404"; exit(); } } if (!function_exists('print_bw_limit_reached')) { function print_bw_limit_reached ($filename) { sleep(10); header("HTTP/1.1 509 Maximum Instantaneous Bandwidth Exceeded"); echo "HTTP/1.1 509 Maximum Instantaneous Bandwidth Exceeded"; echo ""; echo "

HTTP/1.1 509 Maximum Instantaneous Bandwidth Exceeded

"; echo "There are too many users accessing this server to be able to service your request

"; echo "Please try again later

"; echo ""; echo ""; echo "attempted to access " . $filename . "
"; echo "at " . date('Y-m-d H:i:s', $_SERVER['REQUEST_TIME']); echo "
"; echo ""; } } if (!function_exists('print_auth_required')) { function print_auth_required ($filename) { header("WWW-Authenticate: Basic realm=\"QuickBuild Direct PPA Access\""); header("HTTP/1.0 401 Unauthorized"); echo "HTTP/1.1 401 Access Denied"; echo ""; echo "

HTTP/1.1 401 Access Denied

"; echo "This area is restricted to contributing TDE project members. If you enjoy using TDE, please consider making a financial contribution to TDE, or providing source patches to the project!

"; echo ""; echo ""; echo "attempted to access " . $filename . "
"; echo "at " . date('Y-m-d H:i:s', $_SERVER['REQUEST_TIME']); echo "
"; echo ""; } } if (!function_exists('find_first_changed_directory')) { function find_first_changed_directory($userpath, $serverpath) { $myuserpath = $userpath; $myserverpath = $serverpath; $pos = strpos($myuserpath, "/"); $pos2 = strpos($myserverpath, "/"); if (($pos !== false) && ($pos2 !== false)) { if (($pos == 0) && ($pos2 == 0)) { $myuserpath = substr($myuserpath, 1); $myserverpath = substr($myserverpath, 1); } } do { $pos = strpos($myuserpath, "/"); $pos2 = strpos($myserverpath, "/"); if (($pos !== false) && ($pos2 !== false)) { $userdir = $userdir . "/" . substr($myuserpath, 0, $pos); $serverdir = $serverdir . "/" . substr($myserverpath, 0, $pos2); $myuserpath = substr($myuserpath, $pos + 1); $myserverpath = substr($myserverpath, $pos + 1); if ($userdir != $serverdir) { return $userdir; } } else { if ($myuserpath != $myserverpath) { return $userdir . "/" . $myuserpath; } break; } } while ($pos !== false); return false; } } $mode = ""; $mirror = ""; $ip=@$REMOTE_ADDR; if ($ip == "") { if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else if (isset($_SERVER['REMOTE_ADDR'])) { $ip = $_SERVER['REMOTE_ADDR']; } } if (isset($_REQUEST["mode"])) { $mode = $_GET["mode"]; } if (isset($_REQUEST["mirror"])) { $mirror = $_GET["mirror"]; } if (!isset($_REQUEST["file"])) { fail_hacker($ip, "", ""); } $redirect_base = $_GET["file"]; $redirect_base = str_replace(" ","+",$redirect_base); // The URL should not have spaces in it anyway (work around a PHP bug where + signs are converted to spaces)! $redirect_base = rtrim($redirect_base, '/'); if (file_exists("/mnt/tdata/ppa_rr/bw_limit_exceeded.true")) { print_bw_limit_reached($redirect_base); exit(); } else { /* // Handle round robin // vvvvvv vvvvvv // ****** REMEMBER TO UPDATE /checkmirrortimestamps WITH ANY NEW MIRRORS ****** // ^^^^^^ ^^^^^^ $mirror_id = 3; //$mirror_id = rand(0,4); //$mirror_id = rand(0,5); //$mirror_id = rand(1,4); // uidaho is down (permanently?) //if ($mirror_id == 0) $redirect_url = "http://mirror.its.uidaho.edu/pub/trinity/" . $redirect_base; //if ($mirror_id == 1) $redirect_url = "http://mirror.tokra.lv/" . $redirect_base; //if ($mirror_id == 2) $redirect_url = "http://mirror1.tokra.lv/" . $redirect_base; //if ($mirror_id == 3) $redirect_url = "http://mirror2.tokra.lv/" . $redirect_base; //if ($mirror_id == 4) $redirect_url = "http://mirror3.tokra.lv/" . $redirect_base; //if ($mirror_id == 5) $redirect_url = "http://mirror2.quickbuild.pearsoncomputing.net/trinity/" . $redirect_base; if ($mirror_id == 1) $redirect_url = "http://mirror.ntmm.org/trinity/" . $redirect_base; if ($mirror_id == 2) $redirect_url = "http://depot-trinity.dotriver.eu/" . $redirect_base; if ($mirror_id == 3) $redirect_url = "http://trinity.blackmag.net/" . $redirect_base; */ // Security checks $filesystem_path = realpath($ppadir . $redirect_base); // First check (prevent access to all files outside the ppa directory) if (!starts_with($filesystem_path, $ppadir)) { fail_hacker($ip, $redirect_base, $filesystem_path); } else { // Second check (prevent info about directory structure from leaking, e.g. via ../../../mnt/tdata/trinity/ succeeding) $user_path = ($ppadir . $redirect_base); if ($filesystem_path != $user_path) { // echo "Hmmm [$filesystem_path] != [" . $user_path . "]

"; $fcp = find_first_changed_directory($user_path, $filesystem_path); if ($fcp !== false) { $fcp_target = readlink($fcp); if ($fcp_target !== false) { // echo "First changed directory is $fcp link target is $fcp_target

