aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordvserg <dv_serg@mail.ru>2011-01-31 08:07:53 +0300
committerdvserg <dv_serg@mail.ru>2011-01-31 08:07:53 +0300
commit5930b5d48249b3fcde7c6568fbbb3da81861bfaa (patch)
treefb38bb90a5f2a5073d1950119d2f84ee01eb32fe
parent451241842407a299ead1a77ebace06d04701c2f0 (diff)
downloadpfsense-packages-5930b5d48249b3fcde7c6568fbbb3da81861bfaa.tar.gz
pfsense-packages-5930b5d48249b3fcde7c6568fbbb3da81861bfaa.tar.bz2
pfsense-packages-5930b5d48249b3fcde7c6568fbbb3da81861bfaa.zip
SquidGuard blacklist update (Feature #105)
-rw-r--r--config/squidGuard/squidguard.inc35
-rw-r--r--config/squidGuard/squidguard.xml17
-rw-r--r--config/squidGuard/squidguard_acl.xml56
-rw-r--r--config/squidGuard/squidguard_configurator.inc887
-rw-r--r--config/squidGuard/squidguard_default.xml14
-rw-r--r--config/squidGuard/squidguard_dest.xml46
-rw-r--r--config/squidGuard/squidguard_log.php11
-rw-r--r--config/squidGuard/squidguard_log.xml10
-rw-r--r--config/squidGuard/squidguard_rewr.xml10
-rw-r--r--config/squidGuard/squidguard_time.xml12
10 files changed, 618 insertions, 480 deletions
diff --git a/config/squidGuard/squidguard.inc b/config/squidGuard/squidguard.inc
index 5d78b0da..d4fd5ea3 100644
--- a/config/squidGuard/squidguard.inc
+++ b/config/squidGuard/squidguard.inc
@@ -60,6 +60,7 @@ define('F_URLS', 'urls');
define('F_DISABLED', 'disabled');
define('F_SQUIDGUARDENABLE', 'squidguard_enable');
define('F_BLACKLIST', 'blacklist');
+
# prefixes
define('PREF_UPTIME', 'uptime_');
define('PREF_UPTIME_DENY', 'uptimedeny_');
@@ -303,7 +304,7 @@ function squidguard_resync() {
$proxy = '';
$submit = isset($_POST['submit']) ? $_POST['submit'] : $_GET['submit'];
- $url = isset($_POST['blacklist_url']) ? $_POST['blacklist_url'] : $_GET['blacklist_url'];
+ $url = isset($_POST[F_BLACKLISTURL]) ? $_POST[F_BLACKLISTURL] : $_GET[F_BLACKLISTURL];
$proxy = isset($_POST['blacklist_proxy']) ? $_POST['blacklist_proxy'] : $_GET['blacklist_proxy'];
sg_init(convert_pfxml_to_sgxml());
@@ -315,9 +316,9 @@ function squidguard_resync() {
}
# blacklist restore last (if exists)
- if ($submit == BLACKLIST_BTN_DEFAULT) {
- restore_arc_blacklist();
- }
+# if ($submit == BLACKLIST_BTN_DEFAULT) {
+# restore_arc_blacklist();
+# }
# apply changes
//if ($submit == APPLY_BTN) {
@@ -408,10 +409,10 @@ function squidguard_before_form($pkg) {
foreach($pkg['fields']['field'] as $field) {
# blacklist controls
switch ($field['fieldname']) {
- case 'blacklist_url':
- $fld = &$pkg['fields']['field'][$i];
- $fld['description'] .= make_grid_blacklist(); # insert to description custom controls
- break;
+# case F_BLACKLISTURL:
+# $fld = &$pkg['fields']['field'][$i];
+# $fld['description'] .= make_grid_blacklist(); # insert to description custom controls
+# break;
# Apply button
case 'squidguard_enable':
$fld = &$pkg['fields']['field'][$i];
@@ -613,7 +614,7 @@ function make_grid_general_items($id = '')
$sgstate = "<span style='color: #008000;'>STARTED</span>";
if (is_blacklist_update_started())
- $sgstate .= "<br><span style='color: #800000;'>Wait: began updating the blacklist.<br>New data will be available after some time.<br>After the upgrade, it is necessary to check the configuration.</span>";
+ $sgstate .= "<br><span style='color: #800000;'>Wait: began updating the blacklist. New data will be available after some time.<br>After the upgrade, it is necessary to check the configuration.</span>";
$res .= "<tr $bg_color><td><big>SquidGuard service state: <b>$sgstate</b></big></td></tr>";
}
@@ -726,8 +727,8 @@ function make_grid_controls($type, $items, $enable_overtime = true) {
if (!empty($tbl)) {
$color = 'style="background-color: #dddddd;"';
$thdr = '';
- $hdr1up = "<big>Destination Categories</big>";
- $hdr1ov = "<big>Destination Categories in overtime</big>";
+ $hdr1up = "<big>Target Categories</big>";
+ $hdr1ov = "<big>Target Categories for off-time</big>";
$hds3 = "ACCESS: 'whitelist' - always pass; 'deny' - block; 'allow' - pass, if not blocked.";
if ($enable_overtime) {
$thdr .= "<tr><td colspan='8' align=left>$hds3</td></tr>";
@@ -748,7 +749,7 @@ function make_grid_controls($type, $items, $enable_overtime = true) {
$rstyle = "";
$ha = "<div $color>" .
"<span onClick='document.getElementById(\"destrules\").style.display = \"block\";' style=\"cursor: pointer;\">" .
- "<font size='-12'><big>Destination Categories (click)</big>&nbsp;" .
+ "<font size='-12'><big>Target Rules List (click here)</big>&nbsp;" .
"<img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Show rules'>&nbsp;" .
"</span>" .
"<span style=\"cursor: pointer;\">" .
@@ -811,7 +812,7 @@ function squidguard_install_command() {
# generate squidGuard blacklist entries file (check with squidGuard PORT)
# conf_mount_rw();
- $blklist_file = SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES;
+ $blklist_file = SQUIDGUARD_BLK_FILELISTPATH;
# рассмотреть вариант слияния examples базы и существующей в системе
if (!file_exists($blklist_file)) {
@@ -917,6 +918,7 @@ function convert_pfxml_to_sgxml() {
$sgxml[F_SGCONF_XML] = SQUIDGUARD_WORKDIR . SQUIDGUARD_CONFXML;
$sgxml[F_ENABLED] = $pfxml[F_SQUIDGUARDENABLE];
$sgxml[F_BLACKLISTENABLED] = $pfxml[F_BLACKLIST];
+ $sgxml[F_BLACKLISTURL] = $pfxml[F_BLACKLISTURL];
$sgxml[F_SOURCES] = convert_pfxml_to_sgxml_source($config);
$sgxml[F_DESTINATIONS] = convert_pfxml_to_sgxml_destination($config);
$sgxml[F_REWRITES] = convert_pfxml_to_sgxml_rewrite($config);
@@ -924,8 +926,6 @@ function convert_pfxml_to_sgxml() {
$sgxml[F_ACLS] = convert_pfxml_to_sgxml_acl($config);
$sgxml[F_DEFAULT] = convert_pfxml_to_sgxml_default($config);
-
-
# log
$sgxml[F_ENABLELOG] = $pfxml['enable_log'] == 'on' ? 'on' : 'off';
$sgxml[F_ENABLEGUILOG] = $pfxml['enable_guilog'] == 'on' ? 'on' : 'off';
@@ -1314,9 +1314,6 @@ function squidguard_logrep( $filename, $lncount, $reverse )
$cn = explode(" ", $cn, 4);
# split strings
-# $st = str_split ($cn[3], 25);
-# $cn[3] = "";
-# foreach( $st as $s ) $cn[3] .= $s . "<wbr/>";
$p = 0;
$pstep = 15;
$str = $cn[3];
@@ -1340,7 +1337,7 @@ function squidguard_logrep( $filename, $lncount, $reverse )
function squidguard_blacklist_list()
{
$res = "";
- $fname = "/var/squidGuard/blacklist.files";
+ $fname = SQUIDGUARD_BLK_FILELISTPATH;
$res .= "<table class='tabcont' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
$res .= "<tr><td class='listtopic'>Name</td><td class='listtopic'>Domains</td><td class='listtopic'>Urls</td><td class='listtopic'>Expressions</td></tr>\n";
diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml
index 8096680a..0616c814 100644
--- a/config/squidGuard/squidguard.xml
+++ b/config/squidGuard/squidguard.xml
@@ -6,7 +6,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>squidguardgeneral</name>
- <version>1.3_1 pkg v.1.5</version>
+ <version>1.3_1 pkg v.1.6</version>
<title>Proxy filter SquidGuard: General settings</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<!-- Installation -->
@@ -23,15 +23,15 @@
<active/>
</tab>
<tab>
- <text>Default</text>
+ <text>Common ACL</text>
<url>/pkg_edit.php?xml=squidguard_default.xml&amp;id=0</url>
</tab>
<tab>
- <text>ACL</text>
+ <text>Special ACL</text>
<url>/pkg.php?xml=squidguard_acl.xml</url>
</tab>
<tab>
- <text>Destinations</text>
+ <text>Target categories</text>
<url>/pkg.php?xml=squidguard_dest.xml</url>
</tab>
<tab>
@@ -43,6 +43,10 @@
<url>/pkg.php?xml=squidguard_rewr.xml</url>
</tab>
<tab>
+ <text>Blacklist</text>
+ <url>/squidGuard/squidguard_blacklist.php</url>
+ </tab>
+ <tab>
<text>Log</text>
<url>/squidGuard/squidguard_log.php</url>
</tab>
@@ -93,6 +97,11 @@
