list($net, $mask) = explode('/', trim($range)); if (Net_IPv4::validateIP($net)) { // IPv4 $mask = $mask != NULL ? $mask : '32'; $range = $net . '/' . $mask; if ($mask >= 0 && $mask <= 32 && Net_IPv4::ipInNetwork($_SERVER['REMOTE_ADDR'], $range)) { $auth = TRUE; // hardcode authenticated for matched subnet print_debug("认证的CIDR匹配IPv4 {$range}."); break; } } elseif (Net_IPv6::checkIPv6($net)) { // IPv6 $mask = $mask != NULL ? $mask : '128'; $range = $net . '/' . $mask; if ($mask >= 0 && $mask <= 128 && Net_IPv6::isInNetmask($_SERVER['REMOTE_ADDR'], $range)) { $auth = TRUE; // hardcode authenticated for matched subnet print_debug("认证的CIDR匹配IPv6 {$range}"); break; } } } } if (!$auth) { // Normal auth include $config['html_dir'] . "/includes/authenticate.inc.php"; } // Push $_GET into $vars to be compatible with web interface naming $vars = get_vars('GET'); include $config['html_dir'] . "/includes/graphs/graph.inc.php";
function match_network($ip, $nets, $first = FALSE) { $return = FALSE; $ip_version = get_ip_version($ip); if ($ip_version) { if (!is_array($nets)) { $nets = array($nets); } foreach ($nets as $net) { $ip_in_net = FALSE; $revert = preg_match("/^\\!/", $net) ? TRUE : FALSE; // NOT match network $net = preg_replace("/^\\!/", "", $net); if ($ip_version == 4) { if (strpos($net, '.') === FALSE) { continue; } // NOT IPv4 net, skip if (strpos($net, '/') === FALSE) { $net .= '/32'; } // NET without mask as single IP $ip_in_net = Net_IPv4::ipInNetwork($ip, $net); } else { if (strpos($net, ':') === FALSE) { continue; } if (strpos($net, '/') === FALSE) { $net .= '/128'; } // NET without mask as single IP $ip_in_net = Net_IPv6::isInNetmask($ip, $net); } if ($revert && $ip_in_net) { return FALSE; } // Return FALSE if IP founded in network where should NOT match if ($first && $ip_in_net) { return TRUE; } // Return TRUE if IP founded in first match $return = $return || $ip_in_net; } } return $return; }
$where .= " AND I.device_id = '" . $_POST['device_id'] . "'"; } if ($_POST['interface']) { $where .= " AND I.ifDescr LIKE '" . $_POST['interface'] . "'"; } $sql = "SELECT * FROM `ipv6_addresses` AS A, `ports` AS I, `devices` AS D, `ipv6_networks` AS N WHERE I.interface_id = A.interface_id AND I.device_id = D.device_id AND N.ipv6_network_id = A.ipv6_network_id {$where} ORDER BY A.ipv6_address"; $query = mysql_query($sql); echo "<tr class=tablehead><td width=0></td><th>Device</a></th><th>Interface</th><th>Address</th><th>Description</th></tr>"; $row = 1; while ($interface = mysql_fetch_array($query)) { if ($_POST['address']) { list($addy, $mask) = explode("/", $_POST['address']); if (!$mask) { $mask = "128"; } if (!Net_IPv6::isInNetmask($interface['ipv6_address'], $addy, $mask)) { $ignore = 1; } else { $ignore = 0; } } if (!$ignore) { if (is_integer($row / 2)) { $row_colour = $list_colour_a; } else { $row_colour = $list_colour_b; } $speed = humanspeed($interface['ifSpeed']); $type = humanmedia($interface['ifType']); list($prefix, $length) = explode("/", $interface['ipv6_network']); if ($interface['in_errors'] > 0 || $interface['out_errors'] > 0) {
