aboutsummaryrefslogtreecommitdiffstats
path: root/packages/squidGuard/squidguard_configurator.inc
diff options
context:
space:
mode:
authorD. V. Serg <dvserg@pfsense.org>2007-11-09 14:46:25 +0000
committerD. V. Serg <dvserg@pfsense.org>2007-11-09 14:46:25 +0000
commita0d0a547b3f925b43a93a47ac52c562d824c3deb (patch)
treed4ef579741c8f839a1de7de94b2adc823c66d493 /packages/squidGuard/squidguard_configurator.inc
parent0b03fa5a6cd05bf3de3ce02cb61f9a35e411dec2 (diff)
downloadpfsense-packages-a0d0a547b3f925b43a93a47ac52c562d824c3deb.tar.gz
pfsense-packages-a0d0a547b3f925b43a93a47ac52c562d824c3deb.tar.bz2
pfsense-packages-a0d0a547b3f925b43a93a47ac52c562d824c3deb.zip
New ver update
Diffstat (limited to 'packages/squidGuard/squidguard_configurator.inc')
-rw-r--r--packages/squidGuard/squidguard_configurator.inc1564
1 files changed, 1564 insertions, 0 deletions
diff --git a/packages/squidGuard/squidguard_configurator.inc b/packages/squidGuard/squidguard_configurator.inc
new file mode 100644
index 00000000..06cddb99
--- /dev/null
+++ b/packages/squidGuard/squidguard_configurator.inc
@@ -0,0 +1,1564 @@
+<?php
+# ------------------------------------------------------------------------------
+/* squidguard_configurator.inc
+ (C)2006 Serg Dvoriancev
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+# ------------------------------------------------------------------------------
+# SquidGuard Configurator
+# email: dv_serg@mail.ru
+# ------------------------------------------------------------------------------
+# squidGuard inline options:
+# squidGuard -C all - apdate database
+# squidGuard -c <configfile> - create squidGuard with specified config file
+# ------------------------------------------------------------------------------
+# Directories:
+# work path - $workdir
+# log path - $workdir + $logdir
+# ------------------------------------------------------------------------------
+# Functions:
+# sg_init($init_xml)
+# sg_load_configxml($filename)
+# sg_save_configxml($filename)
+# sg_reconfigure()
+# sg_reconfigure_blacklist($source_filename, $opt)
+# $source_filename - file name or url
+# $opt - option:
+# '' or 'local' - update from local file (example: '/tmp/blacklist.tar')
+# 'url' - update from url
+# ------------------------------------------------------------------------------
+# Config XML structure:
+# ------------------------------------------------------------------------------
+/*
+<?xml version="1.0"?>
+<squidGuard>
+ <logdir/>
+ <dbhome/>
+ <workdir/>
+ <enabled/>
+ <blacklist_enabled>
+ <sources>
+ <item>
+ <name/>
+ <ip/>
+ <log>on</log>
+ <description/>
+ </item>
+ <item>
+ ...
+ </item>
+ </sources>
+ <destinations>
+ <item>
+ <name/>
+ <urls/>
+ <domains/>
+ <expressions/>
+ <redirect/>
+ <description/>
+ <log>on</log>
+ </item>
+ <item>
+ ...
+ </item>
+ </destinations>
+ <rewrites>
+ <item>
+ <name/>
+ <description/>
+ <log>on</log>
+ <item>
+ <targeturl/>
+ <replaceto/>
+ </item>
+ <item>
+ ...
+ </item>
+ </item>
+ <item>
+ ...
+ </item>
+ </rewrites>
+ <times>
+ <item>
+ <name/>
+ <description/>
+ <item>
+ <timetype/>
+ <timedays/>
+ <daterange/>
+ <sg_timerange/>
+ </item>
+ <item>
+ ...
+ </item>
+ </item>
+ <item>
+ ...
+ </item>
+ </times>
+ <acls>
+ <item>
+ <name/>
+ <description/>
+ <disabled/>
+ <timename/>
+ <redirect/>
+ <rewritename/>
+ <overredirect/>
+ <overrewritename/>
+ <destname/>
+ <overdestname/>
+ </item>
+ <item>
+ ...
+ </item>
+ </acls>
+ <default>
+ <name/>
+ <description/>
+ <disabled/>
+ <timename/>
+ <redirect/>
+ <rewritename/>
+ <overredirect/>
+ <overrewritename/>
+ <destname/>
+ <overdestname/>
+ </default>
+</squidGuard>
+*/
+require_once('globals.inc');
+require_once('config.inc');
+require_once('util.inc');
+require_once('pfsense-utils.inc');
+require_once('pkg-utils.inc');
+require_once('filter.inc');
+require_once('service-utils.inc');
+
+# ------------------------------------------------------------------------------
+
+define('FILES_DB_HEADER', '
+# ------------------------------------------------------------------------------
+# File created by squidGuard package GUI
+# (C)2006 Serg Dvoriancev
+# ------------------------------------------------------------------------------
+');
+
+define('CONFIG_SG_HEADER', '
+# ============================================================
+# SquidGuard configuration file
+#
+# This file generated automaticly with SquidGuard configurator
+#
+# (C)2006 Serg Dvoriancev
+# email: dv_serg@mail.ru
+# ============================================================
+');
+
+define('ACL_WARNING_ABSENSE_PASS', "!WARNING! Absence PASS 'all' or 'none' added as 'none'");
+
+# ------------------------------------------------------------------------------
+# squid config options
+# ------------------------------------------------------------------------------
+define('REDIRECTOR_OPTIONS_REM', '# squidGuard options');
+define('REDIRECTOR_PROGRAM_OPT', 'redirect_program');
+define('REDIRECT_BYPASS_OPT', 'redirector_bypass');
+define('REDIRECT_CHILDREN_OPT', 'redirect_children');
+# ------------------------------------------------------------------------------
+# setup count redirector processes will started
+# * for big count users service increase this option,
+# but you need use this on powerful system
+define('REDIRECTOR_PROCESS_COUNT', '3');
+
+# ------------------------------------------------------------------------------
+# squidguard config options
+# ------------------------------------------------------------------------------
+# define default redirection url (redirector get this url for all blocked url's)
+# * !ATTENTION! this url must be exists; IF url not exist, redirector will't block
+# (returned to squid some url, what blocked)
+# this may use '301:' or '302:' value (only)
+#define('REDIRECT_BASE_URL', '302:');
+define('REDIRECT_BASE_URL', 'http://127.0.0.1/sgerror.php');
+define('REDIRECT_TRANSPARENT_BASE_URL', '/sgerror.php');
+
+# ------------------------------------------------------------------------------
+# squidguard system defines
+# ------------------------------------------------------------------------------
+# !check this!
+define('SQUID_CONFIGFILE', '/usr/local/etc/squid/squid.conf');
+define('TMP_DIR', '/var/tmp');
+
+# not need for check
+define('SQUIDGUARD_CONFIGFILE', '/squidGuard.conf');
+define('SQUIDGUARDCONF_LOGFILE', '/sg_configurator.log');
+define('SQUIDGUARD_ACCESSBLOCK_FILE', 'block.log');
+define('SQUIDGUARD_BLK_ENTRIES', '/blacklist.files');
+define('BLACKLIST_ARCHIVE', '/blacklists.tar');
+# ? may be not used ?
