diff options
author | dvserg <dv_serg@mail.ru> | 2011-01-31 08:07:53 +0300 |
---|---|---|
committer | dvserg <dv_serg@mail.ru> | 2011-01-31 08:07:53 +0300 |
commit | 5930b5d48249b3fcde7c6568fbbb3da81861bfaa (patch) | |
tree | fb38bb90a5f2a5073d1950119d2f84ee01eb32fe /config | |
parent | 451241842407a299ead1a77ebace06d04701c2f0 (diff) | |
download | pfsense-packages-5930b5d48249b3fcde7c6568fbbb3da81861bfaa.tar.gz pfsense-packages-5930b5d48249b3fcde7c6568fbbb3da81861bfaa.tar.bz2 pfsense-packages-5930b5d48249b3fcde7c6568fbbb3da81861bfaa.zip |
SquidGuard blacklist update (Feature #105)
Diffstat (limited to 'config')
-rw-r--r-- | config/squidGuard/squidguard.inc | 35 | ||||
-rw-r--r-- | config/squidGuard/squidguard.xml | 17 | ||||
-rw-r--r-- | config/squidGuard/squidguard_acl.xml | 56 | ||||
-rw-r--r-- | config/squidGuard/squidguard_configurator.inc | 887 | ||||
-rw-r--r-- | config/squidGuard/squidguard_default.xml | 14 | ||||
-rw-r--r-- | config/squidGuard/squidguard_dest.xml | 46 | ||||
-rw-r--r-- | config/squidGuard/squidguard_log.php | 11 | ||||
-rw-r--r-- | config/squidGuard/squidguard_log.xml | 10 | ||||
-rw-r--r-- | config/squidGuard/squidguard_rewr.xml | 10 | ||||
-rw-r--r-- | config/squidGuard/squidguard_time.xml | 12 |
10 files changed, 618 insertions, 480 deletions
diff --git a/config/squidGuard/squidguard.inc b/config/squidGuard/squidguard.inc index 5d78b0da..d4fd5ea3 100644 --- a/config/squidGuard/squidguard.inc +++ b/config/squidGuard/squidguard.inc @@ -60,6 +60,7 @@ define('F_URLS', 'urls'); define('F_DISABLED', 'disabled'); define('F_SQUIDGUARDENABLE', 'squidguard_enable'); define('F_BLACKLIST', 'blacklist'); + # prefixes define('PREF_UPTIME', 'uptime_'); define('PREF_UPTIME_DENY', 'uptimedeny_'); @@ -303,7 +304,7 @@ function squidguard_resync() { $proxy = ''; $submit = isset($_POST['submit']) ? $_POST['submit'] : $_GET['submit']; - $url = isset($_POST['blacklist_url']) ? $_POST['blacklist_url'] : $_GET['blacklist_url']; + $url = isset($_POST[F_BLACKLISTURL]) ? $_POST[F_BLACKLISTURL] : $_GET[F_BLACKLISTURL]; $proxy = isset($_POST['blacklist_proxy']) ? $_POST['blacklist_proxy'] : $_GET['blacklist_proxy']; sg_init(convert_pfxml_to_sgxml()); @@ -315,9 +316,9 @@ function squidguard_resync() { } # blacklist restore last (if exists) - if ($submit == BLACKLIST_BTN_DEFAULT) { - restore_arc_blacklist(); - } +# if ($submit == BLACKLIST_BTN_DEFAULT) { +# restore_arc_blacklist(); +# } # apply changes //if ($submit == APPLY_BTN) { @@ -408,10 +409,10 @@ function squidguard_before_form($pkg) { foreach($pkg['fields']['field'] as $field) { # blacklist controls switch ($field['fieldname']) { - case 'blacklist_url': - $fld = &$pkg['fields']['field'][$i]; - $fld['description'] .= make_grid_blacklist(); # insert to description custom controls - break; +# case F_BLACKLISTURL: +# $fld = &$pkg['fields']['field'][$i]; +# $fld['description'] .= make_grid_blacklist(); # insert to description custom controls +# break; # Apply button case 'squidguard_enable': $fld = &$pkg['fields']['field'][$i]; @@ -613,7 +614,7 @@ function make_grid_general_items($id = '') $sgstate = "<span style='color: #008000;'>STARTED</span>"; if (is_blacklist_update_started()) - $sgstate .= "<br><span style='color: #800000;'>Wait: began updating the blacklist.<br>New data will be available after some time.<br>After the upgrade, it is necessary to check the configuration.</span>"; + $sgstate .= "<br><span style='color: #800000;'>Wait: began updating the blacklist. New data will be available after some time.<br>After the upgrade, it is necessary to check the configuration.</span>"; $res .= "<tr $bg_color><td><big>SquidGuard service state: <b>$sgstate</b></big></td></tr>"; } @@ -726,8 +727,8 @@ function make_grid_controls($type, $items, $enable_overtime = true) { if (!empty($tbl)) { $color = 'style="background-color: #dddddd;"'; $thdr = ''; - $hdr1up = "<big>Destination Categories</big>"; - $hdr1ov = "<big>Destination Categories in overtime</big>"; + $hdr1up = "<big>Target Categories</big>"; + $hdr1ov = "<big>Target Categories for off-time</big>"; $hds3 = "ACCESS: 'whitelist' - always pass; 'deny' - block; 'allow' - pass, if not blocked."; if ($enable_overtime) { $thdr .= "<tr><td colspan='8' align=left>$hds3</td></tr>"; @@ -748,7 +749,7 @@ function make_grid_controls($type, $items, $enable_overtime = true) { $rstyle = ""; $ha = "<div $color>" . "<span onClick='document.getElementById(\"destrules\").style.display = \"block\";' style=\"cursor: pointer;\">" . - "<font size='-12'><big>Destination Categories (click)</big> " . + "<font size='-12'><big>Target Rules List (click here)</big> " . "<img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Show rules'> " . "</span>" . "<span style=\"cursor: pointer;\">" . @@ -811,7 +812,7 @@ function squidguard_install_command() { # generate squidGuard blacklist entries file (check with squidGuard PORT) # conf_mount_rw(); - $blklist_file = SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES; + $blklist_file = SQUIDGUARD_BLK_FILELISTPATH; # рассмотреть вариант слияния examples базы и существующей в системе if (!file_exists($blklist_file)) { @@ -917,6 +918,7 @@ function convert_pfxml_to_sgxml() { $sgxml[F_SGCONF_XML] = SQUIDGUARD_WORKDIR . SQUIDGUARD_CONFXML; $sgxml[F_ENABLED] = $pfxml[F_SQUIDGUARDENABLE]; $sgxml[F_BLACKLISTENABLED] = $pfxml[F_BLACKLIST]; + $sgxml[F_BLACKLISTURL] = $pfxml[F_BLACKLISTURL]; $sgxml[F_SOURCES] = convert_pfxml_to_sgxml_source($config); $sgxml[F_DESTINATIONS] = convert_pfxml_to_sgxml_destination($config); $sgxml[F_REWRITES] = convert_pfxml_to_sgxml_rewrite($config); @@ -924,8 +926,6 @@ function convert_pfxml_to_sgxml() { $sgxml[F_ACLS] = convert_pfxml_to_sgxml_acl($config); $sgxml[F_DEFAULT] = convert_pfxml_to_sgxml_default($config); - - # log $sgxml[F_ENABLELOG] = $pfxml['enable_log'] == 'on' ? 'on' : 'off'; $sgxml[F_ENABLEGUILOG] = $pfxml['enable_guilog'] == 'on' ? 'on' : 'off'; @@ -1314,9 +1314,6 @@ function squidguard_logrep( $filename, $lncount, $reverse ) $cn = explode(" ", $cn, 4); # split strings -# $st = str_split ($cn[3], 25); -# $cn[3] = ""; -# foreach( $st as $s ) $cn[3] .= $s . "<wbr/>"; $p = 0; $pstep = 15; $str = $cn[3]; @@ -1340,7 +1337,7 @@ function squidguard_logrep( $filename, $lncount, $reverse ) function squidguard_blacklist_list() { $res = ""; - $fname = "/var/squidGuard/blacklist.files"; + $fname = SQUIDGUARD_BLK_FILELISTPATH; $res .= "<table class='tabcont' width='100%' border='0' cellpadding='0' cellspacing='0'>\n"; $res .= "<tr><td class='listtopic'>Name</td><td class='listtopic'>Domains</td><td class='listtopic'>Urls</td><td class='listtopic'>Expressions</td></tr>\n"; diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml index 8096680a..0616c814 100644 --- a/config/squidGuard/squidguard.xml +++ b/config/squidGuard/squidguard.xml @@ -6,7 +6,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>squidguardgeneral</name> - <version>1.3_1 pkg v.1.5</version> + <version>1.3_1 pkg v.1.6</version> <title>Proxy filter SquidGuard: General settings</title> <include_file>/usr/local/pkg/squidguard.inc</include_file> <!