function build()
{
$unix = new unix();
$sock = new sockets();
$ClamavStreamMaxLength = $sock->GET_INFO("ClamavStreamMaxLength");
$ClamavMaxRecursion = $sock->GET_INFO("ClamavMaxRecursion");
$ClamavMaxFiles = $sock->GET_INFO("ClamavMaxFiles");
$PhishingScanURLs = $sock->GET_INFO("PhishingScanURLs");
$ClamavMaxScanSize = $sock->GET_INFO("ClamavMaxScanSize");
$ClamavMaxFileSize = $sock->GET_INFO("ClamavMaxFileSize");
$ClamavTemporaryDirectory = $sock->GET_INFO("ClamavTemporaryDirectory");
if ($ClamavTemporaryDirectory == null) {
$ClamavTemporaryDirectory = "/home/clamav";
}
if (!is_numeric($ClamavStreamMaxLength)) {
$ClamavStreamMaxLength = 12;
}
if (!is_numeric($ClamavMaxRecursion)) {
$ClamavMaxRecursion = 5;
}
if (!is_numeric($ClamavMaxFiles)) {
$ClamavMaxFiles = 10000;
}
if (!is_numeric($PhishingScanURLs)) {
$PhishingScanURLs = 1;
}
if (!is_numeric($ClamavMaxScanSize)) {
$ClamavMaxScanSize = 15;
}
if (!is_numeric($ClamavMaxFileSize)) {
$ClamavMaxFileSize = 20;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} MaxFileSize: {$ClamavMaxFileSize}M\n";
}
$dirs[] = "/var/clamav";
$dirs[] = "/var/run/clamav";
$dirs[] = "/var/lib/clamav";
$dirs[] = "/var/log/clamav";
$dirs[] = $ClamavTemporaryDirectory;
while (list($i, $directory) = each($dirs)) {
@mkdir($directory, 0755, true);
@chmod($directory, 0755);
@chown($directory, "clamav");
@chgrp($directory, "clamav");
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Permissions on {$directory}\n";
}
$unix->chown_func("clamav", "clamav", $directory . "/*");
}
$PhishingScanURLs_text = "no";
if ($PhishingScanURLs == 1) {
$PhishingScanURLs_text = "yes";
}
$unix->SystemCreateUser("clamav", "clamav");
$f[] = "LocalSocket /var/run/clamav/clamav.sock";
$f[] = "FixStaleSocket true";
$f[] = "User clamav";
$f[] = "AllowSupplementaryGroups true";
$f[] = "ScanMail true";
$f[] = "ScanArchive true";
$f[] = "#ArchiveLimitMemoryUsage false (depreciated)";
$f[] = "ArchiveBlockEncrypted false";
$f[] = "MaxDirectoryRecursion 15";
$f[] = "FollowDirectorySymlinks false";
$f[] = "FollowFileSymlinks false";
$f[] = "ReadTimeout 180";
$f[] = "MaxThreads 12";
$f[] = "MaxConnectionQueueLength 15";
$f[] = "StreamMaxLength {$ClamavStreamMaxLength}M";
$f[] = "MaxFileSize {$ClamavMaxFileSize}M";
$f[] = "MaxScanSize {$ClamavMaxFileSize}M";
$f[] = "MaxFiles 10000";
$f[] = "MaxRecursion {$ClamavMaxRecursion}";
$f[] = "LogSyslog true";
$f[] = "LogFacility LOG_LOCAL6";
$f[] = "LogClean false";
$f[] = "LogVerbose false";
$f[] = "PidFile /var/run/clamav/clamd.pid";
$f[] = "TemporaryDirectory {$ClamavTemporaryDirectory}";
$f[] = "DatabaseDirectory /var/lib/clamav";
$f[] = "SelfCheck 3600";
$f[] = "Foreground false";
$f[] = "Debug false";
$f[] = "ScanPE true";
$f[] = "ScanOLE2 true";
$f[] = "ScanHTML true";
$f[] = "DetectBrokenExecutables false";
$f[] = "#MailFollowURLs false (depreciated)";
$f[] = "ExitOnOOM false";
$f[] = "LeaveTemporaryFiles false";
$f[] = "AlgorithmicDetection true";
$f[] = "ScanELF true";
$f[] = "IdleTimeout 30";
$f[] = "PhishingSignatures true";
$f[] = "PhishingScanURLs {$PhishingScanURLs_text}";
$f[] = "PhishingAlwaysBlockSSLMismatch false";
$f[] = "PhishingAlwaysBlockCloak false";
$f[] = "DetectPUA false";
$f[] = "ScanPartialMessages false";
$f[] = "HeuristicScanPrecedence false";
$f[] = "StructuredDataDetection false";
$f[] = "LogFile /var/log/clamav/clamd.log";
$f[] = "LogTime true";
$f[] = "LogFileUnlock false";
$f[] = "LogFileMaxSize 0";