+define('SQUIDGUARD_CONFBASE_DEF', '/usr/local/etc/squid');
+define('SQUIDGUARD_LOGDIR_DEF', '/tmp');
+define('SQUIDGUARD_WORKDIR_DEF', '/usr/local/etc/squidGuard');
+define('SQUIDGUARD_BINPATH_DEF', '/usr/local/bin');
+define('SQUIDGUARD_DBHOME_DEF', '/var/db/squidGuard');
+define('BLK_LOCALFILE', '/tmp/sg_blacklists.tar');
+
+# ------------------------------------------------------------------------------
+// debug options
+define('DEBUG_UPDATE_SQUID_CONF', 'true');
+define('DEBUG_UPDATE_SQUIDGUARD_DB', 'true');
+define('DEBUG_MAKE_SQUIDGUARD_CONFIG', 'true');
+
+// options
+define('SQUIDGUARD_LOG_MAXCOUNT', 1000); // max log lines
+
+# ------------------------------------------------------------------------------
+#
+define('FLT_DEFAULT_ALL', 'all');
+# ------------------------------------------------------------------------------
+# owner user name (squid system user - need for define rights access)
+# ------------------------------------------------------------------------------
+define('OWNER_NAME', 'proxy');
+# ------------------------------------------------------------------------------
+#
+define('DEBUG_ON', 'true');
+
+# ==============================================================================
+# black list
+# ==============================================================================
+# known black list standard names
+# ------------------------------------------------------------------------------
+define('FLT_AD', 'ads');
+define('FLT_AGGRESSIVE', 'aggressive');
+define('FLT_AUDIOVIDEO', 'audio-video');
+define('FLT_DRUGGS', 'druggs');
+define('FLT_GAMBLING', 'gambling');
+define('FLT_HACKING', 'hacking');
+define('FLT_MAIL', 'mail');
+define('FLT_PORN', 'porn');
+define('FLT_PROXY', 'proxy');
+define('FLT_VIOLENCE', 'viol');
+define('FLT_WAREZ', 'warez');
+
+# ------------------------------------------------------------------------------
+# std_blacklist_get_description - black list std names description
+# ------------------------------------------------------------------------------
+function std_blacklist_get_description() {
+ $dst_std = array();
+ $dst_std[FLT_AD] = 'Reclama & banners filter';
+ $dst_std[FLT_AGGRESSIVE] = 'Agressive content sites filter';
+ $dst_std[FLT_AUDIOVIDEO] = 'Audio and Video sites filter';
+ $dst_std[FLT_DRUGGS] = 'Druggs filter';
+ $dst_std[FLT_GAMBLING] = 'Games sites filter';
+ $dst_std[FLT_HACKING] = 'Hacking sites filter';
+ $dst_std[FLT_MAIL] = 'Mail sites filter';
+ $dst_std[FLT_PORN] = 'Porno sites filter';
+ $dst_std[FLT_PROXY] = 'Proxy sites filter';
+ $dst_std[FLT_VIOLENCE] = 'Violence content sites filter';
+ $dst_std[FLT_WAREZ] = 'Wares, soft, downloads sites filter';
+ return $dst_std;
+}
+
+# ==============================================================================
+# SquidGuard Configurator
+# ==============================================================================
+// squidGuard config array
+$squidguard_config = array();
+// default init
+sg_init();
+
+# ------------------------------------------------------------------------------
+# squidguard system fields
+# ------------------------------------------------------------------------------
+define('FLD_SQUIDGUARD', 'squidGuard');
+define('FLD_LOGDIR', 'logdir');
+define('FLD_DBHOME', 'dbhome');
+define('FLD_WORKDIR', 'workdir');
+define('FLD_BINPATH', 'binpath');
+define('FLD_PROCCESSCOUNT', 'process_count');
+define('FLD_SQUIDCONFIGFILE', 'squid_configfile');
+define('FLD_ENABLED', 'enabled');
+define('FLD_BLACKLISTENABLED', 'blacklist_enabled');
+define('FLD_SGCONF_XML', 'sgxml_file');
+
+// other fields
+define('FLD_ITEM', 'item');
+define('FLD_TIMES', 'times');
+define('FLD_SOURCES', 'sources');
+define('FLD_DESTINATIONS', 'destinations');
+define('FLD_REWRITES', 'rewrites');
+define('FLD_ACLS', 'acls');
+define('FLD_DEFAULT', 'default');
+define('FLD_NAME', 'name');
+define('FLD_DESCRIPTION', 'description');
+define('FLD_IP', 'ip');
+define('FLD_URLS', 'urls');
+define('FLD_DOMAINS', 'domains');
+define('FLD_EXPRESSIONS', 'expressions');
+define('FLD_REDIRECT', 'redirect');
+define('FLD_TARGETURL', 'targeturl');
+define('FLD_REPLACETO', 'replaceto');
+define('FLD_LOG', 'log');
+define('FLD_ITEM', 'item');
+define('FLD_DISABLED', 'disabled');
+define('FLD_TIMENAME', 'timename');
+define('FLD_DESTINATIONNAME', 'destname');
+define('FLD_REDIRECT', 'redirect');
+define('FLD_REWRITE', 'rewrite');
+define('FLD_REWRITENAME', 'rewritename');
+define('FLD_OVERDESTINATIONNAME', 'overdestname');
+define('FLD_OVERREDIRECT', 'overredirect');
+define('FLD_OVERREWRITE', 'overrewrite');
+define('FLD_OVERREWRITENAME', 'overrewritename');
+define('FLD_TIMETYPE', 'timetype');
+define('FLD_TIMEDAYS', 'timedays');
+define('FLD_DATRANGE', 'daterange');
+define('FLD_TIMERANGE', 'sg_timerange');
+
+// transparent mode
+define('FLD_SQUID_TRANSPARENT_MODE', 'squid_transparent_mode');
+define('FLD_CURRENT_LAN_IP', 'current_lan_ip');
+
+# ------------------------------------------------------------------------------
+# sg_init
+# - initialize config array
+# ------------------------------------------------------------------------------
+function sg_init($init = '') {
+ global $squidguard_config;
+
+ $squidguard_config = array();
+ if(empty($init) or !is_array($init) ) {
+ // default init (for generate minimal config)
+ $squidguard_config[FLD_LOGDIR] = SQUIDGUARD_LOGDIR_DEF;
+ $squidguard_config[FLD_DBHOME] = SQUIDGUARD_DBHOME_DEF;
+ $squidguard_config[FLD_WORKDIR] = SQUIDGUARD_WORKDIR_DEF;
+ $squidguard_config[FLD_BINPATH] = SQUIDGUARD_BINPATH_DEF;
+ $squidguard_config[FLD_SQUIDCONFIGFILE] = SQUID_CONFIGFILE;
+ $squidguard_config[FLD_PROCCESSCOUNT] = REDIRECTOR_PROCESS_COUNT;
+ sg_addlog("sg_init: default initialization squidguard_config");
+ } else {
+ $squidguard_config = $init;
+ sg_addlog("sg_init: ext initialization squidguard_config");
+ }
+ return $squidguard_config;
+}
+
+# ------------------------------------------------------------------------------
+# sg_loadconfig_xml
+# ------------------------------------------------------------------------------
+function sg_load_configxml($filename) {
+ global $squidguard_config;
+ sg_init();
+ if (file_exists($filename)) {
+ $xmlconf = file_get_contents($filename);
+ sg_addlog("sg_load_configxml: load config from $filename");
+
+ if (!empty($xmlconf)) {
+ $squidguard_config = $xmlconf[FLD_SQUIDGUARD];
+ sg_addlog("sg_load_configxml: update config success.");
+ } else
+ sg_addlog("sg_load_configxml: update config error.");
+ } else
