Exemplo n.º 1
0
function buildconfig()
{
    $f[] = "#";
    //
    //$f[]="set SS5_DEBUG";
    //$f[]="set SS5_VERBOSE";
    $f[] = "set SS5_AUTHCACHEAGE 600";
    $f[] = "set SS5_AUTHOCACHEAGE 600";
    $f[] = "set SS5_SRV";
    $f[] = "set SS5_CONSOLE";
    $f[] = "# SECTION       <VARIABLES AND FLAGS>";
    $f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
    $f[] = "#";
    $f[] = "#  TAG: set";
    $f[] = "#";
    $f[] = "#       set option name:";
    $f[] = "#";
    $f[] = "#       SS5_DNSORDER    \t\t->   order dns answer";
    $f[] = "#       SS5_VERBOSE       \t\t->   enable verbose output to be written into logfile";
    $f[] = "#       SS5_DEBUG         \t\t->   enable debug output to be written into logfile";
    $f[] = "#       SS5_CONSOLE        \t\t->   enable web console";
    $f[] = "#       SS5_ATIMEOUT       \t\t->   for future uses";
    $f[] = "#       SS5_STIMEOUT       \t\t->   set session idle timeout (default 1800 seconds,";
    $f[] = "#                                                         0 for infinite)";
    $f[] = "#       SS5_LDAP_TIMEOUT   \t\t->   set ldap query timeout";
    $f[] = "#       SS5_LDAP_BASE      \t\t->   set BASE method for profiling (see PROFILING section)";
    $f[] = "#                                    \t     It is default option!";
    $f[] = "#       SS5_LDAP_FILTER   \t\t->   set FILTER method for profiling (see PROFILING";
    $f[] = "#                                            section)";
    $f[] = "#       SS5_SRV   \t    \t\t->   enable ss5srv admin tool";
    $f[] = "#       SS5_PAM_AUTH       \t\t->   set PAM authentication";
    $f[] = "#       SS5_RADIUS_AUTH    \t\t->   set RADIUS authentication";
    $f[] = "#       SS5_RADIUS_INTERIM_INT       \t->   set interval beetwen interim update packet";
    $f[] = "#       SS5_RADIUS_INTERIM_TIMEOUT   \t->   set interim response timeout ";
    $f[] = "#       SS5_AUTHCACHEAGE   \t\t->   set age in seconds for authentication cache";
    $f[] = "#       SS5_AUTHOCACHEAGE  \t\t->   set age in seconds for authorization cache";
    $f[] = "#       SS5_STICKYAGE      \t\t->   set age for affinity";
    $f[] = "#       SS5_STICKYSESSION  \t\t->   enable affinity session";
    $f[] = "#       SS5_SUPAKEY        \t\t->   set SUPA secret key (default SS5_SERVER_S_KEY)";
    $f[] = "#       SS5_ICACHESERVER   \t\t->   set internet address of ICP server";
    $f[] = "#       SS5_GSS_PRINC      \t\t->   set GSS service principal";
    $f[] = "#       SS5_PROCESSLIFE    \t\t->   set number of requests process must servs before ";
    $f[] = "#                                    \t     closing";
    $f[] = "#       SS5_NETBIOS_DOMAIN \t\t->   enable netbios domain mapping with directory store, ";
    $f[] = "#                                    \t     during autorization process";
    $f[] = "#       SS5_SYSLOG_FACILITY\t\t->   set syslog facility";
    $f[] = "#       SS5_SYSLOG_LEVEL\t\t->   set syslog level";
    $f[] = "#";
    $f[] = "# ///////////////////////////////////////////////////////////////////////////////////";
    $f[] = "";
    $f[] = "#";
    $f[] = "# SECTION \t<AUTHENTICATION>";
