rocksolid-light/Rocksolid_Light/rslight/scripts/nntp-ssl.php

    <?php
    include "config.inc.php";
    include ("$file_newsportal"); 
    include $config_dir."/scripts/rslight-lib.php";
    if(file_exists($config_dir."/nntp.disable")) {
       clearstatcache(true, $config_dir."/nntp.disable");
       $parent_pid = file_get_contents($lockdir.'/rslight-nntp.lock', IGNORE_NEW_LINES);
       posix_kill($parent_pid, SIGTERM);
       exit;
    }
    /**
      * Listens for requests and forks on each connection
      */
    $__server_listening = true;
    //error_reporting(E_ALL);
    set_time_limit(0);
    ob_implicit_flush();
    declare(ticks = 1);
    become_daemon();
    /* nobody/nogroup, change to your host's uid/gid of the non-priv user */

    /* handle signals */
    pcntl_signal(SIGTERM, 'sig_handler');
    pcntl_signal(SIGINT, 'sig_handler');
    pcntl_signal(SIGCHLD, 'sig_handler');

    if(isset($CONFIG['enable_all_networks']) && $CONFIG['enable_all_networks'] == true) {
        $bind="0.0.0.0";
    } else {
        $bind=$CONFIG['local_server'];
    }
    server_loop($bind, $CONFIG['local_ssl_port']);
    
    /**
      * Change the identity to a non-priv user
      */
    function change_identity( $uid, $gid )
    {
        if( !posix_setgid( $gid ) )
        {
            print "Unable to setgid to " . $gid . "!\n";
            exit;
        }

        if( !posix_setuid( $uid ) )
        {
            print "Unable to setuid to " . $uid . "!\n";
            exit;
        }
    }
    /**
      * Creates a server socket and listens for incoming client connections
      * @param string $address The address to listen on
      * @param int $port The port to listen on
      */
    function server_loop($address, $port)
    {
        GLOBAL $__server_listening;
        GLOBAL 
$CONFIG,$logdir,$lockdir,$webserver_uid,$webserver_gid,$installed_path,
$config_path,$groupconfig,$workpath,$path,$spooldir,$ssldir,$nntp_group,$auth_ok;
	$logfile=$logdir.'/nntp.log';
	$lockfile = $lockdir . '/rslight-nntp-ssl.lock';
	$pid = file_get_contents($lockfile);
	if (posix_getsid($pid) === false || !is_file($lockfile)) {
	   print "Starting Rocksolid Light NNTP Server...\n";
	   file_put_contents($lockfile, getmypid()); // create lockfile
	} else {
	   print "Rocksolid Light NNTP Server currently running\n";
	   exit;
	}

	$auth_ok = 0;
	$user = "";
	$pass = "";
	$pemfile = $ssldir.'/server.pem';
	if(!is_file($pemfile)) {
	    create_node_ssl_cert($pemfile);
	}	
	$context = stream_context_create();
	stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);
	stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
	stream_context_set_option($context, 'ssl', 'verify_peer', false);
	stream_context_set_option($context, 'ssl', 'verify_peer_name', false);	
	stream_context_set_option($context, 'ssl', 'ciphers', 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384');
	$sock = stream_socket_server(
		'tcp://'.$address.':'.$port,
		$errno,
		$errstr,
		STREAM_SERVER_BIND|STREAM_SERVER_LISTEN,
		$context
	);
/* Change to non root user */
  $uinfo=posix_getpwnam($CONFIG['webserver_user']);
  change_identity($uinfo["uid"],$uinfo["gid"]);
/* Everything below runs as $CONFIG['webserver_user'] */

        echo "waiting for clients to connect\n";

        while ($__server_listening)
        {
            $connection = stream_socket_accept($sock);
            if ($connection === false)
            {
                usleep(100);
            }elseif ($connection > 0)
            {
                handle_client($sock, $connection);
            }else
            {
                echo "error: ".socket_strerror($connection);
                file_put_contents($logfile, "\n".format_log_date()." error: ".socket_strerror($connection), FILE_APPEND); 
	        die;
            }
        }
    }

    /**
      * Signal handler
      */
    function sig_handler($sig)
    {
        switch($sig)
        {
            case SIGTERM:
            case SIGINT:
                exit();
            break;

            case SIGCHLD:
                pcntl_waitpid(-1, $status);
            break;
        }
    }

    /**
      * Handle a new client connection
      */
    function handle_client($ssock, $csock)
    {
        GLOBAL $__server_listening;

