From 3956fb1d2f4342ba0926f53160e1e6296f3bb25a Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Thu, 1 Oct 2020 17:39:34 +0200 Subject: [PATCH 001/117] implemented new server file editor --- .../godmode/servers/modificar_server.php | 35 ++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/pandora_console/godmode/servers/modificar_server.php b/pandora_console/godmode/servers/modificar_server.php index 9062eab0a4..3b07e4a528 100644 --- a/pandora_console/godmode/servers/modificar_server.php +++ b/pandora_console/godmode/servers/modificar_server.php @@ -101,7 +101,40 @@ if (isset($_GET['server'])) { // Headers. $id_server = get_parameter_get('server_remote'); $ext = get_parameter('ext', ''); - ui_print_page_header(__('Remote Configuration'), 'images/gm_servers.png', false, 'servers', true); + $tab = get_parameter('tab', 'standard_editor'); + $advanced_editor = true; + + $server_type = (int) db_get_value( + 'server_type', + 'tserver', + 'id_server', + $id_server + ); + + $buttons = ''; + + if ($server_type !== 13) { + // Buttons. + $buttons = [ + 'standard_editor' => [ + 'active' => false, + 'text' => ''.html_print_image('images/list.png', true, ['title' => __('Standard editor')]).'', + ], + 'advanced_editor' => [ + 'active' => false, + 'text' => ''.html_print_image('images/pen.png', true, ['title' => __('Advanced editor')]).'', + ], + ]; + + $buttons[$tab]['active'] = true; + } + + ui_print_page_header(__('Remote Configuration'), 'images/gm_servers.png', false, 'servers', true, $buttons); + + if ($server_type !== 13 && $tab == 'standard_editor') { + $advanced_editor = false; + } + enterprise_include('godmode/servers/server_disk_conf_editor.php'); } else { // Header. From def59508ae162be8540391cd9a6fbcf797385a8a Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Thu, 22 Oct 2020 12:00:44 +0200 Subject: [PATCH 002/117] changed behavior of all group acl check and fixed acl vulnerabilities --- .../agentes/planned_downtime.editor.php | 40 +++++++++--- .../godmode/agentes/planned_downtime.list.php | 38 ++++++++--- .../godmode/alerts/alert_actions.php | 39 ++++++++++- .../godmode/alerts/configure_alert_action.php | 17 ++++- .../godmode/events/event_edit_filter.php | 18 ++++- .../godmode/events/event_filter.php | 33 +++++++++- .../godmode/events/event_responses.editor.php | 18 ++++- .../godmode/events/event_responses.list.php | 4 ++ .../godmode/gis_maps/configure_gis_map.php | 8 +++ pandora_console/godmode/netflow/nf_edit.php | 35 ++++++++-- .../godmode/reporting/graph_builder.main.php | 12 +++- .../godmode/reporting/graph_builder.php | 14 ++++ pandora_console/godmode/reporting/graphs.php | 15 +++-- .../godmode/reporting/map_builder.php | 10 +-- .../reporting/reporting_builder.main.php | 8 ++- .../godmode/reporting/reporting_builder.php | 28 ++++++-- .../reporting/visual_console_builder.data.php | 9 ++- .../reporting/visual_console_builder.php | 8 +-- .../include/class/CredentialStore.class.php | 25 ++++++- pandora_console/include/functions.php | 65 +++++++++++++++++++ pandora_console/include/functions_events.php | 8 ++- pandora_console/include/functions_users.php | 7 +- .../include/lib/Dashboard/Manager.php | 2 + .../agentes/pandora_networkmap.editor.php | 18 ++++- .../operation/agentes/pandora_networkmap.php | 30 +++++---- .../operation/gis_maps/gis_map.php | 6 +- .../operation/reporting/graph_viewer.php | 13 +++- .../operation/reporting/reporting_viewer.php | 11 +++- .../operation/visual_console/legacy_view.php | 6 +- .../operation/visual_console/view.php | 6 +- .../views/dashboard/formDashboard.php | 17 +++-- pandora_console/views/dashboard/header.php | 4 +- pandora_console/views/dashboard/list.php | 5 ++ 33 files changed, 483 insertions(+), 94 deletions(-) diff --git a/pandora_console/godmode/agentes/planned_downtime.editor.php b/pandora_console/godmode/agentes/planned_downtime.editor.php index b3e7029dbd..a26405aa2c 100644 --- a/pandora_console/godmode/agentes/planned_downtime.editor.php +++ b/pandora_console/godmode/agentes/planned_downtime.editor.php @@ -143,16 +143,29 @@ $user_groups_ad = array_keys( users_get_groups($config['id_user'], $access) ); +// Check AD permission on downtime. +$downtime_group = db_get_value( + 'id_group', + 'tplanned_downtime', + 'id', + $id_downtime +); + +if ($id_downtime > 0) { + if (!check_acl_restricted_all($config['id_user'], $downtime_group, 'AW') + && !check_acl_restricted_all($config['id_user'], $downtime_group, 'AD') + ) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access downtime scheduler' + ); + include 'general/noaccess.php'; + return; + } +} + // INSERT A NEW DOWNTIME_AGENT ASSOCIATION. if ($insert_downtime_agent === 1) { - // Check AD permission on downtime. - $downtime_group = db_get_value( - 'id_group', - 'tplanned_downtime', - 'id', - $id_downtime - ); - if ($downtime_group === false || !in_array($downtime_group, $user_groups_ad) ) { @@ -644,11 +657,20 @@ $table->data[0][1] = html_print_input_text( true, $disabled_in_execution ); + +$return_all_group = false; + +if (users_can_manage_group_all('AW') === true + || users_can_manage_group_all('AD') === true +) { + $return_all_group = true; +} + $table->data[1][0] = __('Group'); $table->data[1][1] = '
'.html_print_select_groups( false, $access, - true, + $return_all_group, 'id_group', $id_group, '', diff --git a/pandora_console/godmode/agentes/planned_downtime.list.php b/pandora_console/godmode/agentes/planned_downtime.list.php index acfa2a9039..c48e9a71d4 100755 --- a/pandora_console/godmode/agentes/planned_downtime.list.php +++ b/pandora_console/godmode/agentes/planned_downtime.list.php @@ -476,22 +476,42 @@ else { if (in_array($downtime['id_group'], $groupsAD)) { // Stop button if ($downtime['type_execution'] == 'once' && $downtime['executed'] == 1) { - $data['stop'] = ''.html_print_image('images/cancel.png', true, ['title' => __('Stop downtime')]); + if (check_acl_restricted_all($config['id_user'], $downtime['id_group'], 'AW') + || check_acl_restricted_all($config['id_user'], $downtime['id_group'], 'AD') + ) { + $data['stop'] = ''.html_print_image('images/cancel.png', true, ['title' => __('Stop downtime')]); + } else { + $data['stop'] = html_print_image('images/cancel.png', true, ['title' => __('Stop downtime')]); + } } else { $data['stop'] = ''; } // Edit & delete buttons. if ($downtime['executed'] == 0) { - // Edit. - $data['edit'] = ''.html_print_image('images/config.png', true, ['title' => __('Update')]).''; - // Delete. - $data['delete'] = ''.html_print_image('images/cross.png', true, ['title' => __('Delete')]); + if (check_acl_restricted_all($config['id_user'], $downtime['id_group'], 'AW') + || check_acl_restricted_all($config['id_user'], $downtime['id_group'], 'AD') + ) { + // Edit. + $data['edit'] = ''.html_print_image('images/config.png', true, ['title' => __('Update')]).''; + // Delete. + $data['delete'] = ''.html_print_image('images/cross.png', true, ['title' => __('Delete')]); + } else { + $data['edit'] = ''; + $data['delete'] = ''; + } } else if ($downtime['executed'] == 1 && $downtime['type_execution'] == 'once') { - // Edit. - $data['edit'] = ''.html_print_image('images/config.png', true, ['title' => __('Update')]).''; - // Delete. - $data['delete'] = __('N/A'); + if (check_acl_restricted_all($config['id_user'], $downtime['id_group'], 'AW') + || check_acl_restricted_all($config['id_user'], $downtime['id_group'], 'AD') + ) { + // Edit. + $data['edit'] = ''.html_print_image('images/config.png', true, ['title' => __('Update')]).''; + // Delete. + $data['delete'] = __('N/A'); + } else { + $data['edit'] = ''; + $data['delete'] = ''; + } } else { $data['edit'] = ''; $data['delete'] = ''; diff --git a/pandora_console/godmode/alerts/alert_actions.php b/pandora_console/godmode/alerts/alert_actions.php index 70f4c46713..6e3f1c1f42 100644 --- a/pandora_console/godmode/alerts/alert_actions.php +++ b/pandora_console/godmode/alerts/alert_actions.php @@ -77,6 +77,15 @@ if ($copy_action) { $al_action = alerts_get_alert_action($id); + if (!check_acl_restricted_all($config['id_user'], $al_action['id_group'], 'LM')) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access Alert Management' + ); + include 'general/noaccess.php'; + exit; + } + if ($al_action !== false) { // If user tries to copy an action with group=ALL. if ($al_action['id_group'] == 0) { @@ -144,6 +153,15 @@ if ($delete_action) { $al_action = alerts_get_alert_action($id); + if (!check_acl_restricted_all($config['id_user'], $al_action['id_group'], 'LM')) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access Alert Management' + ); + include 'general/noaccess.php'; + exit; + } + if ($al_action !== false) { // If user tries to delete an action with group=ALL. if ($al_action['id_group'] == 0) { @@ -236,11 +254,18 @@ $table_filter->data[0][1] = html_print_input_text( 255, true ); + +$return_all_group = false; + +if (users_can_manage_group_all('LM') === true) { + $return_all_group = true; +} + $table_filter->data[0][2] = __('Group'); $table_filter->data[0][3] = html_print_select_groups( $config['id_user'], 'LM', - true, + $return_all_group, 'group_search', $group_search, '', @@ -370,7 +395,12 @@ foreach ($actions as $action) { $data = []; - $data[0] = ''.$action['name'].''; + if (check_acl_restricted_all($config['id_user'], $action['id_group'], 'LM')) { + $data[0] = ''.$action['name'].''; + } else { + $data[0] = $action['name']; + } + $data[1] = $action['command_name']; $data[2] = ui_print_group_icon($action['id_group'], true).' '; if (!alerts_validate_command_to_action($action['id_group'], $action['command_group'])) { @@ -384,8 +414,11 @@ foreach ($actions as $action) { ); } + $data[3] = ''; + $data[4] = ''; + if (is_central_policies_on_node() === false - && check_acl($config['id_user'], $action['id_group'], 'LM') + && check_acl_restricted_all($config['id_user'], $action['id_group'], 'LM') ) { $table->cellclass[] = [ 3 => 'action_buttons', diff --git a/pandora_console/godmode/alerts/configure_alert_action.php b/pandora_console/godmode/alerts/configure_alert_action.php index 4d49cdd22b..02d86b0d0e 100644 --- a/pandora_console/godmode/alerts/configure_alert_action.php +++ b/pandora_console/godmode/alerts/configure_alert_action.php @@ -101,6 +101,15 @@ if ($id) { $group = $action['id_group']; $action_threshold = $action['action_threshold']; + + if (!check_acl_restricted_all($config['id_user'], $action['id_group'], 'LM')) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access Alert Management' + ); + include 'general/noaccess.php'; + exit; + } } // Hidden div with help hint to fill with javascript. @@ -168,10 +177,16 @@ $table->data[1][0] = __('Group'); $own_info = get_user_info($config['id_user']); +$return_all_group = false; + +if (users_can_manage_group_all('LW') === true) { + $return_all_group = true; +} + $table->data[1][1] = '
'.html_print_select_groups( false, 'LW', - true, + $return_all_group, 'group', $group, '', diff --git a/pandora_console/godmode/events/event_edit_filter.php b/pandora_console/godmode/events/event_edit_filter.php index 56201e3a28..4ae9b2e78c 100644 --- a/pandora_console/godmode/events/event_edit_filter.php +++ b/pandora_console/godmode/events/event_edit_filter.php @@ -40,7 +40,15 @@ $strict_user = db_get_value( ); if ($id) { - $permission = events_check_event_filter_group($id); + $restrict_all_group = false; + + if (!users_can_manage_group_all('EW') === true + && !users_can_manage_group_all('EM') === true + ) { + $restrict_all_group = true; + } + + $permission = events_check_event_filter_group($id, $restrict_all_group); if (!$permission) { // User doesn't have permissions to see this filter include 'general/noaccess.php'; @@ -262,12 +270,18 @@ $table->data[1][1] = '
'.html_print_select_groups( $strict_user ).'
