コード例 #1
0
ファイル: exec.wanproxy.php プロジェクト: BillTheBest/1.6.x
function build_parent()
{
    $q = new mysql_squid_builder();
    $unix = new unix();
    if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"])) {
        $unix = new unix();
        $GLOBALS["NETWORK_ALL_INTERFACES"] = $unix->NETWORK_ALL_INTERFACES();
    }
    if (!isset($GLOBALS["NETWORK_ALL_NICS"])) {
        $unix = new unix();
        $GLOBALS["NETWORK_ALL_NICS"] = $unix->NETWORK_ALL_INTERFACES();
    }
    $sql = "SELECT * FROM proxy_ports WHERE WANPROXY=1 AND enabled=1";
    $results = $q->QUERY_SQL($sql);
    if (!$q->ok) {
        return;
    }
    if (mysql_num_rows($results) == 0) {
        remove_init_parent();
        return;
    }
    @mkdir("/home/squid/wanproxy", 0755, true);
    $conf[] = "create log-mask catch-all";
    $conf[] = "set catch-all.regex \"^/\"";
    $conf[] = "set catch-all.mask INFO";
    $conf[] = "activate catch-all";
    $conf[] = "";
    while ($ligne = mysql_fetch_assoc($results)) {
        $port = $ligne["port"];
        $ID = $ligne["ID"];
        $eth = $ligne["nic"];
        $wanport = $ligne["WANPROXY_PORT"];
        $WanProxyMemory = intval($ligne["WanProxyMemory"]);
        $WanProxyCache = intval($ligne["WanProxyCache"]);
        $cacheAdd = false;
        $ipaddr = null;
        if ($eth != null) {
            $ipaddr = $GLOBALS["NETWORK_ALL_NICS"][$eth]["IPADDR"];
        }
        @mkdir("/home/squid/wanproxy", 0755, true);
        if ($ipaddr == null) {
            $ipaddr = "0.0.0.0";
        }
        $conf[] = "# A primary in-memory cache of 128MB per peer.";
        $conf[] = "# A secondary disk cache of 1GB in the file wanproxy.xcache shared by all peers.";
        if ($WanProxyMemory > 0) {
            $conf[] = "create cache memorycache{$ID}";
            $conf[] = "set memorycache{$ID}.type Memory";
            $conf[] = "set memorycache{$ID}.size {$WanProxyMemory}MB";
            $conf[] = "activate memorycache{$ID}";
            $conf[] = "";
            $cacheAdd = true;
        }
        if ($WanProxyCache > 0) {
            $conf[] = "create cache diskcache{$ID}";
            $conf[] = "set diskcache{$ID}.type Disk";
            $conf[] = "set diskcache{$ID}.size {$WanProxyCache}GB";
            $conf[] = "set diskcache{$ID}.path \"/home/squid/wanproxy/wanproxyParent{$ID}.xcache\"";
            $conf[] = "activate diskcache{$ID}";
            $conf[] = "";
            $cacheAdd = true;
        }
        if ($cacheAdd) {
            $conf[] = "create cache cache{$ID}";
            $conf[] = "set cache{$ID}.type Pair";
            if ($WanProxyMemory > 0) {
                $conf[] = "set cache{$ID}.primary memorycache{$ID}";
            }
            if ($WanProxyCache > 0) {
                $conf[] = "set cache{$ID}.secondary diskcache{$ID}";
            }
            $conf[] = "activate cache{$ID}";
        }
        $conf[] = "";
        $conf[] = "# Set up codec instances.";
        $conf[] = "create codec codec{$ID}";
        $conf[] = "set codec{$ID}.codec XCodec";
        if ($cacheAdd) {
            $conf[] = "set codec{$ID}.cache cache{$ID}";
        }
        $conf[] = "set codec{$ID}.compressor zlib";
        $conf[] = "set codec{$ID}.compressor_level 6";
        $conf[] = "set codec{$ID}.track_statistics true";
        $conf[] = "activate codec{$ID}";
        $conf[] = "";
        $conf[] = "create interface if{$ID}";
        $conf[] = "set if{$ID}.family IPv4";
        $conf[] = "set if{$ID}.host \"{$ipaddr}\"";
        $conf[] = "set if{$ID}.port \"{$port}\"";
        $conf[] = "activate if{$ID}";
        $conf[] = "";
        $conf[] = "create peer peer{$ID}";
        $conf[] = "set peer{$ID}.family IPv4";
        $conf[] = "set peer{$ID}.host \"127.0.0.1\"";
        $conf[] = "set peer{$ID}.port \"{$wanport}\"";
        $conf[] = "activate peer{$ID}";
        $conf[] = "";
        $conf[] = "create proxy proxy{$ID}";
        $conf[] = "set proxy{$ID}.type TCP-TCP";
        $conf[] = "set proxy{$ID}.interface if{$ID}";
        $conf[] = "set proxy{$ID}.interface_codec codec{$ID}";
