From 88834d6ea1e8d378928624c3450b9ed34800eb39 Mon Sep 17 00:00:00 2001
From: Arturo Gonzalez <arturo.gonzalez@artica.es>
Date: Thu, 24 Aug 2017 16:26:58 +0200
Subject: [PATCH] Added a first version of snmp browser with a proxy server

---
 pandora_console/include/ajax/events.php       | 43 +++-------
 .../include/functions_snmp_browser.php        | 86 ++++++++++++++-----
 .../javascript/pandora_snmp_browser.js        |  2 +
 .../operation/snmpconsole/snmp_browser.php    |  4 +-
 4 files changed, 83 insertions(+), 52 deletions(-)

diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php
index 452a9c4d43..14bf0c85a8 100644
--- a/pandora_console/include/ajax/events.php
+++ b/pandora_console/include/ajax/events.php
@@ -127,40 +127,21 @@ if ($perform_event_response) {
 	$event_response = db_get_row('tevent_response','id',$response_id);
 
 	if (enterprise_installed()) {
-		if ($event_response['server_to_exec'] != 0) {
-			enterprise_include_once ('include/functions_satellite.php');
-			
-			$connection = connect_to_proxy_server('192.168.70.165');
-			
-			switch (PHP_OS) {
-				case "FreeBSD":
-					$timeout_bin = '/usr/local/bin/gtimeout';
-					break;
-				case "NetBSD":
-					$timeout_bin = '/usr/pkg/bin/gtimeout';
-					break;
-				default:
-					$timeout_bin = '/usr/bin/timeout';
-					break;
+		if ($event_response['server_to_exec'] != 0 && $event_response['type'] == 'command') {
+			$commandExclusions = array ('vi', 'vim', 'nano');
+
+    		if (in_array(strtolower($command),$commandExclusions)) {
+				echo "Only stdin/stdout commands are supported";
 			}
-
-			$stream = ssh2_exec($connection, "whoami");
-    
-			stream_set_blocking($stream, true);
-			$stream_out = ssh2_fetch_stream($stream, SSH2_STREAM_STDIO);
-
-			$exec_val = stream_get_contents($stream_out);
-
-
-
-			$stream = ssh2_exec($connection, $timeout_bin . ' 9 ' . io_safe_output($command) . ' 2>&1');
+			else {
+				enterprise_include_once ('include/functions_satellite.php');
 			
-			stream_set_blocking($stream, true);
-			$stream_out = ssh2_fetch_stream($stream, SSH2_STREAM_STDIO);
+				$connection = connect_to_proxy_server('192.168.70.165');
 
-			$exec_val = stream_get_contents($stream_out);
-			
-			echo $exec_val;
+				$exec_val = proxy_execute_command($connection, io_safe_output($command));
+				
+				echo $exec_val;
+			}
 		}
 		else {
 			switch (PHP_OS) {
diff --git a/pandora_console/include/functions_snmp_browser.php b/pandora_console/include/functions_snmp_browser.php
index 7318e871cf..df434c8545 100644
--- a/pandora_console/include/functions_snmp_browser.php
+++ b/pandora_console/include/functions_snmp_browser.php
@@ -138,7 +138,7 @@ function snmp_browser_print_tree ($tree, $id = 0, $depth = 0, $last = 0, $last_a
  *
  * @return array The SNMP tree.
  */
-function snmp_browser_get_tree ($target_ip, $community, $starting_oid = '.', $version = '2c', $snmp3_auth_user = '', $snmp3_security_level = '', $snmp3_auth_method = '', $snmp3_auth_pass = '', $snmp3_privacy_method = '', $snmp3_privacy_pass = '') {
+function snmp_browser_get_tree ($target_ip, $community, $starting_oid = '.', $version = '2c', $snmp3_auth_user = '', $snmp3_security_level = '', $snmp3_auth_method = '', $snmp3_auth_pass = '', $snmp3_privacy_method = '', $snmp3_privacy_pass = '', $server_to_exec = 0) {
 	global $config;
 	
 	if ($target_ip == '') {
@@ -174,26 +174,58 @@ function snmp_browser_get_tree ($target_ip, $community, $starting_oid = '.', $ve
 			break;
 	}
 