'; +$return_all_group = false; + +if (users_can_manage_group_all('AR') === true) { + $return_all_group = true; +} + $table->data[2][0] = ''.__('Group').''; $display_all_group = (users_is_admin() || users_can_manage_group_all('AR')); $table->data[2][1] = '
'.html_print_select_groups( $config['id_user'], 'AR', - $display_all_group, + $return_all_group, 'id_group', $id_group, '', diff --git a/pandora_console/godmode/events/event_filter.php b/pandora_console/godmode/events/event_filter.php index c9c3f7f226..357a745cb6 100644 --- a/pandora_console/godmode/events/event_filter.php +++ b/pandora_console/godmode/events/event_filter.php @@ -35,6 +35,19 @@ $multiple_delete = (bool) get_parameter('multiple_delete', 0); if ($delete) { $id = (int) get_parameter('id'); + $filter_group = (int) db_get_value('id_group', 'tevent_filter', 'id_filter', $id); + + if (!check_acl_restricted_all($config['id_user'], $filter_group, 'EW') + && !check_acl_restricted_all($config['id_user'], $filter_group, 'EM') + ) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access events filter editor' + ); + include 'general/noaccess.php'; + return; + } + $id_filter = db_get_value('id_filter', 'tevent_filter', 'id_filter', $id); if ($id_filter === false) { @@ -151,13 +164,27 @@ foreach ($filters as $filter) { $data = []; $data[0] = html_print_checkbox_extended('delete_multiple[]', $filter['id_filter'], false, false, '', 'class="check_delete"', true); - $data[1] = ''.$filter['id_name'].''; + + if (!check_acl_restricted_all($config['id_user'], $filter['id_group'], 'EW') + && !check_acl_restricted_all($config['id_user'], $filter['id_group'], 'EM') + ) { + $data[1] = $filter['id_name']; + } else { + $data[1] = ''.$filter['id_name'].''; + } + $data[2] = ui_print_group_icon($filter['id_group_filter'], true); $data[3] = events_get_event_types($filter['event_type']); $data[4] = events_get_status($filter['status']); $data[5] = events_get_severity_types($filter['severity']); - $table->cellclass[][6] = 'action_buttons'; - $data[6] = "".html_print_image('images/cross.png', true, ['title' => __('Delete')]).''; + $data[6] = ''; + + if (check_acl_restricted_all($config['id_user'], $filter['id_group'], 'EW') + || check_acl_restricted_all($config['id_user'], $filter['id_group'], 'EM') + ) { + $table->cellclass[][6] = 'action_buttons'; + $data[6] = "".html_print_image('images/cross.png', true, ['title' => __('Delete')]).''; + } array_push($table->data, $data); } diff --git a/pandora_console/godmode/events/event_responses.editor.php b/pandora_console/godmode/events/event_responses.editor.php index 80ca390b51..7ed046a8cb 100644 --- a/pandora_console/godmode/events/event_responses.editor.php +++ b/pandora_console/godmode/events/event_responses.editor.php @@ -39,6 +39,16 @@ $event_response_id = get_parameter('id_response', 0); if ($event_response_id > 0) { $event_response = db_get_row('tevent_response', 'id', $event_response_id); + + // ACL check for event response edition. + if (!check_acl_restricted_all($config['id_user'], $event_response['id_group'], 'PM')) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access Group Management' + ); + include 'general/noaccess.php'; + return; + } } else { $event_response = []; $event_response['name'] = ''; @@ -84,8 +94,14 @@ $data[1] = html_print_input_text( ); $data[1] .= html_print_input_hidden('id_response', $event_response['id'], true); +$return_all_group = false; + +if (users_can_manage_group_all('PM') === true) { + $return_all_group = true; +} + $data[2] = __('Group'); -$data[3] = html_print_select_groups(false, 'PM', true, 'id_group', $event_response['id_group'], '', '', '', true); +$data[3] = html_print_select_groups(false, 'PM', $return_all_group, 'id_group', $event_response['id_group'], '', '', '', true); $table->data[0] = $data; $data = []; diff --git a/pandora_console/godmode/events/event_responses.list.php b/pandora_console/godmode/events/event_responses.list.php index f8e4de7357..7c4a52bb74 100644 --- a/pandora_console/godmode/events/event_responses.list.php +++ b/pandora_console/godmode/events/event_responses.list.php @@ -55,6 +55,10 @@ $table->head[3] = __('Actions'); $table->data = []; foreach ($event_responses as $response) { + if (!check_acl_restricted_all($config['id_user'], $response['id_group'], 'PM')) { + continue; + } + $data = []; $data[0] = ''.$response['name'].''; $data[1] = $response['description']; diff --git a/pandora_console/godmode/gis_maps/configure_gis_map.php b/pandora_console/godmode/gis_maps/configure_gis_map.php index a56e69dcb1..907786e6fd 100644 --- a/pandora_console/godmode/gis_maps/configure_gis_map.php +++ b/pandora_console/godmode/gis_maps/configure_gis_map.php @@ -30,6 +30,14 @@ require_once 'include/functions_gis.php'; $idMap = (int) get_parameter('map_id', 0); $action = get_parameter('action', 'new_map'); +$gis_map_group = db_get_value('group_id', 'tgis_map', 'id_tgis_map', $idMap); + +if (!check_acl_restricted_all($config['id_user'], $gis_map_group, 'MW') && !check_acl_restricted_all($config['id_user'], $gis_map_group, 'MW')) { + db_pandora_audit('ACL Violation', 'Trying to access map builder'); + include 'general/noaccess.php'; + return; +} + $sec2 = get_parameter_get('sec2'); $sec2 = safe_url_extraclean($sec2); diff --git a/pandora_console/godmode/netflow/nf_edit.php b/pandora_console/godmode/netflow/nf_edit.php index bb7a456a69..37e8f53431 100644 --- a/pandora_console/godmode/netflow/nf_edit.php +++ b/pandora_console/godmode/netflow/nf_edit.php @@ -68,6 +68,19 @@ $multiple_delete = (bool) get_parameter('multiple_delete', 0); $id = (int) get_parameter('id'); $name = (string) get_parameter('name'); +if ($id > 0) { + $filter_group = db_get_value('id_group', 'tnetflow_filter', 'id_sg', $id); + + if (!check_acl_restricted_all($config['id_user'], $filter_group, 'AW')) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access events filter editor' + ); + include 'general/noaccess.php'; + return; + } +} + if ($delete) { $id_filter = db_get_value('id_name', 'tnetflow_filter', 'id_sg', $id); $result = db_process_sql_delete( @@ -164,12 +177,24 @@ $total_filters = $total_filters[0]['total']; foreach ($filters as $filter) { $data = []; - $data[0] = html_print_checkbox_extended('delete_multiple[]', $filter['id_sg'], false, false, '', 'class="check_delete"', true); - $data[1] = ''.$filter['id_name'].''; + $data[0] = ''; + + if (check_acl_restricted_all($config['id_user'], $filter['id_group'], 'AW')) { + $data[0] = html_print_checkbox_extended('delete_multiple[]', $filter['id_sg'], false, false, '', 'class="check_delete"', true); + $data[1] = ''.$filter['id_name'].''; + } else { + $data[1] = $filter['id_name']; + } + + $data[2] = ui_print_group_icon($filter['id_group'], true, 'groups_small', '', !defined('METACONSOLE')); - $table->cellclass[][3] = 'action_buttons'; - $data[3] = "".html_print_image('images/cross.png', true, ['title' => __('Delete')]).''; + $data[3] = ''; + + if (check_acl_restricted_all($config['id_user'], $filter['id_group'], 'AW')) { + $table->cellclass[][3] = 'action_buttons'; + $data[3] = "".html_print_image('images/cross.png', true, ['title' => __('Delete')]).''; + } array_push($table->data, $data); } diff --git a/pandora_console/godmode/reporting/graph_builder.main.php b/pandora_console/godmode/reporting/graph_builder.main.php index d50a5d8b55..ea59795da7 100644 --- a/pandora_console/godmode/reporting/graph_builder.main.php +++ b/pandora_console/godmode/reporting/graph_builder.main.php @@ -132,12 +132,20 @@ $output .= '>'; $own_info = get_user_info($config['id_user']); +$return_all_group = true; + +if (users_can_manage_group_all('RW') === false + && users_can_manage_group_all('RM') === false +) { + $return_all_group = false; +} + $output .= ''.__('Group').''; if (check_acl($config['id_user'], 0, 'RW')) { $output .= html_print_select_groups( $config['id_user'], 'RW', - true, + $return_all_group, 'graph_id_group', $id_group, '', @@ -149,7 +157,7 @@ if (check_acl($config['id_user'], 0, 'RW')) { $output .= html_print_select_groups( $config['id_user'], 'RM', - true, + $return_all_group, 'graph_id_group', $id_group, '', diff --git a/pandora_console/godmode/reporting/graph_builder.php b/pandora_console/godmode/reporting/graph_builder.php index f0262f6e5f..4fde79ed82 100644 --- a/pandora_console/godmode/reporting/graph_builder.php +++ b/pandora_console/godmode/reporting/graph_builder.php @@ -83,6 +83,20 @@ $change_weight = (bool) get_parameter('change_weight', false); $change_label = (bool) get_parameter('change_label', false); $id_graph = (int) get_parameter('id', 0); +if ($id_graph > 0) { + $graph_group = db_get_value('id_group', 'tgraph', 'id_graph', $id_graph); + if (!check_acl_restricted_all($config['id_user'], $graph_group, 'RW') + && !check_acl_restricted_all($config['id_user'], $graph_group, 'RM') + ) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access graph builder' + ); + include 'general/noaccess.php'; + exit; + } +} + if ($id_graph !== 0) { $sql = "SELECT * FROM tgraph WHERE (private = 0 OR (private = 1 AND id_user = '".$config['id_user']."')) diff --git a/pandora_console/godmode/reporting/graphs.php b/pandora_console/godmode/reporting/graphs.php index 958819a95b..980197cd54 100644 --- a/pandora_console/godmode/reporting/graphs.php +++ b/pandora_console/godmode/reporting/graphs.php @@ -88,7 +88,11 @@ ui_print_page_header(__('Reporting').' » '.__('Custom graphs'), 'images/ch // Delete module SQL code if ($delete_graph) { - if ($report_w || $report_m) { + $graph_group = db_get_value('id_group', 'tgraph', 'id_graph', $id); + + if (check_acl_restricted_all($config['id_user'], $graph_group, 'RW') + || check_acl_restricted_all($config['id_user'], $graph_group, 'RM') + ) { $exist = db_get_value('id_graph', 'tgraph_source', 'id_graph', $id); if ($exist) { $result = db_process_sql_delete('tgraph_source', ['id_graph' => $id]); @@ -299,16 +303,17 @@ $table_aux = new stdClass(); $data[4] = ''; $table->cellclass[][4] = 'action_buttons'; - if (($report_w || $report_m)) { + if (check_acl_restricted_all($config['id_user'], $graph['id_group'], 'RM') + || check_acl_restricted_all($config['id_user'], $graph['id_group'], 'RW') + ) { $data[4] = ''.html_print_image('images/config.png', true).''; } - if ($report_m) { + $data[5] = ''; + if (check_acl_restricted_all($config['id_user'], $graph['id_group'], 'RM')) { $data[4] .= ''.html_print_image('images/cross.png', true, ['alt' => __('Delete'), 'title' => __('Delete')]).''; - } - if ($report_m) { $data[5] .