aboutsummaryrefslogtreecommitdiffstats
path: root/config/squidGuard-devel/squidguard.inc
diff options
context:
space:
mode:
authorLuiz G. Costa <luizgustavo@luizgustavo.pro.br>2013-09-26 15:50:34 -0300
committerLuiz G. Costa <luizgustavo@luizgustavo.pro.br>2013-09-26 15:50:34 -0300
commitf1d24481b1af528e74d4c96c6af2c56e3b976a69 (patch)
treef95a9864abe569c74da0beaf4559e1a5c1c988d0 /config/squidGuard-devel/squidguard.inc
parent2b744d1d50383d698e198aa5e8f65b95c7399c25 (diff)
downloadpfsense-packages-f1d24481b1af528e74d4c96c6af2c56e3b976a69.tar.gz
pfsense-packages-f1d24481b1af528e74d4c96c6af2c56e3b976a69.tar.bz2
pfsense-packages-f1d24481b1af528e74d4c96c6af2c56e3b976a69.zip
Add package Squidguard 1.5 beta option
Diffstat (limited to 'config/squidGuard-devel/squidguard.inc')
-rw-r--r--config/squidGuard-devel/squidguard.inc1651
1 files changed, 1651 insertions, 0 deletions
diff --git a/config/squidGuard-devel/squidguard.inc b/config/squidGuard-devel/squidguard.inc
new file mode 100644
index 00000000..d58dfb79
--- /dev/null
+++ b/config/squidGuard-devel/squidguard.inc
@@ -0,0 +1,1651 @@
+<?php
+# ------------------------------------------------------------------------------
+/* squidguard.inc
+
+ Copyright (C) 2006-2011 Serg Dvoriancev
+ Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
+ Copyright (C) 2013 Marcello Coutinho
+
+ part of pfSense (www.pfSense.com)
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code MUST retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form MUST reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+# ------------------------------------------------------------------------------
+
+require_once('globals.inc');
+require_once('config.inc');
+require_once('util.inc');
+require_once('pfsense-utils.inc');
+require_once('pkg-utils.inc');
+require_once('filter.inc');
+require_once('service-utils.inc');
+require_once('squidguard_configurator.inc');
+
+# ------------------------------------------------------------------------------
+# fields
+define('F_NAME', 'name');
+define('F_DEST', 'dest');
+define('F_SOURCE', 'source');
+define('F_DESTINATION', 'dest');
+define('F_REWRITE', 'rewrite');
+define('F_REDIRECT', 'redirect');
+define('F_TIME', 'time');
+define('F_OVERDESTINATION', 'overdestination');
+define('F_OVERREWRITE', 'overrewrite');
+define('F_OVERREDIRECT', 'overredirect');
+define('F_TARGETURL', 'targeturl');
+define('F_REPLACETO', 'replaceto');
+define('F_TIMETYPE', 'timetype');
+define('F_TIMEDAYS', 'timedays');
+define('F_DATERANGE', 'daterange');
+define('F_TIMERANGE', 'sg_timerange');
+define('F_IPLIST', 'iplist');
+define('F_DESCRIPTION', 'description');
+define('F_EXPRESSIONS', 'expressions');
+define('F_DOMAINS', 'domains');
+define('F_URLS', 'urls');
+define('F_DISABLED', 'disabled');
+define('F_SQUIDGUARDENABLE', 'squidguard_enable');
+define('F_BLACKLIST', 'blacklist');
+
+# prefixes
+define('PREF_UPTIME', 'uptime_');
+define('PREF_UPTIME_DENY', 'uptimedeny_');
+define('PREF_OVERTIME', 'overtime_');
+define('PREF_OVERTIME_DENY', 'overtimedeny_');
+# modules
+define('MODULE_GENERAL', 'squidguardgeneral');
+define('MODULE_DEFAULT', 'squidguarddefault');
+define('MODULE_ACL', 'squidguardacl');
+define('MODULE_DESTINATION', 'squidguarddest');
+define('MODULE_REWRITE', 'squidguardrewrite');
+define('MODULE_SOURCE', 'squidguardsrc');
+define('MODULE_TIME', 'squidguardtime');
+define('MODULE_LOG', 'squidguardlog');
+# blacklist
+define('BLACKLIST_DEFAULT_URL', 'http://squidguard.mesd.k12.or.us/blacklists.tgz'); # 5Mb
+define('BLACKLIST_DEFAULT_URL1', 'http://www.shallalist.de/Downloads/shallalist.tar.gz'); # ~7Mb
+define('BLACKLIST_TMP_FILE', '/var/tmp/blacklists.tar.gz');
+define('BLACKLIST_BTN_URL', 'Upload Url');
+define('BLACKLIST_BTN_DEFAULT', 'Restore default');
+define('BLACKLIST_LOGFILE', 'blacklist.log');
+#
+define('APPLY_BTN', 'Apply');
+define('SAFESEARCH', 'safesearch');
+
+# ==============================================================================
+# Initialization
+# ==============================================================================
+# use global variable $squidguard_config, defined in squidguard_configurator.inc
+sg_init(convert_pfxml_to_sgxml());
+
+# ==============================================================================
+# Validations
+# ==============================================================================
+function squidguard_validate($post, $input_errors)
+{
+ $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit'];
+
+ # check config if 'Apply'
+ if ($submit === APPLY_BTN) sg_check_config_data(&$input_errors);
+}
+
+# ------------------------------------------------------------------------------
+# validate default
+# ------------------------------------------------------------------------------
+function squidguard_validate_default($post, $input_errors)
+{
+ squidguard_validate_acl($post, &$input_errors);
+}
+
+# ------------------------------------------------------------------------------
+# validate acl
+# ------------------------------------------------------------------------------
+function squidguard_validate_acl($post, $input_errors)
+{
+ $pass_up = array();
+ $deny_up = array();
+ $pass_up_val = '';
+ $pass_over = array();
+ $deny_over = array();
+ $pass_over_val = '';
+ $id = get_item_id();
+
+ # check name ('source')
+ $name = trim($post[F_NAME]);
+ if(!empty($name)) {
+ # validate name format
+ check_name_format($name, &$input_errors);
+
+ # check unique name
+ if (!sg_check_unique_name(F_ACLS, $name))
+ $input_errors[] = "Name '$name' already exists.";
+
+ # check reserved
+ if (!sg_check_reserved_name($name))
+ $input_errors[] = "Name '$name' is reserved.";
+
+ # check source
+ $sgx = array();
+ $sgx[F_NAME] = $post[F_NAME];
+ $sgx[F_SOURCE] = $post[F_SOURCE];
+ sg_check_src($sgx, &$input_errors);
+ }
+
+ # store destinations to 'dest' value
+ foreach ($post as $key => $val) {
+ if (substr_count($key, PREF_UPTIME) != 0) {
+ $name = str_replace(PREF_UPTIME, '', $key);
+ if ($name) {
+ switch($val) {
+ case "allow": $pass_up_val .= " $name"; break;
+ case "white": $pass_up_val .= " ^$name"; break;
+ case "deny" : $pass_up_val .= " !$name"; break;
+ }
+ }
+ }
+ elseif (substr_count($key, PREF_OVERTIME) != 0) {
+ $name = str_replace(PREF_OVERTIME, '', $key);
+ if ($name) {
+ switch($val) {
+ case "allow": $pass_over_val .= " $name"; break;
+ case "white": $pass_over_val .= " ^$name"; break;
+ case "deny" : $pass_over_val .= " !$name"; break;
+ }
+ }
+ }
+ }
+
+ # !ATTENTION! on pfSense XML config must be must(shell) be '!all' instead of 'none' - it is a must for correct work GUI
+
+ # if not exists key 'all', then add 'none' - default 'deny all'
+ if ((substr_count($pass_up_val, 'all') == 0)) {
+ $pass_up_val .= ' !all';
+ }
+
+ if (!empty($pass_over_val) && (substr_count($pass_over_val, 'all') == 0)) {
