arnold.pl

Network Administration Visualized 网络管理可视化源码

    return %hash;

}

########################################
# parsefile
########################################
sub parsefile {
    my $filename = shift;
    my @list;

    open (FILE, $filename) or die ("Could not open $filename: $!\n");
    while (<FILE>) {
	chomp $_;
	next if /^\#/;
	if (/^(\d+\.\d+\.\d+\.\d+)\s*(.*)/) {
	    print LOG "Pushing >$1< >$2<\n";
	    push @list, [ $1, $2 ];
	} else {
	    print LOG "$_ is not a valid ip-adress - skipping.\n";
	    next;
	}
    }
    close FILE;

    return @list;
}

########################################
# reporterror
########################################
sub reporterror {
    my $numargs = @_;
    if ($numargs == 1) {
	my $text = shift;
	print STDERR "ERROR $text\n";
	print LOG "ERROR $text\n";
    } else {
	my ($ip,$netbios,$dns,$text) = @_;

	print STDERR "ERROR ($ip, $netbios, $dns): $text\n";
	print LOG "ERROR ($ip, $netbios, $dns): $text\n";
    }
	
}


########################################
# send_mail
########################################
sub send_mail {
    
    my ($email, @complist) = @_;
    my $text;

    my @temptext = @mailconfig;
    my $from = $cfg{'fromaddress'};
    chomp (my $subject = shift @temptext);
    $subject =~ s/\$reason/$reasons{$reason}/g;

    my $complist = join "\n", @complist;

    foreach my $line (@temptext) {
	$line =~ s/\$list/$complist/g;
	$line =~ s/\$comment/$comment/g;
	$text .= $line;
    }

    print LOG "--- NEW MAIL ---\nSending mail to $email with subject $subject:\n$text\n";

    open (SENDMAIL, "|$cfg{'mailprogram'}") or die ("Could not fork for email. $!\n");

    print SENDMAIL "From: $from\n";
    print SENDMAIL "To: $email\n";
    print SENDMAIL "Subject: $subject\n\n";
    print SENDMAIL "$text\n";

    close SENDMAIL;
    
    
}


########################################
# set3com
########################################
sub set3com {
    # 3com

    my ($flag,$ip,$ifindex,$community) = @_;
    my $mibstring = "interfaces.ifTable.ifEntry.ifAdminStatus";
    
    my ($response) = &snmpset ("$community\@$ip:161:$timeout:$retries:$backoff", "$mibstring\.$ifindex",'integer', $flag);
    print LOG "$community\@$ip:161:$timeout:$retries:$backoff, $mibstring\.$ifindex,'integer', $flag\n";
 
    #my $response = $flag;

    $response = -1 unless $response;
    return $response;

}

########################################
# setHP
########################################
sub setHP {

    my ($flag,$ip,$modul,$ifindex,$community) = @_;
    my $mibstring = "interfaces.ifTable.ifEntry.ifAdminStatus";
    
    # Fix for wrong ifindex in database. HP has lokal ifindexes even when stacked, but
    # NAV doesn't support that. So NAV pads the ifindexes to make them unique.
    # We get the two last characters and pray it's the ifindex. 
    $ifindex =~ s/.*(..)$/$1/;
    
    # Make it a number (because 101 -> 01 which is not usable as an ifindex)
    $ifindex += 0;
    
    my $response;

    if ($modul) {
	($response) = &snmpset ("$community\@sw$modul\@$ip:161:$timeout:$retries:$backoff", "$mibstring.$ifindex", 'integer', $flag);
	print LOG "$community\@sw$modul\@$ip:161:$timeout:$retries:$backoff, $mibstring\.$ifindex,'integer', $flag\n";
    } else {
	($response) = &snmpset ("$community\@$ip:161:$timeout:$retries:$backoff", "$mibstring.$ifindex", 'integer', $flag);
	print LOG "$community\@$ip:161:$timeout:$retries:$backoff, $mibstring\.$ifindex,'integer', $flag\n";
    }
 
    #$response = $flag;
    $response = -1 unless $response;
    return $response;
}


########################################
# setCisco
########################################
sub setCisco {

    my ($flag,$ip,$ifindex,$community) = @_;
    my $mibstring = "interfaces.ifTable.ifEntry.ifAdminStatus";
    
    my $response;

    my ($response) = &snmpset ("$community\@$ip:161:$timeout:$retries:$backoff", "$mibstring\.$ifindex",'integer', $flag);
    print LOG "$community\@$ip:161:$timeout:$retries:$backoff, $mibstring\.$ifindex,'integer', $flag\n";
 