$f[] = "TemporaryDirectory /var/clamav/tmp";
@file_put_contents("/etc/clamav/clamd.conf", @implode("\n", $f));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} /etc/clamav/clamd.conf done\n";
}
}
function build()
{
$sock = new sockets();
$EnableRemoteStatisticsAppliance = $sock->GET_INFO("EnableRemoteStatisticsAppliance");
if (!is_numeric($EnableRemoteStatisticsAppliance)) {
$EnableRemoteStatisticsAppliance = 0;
}
if ($EnableRemoteStatisticsAppliance == 1) {
return;
}
send_email_events("Order to rebuild filters configuration", @implode("\nParams:", $argv), "proxy");
$funtion = __FUNCTION__;
if (!isset($GLOBALS["VERBOSE"])) {
$GLOBALS["VERBOSE"] = false;
}
if ($GLOBALS["VERBOSE"]) {
echo "{$funtion}::" . __LINE__ . " Loading libraries\n";
}
$users = new usersMenus();
$sock = new sockets();
$unix = new unix();
$php5 = $unix->LOCATE_PHP5_BIN();
$chown = $unix->find_program("chown");
$chmod = $unix->find_program("chmod");
$squidbin = $unix->find_program("squid3");
$nohup = $unix->find_program("nohup");
$unix->SystemCreateUser("squid", "squid");
@mkdir("/var/tmp", 0775, true);
$EnableWebProxyStatsAppliance = $sock->GET_INFO("EnableWebProxyStatsAppliance");
$EnableRemoteStatisticsAppliance = $sock->GET_INFO("EnableRemoteStatisticsAppliance");
if (!is_numeric($EnableWebProxyStatsAppliance)) {
$EnableWebProxyStatsAppliance = 0;
}
if (!is_numeric($EnableRemoteStatisticsAppliance)) {
$EnableRemoteStatisticsAppliance = 0;
}
$UseRemoteUfdbguardService = $sock->GET_INFO('UseRemoteUfdbguardService');
if (!is_file($squidbin)) {
$squidbin = $unix->find_program("squid");
}
$EnableUfdbGuard = intval($sock->EnableUfdbGuard());
$SQUIDEnable = $sock->GET_INFO("SQUIDEnable");
if (!is_numeric($SQUIDEnable)) {
$SQUIDEnable = 1;
}
if (!is_numeric($UseRemoteUfdbguardService)) {
$UseRemoteUfdbguardService = 0;
}
if ($GLOBALS["VERBOSE"]) {
echo "DEBUG::{$funtion}:: EnableWebProxyStatsAppliance={$EnableWebProxyStatsAppliance}\n";
}
if ($GLOBALS["VERBOSE"]) {
echo "DEBUG::{$funtion}:: EnableRemoteStatisticsAppliance={$EnableRemoteStatisticsAppliance}\n";
}
if ($GLOBALS["VERBOSE"]) {
echo "DEBUG::{$funtion}:: EnableUfdbGuard={$EnableUfdbGuard}\n";
}
if ($GLOBALS["VERBOSE"]) {
echo "DEBUG::{$funtion}:: SQUIDEnable={$SQUIDEnable}\n";
}
if ($GLOBALS["VERBOSE"]) {
echo "DEBUG::{$funtion}:: UseRemoteUfdbguardService={$UseRemoteUfdbguardService}\n";
}
$GLOBALS["SQUIDBIN"] = $squidbin;
if ($EnableWebProxyStatsAppliance == 0) {
$installed = false;
if ($users->SQUIDGUARD_INSTALLED) {
$installed = true;
echo "Starting......: " . date("H:i:s") . " SquidGuard is installed\n";
}
if ($users->APP_UFDBGUARD_INSTALLED) {
$installed = true;
echo "Starting......: " . date("H:i:s") . " Webfiltering service is installed\n";
}
if ($users->DANSGUARDIAN_INSTALLED) {
$installed = true;
echo "Starting......: " . date("H:i:s") . " Dansguardian is installed\n";
}
if (!$installed) {
if ($GLOBALS["VERBOSE"]) {
echo "No one installed...\n";
shell_exec("{$nohup} " . LOCATE_PHP5_BIN2() . " " . dirname(__FILE__) . "/exec.usrmactranslation.php >/dev/null 2>&1 &");
return false;
}
}
}
if ($EnableUfdbGuard == 0) {
if ($GLOBALS["VERBOSE"]) {
echo "UfDbguard is disabled ( see EnableUfdbGuard ) in line: " . __LINE__ . "\n";
}
return;
}
if ($SQUIDEnable == 0) {
if ($GLOBALS["VERBOSE"]) {
echo "UfDbguard is disabled ( see SQUIDEnable ) in line: " . __LINE__ . "\n";
}
return;
}
if ($UseRemoteUfdbguardService == 1) {
if ($GLOBALS["VERBOSE"]) {
