tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2011-11-24 Sergio Martin <sergio.martin@artica.es> 

* include/functions_api.php
	include/functions.php
	include/functions_agents.php
	operation/search_modules.php
	operation/agentes/status_monitor.php
	operation/agentes/estado_ultimopaquete.php
	operation/agentes/alerts_status.php
	operation/agentes/estado_generalagente.php
	operation/agentes/estado_agente.php
	operation/agentes/estado_monitores.php
	operation/agentes/ver_agente.php
	operation/search_agents.php
	operation/search_alerts.php
	godmode/agentes/module_manager.php
	godmode/agentes/modificar_agente.php
	godmode/agentes/configurar_agente.php
	godmode/alerts/alert_list.list.php
	godmode/users/configure_user.php: Reconstruct policy acl
	system to allow in enterprise version get extra access for 
	a user in a policy



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5168 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
zarzuelo 2011-11-24 18:19:09 +00:00
parent d4b510c89c
commit 739dfdcf0a
19 changed files with 460 additions and 284 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
pandora_console/ChangeLog
View File

@ -1,3 +1,26 @@
2011-11-24 Sergio Martin <sergio.martin@artica.es>
* include/functions_api.php
include/functions.php
include/functions_agents.php
operation/search_modules.php
operation/agentes/status_monitor.php
operation/agentes/estado_ultimopaquete.php
operation/agentes/alerts_status.php
operation/agentes/estado_generalagente.php
operation/agentes/estado_agente.php
operation/agentes/estado_monitores.php
operation/agentes/ver_agente.php
operation/search_agents.php
operation/search_alerts.php
godmode/agentes/module_manager.php
godmode/agentes/modificar_agente.php
godmode/agentes/configurar_agente.php
godmode/alerts/alert_list.list.php
godmode/users/configure_user.php: Reconstruct policy acl
system to allow in enterprise version get extra access for
a user in a policy
2011-11-24 Sergio Martin <sergio.martin@artica.es>
* include/help/en/help_integria_url.php

24
pandora_console/godmode/agentes/configurar_agente.php
View File

@ -18,6 +18,7 @@
global $config;
enterprise_include ('godmode/agentes/configurar_agente.php');
enterprise_include ('include/functions_policies.php');
enterprise_include ('include/functions_modules.php');
include_once($config['homedir'] . "/include/functions_agents.php");
@ -29,7 +30,13 @@ $group = 0;
if ($id_agente)
$group = agents_get_agent_group ($id_agente);
if (! check_acl ($config["id_user"], $group, "AW", $id_agente)) {
$is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente));
if($is_extra === ENTERPRISE_NOT_HOOK) {
$is_extra = false;
}
if (! check_acl ($config["id_user"], $group, "AW", $id_agente) && !$is_extra) {
db_pandora_audit("ACL Violation",
"Trying to access agent manager");
require ("general/noaccess.php");
@ -531,7 +538,12 @@ if ($update_agent) { // if modified some agent paramenter
if ($id_agente) {
//This has been done in the beginning of the page, but if an agent was created, this id might change
$id_grupo = agents_get_agent_group ($id_agente);
if (check_acl ($config["id_user"], $id_grupo, "AW") != 1) {
$is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente));
if($is_extra === ENTERPRISE_NOT_HOOK) {
$is_extra = false;
}
if (!check_acl ($config["id_user"], $id_grupo, "AW") && !$is_extra) {
db_pandora_audit("ACL Violation","Trying to admin an agent without access");
require ("general/noaccess.php");
exit;
@ -571,7 +583,13 @@ $edit_module = (bool) get_parameter ('edit_module');
if ($update_module || $create_module) {
$id_grupo = agents_get_agent_group ($id_agente);
if (! check_acl ($config["id_user"], $id_grupo, "AW")) {
$is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente));
if($is_extra === ENTERPRISE_NOT_HOOK) {
$is_extra = false;
}
if (!check_acl ($config["id_user"], $id_grupo, "AW") && !$is_extra) {
db_pandora_audit("ACL Violation",
"Trying to create a module without admin rights");
require ("general/noaccess.php");

