function discover_new_device($hostname, $source = 'xdp') { global $config, $debug; if ($config['autodiscovery'][$source]) { echo "Discovering new host {$hostname}\n"; if (!empty($config['mydomain']) && isDomainResolves($hostname . "." . $config['mydomain'])) { if ($debug) { echo "appending " . $config['mydomain'] . "!\n"; } $dst_host = $hostname . "." . $config['mydomain']; } else { $dst_host = $hostname; } $ip = gethostbyname($dst_host); if ($debug) { echo "resolving {$dst_host} to {$ip}\n"; } if (match_network($config['autodiscovery']['ip_nets'], $ip)) { if ($debug) { echo "found {$ip} inside configured nets, adding!\n"; } $remote_device_id = addHost($dst_host); if ($remote_device_id) { $remote_device = device_by_id_cache($remote_device_id, 1); array_push($GLOBALS['devices'], $remote_device); return $remote_device_id; } } } else { if ($debug) { echo "{$source} autodiscovery disabled"; } return FALSE; } }
function discover_new_device($hostname, $device = '', $method = '', $interface = '') { global $config; if (!empty($config['mydomain']) && isDomainResolves($hostname . '.' . $config['mydomain'])) { $dst_host = $hostname . '.' . $config['mydomain']; } else { $dst_host = $hostname; } d_echo("discovering {$dst_host}\n"); $ip = gethostbyname($dst_host); if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === false && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false) { // $ip isn't a valid IP so it must be a name. if ($ip == $dst_host) { d_echo("name lookup of {$dst_host} failed\n"); log_event("{$method} discovery of " . $dst_host . " failed - Check name lookup", $device['device_id'], 'discovery'); return false; } } elseif (filter_var($dst_host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === true || filter_var($dst_host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === true) { // gethostbyname returned a valid $ip, was $dst_host an IP? if ($config['discovery_by_ip'] === false) { d_echo('Discovery by IP disabled, skipping ' . $dst_host); log_event("{$method} discovery of " . $dst_host . " failed - Discovery by IP disabled", $device['device_id'], 'discovery'); return false; } } d_echo("ip lookup result: {$ip}\n"); $dst_host = rtrim($dst_host, '.'); // remove trailing dot if (match_network($config['autodiscovery']['nets-exclude'], $ip)) { d_echo("{$ip} in an excluded network - skipping\n"); return false; } if (match_network($config['nets'], $ip)) { try { $remote_device_id = addHost($dst_host, '', '161', 'udp', $config['distributed_poller_group']); $remote_device = device_by_id_cache($remote_device_id, 1); echo '+[' . $remote_device['hostname'] . '(' . $remote_device['device_id'] . ')]'; discover_device($remote_device); device_by_id_cache($remote_device_id, 1); if ($remote_device_id && is_array($device) && !empty($method)) { $extra_log = ''; $int = ifNameDescr($interface); if (is_array($int)) { $extra_log = ' (port ' . $int['label'] . ') '; } log_event('Device ' . $remote_device['hostname'] . " ({$ip}) {$extra_log} autodiscovered through {$method} on " . $device['hostname'], $remote_device_id, 'discovery'); } else { log_event("{$method} discovery of " . $remote_device['hostname'] . " ({$ip}) failed - Check ping and SNMP access", $device['device_id'], 'discovery'); } return $remote_device_id; } catch (HostExistsException $e) { // already have this device } catch (Exception $e) { log_event("{$method} discovery of " . $dst_host . " ({$ip}) failed - " . $e->getMessage()); } } else { d_echo("{$ip} not in a matched network - skipping\n"); } //end if }
function discover_new_device($hostname, $device = '', $method = '', $interface = '') { global $config, $debug; if (!empty($config['mydomain']) && isDomainResolves($hostname . '.' . $config['mydomain'])) { $dst_host = $hostname . '.' . $config['mydomain']; } else { $dst_host = $hostname; } if ($debug) { echo "discovering {$dst_host}\n"; } $ip = gethostbyname($dst_host); if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === false && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false) { // $ip isn't a valid IP so it must be a name. if ($ip == $dst_host) { if ($debug) { echo "name lookup of {$dst_host} failed\n"; } return false; } } if ($debug) { echo "ip lookup result: {$ip}\n"; } $dst_host = rtrim($dst_host, '.'); // remove trailing dot if (match_network($config['autodiscovery']['nets-exclude'], $ip)) { if ($debug) { echo "{$ip} in an excluded network - skipping\n"; } return false; } if (match_network($config['nets'], $ip)) { $remote_device_id = addHost($dst_host, '', '161', 'udp', '0', $config['distributed_poller_group']); if ($remote_device_id) { $remote_device = device_by_id_cache($remote_device_id, 1); echo '+[' . $remote_device['hostname'] . '(' . $remote_device['device_id'] . ')]'; discover_device($remote_device); device_by_id_cache($remote_device_id, 1); if ($remote_device_id && is_array($device) && !empty($method)) { $extra_log = ''; $int = ifNameDescr($interface); if (is_array($int)) { $extra_log = ' (port ' . $int['label'] . ') '; } log_event('Device $' . $remote_device['hostname'] . " ({$ip}) {$extra_log} autodiscovered through {$method} on " . $device['hostname'], $remote_device_id, 'system'); } else { log_event("{$method} discovery of " . $remote_device['hostname'] . " ({$ip}) failed - check ping and SNMP access", $device['device_id'], 'system'); } return $remote_device_id; } } else { if ($debug) { echo "{$ip} not in a matched network - skipping\n"; } } //end if }
function perform_snmp_scan($net) { global $stats, $config, $debug, $vdebug; echo 'Range: ' . $net->network . '/' . $net->bitmask . PHP_EOL; $config['snmp']['timeout'] = 1; $config['snmp']['retries'] = 0; $config['fping_options']['retries'] = 0; $start = ip2long($net->network); $end = ip2long($net->broadcast) - 1; while ($start++ < $end) { $stats['count']++; $host = long2ip($start); if (match_network($config['autodiscovery']['nets-exclude'], $host)) { echo '|'; continue; } $test = isPingable($host); if ($test['result'] === false) { echo '.'; continue; } if (ip_exists($host)) { $stats['known']++; echo '*'; continue; } foreach (array('udp', 'tcp') as $transport) { try { addHost(gethostbyaddr($host), '', $config['snmp']['port'], $transport, $config['distributed_poller_group']); $stats['added']++; echo '+'; break; } catch (HostExistsException $e) { $stats['known']++; echo '*'; break; } catch (HostUnreachablePingException $e) { echo '.'; break; } catch (HostUnreachableException $e) { if ($debug) { print_error($e->getMessage() . " over {$transport}"); foreach ($e->getReasons() as $reason) { echo " {$reason}\n"; } } if ($transport == 'tcp') { // tried both udp and tcp without success $stats['failed']++; echo '-'; } } } } echo PHP_EOL; }
function discover_new_device($hostname) { global $config, $debug; if ($config['autodiscovery']['xdp']) { if (isDomainResolves($hostname . "." . $config['mydomain'])) { $dst_host = $hostname . "." . $config['mydomain']; } else { $dst_host = $hostname; } if ($debug) { echo "discovering {$dst_host}\n"; } $ip = gethostbyname($dst_host); if ($ip == $dst_host) { if ($debug) { echo "name lookup of {$dst_host} failed\n"; } return FALSE; } else { if ($debug) { echo "ip lookup result: {$ip}\n"; } } $dst_host = rtrim($dst_host, '.'); // remove trailing dot if (match_network($config['autodiscovery']['nets-exclude'], $ip)) { if ($debug) { echo "{$ip} in an excluded network - skipping\n"; } return FALSE; } if (match_network($config['nets'], $ip)) { $remote_device_id = addHost($dst_host); if ($remote_device_id) { $remote_device = device_by_id_cache($remote_device_id, 1); echo "+[" . $remote_device['hostname'] . "(" . $remote_device['device_id'] . ")]"; discover_device($remote_device); $remote_device = device_by_id_cache($remote_device_id, 1); return $remote_device_id; } } else { if ($debug) { echo "{$ip} not in a matched network - skipping\n"; } } } else { if ($debug) { echo "autodiscovery disabled - skipping\n"; } return FALSE; } }
function discover_new_device($hostname) { global $config, $debug; if (!empty($config['mydomain']) && isDomainResolves($hostname . "." . $config['mydomain'])) { $dst_host = $hostname . "." . $config['mydomain']; } else { $dst_host = $hostname; } if ($debug) { echo "discovering {$dst_host}\n"; } $ip = gethostbyname($dst_host); if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === FALSE && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === FALSE) { // $ip isn't a valid IP so it must be a name. if ($ip == $dst_host) { if ($debug) { echo "name lookup of {$dst_host} failed\n"; } return FALSE; } } if ($debug) { echo "ip lookup result: {$ip}\n"; } $dst_host = rtrim($dst_host, '.'); // remove trailing dot if (match_network($config['autodiscovery']['nets-exclude'], $ip)) { if ($debug) { echo "{$ip} in an excluded network - skipping\n"; } return FALSE; } if (match_network($config['nets'], $ip)) { $remote_device_id = addHost($dst_host, '', '161', 'udp', '0', $config['distributed_poller_group']); if ($remote_device_id) { $remote_device = device_by_id_cache($remote_device_id, 1); echo "+[" . $remote_device['hostname'] . "(" . $remote_device['device_id'] . ")]"; discover_device($remote_device); device_by_id_cache($remote_device_id, 1); return $remote_device_id; } } else { if ($debug) { echo "{$ip} not in a matched network - skipping\n"; } } }