        $conf[] = "set proxy{$ID}.peer peer{$ID}";
        $conf[] = "set proxy{$ID}.peer_codec None";
        $conf[] = "activate proxy{$ID}";
        $conf[] = "";
    }
    $conf[] = "create interface if0";
    $conf[] = "set if0.family IPv4";
    $conf[] = "set if0.host \"0.0.0.0\"";
    $conf[] = "set if0.port \"9900\"";
    $conf[] = "activate if0";
    $conf[] = "";
    $conf[] = "create monitor monitor0";
    $conf[] = "set monitor0.interface if0";
    $conf[] = "activate monitor0";
    $conf[] = "";
    @file_put_contents("/etc/wanproxy-parent.conf", @implode("\n", $conf));
    create_init_parent();
}
コード例 #2
0
ファイル: exec.dante.php プロジェクト: articatech/artica
function build_services()
{
    $q = new mysql_squid_builder();
    $unix = new unix();
    if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"])) {
        $unix = new unix();
        $GLOBALS["NETWORK_ALL_INTERFACES"] = $unix->NETWORK_ALL_INTERFACES();
    }
    if (!isset($GLOBALS["NETWORK_ALL_NICS"])) {
        $unix = new unix();
        $GLOBALS["NETWORK_ALL_NICS"] = $unix->NETWORK_ALL_INTERFACES();
    }
    @mkdir("/home/squid/dante", 0755, true);
    @mkdir("/var/run/dante", 0755, true);
    @chown("/home/squid/dante", "squid");
    @chgrp("/home/squid/dante", "squid");
    @chgrp("/var/run/dante", "squid");
    @chgrp("/var/run/dante", "squid");
    $sql = "SELECT * FROM proxy_ports WHERE SOCKS=1 AND enabled=1";
    $results = $q->QUERY_SQL($sql);
    if (!$q->ok) {
        return;
    }
    if ($GLOBALS["OUTPUT"]) {
        echo "Starting......: " . date("H:i:s") . " [INIT]: Starting " . mysql_num_rows($results) . " service(s)\n";
    }
    if (mysql_num_rows($results) == 0) {
        remove_init_parent();
        return;
    }
    while ($ligne = mysql_fetch_assoc($results)) {
        $BindToDevice = null;
        $ID = $ligne["ID"];
        $port = intval($ligne["port"]);
        $eth = $ligne["nic"];
        $WANPROXY_PORT = $ligne["WANPROXY_PORT"];
        $outgoing_addr = $ligne["outgoing_addr"];
        if ($eth != null) {
            $BindToDevice = $eth;
            $ipaddr = $GLOBALS["NETWORK_ALL_NICS"][$eth]["IPADDR"];
        }
        if ($ipaddr == null) {
            $ipaddr = "0.0.0.0";
        }
        if ($BindToDevice == null) {
            $BindToDevice = "0.0.0.0";
        }
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: Starting Listen {$ipaddr} port = {$port} and forward to {$outgoing_addr}\n";
        }
        $f[] = "logoutput: /var/log/squid/sockd.log";
        $f[] = "internal: {$ipaddr} port = {$port}";
        $f[] = "external: {$outgoing_addr}";
        $f[] = "user.notprivileged: squid";
        $f[] = "debug: 1";
        $f[] = "clientmethod: none";
        $f[] = "socksmethod: none";
        $f[] = "client pass {\n\t\t\tfrom:  0.0.0.0/0 port 1-65535 to: 0.0.0.0/0\n\t\t\t\n\t\t}";
        $f[] = "socks pass {";
        $f[] = "from: 0.0.0.0/0 to: 0.0.0.0/0";
        $f[] = " protocol: tcp udp";
        $f[] = "}";
        $f[] = "";
        @mkdir("/etc/dante/conf.d", 0755, true);
        @file_put_contents("/etc/dante/conf.d/config.{$ligne["ID"]}", @implode("\n", $f));
        $f = array();
        create_init($ID);
    }
}
コード例 #3
0
ファイル: exec.frox.php プロジェクト: articatech/artica
function build_services()
{
    $q = new mysql_squid_builder();
    $unix = new unix();
    if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"])) {
        $unix = new unix();
        $GLOBALS["NETWORK_ALL_INTERFACES"] = $unix->NETWORK_ALL_INTERFACES();
    }
    if (!isset($GLOBALS["NETWORK_ALL_NICS"])) {
        $unix = new unix();
        $GLOBALS["NETWORK_ALL_NICS"] = $unix->NETWORK_ALL_INTERFACES();
    }
    @mkdir("/home/squid/dante", 0755, true);
    @mkdir("/var/run/dante", 0755, true);
    @chown("/home/squid/dante", "squid");
    @chgrp("/home/squid/dante", "squid");
    @chgrp("/var/run/dante", "squid");
    @chgrp("/var/run/dante", "squid");
    $sql = "SELECT * FROM proxy_ports WHERE SOCKS=1 AND enabled=1";
    $results = $q->QUERY_SQL($sql);
    if (!$q->ok) {
