diff options
author | D. V. Serg <dvserg@pfsense.org> | 2008-08-20 16:19:17 +0000 |
---|---|---|
committer | D. V. Serg <dvserg@pfsense.org> | 2008-08-20 16:19:17 +0000 |
commit | ce28757f9a40cc074b968e5085c82035be0ec38b (patch) | |
tree | b03d925460a94ca020d2fd471dd0a956a896e1c0 /packages | |
parent | 4987b62d62b2ebd91c85f871594dfc2482e4f9b6 (diff) | |
download | pfsense-packages-ce28757f9a40cc074b968e5085c82035be0ec38b.tar.gz pfsense-packages-ce28757f9a40cc074b968e5085c82035be0ec38b.tar.bz2 pfsense-packages-ce28757f9a40cc074b968e5085c82035be0ec38b.zip |
Changes in GUI:
sources
- add user name support
acl, destination
- add redirection type
general page
- remove redirection type
- add error-showing when 'Apply' changes
Also many optimisations in .inc files.
Diffstat (limited to 'packages')
-rw-r--r-- | packages/squidGuard/squidguard.inc | 2182 | ||||
-rw-r--r-- | packages/squidGuard/squidguard.xml | 324 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_acl.xml | 424 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_configurator.inc | 2933 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_default.xml | 213 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_dest.xml | 327 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_rewr.xml | 17 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_time.xml | 39 |
8 files changed, 3349 insertions, 3110 deletions
diff --git a/packages/squidGuard/squidguard.inc b/packages/squidGuard/squidguard.inc index 88779180..5628882d 100644 --- a/packages/squidGuard/squidguard.inc +++ b/packages/squidGuard/squidguard.inc @@ -1,28 +1,27 @@ <?php - # ------------------------------------------------------------------------------ -# squidguard.inc -# (C)2006, 2007 Serg Dvoriancev -/* Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. +/* squidguard.inc + (C)2006-2008 Serg Dvoriancev + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ # ------------------------------------------------------------------------------ @@ -88,9 +87,8 @@ define('MODULE_SOURCE', 'squidguardsrc'); define('MODULE_TIME', 'squidguardtime'); define('MODULE_LOG', 'squidguardlog'); -define('BLACKLIST_DEFAULT_URL', 'http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz'); // 360Kb -define('BLACKLIST_DEFAULT_URL1', 'http://squidguard.mesd.k12.or.us/blacklists.tgz'); // 3.5Mb -define('BLACKLIST_DEFAULT_URL2', 'http://blacklist.dansguardian.org/cgi-bin/download.pl?type=download&file=bigblacklist'); +define('BLACKLIST_DEFAULT_URL', 'http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz'); # 360Kb +define('BLACKLIST_DEFAULT_URL1', 'http://www.shallalist.de/Downloads/shallalist.tar.gz'); # ~7Mb define('BLACKLIST_TMP_FILE', '/var/tmp/blacklists.tar.gz'); define('BLACKLIST_BTN_URL', 'Upload Url'); define('BLACKLIST_BTN_LAST', 'Restore last'); @@ -103,108 +101,105 @@ define('WEBGUI_HISTORY_LOG', 'on'); define('TEST_LOG', '/var/tmp/sqtest.test'); -define('ERRVALIDATE_REDIRECT', "Redirect must contains valid data. Example: 'http://www.my.com', 'https://my.com', Error_Code<space>Reason, blank, blank_img"); - # ============================================================================== # Initialization # ============================================================================== sg_init(convert_pfxml_to_sgxml()); +# file_put_contents("/var/tmp/sg.xml", $squidguard_config); # Test # ============================================================================== # Validations # ============================================================================== +function squidguard_validate($post, $input_errors) +{ + $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; + # check config if 'Apply' + if ($submit === APPLY_BTN) sg_check_config_data(&$input_errors); +} # ------------------------------------------------------------------------------ # validate default # ------------------------------------------------------------------------------ -function squidguard_validate_default($post, $input_errors) { - squidguard_validate_acl($post, &$input_errors); +function squidguard_validate_default($post, $input_errors) +{ + squidguard_validate_acl($post, &$input_errors); } # ------------------------------------------------------------------------------ # validate acl # ------------------------------------------------------------------------------ -function squidguard_validate_acl($post, $input_errors) { - global $config; - $pass_up = array(); - $deny_up = array(); - $pass_up_val = ''; - $pass_over = array(); - $deny_over = array(); - $pass_over_val = ''; - - // check name ('source') - $name = trim($post[FLD_NAME]); - if(!empty($name)) { - $err = check_name($name); // validate name content - if (!empty($err)) - $input_errors[] = $err; - - // check unique name - if (!check_unique_name(MODULE_ACL, $name)) - $input_errors[] = "Name '$name' already exists."; - } +function squidguard_validate_acl($post, $input_errors) +{ + global $config; + $pass_up = array(); + $deny_up = array(); + $pass_up_val = ''; + $pass_over = array(); + $deny_over = array(); + $pass_over_val = ''; + $id = get_item_id(); + + # check name ('source') + $name = trim($post[FLD_NAME]); + if(!empty($name)) { + # validate name format + check_name_format($name, &$input_errors); + + # check unique name + if (!sg_check_unique_name(FLD_ACLS, $id, $name)) + $input_errors[] = "Name '$name' already exists."; + + # check source + $sgx = array(); + $sgx[FLD_NAME] = $post[FLD_NAME]; + $sgx[FLD_SOURCE] = $post[FLD_SOURCE]; + sg_check_src($sgx, &$input_errors); + } - // store destinations to 'dest' value - foreach ($post as $key => $val) { - if (substr_count($key, PREFLD_UPTIME) != 0) { - $name = str_replace(PREFLD_UPTIME, '', $key); - if ($name) { - switch($val) { - case "allow": $pass_up_val .= " $name"; break; - case "white": $pass_up_val .= " ^$name"; break; - case "deny" : $pass_up_val .= " !$name"; break; - } - } + # store destinations to 'dest' value + foreach ($post as $key => $val) { + if (substr_count($key, PREFLD_UPTIME) != 0) { + $name = str_replace(PREFLD_UPTIME, '', $key); + if ($name) { + switch($val) { + case "allow": $pass_up_val .= " $name"; break; + case "white": $pass_up_val .= " ^$name"; break; + case "deny" : $pass_up_val .= " !$name"; break; } - elseif (substr_count($key, PREFLD_OVERTIME) != 0) { - $name = str_replace(PREFLD_OVERTIME, '', $key); - if ($name) { - switch($val) { - case "allow": $pass_over_val .= " $name"; break; - case "white": $pass_over_val .= " ^$name"; break; - case "deny" : $pass_over_val .= " !$name"; break; - } - } + } + } + elseif (substr_count($key, PREFLD_OVERTIME) != 0) { + $name = str_replace(PREFLD_OVERTIME, '', $key); + if ($name) { + switch($val) { + case "allow": $pass_over_val .= " $name"; break; + case "white": $pass_over_val .= " ^$name"; break; + case "deny" : $pass_over_val .= " !$name"; break; } + } } + } - // !ATTENTION! on pfSense XML config must be must(shell) be '!all' instead of 'none' - it is a must for correct work GUI + # !ATTENTION! on pfSense XML config must be must(shell) be '!all' instead of 'none' - it is a must for correct work GUI - // if not exists key 'all', then add 'none' - default 'deny all' - if ((substr_count($pass_up_val, 'all') == 0)) { - $pass_up_val .= ' !all'; - } + # if not exists key 'all', then add 'none' - default 'deny all' + if ((substr_count($pass_up_val, 'all') == 0)) { + $pass_up_val .= ' !all'; + } - if (!empty($pass_over_val) && (substr_count($pass_over_val, 'all') == 0)) { - $pass_over_val .= ' !all'; - } + if (!empty($pass_over_val) && (substr_count($pass_over_val, 'all') == 0)) { + $pass_over_val .= ' !all'; + } - if (empty($pass_over_val)) - $post[FLD_DEST] = "$pass_up_val"; - else $post[FLD_DEST] = "$pass_up_val [$pass_over_val]"; - - // check redirect - $redirect = trim($post[FLD_REDIRECT]); - if(!empty($redirect)) { - // cut first redirect url, if entered more that one - $redirect = explode("\n", $redirect); - $redirect = $redirect[0]; - $post[FLD_REDIRECT] = $redirect; - if (is_url($redirect) === false) - $input_errors[] = "Redirect '$redirect' error. " . ERRVALIDATE_REDIRECT; - } + if (empty($pass_over_val)) + $post[FLD_DEST] = "$pass_up_val"; + else $post[FLD_DEST] = "$pass_up_val [$pass_over_val]"; - // check overredirect - $redirect = trim($post[FLD_OVERREDIRECT]); - if(!empty($redirect)) { - // cut first redirect url, if entered more that one - $redirect = explode("\n", $redirect); - $redirect = $redirect[0]; - $post[FLD_OVERREDIRECT] = $redirect; - if (is_url($redirect) === false) - $input_errors[] = "Overtime redirect '$redirect' error. " . ERRVALIDATE_REDIRECT; - } + # check redirect + $errmsg = ''; + if (!sg_check_redirect($post[FLD_RMOD], $post[FLD_REDIRECT], &$errmsg)) { + $input_errors[] = "Redirect info error. $errmsg"; + } } # ------------------------------------------------------------------------------ @@ -213,534 +208,445 @@ function squidguard_validate_acl($post, $input_errors) { # date: <date(or range)><time (or range)> -- days not parsed (reset to *) # weekly: <day or *><time or range> -- dates not parsed (reset to '') # ------------------------------------------------------------------------------ -function squidguard_validate_times($post, $input_errors) { +function squidguard_validate_times($post, $input_errors) +{ + $id = get_item_id(); - // check name - $name = trim($post[FLD_NAME]); - if(!empty($name)) { - $err = check_name($name); - if (!empty($err)) - $input_errors[] = $err; - } + # check name + $name = trim($post[FLD_NAME]); + if(!empty($name)) { + check_name_format($name, &$input_errors); - // check unique name - if (!check_unique_name(MODULE_TIME, $name)) - $input_errors[] = "Name '$name' already exists"; - - // check format - $err = ''; - for ($i=0; $post[FLD_TIMETYPE . "$i"] != ''; $i++) { - $timetype = strtolower($post[FLD_TIMETYPE . "$i"]); - if ($timetype == 'date') { - // set timedays to '*' - $post[FLD_TIMEDAYS . "$i"] = '*'; - - // check date and time - $date = trim($post[FLD_DATERANGE."$i"]); - $time = trim($post[FLD_TIMERANGE."$i"]); - $err = check_date($date); - if (!empty($err)) $input_errors[] = $err; - $err = check_time($time); - if (!empty($err)) $input_errors[] = $err; - } else { - // set daterange to '' - $post[FLD_DATERANGE . "$i"] = ''; - - // check time - $time = trim($post[FLD_TIMERANGE."$i"]); - $err = check_time($time); - if (!empty($err)) $input_errors[] = $err; - } - } -} + # check unique name + if (!sg_check_unique_name(MODULE_TIME, $id, $name)) + $input_errors[] = "Name '$name' already exists"; + } -# ------------------------------------------------------------------------------ -# validate sources -# ------------------------------------------------------------------------------ -function squidguard_validate_source($post, $input_errors) { - // check name - $name = trim($post[FLD_NAME]); - if(!empty($name)) { - $err = check_name($name); // validate name content - if (!empty($err)) - $input_errors[] = $err; + # --- check format --- + $sgx = array(); + $sgx[FLD_NAME] = $post[FLD_NAME]; + $sgx[FLD_DESCRIPTION] = $post[FLD_DESCRIPTION]; + # fields of $post have 'fnameX' format + for ($i=0; isset($post[FLD_TIMETYPE."$i"]); $i++) { + # correct and update + if (strtolower($post[FLD_TIMETYPE."$i"]) === "date") { + $post[FLD_TIMEDAYS."$i"] = '*'; + # date cant be empty + if (trim($post[FLD_DATERANGE."$i"]) == '') $post[FLD_DATERANGE."$i"] = "*.*.*"; + } + else $post[FLD_DATERANGE."$i"] = ''; + + if (trim($post[FLD_TIMERANGE."$i"]) == '') $post[FLD_TIMERANGE."$i"] = "00:00-23:59"; + + # $post->xml + $sgx_row = array(); + $sgx_row[FLD_TIMETYPE] = $post[FLD_TIMETYPE."$i"]; + $sgx_row[FLD_TIMEDAYS] = $post[FLD_TIMEDAYS."$i"]; + $sgx_row[FLD_DATERANGE] = $post[FLD_DATERANGE."$i"]; + $sgx_row[FLD_TIMERANGE] = $post[FLD_TIMERANGE."$i"]; + $sgx[FLD_ITEM][] = $sgx_row; + } + # + sg_check_time($sgx, &$input_errors); - // check unique name - if (!check_unique_name(MODULE_SOURCE, $name)) - $input_errors[] = "Name '$name' already exists"; - } } # ------------------------------------------------------------------------------ # validate destinations # ------------------------------------------------------------------------------ function squidguard_validate_destination($post, $input_errors) { - // check name - $name = trim($post[FLD_NAME]); - if(!empty($name)) { - $err = check_name($name); // validate name content - if (!empty($err)) - $input_errors[] = $err; + # check name + $name = trim($post[FLD_NAME]); + if(!empty($name)) { + check_name_format($name, &$input_errors); + + # check unique name + if (!sg_check_unique_name(MODULE_DESTINATION, $name)) + $input_errors[] = "Name '$name' already exists"; + } - // check unique name - if (!check_unique_name(MODULE_DESTINATION, $name)) - $input_errors[] = "Name '$name' already exists"; - } - // check redirect - $redirect = trim($post[FLD_REDIRECT]); - if(!empty($redirect)) { - // cut first redirect url, if entered more that one - $redirect = explode("\n", $redirect); - $redirect = $redirect[0]; - $post[FLD_REDIRECT] = $redirect; - if (is_url($redirect) === false) - $input_errors[] = "Redirect '$redirect' error. " . ERRVALIDATE_REDIRECT; - } + # --- check format --- + $sgx = array(); + $sgx[FLD_NAME] = $post[FLD_NAME]; + $sgx[FLD_URLS] = $post[FLD_URLS]; + $sgx[FLD_DOMAINS] = $post[FLD_DOMAINS]; + $sgx[FLD_EXPRESSIONS] = $post[FLD_EXPRESSIONS]; + $sgx[FLD_RMOD] = $post[FLD_RMOD]; + $sgx[FLD_REDIRECT] = $post[FLD_REDIRECT]; + # + sg_check_dest($sgx, &$input_errors); } # ------------------------------------------------------------------------------ # validate rewrites # ------------------------------------------------------------------------------ function squidguard_validate_rewrite($post, $input_errors) { - // check name + # check name $name = trim($post[FLD_NAME]); if(!empty($name)) { - // check name format <char><symbols without space> - Ab123 - $err = check_name($name); - if (!empty($err)) - $input_errors[] = $err; - - // check unique name - if (!check_unique_name(MODULE_REWRITE, $name)) - $input_errors[] = "Name '$name' already exists"; + # check name format <char><symbols without space> - Ab123 + check_name_format($name, &$input_errors); + + # check unique name + if (!sg_check_unique_name(MODULE_REWRITE, $name)) + $input_errors[] = "Name '$name' already exists"; } } -// ----------------------------------------------------------------------------- -// squidguard_resync -// ----------------------------------------------------------------------------- +# ----------------------------------------------------------------------------- +# squidguard_resync +# ----------------------------------------------------------------------------- function squidguard_resync() { - global $config; - $conf = $config['installedpackages'][MODULE_GENERAL]['config'][0]; - $upload_file = ''; - $submit = ''; - $url = ''; - $proxy = ''; - - if (isset($_POST['submit'])) { - $submit = $_POST['submit']; - $url = $_POST['blacklist_url']; - $proxy = $_POST['blacklist_proxy']; - } - else - if (isset($_GET['submit'])) { - $submit = $_GET['submit']; - $url = $_GET['blacklist_url']; - $proxy = $_GET['blacklist_proxy']; - } - - // blacklist upload - if ($submit == BLACKLIST_BTN_URL) { -# $url = $conf['blacklist_url']; -# $proxy = $conf['blacklist_proxy']; - if ($url) - sg_reconfigure_blacklist($url, $proxy); - } - - // blacklist restore last (if exists) - if ($submit == BLACKLIST_BTN_LAST) { - restore_arc_blacklist(); - } - - // apply changes - if ($submit == APPLY_BTN) { -# write_config('Update squidGuard options.'); // store, if not 'Save' button - sg_reconfigure(); - } + global $config; + $conf = $config['installedpackages'][MODULE_GENERAL]['config'][0]; + $upload_file = ''; + $submit = ''; + $url = ''; + $proxy = ''; + + $submit = isset($_POST['submit']) ? $_POST['submit'] : $_GET['submit']; + $url = isset($_POST['blacklist_url']) ? $_POST['blacklist_url'] : $_GET['blacklist_url']; + $proxy = isset($_POST['blacklist_proxy']) ? $_POST['blacklist_proxy'] : $_GET['blacklist_proxy']; + + # blacklist upload + if ($submit == BLACKLIST_BTN_URL) { + if ($url) + sg_reconfigure_blacklist($url, $proxy); + } + + # blacklist restore last (if exists) + if ($submit == BLACKLIST_BTN_LAST) { + restore_arc_blacklist(); + } + + # apply changes + if ($submit == APPLY_BTN) { +# write_config('Update squidGuard options.'); # store, if not 'Save' button +# перенести в validate для детектирования ошибок? + sg_reconfigure(); + } } - -// ----------------------------------------------------------------------------- -// squidguard_resync_acl -// ----------------------------------------------------------------------------- +# ----------------------------------------------------------------------------- +# squidguard_resync_acl +# ----------------------------------------------------------------------------- function squidguard_resync_acl() { - global $config; - $conf = $config['installedpackages'][MODULE_ACL]['config']; - $id = $_GET['id']; - - if (!$id) - $id = $_POST['id']; - - // --- sources part --- - // move current id by order - if (($id !== '') and is_array($conf) /*and ($id !== intval($conf[$id]['order']))*/) { - - $src_new = array(); - foreach ($conf as $key => $src) { - $order = $src['order']; - $n_key = ''; // n_key: [order]_x[key]; x: =0[up]; = 5[nothing]; =9[down]; - - $k1 = sprintf("%04d", $order); - $k3 = sprintf("%04d", $key); - - // new: move to last - if (!isset($src['order']) or ($src['order'] === '')) - $n_key = "99995{$k3}"; - // current: moveup; movedown; nothing; - elseif (intval($key) === intval($id)) { - if (intval($order) < intval($key)) - $n_key = "{$k1}0{$k3}"; - elseif (intval($order) > intval($key)) - $n_key = "{$k1}9{$k3}"; - else - $n_key = "{$k1}5{$k3}"; - // other: nothing - } else - $n_key = "{$k1}5{$k3}"; - // update with key - $src_new[$n_key] = $src; - } - // sort by key - ksort($src_new); - reset($src_new); - - // make keys '0, 1, 2, ...', and update order - $src_new = array_values($src_new); - foreach ($src_new as $key => $src) { - $src_new[$key]['order'] = $key; - } - - // renew config - unset ($config['installedpackages'][MODULE_ACL]['config']); - $config['installedpackages'][MODULE_ACL]['config'] = $src_new; - write_config('Update squidguardacl config'); - } + global $config; + $conf = $config['installedpackages'][MODULE_ACL]['config']; + $id = isset($_POST['id']) ? $_POST['id'] : $_GET['id']; + + # --- sources part --- + # move current id by order + if (($id !== '') and is_array($conf) /*and ($id !== intval($conf[$id]['order']))*/) { + + $src_new = array(); + foreach ($conf as $key => $src) { + $order = $src['order']; + $n_key = ''; # n_key: [order]_x[key]; x: =0[up]; = 5[nothing]; =9[down]; + + $k1 = sprintf("%04d", $order); + $k3 = sprintf("%04d", $key); + + # new: move to last + if (!isset($src['order']) or ($src['order'] === '')) + $n_key = "99995{$k3}"; + # current: moveup; movedown; nothing; + elseif (intval($key) === intval($id)) { + if (intval($order) < intval($key)) + $n_key = "{$k1}0{$k3}"; + elseif (intval($order) > intval($key)) + $n_key = "{$k1}9{$k3}"; + else + $n_key = "{$k1}5{$k3}"; + # other: nothing + } else + $n_key = "{$k1}5{$k3}"; + # update with key + $src_new[$n_key] = $src; + } + # sort by key + ksort($src_new); + reset($src_new); + + # make keys '0, 1, 2, ...', and update order + $src_new = array_values($src_new); + foreach ($src_new as $key => $src) { + $src_new[$key]['order'] = $key; + } + + # renew config + unset ($config['installedpackages'][MODULE_ACL]['config']); + $config['installedpackages'][MODULE_ACL]['config'] = $src_new; + write_config('Update squidguardacl config'); + } } -// ============================================================================= -// common functions -// ============================================================================= +# ============================================================================= +# common functions +# ============================================================================= -// ----------------------------------------------------------------------------- -// get_pkg_items_list -// ----------------------------------------------------------------------------- +# ----------------------------------------------------------------------------- +# get_pkg_items_list +# ----------------------------------------------------------------------------- function get_pkg_items_list($pkg_gui_name, $fieldname) { - $res = ''; - global $config; - $conf = $config['installedpackages'][$pkg_gui_name]['config']; - foreach($conf as $cf) - $res[] = $cf[$fieldname]; - return $res; + $res = ''; + global $config; + $conf = $config['installedpackages'][$pkg_gui_name]['config']; + if (is_array($conf)) + foreach($conf as $cf) $res[] = $cf[$fieldname]; + return $res; } # ============================================================================== # Before form # ============================================================================== -# squidguard_before_form_dest -# ------------------------------------------------------------------------------ -function squidguard_before_form_dest($pkg) { - global $config; - $expr_names = ''; - $expressions = ''; - - // update expressions list - $expressions = $config['installedpackages']['squidguardexpr']['config']; - if (is_array($expressions )) { - foreach($expressions as $expr) - $expr_names[] = $expr['name']; - } - - $i = 0; - foreach($pkg['fields']['field'] as $field) { - if ($field['fieldname'] == 'exprname') { - $fld = &$pkg['fields']['field'][$i]; - $fld['options']['option'][] = array('name'=>'none (expressions not defined)', 'value'=>''); - foreach ($expr_names as $nm) { - $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm); - } - break; - } - $i++; - } -} - -# ------------------------------------------------------------------------------ # squidguard_before_form # ------------------------------------------------------------------------------ function squidguard_before_form($pkg) { - $i=0; - - foreach($pkg['fields']['field'] as $field) { - // blacklist controls - if ($field['fieldname'] == 'blacklist_url') { - $fld = &$pkg['fields']['field'][$i]; - $fld['description'] .= make_grid_blacklist(); // insert to description custom controls - } - // Apply button - if ($field['fieldname'] == 'squidguard_enable'){ - $fld = &$pkg['fields']['field'][$i]; - $fld['description'] .= make_grid_general_items(); // insert to description custom controls - } - // GUI log - if ($field['fieldname'] == 'view_gui_log') { - $fld = &$pkg['fields']['field'][$i]; - $fld['description'] .= make_grid_general_items('gui_log'); // insert to description custom controls - } - $i++; + $i=0; + + foreach($pkg['fields']['field'] as $field) { + # blacklist controls + switch ($field['fieldname']) { + case 'blacklist_url': + $fld = &$pkg['fields']['field'][$i]; + $fld['description'] .= make_grid_blacklist(); # insert to description custom controls + break; + # Apply button + case 'squidguard_enable': + $fld = &$pkg['fields']['field'][$i]; + $fld['description'] .= make_grid_general_items(); # insert to description custom controls + break; + # GUI log + case 'view_gui_log': + $fld = &$pkg['fields']['field'][$i]; + $fld['description'] .= make_grid_general_items('gui_log'); # insert to description custom controls + break; } + $i++; + } } -// ----------------------------------------------------------------------------- -// squidguard_before_form_acl -// ----------------------------------------------------------------------------- +# ----------------------------------------------------------------------------- +# squidguard_before_form_acl +# ----------------------------------------------------------------------------- function squidguard_before_form_acl($pkg, $is_acl=true) { - global $config; - global $g; - $current_id = ''; - - $sources = ''; - $source_items = ''; - $destinations = ''; - $dest_items = ''; - $rewrites = ''; - $rewr_names = ''; - $times = ''; - $time_names = ''; - $acls_up = ''; - $acls_over = ''; - - $current_id = $_GET['id']; - if ($current_id == '') - $current_id = $_POST['id']; - if ($current_id == '') - $current_id = 0; - - // 'source' part of 'acl' page - $i=0; - foreach($pkg['fields']['field'] as $field) { - if ($field['fieldname'] == 'order') { - $fld = &$pkg['fields']['field'][$i]; - $img_up = "<img src='./themes/{$g['theme']}/images/icons/icon_up.gif' - title='move up' width='17' height='17' border='0' onclick='on_moveup()'>"; - $img_down = "<img src='./themes/{$g['theme']}/images/icons/icon_down.gif' - title='move down' width='17' height='17' border='0' onclick='on_movedown()'>"; - $s = "<b>Move to:</b> $img_up $img_down <br>" . $fld['description']; - $fld['description'] = $s; - } - $i++; + global $config, $g; + $current_id = ''; + $sources = ''; + $source_items = ''; + $destinations = ''; + $dest_items = ''; + $rewrites = ''; + $rewr_names = ''; + $times = ''; + $time_names = ''; + $acls_up = ''; + $acls_over = ''; + + $current_id = isset($_POST['id']) ? $_POST['id'] : $_GET['id']; + $current_id = ($current_id) ? $current_id : 0; + + # 'source' part of 'acl' page + # order option + $i=0; + foreach($pkg['fields']['field'] as $field) { + if ($field['fieldname'] === 'order') { + $fld = &$pkg['fields']['field'][$i]; + $img_up = "<img src='./themes/{$g['theme']}/images/icons/icon_up.gif' title='move up' width='17' height='17' border='0' onclick='on_moveup()'>"; + $img_down = "<img src='./themes/{$g['theme']}/images/icons/icon_down.gif' title='move down' width='17' height='17' border='0' onclick='on_movedown()'>"; + $s = "<b>Move to:</b> $img_up $img_down <br> {$fld['description']}"; + $fld['description'] = $s; } - unset ($i); - - // sources - $sources = $config['installedpackages']['squidguardsrc']['config']; - if (is_array($sources)) { - foreach($sources as $src) - $source_items[] = $src['name']; + $i++; + } + unset($i); + + # sources + $source_items = get_pkg_items_list('squidguardsrc', 'name'); + # generate sources list TODO: exclude used names from list, source name used in ACL unique + $i=0; + foreach($pkg['fields']['field'] as $field) { + if ($field['fieldname'] == 'source') { + $fld = &$pkg['fields']['field'][$i]; + if (is_array($source_items)) { + foreach($source_items as $nm) + $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm); + } } + $i++; + } - // generate sources list TODO: exclude used names from list, source name used in ACL unique - $i=0; - foreach($pkg['fields']['field'] as $field) { - if ($field['fieldname'] == 'source') { - $fld = &$pkg['fields']['field'][$i]; - if (is_array($source_items)) { - foreach($source_items as $nm) - $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm); - } + # destinations + # acls pass ---> prepare data for destinations; dest format 'uptime_dests_list [overtime_dests_list]' + $acl_dest = ''; + + $current_id = ($pkg['name'] !== MODULE_DEFAULT) ? $current_id : 0; + $acl_dest = $config['installedpackages'][$pkg['name']]['config'][$current_id]['dest']; + + if ($acl_dest) { + $overtime = ''; + $pss = explode(' ', str_replace(']', '', $acl_dest)); + foreach($pss as $val) { + $name = $val; + $name = str_replace('!', '', $name); + $name = str_replace('^', '', $name); + if ($val === '[') { $overtime = 'yes'; continue; } + elseif ($val === ']') { break; } + if (empty($overtime)) { + if (!empty($val)) { + switch($val[0]) { + case '!': $acls_up[$name] = 'deny'; break; + case '^': $acls_up[$name] = 'white'; break; + default : $acls_up[$name] = 'allow'; break; + } } - $i++; - } - - // destinations - // acls pass ---> prepare data for destinations; dest format 'uptime_dests_list [overtime_dests_list]' - $acl_dest = ''; - if ($pkg['name'] == MODULE_DEFAULT) { - $current_id = 0; - $acl_dest = $config['installedpackages'][MODULE_DEFAULT]['config'][$current_id]['dest']; - } - else $acl_dest = $config['installedpackages'][MODULE_ACL]['config'][$current_id]['dest']; - - if ($acl_dest) { - $overtime = ''; - $pss = str_replace(']', '', $acl_dest); - $pss = explode(' ', $pss); - foreach($pss as $val) { - $name = $val; - $name = str_replace('!', '', $name); - $name = str_replace('^', '', $name); - if ($val == '[') { $overtime = 'yes'; continue; } - elseif ($val == ']') { break; } - if (empty($overtime)) { - if (!empty($val)) { - switch($val[0]) { - case '!': $acls_up[$name] = 'deny'; break; - case '^': $acls_up[$name] = 'white'; break; - default : $acls_up[$name] = 'allow'; break; - } - } - } else { - if (!empty($val)) { - switch($val[0]) { - case '!': $acls_over[$name] = 'deny'; break; - case '^': $acls_over[$name] = 'white'; break; - default : $acls_over[$name] = 'allow'; break; - } - } - } + } else { + if (!empty($val)) { + switch($val[0]) { + case '!': $acls_over[$name] = 'deny'; break; + case '^': $acls_over[$name] = 'white'; break; + default : $acls_over[$name] = 'allow'; break; + } } - } - - // --- Destinations --- - $general_cfg = $config['installedpackages'][MODULE_GENERAL]['config'][0]; - $dest_cfg = $config['installedpackages'][MODULE_DESTINATION]['config']; - - // Blacklist - if ($general_cfg['blacklist'] == 'on') { - $blk_entries = sg_entries_blacklist(); - if (!empty($blk_entries)) { - foreach($blk_entries as $dst) - $dest_items[] = array ('name'=>$dst, - 'upt_value'=>$acls_up[$dst], - 'ovt_value'=>$acls_over[$dst], - 'description'=>''); } } + } - // User destinations - if ($dest_cfg) { - foreach($dest_cfg as $dst) - $dest_items[] = array ('name'=>$dst[FLD_NAME], - 'upt_value'=>$acls_up[$dst[FLD_NAME]], - 'ovt_value'=>$acls_over[$dst[FLD_NAME]], - 'description'=>$dst[FLD_DESCRIPTION]); - } - - // Default all - $dest_items[] = array('name'=>FLT_DEFAULT_ALL, - 'upt_value'=>$acls_up[FLT_DEFAULT_ALL], - 'ovt_value'=>$acls_over[FLT_DEFAULT_ALL], - 'description'=>'Default access'); - - $i=0; - foreach($pkg['fields']['field'] as $field) { - if (($field['fieldname'] == 'dest')/* || ($field['fieldname'] == 'overdest')*/) { - $fld = &$pkg['fields']['field'][$i]; - $fld['description'] .