aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorD. V. Serg <dvserg@pfsense.org>2008-05-15 06:07:24 +0000
committerD. V. Serg <dvserg@pfsense.org>2008-05-15 06:07:24 +0000
commit4e0750a32049e7309d762466efd0ab73bd5d4d78 (patch)
tree8fc00541e4acfa68a0cc0663f09302b67848f91e
parent0b67ead09c1279129d1d21931a14f8797c8af114 (diff)
downloadpfsense-packages-4e0750a32049e7309d762466efd0ab73bd5d4d78.tar.gz
pfsense-packages-4e0750a32049e7309d762466efd0ab73bd5d4d78.tar.bz2
pfsense-packages-4e0750a32049e7309d762466efd0ab73bd5d4d78.zip
Change interface(adding whitelist opt) and blacklist procedure.
-rw-r--r--packages/squidGuard/squidguard.inc265
-rw-r--r--packages/squidGuard/squidguard_configurator.inc826
2 files changed, 546 insertions, 545 deletions
diff --git a/packages/squidGuard/squidguard.inc b/packages/squidGuard/squidguard.inc
index 6ddaf67c..88779180 100644
--- a/packages/squidGuard/squidguard.inc
+++ b/packages/squidGuard/squidguard.inc
@@ -92,9 +92,9 @@ define('BLACKLIST_DEFAULT_URL', 'http://ftp.teledanmark.no/pub/www/proxy/squidG
define('BLACKLIST_DEFAULT_URL1', 'http://squidguard.mesd.k12.or.us/blacklists.tgz'); // 3.5Mb
define('BLACKLIST_DEFAULT_URL2', 'http://blacklist.dansguardian.org/cgi-bin/download.pl?type=download&file=bigblacklist');
define('BLACKLIST_TMP_FILE', '/var/tmp/blacklists.tar.gz');
-define('BLACKLIST_BTN_STD', 'Upload Std');
define('BLACKLIST_BTN_URL', 'Upload Url');
-define('BLACKLIST_BTN_FILE', 'Upload File');
+define('BLACKLIST_BTN_LAST', 'Restore last');
+
define('BLACKLIST_LOGFILE', 'blacklist.log');
define('APPLY_BTN', 'Apply');
@@ -142,45 +142,33 @@ function squidguard_validate_acl($post, $input_errors) {
// check unique name
if (!check_unique_name(MODULE_ACL, $name))
- $input_errors[] = "Name '$name' already exists";
+ $input_errors[] = "Name '$name' already exists.";
}
// store destinations to 'dest' value
foreach ($post as $key => $val) {
if (substr_count($key, PREFLD_UPTIME) != 0) {
$name = str_replace(PREFLD_UPTIME, '', $key);
- if ($name)
- $pass_up[$name] = 'on';
- }
- elseif (substr_count($key, PREFLD_UPTIME_DENY) != 0) {
- $name = str_replace(PREFLD_UPTIME_DENY, '', $key);
- if ($name)
- $deny_up[$name] = 'on';
+ if ($name) {
+ switch($val) {
+ case "allow": $pass_up_val .= " $name"; break;
+ case "white": $pass_up_val .= " ^$name"; break;
+ case "deny" : $pass_up_val .= " !$name"; break;
+ }
+ }
}
elseif (substr_count($key, PREFLD_OVERTIME) != 0) {
$name = str_replace(PREFLD_OVERTIME, '', $key);
- if ($name)
- $pass_over[$name] = 'on';
- }
- elseif (substr_count($key, PREFLD_OVERTIME_DENY) != 0) {
- $name = str_replace(PREFLD_OVERTIME_DENY, '', $key);
- if ($name)
- $deny_over[$name] = 'on';
+ if ($name) {
+ switch($val) {
+ case "allow": $pass_over_val .= " $name"; break;
+ case "white": $pass_over_val .= " ^$name"; break;
+ case "deny" : $pass_over_val .= " !$name"; break;
+ }
+ }
}
}
- foreach ($pass_up as $key => $val) {
- if ($deny_up[$key])
- $pass_up_val .= " !$key";
- else $pass_up_val .= " $key";
- }
-
- foreach ($pass_over as $key => $val) {
- if ($deny_over[$key])
- $pass_over_val .= " !$key";
- else $pass_over_val .= " $key";
- }
-
// !ATTENTION! on pfSense XML config must be must(shell) be '!all' instead of 'none' - it is a must for correct work GUI
// if not exists key 'all', then add 'none' - default 'deny all'
@@ -358,6 +346,12 @@ function squidguard_resync() {
if ($url)
sg_reconfigure_blacklist($url, $proxy);
}
+
+ // blacklist restore last (if exists)
+ if ($submit == BLACKLIST_BTN_LAST) {
+ restore_arc_blacklist();
+ }
+
// apply changes
if ($submit == APPLY_BTN) {
# write_config('Update squidGuard options.'); // store, if not 'Save' button
@@ -443,30 +437,8 @@ function get_pkg_items_list($pkg_gui_name, $fieldname) {
# ==============================================================================
# Before form
# ==============================================================================
-
-// -----------------------------------------------------------------------------
-// squidguard_before_form_src -- ### will deleted ###
-// -----------------------------------------------------------------------------
-function squidguard_before_form_src($pkg) {
- global $config;
- global $g;
- $i=0;
- foreach($pkg['fields']['field'] as $field) {
- if ($field['fieldname'] == 'order') {
- $fld = &$pkg['fields']['field'][$i];
- $img_up = "<img src='./themes/{$g['theme']}/images/icons/icon_up.gif'
- title='move up' width='17' height='17' border='0' onclick='on_moveup()'>";
- $img_down = "<img src='./themes/{$g['theme']}/images/icons/icon_down.gif'
- title='move down' width='17' height='17' border='0' onclick='on_movedown()'>";
- $s = "$img_up $img_down <br> <b>Move to:</b> " . $fld['description'];
- $fld['description'] = $s;
- }
- $i++;
- }
-}
-// -----------------------------------------------------------------------------
-// squidguard_before_form_dest
-// -----------------------------------------------------------------------------
+# squidguard_before_form_dest
+# ------------------------------------------------------------------------------
function squidguard_before_form_dest($pkg) {
global $config;
$expr_names = '';
@@ -493,15 +465,15 @@ function squidguard_before_form_dest($pkg) {
}
}
-// -----------------------------------------------------------------------------
-// squidguard_before_form
-// -----------------------------------------------------------------------------
+# ------------------------------------------------------------------------------
+# squidguard_before_form
+# ------------------------------------------------------------------------------
function squidguard_before_form($pkg) {
$i=0;
foreach($pkg['fields']['field'] as $field) {
// blacklist controls
- if ($field['fieldname'] == 'blacklist') {
+ if ($field['fieldname'] == 'blacklist_url') {
$fld = &$pkg['fields']['field'][$i];
$fld['description'] .= make_grid_blacklist(); // insert to description custom controls
}
@@ -595,51 +567,67 @@ function squidguard_before_form_acl($pkg, $is_acl=true) {
$pss = str_replace(']', '', $acl_dest);
$pss = explode(' ', $pss);
foreach($pss as $val) {
- $name = str_replace('!', '', $val);
+ $name = $val;
+ $name = str_replace('!', '', $name);
+ $name = str_replace('^', '', $name);
if ($val == '[') { $overtime = 'yes'; continue; }
elseif ($val == ']') { break; }
if (empty($overtime)) {
- if($val[0] != '!')
- $acls_up[$name] = 'pass';
- else $acls_up[$name] = 'deny';
+ if (!empty($val)) {
+ switch($val[0]) {
+ case '!': $acls_up[$name] = 'deny'; break;
+ case '^': $acls_up[$name] = 'white'; break;
+ default : $acls_up[$name] = 'allow'; break;
+ }
+ }
} else {
- if($val[0] != '!')
