define('TOR_CHK_URL', 'http://localhost/curl-de-sac/test/tor_mock.ppp');
define('PROXY_CHK_URL', 'http://localhost/curl-de-sac/test/proxy_mock.ppp');
+/*
+ * Operational Brisk stuff
+ */
+function brisk_cds_reload($brisk)
+{
+ if ($brisk->cds != NULL) {
+ $brisk->cds->cmd_cls_deregister_all();
+ unset($brisk->cds);
+ $brisk->cds = NULL;
+ }
+ // create cds
+ $brisk->cds = new Curl_de_sac();
+
+ // create tor_chk_cls and proxy_chk_cls
+ $tor_chk_cls = new Tor_chk_cmd_cls();
+ $proxy_chk_cls = new Proxy_chk_cmd_cls();
+
+ // registrer tor_chk_cls and proxy_chk_cls
+ printf("MAIN: Register 'tor_chk_cls'\n");
+ if (($brisk->cds->cmd_cls_register($tor_chk_cls)) == FALSE) {
+ fprintf(STDERR, "MAIN: 'tor_chk_cls' registration failed\n");
+ return (FALSE);
+ }
+ printf("MAIN: Register 'proxy_chk_cls'\n");
+ if (($brisk->cds->cmd_cls_register($proxy_chk_cls)) == FALSE) {
+ fprintf(STDERR, "MAIN: 'proxy_chk_cls' registration failed\n");
+ return (FALSE);
+ }
+
+ return (TRUE);
+}
+
+function brisk_cds_execute($brisk, $ghost, $real_idx, $sess, $ip, $authenticate, $header)
+{
+ if ($brisk->cds->execute("tor_chk", $brisk, $real_idx, $sess, $ip, $authenticate != FALSE, $header) == FALSE) {
+ log_main("cds_execute failed");
+ }
+ if ($brisk->cds->execute("proxy_chk", $brisk, $real_idx, $sess, $ip, $authenticate != FALSE, $header) == FALSE) {
+ log_main("cds_execute failed");
+ }
+}
+
+/*
+ * CDS commands stuff
+ */
class Tor_chk_cmd extends CDS_cmd {
var $ctx;
var $user_idx;
if (parent::create($cds, $ch) == FALSE)
break;
+ $ctx->user[$user_idx]->pend_async++;
$cmd = new Tor_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth);
return $cmd;
;
}
- $cmd->ctx->tor_chk_postprocess($cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_tor);
+ tor_chk_postprocess($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_tor);
return TRUE;
}
function timeout($cmd)
{
- printf("'tor_chk' timeout function reached\n");
+ tor_chk_timeout_cb($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth);
+ }
+}
+
+class Proxy_chk_cmd extends CDS_cmd {
+ var $ctx;
+ var $user_idx;
+ var $user_sess;
+ var $conn_ip;
+ var $is_auth;
+
+ function Proxy_chk_cmd($cmd_cls, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth)
+ {
+ parent::__construct($cmd_cls, $ch);
+ $this->ctx = $ctx;
+ $this->user_idx = $user_idx;
+ $this->user_sess = $user_sess;
+ $this->conn_ip = $conn_ip;
+ $this->is_auth = $is_auth;
}
}
parent::__construct("proxy_chk", 10);
$this->scan_headers = array(
- 'HTTP_VIA',
- 'HTTP_X_FORWARDED_FOR',
- 'HTTP_FORWARDED_FOR',
- 'HTTP_X_FORWARDED',
- 'HTTP_FORWARDED',
- 'HTTP_CLIENT_IP',
- 'HTTP_FORWARDED_FOR_IP',
- 'VIA',
- 'X_FORWARDED_FOR',
- 'FORWARDED_FOR',
- 'X_FORWARDED',
- 'FORWARDED',
- 'CLIENT_IP',
- 'FORWARDED_FOR_IP',
- 'HTTP_PROXY_CONNECTION'
+ 'Http-Via',
+ 'Http-X-Forwarded-For',
+ 'Http-Forwarded-For',
+ 'Http-X-Forwarded',
+ 'Http-Forwarded',
+ 'Http-Client-Ip',
+ 'Http-Forwarded-For-Ip',
+ 'Via',
+ 'X-Forwarded-For',
+ 'Forwarded-For',
+ 'X-Forwarded',
+ 'Forwarded',
+ 'Client-Ip',
+ 'Forwarded-For-Ip',
+ 'Http-Proxy-Connection'
);
}
foreach($this->scan_headers as $key){
//proxy detected? lets log...
- if($headers[$key]) {
+ if(array_key_exists($key, $headers)) {
// we already are behind a PROXY, this are our headers
if ($key == 'X-Proxy-ID') {
if ($headers[$key] == '860705422')
continue;
}
- $ctx->proxy_chk_postprocess($user_idx, $user_sess, $conn_ip, $is_auth, TRUE);
+ proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, TRUE);
return TRUE;
}
}
break;
$cmd = new Proxy_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth);
+ $ctx->user[$user_idx]->pend_async++;
return $cmd;
} while (FALSE);
;
}
- $cmd->ctx->proxy_chk_postprocess($cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_proxy);
+ proxy_chk_postprocess($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_proxy);
return TRUE;
}
function timeout($cmd)
{
- printf("'proxy_chk' timeout function reached\n");
+ proxy_chk_timeout_cb($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth);
+ }
+}
+
+function tor_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_tor)
+{
+ log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_tor: %s",
+ $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_tor ? "YES" : "NO")));
+ if ($is_tor) {
+ $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON
}
+ $brisk->user[$user_idx]->pend_async--;
+}
+
+function tor_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth)
+{
+ log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s",
+ $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO")));
+ $brisk->user[$user_idx]->pend_async--;
+}
+
+function proxy_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_proxy)
+{
+ log_cds(sprintf("proxy: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_proxy: %s",
+ $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_proxy ? "YES" : "NO")));
+ if (FALSE && $is_proxy) {
+ $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON
+ }
+ $brisk->user[$user_idx]->pend_async--;
+}
+
+function proxy_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth)
+{
+ log_cds(sprintf("proxy timeout: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s",
+ $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO")));
+ $brisk->user[$user_idx]->pend_async--;
}
?>