if (!is_hostname($_POST['hostname'])) { $input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'."); } else { if (!is_unqualified_hostname($_POST['hostname'])) { $input_errors[] = gettext("A valid hostname is specified, but the domain name part should be omitted"); } } } if ($_POST['ipaddrv6']) { if (!is_ipaddrv6($_POST['ipaddrv6'])) { $input_errors[] = gettext("A valid IPv6 address must be specified."); } elseif ($config['interfaces'][$if]['ipaddrv6'] == 'track6') { $trackifname = $config['interfaces'][$if]['track6-interface']; $trackcfg = $config['interfaces'][$trackifname]; $pdlen = 64 - $trackcfg['dhcp6-ia-pd-len']; if (!Net_IPv6::isInNetmask($_POST['ipaddrv6'], '::', $pdlen)) { $input_errors[] = sprintf(gettext("The prefix (upper %s bits) must be zero. Use the form %s"), $pdlen, dhcpv6_pd_str_help($ifcfgsn)); } } } if (empty($_POST['duid'])) { $input_errors[] = gettext("A valid DUID must be specified."); } /* check for overlaps */ foreach ($a_maps as $mapent) { if (isset($id) && $a_maps[$id] && $a_maps[$id] === $mapent) { continue; } if ($mapent['hostname'] == $_POST['hostname'] && $mapent['hostname'] || $mapent['duid'] == $_POST['duid']) { $input_errors[] = gettext("This Hostname, IP or DUID already exists."); break;
/** * verify ip address from edit / add * noStrict ignores NW and Broadcast checks */ function VerifyIpAddress($ip, $subnet, $noStrict = false) { /* First identify it */ $type = IdentifyAddress($ip); $type = IdentifyAddress($subnet); /* get mask */ $mask = explode("/", $subnet); /* IPv4 verification */ if ($type == 'IPv4') { require_once 'PEAR/Net/IPv4.php'; $Net_IPv4 = new Net_IPv4(); // is it valid? if (!$Net_IPv4->validateIP($ip)) { $error = _("IP address not valid") . "! ({$ip})"; } elseif (!$Net_IPv4->ipInNetwork($ip, $subnet)) { $error = _("IP address not in selected subnet") . "! ({$ip})"; } elseif ($mask[1] == "31" || $mask[1] == "32" || $noStrict == true) { } else { $net = $Net_IPv4->parseAddress($subnet); if ($net->network == $ip) { $error = _("Cannot add subnet as IP address!"); } elseif ($net->broadcast == $ip) { $error = _("Cannot add broadcast as IP address!"); } } } else { require_once 'PEAR/Net/IPv6.php'; $Net_IPv6 = new Net_IPv6(); //remove /xx from subnet $subnet_short = $Net_IPv6->removeNetmaskSpec($subnet); // is it valid? if (!$Net_IPv6->checkIPv6($ip)) { $error = _("IP address not valid") . "! ({$ip})"; } elseif (!$Net_IPv6->isInNetmask($ip, $subnet)) { $error = _("IP address not in selected subnet") . "! ({$ip})"; } } /* return results */ if (isset($error)) { return $error; } else { return false; } }
} $range_from_to_ok = true; if ($_POST['range_from']) { if (!is_ipaddrv6($_POST['range_from'])) { $input_errors[] = gettext("A valid range must be specified."); $range_from_to_ok = false; } elseif ($config['interfaces'][$if]['ipaddrv6'] == 'track6' && !Net_IPv6::isInNetmask($_POST['range_from'], '::', $ifcfgsn)) { $input_errors[] = sprintf(gettext("The prefix (upper %s bits) must be zero. Use the form %s"), $ifcfgsn, $str_help_mask); $range_from_to_ok = false; } } if ($_POST['range_to']) { if (!is_ipaddrv6($_POST['range_to'])) { $input_errors[] = gettext("A valid range must be specified."); $range_from_to_ok = false; } elseif ($config['interfaces'][$if]['ipaddrv6'] == 'track6' && !Net_IPv6::isInNetmask($_POST['range_to'], '::', $ifcfgsn)) { $input_errors[] = sprintf(gettext("The prefix (upper %s bits) must be zero. Use the form %s"), $ifcfgsn, $str_help_mask); $range_from_to_ok = false; } } if ($_POST['gateway'] && !is_ipaddrv6($_POST['gateway'])) { $input_errors[] = gettext("A valid IPv6 address must be specified for the gateway."); } if ($_POST['dns1'] && !is_ipaddrv6($_POST['dns1']) || $_POST['dns2'] && !is_ipaddrv6($_POST['dns2']) || $_POST['dns3'] && !is_ipaddrv6($_POST['dns3']) || $_POST['dns4'] && !is_ipaddrv6($_POST['dns4'])) { $input_errors[] = gettext("A valid IPv6 address must be specified for each of the DNS servers."); } if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || $_POST['deftime'] < 60)) { $input_errors[] = gettext("The default lease time must be at least 60 seconds."); } if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || $_POST['maxtime'] < 60 || $_POST['maxtime'] <= $_POST['deftime'])) { $input_errors[] = gettext("The maximum lease time must be at least 60 seconds and higher than the default lease time.");