- $acls_over[$name] = 'pass';
- else $acls_over[$name] = 'deny';
+ if (!empty($val)) {
+ switch($val[0]) {
+ case '!': $acls_over[$name] = 'deny'; break;
+ case '^': $acls_over[$name] = 'white'; break;
+ default : $acls_over[$name] = 'allow'; break;
+ }
+ }
}
}
}
// --- Destinations ---
$general_cfg = $config['installedpackages'][MODULE_GENERAL]['config'][0];
- $dest_cfg = $config['installedpackages'][MODULE_DESTINATION]['config'];
+ $dest_cfg = $config['installedpackages'][MODULE_DESTINATION]['config'];
// Blacklist
if ($general_cfg['blacklist'] == 'on') {
$blk_entries = sg_entries_blacklist();
if (!empty($blk_entries)) {
foreach($blk_entries as $dst)
- $dest_items[] = array ('name'=>$dst, 'upt_value'=>$acls_up[$dst],
- 'ovt_value'=>$acls_over[$dst], 'description'=>'');
+ $dest_items[] = array ('name'=>$dst,
+ 'upt_value'=>$acls_up[$dst],
+ 'ovt_value'=>$acls_over[$dst],
+ 'description'=>'');
}
}
// User destinations
if ($dest_cfg) {
foreach($dest_cfg as $dst)
- $dest_items[] = array ('name'=>$dst[FLD_NAME], 'upt_value'=>$acls_up[$dst[FLD_NAME]],
- 'ovt_value'=>$acls_over[$dst[FLD_NAME]], 'description'=>$dst[FLD_DESCRIPTION]);
+ $dest_items[] = array ('name'=>$dst[FLD_NAME],
+ 'upt_value'=>$acls_up[$dst[FLD_NAME]],
+ 'ovt_value'=>$acls_over[$dst[FLD_NAME]],
+ 'description'=>$dst[FLD_DESCRIPTION]);
}
// Default all
- $dest_items[] = array('name'=>FLT_DEFAULT_ALL, 'upt_value'=>$acls_up[FLT_DEFAULT_ALL],
- 'ovt_value'=>$acls_over[FLT_DEFAULT_ALL], 'description'=>'Default access');
+ $dest_items[] = array('name'=>FLT_DEFAULT_ALL,
+ 'upt_value'=>$acls_up[FLT_DEFAULT_ALL],
+ 'ovt_value'=>$acls_over[FLT_DEFAULT_ALL],
+ 'description'=>'Default access');
$i=0;
foreach($pkg['fields']['field'] as $field) {
if (($field['fieldname'] == 'dest')/* || ($field['fieldname'] == 'overdest')*/) {
$fld = &$pkg['fields']['field'][$i];
- $fld['description'] .= make_grid_controls('checkbox', $dest_items, $is_acl); // insert to description custom controls
+ $fld['description'] .= make_grid_controls('', $dest_items, $is_acl); // insert to description custom controls
}
$i++;
}
@@ -842,26 +830,32 @@ function make_grid_general_items($id = '')
{
global $config;
+ $bg_color = "bgcolor='#dddddd'";
$res = '';
$res .= "<table width='100%'>";
if ($id == '') {
// Apply
- $res .= "<tr bgcolor='#dddddd'><td><big>For saving configuration YOU need click button 'Save' on bottom of page</big></td></tr>
- <tr><td><big>After changing configuration Squid or squidGuard you must <b><span style='color: #800000;'>apply all changes</span></b></big></td></tr>
+ $res .= "<tr $bg_color><td><big>For saving configuration YOU need click button 'Save' on bottom of page</big></td></tr>
+ <tr><td><big>After changing configuration squidGuard you must <b><span style='color: #800000;'>apply all changes</span></b></big></td></tr>
<tr><td><input name='submit' type='submit' value='Apply'></td></tr>";
// service state
$sgstate = "<span style='color: #800000;'>STOPPED</span>";
- if (is_service_running("squidGuard")) $sgstate = "<span style='color: #008000;'>STARTED</span>";
- $res .= "<tr bgcolor='#dddddd'><td><big>SquidGuard service state: <b>$sgstate</b></big></td></tr>";
+ if (is_service_running("squidGuard"))
+ $sgstate = "<span style='color: #008000;'>STARTED</span>";
+
+ if (is_blacklist_update_started()) {
+ $sgstate .= "<br><span style='color: #800000;'>Wait: began updating the blacklist.<br>New data will be available after some time.<br>After the upgrade, it is necessary to check the configuration.</span>";
+ }
+ $res .= "<tr $bg_color><td><big>SquidGuard service state: <b>$sgstate</b></big></td></tr>";
} else
if ($id == 'gui_log') {
if ($config['installedpackages']['squidguardgeneral']['config'][0]['view_gui_log'] == 'on') {
$log_content = sg_getlog(50);
$log_content = str_replace("\n","<br>", $log_content);
- $res .= "<tr bgcolor='#dddddd'><td><font size='-1'><b>Web GUI log (Latest 50)</b></font></td></tr>";
- $res .= "<tr bgcolor='#dddddd'><td vAlign=top width='100%'><font size='-2'>$log_content</font></td></tr>";
+ $res .= "<tr $bg_color><td><font size='-1'><b>Web GUI log (Latest 50)</b></font></td></tr>";
+ $res .= "<tr $bg_color><td vAlign=top width='100%'><font size='-2'>$log_content</font></td></tr>";
}
}
@@ -873,13 +867,14 @@ function make_grid_general_items($id = '')
// make_grid_blacklist
// -----------------------------------------------------------------------------
function make_grid_blacklist() {
- // button 'Upload URL'
- $res = "<br><input name='submit' value='" . BLACKLIST_BTN_URL . "' type='submit'>";
- if (file_exists(SG_INFO_FILE))
- $res .= "<br><b>Rebuild status:</b><span style='color: #800000;'>" .
- str_replace("\n", "<br>", file_get_contents(SG_INFO_FILE) .
- "</span>");
- return $res;
+ $res = '';
+
+ // button 'Upload URL'
+ $res = "<br><input name='submit' value='" . BLACKLIST_BTN_URL . "' type='submit'>";
+ // button 'Restore last blacklist'
+ $res .= "&nbsp;<input name='submit' value='" . BLACKLIST_BTN_LAST . "' type='submit'>";
+
+ return $res;
}
// -----------------------------------------------------------------------------
@@ -907,49 +902,83 @@ function make_grid_controls($type, $items, $enable_overtime = true) {
$upt_val = $item['upt_value'];
$ovt_val = $item['ovt_value'];
$description = $item['description'];
- $upt_on = '';
- $upt_deny = '';
- $ovt_on = '';
- $ovt_deny = '';
- if ($upt_val) $upt_on = 'CHECKED';
- if ($upt_val == 'deny') $upt_deny = 'CHECKED';
+ $sel = "selected=\"selected\"";
+ $upt_A = $upt_B = $upt_C = $upt_D = '';
+ switch($upt_val) {
+ case "allow": $upt_B = $sel; break;
+ case "white": $upt_C = $sel; break;
+ case "deny" : $upt_D = $sel; break;
+ default: $upt_A = $sel; break;
+ }
- if ($ovt_val) $ovt_on = 'CHECKED';
- if ($ovt_val == 'deny') $ovt_deny = 'CHECKED';
+ $ovt_A = $ovt_B = $ovt_C= $ovt_D = '';
+ switch($ovt_val) {
+ case "allow": $ovt_B = $sel; break;
+ case "white": $ovt_C = $sel; break;
+ case "deny" : $ovt_D = $sel; break;
+ default: $ovt_A = $sel; break;
+ }
+ unset($sel);
$tbl .= "<tr>";
// uptime table
- $tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_UPTIME . "$name\" $upt_on></td>";
+ $tnm = PREFLD_UPTIME . $name;
+ $tbl .= "<td $color></td>";
$tbl .= "<td $color>$description [$name]</td>";
- $tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_UPTIME_DENY . "$name\" $upt_deny></td>";
- $tbl .= "<td $color>deny access</td>";
+ $tbl .= "<td $color>access</td>";
+ $tbl .= "<td $color><select id=$tnm name=\"$tnm\">";
+ if (substr_count($name, "all") === 0) {
+ $tbl .= "<option value=none name=\"----\" $upt_A>----</option>";
+ $tbl .= "<option value=allow name=\"allow\" $upt_B>allow</option>";
+ $tbl .= "<option value=white name=\"white\" $upt_C>white</option>";
+ $tbl .= "<option value=deny name=\"deny\" $upt_D>deny </option>";
+ } else {
+ $tbl .= "<option value=allow name=\"allow\" $upt_B>allow</option>";
+ $tbl .= "<option value=deny name=\"deny\" $upt_D>deny </option>";
+ }
+ $tbl .= "</td>";
+
// overtime table
if ($enable_overtime) {
- $tbl .= "<td $color><input type=\"$type\" name=\"" . PREFLD_OVERTIME . "$name\" $ovt_on></td>";
+ $tnm = PREFLD_OVERTIME . $name;
+ $tbl .= "<td $color></td>";
$tbl .= "<td $color>$description [$name]</td>";
- $tbl .= "<td $color><input type='$type' name=\"" . PREFLD_OVERTIME_DENY . "$name\" $ovt_deny></td>";
- $tbl .= "<td $color>deny access</td>";
- } else {
-
+ $tbl .= "<td $color>access</td>";
+ $tbl .= "<td $color><select id=$tnm name=\"$tnm\">";
+ if (substr_count($name, "all") === 0) {
+ $tbl .= "<option value=none name=\"----\" $ovt_A>----</option>";
+ $tbl .= "<option value=allow name=\"allow\" $ovt_B>allow</option>";
+ $tbl .= "<option value=white name=\"white\" $ovt_C>white</option>";
+ $tbl .= "<option value=deny name=\"deny\" $ovt_D>deny </option>";
+ } else {
+ $tbl .= "<option value=allow name=\"allow\" $ovt_B>allow</option>";
+ $tbl .= "<option value=deny name=\"deny\" $ovt_D>deny </option>";
+ }
+ $tbl .= "</td>";
}
$tbl .= "</tr>";
}
+ # header
if (!empty($tbl)) {
$thdr = '';
+ $hdr1up = "Destinations in uptime";
+ $hdr1ov = "Destinations in overtime";
+ $hdr2up = "Select destinations for uptime rule.";
+ $hdr2ov = "Select destination for overtime rule.";
+ $hds3 = "Access option priority: 1-'white'(whitelist), 2-'deny'(blacklist), 3-'allow', 4-all rule('allow' ro 'deny').";
if ($enable_overtime) {
- $thdr = "<tr>" .
- "<th colspan='4' align=middle>Destinations in uptime</th>" .
- "<th colspan='4' align=middle>Destinations in overtime</th></tr><tr>" .
- "<td colspan='4' align=middle>Select destinations for uptime rule</td>" .
- "<td colspan='4' align=middle>Select destination for overtime rule.<br>" .
- "If time not defined, this part must be ignored</td></tr>";
+ $thdr =
+ "<tr><th colspan='4' align=middle>$hdr1up</th><th colspan='4' align=middle>$hdr1ov</th></tr>" .
+ "<tr><td colspan='4' align=middle>$hdr2up</td><td colspan='4' align=middle>$hdr2ov<br>If <b>'Time'</b> not defined, this part must be ignored</td></tr>" .
+ "<tr><td colspan='8' align=left><hr><b>$hds3</b><hr></td></tr>";
// formatting
$thdr .= "<tr><td/><td width='35%'/><td/><td/><td/><td width='35%'/><td/><td/></tr>";
} else {
- $thdr = "<tr><th colspan='4' align=middle>Destinations in uptime</th></tr>" .
- "<tr><td colspan='4' align=middle>Select destinations for uptime rule</td></tr>";
+ $thdr = "<tr><th colspan='4' align=middle>$hdr1up</th></tr>" .
+ "<tr><td colspan='4' align=middle>$hdr2up</td></tr>" .