= make_grid_controls('', $dest_items, $is_acl); // insert to description custom controls - } - $i++; + # --- Destinations --- + $general_cfg = $config['installedpackages'][MODULE_GENERAL]['config'][0]; + $dest_cfg = $config['installedpackages'][MODULE_DESTINATION]['config']; + + # Blacklist + if ($general_cfg['blacklist'] === 'on') { + $blk_entries = sg_entries_blacklist(); + if (!empty($blk_entries)) { + foreach($blk_entries as $dst) + $dest_items[] = array ('name'=>$dst, + 'upt_value'=>$acls_up[$dst], + 'ovt_value'=>$acls_over[$dst], + 'description'=>''); } + } - // rewrites - $rewrites = $config['installedpackages'][MODULE_REWRITE]['config']; - if (is_array($rewrites)) { - foreach($rewrites as $rewr) { - $rewr_names[] = $rewr['name']; - } - } + # User destinations + if ($dest_cfg) { + foreach($dest_cfg as $dst) + $dest_items[] = array ('name'=>$dst[FLD_NAME], + 'upt_value'=>$acls_up[$dst[FLD_NAME]], + 'ovt_value'=>$acls_over[$dst[FLD_NAME]], + 'description'=>$dst[FLD_DESCRIPTION]); + } - $i=0; - foreach($pkg['fields']['field'] as $field) { - if (($field['fieldname'] == 'rewrite') || ($field['fieldname'] == 'overrewrite')) { - $fld = &$pkg['fields']['field'][$i]; - $fld['options']['option'][] = array('name'=>'none (rewrite not defined)', 'value'=>''); - if (is_array($rewr_names)) { - foreach($rewr_names as $nm) - $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm); - } - } - $i++; + # Default all + $dest_items[] = array('name'=>FLT_DEFAULT_ALL, + 'upt_value'=>$acls_up[FLT_DEFAULT_ALL], + 'ovt_value'=>$acls_over[FLT_DEFAULT_ALL], + 'description'=>'Default access'); + + $i=0; + foreach($pkg['fields']['field'] as $field) { + if (($field['fieldname'] === 'dest')/* || ($field['fieldname'] == 'overdest')*/) { + $fld = &$pkg['fields']['field'][$i]; + $fld['description'] .= make_grid_controls('', $dest_items, $is_acl); # insert to description custom controls } + $i++; + } - // times - $times = $config['installedpackages']['squidguardtime']['config']; - if (is_array($times)) { - foreach($times as $tm) { - $time_names[] = $tm['name']; - } + # rewrites + $rewr_names = get_pkg_items_list(MODULE_REWRITE, 'name'); + $i=0; + foreach($pkg['fields']['field'] as $field) { + if (($field['fieldname'] == 'rewrite') || ($field['fieldname'] == 'overrewrite')) { + $fld = &$pkg['fields']['field'][$i]; + $fld['options']['option'][] = array('name'=>'none (rewrite not defined)', 'value'=>''); + if (is_array($rewr_names)) { + foreach($rewr_names as $nm) + $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm); + } } + $i++; + } - $i=0; - foreach($pkg['fields']['field'] as $field) { - if ($field['fieldname'] == 'time') { - $fld = &$pkg['fields']['field'][$i]; - $fld['options']['option'][] = array('name'=>'none (time not defined)', 'value'=>''); - if (is_array($time_names)) { - foreach($time_names as $nm) - $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm); - } - break; - } - $i++; + # - set times field - + $time_names = get_pkg_items_list('squidguardtime', 'name'); + $i=0; + foreach($pkg['fields']['field'] as $field) { + if ($field['fieldname'] === 'time') { + $fld = &$pkg['fields']['field'][$i]; + $fld['options']['option'][] = array('name'=>'none (time not defined)', 'value'=>''); + if (is_array($time_names)) { + foreach($time_names as $nm) + $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm); + } + break; } + $i++; + } } -// ----------------------------------------------------------------------------- -// squidguard_before_form_log -// ----------------------------------------------------------------------------- +# ----------------------------------------------------------------------------- +# squidguard_before_form_log +# ----------------------------------------------------------------------------- define('LOGSHOW_BUFSIZE', 16384); function squidguard_before_form_log($pkg) { - global $config; - $i=0; - $move_pos = 0; - $move_step = 50; - - foreach($pkg['fields']['field'] as $field) { - if ($field['fieldname'] == 'logtype') { - $slog = ''; - $mlog = $config['installedpackages'][MODULE_LOG]['config'][0]; - - $filename = ''; - $fld = &$pkg['fields']['field'][$i]; - if (empty($move_pos)) $move_pos = 0; - - if ($mlog['logtype'] == 'block_log') { - $filename = SQUIDGUARD_LOGDIR . "/" . SQUIDGUARD_ACCESSBLOCK_FILE; - $fh = ''; - if (file_exists($filename)) { - $fh = fopen($filename, "r"); - if ($fh) { - $fsize = filesize($filename); - // take LOGSHOW_BUFSIZE bytes from end - if ($fsize > LOGSHOW_BUFSIZE) - fseek($fh, -LOGSHOW_BUFSIZE, SEEK_END); - $s = fread($fh, LOGSHOW_BUFSIZE); - fclose($fh); - - $slog .= "<tr><td colspan='7'>Block log '$filename'. Last 100:<td><tr>"; - - $s = explode("\n", $s); - unset($s[0]); // unset us'nt complete string - - $slog .= "<tr><th>Num</th><th>DateTime</th><th>IP</th><th>URL</th><th>Filter</th><th>ID</th><th>Mtd</th></tr>"; - foreach($s as $key => $vs) { - $nkey = $move_pos + intval($key); - $slog .= "<tr>"; - $sx = $vs; - $sx = str_replace("/- -", "", $sx); - $sx = str_replace("/-", "", $sx); - $sx = str_replace("Request", "", $sx); - $sx = str_replace("request", "", $sx); - $sx = str_replace("(", "", $sx); - $sx = str_replace(")", "", $sx); - $sx = str_replace("[", "", $sx); - $sx = str_replace("]", "", $sx); - $sx = explode(" ", $sx); - - // formatting url - $spos =0; - $stmp = ''; - while($spos + 81 < strlen($sx[4])) { - $stmp .= substr($sx[4], $spos, 81) . "<br>"; - $spos += 81; - } - $stmp .= substr($sx[4], $spos, strlen($sx[4]) - $spos); - $sx[4] = $stmp; - - if (!empty($vs)) - $slog .= "<tr> + global $config; + $i=0; + $move_pos = 0; + $move_step = 50; + + foreach($pkg['fields']['field'] as $field) { + if ($field['fieldname'] == 'logtype') { + $slog = ''; + $mlog = $config['installedpackages'][MODULE_LOG]['config'][0]; + + $filename = ''; + $fld = &$pkg['fields']['field'][$i]; + $move_pos = ($move_pos) ? $move_pos : 0; + + switch ($mlog['logtype']) { + case 'block_log': + { + $filename = SQUIDGUARD_LOGDIR . "/" . SQUIDGUARD_ACCESSBLOCK_FILE; + $fh = ''; + if (file_exists($filename)) { + $fh = fopen($filename, "r"); + if ($fh) { + $fsize = filesize($filename); + # take LOGSHOW_BUFSIZE bytes from end + if ($fsize > LOGSHOW_BUFSIZE) + fseek($fh, -LOGSHOW_BUFSIZE, SEEK_END); + $s = fread($fh, LOGSHOW_BUFSIZE); + fclose($fh); + + $slog .= "<tr><td colspan='7'>Block log '$filename'. Last 100:<td><tr>"; + + $s = explode("\n", $s); + unset($s[0]); # unset us'nt complete string + + $slog .= "<tr><th>Num</th><th>DateTime</th><th>IP</th><th>URL</th><th>Filter</th><th>ID</th><th>Mtd</th></tr>"; + foreach($s as $key => $vs) { + $nkey = $move_pos + intval($key); + $slog .= "<tr>"; + $sx = $vs; + $sx = str_replace(array("/- -", "/-", "Request", "request","(", ")", "[", "]"), "", $sx); + $sx = explode(" ", $sx); + + # formatting url + $spos =0; + $stmp = ''; + while($spos + 81 < strlen($sx[4])) { + $stmp .= substr($sx[4], $spos, 81) . "<br>"; + $spos += 81; + } + $stmp .= substr($sx[4], $spos, strlen($sx[4]) - $spos); + $sx[4] = $stmp; + + if (!empty($vs)) + $slog .= "<tr> <td style='vertical-align: top; white-space: nowrap;'>" . strval($nkey) . "</td> <td style='vertical-align: top; white-space: nowrap;'>$sx[0] $sx[1]</td> <td style='vertical-align: top;'>$sx[5]</td> @@ -748,25 +654,26 @@ function squidguard_before_form_log($pkg) { <td style='vertical-align: top;'>$sx[3]</td> <td style='vertical-align: top;'>$sx[2]</td> <td style='vertical-align: top;'>$sx[6]</td></tr>"; - } - } - } - - } else - - if ($mlog['logtype'] == 'configurator_log') { - $filename = SQUIDGUARD_LOGDIR . SQUIDGUARDCONF_LOGFILE; - $slog .= "<b>$filename</b><br>"; - if (file_exists($filename)) { - $slog .= file_get_contents($filename); - $slog = str_replace("\n", "<br>", $slog); - $slog = "<tr><td>$slog</td></tr>"; } - } else - - if ($mlog['logtype'] == 'squidguard_log') { + } + } - $slog .= 'squidguard_log report disabled'; + } + break; + case 'configurator_log': + { + $filename = SQUIDGUARD_LOGDIR . SQUIDGUARDCONF_LOGFILE; + $slog .= "<b>$filename</b><br>"; + if (file_exists($filename)) { + $slog .= file_get_contents($filename); + $slog = str_replace("\n", "<br>", $slog); + $slog = "<tr><td>$slog</td></tr>"; + } + } + break; + case 'squidguard_log': + { + $slog .= 'squidguard_log report disabled'; /* $filename = SQUIDGUARD_LOGDIR . '/squidGuard.log'; $slog .= "<b>$filename</b><br>"; @@ -779,301 +686,228 @@ function squidguard_before_form_log($pkg) { $slog = "<tr><td>$slog</td></tr>"; } */ - } else - - if ($mlog['logtype'] == 'squid_config') { - $filename = SQUID_CONFIGFILE; - $slog .= "<b>$filename</b><br>"; - if (file_exists($filename)) { - $slog .= file_get_contents($filename); - $slog = str_replace("\n", "<br>", $slog); - $slog = str_replace("\t", " ", $slog); - $slog = "<tr><td>$slog</td></tr>"; - } - } else - if ($mlog['logtype'] == 'squidguard_config') { - $filename = SQUIDGUARD_WORKDIR . "/squidGuard.conf"; - $slog .= "<b>$filename</b><br>"; - if (file_exists($filename)) { - $slog .= file_get_contents($filename); - $slog = str_replace("\n", "<br>", $slog); - $slog = str_replace("\t", " ", $slog); - $slog = "<tr><td>$slog</td></tr>"; - } - } - - $fld['description'] .= - "<INPUT class=formbtn type=submit value='Get log' name=Submit> - </tr><tr> - <td colspan='2'><table width='100%' class=tabcont cellSpacing=0 cellPadding=1 border=1>$slog</table>"; - "<table class=tabcont cellSpacing=0 cellPadding=0 border=1 width='100%'>$slog</table></td></tr>"; - } - $i++; - } -} + break; + case 'squid_config': + { + $filename = SQUID_CONFIGFILE; + $slog .= "<b>$filename</b><br>"; + if (file_exists($filename)) { + $slog .= file_get_contents($filename); + $slog = str_replace("\n", "<br>", $slog); + $slog = str_replace("\t", " ", $slog); + $slog = "<tr><td>$slog</td></tr>"; + } + } + break; + case 'squidguard_config': + { + $filename = SQUIDGUARD_WORKDIR . "/squidGuard.conf"; + $slog .= "<b>$filename</b><br>"; + if (file_exists($filename)) { + $slog .= file_get_contents($filename); + $slog = str_replace("\n", "<br>", $slog); + $slog = str_replace("\t", " ", $slog); + $slog = "<tr><td>$slog</td></tr>"; + } + } + break; + } # switch -// ----------------------------------------------------------------------------- -// squidguard_update_acl_dest -// ----------------------------------------------------------------------------- -function squidguard_update_acl_dest($acl_name, $post) { - global $config; - $post['dest'] = 'fig vam'; - foreach($post as $k => $p) - $s .= $k . '=' . $p; + $fld['description'] .= + "<INPUT class=formbtn type=submit value='Get log' name=Submit> + </tr><tr> + <td colspan='2'><table width='100%' class=tabcont cellSpacing=0 cellPadding=1 border=1>$slog</table>"; + } + $i++; + } } -// ----------------------------------------------------------------------------- -// make_grid_general_items -// ----------------------------------------------------------------------------- +# ----------------------------------------------------------------------------- +# make_grid_general_items +# ----------------------------------------------------------------------------- function make_grid_general_items($id = '') { - global $config; - - $bg_color = "bgcolor='#dddddd'"; - $res = ''; - $res .= "<table width='100%'>"; - - if ($id == '') { - // Apply - $res .= "<tr $bg_color><td><big>For saving configuration YOU need click button 'Save' on bottom of page</big></td></tr> - <tr><td><big>After changing configuration squidGuard you must <b><span style='color: #800000;'>apply all changes</span></b></big></td></tr> - <tr><td><input name='submit' type='submit' value='Apply'></td></tr>"; - - // service state - $sgstate = "<span style='color: #800000;'>STOPPED</span>"; - if (is_service_running("squidGuard")) - $sgstate = "<span style='color: #008000;'>STARTED</span>"; - - if (is_blacklist_update_started()) { - $sgstate .= "<br><span style='color: #800000;'>Wait: began updating the blacklist.<br>New data will be available after some time.<br>After the upgrade, it is necessary to check the configuration.</span>"; - } - $res .= "<tr $bg_color><td><big>SquidGuard service state: <b>$sgstate</b></big></td></tr>"; - } else - if ($id == 'gui_log') { - if ($config['installedpackages']['squidguardgeneral']['config'][0]['view_gui_log'] == 'on') { - $log_content = sg_getlog(50); - $log_content = str_replace("\n","<br>", $log_content); - $res .= "<tr $bg_color><td><font size='-1'><b>Web GUI log (Latest 50)</b></font></td></tr>"; - $res .= "<tr $bg_color><td vAlign=top width='100%'><font size='-2'>$log_content</font></td></tr>"; - } + global $config; + $bg_color = "bgcolor='#dddddd'"; + $res = ''; + $res .= "<table width='100%'>"; + + if ($id === '') { + # Apply + $res .= "<tr $bg_color><td><big>For saving configuration YOU need click button 'Save' on bottom of page</big></td></tr> + <tr><td><big>After changing configuration squidGuard you must <b><span style='color: #800000;'>apply all changes</span></b></big></td></tr> + <tr><td><input name='submit' type='submit' value='Apply'></td></tr>"; + + # service state + $sgstate = "<span style='color: #800000;'>STOPPED</span>"; + if (is_service_running("squidGuard")) + $sgstate = "<span style='color: #008000;'>STARTED</span>"; + + if (is_blacklist_update_started()) + $sgstate .= "<br><span style='color: #800000;'>Wait: began updating the blacklist.<br>New data will be available after some time.<br>After the upgrade, it is necessary to check the configuration.</span>"; + $res .= "<tr $bg_color><td><big>SquidGuard service state: <b>$sgstate</b></big></td></tr>"; + } + elseif ($id === 'gui_log') { + if ($config['installedpackages']['squidguardgeneral']['config'][0]['view_gui_log'] == 'on') { + $log_content = sg_getlog(50); + $log_content = str_replace("\n","<br>", $log_content); + $res .= "<tr $bg_color><td><font size='-1'><b>Web GUI log (Latest 50)</b></font></td></tr>"; + $res .= "<tr $bg_color><td vAlign=top width='100%'><font size='-2'>$log_content</font></td></tr>"; } + } - $res .= "</table>"; - return $res; + $res .= "</table>"; + return $res; } -// ----------------------------------------------------------------------------- -// make_grid_blacklist -// ----------------------------------------------------------------------------- +# ----------------------------------------------------------------------------- +# make_grid_blacklist +# ----------------------------------------------------------------------------- function make_grid_blacklist() { - $res = ''; - - // button 'Upload URL' - $res = "<br><input name='submit' value='" . BLACKLIST_BTN_URL . "' type='submit'>"; - // button 'Restore last blacklist' - $res .= " <input name='submit' value='" . BLACKLIST_BTN_LAST . "' type='submit'>"; - - return $res; + $res = ''; + # button 'Upload URL' and button 'Restore last blacklist' + $res = "<hr><input name='submit' value='" . BLACKLIST_BTN_URL . "' type='submit'>"; + $res .= " <input name='submit' value='" . BLACKLIST_BTN_LAST . "' type='submit'>"; + return $res; } -// ----------------------------------------------------------------------------- -// make_grid_controls -// ----------------------------------------------------------------------------- +# ----------------------------------------------------------------------------- +# make_grid_controls +# ----------------------------------------------------------------------------- function make_grid_controls($type, $items, $enable_overtime = true) { - $res = ''; - $tbl = ''; - $color = ''; - $color2 = ''; - $x = 0; - - foreach($items as $item) { - if ($x == 0) { - $color = 'style="background-color: #dddddd;"'; - $color2 = ''; - $x = 1; - } else { - $color = ''; - $color2 = 'style="background-color: #dddddd;"'; - $x = 0; - } - - $name = $item['name']; - $upt_val = $item['upt_value']; - $ovt_val = $item['ovt_value']; - $description = $item['description']; - - $sel = "selected=\"selected\""; - $upt_A = $upt_B = $upt_C = $upt_D = ''; - switch($upt_val) { - case "allow": $upt_B = $sel; break; - case "white": $upt_C = $sel; break; - case "deny" : $upt_D = $sel; break; - default: $upt_A = $sel; break; - } - - $ovt_A = $ovt_B = $ovt_C= $ovt_D = ''; - switch($ovt_val) { - case "allow": $ovt_B = $sel; break; - case "white": $ovt_C = $sel; break; - case "deny" : $ovt_D = $sel; break; - default: $ovt_A = $sel; break; - } - unset($sel); - - $tbl .= "<tr>"; - // uptime table - $tnm = PREFLD_UPTIME . $name; - $tbl .= "<td $color></td>"; - $tbl .= "<td $color>$description [$name]</td>"; - $tbl .= "<td $color>access</td>"; - $tbl .= "<td $color><select id=$tnm name=\"$tnm\">"; - if (substr_count($name, "all") === 0) { - $tbl .= "<option value=none name=\"----\" $upt_A>----</option>"; - $tbl .= "<option value=allow name=\"allow\" $upt_B>allow</option>"; - $tbl .= "<option value=white name=\"white\" $upt_C>white</option>"; - $tbl .= "<option value=deny name=\"deny\" $upt_D>deny </option>"; - } else { - $tbl .= "<option value=allow name=\"allow\" $upt_B>allow</option>"; - $tbl .= "<option value=deny name=\"deny\" $upt_D>deny </option>"; - } - $tbl .= "</td>"; - - // overtime table - if ($enable_overtime) { - $tnm = PREFLD_OVERTIME . $name; - $tbl .= "<td $color></td>"; - $tbl .= "<td $color>$description [$name]</td>"; - $tbl .= "<td $color>access</td>"; - $tbl .= "<td $color><select id=$tnm name=\"$tnm\">"; - if (substr_count($name, "all") === 0) { - $tbl .= "<option value=none name=\"----\" $ovt_A>----</option>"; - $tbl .= "<option value=allow name=\"allow\" $ovt_B>allow</option>"; - $tbl .= "<option value=white name=\"white\" $ovt_C>white</option>"; - $tbl .= "<option value=deny name=\"deny\" $ovt_D>deny </option>"; - } else { - $tbl .= "<option value=allow name=\"allow\" $ovt_B>allow</option>"; - $tbl .= "<option value=deny name=\"deny\" $ovt_D>deny </option>"; - } - $tbl .= "</td>"; - } - $tbl .= "</tr>"; + $res = ''; + $tbl = ''; + $color = ''; + $color2 = ''; + $x = 0; + + foreach($items as $item) { + if ($x === 0) { + $color = ''; + $color2 = 'style="background-color: #dddddd;"'; + $x = 1; + } + else { + $color = 'style="background-color: #dddddd;"'; + $color2 = ''; + $x = 0; } - # header - if (!empty($tbl)) { - $thdr = ''; - $hdr1up = "Destinations in uptime"; - $hdr1ov = "Destinations in overtime"; - $hdr2up = "Select destinations for uptime rule."; - $hdr2ov = "Select destination for overtime rule."; - $hds3 = "Access option priority: 1-'white'(whitelist), 2-'deny'(blacklist), 3-'allow', 4-all rule('allow' ro 'deny')."; - if ($enable_overtime) { - $thdr = - "<tr><th colspan='4' align=middle>$hdr1up</th><th colspan='4' align=middle>$hdr1ov</th></tr>" . - "<tr><td colspan='4' align=middle>$hdr2up</td><td colspan='4' align=middle>$hdr2ov<br>If <b>'Time'</b> not defined, this part must be ignored</td></tr>" . - "<tr><td colspan='8' align=left><hr><b>$hds3</b><hr></td></tr>"; - // formatting - $thdr .= "<tr><td/><td width='35%'/><td/><td/><td/><td width='35%'/><td/><td/></tr>"; - } else { - $thdr = "<tr><th colspan='4' align=middle>$hdr1up</th></tr>" . - "<tr><td colspan='4' align=middle>$hdr2up</td></tr>" . - "<tr><td colspan='4' align=middle><hr><b>$hds3</b><hr></tr>"; - // formatting - $thdr .= "<tr><td width='5%'/><td/><td width='5%'/><td width='10%'/></tr>"; - } - - $res .= "<table cellspacing='0' width='100%'> $thdr $tbl </table>"; + $name = $item['name']; + $upt_val = $item['upt_value']; + $ovt_val = $item['ovt_value']; + $description = $item['description']; + + $sel = "selected=\"selected\""; + $upt_A = $upt_B = $upt_C = $upt_D = ''; + switch($upt_val) { + case "allow": $upt_B = $sel; break; + case "white": $upt_C = $sel; break; + case "deny" : $upt_D = $sel; break; + default: $upt_A = $sel; break; } - return $res; -} -// ----------------------------------------------------------------------------- -// check unique name -// ----------------------------------------------------------------------------- -function check_unique_name($module_id, $name, $log='') { - $res = true; - $count_names = 0; - $is_self ='notself'; - - $id = $_GET['id']; - if (!isset($id)) - $id = $_POST['id']; - - $name_list = get_pkg_items_list($module_id, 'name'); - $name_list_count = count($name_list); - - for($j=0; $j<$name_list_count; $j++) { - $val = $name_list[$j]; - if ($val == $name) { - $count_names++; - if ($j==$id) $is_self='self'; - } + $ovt_A = $ovt_B = $ovt_C= $ovt_D = ''; + switch($ovt_val) { + case "allow": $ovt_B = $sel; break; + case "white": $ovt_C = $sel; break; + case "deny" : $ovt_D = $sel; break; + default: $ovt_A = $sel; break; + } + unset($sel); + + $tbl .= "<tr>"; + # uptime table + $tnm = PREFLD_UPTIME . $name; + $tbl .= "<td $color></td>"; + $tbl .= "<td $color>$description [$name]</td>"; + $tbl .= "<td $color>access</td>"; + $tbl .= "<td $color><select id=$tnm name=\"$tnm\">"; + if (substr_count($name, "all") === 0) { + $tbl .= "<option value=none name=\"----\" $upt_A>----</option>"; + $tbl .= "<option value=white name=\"white\" $upt_C>white</option>"; + $tbl .= "<option value=deny name=\"deny\" $upt_D>deny </option>"; + $tbl .= "<option value=allow name=\"allow\" $upt_B>allow</option>"; + } + else { + $tbl .= "<option value=allow name=\"allow\" $upt_B>allow</option>"; + $tbl .= "<option value=deny name=\"deny\" $upt_D>deny </option>"; } + $tbl .= "</td>"; + + # overtime table + if ($enable_overtime) { + $tnm = PREFLD_OVERTIME . $name; + $tbl .= "<td $color></td>"; + $tbl .= "<td $color>$description [$name]</td>"; + $tbl .= "<td $color>access</td>"; + $tbl .= "<td $color><select id=$tnm name=\"$tnm\">"; + if (substr_count($name, "all") === 0) { + $tbl .= "<option value=none name=\"----\" $ovt_A>----</option>"; + $tbl .= "<option value=white name=\"white\" $ovt_C>white</option>"; + $tbl .= "<option value=deny name=\"deny\" $ovt_D>deny </option>"; + $tbl .= "<option value=allow name=\"allow\" $ovt_B>allow</option>"; + } + else { + $tbl .= "<option value=allow name=\"allow\" $ovt_B>allow</option>"; + $tbl .= "<option value=deny name=\"deny\" $ovt_D>deny </option>"; + } + $tbl .= "</td>"; + } + $tbl .= "</tr>"; + } - // if count names = 1, then check if add new record with this name(not valid) / or this is a self record(valid) - // else if count names > 1 - not valid - if ($count_names == 1) { - if ($id == name_list_count) { // this new record - $res = false; - $log = "*ID*"; - } - elseif($is_self != 'self') { // not self record - $res = false; - $log = '*NOT SELF*'; - } + # header + if (!empty($tbl)) { + $color = 'style="background-color: #dddddd;"'; + $thdr = ''; + $hdr1up = "<big>Destination rules</big>"; + $hdr1ov = "<big>Destination rules in overtime</big>"; + $hds3 = "Rules priority: [1]: 'white'(whitelist); [2]: 'deny'(blacklist); [3]: 'allow'; [4]: end-rule('allow' ro 'deny'). For permit of the exceptions from blacklist, use 'white' option."; + if ($enable_overtime) { + $thdr .= "<tr><td colspan='8' align=left>$hds3<hr></td></tr>"; + $thdr .= "<tr $color><th colspan='4' align=middle>$hdr1up</th><th colspan='4' align=middle>$hdr1ov</th></tr>"; + $thdr .= "<tr $color><td colspan='4' align=middle></td><td colspan='4' align=middle>If <b>'Time'</b> not defined, this ruleset will be ignored</td></tr>"; + # formatting + $thdr .= "<tr><td/><td width='35%'/><td/><td/><td/><td width='35%'/><td/><td/></tr>"; } - elseif($count_names > 1) { - $res = false; - $log = '*COUNT*'; + else { + $thdr .= "<tr><td colspan='4' align=left>$hds3<hr></tr>"; + $thdr .= "<tr $color><th colspan='4' align=middle>$hdr1up</th></tr>"; + # formatting + $thdr .= "<tr><td width='5%'/><td/><td width='5%'/><td width='10%'/></tr>"; } - $log .= " id=$id is_self=$is_self count=$name_list_count"; - return $res; -} -// ----------------------------------------------------------------------------- -// check date -// ----------------------------------------------------------------------------- -function check_date($date) { - $err = ''; - $val = trim($date); - // date or date range format: 'yyyy-mm-dd', 'yyyy-m-d', 'yyyy.mm.dd' 'yyyy.mm.dd-yyyy.mm.dd' - if (!eregi("^(([0-9]{4})|[*])\.(([0-9]{2})|[*])\.(([0-9]{2})|[*])$", $val) && - !eregi("^(([0-9]{4})|[*])\.(([0-9]{2})|[*])\.(([0-9]{2})|[*])-(([0-9]{4})|[*])\.(([0-9]{2})|[*])\.(([0-9]{2})|[*])$", $val)) - $err .= " Invalid date '$date'. - You mast use date or date range format: 'yyyy.mm.dd' and 'yyyy.mm.dd-yyyy.mm.dd'. - Any symbol in date can be set as * (any). Example: '*-10-01', '199*-*1-*1'."; - return $err; + $res .= "<table cellspacing='0' width='100%'> $thdr $tbl </table>"; + } + return $res; } -// ----------------------------------------------------------------------------- -// check time -// ----------------------------------------------------------------------------- -function check_time($time) { - $err = ''; - $val = trim($time); - - if (empty($val)) return ''; - - // time range format: 'HH:MM-HH:MM' - if (!eregi("^([0-9]{2})\:([0-9]{2})-([0-9]{2})\:([0-9]{2})$", $val)) - $err = "Invalid time range '$time'. You must use 'HH:MM-HH:MM' time range format. "; - else { - $tms = $time; - $tms = str_replace("-", "\n", $tms); - $tmsv = $tms; - $tms = str_replace(":", "", $tms); - $tms = explode("\n", $tms); - $tmsv = explode("\n", $tmsv); - if ($tms[0] >= 2400) - $err .= "Invalid time range var1='$tmsv[0]' must be < '24:00'. "; - if ($tms[1] > 2400) - $err .= "Invalid time range var2='$tmsv[1]' must be <= '24:00'. "; - if ($tms[0] >= $tms[1]) - $err .= "Invalid time range var1='$tmsv[0]' must be < var2='$tmsv[1]'. "; - } +# ----------------------------------------------------------------------------- +# check unique name +# ----------------------------------------------------------------------------- +function sg_check_unique_name($module_id, $name, $log='') { + $res = true; + $id = (isset($_GET['id'])) ? $_GET['id'] : $_POST['id']; + + $name_list = get_pkg_items_list($module_id, 'name'); + $name_list_count = count($name_list); + $name_val = (is_array($name_list)) ? array_count_values($name_list) : array(); + $count_names = $name_val[$name]; + + # if count names = 1, then check if add new record with this name(not valid) / or this is a self record(valid) + # else if count names > 1 - not valid + if ($count_names === 1) { + $nm_key = array_search($name, $name_list); + # if this new record + if ($id >= $name_list_count) { $res = false; } + # if not self record + elseif ($nm_key && (intval($id) !== intval($nm_key))) { $res = false; } + } + elseif($count_names > 1) $res = false; # bad - not unique - return $err; + return $res; } # ------------------------------------------------------------------------------ @@ -1081,31 +915,31 @@ function check_time($time) { # ------------------------------------------------------------------------------ function squidguard_install_command() { - if (!is_service_running("squidGuard")) { - sg_init(convert_pfxml_to_sgxml()); - sg_check_system(); - - // generate squidGuard blacklist entries file (check with squidGuard PORT) - $entries = array("ads", "aggressive", "audio-video", "drugs", "gambling", "hacking", - "mail", "porn", "proxy", "violence", "warez"); - file_put_contents(SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES, implode("\n", $entries)); - set_file_access(SQUIDGUARD_WORKDIR, OWNER_NAME, 0755); - set_file_access(SQUIDGUARD_DBHOME, OWNER_NAME, 0755); - - sg_reconfigure(); - } + if (!is_service_running("squidGuard")) { + sg_init(convert_pfxml_to_sgxml()); + sg_check_system(); + + # generate squidGuard blacklist entries file (check with squidGuard PORT) + $entries = array("ads", "aggressive", "audio-video", "drugs", "gambling", "hacking", + "mail", "porn", "proxy", "violence", "warez"); + file_put_contents(SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES, implode("\n", $entries)); + set_file_access(SQUIDGUARD_WORKDIR, OWNER_NAME, 0755); + set_file_access(SQUIDGUARD_DBHOME, OWNER_NAME, 0755); + + sg_reconfigure(); + } } function squidguard_deinstall_command() { - // remove entries from squid config - squid_reconfigure('remove redirector options'); - - // remove package and his depends - mwexec("pkg_delete squidGuard-1.2.0_1"); - mwexec("rm -rf " . SQUIDGUARD_WORKDIR); - // i known't, really need delete blacklist base? - mwexec("rm -rf " . SQUIDGUARD_DBHOME); - mwexec("/bin/rm -f " . SQUIDGUARD_CONFBASE . "/squidGuard*"); + # remove entries from squid config + squid_reconfigure('remove redirector options'); + + # remove package and his depends + mwexec("pkg_delete squidGuard-1.2.0_1"); + mwexec("rm -rf " . SQUIDGUARD_WORKDIR); + # i known't, really need delete blacklist base? + mwexec("rm -rf " . SQUIDGUARD_DBHOME); + mwexec("/bin/rm -f " . SQUIDGUARD_CONFBASE . "/squidGuard*"); } # ------------------------------------------------------------------------------ @@ -1113,122 +947,121 @@ function squidguard_deinstall_command() { # ------------------------------------------------------------------------------ function squidGuard_print_javascript() { - $javascript = ''; - - $xml = $_GET["xml"]; - if ($xml == "") - $xml = $_POST["xml"]; - - // squidguard_default.xml - if ($xml == "squidguard_default.xml") { - $javascript .= "\n<script language='JavaScript'>"; - $javascript .= "\n<!--"; - $javascript .= "\n document.iform.dest.disabled=1;"; - $javascript .= "\n//-->"; - $javascript .= "\n</script>"; - } // if - - // squidguard_acl.xml - if ($xml == "squidguard_acl.xml") { - $javascript .= "\n<script language='JavaScript'>"; - $javascript .= "\n<!--"; - $javascript .= "\n document.iform.dest.disabled=1;"; - // source JS part - $javascript .= "\n function on_updatecontrols() {"; - $javascript .= "\n document.iform.elements['order'].disabled = 0;"; - $javascript .= "\n document.iform.elements['order'].onfocus = on_orderfocus;"; - $javascript .= "\n }"; - $javascript .= "\n function on_orderfocus() {"; - $javascript .= "\n document.iform.elements['order'].blur();"; - $javascript .= "\n }"; - $javascript .= "\n function on_moveup() {"; - $javascript .= "\n var order = parseInt(document.iform.elements['order'].value)"; - $javascript .= "\n if (order > 0)"; - $javascript .= "\n order = order - 1;"; - $javascript .= "\n else order = 0;"; - $javascript .= "\n document.iform.elements['order'].value = order;"; - $javascript .= "\n }"; - $javascript .= "\n function on_movedown() {"; - $javascript .= "\n var order = parseInt(document.iform.elements['order'].value)"; - $javascript .= "\n if (order >= 0)"; - $javascript .= "\n order = order + 1;"; - $javascript .= "\n else order = 0;"; - $javascript .= "\n document.iform.elements['order'].value = order;"; - $javascript .= "\n }"; - $javascript .= "\n on_updatecontrols();"; - $javascript .= "\n "; - // end source JS part - $javascript .= "\n//-->"; - $javascript .= "\n</script>"; - - } // if - - if ($xml == "squidguard_time.xml") { - $javascript .= "\n<script language='JavaScript'>"; - $javascript .= "\n<!--"; - $javascript .= "\n function on_updatecontrols() {"; - $javascript .= "\n for (var i=0; i<99; i++) {"; - $javascript .= "\n var elm = document.iform.elements['timetype' + i];"; - $javascript .= "\n if (elm) {"; - $javascript .= "\n document.iform.elements['timetype' + i].onclick = on_updatecontrols;"; - $javascript .= "\n if (document.iform.elements['timetype' + i].value == 'weekly') {"; - $javascript .= "\n document.iform.elements['timedays' + i].disabled = 0;"; - $javascript .= "\n document.iform.elements['daterange' + i].disabled = 1;"; - $javascript .= "\n }"; - $javascript .= "\n else {"; - $javascript .