#!/usr/bin/perl # ipdb/cgi-bin/main.cgi ### # SVN revision info # $Date: 2010-08-04 21:59:51 +0000 (Wed, 04 Aug 2010) $ # SVN revision $Rev: 461 $ # Last update by $Author: kdeugau $ ### # Copyright (C) 2004-2010 - Kris Deugau use strict; use warnings; use CGI::Carp qw(fatalsToBrowser); use CGI::Simple; use HTML::Template; use DBI; use CommonWeb qw(:ALL); use CustIDCK; use POSIX qw(ceil); use NetAddr::IP; use Sys::Syslog; # don't remove! required for GNU/FHS-ish install from tarball ##uselib## use MyIPDB; openlog "IPDB","pid","$IPDB::syslog_facility"; # Collect the username from HTTP auth. If undefined, we're in # a test environment, or called without a username. my $authuser; if (!defined($ENV{'REMOTE_USER'})) { $authuser = '__temptest'; } else { $authuser = $ENV{'REMOTE_USER'}; } syslog "debug", "$authuser active, $ENV{'REMOTE_ADDR'}"; # Why not a global DB handle? (And a global statement handle, as well...) # Use the connectDB function, otherwise we end up confusing ourselves my $ip_dbh; my $sth; my $errstr; ($ip_dbh,$errstr) = connectDB_My; if (!$ip_dbh) { exitError("Database error: $errstr\n"); } initIPDBGlobals($ip_dbh); # Set up some globals ##fixme - need to autofill this somehow $ENV{HTML_TEMPLATE_ROOT} = '/home/kdeugau/dev/ipdb/trunk/templates'; my $header = HTML::Template->new(filename => "header.tmpl"); $header->param(version => $IPDB::VERSION); $header->param(addperm => $IPDBacl{$authuser} =~ /a/); print "Content-type: text/html\n\n", $header->output; # Set up the CGI object... my $q = new CGI::Simple; # ... and get query-string params as well as POST params if necessary $q->parse_query_string; # Convenience; saves changing all references to %webvar ##fixme: tweak for handling \n). qq(\n). qq(\n). qq(\n). qq(\n) : ''); } # end check for existence of routed blocks in master print qq(\n
\n). qq(
Unrouted blocks in $master:

\n); startTable('Netblock','Range'); # Snag the free blocks. my $count = 0; $sth = $ip_dbh->prepare("select cidr from freeblocks where cidr <<='$master' and ". "routed='n' order by cidr"); $sth->execute(); while (my @data = $sth->fetchrow_array()) { my $cidr = new NetAddr::IP $data[0]; my @row = ("$cidr", $cidr->range); printRow(\@row, 'color1' ) if($count%2==0); printRow(\@row, 'color2' ) if($count%2!=0); $count++; } print "\n"; } # showMaster # Display details of a routed block # Alrighty then! We're showing allocations within a routed block this time. # We should be able to steal code from showSummary() and showMaster(), and if # I'm really smart I'll figger a way to munge all three together. (Once I've # done that, everything else should follow. YMMV. # This time, we check the database before spewing, because we may # not have anything useful to spew. sub showRBlock { my $master = new NetAddr::IP $webvar{block}; $sth = $ip_dbh->prepare("select city from routed where cidr='$master'"); $sth->execute; my @data = $sth->fetchrow_array; print qq(
Summarizing allocated blocks for ). qq($master ($data[0]):

\n); startTable('CIDR allocation','Customer Location','Type','CustID','SWIPed?','Description/Name'); # Snag the allocations for this block $sth = $ip_dbh->prepare("select cidr,city,type,custid,swip,description". " from allocations where cidr <<= '$master' order by cidr"); $sth->execute(); # hack hack hack # set up to flag swip=y records if they don't actually have supporting data in the customers table my $custsth = $ip_dbh->prepare("select count(*) from customers where custid=?"); my $count=0; while (my @data = $sth->fetchrow_array()) { # cidr,city,type,custid,swip,description, as per the SELECT my $cidr = new NetAddr::IP $data[0]; # Clean up extra spaces that are borking things. # $data[2] =~ s/\s+//g; $custsth->execute($data[3]); my ($ncust) = $custsth->fetchrow_array(); # Prefix subblocks with "Sub " my @row = ( (($data[2] =~ /^.r$/) ? 'Sub ' : ''). qq($data[0]), $data[1], $disp_alloctypes{$data[2]}, $data[3], ($data[4] eq 'y' ? ($ncust == 0 ? 'Yes*' : 'Yes') : 'No'), $data[5]); # If the allocation is a pool, allow listing of the IPs in the pool. if ($data[2] =~ /^.[pd]$/) { $row[0] .= '   List IPs"; } printRow(\@row, 'color1') if ($count%2 == 0); printRow(\@row, 'color2') if ($count%2 != 0); $count++; } print "\n"; # If the routed block has no allocations, by definition it only has # one free block, and therefore may be deleted. if ($count == 0) { print qq(
No allocations in ). qq($master.
