tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

discovery ACL

This commit is contained in:
fbsanchez 2019-10-09 15:45:02 +02:00 committed by Alejandro Fraguas
parent be2148ff26
commit d09c071684
7 changed files with 215 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
pandora_console/godmode/menu.php
View File

@ -21,27 +21,42 @@ require_once 'include/functions_menu.php';
$menu_godmode = [];
$menu_godmode['class'] = 'godmode';
if (check_acl($config['id_user'], 0, 'PM')) {
if (check_acl($config['id_user'], 0, 'AR')
|| check_acl($config['id_user'], 0, 'AW')
|| check_acl($config['id_user'], 0, 'RR')
|| check_acl($config['id_user'], 0, 'RW')
|| check_acl($config['id_user'], 0, 'PM')
) {
$sub = [];
$sub['godmode/servers/discovery&wiz=main']['text'] = __('Main');
$sub['godmode/servers/discovery&wiz=main']['id'] = 'Discovery';
$sub['godmode/servers/discovery&wiz=tasklist']['text'] = __('Task list');
$sub['godmode/servers/discovery&wiz=tasklist']['id'] = 'tasklist';
$sub2 = [];
$sub2['godmode/servers/discovery&wiz=hd&mode=netscan']['text'] = __('Network scan');
enterprise_hook('hostdevices_submenu');
$sub2['godmode/servers/discovery&wiz=hd&mode=customnetscan']['text'] = __('Custom network scan');
$sub2['godmode/servers/discovery&wiz=hd&mode=managenetscanscripts']['text'] = __('Manage scan scripts');
$sub['godmode/servers/discovery&wiz=hd']['text'] = __('Host & devices');
$sub['godmode/servers/discovery&wiz=hd']['id'] = 'hd';
$sub['godmode/servers/discovery&wiz=hd']['sub2'] = $sub2;
if (check_acl($config['id_user'], 0, 'AW')
|| check_acl($config['id_user'], 0, 'PM')
) {
if (check_acl($config['id_user'], 0, 'AW')) {
$sub2 = [];
$sub2['godmode/servers/discovery&wiz=hd&mode=netscan']['text'] = __('Network scan');
enterprise_hook('hostdevices_submenu');
$sub2['godmode/servers/discovery&wiz=hd&mode=customnetscan']['text'] = __('Custom network scan');
}
enterprise_hook('applications_menu');
enterprise_hook('cloud_menu');
enterprise_hook('console_task_menu');
if (check_acl($config['id_user'], 0, 'PM')) {
$sub2['godmode/servers/discovery&wiz=hd&mode=managenetscanscripts']['text'] = __('Manage scan scripts');
}
$sub['godmode/servers/discovery&wiz=hd']['text'] = __('Host & devices');
$sub['godmode/servers/discovery&wiz=hd']['id'] = 'hd';
$sub['godmode/servers/discovery&wiz=hd']['sub2'] = $sub2;
}
if (check_acl($config['id_user'], 0, 'AW')) {
enterprise_hook('applications_menu');
enterprise_hook('cloud_menu');
enterprise_hook('console_task_menu');
}
// Add to menu.
$menu_godmode['discovery']['text'] = __('Discovery');
@ -92,7 +107,7 @@ if (!empty($sub)) {
}
$sub = [];
if (check_acl($config['id_user'], 0, 'AW')) {
if (check_acl($config['id_user'], 0, 'PM')) {
$sub['godmode/groups/group_list']['text'] = __('Manage agents groups');
$sub['godmode/groups/group_list']['id'] = 'Manage agents groups';
}

20
pandora_console/godmode/servers/discovery.php
View File

@ -4,7 +4,14 @@ global $config;
check_login();
if (! check_acl($config['id_user'], 0, 'AW')) {
if (! check_acl($config['id_user'], 0, 'AR')
&& ! check_acl($config['id_user'], 0, 'AW')
&& ! check_acl($config['id_user'], 0, 'AM')
&& ! check_acl($config['id_user'], 0, 'RR')
&& ! check_acl($config['id_user'], 0, 'RW')
&& ! check_acl($config['id_user'], 0, 'RM')
&& ! check_acl($config['id_user'], 0, 'PM')
) {
db_pandora_audit(
'ACL Violation',
'Trying to access Server Management'
@ -134,11 +141,18 @@ if ($classname_selected === null) {
$classname = basename($classpath, '.class.php');
$obj = new $classname();
$button = $obj->load();
if ($button === false) {
// No acess, skip.
continue;
}
// DiscoveryTaskList must be first button.
if ($classname == 'DiscoveryTaskList') {
array_unshift($wiz_data, $obj->load());
array_unshift($wiz_data, $button);
} else {
$wiz_data[] = $obj->load();
$wiz_data[] = $button;
}
}