+ "<tr><td colspan='4' align=middle><hr><b>$hds3</b><hr></tr>";
// formatting
$thdr .= "<tr><td width='5%'/><td/><td width='5%'/><td width='10%'/></tr>";
}
@@ -1254,21 +1283,6 @@ function convert_pfxml_to_sgxml() {
#
function convert_pfxml_to_sgxml_source($pfconfig) {
$sgxml = array();
-/*
-# --- previous ver ---
- $pfxml = $pfconfig['installedpackages']['squidguardsrc']['config'];
- if (is_array($pfxml)) {
- foreach($pfxml as $pfx) {
- $sgx = array();
- $sgx[FLD_NAME] = $pfx['name'];
- $sgx[FLD_IP] = $pfx['iplist'];
- $sgx[FLD_DOMAINS] = $pfx[FLD_DOMAINS];
- $sgx[FLD_LOG] = $pfx['enablelog'];
- $sgx[FLD_DESCRIPTION] = $pfx['description'];
- $sgxml[FLD_ITEM][] = $sgx;
- }
- }
-*/
$pfxml = $pfconfig['installedpackages']['squidguardacl']['config'];
if (is_array($pfxml)) {
foreach($pfxml as $pfx) {
@@ -1290,7 +1304,6 @@ function convert_pfxml_to_sgxml_source($pfconfig) {
// -----------------------------------------------------------------
function convert_pfxml_to_sgxml_destination($pfconfig) {
$sgxml = array();
-
$pfxml = $pfconfig['installedpackages']['squidguarddest']['config'];
if (is_array($pfxml)) {
foreach($pfxml as $pfx) {
@@ -1451,4 +1464,4 @@ function convert_pfxml_to_sgxml_default($pfconfig) {
return $sgx;
}
-?> \ No newline at end of file
+?>
diff --git a/packages/squidGuard/squidguard_configurator.inc b/packages/squidGuard/squidguard_configurator.inc
index df293258..ba6d9d1a 100644
--- a/packages/squidGuard/squidguard_configurator.inc
+++ b/packages/squidGuard/squidguard_configurator.inc
@@ -101,11 +101,9 @@ define('REDIRECT_URL_ARGS', '&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u');
# ------------------------------------------------------------------------------
# squidguard system defines
# ------------------------------------------------------------------------------
-# !check this!
define('SQUID_CONFIGFILE', '/usr/local/etc/squid/squid.conf');
define('TMP_DIR', '/var/tmp');
-# not need for check
define('SQUIDGUARD_CONFIGFILE', '/squidGuard.conf');
define('SQUIDGUARDCONF_LOGFILE', '/sg_configurator.log');
define('SQUIDGUARD_ACCESSBLOCK_FILE', 'block.log');
@@ -115,6 +113,9 @@ define('SQUIDGUARD_WORKDIR_DEF', '/usr/local/etc/squidGuard');
define('SQUIDGUARD_BINPATH_DEF', '/usr/local/bin');
define('SQUIDGUARD_TMP', '/var/tmp/squidGuard'); // SG temp
define('SQUIDGUARD_VAR', '/var/squidGuard'); // SG variables
+define('SQUIDGUARD_STATE', '/squidGuard.state');
+define('SQUIDGUARD_STATE', '/squidGuard.state');
+define('SQUIDGUARD_REBUILD', '/squidGuard.rebuild');
# DB home catalog contains 'Blacklist' and 'User' sub-catalogs
define('SQUIDGUARD_DBHOME_DEF', '/var/db/squidGuard');
@@ -129,10 +130,14 @@ define('BLACKLIST_ARCHIVE', '/blacklists.tar');
define('BLK_LOCALFILE', '/tmp/sg_blacklists.tar');
define('DB_REBUILD_SH', '/tmp/squidGuard_db_rebuild.sh');
define('DB_REBUILD_CONF', '/tmp/squidGuard_db_rebuild.conf');
+define('DB_REBUILD_BLK_CONF', '/squidGuard_blk_rebuild.conf');
define('BLK_TEMP', '/tmp/sg_blk');
define('SG_BLK_ARC', '/arcdb'); // blk db archive
define('SG_INFO_FILE', '/var/squidGuard/sg_db_upd.inf');
+# errors
+define('SG_ERR0', "Error! Check squidGuard configuration data.");
+
# ------------------------------------------------------------------------------
# debug options
# ------------------------------------------------------------------------------
@@ -143,10 +148,9 @@ define('DEBUG_MAKE_SQUIDGUARD_CONFIG', 'true');
# GUI options
define('SQUIDGUARD_LOG_MAXCOUNT', 1000); // max log lines
# 0-all, 1-medium; 2-low
-define('SQUIDGUARD_LOG_LEVEL', 1);
+define('SQUIDGUARD_LOG_LEVEL', 0);
# ------------------------------------------------------------------------------
-#
define('FLT_DEFAULT_ALL', 'all');
define('FLT_NOTALLOWIP', '!in-addr');
@@ -154,8 +158,10 @@ define('FLT_NOTALLOWIP', '!in-addr');
# owner user name (squid system user - need for define rights access)
# ------------------------------------------------------------------------------
define('OWNER_NAME', 'proxy');
+
+# ------------------------------------------------------------------------------
+# Debug
# ------------------------------------------------------------------------------
-#
define('DEBUG_ON', 'true');
# ==============================================================================
@@ -178,9 +184,9 @@ define('FLT_WAREZ', 'warez');
# ==============================================================================
# SquidGuard Configurator
# ==============================================================================
-$squidguard_config = array(); // squidGuard config array
+$squidguard_config = array(); # squidGuard config array
-// call default init
+# call default init
sg_init();
# ------------------------------------------------------------------------------
@@ -255,11 +261,10 @@ function sg_init($init = '') {
$squidguard_config[FLD_BINPATH] = SQUIDGUARD_BINPATH_DEF;
$squidguard_config[FLD_SQUIDCONFIGFILE] = SQUID_CONFIGFILE;
$squidguard_config[FLD_PROCCESSCOUNT] = REDIRECTOR_PROCESS_COUNT;
- sg_addlog("sg_init: default initialization squidguard_config");
} else {
$squidguard_config = $init;
- sg_addlog("sg_init: ext initialization squidguard_config");
}
+ sg_addlog("sg_init: Start.", 0);
return $squidguard_config;
}
@@ -271,15 +276,15 @@ function sg_load_configxml($filename) {
sg_init();
if (file_exists($filename)) {
$xmlconf = file_get_contents($filename);
- sg_addlog("sg_load_configxml: load config from $filename", 1);
+ sg_addlog("sg_load_configxml: Begin with '$filename'", 1);
if (!empty($xmlconf)) {
$squidguard_config = $xmlconf[FLD_SQUIDGUARD];
- sg_addlog("sg_load_configxml: update config success.", 1);
+ sg_addlog("sg_load_configxml: Update success.", 1);
} else
- sg_addlog("sg_load_configxml: update config error.", 2);
+ sg_addlog("sg_load_configxml: Error - nothing for update from '$filename'.", 2);
} else
- sg_addlog("sg_load_configxml: error load config from $filename - file not exists.", 2);
+ sg_addlog("sg_load_configxml: Error file '$filename' not exists.", 2);
}
# ------------------------------------------------------------------------------
@@ -297,7 +302,9 @@ function sg_save_configxml($filename) {
# ------------------------------------------------------------------------------
function sg_reconfigure() {
global $squidguard_config;
- sg_addlog("sg_reconfigure: start.");
+ $conf_file = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARD_CONFIGFILE;
+
+ sg_addlog("sg_reconfigure: Begin.", 0);
// 1. check system
sg_check_system();
@@ -306,31 +313,27 @@ function sg_reconfigure() {
sg_reconfigure_user_db();
// 3. generate squidGuard config
- $conf_file = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARD_CONFIGFILE;
- $conf = sg_build_config();
+ $conf = sg_create_config();
if ($conf) {
-# $conf = implode("\n", $conf);
if ($squidguard_config[FLD_WORKDIR])
$conf_file = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_CONFIGFILE;
file_put_contents($conf_file, $conf);
file_put_contents('/usr/local/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); // << squidGuard want config '/usr/local/etc/squid' by default
- set_file_access($squidguard_config[FLD_WORKDIR], OWNER_NAME, 0755);
- sg_addlog("sg_reconfigure: generate squidGuard config and save to $conf_file.", 1);
+ set_file_access($squidguard_config[FLD_WORKDIR], OWNER_NAME, 0664);
+ sg_addlog("sg_reconfigure: Generate squidGuard config and save to '$conf_file'.", 1);
}
// 4. reconfigure squid
squid_reconfigure();
-
- sg_addlog("sg_reconfigure: end.");
}
-// ------------------------------------------------------------
-// squid_reconfigure
-// Insert in '/usr/local/squid/etc/squid.conf' options:
-// redirector_bypass on
-// redirect_program /usr/local/squidGuard/bin/squidGuard -c /path_to_config_file
-// redirect_children 1
-// ------------------------------------------------------------
+# ------------------------------------------------------------------------------
+# squid_reconfigure
+# Insert in '/usr/local/squid/etc/squid.conf' options:
+# redirector_bypass on
+# redirect_program /usr/local/squidGuard/bin/squidGuard -c /path_to_config_file
+# redirect_children 1
+# ------------------------------------------------------------------------------
function squid_reconfigure($remove_only = '') {
global $config;
@@ -338,7 +341,7 @@ function squid_reconfigure($remove_only = '') {
$conf = '';
$cust_opt = $config['installedpackages']['squid']['config'][0]['custom_options'];
- sg_addlog("squid_reconfigure: begin");
+ sg_addlog("squid_reconfigure: Begin.", 0);
// remove old options
if (!empty($cust_opt)) {
@@ -350,7 +353,7 @@ function squid_reconfigure($remove_only = '') {
(strpos($t_opt, REDIRECT_CHILDREN_OPT) === 0))
unset($conf[$key]);
}
- sg_addlog("squid_reconfigure: remove old redirector options from Squid config.", 1);
+ sg_addlog("squid_reconfigure: Remove old redirector options from Squid config.", 1);
}
// add new options - if squidGuard enabled
@@ -363,22 +366,22 @@ function squid_reconfigure($remove_only = '') {
$conf[] = REDIRECT_BYPASS_OPT . " on";
$conf[] = REDIRECT_CHILDREN_OPT . " " . REDIRECTOR_PROCESS_COUNT;
- sg_addlog("squid_reconfigure: add new redirector options to Squid config.", 1);
+ sg_addlog("squid_reconfigure: Add new redirector options to Squid config.", 1);