+ sg_addlog("sg_load_configxml: error load config from $filename - file not exists.");
+}
+
+# ------------------------------------------------------------------------------
+# sg_saveconfig_xml
+# ------------------------------------------------------------------------------
+function sg_save_configxml($filename) {
+ global $squidguard_config;
+ $xmlconf = dump_xml_config($squidguard_config, FLD_SQUIDGUARD);
+ file_put_contents($filename, $xmlconf);
+}
+
+# ------------------------------------------------------------------------------
+# sg_reconfigure
+# - squidguard reconfiguration
+# ------------------------------------------------------------------------------
+function sg_reconfigure() {
+ global $squidguard_config;
+ sg_addlog("sg_reconfigure: start.");
+
+ // 1. check system
+ sg_check_system();
+
+ // 2. reconfigure user db
+ sg_reconfigure_user_db();
+
+ // 3. generate squidGuard config
+ $conf_file = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARD_CONFIGFILE;
+ $conf = sg_build_config();
+ if ($conf) {
+ $conf = implode("\n", $conf);
+ if ($squidguard_config[FLD_WORKDIR])
+ $conf_file = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_CONFIGFILE;
+ file_put_contents($conf_file, $conf);
+ file_put_contents('/usr/local/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); // << squidGuard want config '/usr/local/etc/squid' by default
+ set_file_access($squidguard_config[FLD_WORKDIR], OWNER_NAME, 0755);
+ sg_addlog("sg_reconfigure: generate squidGuard config and save to $conf_file.");
+ }
+
+ // 4. reconfigure squid
+ squid_reconfigure();
+
+ sg_addlog("sg_reconfigure: end.");
+}
+
+// ------------------------------------------------------------
+// squid_reconfigure
+// Insert in '/usr/local/squid/etc/squid.conf' options:
+// redirector_bypass on
+// redirect_program /usr/local/squidGuard/bin/squidGuard -c /path_to_config_file
+// redirect_children 1
+// ------------------------------------------------------------
+function squid_reconfigure($remove_only = '') {
+ global $squidguard_config;
+
+ sg_addlog("squid_reconfigure: begin");
+
+ // 1. update squid config
+ $opt = '';
+ $squid_conf_file = SQUID_CONFIGFILE;
+ $redirector_path = $squidguard_config[FLD_BINPATH] . '/squidGuard';
+ $redirector_conf = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_CONFIGFILE;
+
+ // update squid.conf file
+ if (file_exists($squid_conf_file)) {
+ sg_addlog("squid_reconfigure: config file '$squid_conf_file'");
+ $conf = file_get_contents($squid_conf_file);
+
+ // remove old redirector options from 'squid.conf'
+ sg_addlog("squid_reconfigure: remove old redirector options from 'squid.conf'");
+ $conf = explode("\n", $conf);
+ for($i=0; $i<count($conf); $i++) {
+ $s = trim($conf[$i]);
+ if (strpos($s, REDIRECTOR_OPTIONS_REM) === 0) $conf[$i] = '';
+ if (strpos($s, REDIRECTOR_PROGRAM_OPT) === 0) $conf[$i] = '';
+ if (strpos($s, REDIRECT_BYPASS_OPT) === 0) $conf[$i] = '';
+ if (strpos($s, REDIRECT_CHILDREN_OPT) === 0) $conf[$i] = '';
+ }
+ $conf = implode("\n", $conf);
+ $conf = rtrim($conf);
+
+ // if squidGuard enabled - add new options to squid config
+ if (empty($remove_only) && ($squidguard_config[FLD_ENABLED] === 'on')) {
+ sg_addlog("squid_reconfigure: add new redirector options to 'squid.conf'");
+ // add redirector options to 'squid.conf'
+ $conf .= "\n";
+ $conf .= "\n" . REDIRECTOR_OPTIONS_REM;
+ $conf .= "\n" . REDIRECTOR_PROGRAM_OPT . " $redirector_path -c $redirector_conf";
+ $conf .= "\n" . REDIRECT_BYPASS_OPT . ' on';
+ $conf .= "\n" . REDIRECT_CHILDREN_OPT . " " . REDIRECTOR_PROCESS_COUNT;
+ }
+ $conf .= "\n";
+ file_put_contents($squid_conf_file, $conf);
+ } else
+ sg_addlog("squid_reconfigure: error config file '$squid_conf_file' not found.");
+
+
+ // 2. restart squid - squid automaticly restart redirector too
+ if (is_service_running('squid'))
+ mwexec("/usr/local/sbin/squid -k reconfigure");
+
+# // 2.1. another method
+# if (is_service_running('squid'))
+# mwexec('killall -HUP squid');
+}
+// ------------------------------------------------------------
+// sg_check_system
+// - check squidguard catalog's and access right's
+// ------------------------------------------------------------
+function sg_check_system() {
+ global $squidguard_config;
+
+ // check work_dir & create if not exists
+ $work_dir = $squidguard_config[FLD_WORKDIR];
+ if (!empty($work_dir)) {
+ // check dir's
+ if (!file_exists($work_dir)) {
+ mwexec("mkdir -p " . $work_dir);
+ sg_addlog("Create work dir $work_dir");
+ // set access right
+ set_file_access($work_dir, OWNER_NAME, 0755);
+ }
+ }
+ unset($work_dir);
+
+ // check log_dir & create if not exists
+ $log_dir = $squidguard_config[FLD_LOGDIR];
+ if (!empty($log_dir)) {
+ if (!file_exists($log_dir)) {
+ mwexec("mkdir -p " . $log_dir);
+ sg_addlog("Create log dir $log_dir");
+ }
+ // set access right - need start any time;
+ // (SG possible start from console and log file will have only root access)
+ set_file_access($log_dir, OWNER_NAME, 0755);
+ }
+ unset($log_dir);
+
+ // check db dir
+ $db_dir = $squidguard_config[FLD_DBHOME];
+ if (!empty($db_dir)) {
+ if (!file_exists($db_dir)) {
+ mwexec("mkdir -p $db_dir");
+ $sg_addlog("Create db dir $db_dir");
+ // set access right
+ set_file_access($db_dir, OWNER_NAME, 0755);
+ }
+ }
+ unset($db_dir);
+}
+// ------------------------------------------------------------
+// sg_reconfigure_user_db
+// - reconfigure(update) db user entries
+// ------------------------------------------------------------
+function sg_reconfigure_user_db() {
+ global $squidguard_config;
+ $dbhome = $squidguard_config[FLD_DBHOME];
+
+ sg_addlog("sg_reconfigure_user_db: begin");
+
+ if (!file_exists($dbhome)) {
+ sg_addlog("sg_reconfigure_user_db: error - path not found $dbhome");
+ return;
+ }
+
+ // update destinations to db
+ $dests = $squidguard_config[FLD_DESTINATIONS];
+ if(!empty($dests)){
+ $dst_names = array();
+
+ foreach($dests[FLD_ITEM] as $dst) {
+ $path = "$dbhome/" . $dst[FLD_NAME];
+ $dst_names[] = $path;
+
+ // 1. check destination catalog
+ if (!file_exists($path)) {
+ if (!mkdir ($path, 0755)) {
+ sg_addlog("sg_reconfigure_user_db: error create dir $path");
+ return;
+ } else sg_addlog("Create dir $path");
+ }
+
+ // 2. build domains file
+ $domains = $dst[FLD_DOMAINS];
+ if (!empty($domains)) {
+ $content = '';
+ $content = str_replace(" ", "\n", $domains);
+ $content = trim($content);
+ file_put_contents($path . '/domains', $content);
+ sg_addlog("sg_reconfigure_user_db: add domains '$domains'");
+ }
+ unset($domains);
+
+ // 3. build urls file
+ $urls = $dst[FLD_URLS];
