diff options
89 files changed, 8631 insertions, 574 deletions
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 57f5407b..fb83f9a6 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -165,7 +165,7 @@ function generate_apache_configuration() { if (is_array($config['installedpackages']['apachesettings'])) $settings=$config['installedpackages']['apachesettings']['config'][0]; else - $setting=sarray(); + $settings=array(); // Set global site e-mail if ($settings['globalsiteadminemail']){ diff --git a/config/apache_mod_security/apache_mod_security.xml b/config/apache_mod_security/apache_mod_security.xml index ada5a29c..b2162803 100644 --- a/config/apache_mod_security/apache_mod_security.xml +++ b/config/apache_mod_security/apache_mod_security.xml @@ -221,6 +221,7 @@ <name>apache_mod_security</name> <rcfile>/usr/local/etc/rc.d/apache_mod_security.sh</rcfile> <executable>httpd</executable> + <description>HTTP Daemon with mod_security</description> </service> <custom_php_resync_config_command> apache_mod_security_resync(); diff --git a/config/asterisk/asterisk.inc b/config/asterisk/asterisk.inc index b2f93532..3ddb05c9 100644 --- a/config/asterisk/asterisk.inc +++ b/config/asterisk/asterisk.inc @@ -4,6 +4,7 @@ asterisk.inc part of pfSense (http://www.pfSense.com) Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2013 robi <robreg@zsurob.hu> All rights reserved. */ /* ========================================================================== */ @@ -50,18 +51,39 @@ function sync_package_asterisk() { #mount filesystem writeable conf_mount_rw(); - #fix asterisk options for nanobsd + //for NanoBSD compatibility, move the /etc/asterisk configuration directory to /conf, and symlink it back + + if (file_exists("/usr/pbi/asterisk-i386/etc/asterisk/")) { + //this should occur only on i386 systems v2.1 and up + system("mv -f /usr/pbi/asterisk-i386/etc/asterisk/ /conf/asterisk/ && ln -s /conf/asterisk /usr/pbi/asterisk-i386/etc/asterisk"); + } + if (file_exists("/usr/pbi/asterisk-amd64/etc/asterisk/")) { + //this should occur only on amd64 systems v2.1 and up + system("mv -f /usr/pbi/asterisk-amd64/etc/asterisk/ /conf/asterisk/ && ln -s /conf/asterisk /usr/pbi/asterisk-amd64/etc/asterisk"); + } + if (file_exists("/conf/asterisk/")) { + if (file_exists("/usr/local/etc/asterisk/")) { + system("mv -f /usr/local/etc/asterisk /usr/local/etc/asterisk.bak"); + } + system("ln -s /conf/asterisk /usr/local/etc/asterisk"); + system("cd /conf/asterisk && mkdir dist && mv *-dist dist"); + } else { + //should reach here only on non-pbi installs (2.0.x) + system("mv -f /usr/local/etc/asterisk/ /conf/asterisk/ && ln -s /conf/asterisk /usr/local/etc/asterisk"); + } + + //fix asterisk options for nanobsd: logging, db and calls log in /tmp if ($g['platform'] == "nanobsd"){ - $script='/usr/local/etc/asterisk/logger.conf'; + $script='/conf/asterisk/logger.conf'; if (file_exists($script)){ $script_file=file_get_contents($script); $pattern[0]='/messages =/'; - $replace[0]='/tmp/log_asterisk ='; + $replace[0]='/tmp/asterisk.log ='; $script_file=preg_replace($pattern,$replace,$script_file); file_put_contents($script, $script_file, LOCK_EX); } - $script='/usr/local/etc/asterisk/asterisk.conf'; + $script='/conf/asterisk/asterisk.conf'; if (file_exists($script)){ $script_file=file_get_contents($script); $pattern[0]='@astdbdir => [a-z,A-Z,/]+@'; @@ -71,9 +93,256 @@ function sync_package_asterisk() { $script_file=preg_replace($pattern,$replace,$script_file); file_put_contents($script, $script_file, LOCK_EX); } - } - + + //add modules settings, for disabling those not required on pfSense + $script='/conf/asterisk/modules.conf'; + if (file_exists($script)){ + $add_modules_settings = "\n"; + $add_modules_settings .= ";The following modules settings work out of the box on pfSense boxes.\n"; + $add_modules_settings .= ";Should you need any disabled module, check for its functionality individually.\n"; + $add_modules_settings .= ";For more information check asterisk's online documentation.\n"; + $add_modules_settings .= "noload => res_ael_share.so\n"; + $add_modules_settings .= "noload => res_adsi.so\n"; + $add_modules_settings .= ";noload => res_agi.so\n"; + $add_modules_settings .= "noload => res_calendar.so\n"; + $add_modules_settings .= "noload => res_crypto.so\n"; + $add_modules_settings .= ";noload => res_fax.so\n"; + $add_modules_settings .= "noload => res_jabber.so\n"; + $add_modules_settings .= "noload => res_monitor.so\n"; + $add_modules_settings .= ";noload => res_stun_monitor.so\n"; + $add_modules_settings .= "noload => res_smdi.so\n"; + $add_modules_settings .= "noload => res_speech.so\n"; + $add_modules_settings .= "noload => res_odbc.so\n"; + $add_modules_settings .= "noload => res_musiconhold.so\n"; + $add_modules_settings .= "noload => app_celgenuserevent.so\n"; + $add_modules_settings .= ";noload => app_confbridge.so\n"; + $add_modules_settings .= ";noload => app_minivm.so\n"; + $add_modules_settings .= ";noload => app_originate.so\n"; + $add_modules_settings .= ";noload => app_playtones.so\n"; + $add_modules_settings .= ";noload => app_readexten.so\n"; + $add_modules_settings .= ";noload => app_waituntil.so\n"; + $add_modules_settings .= ";noload => bridge_builtin_features.so\n"; + $add_modules_settings .= ";noload => bridge_multiplexed.so\n"; + $add_modules_settings .= ";noload => bridge_simple.so\n"; + $add_modules_settings .= ";noload => bridge_softmix.so\n"; + $add_modules_settings .= "noload => cdr_adaptive_odbc.so\n"; + $add_modules_settings .= "noload => chan_jingle.so\n"; + $add_modules_settings .= ";noload => chan_bridge.so\n"; + $add_modules_settings .= "noload => chan_unistim.so\n"; + $add_modules_settings .= ";noload => codec_g722.so\n"; + $add_modules_settings .= ";noload => format_g719.so\n"; + $add_modules_settings .= "noload => format_sln16.so\n"; + $add_modules_settings .= "noload => format_siren14.so\n"; + $add_modules_settings .= "noload => format_siren7.so\n"; + $add_modules_settings .= ";noload => func_aes.so\n"; + $add_modules_settings .= ";noload => func_audiohookinherit.so\n"; + $add_modules_settings .= ";noload => func_blacklist.so\n"; + $add_modules_settings .= ";noload => func_config.so\n"; + $add_modules_settings .= ";noload => func_devstate.so\n"; + $add_modules_settings .= ";noload => func_dialgroup.so\n"; + $add_modules_settings .= ";noload => func_dialplan.so\n"; + $add_modules_settings .= ";noload => func_extstate.so\n"; + $add_modules_settings .= ";noload => func_iconv.so\n"; + $add_modules_settings .= ";noload => func_lock.so\n"; + $add_modules_settings .= ";noload => func_module.so\n"; + $add_modules_settings .= ";noload => func_shell.so\n"; + $add_modules_settings .= ";noload => func_speex.so\n"; + $add_modules_settings .= ";noload => func_sprintf.so\n"; + $add_modules_settings .= ";noload => func_sysinfo.so\n"; + $add_modules_settings .= ";noload => func_version.so\n"; + $add_modules_settings .= ";noload => res_curl.so\n"; + $add_modules_settings .= "noload => func_vmcount.so\n"; + $add_modules_settings .= "noload => func_volume.so\n"; + $add_modules_settings .= "noload => res_clialiases.so\n"; + $add_modules_settings .= "noload => res_config_curl.so\n"; + $add_modules_settings .= "noload => res_config_ldap.so\n"; + $add_modules_settings .= "noload => res_config_sqlite.so\n"; + $add_modules_settings .= ";noload => res_limit.so\n"; + $add_modules_settings .= ";noload => res_phoneprov.so\n"; + $add_modules_settings .= "noload => res_realtime.so\n"; + $add_modules_settings .= "noload => res_timing_pthread.so\n"; + $add_modules_settings .= ";noload => app_adsiprog.so\n"; + $add_modules_settings .= ";noload => app_alarmreceiver.so\n"; + $add_modules_settings .= ";noload => app_amd.so\n"; + $add_modules_settings .= ";noload => app_authenticate.so\n"; + $add_modules_settings .= ";noload => app_cdr.so\n"; + $add_modules_settings .= ";noload => app_chanisavail.so\n"; + $add_modules_settings .= ";noload => app_channelredirect.so\n"; + $add_modules_settings .= ";noload => app_chanspy.so\n"; + $add_modules_settings .= ";noload => app_controlplayback.so\n"; + $add_modules_settings .= "noload => app_db.so\n"; + $add_modules_settings .= ";noload => app_dial.so\n"; + $add_modules_settings .= ";noload => app_dictate.so\n"; + $add_modules_settings .= ";noload => app_directed_pickup.so\n"; + $add_modules_settings .= ";noload => app_directory.so\n"; + $add_modules_settings .= ";noload => app_disa.so\n"; + $add_modules_settings .= ";noload => app_dumpchan.so\n"; + $add_modules_settings .= ";noload => app_echo.so\n"; + $add_modules_settings .= ";noload => app_exec.so\n"; + $add_modules_settings .= ";noload => app_externalivr.so\n"; + $add_modules_settings .= ";noload => app_festival.so\n"; + $add_modules_settings .= ";noload => app_followme.so\n"; + $add_modules_settings .= ";noload => app_forkcdr.so\n"; + $add_modules_settings .= ";noload => app_getcpeid.so\n"; + $add_modules_settings .= ";noload => app_ices.so\n"; + $add_modules_settings .= ";noload => app_image.so\n"; + $add_modules_settings .= ";noload => app_macro.so\n"; + $add_modules_settings .= ";noload => app_milliwatt.so\n"; + $add_modules_settings .= ";noload => app_mixmonitor.so\n"; + $add_modules_settings .= ";noload => app_mp3.so\n"; + $add_modules_settings .= ";noload => app_morsecode.so\n"; + $add_modules_settings .= ";noload => app_nbscat.so\n"; + $add_modules_settings .= ";noload => app_parkandannounce.so\n"; + $add_modules_settings .= ";noload => app_playback.so\n"; + $add_modules_settings .= ";noload => app_privacy.so\n"; + $add_modules_settings .= ";noload => app_queue.so\n"; + $add_modules_settings .= ";noload => app_read.so\n"; + $add_modules_settings .= ";noload => app_readfile.so\n"; + $add_modules_settings .= ";noload => app_record.so\n"; + $add_modules_settings .= ";noload => app_sayunixtime.so\n"; + $add_modules_settings .= ";noload => app_senddtmf.so\n"; + $add_modules_settings .= ";noload => app_sendtext.so\n"; + $add_modules_settings .= ";noload => app_setcallerid.so\n"; + $add_modules_settings .= ";noload => app_sms.so\n"; + $add_modules_settings .= ";noload => app_softhangup.so\n"; + $add_modules_settings .= "noload => app_speech_utils.so\n"; + $add_modules_settings .= ";noload => app_stack.so\n"; + $add_modules_settings .= ";noload => app_system.so\n"; + $add_modules_settings .= ";noload => app_talkdetect.so\n"; + $add_modules_settings .= ";noload => app_test.so\n"; + $add_modules_settings .= ";noload => app_transfer.so\n"; + $add_modules_settings .= ";noload => app_url.so\n"; + $add_modules_settings .= ";noload => app_userevent.so\n"; + $add_modules_settings .= ";noload => app_verbose.so\n"; + $add_modules_settings .= ";noload => app_voicemail.so\n"; + $add_modules_settings .= ";noload => app_waitforring.so\n"; + $add_modules_settings .= ";noload => app_waitforsilence.so\n"; + $add_modules_settings .= ";noload => app_while.so\n"; + $add_modules_settings .= ";noload => app_zapateller.so\n"; + $add_modules_settings .= ";noload => cdr_csv.so\n"; + $add_modules_settings .= "noload => cdr_custom.so\n"; + $add_modules_settings .= ";noload => cdr_manager.so\n"; + $add_modules_settings .= "noload => cdr_pgsql.so\n"; + $add_modules_settings .= "noload => cdr_radius.so\n"; + $add_modules_settings .= "noload => cdr_sqlite.so\n"; + $add_modules_settings .= "noload => cdr_sqlite3_custom.so\n"; + $add_modules_settings .= "noload => cdr_syslog.so\n"; + $add_modules_settings .= ";noload => cel_custom.so\n"; + $add_modules_settings .= ";noload => cel_manager.so\n"; + $add_modules_settings .= "noload => cel_odbc.so\n"; + $add_modules_settings .= "noload => cel_pgsql.so\n"; + $add_modules_settings .= "noload => cel_radius.so\n"; + $add_modules_settings .= "noload => cel_sqlite3_custom.so\n"; + $add_modules_settings .= "noload => cel_tds.so\n"; + $add_modules_settings .= ";noload => chan_agent.so\n"; + $add_modules_settings .= "noload => chan_dahdi.so\n"; + $add_modules_settings .= "noload => chan_gtalk.so\n"; + $add_modules_settings .= "noload => chan_iax2.so\n"; + $add_modules_settings .= ";noload => chan_local.so\n"; + $add_modules_settings .= "noload => chan_mgcp.so\n"; + $add_modules_settings .= ";noload => chan_multicast_rtp.so\n"; + $add_modules_settings .= "noload => chan_oss.so\n"; + $add_modules_settings .= ";noload => chan_sip.so\n"; + $add_modules_settings .= "noload => chan_skinny.so\n"; + $add_modules_settings .= ";noload => codec_a_mu.so\n"; + $add_modules_settings .= ";noload => codec_adpcm.so\n"; + $add_modules_settings .= ";noload => codec_alaw.so\n"; + $add_modules_settings .= "noload => codec_dahdi.so\n"; + $add_modules_settings .= ";noload => codec_g726.so\n"; + $add_modules_settings .= ";noload => codec_gsm.so\n"; + $add_modules_settings .= ";noload => codec_lpc10.so\n"; + $add_modules_settings .= ";noload => codec_speex.so\n"; + $add_modules_settings .= ";noload => codec_ulaw.so\n"; + $add_modules_settings .= ";noload => format_g723.so\n"; + $add_modules_settings .= ";noload => format_g726.so\n"; + $add_modules_settings .= ";noload => format_g729.so\n"; + $add_modules_settings .= ";noload => format_gsm.so\n"; + $add_modules_settings .= ";noload => format_h263.so\n"; + $add_modules_settings .= ";noload => format_h264.so\n"; + $add_modules_settings .= ";noload => format_ilbc.so\n"; + $add_modules_settings .= "noload => format_jpeg.so\n"; + $add_modules_settings .= ";noload => format_ogg_vorbis.so\n"; + $add_modules_settings .= ";noload => format_pcm.so\n"; + $add_modules_settings .= ";noload => format_sln.so\n"; + $add_modules_settings .= ";noload => format_vox.so\n"; + $add_modules_settings .= ";noload => format_wav.so\n"; + $add_modules_settings .= ";noload => format_wav_gsm.so\n"; + $add_modules_settings .= ";noload => func_base64.so\n"; + $add_modules_settings .= ";noload => func_callcompletion.so\n"; + $add_modules_settings .= ";noload => func_callerid.so\n"; + $add_modules_settings .= ";noload => func_cdr.so\n"; + $add_modules_settings .= ";noload => func_channel.so\n"; + $add_modules_settings .= ";noload => func_curl.so\n"; + $add_modules_settings .= ";noload => func_cut.so\n"; + $add_modules_settings .= "noload => func_db.so\n"; + $add_modules_settings .= ";noload => func_enum.so\n"; + $add_modules_settings .= ";noload => func_env.so\n"; + $add_modules_settings .= ";noload => func_frame_trace.so\n"; + $add_modules_settings .= ";noload => func_global.so\n"; + $add_modules_settings .= ";noload => func_groupcount.so\n"; + $add_modules_settings .= ";noload => func_logic.so\n"; + $add_modules_settings .= ";noload => func_math.so\n"; + $add_modules_settings .= ";noload => func_md5.so\n"; + $add_modules_settings .= "noload => func_odbc.so\n"; + $add_modules_settings .= ";noload => func_pitchshift.so\n"; + $add_modules_settings .= ";noload => func_rand.so\n"; + $add_modules_settings .= ";noload => func_realtime.so\n"; + $add_modules_settings .= ";noload => func_sha1.so\n"; + $add_modules_settings .= ";noload => func_srv.so\n"; + $add_modules_settings .= ";noload => func_strings.so\n"; + $add_modules_settings .= ";noload => func_timeout.so\n"; + $add_modules_settings .= ";noload => func_uri.so\n"; + $add_modules_settings .= "noload => pbx_ael.so\n"; + $add_modules_settings .= ";noload => pbx_config.so\n"; + $add_modules_settings .= "noload => pbx_dundi.so\n"; + $add_modules_settings .= ";noload => pbx_loopback.so\n"; + $add_modules_settings .= ";noload => pbx_realtime.so\n"; + $add_modules_settings .= ";noload => pbx_spool.so\n"; + $add_modules_settings .= ";noload => res_clioriginate.so\n"; + $add_modules_settings .= "noload => res_config_pgsql.so\n"; + $add_modules_settings .= ";noload => res_convert.so\n"; + $add_modules_settings .= ";noload => res_mutestream.so\n"; + $add_modules_settings .= ";noload => res_rtp_asterisk.so\n"; + $add_modules_settings .= ";noload => res_rtp_multicast.so\n"; + $add_modules_settings .= ";noload => res_security_log.so\n"; + $add_modules_settings .= ";noload => res_snmp.so\n"; + $add_modules_settings .= "noload => cdr_odbc.so\n"; + $add_modules_settings .= "noload => cdr_tds.so\n"; + $add_modules_settings .= "noload => chan_h323.so\n"; + $add_modules_settings .= "noload => res_config_odbc.so\n"; + + $script_file=file_get_contents($script); + $script_file .= $add_modules_settings; + file_put_contents($script, $script_file, LOCK_EX); + } + + //replace general SIP settings as a newbie hint to start configuration + $script='/conf/asterisk/sip.conf'; + $add_sip_general_settings = "[general]\n"; + $add_sip_general_settings .= ";The following general settings usually work on pfSense boxes.\n"; + $add_sip_general_settings .= ";Adjust them as needed, and further SIP account settings are required.\n"; + $add_sip_general_settings .= ";For more information check asterisk's online documentation or see the dist/sip.conf-dist file.\n"; + $add_sip_general_settings .= "alwaysauthreject=yes\n"; + $add_sip_general_settings .= "maxexpiry=600\n"; + $add_sip_general_settings .= "defaultexpiry=100\n"; + $add_sip_general_settings .= "registerattempts=250\n"; + $add_sip_general_settings .= "registertimeout=15\n"; + $add_sip_general_settings .= "allowguest = no\n"; + $add_sip_general_settings .= "bindport=5060\n"; + $add_sip_general_settings .= "bindaddr=192.168.1.1 ;adjust this to your local network interface where to bind\n"; + $add_sip_general_settings .= ";localnet=192.168.1.0/255.255.255.0 ;adjust this to your local networks where SIP phoners reside\n"; + $add_sip_general_settings .= ";localnet=192.168.2.0/255.255.255.0 ;add a new line for each local network if you have more\n"; + $add_sip_general_settings .= ";externhost=your.domain.name ;can be dynamic dns too\n"; + $add_sip_general_settings .= ";externrefresh=600 ;how ofteh to check for doman name's IP\n"; + $add_sip_general_settings .= "jbenable=yes\n"; + $add_sip_general_settings .= "disallow=all\n"; + $add_sip_general_settings .= "allow=g729\n"; + $add_sip_general_settings .= "allow=ulaw\n"; + $add_sip_general_settings .= "allow=alaw\n"; + + file_put_contents($script, $add_sip_general_settings, LOCK_EX); + $script='/usr/local/etc/rc.d/asterisk'; if (file_exists($script)){ $script_file=file_get_contents($script); @@ -81,13 +350,30 @@ function sync_package_asterisk() { $script_file=preg_replace("/NO/","YES",$script_file); file_put_contents($script, $script_file, LOCK_EX); } + if ($g['platform'] == "nanobsd"){ + $add_logfolder_and_callogdir .= "\n"; + $add_logfolder_and_callogdir = "if [ ! -d /var/log/asterisk ]; then\n"; + $add_logfolder_and_callogdir .= " mkdir /var/log/asterisk\n"; + $add_logfolder_and_callogdir .= "fi\n"; + $add_logfolder_and_callogdir .= "\n"; + $add_logfolder_and_callogdir .= "if [ ! -d /var/log/asterisk/cdr-csv ]; then\n"; + $add_logfolder_and_callogdir .= " ln -s /tmp /var/log/asterisk/cdr-csv\n"; + $add_logfolder_and_callogdir .= "fi\n"; + + $script_file .= $add_logfolder_and_callogdir; + file_put_contents($script, $script_file, LOCK_EX); + } chmod ($script,0755); mwexec("$script stop"); mwexec_bg("$script start"); } - #mount filesystem readonly - conf_mount_ro(); + //prepare backup for factory defaults + system("cd /conf/asterisk/ && tar czf /conf.default/asterisk_factory_defaults_config.tgz *"); + + //mount filesystem readonly + conf_mount_ro(); } ?> + diff --git a/config/asterisk/asterisk.xml b/config/asterisk/asterisk.xml index a0ce4833..69875d38 100644 --- a/config/asterisk/asterisk.xml +++ b/config/asterisk/asterisk.xml @@ -41,7 +41,7 @@ <requirements>Asterisk 1.8.x</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>asterisk</name> - <version>0.1</version> + <version>0.2</version> <title>asterisk</title> <include_file>/usr/local/pkg/asterisk.inc</include_file> <additional_files_needed> @@ -98,6 +98,6 @@ <custom_delete_php_command> </custom_delete_php_command> <custom_php_resync_config_command> - sync_package_asterisk(); +/* sync_package_asterisk(); */ </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/asterisk/asterisk_calls.php b/config/asterisk/asterisk_calls.php index 77131d8d..7fd75274 100644 --- a/config/asterisk/asterisk_calls.php +++ b/config/asterisk/asterisk_calls.php @@ -4,12 +4,11 @@ status_asterisk_calls.php part of pfSense Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com>. - Copyright (C) 2012 robreg@zsurob.hu + Copyright (C) 2013 robi <robreg@zsurob.hu> All rights reserved. originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2012 robreg@zsurob.hu All rights reserved. Redistribution and use in source and binary forms, with or without @@ -41,7 +40,7 @@ ##|*IDENT=page-status-asterisk ##|*NAME=Status: Asterisk Calls page ##|*DESCR=Allow access to the 'Status: Asterisk Calls' page. -##|*MATCH=status_asterisk_calls.php* +##|*MATCH=asterisk_calls.php* ##|-PRIV require_once("guiconfig.inc"); @@ -54,7 +53,6 @@ $callog = "/var/log/asterisk/cdr-csv/Master.csv"; /* Data input processing */ $cmd = $_GET['cmd']; -//$cmd = str_replace("+", " ", $cmd); $file = $_SERVER["SCRIPT_NAME"]; $break = Explode('/', $file); @@ -73,7 +71,7 @@ if (file_exists($callog)) case "download": // session_cache_limiter('none'); //*Use before session_start() // session_start(); - + header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename='.basename($callog)); @@ -110,23 +108,21 @@ if (file_exists($callog)) <td> <div id="mainarea"> <?php - //$trimres=shell_exec("tail -50 '$callog' > /tmp/trimmed.csv; rm '$callog'; mv /tmp/trimmed.csv '$callog'"); - //print $trimres . "Last 50 calls: <br>"; if (file_exists($callog)) $file_handle = fopen($callog, "r"); ?> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="6" class="listtopic">Last 50 Asterisk calls</td> - </tr> - <tr> - <td nowrap class="listhdrr"><?=gettext("From");?></td> - <td nowrap class="listhdrr"><?=gettext("To");?></a></td> - <td nowrap class="listhdrr"><?=gettext("Start");?></td> - <td nowrap class="listhdrr"><?=gettext("End");?></a></td> - <td nowrap class="listhdrr"><?=gettext("Duration");?></a></td> - <td nowrap class="listhdrr"><?=gettext("Status");?></td> - </tr> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="6" class="listtopic">Last 50 Asterisk calls</td> + </tr> + <tr> + <td nowrap class="listhdrr"><?=gettext("From");?></td> + <td nowrap class="listhdrr"><?=gettext("To");?></a></td> + <td nowrap class="listhdrr"><?=gettext("Start");?></td> + <td nowrap class="listhdrr"><?=gettext("End");?></a></td> + <td nowrap class="listhdrr"><?=gettext("Duration");?></a></td> + <td nowrap class="listhdrr"><?=gettext("Status");?></td> + </tr> <?php $out = ''; if (file_exists($callog)){ @@ -134,7 +130,7 @@ if (file_exists($callog)) $lin = fgetcsv($file_handle, 102400); if ($lin[12] != "") { $out = "<tr>" . $out; - $out = "<td class='listlr'>" . str_replace('"', '', $lin[4]) . "</td><td class='listlr'>" . $lin[2] . "</td><td class='listlr'>" . $lin[9] . "</td><td class='listlr'>" . $lin[11] . "</td><td class='listlr'>" . gmdate("G:i:s", $lin[12]) . "</td><td class='listlr'>" . $lin[14] . "</td>" . $out; + $out = "<td class='listlr'>" . utf8_decode(str_replace('"', '', $lin[4])) . "</td><td class='listlr'>" . $lin[2] . "</td><td class='listlr'>" . $lin[9] . "</td><td class='listlr'>" . $lin[11] . "</td><td class='listlr'>" . gmdate("G:i:s", $lin[12]) . "</td><td class='listlr'>" . $lin[14] . "</td>" . $out; $out = "</tr>" . $out; } } @@ -160,6 +156,13 @@ if (file_exists($callog)) <?=gettext("Listed in reverse order (latest on top).");?> <br> <?=gettext("Duration includes ringing time.");?> <br> <?=gettext("Trim keeps the last 50 entries.");?> + +<? +if ($g['platform'] == "nanobsd") + echo "<br>This log is lost when rebooting the system."; +?> + + </span> diff --git a/config/asterisk/asterisk_cmd.php b/config/asterisk/asterisk_cmd.php index 504c3cd1..2278b982 100644 --- a/config/asterisk/asterisk_cmd.php +++ b/config/asterisk/asterisk_cmd.php @@ -4,7 +4,7 @@ status_asterisk.php part of pfSense Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com>. - Copyright (C) 2012 robreg@zsurob.hu + Copyright (C) 2012 robi <robreg@zsurob.hu> All rights reserved. originally part of m0n0wall (http://m0n0.ch/wall) @@ -40,7 +40,7 @@ ##|*IDENT=page-status-asterisk ##|*NAME=Status: Asterisk page ##|*DESCR=Allow access to the 'Status: Asterisk' page. -##|*MATCH=status_asterisk.php* +##|*MATCH=sasterisk_cmd.php* ##|-PRIV require_once("guiconfig.inc"); @@ -86,19 +86,26 @@ $pfile = $break[count($break) - 1]; <table class="tabcont sortable" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td class="listtopic"> + <table><tr> <?php /* Print command buttons */ - echo "<a href='$pfile?cmd=sip+show+registry'><input type='button' name='command' value='SIP Registry' class='formbtns'></a>"; - echo "<a href='$pfile?cmd=sip+show+peers'><input type='button' name='command' value='SIP Peers' class='formbtns'></a>"; - echo "<a href='$pfile?cmd=sip+show+channels'><input type='button' name='command' value='SIP Channels' class='formbtns'></a>"; - echo "<a href='$pfile?cmd=core+show+channels'><input type='button' name='command' value='Channels' class='formbtns'></a>"; - echo "<a href='$pfile?cmd=core+show+codecs+audio'><input type='button' name='command' value='Codecs' class='formbtns'></a>"; - echo "<a href='$pfile?cmd=core+show+translation+recalc+10'><input type='button' name='command' value='Translation' class='formbtns'></a>"; - echo "<a href='$pfile?cmd=sip+show+settings'><input type='button' name='command' value='SIP Settings' class='formbtns'></a>"; - echo "<a href='$pfile?cmd=sip+reload'><input type='button' name='command' value='!Reload SIP' class='formbtns'></a>"; - echo "<a href='$pfile?cmd=core+reload'><input type='button' name='command' value='!Reload Core' class='formbtns'></a>"; - echo "<a href='$pfile?cmd=core+show+uptime'><input type='button' name='command' value='Uptime' class='formbtns'></a>"; + echo "<td align='center'><a href='$pfile?cmd=sip+show+registry'><input type='button' name='command' value='SIP Registry' class='formbtns' style='width: 100px'></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=sip+show+peers'><input type='button' name='command' value='SIP Peers' class='formbtns' style='width: 100px'></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=sip+show+channels'><input type='button' name='command' value='SIP Channels' class='formbtns' style='width: 100px'></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=core+show+channels'><input type='button' name='command' value='Channels' class='formbtns' style='width: 100px'></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=core+show+codecs+audio'><input type='button' name='command' value='Codecs' class='formbtns' style='width: 100px'></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=core+show+translation+recalc+10'><input type='button' name='command' value='Translation' class='formbtns' style='width: 100px'></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=sip+show+settings'><input type='button' name='command' value='SIP Settings' class='formbtns' style='width: 100px'></a></td>"; + echo "</tr></tr>"; + echo "<td></td>"; + echo "<td align='center'><a href='$pfile?cmd=sip+reload'><input type='button' name='command' value='Reload SIP' class='formbtns' style='width: 100px'></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=dialplan+reload'><input type='button' name='command' value='Reload Extensions' class='formbtns' style='width: 100px'></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=core+reload'><input type='button' name='command' value='Reload Core' class='formbtns' style='width: 100px'></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=core+show+uptime'><input type='button' name='command' value='Uptime' class='formbtns' style='width: 100px'></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=core+restart+now'><input type='button' name='command' value='Restart Asterisk' class='formbtns' style='width: 100px'></a></td>"; + echo "<td></td>"; ?> + </tr></table> </td> </tr> <tr valign="top"> @@ -117,4 +124,4 @@ $pfile = $break[count($break) - 1]; </td> </tr> </table> -<?php include("fend.inc"); ?>
\ No newline at end of file +<?php include("fend.inc"); ?> diff --git a/config/asterisk/asterisk_edit_file.php b/config/asterisk/asterisk_edit_file.php index 50d00279..495703a2 100644 --- a/config/asterisk/asterisk_edit_file.php +++ b/config/asterisk/asterisk_edit_file.php @@ -2,7 +2,7 @@ /* edit.php Copyright (C) 2004, 2005 Scott Ullrich - Copyright (C) 2012 robreg@zsurob.hu + Copyright (C) 2013 robi <robreg@zsurob.hu> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -34,12 +34,76 @@ ##|*IDENT=page-status-asterisk ##|*NAME=Status: Asterisk config editor page ##|*DESCR=Allow access to the 'Status: Asterisk configuration files' page. -##|*MATCH=status_asterisk_edit.php* +##|*MATCH=asterisk_edit_file.php* ##|-PRIV $pgtitle = array(gettext("Status"),gettext("Asterisk configuration files")); require("guiconfig.inc"); + +$backup_dir = "/conf"; +$backup_filename = "asterisk_config.bak.tgz"; +$backup_path = "{$backup_dir}/{$backup_filename}"; +$files_dir = "/conf/asterisk"; +$host = "{$config['system']['hostname']}.{$config['system']['domain']}"; +$downname = "asterisk-config-{$host}-".date("YmdHis").".bak.tgz"; //put the date in the filename + +if (($_GET['a'] == "download") && $_GET['t'] == "backup") { + conf_mount_rw(); + system("cd {$files_dir} && tar czf {$backup_path} *"); + conf_mount_ro(); +} + +if (($_GET['a'] == "download") && file_exists("{$backup_path}")) { + session_cache_limiter('public'); + $fd = fopen("{$backup_path}", "rb"); + header("Content-Type: application/force-download"); + header("Content-Type: application/octet-stream"); + header("Content-Type: application/download"); + header("Content-Description: File Transfer"); + header("Content-Disposition: attachment; filename=\"{$downname}\""); + header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 + header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past + header("Content-Length: " . filesize("{$backup_path}")); + fpassthru($fd); + exit; +} + +if ($_GET['a'] == "other") { + if ($_GET['t'] == "restore") { + //extract files to $files_dir (/conf/asterisk) + if (file_exists($backup_path)) { + //echo "The file $filename exists"; + conf_mount_rw(); + //$sysretval = system("tar -xzC {$files_dir} -f {$backup_path} 2>&1"); + exec("tar -xzC {$files_dir} -f {$backup_path} 2>&1", $sysretval); + $savemsg = "Backup has been restored " . $sysretval[1]; + //$savemsg = "Backup has been restored " . $sysretval; + system("chmod -R 644 {$files_dir}/*"); + header( 'Location: asterisk_edit_file.php?savemsg=' . $savemsg ) ; + conf_mount_ro(); + } else { + header( 'Location: asterisk_edit_file.php?savemsg=Restore+failed.+Backup+file+not+found.' ) ; + } + exit; + } +} + +if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_name'])) { + $upfilnam = $_FILES['ulfile']['name']; + $upfiltim = strtotime(str_replace(".bak.tgz","",end(explode("-",$upfilnam)))); + conf_mount_rw(); + move_uploaded_file($_FILES['ulfile']['tmp_name'], "{$backup_path}"); + $savemsg = "Uploaded ". htmlentities($_FILES['ulfile']['name']) . " file as " . $backup_path . "." ; + system('chmod -R 644 {$backup_path}'); + if ($upfiltim) { //take the date from the filename and update modified time accordingly + touch($backup_path, $upfiltim); + } + unset($_POST['txtCommand']); + conf_mount_ro(); + header( 'Location: asterisk_edit_file.php?savemsg=' . $savemsg ) ; +} + if($_REQUEST['action']) { switch($_REQUEST['action']) { case 'load': @@ -93,6 +157,13 @@ outputJavaScriptFileInline("javascript/base64.js"); <body link="#000000" vlink="#000000" alink="#000000"> <?php include("fbegin.inc"); ?> +<?php +$savemsg = $_GET["savemsg"]; +if ($savemsg) { + print_info_box($savemsg); +} +?> + <script type="text/javascript"> function loadFile() { $("fileStatus").innerHTML = "<?=gettext("Loading file"); ?> ..."; @@ -170,13 +241,50 @@ outputJavaScriptFileInline("javascript/base64.js"); <td> <div id="mainarea"> - <!-- file status box --> - <div style="display:none; background:#eeeeee;" id="fileStatusBox"> + <!-- backup options --> + <div style="background:#eeeeee;"> <div class="vexpl" style="padding-left:15px;"> - <strong id="fileStatus"></strong> + + <table width='98%' cellpadding='0' cellspacing='0' border='0'> + <tr> + <td width='80%'><br /> + <b>Backup / Restore</b><br /> + The 'Backup' button will tar gzip asterisk configuration files to <? echo $backup_path; ?> it then offers it to download.<br> + The 'Restore' button will be visible only if the <? echo $backup_path; ?> backup file exists.<br> + You can upload a backup file to the system, if one already exists at <? echo $backup_path; ?>, it will be overwritten. + <br /> + </td> + <td width='20%' valign='middle' align='right'> + <?php + echo " <input type='button' value='Backup' onclick=\"document.location.href='asterisk_edit_file.php?a=download&t=backup';\" />\n"; + if (file_exists($backup_path)) { + echo " <input type='button' value='Restore' onclick=\"document.location.href='asterisk_edit_file.php?a=other&t=restore';\" />\n"; + } + ?> + </td> + </tr></table><br> + <table width='98%' cellpadding='0' cellspacing='0' border='0'> + <tr> + <td width='20%' valign='middle' align='left'> + <?php + if (file_exists($backup_path)) { + echo $backup_filename . " date:<br>" . date ("Y F d H:i:s.", filemtime($backup_path)); + } + ?> + </td> + <td width='80%' valign='middle' align='right'> + <form action="asterisk_edit_file.php" method="POST" enctype="multipart/form-data" name="frmUpload" onSubmit=""> + Upload backup file: + <input name="ulfile" type="file" class="button" id="ulfile"> + <input name="submit" type="submit" class="button" id="upload" value="Upload"> + </form> + </td> + </tr> + </table><br /> </div> </div> - + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -186,8 +294,8 @@ outputJavaScriptFileInline("javascript/base64.js"); <table width="100%" cellpadding="9" cellspacing="9"> <tr> <td align="center" class="list"> - <?=gettext("Save / Load from path"); ?>: - <input type="text" class="formfld file" id="fbTarget" value="<?=gettext('/usr/local/etc/asterisk');?>" size="45" /> + <?=gettext("Configuration files stored in"); ?>: + <input type="text" class="formfld file" id="fbTarget" value="<?=gettext($files_dir);?>" size="45" /> <input type="button" class="formbtn" id="fbOpen" value="<?=gettext('Browse');?>" /> <!-- <input type="button" class="formbtn" onclick="loadFile();" value="<?=gettext('Load');?>" /> --> <input type="button" class="formbtn" onclick="saveFile();" value="<?=gettext('Save');?>" /> @@ -196,6 +304,16 @@ outputJavaScriptFileInline("javascript/base64.js"); </tr> </table> + + + <!-- file status box --> + <div style="display:none; background:#eeeeee;" id="fileStatusBox"> + <div class="vexpl" style="padding-left:15px;"> + <strong id="fileStatus"></strong> + </div> + </div> + + <!-- filebrowser --> <div id="fbBrowser" style="display:none; border:1px dashed gray; width:98%;"></div> @@ -241,6 +359,16 @@ outputJavaScriptFileInline("javascript/base64.js"); </tr> </table> +<p/> + +<span class="vexpl"> + <span class="red"> + <strong><?=gettext("Note:");?><br /></strong> + </span> + <?=gettext("Please back up your Asterisk configuration regularly.");?><br> + <?=gettext("It's worth to preserve the automatically generated filename of the downloaded backup file. It contains the backup creation date, which is used when uploading it back to the system.");?> +</span> + <?php include("fend.inc"); ?> </body> </html> diff --git a/config/asterisk/asterisk_log.php b/config/asterisk/asterisk_log.php index 7d1328ed..b8d454bd 100644 --- a/config/asterisk/asterisk_log.php +++ b/config/asterisk/asterisk_log.php @@ -4,7 +4,7 @@ status_asterisk_log.php part of pfSense Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com>. - Copyright (C) 2012 robreg@zsurob.hu + Copyright (C) 2012 robi <robreg@zsurob.hu> Copyright (C) 2012 Marcello Coutinho All rights reserved. @@ -41,7 +41,7 @@ ##|*IDENT=page-status-asterisk ##|*NAME=Status: Asterisk Calls page ##|*DESCR=Allow access to the 'Status: Asterisk Log' page. -##|*MATCH=status_asterisk_log.php* +##|*MATCH=asterisk_log.php* ##|-PRIV require_once("guiconfig.inc"); @@ -51,7 +51,7 @@ include("head.inc"); /* Path to Asterisk log file */ if ($g['platform'] == "nanobsd") - $log = "/tmp/log_asterisk"; + $log = "/tmp/asterisk.log"; else $log = "/var/log/asterisk/messages"; @@ -98,9 +98,9 @@ if ($cmd == "clear") { <tr> <td colspan="2" class="listtopic">Last 50 Asterisk log entries</td> </tr> - + <tr valign="top"><td class="listlr" nowrap> - + <?php $showlog_command=shell_exec("tail -50 '$log'"); echo nl2br($showlog_command); @@ -123,6 +123,12 @@ if ($cmd == "clear") { <strong><?=gettext("Note:");?><br /></strong> </span> <?=gettext("Trim keeps the last 50 lines of the log.");?> +<? +if ($g['platform'] == "nanobsd") + echo "<br>This log is lost when rebooting the system."; +?> + + </span> <?php include("fend.inc"); ?> diff --git a/config/avahi/avahi.xml b/config/avahi/avahi.xml index 46f1293b..ef4fd961 100644 --- a/config/avahi/avahi.xml +++ b/config/avahi/avahi.xml @@ -47,6 +47,7 @@ <name>avahi</name> <rcfile>avahi-daemon.sh</rcfile> <executable>avahi-daemon</executable> + <description>Avahi zeroconf/mDNS daemon</description> </service> <fields> <field> diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc index 829cdf59..1220e033 100644 --- a/config/bandwidthd/bandwidthd.inc +++ b/config/bandwidthd/bandwidthd.inc @@ -66,39 +66,60 @@ function bandwidthd_install_config() { /* user defined values */ $bandwidthd_config = $config['installedpackages']['bandwidthd']['config'][0]; $meta_refresh = $bandwidthd_config['meta_refresh']; - if($meta_refresh) + if ($meta_refresh) $meta_refresh = "meta_refresh $meta_refresh\n"; $graph = $bandwidthd_config['drawgraphs']; - if($graph) + if ($graph) $graph = "graph true\n"; else $graph = "graph false\n"; $filter_text = $bandwidthd_config['filter']; - if($filter_text) + if ($filter_text) $filter_text = "filter $filter_text\n"; $recover_cdf = $bandwidthd_config['recovercdf']; - if($recover_cdf) + if ($recover_cdf) $recover_cdf = "recover_cdf true\n"; $output_cdf = $bandwidthd_config['outputcdf']; - if($output_cdf) + if ($output_cdf) $output_cdf_string = "output_cdf true\n"; else $output_cdf_string = ""; + + $output_postgresql = $bandwidthd_config['outputpostgresql']; + $postgresql_host = $bandwidthd_config['postgresqlhost']; + $postgresql_database = $bandwidthd_config['postgresqldatabase']; + $postgresql_username = $bandwidthd_config['postgresqlusername']; + $postgresql_password = $bandwidthd_config['postgresqlpassword']; + $postgresql_string = ""; + if ($output_postgresql) { + if ($postgresql_host && $postgresql_username && $postgresql_database && $postgresql_password) + $postgresql_string = "pgsql_connect_string \"user = $postgresql_username dbname = $postgresql_database password = $postgresql_password host = $postgresql_host\"\n"; + else + log_error("You have to specify the postgreSQL Host, Database, Username and Password. Exiting."); + } + + $sensor_id = $bandwidthd_config['sensorid']; + + if ($sensor_id) + $sensor_id_string = "sensor_id \"$sensor_id\""; + else + $sensor_id_string = ""; + $promiscuous = $bandwidthd_config['promiscuous']; - if($promiscuous) + if ($promiscuous) $promiscuous = "promiscuous true\n"; else $promiscuous = "promiscuous false\n"; $graph_cutoff = $bandwidthd_config['graphcutoff']; - if($graph_cutoff) + if ($graph_cutoff) $graph_cutoff = "graph_cutoff $graph_cutoff\n"; $skip_intervals = $bandwidthd_config['skipintervals']; - if($skip_intervals) + if ($skip_intervals) $skip_intervals = "skip_intervals $skip_intervals\n"; - if($bandwidthd_config['active_interface']){ + if ($bandwidthd_config['active_interface']){ $ifdescrs = array($bandwidthd_config['active_interface']); } else { log_error("You should specify an interface for bandwidthd to listen on. Exiting."); @@ -112,25 +133,34 @@ function bandwidthd_install_config() { //for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { //$ifdescrs['opt' . $j] = "opt" . $j; //} - if(is_array($ifdescrs)) { - foreach($ifdescrs as $int) { + if (is_array($ifdescrs)) { + foreach ($ifdescrs as $int) { /* calculate interface subnet information */ $ifcfg = $config['interfaces'][$int]; $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); $subnetmask = gen_subnet_mask($ifcfg['subnet']); - if($subnet == "pppoe") { + $subnet_with_mask = ""; + if ($subnet == "pppoe") { $subnet = find_interface_ip("ng0"); - if($subnet) - $subnets .= "subnet {$subnet}/32\n"; + if ($subnet) { + $subnet_with_mask = $subnet . "/32"; + } } else { - if($subnet) - $subnets .= "subnet {$subnet}/{$ifcfg['subnet']}\n"; + if ($subnet) { + $subnet_with_mask = $subnet . "/" . $ifcfg['subnet']; + } + } + if (!empty($subnet_with_mask)) { + /* Only add the subnet if the user has not specified it in the custom subnets. */ + /* This avoids generating an unnecessary syntax error message from the config. */ + if (!in_array($subnet_with_mask, $subnets_custom)) + $subnets .= "subnet {$subnet_with_mask}\n"; } } } - if(is_array($subnets_custom)) { - foreach($subnets_custom as $sub) { + if (is_array($subnets_custom)) { + foreach ($subnets_custom as $sub) { if (!empty($sub) && is_subnet($sub)) $subnets .= "subnet {$sub}\n"; } @@ -138,8 +168,8 @@ function bandwidthd_install_config() { /* initialize to "" */ $dev = ""; - if(is_array($ifdescrs)) { - foreach($ifdescrs as $ifdescr) { + if (is_array($ifdescrs)) { + foreach ($ifdescrs as $ifdescr) { $descr = convert_friendly_interface_to_real_interface_name($ifdescr); $dev .= "dev \"$descr\"\n"; } @@ -176,7 +206,7 @@ $dev # intervals to skip before doing a graphing run $skip_intervals -# Graph cutoff is how many k must be transfered by an +# Graph cutoff is how many k must be transferred by an # ip before we bother to graph it $graph_cutoff @@ -190,11 +220,19 @@ $output_cdf_string #Read back the cdf file on startup $recover_cdf +# Standard postgres connect string, just like php, see postgres docs for +# details +$postgresql_string + +# Arbitrary sensor name, I recommend the sensors fully qualified domain +# name +$sensor_id_string + #Libpcap format filter string used to control what bandwidthd sees #Please always include "ip" in the string to avoid strange problems $filter_text -#Draw Graphs - This default to true to graph the traffic bandwidthd is recording +#Draw Graphs - This defaults to true to graph the traffic bandwidthd is recording #Usually set this to false if you only want cdf output or #you are using the database output option. Bandwidthd will use very little #ram and cpu if this is set to false. @@ -206,7 +244,7 @@ $meta_refresh EOF; $fd = fopen("{$bandwidthd_config_dir}/bandwidthd.conf","w"); - if(!$fd) { + if (!$fd) { log_error("could not open {$bandwidthd_config_dir}/bandwidthd.conf for writing"); exit; } @@ -314,7 +352,7 @@ EOD; if (!file_exists($bandwidthd_index_file)) { exec("echo \"Please start bandwidthd to populate this directory.\" > " . $bandwidthd_index_file); } - + if (($bandwidthd_enable) && ($output_cdf)) { // Use cron job to rotate logs every day at 00:01 install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", true, "1", "0"); diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml index f306546a..672b5367 100644 --- a/config/bandwidthd/bandwidthd.xml +++ b/config/bandwidthd/bandwidthd.xml @@ -2,8 +2,8 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> + <![CDATA[ /* $Id$ */ /* ========================================================================== */ /* @@ -40,13 +40,13 @@ POSSIBILITY OF SUCH DAMAGE. */ /* ========================================================================== */ - ]]> + ]]> </copyright> <description>Describe your package here</description> <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>bandwidthd</name> - <version>2.0.1.4</version> + <version>2.0.1_5 pkg v.0.2</version> <title>Bandwidthd</title> <aftersaveredirect>/pkg_edit.php?xml=bandwidthd.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/bandwidthd.inc</include_file> @@ -60,6 +60,7 @@ <name>bandwidthd</name> <rcfile>bandwidthd.sh</rcfile> <executable>bandwidthd</executable> + <description>BandwidthD bandwidth monitoring daemon</description> </service> <tabs> <tab> @@ -69,7 +70,7 @@ </tab> <tab> <text>Access BandwidthD</text> - <url>/bandwidthd" target="_blank</url> + <url>/bandwidthd/index.html" target="_blank</url> </tab> </tabs> <configpath>installedpackages->package->bandwidthd</configpath> @@ -84,7 +85,7 @@ <fieldname>enable</fieldname> <type>checkbox</type> <description></description> - </field> + </field> <field> <fielddescr>Interface</fielddescr> <fieldname>active_interface</fieldname> @@ -92,7 +93,7 @@ <type>interfaces_selection</type> <required/> <default_value>lan</default_value> - </field> + </field> <field> <fielddescr>Subnet</fielddescr> <fieldname>subnets_custom</fieldname> @@ -131,6 +132,43 @@ <type>checkbox</type> </field> <field> + <fielddescr>output PostgreSQL</fielddescr> + <fieldname>outputpostgresql</fieldname> + <description>Log data to a PostgreSQL database.<br> + Get the postgreSQL schema and PHP files to display the results from: <a target="_new" href="https://github.com/individual-it/bandwidthd-pSQL-frontend">https://github.com/individual-it/bandwidthd-pSQL-frontend</a></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Database host</fielddescr> + <fieldname>postgresqlhost</fieldname> + <description>Hostname of the postgreSQL database server.</description> + <type>input</type> + </field> + <field> + <fielddescr>Database name</fielddescr> + <fieldname>postgresqldatabase</fieldname> + <description>Database on the postgreSQL database server.</description> + <type>input</type> + </field> + <field> + <fielddescr>Database Username</fielddescr> + <fieldname>postgresqlusername</fieldname> + <description>Username of the postgreSQL database server.</description> + <type>input</type> + </field> + <field> + <fielddescr>Database Password</fielddescr> + <fieldname>postgresqlpassword</fieldname> + <description>Password of the postgreSQL database server.</description> + <type>password</type> + </field> + <field> + <fielddescr>sensor_id</fielddescr> + <fieldname>sensorid</fieldname> + <description>Arbitrary sensor name, I recommend the sensors fully qualified domain name.</description> + <type>input</type> + </field> + <field> <fielddescr>Filter</fielddescr> <fieldname>filter</fieldname> <description>Libpcap format filter string used to control what bandwidthd sees. Please always include "ip" in the string to avoid strange problems.</description> diff --git a/config/blinkled/blinkled.xml b/config/blinkled/blinkled.xml index b23c4dfc..d1141dbd 100644 --- a/config/blinkled/blinkled.xml +++ b/config/blinkled/blinkled.xml @@ -20,6 +20,7 @@ <name>blinkled</name> <rcfile>blinkled.sh</rcfile> <executable>blinkled</executable> + <description>Blinks LEDs to indicate network activity</description> </service> <fields> <field> diff --git a/config/blinkled8/blinkled.inc b/config/blinkled8/blinkled.inc index d50cc022..f466da94 100644 --- a/config/blinkled8/blinkled.inc +++ b/config/blinkled8/blinkled.inc @@ -1,10 +1,36 @@ <?php require_once("functions.inc"); +function blinkled_rcfile() { + global $config; + $blinkled_config = $config['installedpackages']['blinkled']['config'][0]; + $stop = <<<EOD +if [ `/bin/pgrep blinkled | /usr/bin/wc -l` != 0 ]; then + /usr/bin/killall -9 blinkled + while [ `/bin/pgrep blinkled | /usr/bin/wc -l` != 0 ]; do + sleep 1 + done + fi +EOD; + + $start = "{$stop}\n"; + if (($blinkled_config['enable_led2']) && ($blinkled_config['iface_led2'])) + $start .= "\t" . blinkled_launch(convert_friendly_interface_to_real_interface_name($blinkled_config['iface_led2']), 2, true) . "\n"; + if (($blinkled_config['enable_led3']) && ($blinkled_config['iface_led3'])) + $start .= "\t" . blinkled_launch(convert_friendly_interface_to_real_interface_name($blinkled_config['iface_led3']), 3, true) . "\n"; + + conf_mount_rw(); + write_rcfile(array( + 'file' => 'blinkled.sh', + 'start' => $start, + 'stop' => $stop) + ); + conf_mount_ro(); +} + function blinkled_running () { return ((int)exec('pgrep blinkled | wc -l') > 0); } - function sync_package_blinkled() { global $config; $blinkled_config = $config['installedpackages']['blinkled']['config'][0]; @@ -16,10 +42,15 @@ function sync_package_blinkled() { if(!blinkled_running()) { blinkled_start(); } + blinkled_rcfile(); } -function blinkled_launch($int, $led) { - mwexec("/usr/local/bin/blinkled -i " . escapeshellarg($int) . " -l /dev/led/led" . escapeshellarg($led)); +function blinkled_launch($int, $led, $return = false) { + $cmd = "/usr/local/bin/blinkled -i " . escapeshellarg($int) . " -l " . escapeshellarg("/dev/led/led{$led}"); + if ($return) + return $cmd; + else + mwexec($cmd); } function blinkled_start() { diff --git a/config/blinkled8/blinkled.xml b/config/blinkled8/blinkled.xml index 310d3810..5fb5ff7c 100644 --- a/config/blinkled8/blinkled.xml +++ b/config/blinkled8/blinkled.xml @@ -2,7 +2,7 @@ <packagegui> <title>Interfaces: Assign LEDs</title> <name>blinkled</name> - <version>20090710</version> + <version>0.4</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/blinkled.inc</include_file> <menu> @@ -25,6 +25,7 @@ <name>blinkled</name> <rcfile>blinkled.sh</rcfile> <executable>blinkled</executable> + <description>Blinks LEDs to indicate network activity</description> </service> <fields> <field> diff --git a/config/cron/cron.xml b/config/cron/cron.xml index 4110090f..71e524b3 100644 --- a/config/cron/cron.xml +++ b/config/cron/cron.xml @@ -55,7 +55,7 @@ <name>cron</name> <rcfile>cron.sh</rcfile> <executable>cron</executable> - <description>The cron utility is used to manage commands on a schedule.</description> + <description>Scheduled commands daemon</description> </service> <tabs> <tab> diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index 39282409..12c2af93 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -321,7 +321,7 @@ function sync_package_dansguardian($via_rpc="no",$install_process=false) { #contentscanners preg_replace patterns $match[0]="/(conf)/"; - $match[1]="/(\/usr.local)/"; + $match[1]="/\/usr.local|".str_replace("/","\\/",DANSGUARDIAN_DIR)."/"; $match[2]="/,/"; $replace[0]="$1'"; $replace[1]="contentscanner = '".DANSGUARDIAN_DIR; @@ -331,7 +331,7 @@ function sync_package_dansguardian($via_rpc="no",$install_process=false) { #includes preg_replace patterns $match[0]="/(.)$/"; - $match[1]="/\/usr.local/"; + $match[1]="/\/usr.local|".str_replace("/","\\/",DANSGUARDIAN_DIR)."/"; $match[2]="/,/"; $replace[0]="$1>\n"; $replace[1]="\n.Include<".DANSGUARDIAN_DIR; @@ -1416,4 +1416,4 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type, } } -?>