function discover_new_device($hostname, $source = 'xdp', $protocol = NULL, $device = NULL, $port = NULL) { global $config, $debug; # FIXME remodel function a bit like the one above? refactor so they share some parts? if ($config['autodiscovery'][$source]) { echo "Discovering new host {$hostname}\n"; if (!empty($config['mydomain']) && isDomainResolves($hostname . "." . $config['mydomain'])) { if ($debug) { echo "appending " . $config['mydomain'] . "!\n"; } $dst_host = $hostname . "." . $config['mydomain']; } else { $dst_host = $hostname; } $ip = gethostbyname($dst_host); if ($debug) { echo "resolving {$dst_host} to {$ip}\n"; } if (match_network($config['autodiscovery']['ip_nets'], $ip)) { if ($debug) { echo "found {$ip} inside configured nets, adding!\n"; } $remote_device_id = add_device($dst_host); if ($remote_device_id) { $remote_device = device_by_id_cache($remote_device_id, 1); if (!$protocol) { $protocol = strtoupper($source); } if ($port) { humanize_port($port); log_event("Device autodiscovered through {$protocol} on " . $device['hostname'] . " (port " . $port['label'] . ")", $remote_device_id, 'interface', $port['port_id']); } else { log_event("Device autodiscovered through {$protocol} on " . $device['hostname'], $remote_device_id); } array_push($GLOBALS['devices'], $remote_device); return $remote_device_id; } } } else { if ($debug) { echo "{$source} autodiscovery disabled"; } return FALSE; } }
} //end foreach } //end if } //end elseif echo ' OSPF Discovery: '; if ($config['autodiscovery']['ospf'] === true) { echo "enabled\n"; foreach (dbFetchRows('SELECT DISTINCT(`ospfNbrIpAddr`),`device_id` FROM `ospf_nbrs` WHERE `device_id`=?', array($device['device_id'])) as $nbr) { $ip = $nbr['ospfNbrIpAddr']; if (match_network($config['autodiscovery']['nets-exclude'], $ip)) { echo 'x'; continue; } if (!match_network($config['nets'], $ip)) { echo 'i'; continue; } $name = gethostbyaddr($ip); $remote_device_id = discover_new_device($name, $device, 'OSPF'); } } else { echo "disabled\n"; } d_echo($link_exists); $sql = "SELECT * FROM `links` AS L, `ports` AS I WHERE L.local_port_id = I.port_id AND I.device_id = '" . $device['device_id'] . "'"; foreach (dbFetchRows($sql) as $test) { $local_port_id = $test['local_port_id']; $remote_hostname = $test['remote_hostname']; $remote_port = $test['remote_port'];
* * @package observium * @subpackage discovery * @author Adam Armstrong <*****@*****.**> * @copyright (C) 2006 - 2013 Adam Armstrong * */ include "includes/defaults.inc.php"; include "config.php"; include "includes/definitions.inc.php"; include "includes/functions.php"; $handle = fopen("ips.txt", "w"); foreach (dbFetchRows("SELECT * FROM `ipv4_networks`") as $data) { $cidr = $data['ipv4_network']; list($network, $bits) = explode("/", $cidr); if ($bits != '32' && $bits != '32' && $bits > '22') { $addr = Net_IPv4::parseAddress($cidr); $broadcast = $addr->broadcast; $ip = ip2long($network) + '1'; $end = ip2long($broadcast); while ($ip < $end) { $ipdotted = long2ip($ip); if (dbFetchCell("SELECT COUNT(ipv4_address_id) FROM `ipv4_addresses` WHERE `ipv4_address` = ?", array($ipdotted)) == '0' && match_network($config['nets'], $ipdotted)) { fputs($handle, $ipdotted . "\n"); } $ip++; } } } fclose($handle); shell_exec("fping -t 100 -f ips.txt > ips-scanned.txt");
function discover_new_device($hostname, $source = 'xdp', $protocol = NULL, $device = NULL, $snmp_port = 161) { global $config; $source = strtolower($source); if ($config['autodiscovery'][$source]) { if (!$protocol) { $protocol = strtoupper($source); } print_message("发现新主机 {$hostname} 通过 {$protocol}"); // By first detect hostname is IP or domain name (IPv4/6 == 4/6, hostname == FALSE) $ip_version = get_ip_version($hostname); if ($ip_version) { // Hostname is IPv4/IPv6 $use_ip = TRUE; $ip = $hostname; } else { $use_ip = FALSE; if (!empty($config['mydomain']) && isDomainResolves($hostname . '.' . $config['mydomain'])) { $hostname .