\n). ($IPDBacl{$authuser} =~ /d/ ? qq(
\n). qq(\n). qq(\n). qq(\n). qq(\n). qq(
\n) : ''); } print qq(
\n
Free blocks within routed ). qq(submaster $master
\n); startTable('CIDR block','Range'); # Snag the free blocks. We don't really *need* to be pedantic about avoiding # unrouted free blocks, but it's better to let the database do the work if we can. $count = 0; $sth = $ip_dbh->prepare("select cidr,routed from freeblocks where cidr <<= '$master'". " order by cidr"); $sth->execute(); while (my @data = $sth->fetchrow_array()) { # cidr,routed my $cidr = new NetAddr::IP $data[0]; # Include some HairyPerl(TM) to prefix subblocks with "Sub " my @row = ((($data[1] ne 'y' && $data[1] ne 'n') ? 'Sub ' : ''). ($IPDBacl{$authuser} =~ /a/ ? qq($cidr) : $cidr), $cidr->range); printRow(\@row, 'color1') if ($count%2 == 0); printRow(\@row, 'color2') if ($count%2 != 0); $count++; } print "\n"; } # showRBlock # List the IPs used in a pool sub listPool { my $cidr = new NetAddr::IP $webvar{pool}; my ($pooltype,$poolcity); # Snag pool info for heading $sth = $ip_dbh->prepare("select type,city from allocations where cidr='$cidr'"); $sth->execute; $sth->bind_columns(\$pooltype, \$poolcity); $sth->fetch() || carp $sth->errstr; print qq(
Listing pool IPs for $cidr
\n). qq(($disp_alloctypes{$pooltype} in $poolcity)

\n); # Only display net/gw/bcast if it's a "real" netblock and not a PPP(oE) lunacy if ($pooltype =~ /^.d$/) { print qq(
Reserved IPs:
\n); print qq(
\n"; $cidr++; print "\n"; $cidr--; $cidr--; print "\n". "\n". "
Network IP:). $cidr->addr."
Gateway:".$cidr->addr."
Broadcast:".$cidr->addr."
Netmask:".$cidr->mask."
\n"; } # probably have to add an "edit IP allocation" link here somewhere. startTable('IP','Customer ID','Available?','Description',''); $sth = $ip_dbh->prepare("select ip,custid,available,description,type". " from poolips where pool='$webvar{pool}' order by ip"); $sth->execute; my $count = 0; while (my @data = $sth->fetchrow_array) { # pool,ip,custid,city,ptype,available,notes,description,circuitid # ip,custid,available,description,type # If desc is "null", make it not null. if ($data[3] eq '') { $data[3] = ' '; } # Some nice hairy Perl to decide whether to allow unassigning each IP # -> if $data[2] (aka poolips.available) == 'n' then we print the unassign link # else we print a blank space my @row = ( qq($data[0]), $data[1],$data[2],$data[3], ( (($data[2] eq 'n') && ($IPDBacl{$authuser} =~ /d/)) ? ("Unassign this IP") : (" ") ) ); printRow(\@row, 'color1') if($count%2==0); printRow(\@row, 'color2') if($count%2!=0); $count++; } print "\n"; } # end listPool # Show "Add new allocation" page. Note that the actual page may # be one of two templates, and the lists come from the database. sub assignBlock { if ($IPDBacl{$authuser} !~ /a/) { printError("You shouldn't have been able to get here. Access denied."); return; } # hack pthbttt eww $webvar{block} = '' if !$webvar{block}; # hmm. TMPL_IF block and TMPL_ELSE block on these instead? $page->param(rowa => 'row'.($webvar{block} eq '' ? 1 : 0)); $page->param(rowb => 'row'.($webvar{block} eq '' ? 0 : 1)); $page->param(block => $webvar{block}); # fb-assign flag, if block is set, we're in fb-assign $page->param(iscontained => ($webvar{fbtype} && $webvar{fbtype} ne 'y')); # New special case- block to assign is specified if ($webvar{block} ne '') { my $block = new NetAddr::IP $webvar{block}; # Handle contained freeblock allocation. # This is a little dangerous, as it's *theoretically* possible to # get fbtype='n' (aka a non-routed freeblock). However, should # someone manage to get there, they get what they deserve. if ($webvar{fbtype} ne 'y') { # Snag the type of the container block from the database. $sth = $ip_dbh->prepare("select type from allocations where cidr >>='$block'"); $sth->execute; my @data = $sth->fetchrow_array; $data[0] =~ s/c$/r/; # Munge the type into the correct form $page->param(fbdisptype => $list_alloctypes{$data[0]}); $page->param(type => $data[0]); } else { $sth = $ip_dbh->prepare("select type,listname from alloctypes where listorder < 500 ". "and type not like '_i' and type not like '_r' order by listorder"); $sth->execute; my @data = $sth->fetchrow_array; my @typelist; my $selflag = 0; while (my @data = $sth->fetchrow_array) { my %row = (tval => $data[0], type => $data[1], sel => ($selflag == 0 ? ' selected' : '') ); push (@typelist, \%row); $selflag++; } $page->param(typelist => \@typelist); } } else { my @masterlist; foreach my $master (@masterblocks) { my %row = (master => "$master"); push (@masterlist, \%row); } $page->param(masterlist => \@masterlist); my @pops; foreach my $pop (@poplist) { my %row = (pop => $pop); push (@pops, \%row); } $page->param(pops => \@pops); # could arguably include routing (500) in the list, but ATM it doesn't # make sense, and in any case that shouldn't be structurally possible here. $sth = $ip_dbh->prepare("select type,listname from alloctypes where listorder < 500 order by listorder"); $sth->execute; my @typelist; my $selflag = 0; while (my @data = $sth->fetchrow_array) { my %row = (tval => $data[0], type => $data[1], sel => ($selflag == 0 ? ' selected' : '') ); push (@typelist, \%row); $selflag++; } $page->param(typelist => \@typelist); } my @cities; foreach my $city (@citylist) { my %row = (city => $city); push (@cities, \%row); } $page->param(citylist => \@cities); ## node hack $sth = $ip_dbh->prepare("SELECT node_id, node_name FROM nodes ORDER BY node_type,node_id"); $sth->execute() or print "DEBUG: failed retrieval from nodes: ".$sth->errstr,"
\n"; my @nodes; while (my ($nid,$nname) = $sth->fetchrow_array()) { my %row = (nid => $nid, nname => $nname); push (@nodes, \%row); } $page->param(nodelist => \@nodes); ## end node hack $page->param(privdata => $IPDBacl{$authuser} =~ /s/); } # assignBlock # Take info on requested IP assignment and see what we can provide. sub confirmAssign { if ($IPDBacl{$authuser} !~ /a/) { printError("You shouldn't have been able to get here. Access denied."); return; } my $cidr; my $alloc_from; # Going to manually validate some items. # custid and city are automagic. return if !validateInput(); # Several different cases here. # Static IP vs netblock # + Different flavours of static IP # + Different flavours of netblock if ($webvar{alloctype} =~ /^.i$/) { my ($base,undef) = split //, $webvar{alloctype}; # split into individual chars # Ewww. But it works. $sth = $ip_dbh->prepare("SELECT (SELECT city FROM allocations WHERE cidr=poolips.pool), ". "poolips.pool, COUNT(*) FROM poolips,allocations WHERE poolips.available='y' AND ". "poolips.pool=allocations.cidr AND allocations.city='$webvar{pop}' AND poolips.type LIKE '".$base."_' ". "GROUP BY pool"); $sth->execute; my $optionlist; while (my @data = $sth->fetchrow_array) { # city,pool cidr,free IP count if ($data[2] > 0) { $optionlist .= "\n"; } } $cidr = "Single static IP"; $alloc_from = "\n"; } else { # end show pool options if ($webvar{fbassign} eq 'y') { $cidr = new NetAddr::IP $webvar{block}; $webvar{maskbits} = $cidr->masklen; } else { # done with direct freeblocks assignment if (!$webvar{maskbits}) { printError("Please specify a CIDR mask length."); return; } my $sql; my $city; my $failmsg; my $extracond = ''; if ($webvar{allocfrom} eq '-') { $extracond = ($webvar{allowpriv} eq 'on' ? '' : " and not (cidr <<= '192.168.0.0/16'". " or cidr <<= '10.0.0.0/8'". " or cidr <<= '172.16.0.0/12')"); } my $sortorder; if ($webvar{alloctype} eq 'rm') { if ($webvar{allocfrom} ne '-') { $sql = "select * from freeblocks where maskbits<=$webvar{maskbits} and routed='n'". " and cidr <<= '$webvar{allocfrom}'"; $sortorder = "maskbits desc"; } else { $sql = "select * from freeblocks where maskbits<=$webvar{maskbits} and routed='n'"; $sortorder = "maskbits desc"; } $failmsg = "No suitable free block found.
\nWe do not have a free". " routeable block of that size.
\nYou will have to either route". " a set of smaller netblocks or a single smaller netblock."; } else { ##fixme # This section needs serious Pondering. # Pools of most types get assigned to the POP they're "routed from" # This includes WAN blocks and other netblock "containers" # This does NOT include cable pools. if ($webvar{alloctype} =~ /^.[pc]$/) { $city = $webvar{city}; $failmsg = "No suitable free block found.
\nYou will have to route another". " superblock from one of the
\nmaster blocks or chose a smaller". " block size for the pool."; } else { $city = $webvar{pop}; $failmsg = "No suitable free block found.
