diff options
| author | dvserg <dv_serg@mail.ru> | 2011-01-03 00:39:03 +0300 |
|---|---|---|
| committer | dvserg <dv_serg@mail.ru> | 2011-01-03 00:39:03 +0300 |
| commit | 4fc28f4f28f865773def1cebb722e6fa952a00a4 (patch) | |
| tree | 0a90983ca6cf6f0185196f8fc3cff6c0eb4de4cd | |
| parent | dc1b5278a45acaa35a08e55e0fb4ca79d833d614 (diff) | |
| download | pfsense-packages-4fc28f4f28f865773def1cebb722e6fa952a00a4.tar.gz pfsense-packages-4fc28f4f28f865773def1cebb722e6fa952a00a4.tar.bz2 pfsense-packages-4fc28f4f28f865773def1cebb722e6fa952a00a4.zip | |
squidGuard change blacklist
| -rw-r--r-- | config/squidGuard/squidguard.inc | 162 | ||||
| -rw-r--r-- | config/squidGuard/squidguard_configurator.inc | 170 |
2 files changed, 163 insertions, 169 deletions
diff --git a/config/squidGuard/squidguard.inc b/config/squidGuard/squidguard.inc index 12e52e35..5d78b0da 100644 --- a/config/squidGuard/squidguard.inc +++ b/config/squidGuard/squidguard.inc @@ -1,7 +1,7 @@ <?php # ------------------------------------------------------------------------------ /* squidguard.inc - (C)2006-2008 Serg Dvoriancev + (C)2006-2011 Serg Dvoriancev Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -33,50 +33,39 @@ require_once('pkg-utils.inc'); require_once('filter.inc'); require_once('service-utils.inc'); require_once('squidguard_configurator.inc'); -# ------------------------------------------------------------------------------ -define('SQUIDGUARD_CONFBASE', '/usr/local/etc/squid'); -define('SQUIDGUARD_CONFFILE', '/squidguard.conf'); -define('SQUIDGUARD_CONFXML', '/squidguard_conf.xml'); -define('SQUIDGUARD_BINPATH', '/usr/local/bin'); -define('SQUIDGUARD_WORKDIR', '/usr/local/etc/squidGuard'); -define('SQUIDGUARD_LOGDIR', '/var/squidGuard/log'); -define('SQUIDGUARD_DBHOME', '/var/db/squidGuard'); - -define('SQUIDGUARD_WEBGUI_LOG', '/squidguard_gui.log'); -define('SQUIDGUARD_WEBGUI_HISTORY_LOG', '/squidguard_gui_history.log'); # ------------------------------------------------------------------------------ - -define('F_NAME', 'name'); -define('F_DEST', 'dest'); -define('F_SOURCE', 'source'); -define('F_DESTINATION', 'dest'); -define('F_REWRITE', 'rewrite'); -define('F_REDIRECT', 'redirect'); -define('F_TIME', 'time'); -define('F_OVERDESTINATION', 'overdestination'); -define('F_OVERREWRITE', 'overrewrite'); -define('F_OVERREDIRECT', 'overredirect'); -define('F_TARGETURL', 'targeturl'); -define('F_REPLACETO', 'replaceto'); -define('F_TIMETYPE', 'timetype'); -define('F_TIMEDAYS', 'timedays'); -define('F_DATERANGE', 'daterange'); -define('F_TIMERANGE', 'sg_timerange'); -define('F_IPLIST', 'iplist'); -define('F_DESCRIPTION', 'description'); -define('F_EXPRESSIONS', 'expressions'); -define('F_DOMAINS', 'domains'); -define('F_URLS', 'urls'); -define('F_DISABLED', 'disabled'); -define('F_SQUIDGUARDENABLE','squidguard_enable'); -define('F_BLACKLIST', 'blacklist'); - +# fields +define('F_NAME', 'name'); +define('F_DEST', 'dest'); +define('F_SOURCE', 'source'); +define('F_DESTINATION', 'dest'); +define('F_REWRITE', 'rewrite'); +define('F_REDIRECT', 'redirect'); +define('F_TIME', 'time'); +define('F_OVERDESTINATION', 'overdestination'); +define('F_OVERREWRITE', 'overrewrite'); +define('F_OVERREDIRECT', 'overredirect'); +define('F_TARGETURL', 'targeturl'); +define('F_REPLACETO', 