+ $pass_over_val .= ' !all';
+ }
+
+ if (empty($pass_over_val))
+ $post[F_DEST] = "$pass_up_val";
+ else $post[F_DEST] = "$pass_up_val [$pass_over_val]";
+
+ # check redirect
+ $errmsg = '';
+ if (!sg_check_redirect($post[F_RMOD], $post[F_REDIRECT], &$errmsg)) {
+ $input_errors[] = "Redirect info error. $errmsg";
+ }
+}
+
+# ------------------------------------------------------------------------------
+# validate times
+# Format:
+# date: <date(or range)><time (or range)> -- days not parsed (reset to *)
+# weekly: <day or *><time or range> -- dates not parsed (reset to '')
+# ------------------------------------------------------------------------------
+function squidguard_validate_times($post, $input_errors)
+{
+ $id = get_item_id();
+
+ # check name
+ $name = trim($post[F_NAME]);
+ if(!empty($name)) {
+ check_name_format($name, &$input_errors);
+
+ # check unique name
+ if (!sg_check_unique_name(F_TIMES, $name))
+ $input_errors[] = "Name '$name' already exists";
+
+ # check reserved
+ if (!sg_check_reserved_name($name))
+ $input_errors[] = "Name '$name' is reserved.";
+ }
+
+ # --- check format ---
+ $sgx = array();
+ $sgx[F_NAME] = $post[F_NAME];
+ $sgx[F_DESCRIPTION] = $post[F_DESCRIPTION];
+ # fields of $post have 'fnameX' format
+ for ($i=0; isset($post[F_TIMETYPE."$i"]); $i++) {
+ # correct and update
+ if (strtolower($post[F_TIMETYPE."$i"]) === "date") {
+ $post[F_TIMEDAYS."$i"] = '*';
+ # date cant be empty
+ if (trim($post[F_DATERANGE."$i"]) == '') $post[F_DATERANGE."$i"] = "*.*.*";
+ }
+ else $post[F_DATERANGE."$i"] = '';
+
+ if (trim($post[F_TIMERANGE."$i"]) == '') $post[F_TIMERANGE."$i"] = "00:00-23:59";
+
+ # $post->xml
+ $sgx_row = array();
+ $sgx_row[F_TIMETYPE] = $post[F_TIMETYPE."$i"];
+ $sgx_row[F_TIMEDAYS] = $post[F_TIMEDAYS."$i"];
+ $sgx_row[F_DATERANGE] = $post[F_DATERANGE."$i"];
+ $sgx_row[F_TIMERANGE] = $post[F_TIMERANGE."$i"];
+ $sgx[F_ITEM][] = $sgx_row;
+ }
+ #
+ sg_check_time($sgx, &$input_errors);
+
+}
+
+# ------------------------------------------------------------------------------
+# validate destinations
+# ------------------------------------------------------------------------------
+function squidguard_validate_destination($post, $input_errors) {
+ # check name
+ $name = trim($post[F_NAME]);
+ if(!empty($name)) {
+ check_name_format($name, &$input_errors);
+
+ # check unique name
+ if (!sg_check_unique_name(F_DESTINATIONS, $name))
+ $input_errors[] = "Name '$name' already exists";
+
+ # check reserved
+ if (!sg_check_reserved_name($name))
+ $input_errors[] = "Name '$name' is reserved.";
+ }
+
+ # --- check format ---
+ $sgx = array();
+ $sgx[F_NAME] = $post[F_NAME];
+ $sgx[F_URLS] = $post[F_URLS];
+ $sgx[F_DOMAINS] = $post[F_DOMAINS];
+ $sgx[F_EXPRESSIONS] = $post[F_EXPRESSIONS];
+ $sgx[F_RMOD] = $post[F_RMOD];
+ $sgx[F_REDIRECT] = $post[F_REDIRECT];
+ #
+ sg_check_dest($sgx, &$input_errors);
+}
+
+# ------------------------------------------------------------------------------
+# validate rewrites
+# ------------------------------------------------------------------------------
+function squidguard_validate_rewrite($post, $input_errors) {
+ # check name
+ $name = trim($post[F_NAME]);
+ if(!empty($name)) {
+ # check name format <char><symbols without space> - Ab123
+ check_name_format($name, &$input_errors);
+
+ # check unique name
+ if (!sg_check_unique_name(F_REWRITES, $name))
+ $input_errors[] = "Name '$name' already exists";
+
+ # check reserved
+ if (!sg_check_reserved_name($name))
+ $input_errors[] = "Name '$name' is reserved.";
+ }
+}
+
+# -----------------------------------------------------------------------------
+# squidguard_resync
+# -----------------------------------------------------------------------------
+function squidguard_resync() {
+ $upload_file = '';
+ $submit = isset($_REQUEST['submit']) ? $_REQUEST['submit'] : '';
+ $url = isset($_REQUEST[F_BLACKLISTURL]) ? $_REQUEST[F_BLACKLISTURL] : '';
+ $proxy = isset($_REQUEST['blacklist_proxy'])? $_REQUEST['blacklist_proxy'] : '';
+
+ sg_init(convert_pfxml_to_sgxml());
+
+ # blacklist upload
+ if ($submit == BLACKLIST_BTN_URL) {
+ if ($url)
+ sg_reconfigure_blacklist($url, $proxy);
+ }
+
+ # blacklist restore last (if exists)
+# if ($submit == BLACKLIST_BTN_DEFAULT) {
+# restore_arc_blacklist();
+# }
+
+ # apply changes
+ //if ($submit == APPLY_BTN) {
+# write_config('Update squidGuard options.'); # store, if not 'Save' button
+
+
+ sg_reconfigure();
+ //}
+
+ squidguard_cron_install();
+
+ //Sync only with apply button to avoid multiples reloads on backup server while editing master config
+ if ($submit == APPLY_BTN)
+ squidguard_sync_on_changes();
+}
+
+# -----------------------------------------------------------------------------
+# squidguard_resync_acl
+# -----------------------------------------------------------------------------
+
+function squidguard_resync_acl() {
+ global $config; # !!! ORDER !!!
+
+ $conf = $config['installedpackages'][MODULE_ACL]['config'];
+ $id = isset($_POST['id']) ? $_POST['id'] : $_GET['id'];
+
+ # --- sources part ---
+ # move current id by order
+ if (($id !== '') and is_array($conf)) {
+ $src_new = array();
+
+ foreach ($conf as $key => $src) {
+ $order = $src[F_ORDER];
+ # n_key: no_move=$key+$order or move=$order+$key
+ $n_key = is_numeric($order) ? sprintf("%04d%04d", $order, $key) : sprintf("%04d%04d", $key, 9999);
+ unset($src[F_ORDER]); # ! must be unset for display correct default position in 'select'!
+ $src_new[$n_key] = $src;
+ }
+ # sort by key
+ ksort($src_new);
+ reset($src_new);
+
+ $src_new = array_values($src_new); # make keys '0, 1, 2, ...'
+
+ # renew config
+ unset ($config['installedpackages'][MODULE_ACL]['config']);
+ $config['installedpackages'][MODULE_ACL]['config'] = $src_new;
+ write_config('Update squidguardacl config');
+
+ # renew global $squidguard_config
+ sg_init(convert_pfxml_to_sgxml());
+ }
+}
+
+# -----------------------------------------------------------------------------
+# squidguard_resync_dest
+# -----------------------------------------------------------------------------
+
+function squidguard_resync_dest() {
+ global $config; # !!! ORDER !!!
+
+ $conf = $config['installedpackages'][MODULE_DESTINATION]['config'];
+ $id = isset($_POST['id']) ? $_POST['id'] : $_GET['id'];
+
+ # --- sources part ---
+ # move current id by order
+ if (($id !== '') and is_array($conf)) {
+ $src_new = array();
+
+ foreach ($conf as $key => $src) {
+ $order = $src[F_ORDER];
+ # n_key: no_move=$key+$order or move=$order+$key
+ $n_key = is_numeric($order) ? sprintf("%04d%04d", $order, $key) : sprintf("%04d%04d", $key, 9999);
+ unset($src[F_ORDER]); # ! must be unset for display correct default position in 'select'!
+ $src_new[$n_key] = $src;
+ }
+ # sort by key
+ ksort($src_new);
+ reset($src_new);
+
+ $src_new = array_values($src_new); # make keys '0, 1, 2, ...'
