fix auth for graphs to allow cidr filter. fix schema 006

git-svn-id: http://www.observium.org/svn/observer/trunk@3169 61d68cd4-352d-0410-923a-c4978735b2b8

html/graph.php

@@ -51,17 +51,6 @@ include_once("includes/functions.inc.php");
 include_once("../includes/rrdtool.inc.php");
 include_once("includes/authenticate.inc.php");
 
-if (isset($config['allow_unauth_graphs']) && $config['allow_unauth_graphs'])
-{
-  $auth = "1"; ## hardcode auth for all with config function
-} else {
-  if (!$_SESSION['authenticated'])
-  {
-    graph_error("Session not authenticated");
-    exit;
-  }
-}
-
 include("includes/graphs/graph.inc.php");
 
 $end = utime(); $run = $end - $start;;

html/includes/functions.inc.php

@@ -1,5 +1,12 @@
 <?php
 
+function data_uri($file, $mime)
+{
+  $contents = file_get_contents($file);
+  $base64   = base64_encode($contents);
+  return ('data:' . $mime . ';base64,' . $base64);
+}
+
 function toner2colour($descr, $percent)
 {
   $colour = get_percentage_colours(100-$percent);

html/includes/graphs/application/auth.inc.php

@@ -1,6 +1,6 @@
 <?php
 
-if (is_numeric($vars['id']) && ($config['allow_unauth_graphs'] || application_permitted($vars['id'])))
+if (is_numeric($vars['id']) && ($auth || application_permitted($vars['id'])))
 {
   $app    = get_application_by_id($vars['id']);
   $device = device_by_id_cache($app['device_id']);

html/includes/graphs/atmvp/auth.inc.php

@@ -4,7 +4,7 @@ if ($_GET['id'] && is_numeric($_GET['id'])) { $atm_vp_id = $_GET['id']; }
 
 $vp = dbFetchRow("SELECT * FROM `juniAtmVp` as J, `ports` AS I, `devices` AS D WHERE J.juniAtmVp_id = ? AND I.interface_id = J.interface_id AND I.device_id = D.device_id", array($atm_vp_id));
 
-if ($config['allow_unauth_graphs'] || port_permitted($vp['interface_id']))
+if ($auth || port_permitted($vp['interface_id']))
 {
   $port   = $vp;
   $device = device_by_id_cache($port['device_id']);

html/includes/graphs/bgp/auth.inc.php

@@ -5,7 +5,7 @@ if (is_numeric($vars['id']))
 
   $data = dbFetchRow("SELECT * FROM bgpPeers WHERE bgpPeer_id = ?", array($vars['id']));
 
-  if (is_numeric($data['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($data['device_id'])))
+  if (is_numeric($data['device_id']) && ($auth || device_permitted($data['device_id'])))
   {
     $device = device_by_id_cache($data['device_id']);
 

html/includes/graphs/bill/auth.inc.php

@@ -4,7 +4,7 @@
 
 include("../includes/billing.php");
 
-if (is_numeric($_GET['id']) && ($config['allow_unauth_graphs'] || bill_permitted($_GET['id'])))
+if (is_numeric($_GET['id']) && ($auth || bill_permitted($_GET['id'])))
 {
   $bill     = dbFetchRow("SELECT * FROM `bills` WHERE bill_id = ?", array($_GET['id']));
 

html/includes/graphs/cefswitching/auth.inc.php

@@ -4,7 +4,7 @@ if (is_numeric($vars['id']))
 {
   $cef = dbFetchRow("SELECT * FROM `cef_switching` AS C, `devices` AS D WHERE C.cef_switching_id = ? AND C.device_id = D.device_id", array($vars['id']));
 
-  if (is_numeric($cef['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($cef['device_id'])))
+  if (is_numeric($cef['device_id']) && ($auth || device_permitted($cef['device_id'])))
   {
     $device = device_by_id_cache($cef['device_id']);
 

html/includes/graphs/customer/auth.inc.php

@@ -2,7 +2,7 @@
 
 ## FIXME - wtfbbq
 
-if ($_SESSION['userlevel'] >= "5" || $config['allow_unauth_graphs'])
+if ($_SESSION['userlevel'] >= "5" || $auth)
 {
   $id = mres($vars['id']);
   $title = generate_device_link($device);

html/includes/graphs/device/auth.inc.php

@@ -1,6 +1,6 @@
 <?php
 
-if ($config['allow_unauth_graphs'] || device_permitted($device['device_id']))
+if ($auth || device_permitted($device['device_id']))
 {
   $title = generate_device_link($device);
   $graph_title = $device['hostname'];

html/includes/graphs/diskio/auth.inc.php

@@ -4,7 +4,7 @@ if (is_numeric($vars['id']))
 {
   $disk = dbFetchRow("SELECT * FROM `ucd_diskio` AS U, `devices` AS D WHERE U.diskio_id = ? AND U.device_id = D.device_id", array($vars['id']));
 