= "\n document.iform.elements['timedays' + i].disabled = 1;"; - $javascript .= "\n document.iform.elements['daterange' + i].disabled = 0;"; - $javascript .= "\n }"; - $javascript .= "\n }"; - $javascript .= "\n }"; - $javascript .= "\n }"; - $javascript .= "\n on_updatecontrols();"; - $javascript .= "\n "; - $javascript .= "\n//-->"; - $javascript .= "\n</script>"; - } + $javascript = ''; + + $xml = ($_GET["xml"] !== '') ? $_GET["xml"] : $_POST["xml"]; + + # squidguard_default.xml + if ($xml === "squidguard_default.xml") { + $javascript .= "\n<script language='JavaScript'>"; + $javascript .= "\n<!--"; + $javascript .= "\n document.iform.dest.disabled=1;"; + $javascript .= "\n//-->"; + $javascript .= "\n</script>"; + } # if + + # squidguard_acl.xml + if ($xml === "squidguard_acl.xml") { + $javascript .= "\n<script language='JavaScript'>"; + $javascript .= "\n<!--"; + $javascript .= "\n document.iform.dest.disabled=1;"; + # source JS part + $javascript .= "\n function on_updatecontrols() {"; + $javascript .= "\n document.iform.elements['order'].disabled = 0;"; + $javascript .= "\n document.iform.elements['order'].onfocus = on_orderfocus;"; + $javascript .= "\n }"; + $javascript .= "\n function on_orderfocus() {"; + $javascript .= "\n document.iform.elements['order'].blur();"; + $javascript .= "\n }"; + $javascript .= "\n function on_moveup() {"; + $javascript .= "\n var order = parseInt(document.iform.elements['order'].value)"; + $javascript .= "\n if (order > 0)"; + $javascript .= "\n order = order - 1;"; + $javascript .= "\n else order = 0;"; + $javascript .= "\n document.iform.elements['order'].value = order;"; + $javascript .= "\n }"; + $javascript .= "\n function on_movedown() {"; + $javascript .= "\n var order = parseInt(document.iform.elements['order'].value)"; + $javascript .= "\n if (order >= 0)"; + $javascript .= "\n order = order + 1;"; + $javascript .= "\n else order = 0;"; + $javascript .= "\n document.iform.elements['order'].value = order;"; + $javascript .= "\n }"; + $javascript .= "\n on_updatecontrols();"; + $javascript .= "\n "; + # end source JS part + $javascript .= "\n//-->"; + $javascript .= "\n</script>"; + + } # if + + if ($xml === "squidguard_time.xml") { + $javascript .= "\n<script language='JavaScript'>"; + $javascript .= "\n<!--"; + $javascript .= "\n function on_updatecontrols() {"; + $javascript .= "\n for (var i=0; i<99; i++) {"; + $javascript .= "\n var elm = document.iform.elements['timetype' + i];"; + $javascript .= "\n if (elm) {"; + $javascript .= "\n document.iform.elements['timetype' + i].onclick = on_updatecontrols;"; + $javascript .= "\n if (document.iform.elements['timetype' + i].value == 'weekly') {"; + $javascript .= "\n document.iform.elements['timedays' + i].disabled = 0;"; + $javascript .= "\n document.iform.elements['daterange' + i].disabled = 1;"; + $javascript .= "\n }"; + $javascript .= "\n else {"; + $javascript .= "\n document.iform.elements['timedays' + i].disabled = 1;"; + $javascript .= "\n document.iform.elements['daterange' + i].disabled = 0;"; + $javascript .= "\n }"; + $javascript .= "\n }"; + $javascript .= "\n }"; + $javascript .= "\n }"; + $javascript .= "\n on_updatecontrols();"; + $javascript .= "\n "; + $javascript .= "\n//-->"; + $javascript .= "\n</script>"; + } - if ($xml == "squidguard_src.xml") { ### will deleted ### - $javascript .= "\n<script language='JavaScript'>"; - $javascript .= "\n<!--"; - $javascript .= "\n function on_updatecontrols() {"; - $javascript .= "\n document.iform.elements['order'].disabled = 0;"; - $javascript .= "\n document.iform.elements['order'].onfocus = on_orderfocus;"; - $javascript .= "\n }"; - $javascript .= "\n function on_orderfocus() {"; - $javascript .= "\n document.iform.elements['order'].blur();"; - $javascript .= "\n }"; - $javascript .= "\n function on_moveup() {"; - $javascript .= "\n var order = parseInt(document.iform.elements['order'].value)"; - $javascript .= "\n if (order > 0)"; - $javascript .= "\n order = order - 1;"; - $javascript .= "\n else order = 0;"; - $javascript .= "\n document.iform.elements['order'].value = order;"; - $javascript .= "\n }"; - $javascript .= "\n function on_movedown() {"; - $javascript .= "\n var order = parseInt(document.iform.elements['order'].value)"; - $javascript .= "\n if (order >= 0)"; - $javascript .= "\n order = order + 1;"; - $javascript .= "\n else order = 0;"; - $javascript .= "\n document.iform.elements['order'].value = order;"; - $javascript .= "\n }"; - $javascript .= "\n on_updatecontrols();"; - $javascript .= "\n "; - $javascript .= "\n//-->"; - $javascript .= "\n</script>"; - } + if ($xml === "squidguard_src.xml") { ### will deleted ### + $javascript .= "\n<script language='JavaScript'>"; + $javascript .= "\n<!--"; + $javascript .= "\n function on_updatecontrols() {"; + $javascript .= "\n document.iform.elements['order'].disabled = 0;"; + $javascript .= "\n document.iform.elements['order'].onfocus = on_orderfocus;"; + $javascript .= "\n }"; + $javascript .= "\n function on_orderfocus() {"; + $javascript .= "\n document.iform.elements['order'].blur();"; + $javascript .= "\n }"; + $javascript .= "\n function on_moveup() {"; + $javascript .= "\n var order = parseInt(document.iform.elements['order'].value)"; + $javascript .= "\n if (order > 0)"; + $javascript .= "\n order = order - 1;"; + $javascript .= "\n else order = 0;"; + $javascript .= "\n document.iform.elements['order'].value = order;"; + $javascript .= "\n }"; + $javascript .= "\n function on_movedown() {"; + $javascript .= "\n var order = parseInt(document.iform.elements['order'].value)"; + $javascript .= "\n if (order >= 0)"; + $javascript .= "\n order = order + 1;"; + $javascript .= "\n else order = 0;"; + $javascript .= "\n document.iform.elements['order'].value = order;"; + $javascript .= "\n }"; + $javascript .= "\n on_updatecontrols();"; + $javascript .= "\n "; + $javascript .= "\n//-->"; + $javascript .= "\n</script>"; + } - print($javascript); + print($javascript); } # ============================================================================== -# SquidGuard 2 +# Converter # ============================================================================== - -// ----------------------------------------------------------------- -// convert_pfxml_to_sgxml -// ----------------------------------------------------------------- +# convert_pfxml_to_sgxml +# ----------------------------------------------------------------- function convert_pfxml_to_sgxml() { + + capability_update_source(); + global $config; $sgxml = array(); $pfxml = $config['installedpackages'][MODULE_GENERAL]['config'][0]; @@ -1240,7 +1073,6 @@ function convert_pfxml_to_sgxml() { $sgxml[FLD_SGCONF_XML] = SQUIDGUARD_WORKDIR . SQUIDGUARD_CONFXML; $sgxml[FLD_ENABLED] = $pfxml[FLD_SQUIDGUARDENABLE]; $sgxml[FLD_BLACKLISTENABLED] = $pfxml[FLD_BLACKLIST]; - $sgxml[FLD_REDIRECTMODE] = $pfxml[FLD_REDIRECTMODE]; $sgxml[FLD_SOURCES] = convert_pfxml_to_sgxml_source($config); $sgxml[FLD_DESTINATIONS] = convert_pfxml_to_sgxml_destination($config); $sgxml[FLD_REWRITES] = convert_pfxml_to_sgxml_rewrite($config); @@ -1248,220 +1080,260 @@ function convert_pfxml_to_sgxml() { $sgxml[FLD_ACLS] = convert_pfxml_to_sgxml_acl($config); $sgxml[FLD_DEFAULT] = convert_pfxml_to_sgxml_default($config); - // transparent + # transparent $squidxml = $config['installedpackages']['squid']['config'][0]; if(isset($squidxml['transparent_proxy'])) { - $lanip = $config['interfaces']['lan']['ipaddr']; - $guiport = $config['system']['webgui']['port']; - $guiprotocol = $config['system']['webgui']['protocol']; - - $sgxml[FLD_SQUID_TRANSPARENT_MODE] = 'on'; - $sgxml[FLD_CURRENT_LAN_IP] = $lanip; - $sgxml[FLD_CURRENT_GUI_PORT] = $guiport; - $sgxml[FLD_CURRENT_GUI_PROTO] = $guiprotocol; + $lanip = $config['interfaces']['lan']['ipaddr']; + $guiport = $config['system']['webgui']['port']; + $guiprotocol = $config['system']['webgui']['protocol']; + + $sgxml[FLD_SQUID_TRANSPARENT_MODE] = 'on'; + $sgxml[FLD_CURRENT_LAN_IP] = $lanip; + $sgxml[FLD_CURRENT_GUI_PORT] = $guiport; + $sgxml[FLD_CURRENT_GUI_PROTO] = $guiprotocol; } else { - unset($sgxml[FLD_SQUID_TRANSPARENT_MODE]); - unset($sgxml[FLD_CURRENT_LAN_IP]); - unset($sgxml[FLD_CURRENT_GUI_PORT]); - unset($sgxml[FLD_CURRENT_GUI_PROTO]); + unset($sgxml[FLD_SQUID_TRANSPARENT_MODE]); + unset($sgxml[FLD_CURRENT_LAN_IP]); + unset($sgxml[FLD_CURRENT_GUI_PORT]); + unset($sgxml[FLD_CURRENT_GUI_PROTO]); } - // store cfg cache + # store cfg cache $cfg_xml = dump_xml_config($sgxml, FLD_SQUIDGUARD); file_put_contents($sgxml[FLD_SGCONF_XML], $cfg_xml); return $sgxml; } -// ----------------------------------------------------------------- -// convert_pfxml_to_sgxml_source -// sgxml_source: [name][ip][desc][log] -// ----------------------------------------------------------------- +# ----------------------------------------------------------------- +# convert_pfxml_to_sgxml_source +# sgxml_source: [name][ip][desc][log] +# ----------------------------------------------------------------- # Changes 04-01-2008 : # Source fields moved to ACL page. Source page - will remove # But in XML internal config nothing to change -# +# ----------------------------------------------------------------- +# Changes 21-07-2008 : +# Source IP and domain move to one field, added 'username'. function convert_pfxml_to_sgxml_source($pfconfig) { - $sgxml = array(); - $pfxml = $pfconfig['installedpackages']['squidguardacl']['config']; - if (is_array($pfxml)) { - foreach($pfxml as $pfx) { - $sgx = array(); - $sgx[FLD_NAME] = $pfx['name']; - $sgx[FLD_IP] = $pfx['iplist']; - $sgx[FLD_DOMAINS] = $pfx[FLD_DOMAINS]; - $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; - $sgx[FLD_DESCRIPTION] = $pfx['description']; - $sgxml[FLD_ITEM][] = $sgx; - } - } - return $sgxml; + $sgxml = array(); + $pfxml = $pfconfig['installedpackages']['squidguardacl']['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[FLD_NAME] = $pfx['name']; + $sgx[FLD_SOURCE] = $pfx[FLD_SOURCE]; + $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; + $sgx[FLD_DESCRIPTION] = $pfx['description']; + $sgxml[FLD_ITEM][] = $sgx; + } + } + return $sgxml; } -// ----------------------------------------------------------------- -// convert_pfxml_to_sgxml_destination -// sgxml_destination: [name][domains][expr][urls][redir][desc][log] -// ----------------------------------------------------------------- +# ----------------------------------------------------------------- +# convert_pfxml_to_sgxml_destination +# sgxml_destination: [name][domains][expr][urls][redir][desc][log] +# ----------------------------------------------------------------- function convert_pfxml_to_sgxml_destination($pfconfig) { - $sgxml = array(); - $pfxml = $pfconfig['installedpackages']['squidguarddest']['config']; - if (is_array($pfxml)) { - foreach($pfxml as $pfx) { - $sgx = array(); - $sgx[FLD_NAME] = $pfx['name']; - $sgx[FLD_URLS] = $pfx['urls']; - $sgx[FLD_DOMAINS] = $pfx[FLD_DOMAINS]; - $sgx[FLD_EXPRESSIONS] = $pfx['expressions']; - $sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT]; - $sgx[FLD_DESCRIPTION] = $pfx['description']; - $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; - $sgxml[FLD_ITEM][] = $sgx; - } + $sgxml = array(); + $pfxml = $pfconfig['installedpackages']['squidguarddest']['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[FLD_NAME] = $pfx['name']; + $sgx[FLD_URLS] = $pfx['urls']; + $sgx[FLD_DOMAINS] = $pfx[FLD_DOMAINS]; + $sgx[FLD_EXPRESSIONS] = $pfx['expressions']; + $sgx[FLD_RMOD] = isset($pfx[FLD_RMOD]) ? $pfx[FLD_RMOD] : RMOD_NONE; + $sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT]; + $sgx[FLD_DESCRIPTION] = $pfx['description']; + $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; + $sgxml[FLD_ITEM][] = $sgx; } - return $sgxml; + } + return $sgxml; } -// ----------------------------------------------------------------- -// convert_pfxml_to_sgxml_rewrite -// sgxml_rewrite: [name][desc][log][items(array): [targeturl][replaceto]] -// ----------------------------------------------------------------- +# ----------------------------------------------------------------- +# convert_pfxml_to_sgxml_rewrite +# sgxml_rewrite: [name][desc][log][items(array): [targeturl][replaceto]] +# ----------------------------------------------------------------- function convert_pfxml_to_sgxml_rewrite($pfconfig) { - $sgxml = array(); - - $pfxml = $pfconfig['installedpackages']['squidguardrewrite']['config']; - if (is_array($pfxml)) { - foreach($pfxml as $pfx) { - $sgx = array(); - $sgx[FLD_NAME] = $pfx['name']; - $sgx[FLD_DESCRIPTION] = $pfx['description']; - $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; - - if (is_array($pfx['row'])) { - foreach($pfx['row'] as $pfx_row) { - $sgx_row = array(); - $sgx_row[FLD_TARGETURL] = $pfx_row['targeturl']; - $sgx_row[FLD_REPLACETO] = $pfx_row['replaceto']; - $sgx[FLD_ITEM][] = $sgx_row; - } - } + $sgxml = array(); - $sgxml[FLD_ITEM][] = $sgx; + $pfxml = $pfconfig['installedpackages']['squidguardrewrite']['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[FLD_NAME] = $pfx['name']; + $sgx[FLD_DESCRIPTION] = $pfx['description']; + $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; + + if (is_array($pfx['row'])) { + foreach($pfx['row'] as $pfx_row) { + $sgx_row = array(); + $sgx_row[FLD_TARGETURL] = $pfx_row['targeturl']; + $sgx_row[FLD_REPLACETO] = $pfx_row['replaceto']; + $sgx[FLD_ITEM][] = $sgx_row; + } } + + $sgxml[FLD_ITEM][] = $sgx; } - return $sgxml; + } + return $sgxml; } -// ----------------------------------------------------------------- -// convert_pfxml_to_sgxml_time -// sgxml_time: [name][desc][items(array): [timetype][timedays][daterange][timerange]] -// ----------------------------------------------------------------- +# ----------------------------------------------------------------- +# convert_pfxml_to_sgxml_time +# sgxml_time: [name][desc][items(array): [timetype][timedays][daterange][timerange]] +# ----------------------------------------------------------------- function convert_pfxml_to_sgxml_time($pfconfig) { - $sgxml = array(); - - $pfxml = $pfconfig['installedpackages']['squidguardtime']['config']; - if (is_array($pfxml)) { - foreach($pfxml as $pfx) { - $sgx = array(); - $sgx[FLD_NAME] = $pfx[FLD_NAME]; - $sgx[FLD_DESCRIPTION] = $pfx[FLD_DESCRIPTION]; - - if (is_array($pfx['row'])) { - foreach($pfx['row'] as $pfx_row) { - $sgx_row = array(); - $sgx_row[FLD_TIMETYPE] = $pfx_row[FLD_TIMETYPE]; - $sgx_row[FLD_TIMEDAYS] = $pfx_row[FLD_TIMEDAYS]; - $sgx_row[FLD_DATERANGE] = $pfx_row[FLD_DATERANGE]; - $sgx_row[FLD_TIMERANGE] = $pfx_row[FLD_TIMERANGE]; - $sgx[FLD_ITEM][] = $sgx_row; - } - } + $sgxml = array(); - $sgxml[FLD_ITEM][] = $sgx; + $pfxml = $pfconfig['installedpackages']['squidguardtime']['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[FLD_NAME] = $pfx[FLD_NAME]; + $sgx[FLD_DESCRIPTION] = $pfx[FLD_DESCRIPTION]; + + if (is_array($pfx['row'])) { + foreach($pfx['row'] as $pfx_row) { + $sgx_row = array(); + $sgx_row[FLD_TIMETYPE] = $pfx_row[FLD_TIMETYPE]; + $sgx_row[FLD_TIMEDAYS] = $pfx_row[FLD_TIMEDAYS]; + $sgx_row[FLD_DATERANGE] = $pfx_row[FLD_DATERANGE]; + $sgx_row[FLD_TIMERANGE] = $pfx_row[FLD_TIMERANGE]; + $sgx[FLD_ITEM][] = $sgx_row; + } } + + $sgxml[FLD_ITEM][] = $sgx; } + } - return $sgxml; + return $sgxml; } -// ----------------------------------------------------------------- -// convert_pfxml_to_sgxml_acl -// sgxml_acl: [name][desc][disabled][timename][destname][redirect][rewritename][over_redirect][over_rewritename] -// ----------------------------------------------------------------- +# ----------------------------------------------------------------- +# convert_pfxml_to_sgxml_acl +# sgxml_acl: [name][desc][disabled][timename][destname][redirect][rewritename][over_redirect][over_rewritename] +# ----------------------------------------------------------------- function convert_pfxml_to_sgxml_acl($pfconfig) { - $sgxml = array(); - - $pfxml = $pfconfig['installedpackages']['squidguardacl']['config']; - if (is_array($pfxml)) { - foreach($pfxml as $pfx) { - $sgx = array(); - $sgx[FLD_NAME] = $pfx[FLD_NAME]; // [04-01-2008] new ver - $sgx[FLD_DESCRIPTION] = $pfx[FLD_DESCRIPTION]; - $sgx[FLD_DISABLED] = $pfx[FLD_DISABLED]; - $sgx[FLD_TIMENAME] = $pfx[FLD_TIME]; - $sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT]; - $sgx[FLD_REWRITENAME] = $pfx[FLD_REWRITE]; - $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; - $sgx[FLD_NOTALLOWINGIP] = $pfx[FLD_NOTALLOWINGIP]; - - // for overtime - $sgx[FLD_OVERREDIRECT] = $pfx[FLD_OVERREDIRECT]; - $sgx[FLD_OVERREWRITENAME] = $pfx[FLD_OVERREWRITE]; - - // destinations - if (strpos($pfx['dest'], '[') === false) { - $sgx[FLD_DESTINATIONNAME] = trim($pfx['dest']); - $sgx[FLD_OVERDESTINATIONNAME] = ''; - } else { - $sgx[FLD_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) ); - $sgx[FLD_OVERDESTINATIONNAME] = trim( strstr($pfx['dest'], '[') ); - $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace(']', '', $sgx[FLD_OVERDESTINATIONNAME]) ); - $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace('[', '', $sgx[FLD_OVERDESTINATIONNAME]) ); - } + $sgxml = array(); - // !ATTENTION! '!all' must be convert to 'none' - $sgx[FLD_DESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_DESTINATIONNAME]); - $sgx[FLD_OVERDESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_OVERDESTINATIONNAME]); + $pfxml = $pfconfig['installedpackages']['squidguardacl']['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[FLD_NAME] = $pfx[FLD_NAME]; # [04-01-2008] new ver + $sgx[FLD_DESCRIPTION] = $pfx[FLD_DESCRIPTION]; + $sgx[FLD_DISABLED] = $pfx[FLD_DISABLED]; + $sgx[FLD_TIMENAME] = $pfx[FLD_TIME]; + $sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT]; + $sgx[FLD_RMOD] = isset($pfx[FLD_RMOD]) ? $pfx[FLD_RMOD] : RMOD_NONE; + $sgx[FLD_REWRITENAME] = $pfx[FLD_REWRITE]; + $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; + $sgx[FLD_NOTALLOWINGIP] = $pfx[FLD_NOTALLOWINGIP]; + + # for overtime + $sgx[FLD_OVERREDIRECT] = $pfx[FLD_REDIRECT]; # disabled ->- $pfx[FLD_OVERREDIRECT]; + $sgx[FLD_OVERREWRITENAME] = $pfx[FLD_OVERREWRITE]; + + # destinations + if (strpos($pfx['dest'], '[') === false) { + $sgx[FLD_DESTINATIONNAME] = trim($pfx['dest']); + $sgx[FLD_OVERDESTINATIONNAME] = ''; + } + else { + $sgx[FLD_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) ); + $sgx[FLD_OVERDESTINATIONNAME] = trim( strstr($pfx['dest'], '[') ); + $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace(']', '', $sgx[FLD_OVERDESTINATIONNAME]) ); + $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace('[', '', $sgx[FLD_OVERDESTINATIONNAME]) ); + } - // if empty - adding 'none' - if (!$sgx[FLD_DESTINATIONNAME]) $sgx[FLD_DESTINATIONNAME] = "none"; - if (!$sgx[FLD_OVERDESTINATIONNAME]) $sgx[FLD_OVERDESTINATIONNAME] = "none"; + # !ATTENTION! '!all' must be convert to 'none' + $sgx[FLD_DESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_DESTINATIONNAME]); + $sgx[FLD_OVERDESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_OVERDESTINATIONNAME]); - $sgxml[FLD_ITEM][] = $sgx; - } + # if empty - adding 'none' + if (!$sgx[FLD_DESTINATIONNAME]) $sgx[FLD_DESTINATIONNAME] = "none"; + if (!$sgx[FLD_OVERDESTINATIONNAME]) $sgx[FLD_OVERDESTINATIONNAME] = "none"; + + $sgxml[FLD_ITEM][] = $sgx; } - return $sgxml; + } + return $sgxml; } -// ----------------------------------------------------------------- -// convert_pfxml_to_sgxml_default -// sgxml_acl: [name][desc][disabled][timename][destname][redirect][rewritename][over_redirect][over_rewritename] -// ----------------------------------------------------------------- +# ----------------------------------------------------------------- +# convert_pfxml_to_sgxml_default +# sgxml_acl: [name][desc][disabled][timename][destname][redirect][rewritename][over_redirect][over_rewritename] +# ----------------------------------------------------------------- function convert_pfxml_to_sgxml_default($pfconfig) { - $pfxml = $pfconfig['installedpackages']['squidguarddefault']['config']; - - $pfx = $pfxml[0]; - $sgx = array(); - $sgx[FLD_NAME] = 'default'; - $sgx[FLD_DESCRIPTION] = ''; - $sgx[FLD_DISABLED] = ''; - $sgx[FLD_TIMENAME] = $pfx[FLD_TIME]; - $sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT]; - $sgx[FLD_REWRITENAME] = $pfx[FLD_REWRITE]; - $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; - $sgx[FLD_NOTALLOWINGIP] = $pfx[FLD_NOTALLOWINGIP]; - - // destinations - if (strpos($pfx['dest'], '[') === false) - $sgx[FLD_DESTINATIONNAME] = trim($pfx['dest']); - else $sgx[FLD_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) ); - - // !ATTENTION! '!all' must be convert to 'none' - $sgx[FLD_DESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_DESTINATIONNAME]); - - // if empty - adding 'none' - if (!$sgx[FLD_DESTINATIONNAME]) $sgx[FLD_DESTINATIONNAME] = "none"; - - return $sgx; + $pfxml = $pfconfig['installedpackages']['squidguarddefault']['config']; + + $pfx = $pfxml[0]; + $sgx = array(); + $sgx[FLD_NAME] = 'default'; + $sgx[FLD_DESCRIPTION] = ''; + $sgx[FLD_DISABLED] = ''; + $sgx[FLD_TIMENAME] = $pfx[FLD_TIME]; + $sgx[FLD_RMOD] = isset($pfx[FLD_RMOD]) ? $pfx[FLD_RMOD] : RMOD_INT_ERRORPAGE; + $sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT]; + $sgx[FLD_REWRITENAME] = $pfx[FLD_REWRITE]; + $sgx[FLD_LOG] = $pfx[FLD_ENABLELOG]; + $sgx[FLD_NOTALLOWINGIP] = $pfx[FLD_NOTALLOWINGIP]; + + # destinations + if (strpos($pfx['dest'], '[') === false) + $sgx[FLD_DESTINATIONNAME] = trim($pfx['dest']); + else $sgx[FLD_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) ); + + # !ATTENTION! '!all' must be convert to 'none' + $sgx[FLD_DESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_DESTINATIONNAME]); + + # if empty - adding 'none' + if (!$sgx[FLD_DESTINATIONNAME]) $sgx[FLD_DESTINATIONNAME] = "none"; + + return $sgx; } +# ================================================================= +# Capability +# ================================================================= +# capability update source from old config version +function capability_update_source() { + global $config; + $conf_changed = false; + + if (isset($config['installedpackages']['squidguardacl']['config'])) { + $tconf = &$config['installedpackages']['squidguardacl']['config']; + foreach($tconf as $key => $cfg) { + if (isset($cfg['iplist'])) { + $tconf[$key][FLD_SOURCE] .= " " . $cfg['iplist']; + unset($tconf[$key]['iplist']); + $conf_changed = true; + } + if (isset($cfg[FLD_DOMAINS])) { + $tconf[$key][FLD_SOURCE] .= " " . $cfg[FLD_DOMAINS]; + unset($tconf[$key][FLD_DOMAINS]); + $conf_changed = true; + } + } + + if ($conf_changed) write_config('Update squidguardacl config'); + } + +} +# ------------------------------------------------------------------ +# get_item_id - get item 'id' from get/post +# ------------------------------------------------------------------ +function get_item_id() +{ + return isset($_GET['id']) ? $_GET['id'] : $_POST['id']; +} +# ------------------------------------------------------------------ ?> diff --git a/packages/squidGuard/squidguard.xml b/packages/squidGuard/squidguard.xml index 739fe609..b00e9ed8 100644 --- a/packages/squidGuard/squidguard.xml +++ b/packages/squidGuard/squidguard.xml @@ -6,183 +6,159 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> - <name>squidguardgeneral</name> - <version>1.2.0_1</version> - <title>Proxy Content filter SquidGuard: General settings</title> - <include_file>/usr/local/pkg/squidguard.inc</include_file> + <name>squidguardgeneral</name> + <version>1.2.0_1</version> + <title>Proxy Content filter SquidGuard: General settings</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> - <!-- Installation --> - <menu> - <name>Proxy Content filter</name> - <tooltiptext>Modify the proxy server's filter settings</tooltiptext> - <section>Services</section> - <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> - </menu> + <!-- Installation --> + <menu> + <name>Proxy Content filter</name> + <tooltiptext>Modify the proxy server's filter settings</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + </menu> - <tabs> - <tab> - <text>General settings</text> - <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> - <active/> - </tab> - <tab> - <text>Default</text> - <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> - </tab> - <tab> - <text>ACL</text> - <url>/pkg.php?xml=squidguard_acl.xml</url> - </tab> - <tab> - <text>Destinations</text> - <url>/pkg.php?xml=squidguard_dest.xml</url> - </tab> - <tab> - <text>Times</text> - <url>/pkg.php?xml=squidguard_time.xml</url> - </tab> - <tab> - <text>Rewrites</text> - <url>/pkg.php?xml=squidguard_rewr.xml</url> - </tab> - <tab> - <text>Log</text> - <url>/pkg_edit.php?xml=squidguard_log.xml</url> - </tab> - </tabs> - - <service> - <name>squidGuard</name> - <description>Proxy server filter Service</description> - <executable>squidGuard</executable> - </service> + <tabs> + <tab> + <text>General settings</text> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Default</text> + <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> + </tab> + <tab> + <text>ACL</text> + <url>/pkg.php?xml=squidguard_acl.xml</url> + </tab> + <tab> + <text>Destinations</text> + <url>/pkg.php?xml=squidguard_dest.xml</url> + </tab> + <tab> + <text>Times</text> + <url>/pkg.php?xml=squidguard_time.xml</url> + </tab> + <tab> + <text>Rewrites</text> + <url>/pkg.php?xml=squidguard_rewr.xml</url> + </tab> + <tab> + <text>Log</text> + <url>/pkg_edit.php?xml=squidguard_log.xml</url> + </tab> + </tabs> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_configurator.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_acl.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_default.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_dest.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_rewr.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_time.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_log.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squidGuard/sgerror.php</item> - </additional_files_needed> + <service> + <name>squidGuard</name> + <description>Proxy server filter Service</description> + <executable>squidGuard</executable> + </service> - <fields> - <field> - <fielddescr>Enable</fielddescr> - <fieldname>squidguard_enable</fieldname> - <description>Check this for enable squidGuard</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Blacklist</fielddescr> - <fieldname>blacklist</fieldname> - <description>Check this for enable blacklist</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Blacklist proxy</fielddescr> - <fieldname>blacklist_proxy</fieldname> - <description> - Blacklist upload proxy - enter here, or leave blank. - Format: host:[port login:pass] . Default proxy port 1080. - Example: '192.168.0.1:8080 user:pass' - </description> - <type>input</type> - <size>100</size> - </field> - <field> - <fielddescr>Blacklist URL</fielddescr> - <fieldname>blacklist_url</fieldname> - <description>Enter FTP, HTTP or LOCAL (pfSense) URL blacklist archive, or leave blank.</description> - <type>input</type> - <size>100</size> - </field> - <field> - <fielddescr>Redirect mode</fielddescr> - <fieldname>redirect_mode</fieldname> - <description> - Select redirect mode here. If you selected 'Internal', then will use internal 'sgerror.php' page. - Else - all redirect url's will added 'as it is'. In this situation you can't use 'HTTP error codes', - 'BLANK' and 'BLANK_IMG' extensions, only you self error page URL. - </description> - <type>select</type> - <value>rmod_int</value> - <options> - <option><name>Internal</name><value>rmod_int</value></option> - <option><name>External as Moved (http '301' code)</name><value>rmod_301</value></option> - <option><name>External as Found (http '302' code)</name><value>rmod_302</value></option> - </options> - </field> - <field> - <fielddescr>Emulate error HTTP header</fielddescr> - <fieldname>emu_err_http_hdr</fieldname> - <description> - Check this for enable emulation error code HTTP header, - when proxy-filter deny access to URL with specified HTTP error code - in 'Redirect' field's. This may change behaviour client's IE brouser - and affiliated proxy. - </description> - <type>checkbox</type> - </field> - <field> - <fielddescr>View GUI log</fielddescr> - <fieldname>view_gui_log</fieldname> - <description>Check this for view GUI log</description> - <type>checkbox</type> - </field> - </fields> - <custom_add_php_command/> - <custom_php_command_before_form> - squidguard_before_form(&$pkg); - </custom_php_command_before_form> - <custom_php_after_form_command> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_configurator.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_acl.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_default.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_dest.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_rewr.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_time.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_log.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard/sgerror.php</item> + </additional_files_needed> + + <fields> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>squidguard_enable</fieldname> + <description>Check this for enable squidGuard</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Blacklist</fielddescr> + <fieldname>blacklist</fieldname> + <description>Check this for enable blacklist</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Blacklist proxy</fielddescr> + <fieldname>blacklist_proxy</fieldname> + <description> + Blacklist upload proxy - enter here, or leave blank. + Format: host:[port login:pass] . Default proxy port 1080. + Example: '192.168.0.1:8080 user:pass' + </description> + <type>input</type> + <size>100</size> + </field> + <field> + <fielddescr>Blacklist URL</fielddescr> + <fieldname>blacklist_url</fieldname> + <description>Enter FTP, HTTP or LOCAL (pfSense) URL blacklist archive, or leave blank.</description> + <type>input</type> + <size>100</size> + </field> + <field> + <fielddescr>View GUI log</fielddescr> + <fieldname>view_gui_log</fieldname> + <description>Check this for view GUI log</description> + <type>checkbox</type> + </field> + </fields> + <custom_add_php_command/> + <custom_php_validation_command> + squidguard_validate(&$_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_command_before_form> + squidguard_before_form(&$pkg); + </custom_php_command_before_form> + <custom_php_after_form_command> squidGuard_print_javascript(); - </custom_php_after_form_command> - <custom_php_resync_config_command> - squidguard_resync(); - </custom_php_resync_config_command> - <custom_php_install_command> - squidguard_install_command(); - squidguard_resync(); - </custom_php_install_command> - <custom_php_deinstall_command> - squidguard_deinstall_command(); - </custom_php_deinstall_command> + </custom_php_after_form_command> + <custom_php_resync_config_command> + squidguard_resync(); + </custom_php_resync_config_command> + <custom_php_install_command> + squidguard_install_command(); + squidguard_resync(); + </custom_php_install_command> + <custom_php_deinstall_command> + squidguard_deinstall_command(); + </custom_php_deinstall_command> </packagegui>