"; $pos = strrpos($fcp, "/"); if ($pos !== false) { $fixed_target = realpath(substr($fcp, 0, $pos + 1) . $fcp_target); // echo "Fixed target is $fixed_target

"; $user_path = $fixed_target . substr($user_path, strlen($fixed_target)); // echo "Repaired user_path is $user_path

"; } else { fail_hacker($ip, $redirect_base, $filesystem_path); } } else { fail_hacker($ip, $redirect_base, $filesystem_path); } } else { fail_hacker($ip, $redirect_base, $filesystem_path); } } if ($filesystem_path != $user_path) { fail_hacker($ip, $redirect_base, $filesystem_path); } else { // All good! $primary_mirror_id = false; $primary_mirror_name = array_find($primary_mirror . "/", $active_mirrors); if ($primary_mirror_name !== false) { $primary_mirror_id = array_search($primary_mirror_name, $active_mirrors); } $num_active_mirrors = $num_active_mirrors - 1; if ($num_active_mirrors < 0) { print_bw_limit_reached($redirect_base); exit(); } else { // Get file age $file_last_modified = 0; if (file_exists($filesystem_path)) { $file_last_modified = filemtime($filesystem_path); } // echo "File $filesystem_path modifed $file_last_modified time " . time(); if ((time() - $file_last_modified) < ($days_to_assumed_full_sync * 24 * 60 * 60)) { // echo "Using primary [1]"; // File was modified recently; use primary mirror if ($primary_mirror_id !== false) { $mirror_id = $primary_mirror_id; } } else if (starts_with($redirect_base, "trinity-nightly-") || starts_with($redirect_base, "trinity-r14.0.0") || starts_with($redirect_base, "trinity-builddeps-r14.0.0") || starts_with($redirect_base, "releases/R14.0.0") ) { // echo "Using primary [2]"; if ($primary_mirror_id !== false) { $mirror_id = $primary_mirror_id; } } else { // echo "Using any [3]"; $mirror_id = rand(0,$num_active_mirrors); } $redirect_url = $active_mirrors[$mirror_id] . $redirect_base; } try { $dbh = new PDO("mysql:host=$host;dbname=$db", "$user", "$pass"); } catch (Exception $e) { header("HTTP/1.0 500 Internal Server Error"); echo "Database Error"; exit(); // echo "Unable to connect: " . $e->getMessage() ."

"; } // Check if file is already present on the mirror system $sql = 'SELECT filename FROM `tde-primary-mirror-file-list` WHERE filename = :queryfilename'; $sth = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); $sth->execute(array(':queryfilename' => "trinity/" . $redirect_base)); $results = $sth->fetchAll(); $useMirrors = (count($results) > 0)?true:false; // Root path always uses mirror if ($redirect_base == "") { $useMirrors = true; } // Disable nightly build access if ((strpos($redirect_base, "nightly") !== false) || (strpos($redirect_base, "embeddedimages") !== false) || (strpos($redirect_base, "cdimages/ubuntu/tde-ubuntu-") !== false)) { if (($ip != "31.7.243.166") && ($ip != "108.178.208.112")) { $authorized = 0; if (isset($_SERVER['PHP_AUTH_USER'])) { if ((($_SERVER['PHP_AUTH_USER'] == "tde-contrib") && ($_SERVER['PHP_AUTH_PW'] == "trinity7")) || (($_SERVER['PHP_AUTH_USER'] == "tde-fr-17") && ($_SERVER['PHP_AUTH_PW'] == "hd82com8p"))) { $authorized = 1; } } if ($authorized == 0) { //error_log("Access denied to: " . $ip); //print_bw_limit_reached($redirect_base); print_auth_required($redirect_base); exit(); } } } if (($useMirrors == false) && (file_exists("/mnt/tdata/ppa_rr/bw_limit_exceeded_local.true"))) { print_bw_limit_reached($redirect_base); exit(); } else { // Local override for Sources, Packages, etc. if (ends_with($redirect_base, "/Release") || ends_with($redirect_base, "/Release.gpg") || ends_with($redirect_base, "/Packages") || ends_with($redirect_base, "/Packages.bz2") || ends_with($redirect_base, "/Packages.gz") || ends_with($redirect_base, "/Sources") || ends_with($redirect_base, "/Sources.bz2") || ends_with($redirect_base, "/Sources.gz") || ends_with($redirect_base, ".sha512sum") || ends_with($redirect_base, ".gpg") ) { $useMirrors = false; } if ($useMirrors) { // echo "Stand by, redirecting to " . $redirect_url; header("HTTP/1.1 301 Moved Permanently"); header("Location: " . $redirect_url); exit(); } else { if ($redirect_all_local_trinity_access_to_remote_cache == 1) { $redirect_url = $remote_cache_url . "/" . $redirect_base; // echo "Stand by, redirecting to " . $redirect_url; header("HTTP/1.1 301 Moved Permanently"); header("Location: " . $redirect_url); exit(); } else { // echo "Stand by, downloading file from " . $filesystem_path; if(file_exists($filesystem_path)) { if (is_dir($filesystem_path)) { $dir = opendir($filesystem_path); while($entry = readdir($dir)) { $dirArray[] = $entry; } closedir($dir); $indexCount = count($dirArray); // print ($indexCount - 2 . " files
\n"); sort($dirArray); print("\n"); print("\n"); // loop through the array of files and print them all for($index=0; $index < $indexCount; $index++) { if (substr("$dirArray[$index]", 0, 1) != ".") { // don't list hidden files print(""); print(""); print(""); print("\n"); } } print("\n"); printf("

Trinity CDN Master"); exit(); } else { header("X-Sendfile: $filesystem_path"); // header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=\"" . basename($filesystem_path) . "\""); exit(); } } } } } } } } ?>