security fixes and some juniper graphing stuff.

git-svn-id: http://www.observium.org/svn/observer/trunk@245 61d68cd4-352d-0410-923a-c4978735b2b8

README

@@ -22,8 +22,8 @@ Changelog
 
 Pre-Release 0.3.3
 
-Much prettier front page.
-
+Much prettier front page
+Tidied up service checking layout
 
 Release 0.3.2.1 ( 27th March 2008 )
 

addhost.php

@@ -11,7 +11,7 @@ if($argv[1] && $argv[2] && $argv[3]) {
   list($hostshort) 	= explode(".", $host);
   if ( isDomainResolves($argv[1])){
     if ( isPingable($argv[1])) { 
-      if ( mysql_result(mysql_query("SELECT COUNT(*) FROM `devices` WHERE `hostname` = '$host'"), 0) == '0' ) {
+      if ( mysql_result(mysql_query("SELECT COUNT(*) FROM `devices` WHERE `hostname` = '".mres($host)."'"), 0) == '0' ) {
         $snmphost = trim(`snmpget -Oqv -$snmpver -c $community $host sysName.0 | sed s/\"//g`);
         if ($snmphost == $host || $hostshort = $host) {
           $return = createHost ($host, $community, $snmpver);

adduser.php

@@ -5,7 +5,7 @@ include("config.php");
 include("includes/functions.php");
 
 if($argv[1] && $argv[2] && $argv[3]) {
-  mysql_query("INSERT INTO `users` (`username`,`password`,`level`) VALUES ('".$argv[1]."',MD5('".$argv[2]."'),'".$argv[3]."')");
+  mysql_query("INSERT INTO `users` (`username`,`password`,`level`) VALUES ('".mres($argv[1])."',MD5('".$argv[2]."'),'".mres($argv[3])."')");
   if(mysql_affected_rows()) {
     echo("User ".$argv[1]." added successfully\n");
   }

html/graph.php

@@ -126,10 +126,11 @@
       $graph = graph_netscreen_cpu ($hostname . "/netscreen-cpu.rrd", $graphfile, $from, $to, $width, $height, $title, $vertical);
     } elseif($os == "Fortigate") {
       $graph = graph_fortigate_cpu ($hostname . "/fortigate-cpu.rrd", $graphfile, $from, $to, $width, $height, $title, $vertical);
+    } elseif($os == "JunOS") {
+      $graph = graph_cpu_generic_single($hostname . "/junos-cpu.rrd", $graphfile, $from, $to, $width, $height, $title, $vertical);
     }
-
-
     break;
+
   case 'temp':
       $graph = temp_graph ($_GET['id'], $graphfile, $from, $to, $width, $height, $title, $vertical);
     break;

html/includes/add-srv.inc

@@ -3,8 +3,8 @@
   $updated = '1';
 
   $sql = "INSERT INTO `services` (`service_host`,`service_ip`,`service_type`,`service_desc`,`service_param`,`service_ignore`) 
-                          VALUES ('" . $_POST['device']. "','" . $_POST['ip'] . "','" . $_POST['type'] . "',
-                                  '" . $_POST['descr'] . "','" . $_POST['params'] . "','0')";
+                          VALUES ('" . mres($_POST['device']). "','" . mres($_POST['ip']) . "','" . mres($_POST['type']) . "',
+                                  '" . mres($_POST['descr']) . "','" . mres($_POST['params']) . "','0')";
 
   $query = mysql_query($sql);
   $affected = mysql_affected_rows() . "records affected";

html/includes/authenticate.inc

@@ -22,7 +22,7 @@ if($_GET['logout']) {
   }
 
 
-  $sql = "select username, level, user_id from users where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['encrypted'] . "'"; 
+  $sql = "select username, level, user_id from users where username='" . mres($_SESSION['username']) . "' and password='" . mres($_SESSION['encrypted']) . "'"; 
   $query = mysql_query($sql);
   $row = mysql_fetch_row($query);
 

html/includes/del-srv.inc

@@ -2,7 +2,7 @@
 
   $updated = '1';
 
-  $sql = "DELETE FROM `services` WHERE service_id = '" . $_POST['service']. "'";
+  $sql = "DELETE FROM `services` WHERE service_id = '" . mres($_POST['service']). "'";
 
