function __SearchIP($params) { global $xmlrpcerruser; // import user errcode value // $params is an Array of xmlrpcval objects $errstr = ""; $err = 0; if (IPPLAN_API_VER != DBF_API_VER) { return new xmlrpcresp(0, $xmlrpcerruser + 3, "Incorrect API version"); } // get the first param $ipobj = $params->getParam(0); // if it's there and the correct type if (isset($ipobj) && $ipobj->scalartyp() == "string") { // extract the value of the state number $ipaddr = $ipobj->scalarval(); if (testIP($ipaddr)) { $err = 50; $errstr = "Invalid IP address!"; } else { if (!($ds = new IPplanDbf())) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Could not connect to database"); } $result = $ds->GetDuplicateSubnetAll(inet_aton($ipaddr), 1); // returns the following fields: // base.baseaddr, base.subnetsize, base.baseindex, base.descrip, customer.custdescrip, // customer.customer, base.lastmod, base.userid, base.swipmod while ($row = $result->FetchRow()) { $myVal[] = new xmlrpcval(array("baseaddr" => new xmlrpcval(inet_ntoa($row["baseaddr"])), "subnetsize" => new xmlrpcval($row["subnetsize"], "int"), "baseindex" => new xmlrpcval($row["baseindex"], "int"), "descrip" => new xmlrpcval($row["descrip"]), "customer" => new xmlrpcval($row["customer"], "int"), "custdescrip" => new xmlrpcval($row["custdescrip"])), "struct"); } } } else { // parameter mismatch, complain $err = 2; $errstr = "Incorrect parameters"; } if ($err) { // this is an error condition return new xmlrpcresp(0, $xmlrpcerruser + 1, $errstr); } else { // this is a successful value being returned return new xmlrpcresp(new xmlrpcval($myVal, "array")); } }
if (!$n) { closeClient($i); } else { // if a client has sent some data, do one of these: socket_write($client[$i], "IPplan whoisd v1.0\r\n------------------\r\n\n"); if ($n == "?" or $n == "help") { $res = help(); socket_write($client[$i], "{$res}\r\n"); closeClient($i); } else { if (substr($n, 0, 3) == "AS ") { $res = searchCustomer(substr($n, 3, 80)); socket_write($client[$i], "{$res}\r\n"); closeClient($i); } else { if (testIP($n) == FALSE) { // print something on the server, then echo the incoming // data to all of the clients in the $client array. if (DEBUG) { print "From {$remote_host[$i]}:{$remote_port[$i]}, client[{$i}]: {$n}\n"; } //socket_write($client[$i], "From client[$i]: $n\r\n"); $res = searchIP($n); socket_write($client[$i], "{$res}\r\n"); closeClient($i); } else { $res = help(); $res .= "Invalid query\n"; socket_write($client[$i], "{$res}\r\n"); closeClient($i); }
// Error Checks if (!$domain) { myError($w, $p, my_("Domain may not be blank")); } if ($action == "add") { $muldomains = split(";", $domain); } else { $muldomains = array($domain); } foreach ($muldomains as $value) { if (!preg_match('/^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)*[a-zA-Z]{2,6}$/', trim($value))) { myError($w, $p, sprintf(my_("Invalid domain name %s"), $value)); } } if (!empty($server)) { if (testIP($server) == 0) { // was an IP address } else { if (preg_match("/[^ \t@()<>,]+\\.[^ \t()<>,.]+\$/", $server)) { // was a hostname } else { myError($w, $p, sprintf(my_("Invalid hostname %s"), $server) . "\n"); } } } // will get error message if doing zone axfr and no nameservers given // this is ok as bulk zone axfr could result in some zones failing // import, thus need something to put in database $cnt = 0; for ($i = 1; $i < 11; $i++) { if ($hname[$i] and !preg_match("/[^ \t@()<>,]+\\.[^ \t()<>,.]+\$/", $hname[$i])) {
