Permalink
Browse files

Initial commit.

  • Loading branch information...
cubiclesoft committed Jun 17, 2016
1 parent 495dacd commit 883b4f79f9c0ad6209cb8114827116951a7ac83f
Showing with 13,645 additions and 2 deletions.
  1. +2 −0 .gitignore
  2. +26 −2 README.md
  3. +84 −0 client/install.php
  4. +212 −0 client/run.php
  5. +186 −0 client/servicemanager/sdks/servicemanager.php
  6. BIN client/servicemanager/servicemanager.exe
  7. BIN client/servicemanager/servicemanager_mac
  8. +16 −0 client/servicemanager/servicemanager_mac.launchd
  9. +21 −0 client/servicemanager/servicemanager_nix.sysvinit
  10. BIN client/servicemanager/servicemanager_nix_32
  11. BIN client/servicemanager/servicemanager_nix_64
  12. +157 −0 client/support/cli.php
  13. +99 −0 client/support/crc32_stream.php
  14. +365 −0 client/support/deflate_stream.php
  15. +1,590 −0 client/support/http.php
  16. +197 −0 client/support/phpseclib/Crypt/AES.php
  17. +2,599 −0 client/support/phpseclib/Crypt/Base.php
  18. +1,078 −0 client/support/phpseclib/Crypt/Rijndael.php
  19. +21 −0 client/support/phpseclib/license.txt
  20. +169 −0 client/support/random.php
  21. +1,140 −0 client/support/web_browser.php
  22. +217 −0 client/support/wkfs_functions.php
  23. +123 −0 server/index.php
  24. +226 −0 server/install.php
  25. +419 −0 server/server.php
  26. +186 −0 server/servicemanager/sdks/servicemanager.php
  27. +21 −0 server/servicemanager/servicemanager_nix.sysvinit
  28. BIN server/servicemanager/servicemanager_nix_32
  29. BIN server/servicemanager/servicemanager_nix_64
  30. +210 −0 server/support/ipaddr.php
  31. +197 −0 server/support/phpseclib/Crypt/AES.php
  32. +2,599 −0 server/support/phpseclib/Crypt/Base.php
  33. +1,078 −0 server/support/phpseclib/Crypt/Rijndael.php
  34. +21 −0 server/support/phpseclib/license.txt
  35. +169 −0 server/support/random.php
  36. +217 −0 server/support/wkfs_functions.php
View
@@ -0,0 +1,2 @@
/client/config.*
/server/config.*
View
@@ -1,2 +1,26 @@
# web-knocker-firewall-service
A web-based service written in pure PHP that opens protected TCP and UDP ports in response to encrypted requests from a correctly configured client for a limited but renewable time period. MIT or LGPL.
Web Knocker Firewall Service
============================
A web-based service written in pure PHP for Linux servers that opens protected TCP and UDP ports in response to encrypted requests from a correctly configured client for a limited but renewable time period.
Features
--------
* IPv4 and IPv6 support.
* Dynamic iptables chains and rules.
* Can run multiple instances of the server on a single host.
* Can run multiple instances of the client on a single host.
* Optionally sends notification e-mail(s) whenever a client successfully opens a port on the server.
* Server controlled ports and timeouts limit what a client can do.
* Two-way communication. Clients don't just send an encrypted data packet and hope that it worked.
* And much, much more. See the official documentation for a more complete feature list.
* Also has a liberal open source license. MIT or LGPL, your choice.
* Designed for relatively painless integration into your envrionment.
* Sits on GitHub for all of that pull request and issue tracker goodness to easily submit changes and ideas respectively.
More Information
----------------
Documentation, examples, and official downloads of this project sit on the Barebones CMS website:
http://barebonescms.com/documentation/cloud_backup/
View
@@ -0,0 +1,84 @@
<?php
// Web Knocker Firewall Service client installer.
// (C) 2016 CubicleSoft. All Rights Reserved.
if (!isset($_SERVER["argc"]) || !$_SERVER["argc"])
{
echo "This file is intended to be run from the command-line.";
exit();
}
// Temporary root.