133
pandora_console/godmode/agentes/modificar_agente.php
View File

@ -41,12 +41,6 @@ enterprise_include_once('include/functions_policies.php');
require_once ('include/functions_agents.php');
require_once ('include/functions_users.php');
//Add enterprise function to add other enterprise ACL.
$enterprise_acl = false;
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$enterprise_acl = true;
}
$search = get_parameter ("search", "");
$agent_to_delete = (int)get_parameter('borrar_agente');
@ -195,7 +189,7 @@ if ($search != ""){
$search_sql = " AND ( nombre COLLATE utf8_general_ci LIKE '%$search%' OR direccion LIKE '%$search%') ";
}
// Show only selected groups
// Show only selected groups
if ($ag_group > 0) {
$sql = sprintf ('SELECT COUNT(*)
FROM tagente
@ -242,27 +236,30 @@ if ($ag_group > 0) {
}
}
else {
$sql_extra = enterprise_hook('policies_get_agents_sql_condition');
if($sql_extra === ENTERPRISE_NOT_HOOK) {
$sql_extra = '';
}
else if($sql_extra != '') {
$sql_extra = sprintf('OR %s', $sql_extra);
}
// Admin user get ANY group, even if they doesnt exist
if (check_acl ($config['id_user'], 0, "PM")) {
$subquery_enterprise = '';
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$subquery_enterprise = subquery_acl_enterprise();
}
$sql = sprintf ('SELECT COUNT(*) FROM tagente WHERE 1=1 %s %s', $search_sql, $subquery_enterprise);
if (check_acl ($config['id_user'], 0, "PM")) {
$sql = sprintf ('SELECT COUNT(*) FROM tagente WHERE (1=1 %s) %s', $search_sql, $sql_extra);
$total_agents = db_get_sql ($sql);
switch ($config["dbtype"]) {
case "mysql":
$sql = sprintf ('SELECT *
FROM tagente WHERE 1=1 %s %s
ORDER BY %s %s LIMIT %d, %d', $search_sql, $subquery_enterprise, $order['field'],
FROM tagente WHERE (1=1 %s) %s
ORDER BY %s %s LIMIT %d, %d', $search_sql, $sql_extra, $order['field'],
$order['order'], $offset, $config["block_size"]);
break;
case "postgresql":
$sql = sprintf ('SELECT *
FROM tagente WHERE 1=1 %s %s
ORDER BY %s %s LIMIT %d OFFSET %d', $search_sql, $subquery_enterprise, $order['field'],
FROM tagente WHERE (1=1 %s) %s
ORDER BY %s %s LIMIT %d OFFSET %d', $search_sql, $sql_extra, $order['field'],
$order['order'], $config["block_size"], $offset);
break;
case "oracle":
@ -270,62 +267,55 @@ else {
$set['limit'] = $config["block_size"];
$set['offset'] = $offset;
$sql = sprintf ('SELECT *
FROM tagente WHERE 1=1 %s %s
ORDER BY %s %s', $search_sql, $subquery_enterprise, $order['field'], $order['order']);
FROM tagente WHERE (1=1 %s) %s
ORDER BY %s %s', $search_sql, $sql_extra, $order['field'], $order['order']);
$sql = oracle_recode_query ($sql, $set);
break;
}
}
else {
if (!$enterprise_acl) {
$sql = sprintf ('SELECT COUNT(*)
FROM tagente
WHERE id_grupo IN (%s)
%s',
implode (',', array_keys (users_get_groups ())),
$search_sql);
$total_agents = db_get_sql ($sql);
switch ($config["dbtype"]) {
case "mysql":
$sql = sprintf ('SELECT *
FROM tagente
WHERE id_grupo IN (%s)
%s
ORDER BY %s %s LIMIT %d, %d',
implode (',', array_keys (users_get_groups ())),
$search_sql, $order['field'], $order['order'], $offset, $config["block_size"]);
break;
case "postgresql":
$sql = sprintf ('SELECT *
FROM tagente
WHERE id_grupo IN (%s)
%s
ORDER BY %s %s LIMIT %d OFFSET %d',
implode (',', array_keys (users_get_groups ())),
$search_sql, $order['field'], $order['order'], $config["block_size"], $offset);
break;
case "oracle":
$set = array ();
$set['limit'] = $config["block_size"];
$set['offset'] = $offset;
$sql = sprintf ('SELECT *
FROM tagente
WHERE id_grupo IN (%s)
%s
ORDER BY %s %s',
implode (',', array_keys (users_get_groups ())),
$search_sql, $order['field'], $order['order']);
$sql = oracle_recode_query ($sql, $set);
break;
}
}
else {
$total_agents = enterprise_count_agents_manage_agents($search_sql);
$sql = sprintf ('SELECT COUNT(*)
FROM tagente
WHERE (id_grupo IN (%s)
%s) %s',
implode (',', array_keys (users_get_groups ())),
$search_sql, $sql_extra);
$sql = enterprise_sql_manage_agents($search_sql, $order, $offset);
}
$total_agents = db_get_sql ($sql);
switch ($config["dbtype"]) {
case "mysql":
$sql = sprintf ('SELECT *
FROM tagente
WHERE (id_grupo IN (%s)
%s) %s
ORDER BY %s %s LIMIT %d, %d',
implode (',', array_keys (users_get_groups ())),
$search_sql, $sql_extra, $order['field'], $order['order'], $offset, $config["block_size"]);
break;
case "postgresql":
$sql = sprintf ('SELECT *
FROM tagente
WHERE (id_grupo IN (%s)
%s) %s
ORDER BY %s %s LIMIT %d OFFSET %d',
implode (',', array_keys (users_get_groups ())),
$search_sql, $sql_extra, $order['field'], $order['order'], $config["block_size"], $offset);
break;
case "oracle":
$set = array ();
$set['limit'] = $config["block_size"];
$set['offset'] = $offset;
$sql = sprintf ('SELECT *
FROM tagente
WHERE (id_grupo IN (%s)
%s) %s
ORDER BY %s %s',
implode (',', array_keys (users_get_groups ())),
$search_sql, $order['field'], $order['order']);
$sql = oracle_recode_query ($sql, $set);
break;
}
}
}
@ -366,7 +356,12 @@ if ($agents !== false) {
$iterator = 0;
foreach ($agents as $agent) {
$id_grupo = $agent["id_grupo"];
if (! check_acl ($config["id_user"], $id_grupo, "AW", $agent['id_agente']))
$is_extra = enterprise_hook('policies_is_agent_extra_policy', array($agent["id_agente"]));
if($is_extra === ENTERPRISE_NOT_HOOK) {
$is_extra = false;
}
if (! check_acl ($config["id_user"], $id_grupo, "AW", $agent['id_agente']) && !$is_extra)
continue;
if ($color == 1) {