<item>http://www.pfsense.org/packages/config/squidGuard/squidguard_log.php</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/usr/local/www/squidGuard/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_blacklist.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
<item>http://www.pfsense.org/packages/config/squidGuard/sgerror.php</item>
diff --git a/config/squidGuard/squidguard_acl.xml b/config/squidGuard/squidguard_acl.xml
index 04bb8553..ddff1fcb 100644
--- a/config/squidGuard/squidguard_acl.xml
+++ b/config/squidGuard/squidguard_acl.xml
@@ -7,7 +7,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>squidguardacl</name>
<version>none</version>
- <title>Proxy filter SquidGuard: Access Control List (ACL)</title>
+ <title>Proxy filter SquidGuard: Special Access Control List (ACL)</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<delete_string>A proxy server user has been deleted.</delete_string>
<addedit_string>A proxy server user has been created/modified.</addedit_string>
@@ -17,16 +17,16 @@
<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
</tab>
<tab>
- <text>Default</text>
+ <text>Common ACL</text>
<url>/pkg_edit.php?xml=squidguard_default.xml&amp;id=0</url>
</tab>
<tab>
- <text>ACL</text>
+ <text>Special ACL</text>
<url>/pkg.php?xml=squidguard_acl.xml</url>
<active/>
</tab>
<tab>
- <text>Destinations</text>
+ <text>Target categories</text>
<url>/pkg.php?xml=squidguard_dest.xml</url>
</tab>
<tab>
@@ -38,6 +38,10 @@
<url>/pkg.php?xml=squidguard_rewr.xml</url>
</tab>
<tab>
+ <text>Blacklist</text>
+ <url>/squidGuard/squidguard_blacklist.php</url>
+ </tab>
+ <tab>
<text>Log</text>
<url>/squidGuard/squidguard_log.php</url>
</tab>
@@ -51,14 +55,6 @@
<fielddescr>Name</fielddescr>
<fieldname>name</fieldname>
</columnitem>
- <!--columnitem>
- <fielddescr>Source</fielddescr>
- <fieldname>source</fieldname>
- </columnitem-->
- <!--columnitem>
- <fielddescr>Destinations</fielddescr>
- <fieldname>dest</fieldname>
- </columnitem-->
<columnitem>
<fielddescr>Time</fielddescr>
<fieldname>time</fieldname>
@@ -100,10 +96,10 @@
<type>select</type>
</field>
<field>
- <fielddescr>Source IP adresses and domains</fielddescr>
+ <fielddescr>Client (source)</fielddescr>
<fieldname>source</fieldname>
<description>
- Enter source IP address or domain or "username" here. For separate use space.
+ Enter client's IP address or domain or "username" here. For separate use space.
&lt;br&gt;&lt;b&gt;Example:&lt;/b&gt;
&lt;br&gt;ip: 192.168.0.1 or subnet 192.168.0.0/24 or subnet 192.168.1.0/255.255.255.0 or range 192.168.1.1-192.168.1.10
&lt;br&gt;domain: foo.bar match foo.bar or *.foo.bar
@@ -114,38 +110,14 @@
<rows>3</rows>
<required/>
</field>
- <!--field>
- <fielddescr>Source IP addresses</fielddescr>
- <fieldname>iplist</fieldname>
- <description>
- Enter source IP addresses here with space(' ') divider.
- IP addresses must have format:&lt;br&gt;
- single example: '192.168.0.1' &lt;br&gt;
- range examples: '192.168.0.0/24', '192.168.1.0/255.255.255.0', '192.168.1.1-192.168.1.10'
- </description>
- <type>textarea</type>
- <cols>65</cols>
- <rows>3</rows>
- </field>
- <field>
- <fielddescr>Source Domains</fielddescr>
- <fieldname>domains</fieldname>
- <description>
- Enter source domains names here with space(' ') divider.
- Example: &lt;b&gt;'foo.bar'&lt;/b&gt; match &lt;b&gt;'foo.bar'&lt;/b&gt; or &lt;b&gt;'*.foo.bar'&lt;/b&gt;.
- </description>
- <type>textarea</type>
- <cols>65</cols>
- <rows>3</rows>
- </field-->
<field>
<fielddescr>Time</fielddescr>
<fieldname>time</fieldname>
- <description>Enter time name in current which this rule permitted.</description>
+ <description>Select time in which 'Target Rules' will operate, or leave 'none' for action of rules without time restriction. If this option is set, then in off-time will operate the second rule set.</description>
<type>select</type>
</field>
<field>
- <fielddescr>Destination</fielddescr>
+ <fielddescr>Target Rules</fielddescr>
<fieldname>dest</fieldname>
<description></description>
<type>input</type>
@@ -205,7 +177,7 @@
</field>
<!-- not need now
<field>
- <fielddescr>Overtime redirect</fielddescr>
+ <fielddescr>Redirect for off-time</fielddescr>
<fieldname>overredirect</fieldname>
<description>
Enter external redirection URL, error message or size (bytes) here.
@@ -232,7 +204,7 @@
<type>select</type>
</field>
<field>
- <fielddescr>Overtime rewrite</fielddescr>
+ <fielddescr>Rewrite for off-time</fielddescr>
<fieldname>overrewrite</fieldname>
<description>Enter rewrite condition name for this rule, or leave blank.</description>
<type>select</type>
diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc
index 5c90d307..c57728e4 100644
--- a/config/squidGuard/squidguard_configurator.inc
+++ b/config/squidGuard/squidguard_configurator.inc
@@ -111,12 +111,13 @@ define('SQUIDGUARD_LOGFILE', 'block.log');
define('SQUIDGUARD_CONFBASE', '/usr/local/etc/squid');
define('SQUIDGUARD_WORKDIR', '/usr/local/etc/squidGuard');
define('SQUIDGUARD_BINPATH', '/usr/local/bin');
-define('SQUIDGUARD_TMP', '/var/tmp/squidGuard'); # SG temp
+define('SQUIDGUARD_TMP', '/tmp/squidGuard'); # SG temp
define('SQUIDGUARD_VAR', '/var/squidGuard'); # SG variables
define('SQUIDGUARD_STATE', '/squidGuard.state');
define('SQUIDGUARD_REBUILD', '/squidGuard.rebuild');
define('SQUIDGUARD_CONFXML', '/squidguard_conf.xml');
define('SQUIDGUARD_DBHOME', '/var/db/squidGuard');
+define('SQUIDGUARD_DBHOME_BLK', SQUIDGUARD_DBHOME);
define('SQUIDGUARD_DBSAMPLE', '/var/db/squidGuard.sample');
define('SQUIDGUARD_LOGDIR', '/var/squidGuard/log');
define('SQUIDGUARD_WEBGUI_LOG', '/squidguard_gui.log');
@@ -131,9 +132,15 @@ define('SQUIDGUARD_BL_UNPACK', '/unpack');
define('SQUIDGUARD_BL_DB', '/db');
#
# DB/Blacklist defines
+
+#>
define('SQUIDGUARD_BLK_ENTRIES', '/blacklist.files');
+#<
+
+define('SQUIDGUARD_BLK_FILELIST', '/blacklist.files');
+define('SQUIDGUARD_BLK_FILELISTPATH', SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_FILELIST);
define('BLACKLIST_ARCHIVE', '/blacklists.tar');
-define('BLK_LOCALFILE', '/root/sg_blacklists.tar');
+define('SCR_NAME_BLKUPDATE', '/tmp/squidGuard_blacklist_update.sh');
define('DB_REBUILD_SH', '/tmp/squidGuard_db_rebuild.sh');
define('DB_REBUILD_CONF', '/tmp/squidGuard_db_rebuild.conf');
define('DB_REBUILD_BLK_CONF', '/squidGuard_blk_rebuild.conf');
@@ -141,6 +148,11 @@ define('BLK_TEMP', '/tmp/sg_blk');
define('SG_BLK_ARC', '/arcdb'); # blk db archive
define('SG_INFO_FILE', '/var/squidGuard/sg_db_upd.inf');
+define('SG_UPDATE_TARFILE', '/tmp/squidguard_blacklist.tar');
+define('SG_UPDATE_TMPFILE', '/tmp/squidguard_download.tmp');
+define('SG_UPDATE_LOGFILE', '/tmp/squidguard_download.log');
+define('SG_UPDATE_STATFILE', '/tmp/squidguard_download.stat');
+
# ==============================================================================
# CONSTANTS
# ==============================================================================
@@ -158,8 +170,6 @@ define('RMOD_EXT_FOUND', 'rmod_ext_fnd');
define('SQUIDGUARD_INFO', 2);
define('SQUIDGUARD_WARNING', 1);
define('SQUIDGUARD_ERROR', 0);
-# error_res
-define('SG_ERR0', "Error! Check squidGuard configuration data.");
#
define('ACL_WARNING_ABSENSE_PASS', "!WARNING! Absence PASS 'all' or 'none' added as 'none'");
@@ -182,7 +192,6 @@ define('OWNER_NAME', 'proxy');
# Debug
define('DEBUG_ON', 'true');
-
# ==============================================================================
# black list
# ==============================================================================
@@ -215,7 +224,6 @@ define('F_BINPATH', 'binpath');
define('F_PROCCESSCOUNT', 'process_count');
define('F_SQUIDCONFIGFILE', 'squid_configfile');
define('F_ENABLED', 'enabled');
-define('F_BLACKLISTENABLED', 'blacklist_enabled');
define('F_SGCONF_XML', 'sgxml_file');
# other fields
@@ -268,6 +276,10 @@ define('F_CURRENT_LAN_IP', 'current_lan_ip');