+ if (!empty($urls)) {
+ $content = '';
+ $content = str_replace(" ", "\n", $urls);
+ $content = trim($content);
+ file_put_contents($path . '/urls', $content);
+ sg_addlog("sg_reconfigure_user_db: add urls '$content'");
+ }
+ unset($urls);
+
+ // 4. build expression file
+ $expr = $dst[FLD_EXPRESSIONS];
+ if (!empty($expr)) {
+ $content = str_replace("|", " ", $expr);
+ $content = trim($content); // delete first and last unnecessary '|' symbols
+ $content = str_replace(" ", "|", $content);
+ file_put_contents($path . '/expressions', $content);
+ sg_addlog("sg_reconfigure_user_db: add expressions '$content'");
+ }
+ unset($expr);
+ }
+
+ // 4. recursive set files access
+ set_file_access($dbhome, OWNER_NAME, 0755);
+
+ // 5. rebuild user db
+ //$dst_names
+ foreach($dst_names as $dname)
+ sg_full_rebuild_db($dname);
+
+ } else
+ sg_addlog("sg_reconfigure_user_db: stopped - destinations list empty");
+
+ // 6. remove unused db entries
+ sg_remove_unused_db_entries();
+
+ sg_addlog("sg_reconfigure_user_db: end");
+}
+
+// ------------------------------------------------------------
+// sg_remove_unused_db_entries
+// - remove unused DB entries
+// ------------------------------------------------------------
+function sg_remove_unused_db_entries() {
+ global $squidguard_config;
+ $db_entries = array();
+ $file_list = '';
+ $dbhome = $squidguard_config[FLD_DBHOME];
+
+ sg_addlog("sg_remove_unused_db_entries: begin");
+
+ // black list entries
+ // * worked only with 'blacklist entries list file - else may be deleted black list entry
+ if (file_exists($dbhome . SQUIDGUARD_BLK_ENTRIES)) {
+ $db_entries = explode("\n", file_get_contents($dbhome . SQUIDGUARD_BLK_ENTRIES));
+ // user entries
+ $dests = $squidguard_config[FLD_DESTINATIONS];
+ foreach($dests[FLD_ITEM] as $dst) {
+ $db_entries[] = $dst[FLD_NAME];
+
+ $file_list = scan_dir($dbhome);
+ $file_for_del = array_diff($file_list, $db_entries);
+
+ foreach($file_for_del as $fd) {
+ $file_fd = $dbhome . "/" . $fd;
+ if (($fd != "") && ($fd != ".") && ($fd != "..")) {
+ if (file_exists($file_fd)) {
+ if (!mwexec("rm -R . $file_fd"))
+ sg_addlog("sg_remove_unused_db_entries: Delete $file_fd");
+ else sg_addlog("sg_remove_unused_db_entries: Error delete $file_fd");
+ } else sg_addlog("sg_remove_unused_db_entries: File $file_fd not found");
+ }
+ }
+ }
+ }
+ sg_addlog("sg_remove_unused_db_entries: end");
+}
+
+// ------------------------------------------------------------
+// sg_full_rebuild_db
+// squidguard inline options: -C - create db files; -u - update '.diff' files to db
+// ------------------------------------------------------------
+function sg_full_rebuild_db($dblist='') {
+ global $squidguard_config;
+ $sg_cfgfile = '';
+
+ sg_addlog("sg_rebuild_db: begin with $dblist");
+
+ if ($squidguard_config[FLD_WORKDIR])
+ $sg_cfgfile = $squidguard_config[FLD_WORKDIR];
+ else $sg_cfgfile = SQUIDGUARD_WORKDIR_DEF;
+ $sg_cfgfile .= SQUIDGUARD_CONFIGFILE;
+
+ // set files access
+ set_file_access($squidguard_config[FLD_DBHOME], OWNER_NAME, 0755);
+
+ // rebuild squidGuard DB (without waite)
+ if (file_exists($sg_cfgfile)) {
+ if (empty($dblist)) {
+ // full rebuild
+ $cmd = $squidguard_config[FLD_BINPATH] . '/squidGuard -c $sg_cfgfile -C all';
+ mwexec_bg($cmd);
+ sg_addlog("sg_rebuild_db: start full rebuild db");
+ } else {
+ // partually rebuild
+ $cmd_domains = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $sg_cfgfile -C $dblist/domains";
+ $cmd_urls = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $sg_cfgfile -C $dblist/urls";
+ mwexec_bg($cmd_domains);
+ mwexec_bg($cmd_urls);
+ sg_addlog("sg_rebuild_db: start rebuild DB '$dblist'");
+ }
+ // update .diff files
+# mwexec_bg($squidguard_config[FLD_BINPATH] . '/squidGuard -c $sg_cfgfile -u')*/)
+ } else {
+ sg_addlog("sg_rebuild_db: error, config file '$sg_cfgfile' not found");
+ }
+
+ sg_addlog("sg_rebuild_db: end");
+}
+// ============================================================
+// Log
+// ============================================================
+// ------------------------------------------------------------
+// sg_addlog
+// ------------------------------------------------------------
+function sg_addlog($log) {
+ global $squidguard_config;
+
+ $logfile = '';
+ $logfile = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARDCONF_LOGFILE;
+ $log_content = array();
+
+ if (!empty($squidguard_config)) {
+ // define logfile
+ if (file_exists($squidguard_config[FLD_LOGDIR]))
+ $logfile = $squidguard_config[FLD_LOGDIR] . SQUIDGUARDCONF_LOGFILE;
+ } else {
+ $log_content[] = date("d.m.Y H:i:s") . ": " . "sg_addlog: Error, squidguard_config is empty";
+ }
+
+ $tmplog = '';
+ if (file_exists($logfile))
+ $tmplog = file_get_contents($logfile);
+ $log_content = explode("\n", $tmplog);
+ unset($tmplog);
+
+ $log_content[] = date("d.m.Y H:i:s") . ": $log";
+ while (count($log_content) > SQUIDGUARD_LOG_MAXCOUNT) array_shift($log_content);
+
+ $tlog = implode("\n", $log_content);
+ file_put_contents($logfile, $tlog);
+# file_put_contents("/tmp/_sg.log", $tmp_log);
+}
+// ------------------------------------------------------------
+// sg_getlog
+// ------------------------------------------------------------
+function sg_getlog($last_entries_count) {
+ global $squidguard_config;
+ $log_content = '';
+ $logfile = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARDCONF_LOGFILE;
+
+ // define logfile
+ if (!empty($squidguard_config))
+ if (file_exists($squidguard_config[FLD_LOGDIR]))
+ $logfile = $squidguard_config[FLD_LOGDIR] . SQUIDGUARDCONF_LOGFILE;
+
+ // get log last 100 entries
+ if (file_exists($logfile)) {
+ $log_content = file_get_contents($logfile);
+ $log_content = explode("\n", $log_content);
+ while (count($log_content) > $last_entries_count) array_shift($log_content);
+ // insert log file name on top
+ $log_content[0] = $logfile;
+ $log_content = implode("\n", $log_content);
+ }
+
+ return $log_content;
+}
+# -------------------------------------------------------------
+# sg_build_default_config
+# default rule - block all
+# -------------------------------------------------------------
+function sg_build_default_config() {
+ global $squidguard_config;
+ $sgconf = array();
+ $redirect_base_url = REDIRECT_BASE_URL;
+
+// TODO: need fix for transparentproxy
+
+ // header
+ $sgconf[] = CONFIG_SG_HEADER;
+ // init section
+ $sgconf[] = "logdir {$squidguard_config[FLD_LOGDIR]}";
+ $sgconf[] = "dbhome {$squidguard_config[FLD_DBHOME]}";
+ $sgconf[] = "";
+
+ // acl section
+ $sgconf[] = "acl {";