\ No newline at end of file +?> diff --git a/config/darkstat/darkstat.xml b/config/darkstat/darkstat.xml index c90b33cd..3263012b 100644 --- a/config/darkstat/darkstat.xml +++ b/config/darkstat/darkstat.xml @@ -58,6 +58,7 @@ <name>darkstat</name> <rcfile>darkstat.sh</rcfile> <executable>darkstat</executable> + <description>Darkstat bandwidth monitoring daemon</description> </service> <tabs> <tab> diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index bf48dd06..0f7010d6 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -3290,7 +3290,7 @@ ldap { # Certificate Verification requirements. Can be: # "never" (don't even bother trying) - # "allow" (try, but don't fail if the cerificate + # "allow" (try, but don't fail if the certificate # can't be verified) # "demand" (fail if the certificate doesn't verify.) # @@ -3449,7 +3449,7 @@ ldap ldap2{ # Certificate Verification requirements. Can be: # "never" (don't even bother trying) - # "allow" (try, but don't fail if the cerificate + # "allow" (try, but don't fail if the certificate # can't be verified) # "demand" (fail if the certificate doesn't verify.) # diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml index c7b5e79d..aec71697 100644 --- a/config/freeradius2/freeradiusmodulesldap.xml +++ b/config/freeradius2/freeradiusmodulesldap.xml @@ -377,7 +377,7 @@ <description><![CDATA[Choose how the certs should be checked:<br><br> <b>never: </b>don't even bother trying<br> - <b>allow: </b>try but don't fail if the cerificate can't be verified<br> + <b>allow: </b>try but don't fail if the certificate can't be verified<br> <b>demand: </b>fail if the certificate doesn't verify]]></description> <type>select</type> <default_value>never</default_value> diff --git a/config/git/git.xml b/config/git/git.xml new file mode 100644 index 00000000..6c5254ae --- /dev/null +++ b/config/git/git.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013 + All rights reserved. +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>git</description> + <requirements>None</requirements> + <faq></faq> + <name>git</name> + <version>0.0</version> + <title>git</title> +</packagegui>
\ No newline at end of file diff --git a/config/gwled/gwled.xml b/config/gwled/gwled.xml index f1d065a2..35df41ee 100644 --- a/config/gwled/gwled.xml +++ b/config/gwled/gwled.xml @@ -25,6 +25,7 @@ <name>gwled</name> <rcfile>gwled.sh</rcfile> <executable>gwled</executable> + <description>Gateway LED Indicator Daemon</description> </service> <fields> <field> diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index 3afefb49..5eee1024 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -459,7 +459,7 @@ function write_backend($fd, $name, $pool, $frontend) { $adv_be = explode("\n", base64_decode($pool['advanced_backend'])); foreach($adv_be as $adv_line) { if ($adv_line != "") { - fwrite($fd, "\t" . $adv_line . "\n"); + fwrite($fd, "\t" . str_replace("\r", "", $adv_line) . "\n"); } } } @@ -486,7 +486,7 @@ function write_backend($fd, $name, $pool, $frontend) { if (is_array($a_servers)) { foreach($a_servers as $be) { - if (!$be['status'] == "inactive") + if ($be['status'] == "inactive") continue; if (!$be['name']) @@ -573,7 +573,8 @@ function haproxy_writeconf($configfile) { if($a_global['advanced']) { $adv = explode("\n", base64_decode($a_global['advanced'])); foreach($adv as $adv_line) { - fwrite($fd, "\t" . $adv_line . "\n"); + fwrite($fd, "\t" . str_replace("\r", "", $adv_line) . "\n"); + } } fwrite ($fd, "\n"); @@ -687,7 +688,7 @@ function haproxy_writeconf($configfile) { $advanced = explode("\n", base64_decode($bind['advanced'])); foreach($advanced as $adv_line) { if ($adv_line != "") { - fwrite($fd, "\t" . $adv_line . "\n"); + fwrite($fd, "\t" . str_replace("\r", "", $adv_line) . "\n"); } } } @@ -727,7 +728,7 @@ function haproxy_writeconf($configfile) { // Combine the rest of the listener configs - $default_once = 0; + $default_backend = ""; $i = 0; foreach ($bind['config'] as $bconfig) { $a_acl=&$bconfig['ha_acls']['item']; @@ -741,9 +742,8 @@ function haproxy_writeconf($configfile) { $poolname .= "_" . $bconfig['svrport']; // Write this out once, and must be before any backend config text - if ($default_once == 0) { - fwrite ($fd, "\tdefault_backend\t\t" . $poolname . "\n"); - $default_once++; + if ($default_backend == "" || $bconfig['secondary'] != 'yes') { + $default_backend = $poolname; } if (!isset($a_pendingpl[$poolname])) { @@ -789,6 +789,8 @@ function haproxy_writeconf($configfile) { fwrite ($fd, "\tuse_backend\t\t" . $poolname . " if " . $aclnames . "\n"); } } + fwrite ($fd, "\tdefault_backend\t\t" . $default_backend . "\n"); + foreach($advancedextra as $extra) fwrite ($fd, "\t".$extra."\n"); fwrite ($fd, "\n"); diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php index d634ded4..7b6e3d58 100644 --- a/config/haproxy-devel/haproxy_listeners.php +++ b/config/haproxy-devel/haproxy_listeners.php @@ -36,7 +36,7 @@ require_once("certs.inc"); if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { $config['installedpackages']['haproxy']['ha_backends']['item'] = array(); } -$a_backend = &$config['installedpackages']['haproxy']['ha_backends']['item']; +$a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item']; if ($_POST) { $pconfig = $_POST; @@ -56,9 +56,9 @@ $id = $_GET['id']; $id = get_frontend_id($id); if ($_GET['act'] == "del") { - if (isset($a_backend[$id])) { + if (isset($a_frontend[$id])) { if (!$input_errors) { - unset($a_backend[$id]); + unset($a_frontend[$id]); write_config(); touch($d_haproxyconfdirty_path); } @@ -114,92 +114,94 @@ include("head.inc"); </tr> <?php - function sort_backends(&$a, &$b) { - if ($a['ipport'] != $b['ipport']) - return $a['ipport'] > $b['ipport'] ? 1 : -1; + function sort_sharedfrontends(&$a, &$b) { + // make sure the 'primary frontend' is the first in the array, after that sort by name. if ($a['secondary'] != $b['secondary']) return $a['secondary'] > $b['secondary'] ? 1 : -1; if ($a['name'] != $b['name']) return $a['name'] > $b['name'] ? 1 : -1; return 0; } - foreach($a_backend as &$backend2) { - $backend2['ipport'] = get_frontend_ipport($backend2); + + $a_frontend_grouped = array(); + foreach($a_frontend as &$frontend2) { + $ipport = get_frontend_ipport($frontend2); + $frontend2['ipport'] = $ipport; + $a_frontend_grouped[$ipport][] = $frontend2; } - usort($a_backend,'sort_backends'); + ksort($a_frontend_grouped); $img_cert = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; $img_adv = "/themes/{$g['theme']}/images/icons/icon_advanced.gif"; $img_acl = "/themes/{$g['theme']}/images/icons/icon_ts_rule.gif"; - - unset($ipport_previous); - foreach ($a_backend as $backend): - $backendname = $backend['name']; - $textgray = $backend['status'] != 'active' ? " gray" : ""; - if (isset($ipport_previous ) && $backend['ipport'] != $ipport_previous): - ?> - <tr class="<?=$textgray?>"><td collspan="7"> </td></tr> - <? - endif; - $ipport_previous = $backend['ipport']; - ?> - <tr class="<?=$textgray?>"> - <td class="listlr" style="<?=$backend['secondary']=='yes'?"visibility:hidden;":""?>" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> - <?=$backend['secondary']!='yes'?"yes":"no";?> - </td> - <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> - <? - if (strtolower($backend['type']) == "http" && $backend['ssloffload']) - { - $cert = lookup_cert($backend['ssloffloadcert']); - echo '<img src="'.$img_cert.'" title="SSL offloading cert: '.$cert['descr'].'" alt="SSL offloading" border="0" height="16" width="16" />'; - } - - $acls = get_frontent_acls($backend); - $isaclset = ""; - foreach ($acls as $acl) { - $isaclset .= " " . $acl['descr']; - } - if ($isaclset) - echo "<img src=\"$img_acl\" title=\"" . gettext("acl's used") . ": {$isaclset}\" border=\"0\">"; - - $isadvset = ""; - if ($backend['advanced_bind']) $isadvset .= "Advanced bind: {$backend['advanced_bind']}\r\n"; - if ($backend['advanced']) $isadvset .= "advanced settings used\r\n"; - if ($isadvset) - echo "<img src=\"$img_adv\" title=\"" . gettext("advanced settings set") . ": {$isadvset}\" border=\"0\">"; - + $last_frontend_shared = false; + foreach ($a_frontend_grouped as $a_frontend) { + usort($a_frontend,'sort_sharedfrontends'); + if (count($a_frontend) > 1 || $last_frontend_shared) { + ?> <tr class="<?=$textgray?>"><td collspan="7"> </td></tr> <? + } + $last_frontend_shared = count($a_frontend) > 1; + foreach ($a_frontend as $frontend) { + $frontendname = $frontend['name']; + $textgray = $frontend['status'] != 'active' ? " gray" : ""; ?> - </td> - <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> - <?=$backend['name'];?> - </td> - <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> - <?=$backend['desc'];?> - </td> - <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> - <?=$backend['ipport'];?> - </td> - <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> - <?=$backend['type']?> - </td> - <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> - <?=$backend['backend_serverpool']?> - </td> - <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$backendname;?>';"> - <?=$backend['secondary'] == 'yes' ? $backend['primary_frontend'] : "";?> - </td> - <td class="list" nowrap> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="haproxy_listeners_edit.php?id=<?=$backendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="haproxy_listeners.php?act=del&id=<?=$backendname;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="haproxy_listeners_edit.php?dup=<?=$backendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php endforeach; ?> + <tr class="<?=$textgray?>"> + <td class="listlr" style="<?=$frontend['secondary']=='yes'?"visibility:hidden;":""?>" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> + <?=$frontend['secondary']!='yes'?"yes":"no";?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> + <? + if (strtolower($frontend['type']) == "http" && $frontend['ssloffload']) { + $cert = lookup_cert($frontend['ssloffloadcert']); + echo '<img src="'.$img_cert.'" title="SSL offloading cert: '.$cert['descr'].'" alt="SSL offloading" border="0" height="16" width="16" />'; + } + + $acls = get_frontent_acls($frontend); + $isaclset = ""; + foreach ($acls as $acl) { + $isaclset .= " " . $acl['descr']; + } + if ($isaclset) + echo "<img src=\"$img_acl\" title=\"" . gettext("acl's used") . ": {$isaclset}\" border=\"0\">"; + + $isadvset = ""; + if ($frontend['advanced_bind']) $isadvset .= "Advanced bind: {$frontend['advanced_bind']}\r\n"; + if ($frontend['advanced']) $isadvset .= "advanced settings used\r\n"; + if ($isadvset) + echo "<img src=\"$img_adv\" title=\"" . gettext("advanced settings set") . ": {$isadvset}\" border=\"0\">"; + + ?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> + <?=$frontend['name'];?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> + <?=$frontend['desc'];?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> + <?=$frontend['ipport'];?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> + <?=$frontend['type']?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> + <?=$frontend['backend_serverpool']?> + </td> + <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> + <?=$frontend['secondary'] == 'yes' ? $frontend['primary_frontend'] : "";?> + </td> + <td class="list" nowrap> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="haproxy_listeners_edit.php?id=<?=$frontendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_listeners.php?act=del&id=<?=$frontendname;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="haproxy_listeners_edit.php?dup=<?=$frontendname;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr><?php + } + } ?> <tfoot> <tr> <td class="list" colspan="8"></td> diff --git a/config/haproxy-stable/haproxy.xml b/config/haproxy-stable/haproxy.xml index 3a0be0ec..50907cfe 100644 --- a/config/haproxy-stable/haproxy.xml +++ b/config/haproxy-stable/haproxy.xml @@ -98,7 +98,7 @@ <custom_php_install_command> $freebsdv=trim(`uname -r | cut -d'.' -f1`); conf_mount_rw(); - `fetch -q -o /usr/local/sbin/ http://www.pfsense.org/packages/config/haproxy-dev/binaries{$freebsdv}/haproxy`; + `fetch -q -o /usr/local/sbin/ http://files.pfsense.org/packages/7/haproxy-dev/haproxy`; exec("chmod a+rx /usr/local/sbin/haproxy"); haproxy_custom_php_install_command(); </custom_php_install_command> diff --git a/config/haproxy-stable/haproxy_global.php b/config/haproxy-stable/haproxy_global.php index f7864a4d..0e960611 100755 --- a/config/haproxy-stable/haproxy_global.php +++ b/config/haproxy-stable/haproxy_global.php @@ -79,7 +79,7 @@ if ($_POST) { $config['installedpackages']['haproxy']['logfacility'] = $_POST['logfacility'] ? $_POST['logfacility'] : false; $config['installedpackages']['haproxy']['loglevel'] = $_POST['loglevel'] ? $_POST['loglevel'] : false; $config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false; - $config['installedpackages']['haproxy']['advanced'] = base64_encode($_POST['advanced']) ? $_POST['advanced'] : false; + $config['installedpackages']['haproxy']['advanced'] = $_POST['advanced'] ? base64_encode($_POST['advanced']) : false; $config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false; touch($d_haproxyconfdirty_path); write_config(); diff --git a/config/haproxy/haproxy.inc b/config/haproxy/haproxy.inc index 45dce95c..aa8d5a3e 100644 --- a/config/haproxy/haproxy.inc +++ b/config/haproxy/haproxy.inc @@ -534,7 +534,7 @@ function haproxy_writeconf() { fwrite ($fd, "\tmaxconn\t\t\t" . $bind['max_connections'] . "\n"); if($bind['client_timeout']) - fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n"); + fwrite ($fd, "\ttimeout client\t\t" . $bind['client_timeout'] . "\n"); // Combine the rest of the listener configs @@ -602,15 +602,18 @@ function haproxy_writeconf() { if(isset($config['installedpackages']['haproxy']['enablesync'])) { if($config['installedpackages']['haproxy']['synchost1']) { haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost1'], + $config['installedpackages']['haproxy']['syncusername'], $config['installedpackages']['haproxy']['syncpassword']); } if($config['installedpackages']['haproxy']['synchost2']) { haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost2'], + $config['installedpackages']['haproxy']['syncusername'], $config['installedpackages']['haproxy']['syncpassword']); } if($config['installedpackages']['haproxy']['synchost3']) { haproxy_do_xmlrpc_sync($config['installedpackages']['haproxy']['synchost3'], - $config['installedpackages']['haproxy']['syncpassword']); + $config['installedpackages']['haproxy']['syncusername'], + $config['installedpackages']['haproxy']['syncpassword']); } } @@ -634,6 +637,11 @@ function haproxy_is_running() { return $running; } +function haproxy_check_config() { + exec("/usr/local/sbin/haproxy -c -f /var/etc/haproxy.cfg 2>&1", $output); + return implode("\n", $output); +} + function haproxy_check_run($reload) { global $config, $g; @@ -673,7 +681,7 @@ function haproxy_check_run($reload) { } -function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { +function haproxy_do_xmlrpc_sync($sync_to_ip, $username, $password) { global $config, $g; if(!$password) @@ -681,6 +689,9 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { if(!$sync_to_ip) return; + + if (empty($username)) + $username = "admin"; // Do not allow syncing to self. $donotsync = false; @@ -723,6 +734,7 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { unset($xml['synchost1']); unset($xml['synchost2']); unset($xml['synchost3']); + unset($xml['syncusername']); unset($xml['syncpassword']); /* assemble xmlrpc payload */ @@ -737,7 +749,7 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); + $cli->setCredentials($username, $password); if($g['debug']) $cli->setDebug(1); /* send our XMLRPC message and timeout after 250 seconds */ @@ -770,7 +782,7 @@ function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { log_error("HAProxy XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); + $cli->setCredentials($username, $password); $resp = $cli->send($msg, "250"); if(!$resp) { $error = "A communications error occurred while attempting HAProxy XMLRPC sync with {$url}:{$port} (exec_php)."; diff --git a/config/haproxy/haproxy.xml b/config/haproxy/haproxy.xml index 0c897dc7..227d1b27 100644 --- a/config/haproxy/haproxy.xml +++ b/config/haproxy/haproxy.xml @@ -42,7 +42,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>haproxy</name> - <version>1.0</version> + <version>1.2.4</version> <title>HAProxy</title> <aftersaveredirect>/pkg_edit.php?xml=haproxy_pools.php</aftersaveredirect> <include_file>/usr/local/pkg/haproxy.inc</include_file> diff --git a/config/haproxy/haproxy_global.php b/config/haproxy/haproxy_global.php index 340c578b..aa046544 100755 --- a/config/haproxy/haproxy_global.php +++ b/config/haproxy/haproxy_global.php @@ -82,12 +82,19 @@ if ($_POST) { $config['installedpackages']['haproxy']['logfacility'] = $_POST['logfacility'] ? $_POST['logfacility'] : false; $config['installedpackages']['haproxy']['loglevel'] = $_POST['loglevel'] ? $_POST['loglevel'] : false; $config['installedpackages']['haproxy']['carpdev'] = $_POST['carpdev'] ? $_POST['carpdev'] : false; + $config['installedpackages']['haproxy']['syncusername'] = $_POST['syncusername'] ? $_POST['syncusername'] : false; $config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false; - $config['installedpackages']['haproxy']['advanced'] = base64_encode($_POST['advanced']) ? $_POST['advanced'] : false; + $config['installedpackages']['haproxy']['advanced'] = $_POST['advanced'] ? base64_encode($_POST['advanced']) : false; $config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false; touch($d_haproxyconfdirty_path); write_config(); } + + if ($_POST['Submit'] == "Save and Check Config") { + $check_output = haproxy_check_config(); + if (empty($check_output)) + $check_output = "No output."; + } } } @@ -95,6 +102,7 @@ if ($_POST) { $pconfig['enable'] = isset($config['installedpackages']['haproxy']['enable']); $pconfig['maxconn'] = $config['installedpackages']['haproxy']['maxconn']; $pconfig['enablesync'] = isset($config['installedpackages']['haproxy']['enablesync']); +$pconfig['syncusername'] = $config['installedpackages']['haproxy']['syncusername']; $pconfig['syncpassword'] = $config['installedpackages']['haproxy']['syncpassword']; $pconfig['synchost1'] = $config['installedpackages']['haproxy']['synchost1']; $pconfig['synchost2'] = $config['installedpackages']['haproxy']['synchost2']; @@ -157,6 +165,14 @@ function enable_change(enable_change) { <td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php if ($_POST['Submit'] == "Save and Check Config"): ?> + <tr><td colspan="2" valign="top" class="vncell"> +Configuration check output: +<pre> +<?= $check_output; ?> +</pre> + </td></tr> + <?php endif; ?> <tr> <td colspan="2" valign="top" class="listtopic">General settings</td> </tr> @@ -336,6 +352,14 @@ function enable_change(enable_change) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Synchronization username</td> + <td width="78%" class="vtable"> + <input name="syncusername" type="text" value="<?= empty($pconfig['syncusername']) ? 'admin' : $pconfig['syncusername'];?>"> + <br/> + <strong>Enter the username that will be used during configuration synchronization. This is generally "admin" or an admin-level privileged account on the target system.</strong> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Synchronization password</td> <td width="78%" class="vtable"> <input name="syncpassword" type="password" value="<?=$pconfig['syncpassword'];?>"> @@ -376,6 +400,7 @@ function enable_change(enable_change) { <td width="22%" valign="top"> </td> <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)"> + <input name="Submit" type="submit" class="formbtn" value="Save and Check Config" onClick="enable_change(true)"> </td> </td> </tr> diff --git a/config/havp/havp.inc b/config/havp/havp.inc index 36c053c9..29a109ba 100644 --- a/config/havp/havp.inc +++ b/config/havp/havp.inc @@ -79,7 +79,7 @@ define('HVDEF_PID_FILE', '/var/run/havp.pid'); define('HVDEF_WORK_DIR', '/usr/local/etc/havp'); $pfSversion = str_replace("\s", "", file_get_contents("/etc/version")); -if(preg_match("/^2.0/",$pfSversion)) +if(preg_match("/^2./",$pfSversion)) define('HVDEF_LOG_DIR', '/var/log/havp'); else define('HVDEF_LOG_DIR', '/var/log'); @@ -413,6 +413,10 @@ function havp_check_system() havp_set_file_access(HVDEF_TEMPLATES, HVDEF_USER, ''); havp_set_file_access(HVDEF_TEMPLATES_EX, HVDEF_USER, ''); + # havp log dir + if (!file_exists(HVDEF_LOG_DIR)) + mwexec("mkdir -p " . HVDEF_LOG_DIR); + havp_set_file_access(HVDEF_LOG_DIR, HVDEF_USER, ''); # log files exists ? if (!file_exists(HVDEF_HAVP_ACCESSLOG)) file_put_contents(HVDEF_HAVP_ACCESSLOG, ''); if (!file_exists(HVDEF_HAVP_ERRORLOG)) file_put_contents(HVDEF_HAVP_ERRORLOG, ''); @@ -427,12 +431,16 @@ function havp_check_system() if (!file_exists(HVDEF_FRESHCLAM_CONF)) file_put_contents(HVDEF_FRESHCLAM_CONF, ''); havp_set_file_access(HVDEF_FRESHCLAM_CONF, HVDEF_AVUSER, '0664'); + # clam log dir + if (!file_exists(HVDEF_AVLOG_DIR)) + mwexec("mkdir -p " . HVDEF_AVLOG_DIR); + havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, ''); # log files exists ? if (!file_exists(HVDEF_CLAM_LOG)) file_put_contents(HVDEF_CLAM_LOG, ''); if (!file_exists(HVDEF_FRESHCLAM_LOG)) file_put_contents(HVDEF_FRESHCLAM_LOG, ''); # log dir permissions - if (!file_exists(HVDEF_AVLOG_DIR)) - mwexec("mkdir -p " . HVDEF_AVLOG_DIR); + # if (!file_exists(HVDEF_AVLOG_DIR)) + # mwexec("mkdir -p " . HVDEF_AVLOG_DIR); havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, '0777'); # =-= ClamAV =-= diff --git a/config/iftop/iftop.xml b/config/iftop/iftop.xml new file mode 100644 index 00000000..64afbc79 --- /dev/null +++ b/config/iftop/iftop.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013 + All rights reserved. +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>iftop</description> + <requirements>None</requirements> + <faq></faq> + <name>iftop</name> + <version>0.0</version> + <title>iftop</title> +</packagegui>
\ No newline at end of file diff --git a/config/iperf.xml b/config/iperf.xml index e5de8b85..2fe49699 100644 --- a/config/iperf.xml +++ b/config/iperf.xml @@ -59,6 +59,7 @@ <service> <name>iperf</name> <executable>iperf</executable> + <description>iperf network performance testing daemon/client</description> </service> <tabs> <tab> diff --git a/config/ipmitool/ipmitool.xml b/config/ipmitool/ipmitool.xml new file mode 100644 index 00000000..a42baa36 --- /dev/null +++ b/config/ipmitool/ipmitool.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013 + All rights reserved. +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>ipmitool</description> + <requirements>None</requirements> + <faq></faq> + <name>ipmitool</name> + <version>0.0</version> + <title>ipmitool</title> +</packagegui>
\ No newline at end of file diff --git a/config/lcdproc-dev/lcdproc.inc b/config/lcdproc-dev/lcdproc.inc index 1436c07d..8b3ce28f 100644 --- a/config/lcdproc-dev/lcdproc.inc +++ b/config/lcdproc-dev/lcdproc.inc @@ -81,6 +81,7 @@ case "lpt1": case "ugen0.2": case "ugen1.2": + case "ugen1.3"; case "ugen2.2": continue; break; @@ -177,6 +178,9 @@ case "ugen1.2": $realport = "/dev/ugen1.2"; break; + case "ugen1.3": + $realport = "/dev/ugen1.3"; + break; case "ugen2.2": $realport = "/dev/ugen2.2"; break; @@ -303,9 +307,11 @@ case "hd44780": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "driverpath=/usr/local/lib/lcdproc/\n"; - $config_text .= "ConnectionType=lcd2usb\n"; + $config_text .= "ConnectionType={$lcdproc_config['connection_type']}\n"; + $config_text .= "Device={$realport}\n"; + $config_text .= "Port=0x378\n"; $config_text .= "Speed=0\n"; - $config_text .= "Keypad=no\n"; + $config_text .= "Keypad=yes\n"; $config_text .= set_lcd_value("contrast", 1000, 850); $config_text .= set_lcd_value("brightness", 1000, 800); $config_text .= set_lcd_value("offbrightness", 1000, 0); @@ -315,6 +321,16 @@ $config_text .= "DelayMult=1\n"; $config_text .= "DelayBus=true\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; + if ($lcdproc_config[connection_type] == "winamp") + { + $config_text .= "KeyDirect_1=Enter\n"; + $config_text .= "KeyDirect_2=Up\n"; + $config_text .= "KeyDirect_3=Down\n"; + $config_text .= "KeyDirect_4=Escape\n"; + } + else + { + } break; case "icp_a106": $config_text .= "[{$lcdproc_config['driver']}]\n"; @@ -531,4 +547,4 @@ EOD; } return $returnvalue; } -?>
\ No newline at end of file +?> diff --git a/config/lcdproc-dev/lcdproc.xml b/config/lcdproc-dev/lcdproc.xml index 7c0cd318..bca9b4c8 100644 --- a/config/lcdproc-dev/lcdproc.xml +++ b/config/lcdproc-dev/lcdproc.xml @@ -1,8 +1,8 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> - <title>Services: LCDproc 0.5.5 pkg v. 0.9.4</title> + <title>Services: LCDproc 0.5.6 pkg v. 0.9.7</title> <name>lcdproc</name> - <version>0.5.5 pkg v. 0.9.4</version> + <version>0.5.6 pkg v. 0.9.7</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/lcdproc.inc</include_file> <tabs> @@ -42,11 +42,6 @@ <prefix>/usr/local/lib/lcdproc/</prefix> <chmod>0755</chmod> </additional_files_needed> - <additional_files_needed> - <item>http://files.pfsense.org/misc/sdeclcd.so</item> - <prefix>/usr/local/lib/lcdproc/</prefix> - <chmod>0755</chmod> - </additional_files_needed> <service> <name>lcdproc</name> <rcfile>lcdproc.sh</rcfile> @@ -106,8 +101,12 @@ <name>USB Com port 2 alternate (/dev/ugen1.2)</name> </option> <option> + <value>ugen1.3</value> + <name>USB Com port 3 alternate (/dev/ugen1.3)</name> + </option> + <option> <value>ugen2.2</value> - <name>USB Com port 3 alternate (/dev/ugen2.2)</name> + <name>USB Com port 4 alternate (/dev/ugen2.2)</name> </option> </options> <default_value>ucom1</default_value> @@ -257,7 +256,7 @@ </option> <option> <value>sdeclcd</value> - <name>Watchguard Firebox with SDEC (x86 only)</name> + <name>Watchguard Firebox with SDEC</name> </option> <option> <value>sed1330</value> @@ -307,6 +306,87 @@ <default_value>pyramid</default_value> </field> <field> + <fieldname>connection_type</fieldname> + <fielddescr>Connection Type</fielddescr> + <description>Set connection type for the HD44780 driver</description> + <type>select</type> + <options> + <option> + <value>4bit</value> + <name>4bit wiring to parallel port</name> + </option> + <option> + <value>8bit</value> + <name>8bit wiring to parallel port(lcdtime)</name> + </option> + <option> + <value>winamp</value> + <name>8bit wiring winamp style to parallel port</name> + </option> + <option> + <value>serialLpt</value> + <name>Serial LPT wiring</name> + </option> + <option> + <value>picanlcd</value> + <name>PIC-an-LCD serial device</name> + </option> + <option> + <value>lcdserializer</value> + <name>LCD serializer</name> + </option> + <option> + <value>los-panel</value> + <name>LCD on serial panel device</name> + </option> + <option> + <value>vdr-lcd</value> + <name>VDR LCD serial device</name> + </option> + <option> + <value>vdr-wakeup</value> + <name>VDR-Wakeup module</name> + </option> + <option> + <value>pertelian</value> + <name>Pertelian X2040 LCD</name> + </option> + <option> + <value>bwctusb</value> + <name>BWCT USB device</name> + </option> + <option> + <value>lcd2usb</value> + <name>Till Harbaum's LCD2USB</name> + </option> + <option> + <value>usbtiny</value> + <name>Dick Streefland's USBtiny</name> + </option> + <option> + <value>lis2</value> + <name>LIS2 from VLSystem</name> + </option> + <option> + <value>mplay</value> + <name>MPlay Blast from VLSystem</name> + </option> + <option> + <value>ftdi</value> + <name>LCD connected to FTDI 2232D USB chip</name> + </option> + <option> + <value>usblcd</value> + <name>USBLCD adapter from Adams IT Services</name> + </option> + <option> + <value>i2c</value> + <name>LCD driven by PCF8574/PCA9554 connected via i2c</name> + </option> + </options> + <default_value>lcd2usb</default_value> + </field> + <field> <fieldname>refresh_frequency</fieldname> <fielddescr>Refresh frequency</fielddescr> <description>Set the refresh frequency of the information on the LCD Panel</description> diff --git a/config/nrpe2/nrpe2.inc b/config/nrpe2/nrpe2.inc index cd3fa013..25964b16 100644 --- a/config/nrpe2/nrpe2.inc +++ b/config/nrpe2/nrpe2.inc @@ -159,8 +159,12 @@ function nrpe2_custom_php_write_config() { conf_mount_rw(); $cmds = array(); foreach ($config['installedpackages']['nrpe2']['config'][0]['row'] as $cmd) { + $sudo_bin = "/usr/local/bin/sudo"; + $sudo = (isset($cmd['sudo']) && is_executable($sudo_bin)) ? "{$sudo_bin} " : ""; + $wcmd = !empty($cmd['warning']) ? "-w {$cmd['warning']}" : ""; + $ccmd = !empty($cmd['critical']) ? "-c {$cmd['critical']}" : ""; if (is_executable("{$nagios_check_path}/{$cmd['command']}")) - $cmds[] = "command[{$cmd['name']}]={$nagios_check_path}/{$cmd['command']} -w {$cmd['warning']} -c {$cmd['critical']} {$cmd['extra']}\n"; + $cmds[] = "command[{$cmd['name']}]={$sudo}{$nagios_check_path}/{$cmd['command']} {$wcmd} {$ccmd} {$cmd['extra']}\n"; } $commands = implode($cmds); diff --git a/config/nrpe2/nrpe2.xml b/config/nrpe2/nrpe2.xml index e013b47c..5b84b97f 100644 --- a/config/nrpe2/nrpe2.xml +++ b/config/nrpe2/nrpe2.xml @@ -3,7 +3,7 @@ <description>Nagios NRPEv2</description> <requirements>Describe your package requirements here</requirements> <name>nrpe2</name> - <version>2.11</version> + <version>2.2</version> <title>NRPEv2</title> <aftersaveredirect>/pkg_edit.php?xml=nrpe2.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/nrpe2.inc</include_file> diff --git a/config/ntop/ntop.xml b/config/ntop/ntop.xml index 3b50c847..b635ef1f 100644 --- a/config/ntop/ntop.xml +++ b/config/ntop/ntop.xml @@ -64,6 +64,7 @@ <name>ntop</name> <rcfile>ntop.sh</rcfile> <executable>ntop</executable> + <description>NTOP bandwidth monitoring/graphing</description> </service> <tabs> <tab> diff --git a/config/ntop2/ntop.xml b/config/ntop2/ntop.xml index 898df4d7..4db9e9c8 100644 --- a/config/ntop2/ntop.xml +++ b/config/ntop2/ntop.xml @@ -60,6 +60,7 @@ <name>ntop</name> <rcfile>ntop.sh</rcfile> <executable>ntop</executable> + <description>NTOP bandwidth monitoring/graphing</description> </service> <tabs> <tab> diff --git a/config/nut/nut.xml b/config/nut/nut.xml index 75a5c246..4a9c3d46 100644 --- a/config/nut/nut.xml +++ b/config/nut/nut.xml @@ -61,6 +61,7 @@ <name>nut</name> <rcfile>nut.sh</rcfile> <executable>upsmon</executable> + <description>UPS monitoring daemon</description> </service> <tabs> <tab> @@ -599,6 +600,10 @@ <name>pw</name> <value>pw</value> </option> + <option> + <name>cyberpower</name> + <value>cyberpower</value> + </option> </options> </field> <field> diff --git a/config/openbgpd/openbgpd.xml b/config/openbgpd/openbgpd.xml index 2d28de0f..73bda244 100644 --- a/config/openbgpd/openbgpd.xml +++ b/config/openbgpd/openbgpd.xml @@ -49,6 +49,7 @@ <name>bgpd</name> <rcfile>bgpd.sh</rcfile> <executable>bgpd</executable> + <description>OpenBSD BGP Daemon</description> </service> <additional_files_needed> <prefix>/usr/local/www/</prefix> @@ -151,7 +152,7 @@ <description></description> <rowhelper> <rowhelperfield> - <fielddescr>Announce the specified network as belonging to our AS. If set to connected, routes to directly attached networks will be announced. If set to static, all static routes will be announced.</fielddescr> + <fielddescr>Announce the specified network as belonging to our AS. If set to "(inet|inet6)connected", inet or inet6 routes to directly attached networks will be announced. If set to "(inet|inet6) static", all inet or inet6 static routes will be announced.</fielddescr> <fieldname>networks</fieldname> <description>Network that you would like to advertise</description> <type>input</type> diff --git a/config/openbgpd/openbgpd_status.php b/config/openbgpd/openbgpd_status.php index 6b27b4de..99076d12 100644 --- a/config/openbgpd/openbgpd_status.php +++ b/config/openbgpd/openbgpd_status.php @@ -3,7 +3,7 @@ /* openbgpd_status.php part of pfSense (http://www.pfsense.com/) - Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) + Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) All rights reserved. Redistribution and use in source and binary forms, with or without @@ -30,6 +30,28 @@ require("guiconfig.inc"); +$commands = array(); + +defCmdT("summary", "OpenBGPD Summary", "/usr/local/sbin/bgpctl show summary"); +defCmdT("interfaces", "OpenBGPD Interfaces", "/usr/local/sbin/bgpctl show interfaces"); +defCmdT("routing", "OpenBGPD Routing", "/usr/local/sbin/bgpctl show rib", true, 4); +defCmdT("forwarding", "OpenBGPD Forwarding", "/usr/local/sbin/bgpctl show fib", true, 5); +defCmdT("network", "OpenBGPD Network", "/usr/local/sbin/bgpctl show network"); +defCmdT("nexthops", "OpenBGPD Nexthops", "/usr/local/sbin/bgpctl show nexthop"); +defCmdT("ip", "OpenBGPD IP", "/usr/local/sbin/bgpctl show ip bgp", true, 4); +defCmdT("neighbors", "OpenBGPD Neighbors", "/usr/local/sbin/bgpctl show neighbor"); + +if (isset($_REQUEST['isAjax'])) { + if (isset($_REQUEST['cmd']) && isset($commands[$_REQUEST['cmd']])) { + echo "{$_REQUEST['cmd']}\n"; + if (isset($_REQUEST['count'])) + echo " of " . countCmdT($commands[$_REQUEST['cmd']]['command']) . " items"; + else + echo htmlspecialchars_decode(doCmdT($commands[$_REQUEST['cmd']]['command'], $_REQUEST['limit'], $_REQUEST['filter'], $_REQUEST['header_size'])); + } + exit; +} + if ($config['version'] >= 6) $pgtitle = array("OpenBGPD", "Status"); else @@ -37,85 +59,178 @@ else include("head.inc"); -function doCmdT($title, $command) { - echo "<p>\n"; - echo "<a name=\"" . $title . "\">\n"; - echo "<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n"; - echo "<tr><td class=\"listtopic\">" . $title . "</td></tr>\n"; - echo "<tr><td class=\"listlr\"><pre>"; /* no newline after pre */ - - if ($command == "dumpconfigxml") { - $fd = @fopen("/conf/config.xml", "r"); - if ($fd) { - while (!feof($fd)) { - $line = fgets($fd); - /* remove sensitive contents */ - $line = preg_replace("/<password>.*?<\\/password>/", "<password>xxxxx</password>", $line); - $line = preg_replace("/<pre-shared-key>.*?<\\/pre-shared-key>/", "<pre-shared-key>xxxxx</pre-shared-key>", $line); - $line = preg_replace("/<rocommunity>.*?<\\/rocommunity>/", "<rocommunity>xxxxx</rocommunity>", $line); - $line = str_replace("\t", " ", $line); - echo htmlspecialchars($line,ENT_NOQUOTES); - } - } - fclose($fd); - } else { - $fd = popen("{$command} 2>&1", "r"); - $ct = 0; - while (($line = fgets($fd)) !== FALSE) { - echo htmlspecialchars($line, ENT_NOQUOTES); - if ($ct++ > 1000) { - ob_flush(); - $ct = 0; - } +function doCmdT($command, $limit = "all", $filter = "", $header_size = 0) { + $grepline = ""; + if (!empty($filter)) { + $ini = ($header_size > 0 ? $header_size+1 : 1); + $grepline = " | /usr/bin/sed -e '{$ini},\$ { /" . escapeshellarg(htmlspecialchars($filter)) . "/!d; };'"; + } + if (is_numeric($limit) && $limit > 0) { + $limit += $header_size; + $headline = " | /usr/bin/head -n {$limit}"; + } + + $fd = popen("{$command}{$grepline}{$headline} 2>&1", "r"); + $ct = 0; + $result = ""; + while (($line = fgets($fd)) !== FALSE) { + $result .= htmlspecialchars($line, ENT_NOQUOTES); + if ($ct++ > 1000) { + ob_flush(); + $ct = 0; } - pclose($fd); } - echo "</pre></tr>\n"; - echo "</table>\n"; + pclose($fd); + + return $result; } -/* Execute a command, giving it a title which is the same as the command. */ -function doCmd($command) { - doCmdT($command,$command); +function countCmdT($command) { + $fd = popen("{$command} 2>&1", "r"); + $c = 0; + while (fgets($fd) !== FALSE) + $c++; + + pclose($fd); + + return $c; } -/* Define a command, with a title, to be executed later. */ -function defCmdT($title, $command) { - global $commands; - $title = htmlspecialchars($title,ENT_NOQUOTES); - $commands[] = array($title, $command); +function showCmdT($idx, $data) { + echo "<p>\n"; + echo "<a name=\"" . $data['title'] . "\"> </a>\n"; + echo "<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n"; + echo "<tr><td colspan=\"2\" class=\"listtopic\">" . $data['title'] . "</td></tr>\n"; + + $limit_default = "all"; + if ($data['has_filter']) { + $limit_options = array("10", "50", "100", "200", "500", "1000", "all"); + $limit_default = "100"; + + echo "<tr><td class=\"listhdr\" style=\"font-weight:bold;\">\n"; + echo "Display <select onchange=\"update_filter('{$idx}','{$data['header_size']}');\" name=\"{$idx}_limit\" id=\"{$idx}_limit\">\n"; + foreach ($limit_options as $item) + echo "<option value='{$item}' " . ($item == $limit_default ? "selected" : "") . ">{$item}</option>\n"; + echo "</select> <span name=\"{$idx}_count\" id=\"{$idx}_count\">items</span></td>\n"; + echo "<td class=\"listhdr\" align=\"right\" style=\"font-weight:bold;\">Filter expression: \n"; + echo "<input type=\"text\" name=\"{$idx}_filter\" id=\"{$idx}_filter\" class=\"formfld search\" value=\"" . htmlspecialchars($_REQUEST["{$idx}_filter"]) . "\" size=\"30\" />\n"; + echo "<input type=\"button\" class=\"formbtn\" value=\"Filter\" onclick=\"update_filter('{$idx}','{$data['header_size']}');\" />\n"; + echo "</td></tr>\n"; + } + + echo "<tr><td colspan=\"2\" class=\"listlr\"><pre id=\"{$idx}\">"; /* no newline after pre */ + echo "Gathering data, please wait...\n"; + echo "</pre></td></tr>\n"; + echo "</table>\n"; } -/* Define a command, with a title which is the same as the command, - * to be executed later. - */ -function defCmd($command) { - defCmdT($command,$command); +/* Define a command, with a title, to be executed later. */ +function defCmdT($idx, $title, $command, $has_filter = false, $header_size = 0) { + global $commands; + $title = htmlspecialchars($title,ENT_NOQUOTES); + $commands[$idx] = array( + 'title' => $title, + 'command' => $command, + 'has_filter' => $has_filter, + 'header_size' => $header_size); } /* List all of the commands as an index. */ function listCmds() { - global $commands; - echo "<p>This status page includes the following information:\n"; - echo "<ul width=\"700\">\n"; - for ($i = 0; isset($commands[$i]); $i++ ) { - echo "<li><strong><a href=\"#" . $commands[$i][0] . "\">" . $commands[$i][0] . "</a></strong></li>\n"; - } - echo "</ul>\n"; + global $commands; + echo "<p>This status page includes the following information:\n"; + echo "<ul width=\"700\">\n"; + foreach ($commands as $idx => $command) + echo "<li><strong><a href=\"#" . $command['title'] . "\">" . $command['title'] . "</a></strong></li>\n"; + echo "</ul>\n"; } /* Execute all of the commands which were defined by a call to defCmd. */ function execCmds() { - global $commands; - for ($i = 0; isset($commands[$i]); $i++ ) { - doCmdT($commands[$i][0], $commands[$i][1]); - } + global $commands; + foreach ($commands as $idx => $command) + showCmdT($idx, $command); } ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<script type="text/javascript"> +//<![CDATA[ + + function update_count(cmd, header_size) { + var url = "openbgpd_status.php"; + var params = "isAjax=true&count=true&cmd=" + cmd + "&header_size=" + header_size; + var myAjax = new Ajax.Request( + url, + { + method: 'post', + parameters: params, + onComplete: update_count_callback + }); + } + + function update_count_callback(transport) { + // First line contain field id to be updated + var responseTextArr = transport.responseText.split("\n"); + + document.getElementById(responseTextArr[0] + "_count").innerHTML = responseTextArr[1]; + } + + function update_filter(cmd, header_size) { + var url = "openbgpd_status.php"; + var filter = ""; + var limit = "all"; + var limit_field = document.getElementById(cmd + "_limit"); + if (limit_field) { + var index = limit_field.selectedIndex; + limit = limit_field.options[index].value; + filter = document.getElementById(cmd + "_filter").value; + } + var params = "isAjax=true&cmd=" + cmd + "&limit=" + limit + "&filter=" + filter + "&header_size=" + header_size; + var myAjax = new Ajax.Request( + url, + { + method: 'post', + parameters: params, + onComplete: update_filter_callback + }); + } + + function update_filter_callback(transport) { + // First line contain field id to be updated + var responseTextArr = transport.responseText.split("\n"); + var id = responseTextArr.shift(); + + document.getElementById(id).textContent = responseTextArr.join("\n"); + } + +//]]> +</script> + <?php include("fbegin.inc"); ?> +<script type="text/javascript"> +//<![CDATA[ + + function exec_all_cmds() { +<?php + foreach ($commands as $idx => $command) { + if ($command['has_filter']) + echo "\t\tupdate_count('{$idx}', {$command['header_size']});\n"; + echo "\t\tupdate_filter('{$idx}', {$command['header_size']});\n"; + } +?> + } + +if (typeof jQuery == 'undefined') + document.observe('dom:loaded', function(){setTimeout('exec_all_cmds()', 5000);}); +else + jQuery(document).ready(function(){setTimeout('exec_all_cmds()', 5000);}); + +//]]> +</script> + <?php if ($config['version'] < 6) echo '<p class="pgtitle">' . $pgtitle . '</font></p>'; @@ -136,37 +251,17 @@ function execCmds() { ?> </table> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <form action="tinydns_status.php" method="post"> - </form> - </td> - </tr> - <tr> - <td class="tabcont" > - -<?php - -defCmdT("OpenBGPD Summary","bgpctl show summary"); -defCmdT("OpenBGPD Interfaces","bgpctl show interfaces"); -defCmdT("OpenBGPD Routing","bgpctl show rib"); -defCmdT("OpenBGPD Forwarding","bgpctl show fib"); -defCmdT("OpenBGPD Network","bgpctl show network"); -defCmdT("OpenBGPD Network","bgpctl show network"); -defCmdT("OpenBGPD Nexthops","bgpctl show nexthop"); -defCmdT("OpenBGPD IP","bgpctl show ip bgp"); -defCmdT("OpenBGPD Neighbors","bgpctl show neighbor"); + <tr> + <td class="tabcont" > -?> - <div id="cmdspace" style="width:100%"> - <?php listCmds(); ?> - - <?php execCmds(); ?> - </div> - - </table> - </td> - </tr> + <div id="cmdspace" style="width:100%"> + <?php listCmds(); ?> + + <?php execCmds(); ?> + </div> + + </td> + </tr> </table> </div> diff --git a/config/openospfd/openospfd.xml b/config/openospfd/openospfd.xml index 278a91a0..ab948e7a 100644 --- a/config/openospfd/openospfd.xml +++ b/config/openospfd/openospfd.xml @@ -45,6 +45,7 @@ <name>OpenOSPFd</name> <rcfile>ospfd.sh</rcfile> <executable>ospfd</executable> + <description>OpenBSD OSPF Daemon</description> </service> <fields> <field> diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 06a0928c..1d1609ed 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -78,8 +78,8 @@ function openvpn_client_export_prefix($srvid, $usrid = null, $crtid = null) { $filename_addition = ""; if ($usrid && is_numeric($usrid)) $filename_addition = "-".