        $pid = pcntl_fork();

        if ($pid == -1)
        {
            /* fork failed */
            echo "fork failure!\n";
            die;
        }elseif ($pid == 0)
        {
            /* child process */
            $__server_listening = false;
            fclose($ssock);
            interact($csock, true);
            fclose($csock);
        }else
        {
            fclose($csock);
        }
    }

function create_certificate($pemfile) {
global $CONFIG;
$certificateData = array(
    "countryName" => "US",
    "stateOrProvinceName" => "New York",
    "localityName" => "New York City",
    "organizationName" => "Rocksolid",
    "organizationalUnitName" => "Rocksolid Light",
    "commonName" => $CONFIG['organization'],
    "emailAddress" => "rocksolid@example.com"
);
 
// Generate certificate
$privateKey = openssl_pkey_new();
$certificate = openssl_csr_new($certificateData, $privateKey);
$certificate = openssl_csr_sign($certificate, null, $privateKey, 365);

// Generate PEM file
$pem_passphrase = null; // empty for no passphrase
$pem = array();
openssl_x509_export($certificate, $pem[0]);
openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
$pem = implode($pem);

// Save PEM file
file_put_contents($pemfile, $pem);
}
?>
Initial commit 2020-11-29 01:55:31 +01:00			`<?php`
			`include "config.inc.php";`
			`include ("$file_newsportal");`
			`include $config_dir."/scripts/rslight-lib.php";`
			`if(file_exists($config_dir."/nntp.disable")) {`
			`clearstatcache(true, $config_dir."/nntp.disable");`
Move lock files to /lock to allow multiple instances 2021-07-03 04:08:34 +02:00			`$parent_pid = file_get_contents($lockdir.'/rslight-nntp.lock', IGNORE_NEW_LINES);`
Initial commit 2020-11-29 01:55:31 +01:00			`posix_kill($parent_pid, SIGTERM);`
			`exit;`
			`}`
			`/**`
			`* Listens for requests and forks on each connection`
			`*/`
			`$__server_listening = true;`
			`//error_reporting(E_ALL);`
			`set_time_limit(0);`
			`ob_implicit_flush();`
			`declare(ticks = 1);`
			`become_daemon();`
			`/* nobody/nogroup, change to your host's uid/gid of the non-priv user */`

			`/* handle signals */`
			`pcntl_signal(SIGTERM, 'sig_handler');`
			`pcntl_signal(SIGINT, 'sig_handler');`
			`pcntl_signal(SIGCHLD, 'sig_handler');`

			`if(isset($CONFIG['enable_all_networks']) && $CONFIG['enable_all_networks'] == true) {`
			`$bind="0.0.0.0";`
			`} else {`
			`$bind=$CONFIG['local_server'];`
			`}`
			`server_loop($bind, $CONFIG['local_ssl_port']);`

			`/**`
			`* Change the identity to a non-priv user`
			`*/`
			`function change_identity( $uid, $gid )`
			`{`
			`if( !posix_setgid( $gid ) )`
			`{`
			`print "Unable to setgid to " . $gid . "!\n";`
			`exit;`
			`}`

			`if( !posix_setuid( $uid ) )`
			`{`
			`print "Unable to setuid to " . $uid . "!\n";`
			`exit;`
			`}`
			`}`
			`/**`
			`* Creates a server socket and listens for incoming client connections`
			`* @param string $address The address to listen on`
			`* @param int $port The port to listen on`
			`*/`
			`function server_loop($address, $port)`
			`{`
			`GLOBAL $__server_listening;`
			`GLOBAL`
First mods for php8.2. 2023-04-14 03:52:30 +02:00			`$CONFIG,$logdir,$lockdir,$webserver_uid,$webserver_gid,$installed_path,`
Fix some ssl bugs for letsencrypt. 2023-07-10 20:20:08 +02:00			`$config_path,$groupconfig,$workpath,$path,$spooldir,$ssldir,$nntp_group,$auth_ok;`
Initial commit 2020-11-29 01:55:31 +01:00			`$logfile=$logdir.'/nntp.log';`
Move lock files to /lock to allow multiple instances 2021-07-03 04:08:34 +02:00			`$lockfile = $lockdir . '/rslight-nntp-ssl.lock';`
Initial commit 2020-11-29 01:55:31 +01:00			`$pid = file_get_contents($lockfile);`
			`if (posix_getsid($pid) === false \|\| !is_file($lockfile)) {`
			`print "Starting Rocksolid Light NNTP Server...\n";`
			`file_put_contents($lockfile, getmypid()); // create lockfile`
			`} else {`
			`print "Rocksolid Light NNTP Server currently running\n";`
			`exit;`
			`}`