echo "UfDbguard is disabled ( see UseRemoteUfdbguardService ) in line: " . __LINE__ . "\n";
}
return;
}
if ($GLOBALS["VERBOSE"]) {
echo "FIX_1_CATEGORY_CHECKED()\n";
}
FIX_1_CATEGORY_CHECKED();
if ($EnableRemoteStatisticsAppliance == 1) {
if ($GLOBALS["VERBOSE"]) {
echo "Use the Web statistics appliance to get configuration file...\n";
}
shell_exec("{$nohup} " . LOCATE_PHP5_BIN2() . " " . dirname(__FILE__) . "/exec.usrmactranslation.php >/dev/null 2>&1 &");
ufdbguard_remote();
return;
}
if ($GLOBALS["VERBOSE"]) {
echo "{$funtion}::" . __LINE__ . "Loading compile_dansguardian()\n";
}
$dans = new compile_dansguardian();
if ($GLOBALS["VERBOSE"]) {
echo "{$funtion}::" . __LINE__ . "Loading compile_dansguardian::->build()\n";
}
$dans->build();
echo "Starting......: " . date("H:i:s") . " Dansguardian compile done...\n";
if (function_exists('WriteToSyslogMail')) {
WriteToSyslogMail("build() -> reconfigure UfdbGuardd", basename(__FILE__));
}
build_ufdbguard_config();
ufdbguard_schedule();
if ($EnableWebProxyStatsAppliance == 1) {
echo "Starting......: " . date("H:i:s") . " This server is a Squid Appliance, compress databases and notify proxies\n";
CompressCategories();
notify_remote_proxys();
}
shell_exec("{$php5} /usr/share/artica-postfix/exec.initslapd.php --ufdbguard");
CheckPermissions();
ufdbguard_admin_events("Service will be rebuiled and restarted", __FUNCTION__, __FILE__, __LINE__, "config");
shell_exec("{$nohup} " . LOCATE_PHP5_BIN2() . " " . dirname(__FILE__) . "/exec.usrmactranslation.php >/dev/null 2>&1 &");
if (!$GLOBALS["RESTART"]) {
if (is_file("/etc/init.d/ufdb")) {
echo "Starting......: " . date("H:i:s") . " Checking watchdog\n";
ufdbguard_watchdog();
echo "Starting......: " . date("H:i:s") . " Webfiltering service reloading service\n";
build_ufdbguard_HUP();
}
}
if ($GLOBALS["RESTART"]) {
if (is_file("/etc/init.d/ufdb")) {
echo "Starting......: " . date("H:i:s") . " Restarting\n";
shell_exec("/etc/init.d/ufdb restart");
}
}
if ($users->DANSGUARDIAN_INSTALLED) {
echo "Starting......: " . date("H:i:s") . " Dansguardian reloading service\n";
shell_exec("/usr/share/artica-postfix/bin/artica-install --reload-dansguardian --withoutconfig");
}
}
function start($aspid = false)
{
$unix = new unix();
$sock = new sockets();
$LOGBIN = "DHCP Server";
$binpath = $unix->DHCPD_BIN_PATH();
if (!is_file($binpath)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN}, not installed\n";
}
return;
}
if (!$aspid) {
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pid = $unix->get_pid_from_file($pidfile);
if ($unix->process_exists($pid, basename(__FILE__))) {
$time = $unix->PROCCESS_TIME_MIN($pid);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN}, [START] Already Artica task running PID {$pid} since {$time}mn\n";
}
return false;
}
@file_put_contents($pidfile, getmypid());
}
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
$timepid = $unix->PROCCESS_TIME_MIN($pid);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} Service already started {$pid} since {$timepid}Mn...\n";
}
return true;
}
$EnableDHCPServer = $sock->GET_INFO("EnableDHCPServer");
if (!is_numeric($EnableDHCPServer)) {
$EnableDHCPServer = 0;
}
$EnableChilli = $sock->GET_INFO("EnableChilli");
if (!is_numeric($EnableChilli)) {
$EnableChilli = 0;
}
if ($EnableChilli == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} replaced by HotSpot feature...\n";
}
$EnableDHCPServer = 0;
}