/** * Display IPv4/IPv6 addresses. * * Display pages with IP addresses from device Interfaces. * * @param array $vars * @return none * */ function print_addresses($vars) { // With pagination? (display page numbers in header) $pagination = isset($vars['pagination']) && $vars['pagination']; pagination($vars, 0, TRUE); // Get default pagesize/pageno $pageno = $vars['pageno']; $pagesize = $vars['pagesize']; $start = $pagesize * $pageno - $pagesize; if (in_array($vars['search'], array('6', 'v6', 'ipv6')) || in_array($vars['view'], array('6', 'v6', 'ipv6'))) { $address_type = 'ipv6'; } else { $address_type = 'ipv4'; } $ip_array = array(); $param = array(); $where = ' WHERE 1 '; $param_netscaler = array(); $where_netscaler = " WHERE `vsvr_ip` != '0.0.0.0' AND `vsvr_ip` != '' "; foreach ($vars as $var => $value) { if ($value != '') { switch ($var) { case 'device': case 'device_id': $where .= generate_query_values($value, 'I.device_id'); $where_netscaler .= generate_query_values($value, 'N.device_id'); break; case 'interface': $where .= generate_query_values($value, 'I.ifDescr', 'LIKE%'); break; case 'network': list($net, $mask) = explode('/', $value); if (is_numeric(stripos($net, ':abcdef'))) { $address_type = 'ipv6'; } $where .= generate_query_values($value, 'N.ip_network', 'LIKE%'); break; case 'address': list($addr, $mask) = explode('/', $value); if (is_numeric(stripos($addr, ':abcdef'))) { $address_type = 'ipv6'; } switch ($address_type) { case 'ipv6': $ip_valid = Net_IPv6::checkIPv6($addr); break; case 'ipv4': $ip_valid = Net_IPv4::validateIP($addr); break; } if ($ip_valid) { // If address valid -> seek occurrence in network if (!$mask) { $mask = $address_type === 'ipv4' ? '32' : '128'; } $where_netscaler .= generate_query_values($addr, 'N.vsvr_ip'); } else { // If address not valid -> seek LIKE $where .= generate_query_values($addr, 'A.ip_address', '%LIKE%'); $where_netscaler .= generate_query_values($addr, 'N.vsvr_ip', '%LIKE%'); } break; } } } $query_device_permitted = generate_query_permitted(array('device'), array('device_table' => 'D')); $query_port_permitted = generate_query_permitted(array('port'), array('port_table' => 'I')); // Also search netscaler Vserver IPs $query_netscaler = 'FROM `netscaler_vservers` AS N '; $query_netscaler .= 'LEFT JOIN `devices` AS D ON N.`device_id` = D.`device_id` '; $query_netscaler .= $where_netscaler . $query_device_permitted; //$query_netscaler_count = 'SELECT COUNT(`vsvr_id`) ' . $query_netscaler; $query_netscaler = 'SELECT * ' . $query_netscaler; $query_netscaler .= ' ORDER BY N.