\nYou will have to route another". " superblock to $webvar{pop}
\nfrom one of the master blocks or". " chose a smaller blocksize."; } if (defined $webvar{allocfrom} && $webvar{allocfrom} ne '-') { $sql = "select cidr from freeblocks where city='$city' and maskbits<=$webvar{maskbits}". " and cidr <<= '$webvar{allocfrom}' and routed='". (($webvar{alloctype} =~ /^(.)r$/) ? "$1" : 'y')."'"; $sortorder = "maskbits desc,cidr"; } else { $sql = "select cidr from freeblocks where city='$city' and maskbits<=$webvar{maskbits}". " and routed='".(($webvar{alloctype} =~ /^(.)r$/) ? "$1" : 'y')."'"; $sortorder = "maskbits desc,cidr"; } } $sql = $sql.$extracond." order by ".$sortorder; $sth = $ip_dbh->prepare($sql); $sth->execute; my @data = $sth->fetchrow_array(); if ($data[0] eq "") { printError($failmsg); return; } $cidr = new NetAddr::IP $data[0]; } # check for freeblocks assignment or IPDB-controlled assignment ##fixme: HTML must be removed from script! $alloc_from = qq($cidr); # If the block to be allocated is smaller than the one we found, # figure out the "real" block to be allocated. if ($cidr->masklen() ne $webvar{maskbits}) { my $maskbits = $cidr->masklen(); my @subblocks; while ($maskbits++ < $webvar{maskbits}) { @subblocks = $cidr->split($maskbits); } $cidr = $subblocks[0]; } } # if ($webvar{alloctype} =~ /^.i$/) ## node hack if ($webvar{node} && $webvar{node} ne '-') { $sth = $ip_dbh->prepare("SELECT node_name FROM nodes WHERE node_id=?"); $sth->execute($webvar{node}); my ($nodename) = $sth->fetchrow_array(); $page->param(nodename => $nodename); $page->param(nodeid => $webvar{node}); } ## end node hack # Stick in the allocation data $page->param(alloc_type => $webvar{alloctype}); $page->param(typefull => $q->escapeHTML($disp_alloctypes{$webvar{alloctype}})); $page->param(alloc_from => $alloc_from); $page->param(cidr => $cidr); $page->param(city => $q->escapeHTML($webvar{city})); $page->param(custid => $webvar{custid}); $page->param(circid => $q->escapeHTML($webvar{circid})); $page->param(desc => $q->escapeHTML($webvar{desc})); ##fixme: find a way to have the displayed copy have
substitutions # for newlines, and the value have either encoded or bare newlines. # Also applies to privdata. $page->param(notes => $q->escapeHTML($webvar{notes},'y')); # Check to see if user is allowed to do anything with sensitive data my $privdata = ''; $page->param(privdata => $q->escapeHTML($webvar{privdata},'y')) if $IPDBacl{$authuser} =~ /s/; # Yay! This now has it's very own little home. $page->param(billinguser => $webvar{userid}) if $webvar{userid}; ##fixme: this is only needed iff confirm.tmpl/confirm.html and # confirmRemove.html/confirmRemove.tmpl are merged (quite possible, just # a little tedious) $page->param(action => "insert"); } # end confirmAssign # Do the work of actually inserting a block in the database. sub insertAssign { if ($IPDBacl{$authuser} !~ /a/) { printError("You shouldn't have been able to get here. Access denied."); return; } # Some things are done more than once. return if !validateInput(); if (!defined($webvar{privdata})) { $webvar{privdata} = ''; } # $code is "success" vs "failure", $msg contains OK for a # successful netblock allocation, the IP allocated for static # IP, or the error message if an error occurred. my ($code,$msg) = allocateBlock($ip_dbh, $webvar{fullcidr}, $webvar{alloc_from}, $webvar{custid}, $webvar{alloctype}, $webvar{city}, $webvar{desc}, $webvar{notes}, $webvar{circid}, $webvar{privdata}, $webvar{node}); if ($code eq 'OK') { if ($webvar{alloctype} =~ /^.i$/) { $msg =~ s|/32||; print qq(
The IP $msg has been allocated to customer $webvar{custid}
). ( ($webvar{alloctype} eq 'di' && $webvar{billinguser}) ? qq(
Add this IP to RADIUS user table
) : "
"); mailNotify($ip_dbh, "a$webvar{alloctype}", "ADDED: $disp_alloctypes{$webvar{alloctype}} allocation", "$disp_alloctypes{$webvar{alloctype}} $msg allocated to customer $webvar{custid}\n". "Description: $webvar{desc}\n\nAllocated by: $authuser\n"); } else { my $netblock = new NetAddr::IP $webvar{fullcidr}; print qq(
