From 76abee7ffad054c1022591e77d95d2c812db9fc9 Mon Sep 17 00:00:00 2001
From: Tom Laermans <tom@localhost>
Date: Thu, 2 Dec 2010 17:41:12 +0000
Subject: [PATCH] add code to allow unauth graphs by IP range, useful for
 control panels who can use a passthrough (ie php fpassthru) of 'secret' urls,
 or stats pages, or...

git-svn-id: http://www.observium.org/svn/observer/trunk@1750 61d68cd4-352d-0410-923a-c4978735b2b8
---
 html/includes/graphs/graph.inc.php | 128 ++++++++++++++++++-----------
 includes/defaults.inc.php          |   1 +
 2 files changed, 79 insertions(+), 50 deletions(-)

diff --git a/html/includes/graphs/graph.inc.php b/html/includes/graphs/graph.inc.php
index 21820b4850..c36f27136e 100644
--- a/html/includes/graphs/graph.inc.php
+++ b/html/includes/graphs/graph.inc.php
@@ -1,12 +1,17 @@
 <?php
 
-if(isset($_GET['debug'])) {
+include_once("Net/IPv4.php");
+
+if (isset($_GET['debug']))
+{
   $debug = TRUE;
   ini_set('display_errors', 1);
   ini_set('display_startup_errors', 0);
   ini_set('log_errors', 0);
   ini_set('error_reporting', E_ALL);
-} else {
+}
+else
+{
   $debug = FALSE;
   ini_set('display_errors', 0);
   ini_set('display_startup_errors', 0);
@@ -14,52 +19,69 @@ if(isset($_GET['debug'])) {
   ini_set('error_reporting', 0);
 }
 
-  include("../includes/defaults.inc.php");
-  include("../config.php");
-  include("../includes/common.php");
-  include("../includes/rewrites.php");
-  include("includes/functions.inc.php");
-  include("includes/authenticate.inc.php");
+include("../includes/defaults.inc.php");
+include("../config.php");
+include("../includes/common.php");
+include("../includes/rewrites.php");
+include("includes/functions.inc.php");
+include("includes/authenticate.inc.php");
 
-  $from     = mres($_GET['from']);
-  $to       = mres($_GET['to']);
-  $width    = mres($_GET['width']);
-  $height   = mres($_GET['height']);
-  $title    = mres($_GET['title']);
-  $vertical = mres($_GET['vertical']);
-  $legend   = mres($_GET['legend']);
-  $id       = mres($_GET['id']);
+$from     = mres($_GET['from']);
+$to       = mres($_GET['to']);
+$width    = mres($_GET['width']);
+$height   = mres($_GET['height']);
+$title    = mres($_GET['title']);
+$vertical = mres($_GET['vertical']);
+$legend   = mres($_GET['legend']);
+$id       = mres($_GET['id']);
 
-  if($config['allow_unauth_graphs']) 
+if ($config['allow_unauth_graphs'])
+{
+  $allow_unauth = TRUE;
+} else {
+  if (!$_SESSION['authenticated']) { graph_error("Not authenticated"); exit; }
+}
+
+preg_match('/^(?P<type>[A-Za-z0-9]+)_(?P<subtype>.+)/', mres($_GET['type']), $graphtype);
+
+$type = $graphtype['type'];
+$subtype = $graphtype['subtype'];
+
+if ($debug) {print_r($graphtype);}
+
+$graphfile = $config['temp_dir'] . "/"  . strgen() . ".png";
+
+if (is_file($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.php"))
+{
+  if (isset($config['allow_unauth_graphs_cidr']) && count($config['allow_unauth_graphs_cidr']) > 0)
   {
-    $allow_unauth = TRUE;
-  } else {
-    if(!$_SESSION['authenticated']) { graph_error("Not authenticated"); exit; }
+    foreach ($config['allow_unauth_graphs_cidr'] as $range)
+    {
+      if (Net_IPv4::ipInNetwork($_SERVER['REMOTE_ADDR'], $range))
+      {
+        $auth = TRUE;
+      }
+    }
   }
-  
-  preg_match('/^(?P<type>[A-Za-z0-9]+)_(?P<subtype>.+)/', mres($_GET['type']), $graphtype);
-
-  $type = $graphtype['type'];
-  $subtype = $graphtype['subtype'];
-
-  if($debug) {print_r($graphtype);}
-
-  $graphfile = $config['temp_dir'] . "/"  . strgen() . ".png";
-
-if(is_file($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.php")) {
-  include($config['install_dir'] . "/html/includes/graphs/$type/auth.inc.php");
-  if($auth) { 
+  if (!$auth)
+  {
+    include($config['install_dir'] . "/html/includes/graphs/$type/auth.inc.php");
+  }
+  if ($auth)
+  {
     include($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.php");
   }
-} else {
+}
+else
+{
   graph_error("Graph Template Missing");
 }
 