$config['system']['user'][$usrid]['name']; - if ($crtid && is_numeric($crtid) && function_exists("cert_get_cn")) - $filename_addition = "-".cert_get_cn($config['cert'][$crtid]['crt']); + elseif ($crtid && is_numeric($crtid) && function_exists("cert_get_cn")) + $filename_addition = "-" . str_replace(' ', '_', cert_get_cn($config['cert'][$crtid]['crt'])); return "{$host}-{$prot}-{$port}{$filename_addition}"; } @@ -156,7 +156,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { } elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) { $cert = $config['cert'][$crtid]; if (!$cert) - $input_errors[] = "Could not find client certifficate."; + $input_errors[] = "Could not find client certificate."; } else $nokeys = true; @@ -316,11 +316,16 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quotese if ($openvpnmanager) { + if (!empty($settings['client_mgmt_port'])) { + $client_mgmt_port = $settings['client_mgmt_port']; + } else { + $client_mgmt_port = 166; + } $conf .= $nl; $conf .= "# dont terminate service process on wrong password, ask again{$nl}"; $conf .= "auth-retry interact{$nl}"; $conf .= "# open management channel{$nl}"; - $conf .= "management 127.0.0.1 166{$nl}"; + $conf .= "management 127.0.0.1 {$client_mgmt_port}{$nl}"; $conf .= "# wait for management to explicitly start connection{$nl}"; $conf .= "management-hold{$nl}"; $conf .= "# query management channel for user/pass{$nl}"; @@ -343,7 +348,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quotese case "zip": // create template directory $tempdir = "{$g['tmp_path']}/{$prefix}"; - mkdir($tempdir, 0700, true); + @mkdir($tempdir, 0700, true); file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf); @@ -368,10 +373,14 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quotese else openvpn_client_pem_to_pk12($p12file, $outpass, $crtfile, $keyfile, $cafile); } - exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}"); + $command = "cd " . escapeshellarg("{$tempdir}/..") + . " && /usr/local/bin/zip -r " + . escapeshellarg("{$g['tmp_path']}/{$prefix}-config.zip") + . " " . escapeshellarg($prefix); + exec($command); // Remove temporary directory - exec("rm -rf {$tempdir}"); - return $g['tmp_path'] . "/{$prefix}-config.zip"; + exec("rm -rf " . escapeshellarg($tempdir)); + return "{$g['tmp_path']}/{$prefix}-config.zip"; break; case "inline": case "inlinedroid": @@ -383,6 +392,9 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quotese $conf .= "<cert>{$nl}" . trim(base64_decode($cert['crt'])) . "{$nl}</cert>{$nl}"; // Inline Key $conf .= "<key>{$nl}" . trim(base64_decode($cert['prv'])) . "{$nl}</key>{$nl}"; + } else { + // Work around OpenVPN Connect assuming you have a client cert even when you don't need one + $conf .= "setenv CLIENT_CERT 0{$nl}"; } // Inline TLS if ($settings['tls']) { diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index e70139a7..f90ac2cf 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>1.0.6</version> + <version>1.0.11</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 4f7e1caa..c2a54432 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -603,6 +603,11 @@ function useproxy_changed(obj) { <option value="<?php echo $ddns["host"] ?>">DynDNS: <?php echo $ddns["host"] ?></option> <?php endforeach; ?> <?php endif; ?> + <?php if (is_array($config['dnsupdates']['dnsupdate'])): ?> + <?php foreach ($config['dnsupdates']['dnsupdate'] as $ddns): ?> + <option value="<?php echo $ddns["host"] ?>">DynDNS: <?php echo $ddns["host"] ?></option> + <?php endforeach; ?> + <?php endif; ?> <option value="other">Other</option> </select> <br /> diff --git a/config/quagga_ospfd/quagga_ospfd.xml b/config/quagga_ospfd/quagga_ospfd.xml index a03f9e3c..61bf3e94 100644 --- a/config/quagga_ospfd/quagga_ospfd.xml +++ b/config/quagga_ospfd/quagga_ospfd.xml @@ -50,11 +50,13 @@ <name>Quagga OSPFd</name> <rcfile>quagga.sh</rcfile> <executable>ospfd</executable> + <description>OSPF routing daemon</description> </service> <service> <name>Quagga Zebra</name> <rcfile>quagga.sh</rcfile> <executable>zebra</executable> + <description>Quagga core/abstraction daemon</description> </service> <fields> <field> diff --git a/config/sarg/sarg.inc b/config/sarg/sarg.inc index 32cca7ed..97abc138 100644 --- a/config/sarg/sarg.inc +++ b/config/sarg/sarg.inc @@ -4,7 +4,7 @@ sarg.inc part of pfSense (http://www.pfSense.com) Copyright (C) 2007 Joao Henrique F. Freitas - Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2012-2013 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ @@ -34,11 +34,13 @@ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version > 2.0){ define('SARG_DIR', '/usr/pbi/sarg-' . php_uname("m")); + define('SQGARD_DIR','/usr/pbi/squidguard-' . php_uname("m")); define('SQUID_DIR', '/usr/pbi/squid-' . php_uname("m")); define('DANSG_DIR', '/usr/pbi/dansguardian-' . php_uname("m")); } else{ define('SARG_DIR', '/usr/local'); + define('SQGARD_DIR', '/usr/local'); define('SQUID_DIR', '/usr/local'); define('DANSG_DIR', '/usr/local'); } @@ -50,7 +52,7 @@ if ($uname['machine']=='amd64') // STATIC VARS $sarg_proxy=array( 'squid_rc'=> SQUID_DIR . '/etc/rc.d/squid.sh', 'squid_config'=> '/var/squid/logs/access.log', - 'squidguard_config'=> SARG_DIR . '/etc/squidGuard/squidGuard.conf', + 'squidguard_config'=> SQGARD_DIR . '/etc/squidGuard/squidGuard.conf', 'squidguard_block_log'=>'/var/squidGuard/log/block.log', 'dansguardian_config'=> DANSG_DIR . '/etc/dansguardian/dansguardian.conf', 'dansguardian_log'=>'/var/log/dansguardian/access.log'); @@ -258,7 +260,7 @@ function sync_package_sarg() { $bytes_in_sites_users_report=(preg_match('/bytes_in_sites_users_report/',$sarg['report_options'])?"yes":"no"); $date_time_by=(preg_match('/date_time_by_bytes/',$sarg['report_options'])?"bytes":""); $date_time_by.=(preg_match('/date_time_by_elap/',$sarg['report_options'])?" elap":""); - $date_format=(empty($sarg['report_date_format'])?"u":$sarg['report_date_format']); + $date_format=(preg_match("/\w/",$sarg['report_date_format'])?$sarg['report_date_format']:"u"); $report_type=preg_replace('/,/',' ',$sarg['report_type']); $report_charset=(empty($sarg['report_charset'])?"UTF-8":$sarg['report_charset']); $exclude_string=(empty($sarg['exclude_string'])?"":'exclude_string "'.$sarg['exclude_string'].'"'); @@ -289,6 +291,7 @@ function sync_package_sarg() { file_put_contents( SARG_DIR . '/etc/sarg/usertab.conf', sarg_text_area_decode($sarguser['usertab']),LOCK_EX); } if($sarguser['ldap_enable']){ + $usertab="ldap"; $LDAPHost=(empty($sarguser['ldap_host'])?"":"LDAPHost ".$sarguser['ldap_host']); $LDAPort=(empty($sarguser['ldap_port'])?"":"LDAPPort ".$sarguser['ldap_port']); $LDAPBindDN=(empty($sarguser['ldap_bind_dn'])?"":"LDAPBindDN ".$sarguser['ldap_bind_dn']); diff --git a/config/sarg/sarg.xml b/config/sarg/sarg.xml index bb345379..cc11cad4 100644 --- a/config/sarg/sarg.xml +++ b/config/sarg/sarg.xml @@ -9,7 +9,7 @@ /* sarg.xml part of the sarg for pfSense - Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2012-2013 Marcello Coutinho All rights reserved. */ diff --git a/config/servicewatchdog/services_servicewatchdog.php b/config/servicewatchdog/services_servicewatchdog.php new file mode 100644 index 00000000..920fd1bb --- /dev/null +++ b/config/servicewatchdog/services_servicewatchdog.php @@ -0,0 +1,211 @@ +<?php +/* + services_servicewatchdog.php + Copyright (C) 2013 Jim Pingle + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: system +*/ + +##|+PRIV +##|*IDENT=page-services-servicewatchdog +##|*NAME=Services: Service Watchdog +##|*DESCR=Allow access to the 'Services: Service Watchdog' page. +##|*MATCH=services_servicewatchdog.php* +##|-PRIV + +require("guiconfig.inc"); +require_once("functions.inc"); +require_once("service-utils.inc"); +require_once("servicewatchdog.inc"); + +if (!is_array($config['installedpackages']['servicewatchdog']['item'])) + $config['installedpackages']['servicewatchdog']['item'] = array(); + +$a_pwservices = &$config['installedpackages']['servicewatchdog']['item']; + +/* if a custom message has been passed along, lets process it */ +if ($_GET['savemsg']) + $savemsg = $_GET['savemsg']; + +if ($_GET['act'] == "del") { + if ($a_pwservices[$_GET['id']]) { + unset($a_pwservices[$_GET['id']]); + servicewatchdog_cron_job(); + write_config(); + header("Location: services_servicewatchdog.php"); + exit; + } +} + +if (isset($_POST['del_x'])) { + /* delete selected services */ + if (is_array($_POST['pwservices']) && count($_POST['pwservices'])) { + foreach ($_POST['pwservices'] as $servicei) { + unset($a_pwservices[$servicei]); + } + servicewatchdog_cron_job(); + write_config(); + header("Location: services_servicewatchdog.php"); + exit; + } +} else { + /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */ + unset($movebtn); + foreach ($_POST as $pn => $pd) { + if (preg_match("/move_(\d+)_x/", $pn, $matches)) { + $movebtn = $matches[1]; + break; + } + } + /* move selected services before this service */ + if (isset($movebtn) && is_array($_POST['pwservices']) && count($_POST['pwservices'])) { + $a_pwservices_new = array(); + + /* copy all services < $movebtn and not selected */ + for ($i = 0; $i < $movebtn; $i++) { + if (!in_array($i, $_POST['pwservices'])) + $a_pwservices_new[] = $a_pwservices[$i]; + } + + /* copy all selected services */ + for ($i = 0; $i < count($a_pwservices); $i++) { + if ($i == $movebtn) + continue; + if (in_array($i, $_POST['pwservices'])) + $a_pwservices_new[] = $a_pwservices[$i]; + } + + /* copy $movebtn service */ + if ($movebtn < count($a_pwservices)) + $a_pwservices_new[] = $a_pwservices[$movebtn]; + + /* copy all services > $movebtn and not selected */ + for ($i = $movebtn+1; $i < count($a_pwservices); $i++) { + if (!in_array($i, $_POST['pwservices'])) + $a_pwservices_new[] = $a_pwservices[$i]; + } + $a_pwservices = $a_pwservices_new; + servicewatchdog_cron_job(); + write_config(); + header("Location: services_servicewatchdog.php"); + return; + } +} + +$closehead = false; +$pgtitle = array(gettext("Services"),gettext("Service Watchdog")); +include("head.inc"); + +?> +<script type="text/javascript" src="/javascript/domTT/domLib.js"></script> +<script type="text/javascript" src="/javascript/domTT/domTT.js"></script> +<script type="text/javascript" src="/javascript/domTT/behaviour.js"></script> +<script type="text/javascript" src="/javascript/domTT/fadomatic.js"></script> + +<link type="text/css" rel="stylesheet" href="/javascript/chosen/chosen.css" /> +</head> +<body link="#000000" vlink="#000000" alink="#000000"> +<?php include("fbegin.inc"); ?> +<form action="services_servicewatchdog.php" method="post" name="iform"> +<script type="text/javascript" language="javascript" src="/javascript/row_toggle.js"></script> +<?php if ($savemsg) print_info_box($savemsg); ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="services to monitor"> +<tr><td><div id="mainarea"> +<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area"> +<tr><td colspan="8" align="center"> +<?php echo gettext("This page allows you to select services to be monitored so that they may be automatically restarted if they crash or are stopped."); ?> +<br/><br/> +</td></tr> +<tr id="frheader"> +<td width="5%" class="list"> </td> +<td width="30%" class="listhdrr"><?=gettext("Service Name");?></td> +<td width="60%" class="listhdrr"><?=gettext("Description");?></td> +<td width="5%" class="list"> +<table border="0" cellspacing="0" cellpadding="1" summary="buttons"> + <tr><td width="17"> + <?php if (count($a_pwservices) == 0): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected services");?>" border="0" alt="delete" /> + <?php else: ?> + <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected services"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected services?");?>')" /> + <?php endif; ?> + </td> + <td><a href="services_servicewatchdog_add.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add new service"); ?>" alt="add" /></a></td> + </tr> +</table> +</td> +</tr> + +<?php +$nservices = $i = 0; +foreach ($a_pwservices as $thisservice): +?> + <tr valign="top" id="fr<?=$nservices;?>"> + <td class="listt"><input type="checkbox" id="frc<?=$nservices;?>" name="pwservices[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nservices;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td> + <td class="listlr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> + <?=$thisservice['name'];?> + </td> + <td class="listr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> + <?=$thisservice['description'];?> + </td> + <td valign="middle" class="list" nowrap> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td><input onmouseover="fr_insline(<?=$nservices;?>, true)" onmouseout="fr_insline(<?=$nservices;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="<?=gettext("move selected services before this service");?>" height="17" type="image" width="17" border="0" /></td> + <td align="center" valign="middle"><a href="services_servicewatchdog.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this service?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete service");?>" alt="delete" /></a></td> + </tr> + </table> + </td></tr> +<?php $i++; $nservices++; endforeach; ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list" valign="middle" nowrap> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td><?php if ($nservices == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected services to end"); ?>" border="0" alt="move" /><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="<?=gettext("move selected services to end");?>" border="0" alt="move" /><?php endif; ?></td> + </tr> + <tr> + <td width="17"> + <?php if (count($a_pwservices) == 0): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected services");?>" border="0" alt="delete" /> + <?php else: ?> + <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected services"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected services?");?>')" /> + <?php endif; ?> + </td> + <td><a href="services_servicewatchdog_add.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add new service"); ?>" alt="add" /></a></td> + </tr> + </table> + </td> + </tr> + <tr><td></td><td colspan="3"> + <?php echo gettext("Click to select a service and use the arrows to re-order them in the list. Higher services are checked first."); ?> + </td><td></td></tr> + </table> +</div></td></tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/servicewatchdog/services_servicewatchdog_add.php b/config/servicewatchdog/services_servicewatchdog_add.php new file mode 100644 index 00000000..11e5e284 --- /dev/null +++ b/config/servicewatchdog/services_servicewatchdog_add.php @@ -0,0 +1,117 @@ +<?php +/* + services_servicewatchdog_add.php + Copyright (C) 2013 Jim Pingle + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: system +*/ + +##|+PRIV +##|*IDENT=page-services-servicewatchdog-add +##|*NAME=Services: Add Service Watchdog Services +##|*DESCR=Allow access to the 'Add Service Watchdog Services' page. +##|*MATCH=services_servicewatchdog.php-add* +##|-PRIV + +require("guiconfig.inc"); +require_once("service-utils.inc"); +require_once("servicewatchdog.inc"); + +if (!is_array($config['installedpackages']['servicewatchdog']['item'])) { + $config['installedpackages']['servicewatchdog']['item'] = array(); +} +$a_pwservices = &$config['installedpackages']['servicewatchdog']['item']; +// Pre-load "cron" into this array to blacklist it from being offered as a choice. +$a_pwservice_names = array("cron"); +foreach ($a_pwservices as $svc) { + $a_pwservice_names[] = $svc['name']; +} +$system_services = get_services(); + +unset($input_errors); + +if ($_POST) { + if (!is_numeric($_POST['svcid'])) + + + if (!isset($system_services[$_POST['svcid']])) { + $input_errors[] = gettext("The supplied service appears to be invalid."); + } + + if (!$input_errors) { + $a_pwservices[] = $system_services[$_POST['svcid']]; + servicewatchdog_cron_job(); + write_config(); + + header("Location: services_servicewatchdog.php"); + return; + } +} + +$closehead = false; +$pgtitle = array(gettext("Services"),gettext("servicewatchdog"), gettext("Add")); +include("head.inc"); + +?> +<link type="text/css" rel="stylesheet" href="/pfCenter/javascript/chosen/chosen.css" /> +<script src="/pfCenter/javascript/chosen/chosen.proto.js" type="text/javascript"></script> +</head> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<form action="services_servicewatchdog_add.php" method="post" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="add monitored service"> +<tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Add Service Entry"); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Service to Add:"); ?></td> + <td width="78%" class="vtable"> + <select name="svcid" class="formselect" id="svcid"> +<?php $i=0; + foreach ($system_services as $svc): ?> + <?php if (!servicewatchdog_is_service_watched($svc)): ?> + <?php $svc['description'] = empty($svc['description']) ? get_pkg_descr($svc['name']) : $svc['description']; ?> + <option value="<?= $i ?>"><?=$svc['name'];?>: <?= strlen($svc['description']) > 50 ? substr($svc['description'], 0, 50) . "..." : $svc['description'];?></option> + <?php endif; + $i++; ?> +<?php endforeach; ?> + </select> + </td> +</tr> +<tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Add"); ?>" /> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> + </td> +</tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/servicewatchdog/servicewatchdog.inc b/config/servicewatchdog/servicewatchdog.inc new file mode 100644 index 00000000..1bdb1ce9 --- /dev/null +++ b/config/servicewatchdog/servicewatchdog.inc @@ -0,0 +1,83 @@ +<?php +require_once("config.inc"); +require_once("services.inc"); +require_once("service-utils.inc"); +require_once("util.inc"); + +function servicewatchdog_service_matches($svc1, $svc2) { + /* If the arrays are equal, it must be the same service. */ + if ($svc1 == $svc2) + return true; + /* If the names are different, they must not be the same. */ + if ($svc1['name'] != $svc2['name']) + return false; + switch ($svc1['name']) { + case "openvpn": + if (($svc1['mode'] == $svc2['mode']) && ($svc1['vpnid'] == $svc2['vpnid'])) + return true; + else + return false; + break; + case "captiveportal": + if ($svc1['zone'] == $svc2['zone']) + return true; + else + return false; + break; + default: + /* Other services must be the same if the name matches. */ + return true; + } +} + +function servicewatchdog_is_service_watched($svc) { + global $config; + if (!is_array($config['installedpackages']['servicewatchdog']['item'])) { + $config['installedpackages']['servicewatchdog']['item'] = array(); + } + $a_pwservices = &$config['installedpackages']['servicewatchdog']['item']; + $blacklisted_services = array("cron"); + + if (empty($svc['name']) || in_array($svc['name'], $blacklisted_services)) + return true; + + foreach ($a_pwservices as $a_svc) { + if (servicewatchdog_service_matches($svc, $a_svc)) + return true; + } + return false; +} + +function servicewatchdog_cron_job() { + global $config; + if (!is_array($config['installedpackages']['servicewatchdog']['item'])) { + $config['installedpackages']['servicewatchdog']['item'] = array(); + } + $a_pwservices = &$config['installedpackages']['servicewatchdog']['item']; + + if (count($a_pwservices) > 0) { + // Add the cron job if it doesn't exist. + install_cron_job("/usr/local/pkg/servicewatchdog_cron.php", true, "*/1"); + } else { + // Remove the cron job + install_cron_job("/usr/local/pkg/servicewatchdog_cron.php", false, "*/1"); + } +} + +function servicewatchdog_check_services() { + global $config; + if (!is_array($config['installedpackages']['servicewatchdog']['item'])) { + $config['installedpackages']['servicewatchdog']['item'] = array(); + } + $a_pwservices = &$config['installedpackages']['servicewatchdog']['item']; + + foreach ($a_pwservices as $svc) { + if (!get_service_status($svc)) { + $descr = strlen($svc['description']) > 50 ? substr($svc['description'], 0, 50) . "..." : $svc['description']; + log_error("Service Watchdog detected service {$svc['name']} stopped. Restarting {$svc['name']} ({$descr})"); + service_control_start($svc['name'], $svc); + } + } +} + +?>
\ No newline at end of file diff --git a/config/servicewatchdog/servicewatchdog.xml b/config/servicewatchdog/servicewatchdog.xml new file mode 100644 index 00000000..5e1ce309 --- /dev/null +++ b/config/servicewatchdog/servicewatchdog.xml @@ -0,0 +1,72 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + servicewatchdog.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013 Jim Pingle + All rights reserved. +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Service Watchdog</description> + <requirements>None</requirements> + <faq>Monitors for stopped services and restarts them.</faq> + <name>Service Watchdog</name> + <version>1.4</version> + <title>Services: Service Watchdog</title> + <include_file>/usr/local/pkg/servicewatchdog.inc</include_file> + <menu> + <name>Service Watchdog</name> + <tooltiptext></tooltiptext> + <section>Services</section> + <url>/services_servicewatchdog.php</url> + </menu> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>644</chmod> + <item>http://www.pfsense.com/packages/config/servicewatchdog/services_servicewatchdog.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>644</chmod> + <item>http://www.pfsense.com/packages/config/servicewatchdog/services_servicewatchdog_add.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>755</chmod> + <item>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog_cron.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>644</chmod> + <item>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog.inc</item> + </additional_files_needed> +</packagegui>
\ No newline at end of file diff --git a/config/servicewatchdog/servicewatchdog_cron.php b/config/servicewatchdog/servicewatchdog_cron.php new file mode 100644 index 00000000..004afd97 --- /dev/null +++ b/config/servicewatchdog/servicewatchdog_cron.php @@ -0,0 +1,13 @@ +#!/usr/local/bin/php -f +<?php +require_once("globals.inc"); +require_once("servicewatchdog.inc"); + +global $g; + +/* Do nothing at bootup. */ +if ($g['booting'] || file_exists("{$g['varrun_path']}/booting")) + return; + +servicewatchdog_check_services(); +?>
\ No newline at end of file diff --git a/config/siproxd.inc b/config/siproxd.inc index 13254a42..a34f5b34 100644 --- a/config/siproxd.inc +++ b/config/siproxd.inc @@ -70,8 +70,8 @@ function siproxd_generate_rules($type) { } /* proxy is turned off in package settings */ - if($siproxd_conf['rtpenable'] == "0") { - log_error("WARNING: siproxd RTP proxy has not been enabled. Not installing rules."); + if($siproxd_conf['sipenable'] == "0") { + log_error("WARNING: siproxd proxy has not been enabled. Not installing rules."); return "\n"; } @@ -95,7 +95,9 @@ function siproxd_generate_rules($type) { if($iface <> "") { $rules .= "# allow SIP signaling and RTP traffic\n"; $rules .= "pass in on {$iface} proto udp from any to any port = {$port}\n"; - $rules .= "pass in on {$iface} proto udp from any to any port {$rtplower}:{$rtpupper}\n"; + if($siproxd_conf['rtpenable'] == "1") { + $rules .= "pass in on {$iface} proto udp from any to any port {$rtplower}:{$rtpupper}\n"; + } } } break; @@ -125,7 +127,7 @@ function sync_package_siproxd() { fwrite($fout, "# package management system.\n\n"); /* proxy is turned off in package settings */ - if($siproxd_conf['rtpenable'] == "0") { + if($siproxd_conf['sipenable'] == "0") { fclose($fout); return; } diff --git a/config/siproxd.xml b/config/siproxd.xml index 1176a423..1e16a9ea 100644 --- a/config/siproxd.xml +++ b/config/siproxd.xml @@ -84,6 +84,12 @@ </additional_files_needed> <fields> <field> + <fielddescr>Enable siproxd</fielddescr> + <fieldname>sipenable</fieldname> + <description>Enable or disable siproxd</description> + <type>checkbox</type> + </field> + <field> <fielddescr>Inbound interface</fielddescr> <fieldname>if_inbound</fieldname> <description>Select the inbound interface.</description> @@ -335,4 +341,4 @@ <custom_php_validation_command> validate_form_siproxd($_POST, &$input_errors); </custom_php_validation_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index 4f687c9c..8f64a5e3 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -59,8 +59,7 @@ <name>snort</name> <rcfile>snort.sh</rcfile> <executable>snort</executable> - <description>Snort is the most widely deployed IDS/IPS technology - worldwide.</description> + <description>Snort IDS/IPS Daemon</description> </service> <tabs> </tabs> diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 6ae5c16a..3d4c8016 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -59,7 +59,7 @@ <name>snort</name> <rcfile>snort.sh</rcfile> <executable>snort</executable> - <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description> + <description>Snort IDS/IPS Daemon</description> </service> <tabs> </tabs> diff --git a/config/spamd/spamd.xml b/config/spamd/spamd.xml index 83221d3d..76d39af9 100644 --- a/config/spamd/spamd.xml +++ b/config/spamd/spamd.xml @@ -56,6 +56,7 @@ <name>spamd</name> <rcfile>spamd.sh</rcfile> <executable>spamd</executable> + <description>SPAMD Greylisting Daemon</description> </service> <tabs> <tab> diff --git a/config/squid/swapstate_check.php b/config/squid/swapstate_check.php index d70c2dd4..77730e33 100644 --- a/config/squid/swapstate_check.php +++ b/config/squid/swapstate_check.php @@ -35,6 +35,8 @@ $settings = $config['installedpackages']['squidcache']['config'][0]; if ($settings['harddisk_cache_system'] != "null"){ $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); $swapstate = $cachedir . '/swap.state'; + if (!file_exists($swapstate)) + return; $disktotal = disk_total_space(dirname($cachedir)); $diskfree = disk_free_space(dirname($cachedir)); $diskusedpct = round((($disktotal - $diskfree) / $disktotal) * 100); diff --git a/config/squid3/33/check_ip.php b/config/squid3/33/check_ip.php new file mode 100644 index 00000000..6c65ff3f --- /dev/null +++ b/config/squid3/33/check_ip.php @@ -0,0 +1,85 @@ +#!/usr/local/bin/php -q +<?php +/* $Id$ */ +/* + check_ip.php + Copyright (C) 2013 Marcello Coutinho + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +error_reporting(0); +// stdin loop +if (! defined(STDIN)) { + define("STDIN", fopen("php://stdin", "r")); +} +if (! defined(STDOUT)){ + define("STDOUT", fopen('php://stdout', 'w')); + } +while( !feof(STDIN)){ + $line = trim(fgets(STDIN)); + // %SRC + +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +unset($cp_db); +if ($pf_version > 2.0){ + $dir="/var/db"; + $files=scandir($dir); + foreach ($files as $file){ + if (preg_match("/captive.*db/",$file)){ + $dbhandle = sqlite_open("$dir/$file", 0666, $error); + if ($dbhandle){ + $query = "select * from captiveportal"; + $result = sqlite_query($dbhandle, $query); + if ($result){ + $row = sqlite_fetch_array($result, SQLITE_ASSOC); + $cp_db[]=implode(",",$row); + sqlite_close($dbhandle); + } + } + } + } + } +else{ + $filename="/var/db/captiveportal.db"; + if (file_exists($filename)) + $cp_db=file($filename); +} + + $usuario=""; + // 1376630450,2,172.16.3.65,00:50:56:9c:00:c7,admin,e1779ea20d0a11c7,,,, + if (is_array($cp_db)){ + foreach ($cp_db as $cpl){ + $fields=explode(",",$cpl); + if ($fields[2] != "" && $fields[2]==$line) + $usuario=$fields[4]; + } + } + if ($usuario !="") + $resposta="OK user={$usuario}"; + else + $resposta="ERR"; + fwrite (STDOUT, "{$resposta}\n"); + unset($cp_db); +} +?> + diff --git a/config/squidGuard-devel/sgerror.php b/config/squidGuard-devel/sgerror.php new file mode 100644 index 00000000..e1e49385 --- /dev/null +++ b/config/squidGuard-devel/sgerror.php @@ -0,0 +1,292 @@ +<?php +include "globals.inc"; +include "config.inc"; +$page_info = <<<EOD +# ---------------------------------------------------------------------------------------------------------------------- +# SquidGuard error page generator +# (C)2006-2007 Serg Dvoriancev +# ---------------------------------------------------------------------------------------------------------------------- +# This programm processed redirection to specified URL or generated error page for standart HTTP error code. +# Redirection supported http and https protocols. +# ---------------------------------------------------------------------------------------------------------------------- +# Format: +# sgerror.php?url=[http://myurl]or[https://myurl]or[error_code[space_code]output-message][incoming SquidGuard variables] +# Incoming SquidGuard variables: +# a=client_address +# n=client_name +# i=client_user +# s=client_group +# t=target_group +# u=client_url +# Example: +# sgerror.php?url=http://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. +# sgerror.php?url=https://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. +# sgerror.php?url=404%20output-message&a=..&n=..&i=..&s=..&t=..&u=.. +# ---------------------------------------------------------------------------------------------------------------------- +# Tags: +# myurl and output messages can include Tags +# [a] - client address +# [n] - client name +# [i] - client user +# [s] - client group +# [t] - target group +# [u] - client url +# Example: +# sgerror.php?url=401 Unauthorized access to URL [u] for client [n] +# sgerror.php?url=http://my_error_page.php?cladr=%5Ba%5D&clname=%5Bn%5D // %5b=[ %d=] +# ---------------------------------------------------------------------------------------------------------------------- +# Special Tags: +# blank - get blank page +# blank_img - get one-pixel transparent image (for replace banners and etc.) +# Example: +# sgerror.php?url=blank +# sgerror.php?url=blank_img +# ---------------------------------------------------------------------------------------------------------------------- +EOD; + +define('ACTION_URL', 'url'); +define('ACTION_RES', 'res'); +define('ACTION_MSG', 'msg'); + +define('TAG_BLANK', 'blank'); +define('TAG_BLANK_IMG', 'blank_img'); + +# ---------------------------------------------------------------------------------------------------------------------- +# ?url=EMPTY_IMG +# Use this options for replace baners/ads to transparent picture. Thisbetter for viewing. +# ---------------------------------------------------------------------------------------------------------------------- +# NULL GIF file +# HEX: 47 49 46 38 39 61 - - - +# SYM: G I F 8 9 a 01 00 | 01 00 80 00 00 FF FF FF | 00 00 00 2C 00 00 00 00 | 01 00 01 00 00 02 02 44 | 01 00 3B +# ---------------------------------------------------------------------------------------------------------------------- +define(GIF_BODY, "GIF89a\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B"); + +$url = ''; +$msg = ''; +$cl = Array(); // squidGuard variables: %a %n %i %s %t %u +$err_code = array(); + +$err_code[301] = "301 Moved Permanently"; +$err_code[302] = "302 Found"; +$err_code[303] = "303 See Other"; +$err_code[305] = "305 Use Proxy"; + +$err_code[400] = "400 Bad Request"; +$err_code[401] = "401 Unauthorized"; +$err_code[402] = "402 Payment Required"; +$err_code[403] = "403 Forbidden"; +$err_code[404] = "404 Not Found"; +$err_code[405] = "405 Method Not Allowed"; +$err_code[406] = "406 Not Acceptable"; +$err_code[407] = "407 Proxy Authentication Required"; +$err_code[408] = "408 Request Time-out"; +$err_code[409] = "409 Conflict"; +$err_code[410] = "410 Gone"; +$err_code[411] = "411 Length Required"; +$err_code[412] = "412 Precondition Failed"; +$err_code[413] = "413 Request Entity Too Large"; +$err_code[414] = "414 Request-URI Too Large"; +$err_code[415] = "415 Unsupported Media Type"; +$err_code[416] = "416 Requested range not satisfiable"; +$err_code[417] = "417 Expectation Failed"; + +$err_code[500] = "500 Internal Server Error"; +$err_code[501] = "501 Not Implemented"; +$err_code[502] = "502 Bad Gateway"; +$err_code[503] = "503 Service Unavailable"; +$err_code[504] = "504 Gateway Time-out"; +$err_code[505] = "505 HTTP Version not supported"; + +# ---------------------------------------------------------------------------------------------------------------------- +# check arg's +# ---------------------------------------------------------------------------------------------------------------------- + +if (count($_POST)) { + $url = trim($_POST['url']); + $msg = $_POST['msg']; + $cl['a'] = $_POST['a']; + $cl['n'] = $_POST['n']; + $cl['i'] = $_POST['i']; + $cl['s'] = $_POST['s']; + $cl['t'] = $_POST['t']; + $cl['u'] = $_POST['u']; +} +elseif (count($_GET)) { + $url = trim($_GET['url']); + $msg = $_GET['msg']; + $cl['a'] = $_GET['a']; + $cl['n'] = $_GET['n']; + $cl['i'] = $_GET['i']; + $cl['s'] = $_GET['s']; + $cl['t'] = $_GET['t']; + $cl['u'] = $_GET['u']; +} +else { + # Show 'About page' + echo get_page(get_about()); + exit(); +} + +# ---------------------------------------------------------------------------------------------------------------------- +# url's +# ---------------------------------------------------------------------------------------------------------------------- +if ($url) { + $err_id = 0; + + // check error code + foreach ($err_code as $key => $val) { + if (strpos(strtolower($url), strval($key)) === 0) { + $err_id = $key; + break; + } + } + + # blank page + if ($url === TAG_BLANK) { + echo get_page(''); + } + # blank image + elseif ($url === TAG_BLANK_IMG) { + $msg = trim($msg); + if(strpos($msg, "maxlen_") !== false) { + $maxlen = intval(trim(str_replace("maxlen_", "", $url))); + filter_by_image_size($cl['u'], $maxlen); + exit(); + } + else { + # -------------------------------------------------------------- + # return blank image + # -------------------------------------------------------------- + header("Content-Type: image/gif;"); // charset=windows-1251"); + echo GIF_BODY; + } + } + # error code + elseif ($err_id !== 0) { + $er_msg = strstr($_GET['url'], ' '); + echo get_error_page($err_id, $er_msg); + } + # redirect url + elseif ((strpos(strtolower($url), "http://") === 0) or (strpos(strtolower($url), "https://") === 0)) { + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # redirect to specified url + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + header("HTTP/1.0"); + header("Location: $url", '', 302); + } + // error arguments + else { + echo get_page("sgerror: error arguments $url"); + } +} +else { + echo get_page($_SERVER['QUERY_STRING']); //$url . implode(" ", $_GET)); +# echo get_error_page(500); +} + +# ~~~~~~~~~~ +# Exit +# ~~~~~~~~~~ +exit(); + +# ---------------------------------------------------------------------------------------------------------------------- +# functions +# ---------------------------------------------------------------------------------------------------------------------- +function get_page($body) { + $str = Array(); + $str[] = '<html>'; + $str[] = "<body>\n$body\n</body>"; + $str[] = '</html>'; + return implode("\n", $str); +} + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# IE displayed self-page, if them size > 1024 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +function get_error_page($er_code_id, $err_msg='') { + global $err_code; + global $cl; + global $g; + global $config; + $str = Array(); + + header("HTTP/1.1 " . $err_code[$er_code_id]); + + $str[] = '<html>'; + $str[] = '<body>'; + if ($config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']) { + $str[] = "<h3>{$config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']}: {$err_code[$er_code_id]}</h3>"; + } else { + $str[] = "<h3>Request denied by {$g['product_name']} proxy: {$err_code[$er_code_id]}</h3>"; + } + if ($err_msg) $str[] = "<b> Reason: </b> $err_msg"; + $str[] = '<hr size="1" noshade>'; + if ($cl['a']) $str[] = "<b> Client address: </b> {$cl['a']} <br>"; + if ($cl['n']) $str[] = "<b> Client name: </b> {$cl['n']} <br>"; + if ($cl['i']) $str[] = "<b> Client user: </b> {$cl['i']} <br>"; + if ($cl['s']) $str[] = "<b> Client group: </b> {$cl['s']} <br>"; + if ($cl['t']) $str[] = "<b> Target group: </b> {$cl['t']} <br>"; + if ($cl['u']) $str[] = "<b> URL: </b> {$cl['u']} <br>"; + $str[] = '<hr size="1" noshade>'; + $str[] = "</body>"; + $str[] = "</html>"; + + return implode("\n", $str); +} + +function get_about() { + global $err_code; + global $page_info; + $str = Array(); + + // about info + $s = str_replace("\n", "<br>", $page_info); + $str[] = $s; + $str[] = "<br>"; + + $str[] = '<table>'; + $str[] = ' <b>HTTP error codes (ERROR_CODE):</th></tr>'; + foreach($err_code as $val) { + $str []= "<tr><td>$val"; + } + $str[] = '</table>'; + + return implode("\n", $str); +} + +function filter_by_image_size($url, $val_size) { + + # load url header + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_HEADER, 1); + curl_setopt($ch, CURLOPT_NOBODY, 1); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + $hd = curl_exec($ch); + curl_close($ch); + + $size = 0; + $SKEY = "content-length:"; + $s_tmp = strtolower($hd); + $s_tmp = str_replace("\n", " ", $s_tmp); # replace all "\n" + if (strpos($s_tmp, $SKEY) !== false) { + $s_tmp = trim(substr($s_tmp, strpos($s_tmp, $SKEY) + strlen($SKEY))); + $s_tmp = trim(substr($s_tmp, 0, strpos($s_tmp, " "))); + if (is_numeric($s_tmp)) + $size = intval($s_tmp); + else $size = 0; + } + + # === check url type and content size === + # redirect to specified url + if (($size !== 0) && ($size < $val_size)) { + header("HTTP/1.0"); + header("Location: $url", '', 302); + } + # return blank image + else { + header("Content-Type: image/gif;"); + echo GIF_BODY; + } +} +?>
\ No newline at end of file diff --git a/config/squidGuard-devel/squidguard.inc b/config/squidGuard-devel/squidguard.inc new file mode 100644 index 00000000..d58dfb79 --- /dev/null +++ b/config/squidGuard-devel/squidguard.inc @@ -0,0 +1,1651 @@ +<?php +# ------------------------------------------------------------------------------ +/* squidguard.inc + + Copyright (C) 2006-2011 Serg Dvoriancev + Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> + Copyright (C) 2013 Marcello Coutinho + + part of pfSense (www.pfSense.com) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +# ------------------------------------------------------------------------------ + +require_once('globals.inc'); +require_once('config.inc'); +require_once('util.inc'); +require_once('pfsense-utils.inc'); +require_once('pkg-utils.inc'); +require_once('filter.inc'); +require_once('service-utils.inc'); +require_once('squidguard_configurator.inc'); + +# ------------------------------------------------------------------------------ +# fields +define('F_NAME', 'name'); +define('F_DEST', 'dest'); +define('F_SOURCE', 'source'); +define('F_DESTINATION', 'dest'); +define('F_REWRITE', 'rewrite'); +define('F_REDIRECT', 'redirect'); +define('F_TIME', 'time'); +define('F_OVERDESTINATION', 'overdestination'); +define('F_OVERREWRITE', 'overrewrite'); +define('F_OVERREDIRECT', 'overredirect'); +define('F_TARGETURL', 'targeturl'); +define('F_REPLACETO', 'replaceto'); +define('F_TIMETYPE', 'timetype'); +define('F_TIMEDAYS', 'timedays'); +define('F_DATERANGE', 'daterange'); +define('F_TIMERANGE', 'sg_timerange'); +define('F_IPLIST', 'iplist'); +define('F_DESCRIPTION', 'description'); +define('F_EXPRESSIONS', 'expressions'); +define('F_DOMAINS', 'domains'); +define('F_URLS', 'urls'); +define('F_DISABLED', 'disabled'); +define('F_SQUIDGUARDENABLE', 'squidguard_enable'); +define('F_BLACKLIST', 'blacklist'); + +# prefixes +define('PREF_UPTIME', 'uptime_'); +define('PREF_UPTIME_DENY', 'uptimedeny_'); +define('PREF_OVERTIME', 'overtime_'); +define('PREF_OVERTIME_DENY', 'overtimedeny_'); +# modules +define('MODULE_GENERAL', 'squidguardgeneral'); +define('MODULE_DEFAULT', 'squidguarddefault'); +define('MODULE_ACL', 'squidguardacl'); +define('MODULE_DESTINATION', 'squidguarddest'); +define('MODULE_REWRITE', 'squidguardrewrite'); +define('MODULE_SOURCE', 'squidguardsrc'); +define('MODULE_TIME', 'squidguardtime'); +define('MODULE_LOG', 'squidguardlog'); +# blacklist +define('BLACKLIST_DEFAULT_URL', 'http://squidguard.mesd.k12.or.us/blacklists.tgz'); # 5Mb +define('BLACKLIST_DEFAULT_URL1', 'http://www.shallalist.de/Downloads/shallalist.tar.gz'); # ~7Mb +define('BLACKLIST_TMP_FILE', '/var/tmp/blacklists.tar.gz'); +define('BLACKLIST_BTN_URL', 'Upload Url'); +define('BLACKLIST_BTN_DEFAULT', 'Restore default'); +define('BLACKLIST_LOGFILE', 'blacklist.log'); +# +define('APPLY_BTN', 'Apply'); +define('SAFESEARCH', 'safesearch'); + +# ============================================================================== +# Initialization +# ============================================================================== +# use global variable $squidguard_config, defined in squidguard_configurator.inc +sg_init(convert_pfxml_to_sgxml()); + +# ============================================================================== +# Validations +# ============================================================================== +function squidguard_validate($post, $input_errors) +{ + $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; + + # check config if 'Apply' + if ($submit === APPLY_BTN) sg_check_config_data(&$input_errors); +} + +# ------------------------------------------------------------------------------ +# validate default +# ------------------------------------------------------------------------------ +function squidguard_validate_default($post, $input_errors) +{ + squidguard_validate_acl($post, &$input_errors); +} + +# ------------------------------------------------------------------------------ +# validate acl +# ------------------------------------------------------------------------------ +function squidguard_validate_acl($post, $input_errors) +{ + $pass_up = array(); + $deny_up = array(); + $pass_up_val = ''; + $pass_over = array(); + $deny_over = array(); + $pass_over_val = ''; + $id = get_item_id(); + + # check name ('source') + $name = trim($post[F_NAME]); + if(!empty($name)) { + # validate name format + check_name_format($name, &$input_errors); + + # check unique name + if (!sg_check_unique_name(F_ACLS, $name)) + $input_errors[] = "Name '$name' already exists."; + + # check reserved + if (!sg_check_reserved_name($name)) + $input_errors[] = "Name '$name' is reserved."; + + # check source + $sgx = array(); + $sgx[F_NAME] = $post[F_NAME]; + $sgx[F_SOURCE] = $post[F_SOURCE]; + sg_check_src($sgx, &$input_errors); + } + + # store destinations to 'dest' value + foreach ($post as $key => $val) { + if (substr_count($key, PREF_UPTIME) != 0) { + $name = str_replace(PREF_UPTIME, '', $key); + if ($name) { + switch($val) { + case "allow": $pass_up_val .= " $name"; break; + case "white": $pass_up_val .= " ^$name"; break; + case "deny" : $pass_up_val .= " !$name"; break; + } + } + } + elseif (substr_count($key, PREF_OVERTIME) != 0) { + $name = str_replace(PREF_OVERTIME, '', $key); + if ($name) { + switch($val) { + case "allow": $pass_over_val .= " $name"; break; + case "white": $pass_over_val .= " ^$name"; break; + case "deny" : $pass_over_val .= " !$name"; break; + } + } + } + } + + # !ATTENTION! on pfSense XML config must be must(shell) be '!all' instead of 'none' - it is a must for correct work GUI + + # if not exists key 'all', then add 'none' - default 'deny all' + if ((substr_count($pass_up_val, 'all') == 0)) { + $pass_up_val .= ' !all'; + } + + if (!empty($pass_over_val) && (substr_count($pass_over_val, 'all') == 0)) { + $pass_over_val .= ' !all'; + } + + if (empty($pass_over_val)) + $post[F_DEST] = "$pass_up_val"; + else $post[F_DEST] = "$pass_up_val [$pass_over_val]"; + + # check redirect + $errmsg = ''; + if (!sg_check_redirect($post[F_RMOD], $post[F_REDIRECT], &$errmsg)) { + $input_errors[] = "Redirect info error. $errmsg"; + } +} + +# ------------------------------------------------------------------------------ +# validate times +# Format: +# date: <date(or range)><time (or range)> -- days not parsed (reset to *) +# weekly: <day or *><time or range> -- dates not parsed (reset to '') +# ------------------------------------------------------------------------------ +function squidguard_validate_times($post, $input_errors) +{ + $id = get_item_id(); + + # check name + $name = trim($post[F_NAME]); + if(!empty($name)) { + check_name_format($name, &$input_errors); + + # check unique name + if (!sg_check_unique_name(F_TIMES, $name)) + $input_errors[] = "Name '$name' already exists"; + + # check reserved + if (!sg_check_reserved_name($name)) + $input_errors[] = "Name '$name' is reserved."; + } + + # --- check format --- + $sgx = array(); + $sgx[F_NAME] = $post[F_NAME]; + $sgx[F_DESCRIPTION] = $post[F_DESCRIPTION]; + # fields of $post have 'fnameX' format + for ($i=0; isset($post[F_TIMETYPE."$i"]); $i++) { + # correct and update + if (strtolower($post[F_TIMETYPE."$i"]) === "date") { + $post[F_TIMEDAYS."$i"] = '*'; + # date cant be empty + if (trim($post[F_DATERANGE."$i"]) == '') $post[F_DATERANGE."$i"] = "*.*.*"; + } + else $post[F_DATERANGE."$i"] = ''; + + if (trim($post[F_TIMERANGE."$i"]) == '') $post[F_TIMERANGE."$i"] = "00:00-23:59"; + + # $post->xml + $sgx_row = array(); + $sgx_row[F_TIMETYPE] = $post[F_TIMETYPE."$i"]; + $sgx_row[F_TIMEDAYS] = $post[F_TIMEDAYS."$i"]; + $sgx_row[F_DATERANGE] = $post[F_DATERANGE."$i"]; + $sgx_row[F_TIMERANGE] = $post[F_TIMERANGE."$i"]; + $sgx[F_ITEM][] = $sgx_row; + } + # + sg_check_time($sgx, &$input_errors); + +} + +# ------------------------------------------------------------------------------ +# validate destinations +# ------------------------------------------------------------------------------ +function squidguard_validate_destination($post, $input_errors) { + # check name + $name = trim($post[F_NAME]); + if(!empty($name)) { + check_name_format($name, &$input_errors); + + # check unique name + if (!sg_check_unique_name(F_DESTINATIONS, $name)) + $input_errors[] = "Name '$name' already exists"; + + # check reserved + if (!sg_check_reserved_name($name)) + $input_errors[] = "Name '$name' is reserved."; + } + + # --- check format --- + $sgx = array(); + $sgx[F_NAME] = $post[F_NAME]; + $sgx[F_URLS] = $post[F_URLS]; + $sgx[F_DOMAINS] = $post[F_DOMAINS]; + $sgx[F_EXPRESSIONS] = $post[F_EXPRESSIONS]; + $sgx[F_RMOD] = $post[F_RMOD]; + $sgx[F_REDIRECT] = $post[F_REDIRECT]; + # + sg_check_dest($sgx, &$input_errors); +} + +# ------------------------------------------------------------------------------ +# validate rewrites +# ------------------------------------------------------------------------------ +function squidguard_validate_rewrite($post, $input_errors) { + # check name + $name = trim($post[F_NAME]); + if(!empty($name)) { + # check name format <char><symbols without space> - Ab123 + check_name_format($name, &$input_errors); + + # check unique name + if (!sg_check_unique_name(F_REWRITES, $name)) + $input_errors[] = "Name '$name' already exists"; + + # check reserved + if (!sg_check_reserved_name($name)) + $input_errors[] = "Name '$name' is reserved."; + } +} + +# ----------------------------------------------------------------------------- +# squidguard_resync +# ----------------------------------------------------------------------------- +function squidguard_resync() { + $upload_file = ''; + $submit = isset($_REQUEST['submit']) ? $_REQUEST['submit'] : ''; + $url = isset($_REQUEST[F_BLACKLISTURL]) ? $_REQUEST[F_BLACKLISTURL] : ''; + $proxy = isset($_REQUEST['blacklist_proxy'])? $_REQUEST['blacklist_proxy'] : ''; + + sg_init(convert_pfxml_to_sgxml()); + + # blacklist upload + if ($submit == BLACKLIST_BTN_URL) { + if ($url) + sg_reconfigure_blacklist($url, $proxy); + } + + # blacklist restore last (if exists) +# if ($submit == BLACKLIST_BTN_DEFAULT) { +# restore_arc_blacklist(); +# } + + # apply changes + //if ($submit == APPLY_BTN) { +# write_config('Update squidGuard options.'); # store, if not 'Save' button + + + sg_reconfigure(); + //} + + squidguard_cron_install(); + + //Sync only with apply button to avoid multiples reloads on backup server while editing master config + if ($submit == APPLY_BTN) + squidguard_sync_on_changes(); +} + +# ----------------------------------------------------------------------------- +# squidguard_resync_acl +# ----------------------------------------------------------------------------- + +function squidguard_resync_acl() { + global $config; # !!! ORDER !!! + + $conf = $config['installedpackages'][MODULE_ACL]['config']; + $id = isset($_POST['id']) ? $_POST['id'] : $_GET['id']; + + # --- sources part --- + # move current id by order + if (($id !