The block $webvar{fullcidr} was ). "sucessfully added as: $disp_alloctypes{$webvar{alloctype}}
". ( ($webvar{alloctype} eq 'pr' && $webvar{billinguser}) ? qq(
Add this netblock to RADIUS user table
) : "
"); mailNotify($ip_dbh, "a$webvar{alloctype}", "ADDED: $disp_alloctypes{$webvar{alloctype}} allocation", "$disp_alloctypes{$webvar{alloctype}} $webvar{fullcidr} allocated to customer $webvar{custid}\n". "Description: $webvar{desc}\n\nAllocated by: $authuser\n"); } syslog "notice", "$authuser allocated '$webvar{fullcidr}' to '$webvar{custid}' as ". "'$webvar{alloctype}' ($msg)"; } else { syslog "err", "Allocation of '$webvar{fullcidr}' to '$webvar{custid}' as ". "'$webvar{alloctype}' by $authuser failed: '$msg'"; printError("Allocation of $webvar{fullcidr} as '$disp_alloctypes{$webvar{alloctype}}'". " failed:
\n$msg\n"); } } # end insertAssign() # Does some basic checks on common input data to make sure nothing # *really* weird gets in to the database through this script. # Does NOT do complete input validation!!! sub validateInput { if ($webvar{city} eq '-') { printError("Please choose a city."); return; } # Alloctype check. chomp $webvar{alloctype}; if (!grep /$webvar{alloctype}/, keys %disp_alloctypes) { # Danger! Danger! alloctype should ALWAYS be set by a dropdown. Anyone # managing to call things in such a way as to cause this deserves a cryptic error. printError("Invalid alloctype"); return; } # CustID check # We have different handling for customer allocations and "internal" or "our" allocations if ($def_custids{$webvar{alloctype}} eq '') { if (!$webvar{custid}) { printError("Please enter a customer ID."); return; } if ($webvar{custid} !~ /^(?:\d{10}|\d{7}|STAFF)(?:-\d\d?)?$/) { # Force uppercase for now... $webvar{custid} =~ tr/a-z/A-Z/; # Crosscheck with billing. my $status = CustIDCK->custid_exist($webvar{custid}); if ($CustIDCK::Error) { printError("Error verifying customer ID: ".$CustIDCK::ErrMsg); return; } if (!$status) { printError("Customer ID not valid. Make sure the Customer ID ". "is correct.
\nUse STAFF for staff static IPs, and $IPDB::defcustid for any other ". "non-customer assignments."); return; } } # print "\n"; } else { # New! Improved! And now Loaded From The Database!! if ((!$webvar{custid}) || ($webvar{custid} ne 'STAFF')) { $webvar{custid} = $def_custids{$webvar{alloctype}}; } } # Check POP location my $flag; if ($webvar{alloctype} eq 'rm') { $flag = 'for a routed netblock'; foreach (@poplist) { if (/^$webvar{city}$/) { $flag = 'n'; last; } } } else { $flag = 'n'; ##fixme: hook to force-set POP or city on certain alloctypes # if ($webvar{alloctype =~ /foo,bar,bz/ { $webvar{pop} = 'blah'; } if ($webvar{pop} =~ /^-$/) { $flag = 'to route the block from/through'; } } if ($flag ne 'n') { printError("Please choose a valid POP location $flag. Valid ". "POP locations are currently:
\n".join (" - ", @poplist)); return; } return 'OK'; } # end validateInput # Displays details of a specific allocation in a form # Allows update/delete # action=edit sub edit { my $sql; # Two cases: block is a netblock, or block is a static IP from a pool # because I'm lazy, we'll try to make the SELECT's bring out identical)ish) data if ($webvar{block} =~ /\/32$/) { $sql = "select ip,custid,type,city,circuitid,description,notes,modifystamp,privdata,oldcustid from poolips where ip='$webvar{block}'"; } else { $sql = "select cidr,custid,type,city,circuitid,description,notes,modifystamp,privdata,oldcustid,swip from allocations where cidr='$webvar{block}'" } # gotta snag block info from db $sth = $ip_dbh->prepare($sql); $sth->execute; my @data = $sth->fetchrow_array; # Clean up extra whitespace on alloc type $data[2] =~ s/\s//; open (HTML, "../editDisplay.html") or croak "Could not open editDisplay.html :$!"; my $html = join('', ); # We can't let the city be changed here; this block is a part of # a larger routed allocation and therefore by definition can't be moved. # block and city are static. ##fixme # Needs thinking. Have to allow changes to city to correct errors, no? $html =~ s/\$\$BLOCK\$\$/$webvar{block}/g; if ($IPDBacl{$authuser} =~ /c/) { $html =~ s/\$\$CUSTID\$\$//; # Screw it. Changing allocation types gets very ugly VERY quickly- especially # with the much longer list of allocation types. # We'll just show what type of block it is. # this has now been Requested, so here goes. ##fixme The check here should be built from the database if ($data[2] =~ /^.