    #$response = $flag;
    $response = -1 unless $response;
    return $response;

}


########################################
# skip
########################################
sub skip {

    my ($element1,$element2) = @_;

    # If $element2 is set, we assume that this is a type
    # otherwise it's an ip adress/range

    # Checking types
    if ($element2) {
	if ($nonblock{$element1}{$element2}) {
	    print LOG "Skipping type $element1, $element2.\n";
	    return 1;
	} else {
	    return 0;
	}
    }

    # Checking ip-adresses
    
    # 1 - ranges
    foreach my $iprange (keys (%{$nonblock{'range'}})) {
	if (&matchip($element1, $iprange)) {
	    print LOG "$element1 is in a nonblockrange, skipping.\n";
	    &reporterror("$element1 is in a nonblockrange, skipping.");
	    push @nonblockedip, $element1;
	    return 1;
	}
    }
    
    # 2 - specific ip adressess
    if ($nonblock{'ip'}{$element1}) {
	print LOG "$element1 is in nonblocklist, skipping.\n";
	&reporterror("$element1 is in nonblocklist, skipping.");
	push @nonblockedip, $element1;
	return 1;
    }

    # 3 - ip list
    foreach my $iplist (keys (%{$nonblock{'iplist'}})) {
	$iplist =~ /(\d+\.\d+\.\d+)\.(\d+)-(\d+)$/;
	my $body = $1;
	my $first = $2;
	my $last = $3;
	
	$element1 =~ /(\d+\.\d+\.\d+)\.(\d+)/;
	
	if ($body eq $1) {
	    if ($2 >= $first and $2 <= $last) {
		print LOG "$element1 is in a nonblocklist ($iplist), skipping.\n";
		&reporterror ("$element1 is in a nonblocklist ($iplist), skipping.\n");
		return 1;
	    }
	}
    }
    
    return 0;

}

############################################################
# skipid
# ------
# sub to check if this swport,mac combo is blocked already
############################################################
sub skipid {
    my ($ip, $swportid, $mac) = @_;

    # Lets first check if this ip is blocked already.
    my $q = "SELECT * FROM identity WHERE swportid=$swportid AND blocked_status='disabled'";
    my $r = $dbh_block->exec($q);

    if ($r->ntuples > 0) {
	print LOG "$ip is already blocked, skipping.\n";
	return 1;
    }


}

########################################
# updatedb
# --------
# 
########################################
sub updatedb {
    my ($swportid,$sysname,$vendor,$community,$swip,$mac,$ifindex,$module,$port,$action,$ip,$dns,$netbios,$multiple,$email,$orgid) = @_;

    my $q = "SELECT identityid FROM identity WHERE mac='$mac' AND swportid=$swportid";
    my $r = $dbh_block->exec($q);

    my $identityid;

    # DISABLE
    if ($action == $disable) {

	my $determined;
	if ($opt_d) {
	    $determined = 'y';
	} else {
	    $determined = 'n';
	}


	if ($r->ntuples > 0) {
	    ($identityid) = $r->fetchrow;

	    $q = "UPDATE identity SET blocked_reasonid=$reason, blocked_status='$text{$action}', swsysname='$sysname', swvendor='$vendor', community='$community', swip='$swip', swmodule='$module', swport=$port, swifindex=$ifindex, ip='$ip', dns='$dns', netbios='$netbios', lastchanged=now(), mail='$email', autoenable=$autoenable, determined='$determined' WHERE identityid=$identityid";
	    printf LOG "Executing %s\n",$q;
	    $r = $dbh_block->exec($q);

	    return 0 unless &checkquery($r);

	} else {
	    $q = "INSERT INTO identity (blocked_reasonid, blocked_status, mac, swportid, swsysname, swvendor, community, swip, swmodule, swport, swifindex, ip, dns, netbios, starttime, lastchanged, multiple, mail,userlock,secret,autoenable,orgid,determined) VALUES ($reason, '$text{$action}', '$mac', $swportid, '$sysname', '$vendor', '$community', '$swip', '$module', $port, $ifindex, '$ip', '$dns', '$netbios', now(), now(), $multiple, '$email','$lock','$secret',$autoenable,'$orgid','$determined')";
	    printf LOG "Executing %s\n",$q;
	    $r = $dbh_block->exec($q);

