diff --git a/pandora_console/extras/delete_files/delete_files.txt b/pandora_console/extras/delete_files/delete_files.txt index 50d4b78c33..2af20efb7d 100644 --- a/pandora_console/extras/delete_files/delete_files.txt +++ b/pandora_console/extras/delete_files/delete_files.txt @@ -82,3 +82,11 @@ include/lib/WSManager.php include/lib/WebSocketServer.php include/lib/WebSocketUser.php operation/network/network_explorer.php +enterprise/meta/advanced/synchronizing.php +enterprise/meta/advanced/synchronizing.os.php +enterprise/meta/advanced/synchronizing.module_groups.php +enterprise/meta/advanced/synchronizing.component.php +enterprise/meta/advanced/synchronizing.alert.php +enterprise/meta/advanced/synchronizing.user.php +enterprise/meta/advanced/synchronizing.tag.php +enterprise/meta/advanced/synchronizing.group.php diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index f73302de03..3837ec46f3 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -344,25 +344,12 @@ function process_user_login_remote($login, $pass, $api=false) && (isset($config['ad_advanced_config']) && $config['ad_advanced_config']) ) { - if (defined('METACONSOLE')) { - enterprise_include_once('include/functions_metaconsole.php'); - enterprise_include_once('meta/include/functions_groups_meta.php'); - - $return = groups_meta_synchronizing(); - - if ($return['group_create_err'] > 0 || $return['group_update_err'] > 0) { - $config['auth_error'] = __('Fail the group synchronizing'); - return false; - } - - $return = meta_tags_synchronizing(); - if ($return['tag_create_err'] > 0 || $return['tag_update_err'] > 0) { - $config['auth_error'] = __('Fail the tag synchronizing'); - return false; - } + if (is_management_allowed() === false) { + $config['auth_error'] = __('Please, login into metaconsole first'); + return false; } - // Create the user + // Create the user. if (enterprise_hook( 'prepare_permissions_groups_of_user_ad', [ @@ -377,53 +364,47 @@ function process_user_login_remote($login, $pass, $api=false) ] ) === false ) { - $config['auth_error'] = __( - 'User not found in database - or incorrect password' - ); - + $config['auth_error'] = __('User not found in database or incorrect password'); return false; } } else if ($config['auth'] === 'ldap') { - if (defined('METACONSOLE')) { - enterprise_include_once('include/functions_metaconsole.php'); - enterprise_include_once('meta/include/functions_groups_meta.php'); - - $return = groups_meta_synchronizing(); - - if ($return['group_create_err'] > 0 || $return['group_update_err'] > 0) { - $config['auth_error'] = __('Fail the group synchronizing'); - return false; - } - - $return = meta_tags_synchronizing(); - if ($return['tag_create_err'] > 0 || $return['tag_update_err'] > 0) { - $config['auth_error'] = __('Fail the tag synchronizing'); - return false; - } + if (is_management_allowed() === false) { + $config['auth_error'] = __('Please, login into metaconsole first'); + return false; } $permissions = fill_permissions_ldap($sr); - if (empty($permissions)) { + if (empty($permissions) === true) { $config['auth_error'] = __('User not found in database or incorrect password'); return false; } else { $user_info['fullname'] = $sr['cn'][0]; $user_info['email'] = $sr['mail'][0]; - // Create the user - $create_user = create_user_and_permisions_ldap($login, $pass, $user_info, $permissions, defined('METACONSOLE')); + // Create the user. + $create_user = create_user_and_permisions_ldap( + $login, + $pass, + $user_info, + $permissions, + is_metaconsole() + ); } } else { $user_info = [ 'fullname' => $login, 'comments' => 'Imported from '.$config['auth'], ]; - if (is_metaconsole() && $config['auth'] === 'ad') { + if (is_metaconsole() === true && $config['auth'] === 'ad') { $user_info['metaconsole_access_node'] = $config['ad_adv_user_node']; } - // Create the user in the local database + if (is_management_allowed() === false) { + $config['auth_error'] = __('Please, login into metaconsole first'); + return false; + } + + // Create the user in the local database. if (create_user($login, $pass, $user_info) === false) { $config['auth_error'] = __('User not found in database or incorrect password'); return false; @@ -436,61 +417,6 @@ function process_user_login_remote($login, $pass, $api=false) false, $config['default_assign_tags'] ); - // TODO: Check the creation in the nodes - if (is_metaconsole()) { - enterprise_include_once('include/functions_metaconsole.php'); - enterprise_include_once('meta/include/functions_groups_meta.php'); - - $return = groups_meta_synchronizing(); - - if ($return['group_create_err'] > 