-	$oid_tree = array('__LEAVES__' => array());
-	if ($version == "3") {
-		switch ($snmp3_security_level) {
-			case "authPriv":
-				exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' -x ' . escapeshellarg($snmp3_privacy_method) . ' -X ' . escapeshellarg($snmp3_privacy_pass) . ' ' . escapeshellarg($target_ip)  . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc);
-				break;
-			case "authNoPriv":
-				exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' ' . escapeshellarg($target_ip)  . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc);
-				break;
-			case "noAuthNoPriv":
-				exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -l ' . escapeshellarg($snmp3_security_level) . ' ' . escapeshellarg($target_ip)  . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc);
-				break;
+	if ($server_to_exec != 0) {
+		$sql = sprintf("SELECT exec_proxy: FROM tserver WHERE id_server = %d", $server_to_exec);
+		$server = db_get_row_sql($sql);
+
+		if ($server) {
+			if (enterprise_installed()) {
+				enterprise_include_once ('include/functions_satellite.php');
+
+				$oid_tree = array('__LEAVES__' => array());
+				if ($version == "3") {
+					switch ($snmp3_security_level) {
+						case "authPriv":
+							$command = $snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' -x ' . escapeshellarg($snmp3_privacy_method) . ' -X ' . escapeshellarg($snmp3_privacy_pass) . ' ' . escapeshellarg($target_ip)  . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir;
+							break;
+						case "authNoPriv":
+							$command = $snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' ' . escapeshellarg($target_ip)  . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir;
+							break;
+						case "noAuthNoPriv":
+							$command = $snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -l ' . escapeshellarg($snmp3_security_level) . ' ' . escapeshellarg($target_ip)  . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir;
+							break;
+					}
+				}
+				else {
+					$command = $snmpwalk_bin . ' -m ALL -M +' . escapeshellarg($config['homedir'] . '/attachment/mibs') . ' -Cc -c ' . escapeshellarg($community) . ' -v ' . escapeshellarg($version) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir;
+				}
+				
+				$connection = connect_to_proxy_server('192.168.70.165');
+
+				$output = proxy_execute_command($connection, io_safe_output($command));
+			}
+		}
+		else {
+			$oid_tree = array('__LEAVES__' => array());
+			if ($version == "3") {
+				switch ($snmp3_security_level) {
+					case "authPriv":
+						exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' -x ' . escapeshellarg($snmp3_privacy_method) . ' -X ' . escapeshellarg($snmp3_privacy_pass) . ' ' . escapeshellarg($target_ip)  . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc);
+						break;
+					case "authNoPriv":
+						exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -A ' . escapeshellarg($snmp3_auth_pass) . ' -l ' . escapeshellarg($snmp3_security_level) . ' -a ' . escapeshellarg($snmp3_auth_method) . ' ' . escapeshellarg($target_ip)  . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc);
+						break;
+					case "noAuthNoPriv":
+						exec ($snmpwalk_bin . ' -m ALL -v 3 -u ' . escapeshellarg($snmp3_auth_user) . ' -l ' . escapeshellarg($snmp3_security_level) . ' ' . escapeshellarg($target_ip)  . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc);
+						break;
+				}
+			}
+			else {
+				exec ($snmpwalk_bin . ' -m ALL -M +' . escapeshellarg($config['homedir'] . '/attachment/mibs') . ' -Cc -c ' . escapeshellarg($community) . ' -v ' . escapeshellarg($version) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc);
+			}
 		}
 	}
-	else {
-		exec ($snmpwalk_bin . ' -m ALL -M +' . escapeshellarg($config['homedir'] . '/attachment/mibs') . ' -Cc -c ' . escapeshellarg($community) . ' -v ' . escapeshellarg($version) . ' ' . escapeshellarg($target_ip) . ' ' . escapeshellarg($starting_oid) . ' 2> ' . $error_redir_dir, $output, $rc);
-	}
-	//if ($rc != 0) {
-	//	return __('No data');
-	//}
+	
 	foreach ($output as $line) {
 		
