/snmpconsole/snmp_alert.php
index deb248ae2d..7ede6706c6 100755
--- a/pandora_console/godmode/snmpconsole/snmp_alert.php
+++ b/pandora_console/godmode/snmpconsole/snmp_alert.php
@@ -494,6 +494,15 @@ if ($update_alert || $duplicate_alert) {
     $position = $alert['position'];
     $disable_event = $alert['disable_event'];
     $group = $alert['id_group'];
+
+    if (!check_acl_restricted_all($config['id_user'], $group, 'LW')) {
+        db_pandora_audit(
+            'ACL Violation',
+            'Trying to access SNMP Alert Management'
+        );
+        include 'general/noaccess.php';
+        return;
+    }
 } else if ($create_alert) {
     // Variable init
     $id_as = -1;
@@ -814,13 +823,19 @@ if ($create_alert || $update_alert) {
     html_print_input_text('source_ip', $source_ip, '', 20);
     echo '</td></tr>';
 
+    $return_all_group = false;
+
+    if (users_can_manage_group_all('LW') === true) {
+        $return_all_group = true;
+    }
+
     // Group
     echo '<tr id="tr-group"><td class="datos2">'.__('Group').'</td><td class="datos2">';
     echo '<div class="w250px">';
     html_print_select_groups(
         $config['id_user'],
         'AR',
-        true,
+        $return_all_group,
         'group',
         $group,
         '',
@@ -1346,10 +1361,17 @@ if ($create_alert || $update_alert) {
         $url = 'index.php?'.'sec=snmpconsole&'.'sec2=godmode/snmpconsole/snmp_alert&'.'id_alert_snmp='.$row['id_as'].'&'.'update_alert=1';
         $data[1] = '<table>';
         $data[1] .= '<tr>';
-        $data[1] .= '<a href="'.$url.'">'.alerts_get_alert_action_name($row['id_alert']).'</a>';
+
+        if (check_acl_restricted_all($config['id_user'], $row['id_group'], 'LW')) {
+            $data[1] .= '<a href="'.$url.'">'.alerts_get_alert_action_name($row['id_alert']).'</a>';
+        } else {
+            $data[1] .= alerts_get_alert_action_name($row['id_alert']);
+        }
+
         $other_actions = db_get_all_rows_filter('talert_snmp_action', ['id_alert_snmp' => $row['id_as']]);
         $data[1] .= '</tr>';
 
+
         if ($other_actions != false) {
             foreach ($other_actions as $action) {
                 $data[1] .= '<tr>';
@@ -1361,6 +1383,7 @@ if ($create_alert || $update_alert) {
 
         $data[1] .= '</table>';
 
+
         $data[2] = $row['agent'];
         $data[3] = $row['oid'];
         $data[4] = $row['custom_oid'];
@@ -1373,18 +1396,23 @@ if ($create_alert || $update_alert) {
             $data[7] = __('Never');
         }
 
-        $data[8] = '<a href="index.php?'.'sec=snmpconsole&'.'sec2=godmode/snmpconsole/snmp_alert&'.'duplicate_alert=1&'.'id_alert_snmp='.$row['id_as'].'">'.html_print_image('images/copy.png', true, ['alt' => __('Duplicate'), 'title' => __('Duplicate')]).'</a>'.'<a href="index.php?'.'sec=snmpconsole&'.'sec2=godmode/snmpconsole/snmp_alert&'.'update_alert=1&'.'id_alert_snmp='.$row['id_as'].'">'.html_print_image('images/config.png', true, ['border' => '0', 'alt' => __('Update')]).'</a>'.'<a href="javascript:show_add_action_snmp(\''.$row['id_as'].'\');">'.html_print_image('images/add.png', true, ['title' => __('Add action')]).'</a>'.'<a href="index.php?sec=snmpconsole&sec2=godmode/snmpconsole/snmp_alert&delete_alert='.$row['id_as'].'" onClick="javascript:return confirm(\''.__('Are you sure?').'\')">'.html_print_image('images/cross.png', true, ['border' => '0', 'alt' => __('Delete')]).'</a>';
+        if (check_acl_restricted_all($config['id_user'], $row['id_group'], 'LW')) {
+                $data[8] = '<a href="index.php?'.'sec=snmpconsole&'.'sec2=godmode/snmpconsole/snmp_alert&'.'duplicate_alert=1&'.'id_alert_snmp='.$row['id_as'].'">'.html_print_image('images/copy.png', true, ['alt' => __('Duplicate'), 'title' => __('Duplicate')]).'</a>'.'<a href="index.php?'.'sec=snmpconsole&'.'sec2=godmode/snmpconsole/snmp_alert&'.'update_alert=1&'.'id_alert_snmp='.$row['id_as'].'">'.html_print_image('images/config.png', true, ['border' => '0', 'alt' => __('Update')]).'</a>'.'<a href="javascript:show_add_action_snmp(\''.$row['id_as'].'\');">'.html_print_image('images/add.png', true, ['title' => __('Add action')]).'</a>'.'<a href="index.php?sec=snmpconsole&sec2=godmode/snmpconsole/snmp_alert&delete_alert='.$row['id_as'].'" onClick="javascript:return confirm(\''.__('Are you sure?').'\')">'.html_print_image('images/cross.png', true, ['border' => '0', 'alt' => __('Delete')]).'</a>';
 
