tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed error ip validate

This commit is contained in:
daniel 2018-01-08 11:12:07 +01:00
parent f51cb0249b
commit 955c183cd8
4 changed files with 149 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
pandora_console/extensions/net_tools.php
View File

@ -154,100 +154,105 @@ function main_net_tools () {
$operation = get_parameter ("operation", 0);
$community = get_parameter ("community", "public");
$ip = get_parameter("select_ips");
switch($operation) {
case 1:
$traceroute = whereis_the_command ('traceroute');
if (empty($traceroute)) {
ui_print_error_message(__('Traceroute executable does not exist.'));
}
else {
echo "<h3>".__("Traceroute to "). $ip. "</h3>";
echo "<pre>";
echo system ("$traceroute $ip");
echo "</pre>";
}
break;
case 2:
$ping = whereis_the_command ('ping');
if (empty($ping)) {
ui_print_error_message(__('Ping executable does not exist.'));
}
else {
echo "<h3>" . __("Ping to %s", $ip) . "</h3>";
echo "<pre>";
echo system ("$ping -c 5 $ip");
echo "</pre>";
}
break;
case 4:
$nmap = whereis_the_command ('nmap');
if (empty($nmap)) {
ui_print_error_message(__('Nmap executable does not exist.'));
}
else {
echo "<h3>".__("Basic TCP Scan on "). $ip. "</h3>";
echo "<pre>";
echo system ("$nmap -F $ip");
echo "</pre>";
}
break;
case 5:
echo "<h3>".__("Domain and IP information for "). $ip. "</h3>";
$dig = whereis_the_command ('dig');
if (empty($dig)) {
ui_print_error_message(__('Dig executable does not exist.'));
}
else {
echo "<pre>";
echo system ("dig $ip");
echo "</pre>";
}
$whois = whereis_the_command ('whois');
if (empty($whois)) {
ui_print_error_message(__('Whois executable does not exist.'));
}
else {
echo "<pre>";
echo system ("whois $ip");
echo "</pre>";
}
break;
case 3:
echo "<h3>".__("SNMP information for "). $ip. "</h3>";
$snmpget = whereis_the_command ('snmpget');
if (empty($snmpget)) {
ui_print_error_message(__('SNMPget executable does not exist.'));
}
else {
echo "<h4>" . __("Uptime") . "</h4>";
echo "<pre>";
echo exec ("$snmpget -Ounv -v1 -c $community $ip .1.3.6.1.2.1.1.3.0 ");
echo "</pre>";
echo "<h4>" . __("Device info") . "</h4>";
echo "<pre>";
echo system ("$snmpget -Ounv -v1 -c $community $ip .1.3.6.1.2.1.1.1.0 ");
echo "</pre>";
echo "<h4>Interface Information</h4>";
echo "<table class=databox>";
echo "<tr><th>".__("Interface");
echo "<th>".__("Status");
$int_max = exec ("$snmpget -Oqunv -v1 -c $community $ip .1.3.6.1.2.1.2.1.0 ");
for ($ax=0; $ax < $int_max; $ax++) {
$interface = exec ("$snmpget -Oqunv -v1 -c $community $ip .1.3.6.1.2.1.2.2.1.2.$ax ");
$estado = exec ("$snmpget -Oqunv -v1 -c $community $ip .1.3.6.1.2.1.2.2.1.8.$ax ");
echo "<tr><td>$interface<td>$estado";
if(!validate_address($ip)){
ui_print_error_message(__('The ip or dns name entered cannot be resolved'));
}
else{
switch($operation) {
case 1:
$traceroute = whereis_the_command ('traceroute');
if (empty($traceroute)) {
ui_print_error_message(__('Traceroute executable does not exist.'));
}
echo "</table>";
}
break;
else {
echo "<h3>".__("Traceroute to "). $ip. "</h3>";
echo "<pre>";
echo system ("$traceroute $ip");
echo "</pre>";
}
break;
case 2:
$ping = whereis_the_command ('ping');
if (empty($ping)) {
ui_print_error_message(__('Ping executable does not exist.'));
}
else {
echo "<h3>" . __("Ping to %s", $ip) . "</h3>";
echo "<pre>";
echo system ("$ping -c 5 $ip");
echo "</pre>";
}
break;
case 4:
$nmap = whereis_the_command ('nmap');
if (empty($nmap)) {
ui_print_error_message(__('Nmap executable does not exist.'));
}
else {
echo "<h3>".__("Basic TCP Scan on "). $ip. "</h3>";
echo "<pre>";
echo system ("$nmap -F $ip");
echo "</pre>";
}
break;
case 5:
echo "<h3>".__("Domain and IP information for "). $ip. "</h3>";
$dig = whereis_the_command ('dig');
if (empty($dig)) {
ui_print_error_message(__('Dig executable does not exist.'));
}
else {
echo "<pre>";
echo system ("dig $ip");
echo "</pre>";
}
$whois = whereis_the_command ('whois');
if (empty($whois)) {
ui_print_error_message(__('Whois executable does not exist.'));
}
else {
echo "<pre>";
echo system ("whois $ip");
echo "</pre>";
}
break;
case 3:
echo "<h3>".__("SNMP information for "). $ip. "</h3>";
$snmpget = whereis_the_command ('snmpget');
if (empty($snmpget)) {
ui_print_error_message(__('SNMPget executable does not exist.'));
}
else {
echo "<h4>" . __("Uptime") . "</h4>";
echo "<pre>";
echo exec ("$snmpget -Ounv -v1 -c $community $ip .1.3.6.1.2.1.1.3.0 ");
echo "</pre>";
echo "<h4>" . __("Device info") . "</h4>";
echo "<pre>";
echo system ("$snmpget -Ounv -v1 -c $community $ip .1.3.6.1.2.1.1.1.0 ");
echo "</pre>";
echo "<h4>Interface Information</h4>";
echo "<table class=databox>";
echo "<tr><th>".__("Interface");
echo "<th>".__("Status");
$int_max = exec ("$snmpget -Oqunv -v1 -c $community $ip .1.3.6.1.2.1.2.1.0 ");
for ($ax=0; $ax < $int_max; $ax++) {
$interface = exec ("$snmpget -Oqunv -v1 -c $community $ip .1.3.6.1.2.1.2.2.1.2.$ax ");
$estado = exec ("$snmpget -Oqunv -v1 -c $community $ip .1.3.6.1.2.1.2.2.1.8.$ax ");
echo "<tr><td>$interface<td>$estado";
}
echo "</table>";
}
break;
}
}
echo "</div>";