+
+ # renew config
+ unset ($config['installedpackages'][MODULE_DESTINATION]['config']);
+ $config['installedpackages'][MODULE_DESTINATION]['config'] = $src_new;
+ write_config('Update squidguarddest config');
+
+ # renew global $squidguard_config
+ sg_init(convert_pfxml_to_sgxml());
+ }
+}
+
+# =============================================================================
+# common functions
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# get_pkgconf/sgconf_items_list
+# -----------------------------------------------------------------------------
+function get_pkgconf_items_list($pkg_gui_name, $fieldname) {
+ global $config;
+ $res = '';
+
+ $conf = $config['installedpackages'][$pkg_gui_name]['config'];
+ if (is_array($conf))
+ foreach($conf as $cf) $res[] = $cf[$fieldname];
+
+ return $res;
+}
+
+function get_sgconf_items_list($data_group, $fieldname) {
+ global $squidguard_config;
+ $res = '';
+
+ $conf = $squidguard_config[$data_group]['item'];
+ if (is_array($conf))
+ foreach($conf as $cf) $res[] = $cf[$fieldname];
+
+ return $res;
+}
+
+# ==============================================================================
+# Before form
+# ==============================================================================
+# squidguard_before_form
+# ------------------------------------------------------------------------------
+function squidguard_before_form($pkg) {
+ $i=0;
+
+ foreach($pkg['fields']['field'] as $field) {
+ # blacklist controls
+ switch ($field['fieldname']) {
+# case F_BLACKLISTURL:
+# $fld = &$pkg['fields']['field'][$i];
+# $fld['description'] .= make_grid_blacklist(); # insert to description custom controls
+# break;
+ # Apply button
+ case 'squidguard_enable':
+ $fld = &$pkg['fields']['field'][$i];
+ $fld['description'] .= make_grid_general_items(); # insert to description custom controls
+ break;
+ }
+ $i++;
+ }
+}
+
+# -----------------------------------------------------------------------------
+# squidguard_before_form_acl
+# -----------------------------------------------------------------------------
+function squidguard_before_form_acl($pkg, $is_acl=true) {
+ global $g;
+ global $squidguard_config;
+
+ $current_id = '';
+ $sources = '';
+ $source_items = '';
+ $destinations = '';
+ $dest_items = '';
+ $rewrites = '';
+ $rewr_names = '';
+ $times = '';
+ $time_names = '';
+ $acls_up = '';
+ $acls_over = '';
+
+ $current_id = isset($_POST['id']) ? $_POST['id'] : $_GET['id'];
+ $current_id = ($current_id) ? $current_id : 0;
+
+ # sources
+ $source_items = get_sgconf_items_list(F_SOURCES, 'name');
+ # generate sources list TODO: exclude used names from list, source name used in ACL unique
+ $i=0;
+ foreach($pkg['fields']['field'] as $field) {
+ if ($field['fieldname'] == 'source') {
+ $fld = &$pkg['fields']['field'][$i];
+ if (is_array($source_items)) {
+ foreach($source_items as $nm)
+ $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm);
+ }
+ }
+ # order
+ if (is_array($source_items) && $field['fieldname'] == 'order') {
+ $fld = &$pkg['fields']['field'][$i];
+ foreach($source_items as $nmkey => $nm)
+ $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nmkey);
+ $fld['options']['option'][] = array('name'=>'--- Last ---', 'value'=>'9999');
+ $fld['options']['option'][] = array('name'=>'-----', 'value'=>''); # ! this is must be last !
+ }
+ $i++;
+ }
+
+ # destinations
+ # acls pass ---> prepare data for destinations; dest format 'uptime_dests_list [overtime_dests_list]'
+ $acl_dest = '';
+ $acl_overdest = '';
+
+ # acl & default
+ if ($pkg['name'] !== MODULE_DEFAULT) {
+ $acl_dest = $squidguard_config[F_ACLS]['item'][$current_id][F_DESTINATIONNAME];
+ $acl_overdest = $squidguard_config[F_ACLS]['item'][$current_id][F_OVERDESTINATIONNAME];
+ }
+ else $acl_dest = $squidguard_config[F_DEFAULT][F_DESTINATIONNAME];
+
+ # acl dest ontime
+ if ($acl_dest) {
+ # 'none' > to '!all'
+ $acl_dest = str_replace('none', '!all', $acl_dest);
+
+ $pss = explode(' ', $acl_dest);
+ foreach($pss as $val) {
+ $name = $val;
+ $name = str_replace('!', '', $name);
+ $name = str_replace('^', '', $name);
+ if (!empty($val)) {
+ switch($val[0]) {
+ case '!': $acls_up[$name] = 'deny'; break;
+ case '^': $acls_up[$name] = 'white'; break;
+ default : $acls_up[$name] = 'allow'; break;
+ }
+ }
+ }
+ }
+
+ # acl dest overtime
+ if ($acl_overdest) {
+ # 'none' > to '!all'
+ $acl_overdest = str_replace('none', '!all', $acl_overdest);
+
+ $pss = explode(' ', $acl_overdest);
+ foreach($pss as $val) {
+ $name = $val;
+ $name = str_replace('!', '', $name);
+ $name = str_replace('^', '', $name);
+ if (!empty($val)) {
+ switch($val[0]) {
+ case '!': $acls_over[$name] = 'deny'; break;
+ case '^': $acls_over[$name] = 'white'; break;
+ default : $acls_over[$name] = 'allow'; break;
+ }
+ }
+ }
+ }
+
+ # --- Destinations ---
+ # User destinations
+ if ($squidguard_config[F_DESTINATIONS]) {
+ foreach($squidguard_config[F_DESTINATIONS]['item'] as $dst) {
+ $dest_items[] = array ('name'=>$dst[F_NAME],
+ 'upt_value'=>$acls_up[$dst[F_NAME]],
+ 'ovt_value'=>$acls_over[$dst[F_NAME]],
+ 'description'=>$dst[F_DESCRIPTION]);
+ }
+ }
+
+ # Blacklist
+ if ($squidguard_config[F_BLACKLISTENABLED] === 'on') {
+ $blk_entries = sg_entries_blacklist();
+ if (!empty($blk_entries)) {
+ foreach($blk_entries as $dst) {
+ $dest_items[] = array ('name'=>$dst,
+ 'upt_value'=>$acls_up[$dst],
+ 'ovt_value'=>$acls_over[$dst],
+ 'description'=>'');
+ }
+ }
+ }
+
+ # Default all
+ $dest_items[] = array('name'=>FLT_DEFAULT_ALL,
+ 'upt_value'=>$acls_up[FLT_DEFAULT_ALL],
+ 'ovt_value'=>$acls_over[FLT_DEFAULT_ALL],
+ 'description'=>'Default access');
+
+ $i=0;
+ foreach($pkg['fields']['field'] as $field) {
+ if (($field['fieldname'] === 'dest')/* || ($field['fieldname'] == 'overdest')*/) {
+ $fld = &$pkg['fields']['field'][$i];
+ $fld['description'] .= make_grid_controls('', $dest_items, $is_acl); # insert to description custom controls
+ }
+ $i++;
+ }
+
+ # rewrites
+ $rewr_names = get_sgconf_items_list(F_REWRITES, 'name');
+ $i=0;
+ foreach($pkg['fields']['field'] as $field) {
+ if (($field['fieldname'] == 'rewrite') || ($field['fieldname'] == 'overrewrite')) {
+ $fld = &$pkg['fields']['field'][$i];
+ $fld['options']['option'][] = array('name'=>'none (rewrite not defined)', 'value'=>'');
+ if (is_array($rewr_names)) {
+ foreach($rewr_names as $nm)
+ $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm);
+ }
+ }
+ $i++;
+ }
+
+ # - set times field -
+ $time_names = get_sgconf_items_list(F_TIMES, 'name');
+ $i=0;
+ foreach($pkg['fields']['field'] as $field) {
+ if ($field['fieldname'] === 'time') {
+ $fld = &$pkg['fields']['field'][$i];
+ $fld['options']['option'][] = array('name'=>'none (time not defined)', 'value'=>'');
+ if (is_array($time_names)) {
+ foreach($time_names as $nm)
+ $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm);
+ }
+ break;
+ }
+ $i++;
+ }
+}
+
+# -----------------------------------------------------------------------------
+# squidguard_before_form_dest
+# -----------------------------------------------------------------------------
+function squidguard_before_form_dest($pkg) {
+ global $g, $squidguard_config;
+ $destination_items = get_sgconf_items_list(F_DESTINATIONS, 'name');
+//var_dump($squidguard_config);
+ $i=0;
+ foreach($pkg['fields']['field'] as $field) {
+ # order
+ if ($field['fieldname'] == 'order') {
+ $fld = &$pkg['fields']['field'][$i];
+ if (is_array($destination_items))
+ foreach($destination_items as $nmkey => $nm)
+ $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nmkey);
+ $fld['options']['option'][] = array('name'=>'--- Last ---', 'value'=>'9999');
+ $fld['options']['option'][] = array('name'=>'-----', 'value'=>''); # ! this is must be last !