    $f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
    $f[] = "#";
    $f[] = "#  TAG: auth";
    $f[] = "#";
    $f[] = "# \tauth source host, source port, authentication type";
    $f[] = "#";
    $f[] = "# \tSome examples:";
    $f[] = "#";
    $f[] = "# \tAuthentication from 10.253.8.0 network";
    $f[] = "#   \t\tauth 10.253.8.0/22 - u";
    $f[] = "#";
    $f[] = "# \tFake authentication from 10.253.0.0 network. In this case, ss5 request ";
    $f[] = "#\tauthentication but doesn't check for password. Use fake authentication ";
    $f[] = "#\tfor logging or profiling purpose.";
    $f[] = "#   \t\tauth 10.253.0.0/16 - n";
    $f[] = "#";
    $f[] = "# \tFake authentication: ss5 doesn't check for correct password but fetchs ";
    $f[] = "#\tusername for profiling.";
    $f[] = "#   \t\tauth 0.0.0.0/0 - n";
    $f[] = "#";
    $f[] = "#  TAG: external_auth_program";
    $f[] = "#";
    $f[] = "# \texternal_auth_program program name and path ";
    $f[] = "#";
    $f[] = "# \tSome examples:";
    $f[] = "#";
    $f[] = "# \tUse shell file to autheticate user via ldap query";
    $f[] = "#   \t\texternal_auth_program /usr/local/bin/ldap.sh";
    $f[] = "#";
    $f[] = "#  TAG: RADIUS authentication could be used setting SS5_RADIUS_AUTH option and ";
    $f[] = "#       configuring the following attributes:";
    $f[] = "#";
    $f[] = "#       radius_ip               (radius address)";
    $f[] = "#       radius_bck_ip           (radius secondary address)";
    $f[] = "#       radius_auth_port        (radius authentication port, DFAULT = 1812)";
    $f[] = "#       radius_acct_port        (radius authorization  port, DFAULT = 1813)";
    $f[] = "#       radius_secret           (secret password betw";
    $f[] = "#";
    $f[] = "#";
    $f[] = "#";
    $f[] = "# ///////////////////////////////////////////////////////////////////////////////////";
    $f[] = "#       SHost           SPort           Authentication";
    $f[] = "#";
    $f[] = "auth    0.0.0.0/0               -               -";
    $f[] = "";
    $f[] = "";
    $f[] = "#";
    $f[] = "# SECTION \t<BANDWIDTH>";
    $f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
    $f[] = "#";
    $f[] = "#  TAG: bandwidth";
    $f[] = "#";
    $f[] = "# \tbandwidth group, max number of connections, bandwidth, session timeout ";
    $f[] = "#";
    $f[] = "# \tSome examples:";
    $f[] = "#";
    $f[] = "# \tLimit connections to 2 for group Admin";
    $f[] = "#   \t\tbandwidth Admin 2 - -";
    $f[] = "#";
    $f[] = "# \tLimit bandwidth to 100k for group Users";
    $f[] = "#   \t\tbandwidth Users - 102400 -";
    $f[] = "#";
    $f[] = "#       note: if you enable bandwith profiling per user, SS5 use this value instead of";
    $f[] = "#             value specified into permit directive.";
    $f[] = "#";
    $f[] = "# ///////////////////////////////////////////////////////////////////////////////////";
    $f[] = "#                   Group          MaxCons     Bandwidth   Session timeout";
    $f[] = "#       bandwidth   grp1           5           -           -";
    $f[] = "";
    $f[] = "#";
    $f[] = "# SECTION\t<PROXIES>";