== '') and is_array($conf)) { + $src_new = array(); + + foreach ($conf as $key => $src) { + $order = $src[F_ORDER]; + # n_key: no_move=$key+$order or move=$order+$key + $n_key = is_numeric($order) ? sprintf("%04d%04d", $order, $key) : sprintf("%04d%04d", $key, 9999); + unset($src[F_ORDER]); # ! must be unset for display correct default position in 'select'! + $src_new[$n_key] = $src; + } + # sort by key + ksort($src_new); + reset($src_new); + + $src_new = array_values($src_new); # make keys '0, 1, 2, ...' + + # renew config + unset ($config['installedpackages'][MODULE_ACL]['config']); + $config['installedpackages'][MODULE_ACL]['config'] = $src_new; + write_config('Update squidguardacl config'); + + # renew global $squidguard_config + sg_init(convert_pfxml_to_sgxml()); + } +} + +# ----------------------------------------------------------------------------- +# squidguard_resync_dest +# ----------------------------------------------------------------------------- + +function squidguard_resync_dest() { + global $config; # !!! ORDER !!! + + $conf = $config['installedpackages'][MODULE_DESTINATION]['config']; + $id = isset($_POST['id']) ? $_POST['id'] : $_GET['id']; + + # --- sources part --- + # move current id by order + if (($id !== '') and is_array($conf)) { + $src_new = array(); + + foreach ($conf as $key => $src) { + $order = $src[F_ORDER]; + # n_key: no_move=$key+$order or move=$order+$key + $n_key = is_numeric($order) ? sprintf("%04d%04d", $order, $key) : sprintf("%04d%04d", $key, 9999); + unset($src[F_ORDER]); # ! must be unset for display correct default position in 'select'! + $src_new[$n_key] = $src; + } + # sort by key + ksort($src_new); + reset($src_new); + + $src_new = array_values($src_new); # make keys '0, 1, 2, ...' + + # renew config + unset ($config['installedpackages'][MODULE_DESTINATION]['config']); + $config['installedpackages'][MODULE_DESTINATION]['config'] = $src_new; + write_config('Update squidguarddest config'); + + # renew global $squidguard_config + sg_init(convert_pfxml_to_sgxml()); + } +} + +# ============================================================================= +# common functions +# ============================================================================= + +# ----------------------------------------------------------------------------- +# get_pkgconf/sgconf_items_list +# ----------------------------------------------------------------------------- +function get_pkgconf_items_list($pkg_gui_name, $fieldname) { + global $config; + $res = ''; + + $conf = $config['installedpackages'][$pkg_gui_name]['config']; + if (is_array($conf)) + foreach($conf as $cf) $res[] = $cf[$fieldname]; + + return $res; +} + +function get_sgconf_items_list($data_group, $fieldname) { + global $squidguard_config; + $res = ''; + + $conf = $squidguard_config[$data_group]['item']; + if (is_array($conf)) + foreach($conf as $cf) $res[] = $cf[$fieldname]; + + return $res; +} + +# ============================================================================== +# Before form +# ============================================================================== +# squidguard_before_form +# ------------------------------------------------------------------------------ +function squidguard_before_form($pkg) { + $i=0; + + foreach($pkg['fields']['field'] as $field) { + # blacklist controls + switch ($field['fieldname']) { +# case F_BLACKLISTURL: +# $fld = &$pkg['fields']['field'][$i]; +# $fld['description'] .= make_grid_blacklist(); # insert to description custom controls +# break; + # Apply button + case 'squidguard_enable': + $fld = &$pkg['fields']['field'][$i]; + $fld['description'] .= make_grid_general_items(); # insert to description custom controls + break; + } + $i++; + } +} + +# ----------------------------------------------------------------------------- +# squidguard_before_form_acl +# ----------------------------------------------------------------------------- +function squidguard_before_form_acl($pkg, $is_acl=true) { + global $g; + global $squidguard_config; + + $current_id = ''; + $sources = ''; + $source_items = ''; + $destinations = ''; + $dest_items = ''; + $rewrites = ''; + $rewr_names = ''; + $times = ''; + $time_names = ''; + $acls_up = ''; + $acls_over = ''; + + $current_id = isset($_POST['id']) ? $_POST['id'] : $_GET['id']; + $current_id = ($current_id) ? $current_id : 0; + + # sources + $source_items = get_sgconf_items_list(F_SOURCES, 'name'); + # generate sources list TODO: exclude used names from list, source name used in ACL unique + $i=0; + foreach($pkg['fields']['field'] as $field) { + if ($field['fieldname'] == 'source') { + $fld = &$pkg['fields']['field'][$i]; + if (is_array($source_items)) { + foreach($source_items as $nm) + $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm); + } + } + # order + if (is_array($source_items) && $field['fieldname'] == 'order') { + $fld = &$pkg['fields']['field'][$i]; + foreach($source_items as $nmkey => $nm) + $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nmkey); + $fld['options']['option'][] = array('name'=>'--- Last ---', 'value'=>'9999'); + $fld['options']['option'][] = array('name'=>'-----', 'value'=>''); # ! this is must be last ! + } + $i++; + } + + # destinations + # acls pass ---> prepare data for destinations; dest format 'uptime_dests_list [overtime_dests_list]' + $acl_dest = ''; + $acl_overdest = ''; + + # acl & default + if ($pkg['name'] !== MODULE_DEFAULT) { + $acl_dest = $squidguard_config[F_ACLS]['item'][$current_id][F_DESTINATIONNAME]; + $acl_overdest = $squidguard_config[F_ACLS]['item'][$current_id][F_OVERDESTINATIONNAME]; + } + else $acl_dest = $squidguard_config[F_DEFAULT][F_DESTINATIONNAME]; + + # acl dest ontime + if ($acl_dest) { + # 'none' > to '!all' + $acl_dest = str_replace('none', '!all', $acl_dest); + + $pss = explode(' ', $acl_dest); + foreach($pss as $val) { + $name = $val; + $name = str_replace('!', '', $name); + $name = str_replace('^', '', $name); + if (!empty($val)) { + switch($val[0]) { + case '!': $acls_up[$name] = 'deny'; break; + case '^': $acls_up[$name] = 'white'; break; + default : $acls_up[$name] = 'allow'; break; + } + } + } + } + + # acl dest overtime + if ($acl_overdest) { + # 'none' > to '!all' + $acl_overdest = str_replace('none', '!all', $acl_overdest); + + $pss = explode(' ', $acl_overdest); + foreach($pss as $val) { + $name = $val; + $name = str_replace('!', '', $name); + $name = str_replace('^', '', $name); + if (!empty($val)) { + switch($val[0]) { + case '!': $acls_over[$name] = 'deny'; break; + case '^': $acls_over[$name] = 'white'; break; + default : $acls_over[$name] = 'allow'; break; + } + } + } + } + + # --- Destinations --- + # User destinations + if ($squidguard_config[F_DESTINATIONS]) { + foreach($squidguard_config[F_DESTINATIONS]['item'] as $dst) { + $dest_items[] = array ('name'=>$dst[F_NAME], + 'upt_value'=>$acls_up[$dst[F_NAME]], + 'ovt_value'=>$acls_over[$dst[F_NAME]], + 'description'=>$dst[F_DESCRIPTION]); + } + } + + # Blacklist + if ($squidguard_config[F_BLACKLISTENABLED] === 'on') { + $blk_entries = sg_entries_blacklist(); + if (!empty($blk_entries)) { + foreach($blk_entries as $dst) { + $dest_items[] = array ('name'=>$dst, + 'upt_value'=>$acls_up[$dst], + 'ovt_value'=>$acls_over[$dst], + 'description'=>''); + } + } + } + + # Default all + $dest_items[] = array('name'=>FLT_DEFAULT_ALL, + 'upt_value'=>$acls_up[FLT_DEFAULT_ALL], + 'ovt_value'=>$acls_over[FLT_DEFAULT_ALL], + 'description'=>'Default access'); + + $i=0; + foreach($pkg['fields']['field'] as $field) { + if (($field['fieldname'] === 'dest')/* || ($field['fieldname'] == 'overdest')*/) { + $fld = &$pkg['fields']['field'][$i]; + $fld['description'] .= make_grid_controls('', $dest_items, $is_acl); # insert to description custom controls + } + $i++; + } + + # rewrites + $rewr_names = get_sgconf_items_list(F_REWRITES, 'name'); + $i=0; + foreach($pkg['fields']['field'] as $field) { + if (($field['fieldname'] == 'rewrite') || ($field['fieldname'] == 'overrewrite')) { + $fld = &$pkg['fields']['field'][$i]; + $fld['options']['option'][] = array('name'=>'none (rewrite not defined)', 'value'=>''); + if (is_array($rewr_names)) { + foreach($rewr_names as $nm) + $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm); + } + } + $i++; + } + + # - set times field - + $time_names = get_sgconf_items_list(F_TIMES, 'name'); + $i=0; + foreach($pkg['fields']['field'] as $field) { + if ($field['fieldname'] === 'time') { + $fld = &$pkg['fields']['field'][$i]; + $fld['options']['option'][] = array('name'=>'none (time not defined)', 'value'=>''); + if (is_array($time_names)) { + foreach($time_names as $nm) + $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm); + } + break; + } + $i++; + } +} + +# ----------------------------------------------------------------------------- +# squidguard_before_form_dest +# ----------------------------------------------------------------------------- +function squidguard_before_form_dest($pkg) { + global $g, $squidguard_config; + $destination_items = get_sgconf_items_list(F_DESTINATIONS, 'name'); +//var_dump($squidguard_config); + $i=0; + foreach($pkg['fields']['field'] as $field) { + # order + if ($field['fieldname'] == 'order') { + $fld = &$pkg['fields']['field'][$i]; + if (is_array($destination_items)) + foreach($destination_items as $nmkey => $nm) + $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nmkey); + $fld['options']['option'][] = array('name'=>'--- Last ---', 'value'=>'9999'); + $fld['options']['option'][] = array('name'=>'-----', 'value'=>''); # ! this is must be last ! + } + $i++; + } +} + +# ----------------------------------------------------------------------------- +# make_grid_general_items +# ----------------------------------------------------------------------------- +function make_grid_general_items($id = '') +{ + global $squidguard_config; + + $bg_color = "bgcolor='#dddddd'"; + $res = ''; + $res .= "<table width='100%'>"; + + if ($id === '') { + # Apply + $res .= "<tr $bg_color><td><big>For saving configuration YOU need click button 'Save' on bottom of page</big></td></tr> + <tr><td><big>After changing configuration squidGuard you must <b><span style='color: #800000;'>apply all changes</span></b></big></td></tr> + <tr><td><input name='submit' type='submit' value='Apply'></td></tr>"; + + # service state + $sgstate = "<span style='color: #800000;'>STOPPED</span>"; + if (is_service_running("squidGuard")) + $sgstate = "<span style='color: #008000;'>STARTED</span>"; + + if (is_blacklist_update_started()) + $sgstate .= "<br><span style='color: #800000;'>Wait: began updating the blacklist. New data will be available after some time.<br>After the upgrade, it is necessary to check the configuration.</span>"; + $res .= "<tr $bg_color><td><big>SquidGuard service state: <b>$sgstate</b></big></td></tr>"; + } + + $res .= "</table>"; + return $res; +} + +# ----------------------------------------------------------------------------- +# make_grid_blacklist +# ----------------------------------------------------------------------------- +function make_grid_blacklist() { + $res = ''; + # button 'Upload URL' and button 'Restore last blacklist' + $res = "<hr><input name='submit' value='" . BLACKLIST_BTN_URL . "' type='submit'>"; + $res .= " <input name='submit' value='" . BLACKLIST_BTN_DEFAULT . "' type='submit'>"; + return $res; +} + +# ----------------------------------------------------------------------------- +# make_grid_controls +# ----------------------------------------------------------------------------- +function make_grid_controls($type, $items, $enable_overtime = true) { + global $g; + + $res = ''; + $tbl = ''; + $color = ''; + $color2 = ''; + $x = 0; + + foreach($items as $item) { + if ($x === 0) { + $color = ''; + $color2 = 'style="background-color: #dddddd;"'; + $x = 1; + } + else { + $color = 'style="background-color: #dddddd;"'; + $color2 = ''; + $x = 0; + } + + $name = trim($item['name']); + $upt_val = $item['upt_value']; + $ovt_val = $item['ovt_value']; + $description = $item['description']; + + if (!$name) continue; # skip empty + + $sel = "selected=\"selected\""; + $upt_A = $upt_B = $upt_C = $upt_D = ''; + switch($upt_val) { + case "allow": $upt_B = $sel; break; + case "white": $upt_C = $sel; break; + case "deny" : $upt_D = $sel; break; + default: $upt_A = $sel; break; + } + + $ovt_A = $ovt_B = $ovt_C= $ovt_D = ''; + switch($ovt_val) { + case "allow": $ovt_B = $sel; break; + case "white": $ovt_C = $sel; break; + case "deny" : $ovt_D = $sel; break; + default: $ovt_A = $sel; break; + } + unset($sel); + + $tbl .= "<tr>"; + # uptime table + $tnm = PREF_UPTIME . $name; + $tbl .= "<td $color></td>"; + $tbl .= "<td $color>$description [$name]</td>"; + $tbl .= "<td $color>access</td>"; + $tbl .= "<td $color><select id=$tnm name=\"$tnm\">"; + if ($name !== "all"/*substr_count($name, "all") === 0*/) { + $tbl .= "<option value=none name=\"----\" $upt_A>----</option>"; + $tbl .= "<option value=white name=\"white\" $upt_C>whitelist</option>"; + $tbl .= "<option value=deny name=\"deny\" $upt_D>deny </option>"; + $tbl .= "<option value=allow name=\"allow\" $upt_B>allow</option>"; + } + else { + $tbl .= "<option value=allow name=\"allow\" $upt_B>allow</option>"; + $tbl .= "<option value=deny name=\"deny\" $upt_D>deny </option>"; + } + $tbl .= "</td>"; + + # overtime table + if ($enable_overtime) { + $tnm = PREF_OVERTIME . $name; + $tbl .= "<td $color></td>"; + $tbl .= "<td $color>$description [$name]</td>"; + $tbl .= "<td $color>access</td>"; + $tbl .= "<td $color><select id=$tnm name=\"$tnm\">"; + if ($name !== "all"/*substr_count($name, "all") === 0*/) { + $tbl .= "<option value=none name=\"----\" $ovt_A>----</option>"; + $tbl .= "<option value=white name=\"white\" $ovt_C>whitelist</option>"; + $tbl .= "<option value=deny name=\"deny\" $ovt_D>deny </option>"; + $tbl .= "<option value=allow name=\"allow\" $ovt_B>allow</option>"; + } + else { + $tbl .= "<option value=allow name=\"allow\" $ovt_B>allow</option>"; + $tbl .= "<option value=deny name=\"deny\" $ovt_D>deny </option>"; + } + $tbl .= "</td>"; + } + $tbl .= "</tr>"; + } + + # header + if (!empty($tbl)) { + $color = 'style="background-color: #dddddd;"'; + $thdr = ''; + $hdr1up = "<big>Target Categories</big>"; + $hdr1ov = "<big>Target Categories for off-time</big>"; + $hds3 = "ACCESS: 'whitelist' - always pass; 'deny' - block; 'allow' - pass, if not blocked."; + if ($enable_overtime) { + $thdr .= "<tr><td colspan='8' align=left>$hds3</td></tr>"; + $thdr .= "<tr $color><th colspan='4' align=middle>$hdr1up</th><th colspan='4' align=middle>$hdr1ov</th></tr>"; + $thdr .= "<tr $color><td colspan='4' align=middle></td><td colspan='4' align=middle>If <b>'Time'</b> not defined, this is column will be ignored.</td></tr>"; + # formatting + $thdr .= "<tr><td/><td width='35%'/><td/><td/><td/><td width='35%'/><td/><td/></tr>"; + } + else { + $thdr .= "<tr><td colspan='4' align=left>$hds3<hr></tr>"; + $thdr .= "<tr $color><th colspan='4' align=middle>$hdr1up</th></tr>"; + # formatting + $thdr .= "<tr><td width='5%'/><td/><td width='5%'/><td width='10%'/></tr>"; + } + + $res .= "<table cellspacing='0' width='100%'> $thdr $tbl </table>"; + + $rstyle = ""; + $ha = "<div class='listtopic'>" . + "<span onClick='document.getElementById(\"destrules\").style.display = \"block\";' style=\"cursor: pointer;\">" . + "<font size='-12'><big>Target Rules List (click here)</big> " . + "<img src='/themes/{$g['theme']}/images/icons/icon_pass.gif' title='Show rules'> " . + "</span>" . + "<span style=\"cursor: pointer;\">" . + "<img src='/themes/{$g['theme']}/images/icons/icon_block.gif' title='Hide rules' onClick='document.getElementById(\"destrules\").style.display = \"none\";'>" . + "</span>" . + "</div>"; + $res = "<hr>$ha<div id=\"destrules\" style='DISPLAY: none'>$res</div>"; + + } + return $res; +} + +# ----------------------------------------------------------------------------- +# check unique name +# ----------------------------------------------------------------------------- +function sg_check_unique_name($module_id, $name, $log='') { + $res = true; + $id = (isset($_GET['id'])) ? $_GET['id'] : $_POST['id']; + + $name_list = get_sgconf_items_list($module_id, 'name'); + $name_val = (is_array($name_list)) ? array_count_values($name_list) : array(); + $count_names = $name_val[$name]; + + # if count names = 1, then check if add new record with this name(not valid) / or this is a self record(valid) + # else if count names > 1 - not valid + if ($count_names === 1) { + $nm_key = array_search($name, $name_list); + # if this new record + if ($id >= count($name_list)) { $res = false; } + # if not self record + elseif ($nm_key && (intval($id) !== intval($nm_key))) { $res = false; } + } + elseif($count_names > 1) $res = false; # bad - not unique + + return $res; +} + +# ----------------------------------------------------------------------------- +# check unique name +# ----------------------------------------------------------------------------- +function sg_check_reserved_name($name, $log='') +{ + $res = true; + $reserved = array("acl", "all", "allow", "dbhome", "default", "dest", "in-addr", "log", "logdir", "none", "pass", "rew", "src", "url", "user"); + + if (in_array(strtolower(trim($name)), $reserved)) { + $res = false; + } + + return $res; +} +# ------------------------------------------------------------------------------ +# Install & deinstall +# ------------------------------------------------------------------------------ + +function squidguard_install_command() { + if (!is_service_running("squidGuard")) { + sg_init(convert_pfxml_to_sgxml()); + sg_check_system(); + + # generate squidGuard blacklist entries file (check with squidGuard PORT) +# conf_mount_rw(); + $blklist_file = SQUIDGUARD_BLK_FILELISTPATH; + + + if (!file_exists($blklist_file)) { + # if blacklist not exists, then copy default db from samples +# $entries = array("ads", "aggressive", "audio-video", "drugs", "gambling", "hacking", "mail", "porn", "proxy", "violence", "warez"); +# file_put_contents($blklist_file, implode("\n", $entries)); + } + set_file_access(SQUIDGUARD_WORKDIR, OWNER_NAME, 0755); + set_file_access(SQUIDGUARD_DBHOME, OWNER_NAME, 0755); +# conf_mount_ro(); + + sg_reconfigure(); + } +} + +function squidguard_deinstall_command() { + # remove entries from squid config + squid_reconfigure('remove redirector options'); + + # Note: When you reinstall should remain Database + + # remove package and his depends + #mwexec("pkg_delete squidGuard-1.2.0_1"); + #mwexec("rm -rf " . SQUIDGUARD_WORKDIR); + # i known't, really need delete blacklist base? + #mwexec("rm -rf " . SQUIDGUARD_DBHOME); + #mwexec("/bin/rm -f " . SQUIDGUARD_CONFBASE . "/squidGuard*"); +} + +# ------------------------------------------------------------------------------ +# SquidGuard print JavaSrcript +# ------------------------------------------------------------------------------ +function squidGuard_print_javascript() { + $javascript = ''; + + $xml = ($_GET["xml"] !== '') ? $_GET["xml"] : $_POST["xml"]; + + # squidguard_default.xml + if ($xml === "squidguard_default.xml") { + $javascript .= "\n<script language='JavaScript'>"; + $javascript .= "\n<!--"; + $javascript .= "\n document.iform.dest.disabled=1;"; + $javascript .= "\n//-->"; + $javascript .= "\n</script>"; + } # if + + # squidguard_acl.xml + if ($xml === "squidguard_acl.xml") { + $javascript .= "\n<script language='JavaScript'>"; + $javascript .= "\n<!--"; + $javascript .= "\n document.iform.dest.disabled=1;"; + $javascript .= "\n//-->"; + $javascript .= "\n</script>"; + + } # if + + if ($xml === "squidguard_time.xml") { + $javascript .= "\n<script language='JavaScript'>"; + $javascript .= "\n<!--"; + $javascript .= "\n function on_updatecontrols() {"; + $javascript .= "\n for (var i=0; i<99; i++) {"; + $javascript .= "\n var elm = document.iform.elements['timetype' + i];"; + $javascript .= "\n if (elm) {"; + $javascript .= "\n document.iform.elements['timetype' + i].onclick = on_updatecontrols;"; + $javascript .= "\n if (document.iform.elements['timetype' + i].value == 'weekly') {"; + $javascript .= "\n document.iform.elements['timedays' + i].disabled = 0;"; + $javascript .= "\n document.iform.elements['daterange' + i].disabled = 1;"; + $javascript .= "\n }"; + $javascript .= "\n else {"; + $javascript .= "\n document.iform.elements['timedays' + i].disabled = 1;"; + $javascript .= "\n document.iform.elements['daterange' + i].disabled = 0;"; + $javascript .= "\n }"; + $javascript .= "\n }"; + $javascript .= "\n }"; + $javascript .= "\n }"; + $javascript .= "\n on_updatecontrols();"; + $javascript .= "\n "; + $javascript .= "\n//-->"; + $javascript .= "\n</script>"; + } + + print($javascript); +} + +# ============================================================================== +# Converter +# ============================================================================== +# convert_pfxml_to_sgxml +# ----------------------------------------------------------------- +function convert_pfxml_to_sgxml() { + + capability_update_source(); + + global $config; + conf_mount_rw(); + $sgxml = array(); + $pfxml = $config['installedpackages'][MODULE_GENERAL]['config'][0]; + + $sgxml[F_LOGDIR] = SQUIDGUARD_LOGDIR; + $sgxml[F_DBHOME] = SQUIDGUARD_DBHOME; + $sgxml[F_LDAPENABLE] = $pfxml['ldap_enable']; + $sgxml[F_LDAPBINDDN] = $pfxml['ldapbinddn']; + $sgxml[F_LDAPBINDPASS] = $pfxml['ldapbindpass']; + $sgxml[F_LDAPVERSION] = $pfxml['ldapversion']; + $sgxml[F_STRIPNTDOMAIN] = $pfxml['stripntdomain']; + $sgxml[F_STRIPREALM] = $pfxml['striprealm']; + $sgxml[F_BINPATH] = SQUIDGUARD_BINPATH; + $sgxml[F_WORKDIR] = SQUIDGUARD_WORKDIR; + $sgxml[F_SGCONF_XML] = SQUIDGUARD_WORKDIR . SQUIDGUARD_CONFXML; + $sgxml[F_ENABLED] = $pfxml[F_SQUIDGUARDENABLE]; + $sgxml[F_BLACKLISTENABLED] = $pfxml[F_BLACKLIST]; + $sgxml[F_BLACKLISTURL] = $pfxml[F_BLACKLISTURL]; + $sgxml[F_SOURCES] = convert_pfxml_to_sgxml_source($config); + $sgxml[F_DESTINATIONS] = convert_pfxml_to_sgxml_destination($config); + $sgxml[F_REWRITES] = convert_pfxml_to_sgxml_rewrite($config); + $sgxml[F_TIMES] = convert_pfxml_to_sgxml_time($config); + $sgxml[F_ACLS] = convert_pfxml_to_sgxml_acl($config); + $sgxml[F_DEFAULT] = convert_pfxml_to_sgxml_default($config); + + # log + $sgxml[F_ENABLELOG] = $pfxml['enable_log'] == 'on' ? 'on' : 'off'; + $sgxml[F_ENABLEGUILOG] = $pfxml['enable_guilog'] == 'on' ? 'on' : 'off'; + $sgxml[F_LOGROTATION] = $pfxml['log_rotation'] == 'on' ? 'on' : 'off'; + + #Clean adversiting + $sgxml[F_ADV_BLANKIMG] = $pfxml['adv_blankimg'] == 'on' ? 'on' : 'off'; + + + # other + $lanip = $config['interfaces']['lan']['ipaddr']; + $sgxml[F_CURRENT_LAN_IP] = $lanip; + + # transparent + $squidxml = $config['installedpackages']['squid']['config'][0]; + if($squidxml['transparent_proxy'] == 'on') { + $guiport = $config['system']['webgui']['port']; + $guiprotocol = $config['system']['webgui']['protocol']; + + $sgxml[F_SQUID_TRANSPARENT_MODE] = 'on'; + $sgxml[F_CURRENT_GUI_PORT] = $guiport; + $sgxml[F_CURRENT_GUI_PROTO] = $guiprotocol; + } else { + unset($sgxml[F_SQUID_TRANSPARENT_MODE]); + unset($sgxml[F_CURRENT_GUI_PORT]); + unset($sgxml[F_CURRENT_GUI_PROTO]); + } + + # store cfg cache + $cfg_xml = dump_xml_config($sgxml, F_SQUIDGUARD); + file_put_contents($sgxml[F_SGCONF_XML], $cfg_xml); + conf_mount_ro(); + + return $sgxml; +} + +# ----------------------------------------------------------------- +# convert_pfxml_to_sgxml_source +# sgxml_source: [name][ip][desc][log] +# ----------------------------------------------------------------- +# Changes 04-01-2008 : +# Source fields moved to ACL page. Source page - will remove +# But in XML internal config nothing to change +# ----------------------------------------------------------------- +# Changes 21-07-2008 : +# Source IP and domain move to one field, added 'username'. +function convert_pfxml_to_sgxml_source($pfconfig) { + $sgxml = array(); + $pfxml = $pfconfig['installedpackages'][MODULE_ACL]['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[F_NAME] = $pfx['name']; + $sgx[F_SOURCE] = $pfx[F_SOURCE]; + $sgx[F_LOG] = $pfx[F_ENABLELOG]; + $sgx[F_DESCRIPTION] = $pfx['description']; + $sgxml[F_ITEM][] = $sgx; + } + } + return $sgxml; +} + +# ----------------------------------------------------------------- +# convert_pfxml_to_sgxml_destination +# sgxml_destination: [name][domains][expr][urls][redir][desc][log] +# ----------------------------------------------------------------- +function convert_pfxml_to_sgxml_destination($pfconfig) { + $sgxml = array(); + $pfxml = $pfconfig['installedpackages'][MODULE_DESTINATION]['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[F_NAME] = $pfx['name']; + $sgx[F_URLS] = $pfx['urls']; + $sgx[F_DOMAINS] = $pfx[F_DOMAINS]; + $sgx[F_EXPRESSIONS] = $pfx['expressions']; + $sgx[F_RMOD] = isset($pfx[F_RMOD]) ? $pfx[F_RMOD] : RMOD_NONE; + $sgx[F_REDIRECT] = $pfx[F_REDIRECT]; + $sgx[F_DESCRIPTION] = $pfx['description']; + $sgx[F_LOG] = $pfx[F_ENABLELOG]; + $sgxml[F_ITEM][] = $sgx; + } + } + return $sgxml; +} + +# ----------------------------------------------------------------- +# convert_pfxml_to_sgxml_rewrite +# sgxml_rewrite: [name][desc][log][items(array): [targeturl][replaceto]] +# ----------------------------------------------------------------- +function convert_pfxml_to_sgxml_rewrite($pfconfig) { + $sgxml = array(); + + $pfxml = $pfconfig['installedpackages'][MODULE_REWRITE]['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[F_NAME] = $pfx['name']; + $sgx[F_DESCRIPTION] = $pfx['description']; + $sgx[F_LOG] = $pfx[F_ENABLELOG]; + + if (is_array($pfx['row'])) { + foreach($pfx['row'] as $pfx_row) { + $sgx_row = array(); + $sgx_row[F_TARGETURL] = $pfx_row['targeturl']; + $sgx_row[F_REPLACETO] = $pfx_row['replaceto']; + + $mode = ''; + if (strpos($pfx_row[F_MODE], 'nocase') !== false) $mode .= 'i'; + if (strpos($pfx_row[F_MODE], 'redirect') !== false) $mode .= 'r'; + $sgx_row[F_MODE] = $mode; # ! sys options only - not for GUI ! + + $sgx[F_ITEM][] = $sgx_row; + } + } + + $sgxml[F_ITEM][] = $sgx; + } + } + + # additional: google safeserach + $sgxml[F_ITEM][] = squidguard_adt_rewrite_safesrch(); + + return $sgxml; +} + +# ----------------------------------------------------------------- +# convert_pfxml_to_sgxml_time +# sgxml_time: [name][desc][items(array): [timetype][timedays][daterange][timerange]] +# ----------------------------------------------------------------- +function convert_pfxml_to_sgxml_time($pfconfig) { + $sgxml = array(); + + $pfxml = $pfconfig['installedpackages'][MODULE_TIME]['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[F_NAME] = $pfx[F_NAME]; + $sgx[F_DESCRIPTION] = $pfx[F_DESCRIPTION]; + + if (is_array($pfx['row'])) { + foreach($pfx['row'] as $pfx_row) { + $sgx_row = array(); + $sgx_row[F_TIMETYPE] = $pfx_row[F_TIMETYPE]; + $sgx_row[F_TIMEDAYS] = $pfx_row[F_TIMEDAYS]; + $sgx_row[F_DATERANGE] = $pfx_row[F_DATERANGE]; + $sgx_row[F_TIMERANGE] = $pfx_row[F_TIMERANGE]; + $sgx[F_ITEM][] = $sgx_row; + } + } + + $sgxml[F_ITEM][] = $sgx; + } + } + + return $sgxml; +} + +# ----------------------------------------------------------------- +# convert_pfxml_to_sgxml_acl +# sgxml_acl: [name][desc][disabled][timename][destname][redirect][rewritename][over_redirect][over_rewritename] +# ----------------------------------------------------------------- +function convert_pfxml_to_sgxml_acl($pfconfig) { + $sgxml = array(); + + $pfxml = $pfconfig['installedpackages'][MODULE_ACL]['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[F_NAME] = $pfx[F_NAME]; # [04-01-2008] new ver + $sgx[F_DESCRIPTION] = $pfx[F_DESCRIPTION]; + $sgx[F_DISABLED] = $pfx[F_DISABLED]; + $sgx[F_TIMENAME] = $pfx[F_TIME]; + $sgx[F_REDIRECT] = $pfx[F_REDIRECT]; + $sgx[F_RMOD] = isset($pfx[F_RMOD]) ? $pfx[F_RMOD] : RMOD_NONE; + $sgx[F_REWRITENAME] = $pfx[F_REWRITE]; + $sgx[F_LOG] = $pfx[F_ENABLELOG]; + $sgx[F_NOTALLOWINGIP] = $pfx[F_NOTALLOWINGIP]; + $sgx[F_ORDER] = $pfx[F_ORDER]; + + # for overtime + $sgx[F_OVERREDIRECT] = $pfx[F_REDIRECT]; # disabled ->- $pfx[F_OVERREDIRECT]; + $sgx[F_OVERREWRITENAME] = $pfx[F_OVERREWRITE]; + + # destinations + if (strpos($pfx['dest'], '[') === false) { + $sgx[F_DESTINATIONNAME] = trim($pfx['dest']); + $sgx[F_OVERDESTINATIONNAME] = ''; + } + else { + $sgx[F_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) ); + $sgx[F_OVERDESTINATIONNAME] = trim( strstr($pfx['dest'], '[') ); + $sgx[F_OVERDESTINATIONNAME] = trim( str_replace(']', '', $sgx[F_OVERDESTINATIONNAME]) ); + $sgx[F_OVERDESTINATIONNAME] = trim( str_replace('[', '', $sgx[F_OVERDESTINATIONNAME]) ); + } + + # !ATTENTION! '!all' must be convert to 'none' + $sgx[F_DESTINATIONNAME] = str_replace("!all", "none", $sgx[F_DESTINATIONNAME]); + $sgx[F_OVERDESTINATIONNAME] = str_replace("!all", "none", $sgx[F_OVERDESTINATIONNAME]); + + # if empty - adding 'none' + if (!$sgx[F_DESTINATIONNAME]) $sgx[F_DESTINATIONNAME] = "none"; + if (!$sgx[F_OVERDESTINATIONNAME]) $sgx[F_OVERDESTINATIONNAME] = "none"; + + # safesearch + if ($pfx[SAFESEARCH] === 'on') { + # assign safesearch rewrite + $sgx[F_REWRITENAME] = SAFESEARCH; + $sgx[F_OVERREWRITENAME] = SAFESEARCH; + } + + $sgxml[F_ITEM][] = $sgx; + } + } + return $sgxml; +} + +# ----------------------------------------------------------------- +# convert_pfxml_to_sgxml_default +# sgxml_acl: [name][desc][disabled][timename][destname][redirect][rewritename][over_redirect][over_rewritename] +# ----------------------------------------------------------------- +function convert_pfxml_to_sgxml_default($pfconfig) { + $pfxml = $pfconfig['installedpackages'][MODULE_DEFAULT]['config']; + + $pfx = $pfxml[0]; + $sgx = array(); + $sgx[F_NAME] = 'default'; + $sgx[F_DESCRIPTION] = ''; + $sgx[F_DISABLED] = ''; + $sgx[F_TIMENAME] = $pfx[F_TIME]; + $sgx[F_RMOD] = isset($pfx[F_RMOD]) ? $pfx[F_RMOD] : RMOD_INT_ERRORPAGE; + $sgx[F_REDIRECT] = $pfx[F_REDIRECT]; + $sgx[F_REWRITENAME] = $pfx[F_REWRITE]; + $sgx[F_LOG] = $pfx[F_ENABLELOG]; + $sgx[F_NOTALLOWINGIP] = $pfx[F_NOTALLOWINGIP]; + + # destinations + if (strpos($pfx['dest'], '[') === false) + $sgx[F_DESTINATIONNAME] = trim($pfx['dest']); + else $sgx[F_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) ); + + # !ATTENTION! '!all' must be convert to 'none' + $sgx[F_DESTINATIONNAME] = str_replace("!all", "none", $sgx[F_DESTINATIONNAME]); + + # if empty - adding 'none' + if (!$sgx[F_DESTINATIONNAME]) $sgx[F_DESTINATIONNAME] = "none"; + + # safesearch + if ($pfx[SAFESEARCH] === 'on') { + # assign safesearch rewrite + $sgx[F_REWRITENAME] = SAFESEARCH; + } + + return $sgx; +} + +# ================================================================= +# Capability +# ================================================================= +# convert old ver. squidguard config. +function capability_update_source() { + # ! use global var $config ONLY ! + global $config; + $conf_changed = false; + + if (isset($config['installedpackages'][MODULE_ACL]['config'])) { + $tconf = &$config['installedpackages'][MODULE_ACL]['config']; + foreach($tconf as $key => $cfg) { + if (isset($cfg['iplist'])) { + $tconf[$key][F_SOURCE] .= " " . $cfg['iplist']; + unset($tconf[$key]['iplist']); + $conf_changed = true; + } + if (isset($cfg[F_DOMAINS])) { + $tconf[$key][F_SOURCE] .= " " . $cfg[F_DOMAINS]; + unset($tconf[$key][F_DOMAINS]); + $conf_changed = true; + } + } + + if ($conf_changed) write_config('Convert old ver. squidguard config.'); + } +} +# ------------------------------------------------------------------ +# get_item_id - get item 'id' from get/post +# ------------------------------------------------------------------ +function get_item_id() +{ + return isset($_GET['id']) ? $_GET['id'] : $_POST['id']; +} + +# ================================================================== +# additional +# ================================================================== +# safesearch rewrite +function squidguard_adt_rewrite_safesrch() +{ + $res = array(); + + # safesearch + $res[F_NAME] = SAFESEARCH; + $res[F_DESCRIPTION] = "Google, Yandex safesearch"; + $res[F_LOG] = 'on'; + squidguard_adt_safesrch_add(&$res[F_ITEM]); + + return $res; +} + +function squidguard_adt_safesrch_add($rewrite_item) +{ + if (!is_array($rewrite_item)) $rewrite_item = array(); + + # Google + $rewrite_item[] = array(F_TARGETURL => '(google\..*/search?.*q=.*)', F_REPLACETO => '\1\&safe=active', F_MODE => 'i'); + $rewrite_item[] = array(F_TARGETURL => '(google\..*/images.*q=.*)', F_REPLACETO => '\1\&safe=active', F_MODE => 'i'); + $rewrite_item[] = array(F_TARGETURL => '(google\..*/groups.*q=.*)', F_REPLACETO => '\1\&safe=active', F_MODE => 'i'); + $rewrite_item[] = array(F_TARGETURL => '(google\..*/news.*q=.*)', F_REPLACETO => '\1\&safe=active', F_MODE => 'i'); + + # Yandex + $rewrite_item[] = array(F_TARGETURL => '(yandex\..*/yandsearch?.*text=.*)', F_REPLACETO => '\1\&fyandex=1', F_MODE => 'i'); + + # Yahoo + $rewrite_item[] = array(F_TARGETURL => '(search\.yahoo\..*/search.*p=.*)', F_REPLACETO => '\1\&vm=r&v=1', F_MODE => 'i'); + + # MSN Live search, Bing + $rewrite_item[] = array(F_TARGETURL => '(search\.live\..*/.*q=.*)', F_REPLACETO => '\1\&adlt=strict', F_MODE => 'i'); + $rewrite_item[] = array(F_TARGETURL => '(search\.msn\..*/.*q=.*)', F_REPLACETO => '\1\&adlt=strict', F_MODE => 'i'); + $rewrite_item[] = array(F_TARGETURL => '(\.bing\..*/.*q=.*)', F_REPLACETO => '\1\&adlt=strict', F_MODE => 'i'); + + return $rewrite_item; +} + +# log dump +function squidguard_logdump($filename, $lnoffset, $lncount, $reverse) +{ + define('LOGSHOW_BUFSIZE', '262144'); + $cnt = ''; + + if (file_exists($filename)) { + $fh = fopen($filename, "r"); + if ($fh) { + $fsize = filesize($filename); + + # take LOGSHOW_BUFSIZE bytes from end + if ($fsize > LOGSHOW_BUFSIZE) + fseek($fh, -LOGSHOW_BUFSIZE, SEEK_END); + $cnt = fread($fh, LOGSHOW_BUFSIZE); + + fclose($fh); + } + } + + $cnt = explode( "\n", $cnt ); + + # delete broken first element + array_shift($cnt); + + # offset must be >= 0 and can't be > count($cnt) + $lnoffset = $lnoffset >= 0 ? $lnoffset : 0; + $lnoffset = ($lnoffset + $lncount) < count($cnt) ? $lnoffset : 0; + + $pos = ($lncount + $lnoffset); + + # take elements from end of array + $cnt = array_slice($cnt, -$pos, $lncount); + + # reverse array order + if ($reverse) $cnt = array_reverse( $cnt ); + + return $cnt; +} + +# dump SG log +function squidguard_filterdump($lnoffset, $lncount, $reverse) +{ + $res = array(); + $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/squidGuard.log', &$lnoffset, $lncount, $reverse); + + foreach($cont as $cn) { + $cn = explode(" ", trim($cn), 4); + $res[] = array( "{$cn[0]} {$cn[1]}", $cn[3] ); + } + + return $res; +} + +# dump SG Gui log +function squidguard_guidump($lnoffset, $lncount, $reverse) +{ + $res = array(); + $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE, &$lnoffset, $lncount, $reverse); + + foreach($cont as $cn) { + $cn = explode(" ", trim($cn), 4); + $res[] = array( "{$cn[0]} {$cn[1]}", $cn[3] ); + } + + return $res; +} + +# dump SG blocked +function squidguard_blockdump($lnoffset, $lncount, $reverse) +{ + $res = array(); + $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/' . SQUIDGUARD_LOGFILE, &$lnoffset, $lncount, $reverse); + + foreach($cont as $cn) { + $cn = explode(" ", trim($cn), 9); + $res[] = array( "{$cn[0]} {$cn[1]}", $cn[5], $cn[4], "{$cn[3]} {$cn[6]} {$cn[7]} {$cn[8]}"); + } + + return $res; +} + +# get squid config list +function squidguard_squid_conflist( ) +{ + $fname = SQUID_CONFIGFILE; + $res = ""; + + if (file_exists( $fname )) + $res = file_get_contents( $fname ); + else $res = "File '$fname' not found."; + + return $res; +} + +# get squidguard config list +function squidguard_conflist( ) +{ + $fname = SQUIDGUARD_CONFBASE . SQUIDGUARD_CONFIGFILE; + $res = ""; + + if (file_exists( $fname )) + $res = file_get_contents( $fname ); + else $res = "File '$fname' not found."; + + return $res; +} + +# get blacklist list +function squidguard_blacklist_list() +{ + $res = ""; + $fname = SQUIDGUARD_BLK_FILELISTPATH; + + $res .= "<table class='tabcont' width='100%' border='0' cellpadding='0' cellspacing='0'>\n"; + $res .= "<tr><td class='listtopic'>Name</td><td class='listtopic'>Domains</td><td class='listtopic'>Urls</td><td class='listtopic'>Expressions</td></tr>\n"; + if (file_exists($fname)) { + $cont = explode("\n", file_get_contents($fname)); + foreach($cont as $cn) { + $ph = "/var/db/squidGuard/$cn"; + + if (file_exists($ph)) { + $dm = " "; + $ur = " "; + $ex = " "; + + if (file_exists("$ph/domains")) $dm = "domains"; + if (file_exists("$ph/urls")) $ur = "urls"; + if (file_exists("$ph/expressions")) $ex = "expressions"; + + $res .= "<tr><td class='listlr'>$cn</td><td class='listr'>$dm</td><td class='listr'>$ur</td><td class='listr'>$ex</td></tr>"; + } + } + } + $res .= "</table>"; + + return $res; +} + +// ##### The following part is based on the code of pfblocker ##### + +/* Uses XMLRPC to synchronize the changes to a remote node */ +function squidguard_sync_on_changes() { + global $config, $g; + if (is_array($config['installedpackages']['squidguardsync'])){ + $synconchanges = $config['installedpackages']['squidguardsync']['config'][0]['varsyncenablexmlrpc']; + $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout']; + } + else + { + return; + } + + // if checkbox is NOT checked do nothing + switch ($synconchanges){ + case "manual": + if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])){ + $rs=$config['installedpackages']['squidguardsync']['config'][0]['row']; + } + else{ + log_error("[Squidguard] xmlrpc sync is enabled but there is no hosts to push on Squidguard config."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ + $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['varsyncdestinenable']="on"; + $rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https"); + $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip']; + $rs[0]['varsyncpassword']=$system_carp['password']; + $rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443"); + if (! is_ipaddr($system_carp['synchronizetoip'])){ + log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); + return; + } + } + else{ + log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); + return; + } + break; + default: + return; + break; + } + if (is_array($rs)){ + log_error("[SquidGuard] xmlrpc sync is starting with timeout {$varsynctimeout} seconds."); + foreach($rs as $sh){ + if($sh['varsyncdestinenable']){ + $varsyncprotocol = $sh['varsyncprotocol']; + $sync_to_ip = $sh['varsyncipaddress']; + $password = $sh['varsyncpassword']; + $varsyncport = $sh['varsyncport']; + if($password && $sync_to_ip) + squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout); + else + log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!"); + } + else { + log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); + } + } + log_error("[SquidGuard] xmlrpc sync is ending."); + } +} + +/* Do the actual XMLRPC sync */ +function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) { + global $config, $g; + + if($varsynctimeout == '' || $varsynctimeout == 0) + $varsynctimeout = 150; + + if(!$password) + return; + + if(!$sync_to_ip) + return; + + if(!$varsyncport) + return; + + if(!$varsyncprotocol) + return; + + // Check and choose correct protocol type, port number and IP address + $synchronizetoip .= "$varsyncprotocol" . '://'; + $port = "$varsyncport"; + + $synchronizetoip .= $sync_to_ip; + + /* xml will hold the sections to sync */ + $xml = array(); + $xml['squidguardgeneral'] = $config['installedpackages']['squidguardgeneral']; + $xml['squidguardacl'] = $config['installedpackages']['squidguardacl']; + $xml['squidguarddefault'] = $config['installedpackages']['squidguarddefault']; + $xml['squidguarddest'] = $config['installedpackages']['squidguarddest']; + $xml['squidguardrewrite'] = $config['installedpackages']['squidguardrewrite']; + $xml['squidguardtime'] = $config['installedpackages']['squidguardtime']; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); + + /* set a few variables needed for sync code borrowed from filter.inc */ + $url = $synchronizetoip; + log_error("SquidGuard: Beginning squidguard XMLRPC sync with {$url}:{$port}."); + $method = 'pfsense.merge_installedpackages_section_xmlrpc'; + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials('admin', $password); + if($g['debug']) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after $varsynctimeout seconds */ + $resp = $cli->send($msg, $varsynctimeout); + if(!$resp) { + $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port}."; + log_error("SquidGuard: $error"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, $varsynctimeout); + $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("SquidGuard: $error"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } else { + log_error("SquidGuard: XMLRPC has synced data successfully with {$url}:{$port}."); + } + + /* tell squidguard to reload our settings on the destionation sync host. */ + $method = 'pfsense.exec_php'; + $execcmd = "require_once('/usr/local/pkg/squidguard.inc');\n"; + // pfblocker just needed one fuction to reload after XMLRPC. squidguard needs more so we point to a fuction below which contains all fuctions + $execcmd .= "squidguard_all_after_XMLRPC_resync();"; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + + log_error("SquidGuard XMLRPC is reloading data on {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials('admin', $password); + $resp = $cli->send($msg, $varsynctimeout); + if(!$resp) { + $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port} (exec_php)."; + log_error($error); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, $varsynctimeout); + $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } else { + log_error("SquidGuard: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php)."); + } + +} + +// ##### The part above is based on the code of pfblocker ##### + +// This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files +// Adding more functions will increase the time to sync +function squidguard_all_after_XMLRPC_resync() { + + squidguard_resync_acl(); + squidguard_resync_dest(); + squidguard_resync(); + + log_error("SquidGuard: Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); +} + +?> diff --git a/config/squidGuard-devel/squidguard.xml b/config/squidGuard-devel/squidguard.xml new file mode 100644 index 00000000..e9ce78fd --- /dev/null +++ b/config/squidGuard-devel/squidguard.xml @@ -0,0 +1,260 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <description>[<![CDATA[Describe your package here]]></description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidguardgeneral</name> + <version>1.5_1</version> + <title>Proxy filter SquidGuard: General settings</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> + <!-- Installation --> + <menu> + <name>Proxy filter</name> + <tooltiptext>Modify the proxy server's filter settings</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + </menu> + <tabs> + <tab> + <text>General settings</text> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Common ACL</text> + <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> + </tab> + <tab> + <text>Groups ACL</text> + <url>/pkg.php?xml=squidguard_acl.xml</url> + </tab> + <tab> + <text>Target categories</text> + <url>/pkg.php?xml=squidguard_dest.xml</url> + </tab> + <tab> + <text>Times</text> + <url>/pkg.php?xml=squidguard_time.xml</url> + </tab> + <tab> + <text>Rewrites</text> + <url>/pkg.php?xml=squidguard_rewr.xml</url> + </tab> + <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> + <text>Log</text> + <url>/squidGuard/squidguard_log.php</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=squidguard_sync.xml</url> + </tab> + </tabs> + <service> + <name>squidGuard</name> + <description><![CDATA[Proxy server filter Service]]></description> + <executable>squidGuard</executable> + </service> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_configurator.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_acl.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_default.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_dest.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_rewr.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_time.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_sync.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/squidGuard/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_log.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/squidGuard/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_blacklist.