function destinations_macro($macro, $destinations = array(), $eth, $port = 0, $destinationProto = 0) { $nic = new system_nic(); $interface = null; $portText = null; $trace = @debug_backtrace(); if (isset($trace[1])) { $called = "in " . basename($trace[1]["file"]) . " function {$trace[1]["function"]}() line {$trace[1]["line"]}"; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: Destination: " . count($destinations) . " items eth={$eth} port={$port} destinationProto={$destinationProto} - {$called}\n"; } if (is_numeric($eth)) { $eth = null; } if ($port > 0) { $portText = "--srcport {$port}"; if ($destinationProto == 1) { $portText = " --dport {$port}"; } } $pdest = "-s "; if ($eth != null) { if ($destinationProto == 0) { $interface = " -m physdev --physdev-in {$eth} "; } } if ($destinationProto == 1) { $pdest = "-d "; } include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc"; $nets = new products_ip_ranges(); if ($macro == "google") { $mains = $nets->google_ssl(); } if ($macro == "teamviewer") { $mains = $nets->teamviewer_networks(); } if ($macro == "dropbox") { $mains = $nets->dropbox_networks(); } if ($macro == "skype") { $mains = $nets->skype_networks(); } if ($macro == "office365") { $mains = $nets->office365_networks(); $mains = $nets->office365_domains($mains); } if ($destinationProto == 1) { $rangeText = "--dst-range"; } else { $rangeText = "--src-range"; } $ipClass = new IP(); while (list($b, $www) = each($mains)) { if ($ipClass->IsARange($www)) { $destinations["{$interface}-m iprange {$rangeText} '{$www}'{$portText}"] = true; continue; } if ($ipClass->IsACDIR($www)) { $destinations["{$interface}{$pdest}{$www}{$portText}"] = true; continue; } if (!$ipClass->isValid($www)) { $ipaddr = gethostbyname($www); } if (!$ipClass->isValid($ipaddr)) { continue; } $destinations["{$interface}{$pdest}{$ipaddr}{$portText}"] = true; } return $destinations; }
function GroupInArray($ID = 0, $IsArray = false) { if ($ID == 0) { return array(); } $q = new mysql_squid_builder(); $sql = "SELECT GroupType FROM webfilters_sqgroups WHERE ID={$ID}"; $ligne = mysql_fetch_array($q->QUERY_SQL($sql)); if (!$q->ok) { echo "[" . __LINE__ . "]: {$q->mysql_error}\n"; } $GroupType = $ligne["GroupType"]; if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: src_items:{$ID} -> {$GroupType} Get items.\n"; } if ($GroupType == "teamviewer") { include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc"; $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->teamviewer_networks(); if ($GLOBALS["VERBOSE"]) { echo "teamviewer_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["-m iprange --dst-range {$b}"] = true; continue; } $f["--dst {$b}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: teamviewer::{$ID} -> " . count($f) . " item(s).\n"; } return $f; } if ($GroupType == "office365") { include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc"; $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->office365_networks(); if ($GLOBALS["VERBOSE"]) { echo "office365 ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["-m iprange --dst-range {$b}"] = true; continue; } $f["--dst {$b}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: teamviewer::{$ID} -> " . count($f) . " item(s).\n"; } return $f; } if ($GroupType == "skype") { include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc"; $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->skype_networks(); if ($GLOBALS["VERBOSE"]) { echo "skype_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["-m iprange --dst-range {$b}"] = true; continue; } $f["--dst {$b}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: teamviewer::{$ID} -> " . count($f) . " item(s).\n"; } return $f; } if ($GroupType == "google") { include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc"; $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->google_networks(); if ($GLOBALS["VERBOSE"]) { echo "google_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["-m iprange --dst-range {$b}"] = true; continue; } $f["--dst {$b}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: teamviewer::{$ID} -> " . count($f) . " item(s).\n"; } return $f; } if ($GroupType == "google_ssl") { include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc"; $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->google_ssl(); if ($GLOBALS["VERBOSE"]) { echo "google_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["-m iprange --dst-range {$b}"] = true; continue; } $f["--dst {$b}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: teamviewer::{$ID} -> " . count($f) . " item(s).\n"; } return $f; } if ($GroupType == "dropbox") { include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc"; $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->dropbox_networks(); if ($GLOBALS["VERBOSE"]) { echo "google_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["-m iprange --dst-range {$b}"] = true; continue; } $f["--dst {$b}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: dropbox::{$ID} -> " . count($f) . " item(s).