tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-31 01:35:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

proper logout (api)

Browse Source
This commit is contained in:
fbsanchez 2019-10-22 20:48:45 +02:00
parent ccfd944ad7
commit 9edb77d288
1 changed files with 141 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

196
pandora_console/include/api.php
View File

@ -1,15 +1,32 @@
<?php <?php
// Pandora FMS- http://pandorafms.com /**
// ================================================== * Pandora FMS integration API.
// Copyright (c) 2005-2011 Artica Soluciones Tecnologicas *
// Please see http://pandorafms.org for full contribution list * @category API
// This program is free software; you can redistribute it and/or * @package Pandora FMS
// modify it under the terms of the GNU Lesser General Public License * @subpackage Console
// as published by the Free Software Foundation; version 2 * @version 1.0.0
// This program is distributed in the hope that it will be useful, * @license See below
// but WITHOUT ANY WARRANTY; without even the implied warranty of *
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * ______ ___ _______ _______ ________
// GNU General Public License for more details. * | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
* |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
*
* ============================================================================
* Copyright (c) 2005-2019 Artica Soluciones Tecnologicas
* Please see http://pandorafms.org for full contribution list
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation for version 2.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* ============================================================================
*/
// Begin.
require_once 'config.php'; require_once 'config.php';
require_once 'functions_api.php'; require_once 'functions_api.php';
@ -18,7 +35,7 @@ global $config;
define('DEBUG', 0); define('DEBUG', 0);
define('VERBOSE', 0); define('VERBOSE', 0);
// TESTING THE UPDATE MANAGER // TESTING THE UPDATE MANAGER.
enterprise_include_once('include/functions_enterprise_api.php'); enterprise_include_once('include/functions_enterprise_api.php');
$ipOrigin = $_SERVER['REMOTE_ADDR']; $ipOrigin = $_SERVER['REMOTE_ADDR'];
@ -41,7 +58,13 @@ $info = get_parameter('info', '');
$other = parseOtherParameter($otherSerialize, $otherMode); $other = parseOtherParameter($otherSerialize, $otherMode);
$other = parseOtherParameter($otherSerialize, $otherMode); $other = parseOtherParameter($otherSerialize, $otherMode);
$apiPassword = io_output_password(db_get_value_filter('value', 'tconfig', ['token' => 'api_password'])); $apiPassword = io_output_password(
db_get_value_filter(
'value',
'tconfig',
['token' => 'api_password']
)
);
$correctLogin = false; $correctLogin = false;
$no_login_msg = ''; $no_login_msg = '';
@ -52,7 +75,7 @@ ob_clean();
// READ THIS: // READ THIS:
// Special call without checks to retrieve version and build of the Pandora FMS // Special call without checks to retrieve version and build of the Pandora FMS
// This info is avalable from the web console without login // This info is avalable from the web console without login
// Don't change the format, it is parsed by applications // Don't change the format, it is parsed by applications.
if ($info == 'version') { if ($info == 'version') {
if (!$config['MR']) { if (!$config['MR']) {
$config['MR'] = 0; $config['MR'] = 0;
@ -73,6 +96,7 @@ if (isInACL($ipOrigin)) {
if (session_status() === PHP_SESSION_NONE) { if (session_status() === PHP_SESSION_NONE) {
session_start(); session_start();
$_SESSION = [];
} }
$_SESSION['id_usuario'] = $user; $_SESSION['id_usuario'] = $user;
@ -86,7 +110,7 @@ if (isInACL($ipOrigin)) {
$no_login_msg = 'Incorrect given API password'; $no_login_msg = 'Incorrect given API password';
} }
} else { } else {
$no_login_msg = "IP $ipOrigin is not in ACL list"; $no_login_msg = 'IP '.$ipOrigin.' is not in ACL list';
} }
if ($correctLogin) { if ($correctLogin) {
@ -95,11 +119,14 @@ if ($correctLogin) {
} else { } else {
$function_name = ''; $function_name = '';
// Check if is an extension function and get the function name // Check if is an extension function and get the function name.
if ($op2 == 'extension') { if ($op2 == 'extension') {
$extension_api_url = $config['homedir'].'/'.EXTENSIONS_DIR."/$ext_name/$ext_name.api.php"; $extension_api_url = $config['homedir'].'/'.EXTENSIONS_DIR.'/'.$ext_name.'/'.$ext_name.'.api.php';
// The extension API file must exist and the extension must be enabled // The extension API file must exist and the extension must be
if (file_exists($extension_api_url) && !in_array($ext_name, extensions_get_disabled_extensions())) { // enabled.
if (file_exists($extension_api_url)
&& !in_array($ext_name, extensions_get_disabled_extensions())
) {
include_once $extension_api_url; include_once $extension_api_url;
$function_name = 'apiextension_'.$op.'_'.$ext_function; $function_name = 'apiextension_'.$op.'_'.$ext_function;
} }
@ -109,16 +136,19 @@ if ($correctLogin) {
if ($op == 'set' && $id) { if ($op == 'set' && $id) {
switch ($op2) { switch ($op2) {