if ($EnableDHCPServer == 0) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service disabled\n";
}
build_progress("{starting_service} {failed}", 110);
return false;
}
build_progress("{starting_service}", 60);
@mkdir("/var/run/dhcp3-server", 0755, true);
@mkdir("/var/lib/dhcp3", 0755, true);
if (!is_file("/var/lib/dhcp3/dhcpd.other")) {
@file_put_contents("/var/lib/dhcp3/dhcpd.other", "#");
}
if (!is_file("/var/lib/dhcp3/dhcpd.leases")) {
@file_put_contents("/var/lib/dhcp3/dhcpd.leases", "#");
}
$unix->SystemCreateUser("dhcpd", "dhcpd");
$unix->chown_func("dhcpd", "dhcpd", "/var/run/dhcp3-server");
$unix->chown_func("dhcpd", "dhcpd", "/var/lib/dhcp3/dhcpd.leases");
$unix->chown_func("dhcpd", "dhcpd", "/var/lib/dhcp3/dhcpd.leases~");
$DHCP3ListenNIC = $sock->GET_INFO('DHCP3ListenNIC');
if ($DHCP3ListenNIC == null) {
$DHCP3ListenNIC = "eth0";
}
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} Listen {$DHCP3ListenNIC}\n";
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} building settings...\n";
BuildDHCP(true);
build_progress("{starting_service}", 75);
$CMD[] = "{$binpath} -q -pf " . PID_PATH();
$CMD[] = "-cf " . dhcp3Config();
$CMD[] = "-lf /var/lib/dhcp3/dhcpd.leases";
$cmd = @implode(" ", $CMD);
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service..\n";
if ($GLOBALS["VERBOSE"]) {
echo "{$cmd}\n";
}
shell_exec($cmd);
build_progress("{starting_service}", 80);
for ($i = 0; $i < 6; $i++) {
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
break;
}
build_progress("{starting_service} waiting {$i}/6", 80);
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service waiting {$i}/6...\n";
}
sleep(1);
}
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service Success service started pid:{$pid}...\n";
}
build_progress("{starting_service} {success}", 100);
return true;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$LOGBIN} service failed...\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: `{$cmd}`\n";
}
build_progress("{starting_service} {failed}", 110);
return false;
}
function build()
{
$unix = new unix();
$sock = new sockets();
$php5 = $unix->LOCATE_PHP5_BIN();
$sysctl = $unix->find_program("sysctl");
$EnableChilli = $sock->GET_INFO("EnableChilli");
if (!is_numeric($EnableChilli)) {
$EnableChilli = 0;
}
$KernelSendRedirects = $sock->GET_INFO("KernelSendRedirects");
if (!is_numeric($KernelSendRedirects)) {
$KernelSendRedirects = 1;
}
$save = false;
$ChilliConf = unserialize(base64_decode($sock->GET_INFO("ChilliConf")));
$ChilliConf = GetInterfaceArray($ChilliConf);
$php = $unix->LOCATE_PHP5_BIN();
if (!isset($ChilliConf["HS_UAMFREEWEB"])) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} FreeWeb Login page is not set...\n";
}
}
if (!is_file("/var/www/c2/index.php")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Installing CakePHP\n";
}
shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1");
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} CakePHP done\n";
}
}
if (!is_file("/var/www/c2/yfi_cake/setup/coova_json/login.php")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} `/var/www/c2/yfi_cake/setup/coova_json/login.php no such file Installing YFI CakePHP\n";
}
shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1");
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} YFI CakePHP done\n";
}
}
if (!is_dir("/usr/share/coova_json")) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} `/usr/share/coova_json` no such directory Installing Coova JSon\n";
}