}
// update config
if (is_array($conf))
$conf = implode(";", $conf);
$config['installedpackages']['squid']['config'][0]['custom_options'] = $conf;
- write_config('Update squidGuard option to squid config.');
+ write_config('Update redirector options to squid config.');
squid_resync();
}
-// ------------------------------------------------------------
-// sg_check_system
-// - check squidguard catalog's and access right's
-// ------------------------------------------------------------
+# ------------------------------------------------------------------------------
+# sg_check_system
+# - check squidguard catalog's and access right's
+# ------------------------------------------------------------------------------
function sg_check_system() {
global $squidguard_config;
@@ -387,10 +390,9 @@ function sg_check_system() {
if (!empty($work_dir)) {
// check dir's
if (!file_exists($work_dir)) {
- mwexec("mkdir -p " . $work_dir);
- sg_addlog("Create work dir $work_dir", 1);
- // set access right
- set_file_access($work_dir, OWNER_NAME, 0755);
+ mwexec("mkdir -p $work_dir");
+ set_file_access($work_dir, OWNER_NAME, 0664);
+ sg_addlog("sg_check_system: Create work dir '$work_dir'.", 1);
}
}
unset($work_dir);
@@ -399,12 +401,12 @@ function sg_check_system() {
$log_dir = $squidguard_config[FLD_LOGDIR];
if (!empty($log_dir)) {
if (!file_exists($log_dir)) {
- mwexec("mkdir -p " . $log_dir);
- sg_addlog("Create log dir $log_dir", 1);
+ mwexec("mkdir -p $log_dir");
+ sg_addlog("sg_check_system: Create log dir '$log_dir'.", 1);
}
// set access right - need start any time;
// (SG possible start from console and log file will have only root access)
- set_file_access($log_dir, OWNER_NAME, 0755);
+ set_file_access($log_dir, OWNER_NAME, 0664);
}
unset($log_dir);
@@ -413,10 +415,10 @@ function sg_check_system() {
if (!empty($db_dir)) {
if (!file_exists($db_dir)) {
mwexec("mkdir -p $db_dir");
- $sg_addlog("Create db dir $db_dir", 1);
+ sg_addlog("sg_check_system: Create db dir '$db_dir'.", 1);
}
// set access right
- set_file_access($db_dir, OWNER_NAME, 0755);
+ set_file_access($db_dir, OWNER_NAME, 0664);
}
unset($db_dir);
}
@@ -430,98 +432,91 @@ function sg_reconfigure_user_db() {
global $squidguard_config;
$dbhome = $squidguard_config[FLD_DBHOME];
- sg_addlog("sg_reconfigure_user_db: begin at '$dbhome'", 1);
+ sg_addlog("sg_reconfigure_user_db: Begin with '$dbhome'", 1);
// create user DB catalog, if not extsts
if (!file_exists($dbhome)) {
- if (!mkdir($dbhome, 0755)) {
- sg_addlog("sg_reconfigure_user_db: ERROR create user DB directory $dbhome", 2);
+ if (!mkdir($dbhome, 0664)) {
+ sg_addlog("sg_reconfigure_user_db: Error create user DB directory '$dbhome'.", 2);
return;
}
- set_file_access($dbhome, OWNER_NAME, 0755);
- sg_addlog("sg_reconfigure_user_db: Create user DB directory $dbhome", 1);
+ set_file_access($dbhome, OWNER_NAME, 0664);
+ sg_addlog("sg_reconfigure_user_db: Create user DB directory '$dbhome'.", 1);
}
// update destinations to db
$dests = $squidguard_config[FLD_DESTINATIONS];
if(!empty($dests)){
$dst_names = Array();
- $dst_list = Array(); // destinations list
+ $dst_list = Array();
- sg_addlog("sg_reconfigure_user_db: add user entries", 1);
+ sg_addlog("sg_reconfigure_user_db: Add user entries", 1);
foreach($dests[FLD_ITEM] as $dst) {
$path = "$dbhome/" . $dst[FLD_NAME];
- $dst_names[] = $path;
+ $dst_names[] = $path;
$dst_list["usr_{$dst[FLD_NAME]}"] = $dst[FLD_NAME];
// 1. check destination catalog and create them, if need
if (!file_exists($path)) {
- if (!mkdir ($path, 0755)) {
- sg_addlog("sg_reconfigure_user_db: ERROR create dir $path", 2);
+ if (!mkdir ($path, 0664)) {
+ sg_addlog("sg_reconfigure_user_db: Error create dir '$path'.", 2);
return;
}
- sg_addlog("sg_reconfigure_user_db: Create dir $path", 1);
+ sg_addlog("sg_reconfigure_user_db: Create dir '$path'.", 1);
}
// 2. build domains file
$domains = $dst[FLD_DOMAINS];
if (!empty($domains)) {
- $content = str_replace(" ", "\n", $domains);
- $content = trim($content);
+ $content = trim(str_replace(" ", "\n", $domains));
file_put_contents($path . '/domains', $content);
- sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} domains '$domains'", 1);
+ sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} domains '$domains';", 1);
}
unset($domains);
// 3. build urls file
$urls = $dst[FLD_URLS];
if (!empty($urls)) {
- $content = str_replace(" ", "\n", $urls);
- $content = trim($content);
+ $content = trim(str_replace(" ", "\n", $urls));
file_put_contents($path . '/urls', $content);
- sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} urls '$content'", 1);
+ sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} urls '$content';", 1);
}
unset($urls);
// 4. build expression file
$expr = $dst[FLD_EXPRESSIONS];
if (!empty($expr)) {
- $content = str_replace("|", " ", $expr);
- $content = trim($content); // delete first and last unnecessary '|' symbols
+ $content = trim(str_replace("|", " ", $expr)); // delete first and last unnecessary '|' symbol
$content = str_replace(" ", "|", $content);
file_put_contents($path . '/expressions', $content);
- sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} expressions '$content'", 1);
+ sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} expressions '$content';", 1);
}
unset($expr);
}
- // 4. recursive set files access
- set_file_access($dbhome, OWNER_NAME, 0755);
+ // 5. recursive set files access
+ set_file_access($dbhome, OWNER_NAME, 0664);
- // 5. rebuild user db ('/var/db/squidGuard')
+ // 6. rebuild user db ('/var/db/squidGuard')
sg_rebuild_db("_usrdb", $dbhome, $dst_list);
-
} else
- sg_addlog("sg_reconfigure_user_db: STOPPED; User destinations list empty", 2);
+ sg_addlog("sg_reconfigure_user_db: Nothing. User destinations list empty.", 2);
- // 6. remove unused db entries
+ // 7. remove unused db entries
sg_remove_unused_db_entries();
-
- sg_addlog("sg_reconfigure_user_db: end.", 1);
}
-// ------------------------------------------------------------
-// sg_remove_unused_db_entries
-// - remove unused DB entries
-// ------------------------------------------------------------
+# ------------------------------------------------------------------------------
+# sg_remove_unused_db_entries
+# ------------------------------------------------------------------------------
function sg_remove_unused_db_entries() {
global $squidguard_config;
$db_entries = array();
$file_list = '';
- $dbhome = $squidguard_config[FLD_DBHOME];
+ $dbhome = $squidguard_config[FLD_DBHOME];
$workdir = $squidguard_config[FLD_WORKDIR];
- sg_addlog("sg_remove_unused_db_entries: begin");
+ sg_addlog("sg_remove_unused_db_entries: Begin.", 0);
// black list entries
// * worked only with 'blacklist entries list file - else may be deleted black list entry
@@ -541,8 +536,9 @@ function sg_remove_unused_db_entries() {
// diff between file list and entries list
$file_list = scan_dir($dbhome);
- if (is_array($file_list) and is_array($db_entries))
+ if (is_array($file_list) and is_array($db_entries)) {
$file_for_del = array_diff($file_list, $db_entries);
+ }
// delete
if (is_array($file_for_del) and !empty($file_for_del)) {
@@ -550,10 +546,10 @@ function sg_remove_unused_db_entries() {
$file_fd = "$dbhome/$fd";
if (($fd != "") && ($fd != ".") && ($fd != "..")) {
if (file_exists($file_fd)) {
- mwexec("rm -R . $file_fd");
- sg_addlog("sg_remove_unused_db_entries: Removed file '$file_fd'", 1);
+ mwexec("rm -R $file_fd");
+ sg_addlog("sg_remove_unused_db_entries: Removed file '$file_fd'.", 1);
} else
- sg_addlog("sg_remove_unused_db_entries: File $file_fd not found", 2);
+ sg_addlog("sg_remove_unused_db_entries: File'$file_fd' not found.", 2);
}
}
}
@@ -569,7 +565,6 @@ function sg_remove_unused_db_entries() {
# dest_DB_path - path without '$rdb_dbhome'
# example: ['ads_ban']='ads/banners' -> '/var/db/squidGuard/ads/banners'
# ------------------------------------------------------------------------------
-
function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist) {
global $squidguard_config;
$conf = '';
@@ -585,7 +580,7 @@ function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist) {
$conf_path = "/tmp/squidGuard_rebuild.conf" . $shtag;
// make rebuild config; include all found dest items
- $conf = sg_create_rebuild_config($dbhome, $rdb_itemslist);
+ $conf = sg_create_simple_config($dbhome, $rdb_itemslist);
file_put_contents($conf_path, $conf);
set_file_access($conf_path, OWNER_NAME, 0750);
sg_addlog("sg_rebuild_db: Create temporary config '$conf_path'.", 1);
@@ -594,8 +589,7 @@ function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist) {
$sh_scr = Array();
$sh_scr[] = "#!/bin/sh";
$sh_scr[] = "cd $dbhome";
- $cmd = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $conf_path -C all";
- $sh_scr[] = $cmd;
+ $sh_scr[] = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $conf_path -C all";
$sh_scr[] = "wait"; // wait while SG rebuild DB
// set DB owner and right access
@@ -609,77 +603,16 @@ function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist) {
$shfile = DB_REBUILD_SH . $shtag;
file_put_contents($shfile, $sh_scr);
set_file_access($shfile, OWNER_NAME, 0750);
- mwexec_bg($shfile);
+ # ! not background exec !