\ No newline at end of file diff --git a/packages/squidGuard/squidguard_acl.xml b/packages/squidGuard/squidguard_acl.xml index 3439e674..f7e8c7b7 100644 --- a/packages/squidGuard/squidguard_acl.xml +++ b/packages/squidGuard/squidguard_acl.xml @@ -6,13 +6,13 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> - <name>squidguardacl</name> - <version>none</version> - <title>Proxy Content filter SquidGuard: Access Control List (ACL)</title> - <include_file>/usr/local/pkg/squidguard.inc</include_file> + <name>squidguardacl</name> + <version>none</version> + <title>Proxy Content filter SquidGuard: Access Control List (ACL)</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> - <delete_string>A proxy server user has been deleted.</delete_string> - <addedit_string>A proxy server user has been created/modified.</addedit_string> + <delete_string>A proxy server user has been deleted.</delete_string> + <addedit_string>A proxy server user has been created/modified.</addedit_string> <tabs> <tab> @@ -45,194 +45,230 @@ <url>/pkg_edit.php?xml=squidguard_log.xml</url> </tab> </tabs> - - <adddeleteeditpagefields> - <columnitem> - <fielddescr>Disable</fielddescr> - <fieldname>disabled</fieldname> - </columnitem> - <columnitem> - <fielddescr>Order</fielddescr> - <fieldname>order</fieldname> - </columnitem> - <columnitem> - <fielddescr>Name</fielddescr> - <fieldname>name</fieldname> - </columnitem> - <columnitem> - <fielddescr>Destinations</fielddescr> - <fieldname>dest</fieldname> - </columnitem> - <columnitem> - <fielddescr>Time</fielddescr> - <fieldname>time</fieldname> - </columnitem> - <columnitem> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - </columnitem> - </adddeleteeditpagefields> - <fields> - <field> - <fielddescr>Disabled</fielddescr> - <fieldname>disabled</fieldname> - <description>Check this for disable this ACL rule.</description> - <type>checkbox</type> - </field> -<!-- - <field> - <fielddescr>Source name</fielddescr> - <fieldname>source</fieldname> - <description>Select source name here (required). Any ACL must have unique source name.</description> - <required/> - <type>select</type> - </field> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Disable</fielddescr> + <fieldname>disabled</fieldname> + </columnitem> + <columnitem> + <fielddescr>Order</fielddescr> + <fieldname>order</fieldname> + </columnitem> + <columnitem> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Source</fielddescr> + <fieldname>source</fieldname> + </columnitem> + <!--columnitem> + <fielddescr>Destinations</fielddescr> + <fieldname>dest</fieldname> + </columnitem--> + <columnitem> + <fielddescr>Time</fielddescr> + <fieldname>time</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + + <fields> + <field> + <fielddescr>Disabled</fielddescr> + <fieldname>disabled</fieldname> + <description>Check this for disable this ACL rule.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description> + Enter the unique name here. + Name must consist of minimum 2 symbols, first from which letter. <br> + All other symbols must be [a-Z_0-9]. + </description> + <type>input</type> + <required/> + <size>100</size> + </field> + <field> + <fielddescr>Order</fielddescr> + <fieldname>order</fieldname> + <description> + The order defines a place in the list of ACL. <br> + <b>Note:</b> <br> + Search for a suitable ACL by field 'source' will occur before the first match. If you want to define an exception for some sources (IP) from the IP range, put them on first of the list. <br> + <b>For example:</b> <br> + Right order: + ACL0 with source ip 10.0.0.15, then ACL1 with ip-range 10.0.0.0/24 <br> + </description> + <type>input</type> + <size>5</size> + </field> + <field> + <fielddescr>Source IP adresses and domains</fielddescr> + <fieldname>source</fieldname> + <description> + Enter source IP address or domain or "username" here. For separate use space. + <br><b>Example:</b> + <br>ip: 192.168.0.1 or subnet 192.168.0.0/24 or subnet 192.168.1.0/255.255.255.0 or range 192.168.1.1-192.168.1.10 + <br>domain: foo.bar match foo.bar or *.foo.bar + <br>username: 'user1' + </description> + <type>textarea</type> + <cols>65</cols> + <rows>3</rows> + <required/> + </field> + <!--field> + <fielddescr>Source IP addresses</fielddescr> + <fieldname>iplist</fieldname> + <description> + Enter source IP addresses here with space(' ') divider. + IP addresses must have format:<br> + single example: '192.168.0.1' <br> + range examples: '192.168.0.0/24', '192.168.1.0/255.255.255.0', '192.168.1.1-192.168.1.10' + </description> + <type>textarea</type> + <cols>65</cols> + <rows>3</rows> + </field> + <field> + <fielddescr>Source Domains</fielddescr> + <fieldname>domains</fieldname> + <description> + Enter source domains names here with space(' ') divider. + Example: <b>'foo.bar'</b> match <b>'foo.bar'</b> or <b>'*.foo.bar'</b>. + </description> + <type>textarea</type> + <cols>65</cols> + <rows>3</rows> + </field--> + <field> + <fielddescr>Time</fielddescr> + <fieldname>time</fieldname> + <description>Enter time name in current which this rule permitted.</description> + <type>select</type> + </field> + <field> + <fielddescr>Destination</fielddescr> + <fieldname>dest</fieldname> + <description></description> + <type>input</type> + <size>100</size> + </field> + <field> + <fielddescr>Not to allow IP addresses in URL</fielddescr> + <fieldname>notallowingip</fieldname> + <description> + To make sure that people don't bypass the URL filter + by simply using the IP addresses instead of the fully qualified domain names, you can check this option. + </description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Redirect mode</fielddescr> + <fieldname>redirect_mode</fieldname> + <description> + Select redirect mode here. + <br> Note: if you use 'transparent proxy', then 'int' redirect mode will not accessible. +<!-- <br><b> int size limit :</b> if content size 0 or > 'size limit', then client moved to 'blank image' page; --> + <br> Options: + <A title="To 'url' will added special client information;" > + <span style="background-color: #dddddd;" >ext url err page</span></A> , + <A title="Client view 'url' content without any notification about;" > + <span style="background-color: #dddddd;" > ext url redirect</span></A> , + <A title="Client will moved to specified url with displaying url in addres bar;" > + <span style="background-color: #dddddd;" > ext url as 'move'</span></A> , + <A title="Client will moved to specified url with showing progress(only!) in status bar;" > + <span style="background-color: #dddddd;" > ext url as 'found'.</span></A> + </u> + </description> + <type>select</type> + <value>rmod_none</value> + <options> + <option><name>none</name> <value>rmod_none</value></option> + <option><name>int error page (enter error message)</name> <value>rmod_int</value></option> + <option><name>int blank page </name> <value>rmod_int_bpg</value></option> +<!-- <option><name>int blank image</name> <value>rmod_int_bim</value></option> --> +<!-- <option><name>int size limit (enter size in bytes)</name> <value>rmod_int_szl</value></option> --> + <option><name>ext url err page (enter URL)</name> <value>rmod_ext_err</value></option> + <option><name>ext url redirect (enter URL)</name> <value>rmod_ext_rdr</value></option> + <option><name>ext url move (enter URL)</name> <value>rmod_ext_mov</value></option> + <option><name>ext url found (enter URL)</name> <value>rmod_ext_fnd</value></option> + </options> + </field> + <field> + <fielddescr>Redirect</fielddescr> + <fieldname>redirect</fieldname> + <description> + Enter external redirection URL, error message or size (bytes) here. + </description> + <type>textarea</type> + <cols>65</cols> + <rows>2</rows> + </field> +<!-- not need now + <field> + <fielddescr>Overtime redirect</fielddescr> + <fieldname>overredirect</fieldname> + <description> + Enter external redirection URL, error message or size (bytes) here. + </description> + <type>textarea</type> + <cols>65</cols> + <rows>2</rows> + </field> --> - <field> - <fielddescr>Name</fielddescr> - <fieldname>name</fieldname> - <description> - You can enter name here. Name consist minimum 2 symbols, first from which letter. <br> - All other symbols is [a-Z_0-9]. Source name must be <b>unique</b> . - </description> - <type>input</type> - <required/> - <size>100</size> - </field> - <field> - <fielddescr>Order</fielddescr> - <fieldname>order</fieldname> - <description> - Order source in list. <br> - <b>Note:</b> <br> - Sources order have very high importance. Sources are evaluated on a first-match basis. <br> - If your sources have an overlaying ranges, then act will be first in list. <br> - <b>For example:</b> <br> - Wrong order: - First source entry is the range 10.0.0.0/24 and second entry is 10.0.0.15 (or 10.0.0.15/32 ) <br> - Right order: - First source entry is the single ip 10.0.0.15 (or 10.0.0.15/32 ) then the overlaying range 10.0.0.0/24 <br> - </description> - <type>input</type> - <size>5</size> - </field> - <field> - <fielddescr>Source IP addresses</fielddescr> - <fieldname>iplist</fieldname> - <description> - Enter source IP addresses here with space(' ') divider. - IP addresses must have format:<br> - single example: '192.168.0.1' <br> - range examples: '192.168.0.0/24', '192.168.1.0/255.255.255.0', '192.168.1.1-192.168.1.10' - </description> - <type>textarea</type> - <cols>65</cols> - <rows>3</rows> - </field> - <field> - <fielddescr>Source Domains</fielddescr> - <fieldname>domains</fieldname> - <description> - Enter source domains names here with space(' ') divider. - Example: <b>'foo.bar'</b> match <b>'foo.bar'</b> or <b>'*.foo.bar'</b>. - </description> - <type>textarea</type> - <cols>65</cols> - <rows>3</rows> - </field> - <field> - <fielddescr>Time</fielddescr> - <fieldname>time</fieldname> - <description>Enter time name in current which this rule permitted.</description> - <type>select</type> - </field> - <field> - <fielddescr>Destination</fielddescr> - <fieldname>dest</fieldname> - <description></description> - <type>input</type> - <size>100</size> - </field> - <field> - <fielddescr>Not to allow IP addresses in URL</fielddescr> - <fieldname>notallowingip</fieldname> - <description> - To make sure that people don't bypass the URL filter - by simply using the IP addresses instead of the fully qualified domain names, you can check this option. - </description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Redirect</fielddescr> - <fieldname>redirect</fieldname> - <description> - Enter redirection URL, Tag or Error page code for this rule, or leave blank. <br> - Supported URL's: 'http://myurl', 'https://myurl'. <br> - Supported tags: 'blank', 'blank_img'. <br> - Supported error page codes: 3xx, 4xx, 5xx. Format: 'code' or 'code[space]reason message'. - </description> - <type>textarea</type> - <cols>65</cols> - <rows>2</rows> - </field> - <field> - <fielddescr>Overtime redirect</fielddescr> - <fieldname>overredirect</fieldname> - <description> - Enter redirection URL, Tag or Error page code for this rule, or leave blank. <br> - Supported URL's: 'http://myurl', 'https://myurl'. <br> - Supported tags: 'blank', 'blank_img'. <br> - Supported error page codes: 3xx, 4xx, 5xx. Format: 'code' or 'code[space]reason message'. - </description> - <type>textarea</type> - <cols>65</cols> - <rows>2</rows> - </field> - <field> - <fielddescr>Rewrite</fielddescr> - <fieldname>rewrite</fieldname> - <description>Enter rewrite condition name for this rule, or leave blank.</description> - <type>select</type> - </field> - <field> - <fielddescr>Overtime rewrite</fielddescr> - <fieldname>overrewrite</fieldname> - <description>Enter rewrite condition name for this rule, or leave blank.</description> - <type>select</type> - </field> - <field> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description>You may enter a description here for your reference (not parsed).</description> - <type>input</type> - <size>100</size> - </field> - <field> - <fielddescr>Enable log</fielddescr> - <fieldname>enablelog</fieldname> - <description>Check this for enable log.</description> - <type>checkbox</type> - </field> - </fields> + <field> + <fielddescr>Rewrite</fielddescr> + <fieldname>rewrite</fieldname> + <description>Enter rewrite condition name for this rule, or leave blank.</description> + <type>select</type> + </field> + <field> + <fielddescr>Overtime rewrite</fielddescr> + <fieldname>overrewrite</fieldname> + <description>Enter rewrite condition name for this rule, or leave blank.</description> + <type>select</type> + </field> + <field> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description>You may enter a description here for your reference (not parsed).</description> + <type>input</type> + <size>100</size> + </field> + <field> + <fielddescr>Enable log</fielddescr> + <fieldname>enablelog</fieldname> + <description>Check this for enable log.</description> + <type>checkbox</type> + </field> + </fields> - <custom_php_validation_command> - squidguard_validate_acl(&$_POST, &$input_errors); - </custom_php_validation_command> - <custom_php_command_before_form> - squidguard_before_form_acl(&$pkg); - </custom_php_command_before_form> - <custom_php_after_form_command> - squidGuard_print_javascript(); - </custom_php_after_form_command> - <custom_php_resync_config_command> - squidguard_resync_acl(); - </custom_php_resync_config_command> - <custom_delete_php_command> - squidguard_resync_acl(); - </custom_delete_php_command> - <custom_add_php_command> - </custom_add_php_command> - <custom_add_php_command_late> - </custom_add_php_command_late> -</packagegui> + <custom_php_validation_command> + squidguard_validate_acl(&$_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_command_before_form> + squidguard_before_form_acl(&$pkg); + </custom_php_command_before_form> + <custom_php_after_form_command> + squidGuard_print_javascript(); + </custom_php_after_form_command> + <custom_php_resync_config_command> + squidguard_resync_acl(); + </custom_php_resync_config_command> + <custom_delete_php_command> + squidguard_resync_acl(); + </custom_delete_php_command> + <custom_add_php_command> + </custom_add_php_command> + <custom_add_php_command_late> + </custom_add_php_command_late> +</packagegui>
\ No newline at end of file diff --git a/packages/squidGuard/squidguard_configurator.inc b/packages/squidGuard/squidguard_configurator.inc index 492de85b..717b64a7 100644 --- a/packages/squidGuard/squidguard_configurator.inc +++ b/packages/squidGuard/squidguard_configurator.inc @@ -1,44 +1,44 @@ <?php # ------------------------------------------------------------------------------ -/* squidguard_configurator.inc - (C)2006 Serg Dvoriancev - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. +/* squidguard_configurator.inc + (C)2006-2008 Serg Dvoriancev + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ # ------------------------------------------------------------------------------ # SquidGuard Configurator # email: dv_serg@mail.ru # ------------------------------------------------------------------------------ # squidGuard inline options: -# squidGuard -C all - apdate database -# squidGuard -c <configfile> - create squidGuard with specified config file +# squidGuard -C all - update database +# squidGuard -c <configfile> - create squidGuard with specified config file # ------------------------------------------------------------------------------ # Notes: -# -- for work squidGuard need present ALL destinations; -# if dest not present in config - then this item will ignored in operations -# (in rebuild DB for example) +# for work squidGuard need present ALL destinations; +# if dest not present in config - then this item will ignored in operations +# (in rebuild DB for example) # ------------------------------------------------------------------------------ # Directories: -# work path - $workdir -# log path - $workdir + $logdir +# work path - $workdir +# log path - $workdir + $logdir # ------------------------------------------------------------------------------ require_once('globals.inc'); @@ -59,17 +59,15 @@ ini_set('max_input_time', '3600'); # ------------------------------------------------------------------------------ define('FILES_DB_HEADER', ' # ------------------------------------------------------------------------------ -# File created by squidGuard package GUI -# (C)2006 Serg Dvoriancev +# File created by squidGuard package GUI +# (C)2006-2008 Serg Dvoriancev # ------------------------------------------------------------------------------ '); define('CONFIG_SG_HEADER', " # ============================================================ # SquidGuard configuration file -# # This file generated automaticly with SquidGuard configurator -# # (C)2006 Serg Dvoriancev # email: dv_serg@mail.ru # ============================================================ @@ -80,15 +78,14 @@ define('ACL_WARNING_ABSENSE_PASS', "!WARNING! Absence PASS 'all' or 'none' added # ------------------------------------------------------------------------------ # squid config options # ------------------------------------------------------------------------------ -define('REDIRECTOR_OPTIONS_REM', '# squidGuard options'); -define('REDIRECTOR_PROGRAM_OPT', 'redirect_program'); -define('REDIRECT_BYPASS_OPT', 'redirector_bypass'); -define('REDIRECT_CHILDREN_OPT', 'redirect_children'); +define('REDIRECTOR_OPTIONS_REM', '# squidGuard options'); +define('REDIRECTOR_PROGRAM_OPT', 'redirect_program'); +define('REDIRECT_BYPASS_OPT', 'redirector_bypass'); +define('REDIRECT_CHILDREN_OPT', 'redirect_children'); # ------------------------------------------------------------------------------ # setup count redirector processes will started -# * for big count users service increase this option, -# but you need use this on powerful system +# * for big count users service increase this option, but you need use this on powerful system # ------------------------------------------------------------------------------ define('REDIRECTOR_PROCESS_COUNT', '3'); @@ -115,9 +112,8 @@ define('SQUIDGUARD_CONFBASE_DEF', '/usr/local/etc/squid'); define('SQUIDGUARD_LOGDIR_DEF', '/tmp'); define('SQUIDGUARD_WORKDIR_DEF', '/usr/local/etc/squidGuard'); define('SQUIDGUARD_BINPATH_DEF', '/usr/local/bin'); -define('SQUIDGUARD_TMP', '/var/tmp/squidGuard'); // SG temp -define('SQUIDGUARD_VAR', '/var/squidGuard'); // SG variables -define('SQUIDGUARD_STATE', '/squidGuard.state'); +define('SQUIDGUARD_TMP', '/var/tmp/squidGuard'); # SG temp +define('SQUIDGUARD_VAR', '/var/squidGuard'); # SG variables define('SQUIDGUARD_STATE', '/squidGuard.state'); define('SQUIDGUARD_REBUILD', '/squidGuard.rebuild'); @@ -136,36 +132,42 @@ define('DB_REBUILD_SH', '/tmp/squidGuard_db_rebuild.sh'); define('DB_REBUILD_CONF', '/tmp/squidGuard_db_rebuild.conf'); define('DB_REBUILD_BLK_CONF', '/squidGuard_blk_rebuild.conf'); define('BLK_TEMP', '/tmp/sg_blk'); -define('SG_BLK_ARC', '/arcdb'); // blk db archive +define('SG_BLK_ARC', '/arcdb'); # blk db archive define('SG_INFO_FILE', '/var/squidGuard/sg_db_upd.inf'); -# errors +# error_res define('SG_ERR0', "Error! Check squidGuard configuration data."); -# ------------------------------------------------------------------------------ +# redirect mode +define('RMOD_NONE', 'rmod_none'); +define('RMOD_INT_ERRORPAGE', 'rmod_int'); +define('RMOD_INT_BLANKPAGE', 'rmod_int_bpg'); +define('RMOD_INT_BLANKIMG', 'rmod_int_bim'); +define('RMOD_INT_SIZELIMIT', 'rmod_int_szl'); +define('RMOD_EXT_ERR', 'rmod_ext_err'); +define('RMOD_EXT_RDR', 'rmod_ext_rdr'); +define('RMOD_EXT_MOVED', 'rmod_ext_mov'); +define('RMOD_EXT_FOUND', 'rmod_ext_fnd'); + # debug options -# ------------------------------------------------------------------------------ define('DEBUG_UPDATE_SQUID_CONF', 'true'); define('DEBUG_UPDATE_SQUIDGUARD_DB', 'true'); define('DEBUG_MAKE_SQUIDGUARD_CONFIG', 'true'); # GUI options -define('SQUIDGUARD_LOG_MAXCOUNT', 1000); // max log lines +define('SQUIDGUARD_LOG_MAXCOUNT', 500); # max log lines + # 0-all, 1-medium; 2-low define('SQUIDGUARD_LOG_LEVEL', 0); -# ------------------------------------------------------------------------------ +# define('FLT_DEFAULT_ALL', 'all'); define('FLT_NOTALLOWIP', '!in-addr'); -# ------------------------------------------------------------------------------ # owner user name (squid system user - need for define rights access) -# ------------------------------------------------------------------------------ define('OWNER_NAME', 'proxy'); -# ------------------------------------------------------------------------------ # Debug -# ------------------------------------------------------------------------------ define('DEBUG_ON', 'true'); # ============================================================================== @@ -207,7 +209,7 @@ define('FLD_ENABLED', 'enabled'); define('FLD_BLACKLISTENABLED', 'blacklist_enabled'); define('FLD_SGCONF_XML', 'sgxml_file'); -// other fields +# other fields define('FLD_ITEM', 'item'); define('FLD_TIMES', 'times'); define('FLD_SOURCES', 'sources'); @@ -240,325 +242,322 @@ define('FLD_TIMETYPE', 'timetype'); define('FLD_TIMEDAYS', 'timedays'); define('FLD_DATRANGE', 'daterange'); define('FLD_TIMERANGE', 'sg_timerange'); -define('FLD_REDIRECTMODE', 'redirect_mode'); // [redirect_mode] = rmod_int <base- use sgerror.php>; rmod_301; rmod_302; -define('FLD_NOTALLOWINGIP', 'notallowingip'); // not allowing ip in URL +define('FLD_RMOD', 'redirect_mode'); # [redirect_mode] = rmod_int <base- use sgerror.php>; rmod_301; rmod_302; +define('FLD_NOTALLOWINGIP', 'notallowingip'); # not allowing ip in URL +define('FLD_USERNAME', 'username'); -// transparent mode +# transparent mode define('FLD_SQUID_TRANSPARENT_MODE', 'squid_transparent_mode'); define('FLD_CURRENT_LAN_IP', 'current_lan_ip'); define('FLD_CURRENT_GUI_PORT', 'current_gui_port'); define('FLD_CURRENT_GUI_PROTO', 'current_gui_protocol'); # ------------------------------------------------------------------------------ -# sg_init -# - initialize config array -# ------------------------------------------------------------------------------ -function sg_init($init = '') { - global $squidguard_config; - - $squidguard_config = array(); - if(empty($init) or !is_array($init) ) { - // default init (for generate minimal config) - $squidguard_config[FLD_LOGDIR] = SQUIDGUARD_LOGDIR_DEF; - $squidguard_config[FLD_DBHOME] = SQUIDGUARD_DBHOME_DEF; - $squidguard_config[FLD_WORKDIR] = SQUIDGUARD_WORKDIR_DEF; - $squidguard_config[FLD_BINPATH] = SQUIDGUARD_BINPATH_DEF; - $squidguard_config[FLD_SQUIDCONFIGFILE] = SQUID_CONFIGFILE; - $squidguard_config[FLD_PROCCESSCOUNT] = REDIRECTOR_PROCESS_COUNT; - } else { - $squidguard_config = $init; - } - sg_addlog("sg_init: Start.", 0); - return $squidguard_config; +# sg_init - initialize config array +# ------------------------------------------------------------------------------ +function sg_init($init = '') +{ + global $squidguard_config; + + $squidguard_config = array(); + if(empty($init) or !is_array($init) ) { + # default init (for generate minimal config) + $squidguard_config[FLD_LOGDIR] = SQUIDGUARD_LOGDIR_DEF; + $squidguard_config[FLD_DBHOME] = SQUIDGUARD_DBHOME_DEF; + $squidguard_config[FLD_WORKDIR] = SQUIDGUARD_WORKDIR_DEF; + $squidguard_config[FLD_BINPATH] = SQUIDGUARD_BINPATH_DEF; + $squidguard_config[FLD_SQUIDCONFIGFILE] = SQUID_CONFIGFILE; + $squidguard_config[FLD_PROCCESSCOUNT] = REDIRECTOR_PROCESS_COUNT; + } else { + $squidguard_config = $init; + } + + return $squidguard_config; } # ------------------------------------------------------------------------------ # sg_loadconfig_xml # ------------------------------------------------------------------------------ -function sg_load_configxml($filename) { - global $squidguard_config; - sg_init(); - if (file_exists($filename)) { - $xmlconf = file_get_contents($filename); - sg_addlog("sg_load_configxml: Begin with '$filename'", 1); - - if (!empty($xmlconf)) { - $squidguard_config = $xmlconf[FLD_SQUIDGUARD]; - sg_addlog("sg_load_configxml: Update success.", 1); - } else - sg_addlog("sg_load_configxml: Error - nothing for update from '$filename'.", 2); - } else - sg_addlog("sg_load_configxml: Error file '$filename' not exists.", 2); +function sg_load_configxml($filename) +{ + global $squidguard_config; + + sg_init(); + if (file_exists($filename)) { + $xmlconf = file_get_contents($filename); + + if (!empty($xmlconf)) { + $squidguard_config = $xmlconf[FLD_SQUIDGUARD]; + sg_addlog("sg_load_configxml: Success update from '$filename'.", 1); + } else + sg_addlog("sg_load_configxml: Error, file '$filename' is empty.", 2); + } else + sg_addlog("sg_load_configxml: Error, file '$filename' does not exists.", 2); } # ------------------------------------------------------------------------------ # sg_saveconfig_xml # ------------------------------------------------------------------------------ -function sg_save_configxml($filename) { - global $squidguard_config; - $xmlconf = dump_xml_config($squidguard_config, FLD_SQUIDGUARD); - file_put_contents($filename, $xmlconf); +function sg_save_configxml($filename) +{ + global $squidguard_config; + + file_put_contents($filename, dump_xml_config($squidguard_config, FLD_SQUIDGUARD)); } # ------------------------------------------------------------------------------ -# sg_reconfigure -# - squidguard reconfiguration +# sg_reconfigure - squidguard reconfiguration # ------------------------------------------------------------------------------ -function sg_reconfigure() { - global $squidguard_config; - $conf_file = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARD_CONFIGFILE; +function sg_reconfigure() +{ + global $squidguard_config; + $conf_file = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARD_CONFIGFILE; - sg_addlog("sg_reconfigure: Begin.", 0); + # 1. check system + sg_check_system(); - // 1. check system - sg_check_system(); + # 2. reconfigure user db + sg_reconfigure_user_db(); - // 2. reconfigure user db - sg_reconfigure_user_db(); + # 3. generate squidGuard config + $conf = sg_create_config(); + if ($conf) { + if ($squidguard_config[FLD_WORKDIR]) + $conf_file = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_CONFIGFILE; + file_put_contents($conf_file, $conf); + file_put_contents('/usr/local/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); # << squidGuard want config '/usr/local/etc/squid' by default + set_file_access($squidguard_config[FLD_WORKDIR], OWNER_NAME, 0755); + sg_addlog("sg_reconfigure: save squidGuard config to '$conf_file'.", 1); + } else + sg_addlog("sg_reconfigure: error make squidGuard config.", 2); - // 3. generate squidGuard config - $conf = sg_create_config(); - if ($conf) { - if ($squidguard_config[FLD_WORKDIR]) - $conf_file = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_CONFIGFILE; - file_put_contents($conf_file, $conf); - file_put_contents('/usr/local/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); // << squidGuard want config '/usr/local/etc/squid' by default - set_file_access($squidguard_config[FLD_WORKDIR], OWNER_NAME, 0755); - sg_addlog("sg_reconfigure: Generate squidGuard config and save to '$conf_file'.", 1); - } - - // 4. reconfigure squid - squid_reconfigure(); + # 4. reconfigure squid + squid_reconfigure(); } # ------------------------------------------------------------------------------ # squid_reconfigure # Insert in '/usr/local/squid/etc/squid.conf' options: -# redirector_bypass on -# redirect_program /usr/local/squidGuard/bin/squidGuard -c /path_to_config_file -# redirect_children 1 -# ------------------------------------------------------------------------------ - -function squid_reconfigure($remove_only = '') { - global $config; - global $squidguard_config; - $conf = ''; - $cust_opt = $config['installedpackages']['squid']['config'][0]['custom_options']; - - sg_addlog("squid_reconfigure: Begin.", 0); - - // remove old options - if (!empty($cust_opt)) { - $conf = explode(";", $cust_opt); - foreach ($conf as $key => $c_opt) { - $t_opt = ltrim($c_opt); - if ((strpos($t_opt, REDIRECTOR_PROGRAM_OPT) === 0) or - (strpos($t_opt, REDIRECT_BYPASS_OPT) === 0) or - (strpos($t_opt, REDIRECT_CHILDREN_OPT) === 0)) - unset($conf[$key]); - } - sg_addlog("squid_reconfigure: Remove old redirector options from Squid config.", 1); - } +# redirector_bypass on +# redirect_program /usr/local/squidGuard/bin/squidGuard -c /path_to_config_file +# redirect_children 1 +# ------------------------------------------------------------------------------ + +function squid_reconfigure($remove_only = '') +{ + global $config; + global $squidguard_config; + $conf = ''; + $cust_opt = $config['installedpackages']['squid']['config'][0]['custom_options']; + + # remove old options + if (!empty($cust_opt)) { + $conf = explode(";", $cust_opt); + foreach ($conf as $key => $c_opt) { + $t_opt = ltrim($c_opt); + if ((strpos($t_opt, REDIRECTOR_PROGRAM_OPT) === 0) or + (strpos($t_opt, REDIRECT_BYPASS_OPT) === 0) or + (strpos($t_opt, REDIRECT_CHILDREN_OPT) === 0)) + unset($conf[$key]); + } + sg_addlog("squid_reconfigure: Remove old redirector options from Squid config.", 1); + } - // add new options - if squidGuard enabled - if (empty($remove_only) && ($squidguard_config[FLD_ENABLED] === 'on')) { + # add new options - if squidGuard enabled + if (empty($remove_only) && ($squidguard_config[FLD_ENABLED] === 'on')) { + $redirector_path = $squidguard_config[FLD_BINPATH] . '/squidGuard'; + $redirector_conf = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_CONFIGFILE; - $redirector_path = $squidguard_config[FLD_BINPATH] . '/squidGuard'; - $redirector_conf = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_CONFIGFILE; + $conf[] = REDIRECTOR_PROGRAM_OPT . " $redirector_path -c $redirector_conf"; + $conf[] = REDIRECT_BYPASS_OPT . " on"; + $conf[] = REDIRECT_CHILDREN_OPT . " " . REDIRECTOR_PROCESS_COUNT; - $conf[] = REDIRECTOR_PROGRAM_OPT . " $redirector_path -c $redirector_conf"; - $conf[] = REDIRECT_BYPASS_OPT . " on"; - $conf[] = REDIRECT_CHILDREN_OPT . " " . REDIRECTOR_PROCESS_COUNT; + sg_addlog("squid_reconfigure: Add new redirector options to Squid