= '.' . $config['mydomain']; } $ip = gethostbyname6($hostname); if ($ip) { $ip_version = get_ip_version($ip); print_debug("主机 {$hostname} 解析为 {$ip}"); } else { // No DNS records print_debug("主机 {$hostname} 无法解析, 自动发现失败."); return FALSE; } } if (match_network($ip, $config['autodiscovery']['ip_nets'])) { print_debug("主机 {$hostname} ({$ip}) 内部网络创建配置, 尝试增加:"); if (isPingable($ip)) { // Check if device duplicated by IP $ip = $ip_version == 4 ? $ip : Net_IPv6::uncompress($ip, TRUE); $db = dbFetchRow('SELECT D.`hostname` FROM ipv' . $ip_version . '_addresses AS A LEFT JOIN `ports` AS P ON A.`port_id` = P.`port_id` LEFT JOIN `devices` AS D ON D.`device_id` = P.`device_id` WHERE D.`disabled` = 0 AND A.`ipv' . $ip_version . '_address` = ?', array($ip)); if ($db) { print_debug('已经有设备 ' . $db['hostname'] . " 包含 {$ip}"); return FALSE; } // Detect snmp transport $snmp_transport = $ip_version == 4 ? 'udp' : 'udp6'; $new_device = detect_device_snmpauth($ip, $snmp_port, $snmp_transport); if ($new_device) { if ($use_ip) { // Detect FQDN hostname // by sysName $snmphost = snmp_get($new_device, "sysName.0", "-Oqv", "SNMPv2-MIB", mib_dirs()); if ($snmphost) { $snmp_ip = gethostbyname6($snmphost); } if ($snmp_ip == $ip) { $hostname = $snmphost; } else { // by PTR $ptr = gethostbyaddr6($ip); if ($ptr) { $ptr_ip = gethostbyname6($ptr); } if ($ptr && $ptr_ip == $ip) { $hostname = $ptr; } else { print_debug("设备 IP {$ip} 没有 FQDN 名称"); return FALSE; } } print_debug("设备 IP {$ip} 发现 FQDN 名称: {$hostname}"); } $new_device['hostname'] = $hostname; if (!check_device_duplicated($new_device)) { $snmp_v3 = array(); if ($new_device['snmp_version'] === 'v3') { $snmp_v3['snmp_authlevel'] = $new_device['snmp_authlevel']; $snmp_v3['snmp_authname'] = $new_device['snmp_authname']; $snmp_v3['snmp_authpass'] = $new_device['snmp_authpass']; $snmp_v3['snmp_authalgo'] = $new_device['snmp_authalgo']; $snmp_v3['snmp_cryptopass'] = $new_device['snmp_cryptopass']; $snmp_v3['snmp_cryptoalgo'] = $new_device['snmp_cryptoalgo']; } $remote_device_id = createHost($new_device['hostname'], $new_device['snmp_community'], $new_device['snmp_version'], $new_device['snmp_port'], $new_device['snmp_transport'], $snmp_v3); if ($remote_device_id) { $remote_device = device_by_id_cache($remote_device_id, 1); if ($port) { humanize_port($port); log_event("设备自动发现通过 {$protocol} 在 " . $device['hostname'] . " (port " . $port['label'] . ")", $remote_device_id, 'port', $port['port_id']); } else { log_event("设备自动发现通过 {$protocol} 在 " . $device['hostname'], $remote_device_id, $protocol); } //array_push($GLOBALS['devices'], $remote_device); // createHost() already puth this return $remote_device_id; } } } } } else { print_debug("IP {$ip} ({$hostname}) 不允许内部 \$config['autodiscovery']['ip_nets'] 位于 config.php"); } print_debug('自动发现主机 ' . $hostname . ' 错误.'); } else { print_debug('自动发现协议 ' . $protocol . ' 禁用.'); } return FALSE; }
#!/usr/bin/php <?php include "includes/defaults.inc.php"; include "config.php"; include "includes/functions.php"; shell_exec("rm ips.txt && touch ips.txt"); $handle = fopen("ips.txt", "w+"); $query = mysql_query("SELECT * FROM `networks`"); while ($data = mysql_fetch_array($query)) { $cidr = $data['cidr']; list($network, $bits) = split("/", $cidr); if ($bits != '32' && $bits != '32' && $bits > '22') { $broadcast = trim(shell_exec($config['ipcalc'] . " {$cidr} | grep Broadcast | cut -d\" \" -f 2")); $ip = ip2long($network) + '1'; $end = ip2long($broadcast); while ($ip < $end) { $ipdotted = long2ip($ip); if (mysql_result(mysql_query("SELECT count(id) FROM ipaddr WHERE addr = '{$ipdotted}'"), 0) == '0' && match_network($config['nets'], $ipdotted)) { fputs($handle, $ipdotted . "\n"); } $ip++; } } } `fping -t 100 -f ips.txt > ips-scanned.txt`;
function discover_new_device($hostname, $source = 'xdp', $protocol = NULL, $device = NULL, $snmp_port = 161) { global $config; $source = strtolower($source); // Check if source is enabled for autodiscovery if ($config['autodiscovery'][$source]) { $flags = OBS_DNS_ALL; if (!$protocol) { $protocol = strtoupper($source); } print_cli_data("Try discovering host", "{$hostname} through {$protocol}", 3); // By first detect hostname is IP or domain name (IPv4/6 == 4/6, hostname == FALSE) $ip_version = get_ip_version($hostname); if ($ip_version) { // Hostname is IPv4/IPv6 $use_ip = TRUE; $ip = $hostname; } else { $use_ip = FALSE; // Add "mydomain" configuration if this resolves, converts switch1 -> switch1.mydomain.com if (!empty($config['mydomain']) && isDomainResolves($hostname . '.' . $config['mydomain'], $flags)) { $hostname .