        return;
    }
    if (mysql_num_rows($results) == 0) {
        remove_init_parent();
        return;
    }
    while ($ligne = mysql_fetch_assoc($results)) {
        $BindToDevice = null;
        $ID = $ligne["ID"];
        $port = intval($ligne["port"]);
        $eth = $ligne["nic"];
        $WANPROXY_PORT = $ligne["WANPROXY_PORT"];
        if ($eth != null) {
            $BindToDevice = $eth;
            $ipaddr = $GLOBALS["NETWORK_ALL_NICS"][$eth]["IPADDR"];
        }
        if ($ipaddr == null) {
            $ipaddr = "0.0.0.0";
        }
        $f[] = "logoutput: /var/log/squid/sockd.log";
        $f[] = "internal: {$ipaddr} port = {$port}";
        $f[] = "external: {$BindToDevice}";
        $f[] = "user.notprivileged: squid";
        $f[] = "clientmethod: none";
        $f[] = "method: none";
        $f[] = "";
        $f[] = "# Send SIGHUP after editing and it will be reread. This will fail";
        $f[] = "# completely if we are chrooted and the config file isn't within the";
        $f[] = "# dir we are chrooted to, or if we have dropped priveleges and no";
        $f[] = "# longer have permission to read it! We may also no longer have";
        $f[] = "# permission to bind to device.";
        $f[] = "";
        $f[] = "# Address to listen on - default is 0.0.0.0";
        $f[] = "#";
        $f[] = "# Listen firewall.localnet";
        $f[] = "Listen {$ipaddr}";
        $f[] = "";
        $f[] = "# Port to listen on. Must be supplied.";
        $f[] = "#";
        $f[] = "Port {$port}";
        $f[] = "";
        $f[] = "# If specified then bind to this device";
        $f[] = "#";
        if ($BindToDevice != null) {
            $f[] = "BindToDevice {$BindToDevice}";
        }
        $f[] = "";
        $f[] = "# Specify ranges for local ports to use for outgoing connections and";
        $f[] = "# for sending out in PORT commands. By default these are all between";
        $f[] = "# 40000 and 50000, but you might want to split them up if you have";
        $f[] = "# complicated firewalling rules.";
        $f[] = "#";
        $f[] = "# ControlPorts 40000-40999";
        $f[] = "# PassivePorts 41000-41999";
        $f[] = "# ActivePorts  42000-42999";
        $f[] = "";
        $f[] = "# Number of seconds of no activity before closing session";
        $f[] = "# Defaults to 3600";
        $f[] = "#";
        $f[] = "Timeout 1800";
        $f[] = "";
        $f[] = "#Maximum number of processes to fork.";
        $f[] = "#";
        $f[] = "# MaxForks 0 # For debugging -- only one connection may be served.";
        $f[] = "MaxForks 10";
        $f[] = "";
        $f[] = "# User and group to drop priveliges to. Default is not to drop.";
        $f[] = "#";
        $f[] = "User squid";
        $f[] = "Group squid";
        $f[] = "";
        $f[] = "# Directory to chroot to. Default is not to chroot. Filenames for";
        $f[] = "# other options should be within this directory, but specified";
        $f[] = "# relative to /.";
        $f[] = "#";
        $f[] = "# Chroot /usr/local/lib/frox";
        $f[] = "";
        $f[] = "# Block PORT commands asking data to be sent to ports<1024 and";
        $f[] = "# prevent incoming control stream connections from port 20 to ";
        $f[] = "# help depend against ftp bounce attacks. Defaults to on.";
        $f[] = "#";
        $f[] = "BounceDefend yes";
        $f[] = "";
        $f[] = "# If true then only accept data connections from the hosts the control";
        $f[] = "# connections are to. Breaks the rfc, and defaults to off.";
        $f[] = "#";
        $f[] = "#SameAddress on";
        $f[] = "";
        $f[] = "# Try to transparently proxy the data connections as well. Not";
        $f[] = "# necessary for most clients, and does increase security risks. Read";
        $f[] = "# README.transdata for details. Defaults to off.";
        $f[] = "#";
        $f[] = "# TransparentData yes";
        $f[] = "";
        $f[] = "# File to log to. Default is stderr";
        $f[] = "#";
        $f[] = "# LogFile /dev/null";
