index 93261ef91b5946c19fde6ceb9229a57cf38b0292..e920e623045883c54244cb46fe5b5bb634d9d7f2 100644 (file)
use Net::DNS;
use Switch;
use Data::Dumper;
-use utf8;
+use Socket;
# Don't start if some of the modules are missing
my $start_service=1;
my ($timeout, $mailto, $mailfrom, $user, $group);
my ($arp_enabled, $arp_interface, $ldap_uri, $ldap_base, $ldap_admin_dn, $ldap_admin_password);
my $hosts_database={};
-my $resolver=Net::DNS::Resolver->new;
my $ldap;
my %cfg_defaults =
}
}
if(defined($ldap_uri) && length($ldap_uri)>0) {
- $ldap = Net::LDAP->new($ldap_uri);
- if (!$ldap) {
+ &main::refresh_ldap_handle();
+ if (!$main::ldap_handle) {
&main::daemon_log("Could not connect to LDAP Server at $ldap_uri!\n$@", 1);
- } else {
- $ldap->bind($ldap_admin_dn, password => $ldap_admin_password);
}
} else {
- $ldap=undef;
+ $main::ldap_handle= undef;
}
# When interface is not configured (or 'all'), start arpwatch on all possible interfaces
&start(@_,$device);
},
_stop => sub {
- $ldap->unbind if (defined($ldap));
- $ldap->disconnect if (defined($ldap));
$_[KERNEL]->post( sprintf("arp_watch_$device") => 'shutdown' )
},
got_packet => \&got_packet,
&start(@_,$device);
},
_stop => sub {
- $ldap->unbind if (defined($ldap));
- $ldap->disconnect if (defined($ldap));
$_[KERNEL]->post( sprintf("arp_watch_$device") => 'shutdown' )
},
got_packet => \&got_packet,
my $capture_device = sprintf "%s", $kernel->alias_list($sender) =~ /^arp_watch_(.*)$/;
if(!exists($hosts_database->{$packet->{source_haddr}})) {
- my $dnsresult= $resolver->search($packet->{source_ipaddr});
- my $dnsname= (defined($dnsresult))?$dnsresult->{answer}[0]->{ptrdname}:$packet->{source_ipaddr};
+ my $dnsname= gethostbyaddr(inet_aton($packet->{source_ipaddr}), AF_INET) || $packet->{source_ipaddr};
my $ldap_result=&get_host_from_ldap($packet->{source_haddr});
if(exists($ldap_result->{dn})) {
$hosts_database->{$packet->{source_haddr}}=$ldap_result;
": ".$hosts_database->{$packet->{source_haddr}}->{ipHostNumber}.
"/".$hosts_database->{$packet->{source_haddr}}->{macAddress},4);
&add_ldap_entry(
- $ldap,
+ $main::ldap_handle,
$ldap_base,
$hosts_database->{$packet->{source_haddr}}->{macAddress},
'new-system',
"->".$packet->{source_ipaddr}, 4);
$hosts_database->{$packet->{source_haddr}}->{ipHostNumber}= $packet->{source_ipaddr};
&change_ldap_entry(
- $ldap,
+ $main::ldap_handle,
$ldap_base,
$hosts_database->{$packet->{source_haddr}}->{macAddress},
'ip-changed',
my $mac=shift;
my $result={};
- if(defined($ldap)) {
+ if(defined($main::ldap_handle)) {
my $ldap_result= &search_ldap_entry(
- $ldap,
+ $main::ldap_handle,
$ldap_base,
"(|(macAddress=$mac)(dhcpHWAddress=ethernet $mac))"
);
if (defined($ip)) {
$replace->{'ipHostNumber'} = $ip;
}
- my $result = $ldap->modify( $dn, replace => $replace );
+ my $result = $main::ldap_handle->modify( $dn, replace => $replace );
# for $result->code constants please look at Net::LDAP::Constant
if($result->code == 32) { # entry doesnt exists
base => $sub_tree,
filter => $search_string,
) or &main::daemon_log("cannot perform search at ldap: $@", 1);
- #if(defined $msg) {
- # print $sub_tree."\t".$search_string."\t";
- # print $msg->count."\n";
- # foreach my $entry ($msg->entries) { $entry->dump; };
- #}
}
return $msg;
}
-# $ldap = Net::LDAP->new( "localhost" ) or die "$@";
-# $ldap->bind($bind_phrase,
-# password => $password,
-# ) ;
-#
-# switch($arp_sig) {
-# case 0 {&change_ldap_entry($ldap, $ldap_base,
-# $mac, "ip-changed",
-# )}
-# case 1 {&change_ldap_entry($ldap, $ldap_base,
-# $mac, "mac-not-whitelisted",
-# )}
-# case 2 {&change_ldap_entry($ldap, $ldap_base,
-# $mac, "mac-in-blacklist",
-# )}
-# case 3 {&add_ldap_entry($ldap, $ldap_base,
-# $mac, "new-mac-address", $ip,
-# $interface, $desc,
-# )}
-# case 4 {&change_ldap_entry($ldap, $ldap_base,
-# $mac, "unauthorized-arp-request",
-# )}
-# case 5 {&change_ldap_entry($ldap, $ldap_base,
-# $mac, "abusive-number-of-arp-requests",
-# )}
-# case 6 {&change_ldap_entry($ldap, $ldap_base,
-# $mac, "ether-and-arp-mac-differs",
-# )}
-# case 7 {&change_ldap_entry($ldap, $ldap_base,
-# $mac, "flood-detected",
-# )}
-# case 8 {&add_ldap_entry($ldap, $ldap_base,
-# $mac, $ip, "new-system",
-# )}
-# case 9 {&change_ldap_entry($ldap, $ldap_base,
-# $mac, "mac-changed",
-# )}
-# }
-#
-#
- # ldap search
-# my $base_phrase = "dc=gonicus,dc=de";
-# my $filter_phrase = "cn=keinesorge";
-# my $attrs_phrase = "cn macAdress";
-# my $msg_search = $ldap->search( base => $base_phrase,
-# filter => $filter_phrase,
-# attrs => $attrs_phrase,
-# );
-# $msg_search->code && die $msg_search->error;
-#
-# my @entries = $msg_search->entries;
-# my $max = $msg_search->count;
-# print "anzahl der entries: $max\n";
-# my $i;
-# for ( $i = 0 ; $i < $max ; $i++ ) {
-# my $entry = $msg_search->entry ( $i );
-# foreach my $attr ( $entry->attributes ) {
-# if( not $attr eq "cn") {
-# next;
-# }
-# print join( "\n ", $attr, $entry->get_value( $attr ) ), "\n\n";
-# }
-# }
- #
- # # ldap add
- #
- #
- # $ldap->unbind;
- # exit;
1;