+ mwexec($shfile);
sg_addlog("sg_rebuild_db: Started SH script '$shfile'.", 1);
- sg_addlog("sg_rebuild_db: End.");
}
+# ==============================================================================
+# Log
# ------------------------------------------------------------------------------
-# sg_create_rebuild_config
-# Create config for DB rebuilding
-# Default rule - block all
-# Variables:
-# $blk_dbhome - temporary DB home dir, may be different with DBHOME
-# $blk_destlist - is array as [dst_name] = 'path',
-# where path - catalog without dbhome path
-# For example: dbhome is '/var/db/squidGuard/',
-# path can be 'usr/ads' or 'bl/poxy'
+# sg_addlog
# ------------------------------------------------------------------------------
-function sg_create_rebuild_config($blk_dbhome, $blk_destlist) {
- global $squidguard_config;
- $sgconf = array();
- $logdir = $squidguard_config[FLD_LOGDIR];
- $dbhome = $squidguard_config[FLD_DBHOME];
-
- // current dbhome dir
- if (!empty($blk_dbhome)) $dbhome = $blk_dbhome;
- sg_addlog("sg_create_rebuild_config: Begin with dbhome='$dbhome'.", 1);
-
- // header
- $sgconf[] = CONFIG_SG_HEADER;
-
- // init section
- $sgconf[] = "logdir $logdir";
- $sgconf[] = "dbhome $dbhome";
- $sgconf[] = "";
-
- // destination section
- if (is_array($blk_destlist)) {
- foreach($blk_destlist as $dst => $dpath) {
- $tmp_s = array();
- // check item elements
- if (file_exists("$dbhome/$dpath/domains")) $tmp_s[] = "\t domainlist $dpath/domains";
- if (file_exists("$dbhome/$dpath/urls")) $tmp_s[] = "\t urllist $dpath/urls";
- if (file_exists("$dbhome/$dpath/expressions")) $tmp_s[] = "\t expressionlist $dpath/expressions";
- // create only valid items
- if (!empty($tmp_s)) {
- $sgconf[] = "dest $dst {";
- $sgconf[] = implode("\n", $tmp_s);
- $sgconf[] = "}";
- $sgconf[] = "";
- sg_addlog("sg_create_rebuild_config: -- added item '$dst' = '$dbhome/$dpath'.", 1);
- } else
- sg_addlog("sg_create_rebuild_config: -- ignored empty item '$dst' = '$dbhome/$dpath'.", 2);
- }
- }
-
- // acl section
- $sgconf[] = "acl {";
- $sgconf[] = "\t default {";
- $sgconf[] = "\t\t pass all"; // yes, now this 'pass all' - this is only temp config
- $sgconf[] = "\t\t redirect " . sg_redirector_base_url('404', true); // use sgerror only!
- $sgconf[] = "\t }";
- $sgconf[] = "}";
-
- sg_addlog("sg_create_rebuild_config: End.");
- return implode("\n", $sgconf);
-}
-
-// ============================================================
-// Log
-// ------------------------------------------------------------
-// sg_addlog
-// ------------------------------------------------------------
function sg_addlog($log, $level = 0) {
global $squidguard_config;
@@ -698,7 +631,7 @@ function sg_addlog($log, $level = 0) {
if (file_exists($squidguard_config[FLD_LOGDIR]))
$logfile = $squidguard_config[FLD_LOGDIR] . SQUIDGUARDCONF_LOGFILE;
} else
- $log_content[] = "$dt : " . "sg_addlog: ERROR: squidguard_config is empty";
+ $log_content[] = "$dt : " . "sg_addlog: Error: squidguard_config is empty";
$tmplog = '';
if (file_exists($logfile))
@@ -712,9 +645,9 @@ function sg_addlog($log, $level = 0) {
file_put_contents($logfile, implode("\n", $log_content));
}
-// ------------------------------------------------------------
-// sg_getlog
-// ------------------------------------------------------------
+# ------------------------------------------------------------------------------
+# sg_getlog
+# ------------------------------------------------------------------------------
function sg_getlog($last_entries_count) {
global $squidguard_config;
$log_content = '';
@@ -737,108 +670,29 @@ function sg_getlog($last_entries_count) {
return $log_content;
}
-# -------------------------------------------------------------
-# sg_build_default_config
-# default rule - block all
-# $dest_list - is array as [dst_name] = path, where path - without dbhome
-# For example: dbhome is '/var/db/squidGuard', path can be 'usr/ads' or 'bl/poxy'
-# -------------------------------------------------------------
-function sg_build_default_config() {
- global $squidguard_config;
- $sgconf = array();
-
- // header
- $sgconf[] = CONFIG_SG_HEADER;
- // init section
- $sgconf[] = "logdir {$squidguard_config[FLD_LOGDIR]}";
- $sgconf[] = "dbhome {$squidguard_config[FLD_DBHOME]}";
- $sgconf[] = "";
- // acl section
- $sgconf[] = "acl {";
- $sgconf[] = "\t default {";
- $sgconf[] = "\t\t pass none";
- $sgconf[] = "\t\t redirect " . sg_redirector_base_url('404 Check proxy filter settings on errors.', true); # use only sgerror.php
- $sgconf[] = "\t }";
- $sgconf[] = "}";
-
- sg_addlog("sg_build_default_config: ATTENTION! Created default configuration. All content will blocked.", 2);
- sg_addlog("sg_build_default_config: End.");
- return implode("\n", $sgconf);
-}
-
-// ------------------------------------------------------------------------------------------------
-// sg_redirector_base_url
-// $url - url where redirect to
-// $use_internal - ignore 'Redirect mode' option, use internal (for rebuild config, for example)
-// ------------------------------------------------------------------------------------------------
-function sg_redirector_base_url($url, $use_internal = false) {
- global $squidguard_config;
- $rdr_path = '';
-
- // Redirect option must have any valid URL
- // 301:redirect_url
- if (!$use_internal and !empty($url) and ($squidguard_config[FLD_REDIRECTMODE] === 'rmod_301')) {
- $rdr_path = "301:$url";
- }
- // 302:redirect_url
- elseif (!$use_internal and !empty($url) and ($squidguard_config[FLD_REDIRECTMODE] === 'rmod_302')) {
- $rdr_path = "302:$url";
- }
- // sgerror.php
- else {
- $rdr_path = REDIRECT_BASE_URL;
-
- // check GUI port settings
- if (isset($squidguard_config[FLD_CURRENT_GUI_PORT]) and !empty($squidguard_config[FLD_CURRENT_GUI_PORT])) {
- $rdr_path = ":" . $squidguard_config[FLD_CURRENT_GUI_PORT] . $rdr_path;
- }
-
- // check Lan IP port settings
- $rdr_path = $squidguard_config[FLD_CURRENT_LAN_IP] . $rdr_path;
-
- // check GUI protocol settings
- if ($squidguard_config[FLD_CURRENT_GUI_PROTO] === "https")
- $rdr_path = "https://" . $rdr_path;
- else $rdr_path = "http://" . $rdr_path;
-
- // arguments
- // Attention:
- // order arg's must be: first-URL, last-SG variables
- // SG have bug, what broke data after his var's
- $tmp_url = ltrim($url);
- // not need encoded url string. only err_code line
- if (eregi("^https{0,1}://", $tmp_url) === false)
- $tmp_url = rawurlencode($tmp_url);
- $rdr_path = $rdr_path . "?url=" . $tmp_url . REDIRECT_URL_ARGS; // rawurlencode($tmp_url) . REDIRECT_URL_ARGS;
- unset($tmp_url);
- }
-
- sg_addlog("sg_redirector_base_url: select redirector base url ($rdr_path)", 1);
- sg_addlog("sg_redirector_base_url: End.");
- return $rdr_path;
-}
-// ------------------------------------------------------------
-// sg_build_config
-// ------------------------------------------------------------
-function sg_build_config() {
+# ==============================================================================
+# make config
+# ==============================================================================
+# sg_create_config
+# ------------------------------------------------------------------------------
+function sg_create_config() {
global $squidguard_config;
$sgconf = array();
-# $redirect_base_url = REDIRECT_BASE_URL;
- sg_addlog("sg_build_config: create squidGuard config.");
+ sg_addlog("sg_create_config: Create squidGuard config.");
if(!is_array($squidguard_config)) {
- sg_addlog("sg_build_config: error configuration in squidguard_config.", 2);
- return sg_build_default_config();
+ sg_addlog("sg_create_config: Error configuration in squidguard_config.", 2);
+ return sg_create_simple_config('', '', SG_ERR0 . " (sg_create_config: [1]).");
}
// check configuration data
- sg_addlog("sg_build_config: checking configuration data.");
+ sg_addlog("sg_create_config: Checking configuration data.");
$s = sg_check_config_data();
if ($s) {
- sg_addlog("sg_build_config: error configuration data. It's all errors: \n$s", 2);
- sg_addlog("sg_build_config: terminated.", 2);
- return sg_build_default_config();
+ sg_addlog("sg_create_config: Error configuration data. It's all errors: \n$s", 2);
+ sg_addlog("sg_create_config: Terminated.", 2);
+ return sg_create_simple_config('', '', SG_ERR0 . " (sg_create_config: [2]).");
}
unset($s);
@@ -851,7 +705,7 @@ function sg_build_config() {
// --- Times ---
if ($squidguard_config[FLD_TIMES]) {
- sg_addlog("sg_build_config: add times", 1);
+ sg_addlog("sg_create_config: add times", 1);
foreach($squidguard_config[FLD_TIMES][FLD_ITEM] as $tm) {
$sgconf[] = "";
if ($tm[FLD_DESCRIPTION])
@@ -873,7 +727,7 @@ function sg_build_config() {
// --- Sources ---
if ($squidguard_config[FLD_SOURCES]) {
- sg_addlog("sg_build_config: add sources", 1);
+ sg_addlog("sg_create_config: add sources", 1);
foreach($squidguard_config[FLD_SOURCES][FLD_ITEM] as $src) {
$sgconf[] = "";
if ($src[FLD_DESCRIPTION])
@@ -905,7 +759,7 @@ function sg_build_config() {