-function graph_error ($string) 
+function graph_error($string)
 {
   global $width, $height;
   header('Content-type: image/png');
-  if($height > "99")  { $width +=75; }
+  if ($height > "99")  { $width +=75; }
   $im     = imagecreate($width, $height);
   $orange = imagecolorallocate($im, 255, 225, 225);
   $px     = (imagesx($im) - 7.5 * strlen($string)) / 2;
@@ -69,9 +91,9 @@ function graph_error ($string)
   exit();
 }
 
-if(!$auth)
+if (!$auth)
 {
-  if($width < 200)
+  if ($width < 200)
   {
    graph_error("No Auth");
   } else {
@@ -79,35 +101,41 @@ if(!$auth)
   }
 } else {
   #$rrd_options .= " HRULE:0#999999";
-  if($no_file)
+  if ($no_file)
   {
-    if($width < 200)
+    if ($width < 200)
     {
       graph_error("No RRD");
     } else {
       graph_error("Missing RRD Datafile");
     }
   } else {
-    if($rrd_options) 
+    if ($rrd_options)
     {
-      if($config['rrdcached']) { $rrd_switches = " --daemon ".$config['rrdcached'] . " "; }
+      if ($config['rrdcached']) { $rrd_switches = " --daemon ".$config['rrdcached'] . " "; }
       $rrd_cmd = $config['rrdtool'] . " graph $graphfile $rrd_options" . $rrd_switches;
       $woo = shell_exec($rrd_cmd);
-      if($_GET['debug']) { echo("<pre>".$rrd_cmd."</pre>"); }    
-      if(is_file($graphfile)) {
+      if ($_GET['debug']) { echo("<pre>".$rrd_cmd."</pre>"); }   
+      if (is_file($graphfile)) {
         header('Content-type: image/png');
         $fd = fopen($graphfile,'r');fpassthru($fd);fclose($fd);
         unlink($graphfile);
-      } else {
-        if($width < 200)
+      }
+      else
+      {
+        if ($width < 200)
         {
           graph_error("Draw Error");
-        } else {
+        }
+        else
+        {
           graph_error("Error Drawing Graph");
         }
       }
-    } else {
-      if($width < 200)
+    }
+    else
+    {
+      if ($width < 200)
       {
         graph_error("Def Error");
       } else {
@@ -117,4 +145,4 @@ if(!$auth)
   }
 }
 
-?>
+?>
\ No newline at end of file
diff --git a/includes/defaults.inc.php b/includes/defaults.inc.php
index 4f382e10d3..9e0bc5ef77 100644
--- a/includes/defaults.inc.php
+++ b/includes/defaults.inc.php
@@ -171,6 +171,7 @@ $config['device_traffic_descr']   = array('/loopback/','/vlan/','/tunnel/','/:\d
 ### Authentication
 
 $config['allow_unauth_graphs']	  = 0; ## Allow graphs to be viewed by anyone
+$config['allow_unauth_graphs_cidr'] = array(); # Allow graphs to be viewed without authorisation from certain IP ranges
 $config['auth_mechanism']         = "mysql";   # Auth Type.
 
 ### Sensors