72
pandora_console/godmode/wizards/DiscoveryTaskList.class.php
View File

@ -200,7 +200,7 @@ class DiscoveryTaskList extends Wizard
{
global $config;
if (! check_acl($config['id_user'], 0, 'PM')) {
if (! check_acl($config['id_user'], 0, 'AW')) {
db_pandora_audit(
'ACL Violation',
'Trying to access recon task viewer'
@ -241,7 +241,7 @@ class DiscoveryTaskList extends Wizard
{
global $config;
if (! check_acl($config['id_user'], 0, 'PM')) {
if (!$this->aclMulticheck('RR|RW|RM|PM')) {
db_pandora_audit(
'ACL Violation',
'Trying to access recon task viewer'
@ -270,7 +270,7 @@ class DiscoveryTaskList extends Wizard
{
global $config;
if (! check_acl($config['id_user'], 0, 'PM')) {
if (! check_acl($config['id_user'], 0, 'RM')) {
db_pandora_audit(
'ACL Violation',
'Trying to access recon task viewer'
@ -313,13 +313,9 @@ class DiscoveryTaskList extends Wizard
check_login();
if (! check_acl($config['id_user'], 0, 'PM')) {
db_pandora_audit(
'ACL Violation',
'Trying to access recon task viewer'
);
include 'general/noaccess.php';
return false;
if (!$this->aclMulticheck('AR|AW|AM')) {
// Tasklist are allowed only of agent managers.
return '';
}
// Get all discovery servers.
@ -341,7 +337,7 @@ class DiscoveryTaskList extends Wizard
// --------------------------------
// FORCE A RECON TASK
// --------------------------------
if (check_acl($config['id_user'], 0, 'PM')) {
if (check_acl($config['id_user'], 0, 'AW')) {
if (isset($_GET['force'])) {
$id = (int) get_parameter_get('force', 0);
servers_force_recon_task($id);
@ -387,8 +383,10 @@ class DiscoveryTaskList extends Wizard
// Operations.
$table->headstyle[9] .= 'min-width: 150px; width: 150px;';
$table->head[0] = __('Force');
$table->align[0] = 'left';
if (check_acl($config['id_user'], 0, 'AW')) {
$table->head[0] = __('Force');
$table->align[0] = 'left';
}
$table->head[1] = __('Task name');
$table->align[1] = 'left';
@ -455,11 +453,13 @@ class DiscoveryTaskList extends Wizard
}
if ($task['disabled'] == 0 && $server_name !== '') {
$data[0] = '<a href="'.ui_get_full_url(
'index.php?sec=gservers&sec2=godmode/servers/discovery&wiz=tasklist&server_id='.$id_server.'&force='.$task['id_rt']
).'">';
$data[0] .= html_print_image('images/target.png', true, ['title' => __('Force')]);
$data[0] .= '</a>';
if (check_acl($config['id_user'], 0, 'AW')) {
$data[0] = '<a href="'.ui_get_full_url(
'index.php?sec=gservers&sec2=godmode/servers/discovery&wiz=tasklist&server_id='.$id_server.'&force='.$task['id_rt']
).'">';
$data[0] .= html_print_image('images/target.png', true, ['title' => __('Force')]);
$data[0] .= '</a>';
}
} else if ($task['disabled'] == 2) {
$data[0] = ui_print_help_tip(
__('This task has not been completely defined, please edit it'),
@ -622,18 +622,20 @@ class DiscoveryTaskList extends Wizard
&& $task['type'] != DISCOVERY_APP_ORACLE
&& $task['type'] != DISCOVERY_CLOUD_AWS_RDS
) {
$data[9] .= '<a href="#" onclick="show_map('.$task['id_rt'].',\''.$task['name'].'\')">';
$data[9] .= html_print_image(
'images/dynamic_network_icon.png',
true
);
$data[9] .= '</a>';
if (check_acl($config['id_user'], 0, 'MR')) {
$data[9] .= '<a href="#" onclick="show_map('.$task['id_rt'].',\''.$task['name'].'\')">';
$data[9] .= html_print_image(
'images/dynamic_network_icon.png',
true
);
$data[9] .= '</a>';
}
}
if (check_acl(
$config['id_user'],
$task['id_group'],
'PM'
'AW'
)
) {
if ($ipam === true) {
@ -733,6 +735,16 @@ class DiscoveryTaskList extends Wizard
{
if ($script !== false) {
switch ($script['type']) {
case DISCOVERY_SCRIPT_APP_VMWARE:
return 'wiz=app&mode=vmware&page=0';
case DISCOVERY_SCRIPT_IPAM_RECON:
return '';
case DISCOVERY_SCRIPT_IPMI_RECON:
default:
return 'wiz=hd&mode=customnetscan';
case DISCOVERY_SCRIPT_CLOUD_AWS:
switch ($task['type']) {
case DISCOVERY_CLOUD_AWS_EC2:
@ -744,16 +756,6 @@ class DiscoveryTaskList extends Wizard
default:
return 'wiz=cloud';
}
case DISCOVERY_SCRIPT_APP_VMWARE:
return 'wiz=app&mode=vmware&page=0';
case DISCOVERY_SCRIPT_IPAM_RECON:
return '';
case DISCOVERY_SCRIPT_IPMI_RECON:
default:
return 'wiz=hd&mode=customnetscan';
}
}