if (($squidguard_config[FLD_BLACKLISTENABLED] === 'on') and $db_entries) {
$log_entr_added = '';
$log_entr_ignored = '';
- sg_addlog("sg_build_config: add blacklist entries", 1);
+ sg_addlog("sg_create_config: add blacklist entries", 1);
foreach($db_entries as $key => $ent) {
$ent_state = array();
$file_dms = $squidguard_config[FLD_DBHOME] . "/$ent/domains";
@@ -945,16 +799,16 @@ function sg_build_config() {
// log 'added'
if (!empty($log_entr_added))
- sg_addlog("sg_build_config: added: \n $log_entr_added \n", 1);
+ sg_addlog("sg_create_config: added: \n $log_entr_added \n", 1);
// log 'ignored'
if (!empty($log_entr_ignored))
- sg_addlog("sg_build_config: ignored: \n $log_entr_ignored \n", 2);
+ sg_addlog("sg_create_config: ignored: \n $log_entr_ignored \n", 2);
}
// --- Destinations ---
if ($squidguard_config[FLD_DESTINATIONS]) {
- sg_addlog("sg_build_config: add destinations", 1);
+ sg_addlog("sg_create_config: add destinations", 1);
$sgconf[] = "";
$log_entr_added = '';
foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) {
@@ -978,13 +832,13 @@ function sg_build_config() {
}
// log
if (!empty($log_entr_added))
- sg_addlog("sg_build_config: added: \n $log_entr_added \n", 1);
- else sg_addlog("sg_build_config: added: Nothing.", 1);
+ sg_addlog("sg_create_config: added: \n $log_entr_added \n", 1);
+ else sg_addlog("sg_create_config: added: Nothing.", 1);
}
// --- Rewrites ---
if ($squidguard_config[FLD_REWRITES]) {
- sg_addlog("sg_build_config: add rewrites.", 1);
+ sg_addlog("sg_create_config: add rewrites.", 1);
$log_entr_added = '';
$log_entr_err = '';
foreach($squidguard_config[FLD_REWRITES][FLD_ITEM] as $rew) {
@@ -1002,20 +856,19 @@ function sg_build_config() {
}
// log
if (!empty($log_entr_added))
- sg_addlog("sg_build_config: added: \n $log_entr_added", 1);
+ sg_addlog("sg_create_config: added: \n $log_entr_added", 1);
if (!empty($log_entr_err))
- sg_addlog("sg_build_config: ERROR: \n $log_entr_err ", 2);
- else sg_addlog("sg_build_config: added: Nothing.", 1);
+ sg_addlog("sg_create_config: ERROR: \n $log_entr_err ", 2);
+ else sg_addlog("sg_create_config: added: Nothing.", 1);
}
# ----------------------------------------
$entry_blacklist = sg_entries_blacklist();
// --- ACL ---
- $sgconf[] = "";
$sgconf[] = "acl {";
if ($squidguard_config[FLD_ACLS]) {
- sg_addlog("sg_build_config: add ACL", 1);
+ sg_addlog("sg_create_config: add ACL", 1);
$log_entr_added = '';
foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) {
@@ -1025,19 +878,25 @@ function sg_build_config() {
// delete blacklist entries from 'pass' if blacklist disabled
if (is_array($entry_blacklist) and !empty($entry_blacklist)) {
- foreach($entry_blacklist as $entry) {
- $tk = array_search($entry, $tarray);
- if ($tk !== false) unset ($tarray[$tk]);
+ foreach($entry_blacklist as $entry) {
+ $tk = array_search($entry, $tarray);
+ if ($tk !== false) unset ($tarray[$tk]);
+
+ $tk = array_search("!$entry", $tarray);
+ if ($tk !== false) unset($tarray[$tk]);
- $tk = array_search("!$entry", $tarray);
- if ($tk !== false) unset($tarray[$tk]);
+ $tk = array_search("^$entry", $tarray);
+ if ($tk !== false) unset($tarray[$tk]);
- $tk = array_search($entry, $varray);
- if ($tk !== false) unset ($varray[$tk]);
+ $tk = array_search($entry, $varray);
+ if ($tk !== false) unset ($varray[$tk]);
- $tk = array_search("!$entry", $varray);
- if ($tk !== false) unset ($varray[$tk]);
- }
+ $tk = array_search("!$entry", $varray);
+ if ($tk !== false) unset ($varray[$tk]);
+
+ $tk = array_search("^$entry", $varray);
+ if ($tk !== false) unset ($varray[$tk]);
+ }
}
$acl[FLD_DESTINATIONNAME] = implode (" ", $tarray);
@@ -1103,13 +962,13 @@ function sg_build_config() {
}
// log
if (!empty($log_entr_added))
- sg_addlog("sg_build_config: added: \n $log_entr_added \n", 1);
- else sg_addlog("sg_build_config: added: Nothing.", 1);
+ sg_addlog("sg_create_config: added: \n $log_entr_added \n", 1);
+ else sg_addlog("sg_create_config: added: Nothing.", 1);
}
// --- Default ---
$def = $squidguard_config[FLD_DEFAULT];
- sg_addlog("sg_build_config: add Default", 1);
+ sg_addlog("sg_create_config: add Default", 1);
if ($def) {
// delete blacklist entries from 'pass' if blacklist disabled
if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') {
@@ -1145,7 +1004,7 @@ function sg_build_config() {
} // if def
else {
- sg_addlog("sg_build_config: error - ACL 'default' is empty, use as default 'block all'.", 2);
+ sg_addlog("sg_create_config: error - ACL 'default' is empty, use as default 'block all'.", 2);
$sgconf[] = "\t default { ";
$sgconf[] = "\t\t pass none";
$sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url;
@@ -1156,10 +1015,121 @@ function sg_build_config() {
$sgconf[] = "}";
return implode("\n", $sgconf);
-# return $sgconf;
}
+# ------------------------------------------------------------------------------
+# sg_create_simple_config
+# Create config for DB rebuilding
+# Default rule - block all
+# Variables:
+# $blk_dbhome - temporary DB home dir, may be different with DBHOME
+# $blk_destlist - is array as [dst_name] = 'path',
+# where path - catalog without dbhome path
+# For example: dbhome is '/var/db/squidGuard/',
+# path can be 'usr/ads' or 'bl/poxy'
+# $redirect_to - redirector string
+# ------------------------------------------------------------------------------
+function sg_create_simple_config($blk_dbhome, $blk_destlist, $redirect_to = "404") {
+ global $squidguard_config;
+ $sgconf = array();
+ $logdir = $squidguard_config[FLD_LOGDIR];
+ $dbhome = $squidguard_config[FLD_DBHOME];
+
+ // current dbhome dir
+ if (!empty($blk_dbhome)) $dbhome = $blk_dbhome;
+ sg_addlog("sg_create_simple_config: Begin with dbhome='$dbhome'.", 1);
+
+ // header
+ $sgconf[] = CONFIG_SG_HEADER;
+
+ // init section
+ $sgconf[] = "logdir $logdir";
+ $sgconf[] = "dbhome $dbhome";
+ $sgconf[] = "";
+
+ // destination section
+ if (is_array($blk_destlist)) {
+ foreach($blk_destlist as $dst => $dpath) {
+ $tmp_s = array();
+
+ // check item elements
+ if (file_exists("$dbhome/$dpath/domains")) $tmp_s[] = "\t domainlist $dpath/domains";
+ if (file_exists("$dbhome/$dpath/urls")) $tmp_s[] = "\t urllist $dpath/urls";
+ if (file_exists("$dbhome/$dpath/expressions")) $tmp_s[] = "\t expressionlist $dpath/expressions";
+
+ // create only valid items
+ if (!empty($tmp_s)) {
+ $tmp_s = implode("\n", $tmp_s);
+ $sgconf[] = "dest $dst {\n $tmp_s \n}\n";
+ sg_addlog("sg_create_simple_config: -- added item '$dst' = '$dbhome/$dpath'.");
+ } else
+ sg_addlog("sg_create_simple_config: -- ignored empty item '$dst' = '$dbhome/$dpath'.");
+ }
+ }
+
+ // acl section
+ $sgconf[] = "acl {\n\t default {\n\t\t pass all ";
+ $sgconf[] = "\t\t redirect " . sg_redirector_base_url($redirect_to, true); // use sgerror only!
+ $sgconf[] = "\t } \n}";
+
+ sg_addlog("sg_create_simple_config: End.");
+ return implode("\n", $sgconf);
+}
+
+# -------------------------------------------------------------------------------------------------
+# sg_redirector_base_url
+# $url - url where redirect to
+# $use_internal - ignore 'Redirect mode' option, use internal (for rebuild config, for example)
+#
+# -------------------------------------------------------------------------------------------------
+function sg_redirector_base_url($url, $use_internal = false) {
+ global $squidguard_config;
+ $rdr_path = '';
+
+ // Redirect option must have any valid URL
+ // 301:redirect_url
+ $rdrmode = $squidguard_config[FLD_REDIRECTMODE];
+ if (!$use_internal and !empty($url) and ($rdrmode === 'rmod_301')) {
+ $rdr_path = "301:$url";
+ }
+ // 302:redirect_url
+ elseif (!$use_internal and !empty($url) and ($rdrmode === 'rmod_302')) {
+ $rdr_path = "302:$url";
+ }
+ // sgerror.php
+ else {
+ $rdr_path = REDIRECT_BASE_URL;
+
+ // check GUI port settings
+ if (isset($squidguard_config[FLD_CURRENT_GUI_PORT]) and !empty($squidguard_config[FLD_CURRENT_GUI_PORT])) {
+ $rdr_path = ":" . $squidguard_config[FLD_CURRENT_GUI_PORT] . $rdr_path;
+ }
+
+ // check Lan IP port settings
+ $rdr_path = $squidguard_config[FLD_CURRENT_LAN_IP] . $rdr_path;
+
+ // check GUI protocol settings
+ if ($squidguard_config[FLD_CURRENT_GUI_PROTO] === "https")
+ $rdr_path = "https://" . $rdr_path;
+ else $rdr_path = "http://" . $rdr_path;
+
+ // arguments
+ // Attention:
+ // order arg's must be: first-URL, last-SG variables
+ // SG have bug, what broke data after his var's
+ $tmp_url = ltrim($url);
+ // not need encoded url string. only err_code line
+ if (eregi("^https{0,1}://", $tmp_url) === false)
+ $tmp_url = rawurlencode($tmp_url);
+ $rdr_path = "{$rdr_path}?url={$tmp_url}" . REDIRECT_URL_ARGS;
+ unset($tmp_url);
+ }
+
+ sg_addlog("sg_redirector_base_url: Select redirector base url ($rdr_path)");
+ return $rdr_path;
+}
+
// ------------------------------------------------------------
-//
+// sg_aclpass_reorder
// ------------------------------------------------------------
function sg_aclpass_reorder($pass) {
$ar_pass = explode(" ", $pass);
@@ -1167,17 +1137,22 @@ function sg_aclpass_reorder($pass) {