96
pandora_console/godmode/agentes/module_manager.php
View File

@ -254,43 +254,68 @@ switch ($sortField) {
break;
}
// Get the enterprise acl sql condition
$extra_sql = enterprise_hook('policies_get_modules_sql_condition', array($id_agente));
if($extra_sql == ENTERPRISE_NOT_HOOK) {
$extra_sql = '';
}else if ($extra_sql != '') {
$extra_sql .= ' OR ';
}
// Build the order sql
if(!empty($order)) {
$order_sql = ' ORDER BY ';
}
$first = true;
foreach($order as $ord) {
if($first) {
$first = false;
}
else {
$order_sql .= ',';
}
$order_sql .= $ord['field'].' '.$ord['order'];
}
// Get limit and offset parameters
$limit = (int) $config["block_size"];
$offset = (int) get_parameter ('offset');
$params = implode(',', array ('id_agente_modulo', 'id_tipo_modulo', 'descripcion', 'nombre',
'max', 'min', 'module_interval', 'id_modulo', 'id_module_group',
'disabled','max_warning', 'min_warning', 'str_warning',
'max_critical', 'min_critical', 'str_critical'));
$where = sprintf("id_policy_module = 0 AND delete_pending = 0 AND id_agente = %s", $id_agente);
switch ($config["dbtype"]) {
case "postgresql":
$limit_sql = " LIMIT $limit OFFSET $offset ";
case "mysql":
case "postgresql":
$modules = db_get_all_rows_filter ('tagente_modulo',
array ('delete_pending' => 0,
'id_agente' => $id_agente,
'order' => $order,
'offset' => (int) get_parameter ('offset'),
'limit' => (int) $config['block_size']),
array ('id_agente_modulo', 'id_tipo_modulo', 'descripcion', 'nombre',
'max', 'min', 'module_interval', 'id_modulo', 'id_module_group',
'disabled','max_warning', 'min_warning', 'str_warning',
'max_critical', 'min_critical', 'str_critical'));
if(!isset($limit_sql)) {
$limit_sql = " LIMIT $offset, $limit ";
}
$sql = sprintf("SELECT %s total FROM tagente_modulo WHERE %s (%s) %s %s",
$params, $extra_sql, $where, $order_sql, $limit_sql);
$modules = db_get_all_rows_sql($sql);
break;
case "oracle":
case "oracle":
$set = array();
$set['limit'] = (int) $config["block_size"];
$set['offset'] = (int) get_parameter ('offset');
$sql = db_get_all_rows_filter('tagente_modulo',
array ('delete_pending' => 0,
'id_agente' => $id_agente,
'order' => $order),
array ('id_agente_modulo', 'id_tipo_modulo', 'descripcion', 'dbms_lob.substr(nombre,4000,1) nombre',
'max', 'min', 'module_interval', 'id_modulo', 'id_module_group',
'disabled','max_warning', 'min_warning', 'str_warning',
'max_critical', 'min_critical', 'str_critical'), 'AND', false, true);
$set['limit'] = $limit;
$set['offset'] = $offset;
$sql = sprintf("SELECT %s total FROM tagente_modulo WHERE %s (%s) %s",
$params, $extra_sql, $where, $order_sql);
$modules = oracle_recode_query ($sql, $set, 'AND', false);
break;
}
$total_modules = db_get_all_rows_filter ('tagente_modulo',
array ('delete_pending' => 0,
'id_agente' => $id_agente,
'order' => $order),
array ('count(*) total'));
$total_modules = isset ($total_modules[0]['total']) ? $total_modules[0]['total'] : 0;
$sql_total_modules = sprintf("SELECT count(*) FROM tagente_modulo WHERE %s (%s)", $extra_sql, $where);
$total_modules = db_get_value_sql($sql_total_modules);
$total_modules = isset ($total_modules) ? $total_modules : 0;
if ($modules === false) {
echo "<div class='nf'>".__('No available data to show')."</div>";
@ -320,7 +345,6 @@ $table->head[5] = __('Description');
$table->head[6] = __('Warn');
$table->head[7] = __('Action');
$table->rowstyle = array();
@ -347,9 +371,15 @@ foreach($tempRows as $row) {
}
foreach ($modules as $module) {
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
if (!module_in_acl_enterprise($module['id_agente_modulo'])) continue;
}
$is_extra = enterprise_hook('policies_is_module_extra_policy', array($module["id_agente_modulo"]));
if($is_extra === ENTERPRISE_NOT_HOOK) {
$is_extra = false;
}
if (! check_acl ($config["id_user"], $group, "AW", $id_agente) && !$is_extra) {
continue;
}
$type = $module["id_tipo_modulo"];
$id_module = $module["id_modulo"];

4
pandora_console/godmode/alerts/alert_list.list.php
View File

@ -366,10 +366,6 @@ $rowPair = true;
$iterator = 0;
foreach ($simple_alerts as $alert) {
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
if (!alert_in_acl_enterprise($alert['id'])) continue;
}
if ($alert['disabled']) {
$table->rowstyle[$iterator] = 'font-style: italic; color: #aaaaaa;';
$table->style[$iterator][1] = 'font-style: italic; color: #aaaaaa;';

52
pandora_console/godmode/users/configure_user.php
View File

@ -78,12 +78,13 @@ if ($config['user_can_update_info']) {
$new_user = (bool) get_parameter ('new_user');
$create_user = (bool) get_parameter ('create_user');
$add_profile = (bool) get_parameter ('add_profile');
$add_profile_policy = (bool) get_parameter ('add_profile_policy');
$delete_profile = (bool) get_parameter ('delete_profile');
$update_user = (bool) get_parameter ('update_user');
$status = get_parameter ('status', -1);
// Reset status var if current action is not update_user
if ($new_user || $create_user || $add_profile || $delete_profile || $update_user){
if ($new_user || $create_user || $add_profile || $add_profile_policy || $delete_profile || $update_user){
$status = -1;
}
@ -271,15 +272,37 @@ if ($add_profile) {
"Added profile for user ".io_safe_input($id2), false, false, 'Profile: ' . $profile2 . ' Group: ' . $group2);
$return = profile_create_user_profile($id2, $profile2, $group2);
if ($enterprise_include) {
add_enterprise_db_data_user_profile_form($return);
}
ui_print_result_message ($return,
__('Profile added successfully'),
__('Profile cannot be added'));
}
if ($add_profile_policy && $enterprise_include) {
$id2 = (string) get_parameter ('id');
$profile2 = (int) get_parameter ('assign_profile');
$id_policy = (int) get_parameter ('policy');
if($id_policy != 0) {
$return = policies_create_user_policy_profile($id2, $profile2, $id_policy);
}
else {
$return = false;
}
if($return === false) {
db_pandora_audit("User management",
"Added extra policy profile for user ".io_safe_input($id2), false, false, ' Policy: ' . $id_policy);
}
else {
db_pandora_audit("User management",
"Problem adding extra policy profile for user ".io_safe_input($id2), false, false, ' Policy: ' . $id_policy);
}
ui_print_result_message ($return,
__('Extra policy profile added successfully'),
__('Extra policy profile cannot be added'));
}
if ($delete_profile) {
$id2 = (string) get_parameter ('id_user');
$id_up = (int) get_parameter ('id_user_profile');
@ -425,9 +448,11 @@ $table->head[1] = __('Group');
$table->head[2] = __('Action');
$table->align[2] = 'center';
/*
if ($enterprise_include) {
add_enterprise_column_user_profile_form($table);
}
*/
$result = db_get_all_rows_field_filter ("tusuario_perfil", "id_usuario", $id);
if ($result === false) {
@ -435,6 +460,10 @@ if ($result === false) {
}
foreach ($result as $profile) {
if($profile["id_grupo"] == -1) {
continue;
}
$data = array ();
$data[0] = '<a href="index.php?sec=gusaurios&amp;sec2=godmode/users/configure_profile&id='.$profile['id_perfil'].'">'.profile_get_name ($profile['id_perfil']).'</a>';
@ -446,14 +475,9 @@ foreach ($result as $profile) {
$data[2] .= html_print_input_image ('del', 'images/cross.png', 1, '', true);
$data[2] .= '</form>';
if ($enterprise_include) {
add_data_enterprise_column_user_profile_form($data, $profile['id_up']);
}
array_push ($table->data, $data);
}
if (!$enterprise_include) {
$data = array ();
$data[0] = '<form method="post">';
@ -475,19 +499,15 @@ if (!$enterprise_include) {
$data[2] .= html_print_input_hidden ('id', $id, true);
$data[2] .= html_print_input_hidden ('add_profile', 1, true);
$data[2] .= '</form>';
}
else {
add_row_enterprise_form_user_profile_form($data, $own_info, $id);
}
array_push ($table->data, $data);
html_print_table ($table);
echo '</form>';
unset ($table);
if ($enterprise_include) {
add_script_enterprise_profile_form();
policies_profile_form($id);
}
?>