-  if (is_numeric($disk['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($disk['device_id'])))
+  if (is_numeric($disk['device_id']) && ($auth || device_permitted($disk['device_id'])))
   {
     $device = device_by_id_cache($disk['device_id']);
 

html/includes/graphs/graph.inc.php

@@ -1,12 +1,5 @@
 <?php
 
-function data_uri($file, $mime)
-{
-  $contents = filevars_contents($file);
-  $base64   = base64_encode($contents);
-  return ('data:' . $mime . ';base64,' . $base64);
-}
-
 // Push $_GET into $vars to be compatible with web interface naming
 
 foreach ($_GET as $name => $value)
@@ -47,6 +40,12 @@ $subtype = $graphtype['subtype'];
 
 if (is_file($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.php"))
 {
+
+  if (isset($config['allow_unauth_graphs']) && $config['allow_unauth_graphs']) 
+  {
+    $auth = "1"; ## hardcode auth for all with config function
+  }
+
   if (isset($config['allow_unauth_graphs_cidr']) && count($config['allow_unauth_graphs_cidr']) > 0)
   {
     foreach ($config['allow_unauth_graphs_cidr'] as $range)
@@ -54,6 +53,7 @@ if (is_file($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.p
       if (Net_IPv4::ipInNetwork($_SERVER['REMOTE_ADDR'], $range))
       {
         $auth = "1"; 
+        if($debug) { echo("matched $range"); }
         break;
       }
     }

html/includes/graphs/ipsectunnel/auth.inc.php

@@ -4,7 +4,7 @@ if (is_numeric($vars['id']))
 {
   $tunnel = dbFetchRow("SELECT * FROM `ipsec_tunnels` AS I, `devices` AS D WHERE I.tunnel_id = ? AND I.device_id = D.device_id", array($vars['id']));
 
-  if (is_numeric($tunnel['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($tunnel['device_id'])))
+  if (is_numeric($tunnel['device_id']) && ($auth || device_permitted($tunnel['device_id'])))
   {
     $device = device_by_id_cache($tunnel['device_id']);
 

html/includes/graphs/location/auth.inc.php

@@ -2,7 +2,7 @@
 
 foreach (dbFetchRows("SELECT * FROM `devices` WHERE `location` = ?", array($vars['id'])) as $device)
 {
-  if ($config['allow_unauth_graphs'] || device_permitted($device_id))
+  if ($auth || device_permitted($device_id))
   {
     $devices[] = $device;
     $title = $vars['id'];

html/includes/graphs/mempool/auth.inc.php

@@ -4,7 +4,7 @@ if (is_numeric($vars['id']))
 {
   $mempool = dbFetchRow("SELECT * FROM `mempools` AS C, `devices` AS D where C.`mempool_id` = ? AND C.device_id = D.device_id", array($vars['id']));
 
-  if (is_numeric($mempool['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($mempool['device_id'])))
+  if (is_numeric($mempool['device_id']) && ($auth || device_permitted($mempool['device_id'])))
   {
     $device = device_by_id_cache($mempool['device_id']);
     $rrd_filename = $config['rrd_dir'] . "/".$device['hostname']."/" . safename("mempool-".$mempool['mempool_type']."-".$mempool['mempool_index'].".rrd");

html/includes/graphs/multiport/auth.inc.php

@@ -4,7 +4,7 @@ $auth = TRUE;
 
 foreach (explode(",", $vars['id']) as $ifid)
 {
-  if (!$config['allow_unauth_graphs'] && !port_permitted($ifid))
+  if (!$auth && !port_permitted($ifid))
   $auth = FALSE;
 }
 

html/includes/graphs/munin/auth.inc.php

@@ -7,7 +7,7 @@
     $mplug = dbFetchRow("SELECT * FROM `munin_plugins` AS M, `devices` AS D WHERE M.`device_id` = ? AND `mplug_type` = ?  AND D.device_id = M.device_id", array($device['device_id'], $vars['plugin']));
   }
 
-  if (is_numeric($mplug['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($mplug['device_id'])))
+  if (is_numeric($mplug['device_id']) && ($auth || device_permitted($mplug['device_id'])))
   {
     $device = &$mplug;
     $title  = generate_device_link($device);

html/includes/graphs/netscalervsvr/auth.inc.php

@@ -5,7 +5,7 @@ if (is_numeric($vars['id']))
 
   $vsvr = dbFetchRow("SELECT * FROM `netscaler_vservers` AS I, `devices` AS D WHERE I.vsvr_id = ? AND I.device_id = D.device_id", array($vars['id']));
 
