<?php if (posix_getuid() != 0) { die("Cannot be used in web server mode\n\n"); } include_once dirname(__FILE__) . '/framework/class.unix.inc'; include_once dirname(__FILE__) . '/framework/frame.class.inc'; include_once dirname(__FILE__) . '/ressources/class.users.menus.inc'; if (preg_match("#--verbose#", implode(" ", $argv))) { $GLOBALS["VERBOSE"] = true; ini_set('html_errors', 0); ini_set('display_errors', 1); ini_set('error_reporting', E_ALL); } if ($argv[1] == "--server") { build_server(); exit; } if ($argv[1] == "--node") { build_node(); exit; } function build_server() { $users = new usersMenus(); @mkdir("/usr/share/artica-postfix/munin", 0755, true); shell_exec("/bin/chown munin:munin /usr/share/artica-postfix/munin >/dev/null 2>&1"); $conf[] = "dbdir\t/var/lib/munin"; $conf[] = "htmldir /usr/share/artica-postfix/munin"; $conf[] = "logdir /var/log/munin"; $conf[] = "rundir /var/run/munin";
function xrun($commonname) { if ($commonname == "OpenVPN-MASTER") { build_server(); exit; } if (isset($_GET["site-id"])) { $site_id = $_GET["site-id"]; } $unix = new unix(); $rm = $unix->find_program("rm"); $q = new mysql(); $sql = "SELECT ComputerOS FROM openvpn_clients WHERE uid='{$commonname}'"; $ligne = mysql_fetch_array($q->QUERY_SQL($sql, "artica_backup")); if (!$q->ok) { build_progress(110, "{failed}"); echo "ERROR: {$q->mysql_error}\n"; exit; } $vpn = new openvpn(); $vpn->ComputerOS = $ligne["ComputerOS"]; $config = $vpn->BuildClientconf($commonname); $workingDir = "/etc/artica-postfix/openvpn/{$commonname}"; $basepath = $workingDir; if (is_dir($workingDir)) { system("{$rm} -rf {$workingDir}"); } @mkdir($workingDir, 0755, true); @mkdir("{$workingDir}/newcerts"); @file_put_contents("{$workingDir}/{$commonname}.ovpn", $config); if (!is_file('/usr/bin/zip')) { build_progress(110, "{failed}"); echo "ERROR: unable to stat \"zip\", please advise your Administrator\n"; exit; } //http://www.drazzib.com/docs/admin/openvpn.html $filesize = filesize("{$workingDir}/{$commonname}.ovpn"); if ($filesize == 0) { build_progress(110, "{failed}"); echo "ERROR: corrupted \"{$commonname}.ovpn\" 0 bytes, please advise your Administrator\n"; exit; } $ini = new Bs_IniHandler(); $sock = new sockets(); $ini->loadString($sock->GET_INFO("ArticaOpenVPNSettings")); $ligne = unserialize($sock->GET_INFO("OpenVPNCertificateSettings")); $hostname = $unix->hostname_g(); $cp = $unix->find_program("cp"); $rm = $unix->find_program("rm"); $php = $unix->LOCATE_PHP5_BIN(); $openssl = $unix->find_program("openssl"); $CertificateMaxDays = intval($ligne["CertificateMaxDays"]); if ($CertificateMaxDays < 5) { $CertificateMaxDays = 730; } if (trim($ligne["password"]) == null) { $ldap = new clladp(); $ligne["password"] = $ldap->ldap_password; } $zipfile = "{$workingDir}/{$commonname}.zip"; if (is_file($zipfile)) { @unlink($zipfile); } build_config($workingDir, $unix->hostname_g()); $password = $ligne["password"]; $config_path = "{$workingDir}/openssl.cf"; if (!is_file($config_path)) { echo "{$config_path} no such file\n"; build_progress(110, "{failed}"); if (is_dir($workingDir)) { system("{$rm} -rf {$workingDir}"); } return; } chdir($workingDir); $filetemp = $unix->FILE_TEMP(); shell_exec("source {$workingDir}/vars"); $open_vpn_ca_crt = "/etc/artica-postfix/openvpn/keys/allca.crt"; //$open_vpn_ca_crt="/etc/artica-postfix/openvpn/keys/openvpn-ca.crt"; copy("{$open_vpn_ca_crt}", "{$workingDir}/{$commonname}.ca"); if (!is_file($open_vpn_ca_crt)) { echo "{$open_vpn_ca_crt} no such file\n"; build_progress(110, "{failed}"); if (is_dir($workingDir)) { system("{$rm} -rf {$workingDir}"); } return; } if (!is_file("{$workingDir}/{$commonname}.ca")) { echo "{$workingDir}/{$commonname}.ca no such file\n"; build_progress(110, "{failed}"); if (is_dir($workingDir)) { system("{$rm} -rf {$workingDir}"); } return; } @unlink("/etc/artica-postfix/openvpn/{$commonname}.ovpn"); @unlink("{$workingDir}/keys/index.txt"); shell_exec("/bin/touch {$workingDir}/index.txt"); $cmd = "echo 01 > {$workingDir}/serial"; shell_exec("{$cmd}"); @unlink("/etc/artica-postfix/openvpn/keys/index.txt"); shell_exec("/bin/touch /etc/artica-postfix/openvpn/keys/index.txt"); $cmd = "echo 01 > /etc/artica-postfix/openvpn/keys/serial"; shell_exec("{$cmd}"); $subj = @file_get_contents("{$workingDir}/subj.cf"); $subjAndConfig = "{$subj} -config {$workingDir}/openssl.cf"; $cmd = "{$openssl} req -nodes -new -keyout \"{$workingDir}/{$commonname}.key\" -out \"{$workingDir}/{$commonname}.csr\" -batch {$subjAndConfig}"; echo "{$cmd}\n"; system("{$cmd}"); if (!check_file("{$workingDir}/{$commonname}.key")) { echo "{$workingDir}/{$commonname}.key no such file\n"; build_progress(110, "{failed}"); if (is_dir($workingDir)) { system("{$rm} -rf {$workingDir}"); } return; } if (!check_file("{$workingDir}/{$commonname}.csr")) { echo "{$workingDir}/{$commonname}.csr no such file\n"; build_progress(110, "{failed}"); if (is_dir($workingDir)) { system("{$rm} -rf {$workingDir}"); } return; } $open_vpn_ca_key = "/etc/artica-postfix/openvpn/keys/openvpn-ca.key"; $open_vpn_ca_crt = "/etc/artica-postfix/openvpn/keys/openvpn-ca.crt"; $cmd = "{$openssl} ca -keyfile {$open_vpn_ca_key} -cert {$open_vpn_ca_crt} -out \"{$workingDir}/{$commonname}.crt\" -in \"{$workingDir}/{$commonname}.csr\" -batch {$subjAndConfig} -passin pass:{$password}"; echo "{$cmd}\n"; system("{$cmd}"); if (!check_file("{$workingDir}/{$commonname}.crt")) { echo "{$workingDir}/{$commonname}.crt no such file\n"; build_progress(110, "{failed}"); if (is_dir($workingDir)) { system("{$rm} -rf {$workingDir}"); } return; } $mycurrentdir = getcwd(); chdir($workingDir); @file_put_contents("{$workingDir}/password", $password); $cmd = "/usr/bin/zip {$zipfile}"; $cmd = $cmd . " {$commonname}.crt {$commonname}.csr {$commonname}.key {$commonname}.ovpn {$commonname}.ca password"; echo "{$cmd}\n"; system($cmd); chdir($mycurrentdir); @chmod($zipfile, 0777); @chmod($workingDir, 0777); $filesize = @filesize($zipfile); $sql = "UPDATE openvpn_clients SET \n `zipcontent`=LOAD_FILE('{$zipfile}'),\n `zipsize`='{$filesize}'\n\t WHERE uid='{$commonname}'"; $q->QUERY_SQL($sql, "artica_backup"); if (!$q->ok) { @unlink($filetemp); @unlink($zipfile); system("{$rm} -rf {$workingDir}"); echo $q->mysql_error; build_progress(110, "{failed}"); return; } build_progress(100, "{success}..."); }