diff options
| -rw-r--r-- | auth/authentication.php | 2 | ||||
| -rw-r--r-- | auth/ssh.php | 2 | ||||
| -rw-r--r-- | auth/telnet.php | 2 | ||||
| -rw-r--r-- | execute.php | 120 | ||||
| -rw-r--r-- | router.php | 113 | ||||
| -rw-r--r-- | routers/juniper.php | 79 | ||||
| -rw-r--r-- | routers/router.php | 79 |
7 files changed, 198 insertions, 199 deletions
diff --git a/auth/authentication.php b/auth/authentication.php index 1ec3cb1..7a67fb5 100644 --- a/auth/authentication.php +++ b/auth/authentication.php @@ -49,7 +49,7 @@ abstract class Authentication { return new Telnet($config); default: - 'Unknown authentication mecanism "'.$config['auth'].'"."'; + print 'Unknown authentication mecanism "'.$config['auth'].'"."'; return null; } } diff --git a/auth/ssh.php b/auth/ssh.php index 27bcdaf..07a51d2 100644 --- a/auth/ssh.php +++ b/auth/ssh.php @@ -21,7 +21,7 @@ require_once 'authentication.php'; -class SSH extends Authentication { +final class SSH extends Authentication { private $port; public function __construct($config) { diff --git a/auth/telnet.php b/auth/telnet.php index d2b084a..6e4064e 100644 --- a/auth/telnet.php +++ b/auth/telnet.php @@ -21,7 +21,7 @@ require_once 'authentication.php'; -class Telnet extends Authentication { +final class Telnet extends Authentication { private $port; public function __construct($config) { diff --git a/execute.php b/execute.php index 9761c57..dd24a6c 100644 --- a/execute.php +++ b/execute.php @@ -20,8 +20,38 @@ */ require_once 'config.php'; -require_once 'router.php'; -require_once 'utils.php'; +require_once 'routers/router.php'; + +function process_output($output) { + global $config; + + $return = ''; + + foreach (preg_split("/((\r?\n)|(\r\n?))/", $output) as $line) { + // Get rid of empty lines + if (empty($line)) { + continue; + } + + $valid = true; + + foreach ($config['filters'] as $filter) { + // Line has been marked as invalid + // Or filtered based on the configuration + if (!$valid || (preg_match($filter, $line) === 1)) { + $valid = false; + break; + } + } + + if ($valid) { + // The line is valid, print it + $return .= $line."\n"; + } + } + + return $return; +} // Obvious spam if (!isset($_POST['dontlook']) || !empty($_POST['dontlook'])) { @@ -35,89 +65,13 @@ if (isset($_POST['query']) && !empty($_POST['query']) && $query = htmlspecialchars($_POST['query']); $hostname = htmlspecialchars($_POST['routers']); $parameters = htmlspecialchars($_POST['parameters']); - $valid_request = false; - switch ($query) { - case 'bgp': - if (match_ipv4($parameters) || match_ipv6($parameters)) { - $valid_request = true; - } else { - $error = 'The parameter is not an IPv4/IPv6 address.'; - } - break; - - case 'as-path-regex': - if (match_aspath_regex($parameters)) { - $valid_request = true; - } else { - $error = 'The parameter is not an AS-Path regular expression.'; - } - break; + // Do the processing + $router = Router::instance($hostname, $_SERVER['REMOTE_ADDR']); + $data = $router->send_command($query, $parameters); - case 'as': - if (match_as($parameters)) { - $valid_request = true; - } else { - $error = 'The parameter is not an AS number.'; - } - break; - - case 'ping': - case 'traceroute': - if (match_ipv4($parameters) || match_ipv6($parameters) || - match_fqdn($parameters)) { - $valid_request = true; - } else { - $error = 'The parameter is not an IPv4/IPv6 address or a FQDN.'; - } - break; - - default: - $error = 'Unknown request: '.$query; - break; - } - - if (!$valid_request && isset($error)) { - // Unknown query or invalid parameters - echo $error; - } else { - // Do the processing - // Router connection, command execution, disconnection - $router = new Router($hostname, $_SERVER['REMOTE_ADDR']); - $data = $router->send_command($query, $parameters); - - // Process the output line by line - $return = ''; - foreach (preg_split("/((\r?\n)|(\r\n?))/", $data) as $line) { - // Get rid of empty lines - if (empty($line)) { - continue; - } - - $valid = true; - - foreach ($config['filters'] as $filter) { - // Line has been marked as invalid - if (!$valid) { - break; - } - - // Filter line based on the configuration - if (preg_match($filter, $line) === 1) { - $valid = false; - break; - } - } - - // The line is valid, print it - if ($valid) { - $return .= $line."\n"; - } - } - - // Display the result of the command - echo $return; - } + // Display the result of the command + print process_output($data); } // End of execute.php diff --git a/router.php b/router.php deleted file mode 100644 index b5112e1..0000000 --- a/router.php +++ /dev/null @@ -1,113 +0,0 @@ -<?php - -/* - * Looking Glass - An easy to deploy Looking Glass - * Copyright (C) 2014 Guillaume Mazoyer <gmazoyer@gravitons.in> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - */ - -require_once 'config.php'; -require_once 'utils.php'; -require_once 'auth/authentication.php'; - -class Router { - private $id; - private $host; - private $port; - private $type; - private $auth; - private $connection; - private $requester; - - public function __construct($id, $requester) { - global $config; - - $this->id = $id; - $this->host = $config['routers'][$id]['host']; - $this->type = $config['routers'][$id]['type']; - $this->auth = $config['routers'][$id]['auth']; - $this->requester = $requester; - - if (isset($config['routers'][$id]['port'])) { - $this->port = $config['routers'][$id]['port']; - } - } - - public function send_command($command, $parameters) { - global $config; - - switch ($command) { - case 'bgp': - if (($parameters != null) && (strlen($parameters) > 0)) { - $complete_command = 'show route '.