Access denied

#!/usr/bin/perl # ipdb/cgi-bin/admin.cgi # Hack interface to make specific changes to IPDB that (for one reason # or another) can't be made through the main interface. ### # SVN revision info # $Date$ # SVN revision $Rev$ # Last update by $Author$ ### use strict; use warnings; use CGI::Carp qw(fatalsToBrowser); use DBI; use CommonWeb qw(:ALL); use IPDB qw(:ALL); #use POSIX qw(ceil); use NetAddr::IP; use Sys::Syslog; openlog "IPDB-admin","pid","local2"; # Collect the username from HTTP auth. If undefined, we're in a test environment. my $authuser; if (!defined($ENV{'REMOTE_USER'})) { $authuser = '__temptest'; } else { $authuser = $ENV{'REMOTE_USER'}; } if ($authuser !~ /^(kdeugau|jodyh|__temptest)$/) { print "Content-Type: text/html\n\n". "Access denied\n". 'Access to this tool is restricted. Contact Kris '. "for more information.\n"; exit; } syslog "debug", "$authuser active"; my %webvar = parse_post(); cleanInput(\%webvar); my $ip_dbh = connectDB; my $sth; print "Content-type: text/html\n\n". "\n\n\tIPDB admin tools\n\n\n". "

IPDB - Administrative Tools

\n"; if(!defined($webvar{action})) { $webvar{action} = ""; #shuts up the warnings. print qq(WARNING: There are FAR fewer controls on what you can do here. Use the main interface if at all possible.

Manually update allocation data in this /24: ); } else { print 'Back to main

'; } if ($webvar{action} eq 'alloc') { fix_allocfrom(); showfree($webvar{allocfrom}); } elsif ($webvar{action} eq 'alloctweak') { fix_allocfrom(); showAllocs($webvar{allocfrom}); } elsif ($webvar{action} eq 'update') { update(); } # Hokay. This is a little different. We have a few specific functions here: # -> Assign arbitrary subnet from arbitrary free space # -> Tweak individual DB fields # printFooter; $ip_dbh->disconnect; exit; # List free blocks in a /24 for arbitrary manual allocation sub showfree($) { my $cidr = $_[0]; print "Showing free blocks in $cidr\n"; } # Tweak allocfrom into shape. sub fix_allocfrom { if ($webvar{allocfrom} =~ /^(\d+\.){2}\d+$/) { # 3-octet class C specified $webvar{allocfrom} .= ".0/24"; } elsif ($webvar{allocfrom} =~ /^(\d+\.){3}\d+$/) { # 4-octet IP specified; $webvar{allocfrom} .= "/24"; } } # Show allocations to allow editing. sub showAllocs($) { my $cidr = new NetAddr::IP $_[0]; print "Edit custID, allocation type, city for allocations in ". "$cidr:\n"; $sth = $ip_dbh->prepare("select * from allocations where cidr <<= '$cidr' order by cidr"); $sth->execute; while (my @data = $sth->fetchrow_array) { print "\n". qq(\n). qq(\n); print "\n"; print qq(\n). "". qq(\n); } print "

$data[0]

$data[4]

$data[5]

\n"; # notes print "

Notes:\n". "

Use the main interface to update description and notes fields\n". "
Changing the allocation type here will NOT affect IP pool data.\n". "

\n"; } # Stuff updates into DB sub update { eval { # Relatively simple SQL transaction here. Note that we're deliberately NOT # updating notes/desc here as it's available through the main interface. $sth = $ip_dbh->prepare("update allocations set custid='$webvar{custid}',". "city='$webvar{city}',type='$webvar{alloctype}' where cidr='$webvar{block}'"); $sth->execute; $ip_dbh->commit; }; if ($@) { carp "Transaction aborted because $@"; eval { $ip_dbh->rollback; }; syslog "err", "$authuser could not update block/IP '$webvar{block}': '$@'"; } else { # If we get here, the operation succeeded. syslog "notice", "$authuser updated $webvar{block}"; print "Allocation $webvar{block} updated

\n"; } # need to get /24 that block is part of my @bits = split /\./, $webvar{block}; $bits[3] = "0/24"; showAllocs((join ".", @bits)); }