94
pandora_console/godmode/wizards/HostDevices.class.php
View File

@ -87,6 +87,7 @@ class HostDevices extends Wizard
) {
$this->setBreadcrum([]);
$this->access = 'AW';
$this->task = [];
$this->msg = $msg;
$this->icon = $icon;
@ -100,6 +101,32 @@ class HostDevices extends Wizard
}
/**
* Checks if environment is ready,
* returns array
* icon: icon to be displayed
* label: label to be displayed
*
* @return array With data.
**/
public function load()
{
global $config;
// Check access.
check_login();
if (! $this->aclMulticheck('AW|PM')) {
return false;
}
return [
'icon' => $this->icon,
'label' => $this->label,
'url' => $this->url,
];
}
/**
* Run wizard manager.
*
@ -116,37 +143,42 @@ class HostDevices extends Wizard
if ($mode === null) {
$buttons = [];
$buttons[] = [
'url' => $this->url.'&mode=netscan',
'icon' => 'images/wizard/netscan.png',
'label' => __('Net Scan'),
];
if (enterprise_installed()) {
if (check_acl($config['id_user'], 0, $this->access)) {
$buttons[] = [
'url' => $this->url.'&mode=importcsv',
'icon' => ENTERPRISE_DIR.'/images/wizard/csv.png',
'label' => __('Import CSV'),
'url' => $this->url.'&mode=netscan',
'icon' => 'images/wizard/netscan.png',
'label' => __('Net Scan'),
];
if (enterprise_installed()) {
$buttons[] = [
'url' => $this->url.'&mode=importcsv',
'icon' => ENTERPRISE_DIR.'/images/wizard/csv.png',
'label' => __('Import CSV'),
];
$buttons[] = [
'url' => $this->url.'&mode=deploy',
'icon' => ENTERPRISE_DIR.'/images/wizard/deployment.png',
'label' => __('Agent deployment'),
];
}
$buttons[] = [
'url' => $this->url.'&mode=deploy',
'icon' => ENTERPRISE_DIR.'/images/wizard/deployment.png',
'label' => __('Agent deployment'),
'url' => $this->url.'&mode=customnetscan',
'icon' => '/images/wizard/customnetscan.png',
'label' => __('Custom NetScan'),
];
}
$buttons[] = [
'url' => $this->url.'&mode=customnetscan',
'icon' => '/images/wizard/customnetscan.png',
'label' => __('Custom NetScan'),
];
$buttons[] = [
'url' => $this->url.'&mode=managenetscanscripts',
'icon' => '/images/wizard/managenetscanscripts.png',
'label' => __('Manage NetScan scripts'),
];
if (check_acl($config['id_user'], 0, 'PM')) {
$buttons[] = [
'url' => $this->url.'&mode=managenetscanscripts',
'icon' => '/images/wizard/managenetscanscripts.png',
'label' => __('Manage NetScan scripts'),
];
}
$this->prepareBreadcrum(
[
@ -311,11 +343,11 @@ class HostDevices extends Wizard
) {
// Default values, no data received.
// User is accesing directly to this page.
if (users_is_admin() !== true && check_acl(
if (check_acl(
$config['id_usuario'],
$this->task['id_group'],
'PM'
) !== true
$this->access
) != true
) {
$this->msg = __('You have no access to edit this task.');
return false;
@ -487,7 +519,7 @@ class HostDevices extends Wizard
check_login();
if (! check_acl($config['id_user'], 0, 'PM')) {
if (! check_acl($config['id_user'], 0, $this->access)) {
db_pandora_audit(
'ACL Violation',
'Trying to access Agent Management'
@ -529,11 +561,11 @@ class HostDevices extends Wizard
// Check ACL. If user is not able to manage target task,
// redirect him to main page.
if (users_is_admin() !== true && check_acl(
if (check_acl(
$config['id_usuario'],
$this->task['id_group'],
'PM'
) !== true
$this->access
) != true
) {
$form['form']['action'] = $this->url.'&mode=netscan&page='.($this->page - 1);
}
@ -750,7 +782,7 @@ class HostDevices extends Wizard
[
'name' => 'id_group',
'returnAllGroup' => false,
'privilege' => 'PM',
'privilege' => $this->access,
'type' => 'select_groups',
'selected' => $this->task['id_group'],
'return' => true,