    $f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
    $f[] = "#";
    $f[] = "#  TAG: proxy/noproxy";
    $f[] = "#";
    $f[] = "#\tproxy/noproxy dst host/network, dst port, socks proxy address, port address, ver";
    $f[] = "#";
    $f[] = "#\tSome examples:";
    $f[] = "#";
    $f[] = "#\tProxy request for 172.0.0.0 network to socks server 10.253.9.240 on port 1081: ";
    $f[] = "#";
    $f[] = "#   \tif authentication is request, downstream socks server have to  check it; ";
    $f[] = "#   \tif resolution is request, downstream socks server does it before proxying ";
    $f[] = "#\tthe request toward the upstream socks server.";
    $f[] = "#   \t\tproxy 172.0.0.0/16 - 10.253.9.240 1081";
    $f[] = "#";
    $f[] = "#       SS5 makes direct connection to 10.253.0.0 network (in this case, port value is not ";
    $f[] = "#       verified) without using upstream proxy server";
    $f[] = "#   \t\tnoproxy 0.0.0.0/0 - 10.253.0.0/16 1080 -";
    $f[] = "#";
    $f[] = "# ///////////////////////////////////////////////////////////////////////////////////";
    $f[] = "#       \tDHost/Net\t\tDPort\tDProxyip\tDProxyPort SocksVer";
    $f[] = "#";
    $f[] = "#\tproxy\t0.0.0.0/0\t\t-\t1.1.1.1\t\t-\t   -";
    $f[] = "";
    $f[] = "#";
    $f[] = "# SECTION       <DUMP>";
    $f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
    $f[] = "#";
    $f[] = "#  TAG: dump";
    $f[] = "#";
    $f[] = "#       dump host/network, port, s/d (s=source d=destination), dump mode (r=rx, t=tx, b=rx+tx)";
    $f[] = "#";
    $f[] = "#       Some examples:";
    $f[] = "#";
    $f[] = "#       Dump traffic for 172.30.1.0 network on port 1521:";
    $f[] = "#";
    $f[] = "#       if authentication is request, downstream socks server have to  check it;";
    $f[] = "#       if resolution is request, downstream socks server does it before proxying";
    $f[] = "#       the request toward the upstream socks server.";
    $f[] = "#               dump 172.30.1.0/24 1521 d b";
    $f[] = "#";
    $f[] = "# ///////////////////////////////////////////////////////////////////////////////////";
    $f[] = "#              DHost/Net               DPort   Dir \tDump mode (r=rx,t=tx,b=rx+tx)";
    $f[] = "#";
    $f[] = "#       dump   0.0.0.0/0               -       d\tt";
    $f[] = "";
    $f[] = "#";
    $f[] = "# SECTION\t<ACCESS CONTROL>";
    $f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
    $f[] = "#";
    $f[] = "#  TAG: permit/deny";
    $f[] = "#\tpermit/deny src auth flag, host/network, src port, dst host/network, dst port, ";
    $f[] = "#\tfixup, group, bandwidth (from 256 bytes per second to 2147483647), expdate";
    $f[] = "#";
    $f[] = "#\tSome examples:";
    $f[] = "#";
    $f[] = "# \tFTP Control + Passive Mode";
    $f[] = "#\t\tpermit - 0.0.0.0/0 - 172.0.0.0/8 21 - - - -";
    $f[] = "#";
    $f[] = "#\tFTP DATA Active Mode";
    $f[] = "#\t\tpermit - 0.0.0.0/0 \t- 172.0.0.0/8 \t21 \t- - - -";
    $f[] = "#\t\tpermit - 172.0.0.0/8 \t- 0.0.0.0/0 \t- \t- - - -";
    $f[] = "#";
    $f[] = "#\tQuery DNS";
    $f[] = "#\t\tpermit - 0.0.0.0/0 - 172.30.0.1/32 53 - - - -";
    $f[] = "#";
    $f[] = "#\tHttp + fixup";