        $f[] = "LogFile /var/log/squid/ftp.access.log";
        $f[] = "WorkingDir /home/squid/frox";
        $f[] = "";
        $f[] = "# File to store PID in. Default is not to. If this file is not within";
        $f[] = "# the Chroot directory then it cannot be deleted on exit, but will";
        $f[] = "# otherwise work fine.";
        $f[] = "#";
        $f[] = "PidFile /var/run/frox/frox-ftp-{$ID}.pid";
        $f[] = "";
        $f[] = "# Caching options. There should be at most one CacheModule line, and";
        $f[] = "# Cache lines to give the options for that caching module. CacheModule";
        $f[] = "# is HTTP (rewrites ftp requests as HTTP and sends them to a HTTP";
        $f[] = "# proxy like squid), or local (cache files locally). The relevant";
        $f[] = "# module needs to have been compiled in at compile time. See";
        $f[] = "# FAQ for details. If there are no CacheModule lines then no";
        $f[] = "# caching will be done.";
        $f[] = "#";
        $f[] = "# CacheModule local";
        $f[] = "# Cache Dir /usr/local/lib/frox/cache/";
        $f[] = "# Cache CacheSize 400";
        $f[] = "#";
        $f[] = "CacheModule HTTP";
        $f[] = "HTTPProxy 127.0.0.1:{$WANPROXY_PORT}";
        $f[] = "MinCacheSize 65536";
        $f[] = "";
        $f[] = "# Active --> Passive conversion. If set then all outgoing connections";
        $f[] = "# from the proxy will be passive FTP, regardless of the type of the";
        $f[] = "# connection coming in. This makes firewalling a lot easier. Defaults";
        $f[] = "# to no.";
        $f[] = "#";
        $f[] = "APConv yes";
        $f[] = "";
        $f[] = "# Allow non-transparent proxying support. The user can connect";
        $f[] = "# directly to frox, and give his username as user@host:port or";
        $f[] = "# user@host. Defaults to no";
        $f[] = "#";
        $f[] = "# DoNTP yes";
        $f[] = "";
        $f[] = "#########################";
        $f[] = "# Access control lists. #";
        $f[] = "#########################";
        $f[] = "# The format is: \"ACL Allow|Deny SRC - DST [PORTS]\"";
        $f[] = "";
        $f[] = "# SRC and DST may be in the form x.x.x.x, x.x.x.x/yy, x.x.x.x/y.y.y.y,";
        $f[] = "# a dns name, or * to match everything.";
        $f[] = "#";
        $f[] = "# PORTS is a list of ports. If specified then the rule will only match";
        $f[] = "# if the destination port of the connection is in this list. This is";
        $f[] = "# likely only relevant if you are allowing non-transparent proxying of";
        $f[] = "# ftp connections (ie. DoNTP is enabled above). Specifying * is equivalent ";
        $f[] = "# to not specifying anything - all ports will be matched";
        $f[] = "#";
        $f[] = "# Any connection that matches no rules will be denied. Since there are";
        $f[] = "# no rules by default you'll need to add something to let any";
        $f[] = "# connections happen at all (look at the last example if you are";
        $f[] = "# feeling lazy/not bothered by security).";
        $f[] = "#";
        $f[] = "# # Examples:";
        $f[] = "# # Allow local network to ftp to port 21 only, and block host ftp.evil";
        $f[] = "# ACL Deny * - ftp.evil            ";
        $f[] = "# ACL Allow 192.168.0.0/255.255.0.0 - * 21";
        $f[] = "#";
        $f[] = "# # Allow local network to ftp anywhere except certain dodgy ports. Network ";
        $f[] = "# # admin's machine can ftp anywhere.";
        $f[] = "# ACL Allow admin.localnet - *";
        $f[] = "# ACL Deny * - * 1-20,22-1024,6000-6007,7100";
        $f[] = "# ACL Allow 192.168.0.0/16 - * *";
        $f[] = "#";
        $f[] = "# # You don't really believe in this security stuff, and just want";
        $f[] = "# # everything to work. ";
        $f[] = "ACL Allow * - *";
        $f[] = "";
        $f[] = "";
        @mkdir("/etc/frox/conf.d", 0755, true);
        @file_put_contents("/etc/frox/conf.d/config.{$ligne["ID"]}", @implode("\n", $f));
        $f = array();
        create_init($ID);
    }
}