51
pandora_console/godmode/wizards/Wizard.main.php
View File

@ -87,6 +87,13 @@ class Wizard
*/
public $msg;
/**
* Defines access level to use this util.
*
* @var string
*/
public $access = 'AR';
/**
* Setter for breadcrum
@ -234,6 +241,42 @@ class Wizard
public function run()
{
ui_require_css_file('wizard');
// Check access.
check_login();
if (! $this->aclMulticheck()) {
return;
}
}
/**
* Check multiple acl perms.
*
* @param string $access Access in PM|AR|RR format. Optional.
*
* @return boolean Alowed or not.
*/
public function aclMulticheck($access=null)
{
global $config;
if (isset($access)) {
$perms = explode('|', $access);
} else {
$perms = explode('|', $this->access);
}
$allowed = false;
foreach ($perms as $perm) {
$allowed = $allowed || (bool) check_acl(
$config['id_user'],
0,
$perm
);
}
return $allowed;
}
@ -247,6 +290,14 @@ class Wizard
**/
public function load()
{
global $config;
// Check access.
check_login();
if (! $this->aclMulticheck()) {
return false;
}
return [
'icon' => $this->icon,
'label' => $this->label,

24
pandora_console/include/class/CustomNetScan.class.php
View File

@ -65,6 +65,8 @@ class CustomNetScan extends Wizard
$this->url = ui_get_full_url(
'index.php?sec=gservers&sec2=godmode/servers/discovery&wiz=hd'
);
$this->access = 'AW';
$this->page = $page;
$this->breadcrum = $breadcrum;
}
@ -77,6 +79,8 @@ class CustomNetScan extends Wizard
*/
public function parseNetScan()
{
global $config;
if (isset($this->page) === true && $this->page === 0) {
// Check if we're updating a task.
$task_id = get_parameter('task', null);
@ -145,11 +149,11 @@ class CustomNetScan extends Wizard
) {
// Default values, no data received.
// User is accesing directly to this page.
if (users_is_admin() !== true && check_acl(
$config['id_usuario'],
if (check_acl(
$config['id_user'],
$this->task['id_group'],
'PM'
) !== true
$this->access
) != true
) {
$this->msg = __('You have no access to edit this task.');
return false;
@ -275,7 +279,7 @@ class CustomNetScan extends Wizard
{
global $config;
if (!check_acl($config['id_user'], 0, 'PM')) {
if (!check_acl($config['id_user'], 0, $this->access)) {
db_pandora_audit(
'ACL Violation',
'Trying to access Custom Net Scan.'
@ -317,11 +321,11 @@ class CustomNetScan extends Wizard
// Check ACL. If user is not able to manage target task,
// redirect him to main page.
if (users_is_admin() !== true && check_acl(
$config['id_usuario'],
if (check_acl(
$config['id_user'],
$this->task['id_group'],
'PM'
) !== true
$this->access
) != true
) {
$form['form']['action'] = $this->url.'&mode=customnetscan&page='.($this->page - 1);
}
@ -496,7 +500,7 @@ class CustomNetScan extends Wizard
'arguments' => [
'name' => 'id_group',
'returnAllGroup' => false,
'privilege' => 'PM',
'privilege' => $this->access,
'type' => 'select_groups',
'selected' => $this->task['id_group'],
'return' => true,

4
pandora_console/include/class/ManageNetScanScripts.class.php
View File

@ -65,6 +65,8 @@ class ManageNetScanScripts extends Wizard
$this->url = ui_get_full_url(
'index.php?sec=gservers&sec2=godmode/servers/discovery&wiz=hd'
);
$this->access = 'PM';
$this->page = $page;
$this->breadcrum = $breadcrum;
}
@ -81,7 +83,7 @@ class ManageNetScanScripts extends Wizard
{
global $config;
if (check_acl($config['id_user'], 0, 'AW') === 0) {
if (check_acl($config['id_user'], 0, $this->access) === 0) {
db_pandora_audit(
'ACL Violation',
'Trying to access Net Scan Script.'