-- Installation --> @@ -23,15 +23,15 @@ <active/> </tab> <tab> - <text>Default</text> + <text>Common ACL</text> <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> </tab> <tab> - <text>ACL</text> + <text>Special ACL</text> <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> - <text>Destinations</text> + <text>Target categories</text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> <tab> @@ -43,6 +43,10 @@ <url>/pkg.php?xml=squidguard_rewr.xml</url> </tab> <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> <text>Log</text> <url>/squidGuard/squidguard_log.php</url> </tab> @@ -93,6 +97,11 @@ <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_log.php</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/www/squidGuard/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_blacklist.php</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> <item>http://www.pfsense.org/packages/config/squidGuard/sgerror.php</item> diff --git a/config/squidGuard/squidguard_acl.xml b/config/squidGuard/squidguard_acl.xml index 04bb8553..ddff1fcb 100644 --- a/config/squidGuard/squidguard_acl.xml +++ b/config/squidGuard/squidguard_acl.xml @@ -7,7 +7,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>squidguardacl</name> <version>none</version> - <title>Proxy filter SquidGuard: Access Control List (ACL)</title> + <title>Proxy filter SquidGuard: Special Access Control List (ACL)</title> <include_file>/usr/local/pkg/squidguard.inc</include_file> <delete_string>A proxy server user has been deleted.</delete_string> <addedit_string>A proxy server user has been created/modified.</addedit_string> @@ -17,16 +17,16 @@ <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> </tab> <tab> - <text>Default</text> + <text>Common ACL</text> <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> </tab> <tab> - <text>ACL</text> + <text>Special ACL</text> <url>/pkg.php?xml=squidguard_acl.xml</url> <active/> </tab> <tab> - <text>Destinations</text> + <text>Target categories</text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> <tab> @@ -38,6 +38,10 @@ <url>/pkg.php?xml=squidguard_rewr.xml</url> </tab> <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> <text>Log</text> <url>/squidGuard/squidguard_log.php</url> </tab> @@ -51,14 +55,6 @@ <fielddescr>Name</fielddescr> <fieldname>name</fieldname> </columnitem> - <!--columnitem> - <fielddescr>Source</fielddescr> - <fieldname>source</fieldname> - </columnitem--> - <!--columnitem> - <fielddescr>Destinations</fielddescr> - <fieldname>dest</fieldname> - </columnitem--> <columnitem> <fielddescr>Time</fielddescr> <fieldname>time</fieldname> @@ -100,10 +96,10 @@ <type>select</type> </field> <field> - <fielddescr>Source IP adresses and domains</fielddescr> + <fielddescr>Client (source)</fielddescr> <fieldname>source</fieldname> <description> - Enter source IP address or domain or "username" here. For separate use space. + Enter client's IP address or domain or "username" here. For separate use space. <br><b>Example:</b> <br>ip: 192.168.0.1 or subnet 192.168.0.0/24 or subnet 192.168.1.0/255.255.255.0 or range 192.168.1.1-192.168.1.10 <br>domain: foo.bar match foo.bar or *.foo.bar @@ -114,38 +110,14 @@ <rows>3</rows> <required/> </field> - <!--field> - <fielddescr>Source IP addresses</fielddescr> - <fieldname>iplist</fieldname> - <description> - Enter source IP addresses here with space(' ') divider. - IP addresses must have format:<br> - single example: '192.168.0.1' <br> - range examples: '192.168.0.0/24', '192.168.1.0/255.255.255.0', '192.168.1.1-192.168.1.10' - </description> - <type>textarea</type> - <cols>65</cols> - <rows>3</rows> - </field> - <field> - <fielddescr>Source Domains</fielddescr> - <fieldname>domains</fieldname> - <description> - Enter source domains names here with space(' ') divider. - Example: <b>'foo.bar'</b> match <b>'foo.bar'</b> or <b>'*.foo.bar'</b>. - </description> - <type>textarea</type> - <cols>65</cols> - <rows>3</rows> - </field--> <field> <fielddescr>Time</fielddescr> <fieldname>time</fieldname> - <description>Enter time name in current which this rule permitted.</description> + <description>Select time in which 'Target Rules' will operate, or leave 'none' for action of rules without time restriction. If this option is set, then in off-time will operate the second rule set.</description> <type>select</type> </field> <field> - <fielddescr>Destination</fielddescr> + <fielddescr>Target Rules</fielddescr> <fieldname>dest</fieldname> <description></description> <type>input</type> @@ -205,7 +177,7 @@ </field> <!-- not need now <field> - <fielddescr>Overtime redirect</fielddescr> + <fielddescr>Redirect for off-time</fielddescr> <fieldname>overredirect</fieldname> <description> Enter external redirection URL, error message or size (bytes) here. @@ -232,7 +204,7 @@ <type>select</type> </field> <field> - <fielddescr>Overtime rewrite</fielddescr> + <fielddescr>Rewrite for off-time</fielddescr> <fieldname>overrewrite</fieldname> <description>Enter rewrite condition name for this rule, or leave blank.</description> <type>select</type> diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc index 5c90d307..c57728e4 100644 --- a/config/squidGuard/squidguard_configurator.inc +++ b/config/squidGuard/squidguard_configurator.inc @@ -111,12 +111,13 @@ define('SQUIDGUARD_LOGFILE', 'block.log'); define('SQUIDGUARD_CONFBASE', '/usr/local/etc/squid'); define('SQUIDGUARD_WORKDIR', '/usr/local/etc/squidGuard'); define('SQUIDGUARD_BINPATH', '/usr/local/bin'); -define('SQUIDGUARD_TMP', '/var/tmp/squidGuard'); # SG temp +define('SQUIDGUARD_TMP', '/tmp/squidGuard'); # SG temp define('SQUIDGUARD_VAR', '/var/squidGuard'); # SG variables define('SQUIDGUARD_STATE', '/squidGuard.state'); define('SQUIDGUARD_REBUILD', '/squidGuard.rebuild'); define('SQUIDGUARD_CONFXML', '/squidguard_conf.xml'); define('SQUIDGUARD_DBHOME', '/var/db/squidGuard'); +define('SQUIDGUARD_DBHOME_BLK', SQUIDGUARD_DBHOME); define('SQUIDGUARD_DBSAMPLE', '/var/db/squidGuard.sample'); define('SQUIDGUARD_LOGDIR', '/var/squidGuard/log'); define('SQUIDGUARD_WEBGUI_LOG', '/squidguard_gui.log'); @@ -131,9 +132,15 @@ define('SQUIDGUARD_BL_UNPACK', '/unpack'); define('SQUIDGUARD_BL_DB', '/db'); # # DB/Blacklist defines + +#> define('SQUIDGUARD_BLK_ENTRIES', '/blacklist.files'); +#< + +define('SQUIDGUARD_BLK_FILELIST', '/blacklist.files'); +define('SQUIDGUARD_BLK_FILELISTPATH', SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_FILELIST); define('BLACKLIST_ARCHIVE', '/blacklists.tar'); -define('BLK_LOCALFILE', '/root/sg_blacklists.tar'); +define('SCR_NAME_BLKUPDATE', '/tmp/squidGuard_blacklist_update.sh'); define('DB_REBUILD_SH', '/tmp/squidGuard_db_rebuild.sh'); define('DB_REBUILD_CONF', '/tmp/squidGuard_db_rebuild.conf'); define('DB_REBUILD_BLK_CONF', '/squidGuard_blk_rebuild.conf'); @@ -141,6 +148,11 @@ define('BLK_TEMP', '/tmp/sg_blk'); define('SG_BLK_ARC', '/arcdb'); # blk db archive define('SG_INFO_FILE', '/var/squidGuard/sg_db_upd.inf'); +define('SG_UPDATE_TARFILE', '/tmp/squidguard_blacklist.tar'); +define('SG_UPDATE_TMPFILE', '/tmp/squidguard_download.tmp'); +define('SG_UPDATE_LOGFILE', '/tmp/squidguard_download.log'); +define('SG_UPDATE_STATFILE', '/tmp/squidguard_download.stat'); + # ============================================================================== # CONSTANTS # ============================================================================== @@ -158,8 +170,6 @@ define('RMOD_EXT_FOUND', 'rmod_ext_fnd'); define('SQUIDGUARD_INFO', 2); define('SQUIDGUARD_WARNING', 1); define('SQUIDGUARD_ERROR', 0); -# error_res -define('SG_ERR0', "Error! Check squidGuard configuration