= html_print_checkbox_extended('delete_multiple[]', $graph['id_graph'], false, false, '', 'class="check_delete" style="margin-left:2px;"', true); } diff --git a/pandora_console/godmode/reporting/map_builder.php b/pandora_console/godmode/reporting/map_builder.php index 9f8b8f0162..f1fab5f2d8 100644 --- a/pandora_console/godmode/reporting/map_builder.php +++ b/pandora_console/godmode/reporting/map_builder.php @@ -123,8 +123,8 @@ if ($delete_layout || $copy_layout) { // ACL for the visual console // $vconsole_read = check_acl ($config['id_user'], $group_id, "VR"); - $vconsole_write = check_acl($config['id_user'], $group_id, 'VW'); - $vconsole_manage = check_acl($config['id_user'], $group_id, 'VM'); + $vconsole_write = check_acl_restricted_all($config['id_user'], $group_id, 'VW'); + $vconsole_manage = check_acl_restricted_all($config['id_user'], $group_id, 'VM'); if (!$vconsole_write && !$vconsole_manage) { db_pandora_audit( @@ -441,8 +441,10 @@ if (!$maps && !is_metaconsole()) { $data[1] = ui_print_group_icon($map['id_group'], true); $data[2] = db_get_sql('SELECT COUNT(*) FROM tlayout_data WHERE id_layout = '.$map['id']); - // Fix: IW was the old ACL for report editing, now is RW - if ($vconsoles_write || $vconsoles_manage) { + $vconsoles_write_action_btn = check_acl_restricted_all($config['id_user'], $map['id_group'], 'VW'); + $vconsoles_manage_action_btn = check_acl_restricted_all($config['id_user'], $map['id_group'], 'VM'); + + if ($vconsoles_write_action_btn || $vconsoles_manage_action_btn) { if (!is_metaconsole()) { $table->cellclass[] = [ 3 => 'action_buttons', diff --git a/pandora_console/godmode/reporting/reporting_builder.main.php b/pandora_console/godmode/reporting/reporting_builder.main.php index 224b2ce517..5ba61658fa 100755 --- a/pandora_console/godmode/reporting/reporting_builder.main.php +++ b/pandora_console/godmode/reporting/reporting_builder.main.php @@ -114,11 +114,17 @@ if (isset($write_groups[$idGroupReport]) === false && $idGroupReport) { $write_groups[$idGroupReport] = groups_get_name($idGroupReport); } +$return_all_group = false; + +if (users_can_manage_group_all('RW') === true) { + $return_all_group = true; +} + $table->data['group'][1] = '
'; $table->data['group'][1] .= html_print_select_groups( $config['id_user'], 'AR', - true, + $return_all_group, 'id_group', $idGroupReport, '', diff --git a/pandora_console/godmode/reporting/reporting_builder.php b/pandora_console/godmode/reporting/reporting_builder.php index 8ac3a11e37..5a0fe779c4 100755 --- a/pandora_console/godmode/reporting/reporting_builder.php +++ b/pandora_console/godmode/reporting/reporting_builder.php @@ -158,6 +158,26 @@ $pure = get_parameter('pure', 0); $schedule_report = get_parameter('schbutton', ''); $pagination = (int) get_parameter('pagination', $config['block_size']); +if ($action == 'edit' && $idReport > 0) { + $report_group = db_get_value( + 'id_group', + 'treport', + 'id_report', + $idReport + ); + + if (! check_acl_restricted_all($config['id_user'], $report_group, 'RW') + && ! check_acl_restricted_all($config['id_user'], $report_group, 'RM') + ) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access report builder' + ); + include 'general/noaccess.php'; + exit; + } +} + if ($schedule_report != '') { $id_user_task = 1; $scheduled = 'no'; @@ -909,8 +929,8 @@ switch ($action) { $data = []; - if (check_acl($config['id_user'], $report['id_group'], 'RW') - || check_acl($config['id_user'], $report['id_group'], 'RM') + if (check_acl_restricted_all($config['id_user'], $report['id_group'], 'RW') + || check_acl_restricted_all($config['id_user'], $report['id_group'], 'RM') ) { $data[0] = ''.ui_print_truncate_text($report['name'], 70).''; } else { @@ -994,7 +1014,7 @@ switch ($action) { switch ($type_access_selected) { case 'group_view': - $edit = check_acl( + $edit = check_acl_restricted_all( $config['id_user'], $report['id_group'], 'RW' @@ -1005,7 +1025,7 @@ switch ($action) { break; case 'group_edit': - $edit = check_acl( + $edit = check_acl_restricted_all( $config['id_user'], $report['id_group_edit'], 'RW' diff --git a/pandora_console/godmode/reporting/visual_console_builder.data.php b/pandora_console/godmode/reporting/visual_console_builder.data.php index 5a0d4fb0f5..79b561edf0 100644 --- a/pandora_console/godmode/reporting/visual_console_builder.data.php +++ b/pandora_console/godmode/reporting/visual_console_builder.data.php @@ -133,13 +133,18 @@ if ($action == 'new') { src="">'; } -$table->data[1][0] = __('Group:'); +$table->data[1][0] = __('Group'); +$return_all_group = false; + +if (users_can_manage_group_all('RW') === true) { + $return_all_group = true; +} $table->data[1][1] = '
'.html_print_select_groups( $config['id_user'], 'RW', - true, + $return_all_group, 'id_group', $idGroup, '', diff --git a/pandora_console/godmode/reporting/visual_console_builder.php b/pandora_console/godmode/reporting/visual_console_builder.php index 775230c471..67194d21fa 100755 --- a/pandora_console/godmode/reporting/visual_console_builder.php +++ b/pandora_console/godmode/reporting/visual_console_builder.php @@ -85,8 +85,8 @@ else if ($activeTab != 'data' || ($activeTab == 'data' && $action != 'new')) { // ACL for the existing visual console // $vconsole_read = check_acl ($config['id_user'], $visualConsole['id_group'], "VR"); - $vconsole_write = check_acl($config['id_user'], $visualConsole['id_group'], 'VW'); - $vconsole_manage = check_acl($config['id_user'], $visualConsole['id_group'], 'VM'); + $vconsole_write = check_acl_restricted_all($config['id_user'], $visualConsole['id_group'], 'VW'); + $vconsole_manage = check_acl_restricted_all($config['id_user'], $visualConsole['id_group'], 'VM'); } else { db_pandora_audit( 'ACL Violation', @@ -143,8 +143,8 @@ switch ($activeTab) { // ACL for the new visual console // $vconsole_read_new = check_acl ($config['id_user'], $idGroup, "VR"); - $vconsole_write_new = check_acl($config['id_user'], $idGroup, 'VW'); - $vconsole_manage_new = check_acl($config['id_user'], $idGroup, 'VM'); + $vconsole_write_new = check_acl_restricted_all($config['id_user'], $idGroup, 'VW'); + $vconsole_manage_new = check_acl_restricted_all($config['id_user'], $idGroup, 'VM'); // The user should have permissions on the new group if (!$vconsole_write_new && !$vconsole_manage_new) { diff --git a/pandora_console/include/class/CredentialStore.class.php b/pandora_console/include/class/CredentialStore.class.php index 073f0831a3..0d918e5e5a 100644 --- a/pandora_console/include/class/CredentialStore.class.php +++ b/pandora_console/include/class/CredentialStore.class.php @@ -351,7 +351,21 @@ class CredentialStore extends Wizard return db_get_value_sql($sql); } - return db_get_all_rows_sql($sql); + $return = db_get_all_rows_sql($sql); + + // Filter out those items of group all that cannot be edited by user. + $return = array_filter( + $return, + function ($item) { + if ($item['id_group'] == 0 && users_can_manage_group_all('AR') === false) { + return false; + } else { + return true; + } + } + ); + + return $return; } @@ -826,6 +840,12 @@ class CredentialStore extends Wizard $values = []; } + $return_all_group = false; + + if (users_can_manage_group_all('AR') === true) { + $return_all_group = true; + } + $form = [ 'action' => '#', 'id' => 'modal_form', @@ -855,7 +875,7 @@ class CredentialStore extends Wizard 'id' => 'id_group', 'input_class' => 'flex-row', 'type' => 'select_groups', - 'returnAllGroup' => true, + 'returnAllGroup' => $return_all_group, 'selected' => $values['id_group'], 'return' => true, 'class' => 'w50p', @@ -999,6 +1019,7 @@ class CredentialStore extends Wizard * Process datatable item before draw it. */ function process_datatables_item(item) { + id = item.identifier; idrow = ' $this->dashboardFields['name'], 'hash' => self::generatePublicHash(), 'publicLink' => $this->publicLink, + 'dashboardGroup' => $this->dashboardFields['id_group'], ] ); } else { @@ -1025,6 +1026,7 @@ class Manager 'cells' => $this->cells, 'cellModeSlides' => $this->cellModeSlides, 'cellId' => ($this->cellId === 0) ? $this->cells[0]['id'] : $this->cellId, + 'dashboardGroup' => $this->dashboardFields['id_group'], ] ); } diff --git a/pandora_console/operation/agentes/pandora_networkmap.editor.php b/pandora_console/operation/agentes/pandora_networkmap.editor.php index a16874705c..1858985406 100644 --- a/pandora_console/operation/agentes/pandora_networkmap.editor.php +++ b/pandora_console/operation/agentes/pandora_networkmap.editor.php @@ -80,9 +80,15 @@ if ($edit_networkmap) { } else { $id_group = $values['id_group']; + $id_group_acl_check = $id_group_map; + + if ($id_group_map === null) { + $id_group_acl_check = $values['id_group_map']; + } + // ACL for the network map. - $networkmap_write = check_acl($config['id_user'], $id_group_map, 'MW'); - $networkmap_manage = check_acl($config['id_user'], $id_group_map, 'MM'); + $networkmap_write = check_acl_restricted_all($config['id_user'], $id_group_acl_check, 'MW'); + $networkmap_manage = check_acl_restricted_all($config['id_user'], $id_group_acl_check, 'MM'); if (!$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -265,6 +271,12 @@ if ($not_found) { true ); + $return_all_group = false; + + if (users_can_manage_group_all('AR') === true) { + $return_all_group = true; + } + $table->data[1][0] = __('Group'); $table->data[1][1] = '