config.", 1); + } - sg_addlog("squid_reconfigure: Add new redirector options to Squid config.", 1); - } + # update config + if (is_array($conf)) $conf = implode(";", $conf); - // update config - if (is_array($conf)) - $conf = implode(";", $conf); - $config['installedpackages']['squid']['config'][0]['custom_options'] = $conf; - write_config('Update redirector options to squid config.'); + $config['installedpackages']['squid']['config'][0]['custom_options'] = $conf; + write_config('Update redirector options to squid config.'); - squid_resync(); + squid_resync(); } # ------------------------------------------------------------------------------ -# sg_check_system -# - check squidguard catalog's and access right's +# sg_check_system - check squidguard catalog's and access right's # ------------------------------------------------------------------------------ -function sg_check_system() { - global $squidguard_config; +function sg_check_system() +{ + global $squidguard_config; - // check work_dir & create if not exists - $work_dir = $squidguard_config[FLD_WORKDIR]; - if (!empty($work_dir)) { - // check dir's - if (!file_exists($work_dir)) { - mwexec("mkdir -p $work_dir"); - set_file_access($work_dir, OWNER_NAME, 0755); - sg_addlog("sg_check_system: Create work dir '$work_dir'.", 1); - } - } - unset($work_dir); - - // check log_dir & create if not exists - $log_dir = $squidguard_config[FLD_LOGDIR]; - if (!empty($log_dir)) { - if (!file_exists($log_dir)) { - mwexec("mkdir -p $log_dir"); - sg_addlog("sg_check_system: Create log dir '$log_dir'.", 1); - } - // set access right - need start any time; - // (SG possible start from console and log file will have only root access) - set_file_access($log_dir, OWNER_NAME, 0755); - } - unset($log_dir); - - // check db dir - $db_dir = $squidguard_config[FLD_DBHOME]; - if (!empty($db_dir)) { - if (!file_exists($db_dir)) { - mwexec("mkdir -p $db_dir"); - sg_addlog("sg_check_system: Create db dir '$db_dir'.", 1); - } - // set access right - set_file_access($db_dir, OWNER_NAME, 0755); - } - unset($db_dir); + # check work_dir & create if not exists + $work_dir = $squidguard_config[FLD_WORKDIR]; + if (!empty($work_dir)) { + # check dir's + if (!file_exists($work_dir)) { + mwexec("mkdir -p $work_dir"); + set_file_access($work_dir, OWNER_NAME, 0755); + sg_addlog("sg_check_system: Create work dir '$work_dir'.", 1); + } + } + unset($work_dir); + + # check log_dir & create if not exists + $log_dir = $squidguard_config[FLD_LOGDIR]; + if (!empty($log_dir)) { + if (!file_exists($log_dir)) { + mwexec("mkdir -p $log_dir"); + sg_addlog("sg_check_system: Create log dir '$log_dir'.", 1); + } + # set access right - need start any time; + # (SG possible start from console and log file will have only root access) + set_file_access($log_dir, OWNER_NAME, 0755); + } + unset($log_dir); + + # check db dir + $db_dir = $squidguard_config[FLD_DBHOME]; + if (!empty($db_dir)) { + if (!file_exists($db_dir)) { + mwexec("mkdir -p $db_dir"); + sg_addlog("sg_check_system: Create db dir '$db_dir'.", 1); + } + # set access right + set_file_access($db_dir, OWNER_NAME, 0755); + } + unset($db_dir); } # ============================================================================== # squidGuard DB # ============================================================================== -# sg_reconfigure_user_db -# - reconfigure(update) db user entries -# ------------------------------------------------------------------------------ -function sg_reconfigure_user_db() { - global $squidguard_config; - $dbhome = $squidguard_config[FLD_DBHOME]; - - sg_addlog("sg_reconfigure_user_db: Begin with '$dbhome'", 1); - - // create user DB catalog, if not extsts - if (!file_exists($dbhome)) { - if (!mkdir($dbhome, 0755)) { - sg_addlog("sg_reconfigure_user_db: Error create user DB directory '$dbhome'.", 2); - return; - } - set_file_access($dbhome, OWNER_NAME, 0755); - sg_addlog("sg_reconfigure_user_db: Create user DB directory '$dbhome'.", 1); - } +# sg_reconfigure_user_db - reconfigure(update) db user entries +# ------------------------------------------------------------------------------ +function sg_reconfigure_user_db() +{ + global $squidguard_config; + $dbhome = $squidguard_config[FLD_DBHOME]; - // update destinations to db - $dests = $squidguard_config[FLD_DESTINATIONS]; - if(!empty($dests)){ - $dst_names = Array(); - $dst_list = Array(); - - sg_addlog("sg_reconfigure_user_db: Add user entries", 1); - foreach($dests[FLD_ITEM] as $dst) { - $path = "$dbhome/" . $dst[FLD_NAME]; - $dst_names[] = $path; - $dst_list["usr_{$dst[FLD_NAME]}"] = $dst[FLD_NAME]; - - // 1. check destination catalog and create them, if need - if (!file_exists($path)) { - if (!mkdir ($path, 0755)) { - sg_addlog("sg_reconfigure_user_db: Error create dir '$path'.", 2); - return; - } - sg_addlog("sg_reconfigure_user_db: Create dir '$path'.", 1); - } + sg_addlog("sg_reconfigure_user_db: Begin with '$dbhome'", 1); - // 2. build domains file - $domains = $dst[FLD_DOMAINS]; - if (!empty($domains)) { - $content = trim(str_replace(" ", "\n", $domains)); - file_put_contents($path . '/domains', $content); - sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} domains '$domains';", 1); - } - unset($domains); - - // 3. build urls file - $urls = $dst[FLD_URLS]; - if (!empty($urls)) { - $content = trim(str_replace(" ", "\n", $urls)); - file_put_contents($path . '/urls', $content); - sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} urls '$content';", 1); - } - unset($urls); - - // 4. build expression file - $expr = $dst[FLD_EXPRESSIONS]; - if (!empty($expr)) { - $content = trim(str_replace("|", " ", $expr)); // delete first and last unnecessary '|' symbol - $content = str_replace(" ", "|", $content); - file_put_contents($path . '/expressions', $content); - sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} expressions '$content';", 1); - } - unset($expr); - } + # create user DB catalog, if not extsts + if (!file_exists($dbhome)) { + if (!mkdir($dbhome, 0755)) { + sg_addlog("sg_reconfigure_user_db: Error create user DB directory '$dbhome'.", 2); + return; + } + set_file_access($dbhome, OWNER_NAME, 0755); + sg_addlog("sg_reconfigure_user_db: Create user DB directory '$dbhome'.", 1); + } + + # update destinations to db + $dests = $squidguard_config[FLD_DESTINATIONS]; + if(!empty($dests)){ + $dst_names = Array(); + $dst_list = Array(); + + sg_addlog("sg_reconfigure_user_db: Add user entries", 1); + foreach($dests[FLD_ITEM] as $dst) { + $path = "$dbhome/" . $dst[FLD_NAME]; + $dst_names[] = $path; + $dst_list["usr_{$dst[FLD_NAME]}"] = $dst[FLD_NAME]; + + # 1. check destination catalog and create them, if need + if (!file_exists($path)) { + if (!mkdir ($path, 0755)) { + sg_addlog("sg_reconfigure_user_db: Error create dir '$path'.", 2); + return; + } + sg_addlog("sg_reconfigure_user_db: Create dir '$path'.", 1); + } - // 5. recursive set files access - set_file_access($dbhome, OWNER_NAME, 0755); + # 2. build domains file + $domains = $dst[FLD_DOMAINS]; + if (!empty($domains)) { + $content = trim(str_replace(" ", "\n", $domains)); + file_put_contents($path . '/domains', $content); + sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} domains '$domains';", 1); + } + unset($domains); + + # 3. build urls file + $urls = $dst[FLD_URLS]; + if (!empty($urls)) { + $content = trim(str_replace(" ", "\n", $urls)); + file_put_contents($path . '/urls', $content); + sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} urls '$content';", 1); + } + unset($urls); + + # 4. build expression file + $expr = $dst[FLD_EXPRESSIONS]; + if (!empty($expr)) { + $content = trim(str_replace("|", " ", $expr)); # delete first and last unnecessary '|' symbol + $content = str_replace(" ", "|", $content); + file_put_contents($path . '/expressions', $content); + sg_addlog("sg_reconfigure_user_db: -- add {$dst[FLD_NAME]} expressions '$content';", 1); + } + unset($expr); + } - // 6. rebuild user db ('/var/db/squidGuard') - sg_rebuild_db("_usrdb", $dbhome, $dst_list); - } else - sg_addlog("sg_reconfigure_user_db: Nothing. User destinations list empty.", 2); + # 5. recursive set files access + set_file_access($dbhome, OWNER_NAME, 0755); - // 7. remove unused db entries - sg_remove_unused_db_entries(); + # 6. rebuild user db ('/var/db/squidGuard') + sg_rebuild_db("_usrdb", $dbhome, $dst_list); + } else + sg_addlog("sg_reconfigure_user_db: Nothing. User destinations list empty.", 2); + + # 7. remove unused db entries + sg_remove_unused_db_entries(); } # ------------------------------------------------------------------------------ # sg_remove_unused_db_entries # ------------------------------------------------------------------------------ -function sg_remove_unused_db_entries() { - global $squidguard_config; - $db_entries = array(); - $file_list = ''; - $dbhome = $squidguard_config[FLD_DBHOME]; - $workdir = $squidguard_config[FLD_WORKDIR]; - - sg_addlog("sg_remove_unused_db_entries: Begin.", 0); - - // black list entries - // * worked only with 'blacklist entries list file - else may be deleted black list entry - if (file_exists($workdir . SQUIDGUARD_BLK_ENTRIES)) { - $file_for_del = array(); - - // load blk entries - $db_entries = explode("\n", file_get_contents($workdir . SQUIDGUARD_BLK_ENTRIES)); - - // $db_entries + add user entries - $dests = $squidguard_config[FLD_DESTINATIONS]; - if (!empty($dests)) { - foreach($dests[FLD_ITEM] as $dst) { - $db_entries[] = $dst[FLD_NAME]; - } - } - - // diff between file list and entries list - $file_list = scan_dir($dbhome); - if (is_array($file_list) and is_array($db_entries)) { - $file_for_del = array_diff($file_list, $db_entries); - } - - // delete - if (is_array($file_for_del) and !empty($file_for_del)) { - foreach($file_for_del as $fd) { - $file_fd = "$dbhome/$fd"; - if (($fd != "") && ($fd != ".") && ($fd != "..")) { - if (file_exists($file_fd)) { - mwexec("rm -R $file_fd"); - sg_addlog("sg_remove_unused_db_entries: Removed file '$file_fd'.", 1); - } else - sg_addlog("sg_remove_unused_db_entries: File'$file_fd' not found.", 2); - } - } - } - } - sg_addlog("sg_remove_unused_db_entries: end"); +function sg_remove_unused_db_entries() +{ + global $squidguard_config; + $db_entries = array(); + $file_list = ''; + $dbhome = $squidguard_config[FLD_DBHOME]; + $workdir = $squidguard_config[FLD_WORKDIR]; + + # black list entries + # * worked only with 'blacklist entries list file - else may be deleted black list entry + if (file_exists($workdir . SQUIDGUARD_BLK_ENTRIES)) { + $file_for_del = array(); + + # load blk entries + $db_entries = explode("\n", file_get_contents($workdir . SQUIDGUARD_BLK_ENTRIES)); + + # $db_entries + add user entries + $dests = $squidguard_config[FLD_DESTINATIONS]; + if (!empty($dests)) { + foreach($dests[FLD_ITEM] as $dst) + $db_entries[] = $dst[FLD_NAME]; + } + + # diff between file list and entries list + $file_list = scan_dir($dbhome); + if (is_array($file_list) and is_array($db_entries)) { + $file_for_del = array_diff($file_list, $db_entries); + } + + # delete + if (is_array($file_for_del) and !empty($file_for_del)) { + foreach($file_for_del as $fd) { + $file_fd = "$dbhome/$fd"; + if (!empty($fd) && ($fd != ".") && ($fd != "..")) { + if (file_exists($file_fd)) { + mwexec("rm -R $file_fd"); + sg_addlog("sg_remove_unused_db_entries: Removed file '$file_fd'.", 1); + } else + sg_addlog("sg_remove_unused_db_entries: File'$file_fd' not found.", 2); + } + } + } + } } # ------------------------------------------------------------------------------ # sg_rebuild_db Rebuild squidGuard DB from list items @@ -569,47 +568,48 @@ function sg_remove_unused_db_entries() { # dest_DB_path - path without '$rdb_dbhome' # example: ['ads_ban']='ads/banners' -> '/var/db/squidGuard/ads/banners' # ------------------------------------------------------------------------------ -function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist) { - global $squidguard_config; - $conf = ''; - $conf_path = ''; - $logdir = $squidguard_config[FLD_LOGDIR]; - $dbhome = $squidguard_config[FLD_DBHOME]; - - // current dbhome dir - if (!empty($rdb_dbhome)) $dbhome = $rdb_dbhome; - sg_addlog("sg_rebuild_db: Begin with path '$dbhome'.", 1); - - // define - where config will placed - $conf_path = "/tmp/squidGuard_rebuild.conf" . $shtag; - - // make rebuild config; include all found dest items - $conf = sg_create_simple_config($dbhome, $rdb_itemslist); - file_put_contents($conf_path, $conf); - set_file_access($conf_path, OWNER_NAME, 0750); - sg_addlog("sg_rebuild_db: Create temporary config '$conf_path'.", 1); - - // *** SH script *** - $sh_scr = Array(); - $sh_scr[] = "#!/bin/sh"; - $sh_scr[] = "cd $dbhome"; - $sh_scr[] = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $conf_path -C all"; - $sh_scr[] = "wait"; // wait while SG rebuild DB - - // set DB owner and right access - $sh_scr[] = "chown -R -v " . OWNER_NAME . " $dbhome"; - - // restart squid for changes to take effects - $sh_scr[] = "/usr/local/sbin/squid -k reconfigure"; - - // store & exec sh - $sh_scr = implode("\n", $sh_scr); - $shfile = DB_REBUILD_SH . $shtag; - file_put_contents($shfile, $sh_scr); - set_file_access($shfile, OWNER_NAME, 0750); - # ! not background exec ! - mwexec($shfile); - sg_addlog("sg_rebuild_db: Started SH script '$shfile'.", 1); +function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist) +{ + global $squidguard_config; + $conf = ''; + $conf_path = ''; + $logdir = $squidguard_config[FLD_LOGDIR]; + $dbhome = $squidguard_config[FLD_DBHOME]; + + # current dbhome dir + if (!empty($rdb_dbhome)) $dbhome = $rdb_dbhome; + sg_addlog("sg_rebuild_db: Begin with path '$dbhome'.", 1); + + # define - where config will placed + $conf_path = "/tmp/squidGuard_rebuild.conf" . $shtag; + + # make rebuild config; include all found dest items + $conf = sg_create_simple_config($dbhome, $rdb_itemslist); + file_put_contents($conf_path, $conf); + set_file_access($conf_path, OWNER_NAME, 0750); + sg_addlog("sg_rebuild_db: Create temporary config '$conf_path'.", 1); + + # *** SH script *** + $sh_scr = Array(); + $sh_scr[] = "#!/bin/sh"; + $sh_scr[] = "cd $dbhome"; + $sh_scr[] = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $conf_path -C all"; + $sh_scr[] = "wait"; # wait while SG rebuild DB + + # set DB owner and right access + $sh_scr[] = "chown -R -v " . OWNER_NAME . " $dbhome"; + + # restart squid for changes to take effects + $sh_scr[] = "/usr/local/sbin/squid -k reconfigure"; + + # store & exec sh + $sh_scr = implode("\n", $sh_scr); + $shfile = DB_REBUILD_SH . $shtag; + file_put_contents($shfile, $sh_scr); + set_file_access($shfile, OWNER_NAME, 0750); + # ! not background exec ! + mwexec($shfile); + sg_addlog("sg_rebuild_db: Started SH script '$shfile'.", 1); } # ============================================================================== @@ -617,62 +617,65 @@ function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist) { # ------------------------------------------------------------------------------ # sg_addlog # ------------------------------------------------------------------------------ -function sg_addlog($log, $level = 0) { - global $squidguard_config; +function sg_addlog($log, $level = 0) +{ + global $squidguard_config; - // log level - if ($level < SQUIDGUARD_LOG_LEVEL) return; + # log level + if ($level < SQUIDGUARD_LOG_LEVEL) return; - $logfile = ''; - $logfile = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARDCONF_LOGFILE; - $log_content = array(); + $logfile = ''; + $logfile = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARDCONF_LOGFILE; + $log_content = array(); - setlocale(LC_TIME, ''); - $dt = date("d.m.Y H:i:s"); + setlocale(LC_TIME, ''); + $dt = date("d.m.Y H:i:s"); - // define logfile - if (!empty($squidguard_config)) { - if (file_exists($squidguard_config[FLD_LOGDIR])) - $logfile = $squidguard_config[FLD_LOGDIR] . SQUIDGUARDCONF_LOGFILE; - } else - $log_content[] = "$dt : " . "sg_addlog: Error: squidguard_config is empty"; + # define logfile + if (!empty($squidguard_config)) { + if (file_exists($squidguard_config[FLD_LOGDIR])) + $logfile = $squidguard_config[FLD_LOGDIR] . SQUIDGUARDCONF_LOGFILE; + } else + $log_content[] = "$dt : " . "sg_addlog: Error: squidguard_config is empty"; - $tmplog = ''; - if (file_exists($logfile)) - $tmplog = file_get_contents($logfile); - $log_content = explode("\n", $tmplog); - unset($tmplog); + $tmplog = ''; + if (file_exists($logfile)) + $tmplog = file_get_contents($logfile); + $log_content = explode("\n", $tmplog); + unset($tmplog); - // shrink to MAXCOUNT log entries - $log_content[] = "$dt : $log"; - while (count($log_content) > SQUIDGUARD_LOG_MAXCOUNT) array_shift($log_content); + # shrink to MAXCOUNT log entries + $log_content[] = "$dt : $log"; + if (count($log_content) > SQUIDGUARD_LOG_MAXCOUNT) + array_splice($log_content, 0, SQUIDGUARD_LOG_MAXCOUNT - count($log_content)); - file_put_contents($logfile, implode("\n", $log_content)); + file_put_contents($logfile, implode("\n", $log_content)); } # ------------------------------------------------------------------------------ # sg_getlog # ------------------------------------------------------------------------------ -function sg_getlog($last_entries_count) { - global $squidguard_config; - $log_content = ''; - $logfile = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARDCONF_LOGFILE; - - // define logfile - if (!empty($squidguard_config)) - if (file_exists($squidguard_config[FLD_LOGDIR])) - $logfile = $squidguard_config[FLD_LOGDIR] . SQUIDGUARDCONF_LOGFILE; - - // get log last 100 entries - if (file_exists($logfile)) { - $log_content = file_get_contents($logfile); - $log_content = explode("\n", $log_content); - while (count($log_content) > $last_entries_count) array_shift($log_content); - // insert log file name on top - $log_content[0] = $logfile; - $log_content = implode("\n", $log_content); - } +function sg_getlog($last_entries_count) +{ + global $squidguard_config; + $log_content = ''; + $logfile = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARDCONF_LOGFILE; + + # define logfile + if (!empty($squidguard_config) && file_exists($squidguard_config[FLD_LOGDIR])) + $logfile = $squidguard_config[FLD_LOGDIR] . SQUIDGUARDCONF_LOGFILE; + + # get log last 100 entries + if (file_exists($logfile)) { + $log_content = explode("\n", file_get_contents($logfile)); + if (count($log_content) > $last_entries_count) + array_splice($log_content, 0, $last_entries_count - count($log_content)); + + # insert log file name on top + $log_content[0] = $logfile; + $log_content = implode("\n", $log_content); + } - return $log_content; + return $log_content; } # ============================================================================== @@ -680,348 +683,304 @@ function sg_getlog($last_entries_count) { # ============================================================================== # sg_create_config # ------------------------------------------------------------------------------ -function sg_create_config() { - global $squidguard_config; - $sgconf = array(); - - sg_addlog("sg_create_config: Create squidGuard config."); - if(!is_array($squidguard_config)) { - sg_addlog("sg_create_config: Error configuration in squidguard_config.", 2); - return sg_create_simple_config('', '', SG_ERR0 . " (sg_create_config: [1])."); - } - - // check configuration data - sg_addlog("sg_create_config: Checking configuration data."); - $s = sg_check_config_data(); - if ($s) { - sg_addlog("sg_create_config: Error configuration data. It's all errors: \n$s", 2); - sg_addlog("sg_create_config: Terminated.", 2); - return sg_create_simple_config('', '', SG_ERR0 . " (sg_create_config: [2])."); - } - unset($s); - - // --- Header --- - $sgconf[] = CONFIG_SG_HEADER; - - // init - $sgconf[] = "logdir " . $squidguard_config[FLD_LOGDIR]; - $sgconf[] = "dbhome " . $squidguard_config[FLD_DBHOME]; - - // --- Times --- - if ($squidguard_config[FLD_TIMES]) { - sg_addlog("sg_create_config: add times", 1); - foreach($squidguard_config[FLD_TIMES][FLD_ITEM] as $tm) { - $sgconf[] = ""; - if ($tm[FLD_DESCRIPTION]) - $sgconf[] = "# " . $tm[FLD_DESCRIPTION]; - $sgconf[] = "time " . $tm[FLD_NAME] . " {"; - foreach($tm[FLD_ITEM] as $itm) { - switch ($itm[FLD_TIMETYPE]) { - case "weekly": - $sgconf[] = "\t weekly " . $itm[FLD_TIMEDAYS] . " " . $itm[FLD_TIMERANGE]; - break; - case "date": - $sgconf[] = "\t date " . $itm[FLD_DATERANGE] . " " . $itm[FLD_TIMERANGE]; - break; - } - } - $sgconf[] = "}"; - } - } - - // --- Sources --- - if ($squidguard_config[FLD_SOURCES]) { - sg_addlog("sg_create_config: add sources", 1); - foreach($squidguard_config[FLD_SOURCES][FLD_ITEM] as $src) { - $sgconf[] = ""; - if ($src[FLD_DESCRIPTION]) - $sgconf[] = "# " . $src[FLD_DESCRIPTION]; - $sgconf[] = "src " . $src[FLD_NAME] . " {"; - // IP - if ($src[FLD_IP]) { - $s_ip = explode(" ", $src[FLD_IP]); - foreach($s_ip as $ip) - if (!empty($ip)) $sgconf[] = "\t ip " . $ip; - } - // domains - if ($src[FLD_DOMAINS]) { - $dms = explode(" ", $src[FLD_DOMAINS]); - foreach($dms as $dm) - if (!empty($dm)) $sgconf[] = "\t domain " . $dm; - } - if ($src[FLD_LOG]) - $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; - $sgconf[] = "}"; - } - } - - // --- Blacklist --- - # - # Note! Blacklist must be added to config permanently. It's need for rebuild DB - # - $db_entries = sg_entries_blacklist(); - if (($squidguard_config[FLD_BLACKLISTENABLED] === 'on') and $db_entries) { - $log_entr_added = ''; - $log_entr_ignored = ''; - sg_addlog("sg_create_config: add blacklist entries", 1); - foreach($db_entries as $key => $ent) { - $ent_state = array(); - $file_dms = $squidguard_config[FLD_DBHOME] . "/$ent/domains"; - $file_urls = $squidguard_config[FLD_DBHOME] . "/$ent/urls"; - $file_expr = $squidguard_config[FLD_DBHOME] . "/$ent/expressions"; - - // check blacklist acl state - if (file_exists($file_dms)) { - $ent_state['exists'] = 'on'; - $ent_state[FLD_DOMAINS] = 'on'; - } - if (file_exists($file_urls)) { - $ent_state['exists'] = 'on'; - $ent_state[FLD_URLS] = 'on'; - } - if (file_exists($file_expr)) { - $ent_state['exists'] = 'on'; - $ent_state[FLD_EXPRESSIONS] = 'on'; - } - // create config - $sgconf[] = ""; - if ($ent_state['exists']) { - $sgconf[] = "dest $ent {"; - $dstname = $ent; - if ($ent_state[FLD_DOMAINS]) $sgconf[] = "\t domainlist $ent/domains"; - if ($ent_state[FLD_EXPRESSIONS]) $sgconf[] = "\t expressionlist $ent/expressions"; - if ($ent_state[FLD_URLS]) $sgconf[] = "\t urllist $ent/urls"; - $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; - $sgconf[] = "}"; - $log_entr_added .= " $ent;"; - } else { - $sgconf[] = "\t# Config ERROR: Destination '$ent' not found in DB"; - $log_entr_ignored .= " $ent;"; - } - } +function sg_create_config() +{ + global $squidguard_config; + $sgconf = array(); + $sg_tag = new TSgTag; + $error_res = ''; + $temp_str = ''; - // log 'added' - if (!empty($log_entr_added)) - sg_addlog("sg_create_config: added: \n $log_entr_added \n", 1); + if(!is_array($squidguard_config) || empty($squidguard_config)) { + sg_addlog("sg_create_config: Error squidguard config data.", 2); + return sg_create_simple_config('', '', SG_ERR0 . " (sg_create_config: [1])."); + } - // log 'ignored' - if (!empty($log_entr_ignored)) - sg_addlog("sg_create_config: ignored: \n $log_entr_ignored \n", 2); - } + # check configuration data + if (!sg_check_config_data(&$error_res)) { + sg_addlog("sg_create_config: Error config data. It's all error_res: \n$error_res", 2); + sg_addlog("sg_create_config: Terminated.", 2); + return sg_create_simple_config('', '', SG_ERR0 . " (sg_create_config: [2])."); + } - // --- Destinations --- - if ($squidguard_config[FLD_DESTINATIONS]) { - sg_addlog("sg_create_config: add destinations", 1); - $sgconf[] = ""; - $log_entr_added = ''; - foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) { - $dstname = $dst[FLD_NAME]; - $sgconf[] = ""; - if ($dst[FLD_DESCRIPTION]) - $sgconf[] = "# " . $dst[FLD_DESCRIPTION]; - $sgconf[] = "dest $dstname {"; - if ($dst[FLD_DOMAINS]) - $sgconf[] = "\t domainlist $dstname/domains"; - if ($dst[FLD_EXPRESSIONS]) - $sgconf[] = "\t expressionlist $dstname/expressions"; - if ($dst[FLD_URLS]) - $sgconf[] = "\t urllist $dstname/urls"; - if ($dst[FLD_REDIRECT] && is_url($dst[FLD_REDIRECT])) - $sgconf[] = "\t redirect " . sg_redirector_base_url($dst[FLD_REDIRECT]); - if ($dst[FLD_LOG]) - $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; - $sgconf[] = "}"; - $log_entr_added .= " $dstname;"; - } - // log - if (!empty($log_entr_added)) - sg_addlog("sg_create_config: added: \n $log_entr_added \n", 1); - else sg_addlog("sg_create_config: added: Nothing.", 1); - } + # --- Header --- + $sgconf[] = CONFIG_SG_HEADER; + $sgconf[] = "logdir {$squidguard_config[FLD_LOGDIR]}"; + $sgconf[] = "dbhome {$squidguard_config[FLD_DBHOME]}"; + + # --- Times --- + if ($squidguard_config[FLD_TIMES]) { + $temp_str = ''; + foreach($squidguard_config[FLD_TIMES][FLD_ITEM] as $tm) { + $sg_tag->clear(); + $sg_tag->set("time", $tm[FLD_NAME], "", $tm[FLD_DESCRIPTION]); + + foreach($tm[FLD_ITEM] as $itm) { + $dts = ($itm[FLD_TIMETYPE] === "weekly") ? $itm[FLD_TIMEDAYS] : $itm[FLD_DATERANGE]; + $sg_tag->items[] = "{$itm[FLD_TIMETYPE]} $dts {$itm[FLD_TIMERANGE]}"; + } + $sgconf[] = ""; + $sgconf[] = $sg_tag->tag_text(); - // --- Rewrites --- - if ($squidguard_config[FLD_REWRITES]) { - sg_addlog("sg_create_config: add rewrites.", 1); - $log_entr_added = ''; - $log_entr_err = ''; - foreach($squidguard_config[FLD_REWRITES][FLD_ITEM] as $rew) { - if (is_array($rew[FLD_ITEM])) { - $sgconf[] = ""; - $sgconf[] = "rew " . $rew[FLD_NAME] . " {"; - foreach ($rew[FLD_ITEM] as $rw) - $sgconf[] = "\t s@." . $rw[FLD_TARGETURL] . "@" . $rw[FLD_REPLACETO]."@r"; - if ($rew[FLD_LOG]) - $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; - $sgconf[] = "}"; - $log_entr_added .= " {$rew[FLD_NAME]};"; - } else - $log_entr_err .= " {$rew[FLD_NAME]};"; - } - // log - if (!empty($log_entr_added)) - sg_addlog("sg_create_config: added: \n $log_entr_added", 1); - if (!empty($log_entr_err)) - sg_addlog("sg_create_config: ERROR: \n $log_entr_err ", 2); - else sg_addlog("sg_create_config: added: Nothing.", 1); - } + # log + $temp_str .= " {$tm[FLD_NAME]}"; + } + # log + $temp_str = !empty($temp_str) ? $temp_str : "Nothing."; + sg_addlog("sg_create_config: add times: \n $temp_str", 1); + } - # ---------------------------------------- - $entry_blacklist = sg_entries_blacklist(); + # --- Sources --- + if ($squidguard_config[FLD_SOURCES]) { + $temp_str = ''; + foreach($squidguard_config[FLD_SOURCES][FLD_ITEM] as $src) { + $sg_tag->clear(); + $sg_tag->set("src", $src[FLD_NAME], "", $src[FLD_DESCRIPTION]); + + # separate IP, domains, usernames + $tsrc = explode(" ", trim($src[FLD_SOURCE])); + foreach($tsrc as $sr) { + $sr = trim($sr); + if (empty($sr)) continue; + if (is_ipaddr_valid($sr)) $sg_tag->items[] = "ip $sr"; + elseif (is_domain_valid($sr)) $sg_tag->items[] = "domain $sr"; + elseif (is_username($sr)) $sg_tag->items[] = "user " . str_replace("'", "", $sr); + } + if ($src[FLD_LOG]) $sg_tag->items[] = "log {SQUIDGUARD_ACCESSBLOCK_FILE}"; - // --- ACL --- - $sgconf[] = "acl {"; - if ($squidguard_config[FLD_ACLS]) { - sg_addlog("sg_create_config: add ACL", 1); - $log_entr_added = ''; - foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) { + $sgconf[] = ""; + $sgconf[] = $sg_tag->tag_text(); - if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') { - $tarray = explode(" ", $acl[FLD_DESTINATIONNAME]); - $varray = explode(" ", $acl[FLD_OVERDESTINATIONNAME]); + # log + $temp_str .= " " . $src[FLD_NAME]; + } + # log + $temp_str = !empty($temp_str) ? $temp_str : "Nothing."; + sg_addlog("sg_create_config: add sources: \n $temp_str", 1); + } - // delete blacklist entries from 'pass' if blacklist disabled - if (is_array($entry_blacklist) and !empty($entry_blacklist)) { - foreach($entry_blacklist as $entry) { - $tk = array_search($entry, $tarray); - if ($tk !== false) unset ($tarray[$tk]); + # --- Blacklist --- + # Note! Blacklist must be added to config permanently. It's need for rebuild DB now + + $db_entries = sg_entries_blacklist(); + if (($squidguard_config[FLD_BLACKLISTENABLED] === 'on') and $db_entries) { + $log_entr_added = ''; + $log_entr_ignored = ''; + sg_addlog("sg_create_config: add blacklist entries", 1); + foreach($db_entries as $key => $ent) { + $ent_state = array(); + $file_dms = "{$squidguard_config[FLD_DBHOME]}/$ent/domains"; + $file_urls = "{$squidguard_config[FLD_DBHOME]}/$ent/urls"; + $file_expr = "{$squidguard_config[FLD_DBHOME]}/$ent/expressions"; + + # check blacklist acl state + if (file_exists($file_dms)) { + $ent_state['exists'] = 'on'; + $ent_state[FLD_DOMAINS] = 'on'; + } + if (file_exists($file_urls)) { + $ent_state['exists'] = 'on'; + $ent_state[FLD_URLS] = 'on'; + } + if (file_exists($file_expr)) { + $ent_state['exists'] = 'on'; + $ent_state[FLD_EXPRESSIONS] = 'on'; + } - $tk = array_search("!$entry", $tarray); - if ($tk !== false) unset($tarray[$tk]); + # create config if blacklist item exists + if ($ent_state['exists']) { + $sg_tag->clear(); + $sg_tag->set("dest", $ent, "", ""); - $tk = array_search("^$entry", $tarray); - if ($tk !== false) unset($tarray[$tk]); + if ($ent_state[FLD_DOMAINS]) $sg_tag->items[] = "domainlist $ent/domains"; + if ($ent_state[FLD_EXPRESSIONS]) $sg_tag->items[] = "expressionlist $ent/expressions"; + if ($ent_state[FLD_URLS]) $sg_tag->items[] = "urllist $ent/urls"; + $sg_tag->items[] = "log ". SQUIDGUARD_ACCESSBLOCK_FILE; - $tk = array_search($entry, $varray); - if ($tk !== false) unset ($varray[$tk]); + $sgconf[] = ""; + $sgconf[] = $sg_tag->tag_text(); - $tk = array_search("!$entry", $varray); - if ($tk !== false) unset ($varray[$tk]); + # log + $log_entr_added .= " $ent;"; + } else { + $sgconf[] = "\t# Config ERROR: Destination '$ent' not found in DB"; + $log_entr_ignored .= " $ent;"; + } + } - $tk = array_search("^$entry", $varray); - if ($tk !== false) unset ($varray[$tk]); - } - } + # log 'added' and 'ignored' + if (!empty($log_entr_added)) sg_addlog("sg_create_config: added: \n $log_entr_added \n", 1); + if (!empty($log_entr_ignored)) sg_addlog("sg_create_config: ignored: \n $log_entr_ignored \n", 2); + } - $acl[FLD_DESTINATIONNAME] = implode (" ", $tarray); - $acl[FLD_OVERDESTINATIONNAME] = implode (" ", $varray); - } + # --- Destinations --- + if ($squidguard_config[FLD_DESTINATIONS]) { + $temp_str = ''; + foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) { + $dstname = $dst[FLD_NAME]; + $sg_tag->clear(); + $sg_tag->set("dest", $dst[FLD_NAME], "", $dst[FLD_DESCRIPTION]); + + if ($dst[FLD_DOMAINS]) + $sg_tag->items[] = "domainlist $dstname/domains"; + if ($dst[FLD_EXPRESSIONS]) + $sg_tag->items[] = "expressionlist $dstname/expressions"; + if ($dst[FLD_URLS]) + $sg_tag->items[] = "urllist $dstname/urls"; + if ($dst[FLD_RMOD] != RMOD_NONE) + $sg_tag->items[] = "redirect " . sg_redirector_base_url($dst[FLD_REDIRECT], $dst[FLD_RMOD]); + if ($dst[FLD_LOG]) + $sg_tag->items[] = "log {SQUIDGUARD_ACCESSBLOCK_FILE}"; + + $sgconf[] = ""; + $sgconf[] = $sg_tag->tag_text(); + + # log + $temp_str .