case 'update_agent': case 'update_agent':
case 'add_module_in_conf': case 'add_module_in_conf':
case 'update_module_in_conf': case 'update_module_in_conf':
case 'delete_module_in_conf': case 'delete_module_in_conf':
$agent = agents_locate_agent($id);
$id_os = db_get_value_sql('select id_os from tagente where id_agente = '.$id); if ($agent !== false) {
$id_os = $agent['id_os'];
if ($id_os == 100) { if ($id_os == 100) {
returnError('not_allowed_operation_cluster', $returnType); returnError(
return false; 'not_allowed_operation_cluster',
$returnType
);
return false;
}
} }
break; break;
@ -129,12 +159,16 @@ if ($correctLogin) {
case 'create_snmp_module': case 'create_snmp_module':
case 'delete_module': case 'delete_module':
case 'delete_agent': case 'delete_agent':
$agent = agents_locate_agent($id);
$id_os = db_get_value_sql('select id_os from tagente where nombre = "'.$id.'"'); if ($agent !== false) {
$id_os = $agent['id_os'];
if ($id_os == 100) { if ($id_os == 100) {
returnError('not_allowed_operation_cluster', $returnType); returnError(
return false; 'not_allowed_operation_cluster',
$returnType
);
return false;
}
} }
break; break;
@ -143,60 +177,98 @@ if ($correctLogin) {
case 'update_data_module': case 'update_data_module':
case 'update_snmp_module': case 'update_snmp_module':
$id_os = db_get_value_sql('select id_os from tagente where id_agente = (select id_agente from tagente_modulo where id_agente_modulo ='.$id.')'); $id_os = db_get_value_sql(
sprintf(
'SELECT id_os
FROM tagente
WHERE id_agente = (
SELECT id_agente
FROM tagente_modulo
WHERE id_agente_modulo = %d
)',
$id
)
);
if ($id_os == 100) { if ($id_os == 100) {
returnError('not_allowed_operation_cluster', $returnType); returnError(
'not_allowed_operation_cluster',
$returnType
);
return false; return false;
} }
break; break;
case 'delete_user_permission': case 'delete_user_permission':
if ($user_db === '') { if ($user_db === '') {
returnError(__('User or group not specified'), __('User, group not specified')); returnError(
__('User or group not specified'),
__('User, group not specified')
);
return; return;
} }
$id_os = api_set_delete_user_profiles($thrash1, $thrash2, $other, $returnType); $id_os = api_set_delete_user_profiles(
$thrash1,
$thrash2,
$other,
$returnType
);
if ($id_os != 100) { if ($id_os != 100) {
return; return;
} }
if ($id_os == false) { if ($id_os == false) {
returnError('not_allowed_operation_cluster', $returnType); returnError(
'not_allowed_operation_cluster',
$returnType
);
return false; return false;
} }
break; break;
case 'add_permission_user_to_group': case 'add_permission_user_to_group':
if ($user_db == null
if ($user_db == null || $group_db == null || $id_up == null) { || $group_db == null
returnError(__('User, group or profile not specified'), __('User, group or profile status not specified')); || $id_up == null
) {
returnError(
__('User, group or profile not specified'),
__('User, group or profile status not specified')
);
return; return;
} }
$id_os = api_set_add_permission_user_to_group($thrash1, $thrash2, $other, $returnType); $id_os = api_set_add_permission_user_to_group(
$thrash1,
$thrash2,
$other,
$returnType
);
if ($id_os != 100) { if ($id_os != 100) {
return; return;
} }
if ($id_os == false) { if ($id_os == false) {
returnError('not_allowed_operation_cluster', $returnType); returnError(
'not_allowed_operation_cluster',
$returnType
);
return false; return false;
} }
break; break;
default: default:
// Ignore.
// break; break;
} }
} }
} }
// Check if the function exists // Check if the function exists.
if (function_exists($function_name)) { if (function_exists($function_name)) {
if (!DEBUG) { if (!DEBUG) {
error_reporting(0); error_reporting(0);
@ -207,23 +279,37 @@ if ($correctLogin) {
ini_set('display_errors', 1); ini_set('display_errors', 1);
} }
call_user_func($function_name, $id, $id2, $other, $returnType, $user_in_db); call_user_func(
$function_name,
$id,
$id2,
$other,
$returnType,
$user_in_db
);
} else { } else {
returnError('no_exist_operation', $returnType); returnError('no_exist_operation', $returnType);
} }
} }
} else { } else {
// TODO: Implement a new switch in config to enable / disable /*
// ACL auth failure: if enabled and have lots of traffic can produce millions * //TODO: Implement a new switch in config to enable / disable
// of records and a considerable OVERHEAD in the system :( * ACL auth failure: if enabled and have lots of traffic can produce
// db_pandora_audit("API access Failed", $no_login_msg, $user, $ipOrigin); * millions of records and a considerable OVERHEAD in the system :(
* db_pandora_audit("API access Failed", $no_login_msg, $user, $ipOrigin);
*/
sleep(15); sleep(15);
// Protection on DoS attacks // Protection on DoS attacks.
echo 'auth error'; echo 'auth error';
} }
// Logout. // Logout.
session_destroy(); if (session_status() === PHP_SESSION_ACTIVE) {
header_remove('Set-Cookie'); $_SESSION = [];
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/'); // Could give a warning if no session file is created. Ignore.
@session_destroy();
header_remove('Set-Cookie');
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
}