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard-devel/sgerror.php</item> + </additional_files_needed> + <fields> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>squidguard_enable</fieldname> + <description><![CDATA[Check this option to enable squidGuard]]></description> + <type>checkbox</type> + </field> + <field> + <name>LDAP Options</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable LDAP Filter</fielddescr> + <fieldname>ldap_enable</fieldname> + <description><![CDATA[Enable options for setup ldap connection to create filters with ldap search]]></description> + <type>checkbox</type> + <enablefields>ldapbinddn,ldapbindpass,stripntdomain,striprealm,ldapversion</enablefields> + </field> + <field> + <fielddescr>LDAP DN</fielddescr> + <fieldname>ldapbinddn</fieldname> + <description><![CDATA[Configure your LDAP DN (ex: cn=Administrator,cn=Users,dc=domain)]]></description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>LDAP DN Password</fielddescr> + <fieldname>ldapbindpass</fieldname> + <description><![CDATA[LDAP DN Users password]]></description> + <type>password</type> + </field> + <field> + <fielddescr>Strip NT domain name</fielddescr> + <fieldname>stripntdomain</fieldname> + <description><![CDATA[Strip NT domain name component from user names (/ or \ separated).]]></description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <fielddescr>Strip Kerberos Realm</fielddescr> + <fieldname>striprealm</fieldname> + <description><![CDATA[Strip Kerberos Realm component from user names (@ separated).]]></description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <fielddescr>LDAP Version</fielddescr> + <fieldname>ldapversion</fieldname> + <type>select</type> + <default_value>3</default_value> + <options> + <option> + <name>Version 2</name> + <value>2</value> + </option> + <option> + <name>Version 3</name> + <value>3</value> + </option> + </options> + </field> + <field> + <name>Logging options</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable GUI log</fielddescr> + <fieldname>enable_guilog</fieldname> + <description><![CDATA[Check this option to log the access to the Proxy Filter GUI.]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable log</fielddescr> + <fieldname>enable_log</fieldname> + <description><![CDATA[Check this option to log the proxy filter settings like blocked websites in Common ACL, Group ACL and Target Categories. This option is usually used to check the filter settings.]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable log rotation</fielddescr> + <fieldname>log_rotation</fieldname> + <description><![CDATA[Check this option to rotate the logs every day. This is recommended if you enable any kind of logging to limit file size and do not run out of disk space.]]></description> + <type>checkbox</type> + </field> + <field> + <name>Miscellaneous</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Clean Advertising</fielddescr> + <fieldname>adv_blankimg</fieldname> + <description><![CDATA[Check this option to display a blank gif image instead of the default block page. With this option the user gets a cleaner webpage.]]></description> + <type>checkbox</type> + </field> + <field> + <name>Blacklist options</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Blacklist</fielddescr> + <fieldname>blacklist</fieldname> + <description><![CDATA[Check this option to enable blacklist]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Blacklist proxy</fielddescr> + <fieldname>blacklist_proxy</fieldname> + <description><![CDATA[<br> + Blacklist upload proxy - enter here, or leave blank.<br> + Format: host:[port login:pass] . Default proxy port 1080.<br> + Example: '192.168.0.1:8080 user:pass' + ]]></description> + <type>input</type> + <size>100</size> + </field> + <field> + <fielddescr>Blacklist URL</fielddescr> + <fieldname>blacklist_url</fieldname> + <description><![CDATA[Enter the path to the blacklist (blacklist.tar.gz) here. You can use FTP, HTTP or LOCAL URL blacklist archive or leave blank. The LOCAL path could be your pfsense (/tmp/blacklist.tar.gz).]]></description> + <type>input</type> + <size>100</size> + </field> + </fields> + <custom_add_php_command/> + <custom_php_validation_command> + squidguard_validate(&$_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_command_before_form> + squidguard_before_form(&$pkg); + </custom_php_command_before_form> + <custom_php_after_form_command> + squidGuard_print_javascript(); + </custom_php_after_form_command> + <custom_php_resync_config_command> + squidguard_resync(); + </custom_php_resync_config_command> + <custom_php_install_command> + squidguard_install_command(); + squidguard_resync(); + </custom_php_install_command> + <custom_php_deinstall_command> + squidguard_deinstall_command(); + </custom_php_deinstall_command> +</packagegui> diff --git a/config/squidGuard-devel/squidguard_acl.xml b/config/squidGuard-devel/squidguard_acl.xml new file mode 100644 index 00000000..cd3e8016 --- /dev/null +++ b/config/squidGuard-devel/squidguard_acl.xml @@ -0,0 +1,245 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <description><![CDATA[Describe your package here]]></description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidguardacl</name> + <version>none</version> + <title>Proxy filter SquidGuard: Groups Access Control List (ACL)</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> + <delete_string>A proxy server user has been deleted.</delete_string> + <addedit_string>A proxy server user has been created/modified.</addedit_string> + <tabs> + <tab> + <text>General settings</text> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + </tab> + <tab> + <text>Common ACL</text> + <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> + </tab> + <tab> + <text>Groups ACL</text> + <url>/pkg.php?xml=squidguard_acl.xml</url> + <active/> + </tab> + <tab> + <text>Target categories</text> + <url>/pkg.php?xml=squidguard_dest.xml</url> + </tab> + <tab> + <text>Times</text> + <url>/pkg.php?xml=squidguard_time.xml</url> + </tab> + <tab> + <text>Rewrites</text> + <url>/pkg.php?xml=squidguard_rewr.xml</url> + </tab> + <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> + <text>Log</text> + <url>/squidGuard/squidguard_log.php</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=squidguard_sync.xml</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Disabled</fielddescr> + <fieldname>disabled</fieldname> + </columnitem> + <columnitem> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Time</fielddescr> + <fieldname>time</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <fielddescr>Disabled</fielddescr> + <fieldname>disabled</fieldname> + <description><![CDATA[Check this to disable this ACL rule.]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description><![CDATA[ + Enter a unique name of this rule here.<br> + The name must consist between 2 and 15 symbols [a-Z_0-9]. The first one must be a letter.<br> + ]]></description> + <type>input</type> + <required/> + <size>100</size> + </field> + <field> + <fielddescr>Order</fielddescr> + <fieldname>order</fieldname> + <description><![CDATA[ + Select the new position for this ACL item. ACLs are evaluated on a first-match source basis.<br> + <b>Note:</b><br> + Search for a suitable ACL by field 'source' will occur before the first match. If you want to define an exception for some sources (IP) from the IP range, put them on first of the list.<br> + <b>Example:</b><br> + ACL with single (or short range) source ip 10.0.0.15 must be placed before ACL with more large ip range 10.0.0.0/24.<br> + ]]></description> + <type>select</type> + </field> + <field> + <fielddescr>Client (source)</fielddescr> + <fieldname>source</fieldname> + <description><![CDATA[ + Enter client's IP address or domain or "username" here. To separate them use space.<br> + <b>Example:</b><br> + <b>IP:</b> 192.168.0.1 - <b>Subnet:</b> 192.168.0.0/24 or 192.168.1.0/255.255.255.0 - <b>IP-Range:</b> 192.168.1.1-192.168.1.10<br> + <b>Domain:</b> foo.bar matches foo.bar or *.foo.bar<br> + <b>Username:</b> 'user1' <br> + <b>Ldap search (Ldap filter must be enabled in General Settings):</b> <br> + ldapusersearch "ldap://192.168.0.100/DC=domain,DC=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=it%2cCN=Users%2cDC=domain%2cDC=com))"<br> + <i>Attention: these line don't have break line, all on one line and use double quotes ("") in ldap expression</i> + ]]></description> + <type>textarea</type> + <cols>65</cols> + <rows>3</rows> + <required/> + </field> + <field> + <fielddescr>Time</fielddescr> + <fieldname>time</fieldname> + <description><![CDATA[Select the time in which 'Target Rules' will operate or leave 'none' for rules without time restriction. If this option is set then in off-time the second ruleset will operate.]]></description> + <type>select</type> + </field> + <field> + <fielddescr>Target Rules</fielddescr> + <fieldname>dest</fieldname> + <description><![CDATA[]]></description> + <type>input</type> + <size>100</size> + </field> + <field> + <fielddescr>Do not allow IP-Addresses in URL</fielddescr> + <fieldname>notallowingip</fieldname> + <description><![CDATA[To make sure that people do not bypass the URL filter by simply using the IP-Addresses instead of the FQDN you can check this option. This option has no effect on the whitelist.]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Redirect mode</fielddescr> + <fieldname>redirect_mode</fieldname> + <description> + Select redirect mode here. + <br> Note: if you use 'transparent proxy', then 'int' redirect mode will not accessible. +<!-- <br><b> int size limit :</b> if content size 0 or > 'size limit', then client moved to 'blank image' page; --> + <br> Options: + <A title="To 'url' will added special client information;" > + <span style="background-color: #dddddd;" >ext url err page</span></A> , + <A title="Client view 'url' content without any notification about;" > + <span style="background-color: #dddddd;" > ext url redirect</span></A> , + <A title="Client will moved to specified url with displaying url in addres bar;" > + <span style="background-color: #dddddd;" > ext url as 'move'</span></A> , + <A title="Client will moved to specified url with showing progress(only!) in status bar;" > + <span style="background-color: #dddddd;" > ext url as 'found'.</span></A> + </u> + </description> + <type>select</type> + <value>rmod_none</value> + <options> + <option><name>none</name> <value>rmod_none</value></option> + <option><name>int error page (enter error message)</name> <value>rmod_int</value></option> + <option><name>int blank page </name> <value>rmod_int_bpg</value></option> +<!-- <option><name>int blank image</name> <value>rmod_int_bim</value></option> --> +<!-- <option><name>int size limit (enter size in bytes)</name> <value>rmod_int_szl</value></option> --> + <option><name>ext url err page (enter URL)</name> <value>rmod_ext_err</value></option> + <option><name>ext url redirect (enter URL)</name> <value>rmod_ext_rdr</value></option> + <option><name>ext url move (enter URL)</name> <value>rmod_ext_mov</value></option> + <option><name>ext url found (enter URL)</name> <value>rmod_ext_fnd</value></option> + </options> + </field> + <field> + <fielddescr>Redirect</fielddescr> + <fieldname>redirect</fieldname> + <description><![CDATA[Enter the external redirection URL, error message or size (bytes) here.]]></description> + <type>textarea</type> + <cols>65</cols> + <rows>2</rows> + </field> +<!-- not need now + <field> + <fielddescr>Redirect for off-time</fielddescr> + <fieldname>overredirect</fieldname> + <description><![CDATA[ + Enter external redirection URL, error message or size (bytes) here. + ]]></description> + <type>textarea</type> + <cols>65</cols> + <rows>2</rows> + </field> +--> + <field> + <fielddescr>Use SafeSearch engine</fielddescr> + <fieldname>safesearch</fieldname> + <description><![CDATA[ + To protect your children from adult content you can use the protected mode of search engines.<br> + At the moment it is supported by Google, Yandex, Yahoo, MSN, Live Search and Bing. Make sure that the search engines can be accessed. It is recommended to prohibit access to others.<br> + <b>Note:</b> This option overrides 'Rewrite' setting. + ]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Rewrite</fielddescr> + <fieldname>rewrite</fieldname> + <description><![CDATA[Enter the rewrite condition name for this rule or leave it blank.]]></description> + <type>select</type> + </field> + <field> + <fielddescr>Rewrite for off-time</fielddescr> + <fieldname>overrewrite</fieldname> + <description><![CDATA[Enter the rewrite condition name for this rule or leave it blank.]]></description> + <type>select</type> + </field> + <field> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description><![CDATA[You may enter any description here for your reference.]]></description> + <type>input</type> + <size>100</size> + </field> + <field> + <fielddescr>Log</fielddescr> + <fieldname>enablelog</fieldname> + <description><![CDATA[Check this option to enable logging for this ACL.]]></description> + <type>checkbox</type> + </field> + </fields> + <custom_php_validation_command> + squidguard_validate_acl(&$_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_command_before_form> + squidguard_before_form_acl(&$pkg); + </custom_php_command_before_form> + <custom_php_after_form_command> + squidGuard_print_javascript(); + </custom_php_after_form_command> + <custom_php_resync_config_command> + squidguard_resync_acl(); + </custom_php_resync_config_command> + <custom_delete_php_command> + squidguard_resync_acl(); + </custom_delete_php_command> + <custom_add_php_command> + </custom_add_php_command> + <custom_add_php_command_late> + </custom_add_php_command_late> +</packagegui> diff --git a/config/squidGuard-devel/squidguard_blacklist.php b/config/squidGuard-devel/squidguard_blacklist.php new file mode 100644 index 00000000..98e0aecd --- /dev/null +++ b/config/squidGuard-devel/squidguard_blacklist.php @@ -0,0 +1,329 @@ +<?php +/* $Id$ */ +/* + squidguard_blacklist.php + 2006-2011 Serg Dvoriancev + + part of pfSense (www.pfSense.com) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("notices.inc"); +if (file_exists("/usr/local/pkg/squidguard.inc")) { + require_once("/usr/local/pkg/squidguard.inc"); +} + +# ------------------------------------------------------------------------------ +# defines +# ------------------------------------------------------------------------------ +define("SGCURL_STATUS", "/tmp/squidguard_download.log"); +define("SGUPD_STATFILE", "/tmp/squidguard_download.stat"); +define("SGBAR_SIZE", "450"); +define("DEBUG_AJAX", "false"); +# ------------------------------------------------------------------------------ +# Requests +# ------------------------------------------------------------------------------ +if ($_REQUEST['getactivity']) +{ + header("Content-type: text/javascript"); + echo squidguard_blacklist_AJAX_response( $_REQUEST ); + exit; +} + +# ------------------------------------------------------------------------------ +# Functions +# ------------------------------------------------------------------------------ + +function squidguard_blacklist_AJAX_response( $request ) +{ + $res = ''; + $sz = 0; + $pcaption = ' '; + + # Actions + if ($request['blacklist_download_start']) squidguard_blacklist_update_start( $request['blacklist_url'] ); # update start + elseif ($request['blacklist_download_cancel']) squidguard_blacklist_update_cancel(); # update cancel + elseif ($request['blacklist_restore_default']) squidguard_blacklist_restore_arcdb(); # restore default db + elseif ($request['blacklist_clear_log']) squidguard_blacklist_update_clearlog(); # clear log + + # Activity + # Rebuild progress /check SG rebuild process/ + if (is_squidGuardProcess_rebuild_started()) { + $pcaption = 'Blacklist DB rebuild progress'; + $sz = squidguar_blacklist_rebuild_progress(); + } + elseif (squidguard_blacklist_update_IsStarted()) { + $pcaption = 'Blacklist download progress'; + $sz = squidguard_blacklist_update_progress(); + } + + # progress status + $szleft = $sz * SGBAR_SIZE / 100; + $szright = SGBAR_SIZE - $szleft; + + if ($sz < 0) { + # nothing to show + $sz = 0; + $pcaption = ''; + } + $res .= "el('progress_caption').innerHTML = '{$pcaption}';"; + $res .= "el('widtha').width = {$szleft};"; + $res .= "el('widthb').width = {$szright};"; + $res .= "el('progress_text').innerHTML = '{$sz} %';"; + + $status = ''; + if (file_exists(SGUPD_STATFILE)) { + $status = file_get_contents(SGUPD_STATFILE); + if ($sz && $sz != 100) $status .= "Completed {$sz} %"; + } + if ($status) { + $status = str_replace("\n", "\\r\\n", trim($status)); + $res .= "el('update_state').innerHTML = '{$status}';"; + $res .= "el('update_state_cls').style.display='';"; + $res .= "el('update_state_row').style.display='';"; + } else { + $res .= "el('update_state').innerHTML = '';"; + $res .= "el('update_state_cls').style.display='none';"; + $res .= "el('update_state_row').style.display='none';"; + } + + return $res; +} + +function squidguard_blacklist_update_progress() +{ + $p = -1; + + if (file_exists(SGCURL_STATUS)) { + $cn = file_get_contents(SGCURL_STATUS); + if ($cn) { + $cn = explode("\r", $cn); + $cn = array_pop($cn); + $cn = explode(" ", trim($cn)); + $p = intval( $cn[0] ); + } + } + + return $p; +} + +function squidguar_blacklist_rebuild_progress() +{ + $arcdb = "/tmp/squidGuard/arcdb"; + $blfiles = "{$arcdb}/blacklist.files"; + + if (file_exists($arcdb) && file_exists($blfiles)) { + $dirlist = explode("\n", file_get_contents($blfiles)); + for ($i = 0; $i < count($dirlist); $i++) { + if ( !file_exists("$arcdb/{$dirlist[$i]}/domains.db") && + !file_exists("$arcdb/{$dirlist[$i]}/urls.db") ) + { + return intval( $i * 100 / count($dirlist) ); + } + } + } + + return 0; +} + +function is_squidGuardProcess_rebuild_started() +{ + # memo: 'ps -auxw' used 132 columns; 'ps -auxww' used 264 columns + # if cmd more then 132 need use 'ww..' key + return exec("ps -auxwwww | grep 'squidGuard -c .* -C all' | grep -v grep | awk '{print $2}' | wc -l | awk '{ print $1 }'"); +} + +# ------------------------------------------------------------------------------ +# HTML Page +# ------------------------------------------------------------------------------ + +$pgtitle = "Proxy filter SquidGuard: Blacklist page"; +$selfpath = "./squidguard_blacklist.php"; +$blacklist_url = ''; + +# get squidGuard config +if (function_exists(sg_init)) { + sg_init(convert_pfxml_to_sgxml()); + $blacklist_url = $squidguard_config[F_BLACKLISTURL]; +} + +include("head.inc"); + +echo "\t<script type=\"text/javascript\" src=\"/javascript/scriptaculous/prototype.js\"></script>\n"; + +?> + +<!-- Ajax Script --> +<script type="text/javascript"> + +function el(id) { + return document.getElementById(id); +} + +function getactivity(action) { + var url = "./squidguard_blacklist.php"; + var pars = 'getactivity=yes'; + + if (action == 'download') pars = pars + '&blacklist_download_start=yes&blacklist_url=' + encodeURIComponent(el('blacklist_url').value); + if (action == 'cancel') pars = pars + '&blacklist_download_cancel=yes'; + if (action == 'restore_default') pars = pars + '&blacklist_restore_default=yes'; + if (action == 'clear_log') pars = pars + '&blacklist_clear_log=yes'; + + var myAjax = new Ajax.Request( url, + { + method: 'get', + parameters: pars, + onComplete: activitycallback + }); +} + +function activitycallback(transport) { + +<?php if (DEBUG_AJAX == "true") echo "el('debug_textarea').innerHTML = transport.responseText;"; ?> + + if (200 == transport.status) { + result = transport.responseText; + } + + // refresh 3 sec + setTimeout('getactivity()', 3100); + //alert(transport.responseText); +} + +window.setTimeout('getactivity()', 150); + +</script> + +<!-- HTML --> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<form action="./squidguard_blacklist.php" method="post"> + +<?php include("fbegin.inc"); ?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<!-- Tabs --> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("General settings"), false, "/pkg_edit.php?xml=squidguard.xml&id=0"); + $tab_array[] = array(gettext("Common ACL"), false, "/pkg_edit.php?xml=squidguard_default.xml&id=0"); + $tab_array[] = array(gettext("Groups ACL"), false, "/pkg.php?xml=squidguard_acl.xml"); + $tab_array[] = array(gettext("Target categories"),false, "/pkg.php?xml=squidguard_dest.xml"); + $tab_array[] = array(gettext("Times"), false, "/pkg.php?xml=squidguard_time.xml"); + $tab_array[] = array(gettext("Rewrites"), false, "/pkg.php?xml=squidguard_rewr.xml"); + $tab_array[] = array(gettext("Blacklist"), true, "/squidGuard/squidguard_blacklist.php"); + $tab_array[] = array(gettext("Log"), false, "/squidGuard/squidguard_log.php"); + $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=squidguard_sync.xml&id=0"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <table class="tabcont" width="100%"> + <tr> + <td class="vncell" width="22%">Blacklist Update</td> + <td class="vtable"> + <big id='progress_caption' name='progress_caption'> </big><br> +<?php + echo "<nobr>"; + echo "<img src='/themes/".$g['theme']."/images/misc/bar_left.gif' height='10' width='5' border='0' align='absmiddle'>"; + echo "<img src='/themes/".$g['theme']."/images/misc/bar_blue.gif' height='10' name='widtha' id='widtha' width='" . 0 . "' border='0' align='absmiddle'>"; + echo "<img src='/themes/".$g['theme']."/images/misc/bar_gray.gif' height='10' name='widthb' id='widthb' width='" . SGBAR_SIZE . "' border='0' align='absmiddle'>"; + echo "<img src='/themes/".$g['theme']."/images/misc/bar_right.gif' height='10' width='5' border='0' align='absmiddle'> "; + echo " <u id='progress_text' name='progress_text'>0 %</u>"; + echo "</nobr>"; + echo "<br><br>"; +?> + <nobr> + <input class="formfld unknown" size="70" id="blacklist_url" name="blacklist_url" value= '<?php echo "$blacklist_url"; ?>' >   + <!--input size='70' id='blacklist_download_start' name='blacklist_download_start' value='Download' type='button' onclick="getactivity('download');">  + <input size='70' id='blacklist_download_cancel' name='blacklist_download_cancel' value='Cancel' type='button' onclick="getactivity('cancel');"--> + </nobr><br> + <input size='70' id='blacklist_download_start' name='blacklist_download_start' value='Download' type='button' onclick="getactivity('download');"> + <input size='70' id='blacklist_download_cancel' name='blacklist_download_cancel' value='Cancel' type='button' onclick="getactivity('cancel');"> + + <input size='70' id='blacklist_restore_default' name='blacklist_restore_default' value='Restore default' type='button' onclick="getactivity('restore_default');"> + <br><br> + Enter FTP or HTTP path to the blacklist archive here. + <br><br> + </td> + </tr> + <tr id='update_state_cls' name='update_state_cls' style='display:none;'> + <td> </td> + <td> + <span style="cursor: pointer;"> + <img src=<?php echo "'/themes/{$g['theme']}/images/icons/icon_block.gif'" ?> onClick="getactivity('clear_log');" title='Clear Log and Close'> + </span> + <big><b>Blacklist update Log</b></big> + </td> + </tr> + <tr id='update_state_row' name='update_state_row' style='display:none;'> + <td> </td> + <td> + <textarea rows='15' cols='55' name='update_state' id='update_state' wrap='hard' readonly> </textarea> + </td> + </tr> +<?php +# debug +if (DEBUG_AJAX !== "false") { +echo <<<EOD + <tr id='debug_row' name='debug_row'> + <td> </td> + <td> + <textarea rows='15' cols='55' name='debug_textarea' id='debug_textarea' wrap='hard' readonly> </textarea> + </td> + </tr> +EOD; +} +?> + </table> + </td> + </tr> + <tr> + <td> +<?php +#blacklist table +#echo squidguard_blacklist_list(); +?> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> + +<?php include("fend.inc"); ?> + +</form> +</body> +</html> + diff --git a/config/squidGuard-devel/squidguard_configurator.inc b/config/squidGuard-devel/squidguard_configurator.inc new file mode 100644 index 00000000..3cf7bc61 --- /dev/null +++ b/config/squidGuard-devel/squidguard_configurator.inc @@ -0,0 +1,2532 @@ +<?php +# ------------------------------------------------------------------------------ +/* squidguard_configurator.inc + 2006-2011 Serg Dvoriancev + 2013 (squidGuard 1.5 beta) Luiz G. Costa <gugabsd@mundounix.com.br> + + part of pfSense (www.pfSense.com) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +# ------------------------------------------------------------------------------ +# SquidGuard Configurator +# email: dv_serg@mail.ru +# ------------------------------------------------------------------------------ +# squidGuard inline options: +# squidGuard -C all - update database +# squidGuard -c <configfile> - create squidGuard with specified config file +# ------------------------------------------------------------------------------ +# Notes: +# for work squidGuard need present ALL destinations; +# if dest not present in config - then this item will ignored in operations +# (in rebuild DB for example) +# ------------------------------------------------------------------------------ +# Directories: +# work path - $workdir +# log path - $workdir + $logdir +# ------------------------------------------------------------------------------ + +require_once('globals.inc'); +require_once('config.inc'); +require_once('util.inc'); +require_once('pfsense-utils.inc'); +require_once('pkg-utils.inc'); +require_once('filter.inc'); +require_once('service-utils.inc'); + +# squid package must exists by default system path (for v.2.0/2.1) +# todo: move include string to the squid-function call string position +if (file_exists('/usr/local/pkg/squid.inc')) { + require_once('/usr/local/pkg/squid.inc'); +} + +# ------------------------------------------------------------------------------ +# Allow additional execution time 0 = no limit +# ------------------------------------------------------------------------------ +ini_set('max_execution_time', '3600'); +ini_set('max_input_time', '3600'); +ini_set('memory_limit', '100M'); + +# ------------------------------------------------------------------------------ +# ToDo ! Must use all settings via $squidguard_config ! +# Sdelat rewrite dlya smeny skachivaniya + +# ------------------------------------------------------------------------------ +# files header +# ------------------------------------------------------------------------------ +define('FILES_DB_HEADER', ' +# ------------------------------------------------------------------------------ +# File created by squidGuard package GUI +# (C)2006-2010 Serg Dvoriancev +# ------------------------------------------------------------------------------ +'); + +define('CONFIG_SG_HEADER', " +# ============================================================ +# SquidGuard configuration file +# This file generated automaticly with SquidGuard configurator +# (C)2006 Serg Dvoriancev +# email: dv_serg@mail.ru +# ============================================================ +"); + +# ------------------------------------------------------------------------------ +# squid config options +# ------------------------------------------------------------------------------ +define('REDIRECTOR_OPTIONS_REM', '# squidGuard options'); +define('REDIRECTOR_PROGRAM_OPT', 'redirect_program'); +define('REDIRECT_BYPASS_OPT', 'redirector_bypass'); +define('REDIRECT_CHILDREN_OPT', 'url_rewrite_children'); +define('REDIRECTOR_PROCESS_COUNT', '5'); # redirector processes count will started + +# ------------------------------------------------------------------------------ +# squidguard config options +# ------------------------------------------------------------------------------ +# define default redirection url (redirector get this url for all blocked url's) +# * !ATTENTION! this url must be exists; IF url not exist, redirector will't block +# (returned to squid some url, what blocked) +# ------------------------------------------------------------------------------ +define('REDIRECT_BASE_URL', '/sgerror.php'); +define('REDIRECT_URL_ARGS', '&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u'); + +# ------------------------------------------------------------------------------ +# squidguard system constants +# ------------------------------------------------------------------------------ + +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version > 2.0) { + if (file_exists('/usr/pbi/squidguard-squid3-' . php_uname("m"))) + define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-squid3-' . php_uname("m")); + else + define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-devel-' . php_uname("m")); +} else + define('SQUIDGUARD_LOCALBASE','/usr/local'); + +if (!defined('SQUID_LOCALBASE') && ($pf_version > 2.0)) + define('SQUID_LOCALBASE', '/usr/pbi/squid-' . php_uname("m")); +elseif (!defined('SQUID_LOCALBASE')) + define('SQUID_LOCALBASE','/usr/local'); + +define('SQUID_CONFIGFILE', SQUID_LOCALBASE . '/etc/squid/squid.conf'); +define('TMP_DIR', '/var/tmp'); +# +define('SQUIDGUARD_CONFIGFILE', '/squidGuard.conf'); +define('SQUIDGUARD_CONFLOGFILE', '/sg_configurator.log'); +define('SQUIDGUARD_LOGFILE', 'block.log'); +define('SQUIDGUARD_GUILOGFILE', 'squidGuard.log'); +define('SQUIDGUARD_CONFBASE', SQUID_LOCALBASE . '/etc/squid'); +define('SQUIDGUARD_WORKDIR', SQUIDGUARD_LOCALBASE . '/etc/squidGuard'); +define('SQUIDGUARD_BINPATH', SQUIDGUARD_LOCALBASE . '/bin'); +define('SQUIDGUARD_TMP', '/tmp/squidGuard'); # SG temp +define('SQUIDGUARD_VAR', '/var/squidGuard'); # SG variables +define('SQUIDGUARD_STATE', '/squidGuard.state'); +define('SQUIDGUARD_REBUILD', '/squidGuard.rebuild'); +define('SQUIDGUARD_CONFXML', '/squidguard_conf.xml'); +define('SQUIDGUARD_DBHOME', '/var/db/squidGuard'); +define('SQUIDGUARD_DBHOME_BLK', SQUIDGUARD_DBHOME); +define('SQUIDGUARD_DBSAMPLE', '/var/db/squidGuard.sample'); +define('SQUIDGUARD_LOGDIR', '/var/squidGuard/log'); +define('SQUIDGUARD_WEBGUI_LOG', '/squidguard_gui.log'); +define('SQUIDGUARD_WEBGUI_HISTORY_LOG', '/squidguard_gui_history.log'); +# +define('SQUIDGUARD_SCR_LOGROTATE', SQUIDGUARD_LOCALBASE . '/etc/rc.d/squidGuard_logrotate'); # Logrotate script +# +# DB home catalog contains 'Blacklist' and 'User' sub-catalogs +define('SQUIDGUARD_DB_BLACKLIST', '/bl'); +define('SQUIDGUARD_DB_USER', '/usr'); +define('SQUIDGUARD_BL_UNPACK', '/unpack'); +define('SQUIDGUARD_BL_DB', '/db'); +# +# DB/Blacklist defines + +#> +define('SQUIDGUARD_BLK_ENTRIES', '/blacklist.files'); +#< + +define('SQUIDGUARD_BLK_FILELIST', '/blacklist.files'); +define('SQUIDGUARD_BLK_FILELISTPATH', SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_FILELIST); +define('BLACKLIST_ARCHIVE', '/blacklists.tar'); +define('SCR_NAME_BLKUPDATE', '/tmp/squidGuard_blacklist_update.sh'); +define('DB_REBUILD_SH', '/tmp/squidGuard_db_rebuild.sh'); +define('DB_REBUILD_CONF', '/tmp/squidGuard_db_rebuild.conf'); +define('DB_REBUILD_BLK_CONF', '/squidGuard_blk_rebuild.conf'); +define('BLK_TEMP', '/tmp/sg_blk'); +define('SG_BLK_ARC', '/arcdb'); # blk db archive +define('SG_INFO_FILE', '/var/squidGuard/sg_db_upd.inf'); + +define('SG_UPDATE_TARFILE', '/tmp/squidguard_blacklist.tar'); +define('SG_UPDATE_TMPFILE', '/tmp/squidguard_download.tmp'); +define('SG_UPDATE_LOGFILE', '/tmp/squidguard_download.log'); +define('SG_UPDATE_STATFILE', '/tmp/squidguard_download.stat'); + +# ============================================================================== +# CONSTANTS +# ============================================================================== +# redirect mode +define('RMOD_NONE', 'rmod_none'); +define('RMOD_INT_ERRORPAGE', 'rmod_int'); +define('RMOD_INT_BLANKPAGE', 'rmod_int_bpg'); +define('RMOD_INT_BLANKIMG', 'rmod_int_bim'); +define('RMOD_INT_SIZELIMIT', 'rmod_int_szl'); +define('RMOD_EXT_ERR', 'rmod_ext_err'); +define('RMOD_EXT_RDR', 'rmod_ext_rdr'); +define('RMOD_EXT_MOVED', 'rmod_ext_mov'); +define('RMOD_EXT_FOUND', 'rmod_ext_fnd'); +# Log level: 0-error, 1-warning; 2-info +define('SQUIDGUARD_INFO', 2); +define('SQUIDGUARD_WARNING', 1); +define('SQUIDGUARD_ERROR', 0); +# +define('ACL_WARNING_ABSENSE_PASS', "!WARNING! Absence PASS 'all' or 'none' added as 'none'"); + +# ============================================================================== +# OPTIONS +# ============================================================================== +# Log +define('SQUIDGUARD_GUILOG_LEVEL', SQUIDGUARD_INFO); # log level +define('SQUIDGUARD_GUILOG_MAXCOUNT', 500); # log max lines +define('SQUIDGUARD_GUILOG_ENABLE', true); # on/off gui log - option override GUI settings +define('SQUIDGUARD_LOG_ENABLE', true); # on/off SG log - option override GUI settings + +# +define('FLT_DEFAULT_ALL', 'all'); +define('FLT_NOTALLOWIP', '!in-addr'); + +# owner user name (squid system user - need for define rights access) +define('OWNER_NAME', 'proxy'); + +# Debug +define('DEBUG_ON', 'true'); + +# ============================================================================== +# black list +# ============================================================================== +# known black list standard names +# ------------------------------------------------------------------------------ +define('FLT_AD', 'ads'); +define('FLT_AGGRESSIVE', 'aggressive'); +define('FLT_AUDIOVIDEO', 'audio-video'); +define('FLT_DRUGGS', 'druggs'); +define('FLT_GAMBLING', 'gambling'); +define('FLT_HACKING', 'hacking'); +define('FLT_MAIL', 'mail'); +define('FLT_PORN', 'porn'); +define('FLT_PROXY', 'proxy'); +define('FLT_VIOLENCE', 'viol'); +define('FLT_WAREZ', 'warez'); + +# ============================================================================== +# SquidGuard Configurator +# ============================================================================== + +# ------------------------------------------------------------------------------ +# squidguard system fields +# ------------------------------------------------------------------------------ +define('F_SQUIDGUARD', 'squidGuard'); +define('F_LOGDIR', 'logdir'); +define('F_DBHOME', 'dbhome'); +define('F_WORKDIR', 'workdir'); +define('F_LDAPENABLE', 'ldap_enable'); +define('F_LDAPBINDDN', 'ldapbinddn'); +define('F_LDAPBINDPASS', 'ldapbindpass'); +define('F_LDAPVERSION', 'ldapversion'); +define('F_STRIPNTDOMAIN', 'stripntdomain'); +define('F_STRIPREALM', 'striprealm'); +define('F_BINPATH', 'binpath'); +define('F_PROCCESSCOUNT', 'process_count'); +define('F_SQUIDCONFIGFILE', 'squid_configfile'); +define('F_ENABLED', 'enabled'); +define('F_SGCONF_XML', 'sgxml_file'); + +# other fields +define('F_ITEM', 'item'); +define('F_TIMES', 'times'); +define('F_SOURCES', 'sources'); +define('F_DESTINATIONS', 'destinations'); +define('F_REWRITES', 'rewrites'); +define('F_ACLS', 'acls'); +define('F_DEFAULT', 'default'); +define('F_NAME', 'name'); +define('F_DESCRIPTION', 'description'); +define('F_IP', 'ip'); +define('F_URLS', 'urls'); +define('F_DOMAINS', 'domains'); +define('F_EXPRESSIONS', 'expressions'); +define('F_REDIRECT', 'redirect'); +define('F_TARGETURL', 'targeturl'); +define('F_REPLACETO', 'replaceto'); +define('F_LOG', 'log'); +define('F_ITEM', 'item'); +define('F_DISABLED', 'disabled'); +define('F_TIMENAME', 'timename'); +define('F_DESTINATIONNAME', 'destname'); +define('F_REDIRECT', 'redirect'); +define('F_REWRITE', 'rewrite'); +define('F_MODE', 'mode'); +define('F_REWRITENAME', 'rewritename'); +define('F_OVERDESTINATIONNAME', 'overdestname'); +define('F_OVERREDIRECT', 'overredirect'); +define('F_OVERREWRITE', 'overrewrite'); +define('F_OVERREWRITENAME', 'overrewritename'); +define('F_TIMETYPE', 'timetype'); +define('F_TIMEDAYS', 'timedays'); +define('F_DATRANGE', 'daterange'); +define('F_TIMERANGE', 'sg_timerange'); +define('F_RMOD', 'redirect_mode'); # [redirect_mode] = rmod_int <base- use sgerror.php>; rmod_301; rmod_302; +define('F_NOTALLOWINGIP', 'notallowingip'); # not allowing ip in URL +define('F_USERNAME', 'username'); +define('F_ORDER', 'order'); + +# log +define('F_ENABLELOG', 'enablelog'); +define('F_ENABLEGUILOG', 'enableguilog'); +define('F_LOGROTATION', 'logrotation'); + +#Clean adversiting +define('F_ADV_BLANKIMG', 'adv_blankimg'); + +# transparent mode +define('F_SQUID_TRANSPARENT_MODE', 'squid_transparent_mode'); +define('F_CURRENT_LAN_IP', 'current_lan_ip'); +define('F_CURRENT_GUI_PORT', 'current_gui_port'); +define('F_CURRENT_GUI_PROTO', 'current_gui_protocol'); + +# blacklist +define('F_BLACKLISTENABLED', 'blacklist_enabled'); +define('F_BLACKLISTURL', 'blacklist_url'); + +# ============================================================================== +# Globals +# ============================================================================== +$squidguard_config = array(); # squidGuard config array + +# call default init +sg_init(); + +# ------------------------------------------------------------------------------ +# sg_init - initialize config array +# ------------------------------------------------------------------------------ +function sg_init($init = '') +{ + global $squidguard_config; + + $squidguard_config = array(); + if(empty($init) or !is_array($init) ) { + # default init (for generate minimal config) + $squidguard_config[F_LOGDIR] = SQUIDGUARD_LOGDIR; + $squidguard_config[F_DBHOME] = SQUIDGUARD_DBHOME; + $squidguard_config[F_WORKDIR] = SQUIDGUARD_WORKDIR; + $squidguard_config[F_BINPATH] = SQUIDGUARD_BINPATH; + $squidguard_config[F_SQUIDCONFIGFILE] = SQUID_CONFIGFILE; + $squidguard_config[F_PROCCESSCOUNT] = REDIRECTOR_PROCESS_COUNT; + + } else { + # copy config from $init + foreach($init as $key => $in) + $squidguard_config[$key] = $in; + } + + return $squidguard_config; +} + +# ------------------------------------------------------------------------------ +# sg_loadconfig_xml +# ------------------------------------------------------------------------------ +function sg_load_configxml($filename) +{ + global $squidguard_config; + + sg_init(); + if (file_exists($filename)) { + $xmlconf = file_get_contents($filename); + + if (!empty($xmlconf)) { + $squidguard_config = $xmlconf[F_SQUIDGUARD]; + sg_addlog("sg_load_configxml", "Success update from '$filename'.", SQUIDGUARD_INFO); + } else + sg_addlog("sg_load_configxml", "File '$filename' is empty.", SQUIDGUARD_ERROR); + } else + sg_addlog("sg_load_configxml", "File '$filename' does not exists.", SQUIDGUARD_ERROR); +} + +# ------------------------------------------------------------------------------ +# sg_saveconfig_xml +# ------------------------------------------------------------------------------ +function sg_save_configxml($filename) +{ + global $squidguard_config; + conf_mount_rw(); + file_put_contents($filename, dump_xml_config($squidguard_config, F_SQUIDGUARD)); + conf_mount_ro(); +} + +# ------------------------------------------------------------------------------ +# sg_reconfigure - squidguard reconfiguration +# ------------------------------------------------------------------------------ +function sg_reconfigure() +{ + global $squidguard_config; + $conf_file = SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFIGFILE; + + # 1. check system + sg_check_system(); + + # 2. reconfigure user db + sg_reconfigure_user_db(); + + # 3. generate squidGuard config + $conf = sg_create_config(); + if ($conf) { + conf_mount_rw(); + if ($squidguard_config[F_WORKDIR]) + $conf_file = $squidguard_config[F_WORKDIR] . SQUIDGUARD_CONFIGFILE; + file_put_contents($conf_file, $conf); + file_put_contents(SQUID_LOCALBASE . '/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); # << squidGuard want config '/usr/local/etc/squid' by default + set_file_access($squidguard_config[F_WORKDIR], OWNER_NAME, 0755); + conf_mount_ro(); + sg_addlog("sg_reconfigure", "Save squidGuard config to '$conf_file'.", SQUIDGUARD_INFO); + } else + sg_addlog("sg_reconfigure", "Can't create squidGuard config.", SQUIDGUARD_ERROR); + + # 4. reconfigure squid + squid_reconfigure(); +} + +# ------------------------------------------------------------------------------ +# squid_reconfigure +# Insert in '/usr/local/squid/etc/squid.conf' options: +# redirector_bypass off +# redirect_program /usr/local/squidGuard/bin/squidGuard -c /path_to_config_file +# url_rewrite_children 5 +# ------------------------------------------------------------------------------ + +function squid_reconfigure($remove_only = '') +{ + global $config; + global $squidguard_config; + $conf = ''; + $cust_opt = $config['installedpackages']['squid']['config'][0]['custom_options']; + # remove old options + if (!empty($cust_opt)) { + $conf = explode(";", $cust_opt); + foreach ($conf as $key => $c_opt) { + $t_opt = ltrim($c_opt); + if ((strpos($t_opt, REDIRECTOR_PROGRAM_OPT) === 0) or + (strpos($t_opt, REDIRECT_BYPASS_OPT) === 0) or + (strpos($t_opt, REDIRECT_CHILDREN_OPT) === 0)) + unset($conf[$key]); + } + sg_addlog("squid_reconfigure", "Remove old redirector options from Squid config.", SQUIDGUARD_INFO); + } + + # add new options - if squidGuard enabled + if (empty($remove_only) && ($squidguard_config[F_ENABLED] === 'on')) { + $redirector_path = $squidguard_config[F_BINPATH] . '/squidGuard'; + $redirector_conf = $squidguard_config[F_WORKDIR] . SQUIDGUARD_CONFIGFILE; + + $conf[] = REDIRECTOR_PROGRAM_OPT . " $redirector_path -c $redirector_conf"; + $conf[] = REDIRECT_BYPASS_OPT . " off"; + $conf[] = REDIRECT_CHILDREN_OPT . " " . REDIRECTOR_PROCESS_COUNT; + + sg_addlog("squid_reconfigure", "Add new redirector options to Squid config.", SQUIDGUARD_INFO); + } + + # update config + if (is_array($conf)) $conf = implode(";", $conf); + + /* Only update squid options if we have something to do, otherwise this can interfere with squid's default options in a new install. */ + if ($conf != $cust_opt) { + $config['installedpackages']['squid']['config'][0]['custom_options'] = $conf; + write_config('Update redirector options to squid config.'); + } + + # resync squid package, if installed + if (function_exists('squid_resync')) { + squid_resync(); + } +} + +# ------------------------------------------------------------------------------ +# sg_check_system - check squidguard catalog's and access right's +# ------------------------------------------------------------------------------ +function sg_check_system() +{ + global $squidguard_config; + conf_mount_rw(); + + # check work_dir & create if not exists + $work_dir = $squidguard_config[F_WORKDIR]; + if (!empty($work_dir)) { + # check dir's + if (!file_exists($work_dir)) { + mwexec("mkdir -p $work_dir"); + set_file_access($work_dir, OWNER_NAME, 0755); + sg_addlog("sg_check_system", "Create work dir '$work_dir'.", SQUIDGUARD_WARNING); + } + } + + # check log_dir & create if not exists + $log_dir = $squidguard_config[F_LOGDIR]; + if (!empty($log_dir)) { + if (!file_exists($log_dir)) { + mwexec("mkdir -p $log_dir"); + sg_addlog("sg_check_system", "Create log dir '$log_dir'.", SQUIDGUARD_WARNING); + } + # set access right - need start any time; + # (SG possible start from console and log file will have only root access) + set_file_access($log_dir, OWNER_NAME, 0755); + } + + # check db dir + $db_dir = $squidguard_config[F_DBHOME]; + if (!empty($db_dir)) { + if (!file_exists($db_dir)) { + mwexec("mkdir -p $db_dir"); + sg_addlog("sg_check_system", "Create db dir '$db_dir'.", SQUIDGUARD_WARNING); + } + # set access right + set_file_access($db_dir, OWNER_NAME, 0755); + } + conf_mount_ro(); + + # logrotate + if (file_exists(SQUIDGUARD_SCR_LOGROTATE)) unlink(SQUIDGUARD_SCR_LOGROTATE); + if ($squidguard_config[F_LOGROTATION] == 'on') { + file_put_contents(SQUIDGUARD_SCR_LOGROTATE, sg_script_logrotate()); + set_file_access (SQUIDGUARD_SCR_LOGROTATE, OWNER_NAME, 0755); + } +} +# ============================================================================== +# squidGuard DB +# ============================================================================== +# sg_reconfigure_user_db - reconfigure(update) db user entries +# ------------------------------------------------------------------------------ +function sg_reconfigure_user_db() +{ + global $squidguard_config; + conf_mount_rw(); + $dbhome = $squidguard_config[F_DBHOME]; + + sg_addlog("sg_reconfigure_user_db", "Begin with '$dbhome'", SQUIDGUARD_INFO); + + # create user DB catalog, if not extsts + if (!file_exists($dbhome)) { + if (!mkdir($dbhome, 0755)) { + sg_addlog("sg_reconfigure_user_db", "Can't create user DB directory '$dbhome'.", SQUIDGUARD_ERROR); + return; + } + set_file_access($dbhome, OWNER_NAME, 0755); + sg_addlog("sg_reconfigure_user_db", "Create user DB directory '$dbhome'.", SQUIDGUARD_INFO); + } + + # update destinations to db + $dests = $squidguard_config[F_DESTINATIONS]; + if(!empty($dests)){ + $dst_names = Array(); + $dst_list = Array(); + + sg_addlog("sg_reconfigure_user_db", "Add user entries", SQUIDGUARD_INFO); + foreach($dests[F_ITEM] as $dst) { + $path = "$dbhome/" . $dst[F_NAME]; + $dst_names[] = $path; + $dst_list["usr_{$dst[F_NAME]}"] = $dst[F_NAME]; + + # 1. check destination catalog and create them, if need + if (!file_exists($path)) { + if (!mkdir ($path, 0755)) { + sg_addlog("sg_reconfigure_user_db", "Can't create dir '$path'.", SQUIDGUARD_ERROR); + return; + } + sg_addlog("sg_reconfigure_user_db", "Create dir '$path'.", SQUIDGUARD_INFO); + } + + # 2. build domains file + $domains = $dst[F_DOMAINS]; + if (!empty($domains)) { + $content = trim(str_replace(" ", "\n", $domains)); + file_put_contents($path . '/domains', $content); + sg_addlog("sg_reconfigure_user_db", "Add {$dst[F_NAME]} domains '$domains';", SQUIDGUARD_INFO); + } + unset($domains); + + # 3. build urls file + $urls = $dst[F_URLS]; + if (!empty($urls)) { + $content = trim(str_replace(" ", "\n", $urls)); + file_put_contents($path . '/urls', $content); + sg_addlog("sg_reconfigure_user_db", "Add {$dst[F_NAME]} urls '$content';", SQUIDGUARD_INFO); + } + unset($urls); + + # 4. build expression file + $expr = $dst[F_EXPRESSIONS]; + if (!empty($expr)) { + $content = trim(str_replace("|", " ", $expr)); # delete first and last unnecessary '|' symbol + $content = str_replace(" ", "|", $content); + file_put_contents($path . '/expressions', $content); + sg_addlog("sg_reconfigure_user_db", "Add {$dst[F_NAME]} expressions '$content';", SQUIDGUARD_INFO); + } + unset($expr); + } + + # 5. recursive set files access + set_file_access($dbhome, OWNER_NAME, 0755); + + # 6. rebuild user db ('/var/db/squidGuard') + squidguard_rebuild_db("_usrdb", $dbhome, $dst_list); + } else + sg_addlog("sg_reconfigure_user_db", "User destinations list empty.", SQUIDGUARD_WARNING); + + # 7. remove unused db entries + sg_remove_unused_db_entries(); + conf_mount_ro(); +} + +# ------------------------------------------------------------------------------ +# sg_remove_unused_db_entries +# ------------------------------------------------------------------------------ +function sg_remove_unused_db_entries() +{ + global $squidguard_config; + conf_mount_rw(); + $db_entries = array(); + $file_list = ''; + $dbhome = $squidguard_config[F_DBHOME]; + $workdir = $squidguard_config[F_WORKDIR]; + + # black list entries + # * worked only with 'blacklist entries list file - else may be deleted black list entry + if (file_exists(SQUIDGUARD_BLK_FILELISTPATH)) { + $file_for_del = array(); + + # load blk entries + $db_entries = explode("\n", file_get_contents(SQUIDGUARD_BLK_FILELISTPATH)); + + # $db_entries + add user entries + $dests = $squidguard_config[F_DESTINATIONS]; + if (!empty($dests)) { + foreach($dests[F_ITEM] as $dst) + $db_entries[] = $dst[F_NAME]; + } + + # diff between file list and entries list + $file_list = scan_dir($dbhome); + if (is_array($file_list) and is_array($db_entries)) { + $file_for_del = array_diff($file_list, $db_entries); + } + + # delete + if (is_array($file_for_del) and !empty($file_for_del)) { + foreach($file_for_del as $fd) { + $file_fd = "$dbhome/$fd"; + if (!empty($fd) && ($fd != ".") && ($fd != "..")) { + if (file_exists($file_fd)) { + mwexec("rm -R $file_fd"); + sg_addlog("sg_remove_unused_db_entries", "Removed file '$file_fd'.", SQUIDGUARD_INFO); + } else + sg_addlog("sg_remove_unused_db_entries", "File'$file_fd' not found.", SQUIDGUARD_ERROR); + } + } + } + } + conf_mount_ro(); +} +# ------------------------------------------------------------------------------ +# sg_rebuild_db Rebuild squidGuard DB from list items +# ------------------------------------------------------------------------------ +# $shtag - rebuild SH script TAG +# $rdb_dbhome - DB directory (default: '/var/db/squidGuard') +# $rdb_itemslist - items list as ['dest_key']='dest_DB_path' +# dest_DB_path - path without '$rdb_dbhome' +# example: ['ads_ban']='ads/banners' -> '/var/db/squidGuard/ads/banners' +# ------------------------------------------------------------------------------ +/* +function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist) +{ + global $squidguard_config; + conf_mount_rw(); + $conf = ''; + $conf_path = ''; + $logdir = $squidguard_config[F_LOGDIR]; + $dbhome = $squidguard_config[F_DBHOME]; + + # current dbhome dir + if (!empty($rdb_dbhome)) $dbhome = $rdb_dbhome; + sg_addlog("sg_rebuild_db", "Begin with path '$dbhome'.", SQUIDGUARD_INFO); + + # define - where config will placed + $conf_path = "/tmp/squidGuard_rebuild.conf" . $shtag; + + # make rebuild config; include all found dest items + $conf = sg_create_simple_config($dbhome, $rdb_itemslist); + file_put_contents($conf_path, $conf); + set_file_access($conf_path, OWNER_NAME, 0750); + sg_addlog("sg_rebuild_db", "Create temporary config '$conf_path'.", SQUIDGUARD_INFO); + + # *** SH script *** + $sh_scr = Array(); + $sh_scr[] = "#!