function FetchBase($cust, $areaindex, $rangeindex) { // use local function variables as they may change $this->cust = $cust; $this->rangeindex = $rangeindex; $this->areaindex = $areaindex; // set start and end address according to netrange if ($this->rangeindex) { // should only return one row here! $result = $this->GetRange($this->cust, $this->rangeindex); $row = $result->FetchRow(); $this->start = inet_ntoa($row["rangeaddr"]); $this->end = inet_ntoa($row["rangeaddr"] + $row["rangesize"] - 1); $this->site = " (" . $row["descrip"] . ")"; } else { if ($this->ipaddr) { if ($this->subnetsize) { $this->start = $this->ipaddr; $this->end = inet_ntoa(inet_aton($this->ipaddr) + $this->subnetsize - 1); } else { $this->start = completeIP($this->ipaddr, 1); $this->end = completeIP($this->ipaddr, 2); } if (testIP($this->start) or testIP($this->end)) { $this->err = 50; // Invalid IP address! $this->errstr = my_("Invalid IP address!"); return FALSE; } } else { $this->start = DEFAULTROUTE; $this->end = ALLNETS; } } $startnum = inet_aton($this->start); $endnum = inet_aton($this->end); // pager could have made cust = 0 if ($this->cust == 0) { $this->custdescrip = "All"; } else { $this->custdescrip = $this->GetCustomerDescrip($this->cust); } if (strtolower($this->custdescrip) == "all") { $this->cust = 0; } if ($this->areaindex == -1) { // all subnets not part of an area $result = $this->GetBaseNoArea($this->descrip, $this->cust, $this->grps); } else { if ($this->areaindex and !$this->rangeindex) { $result = $this->GetBaseFromArea($this->areaindex, $this->descrip, $this->cust, $this->grps); } else { // search in subnet - finds subnets with exact ip address match // useful for finding from where an attack comes if you have IP if ($this->searchin == 0) { $result = $this->GetBase($startnum, $endnum, $this->descrip, $this->cust, $this->grps); } else { if ($this->cust == 0) { $result = $this->GetDuplicateSubnetAll($startnum, 1, $this->grps); } else { $result = $this->GetDuplicateSubnet($startnum, 1, $this->cust); } } } } return $result; }
function ProcessRow($ds, $cust, &$w, &$p, $data, $template, $append) { global $format; $num = count($data); // blank row if (empty($data[0])) { insert($w, block("<b>" . my_("Row is blank - ignoring") . "</b>")); return; } // bogus row if ($num < 7) { // ok to save what has been imported already $ds->DbfTransactionEnd(); myError($w, $p, my_("Row not the correct format.")); } if (testIP(trim($data[0]))) { insert($w, block("<b>" . my_("Invalid IP address") . "</b>")); return; } $ip = inet_aton(trim($data[0])); $user = substr($data[1], 0, 80); $location = substr($data[2], 0, 80); $descrip = substr($data[3], 0, 80); $hname = substr($data[4], 0, 100); $telno = substr($data[5], 0, 15); $macaddr = substr($data[6], 0, 12); if ($format == "xml") { $macaddr = $data[6]; } $info = ""; if (is_object($template)) { // all columns over 6 are considered for adding to template fields $cnt = 7; $userfld = array(); foreach ($template->userfld as $key => $value) { // set fields in template only if field in import file exists, else make blank $userfld[$key] = isset($data[$cnt]) ? $data[$cnt] : ""; $cnt++; } $template->Merge($userfld); $err = $template->Verify($w); if ($err) { // ok to save what has been imported already $ds->DbfTransactionEnd(); myError($w, $p, my_("Row failed template verify.")); } if ($template->is_blank() == FALSE) { $info = $template->encode(); } } // NOTE: Test ip address $result = $ds->GetBaseFromIP($ip, $cust); if (!($row = $result->FetchRow())) { // ok to save what has been imported already $ds->DbfTransactionEnd(); myError($w, $p, sprintf(my_("Subnet could not be found for IP address %s"), $data[0])); } $baseindex = $row["baseindex"]; $baseaddr = $row["baseaddr"]; $subnetsize = $row["subnetsize"]; if ($append == "on") { $ip = (array) $ip; if ($user === "NULL") { $user = ""; } if ($location === "NULL") { $location = ""; } if ($telno === "NULL") { $telno = ""; } if ($macaddr === "NULL") { $macaddr = ""; } if ($descrip === "NULL") { $descrip = ""; } if ($hname === "NULL") { $hname = ""; } } if ($ds->ModifyIP($ip, $baseindex, $user, $location, $telno, $macaddr, $descrip, $hname, $info) == 0) { insert($w, text(my_("IP address details modified"))); } else { insert($w, text(my_("IP address details could not be modified"))); } }