= " $dstname;"; + } + # log + $temp_str = !empty($temp_str) ? $temp_str : "Nothing."; + sg_addlog("sg_create_config: add destinations: \n $temp_str", 1); + } - if (!$acl[FLD_DISABLED]) { - // not allowing IP in URL - if ($acl[FLD_NOTALLOWINGIP]) { - $acl[FLD_DESTINATIONNAME] = "!in-addr " . $acl[FLD_DESTINATIONNAME]; - $acl[FLD_OVERDESTINATIONNAME] = "!in-addr " . $acl[FLD_OVERDESTINATIONNAME]; - } - - // re-order acl pass (<allow><deny<all|none>) - $acl[FLD_DESTINATIONNAME] = sg_aclpass_reorder($acl[FLD_DESTINATIONNAME]); - $acl[FLD_OVERDESTINATIONNAME] = sg_aclpass_reorder($acl[FLD_OVERDESTINATIONNAME]); - - if ($acl[FLD_DESCRIPTION]) - $sgconf[] = "\t # " . $acl[FLD_DESCRIPTION]; - - if ($acl[FLD_TIMENAME]) { - // ontime - $sgconf[] = "\t " . $acl[FLD_NAME] . " within " . $acl[FLD_TIMENAME] . " { "; - $sgconf[] = "\t\t pass " . $acl[FLD_DESTINATIONNAME]; - if ($acl[FLD_REDIRECT]) { - if (is_url($acl[FLD_REDIRECT])) - $sgconf[] = "\t\t redirect " . sg_redirector_base_url($acl[FLD_REDIRECT]); # $redirect_user_url . rawurlencode($acl[FLD_REDIRECT]); - else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_user_url . "?msg=" . htmlspecialchars($acl[FLD_REDIRECT]); - } - if ($acl[FLD_REWRITENAME]) - $sgconf[] = "\t\t rewrite " . $acl[FLD_REWRITENAME]; - if ($acl[FLD_LOG]) - $sgconf[] = "\t\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; - - // overtime - $sgconf[] = "\t } else {"; - $sgconf[] = "\t\t pass " . $acl[FLD_OVERDESTINATIONNAME]; - if ($acl[FLD_OVERREDIRECT] && is_url($acl[FLD_OVERREDIRECT])) - $sgconf[] = "\t\t redirect " . sg_redirector_base_url($acl[FLD_OVERREDIRECT]); # $redirect_base_url . rawurlencode($acl[FLD_OVERREDIRECT]); - if ($acl[FLD_OVERREWRITENAME]) - $sgconf[] = "\t\t rewrite " . $acl[FLD_OVERREWRITENAME]; - if ($acl[FLD_LOG]) - $sgconf[] = "\t\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; - - $sgconf[] = "\t }"; - } else { - $sgconf[] = "\t " . $acl[FLD_NAME] . " { "; - - $sgconf[] = "\t\t pass " . $acl[FLD_DESTINATIONNAME]; - - if ($acl[FLD_REDIRECT] && is_url($acl[FLD_REDIRECT])) - $sgconf[] = "\t\t redirect " . sg_redirector_base_url($acl[FLD_REDIRECT]); # $redirect_base_url . rawurlencode($acl[FLD_REDIRECT]); - if ($acl[FLD_REWRITENAME]) - $sgconf[] = "\t\t rewrite " . $acl[FLD_REWRITENAME]; - if ($acl[FLD_LOG]) - $sgconf[] = "\t\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; - - $sgconf[] = "\t }"; - } - $sgconf[] = ""; - } - $log_entr_added .= " {$acl[FLD_NAME]};"; - } - // log - if (!empty($log_entr_added)) - sg_addlog("sg_create_config: added: \n $log_entr_added \n", 1); - else sg_addlog("sg_create_config: added: Nothing.", 1); - } + # --- Rewrites --- + if ($squidguard_config[FLD_REWRITES]) { + $temp_str = ''; + $log_entr_added = ''; + $log_entr_err = ''; + foreach($squidguard_config[FLD_REWRITES][FLD_ITEM] as $rew) { + $sg_tag->clear(); + $sg_tag->set("rew", $rew[FLD_NAME], "", ""); + + if (is_array($rew[FLD_ITEM])) { + foreach ($rew[FLD_ITEM] as $rw) + $sg_tag->items[] = "s@.{$rw[FLD_TARGETURL]}@{$rw[FLD_REPLACETO]}@r"; + + if ($rew[FLD_LOG]) + $sg_tag->items[] = "log {SQUIDGUARD_ACCESSBLOCK_FILE}"; + + $sgconf[] = ""; + $sgconf[] = $sg_tag->tag_text(); + # log + $log_entr_added .= " {$rew[FLD_NAME]};"; + } + else { + $sgconf[] = ""; + $sgconf[] = "# Rewrite {$rew[FLD_NAME]} error."; + # log + $log_entr_err .= " {$rew[FLD_NAME]};"; + } + } - // --- Default --- - $def = $squidguard_config[FLD_DEFAULT]; - sg_addlog("sg_create_config: add Default", 1); - if ($def) { - // delete blacklist entries from 'pass' if blacklist disabled - if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') { - $tarray = explode(" ", $def[FLD_DESTINATIONNAME]); - foreach($entry_blacklist as $entry) { - $tk = array_search($entry , $tarray); - if ($tk !== false) unset ($tarray[$tk]); + # log + sg_addlog("sg_create_config: add rewrites: \n success $log_entr_added \n error $log_entr_err", 1); + } - $tk = array_search("!$entry" , $tarray); - if ($tk !== false) unset ($tarray[$tk]); + # ---------------------------------------- + $entry_blacklist = sg_entries_blacklist(); + + # --- ACL --- + $sg_tag->clear(); + $sg_tag->set("acl", "", "", ""); + if ($squidguard_config[FLD_ACLS]) { + $temp_str = ''; + $log_entr_added = ''; + foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) { + if (!$acl[FLD_DISABLED]) { + $sg_acltag = new TSgTag; + $sg_acltag->set($acl[FLD_NAME], "", $acl[FLD_TIMENAME], $acl[FLD_DESCRIPTION]); + + # delete blacklist entries from 'pass' if blacklist disabled + if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') { + acl_remove_blacklist_items(&$acl[FLD_DESTINATIONNAME]); + acl_remove_blacklist_items(&$acl[FLD_OVERDESTINATIONNAME]); + } + + # not allowing IP in URL + if ($acl[FLD_NOTALLOWINGIP]) { + $acl[FLD_DESTINATIONNAME] = "!in-addr {$acl[FLD_DESTINATIONNAME]}"; + $acl[FLD_OVERDESTINATIONNAME] = "!in-addr {$acl[FLD_OVERDESTINATIONNAME]}"; + } + + # re-order acl pass (<allow><deny<all|none>) + $acl[FLD_DESTINATIONNAME] = sg_aclpass_reorder($acl[FLD_DESTINATIONNAME]); + $acl[FLD_OVERDESTINATIONNAME] = sg_aclpass_reorder($acl[FLD_OVERDESTINATIONNAME]); + + # ontime + $sg_acltag->items[] = "pass {$acl[FLD_DESTINATIONNAME]}"; + if ($acl[FLD_RMOD] != RMOD_NONE) + $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[FLD_REDIRECT], $acl[FLD_RMOD]); + if ($acl[FLD_REWRITENAME]) + $sg_acltag->items[] = "rewrite {$acl[FLD_REWRITENAME]}"; + if ($acl[FLD_LOG]) + $sg_acltag->items[] = "log {SQUIDGUARD_ACCESSBLOCK_FILE}"; + + # overtime + if ($acl[FLD_TIMENAME]) { + $sg_acltag->items[] = "} else {"; + $sg_acltag->items[] = "pass {$acl[FLD_OVERDESTINATIONNAME]}"; + if ($acl[FLD_REDIRECMODE] !== RMOD_NONE) + $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[FLD_OVERREDIRECT], $acl[FLD_RMOD]); + if ($acl[FLD_OVERREWRITENAME]) + $sg_acltag->items[] = "rewrite {$acl[FLD_OVERREWRITENAME]}"; + if ($acl[FLD_LOG]) + $sg_acltag->items[] = "log " . SQUIDGUARD_ACCESSBLOCK_FILE; + } + $sg_tag->items[] = $sg_acltag; + } + $log_entr_added .= " {$acl[FLD_NAME]};"; + } + # log + $log_entr_added = !empty($log_entr_added) ? $log_entr_added : "Nothing."; + sg_addlog("sg_create_config: add ACL's: \n $log_entr_added", 1); + } - } - $def[FLD_DESTINATIONNAME] = implode (" ", $tarray); - } - - // not allowing IP in URL - if ($def[FLD_NOTALLOWINGIP]) - $def[FLD_DESTINATIONNAME] = "!in-addr " . $def[FLD_DESTINATIONNAME]; - - // re-order acl pass (<allow><deny<all|none>) - $def[FLD_DESTINATIONNAME] = sg_aclpass_reorder($def[FLD_DESTINATIONNAME]); - - // 'Default' used without time - $sgconf[] = "\t default { "; - $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME]; - if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT])) { - $sgconf[] = "\t\t redirect " . sg_redirector_base_url($def[FLD_REDIRECT]); # $redirect_base_url . rawurlencode($def[FLD_REDIRECT]); - } - else $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url; - if ($def[FLD_LOG]) - $sgconf[] = "\t\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; - $sgconf[] = "\t }"; - - } // if def - else { - sg_addlog("sg_create_config: error - ACL 'default' is empty, use as default 'block all'.", 2); - $sgconf[] = "\t default { "; - $sgconf[] = "\t\t pass none"; - $sgconf[] = "\t\t redirect " . sg_redirector_base_url(''); # $redirect_base_url; - $sgconf[] = "\t }"; - } + # --- Default --- + $sg_tag_def = new TSgTag; + $sg_tag_def->set("default", "", "", ""); + $def = $squidguard_config[FLD_DEFAULT]; + sg_addlog("sg_create_config: add Default", 1); + if ($def) { + $temp_str = ''; + + # delete blacklist entries from 'pass' if blacklist disabled + if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') + acl_remove_blacklist_items(&$def[FLD_DESTINATIONNAME]); + + # not allowing IP in URL + if ($def[FLD_NOTALLOWINGIP]) + $def[FLD_DESTINATIONNAME] = "!in-addr " . $def[FLD_DESTINATIONNAME]; + + # re-order acl pass (<allow><deny<all|none>) + $def[FLD_DESTINATIONNAME] = sg_aclpass_reorder($def[FLD_DESTINATIONNAME]); + + # ! 'Default' must use without times ! + $sg_tag_def->items[] = "pass {$def[FLD_DESTINATIONNAME]}"; + if ($def[FLD_RMOD] !== RMOD_NONE) + $sg_tag_def->items[] = "redirect " . sg_redirector_base_url($def[FLD_REDIRECT], $def[FLD_RMOD]); + if ($def[FLD_LOG]) + $sg_tag_def->items[] = "log {SQUIDGUARD_ACCESSBLOCK_FILE}"; + + } # <- if def + else { + $msg = "Error: ACL 'default' is empty, will use default 'block all'"; + $sg_tag_def->items[] = "# $msg"; + $sg_tag_def->items[] = "pass none"; + $sg_tag_def->items[] = "redirect " . sg_redirector_base_url('', RMOD_INT_ERRORPAGE); + sg_addlog("sg_create_config: $msg.", 2); + } - // --- ACL end --- - $sgconf[] = "}"; + # --- ACL end --- + $sg_tag->items[] = $sg_tag_def; # add 'default' ACL object + $sgconf[] = ""; + $sgconf[] = $sg_tag->tag_text(); - # delete "\n" chars before each string - SG bug (first string of config must be not empty) - foreach ($sgconf as $key => $val) $sgconf[$key] = ltrim($sgconf[$key], "\n"); - return implode("\n", $sgconf); + # delete "\n" chars before each string - SG bug (first string of config must be not empty) + foreach ($sgconf as $key => $val) $sgconf[$key] = ltrim($sgconf[$key], "\n"); + return implode("\n", $sgconf); } + # ------------------------------------------------------------------------------ # sg_create_simple_config # Create config for DB rebuilding @@ -1034,53 +993,54 @@ function sg_create_config() { # path can be 'usr/ads' or 'bl/poxy' # $redirect_to - redirector string # ------------------------------------------------------------------------------ -function sg_create_simple_config($blk_dbhome, $blk_destlist, $redirect_to = "404") { - global $squidguard_config; - $sgconf = array(); - $logdir = $squidguard_config[FLD_LOGDIR]; - $dbhome = $squidguard_config[FLD_DBHOME]; - - // current dbhome dir - if (!empty($blk_dbhome)) $dbhome = $blk_dbhome; - sg_addlog("sg_create_simple_config: Begin with dbhome='$dbhome'.", 1); - - // header - $sgconf[] = CONFIG_SG_HEADER; - - // init section - $sgconf[] = "logdir $logdir"; - $sgconf[] = "dbhome $dbhome"; - $sgconf[] = ""; - - // destination section - if (is_array($blk_destlist)) { - foreach($blk_destlist as $dst => $dpath) { - $tmp_s = array(); - - // check item elements - if (file_exists("$dbhome/$dpath/domains")) $tmp_s[] = "\t domainlist $dpath/domains"; - if (file_exists("$dbhome/$dpath/urls")) $tmp_s[] = "\t urllist $dpath/urls"; - if (file_exists("$dbhome/$dpath/expressions")) $tmp_s[] = "\t expressionlist $dpath/expressions"; - - // create only valid items - if (!empty($tmp_s)) { - $tmp_s = implode("\n", $tmp_s); - $sgconf[] = "dest $dst {\n $tmp_s \n}\n"; - sg_addlog("sg_create_simple_config: -- added item '$dst' = '$dbhome/$dpath'."); - } else - sg_addlog("sg_create_simple_config: -- ignored empty item '$dst' = '$dbhome/$dpath'."); - } - } +function sg_create_simple_config($blk_dbhome, $blk_destlist, $redirect_to = "404") +{ + global $squidguard_config; + $sgconf = array(); + $logdir = $squidguard_config[FLD_LOGDIR]; + $dbhome = $squidguard_config[FLD_DBHOME]; + + # current dbhome dir + if (!empty($blk_dbhome)) $dbhome = $blk_dbhome; + sg_addlog("sg_create_simple_config: Begin with dbhome='$dbhome'.", 1); + + # header + $sgconf[] = CONFIG_SG_HEADER; + + # init section + $sgconf[] = "logdir $logdir"; + $sgconf[] = "dbhome $dbhome"; + $sgconf[] = ""; + + # destination section + if (is_array($blk_destlist)) { + foreach($blk_destlist as $dst => $dpath) { + $tmp_s = array(); + + # check item elements + if (file_exists("$dbhome/$dpath/domains")) $tmp_s[] = "\t domainlist $dpath/domains"; + if (file_exists("$dbhome/$dpath/urls")) $tmp_s[] = "\t urllist $dpath/urls"; + if (file_exists("$dbhome/$dpath/expressions")) $tmp_s[] = "\t expressionlist $dpath/expressions"; + + # create only valid items + if (!empty($tmp_s)) { + $tmp_s = implode("\n", $tmp_s); + $sgconf[] = "dest $dst {\n $tmp_s \n}\n"; + sg_addlog("sg_create_simple_config: -- added item '$dst' = '$dbhome/$dpath'."); + } else + sg_addlog("sg_create_simple_config: -- ignored empty item '$dst' = '$dbhome/$dpath'."); + } + } - // acl section - $sgconf[] = "acl {\n\t default {\n\t\t pass all "; - $sgconf[] = "\t\t redirect " . sg_redirector_base_url($redirect_to, true); // use sgerror only! - $sgconf[] = "\t } \n}"; + # acl section + $sgconf[] = "acl {\n\t default {\n\t\t pass all "; + $sgconf[] = "\t\t redirect " . sg_redirector_base_url($redirect_to, RMOD_INT_ERRORPAGE); # use sgerror only! + $sgconf[] = "\t } \n}"; - # delete "\n" chars before each string - SG bug (first string of config must be not empty) - foreach ($sgconf as $key => $val) $sgconf[$key] = ltrim($sgconf[$key], "\n"); + # delete "\n" chars before each string - SG bug (first string of config must be not empty) + foreach ($sgconf as $key => $val) $sgconf[$key] = ltrim($sgconf[$key], "\n"); - return implode("\n", $sgconf); + return implode("\n", $sgconf); } # ------------------------------------------------------------------------------------------------- @@ -1089,76 +1049,65 @@ function sg_create_simple_config($blk_dbhome, $blk_destlist, $redirect_to = "404 # $use_internal - ignore 'Redirect mode' option, use internal (for rebuild config, for example) # # ------------------------------------------------------------------------------------------------- -function sg_redirector_base_url($url, $use_internal = false) { - global $squidguard_config; - $rdr_path = ''; - - // Redirect option must have any valid URL - // 301:redirect_url - $rdrmode = $squidguard_config[FLD_REDIRECTMODE]; - if (!$use_internal and !empty($url) and ($rdrmode === 'rmod_301')) { - $rdr_path = "301:$url"; - } - // 302:redirect_url - elseif (!$use_internal and !empty($url) and ($rdrmode === 'rmod_302')) { - $rdr_path = "302:$url"; - } - // sgerror.php - else { - $rdr_path = REDIRECT_BASE_URL; - - // check GUI port settings - if (isset($squidguard_config[FLD_CURRENT_GUI_PORT]) and !empty($squidguard_config[FLD_CURRENT_GUI_PORT])) { - $rdr_path = ":" . $squidguard_config[FLD_CURRENT_GUI_PORT] . $rdr_path; - } - - // check Lan IP port settings - $rdr_path = $squidguard_config[FLD_CURRENT_LAN_IP] . $rdr_path; - - // check GUI protocol settings - if ($squidguard_config[FLD_CURRENT_GUI_PROTO] === "https") - $rdr_path = "https://" . $rdr_path; - else $rdr_path = "http://" . $rdr_path; - - // arguments - // Attention: - // order arg's must be: first-URL, last-SG variables - // SG have bug, what broke data after his var's - $tmp_url = ltrim($url); - // not need encoded url string. only err_code line - if (eregi("^https{0,1}://", $tmp_url) === false) - $tmp_url = rawurlencode($tmp_url); - $rdr_path = "{$rdr_path}?url={$tmp_url}" . REDIRECT_URL_ARGS; - unset($tmp_url); - } +function sg_redirector_base_url($rdr_info, $redirect_mode) +{ + global $squidguard_config; + $rdr_path = ''; + + # gui port, ip & proto + $guiip = (!empty($squidguard_config[FLD_CURRENT_LAN_IP])) ? $squidguard_config[FLD_CURRENT_LAN_IP] : '127.0.0.1'; + $guiport = (!empty($squidguard_config[FLD_CURRENT_GUI_PORT])) ? $squidguard_config[FLD_CURRENT_GUI_PORT] : '80'; + $guiproto = ($squidguard_config[FLD_CURRENT_GUI_PROTO] === "https") ? "https" : "http"; + $rdr_path = "$guiproto://$guiip:$guiport" . REDIRECT_BASE_URL; + + # check redirect + $errmsg = ''; + if (!sg_check_redirect($redirect_mode, $rdr_info, &$errmsg)) { + $redirect_mode = RMOD_INT_ERRORPAGE; + $rdr_info = "Redirect settings error. $errmsg Check you configuration."; + sg_addlog("sg_redirector_base_url: ERROR: $errmsg"); + } - sg_addlog("sg_redirector_base_url: Select redirector base url ($rdr_path)"); - return $rdr_path; + switch($redirect_mode) { + case RMOD_EXT_ERR: $rdr_path = "$rdr_info" . REDIRECT_URL_ARGS; break; + case RMOD_EXT_RDR: $rdr_path = "$rdr_info"; break; + case RMOD_EXT_MOVED: $rdr_path = "301:$rdr_info"; break; + case RMOD_EXT_FOUND: $rdr_path = "302:$rdr_info"; break; + case RMOD_INT_BLANKPAGE: $rdr_path .= "?url=blank"; break; + case RMOD_INT_BLANKIMG: $rdr_path .= "?url=blank_img"; break; + case RMOD_INT_SIZELIMIT: $rdr_path .= "?url=maxlen_$rdr_info" . REDIRECT_URL_ARGS; break; + case RMOD_INT_ERRORPAGE: + default: $rdr_path .= "?url=" . rawurlencode("403 $rdr_info") . REDIRECT_URL_ARGS; break; + } + + sg_addlog("sg_redirector_base_url: Select redirector base url ($rdr_path)"); + return $rdr_path; } -// ------------------------------------------------------------ -// sg_aclpass_reorder -// ------------------------------------------------------------ -function sg_aclpass_reorder($pass) { +# ------------------------------------------------------------------------------------------------- +# sg_aclpass_reorder +# ------------------------------------------------------------------------------------------------- +function sg_aclpass_reorder($pass) +{ $ar_pass = explode(" ", $pass); - // 'pass' order: <allow> <deny> <all|none> + # 'pass' order: <allow> <deny> <all|none> if (is_array($ar_pass)) { $pass_end = ''; - $pass_fst = array(); // whitelist - '^' prefix (will deleted) - $pass_sec = array(); // blacklist - '!' prefix - $pass_lst = array(); // allow + $pass_fst = array(); # whitelist - '^' prefix (will deleted) + $pass_sec = array(); # blacklist - '!' prefix + $pass_lst = array(); # allow foreach ($ar_pass as $val) { $tk = trim($val); if ($tk === 'all' or $tk === 'none') $pass_end = $val; elseif (strpos($tk, "^") !== false) - // delete '^' prefix + # delete '^' prefix $pass_fst[] = str_replace('^', '', $val); elseif (strpos($tk, "!") !== false) $pass_sec[] = $val; else - $pass_lst[] = $val; + $pass_lst[] = $val; } $ar_pass = array_merge($pass_fst, $pass_sec, $pass_lst); $ar_pass[] = $pass_end; @@ -1166,285 +1115,285 @@ function sg_aclpass_reorder($pass) { return implode(" ", $ar_pass); } -// ------------------------------------------------------------ -// sg_check_config_data -// ------------------------------------------------------------ -function sg_check_config_data () { - global $squidguard_config; - $check_log = array(); - $times = array(); - $sources = array(); - $destinations = array(); - $rewrites = array(); - $acls = array(); - - // --- Times --- - if ($squidguard_config[FLD_TIMES]) { - foreach($squidguard_config[FLD_TIMES][FLD_ITEM] as $tm) { - // check name as unique and name format - $tm_name = $tm[FLD_NAME]; - $s = check_name($tm_name); - if ($s) - $check_log[] = "TIME '$tm_name' error: $s"; - - $times[] = $tm_name; - $key_tm = array_count_values($times); - if ($key_tm[$tm_name] > 1) - $check_log[] = "TIME '$tm_name' error: duplicate time name '$tm_name'"; - - // check time items format - } - } +# ------------------------------------------------------------ +# sg_check_config_data +# ------------------------------------------------------------ +function sg_check_config_data ($input_errors) +{ + global $squidguard_config; + $elog = array(); + $times = sg_list_itemsfield($squidguard_config[FLD_TIMES], FLD_NAME); + $sources = sg_list_itemsfield($squidguard_config[FLD_SOURCES], FLD_NAME); + $destinations = sg_list_itemsfield($squidguard_config[FLD_DESTINATIONS], FLD_NAME); + $rewrites = sg_list_itemsfield($squidguard_config[FLD_REWRITES], FLD_NAME); + $acls = array(); + + # --- Times --- + if ($squidguard_config[FLD_TIMES]) { + $key_tm = array_count_values($times); + foreach($squidguard_config[FLD_TIMES][FLD_ITEM] as $tm) { + # check name as unique and name format + $tm_name = $tm[FLD_NAME]; + $err_s = ''; + if (!check_name_format($tm_name, &$err_s)) + $elog[] = "(T1) TIME '$tm_name' error: >>> $err_s"; + + if ($key_tm[$tm_name] > 1) + $elog[] = "(T2) TIME '$tm_name' error: duplicate time name '$tm_name'"; + + # check time items format + sg_check_time($tm, &$elog); + } + } - // --- Sources --- - if ($squidguard_config[FLD_SOURCES]) { - foreach($squidguard_config[FLD_SOURCES][FLD_ITEM] as $src) { - // check name as unique and name format - $src_name = $src[FLD_NAME]; - $s = check_name($src_name); - if ($s) - $check_log[] = "SOURCE '$src_name'error: $s"; - - $sources[] = $src_name; - $key_src = array_count_values($sources); - if ($key_src[$src_name] > 1) - $check_log[] = "SOURCE '$src_name' error: duplicate source name '$src_name'"; - - // check IP's - } - } + # --- Sources --- + if ($squidguard_config[FLD_SOURCES]) { + $key_src = array_count_values($sources); + foreach($squidguard_config[FLD_SOURCES][FLD_ITEM] as $src) { + # check name as unique and name format + $src_name = $src[FLD_NAME]; + $err_s = ''; + if (!check_name_format($src_name, &$err_s)) + $elog[] = "(A1) ACL '$src_name'error: $err_s"; - // --- Destinations --- - if ($squidguard_config[FLD_DESTINATIONS]) { - foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) { - // check name as unique and name format - $dst_name = $dst[FLD_NAME]; - $s = check_name($dst_name); - if ($s) - $check_log[] = "DESTINATION '$dst_name' error: $s"; - - $destinations[] = $dst_name; - $key_dst = array_count_values($destinations); - if ($key_dst[$dst_name] > 1) - $check_log[] = "DESTINATION '$dst_name' error: duplicate destination name '$dst_name'"; - - // check urls - // check domains - // check expressions - // check redirection url - } - } + if ($key_src[$src_name] > 1) + $elog[] = "(A2) ACL '$src_name' error: duplicate source name '$src_name'"; - // --- Blacklist --- - $blk_entries_file = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES; - if (file_exists($blk_entries_file)) { - $blk_entr = explode("\n", file_get_contents($blk_entries_file)); - foreach($blk_entr as $entr) { - if ($entr) { - $destinations[] = $entr; - // check entry for exists - $dbfile = $squidguard_config[FLD_DBHOME] . "/$entr"; - if (!file_exists($dbfile)) - $check_log[] = "BLACKLIST '$entr' error: file '$dbfile' not found"; - } - } - } + sg_check_src($src, $elog); + } + } - // --- Rewrites --- - if ($squidguard_config[FLD_REWRITES]) { - foreach($squidguard_config[FLD_REWRITES][FLD_ITEM] as $rw) { - // check check name as unique and name format - $rw_name = $rw[FLD_NAME]; - $s = check_name($rw_name); - if ($s) - $check_log[] = "REWRITE '$rw_name' error: $s"; - - $rewrites[] = $rw_name; - $key_rw = array_count_values($rewrites); - if ($key_rw[$rw_name] > 1) - $check_log[] = "REWRITE '$rw_name' error: duplicate rewrite name '$rw_name'"; - } - } + # --- Destinations --- + if ($squidguard_config[FLD_DESTINATIONS]) { + $key_dst = array_count_values($destinations); + foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) { + # check name as unique and name format + $dst_name = $dst[FLD_NAME]; + $err_s = ''; + if (!check_name_format($dst_name, &$err_s)) + $elog[] = "(D1) DEST '$dst_name' error: $err_s"; + + if ($key_dst[$dst_name] > 1) + $elog[] = "(D2) DEST '$dst_name' error: duplicate destination name '$dst_name'"; + # + sg_check_dest($dst, &$elog); + } + } - $key_times = array_count_values($times); - $key_sources = array_count_values($sources); - $key_destinations = array_count_values($destinations); - $key_rewrites = array_count_values($rewrites); - - // --- ACLs --- - if ($squidguard_config[FLD_ACLS]) { - $acls = array(); - foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) { - // skip disabled acl - if ($acls[FLD_DISABLED]) continue; - - $acl_name = $acl[FLD_NAME]; - - // check acl name for unique and exists (as source items) - if ($acl_name and !$key_sources[$acl_name]) - $check_log[] = "ACL '$acl_name' error: acl name '$acl_name' not found"; - - $acls[] = $acl_name; - $key_acls = array_count_values($acls); - if ($key_acls[$acl_name] > 1) - $check_log[] = "ACL '$acl_name' error: duplicate acl name '$acl_name'"; - - // check time - $time = $acl[FLD_TIMENAME]; - if ($time and !$key_times[$time]) // time name must exists - $check_log[] = "ACL '$acl_name' error: time name '$time' not found"; - - // check destinations - if ($acl[FLD_DESTINATIONNAME]) { - $acldest = $acl[FLD_DESTINATIONNAME]; - $acldest = str_replace("!", "", $acldest); - $acldest = str_replace("^", "", $acldest); - $acldest = explode(" ", $acldest); - $key_acldest = array_count_values($acldest); - foreach($acldest as $adest) { - // check duplicates destinations in acl - if ($key_acldest[$adest] > 1) - $check_log[] = "ACL '$acl_name' error: duplicate destination name '$adest'. Any destination must included once."; - // check destinations for exists - if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) - $check_log[] = "ACL '$acl_name' error: destination name '$adest' not found"; - } - } else { - $check_log[] = "ACL '$acl_name' error: ontime pass list is empty. Added 'none'."; - $acl[FLD_DESTINATIONNAME] = "none"; - } + # --- Blacklist --- + $blk_entries_file = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES; + if (file_exists($blk_entries_file)) { + $blk_entr = explode("\n", file_get_contents($blk_entries_file)); + foreach($blk_entr as $entr) { + if ($entr) { + $destinations[] = $entr; + # check entry for exists + $dbfile = $squidguard_config[FLD_DBHOME] . "/$entr"; + if (!file_exists($dbfile)) + $elog[] = "(B1) BLACKLIST '$entr' error: file '$dbfile' not found"; + } + } + } - // check overtime destinations - if ($time) { - if ($acl[FLD_OVERDESTINATIONNAME]) { - $acloverdest = $acl[FLD_OVERDESTINATIONNAME]; - $acloverdest = str_replace("!", "", $acloverdest); - $acloverdest = str_replace("^", "", $acloverdest); - $acloverdest = explode(" ", $acloverdest); - $key_acloverdest = array_count_values($acloverdest); - foreach($acloverdest as $adest) { - // check duplicates destinations in acl - if ($key_acloverdest[$adest] > 1) - $check_log[] = "ACL '$acl_name' error: duplicate overtime destination name '$adest'. Any destination must included once."; - // check destinations for exists - if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) - $check_log[] = "ACL '$acl_name' error: overtime destination name '$adest' not found"; - } - } else { - $check_log[] = "ACL '$acl_name' error: overtime pass list is empty. Added 'none'."; - $acl[FLD_OVERDESTINATIONNAME] = "none"; - } - } + # --- Rewrites --- + if ($squidguard_config[FLD_REWRITES]) { + $key_rw = array_count_values($rewrites); + foreach($squidguard_config[FLD_REWRITES][FLD_ITEM] as $rw) { + # check check name as unique and name format + $rw_name = $rw[FLD_NAME]; + $err_s = ''; + if (!check_name_format($rw_name, &$err_s)) + $elog[] = "(R1) REWRITE '$rw_name' error: $err_s"; + + if ($key_rw[$rw_name] > 1) + $elog[] = "(R2) REWRITE '$rw_name' error: duplicate rewrite name '$rw_name'"; + } + } - // check rewrite - $rew = $acl[FLD_REWRITENAME]; - if ($rew and !$key_rewrites[$rew]) - $check_log[] = "ACL '$acl_name' error: rewrite name '$rew' not found"; + $key_times = array_count_values($times); + $key_sources = array_count_values($sources); + $key_destinations = array_count_values($destinations); + $key_rewrites = array_count_values($rewrites); + + # --- ACLs --- + if ($squidguard_config[FLD_ACLS]) { + $acls = array(); + foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) { + # skip disabled acl + if ($acls[FLD_DISABLED]) continue; + + $acl_name = $acl[FLD_NAME]; + + # check acl name for unique and exists (as source items) + if ($acl_name and !$key_sources[$acl_name]) + $elog[] = "(A1) ACL '$acl_name' error: acl name '$acl_name' not found"; + + $acls[] = $acl_name; + $key_acls = array_count_values($acls); + if ($key_acls[$acl_name] > 1) + $elog[] = "(A2) ACL '$acl_name' error: duplicate acl name '$acl_name'"; + + # check time + $time = $acl[FLD_TIMENAME]; + if ($time and !$key_times[$time]) # time name must exists + $elog[] = "(A3) ACL '$acl_name' error: time name '$time' not found"; + + # check destinations + if ($acl[FLD_DESTINATIONNAME]) { + $acldest = $acl[FLD_DESTINATIONNAME]; + $acldest = str_replace("!", "", $acldest); + $acldest = str_replace("^", "", $acldest); + $acldest = explode(" ", $acldest); + $key_acldest = array_count_values($acldest); + foreach($acldest as $adest) { + # check duplicates destinations in acl + if ($key_acldest[$adest] > 1) + $elog[] = "(A4) ACL '$acl_name' error: duplicate destination name '$adest'. Any destination must included once."; + # check destinations for exists + if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) + $elog[] = "(A5) ACL '$acl_name' error: destination name '$adest' not found"; + } + } else { + $elog[] = "(A6) ACL '$acl_name' error: ontime pass list is empty. Added 'none'."; + $acl[FLD_DESTINATIONNAME] = "none"; + } - // check overtime rewrite - $overrew = $acl[FLD_OVERREWRITENAME]; - if ($time and $overrew and !$key_rewrites[$overrew]) - $check_log[] = "ACL '$acl_name' error: overtime rewrite name '$overrew' not found"; + # check overtime destinations + if ($time) { + if ($acl[FLD_OVERDESTINATIONNAME]) { + $acloverdest = $acl[FLD_OVERDESTINATIONNAME]; + $acloverdest = str_replace("!", "", $acloverdest); + $acloverdest = str_replace("^", "", $acloverdest); + $acloverdest = explode(" ", $acloverdest); + $key_acloverdest = array_count_values($acloverdest); + foreach($acloverdest as $adest) { + # check duplicates destinations in acl + if ($key_acloverdest[$adest] > 1) + $elog[] = "(A7) ACL '$acl_name' error: duplicate overtime destination name '$adest'. Any destination must included once."; + # check destinations for exists + if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) + $elog[] = "(A8) ACL '$acl_name' error: overtime destination name '$adest' not found"; + } + } else { + $elog[] = "(A9) ACL '$acl_name' error: overtime pass list is empty. Added 'none'."; + $acl[FLD_OVERDESTINATIONNAME] = "none"; + } + } - // check redirect - $redir = $acl[FLD_REDIRECT]; - $overredir = $acl[FLD_OVERREDIRECT]; - } - } + # check rewrite + $rew = $acl[FLD_REWRITENAME]; + if ($rew and !$key_rewrites[$rew]) + $elog[] = "(AA) ACL '$acl_name' error: rewrite name '$rew' not found"; + # check overtime rewrite + $overrew = $acl[FLD_OVERREWRITENAME]; + if ($time and $overrew and !$key_rewrites[$overrew]) + $elog[] = "(AB) ACL '$acl_name' error: overtime rewrite name '$overrew' not found"; - // --- Default --- - if ($squidguard_config[FLD_ACLS]) { - $def = $squidguard_config[FLD_DEFAULT]; - - // check time - $time = $def[FLD_TIMENAME]; - if ($time and !