tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove synch old and check api

This commit is contained in:
Daniel Barbero Martin 2021-05-19 17:08:13 +02:00
parent 3eba993c5c
commit 8c0a9859a8
3 changed files with 334 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pandora_console/extras/delete_files/delete_files.txt
View File

@ -82,3 +82,11 @@ include/lib/WSManager.php
include/lib/WebSocketServer.php
include/lib/WebSocketUser.php
operation/network/network_explorer.php
enterprise/meta/advanced/synchronizing.php
enterprise/meta/advanced/synchronizing.os.php
enterprise/meta/advanced/synchronizing.module_groups.php
enterprise/meta/advanced/synchronizing.component.php
enterprise/meta/advanced/synchronizing.alert.php
enterprise/meta/advanced/synchronizing.user.php
enterprise/meta/advanced/synchronizing.tag.php
enterprise/meta/advanced/synchronizing.group.php

122
pandora_console/include/auth/mysql.php
View File

@ -344,25 +344,12 @@ function process_user_login_remote($login, $pass, $api=false)
&& (isset($config['ad_advanced_config'])
&& $config['ad_advanced_config'])
) {
if (defined('METACONSOLE')) {
enterprise_include_once('include/functions_metaconsole.php');
enterprise_include_once('meta/include/functions_groups_meta.php');
$return = groups_meta_synchronizing();
if ($return['group_create_err'] > 0 || $return['group_update_err'] > 0) {
$config['auth_error'] = __('Fail the group synchronizing');
return false;
}
$return = meta_tags_synchronizing();
if ($return['tag_create_err'] > 0 || $return['tag_update_err'] > 0) {
$config['auth_error'] = __('Fail the tag synchronizing');
return false;
}
if (is_management_allowed() === false) {
$config['auth_error'] = __('Please, login into metaconsole first');
return false;
}
// Create the user
// Create the user.
if (enterprise_hook(
'prepare_permissions_groups_of_user_ad',
[
@ -377,53 +364,47 @@ function process_user_login_remote($login, $pass, $api=false)
]
) === false
) {
$config['auth_error'] = __(
'User not found in database
or incorrect password'
);
$config['auth_error'] = __('User not found in database or incorrect password');
return false;
}
} else if ($config['auth'] === 'ldap') {
if (defined('METACONSOLE')) {
enterprise_include_once('include/functions_metaconsole.php');
enterprise_include_once('meta/include/functions_groups_meta.php');
$return = groups_meta_synchronizing();
if ($return['group_create_err'] > 0 || $return['group_update_err'] > 0) {
$config['auth_error'] = __('Fail the group synchronizing');
return false;
}
$return = meta_tags_synchronizing();
if ($return['tag_create_err'] > 0 || $return['tag_update_err'] > 0) {
$config['auth_error'] = __('Fail the tag synchronizing');
return false;
}
if (is_management_allowed() === false) {
$config['auth_error'] = __('Please, login into metaconsole first');
return false;
}
$permissions = fill_permissions_ldap($sr);
if (empty($permissions)) {
if (empty($permissions) === true) {
$config['auth_error'] = __('User not found in database or incorrect password');
return false;
} else {
$user_info['fullname'] = $sr['cn'][0];
$user_info['email'] = $sr['mail'][0];
// Create the user
$create_user = create_user_and_permisions_ldap($login, $pass, $user_info, $permissions, defined('METACONSOLE'));
// Create the user.
$create_user = create_user_and_permisions_ldap(
$login,
$pass,
$user_info,
$permissions,
is_metaconsole()
);
}
} else {
$user_info = [
'fullname' => $login,
'comments' => 'Imported from '.$config['auth'],
];
if (is_metaconsole() && $config['auth'] === 'ad') {
if (is_metaconsole() === true && $config['auth'] === 'ad') {
$user_info['metaconsole_access_node'] = $config['ad_adv_user_node'];
}
// Create the user in the local database
if (is_management_allowed() === false) {
$config['auth_error'] = __('Please, login into metaconsole first');
return false;
}
// Create the user in the local database.