} if ($template->is_blank() == FALSE) { $info = $template->encode(); // myError($w,$p, my_("info: $info")); } } // Changed - End [FE] if (strlen($descrip) == 0) { insert($w, text(my_("No description for the subnet"))); break; } else { if (!$ipaddr) { insert($w, text(my_("IP address may not be blank"))); break; } else { if (testIP($ipaddr)) { insert($w, text(sprintf(my_("Invalid IP address [ %s ]"), $ipaddr))); break; } else { if (!$size) { insert($w, text(my_("Subnet mask is invalid"))); break; } else { // handle duplicate subnets $result = $ds->GetDuplicateSubnet($base, $size, $cust); if ($row = $result->FetchRow()) { // check if baseaddr and size match EXACTLY if ($row["baseaddr"] != $base or $row["subnetsize"] != $size) { insert($w, text(sprintf(my_("Subnet could not be updated - start address and size do not EXACTLY match existing subnet [ %s ]"), $ipaddr))); break; }
} newhtml($p); $w = myheading($p, $title, true); $ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database")); if ($_POST) { // save the last customer used // must set path else Netscape gets confused! setcookie("ipplanCustomer", "{$cust}", time() + 10000000, "/"); $descrip = trim($descrip); if (strlen($descrip) == 0) { $formerror .= my_("You need to enter a description for the area") . "\n"; } if (!$ipaddr) { $formerror .= my_("Area address may not be blank") . "\n"; } else { if (testIP($ipaddr, TRUE)) { $formerror .= my_("Invalid area address - it must be the same format as an IP address") . "\n"; } } if (!$formerror) { $base = inet_aton($ipaddr); // check if user belongs to customer admin group $result = $ds->GetCustomerGrp($cust); // can only be one row - does not matter if nothing is // found as array search will return false $row = $result->FetchRow(); if (!in_array($row["admingrp"], $grps)) { myError($w, $p, my_("You may not create/modify an area for this customer as you are not a member of the customers admin group")); } $ds->DbfTransactionStart(); if ($action == "modify") {
function parseAddGroupBoundaryForm($w, $ds) { list($grp, $ipaddr, $size) = myRegister("S:grp S:ipaddr S:size"); // explicitly cast variables as security measure against SQL injection $formerror = ""; $size = floor($size); if ($_POST) { $base = inet_aton($ipaddr); // creating readonly group? if ($base == 0 and $size == 0) { if ($ds->ds->GetOne("SELECT count(*) AS cnt FROM bounds WHERE grp=" . $ds->ds->qstr($grp))) { $formerror .= my_("Boundary cannot be created - overlaps with existing boundary") . "\n"; } } else { if (!$ipaddr) { $formerror .= my_("Boundary address may not be blank") . "\n"; } else { if (testIP($ipaddr)) { $formerror .= my_("Invalid boundary address") . "\n"; } else { if (!$size) { $formerror .= my_("Size may not be zero") . "\n"; } else { if (TestDuplicateBounds($ds, $base, $size, $grp)) { $formerror .= my_("Boundary cannot be created - overlaps with existing boundary") . "\n"; } } } } if ($size > 1) { if (TestBaseAddr(inet_aton3($ipaddr), $size)) { $formerror .= my_("Invalid base address") . "\n"; } } } if (!$formerror) { $ds->DbfTransactionStart(); // the fact that the range is unique prevents the range // being added to more than one area! $result =& $ds->ds->Execute("INSERT INTO bounds\n (boundsaddr, boundssize, grp)\n VALUES\n ({$base}, {$size}, " . $ds->ds->qstr($grp) . ")"); if ($result) { $ds->DbfTransactionEnd(); insert($w, textbr(my_("Boundary created"))); insertEditGroupForm($w, $ds); } else { $formerror .= my_("Boundary could not be created") . "\n"; } } } return $formerror; }
myError($w, $p, my_("You cannot reload or bookmark this page!")); } // basic sequence is connect, search, interpret search // result, close connection $ds = new IPplanDbf() or myError($w, $p, my_("Could not connect to database")); // set start and end address according to range $site = ""; if ($rangeindex) { // should only return one row here! $result = $ds->GetRange($cust, $rangeindex); $row = $result->FetchRow(); $start = inet_ntoa($row["rangeaddr"]); $end = inet_ntoa($row["rangeaddr"] + $row["rangesize"] - 1); $site = " (" . $row["descrip"] . ")"; } if (testIP($start) or testIP($end)) { myError($w, $p, my_("Invalid IP address! You must select a range or fill in the start and end IP address.")); } $startnum = inet_aton($start); $endnum = inet_aton($end); if ($endnum <= $startnum) { myError($w, $p, my_("Your end ip address is smaller than your start!")); } //if the $size* is empty set it to value if (empty($size_from)) { $size_from = 0; } if (empty($size_to)) { $size_to = MAXSIZE; } $custdescrip = $ds->GetCustomerDescrip($cust);