+ $sgconf[] = "\t default {";
+ $sgconf[] = "\t\t pass none";
+ $sgconf[] = "\t\t redirect " . $redirect_base_url;
+ $sgconf[] = "\t }";
+ $sgconf[] = "}";
+
+ sg_addlog("sg_build_default_config: Created default configuration. All content will blocked.");
+ return $sgconf;
+}
+
+// ------------------------------------------------------------
+// sg_build_config
+// ------------------------------------------------------------
+function sg_build_config() {
+ global $squidguard_config;
+ $sgconf = array();
+ $redirect_base_url = REDIRECT_BASE_URL;
+
+ sg_addlog("sg_build_config: create squidGuard config");
+ if(!is_array($squidguard_config)) {
+ sg_addlog("sg_build_config: error configuration in squidguard_config");
+ return sg_build_default_config();
+ }
+
+ // check configuration data
+ sg_addlog("sg_build_config: check configuration data");
+ $s = sg_check_config_data();
+ if ($s) {
+ sg_addlog("sg_build_config: error configuration data. It's all errors: \n$s");
+ sg_addlog("sg_build_config: terminated.");
+ return sg_build_default_config();
+ }
+ unset($s);
+
+ // --- Header ---
+ $sgconf[] = CONFIG_SG_HEADER;
+
+ // Transparent redirector base url
+ if (isset($squidguard_config[FLD_SQUID_TRANSPARENT_MODE]) and
+ isset($squidguard_config[FLD_CURRENT_LAN_IP])) {
+ $redirect_base_url = "http://" . $squidguard_config[FLD_CURRENT_LAN_IP] . REDIRECT_TRANSPARENT_BASE_URL;
+ sg_addlog("sg_build_config: select LAN redirector base url ($redirect_base_url)");
+ } else
+ sg_addlog("sg_build_config: select localhost redirector base url ($redirect_base_url)");
+
+ // init
+ $sgconf[] = "logdir " . $squidguard_config[FLD_LOGDIR];
+ $sgconf[] = "dbhome " . $squidguard_config[FLD_DBHOME];
+
+ // --- Times ---
+ if ($squidguard_config[FLD_TIMES]) {
+ sg_addlog("sg_build_config: add times");
+ foreach($squidguard_config[FLD_TIMES][FLD_ITEM] as $tm) {
+ $sgconf[] = "";
+ if ($tm[FLD_DESCRIPTION])
+ $sgconf[] = "# " . $tm[FLD_DESCRIPTION];
+ $sgconf[] = "time " . $tm[FLD_NAME] . " {";
+ foreach($tm[FLD_ITEM] as $itm) {
+ switch ($itm[FLD_TIMETYPE]) {
+ case "weekly":
+ $sgconf[] = "\t weekly " . $itm[FLD_TIMEDAYS] . " " . $itm[FLD_TIMERANGE];
+ break;
+ case "date":
+ $sgconf[] = "\t date " . $itm[FLD_DATERANGE] . " " . $itm[FLD_TIMERANGE];
+ break;
+ }
+ }
+ $sgconf[] = "}";
+ }
+ }
+
+ // --- Sources ---
+ if ($squidguard_config[FLD_SOURCES]) {
+ sg_addlog("sg_build_config: add sources");
+ foreach($squidguard_config[FLD_SOURCES][FLD_ITEM] as $src) {
+ $sgconf[] = "";
+ if ($src[FLD_DESCRIPTION])
+ $sgconf[] = "# " . $src[FLD_DESCRIPTION];
+ $sgconf[] = "src " . $src[FLD_NAME] . " {";
+ // IP
+ if ($src[FLD_IP]) {
+ $s_ip = explode(" ", $src[FLD_IP]);
+ foreach($s_ip as $ip)
+ if (!empty($ip)) $sgconf[] = "\t ip " . $ip;
+ }
+ // domains
+ if ($src[FLD_DOMAINS]) {
+ $dms = explode(" ", $src[FLD_DOMAINS]);
+ foreach($dms as $dm)
+ if (!empty($dm)) $sgconf[] = "\t domain " . $dm;
+ }
+ if ($src[FLD_LOG])
+ $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE;
+ $sgconf[] = "}";
+ }
+ }
+
+ // --- Blacklist ---
+ #
+ # Note! Blacklist must be added to config constantly. It's need for rebuild DB
+ #
+ $db_entries = sg_entries_blacklist();
+ if (($squidguard_config[FLD_BLACKLISTENABLED] === 'on') and $db_entries) {
+ sg_addlog("sg_build_config: add blacklist entries");
+ foreach($db_entries as $key => $ent) {
+ $ent_state = array();
+ $file_dms = $squidguard_config[FLD_DBHOME] . "/$ent/domains";
+ $file_urls = $squidguard_config[FLD_DBHOME] . "/$ent/urls";
+ $file_expr = $squidguard_config[FLD_DBHOME] . "/$ent/expressions";
+
+ // check blacklist acl state
+ if (file_exists($file_dms)) {
+ $ent_state['exists'] = 'on';
+ $ent_state[FLD_DOMAINS] = 'on';
+ }
+ if (file_exists($file_urls)) {
+ $ent_state['exists'] = 'on';
+ $ent_state[FLD_URLS] = 'on';
+ }
+ if (file_exists($file_expr)) {
+ $ent_state['exists'] = 'on';
+ $ent_state[FLD_EXPRESSIONS] = 'on';
+ }
+
+ // create config
+ $sgconf[] = "";
+ if ($ent_state['exists']) {
+ $sgconf[] = "dest $ent {";
+ $dstname = $ent;
+ if ($ent_state[FLD_DOMAINS]) $sgconf[] = "\t domainlist $ent/domains";
+ if ($ent_state[FLD_EXPRESSIONS]) $sgconf[] = "\t expressionlist $ent/expressions";
+ if ($ent_state[FLD_URLS]) $sgconf[] = "\t urllist $ent/urls";
+ $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE;
+ $sgconf[] = "}";
+ sg_addlog("sg_build_config: -- add '$ent' entry");
+ } else {
+ $sgconf[] = "\t# Config ERROR: Destination '$ent' not found in DB";
+ sg_addlog("sg_build_config: uncompleted or error '$ent' entry - disabled");
+ }
+ }
+ }
+
+ // --- Destinations ---
+ if ($squidguard_config[FLD_DESTINATIONS]) {
+ sg_addlog("sg_build_config: add destinations");
+ $sgconf[] = "";
+# $sgconf[] = "dest localhost { # fix localhost access problem on transparent proxy ";
+# $sgconf[] = "\t ip 127.0.0.1";
+# $sgconf[] = "}";
+ foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) {
+ $dstname = $dst[FLD_NAME];
+ $sgconf[] = "";
+ if ($dst[FLD_DESCRIPTION])
+ $sgconf[] = "# " . $dst[FLD_DESCRIPTION];
+ $sgconf[] = "dest $dstname {";
+ if ($dst[FLD_DOMAINS])
+ $sgconf[] = "\t domainlist $dstname/domains";
+ if ($dst[FLD_EXPRESSIONS])
+ $sgconf[] = "\t expressionlist $dstname/expressions";
+ if ($dst[FLD_URLS])
+ $sgconf[] = "\t urllist $dstname/urls";
+ if ($dst[FLD_REDIRECT] && is_url($dst[FLD_REDIRECT]))
+ $sgconf[] = "\t redirect " . $redirect_base_url . "?url={$dst[FLD_REDIRECT]}";
+ if ($dst[FLD_LOG])
+ $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE;
+ $sgconf[] = "}";
+ }
+ }
+
+ // --- Rewrites ---
+ if ($squidguard_config[FLD_REWRITES]) {
+ sg_addlog("sg_build_config: add rewrites");
+ foreach($squidguard_config[FLD_REWRITES][FLD_ITEM] as $rew) {
+ $sgconf[] = "";
+ $sgconf[] = "rew " . $rew[FLD_NAME] . " {";
+ foreach ($rew[FLD_ITEM] as $rw)
+ $sgconf[] = "\t s@." . $rw[FLD_TARGETURL] . "@" . $rw[FLD_REPLACETO]."@";
+ if ($rew[FLD_LOG])
+ $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE;
+ $sgconf[] = "}";
+ }
+ }
+
+ # ----------------------------------------
+ $entry_blacklist = sg_entries_blacklist();
+
+ // --- ACL ---
+ $sgconf[] = "";
+ $sgconf[] = "acl {";
+ if ($squidguard_config[FLD_ACLS]) {
+ sg_addlog("sg_build_config: add ACL");
+ foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) {
+
+ // delete blacklist entries from 'pass' if blacklist disabled
+ if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') {
+ $tarray = explode(" ", $acl[FLD_DESTINATIONNAME]);
+ $varray = explode(" ", $acl[FLD_OVERDESTINATIONNAME]);
+ foreach($entry_blacklist as $entry) {