if (create_user($login, $pass, $user_info) === false) {
$config['auth_error'] = __('User not found in database or incorrect password');
return false;
@ -436,61 +417,6 @@ function process_user_login_remote($login, $pass, $api=false)
false,
$config['default_assign_tags']
);
// TODO: Check the creation in the nodes
if (is_metaconsole()) {
enterprise_include_once('include/functions_metaconsole.php');
enterprise_include_once('meta/include/functions_groups_meta.php');
$return = groups_meta_synchronizing();
if ($return['group_create_err'] > 0 || $return['group_update_err'] > 0) {
$config['auth_error'] = __('Fail the group synchronizing');
return false;
}
$return = meta_tags_synchronizing();
if ($return['tag_create_err'] > 0 || $return['tag_update_err'] > 0) {
$config['auth_error'] = __('Fail the tag synchronizing');
return false;
}
$servers = metaconsole_get_servers();
foreach ($servers as $server) {
$perfil_maestro = db_get_row(
'tperfil',
'id_perfil',
$config['default_remote_profile']
);
if (metaconsole_connect($server) == NOERR) {
if (!profile_exist($perfil_maestro['name'])) {
unset($perfil_maestro['id_perfil']);
$id_profile = db_process_sql_insert('tperfil', $perfil_maestro);
} else {
$id_profile = db_get_value('id_perfil', 'tperfil', 'name', $perfil_maestro['name']);
}
if ($config['auth'] === 'ad') {
unset($user_info['metaconsole_access_node']);
$user_info['not_login'] = (int) !$config['ad_adv_user_node'];
}
if (create_user($login, $pass, $user_info) === false) {
continue;
}
profile_create_user_profile(
$login,
$id_profile,
$config['default_remote_group'],
false,
$config['default_assign_tags']
);
}
metaconsole_restore_db();
}
}
}
return $login;

366
pandora_console/include/functions_api.php
View File

@ -2129,6 +2129,14 @@ function api_set_create_os($thrash1, $thrash2, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$values = [];
$values['name'] = $other['data'][0];
@ -2161,6 +2169,14 @@ function api_set_update_os($id_os, $thrash2, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$values = [];
$values['name'] = $other['data'][0];
$values['description'] = $other['data'][1];
@ -5157,7 +5173,7 @@ function api_set_update_snmp_module($id_module, $thrash1, $other, $thrash3)
function api_set_new_network_component($id, $thrash1, $other, $thrash2)
{
global $config;
if (defined('METACONSOLE')) {
if (is_metaconsole() === true) {
return;
}
@ -5166,6 +5182,14 @@ function api_set_new_network_component($id, $thrash1, $other, $thrash2)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($id == '') {
returnError('The network component could not be created. Network component name cannot be left blank.');
return;
@ -5251,7 +5275,7 @@ function api_set_new_plugin_component($id, $thrash1, $other, $thrash2)
{
global $config;
if (defined('METACONSOLE')) {
if (is_metaconsole() === true) {
return;
}
@ -5260,6 +5284,14 @@ function api_set_new_plugin_component($id, $thrash1, $other, $thrash2)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($id == '') {
returnError(
'The plugin component could not be created. Plugin component name cannot be left blank.'
@ -5523,7 +5555,15 @@ function api_set_new_local_component($id, $thrash1, $other, $thrash2)
{
global $config;
if (defined('METACONSOLE')) {
if (is_metaconsole() === true) {
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
@ -5691,7 +5731,15 @@ function api_set_create_alert_template($name, $thrash1, $other, $thrash3)
{
global $config;
if (defined('METACONSOLE')) {
if (is_metaconsole() === true) {
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
@ -5826,7 +5874,15 @@ function api_set_update_alert_template($id_template, $thrash1, $other, $thrash3)
{
global $config;
if (defined('METACONSOLE')) {
if (is_metaconsole() === true) {
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
@ -5970,7 +6026,15 @@ function api_set_delete_alert_template($id_template, $thrash1, $other, $thrash3)
{
global $config;
if (defined('METACONSOLE')) {
if (is_metaconsole() === true) {
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
@ -7160,6 +7224,14 @@ function api_set_tag($id, $thrash1, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$values = [];
$values['name'] = $id;
$values['description'] = $other['data'][0];
@ -7409,8 +7481,6 @@ function api_set_planned_downtimes_deleted($id, $thrash1, $thrash2, $returnType)
* <type_periodicity>
* @param $thrash3 Don't use.
*/
function api_set_planned_downtimes_created($id, $thrash1, $other, $thrash3)
{
global $config;
@ -7565,6 +7635,14 @@ function api_set_update_data_module_policy($id, $thrash1, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($id == '') {
returnError(
'The data module could not be updated in policy. Id_policy cannot be left blank.'
