From 8309408c19d5d0eb4f1de9e50dc466de3745197c Mon Sep 17 00:00:00 2001
From: zarzuelo <zarzuelo@gmail.com>
Date: Mon, 28 Nov 2011 16:37:08 +0000
Subject: [PATCH] 2011-11-28  Sergio Martin <sergio.martin@artica.es>

	* include/functions_api.php
	include/help/en/help_ip_api_list.php
	include/help/es/help_ip_api_list.php
	godmode/setup/setup.php: Improved the IP ACL Access
	list to allow substrings for bug 3438385



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5187 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                     |  8 +++++++
 pandora_console/godmode/setup/setup.php       |  3 +--
 pandora_console/include/functions_api.php     | 24 +++++++++++++++----
 .../include/help/en/help_ip_api_list.php      | 15 ++++++++++++
 .../include/help/es/help_ip_api_list.php      | 15 ++++++++++++
 5 files changed, 58 insertions(+), 7 deletions(-)
 create mode 100644 pandora_console/include/help/en/help_ip_api_list.php
 create mode 100644 pandora_console/include/help/es/help_ip_api_list.php

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index f1f6519a47..03ecd772aa 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,11 @@
+2011-11-28  Sergio Martin <sergio.martin@artica.es>
+
+	* include/functions_api.php
+	include/help/en/help_ip_api_list.php
+	include/help/es/help_ip_api_list.php
+	godmode/setup/setup.php: Improved the IP ACL Access 
+	list to allow substrings for bug 3438385
+
 2011-11-28 Juan Manuel Ramon <juanmanuel.ramon@artica.es>
 
 	* operation/events/events_list.php: Fixed bad cast from alphanumeric
diff --git a/pandora_console/godmode/setup/setup.php b/pandora_console/godmode/setup/setup.php
index f0e5e7081a..ff38062e37 100644
--- a/pandora_console/godmode/setup/setup.php
+++ b/pandora_console/godmode/setup/setup.php
@@ -100,8 +100,7 @@ $table->data[11][1] .= __('No').'&nbsp;'.html_print_radio_button ('https', 0, ''
 $table->data[14][0] = __('Attachment store') . ui_print_help_tip (__("Directory where temporary data is stored."), true);
 $table->data[14][1] = html_print_input_text ('attachment_store', $config["attachment_store"], '', 50, 255, true);
 
-$table->data[15][0] = __('IP list with API access') . 
-	ui_print_help_tip (__("The list of IPs separate with carriage return."), true);
+$table->data[15][0] = __('IP list with API access') . ui_print_help_icon ("ip_api_list", true);
 $list_ACL_IPs_for_API = get_parameter('list_ACL_IPs_for_API', implode("\n", $config['list_ACL_IPs_for_API']));
 $table->data[15][1] = html_print_textarea('list_ACL_IPs_for_API', 2, 25, $list_ACL_IPs_for_API, 'style="height: 50px; width: 300px"', true);
 
diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php
index 20ac4abd7e..66bfcce54d 100644
--- a/pandora_console/include/functions_api.php
+++ b/pandora_console/include/functions_api.php
@@ -145,14 +145,28 @@ function array_apply_io_safe_output($item) {
  */
 function isInACL($ip) {
 	global $config;
-	//If set * in the list ACL return true 
-	if(in_array('*', $config['list_ACL_IPs_for_API']))
-		return true;
 	
 	if (in_array($ip, $config['list_ACL_IPs_for_API']))
 		return true;
-	else
-		return false;
+	
+	// If the IP is not in the list, we check one by one, all the wildcard registers
+	foreach($config['list_ACL_IPs_for_API'] as $acl_ip) {
+		if(preg_match('/\*$/', $acl_ip)) {
+			// Remove the final wildcard
+			$acl_ip = substr($acl_ip,0,strlen($acl_ip)-1);
+			
+			// Scape for protection
+			$acl_ip = str_replace('*','\*',$acl_ip);
+			$acl_ip = str_replace('.','\.',$acl_ip);
+			
+			// If the string match with the beginning of the IP give it access
+			if(preg_match('/^'.$acl_ip.'/', $ip)) {
+				return true;
+			}
+		}
+	}
+	
+	return false;
 }
 
 //-------------------------DEFINED OPERATIONS FUNCTIONS-------------------------
diff --git a/pandora_console/include/help/en/help_ip_api_list.php b/pandora_console/include/help/en/help_ip_api_list.php
new file mode 100644
index 0000000000..550f1819a1
--- /dev/null
+++ b/pandora_console/include/help/en/help_ip_api_list.php
@@ -0,0 +1,15 @@
+<?php
+/**
+ * @package Include/help/en
+ */
+?>
+<h1>IP list with API access</h1>
+
+<p>
+Individual access: The list of IPs separate with carriage return.<br>
+Advanced access: Use "*" as wilcard.<br><br>
+
+Examples: <br>
+"192.168.20.*" will allows access to all the subnet 192.168.20.0/24<br>
+"*" will allows access to all the possible IP's
+</p>
diff --git a/pandora_console/include/help/es/help_ip_api_list.php b/pandora_console/include/help/es/help_ip_api_list.php
new file mode 100644
index 0000000000..3aa4e16003
--- /dev/null
+++ b/pandora_console/include/help/es/help_ip_api_list.php
@@ -0,0 +1,15 @@
+<?php
+/**
+ * @package Include/help/es
+ */
+?>
+<h1>Lista de IPs con acceso al API</h1>
+
+<p>
+Acceso individual: La lista de IPs separadas por retorno de carro.<br>
+Acceso avanzado: Utilizar "*" como comodín.<br><br>
+
+Ejemplos: <br>
+"192.168.20.*" permitirá el acceso a toda la subred 192.168.20.0/24<br>
+"*" permitirá el acceso a todas las IP's
+</p>