shell_exec("/usr/share/artica-postfix/bin/artica-make APP_CAKEPHP >/dev/null 2>&1");
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Coova JSon done\n";
}
}
$unix->SystemCreateUser("chilli", "chilli");
$f[] = "include /etc/chilli/main.conf";
$f[] = "include /etc/chilli/hs.conf";
$f[] = "include /etc/chilli/local.conf";
$f[] = "ipup=/etc/chilli/up.sh";
$f[] = "ipdown=/etc/chilli/down.sh";
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Chilli: `/etc/chilli.conf` done\n";
}
file_put_contents("/etc/chilli.conf", @implode("\n", $f));
if (!is_numeric($ChilliConf["EnableSSLRedirection"])) {
$ChilliConf["EnableSSLRedirection"] = 0;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Building main configuration: {$ChilliConf["HS_LANIF"]} -> {$ChilliConf["HS_WANIF"]}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Listen.....: {$ChilliConf["HS_UAMLISTEN"]}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} DHCP.......: {$ChilliConf["HS_DYNIP"]}/{$ChilliConf["HS_DYNIP_MASK"]} ({$ChilliConf["HS_NETWORK"]})\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Proxy Port.: {$ChilliConf["SQUID_HTTP_PORT"]}\n";
}
$ldap = new clladp();
if (!is_numeric($ChilliConf["ENABLE_DHCP_RELAY"])) {
$ChilliConf["ENABLE_DHCP_RELAY"] = 0;
}
$t[] = "# -*- mode: shell-script; -*-";
$t[] = "#";
$t[] = "# Coova-Chilli Default Configurations. ";
$t[] = "# To customize, copy this file to /etc/chilli/config";
$t[] = "# and edit to your liking. This is included in shell scripts";
$t[] = "# that configure chilli and related programs before file 'config'. ";
$t[] = "";
$t[] = "";
$t[] = "###";
$t[] = "# Local Network Configurations";
$t[] = "# ";
$t[] = "";
if ($ChilliConf["HS_WANIF"] != null) {
$t[] = "HS_WANIF={$ChilliConf["HS_WANIF"]} # WAN Interface toward the Internet";
}
$t[] = "HS_LANIF={$ChilliConf["HS_LANIF"]}\t\t # Subscriber Interface for client devices";
$t[] = "HS_NETWORK={$ChilliConf["HS_NETWORK"]}\t # HotSpot Network (must include HS_UAMLISTEN)";
$t[] = "HS_NETMASK={$ChilliConf["HS_NETMASK"]} # HotSpot Network Netmask";
$t[] = "HS_UAMLISTEN={$ChilliConf["HS_UAMLISTEN"]} # HotSpot IP Address (on subscriber network)";
$t[] = "HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)";
$t[] = "HS_UAMUIPORT=4990 # HotSpot UAM 'UI' Port (on subscriber network, for embedded portal)";
$t[] = "HS_NATANYIP=off";
//$t[]="HS_STATIP=off";
//$t[]="HS_STATIP_MASK=";
$t[] = "";
if ($ChilliConf["HS_DYNIP"] != null) {
$t[] = "HS_DYNIP={$ChilliConf["HS_DYNIP"]}";
}
if ($ChilliConf["HS_DYNIP_MASK"] != null) {
$t[] = "HS_DYNIP_MASK={$ChilliConf["HS_DYNIP_MASK"]}";
}
if ($ChilliConf["HS_DNS_DOMAIN"] != null) {
$t[] = "HS_DNS_DOMAIN={$ChilliConf["HS_DNS_DOMAIN"]}";
}
//$t[]="HS_STATIP={$ChilliConf["HS_STATIP"]}";
//$t[]="HS_STATIP_MASK={$ChilliConf["HS_STATIP_MASK"]}";
$t[] = "# DNS Servers";
$t[] = "HS_DNS1={$ChilliConf["HS_UAMLISTEN"]}";
$t[] = "HS_DNS2={$ChilliConf["HS_UAMLISTEN"]}";
DefaultSplash($ChilliConf);
if (!isset($ChilliConf["SQUID_HTTP_PORT"])) {
$ChilliConf["SQUID_HTTP_PORT"] = rand(45000, 65400);
$save = true;
}
if (!is_numeric($ChilliConf["SQUID_HTTP_PORT"])) {
$ChilliConf["SQUID_HTTP_PORT"] = rand(45000, 65400);
$save = true;
}
if (!isset($ChilliConf["SQUID_HTTPS_PORT"])) {
$ChilliConf["SQUID_HTTPS_PORT"] = rand(45000, 65400);
$save = true;
}
if (!is_numeric($ChilliConf["SQUID_HTTPS_PORT"])) {
$ChilliConf["SQUID_HTTPS_PORT"] = rand(45000, 65400);
$save = true;