8
pandora_console/include/functions.php
View File

@ -1370,6 +1370,7 @@ function check_acl($id_user, $id_group, $access, $id_agent = 0) {
$parents_id = array();
}
// TODO: To reduce this querys in one adding the group condition if necessary (only one line is different)
//Joined multiple queries into one. That saves on the query overhead and query cache.
if ($id_group == 0) {
$query = sprintf("SELECT tperfil.incident_view, tperfil.incident_edit,
@ -1438,12 +1439,7 @@ function check_acl($id_user, $id_group, $access, $id_agent = 0) {
}
if ($result >= 1) {
if ($id_agent != 0) {
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
return check_acl_policy($id_user, $id_agent);
}
}
else return 1;
return 1;
}
return 0;

170
pandora_console/include/functions_agents.php
View File

@ -192,34 +192,24 @@ function agents_get_alerts_simple ($id_agent = false, $filter = '', $options = f
$selectText = 'COUNT(talert_template_modules.id) AS count';
}
switch ($config["dbtype"]) {
case "mysql":
case "postgresql":
$sql = sprintf ("SELECT %s
FROM talert_template_modules
INNER JOIN tagente_modulo AS t2
ON talert_template_modules.id_agent_module = t2.id_agente_modulo
INNER JOIN tagente AS t3
ON t2.id_agente = t3.id_agente
INNER JOIN talert_templates AS t4
ON talert_template_modules.id_alert_template = t4.id
WHERE id_agent_module in (%s) %s %s %s",
$selectText, $subQuery, $where, $filter, $orderbyText);
break;
case "oracle":
$sql = sprintf ("SELECT %s
FROM talert_template_modules
INNER JOIN tagente_modulo t2
ON talert_template_modules.id_agent_module = t2.id_agente_modulo
INNER JOIN tagente t3
ON t2.id_agente = t3.id_agente
INNER JOIN talert_templates t4
ON talert_template_modules.id_alert_template = t4.id
WHERE id_agent_module in (%s) %s %s %s",
$selectText, $subQuery, $where, $filter, $orderbyText);
break;
$extra_sql = enterprise_hook('policies_get_modules_sql_condition', array(reset($id_agent), 't3.'));
if ($extra_sql === ENTERPRISE_NOT_HOOK) {
$extra_sql = '';
}else if ($extra_sql != '') {
$extra_sql .= ' OR ';
}
$sql = sprintf ("SELECT %s
FROM talert_template_modules
INNER JOIN tagente_modulo t2
ON talert_template_modules.id_agent_module = t2.id_agente_modulo
INNER JOIN tagente t3
ON t2.id_agente = t3.id_agente
INNER JOIN talert_templates t4
ON talert_template_modules.id_alert_template = t4.id
WHERE (%s id_agent_module in (%s)) %s %s %s",
$selectText, $extra_sql, $subQuery, $where, $filter, $orderbyText);
$alerts = db_get_all_rows_sql ($sql);
if ($alerts === false)
@ -321,12 +311,6 @@ function agents_get_alerts_compound ($id_agent = false, $filter = '', $options =
*/
function agents_get_agents ($filter = false, $fields = false, $access = 'AR', $order = array('field' => 'nombre', 'order' => 'ASC')) {
global $config;
//Add enterprise function to add other enterprise ACL.
$enterprise_include = false;
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$enterprise_include = true;
}
if (! is_array ($filter)) {
$filter = array ();
@ -369,17 +353,58 @@ function agents_get_agents ($filter = false, $fields = false, $access = 'AR', $o
$fields[1] = "nombre";
}
$filter['order'] = $order['field'] . ' ' . $order['order'];
if ($enterprise_include) {
$ids = get_id_agents_user_profile_policy();
if (!empty($filter['id_agente'])) {
$filter['id_agente'] = array_intersect($filter['id_agente'], $ids);
if(isset($order['field'])) {
if(!isset($order['order'])) {
$order['order'] = 'ASC';
}
$order = 'ORDER BY '.$order['field'] . ' ' . $order['order'];
}
return db_get_all_rows_filter ('tagente', $filter, $fields);
unset($filter['order']);
if(isset($filter['offset'])) {
$offset = $filter['offset'];
unset($filter['offset']);
}
if(isset($filter['limit'])) {
$limit = $filter['limit'];
unset($filter['limit']);
}
$where = db_format_array_where_clause_sql ($filter, 'AND', ' WHERE (').')';
$sql_extra = enterprise_hook('policies_get_agents_sql_condition');
if($sql_extra != ENTERPRISE_NOT_HOOK) {
$where = sprintf('%s OR %s', $where, $sql_extra);
}
$sql = sprintf('SELECT %s FROM tagente %s %s', implode(',',$fields), $where, $order);
switch ($config["dbtype"]) {
case "mysql":
case "postgresql":
if(isset($offset) && isset($limit)) {
$limit_sql = " LIMIT $offset, $limit ";
}
$sql = sprintf("%s %s", $sql, $limit_sql);
$agents = db_get_all_rows_sql($sql);
break;
case "oracle":
$set = array();
if(isset($offset) && isset($limit)) {
$set['limit'] = $limit;
$set['offset'] = $offset;
}
$agents = oracle_recode_query ($sql, $set, 'AND', false);