'.html_print_select_groups( // Id_user. @@ -272,7 +284,7 @@ if ($not_found) { // Privilege. 'AR', // ReturnAllGroup. - true, + $return_all_group, // Name. 'id_group_map', // Selected. diff --git a/pandora_console/operation/agentes/pandora_networkmap.php b/pandora_console/operation/agentes/pandora_networkmap.php index c50bfd9d0e..3c42108008 100644 --- a/pandora_console/operation/agentes/pandora_networkmap.php +++ b/pandora_console/operation/agentes/pandora_networkmap.php @@ -57,8 +57,8 @@ if (enterprise_installed()) { // ACL for the network map. // $networkmap_read = check_acl ($config['id_user'], $id_group, "MR"); - $networkmap_write = check_acl($config['id_user'], $id_group_map, 'MW'); - $networkmap_manage = check_acl($config['id_user'], $id_group_map, 'MM'); + $networkmap_write = check_acl_restricted_all($config['id_user'], $id_group_map, 'MW'); + $networkmap_manage = check_acl_restricted_all($config['id_user'], $id_group_map, 'MM'); if (!$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -145,8 +145,8 @@ if (enterprise_installed()) { // ACL for the new network map - $networkmap_write_new = check_acl($config['id_user'], $id_group_map, 'MW'); - $networkmap_manage_new = check_acl($config['id_user'], $id_group_map, 'MM'); + $networkmap_write_new = check_acl_restricted_all($config['id_user'], $id_group_map, 'MW'); + $networkmap_manage_new = check_acl_restricted_all($config['id_user'], $id_group_map, 'MM'); if (!$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -230,8 +230,8 @@ if ($new_networkmap || $save_networkmap) { // ACL for the network map // $networkmap_read = check_acl ($config['id_user'], $id_group, "MR"); - $networkmap_write = check_acl($config['id_user'], $id_group_map, 'MW'); - $networkmap_manage = check_acl($config['id_user'], $id_group_map, 'MM'); + $networkmap_write = check_acl_restricted_all($config['id_user'], $id_group_map, 'MW'); + $networkmap_manage = check_acl_restricted_all($config['id_user'], $id_group_map, 'MM'); if (!$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -420,8 +420,8 @@ else if ($update_networkmap || $copy_networkmap || $delete) { return; } - $networkmap_write = check_acl($config['id_user'], $id_group_map_old, 'MW'); - $networkmap_manage = check_acl($config['id_user'], $id_group_map_old, 'MM'); + $networkmap_write = check_acl_restricted_all($config['id_user'], $id_group_map_old, 'MW'); + $networkmap_manage = check_acl_restricted_all($config['id_user'], $id_group_map_old, 'MM'); if (!$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -440,8 +440,8 @@ else if ($update_networkmap || $copy_networkmap || $delete) { // ACL for the new network map $id_group_map = (int) get_parameter('id_group_map', 0); - $networkmap_write_new = check_acl($config['id_user'], $id_group_map, 'MW'); - $networkmap_manage_new = check_acl($config['id_user'], $id_group_map, 'MM'); + $networkmap_write_new = check_acl_restricted_all($config['id_user'], $id_group_map, 'MW'); + $networkmap_manage_new = check_acl_restricted_all($config['id_user'], $id_group_map, 'MM'); if (!$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -727,9 +727,9 @@ switch ($tab) { foreach ($network_maps as $network_map) { // ACL for the network map - $networkmap_read = check_acl($config['id_user'], $network_map['id_group_map'], 'MR'); - $networkmap_write = check_acl($config['id_user'], $network_map['id_group_map'], 'MW'); - $networkmap_manage = check_acl($config['id_user'], $network_map['id_group_map'], 'MM'); + $networkmap_read = check_acl_restricted_all($config['id_user'], $network_map['id_group_map'], 'MR'); + $networkmap_write = check_acl_restricted_all($config['id_user'], $network_map['id_group_map'], 'MW'); + $networkmap_manage = check_acl_restricted_all($config['id_user'], $network_map['id_group_map'], 'MM'); if (!$networkmap_read && !$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -785,6 +785,10 @@ switch ($tab) { $data['groups'] = ui_print_group_icon($network_map['id_group_map'], true); + $data['copy'] = ''; + $data['edit'] = ''; + $data['delete'] = ''; + if ($networkmap_write || $networkmap_manage) { $table->cellclass[] = [ 'copy' => 'action_buttons', diff --git a/pandora_console/operation/gis_maps/gis_map.php b/pandora_console/operation/gis_maps/gis_map.php index 59b3b6da64..01653e958b 100644 --- a/pandora_console/operation/gis_maps/gis_map.php +++ b/pandora_console/operation/gis_maps/gis_map.php @@ -170,8 +170,10 @@ if ($maps !== false) { $data['name'] = ''.$map['map_name'].' '; $data['group'] = ui_print_group_icon($map['group_id'], true); - if ($edit_gis_maps) { - if ($display_default_column) { + $data['op'] = ''; + + if (check_acl_restricted_all($config['id_user'], $map['group_id'], 'MW') || check_acl_restricted_all($config['id_user'], $map['group_id'], 'MM')) { + if (check_acl_restricted_all($config['id_user'], 0, 'MM')) { $checked = false; if ($map['default_map']) { $checked = true; diff --git a/pandora_console/operation/reporting/graph_viewer.php b/pandora_console/operation/reporting/graph_viewer.php index 68acde60a1..47610af86a 100644 --- a/pandora_console/operation/reporting/graph_viewer.php +++ b/pandora_console/operation/reporting/graph_viewer.php @@ -145,7 +145,9 @@ if ($view_graph) { $options = []; - if (check_acl($config['id_user'], 0, 'RW')) { + if (check_acl_restricted_all($config['id_user'], $graph['id_group'], 'RW') + || check_acl_restricted_all($config['id_user'], $graph['id_group'], 'RM') + ) { $options = [ 'graph_list' => [ 'active' => false, @@ -160,6 +162,13 @@ if ($view_graph) { 'text' => ''.html_print_image('images/builder.png', true, ['title' => __('Graph editor')]).'', ], ]; + } else { + $options = [ + 'graph_list' => [ + 'active' => false, + 'text' => ''.html_print_image('images/list.png', true, ['title' => __('Graph list')]).'', + ], + ]; } $options['view']['text'] = ''.html_print_image( @@ -275,7 +284,7 @@ if ($view_graph) { echo ''; echo ""; - echo "
  ".__('Equalize maximum thresholds').''.ui_print_help_tip(__('If an option is selected, all graphs will have the highest value from all modules included in the graph as a maximum threshold'), true); + echo "
  ".__('Equalize maxiddmum thresholds').''.ui_print_help_tip(__('If an option is selected, all graphs will have the highest value from all modules included in the graph as a maximum threshold'), true); html_print_checkbox('threshold', CUSTOM_GRAPH_BULLET_CHART_THRESHOLD, $check, false, false, '', false); echo '
'; diff --git a/pandora_console/operation/reporting/reporting_viewer.php b/pandora_console/operation/reporting/reporting_viewer.php index 7528f15253..cc35a6cdfa 100755 --- a/pandora_console/operation/reporting/reporting_viewer.php +++ b/pandora_console/operation/reporting/reporting_viewer.php @@ -80,7 +80,16 @@ $options['list_reports'] = [ ).'', ]; -if (check_acl($config['id_user'], 0, 'RW')) { +if ($id_report > 0) { + $report_group = db_get_value( + 'id_group', + 'treport', + 'id_report', + $id_report + ); +} + +if (check_acl_restricted_all($config['id_user'], $report_group, 'RW')) { $options['main']['text'] = ''.html_print_image( 'images/op_reporting.png', true, diff --git a/pandora_console/operation/visual_console/legacy_view.php b/pandora_console/operation/visual_console/legacy_view.php index d4405876c4..986830f086 100644 --- a/pandora_console/operation/visual_console/legacy_view.php +++ b/pandora_console/operation/visual_console/legacy_view.php @@ -97,9 +97,9 @@ $bheight = $layout['height']; $pure_url = '&pure='.$config['pure']; // ACL -$vconsole_read = check_acl($config['id_user'], $id_group, 'VR'); -$vconsole_write = check_acl($config['id_user'], $id_group, 'VW'); -$vconsole_manage = check_acl($config['id_user'], $id_group, 'VM'); +$vconsole_read = check_acl_restricted_all($config['id_user'], $id_group, 'VR'); +$vconsole_write = check_acl_restricted_all($config['id_user'], $id_group, 'VW'); +$vconsole_manage = check_acl_restricted_all($config['id_user'], $id_group, 'VM'); if (! $vconsole_read && !$vconsole_write && !$vconsole_manage) { db_pandora_audit( diff --git a/pandora_console/operation/visual_console/view.php b/pandora_console/operation/visual_console/view.php index 3b70215aa2..164d38ac2c 100644 --- a/pandora_console/operation/visual_console/view.php +++ b/pandora_console/operation/visual_console/view.php @@ -95,9 +95,9 @@ $groupId = $visualConsoleData['groupId']; $visualConsoleName = $visualConsoleData['name']; // ACL. -$aclRead = check_acl($config['id_user'], $groupId, 'VR'); -$aclWrite = check_acl($config['id_user'], $groupId, 'VW'); -$aclManage = check_acl($config['id_user'], $groupId, 'VM'); +$aclRead = check_acl_restricted_all($config['id_user'], $groupId, 'VR'); +$aclWrite = check_acl_restricted_all($config['id_user'], $groupId, 'VW'); +$aclManage = check_acl_restricted_all($config['id_user'], $groupId, 'VM'); if (!$aclRead && !$aclWrite && !$aclManage) { db_pandora_audit( diff --git a/pandora_console/views/dashboard/formDashboard.php b/pandora_console/views/dashboard/formDashboard.php index b80f3ab557..bcbdd67622 100644 --- a/pandora_console/views/dashboard/formDashboard.php +++ b/pandora_console/views/dashboard/formDashboard.php @@ -43,6 +43,12 @@ if (empty($arrayDashboard) === true) { } } +$return_all_group = false; + +if (users_can_manage_group_all('RW') === true) { + $return_all_group = true; +} + $dataQuery = ['dashboardId' => $dashboardId]; $url = ui_get_full_url( @@ -100,11 +106,12 @@ $inputs = [ [ 'label' => __('Group'), 'arguments' => [ - 'name' => 'id_group', - 'id' => 'id_group', - 'type' => 'select_groups', - 'selected' => $arrayDashboard['id_group'], - 'return' => true, + 'name' => 'id_group', + 'id' => 'id_group', + 'type' => 'select_groups', + 'returnAllGroup' => $return_all_group, + 'selected' => $arrayDashboard['id_group'], + 'return' => true, ], ], ], diff --git a/pandora_console/views/dashboard/header.php b/pandora_console/views/dashboard/header.php index f54a7c04b6..082011cb8e 100644 --- a/pandora_console/views/dashboard/header.php +++ b/pandora_console/views/dashboard/header.php @@ -194,7 +194,7 @@ if ($config['public_dashboard'] === true) { 'combo_refresh_countdown' => $comboRefreshCountdown, ]; } else if ($config['pure']) { - if (check_acl($config['id_user'], 0, 'RW') === 0) { + if (check_acl_restricted_all($config['id_user'], $dashboardGroup, 'RW') === 0) { $buttons = [ 'back_to_dashboard_list' => $back_to_dashboard_list, 'normalscreen' => $normalscreen, @@ -221,7 +221,7 @@ if ($config['public_dashboard'] === true) { } } } else { - if (check_acl($config['id_user'], 0, 'RW') === 0) { + if (check_acl_restricted_all($config['id_user'], $dashboardGroup, 'RW') === 0) { $buttons = [ 'back_to_dashboard_list' => $back_to_dashboard_list, 'fullscreen' => $fullscreen, diff --git a/pandora_console/views/dashboard/list.php b/pandora_console/views/dashboard/list.php index e5c37b2500..629c5f8eae 100644 --- a/pandora_console/views/dashboard/list.php +++ b/pandora_console/views/dashboard/list.php @@ -155,6 +155,11 @@ if (empty($dashboards) === true) { $data['full_screen'] .= ''; if ($manageDashboards === 1) { + $data['copy'] = ''; + $data['delete'] = ''; + } + + if (check_acl_restricted_all($config['id_user'], $dashboard['id_group'], 'RM')) { $dataQueryCopy = [ 'dashboardId' => $dashboard['id'], 'copyDashboard' => 1, From cd52b30eb5b218b86171a03e950656a309d1670b Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Thu, 22 Oct 2020 15:47:39 +0200 Subject: [PATCH 003/117] visual fixes --- .../godmode/gis_maps/configure_gis_map.php | 2 +- pandora_console/operation/gis_maps/gis_map.php | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/pandora_console/godmode/gis_maps/configure_gis_map.php b/pandora_console/godmode/gis_maps/configure_gis_map.php index 907786e6fd..b89ad86fad 100644 --- a/pandora_console/godmode/gis_maps/configure_gis_map.php +++ b/pandora_console/godmode/gis_maps/configure_gis_map.php @@ -32,7 +32,7 @@ $action = get_parameter('action', 'new_map'); $gis_map_group = db_get_value('group_id', 'tgis_map', 'id_tgis_map', $idMap); -if (!check_acl_restricted_all($config['id_user'], $gis_map_group, 'MW') && !check_acl_restricted_all($config['id_user'], $gis_map_group, 'MW')) { +if ($idMap > 0 && !check_acl_restricted_all($config['id_user'], $gis_map_group, 'MW') && !check_acl_restricted_all($config['id_user'], $gis_map_group, 'MW')) { db_pandora_audit('ACL Violation', 'Trying to access map builder'); include 'general/noaccess.php'; return; diff --git a/pandora_console/operation/gis_maps/gis_map.php b/pandora_console/operation/gis_maps/gis_map.php index 01653e958b..ca66058050 100644 --- a/pandora_console/operation/gis_maps/gis_map.php +++ b/pandora_console/operation/gis_maps/gis_map.php @@ -170,9 +170,16 @@ if ($maps !