$GLOBALS["DEBUG"] = true;
Debuglogs("{$HTTP_X_REAL_IP}: Auth: \"{$_SERVER['PHP_AUTH_USER']}\", uri:{$_GET['uri']}, rule:{$_GET["ruleid"]}", __FUNCTION__, __LINE__);
session_start();
if ($GLOBALS["DEBUG"]) {
echo "<li>Includes...</li>";
}
include_once dirname(__FILE__) . "/ressources/class.templates.inc";
include_once dirname(__FILE__) . "/ressources/class.mysql.squid.builder.php";
$GLOBALS["ruleid"] = $_GET["ruleid"];
$SERVER_NAME = $_SERVER["SERVER_NAME"];
$HTTP_HOST = $_SERVER["HTTP_HOST"];
$HTTP_X_FORWARDED_FOR = $_SERVER["HTTP_X_FORWARDED_FOR"];
$HTTP_X_REAL_IP = $_SERVER["HTTP_X_REAL_IP"];
Debuglogs("{$HTTP_X_REAL_IP}: Auth: \"{$_SERVER['PHP_AUTH_USER']}\", uri:{$_GET['uri']}, rule:{$_GET["ruleid"]}", __FUNCTION__, __LINE__);
$banner = base64_decode($_GET["banner"]);
Debuglogs("{$HTTP_X_REAL_IP}: -> INIT", __FUNCTION__, __LINE__);
$GLOBALS["Q"] = new mysql_squid_builder();
$content = "<table class=\"w100 h100\">\n<tr>\n<td class=\"c m\">\n<table style=\"margin:0 auto;border:solid 1px #560000\">\n<tr>\n<td class=\"l\" style=\"padding:1px\">\n<div style=\"width:346px;background:#E33630\">\n<div style=\"padding:3px\">\n<div style=\"background:#BF0A0A;padding:8px;border:solid 1px #FFF;color:#FFF\">\n<div style=\"background:#BF0A0A;padding:8px;border:solid 1px #FFF;color:#FFF\">\n<h1>ERROR: {$array["TITLE"]}</h1>\n</div>\n<div class=\"c\" style=\"font:bold 13px arial;text-transform:uppercase;color:#FFF;padding:8px 0\">Proxy Error</div>\n<div style=\"background:#F7F7F7;padding:20px 28px 36px\">\n<div id=\"titles\">\n<h1>ERROR</h1> <h2>{$array["ERROR"]}</h2>\n</div> <hr>\n<div id=\"content\"> <p>{$array["EXPLAIN"]}</p>\n<blockquote id=\"error\"> <p><b>{$array["REASON"]}</b></p> </blockquote>\n<p>Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.</p> <p>Your cache administrator is <a href=\"mailto:%w%W\">%w</a>.</p> <br> </div> <hr> <div id=\"footer\"> <p>Generated %T by %h (%s)</p> <!-- %c --> </div> </div></div>\n</div>\n</td>\n</tr>\n</table>\n</td>\n</tr>\n</table>";
$header = @file_get_contents(dirname(__FILE__) . "/databases/squid.default.header.db");
$newheader = str_replace("{TITLE}", $array["TITLE"], $header);
$templateDatas = "{$newheader}{$content}</body></html>";
echo $templateDatas;
function ErrorLogs($text = null, $function = null, $line = null)
{
if ($text == null) {
return;
}
$linetext = null;
if (function_exists("debug_backtrace")) {
$trace = @debug_backtrace();
}
public function check_nginx_attacks_RT($timekey = null)
{
if ($timekey == null) {
$timekey = date('YmdH');
}
$table = "ngixattck_{$timekey}";
$sql = "CREATE TABLE IF NOT EXISTS `squidlogs`.`{$table}` (\n\t\t`zDate` DATETIME NOT NULL,\n\t\t`ipaddr` VARCHAR(40),\n\t\t`familysite` VARCHAR(128),\n\t\t`hostname` VARCHAR(255),\n\t\t`country` VARCHAR(40) NOT NULL,\n\t\t`servername` VARCHAR(255) NOT NULL,\n\t\t`keyr` VARCHAR(90) PRIMARY KEY,\n\t\tKEY `zDate`(`zDate`),\n\t\tKEY `familysite`(`familysite`),\n\t\tKEY `hostname`(`hostname`),\n\t\tKEY `country`(`country`),\n\t\tKEY `servername`(`servername`)\n\t\t) ENGINE=MEMORY;";
$this->QUERY_SQL($sql, $this->database);
if (!$this->ok) {
if (function_exists("Debuglogs")) {
Debuglogs($this->mysql_error);
}
return false;
}
return true;
}
function xcas_auth($groupid, $ruleid)
{
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} Testing source groups...", __FUNCTION__, __LINE__);
if (!isMustAuth($ruleid)) {
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} From groups not match rule.", __FUNCTION__, __LINE__);
return;
}
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} From groups match rule.", __FUNCTION__, __LINE__);
if (isset($_SESSION["AUTH_GROUP_DATA"][$groupid])) {
if ($_SESSION["AUTH_GROUP_DATA"][$groupid]["params"] == null) {
unset($_SESSION["AUTH_GROUP_DATA"][$groupid]);
}
}
if (!isset($_SESSION["AUTH_GROUP_DATA"][$groupid])) {