define('F_CURRENT_GUI_PORT', 'current_gui_port');
define('F_CURRENT_GUI_PROTO', 'current_gui_protocol');
+# blacklist
+define('F_BLACKLISTENABLED', 'blacklist_enabled');
+define('F_BLACKLISTURL', 'blacklist_url');
+
# ==============================================================================
# Globals
# ==============================================================================
@@ -540,7 +552,7 @@ function sg_reconfigure_user_db()
set_file_access($dbhome, OWNER_NAME, 0755);
# 6. rebuild user db ('/var/db/squidGuard')
- sg_rebuild_db("_usrdb", $dbhome, $dst_list);
+ squidguard_rebuild_db("_usrdb", $dbhome, $dst_list);
} else
sg_addlog("sg_reconfigure_user_db", "User destinations list empty.", SQUIDGUARD_WARNING);
@@ -563,11 +575,11 @@ function sg_remove_unused_db_entries()
# black list entries
# * worked only with 'blacklist entries list file - else may be deleted black list entry
- if (file_exists($workdir . SQUIDGUARD_BLK_ENTRIES)) {
+ if (SQUIDGUARD_BLK_FILELISTPATH) {
$file_for_del = array();
# load blk entries
- $db_entries = explode("\n", file_get_contents($workdir . SQUIDGUARD_BLK_ENTRIES));
+ $db_entries = explode("\n", file_get_contents(SQUIDGUARD_BLK_FILELISTPATH));
# $db_entries + add user entries
$dests = $squidguard_config[F_DESTINATIONS];
@@ -607,6 +619,7 @@ function sg_remove_unused_db_entries()
# dest_DB_path - path without '$rdb_dbhome'
# example: ['ads_ban']='ads/banners' -> '/var/db/squidGuard/ads/banners'
# ------------------------------------------------------------------------------
+/*
function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist)
{
global $squidguard_config;
@@ -652,6 +665,48 @@ function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist)
sg_addlog("sg_rebuild_db", "Started SH script '$shfile'.", SQUIDGUARD_INFO);
conf_mount_ro();
}
+*/
+# ------------------------------------------------------------------------------
+# squidguard_rebuild_db Rebuild squidGuard DB from list items
+# ------------------------------------------------------------------------------
+# $tag - rebuild task TAG
+# $rdb_dbhome - DB directory (default: '/var/db/squidGuard')
+# $rdb_itemslist - items list as ['dest_key']='dest_DB_path'
+# dest_DB_path - path without '$rdb_dbhome'
+# example: ['ads_ban']='ads/banners' -> '/var/db/squidGuard/ads/banners'
+# ------------------------------------------------------------------------------
+function squidguard_rebuild_db($tag, $rdb_dbhome, $rdb_itemslist)
+{
+ global $squidguard_config;
+
+ $dbhome = $rdb_dbhome;
+ $logdir = $squidguard_config[F_LOGDIR];
+ $workdir = $squidguard_config[F_WORKDIR];
+ $conf_path = "{$workdir}/squidGuard_{$tag}rebuild.conf";
+
+ sg_addlog("squidguard_rebuild_db", "Begin with path '$dbhome'.", SQUIDGUARD_INFO);
+
+ # make rebuild config; include all found dest items
+ $dbitems = array();
+ if ($rdb_itemslist) {
+ # items list as ['dest_key']='dest_DB_path'
+ foreach ($rdb_itemslist as $it) {
+ $dbitems[str_replace('/', '_', $it)] = $it; # replace path to name
+ }
+ }
+ file_put_contents($conf_path, sg_create_simple_config($dbhome, $dbitems));
+ set_file_access($conf_path, OWNER_NAME, 0750);
+ sg_addlog("squidguard_rebuild_db", "Create rebuild config '$conf_path'.", SQUIDGUARD_INFO);
+
+ # rebuild blacklist db
+ mwexec_bg("/usr/bin/nice -n20 " . SQUIDGUARD_BINPATH . "/squidGuard -c $conf_path -C all");
+ # wait
+ while (exec("ps -auxwwww | grep 'squidGuard -c .* -C all' | grep -v grep | awk '{print $2}' | wc -l | awk '{ print $1 }'") > 0) {
+ sleep (10);
+ }
+ set_file_access($dbhome, OWNER_NAME, 0755);
+ sg_addlog("squidguard_rebuild_db", "Start rebuild DB.", SQUIDGUARD_INFO);
+}
# ==============================================================================
# Log
@@ -747,14 +802,14 @@ function sg_create_config()
if(!is_array($squidguard_config) || empty($squidguard_config)) {
sg_addlog("sg_create_config", "Bad squidGuard config data.", SQUIDGUARD_ERROR);
- return sg_create_simple_config('', '', SG_ERR0 . " (sg_create_config: [1]).");
+ return sg_create_simple_config('', '', "Error! Check squidGuard configuration data." . " (sg_create_config: [1]).");
}
# check configuration data
if (!sg_check_config_data(&$error_res)) {
sg_addlog("sg_create_config", "Bad config data. It's all error_res: $error_res", SQUIDGUARD_ERROR);
sg_addlog("sg_create_config", "Terminated.", SQUIDGUARD_ERROR);
- return sg_create_simple_config('', '', SG_ERR0 . " (sg_create_config: [2]).");
+ return sg_create_simple_config('', '', "Error! Check squidGuard configuration data." . " (sg_create_config: [2]).");
}
# --- Header ---
@@ -1068,10 +1123,8 @@ function sg_create_simple_config($blk_dbhome, $blk_destlist, $redirect_to = "404
global $squidguard_config;
$sgconf = array();
$logdir = $squidguard_config[F_LOGDIR];
- $dbhome = $squidguard_config[F_DBHOME];
+ $dbhome = $blk_dbhome ? $blk_dbhome : $squidguard_config[F_DBHOME];
- # current dbhome dir
- if (!empty($blk_dbhome)) $dbhome = $blk_dbhome;
sg_addlog("sg_create_simple_config", "Begin with dbhome='$dbhome'.", SQUIDGUARD_INFO);
# header
@@ -1251,7 +1304,7 @@ function sg_check_config_data ($input_errors)
# --- Blacklist ---
if ($squidguard_config[F_BLACKLISTENABLED]) {
- $blk_entries_file = $squidguard_config[F_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
+ $blk_entries_file = SQUIDGUARD_BLK_FILELISTPATH;
if (file_exists($blk_entries_file)) {
$blk_entr = explode("\n", file_get_contents($blk_entries_file));
foreach($blk_entr as $entr) {
@@ -1419,274 +1472,10 @@ function sg_check_config_data ($input_errors)
return empty($elog);
}
-# =============================================================================
-# Blacklist
-# =============================================================================
-# sg_reconfigure_blacklist($source_filename, $opt)
-# $source_filename - file name or url
-# $opt - option:
-# '' or 'local' - update from local file
-# 'url' - update from url
-# -----------------------------------------------------------------------------
-function sg_reconfigure_blacklist($source_filename, $opt = '')
-{
- global $squidguard_config;
- $sf = trim($source_filename);
- $sf_contents = '';
-
- sg_addlog("sg_reconfigure_blacklist", "Begin with '$sf'.", SQUIDGUARD_INFO);
-
- # 1. check system
- sg_check_system();
-
- # 2. upload
- if ($sf[0] === "/") { # local file - example '/tmp/blacklists.tar'
- sg_addlog("sg_reconfigure_blacklist", "Update from file '$sf'.", SQUIDGUARD_INFO);
- if (file_exists($sf)) {
- $sf_contents = file_get_contents($sf);
- } else {
- sg_addlog("sg_reconfigure_blacklist", "File '$sf' not found.", SQUIDGUARD_ERROR);
- return;
- }
- }
- # from url
- else {
- sg_addlog("sg_reconfigure_blacklist", "Upload from url '$sf'.", SQUIDGUARD_INFO);
- $sf_contents = sg_uploadfile_from_url($sf, BLK_LOCALFILE, $opt);
- }
-
- # 3. update
- if (empty($sf_contents)) {
- sg_addlog("sg_reconfigure_blacklist", "Bad content from '$sf'.", SQUIDGUARD_ERROR);
- return;
- }
- # save black list archive content to local file
- conf_mount_rw();
- file_put_contents(BLK_LOCALFILE, $sf_contents);
- conf_mount_ro();
-
- # 4. update blacklist
- sg_update_blacklist(BLK_LOCALFILE);
-}
-
-# ------------------------------------------------------------------------------
-# sg_update_blacklist - update blacklist from file
-# How it's work:
-# - unpack tar archive to temp dir
-# - copy subdir's tree to one-level temp DB
-# - copy unrebuilded temp db to work db (for user's can configure with new Blacklist)
-# - create Blacklist files listing and copy to values dir and temp DB dir
-# - background rebuild temp DB via sh script (longer proccess) and copy to work DB
-# ------------------------------------------------------------------------------