== false) { $data['name'] = ''.$map['map_name'].' '; $data['group'] = ui_print_group_icon($map['group_id'], true); - $data['op'] = ''; + if (check_acl($config['id_user'], 0, 'MW') + || check_acl($config['id_user'], 0, 'MM') + ) { + $data['default'] = ''; + $data['op'] = ''; + } - if (check_acl_restricted_all($config['id_user'], $map['group_id'], 'MW') || check_acl_restricted_all($config['id_user'], $map['group_id'], 'MM')) { + if (check_acl_restricted_all($config['id_user'], $map['group_id'], 'MW') + || check_acl_restricted_all($config['id_user'], $map['group_id'], 'MM') + ) { if (check_acl_restricted_all($config['id_user'], 0, 'MM')) { $checked = false; if ($map['default_map']) { From e300f2244d027d65fa20100629bb81be24f13c99 Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Wed, 28 Oct 2020 17:56:42 +0100 Subject: [PATCH 004/117] Adding delete_agent control for meta --- pandora_console/include/functions_api.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 6401910faa..f9fd4efaa9 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -1885,11 +1885,17 @@ function api_set_delete_agent($id, $thrash1, $other, $thrash3) } } else { // Delete only if the centralised mode is disabled. - if (is_central_policies_on_node()) { + $headers = getallheaders(); + if (!isset($headers['idk']) || !is_management_allowed($headers['idk'])) { returnError('centralized'); exit; } + // Support for Pandora Enterprise. + if (license_free() === false) { + define('PANDORA_ENTERPRISE', true); + } + if ($agent_by_alias) { $idsAgents = agents_get_agent_id_by_alias(io_safe_input($id)); } else { From d75bb46f3431ff7d78d5d5df43436cf4300c1711 Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Thu, 5 Nov 2020 12:47:25 +0100 Subject: [PATCH 005/117] changed action/alert priority of fields for snmp alerts --- pandora_server/lib/PandoraFMS/Core.pm | 40 +++++++++++++-------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm index 0d3bc2652f..cddc89117f 100644 --- a/pandora_server/lib/PandoraFMS/Core.pm +++ b/pandora_server/lib/PandoraFMS/Core.pm @@ -1023,26 +1023,26 @@ sub pandora_execute_action ($$$$$$$$$;$) { $field20 = defined($action->{'field20'}) && $action->{'field20'} ne "" ? $action->{'field20'} : $alert->{'field20'}; } else { - $field1 = defined($action->{'field1'}) && $action->{'field1'} ne "" ? $action->{'field1'} : $alert->{'field1'}; - $field2 = defined($action->{'field2'}) && $action->{'field2'} ne "" ? $action->{'field2'} : $alert->{'field2'}; - $field3 = defined($action->{'field3'}) && $action->{'field3'} ne "" ? $action->{'field3'} : $alert->{'field3'}; - $field4 = defined($action->{'field4'}) && $action->{'field4'} ne "" ? $action->{'field4'} : $alert->{'field4'}; - $field5 = defined($action->{'field5'}) && $action->{'field5'} ne "" ? $action->{'field5'} : $alert->{'field5'}; - $field6 = defined($action->{'field6'}) && $action->{'field6'} ne "" ? $action->{'field6'} : $alert->{'field6'}; - $field7 = defined($action->{'field7'}) && $action->{'field7'} ne "" ? $action->{'field7'} : $alert->{'field7'}; - $field8 = defined($action->{'field8'}) && $action->{'field8'} ne "" ? $action->{'field8'} : $alert->{'field8'}; - $field9 = defined($action->{'field9'}) && $action->{'field9'} ne "" ? $action->{'field9'} : $alert->{'field9'}; - $field10 = defined($action->{'field10'}) && $action->{'field10'} ne "" ? $action->{'field10'} : $alert->{'field10'}; - $field11 = defined($action->{'field11'}) && $action->{'field11'} ne "" ? $action->{'field11'} : $alert->{'field11'}; - $field12 = defined($action->{'field12'}) && $action->{'field12'} ne "" ? $action->{'field12'} : $alert->{'field12'}; - $field13 = defined($action->{'field13'}) && $action->{'field13'} ne "" ? $action->{'field13'} : $alert->{'field13'}; - $field14 = defined($action->{'field14'}) && $action->{'field14'} ne "" ? $action->{'field14'} : $alert->{'field14'}; - $field15 = defined($action->{'field15'}) && $action->{'field15'} ne "" ? $action->{'field15'} : $alert->{'field15'}; - $field16 = defined($action->{'field16'}) && $action->{'field16'} ne "" ? $action->{'field16'} : $alert->{'field16'}; - $field17 = defined($action->{'field17'}) && $action->{'field17'} ne "" ? $action->{'field17'} : $alert->{'field17'}; - $field18 = defined($action->{'field18'}) && $action->{'field18'} ne "" ? $action->{'field18'} : $alert->{'field18'}; - $field19 = defined($action->{'field19'}) && $action->{'field19'} ne "" ? $action->{'field19'} : $alert->{'field19'}; - $field20 = defined($action->{'field20'}) && $action->{'field20'} ne "" ? $action->{'field20'} : $alert->{'field20'}; + $field1 = defined($alert->{'field1'}) && $alert->{'field1'} ne "" ? $alert->{'field1'} : $action->{'field1'}; + $field2 = defined($alert->{'field2'}) && $alert->{'field2'} ne "" ? $alert->{'field2'} : $action->{'field2'}; + $field3 = defined($alert->{'field3'}) && $alert->{'field3'} ne "" ? $alert->{'field3'} : $action->{'field3'}; + $field4 = defined($alert->{'field4'}) && $alert->{'field4'} ne "" ? $alert->{'field4'} : $action->{'field4'}; + $field5 = defined($alert->{'field5'}) && $alert->{'field5'} ne "" ? $alert->{'field5'} : $action->{'field5'}; + $field6 = defined($alert->{'field6'}) && $alert->{'field6'} ne "" ? $alert->{'field6'} : $action->{'field6'}; + $field7 = defined($alert->{'field7'}) && $alert->{'field7'} ne "" ? $alert->{'field7'} : $action->{'field7'}; + $field8 = defined($alert->{'field8'}) && $alert->{'field8'} ne "" ? $alert->{'field8'} : $action->{'field8'}; + $field9 = defined($alert->{'field9'}) && $alert->{'field9'} ne "" ? $alert->{'field9'} : $action->{'field9'}; + $field10 = defined($alert->{'field10'}) && $alert->{'field10'} ne "" ? $alert->{'field10'} : $action->{'field10'}; + $field11 = defined($alert->{'field11'}) && $alert->{'field11'} ne "" ? $alert->{'field11'} : $action->{'field11'}; + $field12 = defined($alert->{'field12'}) && $alert->{'field12'} ne "" ? $alert->{'field12'} : $action->{'field12'}; + $field13 = defined($alert->{'field13'}) && $alert->{'field13'} ne "" ? $alert->{'field13'} : $action->{'field13'}; + $field14 = defined($alert->{'field14'}) && $alert->{'field14'} ne "" ? $alert->{'field14'} : $action->{'field14'}; + $field15 = defined($alert->{'field15'}) && $alert->{'field15'} ne "" ? $alert->{'field15'} : $action->{'field15'}; + $field16 = defined($alert->{'field16'}) && $alert->{'field16'} ne "" ? $alert->{'field16'} : $action->{'field16'}; + $field17 = defined($alert->{'field17'}) && $alert->{'field17'} ne "" ? $alert->{'field17'} : $action->{'field17'}; + $field18 = defined($alert->{'field18'}) && $alert->{'field18'} ne "" ? $alert->{'field18'} : $action->{'field18'}; + $field19 = defined($alert->{'field19'}) && $alert->{'field19'} ne "" ? $alert->{'field19'} : $action->{'field19'}; + $field20 = defined($alert->{'field20'}) && $alert->{'field20'} ne "" ? $alert->{'field20'} : $action->{'field20'}; } # Recovery fields, thanks to Kato Atsushi From fc429efce2d449b1547d1b80948197302e2c9759 Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Wed, 11 Nov 2020 09:52:15 +0100 Subject: [PATCH 006/117] fixed wrong error message: recon task is not necessarily linked to script --- .../class/ManageNetScanScripts.class.php | 25 +++++++------------ 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/pandora_console/include/class/ManageNetScanScripts.class.php b/pandora_console/include/class/ManageNetScanScripts.class.php index e41e692146..16dfa70f42 100644 --- a/pandora_console/include/class/ManageNetScanScripts.class.php +++ b/pandora_console/include/class/ManageNetScanScripts.class.php @@ -350,28 +350,21 @@ class ManageNetScanScripts extends Wizard ['id_recon_script' => $id_script] ); + $result_dlt2 = db_process_sql_delete( + 'trecon_task', + ['id_recon_script' => $id_script] + ); + if (!$result_dlt) { $result = [ 'error' => 1, 'msg' => __('Problem deleting Net scan Scripts'), ]; } else { - $result_dlt2 = db_process_sql_delete( - 'trecon_task', - ['id_recon_script' => $id_script] - ); - - if (!$result_dlt2) { - $result = [ - 'error' => 1, - 'msg' => __('Problem deleting Net scan Scripts'), - ]; - } else { - $result = [ - 'error' => 0, - 'msg' => __('Deleted successfully'), - ]; - } + $result = [ + 'error' => 0, + 'msg' => __('Deleted successfully'), + ]; } return $result; From 915c039fcd233f3b5059db5aeece9ae486203be9 Mon Sep 17 00:00:00 2001 From: marcos Date: Thu, 12 Nov 2020 12:13:57 +0100 Subject: [PATCH 007/117] fixed sql error with secundary groups ZOS --- pandora_console/include/functions_tags.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pandora_console/include/functions_tags.php b/pandora_console/include/functions_tags.php index fe36bc34fa..c759597706 100644 --- a/pandora_console/include/functions_tags.php +++ b/pandora_console/include/functions_tags.php @@ -900,7 +900,11 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table='', $force_ } $in_group = implode(',', $without_tags); - $condition .= sprintf('(tagente.id_grupo IN (%s) OR tasg.id_group IN (%s))', $in_group, $in_group); + if ($has_secondary) { + $condition .= sprintf('(tagente.id_grupo IN (%s) OR tasg.id_group IN (%s))', $in_group, $in_group); + } else { + $condition .= sprintf('(tagente.id_grupo IN (%s))', $in_group); + } } $condition = !empty($condition) ? "($condition)" : ''; From 0ea8196db003a646c5469a61a20279f23ef1fcbe Mon Sep 17 00:00:00 2001 From: Daniel Maya Date: Thu, 12 Nov 2020 13:44:52 +0100 Subject: [PATCH 008/117] Fixed create network components --- pandora_console/include/ajax/snmp_browser.ajax.php | 2 +- pandora_console/include/functions_snmp_browser.php | 2 +- pandora_console/include/javascript/pandora_snmp_browser.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pandora_console/include/ajax/snmp_browser.ajax.php b/pandora_console/include/ajax/snmp_browser.ajax.php index 571399c703..f91bc7ef3e 100644 --- a/pandora_console/include/ajax/snmp_browser.ajax.php +++ b/pandora_console/include/ajax/snmp_browser.ajax.php @@ -170,7 +170,7 @@ if (is_ajax()) { $id_target = explode(',', $id_items[0]); } - if (empty($id_items[0])) { + if (empty($id_items[0]) && $module_target !== 'network_component') { echo json_encode([0 => -1]); exit; } diff --git a/pandora_console/include/functions_snmp_browser.php b/pandora_console/include/functions_snmp_browser.php index c4ef3b05ab..7146752554 100644 --- a/pandora_console/include/functions_snmp_browser.php +++ b/pandora_console/include/functions_snmp_browser.php @@ -616,7 +616,7 @@ function snmp_browser_print_oid( $output .= html_print_table($table, true); $url = 'index.php?'.'sec=gmodules&'.'sec2=godmode/modules/manage_network_components'; - $output .= '
