#! /usr/bin/perl -w
#
# Pixarp
#
# Utility to fetch arp table from Cisco PIX firewall
# and store in netdisco
#
# Netdisco cannot do this on its own
# because the PIX does not expose the arp table
# via SNMP
#
# by Bill Anderson
#
# Copyright (C) 2006-2007
#
# Pixarp is released under the Perl Artistic License
#
# Most recent version available at
# http://www.billsnetworktoolbox.com
#
# Portions from the netdisco package
# http://www.netdisco.org
#
# Uses netdisco.conf for configuration
#
# # ---- Pixarp Settings ----
# pixarp_user     = username
# pixarp_pass     = password
# pixarp_enable   = password
# pixarp_hostfile = /usr/local/netdisco/pix-hosts.txt 
#
# Configuration file can be overridden
# with command line options
#

# Released Feb 7, 2007
out $VERSION = "1.00.02";

use Getopt::Long;
my %args;
my $success = GetOptions(\%args,'c|configfile=s',
                                'd|debug',
                                'e|enablepass=s',
                                'f|filedump=s',
                                'h|?|help',
                                'i|inputlog=s',
                                'l|loginpass=s',
                                'o|outputlog=s',
                                'p|pixfile=s',
                                'u|username=s',
                        );          

# If no errors parsing command line options, proceed
if ($success) {

   if ($args{h}) { usage(); } 

   my $DEBUG = $args{d} || 0;

   print "Pixarp processing starting\n" if $DEBUG;

   use FindBin;
   use lib $FindBin::Bin;

   use netdisco qw/:all/;

   # Parse Config File - Check for -C, then in current dir, then in default dir.
   my $configfile;
   foreach my $c ($args{c},"$FindBin::Bin/netdisco.conf",'/usr/local/netdisco/netdisco.conf') {
      if (defined $c and -r $c){
         $configfile = $c;
         print "Using Config File: $configfile\n" if $DEBUG;
         last;
      }
   }

   unless (defined $configfile){
      print "No Config file found!\n";
      exit;
   }

   config($configfile);

   # Read pixarp variables from netdisco configuration file
   # If you don't want to use the netdisco.conf file,
   # replace the '$CONFIG{''}' with a string value
   # in the following 4 lines
   # eg. my $pixuser = 'username';

   my $pixuser = $CONFIG{'pixarp_user'};
   my $pixpass = $CONFIG{'pixarp_pass'};
   my $enablepass = $CONFIG{'pixarp_enable'};
   my $pixfile = $CONFIG{'pixarp_hostfile'};

   # Override variables if command line options present

   if ($args{e}) { $enablepass = $args{e}; }
   if ($args{l}) { $pixpass = $args{l}; }
   if ($args{p}) { $pixfile = $args{p}; }
   if ($args{u}) { $pixuser = $args{u}; }

   print "Using username: $pixuser\n" if $DEBUG;
   print "Using password: $pixpass\n" if $DEBUG;
   print "Using enable password: $enablepass\n" if $DEBUG;

   use Net::Telnet;
   my $telnet = new Net::Telnet;
   $telnet->errmode([\&telnet_error, $telnet]);

   if ($args{f}) { $telnet->dump_log($args{f}); }
   if ($args{i}) { $telnet->input_log($args{i}); }
   if ($args{o}) { $telnet->output_log($args{o}); }


   print "Using PIX host file: $pixfile\n\n" if $DEBUG;
   open PIXNAMES, $pixfile or die "Cannot open file $pixfile: $!";

   while (<PIXNAMES>) {

      chomp;

      # Ignore comments
      unless ($_ =~ /^\s*\#/) {

         print "Opening connection to host: $_\n" if $DEBUG;
         $telnet->open($_);
         unless ($telnet->errmsg) {

            print "Connection succeeded\n" if $DEBUG;            

            print "Sending login credentials\n" if $DEBUG;
            $telnet->login($pixuser, $pixpass);

            unless ($telnet->errmsg) {

               print "Login succeeded\n" if $DEBUG;

               print "Attempting enable mode\n" if $DEBUG;
               $telnet->cmd(String => 'enable', Prompt => "/Password:/");
 
               unless ($telnet->errmsg) {

                  print "Sending enable password\n" if $DEBUG;
                  $telnet->cmd($enablepass);

                  unless ($telnet->errmsg) {

                     print "Enable mode succeeded\n" if $DEBUG;
                    
                     print "Sending terminal pager 0\n" if $DEBUG;
                     $telnet->cmd('terminal pager 0');

                     unless ($telnet->errmsg) {

                        my @arp = $telnet->cmd('show arp');

                        foreach my $arpentry (@arp) {
                           chomp $arpentry;
                           my ($int, $ip, $mac) = split (" ", $arpentry);
                           if ($int eq 'inside') {
                              print "Adding $mac, $ip to arp tables\n" if $DEBUG; 
                              add_arp($mac, $ip); 
                           }

                        }
                    
                     }

                  }
 
               }

            }    

            $telnet->close;

            print "Connection closed\n\n" if $DEBUG;
         }

      }

   }

   close PIXNAMES;

   print "Pixarp processing completed\n" if $DEBUG;

}

# Error parsing command line options
else {
   print "\n";
   usage();
}

sub telnet_error {
   my $tn = shift;
   my $error = $tn->errmsg;
   my $host = $tn->host;

   warn "Error: $error on $host\n";
   return;
}

sub usage {
    print <<"_end_usage_";
Pixarp - Utility to fetch arp table from Cisco PIX for Netdisco

pixarp [Options]

Options:
    -c --configfile   file      Specify path to config file
    -d --debug                  DEBUG - Copious output
    -e --enablepass   pass      Enable password
    -f --filedump     file      Specity hex dump file
    -i --inputlog     file      Specify input log file
    -l --loginpass    pass      Login password
    -o --outputlog    file      Specify output log file
    -p --pixfile      file      Specify full path to file containing PIX hosts
    -u --username     name      Login user name

Options are read from netdisco.conf unless specified on the command line

_end_usage_

   exit;
}