/bin/sh"; + $sh_scr[] = "cd $dbhome"; + $sh_scr[] = $squidguard_config[F_BINPATH] . "/squidGuard -c $conf_path -C all"; + $sh_scr[] = "wait"; # wait while SG rebuild DB + + # set DB owner and right access + $sh_scr[] = "chown -R -v " . OWNER_NAME . " $dbhome"; + + # restart squid for changes to take effects + $sh_scr[] = SQUID_LOCALBASE . "/sbin/squid -k reconfigure"; + + # store & exec sh + $sh_scr = implode("\n", $sh_scr); + $shfile = DB_REBUILD_SH . $shtag; + file_put_contents($shfile, $sh_scr); + set_file_access($shfile, OWNER_NAME, 0750); + # ! not background exec ! + mwexec($shfile); + sg_addlog("sg_rebuild_db", "Started SH script '$shfile'.", SQUIDGUARD_INFO); + conf_mount_ro(); +} +*/ +# ------------------------------------------------------------------------------ +# squidguard_rebuild_db Rebuild squidGuard DB from list items +# ------------------------------------------------------------------------------ +# $tag - rebuild task TAG +# $rdb_dbhome - DB directory (default: '/var/db/squidGuard') +# $rdb_itemslist - items list as ['dest_key']='dest_DB_path' +# dest_DB_path - path without '$rdb_dbhome' +# example: ['ads_ban']='ads/banners' -> '/var/db/squidGuard/ads/banners' +# ------------------------------------------------------------------------------ +function squidguard_rebuild_db($tag, $rdb_dbhome, $rdb_itemslist) +{ + global $squidguard_config; + + $dbhome = $rdb_dbhome; + $logdir = $squidguard_config[F_LOGDIR]; + $workdir = $squidguard_config[F_WORKDIR]; + $conf_path = "{$workdir}/squidGuard_{$tag}rebuild.conf"; + + sg_addlog("squidguard_rebuild_db", "Begin with path '$dbhome'.", SQUIDGUARD_INFO); + + # make rebuild config; include all found dest items + $dbitems = array(); + if ($rdb_itemslist) { + # items list as ['dest_key']='dest_DB_path' + foreach ($rdb_itemslist as $it) { + $dbitems[str_replace('/', '_', $it)] = $it; # replace path to name + } + } + file_put_contents($conf_path, sg_create_simple_config($dbhome, $dbitems)); + set_file_access($conf_path, OWNER_NAME, 0750); + sg_addlog("squidguard_rebuild_db", "Create rebuild config '$conf_path'.", SQUIDGUARD_INFO); + + # rebuild blacklist db + mwexec_bg("/usr/bin/nice -n20 " . SQUIDGUARD_BINPATH . "/squidGuard -c $conf_path -C all"); + # wait + while (exec("ps -auxwwww | grep 'squidGuard -c .* -C all' | grep -v grep | awk '{print $2}' | wc -l | awk '{ print $1 }'") > 0) { + sleep (10); + } + set_file_access($dbhome, OWNER_NAME, 0755); + sg_addlog("squidguard_rebuild_db", "Start rebuild DB.", SQUIDGUARD_INFO); +} + +# ============================================================================== +# Log +# ------------------------------------------------------------------------------ +# sg_addlog +# ------------------------------------------------------------------------------ +function sg_addlog($module, $log, $level = 0) +{ + global $squidguard_config; + + # log disabled + if ( SQUIDGUARD_GUILOG_ENABLE === false || $squidguard_config[F_ENABLEGUILOG] != 'on' ) return; + + # log level + if ($level > SQUIDGUARD_GUILOG_LEVEL) return; + + if ($module) $module = "[$module]"; + + $leveltext = ""; + switch($level) { + case SQUIDGUARD_INFO: $leveltext = ""; break; + case SQUIDGUARD_WARNING: $leveltext = "Warning"; break; + default: $leveltext = "Error"; break; + } + + $logfile = ''; + $logfile = SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE; + $log_content = array(); + + setlocale(LC_TIME, ''); + $dt = date("d.m.Y H:i:s"); + + # define logfile + if (!empty($squidguard_config)) { + if (file_exists($squidguard_config[F_LOGDIR])) + $logfile = $squidguard_config[F_LOGDIR] . SQUIDGUARD_CONFLOGFILE; + } else + $log_content[] = "$dt : " . "[sg_addlog] Error: squidguard_config is empty"; + + $tmplog = ''; + if (file_exists($logfile)) + $tmplog = file_get_contents($logfile); + $log_content = explode("\n", $tmplog); + unset($tmplog); + + # shrink to MAXCOUNT log entries + $log_content[] = "$dt : $module $leveltext $log"; + if (count($log_content) > SQUIDGUARD_GUILOG_MAXCOUNT) + array_splice($log_content, 0, SQUIDGUARD_GUILOG_MAXCOUNT - count($log_content)); + + file_put_contents($logfile, implode("\n", $log_content)); +} +# ------------------------------------------------------------------------------ +# sg_getlog +# ------------------------------------------------------------------------------ +function sg_getlog($last_entries_count) +{ + global $squidguard_config; + $log_content = ''; + $logfile = SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE; + + # define logfile + if (!empty($squidguard_config) && file_exists($squidguard_config[F_LOGDIR])) + $logfile = $squidguard_config[F_LOGDIR] . SQUIDGUARD_CONFLOGFILE; + + # get log last 100 entries + if (file_exists($logfile)) { + $log_content = explode("\n", file_get_contents($logfile)); + if (count($log_content) > $last_entries_count) + array_splice($log_content, 0, $last_entries_count - count($log_content)); + + # insert log file name on top + $log_content[0] = $logfile; + $log_content = implode("\n", $log_content); + } + + return $log_content; +} + +# ============================================================================== +# make config +# ============================================================================== +# sg_create_config +# ------------------------------------------------------------------------------ + +function sg_create_config() +{ + global $squidguard_config; + $sgconf = array(); + $sg_tag = new TSgTag; + $error_res = ''; + $temp_str = ''; + + if(!is_array($squidguard_config) || empty($squidguard_config)) { + sg_addlog("sg_create_config", "Bad squidGuard config data.", SQUIDGUARD_ERROR); + return sg_create_simple_config('', '', "Error! Check squidGuard configuration data." . " (sg_create_config: [1])."); + } + + # check configuration data + if (!sg_check_config_data(&$error_res)) { + sg_addlog("sg_create_config", "Bad config data. It's all error_res: $error_res", SQUIDGUARD_ERROR); + sg_addlog("sg_create_config", "Terminated.", SQUIDGUARD_ERROR); + return sg_create_simple_config('', '', "Error! Check squidGuard configuration data." . " (sg_create_config: [2])."); + } + + # --- Header --- + $sgconf[] = CONFIG_SG_HEADER; + $sgconf[] = "logdir {$squidguard_config[F_LOGDIR]}"; + $sgconf[] = "dbhome {$squidguard_config[F_DBHOME]}"; + if ( $squidguard_config[F_LDAPENABLE] == 'on' ) { + $sgconf[] = "ldapbinddn {$squidguard_config[F_LDAPBINDDN]}"; + $sgconf[] = "ldapbindpass {$squidguard_config[F_LDAPBINDPASS]}"; + $sgconf[] = "ldapprotover {$squidguard_config[F_LDAPVERSION]}"; + if ( $squidguard_config[F_STRIPNTDOMAIN] ) + $sgconf[] = "stripntdomain true"; + if ( $squidguard_config[F_STRIPREALM] ) + $sgconf[] = "striprealm true"; + } + + # --- Times --- + if ($squidguard_config[F_TIMES]) { + $temp_str = ''; + foreach($squidguard_config[F_TIMES][F_ITEM] as $tm) { + $sg_tag->clear(); + $sg_tag->set("time", $tm[F_NAME], "", $tm[F_DESCRIPTION]); + + foreach($tm[F_ITEM] as $itm) { + $dts = ($itm[F_TIMETYPE] === "weekly") ? $itm[F_TIMEDAYS] : $itm[F_DATERANGE]; + $sg_tag->items[] = "{$itm[F_TIMETYPE]} $dts {$itm[F_TIMERANGE]}"; + } + $sgconf[] = ""; + $sgconf[] = $sg_tag->tag_text(); + + # log + $temp_str .= " {$tm[F_NAME]}"; + } + # log + $temp_str = !empty($temp_str) ? $temp_str : "Nothing."; + sg_addlog("sg_create_config", "Add times: $temp_str", SQUIDGUARD_INFO); + } + + # --- Sources --- + if ($squidguard_config[F_SOURCES]) { + $temp_str = ''; + foreach($squidguard_config[F_SOURCES][F_ITEM] as $src) { + $sg_tag->clear(); + $sg_tag->set("src", $src[F_NAME], "", $src[F_DESCRIPTION]); + + # separate IP, domains, usernames + if (strpos(trim($src[F_SOURCE]), 'ldapusersearch') === false) { + $tsrc = explode(" ", trim($src[F_SOURCE])); + foreach($tsrc as $sr) { + $sr = trim($sr); + if (empty($sr)) continue; + if (is_ipaddr_valid($sr)) $sg_tag->items[] = "ip $sr"; + elseif (is_domain_valid($sr)) $sg_tag->items[] = "domain $sr"; + elseif (is_username($sr)) $sg_tag->items[] = "user " . str_replace("'", "", $sr); + } + } else { + $sg_tag->items[] = trim($src[F_SOURCE]); + } + + if ($squidguard_config[F_ENABLELOG] == 'on' ) { + if ($src[F_LOG]) $sg_tag->items[] = "log " . SQUIDGUARD_LOGFILE; + } + + $sgconf[] = ""; + $sgconf[] = $sg_tag->tag_text(); + + # log + $temp_str .= " " . $src[F_NAME]; + } + # log + $temp_str = !empty($temp_str) ? $temp_str : "Nothing."; + sg_addlog("sg_create_config", "Add sources: $temp_str", SQUIDGUARD_INFO); + } + + # --- Blacklist --- + # Note! Blacklist must be added to config permanently. It's need for rebuild DB now + + $db_entries = sg_entries_blacklist(); + if (($squidguard_config[F_BLACKLISTENABLED] === 'on') and $db_entries) { + $log_entr_added = ''; + $log_entr_ignored = ''; + sg_addlog("sg_create_config", "Add blacklist entries", SQUIDGUARD_INFO); + foreach($db_entries as $key => $ent) { + $ent_state = array(); + $file_dms = "{$squidguard_config[F_DBHOME]}/$ent/domains"; + $file_urls = "{$squidguard_config[F_DBHOME]}/$ent/urls"; + $file_expr = "{$squidguard_config[F_DBHOME]}/$ent/expressions"; + + # check blacklist acl state + if (file_exists($file_dms)) { + $ent_state['exists'] = 'on'; + $ent_state[F_DOMAINS] = 'on'; + } + if (file_exists($file_urls)) { + $ent_state['exists'] = 'on'; + $ent_state[F_URLS] = 'on'; + } + if (file_exists($file_expr)) { + $ent_state['exists'] = 'on'; + $ent_state[F_EXPRESSIONS] = 'on'; + } + + # create config if blacklist item exists + if ($ent_state['exists']) { + $sg_tag->clear(); + $sg_tag->set("dest", $ent, "", ""); + + if ($ent_state[F_DOMAINS]) $sg_tag->items[] = "domainlist $ent/domains"; + if ($ent_state[F_EXPRESSIONS]) $sg_tag->items[] = "expressionlist $ent/expressions"; + if ($ent_state[F_URLS]) $sg_tag->items[] = "urllist $ent/urls"; + + # Check if $ent contains adv or ads, and F_ADV_BLANKIMG is on then add a custom redirect + $adv_pos = strpos($ent,'_adv'); + $ads_pos = strpos($ent, '_ads'); + if ( ($ads_pos > 0 || $adv_pos > 0) && $squidguard_config[F_ADV_BLANKIMG] == 'on') + $sg_tag->items[] = "redirect " . sg_redirector_base_url($dst[F_REDIRECT], RMOD_INT_BLANKIMG); + + if ($squidguard_config[F_ENABLELOG] == 'on' ) { + $sg_tag->items[] = "log ". SQUIDGUARD_LOGFILE; + } + + $sgconf[] = ""; + $sgconf[] = $sg_tag->tag_text(); + + # log + $log_entr_added .= " $ent;"; + } else { + $sgconf[] = "\t# Config ERROR: Destination '$ent' not found in DB"; + $log_entr_ignored .= " $ent;"; + } + } + + # log 'added' and 'ignored' + if (!empty($log_entr_added)) sg_addlog("sg_create_config", "Added: $log_entr_added .", SQUIDGUARD_INFO); + if (!empty($log_entr_ignored)) sg_addlog("sg_create_config", "Ignored: $log_entr_ignored .", SQUIDGUARD_WARNING); + } + + # --- Destinations --- + if ($squidguard_config[F_DESTINATIONS]) { + $temp_str = ''; + foreach($squidguard_config[F_DESTINATIONS][F_ITEM] as $dst) { + $dstname = $dst[F_NAME]; + $sg_tag->clear(); + $sg_tag->set("dest", $dst[F_NAME], "", $dst[F_DESCRIPTION]); + + if ($dst[F_DOMAINS]) + $sg_tag->items[] = "domainlist $dstname/domains"; + if ($dst[F_EXPRESSIONS]) + $sg_tag->items[] = "expressionlist $dstname/expressions"; + if ($dst[F_URLS]) + $sg_tag->items[] = "urllist $dstname/urls"; + if ($dst[F_RMOD] != RMOD_NONE) + $sg_tag->items[] = "redirect " . sg_redirector_base_url($dst[F_REDIRECT], $dst[F_RMOD]); + if ($squidguard_config[F_ENABLELOG] == 'on' ) { + if ($dst[F_LOG]) + $sg_tag->items[] = "log " . SQUIDGUARD_LOGFILE; + } + + $sgconf[] = ""; + $sgconf[] = $sg_tag->tag_text(); + + # log + $temp_str .= " $dstname;"; + } + # log + $temp_str = !empty($temp_str) ? $temp_str : "Nothing."; + sg_addlog("sg_create_config", "Add destinations: $temp_str", SQUIDGUARD_INFO); + } + + # --- Rewrites --- + if ($squidguard_config[F_REWRITES]) { + $temp_str = ''; + $log_entr_added = ''; + $log_entr_err = ''; + foreach($squidguard_config[F_REWRITES][F_ITEM] as $rew) { + $sg_tag->clear(); + $sg_tag->set("rew", $rew[F_NAME], "", ""); + + if (is_array($rew[F_ITEM])) { + foreach ($rew[F_ITEM] as $rw) + $sg_tag->items[] = "s@{$rw[F_TARGETURL]}@{$rw[F_REPLACETO]}@{$rw[F_MODE]}"; + + if ($squidguard_config[F_ENABLELOG] == 'on' ) { + if ($rew[F_LOG]) + $sg_tag->items[] = "log " . SQUIDGUARD_LOGFILE; + } + + $sgconf[] = ""; + $sgconf[] = $sg_tag->tag_text(); + # log + $log_entr_added .= " {$rew[F_NAME]};"; + } + else { + $sgconf[] = ""; + $sgconf[] = "# Rewrite {$rew[F_NAME]} error."; + # log + $log_entr_err .= " {$rew[F_NAME]};"; + } + } + + # log + if (!empty($log_entr_added)) sg_addlog("sg_create_config", "Add rewrites: $log_entr_added", SQUIDGUARD_INFO); + if (!empty($log_entr_err)) sg_addlog("sg_create_config", "Add rewrites error $log_entr_err", SQUIDGUARD_ERROR); + } + + # ---------------------------------------- + $entry_blacklist = sg_entries_blacklist(); + + # --- ACL --- + $sg_tag->clear(); + $sg_tag->set("acl", "", "", ""); + if ($squidguard_config[F_ACLS]) { + $temp_str = ''; + $log_entr_added = ''; + foreach($squidguard_config[F_ACLS][F_ITEM] as $acl) { + if (!$acl[F_DISABLED]) { + $sg_acltag = new TSgTag; + $sg_acltag->set($acl[F_NAME], "", $acl[F_TIMENAME], $acl[F_DESCRIPTION]); + + # delete blacklist entries from 'pass' if blacklist disabled + if ($squidguard_config[F_BLACKLISTENABLED] !== 'on') { + acl_remove_blacklist_items(&$acl[F_DESTINATIONNAME]); + acl_remove_blacklist_items(&$acl[F_OVERDESTINATIONNAME]); + } + + # not allowing IP in URL + if ($acl[F_NOTALLOWINGIP]) { + $acl[F_DESTINATIONNAME] = "!in-addr {$acl[F_DESTINATIONNAME]}"; + $acl[F_OVERDESTINATIONNAME] = "!in-addr {$acl[F_OVERDESTINATIONNAME]}"; + } + + # re-order acl pass (<white><!in-addr><deny><allow><all|none>) + $acl[F_DESTINATIONNAME] = sg_aclpass_reorder($acl[F_DESTINATIONNAME]); + $acl[F_OVERDESTINATIONNAME] = sg_aclpass_reorder($acl[F_OVERDESTINATIONNAME]); + + # ontime + $sg_acltag->items[] = "pass {$acl[F_DESTINATIONNAME]}"; + if ($acl[F_RMOD] != RMOD_NONE) + $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[F_REDIRECT], $acl[F_RMOD]); + if ($acl[F_REWRITENAME]) + $sg_acltag->items[] = "rewrite {$acl[F_REWRITENAME]}"; + if ($squidguard_config[F_ENABLELOG] == 'on' ) { + if ($acl[F_LOG]) + $sg_acltag->items[] = "log " . SQUIDGUARD_LOGFILE; + } + + # overtime + if ($acl[F_TIMENAME]) { + $sg_acltag->items[] = "} else {"; + $sg_acltag->items[] = "pass {$acl[F_OVERDESTINATIONNAME]}"; + if ($acl[F_REDIRECMODE] !== RMOD_NONE) + $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[F_OVERREDIRECT], $acl[F_RMOD]); + if ($acl[F_OVERREWRITENAME]) + $sg_acltag->items[] = "rewrite {$acl[F_OVERREWRITENAME]}"; + if ($squidguard_config[F_ENABLELOG] == 'on' ) { + if ($acl[F_LOG]) + $sg_acltag->items[] = "log " . SQUIDGUARD_LOGFILE; + } + } + $sg_tag->items[] = $sg_acltag; + } + $log_entr_added .= " {$acl[F_NAME]};"; + } + # log + $log_entr_added = !empty($log_entr_added) ? $log_entr_added : "Nothing."; + sg_addlog("sg_create_config", "Add ACL's: $log_entr_added", SQUIDGUARD_INFO); + } + + # --- Default --- + $sg_tag_def = new TSgTag; + $sg_tag_def->set("default", "", "", ""); + $def = $squidguard_config[F_DEFAULT]; + sg_addlog("sg_create_config", "Add Default", SQUIDGUARD_INFO); + if ($def) { + $temp_str = ''; + + # delete blacklist entries from 'pass' if blacklist disabled + if ($squidguard_config[F_BLACKLISTENABLED] !== 'on') + acl_remove_blacklist_items(&$def[F_DESTINATIONNAME]); + + # not allowing IP in URL + if ($def[F_NOTALLOWINGIP]) + $def[F_DESTINATIONNAME] = "!in-addr " . $def[F_DESTINATIONNAME]; + + # re-order acl pass (<allow><deny<all|none>) + $def[F_DESTINATIONNAME] = sg_aclpass_reorder($def[F_DESTINATIONNAME]); + + # ! 'Default' must use without times ! + $sg_tag_def->items[] = "pass {$def[F_DESTINATIONNAME]}"; + if ($def[F_RMOD] !== RMOD_NONE) + $sg_tag_def->items[] = "redirect " . sg_redirector_base_url($def[F_REDIRECT], $def[F_RMOD]); + if ($def[F_REWRITENAME]) + $sg_tag_def->items[] = "rewrite {$def[F_REWRITENAME]}"; + if ($squidguard_config[F_ENABLELOG] == 'on' ) { + if ($def[F_LOG]) + $sg_tag_def->items[] = "log " . SQUIDGUARD_LOGFILE; + } + } # <- if def + else { + $msg = "ACL 'default' is empty, will use default 'block all'"; + $sg_tag_def->items[] = "# $msg"; + $sg_tag_def->items[] = "pass none"; + $sg_tag_def->items[] = "redirect " . sg_redirector_base_url('', RMOD_INT_ERRORPAGE); + sg_addlog("sg_create_config", "$msg.", SQUIDGUARD_ERROR); + } + + # --- ACL end --- + $sg_tag->items[] = $sg_tag_def; # add 'default' ACL object + $sgconf[] = ""; + $sgconf[] = $sg_tag->tag_text(); + + # delete "\n" chars before each string - SG bug (first string of config must be not empty) + foreach ($sgconf as $key => $val) $sgconf[$key] = ltrim($sgconf[$key], "\n"); + return implode("\n", $sgconf); +} + +# ------------------------------------------------------------------------------ +# sg_create_simple_config +# Create config for DB rebuilding +# Default rule - block all +# Variables: +# $blk_dbhome - temporary DB home dir, may be different with DBHOME +# $blk_destlist - is array as [dst_name] = 'path', +# where path - catalog without dbhome path +# For example: dbhome is '/var/db/squidGuard/', +# path can be 'usr/ads' or 'bl/poxy' +# $redirect_to - redirector string +# ------------------------------------------------------------------------------ +function sg_create_simple_config($blk_dbhome, $blk_destlist, $redirect_to = "404") +{ + global $squidguard_config; + $sgconf = array(); + $logdir = $squidguard_config[F_LOGDIR]; + $dbhome = $blk_dbhome ? $blk_dbhome : $squidguard_config[F_DBHOME]; + + sg_addlog("sg_create_simple_config", "Begin with dbhome='$dbhome'.", SQUIDGUARD_INFO); + + # header + $sgconf[] = CONFIG_SG_HEADER; + + # init section + $sgconf[] = "logdir $logdir"; + $sgconf[] = "dbhome $dbhome"; + if ( $squidguard_config[F_LDAPENABLE] == 'on' ) { + $sgconf[] = "ldapbinddn {$squidguard_config[F_LDAPBINDDN]}"; + $sgconf[] = "ldapbindpass \"{$squidguard_config[F_LDAPBINDPASS]}\""; + $sgconf[] = "ldapprotover {$squidguard_config[F_LDAPVERSION]}"; + if ( $squidguard_config[F_STRIPNTDOMAIN] ) + $sgconf[] = "stripntdomain true"; + if ( $squidguard_config[F_STRIPREALM] ) + $sgconf[] = "striprealm true"; + } + + $sgconf[] = ""; + + # destination section + if (is_array($blk_destlist)) { + foreach($blk_destlist as $dst => $dpath) { + $tmp_s = array(); + + # check item elements + if (file_exists("$dbhome/$dpath/domains")) $tmp_s[] = "\t domainlist $dpath/domains"; + if (file_exists("$dbhome/$dpath/urls")) $tmp_s[] = "\t urllist $dpath/urls"; + if (file_exists("$dbhome/$dpath/expressions")) $tmp_s[] = "\t expressionlist $dpath/expressions"; + + # create only valid items + if (!empty($tmp_s)) { + $tmp_s = implode("\n", $tmp_s); + $sgconf[] = "dest $dst {\n $tmp_s \n}\n"; + sg_addlog("sg_create_simple_config", "Added item '$dst' = '$dbhome/$dpath'.", SQUIDGUARD_INFO); + } else + sg_addlog("sg_create_simple_config", "Ignored empty item '$dst' = '$dbhome/$dpath'.", SQUIDGUARD_WARNING); + } + } + + # acl section + $sgconf[] = "acl {\n\t default {\n\t\t pass all "; + $sgconf[] = "\t\t redirect " . sg_redirector_base_url($redirect_to, RMOD_INT_ERRORPAGE); # use sgerror only! + $sgconf[] = "\t } \n}"; + + # delete "\n" chars before each string - SG bug (first string of config must be not empty) + foreach ($sgconf as $key => $val) $sgconf[$key] = ltrim($sgconf[$key], "\n"); + + return implode("\n", $sgconf); +} + +# ------------------------------------------------------------------------------------------------- +# sg_redirector_base_url +# $url - url where redirect to +# $use_internal - ignore 'Redirect mode' option, use internal (for rebuild config, for example) +# +# ------------------------------------------------------------------------------------------------- +function sg_redirector_base_url($rdr_info, $redirect_mode) +{ + global $squidguard_config; + $rdr_path = ''; + + # gui port, ip & proto + $guiip = (!empty($squidguard_config[F_CURRENT_LAN_IP])) ? $squidguard_config[F_CURRENT_LAN_IP] : '127.0.0.1'; + $guiport = (!empty($squidguard_config[F_CURRENT_GUI_PORT])) ? $squidguard_config[F_CURRENT_GUI_PORT] : '80'; + $rdr_path = "http://$guiip:$guiport" . REDIRECT_BASE_URL; + + # check redirect + $errmsg = ''; + if (!sg_check_redirect($redirect_mode, $rdr_info, &$errmsg)) { + $redirect_mode = RMOD_INT_ERRORPAGE; + $rdr_info = "Bad redirect settings. $errmsg Check you configuration."; + sg_addlog("sg_redirector_base_url", "$errmsg", SQUIDGUARD_ERROR); + } + + switch($redirect_mode) { + case RMOD_EXT_ERR: $rdr_path = "$rdr_info" . REDIRECT_URL_ARGS; break; + case RMOD_EXT_RDR: $rdr_path = "$rdr_info"; break; + case RMOD_EXT_MOVED: $rdr_path = "301:$rdr_info"; break; + case RMOD_EXT_FOUND: $rdr_path = "302:$rdr_info"; break; + case RMOD_INT_BLANKPAGE: $rdr_path .= "?url=blank&msg=" . rawurlencode($rdr_info) . REDIRECT_URL_ARGS; break; + case RMOD_INT_BLANKIMG: $rdr_path .= "?url=blank_img&msg=" . rawurlencode($rdr_info) . REDIRECT_URL_ARGS; break; + case RMOD_INT_SIZELIMIT: $rdr_path .= "?url=maxlen_$rdr_info" . REDIRECT_URL_ARGS; break; + case RMOD_INT_ERRORPAGE: + default: $rdr_path .= "?url=" . rawurlencode("403 $rdr_info") . REDIRECT_URL_ARGS; break; + } + + sg_addlog("sg_redirector_base_url", "Select redirector base url ($rdr_path)", SQUIDGUARD_INFO); + return $rdr_path; +} + +# ------------------------------------------------------------------------------------------------- +# sg_aclpass_reorder +# ------------------------------------------------------------------------------------------------- +function sg_aclpass_reorder($pass) +{ + $ar_pass = explode(" ", $pass); + + # 'pass' order: <white> <!in_addr> <deny> <allow> <all|none> + if (is_array($ar_pass)) { + $pass_end = ''; + $pass_fst = array(); # whitelist - '^' prefix (will deleted) + $pass_sec = array(); # blacklist - '!' prefix + $pass_lst = array(); # allow + foreach ($ar_pass as $val) { + $tk = trim($val); + if ($tk === 'all' or $tk === 'none') + $pass_end = $val; + elseif (strpos($tk, "^") !== false) + # delete '^' prefix + $pass_fst[] = str_replace('^', '', $val); + elseif (strpos($tk, "!") !== false) + $pass_sec[] = $val; + else + $pass_lst[] = $val; + } + $ar_pass = array_merge($pass_fst, $pass_sec, $pass_lst); + $ar_pass[] = $pass_end; + } + return implode(" ", $ar_pass); +} + +# ------------------------------------------------------------ +# sg_check_config_data +# ------------------------------------------------------------ +function sg_check_config_data ($input_errors) +{ + global $squidguard_config; + $elog = array(); + $times = sg_list_itemsfield($squidguard_config[F_TIMES], F_NAME); + $sources = sg_list_itemsfield($squidguard_config[F_SOURCES], F_NAME); + $destinations = sg_list_itemsfield($squidguard_config[F_DESTINATIONS], F_NAME); + $rewrites = sg_list_itemsfield($squidguard_config[F_REWRITES], F_NAME); + $acls = array(); + + # --- Times --- + if ($squidguard_config[F_TIMES]) { + $key_tm = array_count_values($times); + foreach($squidguard_config[F_TIMES][F_ITEM] as $tm) { + # check name as unique and name format + $tm_name = $tm[F_NAME]; + $err_s = ''; + if (!check_name_format($tm_name, &$err_s)) + $elog[] = "(T1) TIME '$tm_name' error: >>> $err_s"; + + if ($key_tm[$tm_name] > 1) + $elog[] = "(T2) TIME '$tm_name' error: duplicate time name '$tm_name'"; + + # check time items format + sg_check_time($tm, &$elog); + } + } + + # --- Sources --- + if ($squidguard_config[F_SOURCES]) { + $key_src = array_count_values($sources); + foreach($squidguard_config[F_SOURCES][F_ITEM] as $src) { + # check name as unique and name format + $src_name = $src[F_NAME]; + $err_s = ''; + if (!check_name_format($src_name, &$err_s)) + $elog[] = "(A1) ACL '$src_name'error: $err_s"; + + if ($key_src[$src_name] > 1) + $elog[] = "(A2) ACL '$src_name' error: duplicate source name '$src_name'"; + + sg_check_src($src, $elog); + } + } + + # --- Destinations --- + if ($squidguard_config[F_DESTINATIONS]) { + $key_dst = array_count_values($destinations); + foreach($squidguard_config[F_DESTINATIONS][F_ITEM] as $dst) { + # check name as unique and name format + $dst_name = $dst[F_NAME]; + $err_s = ''; + if (!check_name_format($dst_name, &$err_s)) + $elog[] = "(D1) DEST '$dst_name' error: $err_s"; + + if ($key_dst[$dst_name] > 1) + $elog[] = "(D2) DEST '$dst_name' error: duplicate destination name '$dst_name'"; + # + sg_check_dest($dst, &$elog); + } + } + + # --- Blacklist --- + if ($squidguard_config[F_BLACKLISTENABLED]) { + $blk_entries_file = SQUIDGUARD_BLK_FILELISTPATH; + if (file_exists($blk_entries_file)) { + $blk_entr = explode("\n", file_get_contents($blk_entries_file)); + foreach($blk_entr as $entr) { + if ($entr) { + $destinations[] = $entr; + # check entry for exists + $dbfile = $squidguard_config[F_DBHOME] . "/$entr"; + if (!file_exists($dbfile)) + $elog[] = "(B1) BLACKLIST '$entr' error: file '$dbfile' not found"; + } + } + } + } + + # --- Rewrites --- + if ($squidguard_config[F_REWRITES]) { + $key_rw = array_count_values($rewrites); + foreach($squidguard_config[F_REWRITES][F_ITEM] as $rw) { + # check check name as unique and name format + $rw_name = $rw[F_NAME]; + $err_s = ''; + if (!check_name_format($rw_name, &$err_s)) + $elog[] = "(R1) REWRITE '$rw_name' error: $err_s"; + + if ($key_rw[$rw_name] > 1) + $elog[] = "(R2) REWRITE '$rw_name' error: duplicate rewrite name '$rw_name'"; + } + } + + $key_times = array_count_values($times); + $key_sources = array_count_values($sources); + $key_destinations = array_count_values($destinations); + $key_rewrites = array_count_values($rewrites); + + # --- ACLs --- + if ($squidguard_config[F_ACLS]) { + $acls = array(); + foreach($squidguard_config[F_ACLS][F_ITEM] as $acl) { + # skip disabled acl + if ($acls[F_DISABLED]) continue; + + $acl_name = $acl[F_NAME]; + + # check acl name for unique and exists (as source items) + if ($acl_name and !$key_sources[$acl_name]) + $elog[] = "(A1) ACL '$acl_name' error: acl name '$acl_name' not found"; + + $acls[] = $acl_name; + $key_acls = array_count_values($acls); + if ($key_acls[$acl_name] > 1) + $elog[] = "(A2) ACL '$acl_name' error: duplicate acl name '$acl_name'"; + + # check time + $time = $acl[F_TIMENAME]; + if ($time and !$key_times[$time]) # time name must exists + $elog[] = "(A3) ACL '$acl_name' error: time name '$time' not found"; + + # check destinations + if ($acl[F_DESTINATIONNAME]) { + $acldest = $acl[F_DESTINATIONNAME]; + $acldest = str_replace("!", "", $acldest); + $acldest = str_replace("^", "", $acldest); + $acldest = explode(" ", $acldest); + $key_acldest = array_count_values($acldest); + foreach($acldest as $adest) { + # check duplicates destinations in acl + if ($key_acldest[$adest] > 1) + $elog[] = "(A4) ACL '$acl_name' error: duplicate destination name '$adest'. Any destination must included once."; + # check destinations for exists + if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) + $elog[] = "(A5) ACL '$acl_name' error: destination name '$adest' not found"; + } + } else { + $elog[] = "(A6) ACL '$acl_name' error: ontime pass list is empty. Added 'none'."; + $acl[F_DESTINATIONNAME] = "none"; + } + + # check overtime destinations + if ($time) { + if ($acl[F_OVERDESTINATIONNAME]) { + $acloverdest = $acl[F_OVERDESTINATIONNAME]; + $acloverdest = str_replace("!", "", $acloverdest); + $acloverdest = str_replace("^", "", $acloverdest); + $acloverdest = explode(" ", $acloverdest); + $key_acloverdest = array_count_values($acloverdest); + foreach($acloverdest as $adest) { + # check duplicates destinations in acl + if ($key_acloverdest[$adest] > 1) + $elog[] = "(A7) ACL '$acl_name' error: duplicate overtime destination name '$adest'. Any destination must included once."; + # check destinations for exists + if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) + $elog[] = "(A8) ACL '$acl_name' error: overtime destination name '$adest' not found"; + } + } else { + $elog[] = "(A9) ACL '$acl_name' error: overtime pass list is empty. Added 'none'."; + $acl[F_OVERDESTINATIONNAME] = "none"; + } + } + + # check rewrite + $rew = $acl[F_REWRITENAME]; + if ($rew and !$key_rewrites[$rew]) + $elog[] = "(AA) ACL '$acl_name' error: rewrite name '$rew' not found"; + + # check overtime rewrite + $overrew = $acl[F_OVERREWRITENAME]; + if ($time and $overrew and !$key_rewrites[$overrew]) + $elog[] = "(AB) ACL '$acl_name' error: overtime rewrite name '$overrew' not found"; + + # check redirect + $redir = $acl[F_REDIRECT]; + $overredir = $acl[F_OVERREDIRECT]; + } + } + + # --- Default --- + if ($squidguard_config[F_ACLS]) { + $def = $squidguard_config[F_DEFAULT]; + + # check time + $time = $def[F_TIMENAME]; + if ($time and !$key_times[$time]) # time name must exists + $elog[] = "(DF1) ACL 'default' error: time name '$time' not found"; + + # check destinations + if ($def[F_DESTINATIONNAME]) { + $defdest = $def[F_DESTINATIONNAME]; + $defdest = str_replace("!", "", $defdest); + $defdest = str_replace("^", "", $defdest); + $defdest = explode(" ", $defdest); + $key_defdest = array_count_values($defdest); + foreach($defdest as $adest) { + # check duplicates destinations in acl + if ($key_defdest[$adest] > 1) + $elog[] = "(DF2) ACL 'default' error: duplicate destination name '$adest'. Any destination must included once."; + # check destinations for exists + if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) + $elog[] = "(DF3) ACL 'default' error: destination name '$adest' not found"; + } + } else { + $elog[] = "(DF4) ACL 'default' error: ontime pass list is empty. Added 'none'."; + $def[F_DESTINATIONNAME] = "none"; + } + + # check rewrite + $rew = $def[F_REWRITENAME]; + if ($rew and !$key_rewrites[$rew]) + $elog[] = "(DF5) ACL 'default' error: rewrite name '$rew' not found"; + + # check overtime rewrite + $overrew = $def[F_OVERREWRITENAME]; + if ($time and $overrew and !$key_rewrites[$overrew]) + $elog[] = "(DF6) ACL 'default' error: overtime rewrite name '$overrew' not found"; + + # check redirect + $redir = $def[F_REDIRECT]; + $overredir = $def[F_OVERREDIRECT]; + } + + # update log + if (!empty($elog)) { + $input_errors = (is_array($input_errors)) ? array_merge($input_errors, $elog) : implode("\n", $elog); + } + + return empty($elog); +} + +# ========================== UTILS ============================================= + +# ------------------------------------------------------------------------------ + + +# ============================================================================== +# self utils +# ============================================================================== +# Set file access +# ------------------------------------------------------------------------------ +function set_file_access($dir, $owner, $mod) +{ + $mod = sprintf("%o", $mod); + if (!file_exists($dir)) return; + # recursive change access + mwexec("chown -R -v $owner $dir"); + mwexec("chgrp -R -v $owner $dir"); + mwexec("chmod -R -v $mod $dir"); +} +# ------------------------------------------------------------------------------ +# scan_dir - build files listing for $dir +# ------------------------------------------------------------------------------ +function scan_dir($dir) +{ + $files = array(); + if (file_exists($dir)) { + $dh = opendir($dir); + while (false !== ($filename = readdir($dh))) { + # skip '.' and '..' names + if (($filename !== '.') and ($filename !== '..')) $files[] = $filename; + } + sort($files); + } + return $files; +} + +# ****************************************************************************** +# squidguard utils +# ****************************************************************************** +# sg_list_itemsfield - get items field list +# ------------------------------------------------------------------------------ +function sg_list_itemsfield($xml_items, $fld_name) +{ + $ls = array(); + if (is_array($xml_items[F_ITEM])) + foreach($xml_items[F_ITEM] as $it) { + $ls[] = $it[$fld_name]; + } + return $ls; +} + +# ------------------------------------------------------------------------------ +# is_url - check url an err_codes +# ------------------------------------------------------------------------------ +if(!function_exists("is_url")) { + function is_url($url) + { + if (empty($url)) return false; + if (preg_match("/^(http|https):\/\//i", $url)) return true; + if (strstr("blank", $url)) return true; + if (strstr("blank_img", $url)) return true; + if (preg_match("/^((30[1235]{1})|(40[0-9]{1})|(41[0-7]{1})|(50[0-5]{1}))/i", $url)) return true; # http error code 30x, 4xx, 50x. + return false; + } +} + +# url as 'domain/path': 'mydomain.com/index.php' +function is_dest_url($url) +{ + $fmt = "[a-zA-Z0-9_-]"; + + if (empty($url)) return false; + if (preg_match("/^(($fmt){1,}\.){1,}($fmt){2,}(\/(.[^\*][^ ])*)/i", $url)) return true; + return false; +} +# ------------------------------------------------------------------------------ +# is_masksubnet - check ip/mask +# ------------------------------------------------------------------------------ +function is_masksubnet($subnet) +{ + if (!is_string($subnet)) + return false; + + list($ip,$msk) = explode('/', $subnet); + if (!is_ipaddr($ip) || !is_ipaddr($msk)) + return false; + + return true; +} +# ------------------------------------------------------------------------------ +# is_iprange - check ip1-ip2 +# ------------------------------------------------------------------------------ +function is_iprange_sg($ip_range) { + if (!is_string($ip_range)) return false; + + list($ip1,$ip2) = explode('-', $ip_range); + if (!is_ipaddr($ip1) || !is_ipaddr($ip2)) return false; + + # ip2 < ip1 - wrong + if (ipcmp(ip2, ip1) === -1) return false; + + return true; +} +# ------------------------------------------------------------------------------ +# is_ipaddr_valid - validate IP, subnet, IP range +# ------------------------------------------------------------------------------ +function is_ipaddr_valid($val) +{ + return is_string($val) && (is_ipaddr($val) || is_masksubnet($val) || is_subnet($val) || is_iprange_sg($val)); +} + +# ------------------------------------------------------------------------------ +# is_domain_valid - check domain format +# ------------------------------------------------------------------------------ +function is_domain_valid($domain) +{ + $dm_fmt = "([a-z0-9\-]{1,})"; + $dm_fmt = "/^(($dm_fmt{1,}\.){1,}$dm_fmt{2,})+$/i"; # example: (my.)(super.)(domain.)com + return is_string($domain) && preg_match($dm_fmt, trim($domain)); +} + +# ------------------------------------------------------------------------------ +# is_username - check username +# ------------------------------------------------------------------------------ +function is_username($username) +{ + $unm_fmt = "/^\'[a-zA-Z_0-9\.\-]{1,}\'$/i"; + return is_string($username) && preg_match($unm_fmt, trim($username)); +} +# ------------------------------------------------------------------------------ +# check name +# ------------------------------------------------------------------------------ +function check_name_format ($name, $input_errors) +{ + $elog = array(); + $val = trim($name); + + if ((strlen($val) < 2) || (strlen($val) > 16)) + $elog[] = " Size of name '$val' must be between [2..16]."; + + # All symbols must be [a-zA-Z_0-9\-] First symbol = letter. + if (!preg_match("/^([a-zA-Z]{1})([a-zA-Z_0-9\-]+)$/i", $val)) + $elog[] = " Invalid name $name. Valid name symbols: ['a-Z', '_', '0-9', '-']. First symbol must be a letter."; + + # update log + if (!empty($elog)) { + $input_errors = (is_array($input_errors)) ? array_merge($input_errors, $elog) : implode("\n", $elog); + } + + return empty($elog); +} +# ****************************************************************************** +# squidguard check +# ****************************************************************************** +# check redirect +# ------------------------------------------------------------------------------ +function sg_check_redirect($rdr_mode, $rdr_info, $err_msg) +{ + $res = true; + switch($rdr_mode) { + case RMOD_EXT_ERR: case RMOD_EXT_RDR: case RMOD_EXT_MOVED: case RMOD_EXT_FOUND: + $res = is_url($rdr_info); + if (!$res) $err_msg = "Valid URL expected, but '$rdr_info' found."; + break; + case RMOD_INT_SIZELIMIT: + $res = is_numeric($rdr_path); + if (!$res) $err_msg = "Valid number value expected, but '$rdr_info' found."; + break; + case RMOD_INT_BLANKPAGE: case RMOD_INT_BLANKIMG: case RMOD_INT_ERRORPAGE: + default: + $res = true; break; + } + return $res; +} + +# ------------------------------------------------------------------------------ +# sg_check_time +# ------------------------------------------------------------------------------ +function sg_check_time($sgtime, $input_errors) +{ + $err = ''; + $days = array("*", "mon", "tue", "wed", "thu", "fri", "sat", "sun"); + $timetypes = array("weekly", "date"); + + if (is_array($sgtime[F_ITEM])) { + # check date and time + foreach ($sgtime[F_ITEM] as $item) { + if (!in_array(trim($item[F_TIMETYPE]), $timetypes)) + $err .= " Invalid type '{$item[F_TIMETYPE]}'."; + if (!in_array(trim($item[F_TIMEDAYS]), $days)) + $err .= " Invalid week day '{$item[F_TIMEDAYS]}'."; + if (trim($item[F_DATERANGE])) $err .= check_date(trim($item[F_DATERANGE])); + if (trim($item[F_TIMERANGE])) $err .= check_time(trim($item[F_TIMERANGE])); + } + } + + # errors update + if (!empty($err)) $input_errors[] = "TIME '{$sgtime[F_NAME]}': $err"; + return empty($err); +} + +# ------------------------------------------------------------------------------ +# sg_check_dest +# ------------------------------------------------------------------------------ +function sg_check_dest($sgx, $input_errors) +{ + $elog = array(); + $dm = explode(" ", $sgx[F_DOMAINS]); +# $ex = explode(" ", $sgx[F_EXPRESSIONS]); + $ur = explode(" ", $sgx[F_URLS]); + array_packitems(&$dm); + array_packitems(&$ur); + + # domain or ip + foreach ($dm as $d_it) { + if ($d_it && !is_domain_valid($d_it) && !is_ipaddr($d_it)) $elog[] = "Item '$d_it' is not a domain."; + } + + # url + foreach ($ur as $u_it) + if ($u_it && !is_dest_url($u_it)) $elog[] = "Item '$u_it' is not a url."; + + # check redirect + sg_check_redirect($sgx[F_RMOD], $sgx[F_REDIRECT], &$elog); + + # update log + if (!empty($elog)) { + $elog = "DEST '{$sgx[F_NAME]}': " . implode(" ", $elog); + if (is_array($input_errors)) + $input_errors[] = $elog; + else $input_errors = $elog; + } + return empty($elog); +} + +# ------------------------------------------------------------------------------ +# sg_check_src +# ------------------------------------------------------------------------------ +function sg_check_src($sgx, $input_errors) +{ + $elog = array(); + + # source may be as one ('source') field or as two ('ip' and 'domain') fields + $src = (isset($sgx[F_SOURCE])) ? $sgx[F_SOURCE] : $sgx[F_IP] . " " . $sgx[F_DOMAINS]; + if (strpos($sgx[F_SOURCE], 'ldapusersearch') === false) { + $src = explode(" ", $src); + foreach ($src as $s_item) { + if ($s_item) { + if (!is_ipaddr_valid($s_item) and !is_domain_valid($s_item) and !is_username($s_item) and (strpos($s_item, 'ldapusersearch') !== false)) + $elog[] = "SRC '{$sgx[F_NAME]}': Item '$s_item' is not a ip address or a domain or a 'username'."; + } + } + } + + # update log + if (!empty($elog)) { + $input_errors = (is_array($input_errors)) ? array_merge($input_errors, $elog) : implode("\n", $elog); + } + + return empty($elog); +} + +# ------------------------------------------------------------------------------ +# check rebuild blacklist +# ------------------------------------------------------------------------------ +function is_blacklist_update_started() +{ + return exec("ps auxw | grep \"[s]quidGuard_blk_rebuild\" | awk '{print $2}' | wc -l | awk '{ print $1 }'"); +} + +# ------------------------------------------------------------------------------ +# Strings +# ------------------------------------------------------------------------------ +# str_pack_spaces - replace two and more space to single +# ------------------------------------------------------------------------------ +function str_packspaces($str) +{ + while(strpos($str, ' ')) $str = str_replace(' ', ' ', $str); +} + +function array_packitems($arval) +{ + if (is_array($arval)) { + $arval = array_map("trim", $arval); # trim all items + $arval = array_diff($arval, array(' ', '')); # exclude ' ' abd '' elements + $arval = array_unique($arval); # unique items + $arval = array_values($arval); # pack array + } + return $arval; +} + +# ----------------------------------------------------------------------------- +# check date +# date or date range format: 'yyyy-mm-dd', 'yyyy-m-d', 'yyyy.mm.dd' 'yyyy.mm.dd-yyyy.mm.dd' +# date mask format: '*-mm-dd', 'yyyy-*-dd', 'yyyy.mm.*' (but not for range) +# ----------------------------------------------------------------------------- +function check_date($date) +{ + $err = ''; + $val = trim($date); + $dtfmt = "/^([0-9]{4})\.([0-9]{2})\.([0-9]{2})/i"; + + # check date range + if (preg_match("{$dtfmt}-{$dtfmt}$", $val)) { + $val = explode("-", str_replace(".", '', $val)); + if (intval($val[0]) >= intval($val[1])) + $err .= "Invalid date range, begin range must be less than the end. {$val[0]} - {$val[1]}"; + } + elseif (!preg_match("/^(([0-9]{4})|[*])\.(([0-9]{2})|[*])\.(([0-9]{2})|[*])$/i", $val)) { + $err .= "Bad date format."; + } + + if ($err) + $err = " Invalid date '$date'. + $err + You mast use date or date range format: 'yyyy.mm.dd' and 'yyyy.mm.dd-yyyy.mm.dd'. + Also possible use mask * (mean any). Example: '*-10-01', '1990-*-*'."; + return $err; +} + +# ----------------------------------------------------------------------------- +# check time +# ----------------------------------------------------------------------------- +function check_time($time) +{ + $err = ''; + $time = trim($time); + + if (empty($time)) return ''; + + # time range format: 'HH:MM-HH:MM' + if (!preg_match("/^([0-2][0-9])\:([0-5][0-9])-([0-2][0-9])\:([0-5][0-9])$/i", $time)) + $err = "Invalid time range '$time'. You must use 'HH:MM-HH:MM' time range format. "; + else { + $tms = str_replace("-", "\n", $time); + $tmsview = explode("\n", $tms); + $tms = str_replace(":", "", $tms); + $tms = explode("\n", $tms); + if ($tms[0] >= 2400) + $err .= "Invalid time range var1='{$tmsview[0]}' must be < '24:00'. "; + if ($tms[1] > 2400) + $err .= "Invalid time range var2='{$tmsview[1]}' must be <= '24:00'. "; + if ($tms[0] >= $tms[1]) + $err .= "Invalid time range var1='{$tmsview[0]}' must be < var2='{$tmsview[1]}'. "; + } + + return $err; +} + +# ----------------------------------------------------------------------------- +# acl_remove_blacklist_items +# ----------------------------------------------------------------------------- +function acl_remove_blacklist_items($items) +{ + # add !items and ^items + $db_entries = sg_entries_blacklist(); + if (!is_array($db_entries)) + return; + $tdb_entries = array(); + foreach ($db_entries as $ent) { + $tdb_entries[] = $ent; + $tdb_entries[] = "!$ent"; + $tdb_entries[] = "^$ent"; + } + $db_entries = $tdb_entries; + unset($tdb_entries); + + # delete blacklist entries from 'pass' if blacklist disabled + $items = explode(" ", $items); + $items = implode(" ", array_diff($items, $db_entries)); + return $items; +} + +# ----------------------------------------------------------------------------- +# sg_script_logrotate +# truncate SG logfile to $lines +# ----------------------------------------------------------------------------- +function sg_script_logrotate() +{ + + global $squidguard_config; + + $sglogname = $squidguard_config[F_LOGDIR] . "/" . SQUIDGUARD_LOGFILE; + $sgguilogname = $squidguard_config[F_LOGDIR] . "/" . SQUIDGUARD_GUILOGFILE; + $sgconflogname = $squidguard_config[F_LOGDIR] . "/" . SQUIDGUARD_CONFLOGFILE; + $res = +<<<EOD +#!