= '.' . $config['mydomain']; } // Determine v4 vs v6 $ip = gethostbyname6($hostname, $flags); if ($ip) { $ip_version = get_ip_version($ip); print_debug("Host {$hostname} resolved as {$ip}"); } else { // No DNS records print_debug("Host {$hostname} not resolved, autodiscovery fails."); return FALSE; } } if ($ip_version == 6) { $flags = $flags ^ OBS_DNS_A; // Exclude IPv4 } if (isset($config['autodiscovery']['ping_skip']) && $config['autodiscovery']['ping_skip']) { $flags = $flags | OBS_PING_SKIP; // Add skip pings flag } if (match_network($ip, $config['autodiscovery']['ip_nets'])) { print_debug("Host {$hostname} ({$ip}) founded inside configured nets, trying to add:"); // By first check if pingable $pingable = isPingable($ip, $flags); if (!$pingable && (isset($config['autodiscovery']['ping_skip']) && $config['autodiscovery']['ping_skip'])) { $flags = $flags | OBS_PING_SKIP; // Add skip pings flag if allowed in config $pingable = TRUE; } if ($pingable) { // Check if device duplicated by IP $ip = $ip_version == 4 ? $ip : Net_IPv6::uncompress($ip, TRUE); $db = dbFetchRow('SELECT D.`hostname` FROM ipv' . $ip_version . '_addresses AS A LEFT JOIN `ports` AS P ON A.`port_id` = P.`port_id` LEFT JOIN `devices` AS D ON D.`device_id` = P.`device_id` WHERE D.`disabled` = 0 AND A.`ipv' . $ip_version . '_address` = ?', array($ip)); if ($db) { print_debug('Already have device ' . $db['hostname'] . " with IP {$ip}"); return FALSE; } // Detect snmp transport, net-snmp needs udp6 for ipv6 $snmp_transport = $ip_version == 4 ? 'udp' : 'udp6'; $new_device = detect_device_snmpauth($ip, $snmp_port, $snmp_transport); if ($new_device) { if ($use_ip) { // Detect FQDN hostname // by sysName $snmphost = snmp_get($new_device, 'sysName.0', '-Oqv', 'SNMPv2-MIB'); if ($snmphost) { $snmp_ip = gethostbyname6($snmphost, $flags); } if ($snmp_ip == $ip) { $hostname = $snmphost; } else { // by PTR $ptr = gethostbyaddr6($ip); if ($ptr) { $ptr_ip = gethostbyname6($ptr, $flags); } if ($ptr && $ptr_ip == $ip) { $hostname = $ptr; } else { if ($config['autodiscovery']['require_hostname']) { print_debug("Device IP {$ip} does not seem to have FQDN."); return FALSE; } else { $hostname = $ip_version == 4 ? $ip : Net_IPv6::compress($hostname, TRUE); // Always use compressed IPv6 name } } } print_debug("Device IP {$ip} linked to FQDN name: {$hostname}"); } $new_device['hostname'] = $hostname; if (!check_device_duplicated($new_device)) { $snmp_v3 = array(); if ($new_device['snmp_version'] === 'v3') { $snmp_v3['snmp_authlevel'] = $new_device['snmp_authlevel']; $snmp_v3['snmp_authname'] = $new_device['snmp_authname']; $snmp_v3['snmp_authpass'] = $new_device['snmp_authpass']; $snmp_v3['snmp_authalgo'] = $new_device['snmp_authalgo']; $snmp_v3['snmp_cryptopass'] = $new_device['snmp_cryptopass']; $snmp_v3['snmp_cryptoalgo'] = $new_device['snmp_cryptoalgo']; } $remote_device_id = createHost($new_device['hostname'], $new_device['snmp_community'], $new_device['snmp_version'], $new_device['snmp_port'], $new_device['snmp_transport'], $snmp_v3); if ($remote_device_id) { if (is_flag_set(OBS_PING_SKIP, $flags)) { set_entity_attrib('device', $remote_device_id, 'ping_skip', 1); } $remote_device = device_by_id_cache($remote_device_id, 1); if ($port) { humanize_port($port); log_event("Device autodiscovered through {$protocol} on " . $device['hostname'] . " (port " . $port['port_label'] . ")", $remote_device_id, 'port', $port['port_id']); } else { log_event("Device autodiscovered through {$protocol} on " . $device['hostname'], $remote_device_id, $protocol); } //array_push($GLOBALS['devices'], $remote_device); // createHost() already puth this return $remote_device_id; } } } } } else { print_debug("IP {$ip} ({$hostname}) not permitted inside \$config['autodiscovery']['ip_nets'] in config.php"); } print_debug('Autodiscovery for host ' . $hostname . ' failed.'); } else { print_debug('Autodiscovery for protocol ' . $protocol . ' disabled.'); } return FALSE; }