break;
}
return $agents;
return db_get_all_rows_sql($sql);
}
/**
@ -745,7 +770,6 @@ function agents_common_modules ($id_agent, $filter = false, $indexed = true, $ge
function agents_get_group_agents ($id_group = 0, $search = false, $case = "lower", $noACL = false, $childGroups = false) {
global $config;
if (!$noACL) {
$id_group = groups_safe_acl($config["id_user"], $id_group, "AR");
@ -768,13 +792,13 @@ function agents_get_group_agents ($id_group = 0, $search = false, $case = "lower
}
if (is_array($id_group)) {
$search_sql = sprintf ('WHERE id_grupo IN (%s)', implode (",", $id_group));
$search_sql = sprintf ('id_grupo IN (%s)', implode (",", $id_group));
}
else if ($id_group == 0) { //All group
$search_sql = 'WHERE 1 = 1';
$search_sql = '1 = 1';
}
else {
$search_sql = sprintf ('WHERE id_grupo = %d', $id_group);
$search_sql = sprintf ('id_grupo = %d', $id_group);
}
@ -831,27 +855,27 @@ function agents_get_group_agents ($id_group = 0, $search = false, $case = "lower
$search_sql .= ' AND disabled = 0';
}
//Add enterprise function to add other enterprise ACL.
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$operator = 'AND';
if (empty($search_sql))
$operator = '';
$search_sql .= subquery_acl_enterprise($operator);
enterprise_include_once ('include/functions_policies.php');
$extra_sql = enterprise_hook('policies_get_agents_sql_condition');
if ($extra_sql === ENTERPRISE_NOT_HOOK) {
$extra_sql = '';
}else if ($extra_sql != '') {
$extra_sql .= ' OR ';
}
switch ($config["dbtype"]) {
case "mysql":
case "postgresql":
$sql = sprintf ("SELECT id_agente, nombre FROM tagente %s ORDER BY nombre", $search_sql);
$sql = sprintf ("SELECT id_agente, nombre FROM tagente WHERE %s (%s) ORDER BY nombre", $extra_sql, $search_sql);
break;
case "oracle":
$sql = sprintf ("SELECT id_agente, nombre FROM tagente %s ORDER BY dbms_lob.substr(nombre,4000,1)", $search_sql);
$sql = sprintf ("SELECT id_agente, nombre FROM tagente WHERE %s (%s) ORDER BY dbms_lob.substr(nombre,4000,1)", $extra_sql, $search_sql);
break;
}
$result = db_get_all_rows_sql ($sql);
if ($result === false)
return array (); //Return an empty array
@ -902,11 +926,6 @@ function agents_get_group_agents ($id_group = 0, $search = false, $case = "lower
function agents_get_modules ($id_agent = null, $details = false, $filter = false, $indexed = true, $get_not_init_modules = true) {
global $config;
$subquery_enterprise = '';
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$subquery_enterprise = subquery_acl_enterprise();
}
if ($id_agent === null) {
//Extract the agents of group user.
$groups = users_get_groups(false, 'AR', false);
@ -933,6 +952,13 @@ function agents_get_modules ($id_agent = null, $details = false, $filter = false
$id_agent = safe_int ($id_agent, 1);
$extra_sql = enterprise_hook('policies_get_modules_sql_condition', (array)$id_agent);
if ($extra_sql === ENTERPRISE_NOT_HOOK) {
$extra_sql = '';
}else if ($extra_sql != '') {
$extra_sql .= ' OR ';
}
$userGroups = users_get_groups($config['id_user'], 'AR', false);
if(empty($userGroups)) {
@ -941,7 +967,7 @@ function agents_get_modules ($id_agent = null, $details = false, $filter = false
$id_userGroups = array_keys($userGroups);
$where = " WHERE (
$where = "(
1 = (
SELECT is_admin
FROM tusuario
@ -1072,31 +1098,33 @@ function agents_get_modules ($id_agent = null, $details = false, $filter = false
else
$details = io_safe_input ($details);
}
$where .= " AND id_policy_module = 0 ";
switch ($config["dbtype"]) {
case "mysql":
case "postgresql":
$sql = sprintf ('SELECT %s%s
FROM tagente_modulo
%s %s
FROM tagente_modulo WHERE
%s (%s)
ORDER BY nombre',
($details != '*' && $indexed) ? 'id_agente_modulo,' : '',
io_safe_output(implode (",", (array) $details)),
$where,
$subquery_enterprise);
$extra_sql,
$where);
break;
case "oracle":
$sql = sprintf ('SELECT %s%s
FROM tagente_modulo
%s %s
FROM tagente_modulo WHERE
%s (%s)
ORDER BY dbms_lob.substr(nombre, 4000, 1)',
($details != '*' && $indexed) ? 'id_agente_modulo,' : '',
io_safe_output(implode (",", (array) $details)),
$where,
$subquery_enterprise);
$extra_sql,
$where);
break;
}
$result = db_get_all_rows_sql ($sql);
if (empty ($result)) {

1
pandora_console/include/functions_api.php
View File

@ -145,7 +145,6 @@ function array_apply_io_safe_output($item) {
*/
function isInACL($ip) {
global $config;
//If set * in the list ACL return true
if(in_array('*', $config['list_ACL_IPs_for_API']))
return true;