-  if (is_numeric($vsvr['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($vsvr['device_id'])))
+  if (is_numeric($vsvr['device_id']) && ($auth || device_permitted($vsvr['device_id'])))
   {
     $device = device_by_id_cache($vsvr['device_id']);
 

html/includes/graphs/port/auth.inc.php

@@ -1,6 +1,6 @@
 <?php
 
-if (is_numeric($vars['id']) && ($config['allow_unauth_graphs'] || port_permitted($vars['id'])))
+if (is_numeric($vars['id']) && ($auth || port_permitted($vars['id'])))
 {
   $port   = get_port_by_id($vars['id']);
   $device = device_by_id_cache($port['device_id']);

html/includes/graphs/processor/auth.inc.php

@@ -2,7 +2,7 @@
 
 $proc = dbFetchRow("SELECT * FROM `processors` where `processor_id` = ?", array($vars['id']));
 
-if (is_numeric($proc['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($proc['device_id'])))
+if (is_numeric($proc['device_id']) && ($auth || device_permitted($proc['device_id'])))
 {
   $device = device_by_id_cache($proc['device_id']);
   $rrd_filename  = $config['rrd_dir'] . "/".$device['hostname']."/" . safename("processor-" . $proc['processor_type'] . "-" . $proc['processor_index'] . ".rrd");

html/includes/graphs/rserver/auth.inc.php

@@ -5,7 +5,7 @@ if (is_numeric($vars['id']))
 #  $auth= TRUE;
   $rserver = dbFetchRow("SELECT * FROM `loadbalancer_rservers` AS I, `devices` AS D WHERE I.rserver_id = ? AND I.device_id = D.device_id", array($vars['id']));
 
-  if (is_numeric($rserver['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($rserver['device_id'])))
+  if (is_numeric($rserver['device_id']) && ($auth || device_permitted($rserver['device_id'])))
   {
     $device = device_by_id_cache($rserver['device_id']);
 

html/includes/graphs/sensor/auth.inc.php

@@ -4,7 +4,7 @@ if (is_numeric($vars['id']))
 {
   $sensor = dbFetchRow("SELECT * FROM sensors WHERE sensor_id = ?", array($vars['id']));
 
-  if (is_numeric($sensor['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($sensor['device_id'])))
+  if (is_numeric($sensor['device_id']) && ($auth || device_permitted($sensor['device_id'])))
   {
     $device = device_by_id_cache($sensor['device_id']);
 

html/includes/graphs/service/auth.inc.php

@@ -4,7 +4,7 @@ if (is_numeric($vars['id']))
 {
   $service = dbFetchRow("SELECT * FROM services WHERE service_id = ?", array($vars['id']));
 
-  if (is_numeric($service['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($service['device_id'])))
+  if (is_numeric($service['device_id']) && ($auth || device_permitted($service['device_id'])))
   {
     $device = device_by_id_cache($service['device_id']);
 

html/includes/graphs/smokeping/auth.inc.php

@@ -1,6 +1,6 @@
 <?php
 
-if (is_numeric($vars['id']) && ($config['allow_unauth_graphs'] || device_permitted($vars['id'])))
+if (is_numeric($vars['id']) && ($auth || device_permitted($vars['id'])))
 {
   $device = device_by_id_cache($vars['id']);
   $title = generate_device_link($device);

html/includes/graphs/storage/auth.inc.php

@@ -4,7 +4,7 @@ if (is_numeric($vars['id']))
 {
   $storage = dbFetchRow("SELECT * FROM `storage` WHERE `storage_id` = ?", array($vars['id']));
 
-  if (is_numeric($storage['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($storage['device_id'])))
+  if (is_numeric($storage['device_id']) && ($auth || device_permitted($storage['device_id'])))
   {
     $device = device_by_id_cache($storage['device_id']);
     $rrd_filename  = $config['rrd_dir'] . "/" . $device['hostname'] . "/" . safename("storage-" . $storage['storage_mib'] . "-" . $storage['storage_descr'] . ".rrd");

html/includes/graphs/toner/auth.inc.php

@@ -4,7 +4,7 @@ if (is_numeric($vars['id']))
 {
   $toner = dbFetchRow("SELECT * FROM `toner` WHERE `toner_id` = ?", array($vars['id']));
 