data."); # define('ACL_WARNING_ABSENSE_PASS', "!WARNING! Absence PASS 'all' or 'none' added as 'none'"); @@ -182,7 +192,6 @@ define('OWNER_NAME', 'proxy'); # Debug define('DEBUG_ON', 'true'); - # ============================================================================== # black list # ============================================================================== @@ -215,7 +224,6 @@ define('F_BINPATH', 'binpath'); define('F_PROCCESSCOUNT', 'process_count'); define('F_SQUIDCONFIGFILE', 'squid_configfile'); define('F_ENABLED', 'enabled'); -define('F_BLACKLISTENABLED', 'blacklist_enabled'); define('F_SGCONF_XML', 'sgxml_file'); # other fields @@ -268,6 +276,10 @@ define('F_CURRENT_LAN_IP', 'current_lan_ip'); define('F_CURRENT_GUI_PORT', 'current_gui_port'); define('F_CURRENT_GUI_PROTO', 'current_gui_protocol'); +# blacklist +define('F_BLACKLISTENABLED', 'blacklist_enabled'); +define('F_BLACKLISTURL', 'blacklist_url'); + # ============================================================================== # Globals # ============================================================================== @@ -540,7 +552,7 @@ function sg_reconfigure_user_db() set_file_access($dbhome, OWNER_NAME, 0755); # 6. rebuild user db ('/var/db/squidGuard') - sg_rebuild_db("_usrdb", $dbhome, $dst_list); + squidguard_rebuild_db("_usrdb", $dbhome, $dst_list); } else sg_addlog("sg_reconfigure_user_db", "User destinations list empty.", SQUIDGUARD_WARNING); @@ -563,11 +575,11 @@ function sg_remove_unused_db_entries() # black list entries # * worked only with 'blacklist entries list file - else may be deleted black list entry - if (file_exists($workdir . SQUIDGUARD_BLK_ENTRIES)) { + if (SQUIDGUARD_BLK_FILELISTPATH) { $file_for_del = array(); # load blk entries - $db_entries = explode("\n", file_get_contents($workdir . SQUIDGUARD_BLK_ENTRIES)); + $db_entries = explode("\n", file_get_contents(SQUIDGUARD_BLK_FILELISTPATH)); # $db_entries + add user entries $dests = $squidguard_config[F_DESTINATIONS]; @@ -607,6 +619,7 @@ function sg_remove_unused_db_entries() # dest_DB_path - path without '$rdb_dbhome' # example: ['ads_ban']='ads/banners' -> '/var/db/squidGuard/ads/banners' # ------------------------------------------------------------------------------ +/* function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist) { global $squidguard_config; @@ -652,6 +665,48 @@ function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist) sg_addlog("sg_rebuild_db", "Started SH script '$shfile'.", SQUIDGUARD_INFO); conf_mount_ro(); } +*/ +# ------------------------------------------------------------------------------ +# squidguard_rebuild_db Rebuild squidGuard DB from list items +# ------------------------------------------------------------------------------ +# $tag - rebuild task TAG +# $rdb_dbhome - DB directory (default: '/var/db/squidGuard') +# $rdb_itemslist - items list as ['dest_key']='dest_DB_path' +# dest_DB_path - path without '$rdb_dbhome' +# example: ['ads_ban']='ads/banners' -> '/var/db/squidGuard/ads/banners' +# ------------------------------------------------------------------------------ +function squidguard_rebuild_db($tag, $rdb_dbhome, $rdb_itemslist) +{ + global $squidguard_config; + + $dbhome = $rdb_dbhome; + $logdir = $squidguard_config[F_LOGDIR]; + $workdir = $squidguard_config[F_WORKDIR]; + $conf_path = "{$workdir}/squidGuard_{$tag}rebuild.conf"; + + sg_addlog("squidguard_rebuild_db", "Begin with path '$dbhome'.", SQUIDGUARD_INFO); + + # make rebuild config; include all found dest items + $dbitems = array(); + if ($rdb_itemslist) { + # items list as ['dest_key']='dest_DB_path' + foreach ($rdb_itemslist as $it) { + $dbitems[str_replace('/', '_', $it)] = $it; # replace path to name + } + } + file_put_contents($conf_path, sg_create_simple_config($dbhome, $dbitems)); + set_file_access($conf_path, OWNER_NAME, 0750); + sg_addlog("squidguard_rebuild_db", "Create rebuild config '$conf_path'.", SQUIDGUARD_INFO); + + # rebuild blacklist db + mwexec_bg("/usr/bin/nice -n20 " . SQUIDGUARD_BINPATH . "/squidGuard -c $conf_path -C all"); + # wait + while (exec("ps -auxwwww | grep 'squidGuard -c .* -C all' | grep -v grep | awk '{print $2}' | wc -l | awk '{ print $1 }'") > 0) { + sleep (10); + } + set_file_access($dbhome, OWNER_NAME, 0755); + sg_addlog("squidguard_rebuild_db", "Start rebuild DB.", SQUIDGUARD_INFO); +} # ============================================================================== # Log @@ -747,14 +802,14 @@ function sg_create_config() if(!is_array($squidguard_config) || empty($squidguard_config)) { sg_addlog("sg_create_config", "Bad squidGuard config data.", SQUIDGUARD_ERROR); - return sg_create_simple_config('', '', SG_ERR0 . " (sg_create_config: [1])."); + return sg_create_simple_config('', '', "Error! Check squidGuard configuration data." . " (sg_create_config: [1])."); } # check configuration data if (!sg_check_config_data(&$error_res)) { sg_addlog("sg_create_config", "Bad config data. It's all error_res: $error_res", SQUIDGUARD_ERROR); sg_addlog("sg_create_config", "Terminated.", SQUIDGUARD_ERROR); - return sg_create_simple_config('', '', SG_ERR0 . " (sg_create_config: [2])."); + return sg_create_simple_config('', '', "Error! Check squidGuard configuration data." . " (sg_create_config: [2])."); } # --- Header --- @@ -1068,10 +1123,8 @@ function sg_create_simple_config($blk_dbhome, $blk_destlist, $redirect_to = "404 global $squidguard_config; $sgconf = array(); $logdir = $squidguard_config[F_LOGDIR]; - $dbhome = $squidguard_config[F_DBHOME]; + $dbhome = $blk_dbhome ? $blk_dbhome : $squidguard_config[F_DBHOME]; - # current dbhome dir - if (!empty($blk_dbhome)) $dbhome = $blk_dbhome; sg_addlog("sg_create_simple_config", "Begin with dbhome='$dbhome'.", SQUIDGUARD_INFO); # header @@ -1251,7 +1304,7 @@ function sg_check_config_data ($input_errors) # --- Blacklist --- if ($squidguard_config[F_BLACKLISTENABLED]) { - $blk_entries_file = $squidguard_config[F_WORKDIR] . SQUIDGUARD_BLK_ENTRIES; + $blk_entries_file = SQUIDGUARD_BLK_FILELISTPATH; if (file_exists($blk_entries_file)) { $blk_entr = explode("\n", file_get_contents($blk_entries_file)); foreach($blk_entr as $entr) { @@ -1419,274 +1472,10 @@ function sg_check_config_data ($input_errors) return empty($elog); } -# ============================================================================= -# Blacklist -# ============================================================================= -# sg_reconfigure_blacklist($source_filename, $opt) -# $source_filename - file name or url -# $opt - option: -# '' or 'local' - update from local file -# 'url' - update from url -# ----------------------------------------------------------------------------- -function sg_reconfigure_blacklist($source_filename, $opt = '') -{ - global $squidguard_config; - $sf = trim($source_filename); - $sf_contents = ''; - - sg_addlog("sg_reconfigure_blacklist", "Begin with '$sf'.", SQUIDGUARD_INFO); - - # 1. check system - sg_check_system(); - - # 2. upload - if ($sf[0] === "/") { # local file - example '/tmp/blacklists.tar' - sg_addlog("sg_reconfigure_blacklist", "Update from file '$sf'.", SQUIDGUARD_INFO); - if (file_exists($sf)) { - $sf_contents = file_get_contents($sf); - } else { - sg_addlog("sg_reconfigure_blacklist", "File '$sf' not found.", SQUIDGUARD_ERROR); - return; - } - } - # from url - else { - sg_addlog("sg_reconfigure_blacklist", "Upload from url '$sf'.", SQUIDGUARD_INFO); - $sf_contents = sg_uploadfile_from_url($sf, BLK_LOCALFILE, $opt); - } - - # 3. update - if (empty($sf_contents)) { - sg_addlog("sg_reconfigure_blacklist", "Bad content from '$sf'.", SQUIDGUARD_ERROR); - return; - } - # save black list archive content to local file - conf_mount_rw(); - file_put_contents(BLK_LOCALFILE, $sf_contents); - conf_mount_ro(); - - # 4. update blacklist - sg_update_blacklist(BLK_LOCALFILE); -} - -# ------------------------------------------------------------------------------ -# sg_update_blacklist - update blacklist from file -# How it's work: -# - unpack tar archive to temp dir -# - copy subdir's tree to one-level temp DB -# - copy unrebuilded temp db to work db (for user's can configure with new Blacklist) -# - create Blacklist files listing and copy to values dir and temp DB dir -# - background rebuild temp DB via sh script (longer proccess) and copy to work DB -# ------------------------------------------------------------------------------ - -function sg_update_blacklist($from_file) -{ - global $squidguard_config; - conf_mount_rw(); - $dbhome = SQUIDGUARD_DBHOME; - $workdir = SQUIDGUARD_WORKDIR; - $tmp_unpack_dir = SQUIDGUARD_TMP . SQUIDGUARD_BL_UNPACK; - $arc_db_dir = SQUIDGUARD_VAR . SG_BLK_ARC; - - sg_addlog("sg_update_blacklist", "Begin with '$from_file'.", SQUIDGUARD_INFO); - - if (file_exists($from_file)) { - # check work and DB dir's - if (file_exists($squidguard_config[F_DBHOME])) $dbhome = $squidguard_config[F_DBHOME]; - if (file_exists($squidguard_config[F_WORKDIR])) $workdir = $squidguard_config[F_WORKDIR]; - # delete old tmp dir's - if (file_exists($tmp_unpack_dir)) mwexec("rm -R . $tmp_unpack_dir"); - if (file_exists($arc_db_dir)) mwexec("rm -R . $arc_db_dir"); - # create new tmp/arc dir's - mwexec("mkdir -p -m 0755 $tmp_unpack_dir"); - mwexec("mkdir -p -m 0755 $arc_db_dir"); - - # 1. unpack archive - mwexec("tar zxvf $from_file -C $tmp_unpack_dir"); - set_file_access($tmp_unpack_dir, OWNER_NAME, 0755); - sg_addlog("sg_update_blacklist", "Unpack uploaded file '$from_file' -> '$tmp_unpack_dir'.", SQUIDGUARD_INFO); - - # 2. copy blacklist to squidGuard base & create entries list - if (file_exists($tmp_unpack_dir)) { - $blk_items = array(); - $blk_list = array(); - - # scan blacklist items - scan_blacklist_cat($tmp_unpack_dir, "blk", & $blk_items); - - # move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB) - foreach ($blk_items as $key => $val) { - $current_dbpath = "$arc_db_dir/$key"; - if (count($val)) { - # make blk_list for config file - $blk_list[$key] = $key; - - # delete '$current_dbpath' for correct moving - # need moving $val['path'] to $current_dbpath - # if $current_dbpath exists, - # then $val['path'] will created as subdir - !it's worng! - if (file_exists($current_dbpath)) - mwexec("rm -R $current_dbpath"); - mwexec("mv -f {$val['path']}/ $current_dbpath"); - sg_addlog("sg_update_blacklist", "Move {$val['path']}/ -> $current_dbpath.", SQUIDGUARD_INFO); - } - } - set_file_access($arc_db_dir, OWNER_NAME, 0755); - - # -- DISABLED -- copy unrebuilded blacklist from arch_DB_to work DB & set access rights -# mwexec("cp -R $arc_db_dir/ $dbhome"); -# set_file_access($dbhome, OWNER_NAME, 0755); - - # create entries list - if (count($blk_items)) { - # save to temp DB - $blklist_file = SQUIDGUARD_VAR . SQUIDGUARD_BLK_ENTRIES; - file_put_contents($blklist_file, implode("\n", array_keys($blk_items))); - set_file_access ($blklist_file, OWNER_NAME, 0755); - - # -- DISABLED -- save copy to squidGuard config dir -# $blklist_file = "{$squidguard_config[F_WORKDIR]}/" . SQUIDGUARD_BLK_ENTRIES; -# file_put_contents($blklist_file, implode("\n", array_keys($blk_items))); -# set_file_access ($blklist_file, OWNER_NAME, 0755); - sg_addlog("sg_update_blacklist", "Create DB entries list '$blklist_file'.", SQUIDGUARD_INFO); - } - - # make rebuild config (included all found dest items) & save to work dir - $conf_path = SQUIDGUARD_VAR . DB_REBUILD_BLK_CONF; # "/tmp/squidGuard_rebuild_blk.conf"; - file_put_contents($conf_path, sg_create_simple_config($arc_db_dir, $blk_list)); - set_file_access($conf_path, OWNER_NAME, 0755); - sg_addlog("sg_update_blacklist", "Create rebuild config '$conf_path'.", SQUIDGUARD_INFO); - - # *** SH script *********************************************** - $sh_scr = Array(); - $sh_scr[] = "#!/bin/sh"; - $sh_scr[] = "cd $arc_db_dir"; - $sh_scr[] = $squidguard_config[F_BINPATH] . "/squidGuard -c $conf_path -C all"; - $sh_scr[] = "wait"; # wait while SG rebuild DB - $sh_scr[] = "chown -R -v " . OWNER_NAME . " $arc_db_dir"; - $sh_scr[] = "chmod -R -v 0755 $arc_db_dir"; - - # copy temp db to '/var/db/squidGuard (-R - recursive; -p - copy access rights) - # '$bl_temp_dbhome/' - slash in end of path - copy only dir content (not self dir) - $sh_scr[] = "cp -R -p $arc_db_dir/ $dbhome"; - $sh_scr[] = "cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR; - # set DB owner and right access - $sh_scr[] = "chown -R -v " . OWNER_NAME . " $dbhome"; - $sh_scr[] = "chmod -R -v 0755 $dbhome"; - - # if new blacklist some as already installed, then restart squid for changes to take effects - $blk_items_old = ''; - $blk_file_old = $squidguard_config[F_WORKDIR] . SQUIDGUARD_BLK_ENTRIES; - if (file_exists($blk_items_old)) - $blk_items_old = file_get_contents($blk_file_old); - if (!empty($blk_items_old) && ($blk_items_old === implode("\n", array_keys($blk_items)))) { - $sh_scr[] = "/usr/local/sbin/squid -k reconfigure"; - $sh_scr[] = "wait"; # wait while process - } - unset($blk_file_old); - unset($blk_items_old); - - # store & exec sh - $sh_scr = implode("\n", $sh_scr); - $shfile = DB_REBUILD_SH . "_blk"; - file_put_contents($shfile, $sh_scr); - set_file_access($shfile, OWNER_NAME, 0755); # 0755 - script will execute - # kill exists rebuild processes -# mwexec("kill `ps auxw | grep \"$shfile\" | grep -v \"grep\" | awk '{print $2}'`"); # sh script - mwexec("kill `ps auxw | grep \"squidGuard_blk_rebuild\" | grep -v \"grep\" | awk '{print $2}'`"); # squidGuard process - mwexec_bg("nice -n 5 $shfile"); - sg_addlog("sg_update_blacklist", "Started sh script '$shfile'.", SQUIDGUARD_INFO); - - # clearing temp -# mwexec("rm -R $bl_temp"); - } - } - conf_mount_ro(); -} - - -# ----------------------------------------------------------------------------- -# sg_blacklist_rebuild_DB - update blacklist from file -# ----------------------------------------------------------------------------- -function sg_entries_blacklist() -{ - global $squidguard_config; - $contents = ''; - - $fl = SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES; - if (file_exists($squidguard_config[F_WORKDIR])) - $fl = $squidguard_config[F_WORKDIR] . SQUIDGUARD_BLK_ENTRIES; - if (file_exists($fl)) - $contents = explode("\n", file_get_contents($fl)); - - return $contents; -} -# ----------------------------------------------------------------------------- -# sg_blacklist_rebuild_db - rebuild current Blacklist DB (default: '/var/db/squidGuard') -# ----------------------------------------------------------------------------- -function sg_blacklist_rebuild_db() -{ - global $squidguard_config; - $dst_list = array(); - $dbhome = $squidguard_config[F_DBHOME]; - $workdir = $squidguard_config[F_WORKDIR]; - - # current dbhome and work dir's - sg_addlog("sg_blacklist_rebuild_db", "Start