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Building DNSMasq settings\n";
}
dnsmasq_config();
if ($ChilliConf["EnableSSLRedirection"] == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} SSL redirection is Active\n";
}
$t[] = "HS_UAMUISSL=on";
$t[] = "HS_REDIRSSL=on";
include_once dirname(__FILE__) . "/ressources/class.squid.inc";
$squid = new squidbee();
$t[] = $squid->SaveCertificate($ChilliConf["certificate_center"], false, false, true);
} else {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} SSL redirection is inactive\n";
}
}
$ChilliConf["uamallowed"][$ChilliConf["HS_UAMFREEWEB"]] = true;
$ChilliConf["uamallowed"]["127.0.0.1"] = true;
$ChilliConf["uamallowed"][$ChilliConf["HS_WANIF_IP"]] = true;
$ip = new IP();
if ($ip->isIPAddress($ChilliConf["HS_DNS1"])) {
$ChilliConf["uamallowed"][$ChilliConf["HS_DNS1"]] = true;
}
if ($ip->isIPAddress($ChilliConf["HS_DNS2"])) {
$ChilliConf["uamallowed"][$ChilliConf["HS_DNS2"]] = true;
}
if ($ChilliConf["AD_SERVER"] != null) {
$ChilliConf["uamallowed"][$ChilliConf["AD_SERVER"]] = true;
}
while (list($num, $ligne) = each($ChilliConf["uamallowed"])) {
if (trim($num) == null) {
continue;
}
if (is_numeric($num)) {
continue;
}
$HS_UAMALLOW[] = $num;
}
if ($save) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Saving new configuration file...\n";
}
$NewArray = base64_encode(serialize($ChilliConf));
$sock->SaveConfigFile($NewArray, "ChilliConf");
}
$RADIUS_IP = "127.0.0.1";
if ($ChilliConf["RADIUS_IP"] != null) {
$RADIUS_IP = $ChilliConf["RADIUS_IP"];
}
if (!is_numeric($ChilliConf["HS_LAN_ACCESS"])) {
$ChilliConf["HS_LAN_ACCESS"] = 1;
}
$t[] = "HS_NASID=nas01";
$t[] = "HS_RADIUS={$RADIUS_IP}";
//$t[]="HS_RADIUS2=$RADIUS_IP";
$t[] = "HS_UAMALLOW=" . @implode(",", $HS_UAMALLOW);
//$t[]="HS_ACCTUPDATE";
$t[] = "HS_RADSECRET={$ldap->ldap_password}";
$t[] = "HS_UAMSECRET={$ldap->ldap_password}";
$t[] = "HS_UAMALIASNAME=chilli";
$t[] = "HS_NASIP={$RADIUS_IP}";
if ($ChilliConf["HS_LAN_ACCESS"] == 1) {
$t[] = "HS_LAN_ACCESS=on";
} else {
$t[] = "HS_LAN_ACCESS=off";
}
if ($ChilliConf["ENABLE_DHCP_RELAY"] == 1) {
if ($ChilliConf["HS_DHCPRELAYAGENT"] != null) {
if ($ChilliConf["HS_DHCPGATEWAY"] != null) {
$t[] = "HS_DHCPRELAYAGENT={$ChilliConf["HS_DHCPRELAYAGENT"]}";
$t[] = "HS_DHCPGATEWAY={$ChilliConf["HS_DHCPGATEWAY"]}";
}
}
}
if (is_numeric($ChilliConf["HS_UAMFREEWEB"])) {
$ChilliConf["HS_UAMFREEWEB"] = null;
}
$t[] = "";
//$t[]="HS_LAYER3=on";
$t[] = "";
$t[] = "# Put entire domains in the walled-garden with DNS inspection";
$t[] = "# HS_UAMDOMAINS=\".paypal.com,.paypalobjects.com\"";
$t[] = "HS_UAMSERVER={$ChilliConf["HS_UAMFREEWEB"]}";
$t[] = "# HS_UAMSERVICE=";
$t[] = "HS_UAMFORMAT=\"http://\$HS_UAMSERVER/hs_land.php\"";
$t[] = "HS_UAMHOMEPAGE=\"http://{$ChilliConf["HS_UAMFREEWEB"]}/splash.php\"";
$t[] = "HS_CONUP=\"" . __FILE__ . "\"";
$t[] = "HS_CONDOWN=\"" . dirname(__FILE__) . "/exec.chilli.condown.php\"";
$t[] = "";
$t[] = "";
$t[] = "###";
$t[] = "# Features not activated per-default (default to off)";
$t[] = "# HS_RADCONF=off\t # Get some configurations from RADIUS or a URL ('on' and 'url' respectively)";
$t[] = "HS_ANYIP=on\t\t # Allow any IP address on subscriber LAN";
$t[] = "HS_MACAUTH=on\t\t # To turn on MAC Authentication";
$t[] = "# HS_MACAUTHDENY=on\t # Put client in 'drop' state on MAC Auth Access-Reject";
$t[] = "# HS_MACAUTHMODE=local\t # To allow MAC Authentication based on macallowed, not RADIUS";