    $f[] = "#\t\tpermit - 0.0.0.0/0 - www.example.com 80 http - - -";
    $f[] = "#";
    $f[] = "#\tHttp + fixup + profile + bandwidth (bytes x second)";
    $f[] = "#\t\tpermit - 0.0.0.0/0 - www.example.com 80 http admin 10240 -";
    $f[] = "#";
    $f[] = "#\tSftp + profile + bandwidth (bytes x second)";
    $f[] = "#\t\tpermit - 0.0.0.0/0 - sftp.example.com 22 - developer 102400 -";
    $f[] = "#";
    $f[] = "#\tHttp + fixup ";
    $f[] = "#\t\tpermit - 0.0.0.0/0 - web.example.com 80 - - - -";
    $f[] = "#";
    $f[] = "#\tHttp + fixup + user autentication required with expiration date to 31/12/2006";
    $f[] = "#\t\tpermit u 0.0.0.0/0 - web.example.com 80 - - - 31-12-2006";
    $f[] = "#";
    $f[] = "#\tDeny all connection to web.example.com";
    $f[] = "#\t\tdeny - 0.0.0.0/0 - web.example.com - - - - -";
    $f[] = "#";
    $f[] = "#";
    $f[] = "# /////////////////////////////////////////////////////////////////////////////////////////////////";
    $f[] = "#      Auth\tSHost\t\tSPort\tDHost\t\tDPort\tFixup\tGroup\tBand\tExpDate";
    $f[] = "#";
    $q = new mysql_squid_builder();
    $sql = "SELECT * FROM ss5_fw  WHERE 1 enabled=1 ORDER BY zorder";
    $results = $q->QUERY_SQL($sql);
    if (mysql_num_rows($results) == 0) {
        $f[] = "permit -\t0.0.0.0/0\t-\t0.0.0.0/0\t-\t-\t-\t-\t-\t";
    }
    $allow_type[1] = "permit";
    $allow_type[0] = "deny";
    while ($ligne = mysql_fetch_assoc($results)) {
        if ($ligne["src_host"] == null) {
            $ligne["src_host"] = "0.0.0.0/0";
        }
        if ($ligne["dst_host"] == null) {
            $ligne["dst_host"] = "0.0.0.0/0";
        }
        if ($ligne["src_host"] == "0.0.0.0") {
            $ligne["src_host"] = "0.0.0.0/0";
        }
        if ($ligne["dst_host"] == "0.0.0.0") {
            $ligne["dst_host"] = "0.0.0.0/0";
        }
        if ($ligne["src_port"] == 0) {
            $ligne["src_port"] = "-";
        }
        if ($ligne["dst_port"] == 0) {
            $ligne["dst_port"] = "-";
        }
        if ($ligne["mode"] == 0) {
            $ligne["bandwitdh"] = 0;
        }
        if ($ligne["fixup"] == null) {
            $ligne["fixup"] = "-";
        }
        if ($ligne["bandwitdh"] == 0) {
            $ligne["bandwitdh"] = "-";
        }
        if ($ligne["expdate"] == null) {
            $ligne["expdate"] = "-";
        }
        if (!preg_match("#[0-9]+-[0-9]+-[0-9]+#", $ligne["expdate"])) {
            $ligne["expdate"] = "-";
        }
        $permit = $allow_type[$ligne["mode"]];
        $f[] = "{$permit}\t-\t{$ligne["src_host"]}\t{$ligne["src_port"]}\t{$ligne["dst_host"]}\t{$ligne["dst_port"]}\t{$ligne["fixup"]}\t{$ligne["bandwitdh"]}\t{$ligne["expdate"]}";
    }
    $f[] = "";
    $f[] = "";
    $f[] = "";
    $f[] = "#";
    $f[] = "# SECTION\t<PROFILING>";
    $f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
    $f[] = "# ";
    $f[] = "#\t1) File profiling:";
    $f[] = "#";
    $f[] = "#\tss5 look for a file name specified in permit line in the /etc/ss5 directory. ";
    $f[] = "#\tThis file must contain user members. File profiling is the default option.";
    $f[] = "#";
    $f[] = "#\t2) Ldap profiling:";