'replaceto'); +define('F_TIMETYPE', 'timetype'); +define('F_TIMEDAYS', 'timedays'); +define('F_DATERANGE', 'daterange'); +define('F_TIMERANGE', 'sg_timerange'); +define('F_IPLIST', 'iplist'); +define('F_DESCRIPTION', 'description'); +define('F_EXPRESSIONS', 'expressions'); +define('F_DOMAINS', 'domains'); +define('F_URLS', 'urls'); +define('F_DISABLED', 'disabled'); +define('F_SQUIDGUARDENABLE', 'squidguard_enable'); +define('F_BLACKLIST', 'blacklist'); +# prefixes define('PREF_UPTIME', 'uptime_'); define('PREF_UPTIME_DENY', 'uptimedeny_'); define('PREF_OVERTIME', 'overtime_'); define('PREF_OVERTIME_DENY', 'overtimedeny_'); - +# modules define('MODULE_GENERAL', 'squidguardgeneral'); define('MODULE_DEFAULT', 'squidguarddefault'); define('MODULE_ACL', 'squidguardacl'); @@ -85,18 +74,16 @@ define('MODULE_REWRITE', 'squidguardrewrite'); define('MODULE_SOURCE', 'squidguardsrc'); define('MODULE_TIME', 'squidguardtime'); define('MODULE_LOG', 'squidguardlog'); - -define('BLACKLIST_DEFAULT_URL', 'http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz'); # 360Kb +# blacklist +define('BLACKLIST_DEFAULT_URL', 'http://squidguard.mesd.k12.or.us/blacklists.tgz'); # 5Mb define('BLACKLIST_DEFAULT_URL1', 'http://www.shallalist.de/Downloads/shallalist.tar.gz'); # ~7Mb -define('BLACKLIST_TMP_FILE', '/var/tmp/blacklists.tar.gz'); -define('BLACKLIST_BTN_URL', 'Upload Url'); -define('BLACKLIST_BTN_LAST', 'Restore last'); - -define('BLACKLIST_LOGFILE', 'blacklist.log'); -define('APPLY_BTN', 'Apply'); -define('WEBGUI_HISTORY_LOG', 'on'); -define('TEST_LOG', '/var/tmp/sqtest.test'); -define('SAFESEARCH', 'safesearch'); +define('BLACKLIST_TMP_FILE', '/var/tmp/blacklists.tar.gz'); +define('BLACKLIST_BTN_URL', 'Upload Url'); +define('BLACKLIST_BTN_DEFAULT', 'Restore default'); +define('BLACKLIST_LOGFILE', 'blacklist.log'); +# +define('APPLY_BTN', 'Apply'); +define('SAFESEARCH', 'safesearch'); # ============================================================================== # Initialization @@ -328,9 +315,9 @@ function squidguard_resync() { } # blacklist restore last (if exists) - if ($submit == BLACKLIST_BTN_LAST) { - restore_arc_blacklist(); - } + if ($submit == BLACKLIST_BTN_DEFAULT) { + restore_arc_blacklist(); + } # apply changes //if ($submit == APPLY_BTN) { @@ -535,22 +522,24 @@ function squidguard_before_form_acl($pkg, $is_acl=true) { # --- Destinations --- # User destinations if ($squidguard_config[F_DESTINATIONS]) { - foreach($squidguard_config[F_DESTINATIONS]['item'] as $dst) + foreach($squidguard_config[F_DESTINATIONS]['item'] as $dst) { $dest_items[] = array ('name'=>$dst[F_NAME], 'upt_value'=>$acls_up[$dst[F_NAME]], 'ovt_value'=>$acls_over[$dst[F_NAME]], 'description'=>$dst[F_DESCRIPTION]); + } } # Blacklist if ($squidguard_config[F_BLACKLISTENABLED] === 'on') { $blk_entries = sg_entries_blacklist(); if (!empty($blk_entries)) { - foreach($blk_entries as $dst) + foreach($blk_entries as $dst) { $dest_items[] = array ('name'=>$dst, 'upt_value'=>$acls_up[$dst], 'ovt_value'=>$acls_over[$dst], 'description'=>''); + } } } @@ -602,16 +591,6 @@ function squidguard_before_form_acl($pkg, $is_acl=true) { } # ----------------------------------------------------------------------------- -# squidguard_before_form_log - must be deleted -# ----------------------------------------------------------------------------- -define('LOGSHOW_BUFSIZE', 16384); - -function squidguard_before_form_log($pkg) -{ -# delete me -} - -# ----------------------------------------------------------------------------- # make_grid_general_items # ----------------------------------------------------------------------------- function make_grid_general_items($id = '') @@ -649,7 +628,7 @@ function make_grid_blacklist() { $res = ''; # button 'Upload URL' and button 'Restore last blacklist' $res = "<hr><input name='submit' value='" . BLACKLIST_BTN_URL . "' type='submit'>"; - $res .= " <input name='submit' value='" . BLACKLIST_BTN_LAST . "' type='submit'>"; + $res .= " <input name='submit' value='" . BLACKLIST_BTN_DEFAULT . "' type='submit'>"; return $res; } @@ -677,11 +656,13 @@ function make_grid_controls($type, $items, $enable_overtime = true) { $x = 0; } - $name = $item['name']; + $name = trim($item['name']); $upt_val = $item['upt_value']; $ovt_val = $item['ovt_value']; $description = $item['description']; + if (!$name) continue; # skip empty + $sel = "selected=\"selected\""; $upt_A = $upt_B = $upt_C = $upt_D = ''; switch($upt_val) { @@ -707,7 +688,7 @@ function make_grid_controls($type, $items, $enable_overtime = true) { $tbl .= "<td $color>$description [$name]</td>"; $tbl .= "<td $color>access</td>"; $tbl .= "<td $color><select id=$tnm name=\"$tnm\">"; - if (substr_count($name, "all") === 0) { + if ($name !== "all"/*substr_count($name, "all") === 0*/) { $tbl .= "<option value=none name=\"----\" $upt_A>----</option>"; $tbl .= "<option value=white name=\"white\" $upt_C>whitelist</option>"; $tbl .= "<option value=deny name=\"deny\" $upt_D>deny </option>"; @@ -726,9 +707,9 @@ function make_grid_controls($type, $items, $enable_overtime = true) { $tbl .= "<td $color>$description [$name]</td>"; $tbl .= "<td $color>access</td>"; $tbl .= "<td $color><select id=$tnm name=\"$tnm\">"; - if (substr_count($name, "all") === 0) { + if ($name !== "all"/*substr_count($name, "all") === 0*/) { $tbl .= "<option value=none name=\"----\" $ovt_A>----</option>"; - $tbl .= "<option value=white name=\"white\" $ovt_C>white</option>"; + $tbl .= "<option value=white name=\"white\" $ovt_C>whitelist</option>"; $tbl .= "<option value=deny name=\"deny\" $ovt_D>deny </option>"; $tbl .= "<option value=allow name=\"allow\" $ovt_B>allow</option>"; } @@ -745,13 +726,13 @@ function make_grid_controls($type, $items, $enable_overtime = true) { if (!empty($tbl)) { $color = 'style="background-color: #dddddd;"'; $thdr = ''; - $hdr1up = "<big>Destination rules</big>"; - $hdr1ov = "<big>Destination rules in overtime</big>"; + $hdr1up = "<big>Destination Categories</big>"; + $hdr1ov = "<big>Destination Categories in overtime</big>"; $hds3 = "ACCESS: 'whitelist' - always pass; 'deny' - block; 'allow' - pass, if not blocked."; if ($enable_overtime) { $thdr .= "<tr><td colspan='8' align=left>$hds3</td></tr>"; $thdr .= "<tr $color><th colspan='4' align=middle>$hdr1up</th><th colspan='4' align=middle>$hdr1ov</th></tr>"; - $thdr .= "<tr $color><td colspan='4' align=middle></td><td colspan='4' align=middle>If <b>'Time'</b> not defined, this ruleset will be ignored</td></tr>"; + $thdr .= "<tr $color><td colspan='4' align=middle></td><td colspan='4' align=middle>If <b>'Time'</b> not defined, this is column will be ignored.