\n"; } return $f; } $IpClass = new IP(); $sql = "SELECT pattern FROM webfilters_sqitems WHERE gpid={$ID} AND enabled=1"; $f = array(); $results = $q->QUERY_SQL($sql); if (!$q->ok) { echo "[" . __LINE__ . "]: {$q->mysql_error}\n"; } while ($ligne = mysql_fetch_assoc($results)) { $pattern = trim($ligne["pattern"]); if ($pattern == null) { continue; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: src_items:{$ID} -> {$pattern} item.\n"; } if ($GroupType == "arp") { if (!$IpClass->IsvalidMAC($pattern)) { if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: src_items:{$ID} -> {$pattern} INVALID.\n"; } continue; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: src_items:{$ID} -> ADD -m mac --mac-source {$pattern}.\n"; } $f["-m mac --mac-source {$pattern}"] = true; continue; } if ($GroupType == "src") { if (preg_match("#[0-9\\.]+-[0-9\\.]+#", $pattern)) { $f["-m iprange --src-range {$pattern}"] = true; continue; } $f["--source {$pattern}"] = true; continue; } if ($GroupType == "dst") { if (preg_match("#[0-9\\.]+-[0-9\\.]+#", $pattern)) { $f["-m iprange --dst-range {$pattern}"] = true; continue; } $f["--dst {$pattern}"] = true; continue; } if ($GroupType == "port") { $f[$pattern] = true; } } if ($GroupType == "port") { $T = array(); if ($IsArray) { $T[] = 0; } while (list($a, $b) = each($f)) { $T[] = $a; } if ($IsArray) { return $T; } if (count($T) == 0) { return null; } if (count($T) == 1) { return "--destination-port " . @implode("", $T); } return "--destination-ports " . @implode(",", $T); } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: src_items:{$ID} -> " . count($f) . " item(s).\n"; } return $f; }
function trusted_ssl_sites() { $sock = new sockets(); $unix = new unix(); $iptables = $unix->find_program("iptables"); $ArticaHotSpotInterface = $sock->GET_INFO("ArticaHotSpotInterface"); if ($ArticaHotSpotInterface == null) { $ArticaHotSpotInterface = "eth0"; } $WifiGroup = "WiFiDog_{$ArticaHotSpotInterface}_WIFI2Internet"; $f = array(); include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc"; $q = new mysql_squid_builder(); $sql = "SELECT hotspot_sslwhitelists.objectid,\n\t\t\twebfilters_sqgroups.GroupName,\n\t\t\twebfilters_sqgroups.GroupType,\n\t\t\thotspot_sslwhitelists.enabled \n\t\t\tFROM webfilters_sqgroups,hotspot_sslwhitelists\n\t\t\tWHERE webfilters_sqgroups.ID=hotspot_sslwhitelists.objectid \n\t\t\tAND hotspot_sslwhitelists.enabled=1"; $results = $q->QUERY_SQL($sql); $Count = mysql_num_rows($results); if ($GLOBALS["OUTPUT"]) { echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Checking SSL whitelists {$Count} rule(s)\n"; } if ($Count == 0) { return; } $prefix_iptables = "{$iptables} -t nat -I {$WifiGroup} -i {$ArticaHotSpotInterface} -m mark --mark 0x2 -p tcp --dport 443"; $suffix_iptables = "-j RETURN"; while ($ligne = mysql_fetch_assoc($results)) { $GroupType = $ligne["GroupType"]; if ($GroupType == "teamviewer") { $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->teamviewer_networks(); if ($GLOBALS["VERBOSE"]) { echo "teamviewer_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["{$prefix_iptables} -m iprange --dst-range {$b} {$suffix_iptables}"] = true; continue; } $f["{$prefix_iptables} --dst {$b} {$suffix_iptables}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: teamviewer::{$ligne["objectid"]} -> " . count($f) . " item(s).\n"; } continue; } if ($GroupType == "google") { $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->google_networks(); if ($GLOBALS["VERBOSE"]) { echo "google_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["{$prefix_iptables} -m iprange --dst-range {$b} {$suffix_iptables}"] = true; continue; } $f["{$prefix_iptables} --dst {$b} {$suffix_iptables}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: google_networks::{$ligne["objectid"]} -> " . count($f) . " item(s).\n"; } continue; } if ($GroupType == "google_ssl") { include_once dirname(__FILE__) . "/ressources/class.products-ip-ranges.inc"; $products_ip_ranges = new products_ip_ranges(); $array = $products_ip_ranges->google_ssl(); if ($GLOBALS["VERBOSE"]) { echo "google_networks ->" . count($array) . " items [" . __LINE__ . "]\n"; } while (list($a, $b) = each($array)) { if (preg_match("#([0-9]+)-([0-9]+)#", $b)) { $f["{$prefix_iptables} -m iprange --dst-range {$b} {$suffix_iptables}"] = true; continue; } $f["{$prefix_iptables} --dst {$b} {$suffix_iptables}"] = true; } if ($GLOBALS["VERBOSE"]) { echo "[" . __LINE__ . "]: google_ssl::{$ligne["objectid"]} -> " . count($f) . " item(s).\n"; } return $f; } if ($GroupType == "dst") { $f = trusted_ssl_groups($ligne["objectid"], $f, $prefix_iptables, $suffix_iptables); } } if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}: Building " . count($f) . " Trusted SSL sites\n"; } if (count($f) > 0) { while (list($cmdline, $b) = each($f)) { system($cmdline); } } }