$parameters.' | no-more'; - } else { - return 'An IP address (and only one) is required as destination.'; - } - break; - - case 'as-path-regex': - if (($parameters != null) && (strlen($parameters) > 0)) { - $complete_command = 'show route aspath-regex '.$parameters.' | no-more'; - } else { - return 'An AS-Path regex is required like ".*XXXX YYYY.*".'; - } - break; - - case 'as': - if (($parameters != null) && (strlen($parameters) > 0)) { - $complete_command = 'show route aspath-regex .*'.$parameters.'.* | no-more'; - } else { - return 'An AS number is required like XXXX.'; - } - break; - - case 'ping': - if (($parameters != null) && (strlen($parameters) > 0)) { - $complete_command = 'ping count 10 '.$parameters.' rapid'; - } else { - return 'An IP address (and only one) is required to ping a host.'; - } - break; - - case 'traceroute': - if (($parameters != null) && (strlen($parameters) > 0)) { - if (match_ipv4($parameters)) { - $complete_command = 'traceroute '.$parameters.' as-number-lookup'; - } else { - $complete_command = 'traceroute '.$parameters; - } - } else { - return 'An IP address is required to traceroute a host.'; - } - break; - - default: - return 'Command not supported.'; - } - - $auth = Authentication::instance($config['routers'][$this->id]); - $auth->connect(); - $data = $auth->send_command($complete_command); - $auth->disconnect(); - - log_to_file('[client: '.$this->requester.'] '.$this->host.'> '. - $complete_command); - - return $data; - } -} - -// End of router.php diff --git a/routers/juniper.php b/routers/juniper.php new file mode 100644 index 0000000..0e27297 --- /dev/null +++ b/routers/juniper.php @@ -0,0 +1,79 @@ +<?php + +/* + * Looking Glass - An easy to deploy Looking Glass + * Copyright (C) 2014 Guillaume Mazoyer <gmazoyer@gravitons.in> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +require_once 'router.php'; +require_once 'utils.php'; + +final class Juniper extends Router { + protected function build_command($command, $parameters) { + switch ($command) { + case 'bgp': + if (match_ipv4($parameters) || match_ipv6($parameters)) { + $complete_command = 'show route '.$parameters.' | no-more'; + } else { + throw new Exception('The parameter is not an IPv4/IPv6 address.'); + } + break; + + case 'as-path-regex': + if (match_aspath_regex($parameters)) { + $complete_command = 'show route aspath-regex '.$parameters.' | no-more'; + } else { + throw new Exception('The parameter is not an AS-Path regular expression like ".*XXXX YYYY.*".'); + } + break; + + case 'as': + if (match_as($parameters)) { + $complete_command = 'show route aspath-regex .*'.$parameters.'.* | no-more'; + } else { + throw new Exception('The parameter is not an AS number.'); + } + break; + + case 'ping': + if (match_ipv4($parameters) || match_ipv6($parameters) || + match_fqdn($parameters)) { + $complete_command = 'ping count 10 '.$parameters.' rapid'; + } else { + throw new Exception('The parameter is not an IPv4/IPv6 address or a FQDN.'); + } + break; + + case 'traceroute': + if (match_ipv4($parameters)) { + $complete_command = 'traceroute '.$parameters.' as-number-lookup'; + } else if (match_ipv6($parameters) || match_fqdn($parameters)) { + $complete_command = 'traceroute '.$parameters; + } else { + throw new Exception('The parameter is not an IPv4/IPv6 address or a FQDN.'); + } + break; + + default: + throw new Exception('Command not supported.'); + } + + return $complete_command; + } +} + +// End of juniper.php diff --git a/routers/router.php b/routers/router.php new file mode 100644 index 0000000..5e15303 --- /dev/null +++ b/routers/router.php @@ -0,0 +1,79 @@ +<?php + +/* + * Looking Glass - An easy to deploy Looking Glass + * Copyright (C) 2014 Guillaume Mazoyer <gmazoyer@gravitons.in> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +require_once 'config.php'; +require_once 'juniper.php'; +require_once 'utils.php'; +require_once 'auth/authentication.php'; + +abstract class Router { + protected $config; + protected $id; + protected $requester; + + public function __construct($config, $id, $requester) { + $this->config = $config; + $this->id = $id; + $this->requester = $requester; + + if (isset($config['routers'][$id]['port'])) { + $this->port = $config['routers'][$id]['port']; + } + } + + protected abstract function build_command($command, $parameters); + + public function send_command($command, $parameters) { + try { + $complete_command = $this->build_command($command, $parameters); + } catch (Exception $e) { + return $e->getMessage(); + } + + $auth = Authentication::instance($this->config); + $auth->connect(); + $data = $auth->send_command($complete_command); + $auth->disconnect(); + + log_to_file('['.date("Y-m-d H:i:s").'] [client: '.$this->requester.'] '. + $this->config['host'].'> '.$complete_command); + + return $data; + } + + public static final function instance($id, $requester) { + global $config; + + $router_config = $config['routers'][$id]; + + switch ($router_config['type']) { + case 'juniper': + case 'junos': + return new Juniper($router_config, $id, $requester); + + default: + print 'Unknown router type "'.$router_config['type'].'"."'; + return null; + } + } +} + +// End of router.php |