PHP-EXPECT SSH應用(TELNET)

使用expect可以簡單達到自動交互作用，之前都在SHELL底下工作，用排程完成相關作業。
最近使用PHP expect 移到WEB介面，可遠端利用WEB更輕鬆完成操作，搭配PHP語法更容控制整個程序，不用考慮SHELL下的權限問題。

底下範例:

使用TELNET連至EXTREME交換設備進行命作操作，針對抓取線上使用者MAC，收集所有MAC，針對異常MAC限制存取。

<?php
function getExtreme($cmd,$ip,$arg='')
{
switch ($cmd)
    {
    case "fdb":
        #取得MAC位置
        $cmdString="show fdb \n \n" ;
        break;
    case "setdenymac":
        #設定ACL
        $aclName="deny-$arg";
        $mac=preg_replace('/-/', ':',$arg);
        $cmdString=" create access-list $aclName \"ethernet-source-address $mac\" \"deny\" \n
        configure access-list add \"$aclName\" first any \n ";
        break;
    case "deldenymac":
        #刪除ACL
        $aclName="deny-$arg";
        $mac=preg_replace('/-/', ':',$arg);
        $cmdString="configure access-list delete \"$aclName\" any \n
        delete access-list \"$aclName\" \n ";
        break;
    default:
        return null;
    }
ini_set("expect.timeout", 3);
ini_set("expect.loguser", "Off");
##訂定常數
@define("LOGIN", 'login:');
@define("PASSWORD", 'password:');
@define("SHELL", '#');
@define("YESNO",'(y/N)');
#EXP_EXACT ..
## login get data
$stream = fopen("expect://telnet $ip", "r");
#$stream = expect_popen("telnet $ip");
$status=1;
while ($status) {
    switch (expect_expectl ($stream, array (
    array ('login:', 1 => LOGIN),
    array ('password:', 1 => PASSWORD),
    array ('#', 1 => SHELL, EXP_EXACT),
    array ('(y/N)', 1 => YESNO)
    ),$result))
    {
        case @LOGIN:
            fwrite ($stream, "cmdadmin\n");
            #echo "login\n" ;
        break;
            case @PASSWORD:
            fwrite ($stream, "cmdadminpw\n");
            #echo "password\n" ;
        break;
            case @SHELL:
            #echo 'shell';
            fwrite ($stream, $cmdString);
            sleep(1);
            fwrite ($stream, "exit\ny\n");
        break 2;
            case @YESNO:
            fwrite ($stream, "y\n");
            #echo "YESNO\n" ;
            break;
            case @EXP_TIMEOUT:
            case @EXP_EOF:
            $status=0;
        break 2;
            default:
            die ("Error has occurred!\n");
        break;
    }
}
## get output messages
$line = stream_get_contents($stream) ;
fclose ($stream);
switch ($cmd)
{
    case "fdb" :
    ## next page
    $tag="/ \[7mPress <SPACE> to continue or <Q> to quit: \[m \[60;D \[K/";
    $line = preg_replace($tag, '', $line);
    # ascii 0d 0a
    $log = explode("\r\n",$line);
    $fdblist = '';
    $pattern = "/([a-f0-9]{2}:){5}[a-f0-9]{2}/";
    for ($i=0; $i<count($log); $i++)
    {
        if (preg_match($pattern,$log[$i]))
        {
            #replace muitl space
            $log[$i]=preg_replace('/\s\s+/', ' ',$log[$i]);
            $fdblist[$i]=explode(' ',$log[$i]);
        }
    }
    return $fdblist;
    break;
    default:
    return true;
}
}
?>

#抓取有IP 192.168.200.253線上MAC(將Switch列在清單，就能一次取得線上所有主機MAC
使用方法:

print_r(getExtreme('fdb', '192.168.200.253')

 



#設定MAC ACL (該MAC就會無法存取)
getExtreme('setdenymac', '192.168.200.253','00:01:e6:b0:e2:a9')

#刪除MAC ACL (解除MAC ACL)
getExtreme('deldenymac', '192.168.200.253','00:01:e6:b0:e2:a9')

應用在WEB，已點選方式快速建立黑白名單，再與L3結合將IP及MAC關連

圖:線上管理