   $query = mysql_query($sql);
   $rows = mysql_affected_rows();

html/index.php

@@ -94,12 +94,15 @@ function popUp(URL) {
 <div style="margin: 7px;"></div>
 <?php
   if($_SESSION['authenticated']) {
-    if($_GET['page'] && is_file("pages/" . $_GET['page'] . ".php")) {
+    ## Authenticated. Print a page.
+    if($_GET['page'] && !strstr("..", $_GET['page']) &&  is_file("pages/" . $_GET['page'] . ".php")) {
       include("pages/" . $_GET['page'] . ".php");
     } else { 
       include("pages/default.php");
     }
+
   } else {
+    ## Not Authenticated. Print login.
     include("pages/logon.inc");
     exit;
   } 

html/pages/addhost.php

@@ -11,9 +11,9 @@ echo("<h1>Add Device</h1>");
 
 if($_POST['hostname'] && $_POST['community']) {
   if($_SESSION['userlevel'] > '5') {
-    $hostname = $_POST['hostname'];
-    $community = $_POST['community'];
-    $snmpver = $_POST['snmpver'];
+    $hostname = mres($_POST['hostname']);
+    $community = mres($_POST['community']);
+    $snmpver = mres($_POST['snmpver']);
     echo("<p class='messagebox'>");
     echo("Adding host $hostname community $community</p>");
     $result = addHost($hostname, $community, $snmpver);  

html/pages/adduser.php

@@ -8,7 +8,7 @@ if($_SESSION['userlevel'] != '10') { echo("<span class=alert>You do not have the
 
   if($_POST['action'] == "add") {
 
-    mysql_query("INSERT INTO `users` (`username`, `realname`, `password`, `level`) VALUES ('" . $_POST['new_username'] . "', '" . $_POST['new_realname'] . "', MD5('" . $_POST['new_password'] . "'), '" . $_POST['new_level'] . "')");
+    mysql_query("INSERT INTO `users` (`username`, `realname`, `password`, `level`) VALUES ('" . mres($_POST['new_username']) . "', '" . mres($_POST['new_realname']) . "', MD5('" . mres(_POST['new_password']) . "'), '" . mres($_POST['new_level']) . "')");
 
     if(mysql_affected_rows()) { echo("<span class=info>User " . $_GET['username'] . " added!</span>"); }
 

html/pages/alerts.php

@@ -2,7 +2,7 @@
 <?
 
 if($_GET['del']) { 
-  $id = $_GET['del'];
+  $id = mres($_GET['del']);
   $query = "DELETE FROM `alerts` WHERE `id` = '$id'";
   mysql_query($query); 
 }

html/pages/bills.php

@@ -4,7 +4,7 @@ echo("<table cellpadding=7 cellspacing=0 class=devicetable width=100%><tr><td>")
 
 if($_GET['bill']) {
 
- $bill_id = $_GET['bill'];
+ $bill_id = mres($_GET['bill']);
  include("includes/billing.php");
 
 } else {

html/pages/delhost.php

@@ -6,9 +6,9 @@ if($_SESSION['userlevel'] < 10) {
 }
 
 if($_POST['id']) {
-  delHost($_POST['id']);
-} elseif ($_GET['id']) {
-  delHost($_GET['id']);
+  delHost(mres($_POST['id']));
+} elseif (mres($_GET['id'])) {
+  delHost(mres($_GET['id']));
 }
 
 ?>

html/pages/deluser.php

@@ -8,12 +8,12 @@ if($_SESSION['userlevel'] != '10') { echo("<span class=alert>You do not have the
 
   if($_GET['action'] == "del") {
 
-    $delete_username = mysql_result(mysql_query("SELECT username FROM users WHERE user_id = '" . $_GET['user_id'] . "'"),0);
+    $delete_username = mysql_result(mysql_query("SELECT username FROM users WHERE user_id = '" . mres($_GET['user_id']) . "'"),0);
 
     if($_GET['confirm'] == "yes") {
 
-      mysql_query("DELETE FROM `devices_perms` WHERE `user_id` = '" . $_GET['user_id'] . "'");
-      mysql_query("DELETE FROM `users` WHERE `user_id` = '" . $_GET['user_id'] . "'");
+      mysql_query("DELETE FROM `devices_perms` WHERE `user_id` = '" . mres($_GET['user_id']) . "'");
+      mysql_query("DELETE FROM `users` WHERE `user_id` = '" . mres($_GET['user_id']) . "'");
 
       if(mysql_affected_rows()) { echo("<span class=info>User '$delete_username' deleted!</span>"); }
 

html/pages/device.php

@@ -1,5 +1,7 @@
 <?
 
+if($_GET['id']) {$_GET['id'] = mres($_GET['id']); } 
+
 if(devicepermitted($_GET['id'])) {
 
 $selected['iface'] = "selected";
@@ -7,7 +9,8 @@ $selected['iface'] = "selected";
 if(!$_GET['section']) { 
   $_GET['section'] = "dev-overview"; 
 }
-$section = $_GET['section'];
+$section = mres($_GET['section']);
+$section = str_replace(".", "", $section);
 $select[$section] = "selected";
 