 
-        $data[9] = html_print_checkbox_extended(
-            'delete_ids[]',
-            $row['id_as'],
-            false,
-            false,
-            false,
-            'class="chk_delete"',
-            true
-        );
+                $data[9] = html_print_checkbox_extended(
+                    'delete_ids[]',
+                    $row['id_as'],
+                    false,
+                    false,
+                    false,
+                    'class="chk_delete"',
+                    true
+                );
+        } else {
+            $data[8] = '';
+            $data[9] = '';
+        }
 
         $idx = count($table->data);
         // The current index of the table is 1 less than the count of table data so we count before adding to table->data
diff --git a/pandora_console/operation/gis_maps/gis_map.php b/pandora_console/operation/gis_maps/gis_map.php
index bbc552bc31..6bf81d8db5 100644
--- a/pandora_console/operation/gis_maps/gis_map.php
+++ b/pandora_console/operation/gis_maps/gis_map.php
@@ -170,12 +170,8 @@ if ($maps !== false) {
         $data['name'] = '<a href="index.php?sec=gismaps&amp;sec2=operation/gis_maps/render_view&amp;map_id='.$map['id_tgis_map'].'">'.$map['map_name'].'</a> ';
         $data['group'] = ui_print_group_icon($map['group_id'], true);
 
-        if (check_acl($config['id_user'], 0, 'MW')
-            || check_acl($config['id_user'], 0, 'MM')
-        ) {
-            $data['default'] = '';
-            $data['op'] = '';
-        }
+        $data['default'] = '';
+        $data['op'] = '';
 
         if (check_acl_restricted_all($config['id_user'], $map['group_id'], 'MW')
             || check_acl_restricted_all($config['id_user'], $map['group_id'], 'MM')
diff --git a/pandora_console/operation/gis_maps/render_view.php b/pandora_console/operation/gis_maps/render_view.php
index 0494949d76..f8f183ec78 100644
--- a/pandora_console/operation/gis_maps/render_view.php
+++ b/pandora_console/operation/gis_maps/render_view.php
@@ -114,8 +114,8 @@ $controls = [
 $layers = gis_get_layers($idMap);
 
 // Render map
-$has_management_acl = check_acl($config['id_user'], $map['group_id'], 'MW')
-    || check_acl($config['id_user'], $map['group_id'], 'MM');
+$has_management_acl = check_acl_restricted_all($config['id_user'], $map['group_id'], 'MW')
+    || check_acl_restricted_all($config['id_user'], $map['group_id'], 'MM');
 
 $buttons = [];
 
diff --git a/pandora_console/operation/visual_console/view.php b/pandora_console/operation/visual_console/view.php
index 511c2eaa59..f6c796fb5e 100644
--- a/pandora_console/operation/visual_console/view.php
+++ b/pandora_console/operation/visual_console/view.php
@@ -300,7 +300,11 @@ if ($pure === false) {
             );
         echo '</div>';
         echo '</div>';
-        echo html_print_checkbox_switch('edit-mode', 1, false, true);
+
+        if ($aclWrite || $aclManage) {
+            echo html_print_checkbox_switch('edit-mode', 1, false, true);
+        }
+
         echo '</div>';
     }
 }