/bin/sh +# +# This file generated automaticly with SquidGuard configurator +# Rotates the block logfile +tail -{$lines} {$sglogname} > {$sglogname}.0 +tail -{$lines} {$sglogname}.0 > {$sglogname} +rm -f {$sglogname}.0 +# Rotates the squidguard GUI logile +tail -{$lines} {$sgguilogname} > {$sgguilogname}.0 +tail -{$lines} {$sgguilogname}.0 > {$sgguilogname} +rm -f {$sgguilogname}.0 +# Rotates the squidguard conf logile +tail -{$lines} {$sgconflogname} > {$sgconflogname}.0 +tail -{$lines} {$sgconflogname}.0 > {$sgconflogname} +rm -f {$sgconflogname}.0 +EOD; + return $res; +} + +# ------------------------------------------------------------------------------ +# squidguard_setup_cron +# ------------------------------------------------------------------------------ +function squidguard_cron_install() +{ + global $squidguard_config; + + $on_off = $squidguard_config[F_LOGROTATION] == 'on'; + + $opt = ""; + if ($on_off) { + $opt = array("0", "0", "*", "*", "*", "root", "/usr/bin/nice -n20 " . SQUIDGUARD_SCR_LOGROTATE); + } + squidguard_setup_cron("squidGuard_logrotate", $opt, $on_off); +} + +# ------------------------------------------------------------------------------ +# squidguard_setup_cron +# ------------------------------------------------------------------------------ +# $options: [0]='minute', [1]='hour', [2]='mday', [3]='month', [4]='wday', [5]='who', [6]='command' +# ------------------------------------------------------------------------------ +function squidguard_setup_cron($task_key, $options, $on_off) +{ + global $config; + $cron_item = array(); + + # $on_off = TRUE/FALSE - install/deinstall cron task: + # prepare new cron item + if (is_array($options)) { + $cron_item['minute'] = $options[0]; + $cron_item['hour'] = $options[1]; + $cron_item['mday'] = $options[2]; + $cron_item['month'] = $options[3]; + $cron_item['wday'] = $options[4]; + $cron_item['who'] = ($options[5]) ? $options[5] : 'nobody'; + $cron_item['command'] = $options[6]; + } + + # unset old cron task with $task_key + if (!empty($task_key)) { + $flag_cron_upd = false; + # delete old cron task if exists + if (is_array($config['cron']['item'])) { + foreach($config['cron']['item'] as $key => $val) { + if (strpos($config['cron']['item'][$key]['command'], $task_key) !== false) { + unset($config['cron']['item'][$key]); + $flag_cron_upd = true; + break; + } + } + } + + # set new cron task + if (($on_off === true) and !empty($cron_item)) { + $config['cron']['item'][] = $cron_item; + $flag_cron_upd = true; + } + + # write config and configure cron only if cron task modified + if ($flag_cron_upd === true) { + write_config("Installed cron task '$task_key' for 'squidGuard' package"); + configure_cron(); + } + } + else { + # ! error $name ! + return; + } +} + +# ***************************************************************************** +# RAMDisk +# Temp ramdisk for quickly DB update +# ***************************************************************************** +function squidguard_ramdisk($enable) +{ + $ramsize = 300; + + # delete old squidguard ramdisk + if (file_exists("/dev/md15")) { + mwexec("umount -f " . SQUIDGUARD_TMP); + mwexec("sleep 1"); + mwexec("mdconfig -d -u 15"); + } + + if ($enable === true) { + # create temp ramdisk + # size 300Mb very nice for work with Archive < 30Mb + # this is size use physical RAM + Swap file + mwexec("/sbin/mdmfs -s {$ramsize}M md15 " . SQUIDGUARD_TMP); + mwexec("chmod 1777 " . SQUIDGUARD_TMP); + } +} + +# ****************************************************************************** +# Blacklist +# ****************************************************************************** + +# ------------------------------------------------------------------------------ +# squidguard_update_stat +# ------------------------------------------------------------------------------ +function squidguard_update_log($msg, $new="") +{ + $to = $new ? ">" : ">>"; # create new or save to exists file + mwexec("echo $msg $to " . SG_UPDATE_STATFILE); +} + +# ----------------------------------------------------------------------------- +# squidguard_blacklist_update_start() +# ----------------------------------------------------------------------------- +function squidguard_blacklist_update_start($url_filename) +{ + # 1. if started - calncel + if (squidguard_blacklist_update_IsStarted()) squidguard_blacklist_update_cancel(); + + # 2. delete old script + if (file_exists(SCR_NAME_BLKUPDATE)) unlink(SCR_NAME_BLKUPDATE); + + # 3. create new php script & set permissions + file_put_contents(SCR_NAME_BLKUPDATE, squidguard_script_blacklistupdate($url_filename, "")); + set_file_access (SCR_NAME_BLKUPDATE, OWNER_NAME, 0755); + + # 4. start script background + mwexec_bg(SCR_NAME_BLKUPDATE); +} + +# ----------------------------------------------------------------------------- +# squidguard_blacklist_update_cancel +# ----------------------------------------------------------------------------- +function squidguard_blacklist_update_cancel() +{ + # kill script and SG update process + mwexec("kill `ps auxwwww | grep '" . SCR_NAME_BLKUPDATE . "' | grep -v 'grep' | awk '{print $2}'`"); + mwexec("kill `ps auxwwww | grep 'squidGuard -c .* -C all' | grep -v 'grep' | awk '{print $2}'`"); + squidguard_ramdisk(false); + + squidguard_update_log("Blacklist update terminated by user.", ""); +} + +# ----------------------------------------------------------------------------- +# squidguard_blacklist_update_clearlog +# ----------------------------------------------------------------------------- +function squidguard_blacklist_update_clearlog() +{ + # zero file + file_put_contents(SG_UPDATE_STATFILE, ""); +} + +# ----------------------------------------------------------------------------- +# squidguard_blacklist_update_IsStarted() +# ----------------------------------------------------------------------------- +function squidguard_blacklist_update_IsStarted() +{ + return exec("ps auxwwww | grep '" . SCR_NAME_BLKUPDATE . "' | grep -v 'grep' | awk '{print $2}' | wc -l | awk '{ print $1 }'"); +} + +# ----------------------------------------------------------------------------- +# sg_reconfigure_blacklist($source_filename, $opt) +# $source_filename - file name or url +# $opt - option: +# '' or 'local' - update from local file +# 'url' - update from url +# ----------------------------------------------------------------------------- +function sg_reconfigure_blacklist($source_filename, $opt = '') +{ + global $squidguard_config; + $sf = trim($source_filename); + $sf_contents = ''; + + sg_addlog("sg_reconfigure_blacklist", "Begin blacklist update.", SQUIDGUARD_INFO); + squidguard_update_log("Begin blacklist update", "New"); + + # 1. check system + sg_check_system(); + + # 2. download + if ($sf[0] === "/") { # local file - example '/tmp/blacklists.tar' + sg_addlog("sg_reconfigure_blacklist", "Update from file '$sf'.", SQUIDGUARD_INFO); + squidguard_update_log("Copy archive from file '$sf'"); + if (file_exists($sf)) { + $sf_contents = file_get_contents($sf); + } else { + sg_addlog("sg_reconfigure_blacklist", "File '$sf' not found.", SQUIDGUARD_ERROR); + squidguard_update_log("File '$sf' not found."); + return; + } + } + # from url + else { + sg_addlog("sg_reconfigure_blacklist", "Download from url '$sf'.", SQUIDGUARD_INFO); + squidguard_update_log("Start download."); + $sf_contents = sg_uploadfile_from_url($sf, $opt); + } + + # 3. update + if (empty($sf_contents)) { + sg_addlog("sg_reconfigure_blacklist", "Bad content from '$sf'. Terminate.", SQUIDGUARD_ERROR); + squidguard_update_log("Bad content from '$sf'. Terminate."); + return; + } + + # save black list archive content to local file + file_put_contents(SG_UPDATE_TARFILE, $sf_contents); + + # update blacklist + sg_update_blacklist(SG_UPDATE_TARFILE); +} + +# ------------------------------------------------------------------------------ +# sg_update_blacklist - update blacklist from file +# How it's work: +# - unpack tar archive to temp dir +# - copy subdir's tree to one-level TempDB +# - rebuild TempDB +# - create Blacklist files listing and copy to values dir and TempDB dir +# - background rebuild temp DB via sh script (longer proccess) and copy to work DB +# ------------------------------------------------------------------------------ + +function sg_update_blacklist($from_file) +{ + global $squidguard_config; + $dbhome = SQUIDGUARD_DBHOME; + $workdir = SQUIDGUARD_WORKDIR; + $tmp_unpack_dir = SQUIDGUARD_TMP . SQUIDGUARD_BL_UNPACK; + $arc_db_dir = SQUIDGUARD_TMP . SG_BLK_ARC; + $conf_path = SQUIDGUARD_VAR . DB_REBUILD_BLK_CONF; + $blklist_file = SQUIDGUARD_BLK_FILELISTPATH; + + sg_addlog("sg_update_blacklist", "Begin with '$from_file'.", SQUIDGUARD_INFO); + + if (file_exists($from_file)) { + # check work and DB dir's + if (file_exists($squidguard_config[F_DBHOME])) $dbhome = $squidguard_config[F_DBHOME]; + if (file_exists($squidguard_config[F_WORKDIR])) $workdir = $squidguard_config[F_WORKDIR]; + + # delete old tmp dir's + if (file_exists($tmp_unpack_dir)) mwexec("rm -R $tmp_unpack_dir"); + if (file_exists($arc_db_dir)) mwexec("rm -R $arc_db_dir"); + squidguard_ramdisk(false); + + # create new tmp/arc dir's, use ramdisk for quick operations + squidguard_ramdisk(true); + mwexec("mkdir -p -m 0755 $tmp_unpack_dir"); + mwexec("mkdir -p -m 0755 $arc_db_dir"); + + # 1. unpack archive + squidguard_update_log("Unpack archive"); + mwexec("tar zxvf $from_file -C $tmp_unpack_dir"); + set_file_access($tmp_unpack_dir, OWNER_NAME, 0755); + sg_addlog("sg_update_blacklist", "Unpack uploaded file '$from_file' -> '$tmp_unpack_dir'.", SQUIDGUARD_INFO); + + # 2. copy blacklist to TempDB base & create entries list + squidguard_update_log("Scan blacklist categories."); + if (file_exists($tmp_unpack_dir)) { + $blk_items = array(); + $blk_list = array(); + + # scan blacklist items + scan_blacklist_cat($tmp_unpack_dir, "blk", & $blk_items); + + # move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB) + foreach ($blk_items as $key => $val) { + $current_dbpath = "$arc_db_dir/$key"; + if (count($val)) { + # make blk_list for config file + $blk_list[$key] = $key; + + # delete '$current_dbpath' for correct moving + # need moving $val['path'] to $current_dbpath + # if $current_dbpath exists, then $val['path'] will created as subdir - !it's worng! + if (file_exists($current_dbpath)) + mwexec("rm -R $current_dbpath"); + mwexec("mv -f {$val['path']}/ $current_dbpath"); + sg_addlog("sg_update_blacklist", "Move {$val['path']}/ -> $current_dbpath.", SQUIDGUARD_INFO); + } + } + set_file_access($arc_db_dir, OWNER_NAME, 0755); + + # create entries list + if (count($blk_items)) { + # save to temp DB + $cont = implode("\n", array_keys($blk_items)); + + # temp blacklist files + $blklist_file = $arc_db_dir . SQUIDGUARD_BLK_FILELIST; + file_put_contents($blklist_file, $cont); + set_file_access ($blklist_file, OWNER_NAME, 0755); + + # system blacklist files + $blklist_file = SQUIDGUARD_BLK_FILELISTPATH; + file_put_contents($blklist_file, $cont); + set_file_access ($blklist_file, OWNER_NAME, 0755); + + sg_addlog("sg_update_blacklist", "Create DB entries list '$blklist_file'.", SQUIDGUARD_INFO); + squidguard_update_log("Found " . count($blk_items) . " items."); + } + + # rebuild db & save to work dir + squidguard_update_log("Start rebuild DB."); + squidguard_rebuild_db("blk_", $arc_db_dir, $blk_list); + + squidguard_update_log("Copy DB to workdir."); + $blklist_file = $arc_db_dir . SQUIDGUARD_BLK_FILELIST; + mwexec("cp -R -p $arc_db_dir/ $dbhome"); + mwexec("cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR); + set_file_access($dbhome, OWNER_NAME, 0755); + + squidguard_update_log("Reconfigure Squid proxy."); + mwexec(SQUID_LOCALBASE . "/sbin/squid -k reconfigure"); + + squidguard_update_log("Blacklist update complete."); + + } + + # free ramdisk + squidguard_ramdisk(false); + } + else sg_addlog("sg_update_blacklist", "File $from_file not found.", SQUIDGUARD_ERROR); +} + +# ----------------------------------------------------------------------------- +# sg_entries_blacklist +# ----------------------------------------------------------------------------- +function sg_entries_blacklist() +{ + $contents = ''; + + $fl = SQUIDGUARD_BLK_FILELISTPATH; + if (file_exists($fl)) + $contents = explode("\n", file_get_contents($fl)); + + return $contents; +} +# ----------------------------------------------------------------------------- +# sg_blacklist_rebuild_db - rebuild current Blacklist DB (default: '/var/db/squidGuard') +# ----------------------------------------------------------------------------- +/* +function sg_blacklist_rebuild_db() +{ + global $squidguard_config; + $dst_list = array(); + $dbhome = $squidguard_config[F_DBHOME]; + $workdir = $squidguard_config[F_WORKDIR]; + + # current dbhome and work dir's + sg_addlog("sg_blacklist_rebuild_db", "Start with path '$dbhome'.", SQUIDGUARD_INFO); + + # make dest list + $blklist_file = SQUIDGUARD_BLK_FILELISTPATH; + if (file_exists($blklist_file)) { + $blklist = explode("\n", file_get_contents($blklist_file)); + if (is_array($blklist)) + foreach($blklist as $bl) { $dst_list[$bl] = $bl; } + } + + # rebuild user db ('/var/db/squidGuard') + squidguard_rebuild_db("_blkdb", $dbhome, $dst_list); +} +*/ +# ----------------------------------------------------------------------------- +# sg_uploadfile_from_url +# ----------------------------------------------------------------------------- +function sg_uploadfile_from_url($url_file, $proxy = '') +{ + $err = 0; + $download_tmpfile = SG_UPDATE_TMPFILE; #"/tmp/squidguard_download.tmp"; + $download_logfile = SG_UPDATE_LOGFILE; #"/tmp/squidguard_download.log"; + + conf_mount_rw(); + # open destination file + $s = "Download archive '$url_file'" . ( $proxy ? " via proxy'$proxy'" : "" ); + sg_addlog("sg_uploadfile_from_url", $s, SQUIDGUARD_INFO); + squidguard_update_log( $s ); + + # open temp and log files for curl + $ftmp = fopen($download_tmpfile, "w"); # download result file + $flog = fopen($download_logfile, "w"); # download log file + + $result = ''; + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url_file); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_NOPROGRESS, 0); + curl_setopt($ch, CURLOPT_FILE, $ftmp); + curl_setopt($ch, CURLOPT_STDERR, $flog); + + if (!empty($proxy)) { + $ip = ''; + $login = ''; + $s = trim($proxy); + if (strpos($s, ' ')) { + $ip = substr($s, 0, strpos($s, ' ')); + $login = substr($s, strpos($s, ' ') + 1); + } else $ip = $s; + + if($ip != '') { + curl_setopt($ch, CURLOPT_PROXY, $ip); + if($login != '') + curl_setopt($ch, CURLOPT_PROXYUSERPWD, $login); + } + } +# $result=curl_exec ($ch); + curl_exec ($ch); + $err = curl_errno($ch); + if ($err) + squidguard_update_log( "Download error: " . curl_error($ch) ); + else squidguard_update_log( "Download complete" ); + curl_close ($ch); + + # close temp and log files + fclose($ftmp); + fclose($flog); + conf_mount_ro(); + + if (!$err && file_exists( $download_tmpfile )) + $result = file_get_contents( $download_tmpfile ); + return $result; +} + +# ------------------------------------------------------------------------------ +# squidguard_blacklist_restore_arcdb - copy arc blacklist to db +# ------------------------------------------------------------------------------ +function squidguard_blacklist_restore_arcdb() +{ + global $squidguard_config; + $dbhome = $squidguard_config[F_DBHOME] ? $squidguard_config[F_DBHOME] : SQUIDGUARD_DBHOME; + $blklist_file = SQUIDGUARD_BLK_FILELISTPATH; + $arc_db_dir = SQUIDGUARD_DBSAMPLE; + + squidguard_update_log("Restore default blacklist DB.", "new"); + if (file_exists($arc_db_dir)) { + conf_mount_rw(); + # copy arc blacklist to work DB with permissions + mwexec("cp -R -p $arc_db_dir/ $dbhome"); + set_file_access($dbhome, OWNER_NAME, 0755); + sg_addlog("squidguard_blacklist_restore_arcdb", "Restore blacklist archive from '$arc_db_dir'.", SQUIDGUARD_INFO); + + # generate blacklist files list + $blklist = ""; + $files = scan_dir("$arc_db_dir/"); + if ($files) $blklist = implode("\n", $files); + file_put_contents($blklist_file, $blklist); + set_file_access($blklist_file, OWNER_NAME, 0755); + + squidguard_rebuild_db("arc_", $dbhome, $files); + + squidguard_update_log("Reconfigure Squid proxy."); + mwexec(SQUID_LOCALBASE . "/sbin/squid -k reconfigure"); + + conf_mount_ro(); + squidguard_update_log("Restore success."); + } else { + sg_addlog("squidguard_blacklist_restore_arcdb", "File '$arc_db_dir' or '$blklist_file' not found.", SQUIDGUARD_ERROR); + squidguard_update_log("Restore error: File '$arc_db_dir' or '$blklist_file' not found."); + } +} + +# ------------------------------------------------------------------------------ +# scan_blacklist_cat - scan all dirs and subdirs tree and make blk enrties list +# $cur_dir - start directory +# $key_name - current key name +# ------------------------------------------------------------------------------ +# blk entry[key]: +# ["domains"] domains file path +# ["urls"] urls file path +# ["expressions"] expressions file path +# ------------------------------------------------------------------------------ +function scan_blacklist_cat($curdir, $key_name, $cat_array) +{ + + if (file_exists($curdir) and is_dir($curdir)) { + $blk_entry = array(); + $files = scan_dir($curdir); + + foreach($files as $fls) { + $fls_file = "$curdir/$fls"; + + if (($fls != ".") and ($fls != "..")) { + if (is_file($fls_file)) { + + # add files path + switch(strtolower($fls)) { + case "domains": + $blk_entry["domains"] = $fls_file; + $blk_entry["path"] = $curdir; + break; + case "urls": + $blk_entry["urls"] = $fls_file; + $blk_entry["path"] = $curdir; + break; + case "expressions": + $blk_entry["expressions"] = $fls_file; + $blk_entry["path"] = $curdir; + break; + } + } + elseif (is_dir($fls_file)) { + $fls_key = $key_name . "_" . $fls; + + # recursive call + scan_blacklist_cat($fls_file, $fls_key, & $cat_array); + } + } + } + + if (count($blk_entry)) + $cat_array[$key_name] = $blk_entry; + } +} + +# ============================================================================= +# Blacklist Scripts +# ============================================================================= + +# squidGuard blacklist update php script +function squidguard_script_blacklistupdate($fname, $opt) +{ + $sh[] = "#!/usr/local/bin/php -f"; + $sh[] = "<?php"; + $sh[] = " \$incl = \"/usr/local/pkg/squidguard_configurator.inc\";"; + $sh[] = " if (file_exists(\$incl)) {"; + $sh[] = " require_once(\$incl);"; + $sh[] = " sg_reconfigure_blacklist( \"{$fname}\", \"{$opt}\" );"; + $sh[] = " }"; + $sh[] = " exit;"; + $sh[] = "?>"; + return implode ("\n", $sh); +} + +# @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +# classes +# @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ + +class TSgTag +{ + var $tag; + var $name; + var $time; + var $items; + var $desc; + + function __construct() { + $this->clear(); + } + + function clear() { + $this->tag = ''; + $this->name = ''; + $this->time = ''; + $this->items = array(); + $this->desc = ''; + } + + function set($tag, $name, $time, $desc) { + $this->tag = $tag; + $this->name = $name; + $this->time = $time; + $this->desc = $desc; + } + + function tag_text($offset = 0) { + $str = array(); + $off = str_repeat("\t", $offset); + + $str[] = $off . "# {$this->desc}"; + if (empty($this->time)) + $str[] = $off . "{$this->tag} {$this->name} {"; + else $str[] = $off . "{$this->tag} {$this->name} within {$this->time} {"; + + # get items + foreach($this->items as $it) { + if (is_a($it, "TSgTag")) + $str[] = $off . $it->tag_text($offset + 1); # sub tag + else $str[] = $off . "\t{$it}"; # item + } + + $str[] = $off . "}"; + return implode("\n", $str); + } +} + +?> diff --git a/config/squidGuard-devel/squidguard_default.xml b/config/squidGuard-devel/squidguard_default.xml new file mode 100644 index 00000000..01380ea5 --- /dev/null +++ b/config/squidGuard-devel/squidguard_default.xml @@ -0,0 +1,149 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <description><![CDATA[Describe your package here]]></description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidguarddefault</name> + <version>none</version> + <title>Proxy filter SquidGuard: Common Access Control List (ACL)</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> + <tabs> + <tab> + <text>General settings</text> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + </tab> + <tab> + <text>Common ACL</text> + <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Groups ACL</text> + <url>/pkg.php?xml=squidguard_acl.xml</url> + </tab> + <tab> + <text>Target categories</text> + <url>/pkg.php?xml=squidguard_dest.xml</url> + </tab> + <tab> + <text>Times</text> + <url>/pkg.php?xml=squidguard_time.xml</url> + </tab> + <tab> + <text>Rewrites</text> + <url>/pkg.php?xml=squidguard_rewr.xml</url> + </tab> + <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> + <text>Log</text> + <url>/squidGuard/squidguard_log.php</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=squidguard_sync.xml</url> + </tab> + </tabs> + <fields> + <field> + <fielddescr>Target Rules</fielddescr> + <fieldname>dest</fieldname> + <description><![CDATA[]]></description> + <type>input</type> + <size>100</size> + </field> + <field> + <fielddescr>Do not allow IP-Addresses in URL</fielddescr> + <fieldname>notallowingip</fieldname> + <description><![CDATA[To make sure that people do not bypass the URL filter by simply using the IP-Addresses instead of the FQDN you can check this option. This option has no effect on the whitelist.]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Proxy Denied Error</fielddescr> + <fieldname>deniedmessage</fieldname> + <description><![CDATA[The first part of the error message displayed to clients when access was denied. Defaults to <b>"Request denied by $g['product_name'] proxy"</b>]]></description> + <type>textarea</type> + <cols>65</cols> + <rows>2</rows> + </field> + <field> + <fielddescr>Redirect mode</fielddescr> + <fieldname>redirect_mode</fieldname> + <description> + Select redirect mode here. + <br> Note: if you use 'transparent proxy', then 'int' redirect mode will not accessible. +<!-- <br><b> int size limit :</b> if content size 0 or > 'size limit', then client moved to 'blank image' page; --> + <br> Options: + <A title="To 'url' will added special client information;" > + <span style="background-color: #dddddd;" >ext url err page</span></A> , + <A title="Client view 'url' content without any notification about;" > + <span style="background-color: #dddddd;" > ext url redirect</span></A> , + <A title="Client will moved to specified url with displaying url in addres bar;" > + <span style="background-color: #dddddd;" > ext url as 'move'</span></A> , + <A title="Client will moved to specified url with showing progress(only!) in status bar;" > + <span style="background-color: #dddddd;" > ext url as 'found'.</span></A> + </u> + </description> + <type>select</type> + <value>rmod_none</value> + <options> + <!--option><name>none</name> <value>rmod_none</value></option--> + <option><name>int error page (enter error message)</name> <value>rmod_int</value></option> + <option><name>int blank page </name> <value>rmod_int_bpg</value></option> + <!--option><name>int blank image</name> <value>rmod_int_bim</value></option--> + <!--option><name>int size limit (enter size in bytes)</name> <value>rmod_int_szl</value></option--> + <option><name>ext url err page (enter URL)</name> <value>rmod_ext_err</value></option> + <option><name>ext url redirect (enter URL)</name> <value>rmod_ext_rdr</value></option> + <option><name>ext url move (enter URL)</name> <value>rmod_ext_mov</value></option> + <option><name>ext url found (enter URL)</name> <value>rmod_ext_fnd</value></option> + </options> + </field> + <field> + <fielddescr>Redirect info</fielddescr> + <fieldname>redirect</fieldname> + <description><![CDATA[Enter external redirection URL, error message or size (bytes) here.]]></description> + <type>textarea</type> + <cols>65</cols> + <rows>2</rows> + </field> + <field> + <fielddescr>Use SafeSearch engine</fielddescr> + <fieldname>safesearch</fieldname> + <description><![CDATA[ + To protect your children from adult content you can use the protected mode of search engines.<br> + At the moment it is supported by Google, Yandex, Yahoo, MSN, Live Search and Bing. Make sure that the search engines can be accessed. It is recommended to prohibit access to others.<br> + <b>Note:</b> This option overrides 'Rewrite' setting. + ]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Rewrite</fielddescr> + <fieldname>rewrite</fieldname> + <description><![CDATA[Enter the rewrite condition name for this rule or leave it blank.]]></description> + <type>select</type> + </field> + <field> + <fielddescr>Log</fielddescr> + <fieldname>enablelog</fieldname> + <description><![CDATA[Check this option to enable logging for this ACL.]]></description> + <type>checkbox</type> + </field> + </fields> + <custom_php_validation_command> + squidguard_validate_acl(&$_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_command_before_form> + squidguard_before_form_acl(&$pkg, false); + </custom_php_command_before_form> + <custom_php_after_form_command> + squidGuard_print_javascript(); + </custom_php_after_form_command> + <custom_add_php_command/> + <custom_php_resync_config_command> +// squidguard_resync(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squidGuard-devel/squidguard_dest.xml b/config/squidGuard-devel/squidguard_dest.xml new file mode 100644 index 00000000..3525098e --- /dev/null +++ b/config/squidGuard-devel/squidguard_dest.xml @@ -0,0 +1,189 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <description><![CDATA[Describe your package here]]></description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidguarddest</name> + <version>none</version> + <title>Proxy filter SquidGuard: Target categories</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> + <delete_string>A proxy server user has been deleted.</delete_string> + <addedit_string>A proxy server user has been created/modified.</addedit_string> + <tabs> + <tab> + <text>General settings</text> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + </tab> + <tab> + <text>Common ACL</text> + <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> + </tab> + <tab> + <text>Groups ACL</text> + <url>/pkg.php?xml=squidguard_acl.xml</url> + </tab> + <tab> + <text>Target categories</text> + <url>/pkg.php?xml=squidguard_dest.xml</url> + <active/> + </tab> + <tab> + <text>Times</text> + <url>/pkg.php?xml=squidguard_time.xml</url> + </tab> + <tab> + <text>Rewrites</text> + <url>/pkg.php?xml=squidguard_rewr.xml</url> + </tab> + <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> + <text>Log</text> + <url>/squidGuard/squidguard_log.php</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=squidguard_sync.xml</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Redirect</fielddescr> + <fieldname>redirect</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description><![CDATA[ + Enter a unique name of this rule here.<br> + The name must consist between 2 and 15 symbols [a-Z_0-9]. The first one must be a letter.<br> + ]]></description> + <type>input</type> + <size>100</size> + <required/> + </field> + <field> + <fielddescr>Order</fielddescr> + <fieldname>order</fieldname> + <description><![CDATA[ + Select the new position for this target category. Target categories are listed in this order on ALCs and are matched from the top down in sequence.<br> + ]]></description> + <type>select</type> + </field> + <field> + <fielddescr>Domain List</fielddescr> + <fieldname>domains</fieldname> + <description><![CDATA[ + Enter destination domains or IP-addresses here. To separate them use space.<br> + <b>Example:</b> mail.ru e-mail.ru yahoo.com 192.168.1.1 + ]]></description> + <type>textarea</type> + <cols>60</cols> + <rows>10</rows> + </field> + <field> + <fielddescr>URL List</fielddescr> + <fieldname>urls</fieldname> + <description><![CDATA[ + Enter destination URLs here. To separate them use space.<br> + <b>Example:</b> host.com/xxx 12.10.220.125/alisa + ]]></description> + <type>textarea</type> + <cols>60</cols> + <rows>10</rows> + </field> + <field> + <fielddescr>Regular Expression</fielddescr> + <fieldname>expressions</fieldname> + <description><![CDATA[ + Enter word fragments of the destination URL. To separate them use <b>|</b> . + <b>Example:</b> mail|casino|game|\.rsdf$ + ]]></description> + <type>textarea</type> + <cols>60</cols> + <rows>10</rows> + </field> + <field> + <fielddescr>Redirect mode</fielddescr> + <fieldname>redirect_mode</fieldname> + <description> + Select redirect mode here. + <br> Note: if you use 'transparent proxy', then 'int' redirect mode will not accessible. +<!-- <br><b> int size limit :</b> if content size 0 or > 'size limit', then client moved to 'blank image' page; --> + <br> Options: + <A title="To 'url' will added special client information;" > + <span style="background-color: #dddddd;" >ext url err page</span></A> , + <A title="Client view 'url' content without any notification about;" > + <span style="background-color: #dddddd;" > ext url redirect</span></A> , + <A title="Client will moved to specified url with displaying url in addres bar;" > + <span style="background-color: #dddddd;" > ext url as 'move'</span></A> , + <A title="Client will moved to specified url with showing progress(only!) in status bar;" > + <span style="background-color: #dddddd;" > ext url as 'found'.</span></A> + </u> + </description> + <type>select</type> + <value>rmod_none</value> + <options> + <option><name>none</name> <value>rmod_none</value></option> + <option><name>int error page (enter error message)</name> <value>rmod_int</value></option> + <option><name>int blank page </name> <value>rmod_int_bpg</value></option> + <option><name>int blank image</name> <value>rmod_int_bim</value></option> +<!-- <option><name>int size limit (enter size in bytes)</name> <value>rmod_int_szl</value></option> --> + <option><name>ext url err page (enter URL)</name> <value>rmod_ext_err</value></option> + <option><name>ext url redirect (enter URL)</name> <value>rmod_ext_rdr</value></option> + <option><name>ext url move (enter URL)</name> <value>rmod_ext_mov</value></option> + <option><name>ext url found (enter URL)</name> <value>rmod_ext_fnd</value></option> + </options> + </field> + <field> + <fielddescr>Redirect</fielddescr> + <fieldname>redirect</fieldname> + <description><![CDATA[Enter the external redirection URL, error message or size (bytes) here.]]></description> + <type>textarea</type> + <cols>60</cols> + <rows>2</rows> + </field> + <field> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description><![CDATA[You may enter any description here for your reference.]]></description> + <type>input</type> + <size>90</size> + </field> + <field> + <fielddescr>Log</fielddescr> + <fieldname>enablelog</fieldname> + <type>checkbox</type> + <description><![CDATA[Check this option to enable logging for this ACL.]]></description> + </field> + </fields> + <custom_php_command_before_form> + squidguard_before_form_dest(&$pkg); + </custom_php_command_before_form> + <custom_php_validation_command> + squidguard_validate_destination($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + squidguard_resync_dest(); + </custom_php_resync_config_command> + <custom_delete_php_command> + squidguard_resync_dest(); + </custom_delete_php_command> + <custom_php_after_form_command> + squidGuard_print_javascript(); + </custom_php_after_form_command> +</packagegui> diff --git a/config/squidGuard-devel/squidguard_log.php b/config/squidGuard-devel/squidguard_log.php new file mode 100644 index 00000000..8eba2311 --- /dev/null +++ b/config/squidGuard-devel/squidguard_log.php @@ -0,0 +1,327 @@ +<?php +/* $Id$ */ +/* + squidguard_log.php + 2006-2011 Serg Dvoriancev + + part of pfSense (www.pfSense.com) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = "Proxy filter SquidGuard: Log page"; + +require_once('guiconfig.inc'); +require_once('notices.inc'); +if (file_exists("/usr/local/pkg/squidguard.inc")) { + require_once("/usr/local/pkg/squidguard.inc"); +} + +# ------------------------------------------------------------------------------ +# defines +# ------------------------------------------------------------------------------ +$selfpath = "/squidGuard/squidguard_log.php"; + +# ------------------------------------------------------------------------------ +# Requests +# ------------------------------------------------------------------------------ +if ($_REQUEST['getactivity']) +{ + header("Content-type: text/javascript"); + echo squidguard_log_AJAX_response( $_REQUEST ); + exit; +} + +# ------------------------------------------------------------------------------ +# Functions +# ------------------------------------------------------------------------------ + +function squidguard_log_AJAX_response( $request ) +{ + $res = ''; + $offset = $request['offset'] ? $request['offset'] : 0; + $reverse = $request['reverse'] == 'yes'? true : false; + $pcaption = ' '; + + # Actions + switch($request['rep']) { + case 'filterconf': + if (function_exists("squidguard_conflist")) + $cont = squidguard_conflist( ); + else $cont = "Function 'squidguard_conflist' not found."; + $res = squidguard_prep_textareacont($cont); + break; + case 'proxyconf': + if (function_exists("squidguard_squid_conflist")) + $cont = squidguard_squid_conflist( ); + else $cont = "Function 'squidguard_squid_conflist' not found."; + $res = squidguard_prep_textareacont($cont); + break; + case 'guilog': + $res = squidguard_logrep(squidguard_guidump( &$offset, 50, true)); + break; + case 'filterlog': + $res = squidguard_logrep(squidguard_filterdump( &$offset, 50, true)); + break; + case "blocked": + default: + $res = squidguard_logrep(squidguard_blockdump( &$offset, 50, true)); + break; + } + + $res .= "el('offset').value = {$offset};"; + $res .= "el('showoffset').innerHTML = {$offset};"; + return $res; +} + +function squidguard_logrep( $dump ) +{ + $res = ''; + + if (!empty($dump)) { + if (is_array($dump)) { + $acount = count($dump[0]) ? count($dump[0]) : 1; + $res = "<table class=\'tabcont\' width=\'100%\' border=\'0\' cellpadding=\'0\' cellspacing=\'0\'>"; + $res .= "<tr><td class=\'listtopic\' colspan=\'$acount\' nowrap>Show top 50 entries. List from the line: " . + "<span style=\'cursor: pointer;\' onclick=\'report_down();\'><<</span>" . + " <span id='showoffset' >0</span> " . + "<span style=\'cursor: pointer;\' onclick=\'report_up();\'>>></span> " . + "</td></tr>"; + + foreach($dump as $dm) { + if (!$dm[0] || !$dm[1]) continue; + # datetime + $dm[0] = date("d.m.Y H:i:s", strtotime($dm[0])); + $res .= "<tr><td class=\'listlr\' nowrap>{$dm[0]}</td>"; + + # col 1 + $dm[1] = htmlentities($dm[1]); + $dm[1] = squidguard_html_autowrap($dm[1]); + $res .= "<td class=\'listr\'>{$dm[1]}</td>"; + + # for blocked rep + if (count($dm) > 2) { + $dm[2] = htmlentities($dm[2]); + $dm[2] = squidguard_html_autowrap($dm[2]); + $res .= "<td class=\'listr\' width=\'*\'>{$dm[2]}</td>"; + $res .= "<td class=\'listr\'>{$dm[3]}</td>"; + } + $res .= "</tr>"; + } + $res .= "</table>"; + } + else $res = "{$dump}"; + } else { + $res = "No data."; + } + + $res = "el(\"reportarea\").innerHTML = \"{$res}\";"; + return $res; +} + +function squidguard_prepfor_JS($cont) +{ + # replace for JS + $cont = str_replace("\n", "\\n", $cont); + $cont = str_replace("\r", "\\r", $cont); + $cont = str_replace("\t", "\\t", $cont); + $cont = str_replace("\"", "\'", $cont); + return $cont; +} + +function squidguard_prep_textareacont($cont) +{ + $cont = squidguard_prepfor_JS($cont); + return + "el('reportarea').innerHTML = \"<br><center><textarea rows=25 cols=70 id='pconf' name='pconf' wrap='hard' readonly></textarea></center>\";" . + "el('pconf').innerHTML = '$cont';"; +} + +function squidguard_html_autowrap($cont) +{ + # split strings + $p = 0; + $pstep = 25; + $str = $cont; + $cont = ''; + for ( $p = 0; $p < strlen($str); $p += $pstep ) { + $s = substr( $str, $p, $pstep ); + if ( !$s ) break; + $cont .= $s . "<wbr/>"; + } + + return $cont; +} + +# ------------------------------------------------------------------------------ +# HTML Page +# ------------------------------------------------------------------------------ + +include("head.inc"); +echo "\t<script type=\"text/javascript\" src=\"/javascript/scriptaculous/prototype.js\"></script>\n"; +?> + +<!-- Ajax Script --> +<script type="text/javascript"> + +function el(id) { + return document.getElementById(id); +} + +function getactivity(action) { + var url = "./squidguard_log.php"; + var pars = 'getactivity=yes'; + var act = action; + var offset = 0; + var reverse = 'yes'; + + if (action == 'report_up') { + act = el('reptype').value; + offset = parseInt(el('offset').value); + offset = offset + 50; + } else + if (action == 'report_down') { + act = el('reptype').value; + offset = parseInt(el('offset').value); + offset = offset - 50; + offset = offset >= 0 ? offset : 0; + } else { + el('reptype').value = action ? action : 'blocklog'; + el('offset').value = 0; + offset = 0; + } + + pars = pars + '&rep=' + act + '&reverse=' + reverse + '&offset=' + offset; + + var myAjax = new Ajax.Request( url, + { + method: 'get', + parameters: pars, + onComplete: activitycallback + }); +} + +function activitycallback(transport) { + + if (200 == transport.status) { + result = transport.responseText; + } else { + el('reportarea').innerHTML = 'Error! Returned code ' + transport.status + ' ' + transport.responseText; + } + sethdtab_selected(); +} + +function report_up() +{ + getactivity('report_up'); +} + +function report_down() +{ + getactivity('report_down'); +} + +function sethdtab_selected() +{ + var sel = "hd_" + el('reptype').value; + + el('hd_blocklog').style.fontWeight = (sel == 'hd_blocklog') ? 'bold' : ''; + el('hd_guilog').style.fontWeight = (sel == 'hd_guilog') ? 'bold' : ''; + el('hd_filterlog').style.fontWeight = (sel == 'hd_filterlog') ? 'bold' : ''; + el('hd_proxyconf').style.fontWeight = (sel == 'hd_proxyconf') ? 'bold' : ''; + el('hd_filterconf').style.fontWeight = (sel == 'hd_filterconf') ? 'bold' : ''; +} + +window.setTimeout('getactivity()', 150); + +</script> + +<!-- HTML --> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<form action="sg_log.php" method="post"> +<input type="hidden" id="reptype" val=""> +<input type="hidden" id="offset" val="0"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<!-- Tabs --> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("General settings"), false, "/pkg_edit.php?xml=squidguard.xml&id=0"); + $tab_array[] = array(gettext("Common ACL"), false, "/pkg_edit.php?xml=squidguard_default.xml&id=0"); + $tab_array[] = array(gettext("Groups ACL"), false, "/pkg.php?xml=squidguard_acl.xml"); + $tab_array[] = array(gettext("Target categories"),false, "/pkg.php?xml=squidguard_dest.xml"); + $tab_array[] = array(gettext("Times"), false, "/pkg.php?xml=squidguard_time.xml"); + $tab_array[] = array(gettext("Rewrites"), false, "/pkg.php?xml=squidguard_rewr.xml"); + $tab_array[] = array(gettext("Blacklist"), false, "/squidGuard/squidguard_blacklist.php"); + $tab_array[] = array(gettext("Log"), true, "$selfpath"); + $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=squidguard_sync.xml&id=0"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + +<?php + # Subtabs + $mode = $mode ? $mode : "blocked"; + $tab_array = array(); + $tab_array[] = array(gettext("Blocked"), ($mode == "blocked"), "blocklog"); + $tab_array[] = array(gettext("Filter GUI log"), ($mode == "fgui"), "guilog"); + $tab_array[] = array(gettext("Filter log"), ($mode == "flog"), "filterlog"); + $tab_array[] = array(gettext("Proxy config"), ($mode == "pconf"), "proxyconf"); + $tab_array[] = array(gettext("Filter config"), ($mode == "fconf"), "filterconf"); + + echo "<big>| "; + foreach ($tab_array as $ta) { + $id = "hd_{$ta[2]}"; + $bb = $ta[1] ? "font-weight: bold;" : ''; + echo "<span id='{$id}' style='cursor: pointer; {$bb}' onclick=\"getactivity('{$ta[2]}');\">{$ta[0]}</span> | "; + } + echo "</big>"; +?> + </td> + </tr> + <tr> + <td id="reportarea" name="reportarea"></td> + </tr> + </table> + </div> + </td> + </tr> +</table> +</form> + +<?php include("fend.inc"); ?> + +<!--script type="text/javascript"> + NiftyCheck(); + Rounded("div#mainarea","bl br","#FFF","#eeeeee","smooth"); +</script--> +</body> +</html> diff --git a/config/squidGuard-devel/squidguard_rewr.xml b/config/squidGuard-devel/squidguard_rewr.xml new file mode 100644 index 00000000..c21cb1c0 --- /dev/null +++ b/config/squidGuard-devel/squidguard_rewr.xml @@ -0,0 +1,144 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <description><![CDATA[Describe your package here]]></description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidguardrewrite</name> + <version>none</version> + <title>Proxy filter SquidGuard: Rewrites</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> + <tabs> + <tab> + <text>General settings</text> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + </tab> + <tab> + <text>Common ACL</text> + <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> + </tab> + <tab> + <text>Groups ACL</text> + <url>/pkg.php?xml=squidguard_acl.xml</url> + </tab> + <tab> + <text>Target categories</text> + <url>/pkg.php?xml=squidguard_dest.xml</url> + </tab> + <tab> + <text>Times</text> + <url>/pkg.php?xml=squidguard_time.xml</url> + </tab> + <tab> + <text>Rewrites</text> + <url>/pkg.php?xml=squidguard_rewr.xml</url> + <active/> + </tab> + <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> + <text>Log</text> + <url>/squidGuard/squidguard_log.php</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=squidguard_sync.xml</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description><![CDATA[ + Enter a unique name of this rule here.<br> + The name must consist between 2 and 15 symbols [a-Z_0-9]. The first one must be a letter.<br> + ]]></description> + <type>input</type> + <required/> + <size>100</size> + </field> + <field> + <fielddescr> + <b>Rewrite rule.</b><br> + Define how url will be replaced.</fielddescr> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>Target URL or regular expression</fielddescr> + <fieldname>targeturl</fieldname> + <type>input</type> + <size>35</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Replace to URL</fielddescr> + <fieldname>replaceto</fieldname> + <type>input</type> + <size>35</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Opt.</fielddescr> + <fieldname>mode</fieldname> + <type>select</type> + <value>no</value> + <options> + <option> <name>---------</name> <value>no</value> </option> + <option> <name>no case </name> <value>nocase</value> </option> + <option> <name>redirect </name> <value>redirect</value> </option> + <option> <name>no case + redirect</name> <value>nocase_redirect</value> </option> + </options> + </rowhelperfield> +<!-- <rowhelperfield> + <fielddescr>Http 301</fielddescr> + <fieldname>http301</fieldname> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Http 302</fielddescr> + <fieldname>http302</fieldname> + <type>checkbox</type> + </rowhelperfield> +--> + </rowhelper> + </field> + <field> + <fielddescr>Log</fielddescr> + <fieldname>enablelog</fieldname> + <description><![CDATA[Check this option to enable logging for this ACL.]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description><![CDATA[You may enter any description here for your reference.<br> + <b>Note:</b><br> + <b>Rewrite rule:</b> Define how the URL will be replaced.<br> + <b>Target URL or Regular Expression:</b> Contains destination URL or regular expression. This is the URL or RegEx the user wants to visit.<br> + <b>Replace to URL:</b> Contains the replacing URL. This is the URL the user will see instead the original one. + ]]></description> + <type>input</type> + <size>100</size> + </field> + </fields> + <custom_php_after_form_command> + squidGuard_print_javascript(); + </custom_php_after_form_command> + <custom_php_validation_command> + squidguard_validate_rewrite($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> +// squidguard_resync_rewrite(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squidGuard-devel/squidguard_sync.xml b/config/squidGuard-devel/squidguard_sync.xml new file mode 100644 index 00000000..f0537faf --- /dev/null +++ b/config/squidGuard-devel/squidguard_sync.xml @@ -0,0 +1,171 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> +<![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* +squidguardsync.xml +part of pfSense (http://www.pfSense.com) +Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> +Copyright (C) 2013 Marcello Coutinho +based on pfblocker_sync.xml +All rights reserved. + +Based on m0n0wall (http://m0n0.ch/wall) +Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. +All rights reserved. +*/ +/* ========================================================================== */ +/* +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, +this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright +notice, this list of conditions and the following disclaimer in the +documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ +]]></copyright> + <description><![CDATA[Describe your package here]]></description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidguardsync</name> + <version>1.3_1 pkg v.1.9</version> + <title>Proxy filter SquidGuard: XMLRPC Sync</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> + <tabs> + <tab> + <text>General settings</text> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + </tab> + <tab> + <text>Common ACL</text> + <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> + </tab> + <tab> + <text>Groups ACL</text> + <url>/pkg.php?xml=squidguard_acl.xml</url> + </tab> + <tab> + <text>Target categories</text> + <url>/pkg.php?xml=squidguard_dest.xml</url> + </tab> + <tab> + <text>Times</text> + <url>/pkg.php?xml=squidguard_time.xml</url> + </tab> + <tab> + <text>Rewrites</text> + <url>/pkg.php?xml=squidguard_rewr.xml</url> + </tab> + <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> + <text>Log</text> + <url>/squidGuard/squidguard_log.php</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=squidguard_sync.xml&id=0</url> + <active/> + </tab> + </tabs> + <fields> + <field> + <name>SquidGuard XMLRPC Sync</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable Sync</fielddescr> + <fieldname>varsyncenablexmlrpc</fieldname> + <description><![CDATA[All changes will be synced immediately to the IPs listed below if this option is checked.<br> + <b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description> + <type>select</type> + <required/> + <default_value>auto</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> + </field> + <field> + <fielddescr>XMLRPC timeout</fielddescr> + <fieldname>varsynctimeout</fieldname> + <description><![CDATA[Timeout in seconds for the XMLRPC timeout. Default: 150]]></description> + <type>input</type> + <default_value>150</default_value> + <size>5</size> + </field> + + <field> + <fielddescr>Destination Server</fielddescr> + <fieldname>none</fieldname> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>Enable</fielddescr> + <fieldname>varsyncdestinenable</fieldname> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>GUI Protocol</fielddescr> + <fieldname>varsyncprotocol</fieldname> + <description><![CDATA[Choose the protocol of the destination host. Probably <b>http</b> or <b>https</b>]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>GUI IP-Address</fielddescr> + <fieldname>varsyncipaddress</fieldname> + <description><![CDATA[IP Address of the destination host.]]