with path '$dbhome'.", SQUIDGUARD_INFO); - - # make dest list - $blklist_file = "$workdir/" . SQUIDGUARD_BLK_ENTRIES; - if (file_exists($blklist_file)) { - $blklist = explode("\n", file_get_contents($blklist_file)); - if (is_array($blklist)) - foreach($blklist as $bl) { $dst_list[$bl] = $bl; } - } - - # rebuild user db ('/var/db/squidGuard') - sg_rebuild_db("_blkdb", $dbhome, $dst_list); -} - # ========================== UTILS ============================================= -# sg_uploadfile_from_url -# upload file and put them to $destination_file -# return = upload content -# ------------------------------------------------------------------------------ -function sg_uploadfile_from_url($url_file, $destination_file, $proxy = '') -{ - conf_mount_rw(); - # open destination file - sg_addlog("sg_uploadfile_from_url", "Begin url'$url_file' proxy'$proxy'", SQUIDGUARD_INFO); - - $result = ''; - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $url_file); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); - if (!empty($proxy)) { - $ip = ''; - $login = ''; - $s = trim($proxy); - if (strpos($s, ' ')) { - $ip = substr($s, 0, strpos($s, ' ')); - $login = substr($s, strpos($s, ' ') + 1); - } else $ip = $s; - if($ip != '') { - curl_setopt($ch, CURLOPT_PROXY, $ip); - if($login != '') - curl_setopt($ch, CURLOPT_PROXYUSERPWD, $login); - } - } - $result=curl_exec ($ch); - curl_close ($ch); - if (!empty($destination_file)) - file_put_contents($destination_file, $result); - else sg_addlog("sg_uploadfile_from_url", "Can't upload file", SQUIDGUARD_ERROR); +# ------------------------------------------------------------------------------ - # for test - file_put_contents(BLK_LOCALFILE, $result); - conf_mount_rw(); - return $result; -} # ============================================================================== # self utils @@ -1718,94 +1507,6 @@ function scan_dir($dir) } return $files; } -# ------------------------------------------------------------------------------ -# restore_arc_blacklist - copy arc blacklist to db -# ------------------------------------------------------------------------------ -function restore_arc_blacklist() -{ - global $squidguard_config; - $dbhome = SQUIDGUARD_DBHOME; - $blklist_file = SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES; - $arc_db_dir = SQUIDGUARD_DBSAMPLE; - $arc_blklist_file = SQUIDGUARD_VAR . SQUIDGUARD_BLK_ENTRIES; - - if (file_exists($arc_db_dir) and file_exists($arc_blklist_file)) { -# conf_mount_rw(); - # copy arc blacklist to work DB with permissions - mwexec("cp -R -p $arc_db_dir/ $dbhome"); - set_file_access($dbhome, OWNER_NAME, 0755); - sg_addlog("restore_arc_blacklist", "Restore blacklist archive from '$arc_db_dir'.", SQUIDGUARD_INFO); - - $blklist = ""; - $files = scan_dir("$arc_db_dir/"); - foreach ($files as $fl) { - $blklist .= $fl . "\n"; - } - file_put_contents($blklist_file, $blklist); - set_file_access($blklist_file, OWNER_NAME, 0755); - - # copy black list file -# copy($arc_blklist_file, $blklist_file); -# set_file_access($blklist_file, OWNER_NAME, 0755); -# sg_addlog("restore_arc_blacklist", "Restore black list file from '$arc_blklist_file' to '$blklist_file'.", SQUIDGUARD_INFO); -# conf_mount_ro(); - } else { - sg_addlog("restore_arc_blacklist", "File '$arc_db_dir' or '$blklist_file' not found.", SQUIDGUARD_ERROR); - } -} - -# ------------------------------------------------------------------------------ -# scan_blacklist_cat - scan all dirs and subdirs tree and make blk enrties list -# $cur_dir - start directory -# $key_name - current key name -# ------------------------------------------------------------------------------ -# blk entry[key]: -# ["domains"] domains file path -# ["urls"] urls file path -# ["expressions"] expressions file path -# ------------------------------------------------------------------------------ -function scan_blacklist_cat($curdir, $key_name, $cat_array) -{ - - if (file_exists($curdir) and is_dir($curdir)) { - $blk_entry = array(); - $files = scan_dir($curdir); - - foreach($files as $fls) { - $fls_file = "$curdir/$fls"; - - if (($fls != ".") and ($fls != "..")) { - if (is_file($fls_file)) { - - # add files path - switch(strtolower($fls)) { - case "domains": - $blk_entry["domains"] = $fls_file; - $blk_entry["path"] = $curdir; - break; - case "urls": - $blk_entry["urls"] = $fls_file; - $blk_entry["path"] = $curdir; - break; - case "expressions": - $blk_entry["expressions"] = $fls_file; - $blk_entry["path"] = $curdir; - break; - } - } - elseif (is_dir($fls_file)) { - $fls_key = $key_name . "_" . $fls; - - # recursive call - scan_blacklist_cat($fls_file, $fls_key, & $cat_array); - } - } - } - - if (count($blk_entry)) - $cat_array[$key_name] = $blk_entry; - } -} # ****************************************************************************** # squidguard utils @@ -2031,6 +1732,7 @@ function sg_check_src($sgx, $input_errors) return empty($elog); } + # ------------------------------------------------------------------------------ # check rebuild blacklist # ------------------------------------------------------------------------------ @@ -2230,10 +1932,459 @@ function squidguard_setup_cron($task_key, $options, $on_off) } } +# ***************************************************************************** +# RAMDisk +# Temp ramdisk for quickly DB update +# ***************************************************************************** +function squidguard_ramdisk($enable) +{ + $ramsize = 200; + + # delete old squidguard ramdisk + if (file_exists("/dev/md15")) { + mwexec("umount -f " . SQUIDGUARD_TMP); + mwexec("sleep 1"); + mwexec("mdconfig -d -u 15"); + } + + if ($enable === true) { + # create temp ramdisk + # size 300Mb very nice for work with Archive < 30Mb + # this is size use physical RAM + Swap file + mwexec("/sbin/mdmfs -s {$ramsize}M md15 " . SQUIDGUARD_TMP); + mwexec("chmod 1777 " . SQUIDGUARD_TMP); + } +} + +# ****************************************************************************** +# Blacklist +# ****************************************************************************** + +# ------------------------------------------------------------------------------ +# squidguard_update_stat +# ------------------------------------------------------------------------------ +function squidguard_update_log($msg, $new="") +{ + $to = $new ? ">" : ">>"; # create new or save to exists file + mwexec("echo $msg $to " . SG_UPDATE_STATFILE); +} + +# ----------------------------------------------------------------------------- +# squidguard_blacklist_update_start() +# ----------------------------------------------------------------------------- +function squidguard_blacklist_update_start($url_filename) +{ + # 1. if started - calncel + if (squidguard_blacklist_update_IsStarted()) squidguard_blacklist_update_cancel(); + + # 2. delete old script + if (file_exists(SCR_NAME_BLKUPDATE)) unlink(SCR_NAME_BLKUPDATE); + + # 3. create new php script & set permissions + file_put_contents(SCR_NAME_BLKUPDATE, squidguard_script_blacklistupdate($url_filename, "")); + set_file_access (SCR_NAME_BLKUPDATE, OWNER_NAME, 0755); + + # 4. start script background + mwexec_bg(SCR_NAME_BLKUPDATE); +} + +# ----------------------------------------------------------------------------- +# squidguard_blacklist_update_cancel() +# ----------------------------------------------------------------------------- +function squidguard_blacklist_update_cancel() +{ + # kill script and SG update process + mwexec("kill `ps auxwwww | grep '" . SCR_NAME_BLKUPDATE . "' | grep -v 'grep' | awk '{print $2}'`"); + mwexec("kill `ps auxwwww | grep 'squidGuard -c .