 

html/pages/device/dev-graphs.inc

@@ -8,6 +8,12 @@ while($device = mysql_fetch_array($device_query)) {
    echo("<div style='clear: both;'>");
 
    switch ($device['os']) {
+   case "JunOS":
+      echo("<div class=graphhead>Processor Utilisation</div>");
+      $graph_type = "cpu";            include ("includes/print-device-graph.php");
+      break;
+
+
    case "Fortigate":
       echo("<div class=graphhead>Processor Utilisation</div>");
       $graph_type = "fortigate_cpu";            include ("includes/print-device-graph.php");

includes/functions.php

@@ -22,6 +22,12 @@ include_once($config['install_dir'] . "/includes/syslog.php");
 function mres($string) {
  // short function wrapper because the real one is stupidly long and ugly. aestetics.
  return mysql_real_escape_string($string);
+}
+
+function validate_hostip($host) {
+
+
+
 }
 
 function write_dev_attrib($device_id, $attrib_type, $attrib_value) {

includes/graphing.php

@@ -315,6 +315,21 @@ function bgpupdatesgraph ($rrd, $graph , $from, $to, $width, $height) {
   return $imgfile;
 }
 
+function graph_cpu_generic_single ($rrd, $graph , $from, $to, $width, $height) {
+  global $config;
+  $database = $config['rrd_dir'] . "/" . $rrd;
+  $imgfile = "graphs/" . "$graph";
+  $options = "--alt-autoscale-max -l 0 -E --start $from --end $to --width $width --height $height ";
+  if($width <= "300") {$options .= " --font LEGEND:7:".$config['mono_font']." --font AXIS:6:".$config['mono_font']." --font-render-mode normal "; }
+  $options .= " DEF:cpu=$database:cpu:AVERAGE";
+  $options .= " COMMENT:\ \ \ \ \ \ \ \ \ \ Current\ \ Minimum\ \ Maximum\ \ Average\\\\n";
+  $options .= " AREA:cpu#ffee99: LINE1.25:cpu#aa2200:Load\ %";
+  $options .= " GPRINT:cpu:LAST:%6.2lf\  GPRINT:cpu:AVERAGE:%6.2lf\ ";
+  $options .= " GPRINT:cpu:MAX:%6.2lf\  GPRINT:cpu:AVERAGE:%6.2lf\\\\n";
+  $thing = shell_exec($config['rrdtool'] . " graph $imgfile $options");
+  return $imgfile;
+}
+
 
 function cpugraph ($rrd, $graph , $from, $to, $width, $height) {
   global $config, $installdir;

includes/polling/device-junos.inc.php

@@ -1,5 +1,7 @@
 <?php
 
+echo("Doing Juniper JunOS");
+
 $jun_ver =  trim(str_replace("\"", "", shell_exec($config['snmpget'] . " -".$device['snmpver']." -Oqv -c ".$device['community']." ".$device['hostname']." .1.3.6.1.2.1.25.6.3.1.2.2")));
 $hardware = trim(str_replace("\"", "", shell_exec($config['snmpget'] . " -".$device['snmpver']." -Oqv -c ".$device['community']." ".$device['hostname']." .1.3.6.1.4.1.2636.3.1.2.0")));
 $serial = trim(str_replace("\"", "", shell_exec($config['snmpget'] . " -".$device['snmpver']." -Oqv -c ".$device['community']." ".$device['hostname']." .1.3.6.1.4.1.2636.3.1.3.0")));
@@ -9,6 +11,27 @@ $features = preg_replace("/.+\ \((.+)\)$/", "\\1", $jun_ver);
 
 echo("$hardware - $version - $features - $serial\n");
 
+$cpurrd   = $rrd_dir . "/" . $device['hostname'] . "/junos-cpu.rrd";
+
+$cpu_cmd  = $config['snmpget'] . " -O qv -" . $device['snmpver'] . " -c " . $device['community'] . " " . $device['hostname'];
+$cpu_cmd .= " .1.3.6.1.4.1.2636.3.1.13.1.8.9.1.0.0";
+$cpu_usage = trim(shell_exec($cpu_cmd));
+
+if (!is_file($cpurrd)) {
+   `rrdtool create $cpurrd \
+    --step 300 \
+     DS:cpu:GAUGE:600:0:100 \
+     RRA:AVERAGE:0.5:1:800 \
+     RRA:AVERAGE:0.5:6:800 \
+     RRA:AVERAGE:0.5:24:800 \
+     RRA:AVERAGE:0.5:288:800 \
+     RRA:MAX:0.5:1:800 \
+     RRA:MAX:0.5:6:800 \
+     RRA:MAX:0.5:24:800 \
+     RRA:MAX:0.5:288:800`;
+}
+
+shell_exec($config['rrdtool'] . " update $cpurrd N:$cpu_usage");
 
 
 ?>

poll-device.php

@@ -143,6 +143,10 @@ while ($device = mysql_fetch_array($device_query)) {
       include("includes/polling/device-fortigate.inc.php");
       break;
 
+    case "JunOS":
+      include("includes/polling/device-junos.inc.php");
+      break;
+
     case "IOS":
       $version = str_replace("Cisco IOS Software,", "", $sysDescr);
       $version = str_replace("IOS (tm) ", "", $version);