`vsvr_ip`'; // Override by address type if ($address_type == 'ipv6') { $query_netscaler = str_replace(array('vsvr_ip', '0.0.0.0'), array('vsvr_ipv6', '0:0:0:0:0:0:0:0'), $query_netscaler); //$query_netscaler_count = str_replace(array('vsvr_ip', '0.0.0.0'), array('vsvr_ipv6', '0:0:0:0:0:0:0:0'), $query_netscaler_count); } $entries = dbFetchRows($query_netscaler, $param_netscaler); // Rewrite netscaler addresses foreach ($entries as $entry) { $ip_address = $address_type == 'ipv4' ? $entry['vsvr_ip'] : $entry['vsvr_' . $address_type]; $ip_network = $address_type == 'ipv4' ? $entry['vsvr_ip'] . '/32' : $entry['vsvr_' . $address_type] . '/128'; $ip_array[] = array('type' => 'netscaler_vsvr', 'device_id' => $entry['device_id'], 'hostname' => $entry['hostname'], 'vsvr_id' => $entry['vsvr_id'], 'vsvr_label' => $entry['vsvr_label'], 'ifAlias' => 'Netscaler: ' . $entry['vsvr_type'] . '/' . $entry['vsvr_entitytype'], $address_type . '_address' => $ip_address, $address_type . '_network' => $ip_network); } //print_message($query_netscaler_count); $query = 'FROM `ip_addresses` AS A '; $query .= 'LEFT JOIN `ports` AS I ON I.`port_id` = A.`port_id` '; $query .= 'LEFT JOIN `devices` AS D ON I.`device_id` = D.`device_id` '; $query .= 'LEFT JOIN `ip_networks` AS N ON N.`ip_network_id` = A.`ip_network_id` '; $query .= $where . $query_port_permitted; //$query_count = 'SELECT COUNT(`ip_address_id`) ' . $query; $query = 'SELECT * ' . $query; $query .= ' ORDER BY A.`ip_address`'; if ($ip_valid) { $pagination = FALSE; } // Override by address type $query = str_replace(array('ip_address', 'ip_network'), array($address_type . '_address', $address_type . '_network'), $query); //$query_count = str_replace(array('ip_address', 'ip_network'), array($address_type.'_address', $address_type.'_network'), $query_count); // Query addresses $entries = dbFetchRows($query, $param); $ip_array = array_merge($ip_array, $entries); $ip_array = array_sort($ip_array, $address_type . '_address'); // Query address count //if ($pagination) { $count = dbFetchCell($query_count, $param); } if ($pagination) { $count = count($ip_array); $ip_array = array_slice($ip_array, $start, $pagesize); } $list = array('device' => FALSE); if (!isset($vars['device']) || empty($vars['device']) || $vars['page'] == 'search') { $list['device'] = TRUE; } $string = generate_box_open($vars['header']); $string .= '<table class="' . OBS_CLASS_TABLE_STRIPED . '">' . PHP_EOL; if (!$short) { $string .= ' <thead>' . PHP_EOL; $string .= ' <tr>' . PHP_EOL; if ($list['device']) { $string .= ' <th>Device</th>' . PHP_EOL; } $string .= ' <th>Interface</th>' . PHP_EOL; $string .= ' <th>Address</th>' . PHP_EOL; $string .= ' <th>Description</th>' . PHP_EOL; $string .= ' </tr>' . PHP_EOL; $string .= ' </thead>' . PHP_EOL; } $string .= ' <tbody>' . PHP_EOL; foreach ($ip_array as $entry) { $address_show = TRUE; if ($ip_valid) { // If address not in specified network, don't show entry. if ($address_type === 'ipv4') { $address_show = Net_IPv4::ipInNetwork($entry[$address_type . '_address'], $addr . '/' . $mask); } else { $address_show = Net_IPv6::isInNetmask($entry[$address_type . '_address'], $addr, $mask); } } if ($address_show) { list($prefix, $length) = explode('/', $entry[$address_type . '_network']); if (port_permitted($entry['port_id']) || $entry['type'] == 'netscaler_vsvr') { if ($entry['type'] == 'netscaler_vsvr') { $entity_link = generate_entity_link($entry['type'], $entry); } else { humanize_port($entry); if ($entry['ifInErrors_delta'] > 0 || $entry['ifOutErrors_delta'] > 0) { $port_error = generate_port_link($entry, '<span class="label label-important">Errors</span>', 'port_errors'); } $entity_link = generate_port_link($entry, $entry['port_label_short']) . ' ' . $port_error; } $device_link = generate_device_link($entry); $string .= ' <tr>' . PHP_EOL; if ($list['device']) { $string .