$GLOBALS["DEBUG"] = true; Debuglogs("{$HTTP_X_REAL_IP}: Auth: \"{$_SERVER['PHP_AUTH_USER']}\", uri:{$_GET['uri']}, rule:{$_GET["ruleid"]}", __FUNCTION__, __LINE__); session_start(); if ($GLOBALS["DEBUG"]) { echo "<li>Includes...</li>"; } include_once dirname(__FILE__) . "/ressources/class.templates.inc"; include_once dirname(__FILE__) . "/ressources/class.mysql.squid.builder.php"; $GLOBALS["ruleid"] = $_GET["ruleid"]; $SERVER_NAME = $_SERVER["SERVER_NAME"]; $HTTP_HOST = $_SERVER["HTTP_HOST"]; $HTTP_X_FORWARDED_FOR = $_SERVER["HTTP_X_FORWARDED_FOR"]; $HTTP_X_REAL_IP = $_SERVER["HTTP_X_REAL_IP"]; Debuglogs("{$HTTP_X_REAL_IP}: Auth: \"{$_SERVER['PHP_AUTH_USER']}\", uri:{$_GET['uri']}, rule:{$_GET["ruleid"]}", __FUNCTION__, __LINE__); $banner = base64_decode($_GET["banner"]); Debuglogs("{$HTTP_X_REAL_IP}: -> INIT", __FUNCTION__, __LINE__); $GLOBALS["Q"] = new mysql_squid_builder(); $content = "<table class=\"w100 h100\">\n<tr>\n<td class=\"c m\">\n<table style=\"margin:0 auto;border:solid 1px #560000\">\n<tr>\n<td class=\"l\" style=\"padding:1px\">\n<div style=\"width:346px;background:#E33630\">\n<div style=\"padding:3px\">\n<div style=\"background:#BF0A0A;padding:8px;border:solid 1px #FFF;color:#FFF\">\n<div style=\"background:#BF0A0A;padding:8px;border:solid 1px #FFF;color:#FFF\">\n<h1>ERROR: {$array["TITLE"]}</h1>\n</div>\n<div class=\"c\" style=\"font:bold 13px arial;text-transform:uppercase;color:#FFF;padding:8px 0\">Proxy Error</div>\n<div style=\"background:#F7F7F7;padding:20px 28px 36px\">\n<div id=\"titles\">\n<h1>ERROR</h1> <h2>{$array["ERROR"]}</h2>\n</div> <hr>\n<div id=\"content\"> <p>{$array["EXPLAIN"]}</p>\n<blockquote id=\"error\"> <p><b>{$array["REASON"]}</b></p> </blockquote>\n<p>Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.</p> <p>Your cache administrator is <a href=\"mailto:%w%W\">%w</a>.</p> <br> </div> <hr> <div id=\"footer\"> <p>Generated %T by %h (%s)</p> <!-- %c --> </div> </div></div>\n</div>\n</td>\n</tr>\n</table>\n</td>\n</tr>\n</table>"; $header = @file_get_contents(dirname(__FILE__) . "/databases/squid.default.header.db"); $newheader = str_replace("{TITLE}", $array["TITLE"], $header); $templateDatas = "{$newheader}{$content}</body></html>"; echo $templateDatas; function ErrorLogs($text = null, $function = null, $line = null) { if ($text == null) { return; } $linetext = null; if (function_exists("debug_backtrace")) { $trace = @debug_backtrace(); }
public function check_nginx_attacks_RT($timekey = null) { if ($timekey == null) { $timekey = date('YmdH'); } $table = "ngixattck_{$timekey}"; $sql = "CREATE TABLE IF NOT EXISTS `squidlogs`.`{$table}` (\n\t\t`zDate` DATETIME NOT NULL,\n\t\t`ipaddr` VARCHAR(40),\n\t\t`familysite` VARCHAR(128),\n\t\t`hostname` VARCHAR(255),\n\t\t`country` VARCHAR(40) NOT NULL,\n\t\t`servername` VARCHAR(255) NOT NULL,\n\t\t`keyr` VARCHAR(90) PRIMARY KEY,\n\t\tKEY `zDate`(`zDate`),\n\t\tKEY `familysite`(`familysite`),\n\t\tKEY `hostname`(`hostname`),\n\t\tKEY `country`(`country`),\n\t\tKEY `servername`(`servername`)\n\t\t) ENGINE=MEMORY;"; $this->QUERY_SQL($sql, $this->database); if (!$this->ok) { if (function_exists("Debuglogs")) { Debuglogs($this->mysql_error); } return false; } return true; }
function xcas_auth($groupid, $ruleid) { Debuglogs("Rule:{$ruleid} Groupid:{$groupid} Testing source groups...", __FUNCTION__, __LINE__); if (!isMustAuth($ruleid)) { Debuglogs("Rule:{$ruleid} Groupid:{$groupid} From groups not match rule.", __FUNCTION__, __LINE__); return; } Debuglogs("Rule:{$ruleid} Groupid:{$groupid} From groups match rule.", __FUNCTION__, __LINE__); if (isset($_SESSION["AUTH_GROUP_DATA"][$groupid])) { if ($_SESSION["AUTH_GROUP_DATA"][$groupid]["params"] == null) { unset($_SESSION["AUTH_GROUP_DATA"][$groupid]); } } if (!isset($_SESSION["AUTH_GROUP_DATA"][$groupid])) { if (!isset($GLOBALS["Q"])) { $GLOBALS["Q"] = new mysql_squid_builder(); } Debuglogs("Rule:{$ruleid} Groupid:{$groupid} Run MySQL query", __FUNCTION__, __LINE__); $ligne = mysql_fetch_array($GLOBALS["Q"]->QUERY_SQL("SELECT groupname,group_type,params FROM authenticator_auth WHERE ID='{$groupid}'")); if (!