remove ad hoc Mikrotik exception

[curl-de-sac.git] / web / Obj / curl-de-brisk.phh
diff --git a/web/Obj/curl-de-brisk.phh b/web/Obj/curl-de-brisk.phh

index 8dd8889..c92b0a0 100755 (executable)
--- a/web/Obj/curl-de-brisk.phh
+++ b/web/Obj/curl-de-brisk.phh
@@ -5,6 +5,51 @@ require_once($G_base . 'Obj/curl-de-sac.phh');
  define('TOR_CHK_URL', 'http://localhost/curl-de-sac/test/tor_mock.ppp');
  define('PROXY_CHK_URL', 'http://localhost/curl-de-sac/test/proxy_mock.ppp');
  
+/*
+ *  Operational Brisk stuff
+ */
+function brisk_cds_reload($brisk)
+{
+    if ($brisk->cds != NULL) {
+        $brisk->cds->cmd_cls_deregister_all();
+        unset($brisk->cds);
+        $brisk->cds = NULL;
+    }
+    // create cds
+    $brisk->cds = new Curl_de_sac();
+
+    // create tor_chk_cls and proxy_chk_cls
+    $tor_chk_cls = new Tor_chk_cmd_cls();
+    $proxy_chk_cls = new Proxy_chk_cmd_cls();
+
+    // registrer tor_chk_cls and proxy_chk_cls
+    printf("MAIN: Register 'tor_chk_cls'\n");
+    if (($brisk->cds->cmd_cls_register($tor_chk_cls)) == FALSE) {
+        fprintf(STDERR, "MAIN: 'tor_chk_cls' registration failed\n");
+        return (FALSE);
+    }
+    printf("MAIN: Register 'proxy_chk_cls'\n");
+    if (($brisk->cds->cmd_cls_register($proxy_chk_cls)) == FALSE) {
+        fprintf(STDERR, "MAIN: 'proxy_chk_cls' registration failed\n");
+        return (FALSE);
+    }
+
+    return (TRUE);
+}
+
+function brisk_cds_execute($brisk, $ghost, $real_idx, $sess, $ip, $authenticate, $header)
+{
+    if ($brisk->cds->execute("tor_chk", $brisk, $real_idx, $sess, $ip, $authenticate != FALSE, $header) == FALSE) {
+        log_main("cds_execute failed");
+    }
+    if ($brisk->cds->execute("proxy_chk", $brisk, $real_idx, $sess, $ip, $authenticate != FALSE, $header) == FALSE) {
+        log_main("cds_execute failed");
+    }
+}
+
+/*
+ * CDS commands stuff
+ */
  class Tor_chk_cmd extends CDS_cmd {
      var $ctx;
      var $user_idx;
@@ -49,6 +94,7 @@ class Tor_chk_cmd_cls extends CDS_cmd_cls {
              if (parent::create($cds, $ch) == FALSE)
                  break;
  
+            $ctx->user[$user_idx]->pend_async++;
              $cmd = new Tor_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth);
  
              return $cmd;
@@ -84,14 +130,32 @@ class Tor_chk_cmd_cls extends CDS_cmd_cls {
              ;
          }
  
-        $cmd->ctx->tor_chk_postprocess($cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_tor);
+        tor_chk_postprocess($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_tor);
  
          return TRUE;
      }
  
      function timeout($cmd)
      {
-        printf("'tor_chk' timeout function reached\n");
+        tor_chk_timeout_cb($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth);
+    }
+}
+
+class Proxy_chk_cmd extends CDS_cmd {
+    var $ctx;
+    var $user_idx;
+    var $user_sess;
+    var $conn_ip;
+    var $is_auth;
+
+    function Proxy_chk_cmd($cmd_cls, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth)
+    {
+        parent::__construct($cmd_cls, $ch);
+        $this->ctx       = $ctx;
+        $this->user_idx  = $user_idx;
+        $this->user_sess = $user_sess;
+        $this->conn_ip   = $conn_ip;
+        $this->is_auth   = $is_auth;
      }
  }
  
@@ -101,48 +165,35 @@ class Proxy_chk_cmd_cls extends CDS_cmd_cls {
          parent::__construct("proxy_chk", 10);
  