3
pandora_console/godmode/agentes/agent_manager.php
View File

@ -168,9 +168,6 @@ if(!$new_agent && $alias != ''){
}
}
// Remote configuration available
if (!$new_agent) {
if (isset($filename)) {

34
pandora_console/godmode/agentes/configurar_agente.php
View File

@ -151,11 +151,21 @@ $module_macros = array ();
// Create agent
if ($create_agent) {
$mssg_warning = 0;
$alias = (string) get_parameter_post("alias",'');
$alias_as_name = (int) get_parameter_post("alias_as_name", 0);
$direccion_agente = (string) get_parameter_post("direccion",'');
//safe_output only validate ip
$direccion_agente = trim(io_safe_output($direccion_agente));
if(!validate_address($direccion_agente)){
$mssg_warning = 1;
}
//safe-input before validate ip
$direccion_agente = io_safe_input($direccion_agente);
$nombre_agente = hash("sha256",$alias . "|" .$direccion_agente ."|". time() ."|". sprintf("%04d", rand(0,10000)));
$grupo = (int) get_parameter_post ("grupo");
$intervalo = (string) get_parameter_post ("intervalo", SECONDS_5MINUTES);
@ -184,7 +194,7 @@ if ($create_agent) {
foreach ($fields as $field) {
$field_values[$field['id_field']] = (string) get_parameter_post ('customvalue_'.$field['id_field'], '');
}
// Check if agent exists (BUG WC-50518-2)
if ($alias == "") {
$agent_creation_error = __('No agent alias specified');
@ -233,8 +243,8 @@ if ($create_agent) {
// Create custom fields for this agent
foreach ($field_values as $key => $value) {
$update_custom = db_process_sql_insert ('tagent_custom_data',
array('id_field' => $key, 'id_agent' => $id_agente,
'description' => $value));
array('id_field' => $key, 'id_agent' => $id_agente,
'description' => $value));
}
// Create address for this agent in taddress
if ( $direccion_agente != '') {
@ -637,6 +647,10 @@ if ($create_agent) {
ui_print_result_message ($agent_created_ok,
__('Successfully created'),
$agent_creation_error);
if($mssg_warning){
ui_print_warning_message(__('The ip or dns name entered cannot be resolved'));
}
}
// Fix / Normalize module data
@ -678,13 +692,22 @@ $update_agent = (bool) get_parameter ('update_agent');
// Update AGENT
if ($update_agent) { // if modified some agent paramenter
$mssg_warning = 0;
$id_agente = (int) get_parameter_post ("id_agente");
$nombre_agente = str_replace('`','&lsquo;',(string) get_parameter_post ("agente", ""));
$alias = str_replace('`','&lsquo;',(string) get_parameter_post ("alias", ""));
$alias_as_name = (int) get_parameter_post ('alias_as_name', 0);
$direccion_agente = (string) get_parameter_post ("direccion", '');
//safe_output only validate ip
$direccion_agente = trim(io_safe_output($direccion_agente));
if(!validate_address($direccion_agente)){
$mssg_warning = 1;
}
//safe-input before validate ip
$direccion_agente = io_safe_input($direccion_agente);
$address_list = (string) get_parameter_post ("address_list", '');
if ($address_list != $direccion_agente &&
@ -728,7 +751,6 @@ if ($update_agent) { // if modified some agent paramenter
$field_values[$field['id_field']] = (string) get_parameter_post ('customvalue_'.$field['id_field'], '');
}
foreach ($field_values as $key => $value) {
$old_value = db_get_all_rows_filter('tagent_custom_data',
array('id_agent' => $id_agente, 'id_field' => $key));
@ -748,6 +770,10 @@ if ($update_agent) { // if modified some agent paramenter
}
}
}
if($mssg_warning){
ui_print_warning_message(__('The ip or dns name entered cannot be resolved'));
}
//Verify if there is another agent with the same name but different ID
if ($alias == "") {

22
pandora_console/include/functions.php
View File

@ -2789,5 +2789,25 @@ function register_pass_change_try ($id_user, $success) {
$values['success'] = $success;
db_process_sql_insert('treset_pass_history', $values);
}
/**
* returns true or false if it is a valid ip
* checking ipv4 and ipv6 or resolves the name dns
* @param string address
*
*/
function validate_address($address){
if($address){
if(!filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
if(!filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ip_address_dns = gethostbyname($address);
if(!filter_var($ip_address_dns, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
if(!filter_var($ip_address_dns, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
return false;
}
}
}
}
}
return true;
}
?>