$rootpath = str_replace("\\", "/", dirname(__FILE__));
require_once $rootpath . "/support/wkfs_functions.php";
echo "Welcome to the Web Knocker Firewall Service client installer!\n\n";
echo "If you want to install the client so that it runs when the OS boots, you should run this installer as Administrator, root, or an equivalent account.\n\n";
echo "Press 'enter' or 'return' to continue or Ctrl-C to quit now.";
fgets(STDIN);
echo "\n\n\n";
$config = array();
echo "----------\n\n";
echo "From the server installation screen or the server 'config.php' file, copy and paste the following information:\n\n";
$config["encryption_key"] = array();
echo "key1: ";
$config["encryption_key"]["key1"] = trim(fgets(STDIN));
echo "iv1: ";
$config["encryption_key"]["iv1"] = trim(fgets(STDIN));
echo "key2: ";
$config["encryption_key"]["key2"] = trim(fgets(STDIN));
echo "iv2: ";
$config["encryption_key"]["iv2"] = trim(fgets(STDIN));
echo "sign: ";
$config["encryption_key"]["sign"] = trim(fgets(STDIN));
echo "\n\n";
echo "----------\n";
do
{
echo "\n";
echo "Remote service URL: ";
$config["url"] = trim(fgets(STDIN));
echo "\n";
echo "Checking URL and gathering information...\n";
$wkfshelper = new WKFS_Helper();
$wkfshelper->Init($config);
$result = $wkfshelper->GetServerInfo();
if (!$result["success"]) WKFS_DisplayError("An error occurred while retrieving information from the remote server. Try again.", $result, false);
} while (!$result["success"]);
echo "----------\n\n";
echo "This section is optional. As a system service, the web knocker will regularly attempt to keep all protected ports open for the maximum amount of time. This can be useful if you are protecting an e-mail, database, or other server(s) where TCP/IP connections are created and destroyed on a regular basis behind the scenes.\n\n";
echo "System service name (leave blank to not install): ";
$config["servicename"] = trim(fgets(STDIN));
file_put_contents($rootpath . "/config.dat", json_encode($config, JSON_PRETTY_PRINT));
echo "\n";
echo "**********\n";
echo "Configuration file is located at '" . $rootpath . "/config.dat'.\n\n";
echo "Server information:\n\n";
var_dump($result);
echo "**********\n";
echo "\n";
if ($config["servicename"] !== "")
{
system(escapeshellarg(PHP_BINARY) . " " . escapeshellarg($rootpath . "/run.php") . " install");
system(escapeshellarg(PHP_BINARY) . " " . escapeshellarg($rootpath . "/run.php") . " start");
echo "\n";
}
echo "Done.\n";
?>
View
@@ -0,0 +1,212 @@
<?php
// Web Knocker Firewall Service client.
// (C) 2016 CubicleSoft. All Rights Reserved.
if (!isset($_SERVER["argc"]) || !$_SERVER["argc"])
{
echo "This file is intended to be run from the command-line.";
exit();
}
// Temporary root.
$rootpath = str_replace("\\", "/", dirname(__FILE__));
require_once $rootpath . "/support/wkfs_functions.php";
$filename = $rootpath . "/config.dat";
if (!file_exists($filename)) WKFS_DisplayError("Configuration file '" . $filename . "' is missing. Run the installer to create the necessary configuration file.");
$config = json_decode(file_get_contents($filename), true);
if (!isset($config["encryption_key"]["sign"])) WKFS_DisplayError("Configuration file '" . $filename . "' is invalid. Run the installer to create the necessary configuration file.");
require_once $rootpath . "/support/cli.php";
// Process the command-line options.
$options = array(
"shortmap" => array(
"f" => "frequency",
"m" => "maxtime",
"t" => "tcp",
"u" => "udp",
"?" => "help"
),
"rules" => array(
"frequency" => array("arg" => true),
"maxtime" => array("arg" => true),
"tcp" => array("arg" => true, "multiple" => true),
"udp" => array("arg" => true, "multiple" => true),
"help" => array("arg" => false)
)
);
$args = ParseCommandLine($options);
if (isset($args["opts"]["help"]))
{
echo "Web Knocker Firewall Service client\n";
echo "Purpose: Open preconfigured remote host firewall ports.\n";
echo "\n";
echo "Syntax: " . $args["file"] . " [options] [servicecommand]\n";
echo "Options:\n";
echo "\t-f The amount of time to wait before sending another port request.\n";
echo "\t-m The maximum amount of time to open the ports for. Server capped.\n";
echo "\t-t The TCP port to open. Defaults to all possible options.\n";
echo "\t-u The UDP port to open. Defaults to all possible options.\n";
echo "\n";
echo "Example:\n";
echo "\tphp " . $args["file"] . " -t=22\n";
exit();
}
if (count($args["params"]))
{
// Service Manager PHP SDK.
require_once $rootpath . "/servicemanager/sdks/servicemanager.php";
$sm = new ServiceManager($rootpath . "/servicemanager");
echo "Service manager: " . $sm->GetServiceManagerRealpath() . "\n\n";
$servicename = preg_replace('/[^a-z0-9]/', "-", $config["servicename"]);
if ($servicename === "") WKFS_DisplayError("The configuration file 'servicename' field is empty. Update the configuration file and then re-run the command.");
$argv[1] = $args["params"][0];
if ($argv[1] == "install")
{
// Install the service.