$t[] = "# HS_MACALLOW=\"...\" # List of MAC addresses to authenticate (comma seperated)";
$t[] = "# HS_USELOCALUSERS=on # To use the /etc/chilli/localusers file";
$t[] = "# HS_OPENIDAUTH=on\t # To inform the RADIUS server to allow OpenID Auth";
$t[] = "# HS_WPAGUESTS=on\t # To inform the RADIUS server to allow WPA Guests";
$t[] = "# HS_DNSPARANOIA=on\t # To drop DNS packets containing something other";
$t[] = "# HS_OPENIDAUTH=on\t # To inform the RADIUS server to allow OpenID Auth";
$t[] = "# HS_USE_MAP=on\t\t # Short hand for allowing the required google";
$t[] = "###";
$t[] = "# Other feature settings and their defaults";
$t[] = "# HS_DEFSESSIONTIMEOUT=0 # Default session-timeout if not defined by RADIUS (0 for unlimited)";
$t[] = "# HS_DEFIDLETIMEOUT=0\t # Default idle-timeout if not defined by RADIUS (0 for unlimited)";
$t[] = "# HS_DEFBANDWIDTHMAXDOWN=0 # Default WISPr-Bandwidth-Max-Down if not defined by RADIUS (0 for unlimited)";
$t[] = "# HS_DEFBANDWIDTHMAXUP=0\t # Default WISPr-Bandwidth-Max-Up if not defined by RADIUS (0 for unlimited)";
$t[] = "";
$t[] = "# HS_RADCONF=on\t\t # gather the ChilliSpot-Config attributes in";
$t[] = "#\t\t\t # Administrative-User login";
$t[] = "# HS_RADCONF_SERVER=rad01.coova.org\t\t # RADIUS Server";
$t[] = "# HS_RADCONF_SECRET=coova-anonymous\t\t # RADIUS Shared Secret ";
$t[] = "# HS_RADCONF_AUTHPORT=1812\t\t\t # Auth port";
$t[] = "# HS_RADCONF_USER=chillispot\t\t\t # Username";
$t[] = "# HS_RADCONF_PWD=chillispot\t\t\t # Password";
$ALLOWPORTS["80"] = true;
$ALLOWPORTS["443"] = true;
$ALLOWPORTS["22"] = true;
$ALLOWPORTS["2812"] = true;
$ALLOWPORTS["53"] = true;
$ALLOWPORTS["3990"] = true;
$ALLOWPORTS["22"] = true;
$ALLOWPORTS["9000"] = true;
$ALLOWPORTS["389"] = true;
$ALLOWPORTS["53"] = true;
$ALLOWPORTS["1553"] = true;
$ALLOWPORTS["137"] = true;
$ALLOWPORTS["138"] = true;
$ALLOWPORTS["139"] = true;
$ALLOWPORTS["445"] = true;
$ALLOWPORTS["80"] = true;
$ALLOWPORTS["443"] = true;
$ALLOWPORTS["1812"] = true;
$ALLOWPORTS["3306"] = true;
$ALLOWPORTS["47980"] = true;
while (list($index, $line) = each($ALLOWPORTS)) {
$PPORT[] = $index;
}
$t[] = "HS_TCP_PORTS=\"" . @implode(" ", $PPORT) . "\"";
$t[] = "";
$t[] = "###";
$t[] = "# Standard configurations";
$t[] = "#";
$t[] = "HS_MODE=hotspot";
$t[] = "HS_TYPE=chillispot";
$t[] = "# HS_RADAUTH=1812";
$t[] = "# HS_RADACCT=1813";
$t[] = "# HS_ADMUSR=chillispot";
$t[] = "# HS_ADMPWD=chillispot";
$t[] = "";
$t[] = "";
if ($ChilliConf["HS_PROVIDER"] == null) {
$ChilliConf["HS_PROVIDER"] = "Artica";
}
if ($ChilliConf["HS_PROVIDER_LINK"] == null) {
$ChilliConf["HS_PROVIDER_LINK"] = "http://www.articatech.net";
}
if ($ChilliConf["HS_LOC_NAME"] == null) {
$ChilliConf["HS_LOC_NAME"] = "Artica HotSpot";
}
if ($ChilliConf["HS_LOC_NETWORK"] == null) {
$ChilliConf["HS_LOC_NETWORK"] = "HotSpot Network";
}
$t[] = "HS_PROVIDER={$ChilliConf["HS_PROVIDER"]}";
$t[] = "HS_PROVIDER_LINK={$ChilliConf["HS_PROVIDER_LINK"]}/";
//$t[]="HS_LOC_NAME=\"{$ChilliConf["HS_LOC_NAME"]}\" # WISPr Location Name and used in portal";
//$t[]="HS_LOC_NETWORK=\"{$ChilliConf["HS_LOC_NETWORK"]}\" # Network name";
$t[] = "# HS_LOC_AC=408\t\t\t # Phone area code";
$t[] = "# HS_LOC_CC=1\t\t\t # Phone country code";
$t[] = "# HS_LOC_ISOCC=US\t\t # ISO Country code";
$t[] = "";
$t[] = "# Embedded miniportal";
$t[] = "# HS_REG_MODE=\"tos\" # or self, other";
$t[] = "# HS_RAD_PROTO=\"pap\" # or mschapv2, chap";
$t[] = "# HS_USE_MAP=on\n";