[ne]$/) { # Block that can be changed my $blockoptions = "\n"; $html =~ s/\$\$TYPESELECT\$\$/$blockoptions/g; } else { $html =~ s/\$\$TYPESELECT\$\$/$disp_alloctypes{$data[2]}/g; } ## node hack $sth = $ip_dbh->prepare("SELECT node_id FROM noderef WHERE block='$webvar{block}'"); $sth->execute; my ($nodeid) = $sth->fetchrow_array(); if ($nodeid) { $sth = $ip_dbh->prepare("SELECT node_id, node_name FROM nodes ORDER BY node_type,node_id"); $sth->execute() or print "DEBUG: failed retrieval from nodes: ".$sth->errstr,"
\n"; my $nodes = "\n"; $html =~ s/\$\$NODE\$\$/$nodes/; } else { if ($data[2] eq 'fr' || $data[2] eq 'bi') { $sth = $ip_dbh->prepare("SELECT node_id, node_name FROM nodes ORDER BY node_type,node_id"); $sth->execute() or print "DEBUG: failed retrieval from nodes: ".$sth->errstr,"
\n"; my $nodes = "\n"; $html =~ s/\$\$NODE\$\$/$nodes/; } else { $html =~ s|\$\$NODE\$\$|N/A|; } } ## end node hack $html =~ s/\$\$OLDCUSTID\$\$/$data[9]/g; $html =~ s/\$\$CITY\$\$//g; $html =~ s/\$\$CIRCID\$\$//g; $html =~ s/\$\$DESC\$\$//g; $html =~ s|\$\$NOTES\$\$||g; } else { ## node hack if ($data[2] eq 'fr' || $data[2] eq 'bi') { $sth = $ip_dbh->prepare("SELECT node_name FROM nodes INNER JOIN noderef". " ON nodes.node_id=noderef.node_id WHERE noderef.block='$webvar{block}'"); $sth->execute() or print "DEBUG: failed retrieval from nodes: ".$sth->errstr,"
\n"; my ($node) = $sth->fetchrow_array; $html =~ s/\$\$NODE\$\$/$node/; } else { $html =~ s|\$\$NODE\$\$|N/A|; } ## end node hack $html =~ s/\$\$CUSTID\$\$/$data[1]/g; $html =~ s/\$\$OLDCUSTID\$\$/$data[9]/g; $html =~ s/\$\$TYPESELECT\$\$/$disp_alloctypes{$data[2]}/g; $html =~ s/\$\$CITY\$\$/$data[3]/g; $html =~ s/\$\$CIRCID\$\$/$data[4]/g; $html =~ s/\$\$DESC\$\$/$data[5]/g; $html =~ s/\$\$NOTES\$\$/$data[6]/g; } my ($lastmod,undef) = split /\s+/, $data[7]; $html =~ s/\$\$LASTMOD\$\$/$lastmod/g; ## Hack time! SWIP isn't going to stay, so I'm not going to integrate it with ACLs. if ($data[2] =~ /.i/) { $html =~ s/\$\$SWIP\$\$/N\/A/; } else { my $tmp = (($data[10] eq 'n') ? '' : ''); $html =~ s/\$\$SWIP\$\$/$tmp/; } # Allows us to "correctly" colour backgrounds in table my $i=1; # Check to see if we can display sensitive data my $privdata = ''; if ($IPDBacl{$authuser} =~ /s/) { $privdata = qq(Restricted data:). qq(\n); $i++; } $html =~ s/\$\$PRIVDATA\$\$/$privdata/g; # More ACL trickery - we can live with forms that don't submit, # but we can't leave the extra table rows there, and we *really* # can't leave the submit buttons there. my $updok = ''; if ($IPDBacl{$authuser} =~ /c/) { $updok = qq(
). qq(). "
\n"; $i++; } $html =~ s/\$\$UPDOK\$\$/$updok/g; my $delok = ''; if ($IPDBacl{$authuser} =~ /d/) { $delok = qq(
); } $html =~ s/\$\$DELOK\$\$/$delok/; print $html; } # edit() # Stuff new info about a block into the db # action=update sub update { if ($IPDBacl{$authuser} !~ /c/) { printError("You shouldn't have been able to get here. Access denied."); return; } # Check to see if we can update restricted data my $privdata = ''; if ($IPDBacl{$authuser} =~ /s/) { $privdata = ",privdata='$webvar{privdata}'"; } # Make sure incoming data is in correct format - custID among other things. return if !validateInput; # SQL transaction wrapper eval { # Relatively simple SQL transaction here. my $sql; if (my $pooltype = ($webvar{alloctype} =~ /^(.)i$/) ) { $sql = "update poolips set custid='$webvar{custid}',notes='$webvar{notes}',". "circuitid='$webvar{circid}',description='$webvar{desc}',city='$webvar{city}'". "$privdata where ip='$webvar{block}'"; } else { $sql = "update allocations set custid='$webvar{custid}',". "description='$webvar{desc}',notes='$webvar{notes}',city='$webvar{city}',". "type='$webvar{alloctype}',circuitid='$webvar{circid}'$privdata,". "swip='".