X-Git-Url: https://mop.ddnsfree.com/gitweb/?a=blobdiff_plain;f=web%2FObj%2Fcurl-de-brisk.phh;h=47244fb2aa564a4c47ab6d80338a45880ae053fa;hb=7f81ae823b3a5d1a0a50ec2eebe31c752871c800;hp=ec1d3b1a54b811ea6425e4dd6518805b893f56ba;hpb=4df66961d9b755076157ad1d147e118bb504f745;p=curl-de-sac.git diff --git a/web/Obj/curl-de-brisk.phh b/web/Obj/curl-de-brisk.phh index ec1d3b1..47244fb 100755 --- a/web/Obj/curl-de-brisk.phh +++ b/web/Obj/curl-de-brisk.phh @@ -1,32 +1,80 @@ cds != NULL) { + $brisk->cds->cmd_cls_deregister_all(); + unset($brisk->cds); + $brisk->cds = NULL; + } + // create cds + $brisk->cds = new Curl_de_sac(); + + // create tor_chk_cls and proxy_chk_cls + $tor_chk_cls = new Tor_chk_cmd_cls(); + $proxy_chk_cls = new Proxy_chk_cmd_cls(); + + // registrer tor_chk_cls and proxy_chk_cls + printf("MAIN: Register 'tor_chk_cls'\n"); + if (($brisk->cds->cmd_cls_register($tor_chk_cls)) == FALSE) { + fprintf(STDERR, "MAIN: 'tor_chk_cls' registration failed\n"); + return (FALSE); + } + printf("MAIN: Register 'proxy_chk_cls'\n"); + if (($brisk->cds->cmd_cls_register($proxy_chk_cls)) == FALSE) { + fprintf(STDERR, "MAIN: 'proxy_chk_cls' registration failed\n"); + return (FALSE); + } + + return (TRUE); +} + +function brisk_cds_execute($brisk, $ghost, $real_idx, $sess, $ip, $authenticate, $header) +{ + if ($brisk->cds->execute("tor_chk", $brisk, $real_idx, $sess, $ip, $authenticate != FALSE, $header) == FALSE) { + log_main("cds_execute failed"); + } + if ($brisk->cds->execute("proxy_chk", $brisk, $real_idx, $sess, $ip, $authenticate != FALSE, $header) == FALSE) { + log_main("cds_execute failed"); + } +} + +/* + * CDS commands stuff + */ +class Tor_chk_cmd extends CDS_cmd { var $ctx; var $user_idx; var $user_sess; var $conn_ip; + var $is_auth; - function tor_chk_cmd($cmd_cls, $ch, $ctx, $user_idx, $user_sess, $conn_ip) + function Tor_chk_cmd($cmd_cls, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth) { parent::__construct($cmd_cls, $ch); $this->ctx = $ctx; $this->user_idx = $user_idx; $this->user_sess = $user_sess; $this->conn_ip = $conn_ip; + $this->is_auth = $is_auth; } } -class tor_chk_cmd_cls extends CDS_cmd_cls { - function tor_chk_cmd_cls() +class Tor_chk_cmd_cls extends CDS_cmd_cls { + function Tor_chk_cmd_cls() { parent::__construct("tor_chk", 10); } - function create($cds, $ctx, $user_idx, $user_sess, $conn_ip) + function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth) { if ($cds->dbg_get() > 0) { printf("'tor_chk'::create url:[%s]\n", 'TOR_CHK_URL'); @@ -46,17 +94,18 @@ class tor_chk_cmd_cls extends CDS_cmd_cls { if (parent::create($cds, $ch) == FALSE) break; - $cmd = new tor_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip); + $ctx->user[$user_idx]->pend_async++; + $cmd = new Tor_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth); return $cmd; } while (FALSE); - + return FALSE; } function process($cmd, $ret) { - if ($this->dbg_get() > 2) { + if ($this->dbg_get() > 2) { printf("CURL: 'tor_chk' process: curl_multi_getcontent\n"); print_r($ret); } @@ -68,7 +117,7 @@ class tor_chk_cmd_cls extends CDS_cmd_cls { if (mb_strpos($content, "The IP Address you entered matches one or more active Tor servers", 0, "UTF-8") !== FALSE) { - printf("WARNING: stripos ok\n"); + // printf("WARNING: stripos ok\n"); $is_tor = TRUE; } else if (mb_strpos($content, @@ -77,18 +126,167 @@ class tor_chk_cmd_cls extends CDS_cmd_cls { printf("WARNING: tor check disabled\n"); } else { - printf("WARNING: NOT an active ...\n"); + // printf("WARNING: NOT an active Tor server on IP [%s]\n", $cmd->conn_ip); + ; } - $cmd->ctx->cds_postprocess($cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $is_tor); + tor_chk_postprocess($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_tor); return TRUE; } function timeout($cmd) { - printf("'tor_chk' timeout function reached\n"); + tor_chk_timeout_cb($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth); + } +} + +class Proxy_chk_cmd extends CDS_cmd { + var $ctx; + var $user_idx; + var $user_sess; + var $conn_ip; + var $is_auth; + + function Proxy_chk_cmd($cmd_cls, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth) + { + parent::__construct($cmd_cls, $ch); + $this->ctx = $ctx; + $this->user_idx = $user_idx; + $this->user_sess = $user_sess; + $this->conn_ip = $conn_ip; + $this->is_auth = $is_auth; } } -?