-
-function sg_update_blacklist($from_file)
-{
- global $squidguard_config;
- conf_mount_rw();
- $dbhome = SQUIDGUARD_DBHOME;
- $workdir = SQUIDGUARD_WORKDIR;
- $tmp_unpack_dir = SQUIDGUARD_TMP . SQUIDGUARD_BL_UNPACK;
- $arc_db_dir = SQUIDGUARD_VAR . SG_BLK_ARC;
-
- sg_addlog("sg_update_blacklist", "Begin with '$from_file'.", SQUIDGUARD_INFO);
-
- if (file_exists($from_file)) {
- # check work and DB dir's
- if (file_exists($squidguard_config[F_DBHOME])) $dbhome = $squidguard_config[F_DBHOME];
- if (file_exists($squidguard_config[F_WORKDIR])) $workdir = $squidguard_config[F_WORKDIR];
- # delete old tmp dir's
- if (file_exists($tmp_unpack_dir)) mwexec("rm -R . $tmp_unpack_dir");
- if (file_exists($arc_db_dir)) mwexec("rm -R . $arc_db_dir");
- # create new tmp/arc dir's
- mwexec("mkdir -p -m 0755 $tmp_unpack_dir");
- mwexec("mkdir -p -m 0755 $arc_db_dir");
-
- # 1. unpack archive
- mwexec("tar zxvf $from_file -C $tmp_unpack_dir");
- set_file_access($tmp_unpack_dir, OWNER_NAME, 0755);
- sg_addlog("sg_update_blacklist", "Unpack uploaded file '$from_file' -> '$tmp_unpack_dir'.", SQUIDGUARD_INFO);
-
- # 2. copy blacklist to squidGuard base & create entries list
- if (file_exists($tmp_unpack_dir)) {
- $blk_items = array();
- $blk_list = array();
-
- # scan blacklist items
- scan_blacklist_cat($tmp_unpack_dir, "blk", & $blk_items);
-
- # move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB)
- foreach ($blk_items as $key => $val) {
- $current_dbpath = "$arc_db_dir/$key";
- if (count($val)) {
- # make blk_list for config file
- $blk_list[$key] = $key;
-
- # delete '$current_dbpath' for correct moving
- # need moving $val['path'] to $current_dbpath
- # if $current_dbpath exists,
- # then $val['path'] will created as subdir - !it's worng!
- if (file_exists($current_dbpath))
- mwexec("rm -R $current_dbpath");
- mwexec("mv -f {$val['path']}/ $current_dbpath");
- sg_addlog("sg_update_blacklist", "Move {$val['path']}/ -> $current_dbpath.", SQUIDGUARD_INFO);
- }
- }
- set_file_access($arc_db_dir, OWNER_NAME, 0755);
-
- # -- DISABLED -- copy unrebuilded blacklist from arch_DB_to work DB & set access rights
-# mwexec("cp -R $arc_db_dir/ $dbhome");
-# set_file_access($dbhome, OWNER_NAME, 0755);
-
- # create entries list
- if (count($blk_items)) {
- # save to temp DB
- $blklist_file = SQUIDGUARD_VAR . SQUIDGUARD_BLK_ENTRIES;
- file_put_contents($blklist_file, implode("\n", array_keys($blk_items)));
- set_file_access ($blklist_file, OWNER_NAME, 0755);
-
- # -- DISABLED -- save copy to squidGuard config dir
-# $blklist_file = "{$squidguard_config[F_WORKDIR]}/" . SQUIDGUARD_BLK_ENTRIES;
-# file_put_contents($blklist_file, implode("\n", array_keys($blk_items)));
-# set_file_access ($blklist_file, OWNER_NAME, 0755);
- sg_addlog("sg_update_blacklist", "Create DB entries list '$blklist_file'.", SQUIDGUARD_INFO);
- }
-
- # make rebuild config (included all found dest items) & save to work dir
- $conf_path = SQUIDGUARD_VAR . DB_REBUILD_BLK_CONF; # "/tmp/squidGuard_rebuild_blk.conf";
- file_put_contents($conf_path, sg_create_simple_config($arc_db_dir, $blk_list));
- set_file_access($conf_path, OWNER_NAME, 0755);
- sg_addlog("sg_update_blacklist", "Create rebuild config '$conf_path'.", SQUIDGUARD_INFO);
-
- # *** SH script ***********************************************
- $sh_scr = Array();
- $sh_scr[] = "#!/bin/sh";
- $sh_scr[] = "cd $arc_db_dir";
- $sh_scr[] = $squidguard_config[F_BINPATH] . "/squidGuard -c $conf_path -C all";
- $sh_scr[] = "wait"; # wait while SG rebuild DB
- $sh_scr[] = "chown -R -v " . OWNER_NAME . " $arc_db_dir";
- $sh_scr[] = "chmod -R -v 0755 $arc_db_dir";
-
- # copy temp db to '/var/db/squidGuard (-R - recursive; -p - copy access rights)
- # '$bl_temp_dbhome/' - slash in end of path - copy only dir content (not self dir)
- $sh_scr[] = "cp -R -p $arc_db_dir/ $dbhome";
- $sh_scr[] = "cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR;
- # set DB owner and right access
- $sh_scr[] = "chown -R -v " . OWNER_NAME . " $dbhome";
- $sh_scr[] = "chmod -R -v 0755 $dbhome";
-
- # if new blacklist some as already installed, then restart squid for changes to take effects
- $blk_items_old = '';
- $blk_file_old = $squidguard_config[F_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
- if (file_exists($blk_items_old))
- $blk_items_old = file_get_contents($blk_file_old);
- if (!empty($blk_items_old) && ($blk_items_old === implode("\n", array_keys($blk_items)))) {
- $sh_scr[] = "/usr/local/sbin/squid -k reconfigure";
- $sh_scr[] = "wait"; # wait while process
- }
- unset($blk_file_old);
- unset($blk_items_old);
-
- # store & exec sh
- $sh_scr = implode("\n", $sh_scr);
- $shfile = DB_REBUILD_SH . "_blk";
- file_put_contents($shfile, $sh_scr);
- set_file_access($shfile, OWNER_NAME, 0755); # 0755 - script will execute
- # kill exists rebuild processes
-# mwexec("kill `ps auxw | grep \"$shfile\" | grep -v \"grep\" | awk '{print $2}'`"); # sh script
- mwexec("kill `ps auxw | grep \"squidGuard_blk_rebuild\" | grep -v \"grep\" | awk '{print $2}'`"); # squidGuard process
- mwexec_bg("nice -n 5 $shfile");
- sg_addlog("sg_update_blacklist", "Started sh script '$shfile'.", SQUIDGUARD_INFO);
-
- # clearing temp
-# mwexec("rm -R $bl_temp");
- }
- }
- conf_mount_ro();
-}
-
-
-# -----------------------------------------------------------------------------
-# sg_blacklist_rebuild_DB - update blacklist from file
-# -----------------------------------------------------------------------------
-function sg_entries_blacklist()
-{
- global $squidguard_config;
- $contents = '';
-
- $fl = SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES;
- if (file_exists($squidguard_config[F_WORKDIR]))
- $fl = $squidguard_config[F_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
- if (file_exists($fl))
- $contents = explode("\n", file_get_contents($fl));
-
- return $contents;
-}
-# -----------------------------------------------------------------------------
-# sg_blacklist_rebuild_db - rebuild current Blacklist DB (default: '/var/db/squidGuard')
-# -----------------------------------------------------------------------------
-function sg_blacklist_rebuild_db()
-{
- global $squidguard_config;
- $dst_list = array();
- $dbhome = $squidguard_config[F_DBHOME];
- $workdir = $squidguard_config[F_WORKDIR];
-
- # current dbhome and work dir's
- sg_addlog("sg_blacklist_rebuild_db", "Start with path '$dbhome'.", SQUIDGUARD_INFO);
-
- # make dest list
- $blklist_file = "$workdir/" . SQUIDGUARD_BLK_ENTRIES;
- if (file_exists($blklist_file)) {
- $blklist = explode("\n", file_get_contents($blklist_file));
- if (is_array($blklist))
- foreach($blklist as $bl) { $dst_list[$bl] = $bl; }
- }
-
- # rebuild user db ('/var/db/squidGuard')
- sg_rebuild_db("_blkdb", $dbhome, $dst_list);
-}
-
# ========================== UTILS =============================================
-# sg_uploadfile_from_url
-# upload file and put them to $destination_file
-# return = upload content
-# ------------------------------------------------------------------------------
-function sg_uploadfile_from_url($url_file, $destination_file, $proxy = '')
-{
- conf_mount_rw();
- # open destination file
- sg_addlog("sg_uploadfile_from_url", "Begin url'$url_file' proxy'$proxy'", SQUIDGUARD_INFO);
-
- $result = '';
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url_file);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- if (!empty($proxy)) {
- $ip = '';
- $login = '';
- $s = trim($proxy);
- if (strpos($s, ' ')) {
- $ip = substr($s, 0, strpos($s, ' '));
- $login = substr($s, strpos($s, ' ') + 1);
- } else $ip = $s;
- if($ip != '') {
- curl_setopt($ch, CURLOPT_PROXY, $ip);
- if($login != '')