$args = array();
$options = array();
$result = $sm->Install($servicename, __FILE__, $args, $options, true);
if (!$result["success"]) WKFS_DisplayError("Unable to install the '" . $servicename . "' service.", $result);
}
else if ($argv[1] == "start")
{
// Start the service.
$result = $sm->Start($servicename, true);
if (!$result["success"]) WKFS_DisplayError("Unable to start the '" . $servicename . "' service.", $result);
}
else if ($argv[1] == "stop")
{
// Stop the service.
$result = $sm->Stop($servicename, true);
if (!$result["success"]) WKFS_DisplayError("Unable to stop the '" . $servicename . "' service.", $result);
}
else if ($argv[1] == "uninstall")
{
// Uninstall the service.
$result = $sm->Uninstall($servicename, true);
if (!$result["success"]) WKFS_DisplayError("Unable to uninstall the '" . $servicename . "' service.", $result);
}
else if ($argv[1] == "dumpconfig")
{
$result = $sm->GetConfig($servicename);
if (!$result["success"]) WKFS_DisplayError("Unable to retrieve the configuration for the '" . $servicename . "' service.", $result);
echo "Service configuration: " . $result["filename"] . "\n\n";
echo "Current service configuration:\n\n";
foreach ($result["options"] as $key => $val) echo " " . $key . " = " . $val . "\n";
}
else
{
echo "Command not recognized. Run the service manager directly for anything other than 'install', 'start', 'stop', 'uninstall', and 'dumpconfig'.\n";
}
}
else
{
// Make sure PHP doesn't introduce weird limitations.
ini_set("memory_limit", "-1");
set_time_limit(0);
$wkfshelper = new WKFS_Helper();
$wkfshelper->Init($config);
$nextquery = 0;
$serverinfo = false;
// Main service code.
$stopfilename = __FILE__ . ".notify.stop";
$reloadfilename = __FILE__ . ".notify.reload";
$lastservicecheck = time();
$running = true;
do
{
if ($nextquery > 0) sleep(1);
if ($nextquery <= time())
{
// Get server information.
if ($serverinfo === false)
{
$result = $wkfshelper->GetServerInfo();
if (!$result["success"])
{
WKFS_DisplayError("An error occurred while retrieving information from the remote server. Try again.", $result, false);
$nextquery = time() + 15;
}
else
{
echo "Retrieved server information.\n";
if (isset($args["opts"]["tcp"]))
{
$ports = array();
foreach ($result["tcp"] as $num)
{
if (in_array($num, $args["opts"]["tcp"])) $ports[] = $num;
}
$result["tcp"] = $ports;
}
if (isset($args["opts"]["udp"]))
{
$ports = array();
foreach ($result["udp"] as $num)
{
if (in_array($num, $args["opts"]["udp"])) $ports[] = $num;
}
$result["udp"] = $ports;
}
$serverinfo = $result;
}
}
if ($serverinfo !== false)
{
$maxtime = (isset($args["opts"]["maxtime"]) ? min((int)$args["opts"]["maxtime"], (int)$serverinfo["maxtime"]) : $serverinfo["maxtime"]);
if ($maxtime <= 0) $maxtime = 10;
$frequency = (int)(isset($args["opts"]["frequency"]) ? min((int)$args["opts"]["frequency"], $maxtime / 3) : $maxtime / 3);
if ($frequency <= 0) $frequency = 1;
$result = $wkfshelper->OpenServerPorts($serverinfo["tcp"], $serverinfo["udp"], $maxtime);
if (!$result["success"])
{
WKFS_DisplayError("An error occurred while attempting to open the requested server ports.", $result, false);
$serverinfo = false;
$nextquery = 0;
}
else
{
echo "Renewed until: " . date("Y-m-d H:i:s", $result["expires"]) . "\n";
$nextquery = time() + $frequency;
}
}
}
// Check the status of the two service file options.
if ($lastservicecheck <= time() - 3)
{
if (file_exists($stopfilename) || file_exists($reloadfilename)) $running = false;
$lastservicecheck = time();
}
} while ($running);
}
?>
Oops, something went wrong.

0 comments on commit 883b4f7

Please sign in to comment.