</td></tr>"; # formatting $thdr .= "<tr><td/><td width='35%'/><td/><td/><td/><td width='35%'/><td/><td/></tr>"; } @@ -765,9 +746,9 @@ function make_grid_controls($type, $items, $enable_overtime = true) { $res .= "<table cellspacing='0' width='100%'> $thdr $tbl </table>"; $rstyle = ""; - $ha = "<div $color>" . + $ha = "<div $color>" . "<span onClick='document.getElementById(\"destrules\").style.display = \"block\";' style=\"cursor: pointer;\">" . - "<font size='-12'><big>Destination ruleset (click)</big> " . + "<font size='-12'><big>Destination Categories (click)</big> " . "<img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Show rules'> " . "</span>" . "<span style=\"cursor: pointer;\">" . @@ -811,7 +792,7 @@ function sg_check_unique_name($module_id, $name, $log='') { function sg_check_reserved_name($name, $log='') { $res = true; - $reserved = array("acl", "all", "dbhome", "default", "dest", "in-addr", "log", "logdir", "none", "pass", "rew", "src", "url", "user"); + $reserved = array("acl", "all", "allow", "dbhome", "default", "dest", "in-addr", "log", "logdir", "none", "pass", "rew", "src", "url", "user"); if (in_array(strtolower(trim($name)), $reserved)) { $res = false; @@ -829,13 +810,18 @@ function squidguard_install_command() { sg_check_system(); # generate squidGuard blacklist entries file (check with squidGuard PORT) - conf_mount_rw(); - $entries = array("ads", "aggressive", "audio-video", "drugs", "gambling", "hacking", - "mail", "porn", "proxy", "violence", "warez"); - file_put_contents(SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES, implode("\n", $entries)); +# conf_mount_rw(); + $blklist_file = SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES; + + # рассмотреть вариант слияния examples базы и существующей в системе + if (!file_exists($blklist_file)) { + # if blacklist not exists, then copy default db from samples +# $entries = array("ads", "aggressive", "audio-video", "drugs", "gambling", "hacking", "mail", "porn", "proxy", "violence", "warez"); +# file_put_contents($blklist_file, implode("\n", $entries)); + } set_file_access(SQUIDGUARD_WORKDIR, OWNER_NAME, 0755); set_file_access(SQUIDGUARD_DBHOME, OWNER_NAME, 0755); - conf_mount_ro(); +# conf_mount_ro(); sg_reconfigure(); } @@ -845,12 +831,14 @@ function squidguard_deinstall_command() { # remove entries from squid config squid_reconfigure('remove redirector options'); + # Note: When you reinstall should remain Database + # remove package and his depends - mwexec("pkg_delete squidGuard-1.2.0_1"); - mwexec("rm -rf " . SQUIDGUARD_WORKDIR); + #mwexec("pkg_delete squidGuard-1.2.0_1"); + #mwexec("rm -rf " . SQUIDGUARD_WORKDIR); # i known't, really need delete blacklist base? - mwexec("rm -rf " . SQUIDGUARD_DBHOME); - mwexec("/bin/rm -f " . SQUIDGUARD_CONFBASE . "/squidGuard*"); + #mwexec("rm -rf " . SQUIDGUARD_DBHOME); + #mwexec("/bin/rm -f " . SQUIDGUARD_CONFBASE . "/squidGuard*"); } # ------------------------------------------------------------------------------ @@ -1281,13 +1269,13 @@ function squidguard_squid_conflist( ) # get squidguard config list function squidguard_conflist( ) { - $fname = SQUIDGUARD_CONFBASE_DEF . SQUIDGUARD_CONFIGFILE; + $fname = SQUIDGUARD_CONFBASE . SQUIDGUARD_CONFIGFILE; $res = ""; if (file_exists( $fname )) $res = file_get_contents( $fname ); else $res = "File '$fname' not found."; - + return $res; } diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc index 035ab734..5c90d307 100644 --- a/config/squidGuard/squidguard_configurator.inc +++ b/config/squidGuard/squidguard_configurator.inc @@ -1,7 +1,7 @@ <?php # ------------------------------------------------------------------------------ /* squidguard_configurator.inc - (C)2006-2008 Serg Dvoriancev + (C)2006-2011 Serg Dvoriancev Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -50,14 +50,15 @@ require_once('filter.inc'); require_once('service-utils.inc'); require_once('squid.inc'); -/* Allow additional execution time 0 = no limit. */ +# ------------------------------------------------------------------------------ +# Allow additional execution time 0 = no limit +# ------------------------------------------------------------------------------ ini_set('max_execution_time', '3600'); ini_set('max_input_time', '3600'); ini_set('memory_limit', '100M'); -# +# ------------------------------------------------------------------------------ # ToDo ! Must use all settings via $squidguard_config ! -# Add check names for reserved words 'none, all, default, no-ip, block' # Sdelat rewrite dlya smeny skachivaniya # ------------------------------------------------------------------------------ @@ -79,21 +80,14 @@ define('CONFIG_SG_HEADER', " # ============================================================ "); -define('ACL_WARNING_ABSENSE_PASS', "!WARNING! Absence PASS 'all' or 'none' added as 'none'"); - # ------------------------------------------------------------------------------ # squid config options # ------------------------------------------------------------------------------ -define('REDIRECTOR_OPTIONS_REM', '# squidGuard options'); -define('REDIRECTOR_PROGRAM_OPT', 'redirect_program'); -define('REDIRECT_BYPASS_OPT', 'redirector_bypass'); -define('REDIRECT_CHILDREN_OPT', 'redirect_children'); - -# ------------------------------------------------------------------------------ -# setup count redirector processes will started -# * for big count users service increase this option, but you need use this on powerful system -# ------------------------------------------------------------------------------ -define('REDIRECTOR_PROCESS_COUNT', '3'); +define('REDIRECTOR_OPTIONS_REM', '# squidGuard options'); +define('REDIRECTOR_PROGRAM_OPT', 'redirect_program'); +define('REDIRECT_BYPASS_OPT', 'redirector_bypass'); +define('REDIRECT_CHILDREN_OPT', 'redirect_children'); +define('REDIRECTOR_PROCESS_COUNT', '3'); # redirector processes count will started # ------------------------------------------------------------------------------ # squidguard config options @@ -106,48 +100,49 @@ define('REDIRECT_BASE_URL', '/sgerror.php'); define('REDIRECT_URL_ARGS', '&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u'); # ------------------------------------------------------------------------------ -# squidguard system defines +# squidguard system constants # ------------------------------------------------------------------------------ -define('SQUID_CONFIGFILE', '/usr/local/etc/squid/squid.conf'); -define('TMP_DIR', '/var/tmp'); - -define('SQUIDGUARD_CONFIGFILE', '/squidGuard.conf'); -define('SQUIDGUARD_CONFLOGFILE', '/sg_configurator.log'); -define('SQUIDGUARD_LOGFILE', 