- curl_setopt($ch, CURLOPT_PROXYUSERPWD, $login);
- }
- }
- $result=curl_exec ($ch);
- curl_close ($ch);
- if (!empty($destination_file))
- file_put_contents($destination_file, $result);
- else sg_addlog("sg_uploadfile_from_url", "Can't upload file", SQUIDGUARD_ERROR);
+# ------------------------------------------------------------------------------
- # for test
- file_put_contents(BLK_LOCALFILE, $result);
- conf_mount_rw();
- return $result;
-}
# ==============================================================================
# self utils
@@ -1718,94 +1507,6 @@ function scan_dir($dir)
}
return $files;
}
-# ------------------------------------------------------------------------------
-# restore_arc_blacklist - copy arc blacklist to db
-# ------------------------------------------------------------------------------
-function restore_arc_blacklist()
-{
- global $squidguard_config;
- $dbhome = SQUIDGUARD_DBHOME;
- $blklist_file = SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES;
- $arc_db_dir = SQUIDGUARD_DBSAMPLE;
- $arc_blklist_file = SQUIDGUARD_VAR . SQUIDGUARD_BLK_ENTRIES;
-
- if (file_exists($arc_db_dir) and file_exists($arc_blklist_file)) {
-# conf_mount_rw();
- # copy arc blacklist to work DB with permissions
- mwexec("cp -R -p $arc_db_dir/ $dbhome");
- set_file_access($dbhome, OWNER_NAME, 0755);
- sg_addlog("restore_arc_blacklist", "Restore blacklist archive from '$arc_db_dir'.", SQUIDGUARD_INFO);
-
- $blklist = "";
- $files = scan_dir("$arc_db_dir/");
- foreach ($files as $fl) {
- $blklist .= $fl . "\n";
- }
- file_put_contents($blklist_file, $blklist);
- set_file_access($blklist_file, OWNER_NAME, 0755);
-
- # copy black list file
-# copy($arc_blklist_file, $blklist_file);
-# set_file_access($blklist_file, OWNER_NAME, 0755);
-# sg_addlog("restore_arc_blacklist", "Restore black list file from '$arc_blklist_file' to '$blklist_file'.", SQUIDGUARD_INFO);
-# conf_mount_ro();
- } else {
- sg_addlog("restore_arc_blacklist", "File '$arc_db_dir' or '$blklist_file' not found.", SQUIDGUARD_ERROR);
- }
-}
-
-# ------------------------------------------------------------------------------
-# scan_blacklist_cat - scan all dirs and subdirs tree and make blk enrties list
-# $cur_dir - start directory
-# $key_name - current key name
-# ------------------------------------------------------------------------------
-# blk entry[key]:
-# ["domains"] domains file path
-# ["urls"] urls file path
-# ["expressions"] expressions file path
-# ------------------------------------------------------------------------------
-function scan_blacklist_cat($curdir, $key_name, $cat_array)
-{
-
- if (file_exists($curdir) and is_dir($curdir)) {
- $blk_entry = array();
- $files = scan_dir($curdir);
-
- foreach($files as $fls) {
- $fls_file = "$curdir/$fls";
-
- if (($fls != ".") and ($fls != "..")) {
- if (is_file($fls_file)) {
-
- # add files path
- switch(strtolower($fls)) {
- case "domains":
- $blk_entry["domains"] = $fls_file;
- $blk_entry["path"] = $curdir;
- break;
- case "urls":
- $blk_entry["urls"] = $fls_file;
- $blk_entry["path"] = $curdir;
- break;
- case "expressions":
- $blk_entry["expressions"] = $fls_file;
- $blk_entry["path"] = $curdir;
- break;
- }
- }
- elseif (is_dir($fls_file)) {
- $fls_key = $key_name . "_" . $fls;
-
- # recursive call
- scan_blacklist_cat($fls_file, $fls_key, & $cat_array);
- }
- }
- }
-
- if (count($blk_entry))
- $cat_array[$key_name] = $blk_entry;
- }
-}
# ******************************************************************************
# squidguard utils
@@ -2031,6 +1732,7 @@ function sg_check_src($sgx, $input_errors)
return empty($elog);
}
+
# ------------------------------------------------------------------------------
# check rebuild blacklist
# ------------------------------------------------------------------------------
@@ -2230,10 +1932,459 @@ function squidguard_setup_cron($task_key, $options, $on_off)
}
}
+# *****************************************************************************
+# RAMDisk
+# Temp ramdisk for quickly DB update
+# *****************************************************************************
+function squidguard_ramdisk($enable)
+{
+ $ramsize = 200;
+
+ # delete old squidguard ramdisk
+ if (file_exists("/dev/md15")) {
+ mwexec("umount -f " . SQUIDGUARD_TMP);
+ mwexec("sleep 1");
+ mwexec("mdconfig -d -u 15");
+ }
+
+ if ($enable === true) {
+ # create temp ramdisk
+ # size 300Mb very nice for work with Archive < 30Mb
+ # this is size use physical RAM + Swap file
+ mwexec("/sbin/mdmfs -s {$ramsize}M md15 " . SQUIDGUARD_TMP);
+ mwexec("chmod 1777 " . SQUIDGUARD_TMP);
+ }
+}
+
+# ******************************************************************************
+# Blacklist
+# ******************************************************************************
+
+# ------------------------------------------------------------------------------
+# squidguard_update_stat
+# ------------------------------------------------------------------------------
+function squidguard_update_log($msg, $new="")
+{
+ $to = $new ? ">" : ">>"; # create new or save to exists file
+ mwexec("echo $msg $to " . SG_UPDATE_STATFILE);
+}
+
+# -----------------------------------------------------------------------------
+# squidguard_blacklist_update_start()
+# -----------------------------------------------------------------------------
+function squidguard_blacklist_update_start($url_filename)
+{
+ # 1. if started - calncel
+ if (squidguard_blacklist_update_IsStarted()) squidguard_blacklist_update_cancel();
+
+ # 2. delete old script
+ if (file_exists(SCR_NAME_BLKUPDATE)) unlink(SCR_NAME_BLKUPDATE);
+
+ # 3. create new php script & set permissions
+ file_put_contents(SCR_NAME_BLKUPDATE, squidguard_script_blacklistupdate($url_filename, ""));
+ set_file_access (SCR_NAME_BLKUPDATE, OWNER_NAME, 0755);
+
+ # 4. start script background
+ mwexec_bg(SCR_NAME_BLKUPDATE);
+}
+
+# -----------------------------------------------------------------------------
+# squidguard_blacklist_update_cancel()
+# -----------------------------------------------------------------------------
+function squidguard_blacklist_update_cancel()
+{
+ # kill script and SG update process
+ mwexec("kill `ps auxwwww | grep '" . SCR_NAME_BLKUPDATE . "' | grep -v 'grep' | awk '{print $2}'`");
+ mwexec("kill `ps auxwwww | grep 'squidGuard -c .* -C all' | grep -v 'grep' | awk '{print $2}'`");
+ squidguard_ramdisk(false);
+
+ squidguard_update_log("Blacklist update terminated by user.", "");
+}
+
+# -----------------------------------------------------------------------------
+# squidguard_blacklist_update_IsStarted()
+# -----------------------------------------------------------------------------
+function squidguard_blacklist_update_IsStarted()
+{
+ return exec("ps auxwwww | grep '" . SCR_NAME_BLKUPDATE . "' | grep -v 'grep' | awk '{print $2}' | wc -l | awk '{ print $1 }'");
+}
+
+# -----------------------------------------------------------------------------
+# sg_reconfigure_blacklist($source_filename, $opt)
+# $source_filename - file name or url
+# $opt - option:
+# '' or 'local' - update from local file
+# 'url' - update from url
+# -----------------------------------------------------------------------------
+function sg_reconfigure_blacklist($source_filename, $opt = '')
+{
+ global $squidguard_config;
+ $sf = trim($source_filename);
+ $sf_contents = '';
+
+ sg_addlog("sg_reconfigure_blacklist", "Begin blacklist update.", SQUIDGUARD_INFO);
+ squidguard_update_log("Begin blacklist update", "New");
+
+ # 1. check system
+ sg_check_system();
+
+ # 2. download
+ if ($sf[0] === "/") { # local file - example '/tmp/blacklists.tar'
+ sg_addlog("sg_reconfigure_blacklist", "Update from file '$sf'.", SQUIDGUARD_INFO);