 		// Separate the OID from the value
@@ -518,7 +550,21 @@ function snmp_browser_print_container ($return = false, $width = '100%', $height
 			'3' => 'v. 3'),
 		'snmp_browser_version', '', 'checkSNMPVersion();', '', '', true, false, false, '');
 	
-	$table->data[0][4] = html_print_button(__('Browse'), 'browse', false, 'snmpBrowse()', 'class="sub search" style="margin-top:0px;"', true);
+	$servers_to_exec = array();
+	$servers_to_exec[0] = __('Local console');
+
+	if (enterprise_installed()) {
+		enterprise_include_once ('include/functions_satellite.php');
+		
+		$rows = get_proxy_servers();
+		foreach ($rows as $row) {
+			$servers_to_exec[$row['id_server']] = $row['name'];
+		}
+	}
+	$table->data[0][4] = '<strong>' . __('Server to execute') . '</strong> &nbsp;&nbsp;';
+	$table->data[0][4] .= html_print_select($servers_to_exec, 'server_to_exec', '', '', '', '', true);
+
+	$table->data[0][5] = html_print_button(__('Browse'), 'browse', false, 'snmpBrowse()', 'class="sub search" style="margin-top:0px;"', true);
 	
 	// SNMP v3 options
 	$table3 = new stdClass();
diff --git a/pandora_console/include/javascript/pandora_snmp_browser.js b/pandora_console/include/javascript/pandora_snmp_browser.js
index 3b9067729c..12f2f62296 100644
--- a/pandora_console/include/javascript/pandora_snmp_browser.js
+++ b/pandora_console/include/javascript/pandora_snmp_browser.js
@@ -19,6 +19,7 @@ function snmpBrowse () {
 	var community = $('#text-community').val();
 	var starting_oid = $('#text-starting_oid').val();
 	var snmp_version = $('#snmp_browser_version').val();
+	var server_to_exec = $('#server_to_exec').val();
 	var snmp3_auth_user = $('#text-snmp3_browser_auth_user').val();
 	var snmp3_security_level = $('#snmp3_browser_security_level').val();
 	var snmp3_auth_method = $('#snmp3_browser_auth_method').val();
@@ -33,6 +34,7 @@ function snmpBrowse () {
 		"community=" + community,
 		"starting_oid=" + starting_oid,
 		"snmp_browser_version=" + snmp_version,
+		"server_to_exec=" + server_to_exec,
 		"snmp3_browser_auth_user=" + snmp3_auth_user,
 		"snmp3_browser_security_level=" + snmp3_security_level,
 		"snmp3_browser_auth_method=" + snmp3_auth_method,
diff --git a/pandora_console/operation/snmpconsole/snmp_browser.php b/pandora_console/operation/snmpconsole/snmp_browser.php
index 191c0caab9..0a8204208e 100644
--- a/pandora_console/operation/snmpconsole/snmp_browser.php
+++ b/pandora_console/operation/snmpconsole/snmp_browser.php
@@ -27,6 +27,7 @@ if (is_ajax()) {
 	$target_ip = (string) get_parameter ("target_ip", '');
 	$community = (string) get_parameter ("community", '');
 	$snmp_version = (string) get_parameter ("snmp_browser_version", '');
+	$server_to_exec = (int) get_parameter ("server_to_exec", 0);
 	$snmp3_auth_user = get_parameter('snmp3_browser_auth_user');
 	$snmp3_security_level = get_parameter('snmp3_browser_security_level');
 	$snmp3_auth_method = get_parameter('snmp3_browser_auth_method');
@@ -41,7 +42,8 @@ if (is_ajax()) {
 		$snmp_tree = snmp_browser_get_tree(
 			$target_ip, $community, $starting_oid, $snmp_version,
 			$snmp3_auth_user, $snmp3_security_level, $snmp3_auth_method,
-			$snmp3_auth_pass, $snmp3_privacy_method, $snmp3_privacy_pass);
+			$snmp3_auth_pass, $snmp3_privacy_method, $snmp3_privacy_pass,
+			$server_to_exec);
 		if (! is_array ($snmp_tree)) {
 			echo $snmp_tree;
 		}