0 || $return['group_update_err'] > 0) { - $config['auth_error'] = __('Fail the group synchronizing'); - return false; - } - - $return = meta_tags_synchronizing(); - if ($return['tag_create_err'] > 0 || $return['tag_update_err'] > 0) { - $config['auth_error'] = __('Fail the tag synchronizing'); - return false; - } - - $servers = metaconsole_get_servers(); - foreach ($servers as $server) { - $perfil_maestro = db_get_row( - 'tperfil', - 'id_perfil', - $config['default_remote_profile'] - ); - - if (metaconsole_connect($server) == NOERR) { - if (!profile_exist($perfil_maestro['name'])) { - unset($perfil_maestro['id_perfil']); - $id_profile = db_process_sql_insert('tperfil', $perfil_maestro); - } else { - $id_profile = db_get_value('id_perfil', 'tperfil', 'name', $perfil_maestro['name']); - } - - if ($config['auth'] === 'ad') { - unset($user_info['metaconsole_access_node']); - $user_info['not_login'] = (int) !$config['ad_adv_user_node']; - } - - if (create_user($login, $pass, $user_info) === false) { - continue; - } - - profile_create_user_profile( - $login, - $id_profile, - $config['default_remote_group'], - false, - $config['default_assign_tags'] - ); - } - - metaconsole_restore_db(); - } - } } return $login; diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 1cefb28b37..13bb5fdc44 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -2129,6 +2129,14 @@ function api_set_create_os($thrash1, $thrash2, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $values = []; $values['name'] = $other['data'][0]; @@ -2161,6 +2169,14 @@ function api_set_update_os($id_os, $thrash2, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $values = []; $values['name'] = $other['data'][0]; $values['description'] = $other['data'][1]; @@ -5157,7 +5173,7 @@ function api_set_update_snmp_module($id_module, $thrash1, $other, $thrash3) function api_set_new_network_component($id, $thrash1, $other, $thrash2) { global $config; - if (defined('METACONSOLE')) { + if (is_metaconsole() === true) { return; } @@ -5166,6 +5182,14 @@ function api_set_new_network_component($id, $thrash1, $other, $thrash2) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($id == '') { returnError('The network component could not be created. Network component name cannot be left blank.'); return; @@ -5251,7 +5275,7 @@ function api_set_new_plugin_component($id, $thrash1, $other, $thrash2) { global $config; - if (defined('METACONSOLE')) { + if (is_metaconsole() === true) { return; } @@ -5260,6 +5284,14 @@ function api_set_new_plugin_component($id, $thrash1, $other, $thrash2) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($id == '') { returnError( 'The plugin component could not be created. Plugin component name cannot be left blank.' @@ -5523,7 +5555,15 @@ function api_set_new_local_component($id, $thrash1, $other, $thrash2) { global $config; - if (defined('METACONSOLE')) { + if (is_metaconsole() === true) { + return; + } + + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); return; } @@ -5691,7 +5731,15 @@ function api_set_create_alert_template($name, $thrash1, $other, $thrash3) { global $config; - if (defined('METACONSOLE')) { + if (is_metaconsole() === true) { + return; + } + + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); return; } @@ -5826,7 +5874,15 @@ function api_set_update_alert_template($id_template, $thrash1, $other, $thrash3) { global $config; - if (defined('METACONSOLE')) { + if (is_metaconsole() === true) { + return; + } + + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); return; } @@ -5970,7 +6026,15 @@ function api_set_delete_alert_template($id_template, $thrash1, $other, $thrash3) { global $config; - if (defined('METACONSOLE')) { + if (is_metaconsole() === true) { + return; + } + + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); return; } @@ -7160,6 +7224,14 @@ function api_set_tag($id, $thrash1, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $values = []; $values['name'] = $id; $values['description'] = $other['data'][0]; @@ -7409,8 +7481,6 @@ function api_set_planned_downtimes_deleted($id, $thrash1, $thrash2, $returnType) * * @param $thrash3 Don't use. */ - - function api_set_planned_downtimes_created($id, $thrash1, $other, $thrash3) { global $config; @@ -7565,6 +7635,14 @@ function api_set_update_data_module_policy($id, $thrash1, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($id == '') { returnError( 'The data module could not be updated in policy. Id_policy cannot be left blank.' @@ -7677,6 +7755,14 @@ function