+ squidguard_update_log("Copy archive from file '$sf'");
+ if (file_exists($sf)) {
+ $sf_contents = file_get_contents($sf);
+ } else {
+ sg_addlog("sg_reconfigure_blacklist", "File '$sf' not found.", SQUIDGUARD_ERROR);
+ squidguard_update_log("File '$sf' not found.");
+ return;
+ }
+ }
+ # from url
+ else {
+ sg_addlog("sg_reconfigure_blacklist", "Download from url '$sf'.", SQUIDGUARD_INFO);
+ squidguard_update_log("Start download.");
+ $sf_contents = sg_uploadfile_from_url($sf, $opt);
+ }
+
+ # 3. update
+ if (empty($sf_contents)) {
+ sg_addlog("sg_reconfigure_blacklist", "Bad content from '$sf'. Terminate.", SQUIDGUARD_ERROR);
+ squidguard_update_log("Bad content from '$sf'. Terminate.");
+ return;
+ }
+
+ # save black list archive content to local file
+ file_put_contents(SG_UPDATE_TARFILE, $sf_contents);
+
+ # update blacklist
+ sg_update_blacklist(SG_UPDATE_TARFILE);
+}
+
+# ------------------------------------------------------------------------------
+# sg_update_blacklist - update blacklist from file
+# How it's work:
+# - unpack tar archive to temp dir
+# - copy subdir's tree to one-level TempDB
+# - rebuild TempDB
+# - create Blacklist files listing and copy to values dir and TempDB dir
+# - background rebuild temp DB via sh script (longer proccess) and copy to work DB
+# ------------------------------------------------------------------------------
+
+function sg_update_blacklist($from_file)
+{
+ global $squidguard_config;
+ $dbhome = SQUIDGUARD_DBHOME;
+ $workdir = SQUIDGUARD_WORKDIR;
+ $tmp_unpack_dir = SQUIDGUARD_TMP . SQUIDGUARD_BL_UNPACK;
+ $arc_db_dir = SQUIDGUARD_TMP . SG_BLK_ARC;
+ $conf_path = SQUIDGUARD_VAR . DB_REBUILD_BLK_CONF;
+ $blklist_file = SQUIDGUARD_BLK_FILELISTPATH;
+
+ sg_addlog("sg_update_blacklist", "Begin with '$from_file'.", SQUIDGUARD_INFO);
+
+ if (file_exists($from_file)) {
+ # check work and DB dir's
+ if (file_exists($squidguard_config[F_DBHOME])) $dbhome = $squidguard_config[F_DBHOME];
+ if (file_exists($squidguard_config[F_WORKDIR])) $workdir = $squidguard_config[F_WORKDIR];
+
+ # delete old tmp dir's
+ if (file_exists($tmp_unpack_dir)) mwexec("rm -R . $tmp_unpack_dir");
+ if (file_exists($arc_db_dir)) mwexec("rm -R . $arc_db_dir");
+ squidguard_ramdisk(false);
+
+ # create new tmp/arc dir's, use ramdisk for quick operations
+ squidguard_ramdisk(true);
+ mwexec("mkdir -p -m 0755 $tmp_unpack_dir");
+ mwexec("mkdir -p -m 0755 $arc_db_dir");
+
+ # 1. unpack archive
+ squidguard_update_log("Unpack archive");
+ mwexec("tar zxvf $from_file -C $tmp_unpack_dir");
+ set_file_access($tmp_unpack_dir, OWNER_NAME, 0755);
+ sg_addlog("sg_update_blacklist", "Unpack uploaded file '$from_file' -> '$tmp_unpack_dir'.", SQUIDGUARD_INFO);
+
+ # 2. copy blacklist to TempDB base & create entries list
+ squidguard_update_log("Scan blacklist categories.");
+ if (file_exists($tmp_unpack_dir)) {
+ $blk_items = array();
+ $blk_list = array();
+
+ # scan blacklist items
+ scan_blacklist_cat($tmp_unpack_dir, "blk", & $blk_items);
+
+ # move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB)
+ foreach ($blk_items as $key => $val) {
+ $current_dbpath = "$arc_db_dir/$key";
+ if (count($val)) {
+ # make blk_list for config file
+ $blk_list[$key] = $key;
+
+ # delete '$current_dbpath' for correct moving
+ # need moving $val['path'] to $current_dbpath
+ # if $current_dbpath exists, then $val['path'] will created as subdir - !it's worng!
+ if (file_exists($current_dbpath))
+ mwexec("rm -R $current_dbpath");
+ mwexec("mv -f {$val['path']}/ $current_dbpath");
+ sg_addlog("sg_update_blacklist", "Move {$val['path']}/ -> $current_dbpath.", SQUIDGUARD_INFO);
+ }
+ }
+ set_file_access($arc_db_dir, OWNER_NAME, 0755);
+
+ # create entries list
+ if (count($blk_items)) {
+ # save to temp DB
+ $cont = implode("\n", array_keys($blk_items));
+
+ # temp blacklist files
+ $blklist_file = $arc_db_dir . SQUIDGUARD_BLK_FILELIST;
+ file_put_contents($blklist_file, $cont);
+ set_file_access ($blklist_file, OWNER_NAME, 0755);
+
+ # system blacklist files
+ $blklist_file = SQUIDGUARD_BLK_FILELISTPATH;
+ file_put_contents($blklist_file, $cont);
+ set_file_access ($blklist_file, OWNER_NAME, 0755);
+
+ sg_addlog("sg_update_blacklist", "Create DB entries list '$blklist_file'.", SQUIDGUARD_INFO);
+ squidguard_update_log("Found " . count($blk_items) . " items.");
+ }
+
+ # rebuild db & save to work dir
+ squidguard_update_log("Start rebuild DB.");
+ squidguard_rebuild_db("blk_", $arc_db_dir, $blk_list);
+
+ squidguard_update_log("Copy DB to workdir.");
+ mwexec("cp -R -p $arc_db_dir/ $dbhome");
+ mwexec("cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR);
+ set_file_access($dbhome, OWNER_NAME, 0755);
+
+ squidguard_update_log("Reconfigure Squid proxy.");
+ mwexec("/usr/local/sbin/squid -k reconfigure");
+
+ squidguard_update_log("Blacklist update complete.");
+
+ }
+
+ # free ramdisk
+ squidguard_ramdisk(false);
+ }
+ else sg_addlog("sg_update_blacklist", "File $from_file not found.", SQUIDGUARD_ERROR);
+}
+
+# -----------------------------------------------------------------------------
+# sg_entries_blacklist
+# -----------------------------------------------------------------------------
+function sg_entries_blacklist()
+{
+ $contents = '';
+
+ $fl = SQUIDGUARD_BLK_FILELISTPATH;
+ if (file_exists($fl))
+ $contents = explode("\n", file_get_contents($fl));
+
+ return $contents;
+}
+# -----------------------------------------------------------------------------
+# sg_blacklist_rebuild_db - rebuild current Blacklist DB (default: '/var/db/squidGuard')
+# -----------------------------------------------------------------------------
+/*
+function sg_blacklist_rebuild_db()
+{
+ global $squidguard_config;
+ $dst_list = array();
+ $dbhome = $squidguard_config[F_DBHOME];
+ $workdir = $squidguard_config[F_WORKDIR];
+
+ # current dbhome and work dir's
+ sg_addlog("sg_blacklist_rebuild_db", "Start with path '$dbhome'.", SQUIDGUARD_INFO);
+
+ # make dest list
+ $blklist_file = SQUIDGUARD_BLK_FILELISTPATH;
+ if (file_exists($blklist_file)) {
+ $blklist = explode("\n", file_get_contents($blklist_file));
+ if (is_array($blklist))
+ foreach($blklist as $bl) { $dst_list[$bl] = $bl; }
+ }
+
+ # rebuild user db ('/var/db/squidGuard')
+ squidguard_rebuild_db("_blkdb", $dbhome, $dst_list);
+}
+*/
+# -----------------------------------------------------------------------------
+# sg_uploadfile_from_url
+# -----------------------------------------------------------------------------
+function sg_uploadfile_from_url($url_file, $proxy = '')
+{
+ $err = 0;
+ $download_tmpfile = SG_UPDATE_TMPFILE; #"/tmp/squidguard_download.tmp";
+ $download_logfile = SG_UPDATE_LOGFILE; #"/tmp/squidguard_download.log";
+
+ conf_mount_rw();
+ # open destination file
+ $s = "Download archive '$url_file'" . ( $proxy ? " via proxy'$proxy'" : "" );
+ sg_addlog("sg_uploadfile_from_url", $s, SQUIDGUARD_INFO);
+ squidguard_update_log( $s );
+
+ # open temp and log files for curl
+ $ftmp = fopen($download_tmpfile, "w"); # download result file
+ $flog = fopen($download_logfile, "w"); # download log file
+
+ $result = '';
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url_file);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($ch, CURLOPT_NOPROGRESS, 0);
+ curl_setopt($ch, CURLOPT_FILE, $ftmp);
+ curl_setopt($ch, CURLOPT_STDERR, $flog);
+
+ if (!empty($proxy)) {
+ $ip = '';
+ $login = '';
+ $s = trim($proxy);
+ if (strpos($s, ' ')) {
+ $ip = substr($s, 0, strpos($s, ' '));
+ $login = substr($s, strpos($s, ' ') + 1);
+ } else $ip = $s;
+
+ if($ip != '') {
+ curl_setopt($ch, CURLOPT_PROXY, $ip);
+ if($login != '')
+ curl_setopt($ch, CURLOPT_PROXYUSERPWD, $login);
+ }
+ }