+ $tk = array_search($entry, $tarray);
+ if ($tk !== false) unset ($tarray[$tk]);
+
+ $tk = array_search("!$entry", $tarray);
+ if ($tk !== false) unset($tarray[$tk]);
+
+ $tk = array_search($entry, $varray);
+ if ($tk !== false) unset ($varray[$tk]);
+
+ $tk = array_search("!$entry", $varray);
+ if ($tk !== false) unset ($varray[$tk]);
+ }
+ $acl[FLD_DESTINATIONNAME] = implode (" ", $tarray);
+ $acl[FLD_OVERDESTINATIONNAME] = implode (" ", $varray);
+ }
+
+ if (!$acl[FLD_DISABLED]) {
+ if ($acl[FLD_DESCRIPTION])
+ $sgconf[] = "\t # " . $acl[FLD_DESCRIPTION];
+
+ if ($acl[FLD_TIMENAME]) {
+ // ontime
+ $sgconf[] = "\t " . $acl[FLD_NAME] . " within " . $acl[FLD_TIMENAME] . " { ";
+ $sgconf[] = "\t\t pass " . $acl[FLD_DESTINATIONNAME];
+ if ($acl[FLD_REDIRECT]) {
+ if (is_url($acl[FLD_REDIRECT]))
+ $sgconf[] = "\t\t redirect " . $redirect_user_url . "?url={$acl[FLD_REDIRECT]}";
+ else $sgconf[] = "\t\t redirect " . $redirect_user_url . "?msg=" . htmlspecialchars($acl[FLD_REDIRECT]);
+ }
+ if ($acl[FLD_REWRITENAME])
+ $sgconf[] = "\t\t rewrite " . $acl[FLD_REWRITENAME];
+
+ // overtime
+ $sgconf[] = "\t } else {";
+ $sgconf[] = "\t\t pass " . $acl[FLD_OVERDESTINATIONNAME];
+ if ($acl[FLD_OVERREDIRECT] && is_url($acl[FLD_OVERREDIRECT]))
+ $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$acl[FLD_OVERREDIRECT]}";
+ if ($acl[FLD_OVERREWRITENAME])
+ $sgconf[] = "\t\t rewrite " . $acl[FLD_OVERREWRITENAME];
+
+ $sgconf[] = "\t }";
+ } else {
+ $sgconf[] = "\t " . $acl[FLD_NAME] . " { ";
+
+ $sgconf[] = "\t\t pass " . $acl[FLD_DESTINATIONNAME];
+
+ if ($acl[FLD_REDIRECT] && is_url($acl[FLD_REDIRECT]))
+ $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$acl[FLD_REDIRECT]}";
+ if ($acl[FLD_REWRITENAME])
+ $sgconf[] = "\t\t rewrite " . $acl[FLD_REWRITENAME];
+
+ $sgconf[] = "\t }";
+ }
+ $sgconf[] = "";
+ }
+ }
+ }
+
+ // --- Default ---
+ $def = $squidguard_config[FLD_DEFAULT];
+ sg_addlog("sg_build_config: add Default");
+ if ($def) {
+ // delete blacklist entries from 'pass' if blacklist disabled
+ if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') {
+ $tarray = explode(" ", $def[FLD_DESTINATIONNAME]);
+ $varray = explode(" ", $def[FLD_OVERDESTINATIONNAME]);
+ foreach($entry_blacklist as $entry) {
+ $tk = array_search($entry , $tarray);
+ if ($tk !== false) unset ($tarray[$tk]);
+
+ $tk = array_search("!$entry" , $tarray);
+ if ($tk !== false) unset ($tarray[$tk]);
+
+ $tk = array_search($entry , $varray);
+ if ($tk !== false) unset ($varray[$tk]);
+
+ $tk = array_search("!$entry" , $varray);
+ if ($tk !== false) unset ($varray[$tk]);
+ }
+ $def[FLD_DESTINATIONNAME] = implode (" ", $tarray);
+ $def[FLD_OVERDESTINATIONNAME] = implode (" ", $varray);
+ }
+
+ if ($def[FLD_TIMENAME]) {
+ // ontime
+ $sgconf[] = "\t default within " . $def[FLD_TIMENAME] . " { ";
+ $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME];
+ if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT]))
+ $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$def[FLD_REDIRECT]}";
+ else $sgconf[] = "\t\t redirect " . $redirect_base_url;
+ // overtime
+ $sgconf[] = "\t } else {";
+ $sgconf[] = "\t\t pass " . $def[FLD_OVERDESTINATIONNAME];
+ if ($def[FLD_OVERREDIRECT] && is_url($def[FLD_OVERREDIRECT])) {
+ $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$def[FLD_OVERREDIRECT]}";
+ }
+ else $sgconf[] = "\t\t redirect " . $redirect_base_url;
+ $sgconf[] = "\t }";
+ } else {
+ // without time
+ $sgconf[] = "\t default { ";
+ $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME];
+ if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT])) {
+ $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$def[FLD_REDIRECT]}";
+ }
+ else $sgconf[] = "\t\t redirect " . $redirect_base_url;
+ $sgconf[] = "\t }";
+ }
+ } // if def
+ else {
+ sg_addlog("sg_build_config: error - ACL 'default' is empty, use as default 'block all'.");
+ $sgconf[] = "\t default { ";
+ $sgconf[] = "\t\t pass none";
+ $sgconf[] = "\t\t redirect " . $redirect_base_url;
+ $sgconf[] = "\t }";
+ }
+
+ // --- ACL end ---
+ $sgconf[] = "}";
+
+ return $sgconf;
+}
+
+// ------------------------------------------------------------
+// sg_check_config_data
+// ------------------------------------------------------------
+function sg_check_config_data () {
+ global $squidguard_config;
+ $check_log = array();
+ $times = array();
+ $sources = array();
+ $destinations = array();
+ $rewrites = array();
+ $acls = array();
+
+ // --- Times ---
+ if ($squidguard_config[FLD_TIMES]) {
+ foreach($squidguard_config[FLD_TIMES][FLD_ITEM] as $tm) {
+ // check name as unique and name format
+ $tm_name = $tm[FLD_NAME];
+ $s = check_name($tm_name);
+ if ($s)
+ $check_log[] = "TIME '$tm_name' error: $s";
+
+ $times[] = $tm_name;
+ $key_tm = array_count_values($times);
+ if ($key_tm[$tm_name] > 1)
+ $check_log[] = "TIME '$tm_name' error: duplicate time name '$tm_name'";
+
+ // check time items format
+ }
+ }
+
+ // --- Sources ---
+ if ($squidguard_config[FLD_SOURCES]) {
+ foreach($squidguard_config[FLD_SOURCES][FLD_ITEM] as $src) {
+ // check name as unique and name format
+ $src_name = $src[FLD_NAME];
+ $s = check_name($src_name);
+ if ($s)
+ $check_log[] = "SOURCE '$src_name'error: $s";
+
+ $sources[] = $src_name;
+ $key_src = array_count_values($sources);
+ if ($key_src[$src_name] > 1)
+ $check_log[] = "SOURCE '$src_name' error: duplicate source name '$src_name'";
+
+ // check IP's
+ }
+ }
+
+ // --- Destinations ---
+ if ($squidguard_config[FLD_DESTINATIONS]) {
+ foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) {
+ // check name as unique and name format
+ $dst_name = $dst[FLD_NAME];
+ $s = check_name($dst_name);
+ if ($s)
+ $check_log[] = "DESTINATION '$dst_name' error: $s";
+
+ $destinations[] = $dst_name;
+ $key_dst = array_count_values($destinations);
+ if ($key_dst[$dst_name] > 1)
+ $check_log[] = "DESTINATION '$dst_name' error: duplicate destination name '$dst_name'";
+
+ // check urls
+ // check domains
+ // check expressions
+ // check redirection url
+ }
+ }
+
+ // --- Blacklist ---
+ $blk_entries_file = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
+ if (file_exists($blk_entries_file)) {
+ $blk_entr = explode("\n", file_get_contents($blk_entries_file));
+ foreach($blk_entr as $entr) {
+ if ($entr) {
+ $destinations[] = $entr;
+ // check entry for exists
+ $dbfile = $squidguard_config[FLD_DBHOME] . "/$entr";
+ if (!file_exists($dbfile))
+ $check_log[] = "BLACKLIST '$entr' error: file '$dbfile' not found";
+ }
+ }
+ }
+
+ // --- Rewrites ---
+ if ($squidguard_config[FLD_REWRITES]) {