= ' <td class="entity" style="white-space: nowrap">' . $device_link . '</td>' . PHP_EOL; } $string .= ' <td class="entity">' . $entity_link . '</td>' . PHP_EOL; if ($address_type === 'ipv6') { $entry[$address_type . '_address'] = Net_IPv6::compress($entry[$address_type . '_address']); } $string .= ' <td>' . generate_popup_link('ip', $entry[$address_type . '_address'] . '/' . $length) . '</td>' . PHP_EOL; $string .= ' <td>' . $entry['ifAlias'] . '</td>' . PHP_EOL; $string .= ' </tr>' . PHP_EOL; } } } $string .= ' </tbody>' . PHP_EOL; $string .= '</table>'; $string .= generate_box_close(); // Print pagination header if ($pagination) { $string = pagination($vars, $count) . $string . pagination($vars, $count); } // Print addresses echo $string; }
/** * Display IPv4/IPv6 addresses. * * Display pages with IP addresses from device Interfaces. * * @param array $vars * @return none * */ function print_addresses($vars) { // With pagination? (display page numbers in header) $pagination = isset($vars['pagination']) && $vars['pagination']; $pageno = isset($vars['pageno']) && !empty($vars['pageno']) ? $vars['pageno'] : 1; $pagesize = isset($vars['pagesize']) && !empty($vars['pagesize']) ? $vars['pagesize'] : 10; $start = $pagesize * $pageno - $pagesize; switch ($vars['search']) { case '6': case 'ipv6': case 'v6': $address_type = 'ipv6'; break; default: $address_type = 'ipv4'; } $param = array(); $where = ' WHERE 1 '; foreach ($vars as $var => $value) { if ($value != '') { switch ($var) { case 'device': case 'device_id': $where .= ' AND I.device_id = ?'; $param[] = $value; break; case 'interface': $where .= ' AND I.ifDescr LIKE ?'; $param[] = $value; break; case 'network': $where .= ' AND N.ip_network_id = ?'; $param[] = $value; break; case 'address': list($addr, $mask) = explode('/', $value); if (is_numeric(stripos($addr, ':abcdef'))) { $address_type = 'ipv6'; } switch ($address_type) { case 'ipv6': $ip_valid = Net_IPv6::checkIPv6($addr); break; case 'ipv4': $ip_valid = Net_IPv4::validateIP($addr); break; } if ($ip_valid) { // If address valid -> seek occurrence in network if (!$mask) { $mask = $address_type === 'ipv4' ? '32' : '128'; } } else { // If address not valid -> seek LIKE $where .= ' AND A.ip_address LIKE ?'; $param[] = '%' . $addr . '%'; } break; } } } if ($_SESSION['userlevel'] >= 5) { $query_perms = ''; $query_user = ''; } else { $query_perms = 'LEFT JOIN devices_perms AS P ON D.device_id = P.device_id '; $query_user = '******'; $param[] = $_SESSION['user_id']; } // Don't show ignored and disabled devices $query_device = ' AND D.ignore = 0 '; if (!$config['web_show_disabled']) { $query_device .= 'AND D.disabled = 0 '; } $query = 'FROM `ip_addresses` AS A '; $query .= 'LEFT JOIN `ports` AS I ON I.port_id = A.port_id '; $query .= 'LEFT JOIN `devices` AS D ON I.device_id = D.device_id '; $query .= 'LEFT JOIN `ip_networks` AS N ON N.ip_network_id = A.ip_network_id '; $query .= $query_perms; $query .= $where . $query_device . $query_user; $query_count = 'SELECT COUNT(ip_address_id) ' . $query; $query = 'SELECT * ' . $query; $query .= ' ORDER BY A.ip_address'; if ($ip_valid) { $pagination = FALSE; } else { $query .