+# $result=curl_exec ($ch);
+ curl_exec ($ch);
+ $err = curl_errno($ch);
+ if ($err)
+ squidguard_update_log( "Download error: " . curl_error($ch) );
+ else squidguard_update_log( "Download complete" );
+ curl_close ($ch);
+
+ # close temp and log files
+ fclose($ftmp);
+ fclose($flog);
+ conf_mount_ro();
+
+ if (!$err && file_exists( $download_tmpfile ))
+ $result = file_get_contents( $download_tmpfile );
+ return $result;
+}
+
+# ------------------------------------------------------------------------------
+# squidguard_blacklist_restore_arcdb - copy arc blacklist to db
+# ------------------------------------------------------------------------------
+function squidguard_blacklist_restore_arcdb()
+{
+ global $squidguard_config;
+ $dbhome = $squidguard_config[F_DBHOME] ? $squidguard_config[F_DBHOME] : SQUIDGUARD_DBHOME;
+ $blklist_file = SQUIDGUARD_BLK_FILELISTPATH;
+ $arc_db_dir = SQUIDGUARD_DBSAMPLE;
+
+ squidguard_update_log("Restore default blacklist DB.", "new");
+ if (file_exists($arc_db_dir)) {
+ conf_mount_rw();
+ # copy arc blacklist to work DB with permissions
+ mwexec("cp -R -p $arc_db_dir/ $dbhome");
+ set_file_access($dbhome, OWNER_NAME, 0755);
+ sg_addlog("squidguard_blacklist_restore_arcdb", "Restore blacklist archive from '$arc_db_dir'.", SQUIDGUARD_INFO);
+
+ # generate blacklist files list
+ $blklist = "";
+ $files = scan_dir("$arc_db_dir/");
+ if ($files) $blklist = implode("\n", $files);
+ file_put_contents($blklist_file, $blklist);
+ set_file_access($blklist_file, OWNER_NAME, 0755);
+
+ squidguard_rebuild_db("arc_", $dbhome, $files);
+
+ squidguard_update_log("Reconfigure Squid proxy.");
+ mwexec("/usr/local/sbin/squid -k reconfigure");
+
+ conf_mount_ro();
+ squidguard_update_log("Restore success.");
+ } else {
+ sg_addlog("squidguard_blacklist_restore_arcdb", "File '$arc_db_dir' or '$blklist_file' not found.", SQUIDGUARD_ERROR);
+ squidguard_update_log("Restore error: File '$arc_db_dir' or '$blklist_file' not found.");
+ }
+}
+
+# ------------------------------------------------------------------------------
+# scan_blacklist_cat - scan all dirs and subdirs tree and make blk enrties list
+# $cur_dir - start directory
+# $key_name - current key name
+# ------------------------------------------------------------------------------
+# blk entry[key]:
+# ["domains"] domains file path
+# ["urls"] urls file path
+# ["expressions"] expressions file path
+# ------------------------------------------------------------------------------
+function scan_blacklist_cat($curdir, $key_name, $cat_array)
+{
+
+ if (file_exists($curdir) and is_dir($curdir)) {
+ $blk_entry = array();
+ $files = scan_dir($curdir);
+
+ foreach($files as $fls) {
+ $fls_file = "$curdir/$fls";
+
+ if (($fls != ".") and ($fls != "..")) {
+ if (is_file($fls_file)) {
+
+ # add files path
+ switch(strtolower($fls)) {
+ case "domains":
+ $blk_entry["domains"] = $fls_file;
+ $blk_entry["path"] = $curdir;
+ break;
+ case "urls":
+ $blk_entry["urls"] = $fls_file;
+ $blk_entry["path"] = $curdir;
+ break;
+ case "expressions":
+ $blk_entry["expressions"] = $fls_file;
+ $blk_entry["path"] = $curdir;
+ break;
+ }
+ }
+ elseif (is_dir($fls_file)) {
+ $fls_key = $key_name . "_" . $fls;
+
+ # recursive call
+ scan_blacklist_cat($fls_file, $fls_key, & $cat_array);
+ }
+ }
+ }
+
+ if (count($blk_entry))
+ $cat_array[$key_name] = $blk_entry;
+ }
+}
+
+# =============================================================================
+# Blacklist Scripts
+# =============================================================================
+
+# squidGuard blacklist update php script
+function squidguard_script_blacklistupdate($fname, $opt)
+{
+ $sh[] = "#!/usr/local/bin/php -f";
+ $sh[] = "<?php";
+ $sh[] = " \$incl = \"/usr/local/pkg/squidguard_configurator.inc\";";
+ $sh[] = " if (file_exists(\$incl)) {";
+ $sh[] = " require_once(\$incl);";
+ $sh[] = " sg_reconfigure_blacklist( \"{$fname}\", \"{$opt}\" );";
+ $sh[] = " }";
+ $sh[] = " exit;";
+ $sh[] = "?>";
+ return implode ("\n", $sh);
+}
# @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
# classes
# @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+
class TSgTag
{
var $tag;
diff --git a/config/squidGuard/squidguard_default.xml b/config/squidGuard/squidguard_default.xml
index bcb6d41b..3d99259d 100644
--- a/config/squidGuard/squidguard_default.xml
+++ b/config/squidGuard/squidguard_default.xml
@@ -7,7 +7,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>squidguarddefault</name>
<version>none</version>
- <title>Proxy filter SquidGuard: Default</title>
+ <title>Proxy filter SquidGuard: Common Access Control List (ACL)</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<tabs>
<tab>
@@ -15,16 +15,16 @@
<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
</tab>
<tab>
- <text>Default</text>
+ <text>Common ACL</text>
<url>/pkg_edit.php?xml=squidguard_default.xml&amp;id=0</url>
<active/>
</tab>
<tab>
- <text>ACL</text>
+ <text>Special ACL</text>
<url>/pkg.php?xml=squidguard_acl.xml</url>
</tab>
<tab>
- <text>Destinations</text>
+ <text>Target categories</text>
<url>/pkg.php?xml=squidguard_dest.xml</url>
</tab>
<tab>
@@ -36,13 +36,17 @@
<url>/pkg.php?xml=squidguard_rewr.xml</url>
</tab>
<tab>
+ <text>Blacklist</text>
+ <url>/squidGuard/squidguard_blacklist.php</url>
+ </tab>
+ <tab>
<text>Log</text>
<url>/squidGuard/squidguard_log.php</url>
</tab>
</tabs>
<fields>
<field>
- <fielddescr>Default destination</fielddescr>
+ <fielddescr>Target Rules</fielddescr>
<fieldname>dest</fieldname>
<description></description>
<type>input</type>
diff --git a/config/squidGuard/squidguard_dest.xml b/config/squidGuard/squidguard_dest.xml
index bf252661..9d92a2fa 100644
--- a/config/squidGuard/squidguard_dest.xml
+++ b/config/squidGuard/squidguard_dest.xml
@@ -7,7 +7,7 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>squidguarddest</name>
<version>none</version>
- <title>Proxy filter SquidGuard: Destinations</title>
+ <title>Proxy filter SquidGuard: Target categories</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<delete_string>A proxy server user has been deleted.</delete_string>
<addedit_string>A proxy server user has been created/modified.</addedit_string>
@@ -17,15 +17,15 @@
<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
</tab>
<tab>
- <text>Default</text>
+ <text>Common ACL</text>
<url>/pkg_edit.php?xml=squidguard_default.xml&amp;id=0</url>
</tab>
<tab>
- <text>ACL</text>
+ <text>Special ACL</text>
<url>/pkg.php?xml=squidguard_acl.xml</url>
</tab>
<tab>
- <text>Destinations</text>
+ <text>Target categories</text>
<url>/pkg.php?xml=squidguard_dest.xml</url>
<active/>
</tab>
@@ -38,27 +38,19 @@
<url>/pkg.php?xml=squidguard_rewr.xml</url>
</tab>
<tab>
+ <text>Blacklist</text>
+ <url>/squidGuard/squidguard_blacklist.php</url>
+ </tab>
+ <tab>
<text>Log</text>
<url>/squidGuard/squidguard_log.php</url>
</tab>
</tabs>
<adddeleteeditpagefields>
<columnitem>
- <fielddescr>Destination name</fielddescr>
+ <fielddescr>Name</fielddescr>
<fieldname>name</fieldname>
</columnitem>
- <!--columnitem>
- <fielddescr>Domain list</fielddescr>
- <fieldname>domains</fieldname>
- </columnitem-->
- <!--columnitem>
- <fielddescr>URL list</fielddescr>
- <fieldname>urls</fieldname>
- </columnitem-->
- <!--columnitem>
- <fielddescr>Expressions</fielddescr>
- <fieldname>expressions</fieldname>
- </columnitem-->
<columnitem>
<fielddescr>Redirect</fielddescr>
<fieldname>redirect</fieldname>
@@ -93,24 +85,24 @@
<rows>10</rows>
</field>
<field>
- <fielddescr>Expressions</fielddescr>
- <fieldname>expressions</fieldname>
+ <fielddescr>URLs list</fielddescr>
+ <fieldname>urls</fieldname>
<description>
- Enter word fragments, what may be contains in destinations URL path.