@ -7677,6 +7755,14 @@ function api_set_add_network_module_policy($id, $thrash1, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($id == '') {
returnError(
'The network module could not be added to policy. Id_policy cannot be left blank.'
@ -7792,6 +7878,14 @@ function api_set_update_network_module_policy($id, $thrash1, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($id == '') {
returnError(
'The network module could not be updated in policy. Id_policy cannot be left blank.'
@ -7891,6 +7985,14 @@ function api_set_add_plugin_module_policy($id, $thrash1, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($id == '') {
returnError('The plugin module could not be added. Id_policy cannot be left blank.');
return;
@ -7999,6 +8101,14 @@ function api_set_update_plugin_module_policy($id, $thrash1, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($id == '') {
returnError(
'The plugin module could not be updated in policy. Id_policy cannot be left blank.'
@ -8287,6 +8397,14 @@ function api_set_add_snmp_module_policy($id, $thrash1, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($id == '') {
returnError('The SNMP module could not be added to policy. Id_policy cannot be left blank.');
return;
@ -8446,6 +8564,14 @@ function api_set_update_snmp_module_policy($id, $thrash1, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($id == '') {
returnError('The SNMP module could not be updated in policy. Id_policy cannot be left blank.');
return;
@ -8603,6 +8729,14 @@ function api_set_remove_agent_from_policy_by_id($id, $thrash1, $other, $thrash2)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($other['data'][0] == '' || !$other['data'][0]) {
returnError('The agent could not be deleted from policy. Agent cannot be left blank.');
return;
@ -8636,6 +8770,14 @@ function api_set_remove_agent_from_policy_by_name($id, $thrash1, $other, $thrash
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($other['data'][0] == '' || !$other['data'][0]) {
returnError('The agent could not be deleted from policy. Agent name cannot be left blank.');
return;
@ -8672,6 +8814,14 @@ function api_set_create_group($id, $thrash1, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$group_name = $id;
if (!check_acl($config['id_user'], 0, 'PM')) {
@ -8787,6 +8937,14 @@ function api_set_update_group($id_group, $thrash2, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if (db_get_value('id_grupo', 'tgrupo', 'id_grupo', $id_group) === false) {
returnError('There is no group with the ID provided');
return;
@ -8856,6 +9014,14 @@ function api_set_delete_group($id_group, $thrash2, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$group = db_get_row_filter('tgrupo', ['id_grupo' => $id_group]);
if (!$group) {
returnError('The group could not be deleted. ID does not exist.');
@ -9173,6 +9339,14 @@ function api_set_new_user($id, $thrash2, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$values = [];
$values['fullname'] = $other['data'][0];
$values['firstname'] = $other['data'][1];
@ -9223,6 +9397,14 @@ function api_set_update_user($id, $thrash2, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$fields_user = [
'fullname',
'firstname',
@ -9302,8 +9484,6 @@ function api_set_update_user($id, $thrash2, $other, $thrash3)
*
* @param $thrash3 Don't use.
*/
function api_set_enable_disable_user($id, $thrash2, $other, $thrash3)
{
global $config;
@ -9317,6 +9497,14 @@ function api_set_enable_disable_user($id, $thrash2, $other, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($id == '') {
returnError(
'Failed switching enable/disable user. Id_user cannot be left blank.'