+ foreach($squidguard_config[FLD_REWRITES][FLD_ITEM] as $rw) {
+ // check check name as unique and name format
+ $rw_name = $rw[FLD_NAME];
+ $s = check_name($dst_name);
+ if ($s)
+ $check_log[] = "REWRITE '$rw_name' error: $s";
+
+ $rewrites[] = $rw_name;
+ $key_rw = array_count_values($rewrites);
+ if ($key_rw[$rw_name] > 1)
+ $check_log[] = "REWRITE '$rw_name' error: duplicate rewrite name '$rw_name'";
+ }
+ }
+
+ $key_times = array_count_values($times);
+ $key_sources = array_count_values($sources);
+ $key_destinations = array_count_values($destinations);
+ $key_rewrites = array_count_values($rewrites);
+
+ // --- ACLs ---
+ if ($squidguard_config[FLD_ACLS]) {
+ $acls = array();
+ foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) {
+ // skip disabled acl
+ if ($acls[FLD_DISABLED]) continue;
+
+ $acl_name = $acl[FLD_NAME];
+
+ // check acl name for unique and exists (as source items)
+ if ($acl_name and !$key_sources[$acl_name])
+ $check_log[] = "ACL '$acl_name' error: acl name '$acl_name' not found";
+
+ $acls[] = $acl_name;
+ $key_acls = array_count_values($acls);
+ if ($key_acls[$acl_name] > 1)
+ $check_log[] = "ACL '$acl_name' error: duplicate acl name '$acl_name'";
+
+ // check time
+ $time = $acl[FLD_TIMENAME];
+ if ($time and !$key_times[$time]) // time name must exists
+ $check_log[] = "ACL '$acl_name' error: time name '$time' not found";
+
+ // check destinations
+ if ($acl[FLD_DESTINATIONNAME]) {
+ $acldest = str_replace("!", "", $acl[FLD_DESTINATIONNAME]);
+ $acldest = explode(" ", $acldest);
+ $key_acldest = array_count_values($acldest);
+ foreach($acldest as $adest) {
+ // check duplicates destinations in acl
+ if ($key_acldest[$adest] > 1)
+ $check_log[] = "ACL '$acl_name' error: duplicate destination name '$adest'. Any destination must included once.";
+ // check destinations for exists
+ if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest])
+ $check_log[] = "ACL '$acl_name' error: destination name '$adest' not found";
+ }
+ } else {
+ $check_log[] = "ACL '$acl_name' error: ontime pass list is empty.";
+ }
+
+ // check overtime destinations
+ if ($time) {
+ if ($acl[FLD_OVERDESTINATIONNAME]) {
+ $acloverdest = str_replace("!", "", $acl[FLD_OVERDESTINATIONNAME]);
+ $acloverdest = explode(" ", $acloverdest);
+ $key_acloverdest = array_count_values($acloverdest);
+ foreach($acloverdest as $adest) {
+ // check duplicates destinations in acl
+ if ($key_acloverdest[$adest] > 1)
+ $check_log[] = "ACL '$acl_name' error: duplicate overtime destination name '$adest'. Any destination must included once.";
+ // check destinations for exists
+ if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest])
+ $check_log[] = "ACL '$acl_name' error: overtime destination name '$adest' not found";
+ }
+ } else {
+ $check_log[] = "ACL '$acl_name' error: overtime pass list is empty.";
+ }
+ }
+
+ // check rewrite
+ $rew = $acl[FLD_REWRITENAME];
+ if ($rew and !$key_rewrites[$rew])
+ $check_log[] = "ACL '$acl_name' error: rewrite name '$rew' not found";
+
+ // check overtime rewrite
+ $overrew = $acl[FLD_OVERREWRITENAME];
+ if ($time and $overrew and !$key_rewrites[$overrew])
+ $check_log[] = "ACL '$acl_name' error: overtime rewrite name '$overrew' not found";
+
+ // check redirect
+ $redir = $acl[FLD_REDIRECT];
+ $overredir = $acl[FLD_OVERREDIRECT];
+ }
+ }
+
+
+ // --- Default ---
+ if ($squidguard_config[FLD_ACLS]) {
+ $def = $squidguard_config[FLD_DEFAULT];
+
+ // check time
+ $time = $def[FLD_TIMENAME];
+ if ($time and !$key_times[$time]) // time name must exists
+ $check_log[] = "ACL 'default' error: time name '$time' not found";
+
+ // check destinations
+ if ($def[FLD_DESTINATIONNAME]) {
+ $defdest = str_replace("!", "", $def[FLD_DESTINATIONNAME]);
+ $defdest = explode(" ", $defdest);
+ $key_defdest = array_count_values($defdest);
+ foreach($defdest as $adest) {
+ // check duplicates destinations in acl
+ if ($key_defdest[$adest] > 1)
+ $check_log[] = "ACL 'default' error: duplicate destination name '$adest'. Any destination must included once.";
+ // check destinations for exists
+ if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest])
+ $check_log[] = "ACL 'default' error: destination name '$adest' not found";
+ }
+ } else {
+ $check_log[] = "ACL 'default' error: ontime pass list is empty.";
+ }
+
+ // check overtime destinations
+ if ($time) {
+ if ($def[FLD_OVERDESTINATIONNAME]) {
+ $defoverdest = str_replace("!", "", $def[FLD_OVERDESTINATIONNAME]);
+ $defoverdest = explode(" ", $defoverdest);
+ $key_defoverdest = array_count_values($defoverdest);
+ foreach($defoverdest as $adest) {
+ // check duplicates destinations in acl
+ if ($key_defoverdest[$adest] > 1)
+ $check_log[] = "ACL 'default' error: duplicate overtime destination name '$adest'. Any destination must included once.";
+ // check destinations for exists
+ if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest])
+ $check_log[] = "ACL 'default' error: overtime destination name '$adest' not found";
+ }
+ } else {
+ $check_log[] = "ACL 'default' error: overtime pass list is empty.";
+ }
+ }
+
+ // check rewrite
+ $rew = $def[FLD_REWRITENAME];
+ if ($rew and !$key_rewrites[$rew])
+ $check_log[] = "ACL 'default' error: rewrite name '$rew' not found";
+
+ // check overtime rewrite
+ $overrew = $def[FLD_OVERREWRITENAME];
+ if ($time and $overrew and !$key_rewrites[$overrew])
+ $check_log[] = "ACL 'default' error: overtime rewrite name '$overrew' not found";
+
+ // check redirect
+ $redir = $def[FLD_REDIRECT];
+ $overredir = $def[FLD_OVERREDIRECT];
+ }
+
+ return implode("\n", $check_log);
+}
+
+// =============================================================================
+// blacklist
+// =============================================================================
+// sg_reconfigure_blacklist($source_filename, $opt)
+// $source_filename - file name or url
+// $opt - option:
+// '' or 'local' - update from local file
+// 'url' - update from url
+// -----------------------------------------------------------------------------
+function sg_reconfigure_blacklist($source_filename, $opt = '') {
+ global $squidguard_config;
+ $sf = trim($source_filename);
+ $sf_contents = '';
+
+ sg_addlog("sg_reconfigure_blacklist: start ");
+
+ // 1. check system
+ sg_check_system();
+
+ // 2. upload
+ sg_addlog("sg_reconfigure_blacklist: begin upload from '$sf'.");
+ if ($sf[0] === "/") { // local file - example '/tmp/blacklists.tar'
+ if (file_exists($sf)) {
+ $sf_contents = file_get_contents($sf);
+ sg_addlog("sg_reconfigure_blacklist: get file '$sf'.");