12
pandora_console/operation/agentes/alerts_status.php
View File

@ -55,7 +55,13 @@ if ($idAgent != 0) {
$id_group = agents_get_agent_group ($idAgent);
if (check_acl ($config["id_user"], $id_group, "AR") == 0) {
$is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente));
if($is_extra === ENTERPRISE_NOT_HOOK) {
$is_extra = false;
}
if (!check_acl ($config["id_user"], $id_group, "AR") && !$is_extra) {
db_pandora_audit("ACL Violation","Trying to access alert view");
require ("general/noaccess.php");
exit;
@ -370,10 +376,6 @@ $table->data = array ();
$rowPair = true;
$iterator = 0;
foreach ($alerts['alerts_simple'] as $alert) {
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
if (!alert_in_acl_enterprise($alert['id'])) continue;
}
if ($rowPair)
$table->rowclass[$iterator] = 'rowPair';
else

1
pandora_console/operation/agentes/estado_agente.php
View File

@ -270,6 +270,7 @@ else {
$total_agents = 0;
$agents = false;
if (! empty ($agent_names)) {
$total_agents = agents_get_agents(array ('id_agente' => array_keys ($agent_names),
'order' => 'nombre ASC',

8
pandora_console/operation/agentes/estado_generalagente.php
View File

@ -37,7 +37,13 @@ if ($agent === false) {
return;
}
if (! check_acl ($config["id_user"], $agent["id_grupo"], "AR")) {
$is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente));
if($is_extra === ENTERPRISE_NOT_HOOK) {
$is_extra = false;
}
if (! check_acl ($config["id_user"], $agent["id_grupo"], "AR") && !$is_extra) {
db_pandora_audit("ACL Violation",
"Trying to access Agent General Information");
require_once ("general/noaccess.php");

4
pandora_console/operation/agentes/estado_monitores.php
View File

@ -238,10 +238,6 @@ $table->align = array("left","left","center","left","left","center");
$last_modulegroup = 0;
$rowIndex = 0;
foreach ($modules as $module) {
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
if (!module_in_acl_enterprise($module['id_agente_modulo'])) continue;
}
//The code add the row of 1 cell with title of group for to be more organice the list.
if ($module["id_module_group"] != $last_modulegroup)

88
pandora_console/operation/agentes/estado_ultimopaquete.php
View File

@ -20,7 +20,7 @@ check_login();
if (isset($_GET["id_agente"])){
$id_agente = $_GET["id_agente"];
}
include_once($config['homedir'] . "/include/functions_modules.php");
// View last data packet
@ -174,22 +174,73 @@ switch ($sortField) {
break;
}
$modules = db_get_all_rows_filter ('tagente_modulo, tagente_estado',
array ('tagente_modulo.id_agente_modulo = tagente_estado.id_agente_modulo',
'disabled' => 0,
'tagente_estado.utimestamp != 0',
'tagente_modulo.id_agente = '.$id_agente,
'order' => $order,
'offset' => (int) get_parameter ('offset'),
'limit' => (int) $config['block_size']));
$total_modules = db_get_all_rows_filter ('tagente_modulo',
array ('delete_pending' => 0,
'id_agente' => $id_agente,
'order' => $order),
array ('count(*) total'));
// Get the enterprise acl sql condition
$extra_sql = enterprise_hook('policies_get_modules_sql_condition', array($id_agente));
if($extra_sql == ENTERPRISE_NOT_HOOK) {
$extra_sql = '';
}
else if ($extra_sql != '') {
$extra_sql .= ' OR ';
}
$total_modules = isset ($total_modules[0]['total']) ? $total_modules[0]['total'] : 0;
// Build the order sql
if(!empty($order)) {
$order_sql = ' ORDER BY ';
}
$first = true;
foreach($order as $ord) {
if($first) {
$first = false;
}
else {
$order_sql .= ',';
}
$order_sql .= $ord['field'].' '.$ord['order'];
}
// Get limit and offset parameters
$limit = (int) $config["block_size"];
$offset = (int) get_parameter ('offset');
$params = implode(',', array ('*'));
$is_extra_sql = (int)$is_extra;
$where = sprintf("(tagente_modulo.id_policy_module = 0 AND disabled = 0 AND tagente_estado.utimestamp !=0 AND tagente_modulo.id_agente = %s AND delete_pending = 0)", $id_agente);
$basic_where = " tagente_modulo.id_agente_modulo = tagente_estado.id_agente_modulo AND ";
switch ($config["dbtype"]) {
case "postgresql":
$limit_sql = " LIMIT $limit OFFSET $offset ";
case "mysql":
if(!isset($limit_sql)) {
$limit_sql = " LIMIT $offset, $limit ";
}
$order[] = array('field' => 'tagente_modulo.nombre', 'order' => 'ASC');
$sql = sprintf("SELECT %s FROM tagente_modulo, tagente_estado WHERE %s (%s %s) %s %s",
$params, $basic_where, $extra_sql, $where, $order_sql, $limit_sql);
$modules = db_get_all_rows_sql($sql);
break;
case "oracle":
$order[] = array('field' => 'dbms_lob.substr(tagente_modulo.nombre,4000,1)', 'order' => 'ASC');
$set = array();
$set['limit'] = $limit;
$set['offset'] = $offset;
$sql = sprintf("SELECT %s FROM tagente_modulo, tagente_estado WHERE %s (%s %s) %s",
$params, $basic_where, $extra_sql, $where, $order_sql);
$modules = oracle_recode_query ($sql, $set, 'AND', false);
break;
}
$sql_total_modules = sprintf("SELECT count(*) FROM tagente_modulo, tagente_estado WHERE %s (%s %s)", $basic_where, $extra_sql, $where);
$total_modules = db_get_value_sql($sql_total_modules);
$total_modules = isset ($total_modules) ? $total_modules : 0;
if ($modules === false) {
echo "<div class='nf'>".__('This agent doesn\'t have any module')."</div>";
@ -233,11 +284,6 @@ $texto=''; $last_modulegroup = 0;
$color = 1;
$write = check_acl ($config['id_user'], $agent['id_grupo'], "AW");
foreach ($modules as $module) {
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
if (!module_in_acl_enterprise($module['id_agente_modulo'])) continue;
}
// Calculate table line color
if ($color == 1){
$tdcolor = "datos";