require_once "../auth.php"; $auth = new SQLAuthenticator(REALM, REALMERROR); // And now perform the authentication $auth->authenticate(); // set language isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']); //setdefault("window",array("bgcolor"=>"white")); $title = my_("Ping results"); newhtml($p); $w = myheading($p, $title, true); // explicitly cast variables as security measure against SQL injection list($lookup) = myRegister("S:lookup"); if (!$_GET) { myError($w, $p, my_("You cannot reload or bookmark this page!")); } if (testIP($lookup)) { myError($w, $p, my_("Invalid IP address")); } function callback($buffer) { return $buffer; } // need to print at this stage as display data is cached via layout template // buffer the output and do some tricks to place system call output in correct // place ob_start("callback"); printhtml($p); $buf = ob_get_contents(); ob_end_clean(); // now print first half of HTML to browser - split at start of "normalbox" list($beg, $end) = spliti('CLASS="normalbox">', $buf);
// grab email address from template for later use if this is an // ip address request if ($request and isset($template->userfld["email"]["value"]) and preg_match('/^[\\w-\\.]{1,}\\@([\\da-zA-Z-]{1,}\\.){1,}[\\da-zA-Z-]{2,3}$/', $template->userfld["email"]["value"])) { $email = $template->userfld["email"]["value"]; } $info = $template->encode(); } } // ----- verify template and insert data into tables ---------- // ----- only insert if template verifies ok ------------------ if (!empty($hname)) { $formerror .= UpdateDNS($ds, $w, $cust, $hname, $ip); } // is an address linked to another address - used for NAT? if (!empty($lnk)) { if (!testIP($lnk)) { // substr required to strip space added with each submit if user is empty // and also to ensure field does not overflow 80 characters $user = substr(trim("LNK{$lnk} {$user}"), 0, 79); $formerror .= UpdateLnk($ds, $w, $cust, $baseindex, $lnk, $ip); } else { $formerror .= sprintf(my_("Invalid link address: %s"), $lnk) . "\n"; } } // check if mac address is valid - all or nothing! if (!empty($macaddr)) { $oldmacaddr = $macaddr; $macaddr = str_replace(array(":", "-", ".", " "), "", $macaddr); if (strlen($macaddr) == 12 and preg_match("/^[a-f0-9A-F]*\$/", $macaddr)) { // check for duplicate mac address - only when subnet is marked as DHCP if ($ds->ds->GetOne("SELECT ipaddr.macaddr \n FROM base, ipaddr\n WHERE base.customer={$cust} AND\n base.baseindex=ipaddr.baseindex AND\n ipaddr.ipaddr!={$ip} AND\n ipaddr.macaddr=" . $ds->ds->qstr($macaddr))) {
function RevZoneAddRR($zoneid, $answer) { global $grps; // open a new database connection $ds = new Base(); if (!$ds) { $this->err = 90; $this->errstr .= my_("Could not connect to database"); } $ds->SetGrps($grps); $ds->SetSearchIn(1); foreach ($answer as $rr) { if ($rr->type == "PTR") { $recordtype = $rr->type; $domain = $rr->ptrdname; // proper domain name $host = $rr->name; // in format 46.61.110.147.in-addr.arpa } else { continue; } // now split ip address list($oc1, $oc2, $oc3, $oc4, $tail) = split("\\.", $host, 5); $ipaddr = "{$oc4}.{$oc3}.{$oc2}.{$oc1}"; if (testIP($ipaddr)) { $this->errstr .= sprintf(my_("Invalid address %s"), $ipaddr) . "\n"; continue; } $ds->SetIPaddr($ipaddr); $result = $ds->FetchBase($this->cust, 0, 0); if (!$result) { $this->err = 70; $this->errstr .= $ds->errstr; } // add records here - got a match for a subnet if ($row = $result->FetchRow()) { $baseindex = $row["baseindex"]; $affected = $ds->UpdateIP(inet_aton($ipaddr), $baseindex, "hname", $domain); if (!$affected) { $ds->AddIP(inet_aton($ipaddr), $baseindex, "", "", "", "", "Reverse zone import", $domain, ""); } } else { $this->errstr .= sprintf(my_("No subnet found for address %s"), $ipaddr) . "\n"; } } return TRUE; }