			`$auth_ok = 0;`
			`$user = "";`
			`$pass = "";`
Set in config.inc.php in scripts dir. 2023-07-09 18:35:30 +02:00			`$pemfile = $ssldir.'/server.pem';`
First mods for php8.2. 2023-04-14 03:52:30 +02:00			`if(!is_file($pemfile)) {`
Fix some ssl bugs for letsencrypt. 2023-07-10 20:20:08 +02:00			`create_node_ssl_cert($pemfile);`
First mods for php8.2. 2023-04-14 03:52:30 +02:00			`}`
Initial commit 2020-11-29 01:55:31 +01:00			`$context = stream_context_create();`
			`stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);`
			`stream_context_set_option($context, 'ssl', 'allow_self_signed', true);`
			`stream_context_set_option($context, 'ssl', 'verify_peer', false);`
			`stream_context_set_option($context, 'ssl', 'verify_peer_name', false);`
			`stream_context_set_option($context, 'ssl', 'ciphers', 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384');`
			`$sock = stream_socket_server(`
			`'tcp://'.$address.':'.$port,`
			`$errno,`
			`$errstr,`
			`STREAM_SERVER_BIND\|STREAM_SERVER_LISTEN,`
			`$context`
			`);`
			`/* Change to non root user */`
			`$uinfo=posix_getpwnam($CONFIG['webserver_user']);`
			`change_identity($uinfo["uid"],$uinfo["gid"]);`
			`/* Everything below runs as $CONFIG['webserver_user'] */`

			`echo "waiting for clients to connect\n";`

			`while ($__server_listening)`
			`{`
			`$connection = stream_socket_accept($sock);`
			`if ($connection === false)`
			`{`
			`usleep(100);`
			`}elseif ($connection > 0)`
			`{`
			`handle_client($sock, $connection);`
			`}else`
			`{`
			`echo "error: ".socket_strerror($connection);`
			`file_put_contents($logfile, "\n".format_log_date()." error: ".socket_strerror($connection), FILE_APPEND);`
			`die;`
			`}`
			`}`
			`}`

			`/**`
			`* Signal handler`
			`*/`
			`function sig_handler($sig)`
			`{`
			`switch($sig)`
			`{`
			`case SIGTERM:`
			`case SIGINT:`
			`exit();`
			`break;`

			`case SIGCHLD:`
			`pcntl_waitpid(-1, $status);`
			`break;`
			`}`
			`}`

			`/**`
			`* Handle a new client connection`
			`*/`
			`function handle_client($ssock, $csock)`
			`{`
			`GLOBAL $__server_listening;`

			`$pid = pcntl_fork();`

			`if ($pid == -1)`
			`{`
			`/* fork failed */`
			`echo "fork failure!\n";`
			`die;`
			`}elseif ($pid == 0)`
			`{`
			`/* child process */`
			`$__server_listening = false;`
			`fclose($ssock);`
			`interact($csock, true);`
			`fclose($csock);`
			`}else`
			`{`
			`fclose($csock);`
			`}`
			`}`
First mods for php8.2. 2023-04-14 03:52:30 +02:00
			`function create_certificate($pemfile) {`
			`global $CONFIG;`
			`$certificateData = array(`
			`"countryName" => "US",`
			`"stateOrProvinceName" => "New York",`
			`"localityName" => "New York City",`
			`"organizationName" => "Rocksolid",`
			`"organizationalUnitName" => "Rocksolid Light",`
			`"commonName" => $CONFIG['organization'],`
			`"emailAddress" => "rocksolid@example.com"`
			`);`

			`// Generate certificate`
			`$privateKey = openssl_pkey_new();`
			`$certificate = openssl_csr_new($certificateData, $privateKey);`
			`$certificate = openssl_csr_sign($certificate, null, $privateKey, 365);`

			`// Generate PEM file`
			`$pem_passphrase = null; // empty for no passphrase`
			`$pem = array();`
			`openssl_x509_export($certificate, $pem[0]);`
			`openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);`
			`$pem = implode($pem);`

			`// Save PEM file`
			`file_put_contents($pemfile, $pem);`
			`}`
Initial commit 2020-11-29 01:55:31 +01:00			`?>`