+ }
+ $i++;
+ }
+}
+
+# -----------------------------------------------------------------------------
+# make_grid_general_items
+# -----------------------------------------------------------------------------
+function make_grid_general_items($id = '')
+{
+ global $squidguard_config;
+
+ $bg_color = "bgcolor='#dddddd'";
+ $res = '';
+ $res .= "<table width='100%'>";
+
+ if ($id === '') {
+ # Apply
+ $res .= "<tr $bg_color><td><big>For saving configuration YOU need click button 'Save' on bottom of page</big></td></tr>
+ <tr><td><big>After changing configuration squidGuard you must <b><span style='color: #800000;'>apply all changes</span></b></big></td></tr>
+ <tr><td><input name='submit' type='submit' value='Apply'></td></tr>";
+
+ # service state
+ $sgstate = "<span style='color: #800000;'>STOPPED</span>";
+ if (is_service_running("squidGuard"))
+ $sgstate = "<span style='color: #008000;'>STARTED</span>";
+
+ if (is_blacklist_update_started())
+ $sgstate .= "<br><span style='color: #800000;'>Wait: began updating the blacklist. New data will be available after some time.<br>After the upgrade, it is necessary to check the configuration.</span>";
+ $res .= "<tr $bg_color><td><big>SquidGuard service state: <b>$sgstate</b></big></td></tr>";
+ }
+
+ $res .= "</table>";
+ return $res;
+}
+
+# -----------------------------------------------------------------------------
+# make_grid_blacklist
+# -----------------------------------------------------------------------------
+function make_grid_blacklist() {
+ $res = '';
+ # button 'Upload URL' and button 'Restore last blacklist'
+ $res = "<hr><input name='submit' value='" . BLACKLIST_BTN_URL . "' type='submit'>";
+ $res .= "&nbsp;<input name='submit' value='" . BLACKLIST_BTN_DEFAULT . "' type='submit'>";
+ return $res;
+}
+
+# -----------------------------------------------------------------------------
+# make_grid_controls
+# -----------------------------------------------------------------------------
+function make_grid_controls($type, $items, $enable_overtime = true) {
+ global $g;
+
+ $res = '';
+ $tbl = '';
+ $color = '';
+ $color2 = '';
+ $x = 0;
+
+ foreach($items as $item) {
+ if ($x === 0) {
+ $color = '';
+ $color2 = 'style="background-color: #dddddd;"';
+ $x = 1;
+ }
+ else {
+ $color = 'style="background-color: #dddddd;"';
+ $color2 = '';
+ $x = 0;
+ }
+
+ $name = trim($item['name']);
+ $upt_val = $item['upt_value'];
+ $ovt_val = $item['ovt_value'];
+ $description = $item['description'];
+
+ if (!$name) continue; # skip empty
+
+ $sel = "selected=\"selected\"";
+ $upt_A = $upt_B = $upt_C = $upt_D = '';
+ switch($upt_val) {
+ case "allow": $upt_B = $sel; break;
+ case "white": $upt_C = $sel; break;
+ case "deny" : $upt_D = $sel; break;
+ default: $upt_A = $sel; break;
+ }
+
+ $ovt_A = $ovt_B = $ovt_C= $ovt_D = '';
+ switch($ovt_val) {
+ case "allow": $ovt_B = $sel; break;
+ case "white": $ovt_C = $sel; break;
+ case "deny" : $ovt_D = $sel; break;
+ default: $ovt_A = $sel; break;
+ }
+ unset($sel);
+
+ $tbl .= "<tr>";
+ # uptime table
+ $tnm = PREF_UPTIME . $name;
+ $tbl .= "<td $color></td>";
+ $tbl .= "<td $color>$description [$name]</td>";
+ $tbl .= "<td $color>access</td>";
+ $tbl .= "<td $color><select id=$tnm name=\"$tnm\">";
+ if ($name !== "all"/*substr_count($name, "all") === 0*/) {
+ $tbl .= "<option value=none name=\"----\" $upt_A>----</option>";
+ $tbl .= "<option value=white name=\"white\" $upt_C>whitelist</option>";
+ $tbl .= "<option value=deny name=\"deny\" $upt_D>deny </option>";
+ $tbl .= "<option value=allow name=\"allow\" $upt_B>allow</option>";
+ }
+ else {
+ $tbl .= "<option value=allow name=\"allow\" $upt_B>allow</option>";
+ $tbl .= "<option value=deny name=\"deny\" $upt_D>deny </option>";
+ }
+ $tbl .= "</td>";
+
+ # overtime table
+ if ($enable_overtime) {
+ $tnm = PREF_OVERTIME . $name;
+ $tbl .= "<td $color></td>";
+ $tbl .= "<td $color>$description [$name]</td>";
+ $tbl .= "<td $color>access</td>";
+ $tbl .= "<td $color><select id=$tnm name=\"$tnm\">";
+ if ($name !== "all"/*substr_count($name, "all") === 0*/) {
+ $tbl .= "<option value=none name=\"----\" $ovt_A>----</option>";
+ $tbl .= "<option value=white name=\"white\" $ovt_C>whitelist</option>";
+ $tbl .= "<option value=deny name=\"deny\" $ovt_D>deny </option>";
+ $tbl .= "<option value=allow name=\"allow\" $ovt_B>allow</option>";
+ }
+ else {
+ $tbl .= "<option value=allow name=\"allow\" $ovt_B>allow</option>";
+ $tbl .= "<option value=deny name=\"deny\" $ovt_D>deny </option>";
+ }
+ $tbl .= "</td>";
+ }
+ $tbl .= "</tr>";
+ }
+
+ # header
+ if (!empty($tbl)) {
+ $color = 'style="background-color: #dddddd;"';
+ $thdr = '';
+ $hdr1up = "<big>Target Categories</big>";
+ $hdr1ov = "<big>Target Categories for off-time</big>";
+ $hds3 = "ACCESS: 'whitelist' - always pass; 'deny' - block; 'allow' - pass, if not blocked.";
+ if ($enable_overtime) {
+ $thdr .= "<tr><td colspan='8' align=left>$hds3</td></tr>";
+ $thdr .= "<tr $color><th colspan='4' align=middle>$hdr1up</th><th colspan='4' align=middle>$hdr1ov</th></tr>";
+ $thdr .= "<tr $color><td colspan='4' align=middle></td><td colspan='4' align=middle>If <b>'Time'</b> not defined, this is column will be ignored.</td></tr>";
+ # formatting
+ $thdr .= "<tr><td/><td width='35%'/><td/><td/><td/><td width='35%'/><td/><td/></tr>";
+ }
+ else {
+ $thdr .= "<tr><td colspan='4' align=left>$hds3<hr></tr>";
+ $thdr .= "<tr $color><th colspan='4' align=middle>$hdr1up</th></tr>";
+ # formatting
+ $thdr .= "<tr><td width='5%'/><td/><td width='5%'/><td width='10%'/></tr>";
+ }
+
+ $res .= "<table cellspacing='0' width='100%'> $thdr $tbl </table>";
+
+ $rstyle = "";
+ $ha = "<div class='listtopic'>" .
+ "<span onClick='document.getElementById(\"destrules\").style.display = \"block\";' style=\"cursor: pointer;\">" .
+ "<font size='-12'><big>Target Rules List (click here)</big>&nbsp;" .
+ "<img src='/themes/{$g['theme']}/images/icons/icon_pass.gif' title='Show rules'>&nbsp;" .
+ "</span>" .
+ "<span style=\"cursor: pointer;\">" .
+ "<img src='/themes/{$g['theme']}/images/icons/icon_block.gif' title='Hide rules' onClick='document.getElementById(\"destrules\").style.display = \"none\";'>" .
+ "</span>" .