} if (!empty($server)) { if (testIP($server) == 0) { // was an IP address } else { if (preg_match("/[^ \t@()<>,]+\\.[^ \t()<>,.]+\$/", $server)) { // was a hostname } else { myError($w, $p, sprintf(my_("Invalid hostname %s"), $server) . "\n"); } } } if (!$zoneip) { myError($w, $p, my_("IP address may not be blank")); } else { if (testIP($zoneip)) { myError($w, $p, my_("Invalid IP address")); } else { if (!$size) { myError($w, $p, my_("Size may not be zero")); } else { if ($size > 1) { if (TestBaseAddr(inet_aton3($zoneip), $size)) { myError($w, $p, my_("Invalid base address!")); } } } } } $zoneip = inet_aton($zoneip); $cnt = 0;
$formerror .= my_("The CRM index is invalid") . "\n"; } if ($cntry == "US" and !preg_match("/[0-9]{5}/", $zipcode)) { $formerror .= my_("Invalid zipcode") . "\n"; } if ($tcntry == "US" and !preg_match("/[0-9]{5}/", $tzipcode)) { $formerror .= my_("Invalid contact zipcode") . "\n"; } if ($mbox and !preg_match("/^[^ \t@|()<>,]+@[^ \t@()<>,]+\\.[^ \t()<>,.]+\$/", $mbox)) { $formerror .= my_("Invalid E-mail address") . "\n"; } for ($i = 1; $i < 11; $i++) { if ($hname[$i] and !preg_match("/[^ \t@()<>,]+\\.[^ \t()<>,.]+\$/", $hname[$i])) { $formerror .= sprintf(my_("Invalid hostname %u"), $i) . "\n"; } if ($ipaddr[$i] and testIP($ipaddr[$i])) { $formerror .= sprintf(my_("Invalid IP address %u"), $i) . "\n"; } if ($hname[$i] and !$ipaddr[$i] or !$hname[$i] and $ipaddr[$i]) { $formerror .= sprintf(my_("Invalid hostname/IP address combination %u"), $i) . "\n"; } } // use base template (for additional subnet information) $template = new IPplanIPTemplate("custtemplate", $cust); $info = ""; if ($template->is_error() == FALSE) { // PROBLEM HERE: if template create suddenly returns error (template file // permissions, xml error etc), then each submit thereafter will erase // previous contents - this is not good $template->Merge($userfld); if ($err = $template->Verify($w)) {
if (!preg_match('/^(([\\w][\\w\\-\\.]*)\\.)?([\\w][\\w\\-]+)(\\.([\\w][\\w\\.]*))?\\.?$/', $iphostname)) { myError($w, $p, my_("Invalid IP/ Hostname")); } } } } } // add . after record - don't understand thinking here? User should determine if // qualified or not? /* if(preg_match("/[a-z]/i",$iphostname) && substr($iphostname,-1) != '.') { $iphostname .= '.'; } */ // iphostname must be IP address if ($recordtype == "A" and testIP($iphostname)) { myError($w, $p, my_("For A type, IP / Hostname must be an IP address")); } // need to check for valid host if ($recordtype == "CNAME" or $recordtype == "NS") { if (!preg_match(FQDNHNAMEREGEX, $iphostname)) { myError($w, $p, my_("Invalid IP/ Hostname")); } } // everything looks ok, now check that there are no duplicates // could use database key for this, but would require huge indexes // cannot check much else as records could be outside of this zone // bind has no issues with CNAME's or MX records pointing to non-existent // records, so don't bother checking those either $result =& $ds->ds->Execute("SELECT customer \n FROM fwdzonerec \n WHERE customer={$cust} AND data_id={$zoneid} AND\n host=" . $ds->ds->qstr($host) . " AND\n recordtype=" . $ds->ds->qstr($recordtype) . " AND \n ip_hostname=" . $ds->ds->qstr($iphostname)); $recs = $result->PO_RecordCount("fwdzonerec", "customer={$cust} AND data_id={$zoneid} AND\n host=" . $ds->ds->qstr($host) . " AND\n recordtype=" . $ds->ds->qstr($recordtype) . " AND \n ip_hostname=" . $ds->ds->qstr($iphostname));
// but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // require_once "../ipplanlib.php"; require_once "../config.php"; require_once "../layout/class.layout"; // set language isset($_COOKIE["ipplanLanguage"]) && myLanguage($_COOKIE['ipplanLanguage']); //setdefault("window",array("bgcolor"=>"white")); $title = my_("DNS results"); newhtml($p); $w = myheading($p, $title, true); // explicitly cast variables as security measure against SQL injection list($ip) = myRegister("S:ip"); if (!$_GET) { myError($w, $p, my_("You cannot reload or bookmark this page!")); } if (testIP($ip)) { myError($w, $p, my_("Invalid IP address")); } $result = gethostbyaddr($ip); insert($w, text($result)); if ($result == $ip) { insert($w, textb(my_(" No DNS reverse record found"))); } printhtml($p);