          $this->scan_headers = array(
-                                    'HTTP_VIA',
-                                    'HTTP_X_FORWARDED_FOR',
-                                    'HTTP_FORWARDED_FOR',
-                                    'HTTP_X_FORWARDED',
-                                    'HTTP_FORWARDED',
-                                    'HTTP_CLIENT_IP',
-                                    'HTTP_FORWARDED_FOR_IP',
-                                    'VIA',
-                                    'X_FORWARDED_FOR',
-                                    'FORWARDED_FOR',
-                                    'X_FORWARDED',
-                                    'FORWARDED',
-                                    'CLIENT_IP',
-                                    'FORWARDED_FOR_IP',
-                                    'HTTP_PROXY_CONNECTION'
+                                    'Http-Via',
+                                    'Http-X-Forwarded-For',
+                                    'Http-Forwarded-For',
+                                    'Http-X-Forwarded',
+                                    'Http-Forwarded',
+                                    'Http-Client-Ip',
+                                    'Http-Forwarded-For-Ip',
+                                    'Via',
+                                    'X-Forwarded-For',
+                                    'Forwarded-For',
+                                    'X-Forwarded',
+                                    'Forwarded',
+                                    'Client-Ip',
+                                    'Forwarded-For-Ip',
+                                    'Http-Proxy-Connection'
                                      );
      }
  
      function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth, $headers)
      {
          if ($cds->dbg_get() > 0) {
-            printf("'proxy_chk'::create url:[%s]\n", 'PROXY_CHK_URL');
+            fprintf(STDERR, "'proxy_chk'::create url:[%s]\n", 'PROXY_CHK_URL');
          }
  
          foreach($this->scan_headers as $key){
              //proxy detected? lets log...
-            if($headers[$key]) {
+            if(array_key_exists($key, $headers)) {
                  // we already are behind a PROXY, this are our headers
-                if ($key == 'X-Proxy-ID') {
-                    if ($headers[$key] == '860705422')
-                        continue;
-                }
-                else if ($key == 'X-Forwarded-For') {
-                    if ($headers[$key] == '172.16.9.66')
-                        continue;
-                }
-                else if ($key == 'Via') {
-                    if ($headers[$key] == '1.1 172.16.8.1 (Mikrotik HttpProxy)')
-                        continue;
-                }
-
-                $ctx->proxy_chk_postprocess($user_idx, $user_sess, $conn_ip, $is_auth, TRUE);
+                proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, TRUE);
                  return TRUE;
              }
          }
@@ -162,6 +213,7 @@ class Proxy_chk_cmd_cls extends CDS_cmd_cls {
                  break;
  
              $cmd = new Proxy_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth);
+            $ctx->user[$user_idx]->pend_async++;
  
              return $cmd;
          } while (FALSE);
@@ -192,15 +244,49 @@ class Proxy_chk_cmd_cls extends CDS_cmd_cls {
              ;
          }
  
-        $cmd->ctx->proxy_chk_postprocess($cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_proxy);
+        proxy_chk_postprocess($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_proxy);
  
          return TRUE;
      }
  
      function timeout($cmd)
      {
-        printf("'proxy_chk' timeout function reached\n");
+        proxy_chk_timeout_cb($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth);
+    }
+}
+
+function tor_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_tor)
+{
+    log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_tor: %s",
+                    $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_tor ? "YES" : "NO")));
+    if ($is_tor) {
+        $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON
      }
+    $brisk->user[$user_idx]->pend_async--;
+}
+
+function tor_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth)
+{
+    log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s",
+                    $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO")));
+    $brisk->user[$user_idx]->pend_async--;
+}
+
+function proxy_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_proxy)
+{
+    log_cds(sprintf("proxy: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_proxy: %s",
+                    $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_proxy ? "YES" : "NO")));
+    if (FALSE && $is_proxy) {
+        $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON
+    }
+    $brisk->user[$user_idx]->pend_async--;
+}
+
+function proxy_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth)
+{
+    log_cds(sprintf("proxy timeout: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s",
+                    $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO")));
+    $brisk->user[$user_idx]->pend_async--;
  }
  
  ?>