<?php
if (posix_getuid() != 0) {
die("Cannot be used in web server mode\n\n");
}
include_once dirname(__FILE__) . '/framework/class.unix.inc';
include_once dirname(__FILE__) . '/framework/frame.class.inc';
include_once dirname(__FILE__) . '/ressources/class.users.menus.inc';
if (preg_match("#--verbose#", implode(" ", $argv))) {
$GLOBALS["VERBOSE"] = true;
ini_set('html_errors', 0);
ini_set('display_errors', 1);
ini_set('error_reporting', E_ALL);
}
if ($argv[1] == "--server") {
build_server();
exit;
}
if ($argv[1] == "--node") {
build_node();
exit;
}
function build_server()
{
$users = new usersMenus();
@mkdir("/usr/share/artica-postfix/munin", 0755, true);
shell_exec("/bin/chown munin:munin /usr/share/artica-postfix/munin >/dev/null 2>&1");
$conf[] = "dbdir\t/var/lib/munin";
$conf[] = "htmldir /usr/share/artica-postfix/munin";
$conf[] = "logdir /var/log/munin";
$conf[] = "rundir /var/run/munin";
function xrun($commonname)
{
if ($commonname == "OpenVPN-MASTER") {
build_server();
exit;
}
if (isset($_GET["site-id"])) {
$site_id = $_GET["site-id"];
}
$unix = new unix();
$rm = $unix->find_program("rm");
$q = new mysql();
$sql = "SELECT ComputerOS FROM openvpn_clients WHERE uid='{$commonname}'";
$ligne = mysql_fetch_array($q->QUERY_SQL($sql, "artica_backup"));
if (!$q->ok) {
build_progress(110, "{failed}");
echo "ERROR: {$q->mysql_error}\n";
exit;
}
$vpn = new openvpn();
$vpn->ComputerOS = $ligne["ComputerOS"];
$config = $vpn->BuildClientconf($commonname);
$workingDir = "/etc/artica-postfix/openvpn/{$commonname}";
$basepath = $workingDir;
if (is_dir($workingDir)) {
system("{$rm} -rf {$workingDir}");
}
@mkdir($workingDir, 0755, true);
@mkdir("{$workingDir}/newcerts");
@file_put_contents("{$workingDir}/{$commonname}.ovpn", $config);
if (!is_file('/usr/bin/zip')) {
build_progress(110, "{failed}");
echo "ERROR: unable to stat \"zip\", please advise your Administrator\n";
exit;
}
//http://www.drazzib.com/docs/admin/openvpn.html
$filesize = filesize("{$workingDir}/{$commonname}.ovpn");
if ($filesize == 0) {
build_progress(110, "{failed}");
echo "ERROR: corrupted \"{$commonname}.ovpn\" 0 bytes, please advise your Administrator\n";
exit;
}
$ini = new Bs_IniHandler();
$sock = new sockets();
$ini->loadString($sock->GET_INFO("ArticaOpenVPNSettings"));
$ligne = unserialize($sock->GET_INFO("OpenVPNCertificateSettings"));
$hostname = $unix->hostname_g();
$cp = $unix->find_program("cp");
$rm = $unix->find_program("rm");
$php = $unix->LOCATE_PHP5_BIN();
$openssl = $unix->find_program("openssl");
$CertificateMaxDays = intval($ligne["CertificateMaxDays"]);
if ($CertificateMaxDays < 5) {
$CertificateMaxDays = 730;
}
if (trim($ligne["password"]) == null) {
$ldap = new clladp();
$ligne["password"] = $ldap->ldap_password;
}
$zipfile = "{$workingDir}/{$commonname}.zip";
if (is_file($zipfile)) {
@unlink($zipfile);
}
build_config($workingDir, $unix->hostname_g());
$password = $ligne["password"];
$config_path = "{$workingDir}/openssl.cf";
if (!is_file($config_path)) {
echo "{$config_path} no such file\n";
build_progress(110, "{failed}");
if (is_dir($workingDir)) {
system("{$rm} -rf {$workingDir}");
}
return;
}
chdir($workingDir);