    $f[] = "#";
    $f[] = "#\tldap_profile_ip     \t(directory internet address) ";
    $f[] = "#\tldap_profile_port   \t(directory port) ";
    $f[] = "#\tldap_profile_base   \t(ss5 replaces % with \"group specified in permit line\"";
    $f[] = "#\t\t\t\tif SS5LDAP_BASE if specified, otherwise if ";
    $f[] = "#\t\t\t\tSS5LDAP_FILTER is specified,  it uses base and search";
    $f[] = "#\t\t\t\tfor group as attribute in user entry; see examples)";
    $f[] = "#\tldap_profile_filter \t(ss5 uses filter for search operation)";
    $f[] = "#\tldap_profile_dn     \t(directory manager or another user authorized to ";
    $f[] = "#\t\t\t\tquery the directory)";
    $f[] = "#\tldap_profile_pass   \t(\"dn\" password)";
    $f[] = "#\tldap_netbios_domain\t(If SS5_NETBIOS_DOMAIN option is set, ss5 map netbios ";
    $f[] = "#                                domain user in authentication request with his configured ";
    $f[] = "#                                directory sever. Otherwise no match is done and ";
    $f[] = "#                                directory are contacted in order of configuration)";
    $f[] = "#";
    $f[] = "#\t3) Mysql profiling:";
    $f[] = "#";
    $f[] = "#\tmysql_profile_ip     \t(mysql server internet address) ";
    $f[] = "#\tmysql_profile_db   \t(mysql db )";
    $f[] = "#\tmysql_profile_user \t(mysql username )";
    $f[] = "#\tmysql_profile_pass \t(mysql password )";
    $f[] = "#\tmysql_profile_sqlstring\t(sql base string for query. DEFAULT 'SELECT uname FROM grp WHERE gname like' )";
    $f[] = "#";
    $f[] = "#\tSome examples:";
    $f[] = "#";
    $f[] = "#\tDirectory configuration for ldap profiling with SS5_LDAP_BASE option:";
    $f[] = "#\tin this case, ss5 look for attribute uid=\"username\" with base ou=\"group\",";
    $f[] = "#\tdc=example,dc=com where group is specified in permit line as ";
    $f[] = "#\t\"permit - - - - - group - -";
    $f[] = "#";
    $f[] = "#\tNote: in this case, attribute value is not userd";
    $f[] = "#";
    $f[] = "#\t\tldap_profile_ip        10.10.10.1";
    $f[] = "#\t\tldap_profile_port      389";
    $f[] = "#\t\tldap_profile_base      ou=%,dc=example,dc=com";
    $f[] = "#\t\tldap_profile_filter    uid";
    $f[] = "#\t\tldap_profile_attribute gid";
    $f[] = "#\t\tldap_profile_dn        cn=root,dc=example,dc=com";
    $f[] = "#\t\tldap_profile_pass      secret";
    $f[] = "#\t\tldap_netbios_domain    dir ";
    $f[] = "#";
    $f[] = "#\tDirectory configuration for ldap profiling with SS5_LDAP_FILTER option:";
    $f[] = "#\tin this case, ss5 look for attributes uid=\"username\" & \"gid=group\" with ";
    $f[] = "#\tbase dc=example,dc=com where group is specified in permit line as ";
    $f[] = "#\t\"permit - - - - - group - -\"";
    $f[] = "#";
    $f[] = "#\tNote: you can also use a base like \"ou=%,dc=example,dc=com\", where % ";
    $f[] = "#\twill be replace with \"group\".";
    $f[] = "#";
    $f[] = "#\t\tldap_profile_ip        10.10.10.1";
    $f[] = "#\t\tldap_profile_port      389";
    $f[] = "#\t\tldap_profile_base      ou=Users,dc=example,dc=com";
    $f[] = "#\t\tldap_profile_filter    uid";