	    $q = "SELECT identityid FROM identity WHERE mac='$mac' AND swportid=$swportid";
	    printf LOG "Executing %s\n",$q;
	    $r = $dbh_block->exec($q);

	    return 0 unless &checkquery($r);

	    ($identityid) = $r->fetchrow;

	}

	if ($incremental) {
	    # Get days of last block from this identityid with this reason
	    $autoenablestep = &getstep($reason, $identityid, $incremental);
	    $autoenable = "now() + '$autoenablestep days'";

	    $q = "UPDATE identity SET autoenable=$autoenable WHERE identityid=$identityid";
	    $r = $dbh_block->exec($q);
	}

	$q = "INSERT INTO event (identityid, event_comment, blocked_status, blocked_reasonid, eventtime, username, autoenablestep) VALUES ($identityid, '$comment', '$text{$action}', $reason, now(), '$user', $autoenablestep)";
	printf LOG "Executing %s\n",$q;
	$r = $dbh_block->exec($q);

	return 0 unless &checkquery($r);
	
	# ENABLE
    } elsif ($action == $enable) {
	if ($r->ntuples > 0) {
	    ($identityid) = $r->fetchrow;
	    $q = "UPDATE identity SET blocked_status='$text{$action}', swsysname='$sysname', swvendor='$vendor', community='$community', swip='$swip', swmodule='$module', swport=$port, swifindex=$ifindex, lastchanged=now(), autoenable=NULL WHERE identityid=$identityid";
	    printf LOG "Executing %s\n",$q;
	    $r = $dbh_block->exec($q);

	    return 0 unless &checkquery($r);

	} else {
	    print LOG "No prior tuple in the database, this shouldn't happen...\n";
	    return 0;
	}
	
	$q = "INSERT INTO event (identityid, event_comment, blocked_status, eventtime, username) VALUES ($identityid, '$comment', '$text{$action}', now(), '$user')";
	printf LOG "Executing %s\n",$q;
	$r = $dbh_block->exec($q);

	return 0 unless &checkquery($r);

    }
    

}

sub checkquery {
    my $res = shift;
    my $status = $res->resultStatus;
    my $error = $dbh_block->errorMessage;

    if ($status eq PGRES_COMMAND_OK) {
	print LOG "Query ok\n";
	return 1;
    } elsif ($status eq PGRES_EMPTY_QUERY) {
	print LOG "Empty query\n";
	return 1;
    } elsif ($status eq PGRES_TUPLES_OK) {
	print LOG "Tuples ok\n";
	return 1;
    } elsif ($status eq PGRES_COPY_OUT) {
	print LOG "Copy out\n";
	return 1;
    } elsif ($status eq PGRES_COPY_IN) {
	print LOG "Copy in\n";
	return 1;
    } elsif ($status eq PGRES_BAD_RESPONSE) {
	print LOG "Bad response: $error\n";
	return 0;
    } elsif ($status eq PGRES_NONFATAL_ERROR) {
	print LOG "Nonfatal error: $error\n";
	return 0;
    } elsif ($status eq PGRES_FATAL_ERROR) {
	print LOG "Fatal error: $error\n";
	return 0;
    } else {
	print LOG "Undefined status from database.\n";
	return 0;
    }

}

sub mailnonblocked {

    unless ($#nonblockedip >= 0) { return; }

    # Send mail for computers not blocked

    unless ($cfg{'nonblockmail'}) { return; }

    my $email = $cfg{'nonblockmail'};
    my $from = $cfg{'fromaddress'};
    my $subject = "Maskiner ikke blokkert av Arnold.";
    my $text = "The following ip-addresses where not blocked because they are in the nonblock-list:\n\n";
    $text .= join "\n", @nonblockedip;
    $text .= "\n\nThe reason for block was $reasons{$reason}\n";
    $text .= "The user running the block was $user\n";
    $text .= "The log of this incident is in $logdir/$logfile\n";
    $text .= "\n---\nArnold\n";
    
    print LOG "--- NEW MAIL ---\nSending mail to $email with subject $subject:\n$text\n";

    open (SENDMAIL, "|$cfg{'mailprogram'}") or die ("Could not fork for email. $!\n");
    
    print SENDMAIL "From: $from\n";
    print SENDMAIL "To: $email\n";
    print SENDMAIL "Subject: $subject\n\n";
    print SENDMAIL "$text\n";
    
    close SENDMAIL;

}