+ "</div>";
+ $res = "<hr>$ha<div id=\"destrules\" style='DISPLAY: none'>$res</div>";
+
+ }
+ return $res;
+}
+
+# -----------------------------------------------------------------------------
+# check unique name
+# -----------------------------------------------------------------------------
+function sg_check_unique_name($module_id, $name, $log='') {
+ $res = true;
+ $id = (isset($_GET['id'])) ? $_GET['id'] : $_POST['id'];
+
+ $name_list = get_sgconf_items_list($module_id, 'name');
+ $name_val = (is_array($name_list)) ? array_count_values($name_list) : array();
+ $count_names = $name_val[$name];
+
+ # if count names = 1, then check if add new record with this name(not valid) / or this is a self record(valid)
+ # else if count names > 1 - not valid
+ if ($count_names === 1) {
+ $nm_key = array_search($name, $name_list);
+ # if this new record
+ if ($id >= count($name_list)) { $res = false; }
+ # if not self record
+ elseif ($nm_key && (intval($id) !== intval($nm_key))) { $res = false; }
+ }
+ elseif($count_names > 1) $res = false; # bad - not unique
+
+ return $res;
+}
+
+# -----------------------------------------------------------------------------
+# check unique name
+# -----------------------------------------------------------------------------
+function sg_check_reserved_name($name, $log='')
+{
+ $res = true;
+ $reserved = array("acl", "all", "allow", "dbhome", "default", "dest", "in-addr", "log", "logdir", "none", "pass", "rew", "src", "url", "user");
+
+ if (in_array(strtolower(trim($name)), $reserved)) {
+ $res = false;
+ }
+
+ return $res;
+}
+# ------------------------------------------------------------------------------
+# Install & deinstall
+# ------------------------------------------------------------------------------
+
+function squidguard_install_command() {
+ if (!is_service_running("squidGuard")) {
+ sg_init(convert_pfxml_to_sgxml());
+ sg_check_system();
+
+ # generate squidGuard blacklist entries file (check with squidGuard PORT)
+# conf_mount_rw();
+ $blklist_file = SQUIDGUARD_BLK_FILELISTPATH;
+
+
+ if (!file_exists($blklist_file)) {
+ # if blacklist not exists, then copy default db from samples
+# $entries = array("ads", "aggressive", "audio-video", "drugs", "gambling", "hacking", "mail", "porn", "proxy", "violence", "warez");
+# file_put_contents($blklist_file, implode("\n", $entries));
+ }
+ set_file_access(SQUIDGUARD_WORKDIR, OWNER_NAME, 0755);
+ set_file_access(SQUIDGUARD_DBHOME, OWNER_NAME, 0755);
+# conf_mount_ro();
+
+ sg_reconfigure();
+ }
+}
+
+function squidguard_deinstall_command() {
+ # remove entries from squid config
+ squid_reconfigure('remove redirector options');
+
+ # Note: When you reinstall should remain Database
+
+ # remove package and his depends
+ #mwexec("pkg_delete squidGuard-1.2.0_1");
+ #mwexec("rm -rf " . SQUIDGUARD_WORKDIR);
+ # i known't, really need delete blacklist base?
+ #mwexec("rm -rf " . SQUIDGUARD_DBHOME);
+ #mwexec("/bin/rm -f " . SQUIDGUARD_CONFBASE . "/squidGuard*");
+}
+
+# ------------------------------------------------------------------------------
+# SquidGuard print JavaSrcript
+# ------------------------------------------------------------------------------
+function squidGuard_print_javascript() {
+ $javascript = '';
+
+ $xml = ($_GET["xml"] !== '') ? $_GET["xml"] : $_POST["xml"];
+
+ # squidguard_default.xml
+ if ($xml === "squidguard_default.xml") {
+ $javascript .= "\n<script language='JavaScript'>";
+ $javascript .= "\n<!--";
+ $javascript .= "\n document.iform.dest.disabled=1;";
+ $javascript .= "\n//-->";
+ $javascript .= "\n</script>";
+ } # if
+
+ # squidguard_acl.xml
+ if ($xml === "squidguard_acl.xml") {
+ $javascript .= "\n<script language='JavaScript'>";
+ $javascript .= "\n<!--";
+ $javascript .= "\n document.iform.dest.disabled=1;";
+ $javascript .= "\n//-->";
+ $javascript .= "\n</script>";
+
+ } # if
+
+ if ($xml === "squidguard_time.xml") {
+ $javascript .= "\n<script language='JavaScript'>";
+ $javascript .= "\n<!--";
+ $javascript .= "\n function on_updatecontrols() {";
+ $javascript .= "\n for (var i=0; i<99; i++) {";
+ $javascript .= "\n var elm = document.iform.elements['timetype' + i];";
+ $javascript .= "\n if (elm) {";
+ $javascript .= "\n document.iform.elements['timetype' + i].onclick = on_updatecontrols;";
+ $javascript .= "\n if (document.iform.elements['timetype' + i].value == 'weekly') {";
+ $javascript .= "\n document.iform.elements['timedays' + i].disabled = 0;";
+ $javascript .= "\n document.iform.elements['daterange' + i].disabled = 1;";
+ $javascript .= "\n }";
+ $javascript .= "\n else {";
+ $javascript .= "\n document.iform.elements['timedays' + i].disabled = 1;";
+ $javascript .= "\n document.iform.elements['daterange' + i].disabled = 0;";
+ $javascript .= "\n }";
+ $javascript .= "\n }";
+ $javascript .= "\n }";
+ $javascript .= "\n }";
+ $javascript .= "\n on_updatecontrols();";
+ $javascript .= "\n ";
+ $javascript .= "\n//-->";
+ $javascript .= "\n</script>";
+ }
+
+ print($javascript);
+}
+
+# ==============================================================================
+# Converter
+# ==============================================================================
+# convert_pfxml_to_sgxml
+# -----------------------------------------------------------------
+function convert_pfxml_to_sgxml() {
+
+ capability_update_source();
+
+ global $config;
+ conf_mount_rw();
+ $sgxml = array();
+ $pfxml = $config['installedpackages'][MODULE_GENERAL]['config'][0];
+
+ $sgxml[F_LOGDIR] = SQUIDGUARD_LOGDIR;
+ $sgxml[F_DBHOME] = SQUIDGUARD_DBHOME;
+ $sgxml[F_LDAPENABLE] = $pfxml['ldap_enable'];
+ $sgxml[F_LDAPBINDDN] = $pfxml['ldapbinddn'];
+ $sgxml[F_LDAPBINDPASS] = $pfxml['ldapbindpass'];
+ $sgxml[F_LDAPVERSION] = $pfxml['ldapversion'];
+ $sgxml[F_STRIPNTDOMAIN] = $pfxml['stripntdomain'];
+ $sgxml[F_STRIPREALM] = $pfxml['striprealm'];
+ $sgxml[F_BINPATH] = SQUIDGUARD_BINPATH;
+ $sgxml[F_WORKDIR] = SQUIDGUARD_WORKDIR;
+ $sgxml[F_SGCONF_XML] = SQUIDGUARD_WORKDIR . SQUIDGUARD_CONFXML;
+ $sgxml[F_ENABLED] = $pfxml[F_SQUIDGUARDENABLE];
+ $sgxml[F_BLACKLISTENABLED] = $pfxml[F_BLACKLIST];
+ $sgxml[F_BLACKLISTURL] = $pfxml[F_BLACKLISTURL];
+ $sgxml[F_SOURCES] = convert_pfxml_to_sgxml_source($config);
+ $sgxml[F_DESTINATIONS] = convert_pfxml_to_sgxml_destination($config);
+ $sgxml[F_REWRITES] = convert_pfxml_to_sgxml_rewrite($config);
+ $sgxml[F_TIMES] = convert_pfxml_to_sgxml_time($config);
+ $sgxml[F_ACLS] = convert_pfxml_to_sgxml_acl($config);
+ $sgxml[F_DEFAULT] = convert_pfxml_to_sgxml_default($config);
+
+ # log
+ $sgxml[F_ENABLELOG] = $pfxml['enable_log'] == 'on' ? 'on' : 'off';
+ $sgxml[F_ENABLEGUILOG] = $pfxml['enable_guilog'] == 'on' ? 'on' : 'off';
+ $sgxml[F_LOGROTATION] = $pfxml['log_rotation'] == 'on' ? 'on' : 'off';
+
+ #Clean adversiting
+ $sgxml[F_ADV_BLANKIMG] = $pfxml['adv_blankimg'] == 'on' ? 'on' : 'off';
+
+
+ # other
+ $lanip = $config['interfaces']['lan']['ipaddr'];
+ $sgxml[F_CURRENT_LAN_IP] = $lanip;
+
+ # transparent
+ $squidxml = $config['installedpackages']['squid']['config'][0];
+ if($squidxml['transparent_proxy'] == 'on') {
+ $guiport = $config['system']['webgui']['port'];
+ $guiprotocol = $config['system']['webgui']['protocol'];
+
+ $sgxml[F_SQUID_TRANSPARENT_MODE] = 'on';
+ $sgxml[F_CURRENT_GUI_PORT] = $guiport;
+ $sgxml[F_CURRENT_GUI_PROTO] = $guiprotocol;
+ } else {
+ unset($sgxml[F_SQUID_TRANSPARENT_MODE]);
+ unset($sgxml[F_CURRENT_GUI_PORT]);
+ unset($sgxml[F_CURRENT_GUI_PROTO]);
+ }
+
+ # store cfg cache
+ $cfg_xml = dump_xml_config($sgxml, F_SQUIDGUARD);
+ file_put_contents($sgxml[F_SGCONF_XML], $cfg_xml);
+ conf_mount_ro();
+
+ return $sgxml;
+}
+
+# -----------------------------------------------------------------
+# convert_pfxml_to_sgxml_source
+# sgxml_source: [name][ip][desc][log]
+# -----------------------------------------------------------------
+# Changes 04-01-2008 :
+# Source fields moved to ACL page. Source page - will remove
+# But in XML internal config nothing to change
+# -----------------------------------------------------------------
+# Changes 21-07-2008 :
+# Source IP and domain move to one field, added 'username'.