= " LIMIT {$start},{$pagesize}"; } // Override by address type $query = str_replace(array('ip_address', 'ip_network'), array($address_type . '_address', $address_type . '_network'), $query); $query_count = str_replace(array('ip_address', 'ip_network'), array($address_type . '_address', $address_type . '_network'), $query_count); // Query addresses $entries = dbFetchRows($query, $param); // Query address count if ($pagination) { $count = dbFetchCell($query_count, $param); } $list = array('device' => FALSE); if (!isset($vars['device']) || empty($vars['device']) || $vars['page'] == 'search') { $list['device'] = TRUE; } $string = '<table class="table table-bordered table-striped table-hover table-condensed">' . PHP_EOL; if (!$short) { $string .= ' <thead>' . PHP_EOL; $string .= ' <tr>' . PHP_EOL; if ($list['device']) { $string .= ' <th>Device</th>' . PHP_EOL; } $string .= ' <th>Interface</th>' . PHP_EOL; $string .= ' <th>Address</th>' . PHP_EOL; $string .= ' <th>Description</th>' . PHP_EOL; $string .= ' </tr>' . PHP_EOL; $string .= ' </thead>' . PHP_EOL; } $string .= ' <tbody>' . PHP_EOL; foreach ($entries as $entry) { $address_show = TRUE; if ($ip_valid) { // If address not in specified network, don't show entry. if ($address_type === 'ipv4') { $address_show = Net_IPv4::ipInNetwork($entry[$address_type . '_address'], $addr . '/' . $mask); } else { $address_show = Net_IPv6::isInNetmask($entry[$address_type . '_address'], $addr, $mask); } } if ($address_show) { list($prefix, $length) = explode('/', $entry[$address_type . '_network']); if (port_permitted($entry['port_id'])) { humanize_port($entry); if ($entry['ifInErrors_delta'] > 0 || $entry['ifOutErrors_delta'] > 0) { $port_error = generate_port_link($entry, '<span class="label label-important">Errors</span>', 'port_errors'); } $string .= ' <tr>' . PHP_EOL; if ($list['device']) { $string .= ' <td class="entity" nowrap>' . generate_device_link($entry) . '</td>' . PHP_EOL; } $string .= ' <td class="entity">' . generate_port_link($entry, makeshortif($entry['label'])) . ' ' . $port_error . '</td>' . PHP_EOL; if ($address_type === 'ipv6') { $entry[$address_type . '_address'] = Net_IPv6::compress($entry[$address_type . '_address']); } $string .= ' <td>' . $entry[$address_type . '_address'] . '/' . $length . '</td>' . PHP_EOL; $string .= ' <td>' . $entry['ifAlias'] . '</td>' . PHP_EOL; $string .= ' </tr>' . PHP_EOL; } } } $string .= ' </tbody>' . PHP_EOL; $string .= '</table>'; // Print pagination header if ($pagination) { echo pagination($vars, $count); } // Print addresses echo $string; }
private function check_ips($validate, $settings, $which) { $ip = $validate['ip']; $ips = $settings['extra_ips'][$which ? 'black_list' : 'white_list']; if (FALSE === strpos($ips, '/')) { if (FALSE !== strpos($ips, $ip)) { $validate += array('result' => $which ? 'extra' : 'passed'); } // can't overwrite existing result } elseif (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { require_once IP_GEO_BLOCK_PATH . 'includes/Net/IPv4.php'; foreach (explode(',', $ips) as $i) { $j = explode('/', $i = trim($i)); if (filter_var($j[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) && Net_IPv4::ipInNetwork($ip, !empty($j[1]) ? $i : "{$i}/32")) { $validate += array('result' => $which ? 'extra' : 'passed'); // can't overwrite existing result break; } } } elseif (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { require_once IP_GEO_BLOCK_PATH . 'includes/Net/IPv6.php'; foreach (explode(',', $ips) as $i) { $j = explode('/', $i = trim($i)); if (filter_var($j[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && Net_IPv6::isInNetmask($ip, !empty($j[1]) ? $i : "{$i}/128")) { $validate += array('result' => $which ? 'extra' : 'passed'); // can't overwrite existing result break; } } } return $validate; }