// 'pass' order: <allow> <deny> <all|none>
if (is_array($ar_pass)) {
$pass_end = '';
- $pass_fst = array();
- $pass_lst = array();
+ $pass_fst = array(); // whitelist - '^' prefix (will deleted)
+ $pass_sec = array(); // blacklist - '!' prefix
+ $pass_lst = array(); // allow
foreach ($ar_pass as $val) {
$tk = trim($val);
if ($tk === 'all' or $tk === 'none')
- $pass_end = $val;
+ $pass_end = $val;
+ elseif (strpos($tk, "^") !== false)
+ // delete '^' prefix
+ $pass_fst[] = str_replace('^', '', $val);
elseif (strpos($tk, "!") !== false)
- $pass_lst[] = $val;
- else $pass_fst[] = $val;
+ $pass_sec[] = $val;
+ else
+ $pass_lst[] = $val;
}
- $ar_pass = array_merge($pass_fst, $pass_lst);
+ $ar_pass = array_merge($pass_fst, $pass_sec, $pass_lst);
$ar_pass[] = $pass_end;
}
return implode(" ", $ar_pass);
@@ -1313,7 +1288,9 @@ function sg_check_config_data () {
// check destinations
if ($acl[FLD_DESTINATIONNAME]) {
- $acldest = str_replace("!", "", $acl[FLD_DESTINATIONNAME]);
+ $acldest = $acl[FLD_DESTINATIONNAME];
+ $acldest = str_replace("!", "", $acldest);
+ $acldest = str_replace("^", "", $acldest);
$acldest = explode(" ", $acldest);
$key_acldest = array_count_values($acldest);
foreach($acldest as $adest) {
@@ -1332,7 +1309,9 @@ function sg_check_config_data () {
// check overtime destinations
if ($time) {
if ($acl[FLD_OVERDESTINATIONNAME]) {
- $acloverdest = str_replace("!", "", $acl[FLD_OVERDESTINATIONNAME]);
+ $acloverdest = $acl[FLD_OVERDESTINATIONNAME];
+ $acloverdest = str_replace("!", "", $acloverdest);
+ $acloverdest = str_replace("^", "", $acloverdest);
$acloverdest = explode(" ", $acloverdest);
$key_acloverdest = array_count_values($acloverdest);
foreach($acloverdest as $adest) {
@@ -1377,7 +1356,9 @@ function sg_check_config_data () {
// check destinations
if ($def[FLD_DESTINATIONNAME]) {
- $defdest = str_replace("!", "", $def[FLD_DESTINATIONNAME]);
+ $defdest = $def[FLD_DESTINATIONNAME];
+ $defdest = str_replace("!", "", $defdest);
+ $defdest = str_replace("^", "", $defdest);
$defdest = explode(" ", $defdest);
$key_defdest = array_count_values($defdest);
foreach($defdest as $adest) {
@@ -1425,44 +1406,37 @@ function sg_reconfigure_blacklist($source_filename, $opt = '') {
$sf = trim($source_filename);
$sf_contents = '';
- sg_addlog("sg_reconfigure_blacklist: start ");
+ sg_addlog("sg_reconfigure_blacklist: Begin with '$sf'.", 1);
// 1. check system
sg_check_system();
// 2. upload
- sg_addlog("sg_reconfigure_blacklist: begin upload from '$sf'.", 1);
if ($sf[0] === "/") { // local file - example '/tmp/blacklists.tar'
+ sg_addlog("sg_reconfigure_blacklist: Update from file '$sf'.", 1);
if (file_exists($sf)) {
$sf_contents = file_get_contents($sf);
- sg_addlog("sg_reconfigure_blacklist: get file '$sf'.", 1);
} else {
- sg_addlog("sg_reconfigure_blacklist: ERROR: get file '$sf', file not found.", 2);
+ sg_addlog("sg_reconfigure_blacklist: Error, file '$sf' not found.", 2);
return;
}
}
- // url
+ // from url
else {
- sg_addlog("sg_reconfigure_blacklist: get url '$sf'.", 1);
+ sg_addlog("sg_reconfigure_blacklist: Upload from url '$sf'.", 1);
$sf_contents = sg_uploadfile_from_url($sf, BLK_LOCALFILE, $opt);
}
// 3. update
if (empty($sf_contents)) {
- sg_addlog("sg_reconfigure_blacklist: ERROR: file content '$sf'.", 2);
+ sg_addlog("sg_reconfigure_blacklist: Error content from '$sf'.", 2);
return;
}
-
- // 4. save black list archive content to local file
+ // save black list archive content to local file
file_put_contents(BLK_LOCALFILE, $sf_contents);
- // 5. update blacklist
+ // 4. update blacklist
sg_update_blacklist(BLK_LOCALFILE);
-
- // 6. rebuild db
-# sg_full_rebuild_db();
-
- sg_addlog("sg_reconfigure_blacklist: end");
}
# ------------------------------------------------------------------------------
@@ -1482,113 +1456,120 @@ function sg_update_blacklist($from_file) {
$tmp_unpack_dir = SQUIDGUARD_TMP . SQUIDGUARD_BL_UNPACK;
$arc_db_dir = SQUIDGUARD_VAR . SG_BLK_ARC;
- sg_addlog("sg_update_blacklist: begin.");
+ sg_addlog("sg_update_blacklist: Begin with '$from_file'.", 1);
if (file_exists($from_file)) {
- // check work and DB dir's
+ # check work and DB dir's
if (file_exists($squidguard_config[FLD_DBHOME])) $dbhome = $squidguard_config[FLD_DBHOME];
if (file_exists($squidguard_config[FLD_WORKDIR])) $workdir = $squidguard_config[FLD_WORKDIR];
- // delete old tmp dir's
+ # delete old tmp dir's
if (file_exists($tmp_unpack_dir)) mwexec("rm -R . $tmp_unpack_dir");
if (file_exists($arc_db_dir)) mwexec("rm -R . $arc_db_dir");
- // create new tmp/arc dir's
- mwexec("mkdir -p -m 0750 $tmp_unpack_dir");
- mwexec("mkdir -p -m 0750 $arc_db_dir");
+ # create new tmp/arc dir's
+ mwexec("mkdir -p -m 0664 $tmp_unpack_dir");
+ mwexec("mkdir -p -m 0664 $arc_db_dir");
- // unpack archive
+ # 1. unpack archive
mwexec("tar zxvf $from_file -C $tmp_unpack_dir");
- set_file_access($tmp_unpack_dir, OWNER_NAME, 0750);
+ set_file_access($tmp_unpack_dir, OWNER_NAME, 0664);
sg_addlog("sg_update_blacklist: Unpack uploaded file '$from_file' -> '$tmp_unpack_dir'.", 1);
- // 2. copy blacklist to squidGuard base & create entries list
+ # 2. copy blacklist to squidGuard base & create entries list
if (file_exists($tmp_unpack_dir)) {
$blk_items = array();
$blk_list = array();
- // scan blacklist items
+ # scan blacklist items
scan_blacklist_cat($tmp_unpack_dir, "blk", & $blk_items);
- // modify blacklist catalog structure to 'one level'
+ # move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB)
foreach ($blk_items as $key => $val) {
$current_dbpath = "$arc_db_dir/$key";
if (count($val)) {
- // make blk_list for config file
+ # make blk_list for config file
$blk_list[$key] = $key;
- // delete '$current_dbpath' for correct moving
- // need moving $val['path'] to $current_dbpath
- // if $current_dbpath exists,
- // then $val['path'] will created as subdir - !it's worng!
+ # delete '$current_dbpath' for correct moving
+ # need moving $val['path'] to $current_dbpath
+ # if $current_dbpath exists,
+ # then $val['path'] will created as subdir - !it's worng!
if (file_exists($current_dbpath))
mwexec("rm -R $current_dbpath");
mwexec("mv -f {$val['path']}/ $current_dbpath");
sg_addlog("sg_update_blacklist: Move {$val['path']}/ -> $current_dbpath.", 1);
}
}
- // copy unrebuilded blacklist to work DB
- mwexec("cp -R $arc_db_dir/ $dbhome");
+ set_file_access($arc_db_dir, OWNER_NAME, 0664);
+
+ # -- DISABLED -- copy unrebuilded blacklist from arch_DB_to work DB & set access rights
+# mwexec("cp -R $arc_db_dir/ $dbhome");
+# set_file_access($dbhome, OWNER_NAME, 0664);
- // create entries list
+ # create entries list
if (count($blk_items)) {
+ # save to temp DB
$blklist_file = SQUIDGUARD_VAR . SQUIDGUARD_BLK_ENTRIES;
-
- // save to temp DB
file_put_contents($blklist_file, implode("\n", array_keys($blk_items)));
- set_file_access ($blklist_file, OWNER_NAME, 0750);
+ set_file_access ($blklist_file, OWNER_NAME, 0664);
- // save copy to squidGuard config dir
- $blklist_file = "{$squidguard_config[FLD_WORKDIR]}/" . SQUIDGUARD_BLK_ENTRIES;
- file_put_contents($blklist_file, implode("\n", array_keys($blk_items)));
- set_file_access ($blklist_file, OWNER_NAME, 0750);
- sg_addlog("sg_update_blacklist: create entries '$blklist_file'", 1);
+ # -- DISABLED -- save copy to squidGuard config dir
+# $blklist_file = "{$squidguard_config[FLD_WORKDIR]}/" . SQUIDGUARD_BLK_ENTRIES;
+# file_put_contents($blklist_file, implode("\n", array_keys($blk_items)));
+# set_file_access ($blklist_file, OWNER_NAME, 0664);
+ sg_addlog("sg_update_blacklist: Create DB entries list '$blklist_file'.", 1);
}
- set_file_access($arc_db_dir, OWNER_NAME, 0750);
-
- // make rebuild config; include all found dest items
- $conf_path = "/tmp/squidGuard_rebuild_blk.conf";
- $conf = sg_create_rebuild_config($arc_db_dir, $blk_list);
- // copy to temp DB
- file_put_contents($conf_path, $conf);
- set_file_access($conf_path, OWNER_NAME, 0750);
- sg_addlog("sg_update_blacklist: Create temporary config '$conf_path'.", 1);
+ # make rebuild config (included all found dest items) & save to work dir
+ $conf_path = SQUIDGUARD_VAR . DB_REBUILD_BLK_CONF; # "/tmp/squidGuard_rebuild_blk.conf";
+ file_put_contents($conf_path, sg_create_simple_config($arc_db_dir, $blk_list));
+ set_file_access($conf_path, OWNER_NAME, 0664);
+ sg_addlog("sg_update_blacklist: Create rebuild config '$conf_path'.", 1);
- // *** SH script ***
+ # *** SH script ***********************************************
$sh_scr = Array();
$sh_scr[] = "#!/bin/sh";
$sh_scr[] = "cd $arc_db_dir";
- $cmd = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $conf_path -C all";
- $sh_scr[] = $cmd;
- $sh_scr[] = "wait"; // wait while SG rebuild DB
-
- // copy temp db to '/var/db/squidGuard (-R - recursive; -p - copy access rights)
- // '$bl_temp_dbhome/' - slash in end of path - copy only dir content (not self dir)
- $sh_scr[] = "cp -R $arc_db_dir/ $dbhome";
-
- // set DB owner and right access
-# $sh_scr[] = "chown -R -v " . OWNER_NAME . " $dbhome";
-