    $f[] = "#\t\tldap_profile_attribute gecos";
    $f[] = "#\t\tldap_profile_dn        cn=root,dc=example,dc=com";
    $f[] = "#\t\tldap_profile_pass      secret";
    $f[] = "#\t\tldap_domain_domain     dir ";
    $f[] = "#";
    $f[] = "#\tSample OpenLdap log:";
    $f[] = "#\tconn=304 op=0 BIND dn=\"cn=root,dc=example,dc=com\" mech=simple ssf=0";
    $f[] = "#\tconn=304 op=0 RESULT tag=97 err=0 text=";
    $f[] = "#\tconn=304 op=1 SRCH base=\"ou=Users,dc=example,dc=com\" scope=1 filter=\"(&(uid=usr1)(gecos=Users))\"";
    $f[] = "#\tconn=304 op=1 SRCH attr=gecos";
    $f[] = "#";
    $f[] = "# \twhere ldap entry is:";
    $f[] = "#\tdn: uid=usr1,ou=Users,dc=example,dc=com";
    $f[] = "#\tuid: usr1";
    $f[] = "#\tcn: usr1";
    $f[] = "#\tobjectClass: account";
    $f[] = "#\tobjectClass: posixAccount";
    $f[] = "#\tobjectClass: top";
    $f[] = "#\tuserPassword:: dXNyMQ==";
    $f[] = "#\tloginShell: /bin/bash";
    $f[] = "#\thomeDirectory: /home/usr1";
    $f[] = "#\tuidNumber: 1";
    $f[] = "#\tgidNumber: 1";
    $f[] = "#\tgecos: Users";
    $f[] = "";
    $f[] = "#";
    $f[] = "# SECTION\t<SERVER BALANCE>";
    $f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
    $f[] = "# ";
    $f[] = "#  TAG: virtual";
    $f[] = "#";
    $f[] = "#\tvirtual virtual identification (vid), real ip server";
    $f[] = "#";
    $f[] = "#\tSome examples:";
    $f[] = "#";
    $f[] = "#\tTwo vip balancing on three real server each one";
    $f[] = "#\t\tvirtual 1 172.30.1.1";
    $f[] = "#\t\tvirtual 1 172.30.1.2";
    $f[] = "#\t\tvirtual 1 172.30.1.3";
    $f[] = "#";
    $f[] = "#\t\tvirtual 2 172.30.1.6";
    $f[] = "#\t\tvirtual 2 172.30.1.7";
    $f[] = "#\t\tvirtual 2 172.30.1.8";
    $f[] = "#";
    $f[] = "# \tNote: Server balancing only works with -t option, (threaded mode) and ONLY ";
    $f[] = "#\twith \"connect\" operation.";
    $f[] = "#";
    $f[] = "# ///////////////////////////////////////////////////////////////////////////////////";
    $f[] = "#      \tVid\tReal ip";
    $f[] = "#";
    $f[] = "#vitual\t-\t-";
    $f[] = "";
    @file_put_contents("/etc/ss5.conf", @implode("\n", $f));
    @chown("/etc/ss5.conf", "squid");
    buildinit();
}
Exemplo n.º 2
0
function main()
{
    $sock = new sockets();
    $unix = new unix();
    $users = new usersMenus();
    if (!$users->HAMACHI_INSTALLED) {
        echo "Starting......: " . date("H:i:s") . " hamachi not installed\n";
        die;
    }
    if (!isset($GLOBALS["hamachi_bin"])) {
        $GLOBALS["hamachi_bin"] = $unix->find_program("hamachi");
    }
    if (!is_file($GLOBALS["hamachi_bin"])) {
        echo "Starting......: " . date("H:i:s") . " hamachi no such binary\n";
        die;
    }
    $EnableHamachi = $sock->GET_INFO("EnableHamachi");
    if (!is_numeric($EnableHamachi)) {
        $EnableHamachi = 1;
    }
    if ($EnableHamachi == 0) {
        echo "Starting......: " . date("H:i:s") . " hamachi disabled\n";
        HasGateway_iptables_delete_rules();
        hamachi_etc_hosts_remove();
        @unlink("/etc/cron.d/HamachiHosts");
        die;
    }
    AdditionalSettings();
    GetNets();
    shell_exec("/etc/init.d/artica-postfix start hamachi");