api_set_add_network_module_policy($id, $thrash1, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($id == '') { returnError( 'The network module could not be added to policy. Id_policy cannot be left blank.' @@ -7792,6 +7878,14 @@ function api_set_update_network_module_policy($id, $thrash1, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($id == '') { returnError( 'The network module could not be updated in policy. Id_policy cannot be left blank.' @@ -7891,6 +7985,14 @@ function api_set_add_plugin_module_policy($id, $thrash1, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($id == '') { returnError('The plugin module could not be added. Id_policy cannot be left blank.'); return; @@ -7999,6 +8101,14 @@ function api_set_update_plugin_module_policy($id, $thrash1, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($id == '') { returnError( 'The plugin module could not be updated in policy. Id_policy cannot be left blank.' @@ -8287,6 +8397,14 @@ function api_set_add_snmp_module_policy($id, $thrash1, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($id == '') { returnError('The SNMP module could not be added to policy. Id_policy cannot be left blank.'); return; @@ -8446,6 +8564,14 @@ function api_set_update_snmp_module_policy($id, $thrash1, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($id == '') { returnError('The SNMP module could not be updated in policy. Id_policy cannot be left blank.'); return; @@ -8603,6 +8729,14 @@ function api_set_remove_agent_from_policy_by_id($id, $thrash1, $other, $thrash2) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($other['data'][0] == '' || !$other['data'][0]) { returnError('The agent could not be deleted from policy. Agent cannot be left blank.'); return; @@ -8636,6 +8770,14 @@ function api_set_remove_agent_from_policy_by_name($id, $thrash1, $other, $thrash return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($other['data'][0] == '' || !$other['data'][0]) { returnError('The agent could not be deleted from policy. Agent name cannot be left blank.'); return; @@ -8672,6 +8814,14 @@ function api_set_create_group($id, $thrash1, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $group_name = $id; if (!check_acl($config['id_user'], 0, 'PM')) { @@ -8787,6 +8937,14 @@ function api_set_update_group($id_group, $thrash2, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if (db_get_value('id_grupo', 'tgrupo', 'id_grupo', $id_group) === false) { returnError('There is no group with the ID provided'); return; @@ -8856,6 +9014,14 @@ function api_set_delete_group($id_group, $thrash2, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $group = db_get_row_filter('tgrupo', ['id_grupo' => $id_group]); if (!$group) { returnError('The group could not be deleted. ID does not exist.'); @@ -9173,6 +9339,14 @@ function api_set_new_user($id, $thrash2, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $values = []; $values['fullname'] = $other['data'][0]; $values['firstname'] = $other['data'][1]; @@ -9223,6 +9397,14 @@ function api_set_update_user($id, $thrash2, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $fields_user = [ 'fullname', 'firstname', @@ -9302,8 +9484,6 @@ function api_set_update_user($id, $thrash2, $other, $thrash3) * * @param $thrash3 Don't use. */ - - function api_set_enable_disable_user($id, $thrash2, $other, $thrash3) { global $config; @@ -9317,6 +9497,14 @@ function api_set_enable_disable_user($id, $thrash2, $other, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($id == '') { returnError( 'Failed switching enable/disable user. Id_user cannot be left blank.' @@ -9577,6 +9765,14 @@ function api_set_new_alert_template($id, $id2, $other, $trash1) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($other['type'] == 'string') { returnError('Parameter error.'); return; @@ -9992,6 +10188,14 @@ function api_set_alert_actions($id, $id2, $other, $trash1) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($other['type'] == 'string') { returnError('Parameter error.'); return; @@ -10140,6 +10344,14 @@ function api_set_new_module_group($id, $thrash2, $other, $trash1) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if (!check_acl($config['id_user'], 0, 'PM')) { returnError('forbidden', 'string'); return; @@ -10168,55 +10380,6 @@ function api_set_new_module_group($id, $thrash2, $other, $trash1) } -/** - * synchronize module group - * - * @param $other as server_names (mandatory) - example: - - * api.php?op=set&op2=module_group_synch&other=server_name1|server_name2|server_name3&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora - */ - - -function api_set_module_group_synch($thrash1, $thrash2, $other, $thrash4) -{ - global $config; - enterprise_include_once('meta/include/functions_meta.php'); - - if (is_metaconsole()) { - if (!check_acl($config['id_user'], 0, 'PM')) { - returnError('forbidden', 'string'); - return; - } - - $targets = []; - foreach ($other['data'] as $server) { - $targets[] = $server; - } - - $return = meta_module_group_synchronizing($targets, true); - - $module_group_update_err = $return['module_group_update_err']; - $module_group_create_err = $return['module_group_create_err']; - $module_group_update_ok = $return['module_group_update_ok']; - $module_group_create_ok = $return['module_group_create_ok']; - - $string_ok = __('Created/Updated %s/%s module groups', $module_group_create_ok, $module_group_update_ok); - - // User feedback - if ($module_group_create_err > 0 or $module_group_update_err > 0) { - returnError(sprintf('The module groups %s/%s could not be created/updated
', $module_group_create_err, $module_group_update_err)); - } - - if ($module_group_create_ok > 0 or $module_group_update_ok > 0) { - returnData('string', ['type' => 'string', 'data' => $string_ok]); - } - } else { - returnError('This function is for metaconsole only'); - } -} - - /** * Create a new alert command * @@ -10255,6 +10418,14 @@ function api_set_alert_commands($id, $thrash2, $other, $trash1) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $name = db_get_value('id', 'talert_commands', 'name', $id); $group = db_get_value('id_grupo', 'tgrupo', 'id_grupo', $id_group); @@ -11527,6 +11698,14 @@ function api_set_delete_user($id, $thrash1, $thrash2, $thrash3) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if (!delete_user($id)) { returnError('The user could not be deleted'); } else { @@ -11562,6 +11741,14 @@ function api_set_add_user_profile($id, $thrash1, $other, $thrash2) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $group = (int) $other['data'][0]; $profile = $other['data'][1]; @@ -11615,6 +11802,14 @@ function api_set_delete_user_profile($id, $thrash1, $other, $thrash2) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $group = $other['data'][0]; $profile = $other['data'][1]; @@ -11722,6 +11917,14 @@ function api_set_create_user_profile_info($thrash1, $thrash2, $other, $returnTyp return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $values = [ 'name' => (string) $other['data'][0], 'agent_view' => (bool) $other['data'][1] ? 1 : 0, @@ -11775,6 +11978,14 @@ function api_set_update_user_profile_info($id_profile, $thrash1, $other, $return return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $profile = db_get_row('tperfil', 'id_perfil', $id_profile); if ($profile === false) { returnError('id_not_found', 'string'); @@ -11834,6 +12045,14 @@ function api_set_delete_user_profile_info($id_profile, $thrash1, $thrash2, $retu return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $profile = db_get_value('id_perfil', 'tperfil', 'id_perfil', $id_profile); if ($profile === false) { returnError('id_not_found', 'string'); @@ -11859,8 +12078,6 @@ function api_set_delete_user_profile_info($id_profile, $thrash1, $thrash2, $retu * @param $thrash4 Don't use. * // http://localhost/pandora_console/include/api.php?op=set&op2=enable_module&id=garfio&id2=Status */ - - function api_set_disable_module($agent_name, $module_name, $other, $thrash4) { if (defined('METACONSOLE')) { @@ -12723,6 +12940,14 @@ function api_set_create_tag($id, $trash1, $other, $returnType) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $data = []; if ($other['type'] == 'string') { @@ -15930,9 +16155,6 @@ function api_get_user_info($thrash1, $thrash2, $other, $returnType) If you mark 1 you will avoid the access to the non-administrators users, returning the response `denied' and registering that expulsion in the audit of pandora fms. */ - - - function api_set_access_process($thrash1, $thrash2, $other, $returnType) { if (defined('METACONSOLE')) { @@ -16591,6 +16813,14 @@ function api_set_delete_user_permission($thrash1, $thrash2, $other, $returnType) return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + if ($other['data'][0] != '') { $values = [ 'id_up' => io_safe_output($other['data'][0]), @@ -16644,6 +16874,14 @@ function api_set_add_permission_user_to_group($thrash1, $thrash2, $other, $retur return; } + $headers = getallheaders(); + if (isset($headers['idk']) === false + && is_management_allowed($headers['idk']) === false + ) { + returnError('centralized'); + return; + } + $sql = 'SELECT id_up FROM tusuario_perfil WHERE id_up = '.$other['data'][4].'';