- For separate expression words use '|'.
- &lt;p&gt; &lt;b&gt;Example:&lt;/b&gt; 'mail|casino|game' .
+ Enter url's here.
+ For separate urls's use ' '(space).
+ &lt;p&gt; &lt;b&gt;Example:&lt;/b&gt; 'host.com/xxx 12.10.220.125/alisa' .
</description>
<type>textarea</type>
<cols>60</cols>
<rows>10</rows>
</field>
<field>
- <fielddescr>URLs list</fielddescr>
- <fieldname>urls</fieldname>
+ <fielddescr>Expressions</fielddescr>
+ <fieldname>expressions</fieldname>
<description>
- Enter url's here.
- For separate urls's use ' '(space).
- &lt;p&gt; &lt;b&gt;Example:&lt;/b&gt; 'host.com/xxx 12.10.220.125/alisa' .
+ Enter word fragments, what may be contains in destinations URL path.
+ For separate expression words use '|'.
+ &lt;p&gt; &lt;b&gt;Example:&lt;/b&gt; 'mail|casino|game' .
</description>
<type>textarea</type>
<cols>60</cols>
diff --git a/config/squidGuard/squidguard_log.php b/config/squidGuard/squidguard_log.php
index fe70fa10..ddcea9ce 100644
--- a/config/squidGuard/squidguard_log.php
+++ b/config/squidGuard/squidguard_log.php
@@ -60,11 +60,12 @@ if (!in_array( $mode, array("blocked", "fgui", "flog", "pconf", "fconf"))) $mode
<?php
$tab_array = array();
$tab_array[] = array(gettext("General settings"), false, "/pkg_edit.php?xml=squidguard.xml&amp;id=0");
- $tab_array[] = array(gettext("Default"), false, "/pkg_edit.php?xml=squidguard_default.xml&amp;id=0");
- $tab_array[] = array(gettext("ACL"), false, "/pkg.php?xml=squidguard_acl.xml");
- $tab_array[] = array(gettext("Destinations"), false, "/pkg.php?xml=squidguard_dest.xml");
+ $tab_array[] = array(gettext("Common ACL"), false, "/pkg_edit.php?xml=squidguard_default.xml&amp;id=0");
+ $tab_array[] = array(gettext("Special ACL"), false, "/pkg.php?xml=squidguard_acl.xml");
+ $tab_array[] = array(gettext("Target categories"),false, "/pkg.php?xml=squidguard_dest.xml");
$tab_array[] = array(gettext("Times"), false, "/pkg.php?xml=squidguard_time.xml");
$tab_array[] = array(gettext("Rewrites"), false, "/pkg.php?xml=squidguard_rewr.xml");
+ $tab_array[] = array(gettext("Blacklist"), false, "/squidGuard/squidguard_blacklist.php");
$tab_array[] = array(gettext("Log"), true, "$selfpath");
display_top_tabs($tab_array);
?>
@@ -132,9 +133,9 @@ if (!in_array( $mode, array("blocked", "fgui", "flog", "pconf", "fconf"))) $mode
<?php include("fend.inc"); ?>
-<script type="text/javascript">
+<!--script type="text/javascript">
NiftyCheck();
Rounded("div#mainarea","bl br","#FFF","#eeeeee","smooth");
-</script>
+</script-->
</body>
</html> \ No newline at end of file
diff --git a/config/squidGuard/squidguard_log.xml b/config/squidGuard/squidguard_log.xml
index 654c0917..a01008fa 100644
--- a/config/squidGuard/squidguard_log.xml
+++ b/config/squidGuard/squidguard_log.xml
@@ -17,15 +17,15 @@
<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
</tab>
<tab>
- <text>Default</text>
+ <text>Common ACL</text>
<url>/pkg_edit.php?xml=squidguard_default.xml&amp;id=0</url>
</tab>
<tab>
- <text>ACL</text>
+ <text>Special ACL</text>
<url>/pkg.php?xml=squidguard_acl.xml</url>
</tab>
<tab>
- <text>Destinations</text>
+ <text>Target categories</text>
<url>/pkg.php?xml=squidguard_dest.xml</url>
</tab>
<tab>
@@ -37,6 +37,10 @@
<url>/pkg.php?xml=squidguard_rewr.xml</url>
</tab>
<tab>
+ <text>Blacklist</text>
+ <url>/squidGuard/squidguard_blacklist.php</url>
+ </tab>
+ <tab>
<text>Log</text>
<url>/squidGuard/squidguard_log.php</url>
<active/>
diff --git a/config/squidGuard/squidguard_rewr.xml b/config/squidGuard/squidguard_rewr.xml
index 4a2a71f3..52233133 100644
--- a/config/squidGuard/squidguard_rewr.xml
+++ b/config/squidGuard/squidguard_rewr.xml
@@ -15,15 +15,15 @@
<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
</tab>
<tab>
- <text>Default</text>
+ <text>Common ACL</text>
<url>/pkg_edit.php?xml=squidguard_default.xml&amp;id=0</url>
</tab>
<tab>
- <text>ACL</text>
+ <text>Special ACL</text>
<url>/pkg.php?xml=squidguard_acl.xml</url>
</tab>
<tab>
- <text>Destinations</text>
+ <text>Target categories</text>
<url>/pkg.php?xml=squidguard_dest.xml</url>
</tab>
<tab>
@@ -36,6 +36,10 @@
<active/>
</tab>
<tab>
+ <text>Blacklist</text>
+ <url>/squidGuard/squidguard_blacklist.php</url>
+ </tab>
+ <tab>
<text>Log</text>
<url>/squidGuard/squidguard_log.php</url>
</tab>
diff --git a/config/squidGuard/squidguard_time.xml b/config/squidGuard/squidguard_time.xml
index 83347fad..c62635fa 100644
--- a/config/squidGuard/squidguard_time.xml
+++ b/config/squidGuard/squidguard_time.xml
@@ -17,15 +17,15 @@
<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
</tab>
<tab>
- <text>Default</text>
+ <text>Common ACL</text>
<url>/pkg_edit.php?xml=squidguard_default.xml&amp;id=0</url>
</tab>
<tab>
- <text>ACL</text>
+ <text>Special ACL</text>
<url>/pkg.php?xml=squidguard_acl.xml</url>
</tab>
<tab>
- <text>Destinations</text>
+ <text>Target categories</text>
<url>/pkg.php?xml=squidguard_dest.xml</url>
</tab>
<tab>
@@ -38,13 +38,17 @@
<url>/pkg.php?xml=squidguard_rewr.xml</url>
</tab>
<tab>
+ <text>Blacklist</text>
+ <url>/squidGuard/squidguard_blacklist.php</url>
+ </tab>
+ <tab>
<text>Log</text>
<url>/squidGuard/squidguard_log.php</url>
</tab>
</tabs>
<adddeleteeditpagefields>
<columnitem>
- <fielddescr>Timename</fielddescr>
+ <fielddescr>Name</fielddescr>
<fieldname>name</fieldname>
</columnitem>
<columnitem>