function perform_snmp_scan($net, $force_network, $force_broadcast) { global $stats, $config, $debug, $vdebug; echo 'Range: ' . $net->network . '/' . $net->bitmask . PHP_EOL; $config['snmp']['timeout'] = 1; $config['snmp']['retries'] = 0; $config['fping_options']['retries'] = 0; $start = ip2long($net->network); $end = ip2long($net->broadcast) - 1; if ($force_network === true) { //Force-scan network address d_echo("Forcing network address scan" . PHP_EOL); $start = $start - 1; } if ($force_broadcast === true) { //Force-scan broadcast address d_echo("Forcing broadcast address scan" . PHP_EOL); $end = $end + 1; } if ($net->bitmask === "31") { //Handle RFC3021 /31 prefixes $start = ip2long($net->network) - 1; $end = ip2long($net->broadcast); d_echo("RFC3021 network, hosts " . long2ip($start + 1) . " and " . long2ip($end) . PHP_EOL . PHP_EOL); } elseif ($net->bitmask === "32") { //Handle single-host /32 prefixes $start = ip2long($net->network) - 1; $end = $start + 1; d_echo("RFC3021 network, hosts " . long2ip($start + 1) . " and " . long2ip($end) . PHP_EOL . PHP_EOL); } else { d_echo("Network: " . $net->network . PHP_EOL); d_echo("Broadcast: " . $net->broadcast . PHP_EOL . PHP_EOL); } while ($start++ < $end) { $stats['count']++; $host = long2ip($start); if ($vdebug) { echo "Scanning: " . $host . PHP_EOL; } if (match_network($config['autodiscovery']['nets-exclude'], $host)) { if ($vdebug) { echo "Excluded by config.php" . PHP_EOL . PHP_EOL; } else { echo '|'; } continue; } $test = isPingable($host); if ($test['result'] === false) { if ($vdebug) { echo "Unpingable Device" . PHP_EOL . PHP_EOL; } else { echo '.'; } continue; } if (ip_exists($host)) { $stats['known']++; if ($vdebug) { echo "Known Device" . PHP_EOL; } else { echo '*'; } continue; } foreach (array('udp', 'tcp') as $transport) { try { addHost(gethostbyaddr($host), '', $config['snmp']['port'], $transport, $config['distributed_poller_group']); $stats['added']++; if ($vdebug) { echo "Added Device" . PHP_EOL . PHP_EOL; } else { echo '+'; } break; } catch (HostExistsException $e) { $stats['known']++; if ($vdebug) { echo "Known Device" . PHP_EOL . PHP_EOL; } else { echo '*'; } break; } catch (HostUnreachablePingException $e) { if ($vdebug) { echo "Unpingable Device" . PHP_EOL . PHP_EOL; } else { echo '.'; } break; } catch (HostUnreachableException $e) { if ($debug) { print_error($e->getMessage() . " over {$transport}"); foreach ($e->getReasons() as $reason) { echo " {$reason}" . PHP_EOL; } } if ($transport === 'tcp') { // tried both udp and tcp without success $stats['failed']++; if ($vdebug) { echo "Failed to Add Device" . PHP_EOL . PHP_EOL; } else { echo '-'; } } } } } echo PHP_EOL; }
$where .= " AND I.device_id = '" . $_POST['device_id'] . "'"; } if ($_POST['interface']) { $where .= " AND I.ifDescr LIKE '" . $_POST['interface'] . "'"; } $sql = "SELECT * FROM `ipv4_addresses` AS A, `ports` AS I, `devices` AS D, `ipv4_networks` AS N WHERE I.interface_id = A.interface_id AND I.device_id = D.device_id AND N.ipv4_network_id = A.ipv4_network_id {$where} ORDER BY A.ipv4_address"; $query = mysql_query($sql); echo "<tr class=tablehead><th>Device</a></th><th>Interface</th><th>Address</th><th>Description</th></tr>"; $row = 1; while ($interface = mysql_fetch_array($query)) { if ($_POST['address']) { list($addy, $mask) = explode("/", $_POST['address']); if (!$mask) { $mask = "32"; } if (!match_network($addy . "/" . $mask, $interface['ipv4_address'])) { $ignore = 1; } } if (!$ignore) { if (is_integer($row / 2)) { $row_colour = $list_colour_a; } else { $row_colour = $list_colour_b; } $speed = humanspeed($interface['ifSpeed']); $type = humanmedia($interface['ifType']); list($prefix, $length) = explode("/", $interface['ipv4_network']); if ($interface['in_errors'] > 0 || $interface['out_errors'] > 0) { $error_img = generateiflink($interface, "<img src='images/16/chart_curve_error.png' alt='Interface Errors' border=0>", errors); } else {
function DBLogInContest($name, $pass, $contest, $msg = true) { $b = DBGetRow("select * from contesttable where contestnumber={$contest}", 0, null, "DBLogIn(get active contest)"); if ($b == null) { LOGLevel("There is no contest {$contest}.", 0); if ($msg) { MSGError("There is no contest {$contest}, contact an admin."); } return false; } $d = DBSiteInfo($b["contestnumber"], $b["contestlocalsite"], null, false); if ($d == null) { if ($msg) { MSGError("There is no active site, contact an admin."); } return false; } $a = DBGetRow("select * from usertable where username='******' and contestnumber=" . $b["contestnumber"] . " and " . "usersitenumber=" . $b["contestlocalsite"], 0, null, "DBLogIn(get user)"); if ($a == null) { if ($msg) { LOGLevel("User {$name} tried to log in contest {$contest} but it does not exist.", 2); MSGError("User does not exist or incorrect password."); } return false; } $a = DBUserInfo($b["contestnumber"], $b["contestlocalsite"], $a['usernumber'], null, false); $_SESSION['usertable'] = $a; $p = myhash($a["userpassword"] . session_id()); $_SESSION['usertable']['userpassword'] = $p; if ($a["userpassword"] != "" && $p != $pass) { LOGLevel("User {$name} tried to log in contest {$contest} but password was incorrect.", 2); if ($msg) { MSGError("Incorrect password."); } unset($_SESSION["usertable"]); return false; } if ($d["sitepermitlogins"] == "f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site") { LOGLevel("User {$name} tried to login contest {$contest} but logins are denied.", 2); if ($msg) { MSGError("Logins are not allowed."); } unset($_SESSION["usertable"]); return false; } if ($a["userenabled"] != "t") { LOGLevel("User {$name} tried to log in contest {$contest} but it is disabled.", 2); if ($msg) { MSGError("User disabled."); } unset($_SESSION["usertable"]); return false; } $gip = getIP(); if ($a["userip"] != $gip && $a["userip"] != "" && $a["usertype"] != "score") { LOGLevel("User {$name} is using two different IPs: " . $a["userip"] . "(" . dateconv($a["userlastlogin"]) . ") and " . $gip, 1); if ($msg && $a["usertype"] != "admin") { MSGError("You are using two distinct IPs. Admin notified."); } } if ($a["userpermitip"] != "") { $ips = explode(';', $a["userpermitip"]); $gips = explode(';', $gip); if (count($gips) < count($ips)) { IntrusionNotify("Invalid IP: " . $gip); ForceLoad("index.php"); } for ($ipss = 0; $ipss < count($ips); $ipss++) { $gipi = $gips[$ipss]; $ipi = $ips[$ipss]; if (!match_network($ipi, $gipi)) { IntrusionNotify("Invalid IP: " . $gip); ForceLoad("index.php"); } } } $c = DBConnect(); $t = time(); if ($a["usertype"] == "team" && $a["usermultilogin"] != "t" && $a["userpermitip"] == "") { $r = DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userpermitip='" . $gip . "'," . "userlastlogin={$t}, usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update session)"); } else { DBExec($c, "begin work"); $sql = "update usertable set usersessionextra='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"] . " and (usersessionextra='' or userip != '" . $gip . "' or userlastlogin<=" . ($t - 86400) . ")"; DBExec($c, $sql); DBExec($c, "update usertable set userip='" . $gip . "', updatetime=" . time() . ", userlastlogin={$t}, " . "usersession='" . session_id() . "' where username='******' and contestnumber=" . $b["contestnumber"] . " and usersitenumber=" . $b["contestlocalsite"], "DBLogIn(update user)"); if ($name == 'admin') { list($clockstr, $clocktime) = siteclock(); if ($clocktime < -600) { DBExec($c, "update contesttable set contestunlockkey='' where contestnumber=" . $b["contestnumber"], "DBLogInContest(update contest)"); } } DBExec($c, "commit work"); } LOGLevel("User {$name} authenticated (" . $gip . ")", 2); return $a; }
} if ($vars['page'] == "logout" && $_SESSION['authenticated']) { if (auth_can_logout()) { // No need for a feedback message if user requested a logout session_logout(function_exists('auth_require_login')); } header('Location: ' . $config['base_url']); exit; } $mcrypt_exists = check_extension_exists('mcrypt'); $user_unique_id = session_unique_id(); // Get unique user id and check if IP changed (if required by config) // Check if allowed auth by CIDR $auth_allow_cidr = TRUE; if (isset($config['web_session_cidr']) && count($config['web_session_cidr'])) { $auth_allow_cidr = match_network($_SERVER['REMOTE_ADDR'], $config['web_session_cidr']); } if (!$_SESSION['authenticated'] && isset($_GET['username']) && isset($_GET['password'])) { $_SESSION['username'] = $_GET['username']; $auth_password = $_GET['password']; } else { if (!$_SESSION['authenticated'] && isset($_POST['username']) && isset($_POST['password'])) { $_SESSION['username'] = $_POST['username']; $auth_password = $_POST['password']; } else { if ($mcrypt_exists && !$_SESSION['authenticated'] && isset($_COOKIE['ckey'])) { $ckey = dbFetchRow("SELECT * FROM `users_ckeys` WHERE `user_uniq` = ? AND `user_ckey` = ? LIMIT 1", array($user_unique_id, $_COOKIE['ckey'])); if (is_array($ckey)) { if ($ckey['expire'] > $currenttime && $auth_allow_cidr) { $_SESSION['username'] = $ckey['username']; $auth_password = decrypt($ckey['user_encpass'], $_COOKIE['dkey']);