    $sql = "SELECT * FROM hamachi ORDER BY ID DESC";
    $q = new mysql();
    $results = $q->QUERY_SQL($sql, "artica_backup");
    AdditionalSettings();
    while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
        $array = unserialize(base64_decode($ligne["pattern"]));
        connect($array);
    }
    DO_SET_NICK();
    FixRoute();
    HasGateway();
    buildinit();
    SetSchedule();
}
Exemplo n.º 3
0
function buildconfig()
{
    $sock = new sockets();
    $unix = new unix();
    $SS5_SOCKS_IPADDR = "127.0.0.1";
    $q = new mysql_squid_builder();
    $EnableSS5 = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/EnableSS5"));
    $FireHolEnable = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/FireHolEnable"));
    if ($EnableSS5 == 0) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} service disabled (see EnableSS5)\n";
        }
        @unlink("/bin/redsocks-iptables.sh");
        return;
    }
    $SS5_SOCKS_PORT = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/SS5_SOCKS_PORT"));
    $SS5_SOCKS_INTERFACE = @file_get_contents("/etc/artica-postfix/settings/Daemons/SS5_SOCKS_INTERFACE");
    if ($SS5_SOCKS_INTERFACE != null) {
        $NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
        $SS5_SOCKS_IPADDR = $NETWORK_ALL_INTERFACES[$SS5_SOCKS_INTERFACE]["IPADDR"];
    }
    if ($SS5_SOCKS_IPADDR == null) {
        $SS5_SOCKS_IPADDR = "127.0.0.1";
    }
    $iptables = $unix->find_program("iptables");
    $f[] = "base {";
    $f[] = "\tlog_debug = off;";
    $f[] = "\tlog_info = on;";
    $f[] = "\tlog = \"syslog:daemon\";";
    $f[] = "\tdaemon = on;";
    $f[] = "\tredirector = iptables;";
    $f[] = "}";
    $f[] = "";
    $f[] = "redsocks {";
    $f[] = "\tlocal_ip = 0.0.0.0;";
    $f[] = "\tlocal_port = 31337;";
    $f[] = "\tlistenq = 128; ";
    $f[] = "\tip = {$SS5_SOCKS_IPADDR};";
    $f[] = "\tport = {$SS5_SOCKS_PORT};";
    $f[] = "\ttype = socks5;";
    $f[] = "}";
    $f[] = "";
    if ($FireHolEnable == 1) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} FireHolEnable = 1; run Firehol\n";
        }
        @unlink("/bin/redsocks-iptables.sh");
        @file_put_contents("/etc/redsocks.conf", @implode("\n", $f));
        system("/etc/init.d/firehol restart");
        return;
    }
    $MARKLOG = "-m comment --comment \"ArticaRedSocksTransparent\"";
    $sql = "SELECT * FROM ss5_transparent WHERE enabled=1";
    $results = $q->QUERY_SQL($sql);
    if (!$q->ok) {
        if ($GLOBALS["OUTPUT"]) {
            echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} {$q->mysql_error}\n";
        }
        return;
    }
    $sh = array();
    $CountForules = mysql_num_rows($results);
    if ($GLOBALS["OUTPUT"]) {
        echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} {$CountForules} rule(s)\n";
    }
    $SS5_SOCKS_IPADDR = "192.168.1.221";
    if ($CountForules > 0) {
        $sh[] = "#!/bin/sh -e";
        while ($ligne = mysql_fetch_assoc($results)) {
            $ID = $ligne["ID"];
            $ligne["src_host"] = trim($ligne["src_host"]);
            if ($ligne["src_host"] == "0.0.0.0") {
                $ligne["src_host"] = null;
            }