$key_times[$time]) // time name must exists - $check_log[] = "ACL 'default' error: time name '$time' not found"; - - // check destinations - if ($def[FLD_DESTINATIONNAME]) { - $defdest = $def[FLD_DESTINATIONNAME]; - $defdest = str_replace("!", "", $defdest); - $defdest = str_replace("^", "", $defdest); - $defdest = explode(" ", $defdest); - $key_defdest = array_count_values($defdest); - foreach($defdest as $adest) { - // check duplicates destinations in acl - if ($key_defdest[$adest] > 1) - $check_log[] = "ACL 'default' error: duplicate destination name '$adest'. Any destination must included once."; - // check destinations for exists - if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) - $check_log[] = "ACL 'default' error: destination name '$adest' not found"; - } - } else { - $check_log[] = "ACL 'default' error: ontime pass list is empty. Added 'none'."; - $def[FLD_DESTINATIONNAME] = "none"; - } - - // check rewrite - $rew = $def[FLD_REWRITENAME]; - if ($rew and !$key_rewrites[$rew]) - $check_log[] = "ACL 'default' error: rewrite name '$rew' not found"; - - // check overtime rewrite - $overrew = $def[FLD_OVERREWRITENAME]; - if ($time and $overrew and !$key_rewrites[$overrew]) - $check_log[] = "ACL 'default' error: overtime rewrite name '$overrew' not found"; - - // check redirect - $redir = $def[FLD_REDIRECT]; - $overredir = $def[FLD_OVERREDIRECT]; - } + # check redirect + $redir = $acl[FLD_REDIRECT]; + $overredir = $acl[FLD_OVERREDIRECT]; + } + } + + # --- Default --- + if ($squidguard_config[FLD_ACLS]) { + $def = $squidguard_config[FLD_DEFAULT]; + + # check time + $time = $def[FLD_TIMENAME]; + if ($time and !$key_times[$time]) # time name must exists + $elog[] = "(DF1) ACL 'default' error: time name '$time' not found"; + + # check destinations + if ($def[FLD_DESTINATIONNAME]) { + $defdest = $def[FLD_DESTINATIONNAME]; + $defdest = str_replace("!", "", $defdest); + $defdest = str_replace("^", "", $defdest); + $defdest = explode(" ", $defdest); + $key_defdest = array_count_values($defdest); + foreach($defdest as $adest) { + # check duplicates destinations in acl + if ($key_defdest[$adest] > 1) + $elog[] = "(DF2) ACL 'default' error: duplicate destination name '$adest'. Any destination must included once."; + # check destinations for exists + if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) + $elog[] = "(DF3) ACL 'default' error: destination name '$adest' not found"; + } + } else { + $elog[] = "(DF4) ACL 'default' error: ontime pass list is empty. Added 'none'."; + $def[FLD_DESTINATIONNAME] = "none"; + } + + # check rewrite + $rew = $def[FLD_REWRITENAME]; + if ($rew and !$key_rewrites[$rew]) + $elog[] = "(DF5) ACL 'default' error: rewrite name '$rew' not found"; + + # check overtime rewrite + $overrew = $def[FLD_OVERREWRITENAME]; + if ($time and $overrew and !$key_rewrites[$overrew]) + $elog[] = "(DF6) ACL 'default' error: overtime rewrite name '$overrew' not found"; + + # check redirect + $redir = $def[FLD_REDIRECT]; + $overredir = $def[FLD_OVERREDIRECT]; + } - return implode("\n", $check_log); + # update log + if (!empty($elog)) { + $input_errors = (is_array($input_errors)) ? array_merge($input_errors, $elog) : implode("\n", $elog); + } + + return empty($elog); } -// ============================================================================= -// Blacklist -// ============================================================================= -// sg_reconfigure_blacklist($source_filename, $opt) -// $source_filename - file name or url -// $opt - option: -// '' or 'local' - update from local file -// 'url' - update from url -// ----------------------------------------------------------------------------- -function sg_reconfigure_blacklist($source_filename, $opt = '') { - global $squidguard_config; - $sf = trim($source_filename); - $sf_contents = ''; - - sg_addlog("sg_reconfigure_blacklist: Begin with '$sf'.", 1); - - // 1. check system - sg_check_system(); - - // 2. upload - if ($sf[0] === "/") { // local file - example '/tmp/blacklists.tar' - sg_addlog("sg_reconfigure_blacklist: Update from file '$sf'.", 1); - if (file_exists($sf)) { - $sf_contents = file_get_contents($sf); - } else { - sg_addlog("sg_reconfigure_blacklist: Error, file '$sf' not found.", 2); - return; - } - } - // from url - else { - sg_addlog("sg_reconfigure_blacklist: Upload from url '$sf'.", 1); - $sf_contents = sg_uploadfile_from_url($sf, BLK_LOCALFILE, $opt); - } +# ============================================================================= +# Blacklist +# ============================================================================= +# sg_reconfigure_blacklist($source_filename, $opt) +# $source_filename - file name or url +# $opt - option: +# '' or 'local' - update from local file +# 'url' - update from url +# ----------------------------------------------------------------------------- +function sg_reconfigure_blacklist($source_filename, $opt = '') +{ + global $squidguard_config; + $sf = trim($source_filename); + $sf_contents = ''; + + sg_addlog("sg_reconfigure_blacklist: Begin with '$sf'.", 1); + + # 1. check system + sg_check_system(); + + # 2. upload + if ($sf[0] === "/") { # local file - example '/tmp/blacklists.tar' + sg_addlog("sg_reconfigure_blacklist: Update from file '$sf'.", 1); + if (file_exists($sf)) { + $sf_contents = file_get_contents($sf); + } else { + sg_addlog("sg_reconfigure_blacklist: Error, file '$sf' not found.", 2); + return; + } + } + # from url + else { + sg_addlog("sg_reconfigure_blacklist: Upload from url '$sf'.", 1); + $sf_contents = sg_uploadfile_from_url($sf, BLK_LOCALFILE, $opt); + } - // 3. update - if (empty($sf_contents)) { - sg_addlog("sg_reconfigure_blacklist: Error content from '$sf'.", 2); - return; - } - // save black list archive content to local file - file_put_contents(BLK_LOCALFILE, $sf_contents); + # 3. update + if (empty($sf_contents)) { + sg_addlog("sg_reconfigure_blacklist: Error content from '$sf'.", 2); + return; + } + # save black list archive content to local file + file_put_contents(BLK_LOCALFILE, $sf_contents); - // 4. update blacklist - sg_update_blacklist(BLK_LOCALFILE); + # 4. update blacklist + sg_update_blacklist(BLK_LOCALFILE); } # ------------------------------------------------------------------------------ @@ -1457,167 +1406,169 @@ function sg_reconfigure_blacklist($source_filename, $opt = '') { # - background rebuild temp DB via sh script (longer proccess) and copy to work DB # ------------------------------------------------------------------------------ -function sg_update_blacklist($from_file) { - global $squidguard_config; - $dbhome = SQUIDGUARD_DBHOME_DEF; - $workdir = SQUIDGUARD_WORKDIR_DEF; - $tmp_unpack_dir = SQUIDGUARD_TMP . SQUIDGUARD_BL_UNPACK; - $arc_db_dir = SQUIDGUARD_VAR . SG_BLK_ARC; - - sg_addlog("sg_update_blacklist: Begin with '$from_file'.", 1); - - if (file_exists($from_file)) { - - # check work and DB dir's - if (file_exists($squidguard_config[FLD_DBHOME])) $dbhome = $squidguard_config[FLD_DBHOME]; - if (file_exists($squidguard_config[FLD_WORKDIR])) $workdir = $squidguard_config[FLD_WORKDIR]; - # delete old tmp dir's - if (file_exists($tmp_unpack_dir)) mwexec("rm -R . $tmp_unpack_dir"); - if (file_exists($arc_db_dir)) mwexec("rm -R . $arc_db_dir"); - # create new tmp/arc dir's - mwexec("mkdir -p -m 0755 $tmp_unpack_dir"); - mwexec("mkdir -p -m 0755 $arc_db_dir"); - - # 1. unpack archive - mwexec("tar zxvf $from_file -C $tmp_unpack_dir"); - set_file_access($tmp_unpack_dir, OWNER_NAME, 0755); - sg_addlog("sg_update_blacklist: Unpack uploaded file '$from_file' -> '$tmp_unpack_dir'.", 1); - - # 2. copy blacklist to squidGuard base & create entries list - if (file_exists($tmp_unpack_dir)) { - $blk_items = array(); - $blk_list = array(); - - # scan blacklist items - scan_blacklist_cat($tmp_unpack_dir, "blk", & $blk_items); - - # move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB) - foreach ($blk_items as $key => $val) { - $current_dbpath = "$arc_db_dir/$key"; - if (count($val)) { - # make blk_list for config file - $blk_list[$key] = $key; - - # delete '$current_dbpath' for correct moving - # need moving $val['path'] to $current_dbpath - # if $current_dbpath exists, - # then $val['path'] will created as subdir - !it's worng! - if (file_exists($current_dbpath)) - mwexec("rm -R $current_dbpath"); - mwexec("mv -f {$val['path']}/ $current_dbpath"); - sg_addlog("sg_update_blacklist: Move {$val['path']}/ -> $current_dbpath.", 1); - } - } - set_file_access($arc_db_dir, OWNER_NAME, 0755); - - # -- DISABLED -- copy unrebuilded blacklist from arch_DB_to work DB & set access rights -# mwexec("cp -R $arc_db_dir/ $dbhome"); -# set_file_access($dbhome, OWNER_NAME, 0755); - - # create entries list - if (count($blk_items)) { - # save to temp DB - $blklist_file = SQUIDGUARD_VAR . SQUIDGUARD_BLK_ENTRIES; - file_put_contents($blklist_file, implode("\n", array_keys($blk_items))); - set_file_access ($blklist_file, OWNER_NAME, 0755); - - # -- DISABLED -- save copy to squidGuard config dir -# $blklist_file = "{$squidguard_config[FLD_WORKDIR]}/" . SQUIDGUARD_BLK_ENTRIES; -# file_put_contents($blklist_file, implode("\n", array_keys($blk_items))); -# set_file_access ($blklist_file, OWNER_NAME, 0755); - sg_addlog("sg_update_blacklist: Create DB entries list '$blklist_file'.", 1); - } +function sg_update_blacklist($from_file) +{ + global $squidguard_config; + $dbhome = SQUIDGUARD_DBHOME_DEF; + $workdir = SQUIDGUARD_WORKDIR_DEF; + $tmp_unpack_dir = SQUIDGUARD_TMP . SQUIDGUARD_BL_UNPACK; + $arc_db_dir = SQUIDGUARD_VAR . SG_BLK_ARC; + + sg_addlog("sg_update_blacklist: Begin with '$from_file'.", 1); + + if (file_exists($from_file)) { + # check work and DB dir's + if (file_exists($squidguard_config[FLD_DBHOME])) $dbhome = $squidguard_config[FLD_DBHOME]; + if (file_exists($squidguard_config[FLD_WORKDIR])) $workdir = $squidguard_config[FLD_WORKDIR]; + # delete old tmp dir's + if (file_exists($tmp_unpack_dir)) mwexec("rm -R . $tmp_unpack_dir"); + if (file_exists($arc_db_dir)) mwexec("rm -R . $arc_db_dir"); + # create new tmp/arc dir's + mwexec("mkdir -p -m 0755 $tmp_unpack_dir"); + mwexec("mkdir -p -m 0755 $arc_db_dir"); + + # 1. unpack archive + mwexec("tar zxvf $from_file -C $tmp_unpack_dir"); + set_file_access($tmp_unpack_dir, OWNER_NAME, 0755); + sg_addlog("sg_update_blacklist: Unpack uploaded file '$from_file' -> '$tmp_unpack_dir'.", 1); + + # 2. copy blacklist to squidGuard base & create entries list + if (file_exists($tmp_unpack_dir)) { + $blk_items = array(); + $blk_list = array(); + + # scan blacklist items + scan_blacklist_cat($tmp_unpack_dir, "blk", & $blk_items); + + # move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB) + foreach ($blk_items as $key => $val) { + $current_dbpath = "$arc_db_dir/$key"; + if (count($val)) { + # make blk_list for config file + $blk_list[$key] = $key; + + # delete '$current_dbpath' for correct moving + # need moving $val['path'] to $current_dbpath + # if $current_dbpath exists, + # then $val['path'] will created as subdir - !it's worng! + if (file_exists($current_dbpath)) + mwexec("rm -R $current_dbpath"); + mwexec("mv -f {$val['path']}/ $current_dbpath"); + sg_addlog("sg_update_blacklist: Move {$val['path']}/ -> $current_dbpath.", 1); + } + } + set_file_access($arc_db_dir, OWNER_NAME, 0755); + + # -- DISABLED -- copy unrebuilded blacklist from arch_DB_to work DB & set access rights +# mwexec("cp -R $arc_db_dir/ $dbhome"); +# set_file_access($dbhome, OWNER_NAME, 0755); + + # create entries list + if (count($blk_items)) { + # save to temp DB + $blklist_file = SQUIDGUARD_VAR . SQUIDGUARD_BLK_ENTRIES; + file_put_contents($blklist_file, implode("\n", array_keys($blk_items))); + set_file_access ($blklist_file, OWNER_NAME, 0755); + + # -- DISABLED -- save copy to squidGuard config dir +# $blklist_file = "{$squidguard_config[FLD_WORKDIR]}/" . SQUIDGUARD_BLK_ENTRIES; +# file_put_contents($blklist_file, implode("\n", array_keys($blk_items))); +# set_file_access ($blklist_file, OWNER_NAME, 0755); + sg_addlog("sg_update_blacklist: Create DB entries list '$blklist_file'.", 1); + } - # make rebuild config (included all found dest items) & save to work dir - $conf_path = SQUIDGUARD_VAR . DB_REBUILD_BLK_CONF; # "/tmp/squidGuard_rebuild_blk.conf"; - file_put_contents($conf_path, sg_create_simple_config($arc_db_dir, $blk_list)); - set_file_access($conf_path, OWNER_NAME, 0755); - sg_addlog("sg_update_blacklist: Create rebuild config '$conf_path'.", 1); - - # *** SH script *********************************************** - $sh_scr = Array(); - $sh_scr[] = "#!/bin/sh"; - $sh_scr[] = "cd $arc_db_dir"; - $sh_scr[] = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $conf_path -C all"; - $sh_scr[] = "wait"; # wait while SG rebuild DB - $sh_scr[] = "chown -R -v " . OWNER_NAME . " $arc_db_dir"; - $sh_scr[] = "chmod -R -v 0755 $arc_db_dir"; - - # copy temp db to '/var/db/squidGuard (-R - recursive; -p - copy access rights) - # '$bl_temp_dbhome/' - slash in end of path - copy only dir content (not self dir) - $sh_scr[] = "cp -R -p $arc_db_dir/ $dbhome"; - $sh_scr[] = "cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR_DEF; - # set DB owner and right access - $sh_scr[] = "chown -R -v " . OWNER_NAME . " $dbhome"; - $sh_scr[] = "chmod -R -v 0755 $dbhome"; - - # if new blacklist some as already installed, then restart squid for changes to take effects - $blk_items_old = ''; - $blk_file_old = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES; - if (file_exists($blk_items_old)) - $blk_items_old = file_get_contents($blk_file_old); - if (!empty($blk_items_old) && ($blk_items_old === implode("\n", array_keys($blk_items)))) { - $sh_scr[] = "/usr/local/sbin/squid -k reconfigure"; - $sh_scr[] = "wait"; # wait while process - } - unset($blk_file_old); - unset($blk_items_old); - - # store & exec sh - $sh_scr = implode("\n", $sh_scr); - $shfile = DB_REBUILD_SH . "_blk"; - file_put_contents($shfile, $sh_scr); - set_file_access($shfile, OWNER_NAME, 0755); # 0755 - script will execute - # kill exists rebuild processes -# mwexec("kill `ps auxw | grep \"$shfile\" | grep -v \"grep\" | awk '{print $2}'`"); # sh script - mwexec("kill `ps auxw | grep \"squidGuard_blk_rebuild\" | grep -v \"grep\" | awk '{print $2}'`"); # squidGuard process - mwexec_bg("nice -n 5 $shfile"); - sg_addlog("sg_update_blacklist: Started sh script '$shfile'.", 1); - - // clearing temp -# mwexec("rm -R $bl_temp"); - } + # make rebuild config (included all found dest items) & save to work dir + $conf_path = SQUIDGUARD_VAR . DB_REBUILD_BLK_CONF; # "/tmp/squidGuard_rebuild_blk.conf"; + file_put_contents($conf_path, sg_create_simple_config($arc_db_dir, $blk_list)); + set_file_access($conf_path, OWNER_NAME, 0755); + sg_addlog("sg_update_blacklist: Create rebuild config '$conf_path'.", 1); + + # *** SH script *********************************************** + $sh_scr = Array(); + $sh_scr[] = "#!/bin/sh"; + $sh_scr[] = "cd $arc_db_dir"; + $sh_scr[] = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $conf_path -C all"; + $sh_scr[] = "wait"; # wait while SG rebuild DB + $sh_scr[] = "chown -R -v " . OWNER_NAME . " $arc_db_dir"; + $sh_scr[] = "chmod -R -v 0755 $arc_db_dir"; + + # copy temp db to '/var/db/squidGuard (-R - recursive; -p - copy access rights) + # '$bl_temp_dbhome/' - slash in end of path - copy only dir content (not self dir) + $sh_scr[] = "cp -R -p $arc_db_dir/ $dbhome"; + $sh_scr[] = "cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR_DEF; + # set DB owner and right access + $sh_scr[] = "chown -R -v " . OWNER_NAME . " $dbhome"; + $sh_scr[] = "chmod -R -v 0755 $dbhome"; + + # if new blacklist some as already installed, then restart squid for changes to take effects + $blk_items_old = ''; + $blk_file_old = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES; + if (file_exists($blk_items_old)) + $blk_items_old = file_get_contents($blk_file_old); + if (!empty($blk_items_old) && ($blk_items_old === implode("\n", array_keys($blk_items)))) { + $sh_scr[] = "/usr/local/sbin/squid -k reconfigure"; + $sh_scr[] = "wait"; # wait while process + } + unset($blk_file_old); + unset($blk_items_old); + + # store & exec sh + $sh_scr = implode("\n", $sh_scr); + $shfile = DB_REBUILD_SH . "_blk"; + file_put_contents($shfile, $sh_scr); + set_file_access($shfile, OWNER_NAME, 0755); # 0755 - script will execute + # kill exists rebuild processes +# mwexec("kill `ps auxw | grep \"$shfile\" | grep -v \"grep\" | awk '{print $2}'`"); # sh script + mwexec("kill `ps auxw | grep \"squidGuard_blk_rebuild\" | grep -v \"grep\" | awk '{print $2}'`"); # squidGuard process + mwexec_bg("nice -n 5 $shfile"); + sg_addlog("sg_update_blacklist: Started sh script '$shfile'.", 1); + + # clearing temp +# mwexec("rm -R $bl_temp"); } + } } -// ----------------------------------------------------------------------------- -// sg_blacklist_rebuild_DB - update blacklist from file -// ----------------------------------------------------------------------------- -function sg_entries_blacklist() { - global $squidguard_config; - $contents = ''; - $fl = SQUIDGUARD_WORKDIR_DEF . SQUIDGUARD_BLK_ENTRIES; - if (file_exists($squidguard_config[FLD_WORKDIR])) { - $fl = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES; - } - if (file_exists($fl)) { - $contents = explode("\n", file_get_contents($fl)); - } - return $contents; +# ----------------------------------------------------------------------------- +# sg_blacklist_rebuild_DB - update blacklist from file +# ----------------------------------------------------------------------------- +function sg_entries_blacklist() +{ + global $squidguard_config; + $contents = ''; + + $fl = SQUIDGUARD_WORKDIR_DEF . SQUIDGUARD_BLK_ENTRIES; + if (file_exists($squidguard_config[FLD_WORKDIR])) + $fl = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES; + if (file_exists($fl)) + $contents = explode("\n", file_get_contents($fl)); + + return $contents; } # ----------------------------------------------------------------------------- # sg_blacklist_rebuild_db - rebuild current Blacklist DB (default: '/var/db/squidGuard') # ----------------------------------------------------------------------------- -function sg_blacklist_rebuild_db() { // $shtag, $rdb_dbhome, $rdb_workdir) { - global $squidguard_config; - $dst_list = array(); - $dbhome = $squidguard_config[FLD_DBHOME]; - $workdir = $squidguard_config[FLD_WORKDIR]; - - # current dbhome and work dir's - sg_addlog("sg_blacklist_rebuild_db: Start with path '$dbhome'.", 1); - - # make dest list - $blklist_file = "$workdir/" . SQUIDGUARD_BLK_ENTRIES; - if (file_exists($blklist_file)) { - $blklist = explode("\n", file_get_contents($blklist_file)); - if (is_array($blklist)) - foreach($blklist as $bl) { $dst_list[$bl] = $bl; } - } +function sg_blacklist_rebuild_db() +{ + global $squidguard_config; + $dst_list = array(); + $dbhome = $squidguard_config[FLD_DBHOME]; + $workdir = $squidguard_config[FLD_WORKDIR]; + + # current dbhome and work dir's + sg_addlog("sg_blacklist_rebuild_db: Start with path '$dbhome'.", 1); + + # make dest list + $blklist_file = "$workdir/" . SQUIDGUARD_BLK_ENTRIES; + if (file_exists($blklist_file)) { + $blklist = explode("\n", file_get_contents($blklist_file)); + if (is_array($blklist)) + foreach($blklist as $bl) { $dst_list[$bl] = $bl; } + } - # rebuild user db ('/var/db/squidGuard') - sg_rebuild_db("_blkdb", $dbhome, $dst_list); + # rebuild user db ('/var/db/squidGuard') + sg_rebuild_db("_blkdb", $dbhome, $dst_list); } # ========================== UTILS ============================================= @@ -1625,39 +1576,40 @@ function sg_blacklist_rebuild_db() { // $shtag, $rdb_dbhome, $rdb_workdir) { # upload file and put them to $destination_file # return = upload content # ------------------------------------------------------------------------------ -function sg_uploadfile_from_url($url_file, $destination_file, $proxy = '') { - // open destination file - sg_addlog("sg_uploadfile_from_url: begin url'$url_file' proxy'$proxy'", 1); - - $result = ''; - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $url_file); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); - if (!empty($proxy)) { - $ip = ''; - $login = ''; - $s = trim($proxy); - if (strpos($s, ' ')) { - $ip = substr($s, 0, strpos($s, ' ')); - $login = substr($s, strpos($s, ' ') + 1); - } else $ip = $s; - - if($ip != '') { - curl_setopt($ch, CURLOPT_PROXY, $ip); - if($login != '') - curl_setopt($ch, CURLOPT_PROXYUSERPWD, $login); - } - } - $result=curl_exec ($ch); - curl_close ($ch); - if (!empty($destination_file)) - file_put_contents($destination_file, $result); - else sg_addlog("sg_uploadfile_from_url: Error upload file", 2); +function sg_uploadfile_from_url($url_file, $destination_file, $proxy = '') +{ + # open destination file + sg_addlog("sg_uploadfile_from_url: begin url'$url_file' proxy'$proxy'", 1); + + $result = ''; + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url_file); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + if (!empty($proxy)) { + $ip = ''; + $login = ''; + $s = trim($proxy); + if (strpos($s, ' ')) { + $ip = substr($s, 0, strpos($s, ' ')); + $login = substr($s, strpos($s, ' ') + 1); + } else $ip = $s; + + if($ip != '') { + curl_setopt($ch, CURLOPT_PROXY, $ip); + if($login != '') + curl_setopt($ch, CURLOPT_PROXYUSERPWD, $login); + } + } + $result=curl_exec ($ch); + curl_close ($ch); + if (!empty($destination_file)) + file_put_contents($destination_file, $result); + else sg_addlog("sg_uploadfile_from_url: Error upload file", 2); - // for test - file_put_contents(BLK_LOCALFILE, $result); + # for test + file_put_contents(BLK_LOCALFILE, $result); - return $result; + return $result; } # ============================================================================== @@ -1665,54 +1617,56 @@ function sg_uploadfile_from_url($url_file, $destination_file, $proxy = '') { # ============================================================================== # Set file access # ------------------------------------------------------------------------------ -function set_file_access($dir, $owner, $mod) { - $mod = sprintf("%o", $mod); - if (!file_exists($dir)) return; - # recursive change access - mwexec("chown -R -v $owner $dir"); - mwexec("chgrp -R -v $owner $dir"); - mwexec("chmod -R -v $mod $dir"); +function set_file_access($dir, $owner, $mod) +{ + $mod = sprintf("%o", $mod); + if (!file_exists($dir)) return; + # recursive change access + mwexec("chown -R -v $owner $dir"); + mwexec("chgrp -R -v $owner $dir"); + mwexec("chmod -R -v $mod $dir"); } # ------------------------------------------------------------------------------ # scan_dir - build files listing for $dir # ------------------------------------------------------------------------------ -function scan_dir($dir) { - $files = array(); - if (file_exists($dir)) { - $dh = opendir($dir); - while (false !== ($filename = readdir($dh))) { - // skip '.' and '..' names - if (($filename !== '.') and ($filename !== '..')) $files[] = $filename; - } - sort($files); - } - return $files; +function scan_dir($dir) +{ + $files = array(); + if (file_exists($dir)) { + $dh = opendir($dir); + while (false !== ($filename = readdir($dh))) { + # skip '.' and '..' names + if (($filename !== '.') and ($filename !== '..')) $files[] = $filename; + } + sort($files); + } + return $files; } # ------------------------------------------------------------------------------ # restore_arc_blacklist - copy arc blacklist to db # ------------------------------------------------------------------------------ -function restore_arc_blacklist() { - global $squidguard_config; - $dbhome = SQUIDGUARD_DBHOME_DEF; - $blklist_file = SQUIDGUARD_WORKDIR_DEF . SQUIDGUARD_BLK_ENTRIES; - $arc_db_dir = SQUIDGUARD_VAR . SG_BLK_ARC; - $arc_blklist_file = SQUIDGUARD_VAR . SQUIDGUARD_BLK_ENTRIES; - - sg_addlog("restore_arc_blacklist: Begin.", 0); - if (file_exists($arc_db_dir) and file_exists($arc_blklist_file)) { - - // copy arc blacklist to work DB with permissions - mwexec("cp -R -p $arc_db_dir/ $dbhome"); - set_file_access($dbhome, OWNER_NAME, 0755); - sg_addlog("restore_arc_blacklist: Restore blacklist archive from '$arc_db_dir'.", 1); - - // copy black list file - copy($arc_blklist_file, $blklist_file); - set_file_access($blklist_file, OWNER_NAME, 0755); - sg_addlog("restore_arc_blacklist: Restore black list file from '$arc_blklist_file' to '$blklist_file'.", 1); - } else { - sg_addlog("restore_arc_blacklist: Error, file '$arc_db_dir' or '$blklist_file' not found.", 2); - } +function restore_arc_blacklist() +{ + global $squidguard_config; + $dbhome = SQUIDGUARD_DBHOME_DEF; + $blklist_file = SQUIDGUARD_WORKDIR_DEF . SQUIDGUARD_BLK_ENTRIES; + $arc_db_dir = SQUIDGUARD_VAR . SG_BLK_ARC; + $arc_blklist_file = SQUIDGUARD_VAR . SQUIDGUARD_BLK_ENTRIES; + + if (file_exists($arc_db_dir) and file_exists($arc_blklist_file)) { + + # copy arc blacklist to work DB with permissions + mwexec("cp -R -p $arc_db_dir/ $dbhome"); + set_file_access($dbhome, OWNER_NAME, 0755); + sg_addlog("restore_arc_blacklist: Restore blacklist archive from '$arc_db_dir'.", 1); + + # copy black list file + copy($arc_blklist_file, $blklist_file); + set_file_access($blklist_file, OWNER_NAME, 0755); + sg_addlog("restore_arc_blacklist: Restore black list file from '$arc_blklist_file' to '$blklist_file'.", 1); + } else { + sg_addlog("restore_arc_blacklist: Error, file '$arc_db_dir' or '$blklist_file' not found.", 2); + } } # ------------------------------------------------------------------------------ @@ -1725,7 +1679,8 @@ function restore_arc_blacklist() { # ["urls"] urls file path # ["expressions"] expressions file path # ------------------------------------------------------------------------------ -function scan_blacklist_cat($curdir, $key_name, $cat_array) { +function scan_blacklist_cat($curdir, $key_name, $cat_array) +{ if (file_exists($curdir) and is_dir($curdir)) { $blk_entry = array(); @@ -1737,7 +1692,7 @@ function scan_blacklist_cat($curdir, $key_name, $cat_array) { if (($fls != ".") and ($fls != "..")) { if (is_file($fls_file)) { - // add files path + # add files path switch(strtolower($fls)) { case "domains": $blk_entry["domains"] = $fls_file; @@ -1756,7 +1711,7 @@ function scan_blacklist_cat($curdir, $key_name, $cat_array) { elseif (is_dir($fls_file)) { $fls_key = $key_name . "_" . $fls; - // recursive call + # recursive call scan_blacklist_cat($fls_file, $fls_key, & $cat_array); } } @@ -1767,39 +1722,375 @@ function scan_blacklist_cat($curdir, $key_name, $cat_array) { } } +# ****************************************************************************** +# squidguard utils +# ****************************************************************************** +# sg_list_itemsfield - get items field list +# ------------------------------------------------------------------------------ +function sg_list_itemsfield($xml_items, $fld_name) +{ + $ls = array(); + if (is_array($xml_items[FLD_ITEM])) + foreach($xml_items[FLD_ITEM] as $it) { + $ls[] = $it[$fld_name]; + } + return $ls; +} + # ------------------------------------------------------------------------------ # is_url - check url an err_codes # ------------------------------------------------------------------------------ -function is_url($url) { +function is_url($url) +{ if (empty($url)) return false; if (eregi("^http://", $url)) return true; if (eregi("^https://", $url)) return true; if (strstr("blank", $url)) return true; if (strstr("blank_img", $url)) return true; - if (eregi("^((30[1235]{1})|(40[0-9]{1})|(41[0-7]{1})|(50[0-5]{1}))", $url)) return true; // http error code 30x, 4xx, 50x. + if (eregi("^((30[1235]{1})|(40[0-9]{1})|(41[0-7]{1})|(50[0-5]{1}))", $url)) return true; # http error code 30x, 4xx, 50x. return false; } +# ------------------------------------------------------------------------------ +# is_masksubnet - check ip/mask +# ------------------------------------------------------------------------------ +function is_masksubnet($subnet) +{ + if (!is_string($subnet)) + return false; + + list($ip,$msk) = explode('/', $subnet); + if (!is_ipaddr($ip) || !is_ipaddr($msk)) + return false; + + return true; +} +# ------------------------------------------------------------------------------ +# is_iprange - check ip1-ip2 +# ------------------------------------------------------------------------------ +function is_iprange($ip_range) { + if (!is_string($ip_range)) return false; + + list($ip1,$ip2) = explode('-', $ip_range); + if (!is_ipaddr($ip1) || !is_ipaddr($ip2)) return false; + + # ip2 < ip1 - wrong + if (ipcmp(ip2, ip1) === -1) return false; + + return true; +} +# ------------------------------------------------------------------------------ +# is_ipaddr_valid - validate IP, subnet, IP range +# ------------------------------------------------------------------------------ +function is_ipaddr_valid($val) +{ + return is_string($val) && (is_ipaddr($val) || is_masksubnet($val) || is_subnet($val) || is_iprange($val)); +} + +# ------------------------------------------------------------------------------ +# is_domain_valid - check domain format +# ------------------------------------------------------------------------------ +function is_domain_valid($domain) +{ + $dm_fmt = "([a-z][a-z0-9\-]{0,})"; + $dm_fmt = "^(($dm_fmt{1,}\.){1,}$dm_fmt{2,})+$"; # example: (my.)(super.)(domain.)com + return is_string($domain) && eregi($dm_fmt, trim($domain)); +} # ------------------------------------------------------------------------------ +# is_username - check username +# ------------------------------------------------------------------------------ +function is_username($username) +{ + $unm_fmt = "^\'[a-zA-Z_0-9\-]{1,}\'$"; + return is_string($username) && eregi($unm_fmt, trim($username)); +} +# ------------------------------------------------------------------------------ # check name # ------------------------------------------------------------------------------ -function check_name ($name) { - $err = ''; - $val = trim($name); - if ((strlen($val) < 2) || (strlen($val) > 16)) - $err .= " Size of name '$val' must be between [2..16]."; - // All symbols must be [a-zA-Z_0-9\-] First symbol = letter. - if (!eregi("^([a-zA-Z]{1})([a-zA-Z_0-9\-]+)$", $val)) - $err .= " Invalid name $name. Valid name symbols: ['a-Z', '_', '0-9', '-']. First symbol must be a letter."; - return $err; +function check_name_format ($name, $input_errors) +{ + $elog = array(); + $val = trim($name); + + if ((strlen($val) < 2) || (strlen($val) > 16)) + $elog[] = " Size of name '$val' must be between [2..16]."; + + # All symbols must be [a-zA-Z_0-9\-] First symbol = letter. + if (!eregi("^([a-zA-Z]{1})([a-zA-Z_0-9\-]+)$", $val)) + $elog[] = " Invalid name $name. Valid name symbols: ['a-Z', '_', '0-9', '-']. First symbol must be a letter."; + + # update log + if (!empty($elog)) { + $input_errors = (is_array($input_errors)) ? array_merge($input_errors, $elog) : implode("\n", $elog); + } + + return empty($elog); +} +# ****************************************************************************** +# squidguard check +# ****************************************************************************** +# check redirect +# ------------------------------------------------------------------------------ +function sg_check_redirect($rdr_mode, $rdr_info, $err_msg) +{ + $res = true; + switch($rdr_mode) { + case RMOD_EXT_ERR: case RMOD_EXT_RDR: case RMOD_EXT_MOVED: case RMOD_EXT_FOUND: + $res = is_url($rdr_info); + if (!