function discover_new_device($hostname, $source = 'xdp', $protocol = NULL, $device = NULL, $port = 161) { global $config; $source = strtolower($source); if ($config['autodiscovery'][$source]) { if (!$protocol) { $protocol = strtoupper($source); } print_message("Discovering new host {$hostname} through {$protocol}"); // By first detect hostname is IP or domain name (IPv4/6 == 4/6, hostname == FALSE) $ip_version = get_ip_version($hostname); if ($ip_version) { // Hostname is IPv4/IPv6 $use_ip = TRUE; } else { $use_ip = FALSE; if (!empty($config['mydomain']) && isDomainResolves($hostname . '.' . $config['mydomain'])) { $hostname .= '.' . $config['mydomain']; } $ip = gethostbyname6($hostname); if ($ip) { $ip_version = get_ip_version($ip); print_debug("Host {$hostname} resolved as {$ip}"); } else { // No DNS records print_debug("Host {$hostname} not resolved, autodiscovery fails."); return FALSE; } } if (match_network($ip, $config['autodiscovery']['ip_nets'])) { print_debug("Host {$hostname} ({$ip}) founded inside configured nets, try to adding:"); if (isPingable($ip)) { // Check if device duplicated by IP $ip = $ip_version == 4 ? $hostname : Net_IPv6::uncompress($hostname, TRUE); $db = dbFetchRow('SELECT D.`hostname` FROM ipv' . $ip_version . '_addresses AS A LEFT JOIN `ports` AS P ON A.`port_id` = P.`port_id` LEFT JOIN `devices` AS D ON D.`device_id` = P.`device_id` WHERE D.`disabled` = 0 AND A.`ipv' . $ip_version . '_address` = ?', array($ip)); if ($db) { print_debug('Already have device ' . $db['hostname'] . " with {$ip}"); return FALSE; } // Detect snmp transport $transport = $ip_version == 4 ? 'udp' : 'udp6'; $new_device = detect_device_snmpauth($ip, $port, $transport); if ($new_device) { if ($use_ip) { // Detect FQDN hostname // by sysName $snmphost = snmp_get($new_device, "sysName.0", "-Oqv", "SNMPv2-MIB", mib_dirs()); if ($snmphost) { $snmp_ip = gethostbyname6($snmphost); } if ($snmp_ip == $ip) { $hostname = $snmphost; } else { // by PTR $ptr = gethostbyaddr6($ip); if ($ptr) { $ptr_ip = gethostbyname6($ptr); } if ($ptr && $ptr_ip == $ip) { $hostname = $ptr; } else { print_debug("Device IP {$ip} not have FQDN name"); return FALSE; } } print_debug("Device IP {$ip} founded FQDN name: {$hostname}"); } $new_device['hostname'] = $hostname; if (!check_device_duplicated($new_device)) { $v3 = array(); if ($new_device['snmpver'] === 'v3') { $v3['authlevel'] = $new_device['authlevel']; $v3['authname'] = $new_device['authname']; $v3['authpass'] = $new_device['authpass']; $v3['authalgo'] = $new_device['authalgo']; $v3['cryptopass'] = $new_device['cryptopass']; $v3['cryptoalgo'] = $new_device['cryptoalgo']; } $remote_device_id = createHost($new_device['hostname'], $new_device['community'], $new_device['snmpver'], $new_device['port'], $new_device['transport'], $v3); if ($remote_device_id) { $remote_device = device_by_id_cache($remote_device_id, 1); if ($port) { humanize_port($port); log_event("Device autodiscovered through {$protocol} on " . $device['hostname'] . " (port " . $port['label'] . ")", $remote_device_id, 'port', $port['port_id']); } else { log_event("Device autodiscovered through {$protocol} on " . $device['hostname'], $remote_device_id, $protocol); } //array_push($GLOBALS['devices'], $remote_device); // createHost() already puth this return $remote_device_id; } } } } } else { print_debug("IP {$ip} ({$hostname}) not permitted inside \$config['autodiscovery']['ip_nets'] in config.php"); } print_debug('Autodiscovery for host ' . $hostname . ' fails.'); } else { print_debug('Autodiscovery for protocol ' . $protocol . ' disabled.'); } return FALSE; }
/** * @dataProvider providerMatchNetwork * @group ip */ public function testMatchNetwork($result, $ip, $nets, $first = FALSE) { $this->assertSame($result, match_network($ip, $nets, $first)); }
* @subpackage graphing * @author Adam Armstrong <*****@*****.**> * @copyright (C) 2006-2013 Adam Armstrong, (C) 2013-2016 Observium Limited * */ #ob_start(); // FIXME why no more? include_once "../includes/sql-config.inc.php"; $start = utime(); // Needs common.php include $config['html_dir'] . "/includes/functions.inc.php"; if (isset($config['allow_unauth_graphs']) && $config['allow_unauth_graphs']) { $auth = TRUE; // hardcode auth for all with config function print_debug('Authentication bypassed by $config[\'allow_unauth_graphs\'].'); } elseif (isset($config['allow_unauth_graphs_cidr']) && count($config['allow_unauth_graphs_cidr'])) { if (match_network($_SERVER['REMOTE_ADDR'], $config['allow_unauth_graphs_cidr'])) { $auth = TRUE; // hardcode authenticated for matched subnet print_debug("Authentication by matched CIDR."); } } if (!$auth) { // Normal auth include $config['html_dir'] . "/includes/authenticate.inc.php"; } // Push $_GET into $vars to be compatible with web interface naming $vars = get_vars('GET'); include $config['html_dir'] . "/includes/graphs/graph.inc.php"; $runtime = utime() - $start; print_debug("Runtime " . $runtime . " secs"); // EOF