'block.log'); -define('SQUIDGUARD_CONFBASE_DEF', '/usr/local/etc/squid'); -define('SQUIDGUARD_LOGDIR_DEF', '/tmp'); -define('SQUIDGUARD_WORKDIR_DEF', '/usr/local/etc/squidGuard'); -define('SQUIDGUARD_BINPATH_DEF', '/usr/local/bin'); -define('SQUIDGUARD_TMP', '/var/tmp/squidGuard'); # SG temp -define('SQUIDGUARD_VAR', '/var/squidGuard'); # SG variables -define('SQUIDGUARD_STATE', '/squidGuard.state'); -define('SQUIDGUARD_REBUILD', '/squidGuard.rebuild'); - -define('SQUIDGUARD_SCR_LOGROTATE', '/usr/local/etc/rc.d/squidGuard_logrotate'); # Logrotate script - +define('SQUID_CONFIGFILE', '/usr/local/etc/squid/squid.conf'); +define('TMP_DIR', '/var/tmp'); +# +define('SQUIDGUARD_CONFIGFILE', '/squidGuard.conf'); +define('SQUIDGUARD_CONFLOGFILE', '/sg_configurator.log'); +define('SQUIDGUARD_LOGFILE', 'block.log'); +define('SQUIDGUARD_CONFBASE', '/usr/local/etc/squid'); +define('SQUIDGUARD_WORKDIR', '/usr/local/etc/squidGuard'); +define('SQUIDGUARD_BINPATH', '/usr/local/bin'); +define('SQUIDGUARD_TMP', '/var/tmp/squidGuard'); # SG temp +define('SQUIDGUARD_VAR', '/var/squidGuard'); # SG variables +define('SQUIDGUARD_STATE', '/squidGuard.state'); +define('SQUIDGUARD_REBUILD', '/squidGuard.rebuild'); +define('SQUIDGUARD_CONFXML', '/squidguard_conf.xml'); +define('SQUIDGUARD_DBHOME', '/var/db/squidGuard'); +define('SQUIDGUARD_DBSAMPLE', '/var/db/squidGuard.sample'); +define('SQUIDGUARD_LOGDIR', '/var/squidGuard/log'); +define('SQUIDGUARD_WEBGUI_LOG', '/squidguard_gui.log'); +define('SQUIDGUARD_WEBGUI_HISTORY_LOG', '/squidguard_gui_history.log'); +# +define('SQUIDGUARD_SCR_LOGROTATE', '/usr/local/etc/rc.d/squidGuard_logrotate'); # Logrotate script +# # DB home catalog contains 'Blacklist' and 'User' sub-catalogs -define('SQUIDGUARD_DBHOME_DEF', '/var/db/squidGuard'); -define('SQUIDGUARD_DB_BLACKLIST', '/bl'); -define('SQUIDGUARD_DB_USER', '/usr'); -define('SQUIDGUARD_BL_UNPACK', '/unpack'); -define('SQUIDGUARD_BL_DB', '/db'); - +define('SQUIDGUARD_DB_BLACKLIST', '/bl'); +define('SQUIDGUARD_DB_USER', '/usr'); +define('SQUIDGUARD_BL_UNPACK', '/unpack'); +define('SQUIDGUARD_BL_DB', '/db'); +# # DB/Blacklist defines -define('SQUIDGUARD_BLK_ENTRIES', '/blacklist.files'); -define('BLACKLIST_ARCHIVE', '/blacklists.tar'); -define('BLK_LOCALFILE', '/root/sg_blacklists.tar'); -define('DB_REBUILD_SH', '/tmp/squidGuard_db_rebuild.sh'); -define('DB_REBUILD_CONF', '/tmp/squidGuard_db_rebuild.conf'); -define('DB_REBUILD_BLK_CONF', '/squidGuard_blk_rebuild.conf'); -define('BLK_TEMP', '/tmp/sg_blk'); -define('SG_BLK_ARC', '/arcdb'); # blk db archive -define('SG_INFO_FILE', '/var/squidGuard/sg_db_upd.inf'); - -# error_res -define('SG_ERR0', "Error! Check squidGuard configuration data."); +define('SQUIDGUARD_BLK_ENTRIES', '/blacklist.files'); +define('BLACKLIST_ARCHIVE', '/blacklists.tar'); +define('BLK_LOCALFILE', '/root/sg_blacklists.tar'); +define('DB_REBUILD_SH', '/tmp/squidGuard_db_rebuild.sh'); +define('DB_REBUILD_CONF', '/tmp/squidGuard_db_rebuild.conf'); +define('DB_REBUILD_BLK_CONF', '/squidGuard_blk_rebuild.conf'); +define('BLK_TEMP', '/tmp/sg_blk'); +define('SG_BLK_ARC', '/arcdb'); # blk db archive +define('SG_INFO_FILE', '/var/squidGuard/sg_db_upd.inf'); # ============================================================================== -# DEFINES +# CONSTANTS # ============================================================================== # redirect mode define('RMOD_NONE', 'rmod_none'); @@ -159,11 +154,14 @@ define('RMOD_EXT_ERR', 'rmod_ext_err'); define('RMOD_EXT_RDR', 'rmod_ext_rdr'); define('RMOD_EXT_MOVED', 'rmod_ext_mov'); define('RMOD_EXT_FOUND', 'rmod_ext_fnd'); - -# 0-error, 1-warning; 2-info -define('SQUIDGUARD_INFO', 2); -define('SQUIDGUARD_WARNING', 1); -define('SQUIDGUARD_ERROR', 0); +# Log level: 0-error, 1-warning; 2-info +define('SQUIDGUARD_INFO', 2); +define('SQUIDGUARD_WARNING', 1); +define('SQUIDGUARD_ERROR', 0); +# error_res +define('SG_ERR0', "Error! Check squidGuard configuration data."); +# +define('ACL_WARNING_ABSENSE_PASS', "!WARNING! Absence PASS 'all' or 'none' added as 'none'"); # ============================================================================== # OPTIONS @@ -270,9 +268,9 @@ define('F_CURRENT_LAN_IP', 'current_lan_ip'); define('F_CURRENT_GUI_PORT', 'current_gui_port'); define('F_CURRENT_GUI_PROTO', 'current_gui_protocol'); -# ------------------------------------------------------------------------------ +# ============================================================================== # Globals -# ------------------------------------------------------------------------------ +# ============================================================================== $squidguard_config = array(); # squidGuard config array # call default init @@ -288,12 +286,12 @@ function sg_init($init = '') $squidguard_config = array(); if(empty($init) or !is_array($init) ) { # default init (for generate minimal config) - $squidguard_config[F_LOGDIR] = SQUIDGUARD_LOGDIR_DEF; - $squidguard_config[F_DBHOME] = SQUIDGUARD_DBHOME_DEF; - $squidguard_config[F_WORKDIR] = SQUIDGUARD_WORKDIR_DEF; - $squidguard_config[F_BINPATH] = SQUIDGUARD_BINPATH_DEF; + $squidguard_config[F_LOGDIR] = SQUIDGUARD_LOGDIR; + $squidguard_config[F_DBHOME] = SQUIDGUARD_DBHOME; + $squidguard_config[F_WORKDIR] = SQUIDGUARD_WORKDIR; + $squidguard_config[F_BINPATH] = SQUIDGUARD_BINPATH; $squidguard_config[F_SQUIDCONFIGFILE] = SQUID_CONFIGFILE; - $squidguard_config[F_PROCCESSCOUNT] = REDIRECTOR_PROCESS_COUNT; + $squidguard_config[F_PROCCESSCOUNT] = REDIRECTOR_PROCESS_COUNT; } else { # copy config from $init foreach($init as $key => $in) @@ -340,7 +338,7 @@ function sg_save_configxml($filename) function sg_reconfigure() { global $squidguard_config; - $conf_file = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARD_CONFIGFILE; + $conf_file = SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFIGFILE; # 1. check system sg_check_system(); @@ -680,7 +678,7 @@ function sg_addlog($module, $log, $level = 0) } $logfile = ''; - $logfile = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARD_CONFLOGFILE; + $logfile = SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE; $log_content = array(); setlocale(LC_TIME, ''); @@ -713,7 +711,7 @@ function sg_getlog($last_entries_count) { global $squidguard_config; $log_content = ''; - $logfile = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARD_CONFLOGFILE; + $logfile = SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE; # define logfile if (!empty($squidguard_config) && file_exists($squidguard_config[F_LOGDIR])) @@ -920,7 +918,7 @@ function sg_create_config() $sg_tag->items[] = "s@{$rw[F_TARGETURL]}@{$rw[F_REPLACETO]}@{$rw[F_MODE]}"; if ($squidguard_config[F_ENABLELOG] == 'on' ) { - if ($rew[F_LOG]) + if ($rew[F_LOG]) $sg_tag->items[] = "log " . SQUIDGUARD_LOGFILE; } @@ -1485,8 +1483,8 @@ function sg_update_blacklist($from_file) { global $squidguard_config; conf_mount_rw(); - $dbhome = SQUIDGUARD_DBHOME_DEF; - $workdir = SQUIDGUARD_WORKDIR_DEF; + $dbhome = SQUIDGUARD_DBHOME; + $workdir = SQUIDGUARD_WORKDIR; $tmp_unpack_dir = SQUIDGUARD_TMP . SQUIDGUARD_BL_UNPACK; $arc_db_dir = SQUIDGUARD_VAR . SG_BLK_ARC; @@ -1571,7 +1569,7 @@ function sg_update_blacklist($from_file) # copy temp db to '/var/db/squidGuard (-R - recursive; -p - copy access rights) # '$bl_temp_dbhome/' - slash in end of path - copy only dir content (not self dir) $sh_scr[] = "cp -R -p $arc_db_dir/ $dbhome"; - $sh_scr[] = "cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR_DEF; + $sh_scr[] = "cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR; # set DB owner and right access $sh_scr[] = "chown -R -v " . OWNER_NAME . " $dbhome"; $sh_scr[] = "chmod -R -v 0755 $dbhome"; @@ -1615,7 +1613,7 @@ function sg_entries_blacklist() global $squidguard_config; $contents = ''; - $fl = SQUIDGUARD_WORKDIR_DEF . SQUIDGUARD_BLK_ENTRIES; + $fl = SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES; if (file_exists($squidguard_config[F_WORKDIR])) $fl = $squidguard_config[F_WORKDIR] . SQUIDGUARD_BLK_ENTRIES; if (file_exists($fl)) @@ -1726,23 +1724,31 @@ function scan_dir($dir) function restore_arc_blacklist() { global $squidguard_config; - $dbhome = SQUIDGUARD_DBHOME_DEF; - $blklist_file = SQUIDGUARD_WORKDIR_DEF . SQUIDGUARD_BLK_ENTRIES; - $arc_db_dir = SQUIDGUARD_VAR . SG_BLK_ARC; + $dbhome = SQUIDGUARD_DBHOME; + $blklist_file = SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES; + $arc_db_dir = SQUIDGUARD_DBSAMPLE; $arc_blklist_file = SQUIDGUARD_VAR . SQUIDGUARD_BLK_ENTRIES; if (file_exists($arc_db_dir) and file_exists($arc_blklist_file)) { - conf_mount_rw(); +# conf_mount_rw(); # copy arc blacklist to work DB with permissions mwexec("cp -R -p $arc_db_dir/ $dbhome"); set_file_access($dbhome, OWNER_NAME, 0755); sg_addlog("restore_arc_blacklist", "Restore blacklist archive from '$arc_db_dir'.", SQUIDGUARD_INFO); - # copy black list file - copy($arc_blklist_file, $blklist_file); + $blklist = ""; + $files = scan_dir("$arc_db_dir/"); + foreach ($files as $fl) { + $blklist .= $fl . "\n"; + } + file_put_contents($blklist_file, $blklist); set_file_access($blklist_file, OWNER_NAME, 0755); - sg_addlog("restore_arc_blacklist", "Restore black list file from '$arc_blklist_file' to '$blklist_file'.", SQUIDGUARD_INFO); - conf_mount_ro(); + + # copy black list file +# copy($arc_blklist_file, $blklist_file); +# set_file_access($blklist_file, OWNER_NAME, 0755); +# sg_addlog("restore_arc_blacklist", "Restore black list file from '$arc_blklist_file' to '$blklist_file'.", SQUIDGUARD_INFO); +# conf_mount_ro(); } else { sg_addlog("restore_arc_blacklist", "File '$arc_db_dir' or '$blklist_file' not found.", SQUIDGUARD_ERROR); } @@ -2143,7 +2149,7 @@ function sg_script_logrotate() { global $squidguard_config; $sglogname = $squidguard_config[F_LOGDIR] . "/" . SQUIDGUARD_LOGFILE; - $res = + $res = <<<EOD #!/bin/sh # |