'; + $output .= ''; $output .= html_print_input_hidden('create_network_from_snmp_browser', 1, true); $output .= html_print_input_hidden('id_component_type', 2, true); $output .= html_print_input_hidden('type', 17, true); diff --git a/pandora_console/include/javascript/pandora_snmp_browser.js b/pandora_console/include/javascript/pandora_snmp_browser.js index 961619b80b..f02bdad4fc 100644 --- a/pandora_console/include/javascript/pandora_snmp_browser.js +++ b/pandora_console/include/javascript/pandora_snmp_browser.js @@ -541,7 +541,7 @@ function setOID() { } /** - * Create module on selected module_target (agent, networlk component or policy). + * Create module on selected module_target (agent, network component or policy). * * @param string module_target Target to create module. * @param return_values Return snmp values. From 4023327091890ad44f7e7f6d50c37dbb068fb62a Mon Sep 17 00:00:00 2001 From: Daniel Maya Date: Mon, 16 Nov 2020 12:30:58 +0100 Subject: [PATCH 009/117] Added search by secondary group name --- .../operation/search_agents.getdata.php | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/pandora_console/operation/search_agents.getdata.php b/pandora_console/operation/search_agents.getdata.php index aad2835a36..e9d315d291 100644 --- a/pandora_console/operation/search_agents.getdata.php +++ b/pandora_console/operation/search_agents.getdata.php @@ -179,6 +179,8 @@ if ($searchAgents) { $userGroups = users_get_groups($config['id_user'], 'AR', false); $id_userGroups = array_keys($userGroups); + $has_secondary = enterprise_hook('agents_is_using_secondary_groups'); + $sql = "SELECT DISTINCT taddress_agent.id_agent FROM taddress INNER JOIN taddress_agent ON taddress.id_a = taddress_agent.id_a @@ -188,10 +190,10 @@ if ($searchAgents) { if ($id != '') { $aux = $id[0]['id_agent']; $search_sql = " t1.nombre COLLATE utf8_general_ci LIKE '%%cd ".$stringSearchSQL."%%' OR - t2.nombre COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%' OR - t1.alias COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%' OR - t1.comentarios COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%' OR - t1.id_agente = $aux"; + t2.nombre COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%' OR + t1.alias COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%' OR + t1.comentarios COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%' OR + t1.id_agente = $aux"; if (count($id) >= 2) { for ($i = 1; $i < count($id); $i++) { @@ -201,10 +203,15 @@ if ($searchAgents) { } } else { $search_sql = " t1.nombre COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%' OR - t2.nombre COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%' OR + t2.nombre COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%' OR t1.direccion COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%' OR t1.comentarios COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%' OR - t1.alias COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%'"; + t1.alias COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%'"; + } + + if ($has_secondary === true) { + $search_sql .= " OR (tasg.id_group IS NOT NULL AND + tasg.id_group IN (SELECT id_grupo FROM tgrupo WHERE nombre COLLATE utf8_general_ci LIKE '%%".$stringSearchSQL."%%'))"; } $sql = " @@ -235,7 +242,7 @@ if ($searchAgents) { AND ( ".$search_sql.' ) - '; + '; $select = 'SELECT DISTINCT(t1.id_agente), t1.ultimo_contacto, t1.nombre, t1.comentarios, t1.id_os, t1.intervalo, t1.id_grupo, t1.disabled, t1.alias, t1.quiet'; if ($only_count) { From 55c368f957547ae09d20fd99ea85b19b5b13fd6d Mon Sep 17 00:00:00 2001 From: Daniel Maya Date: Mon, 16 Nov 2020 17:34:23 +0100 Subject: [PATCH 010/117] fixed last_compact in history db --- pandora_server/util/pandora_db.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pandora_server/util/pandora_db.pl b/pandora_server/util/pandora_db.pl index 48104968ac..206f854f90 100755 --- a/pandora_server/util/pandora_db.pl +++ b/pandora_server/util/pandora_db.pl @@ -428,8 +428,8 @@ sub pandora_purgedb ($$) { ############################################################################### # Compact agent data. ############################################################################### -sub pandora_compactdb ($$) { - my ($conf, $dbh) = @_; +sub pandora_compactdb ($$$) { + my ($conf, $dbh, $dbh_conf) = @_; my %count_hash; my %id_agent_hash; @@ -534,9 +534,9 @@ sub pandora_compactdb ($$) { # Mark the last compact date if (defined ($conf->{'_last_compact'})) { - db_do ($dbh, 'UPDATE tconfig SET value=? WHERE token=?', $last_compact, 'last_compact'); + db_do ($dbh_conf, 'UPDATE tconfig SET value=? WHERE token=?', $last_compact, 'last_compact'); } else { - db_do ($dbh, 'INSERT INTO tconfig (value, token) VALUES (?, ?)', $last_compact, 'last_compact'); + db_do ($dbh_conf, 'INSERT INTO tconfig (value, token) VALUES (?, ?)', $last_compact, 'last_compact'); } } @@ -1018,7 +1018,7 @@ sub pandoradb_main ($$$) { # Compact on if enable and DaysCompact are below DaysPurge if (($conf->{'_onlypurge'} == 0) && ($conf->{'_days_compact'} < $conf->{'_days_purge'})) { - pandora_compactdb ($conf, defined ($history_dbh) ? $history_dbh : $dbh); + pandora_compactdb ($conf, defined ($history_dbh) ? $history_dbh : $dbh, $dbh); } # Update tconfig with last time of database maintance time (now) From 2ee187ae53468e90d4b1b8fae1182efc272e5785 Mon Sep 17 00:00:00 2001 From: Luis Calvo Date: Mon, 16 Nov 2020 18:30:23 +0100 Subject: [PATCH 011/117] Fixed acl on discovery tasklist --- pandora_console/godmode/wizards/DiscoveryTaskList.class.php | 4 ++++ pandora_console/include/class/HTML.class.php | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/pandora_console/godmode/wizards/DiscoveryTaskList.class.php b/pandora_console/godmode/wizards/DiscoveryTaskList.class.php index 59a9fab84a..de2f70a629 100644 --- a/pandora_console/godmode/wizards/DiscoveryTaskList.class.php +++ b/pandora_console/godmode/wizards/DiscoveryTaskList.class.php @@ -448,6 +448,10 @@ class DiscoveryTaskList extends HTML $table->align[9] = 'left'; foreach ($recon_tasks as $task) { + if ($this->aclMulticheck('AR|AW|AM', $task['id_group']) === false) { + continue; + } + $no_operations = false; $data = []; $server_name = servers_get_name($task['id_recon_server']); diff --git a/pandora_console/include/class/HTML.class.php b/pandora_console/include/class/HTML.class.php index 41ceabf5ab..92cd8cc29f 100644 --- a/pandora_console/include/class/HTML.class.php +++ b/pandora_console/include/class/HTML.class.php @@ -254,7 +254,7 @@ class HTML * * @return boolean Alowed or not. */ - public function aclMulticheck($access=null) + public function aclMulticheck($access=null, $id_group=0) { global $config; @@ -268,7 +268,7 @@ class HTML foreach ($perms as $perm) { $allowed = $allowed || (bool) check_acl( $config['id_user'], - 0, + $id_group, $perm ); } From ef899ef529cf4d8608e88e8bba1eb78788465592 Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Tue, 17 Nov 2020 15:21:38 +0100 Subject: [PATCH 012/117] Fix error --- pandora_server/lib/PandoraFMS/Core.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm index 0d3bc2652f..74e81778c8 100644 --- a/pandora_server/lib/PandoraFMS/Core.pm +++ b/pandora_server/lib/PandoraFMS/Core.pm @@ -5373,7 +5373,9 @@ sub pandora_self_monitoring ($$) { get_db_value($dbh, "SELECT COUNT(*) FROM tagente_datos"); my $read_speed = int((time - $start_performance) * 1e6); - $xml_output .= enterprise_hook("elasticsearch_performance", [$pa_config, $dbh]); + my $elasticsearch_perfomance = enterprise_hook("elasticsearch_performance", [$pa_config, $dbh]); + + $xml_output .= $elasticsearch_perfomance if defined($elasticsearch_perfomance); $xml_output .=" "; $xml_output .=" Database Maintenance"; From ea346afcc51bf08e08304daa05f0f230735a0bd4 Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Tue, 17 Nov 2020 17:06:36 +0100 Subject: [PATCH 013/117] allowing self signed certs for quickshell --- pandora_console/extensions/quick_shell.php | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/pandora_console/extensions/quick_shell.php b/pandora_console/extensions/quick_shell.php index 27807e6029..219e8944af 100644 --- a/pandora_console/extensions/quick_shell.php +++ b/pandora_console/extensions/quick_shell.php @@ -94,12 +94,23 @@ function quickShell() config_update_value('gotty_ssh_port', 8081); } + // Context to allow self-signed certs. + $context = stream_context_create( + [ + 'http' => [ 'method' => 'GET'], + 'ssl' => [ + 'verify_peer' => false, + 'verify_peer_name' => false, + ], + ] + ); + // Username. Retrieve from form. if (empty($username) === true) { // No username provided, ask for it. $wiz = new Wizard(); - $test = file_get_contents($ws_url); + $test = file_get_contents($ws_url, false, $context); if ($test === false) { ui_print_error_message(__('WebService engine has not been started, please check documentation.')); $wiz->printForm( @@ -197,8 +208,9 @@ function quickShell() return; } - // If rediretion is enabled, we will try to connect to http:// or https:// endpoint. - $test = get_headers($ws_url); + // If rediretion is enabled, we will try to connect using + // http:// or https:// endpoint. + $test = get_headers($ws_url, null, $context); if ($test === false) { if (empty($wiz) === true) { $wiz = new Wizard(); From 141259181379f938a55bc97f7a1e5303c5d3db6c Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Wed, 18 Nov 2020 12:37:39 +0100 Subject: [PATCH 014/117] Fix --- pandora_console/general/sap_view.php | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/pandora_console/general/sap_view.php b/pandora_console/general/sap_view.php index a66ae80d0a..626de03118 100644 --- a/pandora_console/general/sap_view.php +++ b/pandora_console/general/sap_view.php @@ -1,10 +1,10 @@ Date: Wed, 18 Nov 2020 16:48:49 +0100 Subject: [PATCH 015/117] fixed status filter when applying changes to a module of any agent --- .../godmode/massive/massive_edit_modules.php | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/pandora_console/godmode/massive/massive_edit_modules.php b/pandora_console/godmode/massive/massive_edit_modules.php index 8c5a611847..c3abea586a 100755 --- a/pandora_console/godmode/massive/massive_edit_modules.php +++ b/pandora_console/godmode/massive/massive_edit_modules.php @@ -50,6 +50,7 @@ if ($update) { $agents_ = []; $force = get_parameter('force_type', false); + $module_status = get_parameter('status_module', null); if ($agents_select == false) { $agents_select = []; @@ -109,7 +110,7 @@ if ($update) { } foreach ($module_name as $mod_name) { - $result = process_manage_edit($mod_name['nombre'], $id_agent, $modules_selection_mode); + $result = process_manage_edit($mod_name['nombre'], $id_agent, $module_status, $modules_selection_mode); $count++; $success += (int) $result; } @@ -132,7 +133,7 @@ if ($update) { } foreach ($module_name as $mod_name) { - $result = process_manage_edit($mod_name['nombre'], $id_agent, $modules_selection_mode); + $result = process_manage_edit($mod_name['nombre'], $id_agent, $module_status, $modules_selection_mode); $count++; $success += (int) $result; } @@ -150,7 +151,7 @@ if ($update) { } foreach ($modules_ as $module_) { - $result = process_manage_edit($module_, $agent_, $modules_selection_mode); + $result = process_manage_edit($module_, $agent_, $module_status, $modules_selection_mode); $count++; $success += (int) $result; } @@ -1859,7 +1860,7 @@ function disabled_status () { /* ]]> */ = 15 && $module['id_tipo_modulo'] <= 18) { if ($snmp_version != '') { From 1ad1671612273fb02dd97dd412f3b41c32cd1b4e Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Mon, 23 Nov 2020 09:29:11 +0100 Subject: [PATCH 016/117] fix remove acl widget agent/module --- .../lib/Dashboard/Widgets/agent_module.php | 137 ++++++++---------- pandora_console/include/styles/dashboards.css | 4 + 2 files changed, 61 insertions(+), 80 deletions(-) diff --git a/pandora_console/include/lib/Dashboard/Widgets/agent_module.php b/pandora_console/include/lib/Dashboard/Widgets/agent_module.php index 9913b28aaf..7953550b7a 100644 --- a/pandora_console/include/lib/Dashboard/Widgets/agent_module.php +++ b/pandora_console/include/lib/Dashboard/Widgets/agent_module.php @@ -27,6 +27,8 @@ */ namespace PandoraFMS\Dashboard; +use PandoraFMS\Agent; +use PandoraFMS\Module; /** * Agent module Widgets. @@ -324,7 +326,7 @@ class AgentModuleWidget extends Widget } foreach ($agents as $agent) { - if (!users_access_to_agent($agent['id_agente'])) { + if (users_access_to_agent($agent['id_agente']) === false) { continue; } @@ -343,8 +345,10 @@ class AgentModuleWidget extends Widget foreach ($modules_by_name as $module) { $row['modules'][$module['name']] = null; foreach ($module['id'] as $module_id) { - if (array_key_exists($module_id, $agent_modules)) { - $row['modules'][$module['name']] = modules_get_agentmodule_status($module_id); + if (array_key_exists($module_id, $agent_modules) === true) { + $row['modules'][$module['name']] = modules_get_agentmodule_status( + $module_id + ); break; } } @@ -361,12 +365,16 @@ class AgentModuleWidget extends Widget * Draw table Agent/Module. * * @param array $visualData Data for draw. + * @param array $allModules Data for th draw. * * @return string Html output. */ - private function generateViewAgentModule(array $visualData):string - { - $table_data = '
'; + private function generateViewAgentModule( + array $visualData, + array $allModules + ):string { + $style = 'display:flex; width:100%; height:100%; margin: 10px;'; + $table_data = '
'; $table_data .= ''; if (empty($visualData) === false) { @@ -374,20 +382,7 @@ class AgentModuleWidget extends Widget $array_names = []; - foreach ($visualData as $data) { - foreach ($data['modules'] as $module_name => $module) { - if ($module === null - || in_array($module_name, $array_names) - ) { - continue; - } else { - $array_names[] = $module_name; - } - } - } - - natcasesort($array_names); - foreach ($array_names as $module_name) { + foreach ($allModules as $module_name) { $file_name = ui_print_truncate_text( $module_name, 'module_small', @@ -444,14 +439,17 @@ class AgentModuleWidget extends Widget foreach ($row['modules'] as $module_name => $module) { if ($module === null) { - if (in_array($module_name, $array_names)) { - $table_data .= "'; } else { continue; } } else { - $table_data .= "
"; + if (in_array($module_name, $allModules) === true) { + $style = 'background-color: transparent;'; + $table_data .= ""; $table_data .= '"; + $style = 'text-align: center;'; + $style .= ' background-color: transparent;'; + $table_data .= ""; switch ($module) { case AGENT_STATUS_NORMAL: $table_data .= \ui_print_status_image( @@ -592,70 +590,49 @@ class AgentModuleWidget extends Widget return $output; } - if (isset($this->values['mAgents']) === true - && empty($this->values['mAgents']) === false - ) { - $sql = sprintf( - 'SELECT id_agente,nombre,alias - FROM tagente - WHERE id_agente IN (%s) - ORDER BY id_agente', - $this->values['mAgents'] - ); - $agents = db_get_all_rows_sql($sql); - if ($agents === false) { - $agents = []; + // Estract info all modules selected. + $target_modules = explode(',', $this->values['mModules']); + $all_modules = Module::search( + ['id_agente_modulo' => $target_modules] + ); + $reduceAllModules = array_reduce( + $all_modules, + function ($carry, $item) { + $carry[$item->name()] = null; + return $carry; } + ); - $modules = false; - if (isset($this->values['mModules']) === true - && empty($this->values['mModules']) === false - ) { - $sql = sprintf( - 'SELECT nombre - FROM tagente_modulo - WHERE id_agente_modulo IN (%s)', - $this->values['mModules'] + \ksort($reduceAllModules); + + $visualData = []; + // Estract info agents selected. + $target_agents = explode(',', $this->values['mAgents']); + foreach ($target_agents as $agent_id) { + try { + $agent = new Agent($agent_id); + $visualData[$agent_id]['agent_status'] = $agent->lastStatus(); + $visualData[$agent_id]['agent_name'] = $agent->name(); + $visualData[$agent_id]['agent_alias'] = $agent->alias(); + + $modules = $agent->searchModules( + ['id_agente_modulo' => $target_modules] ); - $arrayNames = db_get_all_rows_sql($sql); - $names = array_reduce( - $arrayNames, - function ($carry, $item) { - $carry[] = $item['nombre']; - return $carry; - } - ); - - $sql = sprintf( - 'SELECT id_agente_modulo,nombre - FROM tagente_modulo - WHERE id_agente IN (%s) - AND nombre IN ("%s") - AND delete_pending = 0 - ORDER BY nombre', - $this->values['mAgents'], - implode('","', $names) - ); - - $modules = index_array( - db_get_all_rows_sql($sql), - 'id_agente_modulo', - 'nombre' - ); + $visualData[$agent_id]['modules'] = $reduceAllModules; + foreach ($modules as $module) { + $visualData[$agent_id]['modules'][$module->name()] = $module->getStatus()->estado(); + } + } catch (Exception $e) { + echo 'Error: '.$e->getMessage(); } - - if ($modules === false) { - $modules = []; - } - } else { - $agents = []; - $modules = []; } - $visualData = $this->generateDataAgentModule($agents, $modules); - - $output = $this->generateViewAgentModule($visualData); + $allModules = array_keys($reduceAllModules); + $output = $this->generateViewAgentModule( + $visualData, + $allModules + ); return $output; } diff --git a/pandora_console/include/styles/dashboards.css b/pandora_console/include/styles/dashboards.css index bbbf993112..70c41dd643 100644 --- a/pandora_console/include/styles/dashboards.css +++ b/pandora_console/include/styles/dashboards.css @@ -407,6 +407,10 @@ table.group_modules_status_box tr td span a { text-align: center; } +table.widget_agent_module tbody tr td { + padding: 5px; +} + .container-center .widget-histogram-chart .flot-text .flot-x-axis div { white-space: nowrap; } From 266dc8ba4ab76babc1a01deda0292b9a825bc6dc Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Mon, 23 Nov 2020 16:38:06 +0100 Subject: [PATCH 017/117] fix public view link remove hash --- .../models/VisualConsole/Container.php | 21 +++++++++++++++++ .../operation/visual_console/public_view.php | 23 +++++++++++++++++++ .../operation/visual_console/view.php | 7 ++++++ 3 files changed, 51 insertions(+) diff --git a/pandora_console/include/rest-api/models/VisualConsole/Container.php b/pandora_console/include/rest-api/models/VisualConsole/Container.php index 16d72c9d95..04e2927893 100644 --- a/pandora_console/include/rest-api/models/VisualConsole/Container.php +++ b/pandora_console/include/rest-api/models/VisualConsole/Container.php @@ -88,6 +88,7 @@ final class Container extends Model 'height' => (int) $data['height'], 'backgroundURL' => static::extractBackgroundUrl($data), 'relationLineWidth' => (int) $data['relationLineWidth'], + 'hash' => static::extractHash($data), ]; } @@ -198,6 +199,22 @@ final class Container extends Model } + /** + * Extract a hash. + * + * @param array $data Unknown input data structure. + * + * @return mixed String representing hash (not empty) or null. + */ + private static function extractHash(array $data) + { + return static::notEmptyStringOr( + static::issetInArray($data, ['hash']), + null + ); + } + + /** * Extract a background color value. * @@ -279,6 +296,10 @@ final class Container extends Model ); } + $row['hash'] = md5( + $config['dbpass'].$row['id'].$config['id_user'] + ); + return \io_safe_output($row); } diff --git a/pandora_console/operation/visual_console/public_view.php b/pandora_console/operation/visual_console/public_view.php index 6cc9f817a1..f8b7c0eff9 100644 --- a/pandora_console/operation/visual_console/public_view.php +++ b/pandora_console/operation/visual_console/public_view.php @@ -177,6 +177,22 @@ $visualConsoleItems = VisualConsole::getItemsFromDB( var handleUpdate = function (prevProps, newProps) { if (!newProps) return; + //Remove spinner change VC. + document + .getElementById("visual-console-container") + .classList.remove("is-updating"); + + var div = document + .getElementById("visual-console-container") + .querySelector(".div-visual-console-spinner"); + + if (div !== null) { + var parent = div.parentElement; + if (parent !== null) { + parent.removeChild(div); + } + } + // Change the background color when the fullscreen mode is enabled. if (prevProps && prevProps.backgroundColor != newProps.backgroundColor @@ -200,17 +216,24 @@ $visualConsoleItems = VisualConsole::getItemsFromDB( var regex = /(id=|id_visual_console=|id_layout=|id_visualmap=)\d+(&?)/gi; var replacement = '$1' + newProps.id + '$2'; + var regex_hash = /(hash=)[^&]+(&?)/gi; + var replacement_hash = '$1' + newProps.hash + '$2'; // Tab links. var menuLinks = document.querySelectorAll("div#menu_tab a"); if (menuLinks !