38
pandora_console/operation/agentes/status_monitor.php
View File

@ -28,20 +28,16 @@ if (! check_acl ($config['id_user'], 0, "AR") && ! check_acl ($config['id_user']
return;
}
require_once($config['homedir'] . "/include/functions_agents.php");
require_once($config['homedir'] . "/include/functions_modules.php");
require_once($config['homedir'] . '/include/functions_agents.php');
require_once($config['homedir'] . '/include/functions_modules.php');
require_once($config['homedir'] . '/include/functions_users.php');
enterprise_include_once ('include/functions_policies.php');
$isFunctionPolicies = enterprise_include_once ('include/functions_policies.php');
//Add the subquery for the ACL enterprise
if (ENTERPRISE_NOT_HOOK !== $isFunctionPolicies) {
$subquery_enterprise = subquery_acl_enterprise();
$subquery_enterprise2 = subquery_acl_enterprise('AND', 'tagente.id_agente');
}
else {
$subquery_enterprise = '';
$subquery_enterprise2 = '';
$extra_sql = enterprise_hook('policies_get_agents_sql_condition');
if ($extra_sql === ENTERPRISE_NOT_HOOK) {
$extra_sql = '';
}else if ($extra_sql != '') {
$extra_sql .= ' OR ';
}
ui_print_page_header ("Monitor detail", "images/brick.png", false);
@ -112,12 +108,14 @@ switch ($config["dbtype"]) {
$sql = ' SELECT distinct(nombre)
FROM tagente_modulo
WHERE nombre <> \'delete_pending\' ' . $subquery_enterprise . ' AND id_agente IN
WHERE nombre <> \'delete_pending\' AND id_agente IN
(
SELECT id_agente
FROM tagente
WHERE';
$sql .= $extra_sql.'(';
if ($flag_is_admin || $flag_all_group) {
$sql .= ' 1 = 1 ';
}
@ -130,7 +128,7 @@ switch ($config["dbtype"]) {
}
}
$sql .= ')';
$sql .= '))';
break;
case "oracle":
$profiles = db_get_all_rows_sql('SELECT id_grupo
@ -154,12 +152,14 @@ switch ($config["dbtype"]) {
$sql = ' SELECT distinct dbms_lob.substr(nombre,4000,1) as nombre
FROM tagente_modulo
WHERE dbms_lob.substr(nombre,4000,1) <> \'delete_pending\' ' . $subquery_enterprise . ' AND id_agente IN
WHERE dbms_lob.substr(nombre,4000,1) <> \'delete_pending\' AND id_agente IN
(
SELECT id_agente
FROM tagente
WHERE';
$sql .= $extra_sql.'(';
if ($flag_is_admin || $flag_all_group) {
$sql .= ' 1 = 1 ';
}
@ -172,7 +172,7 @@ switch ($config["dbtype"]) {
}
}
$sql .= ')';
$sql .= '))';
break;
}
@ -195,10 +195,10 @@ echo "</form>";
// Begin Build SQL sentences
$sql = " FROM tagente, tagente_modulo, tagente_estado
WHERE tagente.id_agente = tagente_modulo.id_agente
WHERE $sql_extra (tagente.id_agente = tagente_modulo.id_agente
AND tagente_modulo.disabled = 0
AND tagente.disabled = 0
AND tagente_estado.id_agente_modulo = tagente_modulo.id_agente_modulo" . $subquery_enterprise2 ;
AND tagente_estado.id_agente_modulo = tagente_modulo.id_agente_modulo";
// Agent group selector
if ($ag_group > 0 && check_acl ($config["id_user"], $ag_group, "AR")) {
@ -245,7 +245,7 @@ elseif ($status == 5) { //Not init
$sql .= " AND tagente_estado.utimestamp = 0 AND tagente_modulo.id_tipo_modulo NOT IN (21,22,23,100)";
}
$sql .= " ORDER BY tagente.id_grupo, tagente.nombre";
$sql .= ") ORDER BY tagente.id_grupo, tagente.nombre";
// Build final SQL sentences
$count = db_get_sql ("SELECT COUNT(tagente_modulo.id_agente_modulo)".$sql);

27
pandora_console/operation/agentes/ver_agente.php
View File

@ -17,10 +17,10 @@
// Load global vars
global $config;
require_once ("include/functions_gis.php");
require_once($config['homedir'] . "/include/functions_agents.php");
require_once($config['homedir'] . "/include/functions_groups.php");
require_once($config['homedir'] . "/include/functions_modules.php");
require_once ('include/functions_gis.php');
require_once($config['homedir'] . '/include/functions_agents.php');
require_once($config['homedir'] . '/include/functions_groups.php');
require_once($config['homedir'] . '/include/functions_modules.php');
require_once($config['homedir'] . '/include/functions_users.php');
enterprise_include_once ('include/functions_metaconsole.php');
@ -443,7 +443,14 @@ if (empty ($id_agente)) {
$agent = db_get_row ('tagente', 'id_agente', $id_agente);
// get group for this id_agente
$id_grupo = $agent['id_grupo'];
if (! check_acl ($config['id_user'], $id_grupo, "AR", $id_agente)) {
$is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente));
if($is_extra === ENTERPRISE_NOT_HOOK) {
$is_extra = false;
}
if (! check_acl ($config['id_user'], $id_grupo, "AR", $id_agente) && !$is_extra) {
db_pandora_audit("ACL Violation",
"Trying to access (read) to agent ".agents_get_name($id_agente));
include ("general/noaccess.php");
@ -481,7 +488,7 @@ $tab = get_parameter ("tab", "main");
$managetab = "";
if (check_acl ($config['id_user'],$id_grupo, "AW")) {
if (check_acl ($config['id_user'],$id_grupo, "AW") || $is_extra) {
$managetab['text'] ='<a href="index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&id_agente='.$id_agente.'">'
. html_print_image("images/setup.png", true, array ("title" => __('Manage')))
. '</a>';
@ -705,13 +712,13 @@ switch ($tab) {
require ("alerts_status.php");
break;
case "inventory":
enterprise_include ('operation/agentes/agent_inventory.php');
enterprise_include ("operation/agentes/agent_inventory.php");
break;
case "collection":
enterprise_include ('operation/agentes/collection_view.php');
enterprise_include ("operation/agentes/collection_view.php");
break;
case 'policy':
enterprise_include ('operation/agentes/policy_view.php');
case "policy":
enterprise_include ("operation/agentes/policy_view.php");
break;
case "graphs";
require("operation/agentes/graphs.php");