$res) $err_msg = "Valid URL expected, but '$rdr_info' found."; + break; + case RMOD_INT_SIZELIMIT: + $res = is_numeric($rdr_path); + if (!$res) $err_msg = "Valid number value expected, but '$rdr_info' found."; + break; + case RMOD_INT_BLANKPAGE: case RMOD_INT_BLANKIMG: case RMOD_INT_ERRORPAGE: + default: + $res = true; break; + } + return $res; +} + +# ------------------------------------------------------------------------------ +# sg_check_time +# ------------------------------------------------------------------------------ +function sg_check_time($sgtime, $input_errors) +{ + $err = ''; + $days = array("*", "mon", "tue", "wed", "thu", "fri", "sat", "sun"); + $timetypes = array("weekly", "date"); + + if (is_array($sgtime[FLD_ITEM])) { + # check date and time + foreach ($sgtime[FLD_ITEM] as $item) { + if (!in_array(trim($item[FLD_TIMETYPE]), $timetypes)) + $err .= " Invalid type '{$item[FLD_TIMETYPE]}'."; + if (!in_array(trim($item[FLD_TIMEDAYS]), $days)) + $err .= " Invalid week day '{$item[FLD_TIMEDAYS]}'."; + if (trim($item[FLD_DATERANGE])) $err .= check_date(trim($item[FLD_DATERANGE])); + if (trim($item[FLD_TIMERANGE])) $err .= check_time(trim($item[FLD_TIMERANGE])); + } + } + + # errors update + if (!empty($err)) $input_errors[] = "TIME '{$sgtime[FLD_NAME]}': $err"; + return empty($err); +} + +# ------------------------------------------------------------------------------ +# sg_check_dest +# ------------------------------------------------------------------------------ +function sg_check_dest($sgx, $input_errors) +{ + $elog = array(); + $dm = explode(" ", $sgx[FLD_DOMAINS]); +# $ex = explode(" ", $sgx[FLD_EXPRESSIONS]); + $ur = explode(" ", $sgx[FLD_URLS]); + array_packitems(&$dm); + array_packitems(&$ur); + + # domain + foreach ($dm as $d_it) + if ($d_it && !is_domain_valid($d_it)) $elog[] = "Item '$d_it' is not a domain."; + + # url + foreach ($ur as $u_it) + if ($u_it && !is_url($u_it)) $elog[] = "Item '$u_it' is not a url"; + + # check redirect + sg_check_redirect($sgx[FLD_RMOD], $sgx[FLD_REDIRECT], &$elog); + + # update log + if (!empty($elog)) { + $elog = "DEST '{$sgx[FLD_NAME]}': " . implode(" ", $elog); + if (is_array($input_errors)) + $input_errors[] = $elog; + else $input_errors = $elog; + } + return empty($elog); } # ------------------------------------------------------------------------------ +# sg_check_src +# ------------------------------------------------------------------------------ +function sg_check_src($sgx, $input_errors) +{ + $elog = array(); + + # source may be as one ('source') field or as two ('ip' and 'domain') fields + $src = (isset($sgx[FLD_SOURCE])) ? $sgx[FLD_SOURCE] : $sgx[FLD_IP] . " " . $sgx[FLD_DOMAINS]; + $src = explode(" ", $src); + foreach ($src as $s_item) { + if ($s_item) { + if (!is_ipaddr_valid($s_item) and !is_domain_valid($s_item) and !is_username($s_item)) + $elog[] = "SRC '{$sgx[FLD_NAME]}': Item '$s_item' is not a ip address or a domain or a 'username'."; + } + } + + # update log + if (!empty($elog)) { + $input_errors = (is_array($input_errors)) ? array_merge($input_errors, $elog) : implode("\n", $elog); + } + + return empty($elog); +} +# ------------------------------------------------------------------------------ # check rebuild blacklist # ------------------------------------------------------------------------------ -function is_blacklist_update_started() { - return exec("ps auxw | grep \"[s]quidGuard_blk_rebuild\" | awk '{print $2}' | wc -l | awk '{ print $1 }'"); +function is_blacklist_update_started() +{ + return exec("ps auxw | grep \"[s]quidGuard_blk_rebuild\" | awk '{print $2}' | wc -l | awk '{ print $1 }'"); } + +# ------------------------------------------------------------------------------ +# Strings # ------------------------------------------------------------------------------ +# str_pack_spaces - replace two and more space to single +# ------------------------------------------------------------------------------ +function str_packspaces($str) +{ + while(strpos($str, ' ')) $str = str_replace(' ', ' ', $str); +} + +function array_packitems($arval) +{ + if (is_array($arval)) { + $arval = array_map("trim", $arval); # trim all items + $arval = array_diff($arval, array(' ', '')); # exclude ' ' abd '' elements + $arval = array_unique($arval); # unique items + $arval = array_values($arval); # pack array + } + return $arval; +} + +# ----------------------------------------------------------------------------- +# check date +# date or date range format: 'yyyy-mm-dd', 'yyyy-m-d', 'yyyy.mm.dd' 'yyyy.mm.dd-yyyy.mm.dd' +# date mask format: '*-mm-dd', 'yyyy-*-dd', 'yyyy.mm.*' (but not for range) +# ----------------------------------------------------------------------------- +function check_date($date) +{ + $err = ''; + $val = trim($date); + $dtfmt = "([0-9]{4})\.([0-9]{2})\.([0-9]{2})"; + + # check date range + if (eregi("^{$dtfmt}-{$dtfmt}$", $val)) { + $val = explode("-", str_replace(".", '', $val)); + if (intval($val[0]) >= intval($val[1])) + $err .= "Invalid date range, begin range must be less than the end. {$val[0]} - {$val[1]}"; + } + elseif (!eregi("^(([0-9]{4})|[*])\.(([0-9]{2})|[*])\.(([0-9]{2})|[*])$", $val)) { + $err .= "Bad date format."; + } + + if ($err) + $err = " Invalid date '$date'. + $err + You mast use date or date range format: 'yyyy.mm.dd' and 'yyyy.mm.dd-yyyy.mm.dd'. + Also possible use mask * (mean any). Example: '*-10-01', '1990-*-*'."; + return $err; +} + +# ----------------------------------------------------------------------------- +# check time +# ----------------------------------------------------------------------------- +function check_time($time) +{ + $err = ''; + $time = trim($time); + + if (empty($time)) return ''; + + # time range format: 'HH:MM-HH:MM' + if (!eregi("^([0-2][0-9])\:([0-5][0-9])-([0-2][0-9])\:([0-5][0-9])$", $time)) + $err = "Invalid time range '$time'. You must use 'HH:MM-HH:MM' time range format. "; + else { + $tms = str_replace("-", "\n", $time); + $tmsview = explode("\n", $tms); + $tms = str_replace(":", "", $tms); + $tms = explode("\n", $tms); + if ($tms[0] >= 2400) + $err .= "Invalid time range var1='{$tmsview[0]}' must be < '24:00'. "; + if ($tms[1] > 2400) + $err .= "Invalid time range var2='{$tmsview[1]}' must be <= '24:00'. "; + if ($tms[0] >= $tms[1]) + $err .= "Invalid time range var1='{$tmsview[0]}' must be < var2='{$tmsview[1]}'. "; + } + + return $err; +} + +# ----------------------------------------------------------------------------- +# acl_remove_blacklist_items +# ----------------------------------------------------------------------------- +function acl_remove_blacklist_items($items) +{ + # add !items and ^items + $db_entries = sg_entries_blacklist(); + $tdb_entries = array(); + foreach ($db_entries as $ent) { + $tdb_entries[] = $ent; + $tdb_entries[] = "!$ent"; + $tdb_entries[] = "^$ent"; + } + $db_entries = $tdb_entries; + unset($tdb_entries); + + # delete blacklist entries from 'pass' if blacklist disabled + $items = explode(" ", $items); + $items = implode(" ", array_diff($items, $db_entries)); + return $items; +} + +# @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +# classes +# @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +class TSgTag +{ + var $tag; + var $name; + var $time; + var $items; + var $desc; + + function __construct() { + $this->clear(); + } + + function clear() { + $this->tag = ''; + $this->name = ''; + $this->time = ''; + $this->items = array(); + $this->desc = ''; + } + + function set($tag, $name, $time, $desc) { + $this->tag = $tag; + $this->name = $name; + $this->time = $time; + $this->desc = $desc; + } + + function tag_text($offset = 0) { + $str = array(); + $off = str_repeat("\t", $offset); + + $str[] = $off . "# {$this->desc}"; + if (empty($this->time)) + $str[] = $off . "{$this->tag} {$this->name} {"; + else $str[] = $off . "{$this->tag} {$this->name} within {$this->time} {"; + + # get items + foreach($this->items as $it) { + if (is_a($it, "TSgTag")) + $str[] = $off . $it->tag_text($offset + 1); # sub tag + else $str[] = $off . "\t{$it}"; # item + } + + $str[] = $off . "}"; + return implode("\n", $str); + } +} ?> diff --git a/packages/squidGuard/squidguard_default.xml b/packages/squidGuard/squidguard_default.xml index 3f83b267..4912b163 100644 --- a/packages/squidGuard/squidguard_default.xml +++ b/packages/squidGuard/squidguard_default.xml @@ -6,98 +6,127 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> - <name>squidguarddefault</name> - <version>none</version> - <title>Proxy Content filter SquidGuard: Default</title> - <include_file>/usr/local/pkg/squidguard.inc</include_file> + <name>squidguarddefault</name> + <version>none</version> + <title>Proxy Content filter SquidGuard: Default</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> - <tabs> - <tab> - <text>General settings</text> - <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> - </tab> - <tab> - <text>Default</text> - <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> - <active/> - </tab> - <tab> - <text>ACL</text> - <url>/pkg.php?xml=squidguard_acl.xml</url> - </tab> - <tab> - <text>Destinations</text> - <url>/pkg.php?xml=squidguard_dest.xml</url> - </tab> - <tab> - <text>Times</text> - <url>/pkg.php?xml=squidguard_time.xml</url> - </tab> - <tab> - <text>Rewrites</text> - <url>/pkg.php?xml=squidguard_rewr.xml</url> - </tab> - <tab> - <text>Log</text> - <url>/pkg_edit.php?xml=squidguard_log.xml</url> - </tab> - </tabs> - - <fields> - <field> - <fielddescr>Default destination</fielddescr> - <fieldname>dest</fieldname> - <description></description> - <type>input</type> - <size>100</size> - </field> - <field> - <fielddescr>Not to allow IP addresses in URL</fielddescr> - <fieldname>notallowingip</fieldname> - <description> - To make sure that people don't bypass the URL filter - by simply using the IP addresses instead of the fully qualified domain names, you can check this option. - </description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Default Redirect</fielddescr> - <fieldname>redirect</fieldname> - <description> - Enter redirection URL, Tag or Error page code for this rule, or leave blank. <br> - Supported URL's: 'http://myurl', 'https://myurl'. <br> - Supported tags: 'blank', 'blank_img'. <br> - Supported error page codes: 3xx, 4xx, 5xx. Format: 'code' or 'code[space]reason message'. - </description> - <type>textarea</type> - <cols>65</cols> - <rows>2</rows> - </field> - <field> - <fielddescr>Default Rewrite</fielddescr> - <fieldname>rewrite</fieldname> - <description>Enter rewrite condition name for this rule, or leave blank.</description> - <type>select</type> - </field> - <field> - <fielddescr>Enable log</fielddescr> - <fieldname>enablelog</fieldname> - <description>Check this for enable log.</description> - <type>checkbox</type> - </field> - </fields> + <tabs> + <tab> + <text>General settings</text> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + </tab> + <tab> + <text>Default</text> + <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> + <active/> + </tab> + <tab> + <text>ACL</text> + <url>/pkg.php?xml=squidguard_acl.xml</url> + </tab> + <tab> + <text>Destinations</text> + <url>/pkg.php?xml=squidguard_dest.xml</url> + </tab> + <tab> + <text>Times</text> + <url>/pkg.php?xml=squidguard_time.xml</url> + </tab> + <tab> + <text>Rewrites</text> + <url>/pkg.php?xml=squidguard_rewr.xml</url> + </tab> + <tab> + <text>Log</text> + <url>/pkg_edit.php?xml=squidguard_log.xml</url> + </tab> + </tabs> - <custom_php_validation_command> - squidguard_validate_acl(&$_POST, &$input_errors); - </custom_php_validation_command> - <custom_php_command_before_form> - squidguard_before_form_acl(&$pkg, false); - </custom_php_command_before_form> - <custom_php_after_form_command> + <fields> + <field> + <fielddescr>Default destination</fielddescr> + <fieldname>dest</fieldname> + <description></description> + <type>input</type> + <size>100</size> + </field> + <field> + <fielddescr>Not to allow IP addresses in URL</fielddescr> + <fieldname>notallowingip</fieldname> + <description> + To make sure that people don't bypass the URL filter + by simply using the IP addresses instead of the fully qualified domain names, you can check this option. + </description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Redirect mode</fielddescr> + <fieldname>redirect_mode</fieldname> + <description> + Select redirect mode here. + <br> Note: if you use 'transparent proxy', then 'int' redirect mode will not accessible. +<!-- <br><b> int size limit :</b> if content size 0 or > 'size limit', then client moved to 'blank image' page; --> + <br> Options: + <A title="To 'url' will added special client information;" > + <span style="background-color: #dddddd;" >ext url err page</span></A> , + <A title="Client view 'url' content without any notification about;" > + <span style="background-color: #dddddd;" > ext url redirect</span></A> , + <A title="Client will moved to specified url with displaying url in addres bar;" > + <span style="background-color: #dddddd;" > ext url as 'move'</span></A> , + <A title="Client will moved to specified url with showing progress(only!) in status bar;" > + <span style="background-color: #dddddd;" > ext url as 'found'.</span></A> + </u> + </description> + <type>select</type> + <value>rmod_none</value> + <options> + <!--option><name>none</name> <value>rmod_none</value></option--> + <option><name>int error page (enter error message)</name> <value>rmod_int</value></option> + <option><name>int blank page </name> <value>rmod_int_bpg</value></option> + <!--option><name>int blank image</name> <value>rmod_int_bim</value></option--> + <!--option><name>int size limit (enter size in bytes)</name> <value>rmod_int_szl</value></option--> + <option><name>ext url err page (enter URL)</name> <value>rmod_ext_err</value></option> + <option><name>ext url redirect (enter URL)</name> <value>rmod_ext_rdr</value></option> + <option><name>ext url move (enter URL)</name> <value>rmod_ext_mov</value></option> + <option><name>ext url found (enter URL)</name> <value>rmod_ext_fnd</value></option> + </options> + </field> + <field> + <fielddescr>Redirect info</fielddescr> + <fieldname>redirect</fieldname> + <description> + Enter external redirection URL, error message or size (bytes) here. + </description> + <type>textarea</type> + <cols>65</cols> + <rows>2</rows> + </field> + <field> + <fielddescr>Rewrite</fielddescr> + <fieldname>rewrite</fieldname> + <description>Enter rewrite condition name for this rule, or leave blank.</description> + <type>select</type> + </field> + <field> + <fielddescr>Enable log</fielddescr> + <fieldname>enablelog</fieldname> + <description>Check this for enable log.</description> + <type>checkbox</type> + </field> + </fields> + + <custom_php_validation_command> + squidguard_validate_acl(&$_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_command_before_form> + squidguard_before_form_acl(&$pkg, false); + </custom_php_command_before_form> + <custom_php_after_form_command> squidGuard_print_javascript(); - </custom_php_after_form_command> - <custom_add_php_command/> - <custom_php_resync_config_command> -// squidguard_resync(); - </custom_php_resync_config_command> -</packagegui> + </custom_php_after_form_command> + <custom_add_php_command/> + <custom_php_resync_config_command> +// squidguard_resync(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/packages/squidGuard/squidguard_dest.xml b/packages/squidGuard/squidguard_dest.xml index ab705ae2..fa9d4ac2 100644 --- a/packages/squidGuard/squidguard_dest.xml +++ b/packages/squidGuard/squidguard_dest.xml @@ -6,156 +6,185 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> - <name>squidguarddest</name> - <version>none</version> - <title>Proxy Content filter SquidGuard: Destinations</title> - <include_file>/usr/local/pkg/squidguard.inc</include_file> + <name>squidguarddest</name> + <version>none</version> + <title>Proxy Content filter SquidGuard: Destinations</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> - <delete_string>A proxy server user has been deleted.</delete_string> - <addedit_string>A proxy server user has been created/modified.</addedit_string> + <delete_string>A proxy server user has been deleted.</delete_string> + <addedit_string>A proxy server user has been created/modified.</addedit_string> - <tabs> - <tab> - <text>General settings</text> - <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> - </tab> - <tab> - <text>Default</text> - <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> - </tab> - <tab> - <text>ACL</text> - <url>/pkg.php?xml=squidguard_acl.xml</url> - </tab> - <tab> - <text>Destinations</text> - <url>/pkg.php?xml=squidguard_dest.xml</url> - <active/> - </tab> - <tab> - <text>Times</text> - <url>/pkg.php?xml=squidguard_time.xml</url> - </tab> - <tab> - <text>Rewrites</text> - <url>/pkg.php?xml=squidguard_rewr.xml</url> - </tab> - <tab> - <text>Log</text> - <url>/pkg_edit.php?xml=squidguard_log.xml</url> - </tab> - </tabs> - - <adddeleteeditpagefields> - <columnitem> - <fielddescr>Destination name</fielddescr> - <fieldname>name</fieldname> - </columnitem> - <columnitem> - <fielddescr>Domain list</fielddescr> - <fieldname>domains</fieldname> - </columnitem> - <columnitem> - <fielddescr>URL list</fielddescr> - <fieldname>urls</fieldname> - </columnitem> - <columnitem> - <fielddescr>Expressions</fielddescr> - <fieldname>expressions</fieldname> - </columnitem> - <columnitem> - <fielddescr>Redirect</fielddescr> - <fieldname>redirect</fieldname> - </columnitem> - <columnitem> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - </columnitem> - </adddeleteeditpagefields> + <tabs> + <tab> + <text>General settings</text> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + </tab> + <tab> + <text>Default</text> + <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> + </tab> + <tab> + <text>ACL</text> + <url>/pkg.php?xml=squidguard_acl.xml</url> + </tab> + <tab> + <text>Destinations</text> + <url>/pkg.php?xml=squidguard_dest.xml</url> + <active/> + </tab> + <tab> + <text>Times</text> + <url>/pkg.php?xml=squidguard_time.xml</url> + </tab> + <tab> + <text>Rewrites</text> + <url>/pkg.php?xml=squidguard_rewr.xml</url> + </tab> + <tab> + <text>Log</text> + <url>/pkg_edit.php?xml=squidguard_log.xml</url> + </tab> + </tabs> - <fields> - <field> - <fielddescr>Name</fielddescr> - <fieldname>name</fieldname> - <description> - You may enter name here. Name must consist of minimum 2 symbols, first from which letter. <br> - All other symbols must be [a-Z_0-9]. - </description> - <type>input</type> - <size>90</size> - <required/> - </field> - <field> - <fielddescr>Domains list</fielddescr> - <fieldname>domains</fieldname> - <description> - Enter destination domains here. For separate domains names use ' '(space). - <p> <b>Example:</b> 'mail.ru e-mail.ru yahoo.com' . - </description> - <type>textarea</type> - <cols>60</cols> - <rows>10</rows> - </field> - <field> - <fielddescr>Expressions</fielddescr> - <fieldname>expressions</fieldname> - <description> - Enter word fragments, what may be contains in destinations URL path. - For separate expression words use '|'. - <p> <b>Example:</b> 'mail|casino|game' . - </description> - <type>textarea</type> - <cols>60</cols> - <rows>10</rows> - </field> - <field> - <fielddescr>URLs list</fielddescr> - <fieldname>urls</fieldname> - <description> - Enter url's here. - For separate urls's use ' '(space). - <p> <b>Example:</b> 'host.com/xxx 12.10.220.125/alisa' . - </description> - <type>textarea</type> - <cols>60</cols> - <rows>10</rows> - </field> - <field> - <fielddescr>Redirect</fielddescr> - <fieldname>redirect</fieldname> - <description> - Enter redirection URL, Tag or Error page code for this rule, or leave blank. <br> - Supported URL's: 'http://myurl', 'https://myurl'. <br> - Supported tags: 'blank', 'blank_img'. <br> - Supported error page codes: 3xx, 4xx, 5xx. Format: 'code' or 'code[space]reason message'. - </description> - <type>textarea</type> - <cols>60</cols> - <rows>2</rows> - </field> - <field> - <fielddescr>Enable log</fielddescr> - <fieldname>enablelog</fieldname> - <type>checkbox</type> - <description>Check this for enable log.</description> - </field> - <field> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description>You may enter a description here for your reference (not parsed).</description> - <type>input</type> - <size>90</size> - </field> - </fields> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Destination name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Domain list</fielddescr> + <fieldname>domains</fieldname> + </columnitem> + <columnitem> + <fielddescr>URL list</fielddescr> + <fieldname>urls</fieldname> + </columnitem> + <columnitem> + <fielddescr>Expressions</fielddescr> + <fieldname>expressions</fieldname> + </columnitem> + <columnitem> + <fielddescr>Redirect</fielddescr> + <fieldname>redirect</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> - <custom_delete_php_command/> - <custom_php_validation_command> - squidguard_validate_destination($_POST, &$input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> -// squidguard_resync_time(); - </custom_php_resync_config_command> - <custom_php_after_form_command> - squidGuard_print_javascript(); - </custom_php_after_form_command> -</packagegui> + <fields> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description> + Enter the unique name here. + Name must consist of minimum 2 symbols, first from which letter. <br> + All other symbols must be [a-Z_0-9]. + </description> + <type>input</type> + <size>100</size> + <required/> + </field> + <field> + <fielddescr>Domains list</fielddescr> + <fieldname>domains</fieldname> + <description> + Enter destination domains here. For separate domains names use ' '(space). + <p> <b>Example:</b> 'mail.ru e-mail.ru yahoo.com' . + </description> + <type>textarea</type> + <cols>60</cols> + <rows>10</rows> + </field> + <field> + <fielddescr>Expressions</fielddescr> + <fieldname>expressions</fieldname> + <description> + Enter word fragments, what may be contains in destinations URL path. + For separate expression words use '|'. + <p> <b>Example:</b> 'mail|casino|game' . + </description> + <type>textarea</type> + <cols>60</cols> + <rows>10</rows> + </field> + <field> + <fielddescr>URLs list</fielddescr> + <fieldname>urls</fieldname> + <description> + Enter url's here. + For separate urls's use ' '(space). + <p> <b>Example:</b> 'host.com/xxx 12.10.220.125/alisa' . + </description> + <type>textarea</type> + <cols>60</cols> + <rows>10</rows> + </field> + <field> + <fielddescr>Redirect mode</fielddescr> + <fieldname>redirect_mode</fieldname> + <description> + Select redirect mode here. + <br> Note: if you use 'transparent proxy', then 'int' redirect mode will not accessible. +<!-- <br><b> int size limit :</b> if content size 0 or > 'size limit', then client moved to 'blank image' page; --> + <br> Options: + <A title="To 'url' will added special client information;" > + <span style="background-color: #dddddd;" >ext url err page</span></A> , + <A title="Client view 'url' content without any notification about;" > + <span style="background-color: #dddddd;" > ext url redirect</span></A> , + <A title="Client will moved to specified url with displaying url in addres bar;" > + <span style="background-color: #dddddd;" > ext url as 'move'</span></A> , + <A title="Client will moved to specified url with showing progress(only!) in status bar;" > + <span style="background-color: #dddddd;" > ext url as 'found'.</span></A> + </u> + </description> + <type>select</type> + <value>rmod_none</value> + <options> + <option><name>none</name> <value>rmod_none</value></option> + <option><name>int error page (enter error message)</name> <value>rmod_int</value></option> + <option><name>int blank page </name> <value>rmod_int_bpg</value></option> + <option><name>int blank image</name> <value>rmod_int_bim</value></option> +<!-- <option><name>int size limit (enter size in bytes)</name> <value>rmod_int_szl</value></option> --> + <option><name>ext url err page (enter URL)</name> <value>rmod_ext_err</value></option> + <option><name>ext url redirect (enter URL)</name> <value>rmod_ext_rdr</value></option> + <option><name>ext url move (enter URL)</name> <value>rmod_ext_mov</value></option> + <option><name>ext url found (enter URL)</name> <value>rmod_ext_fnd</value></option> + </options> + </field> + <field> + <fielddescr>Redirect</fielddescr> + <fieldname>redirect</fieldname> + <description> + Enter external redirection URL, error message or size (bytes) here. + </description> + <type>textarea</type> + <cols>60</cols> + <rows>2</rows> + </field> + <field> + <fielddescr>Enable log</fielddescr> + <fieldname>enablelog</fieldname> + <type>checkbox</type> + <description>Check this for enable log.</description> + </field> + <field> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description>You may enter a description here for your reference (not parsed).</description> + <type>input</type> + <size>90</size> + </field> + </fields> + + <custom_delete_php_command/> + <custom_php_validation_command> + squidguard_validate_destination($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + </custom_php_resync_config_command> + <custom_php_after_form_command> + squidGuard_print_javascript(); + </custom_php_after_form_command> +</packagegui>
\ No newline at end of file diff --git a/packages/squidGuard/squidguard_rewr.xml b/packages/squidGuard/squidguard_rewr.xml index 5d2e6ac3..dd320426 100644 --- a/packages/squidGuard/squidguard_rewr.xml +++ b/packages/squidGuard/squidguard_rewr.xml @@ -26,7 +26,7 @@ </tab> <tab> <text>Destinations</text> - <url>/pkg.php?xml=squidguard_dest.xml</url> + <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> <tab> <text>Times</text> @@ -42,7 +42,7 @@ <url>/pkg_edit.php?xml=squidguard_log.xml</url> </tab> </tabs> - + <adddeleteeditpagefields> <columnitem> <fielddescr>Name</fielddescr> @@ -54,13 +54,14 @@ </columnitem> </adddeleteeditpagefields> - <fields> + <fields> <field> <fielddescr>Name</fielddescr> <fieldname>name</fieldname> <description> - You may enter name here. Name must consist of minimum 2 symbols, first from which letter. <br> - All other symbols must be [a-Z_0-9]. + Enter the unique name here. + Name must consist of minimum 2 symbols, first from which letter. <br> + All other symbols must be [a-Z_0-9]. </description> <type>input</type> <required/> @@ -84,7 +85,7 @@ <type>input</type> <size>69</size> </rowhelperfield> - + <!-- <rowhelperfield> <fielddescr>Case ins.</fielddescr> <fieldname>caseins</fieldname> @@ -116,14 +117,14 @@ <b> Note: </b> <br> <b>Rewrite rule</b> - define how url will are replaced.<br> <b>Target URL or regular expression</b> - contains destination url or regular expression. Regular expression example: */cc32e46.exe <br> - <b>Replace to</b> - contains replacing url. + <b>Replace to</b> - contains replacing url. </description> <type>input</type> <size>100</size> </field> </fields> - <custom_php_after_form_command> + <custom_php_after_form_command> squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_validation_command> diff --git a/packages/squidGuard/squidguard_time.xml b/packages/squidGuard/squidguard_time.xml index 76b781ab..623f7d0a 100644 --- a/packages/squidGuard/squidguard_time.xml +++ b/packages/squidGuard/squidguard_time.xml @@ -29,7 +29,7 @@ </tab> <tab> <text>Destinations</text> - <url>/pkg.php?xml=squidguard_dest.xml</url> + <url>/pkg.php?xml=squidguard_dest.xml</url> </tab> <tab> <text>Times</text> @@ -45,7 +45,7 @@ <url>/pkg_edit.php?xml=squidguard_log.xml</url> </tab> </tabs> - + <adddeleteeditpagefields> <columnitem> <fielddescr>Timename</fielddescr> @@ -60,14 +60,18 @@ <field> <fielddescr>Name</fielddescr> <fieldname>name</fieldname> - <description>Enter the time name here.</description> + <description> + Enter the unique name here. + Name must consist of minimum 2 symbols, first from which letter. <br> + All other symbols must be [a-Z_0-9]. + </description> <type>input</type> <required/> - <size>80</size> + <size>100</size> </field> <field> <fielddescr>Values</fielddescr> - <type>rowhelper</type> + <type>rowhelper</type> <rowhelper> <rowhelperfield> <fielddescr>Time type</fielddescr> @@ -78,7 +82,7 @@ <options> <option><name>Weekly</name><value>weekly</value></option> <option><name>Date</name><value>date</value></option> - </options> + </options> </rowhelperfield> <rowhelperfield> <fielddescr>Days</fielddescr> @@ -95,20 +99,21 @@ <option><name>fri</name><value>fri</value></option> <option><name>sat</name><value>sat</value></option> <option><name>sun</name><value>sun</value></option> - </options> + </options> </rowhelperfield> <rowhelperfield> - <fielddescr>Date or Date range</fielddescr> - <fieldname>daterange</fieldname> - <type>input</type> + <fielddescr>Date or Date range</fielddescr> + <fieldname>daterange</fieldname> + <type>input</type> <size>40</size> </rowhelperfield> <rowhelperfield> - <fielddescr>Time range</fielddescr> - <fieldname>sg_timerange</fieldname> - <description>00:00-08:00</description> - <type>input</type> + <fielddescr>Time range</fielddescr> + <fieldname>sg_timerange</fieldname> + <description>00:00-08:00</description> + <type>input</type> <size>20</size> + <value>00:00-23:59</value> </rowhelperfield> </rowhelper> </field> @@ -116,7 +121,7 @@ <fielddescr>Description</fielddescr> <fieldname>description</fieldname> <description>You may enter a description here for your reference (not parsed). <br> - <b> Note: </b> <br> + <b> Note: </b> <br> Field <b>'Date or date range'</b> have format 'yyyy.mm.dd'; 'yyyy.mm.dd-yyyy.mm.dd'; or use '*' in format. <br> Example: '2007.05.01'; '2007.04.14-2007.04.17'; '*.12.24'; '2007.*.01'; <br> Field <b>'Time range'</b> have format 'hh:mm-hh:mm'. Example: '08:00-18:00'; @@ -125,8 +130,8 @@ <size>80</size> </field> </fields> - - <custom_php_after_form_command> + + <custom_php_after_form_command> squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_validation_command> |