+function convert_pfxml_to_sgxml_source($pfconfig) {
+ $sgxml = array();
+ $pfxml = $pfconfig['installedpackages'][MODULE_ACL]['config'];
+ if (is_array($pfxml)) {
+ foreach($pfxml as $pfx) {
+ $sgx = array();
+ $sgx[F_NAME] = $pfx['name'];
+ $sgx[F_SOURCE] = $pfx[F_SOURCE];
+ $sgx[F_LOG] = $pfx[F_ENABLELOG];
+ $sgx[F_DESCRIPTION] = $pfx['description'];
+ $sgxml[F_ITEM][] = $sgx;
+ }
+ }
+ return $sgxml;
+}
+
+# -----------------------------------------------------------------
+# convert_pfxml_to_sgxml_destination
+# sgxml_destination: [name][domains][expr][urls][redir][desc][log]
+# -----------------------------------------------------------------
+function convert_pfxml_to_sgxml_destination($pfconfig) {
+ $sgxml = array();
+ $pfxml = $pfconfig['installedpackages'][MODULE_DESTINATION]['config'];
+ if (is_array($pfxml)) {
+ foreach($pfxml as $pfx) {
+ $sgx = array();
+ $sgx[F_NAME] = $pfx['name'];
+ $sgx[F_URLS] = $pfx['urls'];
+ $sgx[F_DOMAINS] = $pfx[F_DOMAINS];
+ $sgx[F_EXPRESSIONS] = $pfx['expressions'];
+ $sgx[F_RMOD] = isset($pfx[F_RMOD]) ? $pfx[F_RMOD] : RMOD_NONE;
+ $sgx[F_REDIRECT] = $pfx[F_REDIRECT];
+ $sgx[F_DESCRIPTION] = $pfx['description'];
+ $sgx[F_LOG] = $pfx[F_ENABLELOG];
+ $sgxml[F_ITEM][] = $sgx;
+ }
+ }
+ return $sgxml;
+}
+
+# -----------------------------------------------------------------
+# convert_pfxml_to_sgxml_rewrite
+# sgxml_rewrite: [name][desc][log][items(array): [targeturl][replaceto]]
+# -----------------------------------------------------------------
+function convert_pfxml_to_sgxml_rewrite($pfconfig) {
+ $sgxml = array();
+
+ $pfxml = $pfconfig['installedpackages'][MODULE_REWRITE]['config'];
+ if (is_array($pfxml)) {
+ foreach($pfxml as $pfx) {
+ $sgx = array();
+ $sgx[F_NAME] = $pfx['name'];
+ $sgx[F_DESCRIPTION] = $pfx['description'];
+ $sgx[F_LOG] = $pfx[F_ENABLELOG];
+
+ if (is_array($pfx['row'])) {
+ foreach($pfx['row'] as $pfx_row) {
+ $sgx_row = array();
+ $sgx_row[F_TARGETURL] = $pfx_row['targeturl'];
+ $sgx_row[F_REPLACETO] = $pfx_row['replaceto'];
+
+ $mode = '';
+ if (strpos($pfx_row[F_MODE], 'nocase') !== false) $mode .= 'i';
+ if (strpos($pfx_row[F_MODE], 'redirect') !== false) $mode .= 'r';
+ $sgx_row[F_MODE] = $mode; # ! sys options only - not for GUI !
+
+ $sgx[F_ITEM][] = $sgx_row;
+ }
+ }
+
+ $sgxml[F_ITEM][] = $sgx;
+ }
+ }
+
+ # additional: google safeserach
+ $sgxml[F_ITEM][] = squidguard_adt_rewrite_safesrch();
+
+ return $sgxml;
+}
+
+# -----------------------------------------------------------------
+# convert_pfxml_to_sgxml_time
+# sgxml_time: [name][desc][items(array): [timetype][timedays][daterange][timerange]]
+# -----------------------------------------------------------------
+function convert_pfxml_to_sgxml_time($pfconfig) {
+ $sgxml = array();
+
+ $pfxml = $pfconfig['installedpackages'][MODULE_TIME]['config'];
+ if (is_array($pfxml)) {
+ foreach($pfxml as $pfx) {
+ $sgx = array();
+ $sgx[F_NAME] = $pfx[F_NAME];
+ $sgx[F_DESCRIPTION] = $pfx[F_DESCRIPTION];
+
+ if (is_array($pfx['row'])) {
+ foreach($pfx['row'] as $pfx_row) {
+ $sgx_row = array();
+ $sgx_row[F_TIMETYPE] = $pfx_row[F_TIMETYPE];
+ $sgx_row[F_TIMEDAYS] = $pfx_row[F_TIMEDAYS];
+ $sgx_row[F_DATERANGE] = $pfx_row[F_DATERANGE];
+ $sgx_row[F_TIMERANGE] = $pfx_row[F_TIMERANGE];
+ $sgx[F_ITEM][] = $sgx_row;
+ }
+ }
+
+ $sgxml[F_ITEM][] = $sgx;
+ }
+ }
+
+ return $sgxml;
+}
+
+# -----------------------------------------------------------------
+# convert_pfxml_to_sgxml_acl
+# sgxml_acl: [name][desc][disabled][timename][destname][redirect][rewritename][over_redirect][over_rewritename]
+# -----------------------------------------------------------------
+function convert_pfxml_to_sgxml_acl($pfconfig) {
+ $sgxml = array();
+
+ $pfxml = $pfconfig['installedpackages'][MODULE_ACL]['config'];
+ if (is_array($pfxml)) {
+ foreach($pfxml as $pfx) {
+ $sgx = array();
+ $sgx[F_NAME] = $pfx[F_NAME]; # [04-01-2008] new ver
+ $sgx[F_DESCRIPTION] = $pfx[F_DESCRIPTION];
+ $sgx[F_DISABLED] = $pfx[F_DISABLED];
+ $sgx[F_TIMENAME] = $pfx[F_TIME];
+ $sgx[F_REDIRECT] = $pfx[F_REDIRECT];
+ $sgx[F_RMOD] = isset($pfx[F_RMOD]) ? $pfx[F_RMOD] : RMOD_NONE;
+ $sgx[F_REWRITENAME] = $pfx[F_REWRITE];
+ $sgx[F_LOG] = $pfx[F_ENABLELOG];
+ $sgx[F_NOTALLOWINGIP] = $pfx[F_NOTALLOWINGIP];
+ $sgx[F_ORDER] = $pfx[F_ORDER];
+
+ # for overtime
+ $sgx[F_OVERREDIRECT] = $pfx[F_REDIRECT]; # disabled ->- $pfx[F_OVERREDIRECT];
+ $sgx[F_OVERREWRITENAME] = $pfx[F_OVERREWRITE];
+
+ # destinations
+ if (strpos($pfx['dest'], '[') === false) {
+ $sgx[F_DESTINATIONNAME] = trim($pfx['dest']);
+ $sgx[F_OVERDESTINATIONNAME] = '';
+ }
+ else {
+ $sgx[F_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) );
+ $sgx[F_OVERDESTINATIONNAME] = trim( strstr($pfx['dest'], '[') );
+ $sgx[F_OVERDESTINATIONNAME] = trim( str_replace(']', '', $sgx[F_OVERDESTINATIONNAME]) );
+ $sgx[F_OVERDESTINATIONNAME] = trim( str_replace('[', '', $sgx[F_OVERDESTINATIONNAME]) );
+ }
+
+ # !ATTENTION! '!all' must be convert to 'none'
+ $sgx[F_DESTINATIONNAME] = str_replace("!all", "none", $sgx[F_DESTINATIONNAME]);
+ $sgx[F_OVERDESTINATIONNAME] = str_replace("!all", "none", $sgx[F_OVERDESTINATIONNAME]);
+
+ # if empty - adding 'none'
+ if (!$sgx[F_DESTINATIONNAME]) $sgx[F_DESTINATIONNAME] = "none";
+ if (!$sgx[F_OVERDESTINATIONNAME]) $sgx[F_OVERDESTINATIONNAME] = "none";
+
+ # safesearch
+ if ($pfx[SAFESEARCH] === 'on') {
+ # assign safesearch rewrite
+ $sgx[F_REWRITENAME] = SAFESEARCH;
+ $sgx[F_OVERREWRITENAME] = SAFESEARCH;
+ }
+
+ $sgxml[F_ITEM][] = $sgx;
+ }
+ }
+ return $sgxml;
+}
+
+# -----------------------------------------------------------------
+# convert_pfxml_to_sgxml_default
+# sgxml_acl: [name][desc][disabled][timename][destname][redirect][rewritename][over_redirect][over_rewritename]
+# -----------------------------------------------------------------
+function convert_pfxml_to_sgxml_default($pfconfig) {
+ $pfxml = $pfconfig['installedpackages'][MODULE_DEFAULT]['config'];
+
+ $pfx = $pfxml[0];
+ $sgx = array();
+ $sgx[F_NAME] = 'default';
+ $sgx[F_DESCRIPTION] = '';
+ $sgx[F_DISABLED] = '';
+ $sgx[F_TIMENAME] = $pfx[F_TIME];
+ $sgx[F_RMOD] = isset($pfx[F_RMOD]) ? $pfx[F_RMOD] : RMOD_INT_ERRORPAGE;
+ $sgx[F_REDIRECT] = $pfx[F_REDIRECT];
+ $sgx[F_REWRITENAME] = $pfx[F_REWRITE];
+ $sgx[F_LOG] = $pfx[F_ENABLELOG];
+ $sgx[F_NOTALLOWINGIP] = $pfx[F_NOTALLOWINGIP];
+