@ -9577,6 +9765,14 @@ function api_set_new_alert_template($id, $id2, $other, $trash1)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($other['type'] == 'string') {
returnError('Parameter error.');
return;
@ -9992,6 +10188,14 @@ function api_set_alert_actions($id, $id2, $other, $trash1)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($other['type'] == 'string') {
returnError('Parameter error.');
return;
@ -10140,6 +10344,14 @@ function api_set_new_module_group($id, $thrash2, $other, $trash1)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if (!check_acl($config['id_user'], 0, 'PM')) {
returnError('forbidden', 'string');
return;
@ -10168,55 +10380,6 @@ function api_set_new_module_group($id, $thrash2, $other, $trash1)
}
/**
* synchronize module group
*
* @param $other as server_names (mandatory)
example:
* api.php?op=set&op2=module_group_synch&other=server_name1|server_name2|server_name3&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora
*/
function api_set_module_group_synch($thrash1, $thrash2, $other, $thrash4)
{
global $config;
enterprise_include_once('meta/include/functions_meta.php');
if (is_metaconsole()) {
if (!check_acl($config['id_user'], 0, 'PM')) {
returnError('forbidden', 'string');
return;
}
$targets = [];
foreach ($other['data'] as $server) {
$targets[] = $server;
}
$return = meta_module_group_synchronizing($targets, true);
$module_group_update_err = $return['module_group_update_err'];
$module_group_create_err = $return['module_group_create_err'];
$module_group_update_ok = $return['module_group_update_ok'];
$module_group_create_ok = $return['module_group_create_ok'];
$string_ok = __('Created/Updated %s/%s module groups', $module_group_create_ok, $module_group_update_ok);
// User feedback
if ($module_group_create_err > 0 or $module_group_update_err > 0) {
returnError(sprintf('The module groups %s/%s could not be created/updated <br>', $module_group_create_err, $module_group_update_err));
}
if ($module_group_create_ok > 0 or $module_group_update_ok > 0) {
returnData('string', ['type' => 'string', 'data' => $string_ok]);
}
} else {
returnError('This function is for metaconsole only');
}
}
/**
* Create a new alert command
*
@ -10255,6 +10418,14 @@ function api_set_alert_commands($id, $thrash2, $other, $trash1)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$name = db_get_value('id', 'talert_commands', 'name', $id);
$group = db_get_value('id_grupo', 'tgrupo', 'id_grupo', $id_group);
@ -11527,6 +11698,14 @@ function api_set_delete_user($id, $thrash1, $thrash2, $thrash3)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if (!delete_user($id)) {
returnError('The user could not be deleted');
} else {
@ -11562,6 +11741,14 @@ function api_set_add_user_profile($id, $thrash1, $other, $thrash2)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$group = (int) $other['data'][0];
$profile = $other['data'][1];
@ -11615,6 +11802,14 @@ function api_set_delete_user_profile($id, $thrash1, $other, $thrash2)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$group = $other['data'][0];
$profile = $other['data'][1];
@ -11722,6 +11917,14 @@ function api_set_create_user_profile_info($thrash1, $thrash2, $other, $returnTyp
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$values = [
'name' => (string) $other['data'][0],
'agent_view' => (bool) $other['data'][1] ? 1 : 0,
@ -11775,6 +11978,14 @@ function api_set_update_user_profile_info($id_profile, $thrash1, $other, $return
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$profile = db_get_row('tperfil', 'id_perfil', $id_profile);
if ($profile === false) {
returnError('id_not_found', 'string');
@ -11834,6 +12045,14 @@ function api_set_delete_user_profile_info($id_profile, $thrash1, $thrash2, $retu
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$profile = db_get_value('id_perfil', 'tperfil', 'id_perfil', $id_profile);
if ($profile === false) {
returnError('id_not_found', 'string');
@ -11859,8 +12078,6 @@ function api_set_delete_user_profile_info($id_profile, $thrash1, $thrash2, $retu
* @param $thrash4 Don't use.
* // http://localhost/pandora_console/include/api.php?op=set&op2=enable_module&id=garfio&id2=Status
*/
function api_set_disable_module($agent_name, $module_name, $other, $thrash4)
{
if (defined('METACONSOLE')) {
@ -12723,6 +12940,14 @@ function api_set_create_tag($id, $trash1, $other, $returnType)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$data = [];
if ($other['type'] == 'string') {
@ -15930,9 +16155,6 @@ function api_get_user_info($thrash1, $thrash2, $other, $returnType)
If you mark 1 you will avoid the access to the non-administrators users, returning the response `denied' and registering that expulsion in the audit of pandora fms.
*/
function api_set_access_process($thrash1, $thrash2, $other, $returnType)
{
if (defined('METACONSOLE')) {
@ -16591,6 +16813,14 @@ function api_set_delete_user_permission($thrash1, $thrash2, $other, $returnType)
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
if ($other['data'][0] != '') {
$values = [
'id_up' => io_safe_output($other['data'][0]),
@ -16644,6 +16874,14 @@ function api_set_add_permission_user_to_group($thrash1, $thrash2, $other, $retur
return;
}
$headers = getallheaders();
if (isset($headers['idk']) === false
&& is_management_allowed($headers['idk']) === false
) {
returnError('centralized');
return;
}
$sql = 'SELECT id_up
FROM tusuario_perfil
WHERE id_up = '.$other['data'][4].'';