Updated api checker extension

This commit is contained in:
José González 2022-06-27 18:06:51 +02:00
parent 8d05accb7b
commit cdf5485aee
1 changed files with 98 additions and 30 deletions

View File

@ -1,43 +1,101 @@
<?php <?php
/**
* Pandora FMS API Checker Extension.
*
* @category API
* @package Pandora FMS
* @subpackage Extensions
* @version 1.0.0
* @license See below
*
* ______ ___ _______ _______ ________
* | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
* |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
*
* ============================================================================
* Copyright (c) 2005-2022 Artica Soluciones Tecnologicas
* Please see http://pandorafms.org for full contribution list
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation for version 2.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* ============================================================================
*/
// Pandora FMS - http://pandorafms.com // Begin.
// ==================================================
// Copyright (c) 2005-2021 Artica Soluciones Tecnologicas
// Please see http://pandorafms.org for full contribution list /**
// This program is free software; you can redistribute it and/or * Api Execution.
// modify it under the terms of the GNU General Public License *
// as published by the Free Software Foundation; version 2 * @param string $url Url.
// This program is distributed in the hope that it will be useful, * @param string $ip Ip.
// but WITHOUT ANY WARRANTY; without even the implied warranty of * @param string $pandora_url Pandora_url.
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * @param string $apipass Apipass.
// GNU General Public License for more details. * @param string $user User.
function api_execute($url, $ip, $pandora_url, $apipass, $user, $password, $op, $op2, $id, $id2, $return_type, $other, $other_mode) * @param string $password Password.
{ * @param string $op Op.
if (empty($url)) { * @param string $op2 Op2.
* @param string $id Id.
* @param string $id2 Id2.
* @param string $return_type Return_type.
* @param string $other Other.
* @param string $other_mode Other_mode.
* @param string $token Token.
*
* @return array.
*/
function api_execute(
string $url,
string $ip,
string $pandora_url,
string $apipass,
string $user,
string $password,
string $op,
string $op2,
string $id='',
string $id2='',
string $return_type='',
string $other='',
string $other_mode='',
string $token=''
) {
if (empty($url) === true) {
$url = 'http://'.$ip.$pandora_url.'/include/api.php'; $url = 'http://'.$ip.$pandora_url.'/include/api.php';
$url .= '?'; $url .= '?';
$url .= 'apipass='.$apipass;
$url .= '&user='.$user;
$url .= '&pass='.$password;
$url .= '&op='.$op; $url .= '&op='.$op;
$url .= '&op2='.$op2; $url .= '&op2='.$op2;
if ($id !== '') {
if (empty($id) === false) {
$url .= '&id='.$id; $url .= '&id='.$id;
} }
if ($id2 !== '') { if (empty($id2) === false) {
$url .= '&id2='.$id2; $url .= '&id2='.$id2;
} }
if ($return_type !== '') { if (empty($return_type) === false) {
$url .= '&return_type='.$return_type; $url .= '&return_type='.$return_type;
} }
if ($other !== '') { if (empty($other) === false) {
$url .= '&other_mode='.$other_mode; $url .= '&other_mode='.$other_mode;
$url .= '&other='.$other; $url .= '&other='.$other;
} }
// If token is reported, have priority.
if (empty($token) === false) {
$url .= 'token='.$token;
} else {
$url .= 'apipass='.$apipass;
$url .= '&user='.$user;
$url .= '&pass='.$password;
}
} }
$curlObj = curl_init(); $curlObj = curl_init();
@ -46,22 +104,25 @@ function api_execute($url, $ip, $pandora_url, $apipass, $user, $password, $op, $
$result = curl_exec($curlObj); $result = curl_exec($curlObj);
curl_close($curlObj); curl_close($curlObj);
$return = [ return [
'url' => $url, 'url' => $url,
'result' => $result, 'result' => $result,
]; ];
return $return;
} }
/**
* Perform API Checker
*
* @return void.
*/
function extension_api_checker() function extension_api_checker()
{ {
global $config; global $config;
check_login(); check_login();
if (! check_acl($config['id_user'], 0, 'PM')) { if ((bool) check_acl($config['id_user'], 0, 'PM') === false) {
db_pandora_audit( db_pandora_audit(
AUDIT_LOG_ACL_VIOLATION, AUDIT_LOG_ACL_VIOLATION,
'Trying to access Profile Management' 'Trying to access Profile Management'
@ -85,11 +146,12 @@ function extension_api_checker()
$return_type = io_safe_output(get_parameter('return_type', '')); $return_type = io_safe_output(get_parameter('return_type', ''));
$other = io_safe_output(get_parameter('other', '')); $other = io_safe_output(get_parameter('other', ''));
$other_mode = io_safe_output(get_parameter('other_mode', 'url_encode_separator_|')); $other_mode = io_safe_output(get_parameter('other_mode', 'url_encode_separator_|'));
$token = get_parameter('token');
$api_execute = get_parameter('api_execute', 0); $api_execute = (bool) get_parameter('api_execute', false);
$return_call_api = ''; $return_call_api = '';
if ($api_execute) { if ($api_execute === true) {
$return_call_api = api_execute( $return_call_api = api_execute(
$url, $url,
$ip, $ip,
@ -103,7 +165,8 @@ function extension_api_checker()
urlencode($id2), urlencode($id2),
$return_type, $return_type,
urlencode($other), urlencode($other),
$other_mode $other_mode,
$token
); );
} }
@ -182,6 +245,11 @@ function extension_api_checker()
$row[] = html_print_input_text('other_mode', $other_mode, '', 50, 255, true); $row[] = html_print_input_text('other_mode', $other_mode, '', 50, 255, true);
$table2->data[] = $row; $table2->data[] = $row;
$row = [];
$row[] = __('API Token');
$row[] = html_print_input_text('token', $token, '', 50, 255, true);
$table2->data[] = $row;
$table3 = new stdClass(); $table3 = new stdClass();
$table3->data = []; $table3->data = [];
@ -214,7 +282,7 @@ function extension_api_checker()
echo '</div>'; echo '</div>';
echo '</form>'; echo '</form>';
if ($api_execute) { if ($api_execute === true) {
echo '<fieldset>'; echo '<fieldset>';
echo '<legend>'.__('Result').'</legend>'; echo '<legend>'.__('Result').'</legend>';
echo __('URL').'<br />'; echo __('URL').'<br />';