* -C all' | grep -v 'grep' | awk '{print $2}'`"); + squidguard_ramdisk(false); + + squidguard_update_log("Blacklist update terminated by user.", ""); +} + +# ----------------------------------------------------------------------------- +# squidguard_blacklist_update_IsStarted() +# ----------------------------------------------------------------------------- +function squidguard_blacklist_update_IsStarted() +{ + return exec("ps auxwwww | grep '" . SCR_NAME_BLKUPDATE . "' | grep -v 'grep' | awk '{print $2}' | wc -l | awk '{ print $1 }'"); +} + +# ----------------------------------------------------------------------------- +# sg_reconfigure_blacklist($source_filename, $opt) +# $source_filename - file name or url +# $opt - option: +# '' or 'local' - update from local file +# 'url' - update from url +# ----------------------------------------------------------------------------- +function sg_reconfigure_blacklist($source_filename, $opt = '') +{ + global $squidguard_config; + $sf = trim($source_filename); + $sf_contents = ''; + + sg_addlog("sg_reconfigure_blacklist", "Begin blacklist update.", SQUIDGUARD_INFO); + squidguard_update_log("Begin blacklist update", "New"); + + # 1. check system + sg_check_system(); + + # 2. download + if ($sf[0] === "/") { # local file - example '/tmp/blacklists.tar' + sg_addlog("sg_reconfigure_blacklist", "Update from file '$sf'.", SQUIDGUARD_INFO); + squidguard_update_log("Copy archive from file '$sf'"); + if (file_exists($sf)) { + $sf_contents = file_get_contents($sf); + } else { + sg_addlog("sg_reconfigure_blacklist", "File '$sf' not found.", SQUIDGUARD_ERROR); + squidguard_update_log("File '$sf' not found."); + return; + } + } + # from url + else { + sg_addlog("sg_reconfigure_blacklist", "Download from url '$sf'.", SQUIDGUARD_INFO); + squidguard_update_log("Start download."); + $sf_contents = sg_uploadfile_from_url($sf, $opt); + } + + # 3. update + if (empty($sf_contents)) { + sg_addlog("sg_reconfigure_blacklist", "Bad content from '$sf'. Terminate.", SQUIDGUARD_ERROR); + squidguard_update_log("Bad content from '$sf'. Terminate."); + return; + } + + # save black list archive content to local file + file_put_contents(SG_UPDATE_TARFILE, $sf_contents); + + # update blacklist + sg_update_blacklist(SG_UPDATE_TARFILE); +} + +# ------------------------------------------------------------------------------ +# sg_update_blacklist - update blacklist from file +# How it's work: +# - unpack tar archive to temp dir +# - copy subdir's tree to one-level TempDB +# - rebuild TempDB +# - create Blacklist files listing and copy to values dir and TempDB dir +# - background rebuild temp DB via sh script (longer proccess) and copy to work DB +# ------------------------------------------------------------------------------ + +function sg_update_blacklist($from_file) +{ + global $squidguard_config; + $dbhome = SQUIDGUARD_DBHOME; + $workdir = SQUIDGUARD_WORKDIR; + $tmp_unpack_dir = SQUIDGUARD_TMP . SQUIDGUARD_BL_UNPACK; + $arc_db_dir = SQUIDGUARD_TMP . SG_BLK_ARC; + $conf_path = SQUIDGUARD_VAR . DB_REBUILD_BLK_CONF; + $blklist_file = SQUIDGUARD_BLK_FILELISTPATH; + + sg_addlog("sg_update_blacklist", "Begin with '$from_file'.", SQUIDGUARD_INFO); + + if (file_exists($from_file)) { + # check work and DB dir's + if (file_exists($squidguard_config[F_DBHOME])) $dbhome = $squidguard_config[F_DBHOME]; + if (file_exists($squidguard_config[F_WORKDIR])) $workdir = $squidguard_config[F_WORKDIR]; + + # delete old tmp dir's + if (file_exists($tmp_unpack_dir)) mwexec("rm -R . $tmp_unpack_dir"); + if (file_exists($arc_db_dir)) mwexec("rm -R . $arc_db_dir"); + squidguard_ramdisk(false); + + # create new tmp/arc dir's, use ramdisk for quick operations + squidguard_ramdisk(true); + mwexec("mkdir -p -m 0755 $tmp_unpack_dir"); + mwexec("mkdir -p -m 0755 $arc_db_dir"); + + # 1. unpack archive + squidguard_update_log("Unpack archive"); + mwexec("tar zxvf $from_file -C $tmp_unpack_dir"); + set_file_access($tmp_unpack_dir, OWNER_NAME, 0755); + sg_addlog("sg_update_blacklist", "Unpack uploaded file '$from_file' -> '$tmp_unpack_dir'.", SQUIDGUARD_INFO); + + # 2. copy blacklist to TempDB base & create entries list + squidguard_update_log("Scan blacklist categories."); + if (file_exists($tmp_unpack_dir)) { + $blk_items = array(); + $blk_list = array(); + + # scan blacklist items + scan_blacklist_cat($tmp_unpack_dir, "blk", & $blk_items); + + # move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB) + foreach ($blk_items as $key => $val) { + $current_dbpath = "$arc_db_dir/$key"; + if (count($val)) { + # make blk_list for config file + $blk_list[$key] = $key; + + # delete '$current_dbpath' for correct moving + # need moving $val['path'] to $current_dbpath + # if $current_dbpath exists, then $val['path'] will created as subdir - !it's worng! + if (file_exists($current_dbpath)) + mwexec("rm -R $current_dbpath"); + mwexec("mv -f {$val['path']}/ $current_dbpath"); + sg_addlog("sg_update_blacklist", "Move {$val['path']}/ -> $current_dbpath.", SQUIDGUARD_INFO); + } + } + set_file_access($arc_db_dir, OWNER_NAME, 0755); + + # create entries list + if (count($blk_items)) { + # save to temp DB + $cont = implode("\n", array_keys($blk_items)); + + # temp blacklist files + $blklist_file = $arc_db_dir . SQUIDGUARD_BLK_FILELIST; + file_put_contents($blklist_file, $cont); + set_file_access ($blklist_file, OWNER_NAME, 0755); + + # system blacklist files + $blklist_file = SQUIDGUARD_BLK_FILELISTPATH; + file_put_contents($blklist_file, $cont); + set_file_access ($blklist_file, OWNER_NAME, 0755); + + sg_addlog("sg_update_blacklist", "Create DB entries list '$blklist_file'.", SQUIDGUARD_INFO); + squidguard_update_log("Found " . count($blk_items) . " items."); + } + + # rebuild db & save to work dir + squidguard_update_log("Start rebuild DB."); + squidguard_rebuild_db("blk_", $arc_db_dir, $blk_list); + + squidguard_update_log("Copy DB to workdir."); + mwexec("cp -R -p $arc_db_dir/ $dbhome"); + mwexec("cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR); + set_file_access($dbhome, OWNER_NAME, 0755); + + squidguard_update_log("Reconfigure Squid proxy."); + mwexec("/usr/local/sbin/squid -k reconfigure"); + + squidguard_update_log("Blacklist update complete."); + + } + + # free ramdisk + squidguard_ramdisk(false); + } + else sg_addlog("sg_update_blacklist", "File $from_file not found.", SQUIDGUARD_ERROR); +} + +# ----------------------------------------------------------------------------- +# sg_entries_blacklist +# ----------------------------------------------------------------------------- +function sg_entries_blacklist() +{ + $contents = ''; + + $fl = SQUIDGUARD_BLK_FILELISTPATH; + if (file_exists($fl)) + $contents = explode("\n", file_get_contents($fl)); + + return $contents; +} +# ----------------------------------------------------------------------------- +# sg_blacklist_rebuild_db - rebuild current Blacklist DB (default: '/var/db/squidGuard') +# ----------------------------------------------------------------------------- +/* +function sg_blacklist_rebuild_db() +{ + global $squidguard_config; + $dst_list = array(); + $dbhome = $squidguard_config[F_DBHOME]; + $workdir = $squidguard_config[F_WORKDIR]; + + # current dbhome and work dir's + sg_addlog("sg_blacklist_rebuild_db", "Start with path '$dbhome'.", SQUIDGUARD_INFO); + + # make dest list + $blklist_file = SQUIDGUARD_BLK_FILELISTPATH; + if (file_exists($blklist_file)) { + $blklist = explode("\n", file_get_contents($blklist_file)); + if (is_array($blklist)) + foreach($blklist as $bl) { $dst_list[$bl] = $bl; } + } + + # rebuild user db ('/var/db/squidGuard') + squidguard_rebuild_db("_blkdb", $dbhome, $dst_list); +} +*/ +# ----------------------------------------------------------------------------- +# sg_uploadfile_from_url +# ----------------------------------------------------------------------------- +function sg_uploadfile_from_url($url_file, $proxy = '') +{ + $err = 0; + $download_tmpfile = SG_UPDATE_TMPFILE; #"/tmp/squidguard_download.tmp"; + $download_logfile = SG_UPDATE_LOGFILE; #"/tmp/squidguard_download.log"; + + conf_mount_rw(); + # open destination file + $s = "Download archive '$url_file'" . ( $proxy ? " via proxy'$proxy'" : "" ); + sg_addlog("sg_uploadfile_from_url", $s, SQUIDGUARD_INFO); + squidguard_update_log( $s ); + + # open temp and log files for curl + $ftmp = fopen($download_tmpfile, "w"); # download result file + $flog = fopen($download_logfile, "w"); # download log file + + $result = ''; + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url_file); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_NOPROGRESS, 0); + curl_setopt($ch, CURLOPT_FILE, $ftmp); + curl_setopt($ch, CURLOPT_STDERR, $flog); + + if (!empty($proxy)) { + $ip = ''; + $login = ''; + $s = trim($proxy); + if (strpos($s, ' ')) { + $ip = substr($s, 0, strpos($s, ' ')); + $login = substr($s, strpos($s, ' ') + 1); + } else $ip = $s; + + if($ip != '') { + curl_setopt($ch, CURLOPT_PROXY, $ip); + if($login != '') + curl_setopt($ch, CURLOPT_PROXYUSERPWD, $login); + } + } +# $result=curl_exec ($ch); + curl_exec ($ch); + $err = curl_errno($ch); + if ($err) + squidguard_update_log( "Download error: " . curl_error($ch) ); + else squidguard_update_log( "Download complete" ); + curl_close ($ch); + + # close temp and log files + fclose($ftmp); + fclose($flog); + conf_mount_ro(); + + if (!$err && file_exists( $download_tmpfile )) + $result = file_get_contents( $download_tmpfile ); + return $result; +} + +# ------------------------------------------------------------------------------ +# squidguard_blacklist_restore_arcdb - copy arc blacklist to db +# ------------------------------------------------------------------------------ +function squidguard_blacklist_restore_arcdb() +{ + global $squidguard_config; + $dbhome = $squidguard_config[F_DBHOME] ? $squidguard_config[F_DBHOME] : SQUIDGUARD_DBHOME; + $blklist_file = SQUIDGUARD_BLK_FILELISTPATH; + $arc_db_dir = SQUIDGUARD_DBSAMPLE; + + squidguard_update_log("Restore default blacklist DB.", "new"); + if (file_exists($arc_db_dir)) { + conf_mount_rw(); + # copy arc blacklist to work DB with permissions + mwexec("cp -R -p $arc_db_dir/ $dbhome"); + set_file_access($dbhome, OWNER_NAME, 0755); + sg_addlog("squidguard_blacklist_restore_arcdb", "Restore blacklist archive from '$arc_db_dir'.", SQUIDGUARD_INFO); + + # generate blacklist files list + $blklist = ""; + $files = scan_dir("$arc_db_dir/"); + if ($files) $blklist = implode("\n", $files); + file_put_contents($blklist_file, $blklist); + set_file_access($blklist_file, OWNER_NAME, 0755); + + squidguard_rebuild_db("arc_", $dbhome, $files); + + squidguard_update_log("Reconfigure Squid proxy."); + mwexec("/usr/local/sbin/squid -k reconfigure"); + + conf_mount_ro(); + squidguard_update_log("Restore success."); + } else { + sg_addlog("squidguard_blacklist_restore_arcdb", "File '$arc_db_dir' or '$blklist_file' not found.", SQUIDGUARD_ERROR); + squidguard_update_log("Restore error: File '$arc_db_dir' or '$blklist_file' not found."); + } +} + +# ------------------------------------------------------------------------------ +# scan_blacklist_cat - scan all dirs and subdirs tree and make blk enrties list +# $cur_dir - start directory +# $key_name - current key name +# ------------------------------------------------------------------------------ +# blk entry[key]: +# ["domains"] domains file path +# ["urls"] urls file path +# ["expressions"] expressions file path +# ------------------------------------------------------------------------------ +function scan_blacklist_cat($curdir, $key_name, $cat_array) +{ + + if (file_exists($curdir) and is_dir($curdir)) { + $blk_entry = array(); + $files = scan_dir($curdir); + + foreach($files as $fls) { + $fls_file = "$curdir/$fls"; + + if (($fls != ".") and ($fls != "..")) { + if (is_file($fls_file)) { + + # add files path + switch(strtolower($fls)) { + case "domains": + $blk_entry["domains"] = $fls_file; + $blk_entry["path"] = $curdir; + break; + case "urls": + $blk_entry["urls"] = $fls_file; + $blk_entry["path"] = $curdir; + break; + case "expressions": + $blk_entry["expressions"] = $fls_file; + $blk_entry["path"] = $curdir; + break; + } + } + elseif (is_dir($fls_file)) { + $fls_key = $key_name . "_" . $fls; + + # recursive call + scan_blacklist_cat($fls_file, $fls_key, & $cat_array); + } + } + } + + if (count($blk_entry)) + $cat_array[$key_name] = $blk_entry; + } +} + +# ============================================================================= +# Blacklist Scripts +# ============================================================================= + +# squidGuard blacklist update php script +function squidguard_script_blacklistupdate($fname, $opt) +{ + $sh[] = "#!/usr/local/bin/php -f"; + $sh[] = "<?php"; + $sh[] = " \$incl = \"/usr/local/pkg/squidguard_configurator.inc\";"; + $sh[] = " if (file_exists(\$incl)) {"; + $sh[] = " require_once(\$incl);"; + $sh[] = " sg_reconfigure_blacklist( \"{$fname}\", \"{$opt}\" );"; + $sh[] = " }"; + $sh[] = " exit;"; + $sh[] = "?>"; + return implode ("\n", $sh); +} # @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # classes # @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ + class TSgTag { var $tag; diff --git a/config/squidGuard/squidguard_default.xml b/config/squidGuard/squidguard_default.xml index bcb6d41b..3d99259d 100644 --- a/config/squidGuard/squidguard_default.xml +++ b/config/squidGuard/squidguard_default.xml @@ -7,7 +7,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>squidguarddefault</name> <version>none</version> - <title>Proxy filter SquidGuard: Default</title> + <title>Proxy filter SquidGuard: Common Access Control List (ACL)</title> <include_file>/usr/local/pkg/squidguard.inc</include_file> <tabs> <tab> @@ -15,16 +15,16 @@ <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> </tab> <tab> - <text>Default</text> + <text>Common ACL</text> <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> <active/> </tab> <tab> - <text>ACL</text> + <text>Special ACL</text> <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> - <text>Destinations</text> + <text>Target categories</text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> <tab> @@ -36,13 +36,17 @@ <url>/pkg.php?xml=squidguard_rewr.xml</url> </tab> <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> <text>Log</text> <url>/squidGuard/squidguard_log.php</url> </tab> </tabs> <fields> <field> - <fielddescr>Default destination</fielddescr> + <fielddescr>Target Rules</fielddescr> <fieldname>dest</fieldname> <description></description> <type>input</type> diff --git a/config/squidGuard/squidguard_dest.xml b/config/squidGuard/squidguard_dest.xml index bf252661..9d92a2fa 100644 --- a/config/squidGuard/squidguard_dest.xml +++ b/config/squidGuard/squidguard_dest.xml @@ -7,7 +7,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>squidguarddest</name> <version>none</version> - <title>Proxy filter SquidGuard: Destinations</title> + <title>Proxy filter SquidGuard: Target categories</title> <include_file>/usr/local/pkg/squidguard.inc</include_file> <delete_string>A proxy server user has been deleted.