($webvar{swip} eq 'on' ? 'y' : 'n')."' ". "where cidr='$webvar{block}'"; } # Log the details of the change. syslog "debug", $sql; $sth = $ip_dbh->prepare($sql); $sth->execute; ## node hack if ($webvar{node}) { $ip_dbh->do("DELETE FROM noderef WHERE block='$webvar{block}'"); $sth = $ip_dbh->prepare("INSERT INTO noderef (block,node_id) VALUES (?,?)"); $sth->execute($webvar{block},$webvar{node}); } ## end node hack $ip_dbh->commit; }; if ($@) { my $msg = $@; carp "Transaction aborted because $msg"; eval { $ip_dbh->rollback; }; syslog "err", "$authuser could not update block/IP '$webvar{block}': '$msg'"; printError("Could not update block/IP $webvar{block}: $msg"); return; } # If we get here, the operation succeeded. syslog "notice", "$authuser updated $webvar{block}"; ##fixme: need to wedge something in to allow "update:field" notifications ## hmm. how to tell what changed? O_o mailNotify($ip_dbh, 's:swi', "SWIPed: $disp_alloctypes{$webvar{alloctype}} $webvar{block}", "$webvar{block} had SWIP status changed to \"Yes\" by $authuser") if $webvar{swip} eq 'on'; open (HTML, "../updated.html") or croak "Could not open updated.html :$!"; my $html = join('', ); # Link back to browse-routed or list-pool page on "Update complete" page. my $backlink = "/ip/cgi-bin/main.cgi?action="; my $cblock; # to contain the CIDR of the container block we're retrieving. my $sql; if (my $pooltype = ($webvar{alloctype} =~ /^(.)i$/) ) { $sql = "select pool from poolips where ip='$webvar{block}'"; $backlink .= "listpool&pool="; } else { $sql = "select cidr from routed where cidr >>= '$webvar{block}'"; $backlink .= "showrouted&block="; } # I define there to be no errors on this operation... so we don't need to check for them. $sth = $ip_dbh->prepare($sql); $sth->execute; $sth->bind_columns(\$cblock); $sth->fetch(); $sth->finish; $backlink .= $cblock; my $swiptmp = ($webvar{swip} eq 'on' ? 'Yes' : 'No'); $html =~ s/\$\$BLOCK\$\$/$webvar{block}/g; $webvar{city} = $q->escapeHTML($webvar{city}); $html =~ s/\$\$CITY\$\$/$webvar{city}/g; $html =~ s/\$\$ALLOCTYPE\$\$/$webvar{alloctype}/g; $html =~ s/\$\$TYPEFULL\$\$/$disp_alloctypes{$webvar{alloctype}}/g; $html =~ s/\$\$CUSTID\$\$/$webvar{custid}/g; $html =~ s/\$\$SWIP\$\$/$swiptmp/g; $webvar{circid} = $q->escapeHTML($webvar{circid}); $html =~ s/\$\$CIRCID\$\$/$webvar{circid}/g; $webvar{desc} = $q->escapeHTML($webvar{desc}); $html =~ s/\$\$DESC\$\$/$webvar{desc}/g; $webvar{notes} = $q->escapeHTML($webvar{notes}); $html =~ s/\$\$NOTES\$\$/$webvar{notes}/g; $html =~ s/\$\$BACKLINK\$\$/$backlink/g; $html =~ s/\$\$BACKBLOCK\$\$/$cblock/g; if ($IPDBacl{$authuser} =~ /s/) { $privdata = qq(Restricted data:). qq().$q->escapeHTML($webvar{privdata}).qq(\n); } $html =~ s/\$\$PRIVDATA\$\$/$privdata/g; print $html; } # update() # Delete an allocation. sub remove { if ($IPDBacl{$authuser} !~ /d/) { printError("You shouldn't have been able to get here. Access denied."); return; } #show confirm screen. open HTML, "../confirmRemove.html" or croak "Could not open confirmRemove.html :$!"; my $html = join('', ); close HTML; # Serves'em right for getting here... if (!defined($webvar{block})) { printError("Error 332"); return; } my ($cidr, $custid, $type, $city, $circid, $desc, $notes, $alloctype, $privdata); if ($webvar{alloctype} eq 'rm') { $sth = $ip_dbh->prepare("select cidr,city from routed where cidr='$webvar{block}'"); $sth->execute(); # This feels... extreme. croak $sth->errstr() if($sth->errstr()); $sth->bind_columns(\$cidr,\$city); $sth->execute(); $sth->fetch || croak $sth->errstr(); $custid = "N/A"; $alloctype = $webvar{alloctype}; $circid = "N/A"; $desc = "N/A"; $notes = "N/A"; } elsif ($webvar{alloctype} eq 'mm') { $cidr = $webvar{block}; $city = "N/A"; $custid = "N/A"; $alloctype = $webvar{alloctype}; $circid = "N/A"; $desc = "N/A"; $notes = "N/A"; } elsif ($webvar{alloctype} =~ /^.i$/) { # done with alloctype=[rm]m # Unassigning a static IP my $sth = $ip_dbh->prepare("select ip,custid,city,type,notes,circuitid,privdata". " from poolips where ip='$webvar{block}'"); $sth->execute(); # croak $sth->errstr() if($sth->errstr()); $sth->bind_columns(\$cidr, \$custid, \$city, \$alloctype, \$notes, \$circid, \$privdata); $sth->fetch() || croak $sth->errstr; } else { # done with alloctype=~ /^.i$/ my $sth = $ip_dbh->prepare("select cidr,custid,type,city,circuitid,description,notes,privdata". " from allocations where cidr='$webvar{block}'"); $sth->execute(); # croak $sth->errstr() if($sth->errstr()); $sth->bind_columns(\$cidr, \$custid, \$alloctype, \$city, \$circid, \$desc, \$notes, \$privdata); $sth->fetch() || carp $sth->errstr; } # end cases for different alloctypes # Munge everything into HTML $html =~ s|Please confirm|Please confirm removal of|; $html =~ s|\$\$BLOCK\$\$|$cidr|g; $html =~ s|\$\$TYPEFULL\$\$|$disp_alloctypes{$alloctype}|g; $html =~ s|\$\$ALLOCTYPE\$\$|$alloctype|g; $html =~ s|\$\$CITY\$\$|$city|g; $html =~ s|\$\$CUSTID\$\$|$custid|g; $html =~ s|\$\$CIRCID\$\$|$circid|g; $html =~ s|\$\$DESC\$\$|$desc|g; $html =~ s|\$\$NOTES\$\$|$notes|g; $html =~ s|\$\$ACTION\$\$|finaldelete|g; # Set the warning text. if ($alloctype =~ /^.[pd]$/) { $html =~ s||
Warning: clicking confirm will remove this record entirely.
Any IPs allocated from this pool will also be removed!
|; } else { $html =~ s||
Warning: clicking confirm will remove this record entirely.
|; } my $i = 1; # Check to see if user is allowed to do anything with sensitive data if ($IPDBacl{$authuser} =~ /s/) { $privdata = qq(Restricted data:). qq($privdata\n); $i++; } $html =~ s/\$\$PRIVDATA\$\$/$privdata/g; $i = ++$i % 2; $html =~ s/\$\$BUTTONROWCOLOUR\$\$/color$i/; print $html; } # end edit() # Delete an allocation. Return it to the freeblocks table; munge # data as necessary to keep as few records as possible in freeblocks # to prevent weirdness when allocating blocks later. # Remove IPs from pool listing if necessary sub finalDelete { if ($IPDBacl{$authuser} !~ /d/) { printError("You shouldn't have been able to get here. Access denied."); return; } # need to retrieve block data before deleting so we can notify on that my ($cidr,$custid,$type,$city,$description) = getBlockData($ip_dbh, $webvar{block}); my ($code,$msg) = deleteBlock($ip_dbh, $webvar{block}, $webvar{alloctype}); if ($code eq 'OK') { print "
Success! $webvar{block} deallocated.
\n"; syslog "notice", "$authuser deallocated '$webvar{alloctype}'-type netblock $webvar{block}". " $custid, $city, desc='$description'"; mailNotify($ip_dbh, 'da', "REMOVED: $disp_alloctypes{$webvar{alloctype}} $webvar{block}", "$disp_alloctypes{$webvar{alloctype}} $webvar{block} deallocated by $authuser\n". "CustID: $custid\nCity: $city\nDescription: $description\n"); } else { if ($webvar{alloctype} =~ /^.i$/) { syslog "err", "$authuser could not deallocate static IP '$webvar{block}': '$msg'"; printError("Could not deallocate static IP $webvar{block}: $msg"); } else { syslog "err", "$authuser could not deallocate netblock '$webvar{block}': '$msg'"; printError("Could not deallocate netblock $webvar{block}: $msg"); } } } # finalDelete # going, going, gone... this sub to be removed Any Day Real Soon Now(TM) sub exitError { my $errStr = $_[0]; printHeader('',''); print qq(

$errStr

); # We print the footer here, so we don't have to do it elsewhere. my $footer = HTML::Template->new(filename => "footer.tmpl"); # include the admin tools link in the output? $footer->param(adminlink => ($IPDBacl{$authuser} =~ /A/)); print $footer->output; exit; } # errorExit # Just in case we manage to get here. exit 0;