== null) { menuLinks.forEach(function (menuLink) { menuLink.href = menuLink.href.replace(regex, replacement); + menuLink.href = menuLink.href.replace( + regex_hash, + replacement_hash + ); }); } // Change the URL (if the browser has support). if ("history" in window) { var href = window.location.href.replace(regex, replacement); + href = href.replace(regex_hash, replacement_hash); window.history.replaceState({}, document.title, href); } } diff --git a/pandora_console/operation/visual_console/view.php b/pandora_console/operation/visual_console/view.php index 3b70215aa2..7f889509a0 100644 --- a/pandora_console/operation/visual_console/view.php +++ b/pandora_console/operation/visual_console/view.php @@ -470,11 +470,17 @@ ui_require_css_file('form'); var regex = /(id=|id_visual_console=|id_layout=|id_visualmap=)\d+(&?)/gi; var replacement = '$1' + newProps.id + '$2'; + var regex_hash = /(hash=)[^&]+(&?)/gi; + var replacement_hash = '$1' + newProps.hash + '$2'; // Tab links. var menuLinks = document.querySelectorAll("div#menu_tab a"); if (menuLinks !== null) { menuLinks.forEach(function (menuLink) { menuLink.href = menuLink.href.replace(regex, replacement); + menuLink.href = menuLink.href.replace( + regex_hash, + replacement_hash + ); }); } @@ -487,6 +493,7 @@ ui_require_css_file('form'); // Change the URL (if the browser has support). if ("history" in window) { var href = window.location.href.replace(regex, replacement); + href = href.replace(regex_hash, replacement_hash); window.history.replaceState({}, document.title, href); } } From a767b6c13374e729a1afd084e50acc7c15e22e48 Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Mon, 23 Nov 2020 20:16:11 +0100 Subject: [PATCH 018/117] Fixes in history db settings and improved pandora_db tool --- pandora_console/godmode/setup/performance.php | 7 +-- pandora_server/util/pandora_db.pl | 54 ++++++++++++++++--- 2 files changed, 51 insertions(+), 10 deletions(-) diff --git a/pandora_console/godmode/setup/performance.php b/pandora_console/godmode/setup/performance.php index 096defb664..bc79631697 100644 --- a/pandora_console/godmode/setup/performance.php +++ b/pandora_console/godmode/setup/performance.php @@ -64,7 +64,7 @@ if ($update_config == 1 && $config['history_db_enabled'] == 1) { $historical_string_purge = get_parameter('historical_string_purge', 0); $history_connect = @mysql_db_process_sql( - 'SELECT 1 FROM tconfig', + 'DESCRIBE tconfig', 'affected_rows', $config['history_db_connection'], false @@ -390,8 +390,8 @@ if ($config['history_db_enabled'] == 1) { $config_history = false; if ($config['history_db_connection']) { - $history_connect = @mysql_db_process_sql( - 'SELECT 1 FROM tconfig', + $history_connect = mysql_db_process_sql( + 'DESCRIBE tconfig', 'affected_rows', $config['history_db_connection'], false @@ -408,6 +408,7 @@ if ($config['history_db_enabled'] == 1) { if (isset($config_history_array) && is_array($config_history_array)) { foreach ($config_history_array as $key => $value) { $config_history[$value['token']] = $value['value']; + $config_history = true; } } } else { diff --git a/pandora_server/util/pandora_db.pl b/pandora_server/util/pandora_db.pl index 2c55dbf933..4cac97dd34 100755 --- a/pandora_server/util/pandora_db.pl +++ b/pandora_server/util/pandora_db.pl @@ -581,6 +581,28 @@ sub pandora_init_pdb ($) { help_screen () if ($conf->{'_pandora_path'} eq ''); } +######################################################################## +# Prepares conf read from historical database settings. +######################################################################## +sub pandoradb_load_history_conf($) { + my $dbh = shift; + + my @options = get_db_rows($dbh, 'SELECT * FROM `tconfig`'); + + my %options = map + { + '_' . $_->{'token'} => $_->{'value'} + } @options; + + $options{'_days_autodisable_deletion'} = 0 unless defined ($options{'_days_autodisable_deletion'}); + $options{'_num_past_special_days'} = 0 unless defined($options{'_num_past_special_days'}); + $options{'_delete_old_network_matrix'} = 0 unless defined($options{'_delete_old_network_matrix'}); + $options{'_delete_old_messages'} = 0 unless defined($options{'_delete_old_messages'}); + $options{'_netflow_max_lifetime'} = 0 unless defined($options{'_netflow_max_lifetime'}); + $options{'claim_back_snmp_modules'} = 0 unless defined($options{'claim_back_snmp_modules'}); + + return \%options; +} ######################################################################## # Read external configuration file. @@ -651,7 +673,7 @@ sub pandora_load_config_pdb ($) { $conf->{'_metaconsole_events_history'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'metaconsole_events_history'"); $conf->{'_netflow_max_lifetime'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'netflow_max_lifetime'"); $conf->{'_netflow_nfexpire'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'netflow_nfexpire'"); - $conf->{'_netflow_path'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'netflow_path'"); + $conf->{'_netflow_path'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'netflow_path'"); $conf->{'_delete_notinit'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'delete_notinit'"); $conf->{'_session_timeout'} = get_db_value ($dbh, "SELECT value FROM tconfig WHERE token = 'session_timeout'"); @@ -726,7 +748,7 @@ sub pandora_checkdb_consistency { # 1. Check for modules that do not have tagente_estado but have # tagente_module #------------------------------------------------------------------- - if (defined($conf->{'_delete_notinit'}) && $conf->{'_delete_notinit'} == 1) { + if (defined($conf->{'_delete_notinit'}) && $conf->{'_delete_notinit'} eq "1") { log_message ('CHECKDB', "Deleting not-init data."); my @modules = get_db_rows ($dbh, 'SELECT id_agente_modulo, id_agente @@ -956,7 +978,7 @@ sub pandora_delete_old_module_data { sub pandora_delete_old_export_data { my ($dbh, $ulimit_timestamp) = @_; - log_message ('PURGE', "Deleting old export data from tserver_export_data\n"); + log_message ('PURGE', "Deleting old export data from tserver_export_data"); while((my $rc = db_delete_limit ($dbh, 'tserver_export_data', 'UNIX_TIMESTAMP(timestamp) < ?', $SMALL_OPERATION_STEP, $ulimit_timestamp)) ne '0E0') { print "RC:$rc\n"; usleep (10000); @@ -982,7 +1004,7 @@ sub pandora_delete_old_session_data { $ulimit_timestamp = time() - $session_timeout; } - log_message ('PURGE', "Deleting old session data from tsessions_php\n"); + log_message ('PURGE', "Deleting old session data from tsessions_php"); while(db_delete_limit ($dbh, 'tsessions_php', 'last_active < ?', $SMALL_OPERATION_STEP, $ulimit_timestamp) ne '0E0') { usleep (10000); }; @@ -1076,8 +1098,9 @@ if ($conf{'_force'} == 0 && pandora_is_master(\%conf) == 0) { exit 1; } -# Get a lock -my $lock = db_get_lock ($dbh, 'pandora_db'); +# Get a lock on dbname. +my $lock_name = $conf{'dbname'}; +my $lock = db_get_lock ($dbh, $lock_name); if ($lock == 0 && $conf{'_force'} == 0) { log_message ('', " [*] Another instance of DB Tool seems to be running.\n\n"); exit 1; @@ -1086,9 +1109,26 @@ if ($lock == 0 && $conf{'_force'} == 0) { # Main pandoradb_main(\%conf, $dbh, $history_dbh); +# history_dbh is unset in pandoradb_main if not in use. +if (defined($history_dbh)) { + log_message('', " [>] DB Tool running on historical database.\n"); + my $h_conf = pandoradb_load_history_conf($history_dbh); + + # Keep base settings. + $h_conf->{'_onlypurge'} = $conf{'_onlypurge'}; + + # Re-launch maintenance process for historical database. + pandoradb_main( + $h_conf, + $history_dbh, + undef + ); + +} + # Release the lock if ($lock == 1) { - db_release_lock ($dbh, 'pandora_db'); + db_release_lock ($dbh, $lock_name); } # Cleanup and exit From 2428558a39a8d5d57829a971903403df3e319a01 Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Tue, 24 Nov 2020 10:59:42 +0100 Subject: [PATCH 019/117] fix bugs vc serialez module string donuts and bars charts --- .../rest-api/models/VisualConsole/Items/DonutGraph.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pandora_console/include/rest-api/models/VisualConsole/Items/DonutGraph.php b/pandora_console/include/rest-api/models/VisualConsole/Items/DonutGraph.php index 65f671d405..f73806967e 100644 --- a/pandora_console/include/rest-api/models/VisualConsole/Items/DonutGraph.php +++ b/pandora_console/include/rest-api/models/VisualConsole/Items/DonutGraph.php @@ -167,10 +167,12 @@ final class DonutGraph extends Item ); } else { $src = 'images/console/signes/wrong_donut_graph.png'; - if (\is_metaconsole() === true && $metaconsoleId !== null) { + if (\is_metaconsole() === true) { $src = '../../'.$src; } + $src = ui_get_full_url($src); + $style = 'width:'.$width.'px; height:'.$height.'px;'; $data['html'] = ''; } From 7931f171447572b2e8ddd5be9c6511fa87d0185f Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Tue, 24 Nov 2020 14:08:37 +0100 Subject: [PATCH 020/117] fixed selector --- pandora_console/godmode/massive/massive_edit_modules.php | 1 + 1 file changed, 1 insertion(+) diff --git a/pandora_console/godmode/massive/massive_edit_modules.php b/pandora_console/godmode/massive/massive_edit_modules.php index 1948ba4fa0..8bf6817310 100755 --- a/pandora_console/godmode/massive/massive_edit_modules.php +++ b/pandora_console/godmode/massive/massive_edit_modules.php @@ -1138,6 +1138,7 @@ $table->data['edit1'][1] = ''; ); $array_os = [ + '' => __('No change'), 'inherited' => __('Inherited'), 'linux' => __('Linux'), 'windows' => __('Windows'), From e2bdb4858a53970fda7c0b2b51433f93c0393af9 Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Tue, 24 Nov 2020 16:13:28 +0100 Subject: [PATCH 021/117] included not init modules in total count --- pandora_console/include/functions_reporting.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/include/functions_reporting.php b/pandora_console/include/functions_reporting.php index 479adc67c8..6ffdf374bd 100755 --- a/pandora_console/include/functions_reporting.php +++ b/pandora_console/include/functions_reporting.php @@ -10688,7 +10688,7 @@ function reporting_tiny_stats( if (isset($counts_info['total_count'])) { $not_init = isset($counts_info['notinit_count']) ? $counts_info['notinit_count'] : 0; - $total_count = ($counts_info['total_count'] - $not_init); + $total_count = $counts_info['total_count']; $stats[] = [ 'name' => 'total_count', 'count' => $total_count, From 2e950af548ac67ea40a73dc8d5f653af80e3eafd Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Wed, 25 Nov 2020 11:33:36 +0100 Subject: [PATCH 022/117] fix dashboard VC --- .../Dashboard/Widgets/maps_made_by_user.php | 41 ++++++++++--------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/pandora_console/include/lib/Dashboard/Widgets/maps_made_by_user.php b/pandora_console/include/lib/Dashboard/Widgets/maps_made_by_user.php index f480c45389..89fb8b6c6c 100644 --- a/pandora_console/include/lib/Dashboard/Widgets/maps_made_by_user.php +++ b/pandora_console/include/lib/Dashboard/Widgets/maps_made_by_user.php @@ -368,26 +368,27 @@ class MapsMadeByUser extends Widget // of the visual consoles. $output .= '