- // restart squid for changes to take effects
-# $sh_scr[] = "/usr/local/sbin/squid -k reconfigure";
+ $sh_scr[] = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $conf_path -C all";
+ $sh_scr[] = "wait"; # wait while SG rebuild DB
+ $sh_scr[] = "chown -R -v " . OWNER_NAME . " $arc_db_dir";
+ $sh_scr[] = "chmod -R -v 0664 $arc_db_dir";
+
+ # copy temp db to '/var/db/squidGuard (-R - recursive; -p - copy access rights)
+ # '$bl_temp_dbhome/' - slash in end of path - copy only dir content (not self dir)
+ $sh_scr[] = "cp -R -p $arc_db_dir/ $dbhome";
+ $sh_scr[] = "cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR_DEF;
+ # set DB owner and right access
+ $sh_scr[] = "chown -R -v " . OWNER_NAME . " $dbhome";
+ $sh_scr[] = "chmod -R -v 0664 $dbhome";
+
+ # if new blacklist some as already installed, then restart squid for changes to take effects
+ $blk_items_old = '';
+ $blk_file_old = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
+ if (file_exists($blk_items_old))
+ $blk_items_old = file_get_contents($blk_file_old);
+ if (!empty($blk_items_old) && ($blk_items_old === implode("\n", array_keys($blk_items)))) {
+ $sh_scr[] = "/usr/local/sbin/squid -k reconfigure";
+ $sh_scr[] = "wait"; # wait while process
+ }
+ unset($blk_file_old);
+ unset($blk_items_old);
- // store & exec sh
+ # store & exec sh
$sh_scr = implode("\n", $sh_scr);
$shfile = DB_REBUILD_SH . "_blk";
file_put_contents($shfile, $sh_scr);
- set_file_access($shfile, OWNER_NAME, 0750);
- mwexec_bg($shfile);
- sg_addlog("sg_update_blacklist: started SH script '$shfile'.", 1);
-
- sg_remove_unused_db_entries();
+ set_file_access($shfile, OWNER_NAME, 0755); # 0755 - script will execute
+ # kill exists rebuild processes
+ mwexec("kill `ps auxw | grep \"$shfile\" | grep -v \"grep\" | awk '{print $2}'`"); # sh script
+ mwexec("kill `ps auxw | grep \"squidGuard_blk_rebuild\" | grep -v \"grep\" | awk '{print $2}'`"); # squidGuard process
+ mwexec_bg("nice -n 5 $shfile");
+ sg_addlog("sg_update_blacklist: Started sh script '$shfile'.", 1);
// clearing temp
# mwexec("rm -R $bl_temp");
}
-# set_file_access($squidguard_config[FLD_DBHOME], OWNER_NAME, 0755);
-# sg_full_rebuild_db();
}
- sg_addlog("sg_update_blacklist: end");
}
@@ -1599,42 +1580,36 @@ function sg_entries_blacklist() {
global $squidguard_config;
$contents = '';
$fl = SQUIDGUARD_WORKDIR_DEF . SQUIDGUARD_BLK_ENTRIES;
- if (file_exists($squidguard_config[FLD_WORKDIR]))
+ if (file_exists($squidguard_config[FLD_WORKDIR])) {
$fl = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
-
+ }
if (file_exists($fl)) {
- $contents = file_get_contents($fl);
- $contents = explode("\n", $contents);
+ $contents = explode("\n", file_get_contents($fl));
}
return $contents;
}
-// -----------------------------------------------------------------------------
-// sg_blacklist_rebuild_db - rebuild current Blacklist DB (default: '/var/db/squidGuard')
-// -----------------------------------------------------------------------------
+# -----------------------------------------------------------------------------
+# sg_blacklist_rebuild_db - rebuild current Blacklist DB (default: '/var/db/squidGuard')
+# -----------------------------------------------------------------------------
function sg_blacklist_rebuild_db() { // $shtag, $rdb_dbhome, $rdb_workdir) {
global $squidguard_config;
$dst_list = array();
$dbhome = $squidguard_config[FLD_DBHOME];
$workdir = $squidguard_config[FLD_WORKDIR];
- // current dbhome and work dir's
-# disabled in current ver
-# if (!empty($rdb_dbhome)) $dbhome = $rdb_dbhome;
-# if (!empty($rdb_workdir)) $workdir = $rdb_workdir;
- sg_addlog("sg_blacklist_rebuild_db: Begin with path '$dbhome'.", 1);
+ # current dbhome and work dir's
+ sg_addlog("sg_blacklist_rebuild_db: Start with path '$dbhome'.", 1);
- // make dest list
+ # make dest list
$blklist_file = "$workdir/" . SQUIDGUARD_BLK_ENTRIES;
if (file_exists($blklist_file)) {
$blklist = explode("\n", file_get_contents($blklist_file));
if (is_array($blklist))
- foreach($blklist as $bl)
- $dst_list[$bl] = $bl;
+ foreach($blklist as $bl) { $dst_list[$bl] = $bl; }
}
- // rebuild user db ('/var/db/squidGuard')
+ # rebuild user db ('/var/db/squidGuard')
sg_rebuild_db("_blkdb", $dbhome, $dst_list);
- sg_addlog("sg_blacklist_rebuild_db: End.");
}
# ========================== UTILS =============================================
@@ -1669,13 +1644,11 @@ function sg_uploadfile_from_url($url_file, $destination_file, $proxy = '') {
curl_close ($ch);
if (!empty($destination_file))
file_put_contents($destination_file, $result);
- else sg_addlog("sg_uploadfile_from_url: error upload file", 2);
-
+ else sg_addlog("sg_uploadfile_from_url: Error upload file", 2);
// for test
file_put_contents(BLK_LOCALFILE, $result);
- sg_addlog("sg_uploadfile_from_url: end");
return $result;
}
@@ -1685,44 +1658,53 @@ function sg_uploadfile_from_url($url_file, $destination_file, $proxy = '') {
# Set file access
# ------------------------------------------------------------------------------
function set_file_access($dir, $owner, $mod) {
-
- if (!file_exists($dir)) return;
-
- chown($dir, $owner);
- chgrp($dir, $owner);
- chmod($dir, $mod);
-
- // if $dir - directory - set subitem's access
- if (is_dir($dir)) {
- $hd = opendir($dir);
- while (($item = readdir($hd)) !== false) {
- if (($item != ".") && ($item != "..")) {
- $path = "$dir/$item";
- if (is_dir($path))
- set_file_access($path, $owner, $mod);
- else {
- chown($path, $owner);
- chgrp($path, $owner);
- chmod($path, $mod);
- }
- }
- }
- }
+ $mod = sprintf("%o", $mod);
+ if (!file_exists($dir)) return;
+ # recursive change access
+ mwexec("chown -R -v $owner $dir");
+ mwexec("chgrp -R -v $owner $dir");
+ mwexec("chmod -R -v $mod $dir");
}
# ------------------------------------------------------------------------------
# scan_dir - build files listing for $dir
# ------------------------------------------------------------------------------
function scan_dir($dir) {
- $files = array();
- if (file_exists($dir)) {
- $dh = opendir($dir);
- while (false !== ($filename = readdir($dh))) {
- // skip '.' and '..' names
- if (($filename !== '.') and ($filename !== '..')) $files[] = $filename;
- }
- sort($files);
- }
- return $files;
+ $files = array();
+ if (file_exists($dir)) {
+ $dh = opendir($dir);
+ while (false !== ($filename = readdir($dh))) {
+ // skip '.' and '..' names
+ if (($filename !== '.') and ($filename !== '..')) $files[] = $filename;
+ }
+ sort($files);
+ }
+ return $files;
+}
+# ------------------------------------------------------------------------------
+# restore_arc_blacklist - copy arc blacklist to db
+# ------------------------------------------------------------------------------
+function restore_arc_blacklist() {
+ global $squidguard_config;
+ $dbhome = SQUIDGUARD_DBHOME_DEF;
+ $blklist_file = SQUIDGUARD_WORKDIR_DEF . SQUIDGUARD_BLK_ENTRIES;
+ $arc_db_dir = SQUIDGUARD_VAR . SG_BLK_ARC;
+ $arc_blklist_file = SQUIDGUARD_VAR . SQUIDGUARD_BLK_ENTRIES;
+
+ sg_addlog("restore_arc_blacklist: Begin.", 0);
+ if (file_exists($arc_db_dir) and file_exists($arc_blklist_file)) {
+
+ // copy arc blacklist to work DB with permissions
+ mwexec("cp -R -p $arc_db_dir/ $dbhome");
+ set_file_access($dbhome, OWNER_NAME, 0664);
+ sg_addlog("restore_arc_blacklist: Restore blacklist archive from '$arc_db_dir'.", 1);
+
+ // copy black list file
+ copy($arc_blklist_file, $blklist_file);
+ set_file_access($blklist_file, OWNER_NAME, 0664);
+ sg_addlog("restore_arc_blacklist: Restore black list file from '$arc_blklist_file' to '$blklist_file'.", 1);
+ } else {
+ sg_addlog("restore_arc_blacklist: Error, file '$arc_db_dir' or '$blklist_file' not found.", 2);
+ }
}
# ------------------------------------------------------------------------------
@@ -1789,21 +1771,27 @@ function is_url($url) {
if (eregi("^((30[1235]{1})|(40[0-9]{1})|(41[0-7]{1})|(50[0-5]{1}))", $url)) return true; // http error code 30x, 4xx, 50x.
return false;
}
+
# ------------------------------------------------------------------------------
# check name
# ------------------------------------------------------------------------------
function check_name ($name) {
$err = '';
$val = trim($name);
-
if ((strlen($val) < 2) || (strlen($val) > 16))
$err .= " Size of name '$val' must be between [2..16].";
-
// All symbols must be [a-zA-Z_0-9\-] First symbol = letter.
if (!eregi("^([a-zA-Z]{1})([a-zA-Z_0-9\-]+)$", $val))
$err .= " Invalid name $name. Valid name symbols: ['a-Z', '_', '0-9', '-']. First symbol must be a letter.";
-
return $err;
}
-?> \ No newline at end of file
+# ------------------------------------------------------------------------------
+# check rebuild blacklist
+# ------------------------------------------------------------------------------
+function is_blacklist_update_started() {
+ return exec("ps auxw | grep \"[s]quidGuard_blk_rebuild\" | awk '{print $2}' | wc -l | awk '{ print $1 }'");
+}
+# ------------------------------------------------------------------------------
+
+?>