if (!isset($GLOBALS["Q"])) {
$GLOBALS["Q"] = new mysql_squid_builder();
}
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} Run MySQL query", __FUNCTION__, __LINE__);
$ligne = mysql_fetch_array($GLOBALS["Q"]->QUERY_SQL("SELECT groupname,group_type,params FROM authenticator_auth WHERE ID='{$groupid}'"));
if (!$GLOBALS["Q"]->ok) {
Debuglogs("Rule:{$_GET["ruleid"]} Groupid:{$groupid} {$GLOBALS["Q"]->mysql_error}", __FUNCTION__, __LINE__);
}
$_SESSION["AUTH_GROUP_DATA"][$groupid]["groupname"] = $ligne["groupname"];
$_SESSION["AUTH_GROUP_DATA"][$groupid]["group_type"] = $ligne["group_type"];
$_SESSION["AUTH_GROUP_DATA"][$groupid]["params"] = unserialize(base64_decode($ligne["params"]));
}
$groupname = $_SESSION["AUTH_GROUP_DATA"][$groupid]["groupname"];
$group_type = $_SESSION["AUTH_GROUP_DATA"][$groupid]["group_type"];
$params = $_SESSION["AUTH_GROUP_DATA"][$groupid]["params"];
include_once dirname(__FILE__) . "/ressources/externals/jasigcas/CAS.php";
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} type:{$group_type}", __FUNCTION__, __LINE__);
if (!preg_match("#\\?ticket=(.+)#", $_GET["uri"], $re)) {
Debuglogs("Not ticket found in `{$_GET["uri"]}`", __FUNCTION__, __LINE__);
return false;
}
//$_SESSION["USER"]=$user;
//$_SESSION["CASTIME"]=time();
if (preg_match("#\\?ticket=(.+)#", $_GET["uri"], $re)) {
$ticket = $re[1];
Debuglogs("{$_GET["uri"]} -> {$ticket}", __FUNCTION__, __LINE__);
$uriToSend = "https://auth.u-cergy.fr/serviceValidate?ticket={$ticket}&service=http://{$_GET["servername"]}";
Debuglogs("{$uriToSend}", __FUNCTION__, __LINE__);
@unlink("/tmp/toto.txt");
exec("wget \"{$uriToSend}\" -O /tmp/toto.txt");
$tr = explode("\n", @file_get_contents("/tmp/toto.txt"));
while (list($index, $alias) = each($tr)) {
Debuglogs("{$alias}", __FUNCTION__, __LINE__);
}
} else {
Debuglogs("{$_GET["uri"]} no pregmatch", __FUNCTION__, __LINE__);
}
if ($GLOBALS["DEBUG"]) {
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} set to debug", __FUNCTION__, __LINE__);
phpCAS::setDebug("/var/log/apache2/cas.debug.log");
}
phpCAS::setDebug("/var/log/apache2/cas.debug.log");
Debuglogs("for debug purpose cmdline should be \"" . __FILE__ . " --cas {$groupid} {$ruleid}\"", __FUNCTION__, __LINE__);
$cas_host = $params["CAS_HOST"];
$cas_port = intval($params["CAS_PORT"]);
$cas_context = $params["CAS_CONTEXT"];
$certificate = $params["CAS_CERT"];
Debuglogs("Using certificate: {$certificate} ", __FUNCTION__, __LINE__);
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} Initialize phpCAS host:{$cas_host} Port:\"{$cas_port}\" context={$cas_context}", __FUNCTION__, __LINE__);
phpCAS::client(CAS_VERSION_2_0, $cas_host, intval($cas_port), $cas_context);
//phpCAS::proxy(CAS_VERSION_2_0, $cas_host, intval($cas_port), $cas_context);
// For quick testing you can disable SSL validation of the CAS server.
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
if (is_file($certificate)) {
//Debuglogs("Using certificate: $certificate ",__FUNCTION__,__LINE__);
//phpCAS::setCasServerCACert($certificate);
} else {
Debuglogs(" {$certificate} no such file", __FUNCTION__, __LINE__);
}
unset($_SESSION["AUTH_GROUP_DATA"]);
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} Initialize phpCAS setNoCasServerValidation()", __FUNCTION__, __LINE__);
phpCAS::setNoCasServerValidation();
phpCAS::setFixedServiceURL("http://biblioweb.u-cergy.org");
//https://auth.u-cergy.fr/is/cas/serviceValidate?ticket=ST-956-Lyg0BdLkgdrBO9W17bXS&service=http://localhost/bling
//phpCAS::forceAuthentication();
if (!phpCAS::checkAuthentication()) {
Debuglogs("Rule:{$ruleid} Groupid:{$groupid} checking group:{$groupname} Initialize phpCAS, not authenticated", __FUNCTION__, __LINE__);
return false;
}
// force CAS authentication
//phpCAS::forceAuthentication();
return true;
}
