123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 |
- <?php
- //-
- // Copyright (c) 2011-2016 Joe Clarke <jclarke@cisco.com>
- // All rights reserved.
- // Redistribution and use in source and binary forms, with or without
- // modification, are permitted provided that the following conditions
- // are met:
- // 1. Redistributions of source code must retain the above copyright
- // notice, this list of conditions and the following disclaimer.
- // 2. Redistributions in binary form must reproduce the above copyright
- // notice, this list of conditions and the following disclaimer in the
- // documentation and/or other materials provided with the distribution.
- // THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- // ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- // OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- // LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- // OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- // SUCH DAMAGE.
- include_once '../db.inc.php';
- include_once 'swreg.inc.php';
- require_once '../functions.php';
- require_once 'Log.php';
- $dsn = "$db_driver:host=$db_host;dbname=$db_name";
- $options = [
- PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
- PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
- PDO::ATTR_EMULATE_PREPARES => false,
- ];
- try {
- $dbh = new PDO($dsn, $db_user, $db_pass, $options);
- } catch (PDOException $e) {
- die($e->getMessage());
- }
- $logger = Log::singleton('file', LOGFILE, TOOL_NAME . ' : Verify Config');
- if ($logger === false) {
- die("Failed to open logfile.\n");
- }
- $mask = Log::MAX(LOG_LEVEL);
- $logger->setMask($mask);
- $config = $_GET['config'] ?: '';
- $sn = $_GET['sn'];
- $md5 = $_GET['md5'] ?: '';
- $image = $_GET['image'] ?: '';
- header('Content-type: text/plain');
- if (!isset($sn)) {
- echo "Invalid request!\r\n";
- $logger->emerg('Invalid request from ' . $_SERVER['REMOTE_ADDR'] . " config = $config, sn = $sn, md5 = $md5, image = $image");
- exit(1);
- }
- $logger->debug("Received request from {$_SERVER['REMOTE_ADDR']} with config = $config, sn = $sn, md5 = $md5, and image = $image");
- $status = PROVISION_FAIL;
- $good_config = true;
- $good_image = true;
- if (isset($config) && $config != '') {
- $cmd = escapeshellcmd('/usr/bin/diff ' . DEVICE_CONFIG_DIR . '/' . $config . ' ' . DEVICE_TMP_DIR . '/' . $config);
- exec($cmd, $output, $return_var);
- if (count($output) > 0 || $return_var != 0) {
- echo "ERROR: Config validation failed\r\n";
- $out_str = implode("\n", $output);
- $logger->emerg("Failed to verify config $config for $sn ({$_SERVER['REMOTE_ADDR']}) '$out_str' ($return_var)");
- call_hook('VERIFY:FAIL', array('config', $_SERVER['REMOTE_ADDR'], $config, $sn, $md5, $image));
- $good_config = false;
- } else {
- $logger->debug("Verified config $config for $sn ({$_SERVER['REMOTE_ADDR']})");
- @unlink(DEVICE_TMP_DIR . '/' . $config);
- }
- }
- if (isset($md5) && $md5 != '' && isset($image) && $image != '') {
- $good_md5 = strtolower(md5_file(TFTPBOOT . '/' . $image));
- $md5 = strtolower($md5);
- if ($md5 != $good_md5) {
- echo "ERROR: Image verification failed\r\n";
- $logger->emerg("Failed to verify image $image with MD5 $md5 (good MD5: $good_md5) for $sn ({$_SERVER['REMOTE_ADDR']})");
- call_hook('VERIFY:FAIL', array('image', $_SERVER['REMOTE_ADDR'], $config, $sn, $md5, $good_md5, $image));
- $good_image = false;
- } else {
- $logger->debug("Verified image with MD5 $md5 for $sn ({$_SERVER['REMOTE_ADDR']})");
- }
- }
- if ($good_config && $good_image) {
- $status = PROVISION_SUCCESS;
- echo "SUCCESS\r\n";
- call_hook('VERIFY:SUCCESS', array($_SERVER['REMOTE_ADDR'], $config, $sn, $md5, $image));
- }
- $sql = 'UPDATE DEVICE_MAP SET provisioned_status = ?, should_re_ztp = ? WHERE serial_number = ?';
- try {
- $sth = $dbh->prepare($sql);
- $sth->execute(array($status, 0, $sn));
- $sth->closeCursor();
- } catch (PDOException $e) {
- echo 'ERROR: Failed to update switch status: ' . $e->getMessage() . "\r\n";
- $logger->crit('Failed to update switch status: ' . $e->getMessage());
- exit(1);
- }
- $logger->close();
|