+ # destinations
+ if (strpos($pfx['dest'], '[') === false)
+ $sgx[F_DESTINATIONNAME] = trim($pfx['dest']);
+ else $sgx[F_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) );
+
+ # !ATTENTION! '!all' must be convert to 'none'
+ $sgx[F_DESTINATIONNAME] = str_replace("!all", "none", $sgx[F_DESTINATIONNAME]);
+
+ # if empty - adding 'none'
+ if (!$sgx[F_DESTINATIONNAME]) $sgx[F_DESTINATIONNAME] = "none";
+
+ # safesearch
+ if ($pfx[SAFESEARCH] === 'on') {
+ # assign safesearch rewrite
+ $sgx[F_REWRITENAME] = SAFESEARCH;
+ }
+
+ return $sgx;
+}
+
+# =================================================================
+# Capability
+# =================================================================
+# convert old ver. squidguard config.
+function capability_update_source() {
+ # ! use global var $config ONLY !
+ global $config;
+ $conf_changed = false;
+
+ if (isset($config['installedpackages'][MODULE_ACL]['config'])) {
+ $tconf = &$config['installedpackages'][MODULE_ACL]['config'];
+ foreach($tconf as $key => $cfg) {
+ if (isset($cfg['iplist'])) {
+ $tconf[$key][F_SOURCE] .= " " . $cfg['iplist'];
+ unset($tconf[$key]['iplist']);
+ $conf_changed = true;
+ }
+ if (isset($cfg[F_DOMAINS])) {
+ $tconf[$key][F_SOURCE] .= " " . $cfg[F_DOMAINS];
+ unset($tconf[$key][F_DOMAINS]);
+ $conf_changed = true;
+ }
+ }
+
+ if ($conf_changed) write_config('Convert old ver. squidguard config.');
+ }
+}
+# ------------------------------------------------------------------
+# get_item_id - get item 'id' from get/post
+# ------------------------------------------------------------------
+function get_item_id()
+{
+ return isset($_GET['id']) ? $_GET['id'] : $_POST['id'];
+}
+
+# ==================================================================
+# additional
+# ==================================================================
+# safesearch rewrite
+function squidguard_adt_rewrite_safesrch()
+{
+ $res = array();
+
+ # safesearch
+ $res[F_NAME] = SAFESEARCH;
+ $res[F_DESCRIPTION] = "Google, Yandex safesearch";
+ $res[F_LOG] = 'on';
+ squidguard_adt_safesrch_add(&$res[F_ITEM]);
+
+ return $res;
+}
+
+function squidguard_adt_safesrch_add($rewrite_item)
+{
+ if (!is_array($rewrite_item)) $rewrite_item = array();
+
+ # Google
+ $rewrite_item[] = array(F_TARGETURL => '(google\..*/search?.*q=.*)', F_REPLACETO => '\1\&safe=active', F_MODE => 'i');
+ $rewrite_item[] = array(F_TARGETURL => '(google\..*/images.*q=.*)', F_REPLACETO => '\1\&safe=active', F_MODE => 'i');
+ $rewrite_item[] = array(F_TARGETURL => '(google\..*/groups.*q=.*)', F_REPLACETO => '\1\&safe=active', F_MODE => 'i');
+ $rewrite_item[] = array(F_TARGETURL => '(google\..*/news.*q=.*)', F_REPLACETO => '\1\&safe=active', F_MODE => 'i');
+
+ # Yandex
+ $rewrite_item[] = array(F_TARGETURL => '(yandex\..*/yandsearch?.*text=.*)', F_REPLACETO => '\1\&fyandex=1', F_MODE => 'i');
+
+ # Yahoo
+ $rewrite_item[] = array(F_TARGETURL => '(search\.yahoo\..*/search.*p=.*)', F_REPLACETO => '\1\&vm=r&v=1', F_MODE => 'i');
+
+ # MSN Live search, Bing
+ $rewrite_item[] = array(F_TARGETURL => '(search\.live\..*/.*q=.*)', F_REPLACETO => '\1\&adlt=strict', F_MODE => 'i');
+ $rewrite_item[] = array(F_TARGETURL => '(search\.msn\..*/.*q=.*)', F_REPLACETO => '\1\&adlt=strict', F_MODE => 'i');
+ $rewrite_item[] = array(F_TARGETURL => '(\.bing\..*/.*q=.*)', F_REPLACETO => '\1\&adlt=strict', F_MODE => 'i');
+
+ return $rewrite_item;
+}
+
+# log dump
+function squidguard_logdump($filename, $lnoffset, $lncount, $reverse)
+{
+ define('LOGSHOW_BUFSIZE', '262144');
+ $cnt = '';
+
+ if (file_exists($filename)) {
+ $fh = fopen($filename, "r");
+ if ($fh) {
+ $fsize = filesize($filename);
+
+ # take LOGSHOW_BUFSIZE bytes from end
+ if ($fsize > LOGSHOW_BUFSIZE)
+ fseek($fh, -LOGSHOW_BUFSIZE, SEEK_END);
+ $cnt = fread($fh, LOGSHOW_BUFSIZE);
+
+ fclose($fh);
+ }
+ }
+
+ $cnt = explode( "\n", $cnt );
+
+ # delete broken first element
+ array_shift($cnt);
+
+ # offset must be >= 0 and can't be > count($cnt)
+ $lnoffset = $lnoffset >= 0 ? $lnoffset : 0;
+ $lnoffset = ($lnoffset + $lncount) < count($cnt) ? $lnoffset : 0;
+
+ $pos = ($lncount + $lnoffset);
+
+ # take elements from end of array
+ $cnt = array_slice($cnt, -$pos, $lncount);
+
+ # reverse array order
+ if ($reverse) $cnt = array_reverse( $cnt );
+
+ return $cnt;
+}
+
+# dump SG log
+function squidguard_filterdump($lnoffset, $lncount, $reverse)
+{
+ $res = array();
+ $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/squidGuard.log', &$lnoffset, $lncount, $reverse);
+
+ foreach($cont as $cn) {
+ $cn = explode(" ", trim($cn), 4);
+ $res[] = array( "{$cn[0]} {$cn[1]}", $cn[3] );
+ }
+
+ return $res;
+}
+
+# dump SG Gui log
+function squidguard_guidump($lnoffset, $lncount, $reverse)
+{
+ $res = array();
+ $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE, &$lnoffset, $lncount, $reverse);
+
+ foreach($cont as $cn) {
+ $cn = explode(" ", trim($cn), 4);
+ $res[] = array( "{$cn[0]} {$cn[1]}", $cn[3] );
+ }
+
+ return $res;
+}
+
+# dump SG blocked
+function squidguard_blockdump($lnoffset, $lncount, $reverse)
+{
+ $res = array();
+ $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/' . SQUIDGUARD_LOGFILE, &$lnoffset, $lncount, $reverse);
+
+ foreach($cont as $cn) {
+ $cn = explode(" ", trim($cn), 9);
+ $res[] = array( "{$cn[0]} {$cn[1]}", $cn[5], $cn[4], "{$cn[3]} {$cn[6]} {$cn[7]} {$cn[8]}");
+ }
+
+ return $res;
+}
+
+# get squid config list
+function squidguard_squid_conflist( )
+{
+ $fname = SQUID_CONFIGFILE;
+ $res = "";
+
+ if (file_exists( $fname ))
+ $res = file_get_contents( $fname );
+ else $res = "File '$fname' not found.";
+
+ return $res;
+}
+
+# get squidguard config list
+function squidguard_conflist( )
+{
+ $fname = SQUIDGUARD_CONFBASE . SQUIDGUARD_CONFIGFILE;
+ $res = "";
+
+ if (file_exists( $fname ))
+ $res = file_get_contents( $fname );
+ else $res = "File '$fname' not found.";
+
+ return $res;
+}
+
+# get blacklist list
+function squidguard_blacklist_list()
+{
+ $res = "";
+ $fname = SQUIDGUARD_BLK_FILELISTPATH;
+
+ $res .= "<table class='tabcont' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
+ $res .= "<tr><td class='listtopic'>Name</td><td class='listtopic'>Domains</td><td class='listtopic'>Urls</td><td class='listtopic'>Expressions</td></tr>\n";
+ if (file_exists($fname)) {
+ $cont = explode("\n", file_get_contents($fname));