26
pandora_console/operation/search_agents.php
View File

@ -16,10 +16,14 @@
global $config;
enterprise_include_once('include/functions_policies.php');
require_once ($config['homedir'].'/include/functions_users.php');
$subquery_enterprise = '';
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$subquery_enterprise = subquery_acl_enterprise();
$extra_sql = enterprise_hook('policies_get_agents_sql_condition');
if ($extra_sql === ENTERPRISE_NOT_HOOK) {
$extra_sql = '';
}else if ($extra_sql != '') {
$extra_sql .= ' OR ';
}
$searchAgents = check_acl($config['id_user'], 0, "AR");
@ -130,8 +134,9 @@ if ($searchAgents) {
)
OR t1.id_grupo IN (
" . implode(',', $id_userGroups) . "
)
OR 0 IN (
) OR " .
$extra_sql .
" 0 IN (
SELECT id_grupo
FROM tusuario_perfil
WHERE id_usuario = '" . $config['id_user'] . "'
@ -145,7 +150,7 @@ if ($searchAgents) {
t1.nombre COLLATE utf8_general_ci LIKE '%%" . $stringSearchSQL . "%%' OR
t2.nombre COLLATE utf8_general_ci LIKE '%%" . $stringSearchSQL . "%%'
)
" . $subquery_enterprise;
";
break;
case "postgresql":
case "oracle":
@ -161,8 +166,9 @@ if ($searchAgents) {
)
OR t1.id_grupo IN (
" . implode(',', $id_userGroups) . "
)
OR 0 IN (
) OR " .
$extra_sql .
" 0 IN (
SELECT id_grupo
FROM tusuario_perfil
WHERE id_usuario = '" . $config['id_user'] . "'
@ -176,10 +182,10 @@ if ($searchAgents) {
t1.nombre LIKE '%%" . $stringSearchSQL . "%%' OR
t2.nombre LIKE '%%" . $stringSearchSQL . "%%'
)
" . $subquery_enterprise;
";
break;
}
$select =
"SELECT t1.id_agente, t1.ultimo_contacto, t1.nombre, t1.id_os, t1.intervalo, t1.id_grupo, t1.disabled";
$limit = " ORDER BY " . $order['field'] . " " . $order['order'] .

15
pandora_console/operation/search_alerts.php
View File

@ -17,13 +17,16 @@
global $config;
include_once('include/functions_alerts.php');
enterprise_include_once('include/functions_policies.php')
include_once($config['homedir'] . "/include/functions_agents.php");
include_once($config['homedir'] . "/include/functions_modules.php");
$subquery_enterprise = '';
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$subquery_enterprise = subquery_acl_enterprise();
}
$extra_sql = enterprise_hook('policies_get_agents_sql_condition');
if ($extra_sql === ENTERPRISE_NOT_HOOK) {
$extra_sql = '';
}else if ($extra_sql != '') {
$extra_sql .= ' OR ';
}
$searchAlerts = check_acl($config['id_user'], 0, "AR");
@ -132,7 +135,7 @@ if($searchAlerts) {
WHERE id_agente IN (
SELECT id_agente
FROM tagente
WHERE nombre LIKE "%' . $stringSearchSQL . '%" ' . $subquery_enterprise . '))
WHERE nombre LIKE "%' . $stringSearchSQL . '%" ' . $extra_sql . '))
)';
break;
case "postgresql":
@ -163,7 +166,7 @@ if($searchAlerts) {
WHERE id_agente IN (
SELECT id_agente
FROM tagente
WHERE nombre LIKE \'%' . $stringSearchSQL . '%\' ' . $subquery_enterprise . '))
WHERE nombre LIKE \'%' . $stringSearchSQL . '%\' ' . $extra_sql . '))
)';
break;
}

14
pandora_console/operation/search_modules.php
View File

@ -16,11 +16,15 @@
global $config;
enterprise_include_once('include/functions_policies.php');
include_once($config['homedir'] . "/include/functions_modules.php");
include_once($config['homedir'] . '/include/functions_users.php');
$subquery_enterprise = '';
if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) {
$subquery_enterprise = subquery_acl_enterprise('', 't1.id_agente', 'AND');
$extra_sql = enterprise_hook('policies_get_agents_sql_condition', array('t2.'));
if ($extra_sql === ENTERPRISE_NOT_HOOK) {
$extra_sql = '';
}else if ($extra_sql != '') {
$extra_sql .= ' OR ';
}
$searchModules = check_acl($config['id_user'], 0, "AR");
@ -77,7 +81,7 @@ if ($searchModules) {
ON t3.id_grupo = t2.id_grupo
INNER JOIN tagente_estado AS t4
ON t4.id_agente_modulo = t1.id_agente_modulo
WHERE ' . $subquery_enterprise . ' (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
WHERE ('.$extra_sql.'t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
OR 0 IN (
SELECT id_grupo
FROM tusuario_perfil
@ -100,7 +104,7 @@ if ($searchModules) {
ON t3.id_grupo = t2.id_grupo
INNER JOIN tagente_estado AS t4
ON t4.id_agente_modulo = t1.id_agente_modulo
WHERE ' . $subquery_enterprise . ' (t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
WHERE ('.$extra_sql.'t2.id_grupo IN (' . implode(',', $id_userGroups) . ')
OR 0 IN (
SELECT id_grupo
FROM tusuario_perfil