</delete_string> <addedit_string>A proxy server user has been created/modified.</addedit_string> @@ -17,15 +17,15 @@ <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> </tab> <tab> - <text>Default</text> + <text>Common ACL</text> <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> </tab> <tab> - <text>ACL</text> + <text>Special ACL</text> <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> - <text>Destinations</text> + <text>Target categories</text> <url>/pkg.php?xml=squidguard_dest.xml</url> <active/> </tab> @@ -38,27 +38,19 @@ <url>/pkg.php?xml=squidguard_rewr.xml</url> </tab> <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> <text>Log</text> <url>/squidGuard/squidguard_log.php</url> </tab> </tabs> <adddeleteeditpagefields> <columnitem> - <fielddescr>Destination name</fielddescr> + <fielddescr>Name</fielddescr> <fieldname>name</fieldname> </columnitem> - <!--columnitem> - <fielddescr>Domain list</fielddescr> - <fieldname>domains</fieldname> - </columnitem--> - <!--columnitem> - <fielddescr>URL list</fielddescr> - <fieldname>urls</fieldname> - </columnitem--> - <!--columnitem> - <fielddescr>Expressions</fielddescr> - <fieldname>expressions</fieldname> - </columnitem--> <columnitem> <fielddescr>Redirect</fielddescr> <fieldname>redirect</fieldname> @@ -93,24 +85,24 @@ <rows>10</rows> </field> <field> - <fielddescr>Expressions</fielddescr> - <fieldname>expressions</fieldname> + <fielddescr>URLs list</fielddescr> + <fieldname>urls</fieldname> <description> - Enter word fragments, what may be contains in destinations URL path. - For separate expression words use '|'. - <p> <b>Example:</b> 'mail|casino|game' . + Enter url's here. + For separate urls's use ' '(space). + <p> <b>Example:</b> 'host.com/xxx 12.10.220.125/alisa' . </description> <type>textarea</type> <cols>60</cols> <rows>10</rows> </field> <field> - <fielddescr>URLs list</fielddescr> - <fieldname>urls</fieldname> + <fielddescr>Expressions</fielddescr> + <fieldname>expressions</fieldname> <description> - Enter url's here. - For separate urls's use ' '(space). - <p> <b>Example:</b> 'host.com/xxx 12.10.220.125/alisa' . + Enter word fragments, what may be contains in destinations URL path. + For separate expression words use '|'. + <p> <b>Example:</b> 'mail|casino|game' . </description> <type>textarea</type> <cols>60</cols> diff --git a/config/squidGuard/squidguard_log.php b/config/squidGuard/squidguard_log.php index fe70fa10..ddcea9ce 100644 --- a/config/squidGuard/squidguard_log.php +++ b/config/squidGuard/squidguard_log.php @@ -60,11 +60,12 @@ if (!in_array( $mode, array("blocked", "fgui", "flog", "pconf", "fconf"))) $mode <?php $tab_array = array(); $tab_array[] = array(gettext("General settings"), false, "/pkg_edit.php?xml=squidguard.xml&id=0"); - $tab_array[] = array(gettext("Default"), false, "/pkg_edit.php?xml=squidguard_default.xml&id=0"); - $tab_array[] = array(gettext("ACL"), false, "/pkg.php?xml=squidguard_acl.xml"); - $tab_array[] = array(gettext("Destinations"), false, "/pkg.php?xml=squidguard_dest.xml"); + $tab_array[] = array(gettext("Common ACL"), false, "/pkg_edit.php?xml=squidguard_default.xml&id=0"); + $tab_array[] = array(gettext("Special ACL"), false, "/pkg.php?xml=squidguard_acl.xml"); + $tab_array[] = array(gettext("Target categories"),false, "/pkg.php?xml=squidguard_dest.xml"); $tab_array[] = array(gettext("Times"), false, "/pkg.php?xml=squidguard_time.xml"); $tab_array[] = array(gettext("Rewrites"), false, "/pkg.php?xml=squidguard_rewr.xml"); + $tab_array[] = array(gettext("Blacklist"), false, "/squidGuard/squidguard_blacklist.php"); $tab_array[] = array(gettext("Log"), true, "$selfpath"); display_top_tabs($tab_array); ?> @@ -132,9 +133,9 @@ if (!in_array( $mode, array("blocked", "fgui", "flog", "pconf", "fconf"))) $mode <?php include("fend.inc"); ?> -<script type="text/javascript"> +<!--script type="text/javascript"> NiftyCheck(); Rounded("div#mainarea","bl br","#FFF","#eeeeee","smooth"); -</script> +</script--> </body> </html>
\ No newline at end of file diff --git a/config/squidGuard/squidguard_log.xml b/config/squidGuard/squidguard_log.xml index 654c0917..a01008fa 100644 --- a/config/squidGuard/squidguard_log.xml +++ b/config/squidGuard/squidguard_log.xml @@ -17,15 +17,15 @@ <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> </tab> <tab> - <text>Default</text> + <text>Common ACL</text> <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> </tab> <tab> - <text>ACL</text> + <text>Special ACL</text> <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> - <text>Destinations</text> + <text>Target categories</text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> <tab> @@ -37,6 +37,10 @@ <url>/pkg.php?xml=squidguard_rewr.xml</url> </tab> <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> <text>Log</text> <url>/squidGuard/squidguard_log.php</url> <active/> diff --git a/config/squidGuard/squidguard_rewr.xml b/config/squidGuard/squidguard_rewr.xml index 4a2a71f3..52233133 100644 --- a/config/squidGuard/squidguard_rewr.xml +++ b/config/squidGuard/squidguard_rewr.xml @@ -15,15 +15,15 @@ <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> </tab> <tab> - <text>Default</text> + <text>Common ACL</text> <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> </tab> <tab> - <text>ACL</text> + <text>Special ACL</text> <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> - <text>Destinations</text> + <text>Target categories</text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> <tab> @@ -36,6 +36,10 @@ <active/> </tab> <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> <text>Log</text> <url>/squidGuard/squidguard_log.php</url> </tab> diff --git a/config/squidGuard/squidguard_time.xml b/config/squidGuard/squidguard_time.xml index 83347fad..c62635fa 100644 --- a/config/squidGuard/squidguard_time.xml +++ b/config/squidGuard/squidguard_time.xml @@ -17,15 +17,15 @@ <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> </tab> <tab> - <text>Default</text> + <text>Common ACL</text> <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> </tab> <tab> - <text>ACL</text> + <text>Special ACL</text> <url>/pkg.php?xml=squidguard_acl.xml</url> </tab> <tab> - <text>Destinations</text> + <text>Target categories</text> <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> <tab> @@ -38,13 +38,17 @@ <url>/pkg.php?xml=squidguard_rewr.xml</url> </tab> <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> <text>Log</text> <url>/squidGuard/squidguard_log.php</url> </tab> </tabs> <adddeleteeditpagefields> <columnitem> - <fielddescr>Timename</fielddescr> + <fielddescr>Name</fielddescr> <fieldname>name</fieldname> </columnitem> <columnitem> |