+ foreach($cont as $cn) {
+ $ph = "/var/db/squidGuard/$cn";
+
+ if (file_exists($ph)) {
+ $dm = "&nbsp;";
+ $ur = "&nbsp;";
+ $ex = "&nbsp;";
+
+ if (file_exists("$ph/domains")) $dm = "domains";
+ if (file_exists("$ph/urls")) $ur = "urls";
+ if (file_exists("$ph/expressions")) $ex = "expressions";
+
+ $res .= "<tr><td class='listlr'>$cn</td><td class='listr'>$dm</td><td class='listr'>$ur</td><td class='listr'>$ex</td></tr>";
+ }
+ }
+ }
+ $res .= "</table>";
+
+ return $res;
+}
+
+// ##### The following part is based on the code of pfblocker #####
+
+/* Uses XMLRPC to synchronize the changes to a remote node */
+function squidguard_sync_on_changes() {
+ global $config, $g;
+ if (is_array($config['installedpackages']['squidguardsync'])){
+ $synconchanges = $config['installedpackages']['squidguardsync']['config'][0]['varsyncenablexmlrpc'];
+ $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout'];
+ }
+ else
+ {
+ return;
+ }
+
+ // if checkbox is NOT checked do nothing
+ switch ($synconchanges){
+ case "manual":
+ if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])){
+ $rs=$config['installedpackages']['squidguardsync']['config'][0]['row'];
+ }
+ else{
+ log_error("[Squidguard] xmlrpc sync is enabled but there is no hosts to push on Squidguard config.");
+ return;
+ }
+ break;
+ case "auto":
+ if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
+ $system_carp=$config['installedpackages']['carpsettings']['config'][0];
+ $rs[0]['varsyncdestinenable']="on";
+ $rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https");
+ $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip'];
+ $rs[0]['varsyncpassword']=$system_carp['password'];
+ $rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443");
+ if (! is_ipaddr($system_carp['synchronizetoip'])){
+ log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config.");
+ return;
+ }
+ }
+ else{
+ log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config.");
+ return;
+ }
+ break;
+ default:
+ return;
+ break;
+ }
+ if (is_array($rs)){
+ log_error("[SquidGuard] xmlrpc sync is starting with timeout {$varsynctimeout} seconds.");
+ foreach($rs as $sh){
+ if($sh['varsyncdestinenable']){
+ $varsyncprotocol = $sh['varsyncprotocol'];
+ $sync_to_ip = $sh['varsyncipaddress'];
+ $password = $sh['varsyncpassword'];
+ $varsyncport = $sh['varsyncport'];
+ if($password && $sync_to_ip)
+ squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout);
+ else
+ log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!");
+ }
+ else {
+ log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled");
+ }
+ }
+ log_error("[SquidGuard] xmlrpc sync is ending.");
+ }
+}
+
+/* Do the actual XMLRPC sync */
+function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) {
+ global $config, $g;
+
+ if($varsynctimeout == '' || $varsynctimeout == 0)
+ $varsynctimeout = 150;
+
+ if(!$password)
+ return;
+
+ if(!$sync_to_ip)
+ return;
+
+ if(!$varsyncport)
+ return;
+
+ if(!$varsyncprotocol)
+ return;
+
+ // Check and choose correct protocol type, port number and IP address
+ $synchronizetoip .= "$varsyncprotocol" . '://';
+ $port = "$varsyncport";
+
+ $synchronizetoip .= $sync_to_ip;
+
+ /* xml will hold the sections to sync */
+ $xml = array();
+ $xml['squidguardgeneral'] = $config['installedpackages']['squidguardgeneral'];
+ $xml['squidguardacl'] = $config['installedpackages']['squidguardacl'];
+ $xml['squidguarddefault'] = $config['installedpackages']['squidguarddefault'];
+ $xml['squidguarddest'] = $config['installedpackages']['squidguarddest'];
+ $xml['squidguardrewrite'] = $config['installedpackages']['squidguardrewrite'];
+ $xml['squidguardtime'] = $config['installedpackages']['squidguardtime'];
+
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($xml)
+ );
+
+ /* set a few variables needed for sync code borrowed from filter.inc */
+ $url = $synchronizetoip;
+ log_error("SquidGuard: Beginning squidguard XMLRPC sync with {$url}:{$port}.");
+ $method = 'pfsense.merge_installedpackages_section_xmlrpc';
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials('admin', $password);
+ if($g['debug'])
+ $cli->setDebug(1);
+ /* send our XMLRPC message and timeout after $varsynctimeout seconds */
+ $resp = $cli->send($msg, $varsynctimeout);
+ if(!$resp) {
+ $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port}.";
+ log_error("SquidGuard: $error");
+ file_notice("sync_settings", $error, "squidguard Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, $varsynctimeout);
+ $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("SquidGuard: $error");
+ file_notice("sync_settings", $error, "squidguard Settings Sync", "");
+ } else {
+ log_error("SquidGuard: XMLRPC has synced data successfully with {$url}:{$port}.");
+ }
+
+ /* tell squidguard to reload our settings on the destionation sync host. */
+ $method = 'pfsense.exec_php';
+ $execcmd = "require_once('/usr/local/pkg/squidguard.inc');\n";
+ // pfblocker just needed one fuction to reload after XMLRPC. squidguard needs more so we point to a fuction below which contains all fuctions
+ $execcmd .= "squidguard_all_after_XMLRPC_resync();";
+
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($execcmd)
+ );
+
+ log_error("SquidGuard XMLRPC is reloading data on {$url}:{$port}.");
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials('admin', $password);
+ $resp = $cli->send($msg, $varsynctimeout);
+ if(!$resp) {
+ $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port} (exec_php).";
+ log_error($error);
+ file_notice("sync_settings", $error, "squidguard Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, $varsynctimeout);
+ $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "squidguard Settings Sync", "");
+ } else {
+ log_error("SquidGuard: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php).");
+ }
+
+}
+
+// ##### The part above is based on the code of pfblocker #####
+
+// This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files
+// Adding more functions will increase the time to sync
+function squidguard_all_after_XMLRPC_resync() {
+
+ squidguard_resync_acl();
+ squidguard_resync_dest();
+ squidguard_resync();
+
+ log_error("SquidGuard: Finished XMLRPC process. It should be OK. For more information look at the host which started sync.");
+}
+
+?>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 17:59:02 +0000