$GLOBALS["Q"]->ok) { Debuglogs("Rule:{$_GET["ruleid"]} Groupid:{$groupid} {$GLOBALS["Q"]->mysql_error}", __FUNCTION__, __LINE__); } $_SESSION["AUTH_GROUP_DATA"][$groupid]["groupname"] = $ligne["groupname"]; $_SESSION["AUTH_GROUP_DATA"][$groupid]["group_type"] = $ligne["group_type"]; $_SESSION["AUTH_GROUP_DATA"][$groupid]["params"] = unserialize(base64_decode($ligne["params"])); } $groupname = $_SESSION["AUTH_GROUP_DATA"][$groupid]["groupname"]; $group_type = $_SESSION["AUTH_GROUP_DATA"][$groupid]["group_type"]; $params = $_SESSION["AUTH_GROUP_DATA"][$groupid]["params"]; include_once dirname(__FILE__) . "/ressources/externals/jasigcas/CAS.php"; Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} type:{$group_type}", __FUNCTION__, __LINE__); if (!preg_match("#\\?ticket=(.+)#", $_GET["uri"], $re)) { Debuglogs("Not ticket found in `{$_GET["uri"]}`", __FUNCTION__, __LINE__); return false; } //$_SESSION["USER"]=$user; //$_SESSION["CASTIME"]=time(); if (preg_match("#\\?ticket=(.+)#", $_GET["uri"], $re)) { $ticket = $re[1]; Debuglogs("{$_GET["uri"]} -> {$ticket}", __FUNCTION__, __LINE__); $uriToSend = "https://auth.u-cergy.fr/serviceValidate?ticket={$ticket}&service=http://{$_GET["servername"]}"; Debuglogs("{$uriToSend}", __FUNCTION__, __LINE__); @unlink("/tmp/toto.txt"); exec("wget \"{$uriToSend}\" -O /tmp/toto.txt"); $tr = explode("\n", @file_get_contents("/tmp/toto.txt")); while (list($index, $alias) = each($tr)) { Debuglogs("{$alias}", __FUNCTION__, __LINE__); } } else { Debuglogs("{$_GET["uri"]} no pregmatch", __FUNCTION__, __LINE__); } if ($GLOBALS["DEBUG"]) { Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} set to debug", __FUNCTION__, __LINE__); phpCAS::setDebug("/var/log/apache2/cas.debug.log"); } phpCAS::setDebug("/var/log/apache2/cas.debug.log"); Debuglogs("for debug purpose cmdline should be \"" . __FILE__ . " --cas {$groupid} {$ruleid}\"", __FUNCTION__, __LINE__); $cas_host = $params["CAS_HOST"]; $cas_port = intval($params["CAS_PORT"]); $cas_context = $params["CAS_CONTEXT"]; $certificate = $params["CAS_CERT"]; Debuglogs("Using certificate: {$certificate} ", __FUNCTION__, __LINE__); Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} Initialize phpCAS host:{$cas_host} Port:\"{$cas_port}\" context={$cas_context}", __FUNCTION__, __LINE__); phpCAS::client(CAS_VERSION_2_0, $cas_host, intval($cas_port), $cas_context); //phpCAS::proxy(CAS_VERSION_2_0, $cas_host, intval($cas_port), $cas_context); // For quick testing you can disable SSL validation of the CAS server. // THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION. // VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL! if (is_file($certificate)) { //Debuglogs("Using certificate: $certificate ",__FUNCTION__,__LINE__); //phpCAS::setCasServerCACert($certificate); } else { Debuglogs(" {$certificate} no such file", __FUNCTION__, __LINE__); } unset($_SESSION["AUTH_GROUP_DATA"]); Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} Initialize phpCAS setNoCasServerValidation()", __FUNCTION__, __LINE__); phpCAS::setNoCasServerValidation(); phpCAS::setFixedServiceURL("http://biblioweb.u-cergy.org"); //https://auth.u-cergy.fr/is/cas/serviceValidate?ticket=ST-956-Lyg0BdLkgdrBO9W17bXS&service=http://localhost/bling //phpCAS::forceAuthentication(); if (!phpCAS::checkAuthentication()) { Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} Initialize phpCAS, not authenticated", __FUNCTION__, __LINE__); return false; } // force CAS authentication //phpCAS::forceAuthentication(); return true; }