echo "Starting......: " . date("H:i:s") . " [INIT]: Chilli: `/etc/chilli/config` done\n";
echo "Starting......: " . date("H:i:s") . " [INIT]: Chilli: flush /etc/init.d..\n";
chilli_init_d();
file_put_contents("/etc/chilli/config", @implode("\n", $t));
coova_web();
shell_exec("{$php5} " . dirname(__FILE__) . "/exec.freeradius.php --build");
if ($GLOBALS["RELOAD"]) {
$kill = $unix->find_program("kill");
shell_exec("/etc/init.d/chilli reconfigure");
$pid = PID_NUM();
if ($unix->process_exists($pid)) {
shell_exec("{$kill} -HUP {$pid} 2>&1");
} else {
start();
}
}
}
function CheckPermissions()
{
$unix = new unix();
$unix->SystemCreateUser("mail", "mail");
$unix->SystemCreateUser("postfix", "mail");
$unix->SystemCreateUser("cyrus", "cyrus");
$POSTFIX_QUEUE_DIRECTORY = $unix->POSTCONF_GET("queue_directory");
$dirs[] = "/var/lib/cyrus";
$dirs[] = "/var/lib/cyrus/db";
$dirs[] = "/var/lib/cyrus/socket";
$dirs[] = "/var/lib/cyrus/proc";
$dirs[] = "/var/run/cyrus/socket";
$dirs[] = "/var/spool/postfix/var/run/cyrus/socket";
$ln = $unix->find_program("ln");
$dirs[] = "{$POSTFIX_QUEUE_DIRECTORY}/var/run/cyrus";
while (list($num, $directory) = each($dirs)) {
if (!is_dir($directory)) {
@mkdir($directory, 0755, true);
}
$unix->chmod_func(0755, "{$directory}");
$unix->chown_func("cyrus", "mail", "{$directory}");
}
$unix->chown_func("cyrus", "cyrus", "/var/lib/cyrus");
if (!is_file("/var/lib/cyrus/user_deny.db")) {
@touch("/var/lib/cyrus/user_deny.db");
$unix->chown_func("cyrus", "mail", "/var/lib/cyrus/user_deny.db");
}
}
function memboost()
{
$workdir = "/var/lib/c_icap/temporary";
$sock = new sockets();
$unix = new unix();
$users = new usersMenus();
if (!$users->CORP_LICENSE) {
$umount = $unix->find_program("umount");
echo "Starting......: " . date("H:i:s") . "c-icap MemBoost license inactive...\n";
$mountedM = tmpfs_mounted_size();
if ($mountedM > 1) {
shell_exec("{$umount} -l {$workdir}");
}
return;
}
echo "Starting......: " . date("H:i:s") . "c-icap MemBoost `{$workdir}`\n";
$umount = $unix->find_program("umount");
$mount = $unix->find_program("mount");
$rm = $unix->find_program("rm");
$idbin = $unix->find_program("id");
$CiCAPMemBoost = $sock->GET_INFO("CiCAPMemBoost");
if (!is_numeric($CiCAPMemBoost)) {
$CiCAPMemBoost = 0;
}
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . "c-icap MemBoost -> {$CiCAPMemBoost} Mb\n";
}
$mountedM = tmpfs_mounted_size();
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: " . date("H:i:s") . "c-icap mounted -> {$mountedM} Mb\n";
}
if ($CiCAPMemBoost < 2) {
if ($mountedM > 1) {
shell_exec("{$umount} -l {$workdir}");
}
return;
}
if ($CiCAPMemBoost == $mountedM) {
return;
}
$unix->SystemCreateUser("clamav", "clamav");
exec("{$idbin} clamav 2>&1", $results);
if (!preg_match("#uid=([0-9]+).*?gid=([0-9]+)#", @implode("", $results), $re)) {
echo "Starting......: " . date("H:i:s") . "c-icap MemBoost clamav no such user...\n";
return;
}
shell_exec("{$umount} -l {$workdir}");
$uid = $re[1];
$gid = $re[2];
recursive_remove_directory("{$workdir}");
@mkdir($workdir, 0755);
echo "Starting......: " . date("H:i:s") . "c-icap MemBoost clamav ({$uid}/{$gid})\n";
shell_exec("{$mount} -t tmpfs -o size={$CiCAPMemBoost}M,noauto,user,exec,uid={$uid},gid={$gid} tmpfs {$workdir}");
$mountedM = tmpfs_mounted_size();
if ($mountedM > 1) {
echo "Starting......: " . date("H:i:s") . "c-icap MemBoost mounted with {$mountedM}M\n";
} else {
echo "Starting......: " . date("H:i:s") . "c-icap MemBoost mounted failed\n";
}
}