+ } else {
+ sg_addlog("sg_reconfigure_blacklist: error get file '$sf', file not found.");
+ return;
+ }
+ } else {// url
+ sg_addlog("sg_reconfigure_blacklist: get url '$sf'.");
+ $sf_contents = sg_uploadfile_from_url($sf, BLK_LOCALFILE, $opt);
+ }
+
+ // 3. update
+ if (empty($sf_contents)) {
+ sg_addlog("sg_reconfigure_blacklist: error file content '$sf'.");
+ return;
+ }
+ // manually content save to local file
+ file_put_contents(BLK_LOCALFILE, $sf_contents);
+ sg_update_blacklist(BLK_LOCALFILE);
+
+ // 4. rebuild db
+ sg_full_rebuild_db();
+
+ sg_addlog("sg_reconfigure_blacklist: end");
+}
+
+// -----------------------------------------------------------------------------
+// sg_update_blacklist - update blacklist from file
+// -----------------------------------------------------------------------------
+function sg_update_blacklist($from_file) {
+ global $squidguard_config;
+ $dbhome = SQUIDGUARD_DBHOME_DEF;
+ $workdir = SQUIDGUARD_WORKDIR_DEF;
+
+ if (file_exists($squidguard_config[FLD_DBHOME])) $dbhome = $squidguard_config[FLD_DBHOME];
+ if (file_exists($squidguard_config[FLD_WORKDIR])) $workdir = $squidguard_config[FLD_WORKDIR];
+ sg_addlog("sg_update_blacklist: begin '$dbhome'");
+
+ if (file_exists($from_file)) {
+ // 1. unpack blacklist file
+ $bl_temp = '/var/tmp/blacklists';
+ mwexec('tar zxvf ' . $from_file . ' -C /var/tmp/');
+ sg_addlog("sg_update_blacklist: unpack uploaded file $from_file -> $bl_temp");
+
+ // 2. copy blacklist to squidGuard base
+ if (file_exists($bl_temp)) {
+ // - copy blacklist & create entries list
+ sg_addlog("sg_update_blacklist: create entries");
+ $blk_files = scan_dir($bl_temp);
+ $blk_entries = array();
+ foreach($blk_files as $bf) {
+ if (($bf != '.') && ($bf != '..')) {
+ $blk_entries[] = $bf;
+ mwexec("cp -Rf $bl_temp/$bf $dbhome");
+ sg_addlog("sg_update_blacklist: $bf");
+ }
+ }
+
+ // create entries list
+ if (count($blk_entries)) {
+ file_put_contents($workdir . SQUIDGUARD_BLK_ENTRIES, implode("\n", $blk_entries));
+ set_file_access($workdir . SQUIDGUARD_BLK_ENTRIES, OWNER_NAME, 0755);
+ sg_addlog("sg_update_blacklist: create entries " . $workdir . SQUIDGUARD_BLK_ENTRIES);
+ }
+ sg_remove_unused_db_entries();
+
+ // clearing temp
+ mwexec("rm -R $bl_temp");
+ }
+ set_file_access($squidguard_config[FLD_DBHOME], OWNER_NAME, 0755);
+# sg_full_rebuild_db();
+ }
+ sg_addlog("sg_update_blacklist: end");
+}
+
+// -----------------------------------------------------------------------------
+// sg_entries_blacklist - update blacklist from file
+// -----------------------------------------------------------------------------
+function sg_entries_blacklist() {
+ global $squidguard_config;
+ $contentS = '';
+ $fl = SQUIDGUARD_WORKDIR_DEF . SQUIDGUARD_BLK_ENTRIES;
+ if (file_exists($squidguard_config[FLD_WORKDIR]))
+ $fl = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES;
+
+ if (file_exists($fl)) {
+ $contents = file_get_contents($fl);
+ $contents = explode("\n", $contents);
+ }
+ return $contents;
+}
+
+# -------------------------- UTILS ---------------------------------------------
+# sg_uploadfile_from_url
+# upload file and put them to $destination_file
+# return = upload content
+# ------------------------------------------------------------------------------
+function sg_uploadfile_from_url($url_file, $destination_file, $proxy = '') {
+ // open destination file
+ sg_addlog("sg_uploadfile_from_url: begin url'$url_file' proxy'$proxy'");
+
+ $result = '';
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url_file);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ if (!empty($proxy)) {
+ $ip = '';
+ $login = '';
+ $s = trim($proxy);
+ if (strpos($s, ' ')) {
+ $ip = substr($s, 0, strpos($s, ' '));
+ $login = substr($s, strpos($s, ' ') + 1);
+ } else $ip = $s;
+
+ if($ip != '') {
+ curl_setopt($ch, CURLOPT_PROXY, $ip);
+ if($login != '')
+ curl_setopt($ch, CURLOPT_PROXYUSERPWD, $login);
+ }
+ }
+ $result=curl_exec ($ch);
+ curl_close ($ch);
+ if (!empty($destination_file))
+ file_put_contents($destination_file, $result);
+ else sg_addlog("sg_uploadfile_from_url: error upload file");
+
+
+ // for test
+ file_put_contents(BLK_LOCALFILE, $result);
+
+ sg_addlog("sg_uploadfile_from_url: end");
+ return $result;
+}
+
+// -----------------------------------------------------------------------------
+// Set file access
+// -----------------------------------------------------------------------------
+function set_file_access($dir, $owner, $mod) {
+
+ if (!file_exists($dir)) return;
+
+ chown($dir, $owner);
+ chgrp($dir, $owner);
+ chmod($dir, $mod);
+
+ if (is_dir($dir)) {
+ $hd = opendir($dir);
+ while (($item = readdir($hd)) !== false) {
+ if (($item != ".") && ($item != "..")) {
+ $path = "$dir/$item";
+ if (is_dir($path))
+ set_file_access($path, $owner, $mod);
+ else {
+ chown($path, $owner);
+ chgrp($path, $owner);
+ chmod($path, $mod);
+ }
+ }
+ }
+ }
+}
+# ==============================================================================
+# self utils
+# ==============================================================================
+# scan_dir - build files listing for $dir
+# ------------------------------------------------------------------------------
+function scan_dir($dir) {
+ $files = array();
+ if (file_exists($dir)) {
+ $dh = opendir($dir);
+ while (false !== ($filename = readdir($dh)))
+ $files[] = $filename;
+ sort($files);
+ }
+ return $files;
+}
+# ------------------------------------------------------------------------------
+# is_url - build files listing for $dir
+# ------------------------------------------------------------------------------
+function is_url($url) {
+ if (empty($url)) return false;
+ if (eregi("^http://", $url)) return true;
+ if (eregi("^https://", $url)) return true;
+ if (eregi("^([0-9]{3})", $url)) return true; // http error code 403, 404, 410, 500,
+ return false;
+}
+# ------------------------------------------------------------------------------
+# check name
+# ------------------------------------------------------------------------------
+function check_name ($name) {
+ $err = '';
+ $val = trim($name);
+
+ if ((strlen($val) < 2) || (strlen($val) > 16))
+ $err .= " Size of name must be between [2..16].";
+
+ // All symbols must be [a-zA-Z_0-9\-] First symbol = letter.
+ if (!eregi("^([a-zA-Z]{1})([a-zA-Z_0-9\-]+)$", $val))
+ $err .= " Invalid name $name. Valid name symbols: ['a-Z', '_', '0-9', '-']. First symbol must be a letter.";
+
+ return $err;
+}
+
+?>
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-22 15:45:06 +0000