$filetemp = $unix->FILE_TEMP();
shell_exec("source {$workingDir}/vars");
$open_vpn_ca_crt = "/etc/artica-postfix/openvpn/keys/allca.crt";
//$open_vpn_ca_crt="/etc/artica-postfix/openvpn/keys/openvpn-ca.crt";
copy("{$open_vpn_ca_crt}", "{$workingDir}/{$commonname}.ca");
if (!is_file($open_vpn_ca_crt)) {
echo "{$open_vpn_ca_crt} no such file\n";
build_progress(110, "{failed}");
if (is_dir($workingDir)) {
system("{$rm} -rf {$workingDir}");
}
return;
}
if (!is_file("{$workingDir}/{$commonname}.ca")) {
echo "{$workingDir}/{$commonname}.ca no such file\n";
build_progress(110, "{failed}");
if (is_dir($workingDir)) {
system("{$rm} -rf {$workingDir}");
}
return;
}
@unlink("/etc/artica-postfix/openvpn/{$commonname}.ovpn");
@unlink("{$workingDir}/keys/index.txt");
shell_exec("/bin/touch {$workingDir}/index.txt");
$cmd = "echo 01 > {$workingDir}/serial";
shell_exec("{$cmd}");
@unlink("/etc/artica-postfix/openvpn/keys/index.txt");
shell_exec("/bin/touch /etc/artica-postfix/openvpn/keys/index.txt");
$cmd = "echo 01 > /etc/artica-postfix/openvpn/keys/serial";
shell_exec("{$cmd}");
$subj = @file_get_contents("{$workingDir}/subj.cf");
$subjAndConfig = "{$subj} -config {$workingDir}/openssl.cf";
$cmd = "{$openssl} req -nodes -new -keyout \"{$workingDir}/{$commonname}.key\" -out \"{$workingDir}/{$commonname}.csr\" -batch {$subjAndConfig}";
echo "{$cmd}\n";
system("{$cmd}");
if (!check_file("{$workingDir}/{$commonname}.key")) {
echo "{$workingDir}/{$commonname}.key no such file\n";
build_progress(110, "{failed}");
if (is_dir($workingDir)) {
system("{$rm} -rf {$workingDir}");
}
return;
}
if (!check_file("{$workingDir}/{$commonname}.csr")) {
echo "{$workingDir}/{$commonname}.csr no such file\n";
build_progress(110, "{failed}");
if (is_dir($workingDir)) {
system("{$rm} -rf {$workingDir}");
}
return;
}
$open_vpn_ca_key = "/etc/artica-postfix/openvpn/keys/openvpn-ca.key";
$open_vpn_ca_crt = "/etc/artica-postfix/openvpn/keys/openvpn-ca.crt";
$cmd = "{$openssl} ca -keyfile {$open_vpn_ca_key} -cert {$open_vpn_ca_crt} -out \"{$workingDir}/{$commonname}.crt\" -in \"{$workingDir}/{$commonname}.csr\" -batch {$subjAndConfig} -passin pass:{$password}";
echo "{$cmd}\n";
system("{$cmd}");
if (!check_file("{$workingDir}/{$commonname}.crt")) {
echo "{$workingDir}/{$commonname}.crt no such file\n";
build_progress(110, "{failed}");
if (is_dir($workingDir)) {
system("{$rm} -rf {$workingDir}");
}
return;
}
$mycurrentdir = getcwd();
chdir($workingDir);
@file_put_contents("{$workingDir}/password", $password);
$cmd = "/usr/bin/zip {$zipfile}";
$cmd = $cmd . " {$commonname}.crt {$commonname}.csr {$commonname}.key {$commonname}.ovpn {$commonname}.ca password";
echo "{$cmd}\n";
system($cmd);
chdir($mycurrentdir);
@chmod($zipfile, 0777);
@chmod($workingDir, 0777);
$filesize = @filesize($zipfile);
$sql = "UPDATE openvpn_clients SET \n `zipcontent`=LOAD_FILE('{$zipfile}'),\n `zipsize`='{$filesize}'\n\t WHERE uid='{$commonname}'";
$q->QUERY_SQL($sql, "artica_backup");
if (!$q->ok) {
@unlink($filetemp);
@unlink($zipfile);
system("{$rm} -rf {$workingDir}");
echo $q->mysql_error;
build_progress(110, "{failed}");
return;
}
build_progress(100, "{success}...");
}