> \ No newline at end of file +class Proxy_chk_cmd_cls extends CDS_cmd_cls { + function Proxy_chk_cmd_cls() + { + parent::__construct("proxy_chk", 10); + + $this->scan_headers = array( + 'Http-Via', + 'Http-X-Forwarded-For', + 'Http-Forwarded-For', + 'Http-X-Forwarded', + 'Http-Forwarded', + 'Http-Client-Ip', + 'Http-Forwarded-For-Ip', + 'Via', + 'X-Forwarded-For', + 'Forwarded-For', + 'X-Forwarded', + 'Forwarded', + 'Client-Ip', + 'Forwarded-For-Ip', + 'Http-Proxy-Connection' + ); + } + + function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth, $headers) + { + if ($cds->dbg_get() > 0) { + fprintf(STDERR, "'proxy_chk'::create url:[%s]\n", 'PROXY_CHK_URL'); + } + + foreach($this->scan_headers as $key){ + //proxy detected? lets log... + if(array_key_exists($key, $headers)) { + // we already are behind a PROXY, this are our headers + proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, TRUE); + return TRUE; + } + } + + do { + $opts = array( CURLOPT_HEADER => 0, + CURLOPT_RETURNTRANSFER => 1, + CURLOPT_FORBID_REUSE => true, + CURLOPT_HTTPHEADER => array('Connection: close'), + CURLOPT_POST => true, + CURLOPT_POSTFIELDS => array('conn_ip' => $conn_ip)); + + if (($ch = parent::pre_create($cds, PROXY_CHK_URL, $opts)) == FALSE) + break; + + if (parent::create($cds, $ch) == FALSE) + break; + + $cmd = new Proxy_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth); + $ctx->user[$user_idx]->pend_async++; + + return $cmd; + } while (FALSE); + + return FALSE; + } + + function process($cmd, $ret) + { + if ($this->dbg_get() > 2) { + printf("CURL: 'proxy_chk' process: curl_multi_getcontent\n"); + print_r($ret); + } + + $content = curl_multi_getcontent($cmd->ch_get()); + if ($this->dbg_get() > 0) { printf("'proxy_chk' process: [%s]\n", $content); } + + $is_proxy = FALSE; + if (mb_strpos($content, "is_proxy=true", 0, "UTF-8") !== FALSE) { + // printf("WARNING: stripos ok\n"); + $is_proxy = TRUE; + } + else if (mb_strpos($content, "is_proxy=false", 0, "UTF-8") === FALSE) { + printf("WARNING: proxy check disabled\n"); + } + else { + // printf("WARNING: NOT an active Proxy server on IP [%s]\n", $cmd->conn_ip); + ; + } + + proxy_chk_postprocess($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_proxy); + + return TRUE; + } + + function timeout($cmd) + { + proxy_chk_timeout_cb($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth); + } +} + +function tor_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_tor) +{ + log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_tor: %s", + $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_tor ? "YES" : "NO"))); + if ($is_tor) { + $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON + } + $brisk->user[$user_idx]->pend_async--; +} + +function tor_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth) +{ + log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s", + $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"))); + $brisk->user[$user_idx]->pend_async--; +} + +function proxy_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_proxy) +{ + log_cds(sprintf("proxy: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_proxy: %s", + $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_proxy ? "YES" : "NO"))); + if (!$brisk->user[$user_idx]->is_auth() && $is_proxy) { + $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON + } + $brisk->user[$user_idx]->pend_async--; +} + +function proxy_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth) +{ + log_cds(sprintf("proxy timeout: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s", + $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"))); + $brisk->user[$user_idx]->pend_async--; +} + +?>