            if ($ligne["src_host"] == "0.0.0.0/0") {
                $ligne["src_host"] = null;
            }
            $ligne["dst_host"] = trim($ligne["dst_host"]);
            if ($ligne["dst_host"] == "0.0.0.0") {
                $ligne["dst_host"] = null;
            }
            if ($ligne["dst_host"] == "0.0.0.0/0") {
                $ligne["dst_host"] = null;
            }
            $INTERFACE_TEXT = null;
            $SRC_TEXT = null;
            $DST_TEXT = null;
            $eth = trim($ligne["eth"]);
            $DSTPORT = $ligne["dst_port"];
            if ($ligne["src_host"] != null) {
                $SRC_TEXT = "-s {$ligne["src_host"]} ";
            }
            if ($ligne["dst_host"] != null) {
                $DST_TEXT = "-d {$ligne["dst_host"]} ";
            }
            if ($eth != null) {
                $INTERFACE_TEXT = "--in-interface {$eth} ";
            }
            $JREDIRECT_TEXT = "-j REDIRECT --to-port 31337";
            $sh[] = "echo \"Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} out_trsocks.{$ID}\"";
            $sh[] = "{$iptables} -t nat -N out_trsocks.{$ID} || true";
            $sh[] = "{$iptables} -t nat -N PRESOCKS.{$ID} || true";
            $NETWORK_ALL_INTERFACES["lo"]["IPADDR"] = "127.0.0.1";
            reset($NETWORK_ALL_INTERFACES);
            while (list($interface, $AR) = each($NETWORK_ALL_INTERFACES)) {
                $IPADDR = trim($AR["IPADDR"]);
                if ($IPADDR == null) {
                    continue;
                }
                if ($IPADDR == "0.0.0.0") {
                    continue;
                }
                $sh[] = "{$iptables} -t nat -A PRESOCKS.{$ID} -s {$IPADDR} -j RETURN || true";
            }
            $sh[] = "{$iptables} -t nat -A PRESOCKS.{$ID} -p tcp -j REDIRECT --to-ports 31337 || true";
            $sh[] = "{$iptables} -t nat -A PREROUTING -p tcp --sport 1024:65535 {$SRC_TEXT}{$DST_TEXT} --dport {$DSTPORT} -j PRESOCKS.{$ID} || true";
            $sh[] = "{$iptables} -t nat -A OUTPUT -p tcp --sport 1024:65000 {$DST_TEXT} --dport {$DSTPORT} -m owner \\! --uid-owner squid -j out_trsocks.{$ID}|| true";
            $sh[] = "{$iptables} -t nat -A out_trsocks.{$ID} -p tcp \\! -d 127.0.0.1 -j REDIRECT --to-ports 31337 || true";
        }
        $sh[] = "";
    }
    /*
    $f[]="redudp {";
    $f[]="	local_ip = 127.0.0.1;";
    $f[]="	local_port = 31338;";
    $f[]="";
    $f[]="	// `ip' and `port' of socks5 proxy server.";
    $f[]="	ip = 127.0.0.1;";
    $f[]="	port = 1080;";
    $f[]="	login = username;";
    $f[]="	password = pazzw0rd;";
    $f[]="	dest_ip = 8.8.8.8;";
    $f[]="	dest_port = 53;";
    $f[]="	udp_timeout = 30;";
    $f[]="	udp_timeout_stream = 180;";
    $f[]="}";
    $f[]="";
    $f[]="dnstc {";
    $f[]="	local_ip = 127.0.0.1;";
    $f[]="	local_port = 5300;";
    $f[]="}";
    $f[]="";
    */
    @unlink("/bin/redsocks-iptables.sh");
    if (count($sh) > 0) {
        @file_put_contents("/etc/redsocks.conf", @implode("\n", $f));
        @file_put_contents("/bin/redsocks-iptables.sh", @implode("\n", $sh));
        @chmod("/bin/redsocks-iptables.sh", 0755);
    }
    buildinit();
}