-  if (is_numeric($toner['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($toner['device_id'])))
+  if (is_numeric($toner['device_id']) && ($auth || device_permitted($toner['device_id'])))
   {
     $device = device_by_id_cache($toner['device_id']);
     $rrd_filename  = $config['rrd_dir'] . "/" . $device['hostname'] . "/" . safename("toner-" . $toner['toner_index'] . ".rrd");

html/includes/graphs/vserver/auth.inc.php

@@ -5,7 +5,7 @@ if (is_numeric($vars['id']))
 #  $auth= TRUE;
   $vserver = dbFetchRow("SELECT * FROM `loadbalancer_vservers` AS I, `devices` AS D WHERE I.classmap_id = ? AND I.device_id = D.device_id", array($vars['id']));
 
-  if (is_numeric($vserver['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($vserver['device_id'])))
+  if (is_numeric($vserver['device_id']) && ($auth || device_permitted($vserver['device_id'])))
   {
     $device = device_by_id_cache($vserver['device_id']);
 

includes/discovery/ports.inc.php

@@ -14,7 +14,6 @@ $interface_added   = 0;
 
 foreach ($ports as $ifIndex => $port)
 {
-
   if (is_port_valid($port, $device))
   {
     if ($device['os'] == "vmware" && preg_match("/Device ([a-z0-9]+) at .*/", $port['ifDescr'], $matches)) { $port['ifDescr'] = $matches[1]; }

includes/functions.php

@@ -768,8 +768,10 @@ function is_port_valid($port, $device)
 
   global $config;
 
-  if (!strstr($port['ifDescr'], "irtual"))
+  if (strstr($port['ifDescr'], "irtual"))
   {
+    $valid = 0;
+  } else {
     $valid = 1;
     $if = strtolower($port['ifDescr']);
     foreach ($config['bad_if'] as $bi)
@@ -804,8 +806,6 @@ function is_port_valid($port, $device)
     }
     if (empty($port['ifDescr'])) { $valid = 0; }
     if ($device['os'] == "catos" && strstr($if, "vlan")) { $valid = 0; }
-  } else {
-    $valid = 0;
   }
 
   return $valid;

sql-schema/006.sql

@@ -1,6 +1,6 @@
 ALTER TABLE  `bills` CHANGE  `bill_cdr`  `bill_cdr` BIGINT( 20 ) NULL DEFAULT NULL;
-CREATE TABLE IF NOT EXISTS `loadbalancer_rservers` (  `rserver_id` int(11) NOT NULL AUTO_INCREMENT,  `farm_id` varchar(128) CHARACTER SET utf8 NOT NULL,  `device_id` int(11) NOT NULL,  `StateDescr` varchar(64) CHARACTER SET utf8 NOT NULL,  PRIMARY KEY (`rserver_id`)) ENGINE=MyISAM AUTO_INCREMENT=514 DEFAULT CHARSET=utf8
-CREATE TABLE IF NOT EXISTS `loadbalancer_vservers` (  `classmap_id` int(11) NOT NULL,  `classmap` varchar(128) NOT NULL,  `serverstate` varchar(64) NOT NULL,  `device_id` int(11) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8
+CREATE TABLE IF NOT EXISTS `loadbalancer_rservers` (  `rserver_id` int(11) NOT NULL AUTO_INCREMENT,  `farm_id` varchar(128) CHARACTER SET utf8 NOT NULL,  `device_id` int(11) NOT NULL,  `StateDescr` varchar(64) CHARACTER SET utf8 NOT NULL,  PRIMARY KEY (`rserver_id`)) ENGINE=MyISAM AUTO_INCREMENT=514 DEFAULT CHARSET=utf8;
+CREATE TABLE IF NOT EXISTS `loadbalancer_vservers` (  `classmap_id` int(11) NOT NULL,  `classmap` varchar(128) NOT NULL,  `serverstate` varchar(64) NOT NULL,  `device_id` int(11) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 ALTER TABLE  `sensors` CHANGE  `sensor_index`  `sensor_index` VARCHAR( 64 );
 CREATE TABLE IF NOT EXISTS `netscaler_vservers` (  `vsvr_id` int(11) NOT NULL AUTO_INCREMENT,  `device_id` int(11) NOT NULL,  `vsvr_name` varchar(128) COLLATE utf8_unicode_ci NOT NULL,  `vsvr_ip` varchar(128) COLLATE utf8_unicode_ci NOT NULL,  `vsvr_port` int(8) NOT NULL,  `vsvr_type` varchar(64) COLLATE utf8_unicode_ci NOT NULL,  `vsvr_state` varchar(32) COLLATE utf8_unicode_ci NOT NULL,  `vsvr_clients` int(11) NOT NULL,  `vsvr_server` int(11) NOT NULL,  `vsvr_req_rate` int(11) NOT NULL,  `vsvr_bps_in` int(11) NOT NULL,  `vsvr_bps_out` int(11) NOT NULL,  PRIMARY KEY (`vsvr_id`)) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci ;
 ALTER TABLE `dbSchema` ADD `version` INT NOT NULL;