></description> + <type>input</type> + <size>15</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>GUI Port</fielddescr> + <fieldname>varsyncport</fieldname> + <description><![CDATA[Choose the port of the destination host.]]></description> + <type>input</type> + <size>3</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>GUI Admin Password</fielddescr> + <fieldname>varsyncpassword</fieldname> + <description><![CDATA[Password of the user "admin" on the destination host.]]></description> + <type>password</type> + <size>20</size> + </rowhelperfield> + </rowhelper> + </field> + </fields> + <custom_delete_php_command> + squidguard_sync_on_changes(); + </custom_delete_php_command> + <custom_php_resync_config_command> + squidguard_sync_on_changes(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squidGuard-devel/squidguard_time.xml b/config/squidGuard-devel/squidguard_time.xml new file mode 100644 index 00000000..dfd589aa --- /dev/null +++ b/config/squidGuard-devel/squidguard_time.xml @@ -0,0 +1,144 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <description><![CDATA[Describe your package here]]></description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidguardtime</name> + <version>none</version> + <title>Proxy filter SquidGuard: Times</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> + <delete_string>A proxy server user has been deleted.</delete_string> + <addedit_string>A proxy server user has been created/modified.</addedit_string> + <tabs> + <tab> + <text>General settings</text> + <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> + </tab> + <tab> + <text>Common ACL</text> + <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url> + </tab> + <tab> + <text>Groups ACL</text> + <url>/pkg.php?xml=squidguard_acl.xml</url> + </tab> + <tab> + <text>Target categories</text> + <url>/pkg.php?xml=squidguard_dest.xml</url> + </tab> + <tab> + <text>Times</text> + <url>/pkg.php?xml=squidguard_time.xml</url> + <active/> + </tab> + <tab> + <text>Rewrites</text> + <url>/pkg.php?xml=squidguard_rewr.xml</url> + </tab> + <tab> + <text>Blacklist</text> + <url>/squidGuard/squidguard_blacklist.php</url> + </tab> + <tab> + <text>Log</text> + <url>/squidGuard/squidguard_log.php</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=squidguard_sync.xml</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description><![CDATA[ + Enter a unique name of this rule here.<br> + The name must consist between 2 and 15 symbols [a-Z_0-9]. The first one must be a letter.<br> + ]]></description> + <type>input</type> + <required/> + <size>100</size> + </field> + <field> + <fielddescr>Values</fielddescr> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>Time type</fielddescr> + <fieldname>timetype</fieldname> + <description><![CDATA[]]></description> + <type>select</type> + <value>weekly</value> + <options> + <option><name>Weekly</name><value>weekly</value></option> + <option><name>Date</name><value>date</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Days</fielddescr> + <fieldname>timedays</fieldname> + <description><![CDATA[]]></description> + <type>select</type> + <value>*</value> + <options> + <option><name>all</name><value>*</value></option> + <option><name>mon</name><value>mon</value></option> + <option><name>tue</name><value>tue</value></option> + <option><name>wed</name><value>wed</value></option> + <option><name>thu</name><value>thu</value></option> + <option><name>fri</name><value>fri</value></option> + <option><name>sat</name><value>sat</value></option> + <option><name>sun</name><value>sun</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Date or Date range</fielddescr> + <fieldname>daterange</fieldname> + <type>input</type> + <size>40</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Time range</fielddescr> + <fieldname>sg_timerange</fieldname> + <description><![CDATA[00:00-08:00]]></description> + <type>input</type> + <size>20</size> + <value>00:00-23:59</value> + </rowhelperfield> + </rowhelper> + </field> + <field> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description><![CDATA[You may enter any description here for your reference.<br> + <b>Note:</b><br> + <b>Example for Date or Date Range:</b> 2007.12.31 <b>or</b> 2007.11.31-2007.12.31 <b>or</b> *.12.31 <b>or</b> 2007.*.31<br> + <b>Example for Time Range:</b> 08:00-18:00 + ]]></description> + <type>input</type> + <size>80</size> + </field> + </fields> + <custom_php_after_form_command> + squidGuard_print_javascript(); + </custom_php_after_form_command> + <custom_php_validation_command> + squidguard_validate_times(&$_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> +// squidguard_resync_time(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc index a65753a1..5ffa14c3 100644 --- a/config/sudo/sudo.inc +++ b/config/sudo/sudo.inc @@ -26,6 +26,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once("config.inc"); $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); switch ($pfs_version) { @@ -71,6 +72,7 @@ function sudo_install() { function sudo_write_config() { global $config; $sudoers = ""; + conf_mount_rw(); if (!is_array($config['installedpackages']['sudo']['config'][0]['row'])) { /* No config, wipe sudoers file and bail. */ unlink(SUDO_SUDOERS); @@ -104,6 +106,7 @@ function sudo_write_config() { log_error("Sudoers file invalid: {$result}"); unlink($tmpsudoers); } + conf_mount_ro(); } /* Get a list of users and groups in a format we can use to make proper sudoers entries. diff --git a/config/sudo/sudo.xml b/config/sudo/sudo.xml index 56163abf..defca988 100644 --- a/config/sudo/sudo.xml +++ b/config/sudo/sudo.xml @@ -3,7 +3,7 @@ <description>Sudo Command Control</description> <requirements>None</requirements> <name>sudo</name> - <version>0.1</version> + <version>0.2</version> <title>Sudo - Shell Command Privilege Delegation Utility</title> <include_file>/usr/local/pkg/sudo.inc</include_file> <menu> diff --git a/config/systempatches/patches.inc b/config/systempatches/patches.inc index 0547f2cf..60c9a391 100644 --- a/config/systempatches/patches.inc +++ b/config/systempatches/patches.inc @@ -29,6 +29,7 @@ require_once("globals.inc"); require_once("util.inc"); +global $git_root_url, $patch_suffix, $patch_dir, $patch_cmd; $git_root_url = "http://github.com/pfsense/pfsense/commit/"; $patch_suffix = ".patch"; $patch_dir = "/var/patches"; diff --git a/config/systempatches/system_patches_edit.php b/config/systempatches/system_patches_edit.php index 5b30c9c5..ffa2fe13 100644 --- a/config/systempatches/system_patches_edit.php +++ b/config/systempatches/system_patches_edit.php @@ -63,6 +63,10 @@ if (isset($id) && $a_patches[$id]) { $pconfig['ignorewhitespace'] = isset($a_patches[$id]['ignorewhitespace']); $pconfig['autoapply'] = isset($a_patches[$id]['autoapply']); $pconfig['uniqid'] = $a_patches[$id]['uniqid']; +} else { + $pconfig['pathstrip'] = 1; + $pconfig['basedir'] = "/"; + $pconfig['ignorewhitespace'] = true; } if (isset($_GET['dup'])) diff --git a/config/systempatches/systempatches.xml b/config/systempatches/systempatches.xml index c5e0a784..73974af0 100644 --- a/config/systempatches/systempatches.xml +++ b/config/systempatches/systempatches.xml @@ -40,7 +40,7 @@ <requirements>None</requirements> <faq>Applies patches supplied by the user to the firewall.</faq> <name>System Patches</name> - <version>0.9</version> + <version>1.0</version> <title>System: Patches</title> <include_file>/usr/local/pkg/patches.inc</include_file> <menu> diff --git a/config/tftp/tftp.xml b/config/tftp/tftp.xml index 720ac212..d6becc6d 100644 --- a/config/tftp/tftp.xml +++ b/config/tftp/tftp.xml @@ -55,7 +55,7 @@ <name>tftp</name> <rcfile>tftp.sh</rcfile> <executable>inetd</executable> - <description>Trivial File Transport Protocol is a very simple file transfer protocol. Often used with routers, voip phones and more.</description> + <description>TFTP daemon</description> </service> <tabs> <tab> diff --git a/config/tftp2/tftp.xml b/config/tftp2/tftp.xml index 6fc6a08d..64f81acf 100644 --- a/config/tftp2/tftp.xml +++ b/config/tftp2/tftp.xml @@ -54,7 +54,7 @@ <service> <name>tftp</name> <executable>inetd</executable> - <description>Trivial File Transport Protocol is a very simple file transfer protocol. Often used with routers, voip phones and more.</description> + <description>TFTP daemon</description> </service> <tabs> <tab> diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index e53168eb..d013608c 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -1,6 +1,6 @@ <?php /* unbound.inc - (C)2010 Warren Baker (warren@decoy.co.za) + (C)2013 Warren Baker (warren@decoy.co.za) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -987,23 +987,25 @@ function unbound_add_domain_overrides($pvt=false) { $result = array(); foreach($sorted_domains as $domain) { $domain_key = current($domain); - if(!isset($result[$domain_key])) { + if (!isset($result[$domain_key])) $result[$domain_key] = array(); - } $result[$domain_key][] = $domain['ip']; } $domain_entries = ""; foreach($result as $domain=>$ips) { - if($pvt == true) { - $domain_entries .= "private-domain: \"$domain\"\n"; - $domain_entries .= "domain-insecure: \"$domain\"\n"; + if ($pvt == true) { + if (strpos($domain, "in-addr.arpa") !== false) + $domain_entries .= "local-zone: \"$domain\" transparent\n"; + else + $domain_entries .= "private-domain: \"$domain\"\n"; + if (isset($config['installedpackages']['unbound']['config'][0]['dnssec_status'])) + $domain_entries .= "domain-insecure: \"$domain\"\n"; } else { $domain_entries .= "stub-zone:\n"; $domain_entries .= "\tname: \"$domain\"\n"; - foreach($ips as $ip) { + foreach($ips as $ip) $domain_entries .= "\tstub-addr: $ip\n"; - } $domain_entries .= "\tstub-prime: no\n"; } } diff --git a/config/urlsnarf/urlsnarf.xml b/config/urlsnarf/urlsnarf.xml new file mode 100644 index 00000000..c65d1a14 --- /dev/null +++ b/config/urlsnarf/urlsnarf.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013 + All rights reserved. +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>urlsnarf</description> + <requirements>None</requirements> + <faq></faq> + <name>urlsnarf</name> + <version>0.0</version> + <title>urlsnarf</title> +</packagegui>
\ No newline at end of file diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index 3449c68b..4adf0575 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -119,95 +119,90 @@ function varnish_start() { /* Build the URL mappings logic VCL config txt */ function varnish_get_url_mappings_txt() { global $g, $config, $urlmappings,$backends_in_use; - $catch_all= "unset"; + $catch_all = "unset"; $isfirst = true; - if($config['installedpackages']['varnishlbdirectors']['config'] != "") { + if ($config['installedpackages']['varnishlbdirectors']['config'] != "") { foreach($config['installedpackages']['varnishlbdirectors']['config'] as $url) { - #check options - $directo_grace_time=""; + // check options + $directo_grace_time = ""; if ($url['customapping']) - $directo_grace_time.=text_area_decode($url['customapping'])."\n\t\t"; - if($url['grace']) - $directo_grace_time.=($url['grace']=="0s"?"return(pass);":"set req.grace=".$url['grace'].";"); - $fieldtype = ($url['fieldtype']?$url['fieldtype']:"=="); - $director_prefix=($url['directorurl'] && $url['directorurl2']?"^http://":""); - #check url - if ( $url['directorurl'] || $url['directorurl2'] || $catch_all == "unset" ){ - if ( $url['directorurl']== "" && $url['directorurl2']== "" ){ - #director with no host or url, so director for catch all traffic not specified in config - $lasturlmappings = "\telse\t{\n\t\tset req.backend = ".$url['directorname'].";\n\t\t}\n"; + $directo_grace_time .= text_area_decode($url['customapping'])."\n\t\t"; + if ($url['grace']) + $directo_grace_time .= ($url['grace'] == "0s" ? "return(pass);" : "set req.grace={$url['grace']};"); + $fieldtype = ($url['fieldtype'] ? $url['fieldtype'] : "=="); + $director_prefix = ($url['directorurl'] && $url['directorurl2'] ? "^http://" : ""); + // check url + if ($url['directorurl'] || $url['directorurl2'] || $catch_all == "unset") { + if ($url['directorurl'] == "" && $url['directorurl2'] == "") { + // director with no host or url, so director for catch all traffic not specified in config + $lasturlmappings = "\telse\t{\n\t\tset req.backend = {$url['directorname']};\n\t\t}\n"; $catch_all = "set"; $isfirst = false; - } - else{ - if(!$isfirst) - $urlmappings .= "\telse "; - if(!$url['directorurl']) { - $urlmappings .= "if (req.url $fieldtype ".'"^'.$url['directorurl2'].'") {'."\n"; - } - else if (!$url['directorurl2']) { - $urlmappings .= "if (req.http.host $fieldtype ".'"'.$url['directorurl'].'") {'."\n"; - } - else { + } else { + if (!$isfirst) + $urlmappings .= "\telse "; + if (!$url['directorurl']) + $urlmappings .= "if (req.url $fieldtype ".'"^'.$url['directorurl2'].'") {'."\n"; + else if (!$url['directorurl2']) + $urlmappings .= "if (req.http.host $fieldtype ".'"'.$url['directorurl'].'") {'."\n"; + else $urlmappings .= "if (req.http.host $fieldtype ".'"'.$url['directorurl'].'"'." && req.url $fieldtype ".'"^'.$url['directorurl2'].'") {'."\n"; - } - $urlbackend = "\t\t\tset req.backend = ".$url['directorname'].";"; - #check rewrite options - if($url['rewritehost']) { - $urlmappings .= "\t\t\tset req.http.host = regsub(req.http.host, ".'"'.$url['directorurl'].'",'.'"'.$url['rewritehost'].'")'.";\n"; - } - if ($url['rewriteurl']) { - $urlmappings .= "\t\t\tset req.url = regsub(req.url, ".'"'.$url['directorurl2'].'",'.'"^'.$url['rewriteurl'].'")'.";\n"; - } - #check failover - if ($url['failover'] && $url['failover'] != $url['directorname']){ - $tabs=($url['grace']?"\n\t\t\t":""); - $urlfailover = "\t\t\tset req.backend = ".$url['failover'].";"; - $urlmappings .= "\t\tif (req.restarts == 0) {\n".$urlbackend.$tabs.$directo_grace_time.$tabs."}"; - $urlmappings .= "\n\t\telse\t{\n".$urlfailover.$tabs.$directo_grace_time.$tabs."}\n\t\t}\n"; - $isfirst = false; + $urlbackend = "\t\t\tset req.backend = ".$url['directorname'].";"; + // check rewrite options + if ($url['rewritehost']) + $urlmappings .= "\t\t\tset req.http.host = regsub(req.http.host, ".'"'.$url['directorurl'].'",'.'"'.$url['rewritehost'].'")'.";\n"; + if ($url['rewriteurl']) + $urlmappings .= "\t\t\tset req.url = regsub(req.url, ".'"'.$url['directorurl2'].'",'.'"^'.$url['rewriteurl'].'")'.";\n"; + // check failover + if ($url['failover'] && $url['failover'] != $url['directorname']) { + $tabs = ($url['grace'] ? "\n\t\t\t" : ""); + $urlfailover = "\t\t\tset req.backend = ".$url['failover'].";"; + $urlmappings .= "\t\tif (req.restarts == 0) {\n".$urlbackend.$tabs.$directo_grace_time.$tabs."}"; + $urlmappings .= "\n\t\telse\t{\n".$urlfailover.$tabs.$directo_grace_time.$tabs."}\n\t\t}\n"; + $isfirst = false; + } else { + $tabs = ($url['grace'] ? "\n\t\t" : ""); + $urlmappings .= $urlbackend.$tabs.$directo_grace_time."\n\t\t}\n"; + $isfirst = false; } - else{ - $tabs=($url['grace']?"\n\t\t":""); - $urlmappings .= $urlbackend.$tabs.$directo_grace_time."\n\t\t}\n"; - $isfirst = false; - } } } } } - if($config['installedpackages']['varnishbackends']['config']) + if ($config['installedpackages']['varnishbackends']['config']) { foreach($config['installedpackages']['varnishbackends']['config'] as $urlmapping) { - if($urlmapping['row']) + if (isset($urlmapping['row'])) { foreach($urlmapping['row'] as $url) { - $directo_grace_time=""; - if($url['grace']) - $directo_grace_time=($url['grace']=="0s"?"\n\t\t return(pass);":"\n\t\tset req.grace=".$url['grace'].";"); - $req=($url['maptype']?$url['maptype']:"http.host"); - $fieldtype=($url['fieldtype']?$url['fieldtype']:"=="); - if ($url['urlmapping'] != "" || $catch_all == 'unset'){ - if($url['urlmapping'] == ""){ + $directo_grace_time = ""; + if ($url['grace']) + $directo_grace_time = ($url['grace'] == "0s" ? "\n\t\t return(pass);" : "\n\t\tset req.grace={$url['grace']};"); + $req = ($url['maptype'] ? $url['maptype'] : "http.host"); + $fieldtype = ($url['fieldtype'] ? $url['fieldtype'] : "=="); + if ($url['urlmapping'] != "" || $catch_all == "unset") { + if ($url['urlmapping'] == "") { $catch_all = "set"; - $lasturlmappings = "\telse\t{\n\t\tset req.backend = ".$urlmapping['backendname']."BACKEND;\n\t\t}\n"; - } - else{ - if(!$isfirst) - $urlmappings .= "\telse "; + $lasturlmappings .= "set req.backend = {$urlmapping['backendname']}BACKEND;\n"; + } else { + if (!$isfirst) + $urlmappings .= "\telse "; $urlmappings .= <<<EOAU if (req.{$req} {$fieldtype} "{$url['urlmapping']}") { set req.backend = {$urlmapping['backendname']}BACKEND;{$directo_grace_time} } - + EOAU; - } - $backends_in_use[$urlmapping['backendname']].=($url['directorurl'] == ""?"catch_all ":"url_map "); $isfirst = false; - } + } + $backends_in_use[$urlmapping['backendname']] .= ($url['directorurl'] == "" ? "catch_all " : "url_map "); + } + } + } } + if ($urlmappings != "") + $lasturlmappings = "\telse {\n\t\t$lasturlmappings\t}\n"; + return $urlmappings.$lasturlmappings; } - - return $urlmappings.$lasturlmappings; } function create_varnish_rcd_file() { @@ -284,56 +279,53 @@ EOF; function get_backend_config_txt() { global $config, $g, $backends_in_use; - $backends=""; - if($config['installedpackages']['varnishbackends']['config'] != "") { + $backends = ""; + if ($config['installedpackages']['varnishbackends']['config'] != "") { foreach($config['installedpackages']['varnishbackends']['config'] as $backend) { - if($backend['connect_timeout']) + if ($backend['connect_timeout']) $connect_timeout = $backend['connect_timeout'] . "s"; else $connect_timeout = "25s"; - if($backend['port']) + if ($backend['port']) $connect_port = $backend['port']; else $connect_port = "80"; - if($backend['first_byte_timeout']) + if ($backend['first_byte_timeout']) $first_byte_timeout = $backend['first_byte_timeout'] . "s"; else $first_byte_timeout = "300s"; - if($backend['probe_url']) + if ($backend['probe_url']) if (preg_match("@^(http)://([a-zA-Z0-9.-]*)/(.*)$@",$backend['probe_url'],$matches)){ - $probe_url=".request =\n"; - $probe_url.="\t\t\t".'"GET /'.$matches[3].' HTTP/1.1"'."\n"; + $probe_url = ".request =\n"; + $probe_url .= "\t\t\t".'"GET /'.$matches[3].' HTTP/1.1"'."\n"; $probe_url.="\t\t\t".'"Accept: text/*"'."\n"; $probe_url.="\t\t\t".'"User-Agent: Varnish"'."\n"; - $probe_url.="\t\t\t".'"Host: '.$matches[2].'"'."\n"; - $probe_url.="\t\t\t".'"Connection: Close";'; - } - else{ - $probe_url = '.url = "'.$backend['probe_url'].'";'; - } - else - $probe_url ='.url = "/";'; - if($backend['probe_interval']) + $probe_url .= "\t\t\t".'"Host: '.$matches[2].'"'."\n"; + $probe_url .= "\t\t\t".'"Connection: Close";'; + } else + $probe_url = '.url = "'.$backend['probe_url'].'";'; + else + $probe_url = '.url = "/";'; + if ($backend['probe_interval']) $probe_interval = $backend['probe_interval'] . "s"; - else + else $probe_interval = "1s"; - if($backend['probe_timeout']) + if ($backend['probe_timeout']) $probe_timeout = $backend['probe_timeout'] . "s"; - else + else $probe_timeout = "1s"; - if($backend['probe_window']) + if ($backend['probe_window']) $probe_window = $backend['probe_window']; - else + else $probe_window = "5"; - if($backend['probe_threshold']) + if ($backend['probe_threshold']) $probe_threshold = $backend['probe_threshold']; - else + else $probe_threshold = "5"; - - if ($backend['probe_disable']) { + if ($backend['probe_disable']) $probe = ""; - } else { + else { $probe = <<<EOFPROBE .probe = { {$probe_url} @@ -345,10 +337,10 @@ function get_backend_config_txt() { EOFPROBE; } - if (isset($probe_threshold)){ - #last parameter set ,so write conf if backend is in use - if ($backends_in_use[$backend['backendname']] != ""){ - $backends .= <<<EOFA + if (isset($probe_threshold)) { + // last parameter set ,so write conf if backend is in use + if ($backends_in_use[$backend['backendname']] != "") { + $backends .= <<<EOFA backend {$backend['backendname']}BACKEND { # used in {$backends_in_use[$backend['backendname']]} @@ -361,10 +353,8 @@ backend {$backend['backendname']}BACKEND { EOFA; - } - else { - $backends .= "\n".'# backend '.$backend['backendname']." not in use.\n"; - } + } else + $backends .= "\n# backend {$backend['backendname']} not in use.\n"; } } } @@ -404,19 +394,19 @@ EOFA; function sync_package_varnish() { global $config, $g; - if(is_array($config['installedpackages']['varnishcustomvcl']['config'])) { + if (is_array($config['installedpackages']['varnishcustomvcl']['config'])) { foreach($config['installedpackages']['varnishcustomvcl']['config'] as $vcl) { - if($vcl['vcl_recv_early']) + if ($vcl['vcl_recv_early']) $vcl_recv_early = text_area_decode($vcl['vcl_recv_early']); - if($vcl['vcl_recv_late']) + if ($vcl['vcl_recv_late']) $vcl_recv_late = text_area_decode($vcl['vcl_recv_late']); - if($vcl['vcl_fetch_early']) + if ($vcl['vcl_fetch_early']) $vcl_fetch_early = text_area_decode($vcl['vcl_fetch_early']); - if($vcl['vcl_fetch_late']) + if ($vcl['vcl_fetch_late']) $vcl_fetch_late = text_area_decode($vcl['vcl_fetch_late']); - if($vcl['vcl_pipe_early']) + if ($vcl['vcl_pipe_early']) $vcl_pipe_early = text_area_decode($vcl['vcl_pipe_early']); - if($vcl['vcl_pipe_late']) + if ($vcl['vcl_pipe_late']) $vcl_pipe_late = text_area_decode($vcl['vcl_pipe_late']); } } @@ -425,120 +415,109 @@ function sync_package_varnish() { #$plataform=posix_uname(); if (is_array($config['installedpackages']['varnishsettings']['config'])) foreach($config['installedpackages']['varnishsettings']['config'] as $vcl) { - if($vcl['streaming']){ + if ($vcl['streaming']) $vcl_fetch_stream="set beresp.do_stream = true;\n"; - } - if($vcl['fixgzip']){ + if ($vcl['fixgzip']) { $vcl_recv_set_basic.="\t#Fix gzip compression\n"; $vcl_recv_set_basic.="\t".'if (req.http.Accept-Encoding) {'."\n"; $vcl_recv_set_basic.="\t".'if (req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|gz|tgz|bz2|tbz|mp3|ogg)$") {'."\n\t\tunset req.http.Accept-Encoding;\n\t\t}\n"; $vcl_recv_set_basic.="\t".'else if (req.http.Accept-Encoding ~ "gzip") {'."\n\t\tset req.http.Accept-Encoding = ".'"gzip"'.";\n\t\t}\n"; $vcl_recv_set_basic.="\t".'else if (req.http.Accept-Encoding ~ "deflate") {'."\n\t\tset req.http.Accept-Encoding = ".'"deflate"'.";\n\t\t}\n"; $vcl_recv_set_basic.="\telse\t{\n\t\tunset req.http.Accept-Encoding;\n\t\t}\n\t}\n"; + } + $vcl_recv_set_basic.="\t#set client balance identity\n"; + switch ($vcl['clientbalance']){ + case 'url': + $vcl_recv_set_basic.="\t".'set client.identity = req.url;'."\n\n"; + break; + case 'ip': + $vcl_recv_set_basic.="\t".'set client.identity = client.ip;'."\n\n"; + break; + case 'agent': + $vcl_recv_set_basic.="\t".'set client.identity = req.http.user-agent;'."\n\n"; + break; } - #if($vcl['clientbalance'] && $plataform['machine'] == 'amd64'){ - $vcl_recv_set_basic.="\t#set client balance identity\n"; - switch ($vcl['clientbalance']){ - case 'url': - $vcl_recv_set_basic.="\t".'set client.identity = req.url;'."\n\n"; - break; - case 'ip': - $vcl_recv_set_basic.="\t".'set client.identity = client.ip;'."\n\n"; - break; - case 'agent': - $vcl_recv_set_basic.="\t".'set client.identity = req.http.user-agent;'."\n\n"; - break; - } - #} - if($vcl['grace'] ){ + if ($vcl['grace']) $vcl_grace_time="set beresp.grace = ".$vcl['grace'].";\n\t\t"; - } - if($vcl['saint'] ){ + if ($vcl['saint']) $vcl_saint_mode="set beresp.saintmode = ".$vcl['saint'].";\n\t\t"; - } - if($vcl['xforward']){ + if ($vcl['xforward']) { $vcl_recv_set_basic.="\t#set X-forward\n"; - switch ($vcl['xforward']){ + switch ($vcl['xforward']) { case 'set': - $vcl_recv_set_basic.="\t".'set req.http.X-Forwarded-For = client.ip;'."\n\n"; + $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-For = client.ip;\n\n"; break; case 'append': - $vcl_recv_set_basic.="\t".'set req.http.X-Forwarded-For = req.http.X-Forwarded-For "," client.ip;'."\n\n"; + $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-For = req.http.X-Forwarded-For + \",\" + client.ip;\n\n"; break; case 'create': - $vcl_recv_set_basic.="\t".'set req.http.X-Forwarded-Varnish = client.ip;'."\n\n"; + $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-Varnish = client.ip;\n\n"; break; case 'unset': - $vcl_recv_set_basic.="\t".'unset req.http.X-Forwarded-For;'."\n\n"; + $vcl_recv_set_basic .= "\tunset req.http.X-Forwarded-For;\n\n"; break; - } - } - if($vcl['postcache']){ - $vcl_recv_action_basic.="\t#Disable post cache\n"; - $vcl_recv_action_basic.="\t".'if (req.request == "POST") {'."\n\t\treturn(pass);\n\t\t}\n"; } - - $vcl_fetch_session ="#Disable cache when backend is starting a session\n"; - $vcl_fetch_session.="\t".'if (beresp.http.Set-Cookie && beresp.http.Set-Cookie ~ "(PHPSESSID|phpsessid)") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; - $vcl_fetch_session.="\t".'if (beresp.http.Set-Cookie && beresp.http.Set-Cookie ~ "(JSESSION|jsession)") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; + } + if ($vcl['postcache']) { + $vcl_recv_action_basic .= "\t#Disable post cache\n"; + $vcl_recv_action_basic .= "\t".'if (req.request == "POST") {'."\n\t\treturn(pass);\n\t\t}\n"; + } + + $vcl_fetch_session = "#Disable cache when backend is starting a session\n"; + $vcl_fetch_session .= "\t".'if (beresp.http.Set-Cookie && beresp.http.Set-Cookie ~ "(PHPSESSID|phpsessid)") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; + $vcl_fetch_session .= "\t".'if (beresp.http.Set-Cookie && beresp.http.Set-Cookie ~ "(JSESSION|jsession)") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; - if($vcl['sessioncache']== "never"){ - $vcl_recv_session ="\t#Disable session cache\n"; - $vcl_recv_session.="\t".'if (req.http.Cookie && req.http.Cookie ~ "(PHPSESSID|phpsessid)") {'."\n\t\treturn(pass);\n\t\t}\n"; - $vcl_recv_session.="\t".'if (req.http.Cookie && req.http.Cookie ~ "(JSESSION|jsession)") {'."\n\t\treturn(pass);\n\t\t}\n"; - $vcl_recv_session.="\t".'if (req.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache") {'."\n\t\treturn(pass);\n\t\t}\n"; - $vcl_fetch_session.="\t".'if (beresp.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; - $vcl_recv_static_prefix=($vcl['staticache']=="no"?"":"\n\t\tunset req.http.cookie;"); - } - else - { + if ($vcl['sessioncache'] == "never") { + $vcl_recv_session = "\t#Disable session cache\n"; + $vcl_recv_session .= "\t".'if (req.http.Cookie && req.http.Cookie ~ "(PHPSESSID|phpsessid)") {'."\n\t\treturn(pass);\n\t\t}\n"; + $vcl_recv_session .= "\t".'if (req.http.Cookie && req.http.Cookie ~ "(JSESSION|jsession)") {'."\n\t\treturn(pass);\n\t\t}\n"; + $vcl_recv_session .= "\t".'if (req.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache") {'."\n\t\treturn(pass);\n\t\t}\n"; + $vcl_fetch_session .= "\t".'if (beresp.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; + $vcl_recv_static_prefix = ($vcl['staticache'] == "no" ? "" : "\n\t\tunset req.http.cookie;"); + } else { $vcl_hash = "#Enable Per user session cache.\n"; - $vcl_hash.= "sub vcl_hash {\n\thash_data(req.http.cookie);\n}\n"; - } - #set static content var - $vcl_recv_static_sufix=($vcl['staticache']=='no'?"pass":"lookup"); - $vcl_recv_static ="\t#Enable static cache\n"; - $vcl_recv_static.="\t".'if (req.request=="GET" && req.url ~ "\.(css|js|txt|zip|pdf|rtf|flv|swf|html|htm)$") {'.$vcl_recv_static_prefix."\n\t\treturn($vcl_recv_static_sufix);\n\t\t}\n"; - $vcl_recv_static.="\t".'if (req.request=="GET" && req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|mp3|ogg)$") {'.$vcl_recv_static_prefix."\n\t\treturn($vcl_recv_static_sufix);\n\t\t}\n"; - $vcl_fetch_static ="#Enable static cache\n"; - $vcl_fetch_static.='if (req.url ~ "\.(css|js|txt|zip|pdf|rtf|flv|swf|html|htm)$") {'."\n\tunset beresp.http.set-cookie;\n\t}\n"; - $vcl_fetch_static.='if (req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|mp3|ogg)$") {'."\n\tunset beresp.http.set-cookie;\n\t}\n"; + $vcl_hash .= "sub vcl_hash {\n\thash_data(req.http.cookie);\n}\n"; + } + // set static content var + $vcl_recv_static_sufix = ($vcl['staticache'] == 'no' ? "pass" : "lookup"); + $vcl_recv_static = "\t#Enable static cache\n"; + $vcl_recv_static .= "\t".'if (req.request=="GET" && req.url ~ "\.(css|js|txt|zip|pdf|rtf|flv|swf|html|htm)$") {'.$vcl_recv_static_prefix."\n\t\treturn($vcl_recv_static_sufix);\n\t\t}\n"; + $vcl_recv_static .= "\t".'if (req.request=="GET" && req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|mp3|ogg)$") {'.$vcl_recv_static_prefix."\n\t\treturn($vcl_recv_static_sufix);\n\t\t}\n"; + $vcl_fetch_static = "#Enable static cache\n"; + $vcl_fetch_static .= 'if (req.url ~ "\.(css|js|txt|zip|pdf|rtf|flv|swf|html|htm)$") {'."\n\tunset beresp.http.set-cookie;\n\t}\n"; + $vcl_fetch_static .= 'if (req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|mp3|ogg)$") {'."\n\tunset beresp.http.set-cookie;\n\t}\n"; - switch ($vcl['staticache']){ + switch ($vcl['staticache']) { case "all": - # cache all static content, unseting cookie when present - $vcl_recv_action_basic.=($vcl['sessioncache']=="never"?$vcl_recv_static.$vcl_recv_session:$vcl_recv_static); - $vcl_fetch_action=($vcl['sessioncache']=="never"?$vcl_fetch_static.$vcl_fetch_session:$vcl_fetch_static); + // cache all static content, unseting cookie when present + $vcl_recv_action_basic .= ($vcl['sessioncache'] == "never" ? $vcl_recv_static.$vcl_recv_session : $vcl_recv_static); + $vcl_fetch_action = ($vcl['sessioncache'] == "never" ? $vcl_fetch_static.$vcl_fetch_session : $vcl_fetch_static); break; case "yes": - # cache only object without cookie set - $vcl_recv_action_basic.=($vcl['sessioncache']=="never"?$vcl_recv_session.$vcl_recv_static:$vcl_recv_static); - $vcl_fetch_action=$vcl_fetch_session; + // cache only object without cookie set + $vcl_recv_action_basic .= ($vcl['sessioncache'] == "never" ? $vcl_recv_session.$vcl_recv_static : $vcl_recv_static); + $vcl_fetch_action = $vcl_fetch_session; break; default: - # no static cache at all - $vcl_recv_action_basic.=$vcl_recv_static.$vcl_recv_session; - $vcl_fetch_action=$vcl_fetch_session; + // no static cache at all + $vcl_recv_action_basic .= $vcl_recv_static.$vcl_recv_session; + $vcl_fetch_action = $vcl_fetch_session; } - if($vcl['rfc2616']){ - $vcl_recv_action_basic.="\t#Be rfc2616 compliant\n"; - $vcl_recv_action_basic.="\t".'if (req.request ~ "^(GET|HEAD|PUT|POST|TRACE|OPTIONS|DELETE)$") {'."\n\t\treturn(lookup);\n\t\t}\n\telse\t{\n\t\treturn(pipe);\n\t\t}\n"; - #$vcl_recv_action_basic.="\t".'if (req.request != "GET" && req.request != "HEAD" && req.request != "PUT" && reqa.request != "POST" &&'."\n"; - #$vcl_recv_action_basic.="\t".' req.request != "TRACE" && req.request != "OPTIONS" && req.request != "DELETE") {return(pipe);}'."\n\n"; - } - else { - $vcl_recv_action_basic.="\t".'if (req.request != "GET" && req.request != "HEAD") {return(pipe);}'."\n"; - } - if($vcl['restarts']){ - $vcl_restarts=$vcl['restarts']; - } - if($vcl['htmlerror']){ - $errorvcl=text_area_decode($vcl['htmlerror']); - } + if ($vcl['rfc2616']) { + $vcl_recv_action_basic .= "\t#Be rfc2616 compliant\n"; + $vcl_recv_action_basic .= "\t".'if (req.request ~ "^(GET|HEAD|PUT|POST|TRACE|OPTIONS|DELETE)$") {'."\n\t\treturn(lookup);\n\t\t}\n\telse\t{\n\t\treturn(pipe);\n\t\t}\n"; + //$vcl_recv_action_basic.="\t".'if (req.request != "GET" && req.request != "HEAD" && req.request != "PUT" && reqa.request != "POST" &&'."\n"; + //$vcl_recv_action_basic.="\t".' req.request != "TRACE" && req.request != "OPTIONS" && req.request != "DELETE") {return(pipe);}'."\n\n"; + } else + $vcl_recv_action_basic .= "\tif (req.request != \"GET\" && req.request != \"HEAD\") {return(pipe);}\n"; + if ($vcl['restarts']) + $vcl_restarts = $vcl['restarts']; + if ($vcl['htmlerror']) + $errorvcl = text_area_decode($vcl['htmlerror']); } - if(!$errorvcl) + if (!$errorvcl) $errorvcl = <<<EOF <html> <head> @@ -557,7 +536,7 @@ EOF; /* Grab configuration txt blocks */ /* Please keep this sequence to determine witch backends are in use */ -$backends_in_use=array(); +$backends_in_use = array(); $lb_config= get_lb_directors_config_txt(); $urlmappings = varnish_get_url_mappings_txt(); $backends = get_backend_config_txt() . $lb_config ; diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml index b415bd12..a6ea7f88 100644 --- a/config/widget-snort/widget-snort.xml +++ b/config/widget-snort/widget-snort.xml @@ -49,12 +49,6 @@ <version>0.3.4</version> <title>Widget - Snort</title> <include_file>/usr/local/www/widgets/include/widget-snort.inc</include_file> - <menu> - </menu> - <service> - </service> - <tabs> - </tabs> <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> <chmod>0644</chmod> @@ -70,14 +64,6 @@ <chmod>0644</chmod> <item>http://www.pfsense.com/packages/config/widget-snort/widget-snort.inc</item> </additional_files_needed> - <fields> - </fields> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - </custom_php_resync_config_command> - <custom_php_install_command> - </custom_php_install_command> <custom_php_deinstall_command> widget_snort_uninstall(); </custom_php_deinstall_command> diff --git a/config/zabbix-agent/zabbix-agent.xml b/config/zabbix-agent/zabbix-agent.xml index 5a862496..885a54e3 100644 --- a/config/zabbix-agent/zabbix-agent.xml +++ b/config/zabbix-agent/zabbix-agent.xml @@ -17,7 +17,7 @@ <name>zabbix_agentd</name> <rcfile>zabbix_agentd.sh</rcfile> <executable>zabbix_agentd</executable> - <description>Zabbix Agent runs on a host being monitored. The agent provides host's performance and availability information for Zabbix Server.</description> + <description>Zabbix Agent host monitor daemon</description> </service> <tabs> <tab> @@ -111,7 +111,7 @@ <rows>5</rows> <cols>50</cols> <required>false</required> - <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l</description> + <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l <br><a href="https://www.zabbix.com/documentation/1.8/manual/tutorials/extending_agent" target="_new">See zabbix documentation for more information<a></description> </field> </fields> <custom_php_install_command> @@ -260,4 +260,4 @@ exec("/bin/rm -r /var/run/zabbix/"); ]]> </custom_php_deinstall_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/zabbix-proxy/zabbix-proxy.xml b/config/zabbix-proxy/zabbix-proxy.xml index ff4011b0..19930b49 100644 --- a/config/zabbix-proxy/zabbix-proxy.xml +++ b/config/zabbix-proxy/zabbix-proxy.xml @@ -17,6 +17,7 @@ <name>zabbix-proxy</name> <rcfile>zabbix-proxy.sh</rcfile> <executable>zabbix_proxy</executable> + <description>Zabbix proxy collection daemon</description> </service> <tabs> <tab> diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml index 41ba26fb..55273a81 100644 --- a/config/zabbix2/zabbix2-agent.xml +++ b/config/zabbix2/zabbix2-agent.xml @@ -61,7 +61,7 @@ <name>zabbix_agentd</name> <rcfile>zabbix2_agentd.sh</rcfile> <executable>zabbix_agentd</executable> - <description>Zabbix Agent runs on a host being monitored. The agent provides host's performance and availability information for Zabbix Server.</description> + <description>Zabbix Agent host monitor daemon</description> </service> <tabs> <tab> diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml index 4441df99..fcabedd9 100644 --- a/config/zabbix2/zabbix2-proxy.xml +++ b/config/zabbix2/zabbix2-proxy.xml @@ -61,7 +61,7 @@ <name>zabbix-proxy</name> <rcfile>zabbix2_proxy.sh</rcfile> <executable>zabbix_proxy</executable> - <description>Zabbix proxy is a process which collects performance and availability data from one or more monitored devices and sends the information to a Zabbix server</description> + <description>Zabbix proxy collection daemon</description> </service> <tabs> <tab> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 74d915cd..7d00a1cd 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -34,7 +34,7 @@ <descr><![CDATA[Asterisk is an open source framework for building communications applications.<br />Asterisk turns an ordinary computer into a communications server.]]></descr> <website>http://www.asterisk.org/</website> <category>Services</category> - <version>1.8.8.1 pkg v 0.1</version> + <version>1.8.x pkg v 0.2</version> <status>Beta</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/asterisk/asterisk.xml</config_file> @@ -137,7 +137,7 @@ Supports acl's for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.4.24 pkg v 1.2</version> + <version>1.4.24 pkg v 1.2.4</version> <status>Release</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/haproxy/haproxy.xml</config_file> @@ -648,7 +648,7 @@ <build_pbi> <port>net/openbgpd</port> </build_pbi> - <version>0.6</version> + <version>0.9</version> <status>STABLE</status> <pkginfolink>http://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> <required_version>1.3</required_version> @@ -715,12 +715,12 @@ <depends_on_package>sarg-2.3.6.tbz</depends_on_package> <depends_on_package>gd-2.0.35_8,1.tbz</depends_on_package> <depends_on_package_pbi>sarg-2.3.6-i386.pbi</depends_on_package_pbi> - <version>2.3.6 pkg v.0.6.1</version> + <version>2.3.6 pkg v.0.6.3</version> <status>Release</status> <required_version>2.0</required_version> <configurationfile>sarg.xml</configurationfile> <build_port_path>/usr/ports/www/sarg</build_port_path> - <build_options>sarg_UNSET=GD PHP</build_options> + <build_options>sarg_UNSET=PHP</build_options> <after_install_info>Please visit sarg settings on Status Menu to configure sarg.</after_install_info> </package> <package> @@ -1116,7 +1116,7 @@ <website>http://bandwidthd.sourceforge.net/</website> <descr>BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.</descr> <category>System</category> - <version>2.0.1_5</version> + <version>2.0.1_5 pkg v.0.2</version> <status>BETA</status> <required_version>1.2.1</required_version> <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> @@ -1262,7 +1262,7 @@ <pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.3.5 pkg 2.1.2</version> + <version>3.3.8 pkg 2.1.2</version> <status>beta</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1282,7 +1282,7 @@ <build_options>c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> <config_file>http://www.pfsense.org/packages/config/squid3/33/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> - <depends_on_package_pbi>squid-3.3.5-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>squid-3.3.8-i386.pbi</depends_on_package_pbi> </package> <package> <name>LCDproc</name> @@ -1307,13 +1307,13 @@ <descr>LCD display driver - Development version</descr> <website>http://www.lcdproc.org/</website> <category>Utility</category> - <version>lcdproc-0.5.5 pkg v. 0.9.4</version> + <version>lcdproc-0.5.6 pkg v. 0.9.7</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>michele@nt2.it</maintainer> <pkginfolink>http://forum.pfsense.org/index.php/topic,44034.0.html</pkginfolink> <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package>lcdproc-0.5.5.tbz</depends_on_package> + <depends_on_package>lcdproc-0.5.6.tbz</depends_on_package> <depends_on_package_pbi>lcdproc-0.5.6-i386.pbi</depends_on_package_pbi> <config_file>http://www.pfsense.org/packages/config/lcdproc-dev/lcdproc.xml</config_file> <configurationfile>lcdproc.xml</configurationfile> @@ -1366,6 +1366,25 @@ <configurationfile>squidguard.xml</configurationfile> </package> <package> + <name>squidGuard-devel</name> + <descr>High perfomance web proxy URL filter. Requires proxy Squid 2.x package.</descr> + <website>http://www.squidGuard.org/</website> + <maintainer>gugabsd@mundounix.com.br</maintainer> + <category>Network Management</category> + <version>1.5_1 beta</version> + <status>Beta</status> + <required_version>2.1</required_version> + <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>squidguard-devel-1.5_1-i386.pbi</depends_on_package_pbi> + <build_pbi> + <ports_before>databases/db46</ports_before> + <port>www/squidguard-devel</port> + </build_pbi> + <build_options>squidGuard-devel_UNSET=SQUID32 SQUID33;squidGuard-devel_SET=LDAP STRIPNT SQUID27;squid_UNSET=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> + <config_file>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard.xml</config_file> + <configurationfile>squidguard.xml</configurationfile> + </package> + <package> <name>squidGuard-squid3</name> <descr>High perfomance web proxy URL filter. Requires proxy Squid 3.x package.</descr> <website>http://www.squidGuard.org/</website> @@ -1435,7 +1454,7 @@ <depends_on_package_pbi>zip-3.0-i386.pbi p7zip-9.20.1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.0.7</version> + <version>1.0.11</version> <status>RELEASE</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> @@ -1490,7 +1509,7 @@ <name>blinkled</name> <descr>Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.3</version> + <version>0.4</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> @@ -1648,7 +1667,7 @@ </build_pbi> <build_options>nrpe2_SET=SSL;nrpe2_UNSET=ARGS</build_options> <config_file>http://www.pfsense.com/packages/config/nrpe2/nrpe2.xml</config_file> - <version>2.12_3 v2.1</version> + <version>2.12_3 v2.2</version> <status>Beta</status> <required_version>1.2</required_version> <maintainer>erik@erikkristensen.com</maintainer> @@ -1745,7 +1764,7 @@ <name>System Patches</name> <descr>A package to apply and maintain custom system patches.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>0.9</version> + <version>1.0</version> <category>System</category> <status>RELEASE</status> <config_file>http://www.pfsense.com/packages/config/systempatches/systempatches.xml</config_file> @@ -1936,7 +1955,7 @@ <pkginfolink>http://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> - <version>0.1</version> + <version>0.2</version> <status>Beta</status> <required_version>2.0.2</required_version> <config_file>http://www.pfsense.com/packages/config/sudo/sudo.xml</config_file> @@ -1946,9 +1965,21 @@ <port>security/sudo</port> </build_pbi> <build_port_path>/usr/ports/security/sudo</build_port_path> - <depends_on_package_base_url>http://files.pfsense.org/packages/i386/8/All/</depends_on_package_base_url> + <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>sudo-1.8.6.p8.tbz</depends_on_package> <depends_on_package_pbi>sudo-1.8.6p8-i386.pbi</depends_on_package_pbi> </package> + <package> + <name>Service Watchdog</name> + <descr>Monitors for stopped services and restarts them.</descr> + <maintainer>jimp@pfsense.org</maintainer> + <version>1.4</version> + <category>Services</category> + <status>BETA</status> + <config_file>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog.xml</config_file> + <pkginfolink></pkginfolink> + <required_version>2.1</required_version> + <configurationfile>servicewatchdog.xml</configurationfile> + </package> </packages> </pfsensepkgs> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 72566fc1..e91e22e0 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -34,7 +34,7 @@ <descr><![CDATA[Asterisk is an open source framework for building communications applications.<br />Asterisk turns an ordinary computer into a communications server.]]></descr> <website>http://www.asterisk.org/</website> <category>Services</category> - <version>1.8.8.1 pkg v 0.1</version> + <version>1.8.x pkg v0.2</version> <status>Beta</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/asterisk/asterisk.xml</config_file> @@ -124,7 +124,7 @@ Supports acl's for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.4.24 pkg v 1.2</version> + <version>1.4.24 pkg v 1.2.4</version> <status>Release</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/haproxy/haproxy.xml</config_file> @@ -635,7 +635,7 @@ <build_pbi> <port>net/openbgpd</port> </build_pbi> - <version>0.6</version> + <version>0.9</version> <status>STABLE</status> <pkginfolink>http://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> <required_version>1.3</required_version> @@ -702,12 +702,12 @@ <depends_on_package>sarg-2.3.6.tbz</depends_on_package> <depends_on_package>gd-2.0.35_8,1.tbz</depends_on_package> <depends_on_package_pbi>sarg-2.3.6-amd64.pbi</depends_on_package_pbi> - <version>2.3.6 pkg v.0.6.1</version> + <version>2.3.6 pkg v.0.6.3</version> <status>Release</status> <required_version>2.0</required_version> <configurationfile>sarg.xml</configurationfile> <build_port_path>/usr/ports/www/sarg</build_port_path> - <build_options>sarg_UNSET=GD PHP</build_options> + <build_options>sarg_UNSET=PHP</build_options> <after_install_info>Please visit sarg settings on Status Menu to configure sarg.</after_install_info> </package> <package> @@ -1103,7 +1103,7 @@ <website>http://bandwidthd.sourceforge.net/</website> <descr>BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.</descr> <category>System</category> - <version>2.0.1_5</version> + <version>2.0.1_5 pkg v.0.2</version> <status>BETA</status> <required_version>1.2.1</required_version> <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> @@ -1249,7 +1249,7 @@ <pkginfolink>http://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.3.5 pkg 2.1.2</version> + <version>3.3.8 pkg 2.1.2</version> <status>beta</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1269,7 +1269,7 @@ <build_options>c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI ECAP SNMP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> <config_file>http://www.pfsense.org/packages/config/squid3/33/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> - <depends_on_package_pbi>squid-3.3.5-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>squid-3.3.8-amd64.pbi</depends_on_package_pbi> </package> <package> <name>LCDproc</name> @@ -1294,13 +1294,13 @@ <descr>LCD display driver - Development version</descr> <website>http://www.lcdproc.org/</website> <category>Utility</category> - <version>lcdproc-0.5.5 pkg v. 0.9.4</version> + <version>lcdproc-0.5.6 pkg v. 0.9.7</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>michele@nt2.it</maintainer> <pkginfolink>http://forum.pfsense.org/index.php/topic,44034.0.html</pkginfolink> <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package>lcdproc-0.5.5.tbz</depends_on_package> + <depends_on_package>lcdproc-0.5.6.tbz</depends_on_package> <depends_on_package_pbi>lcdproc-0.5.6-amd64.pbi</depends_on_package_pbi> <config_file>http://www.pfsense.org/packages/config/lcdproc-dev/lcdproc.xml</config_file> <configurationfile>lcdproc.xml</configurationfile> @@ -1353,6 +1353,25 @@ <configurationfile>squidguard.xml</configurationfile> </package> <package> + <name>squidGuard-devel</name> + <descr>High perfomance web proxy URL filter. Requires proxy Squid 2.x package.</descr> + <website>http://www.squidGuard.org/</website> + <maintainer>gugabsd@mundounix.com.br</maintainer> + <category>Network Management</category> + <version>1.5_1 beta</version> + <status>Beta</status> + <required_version>2.1</required_version> + <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>squidguard-devel-1.5_1-amd64.pbi</depends_on_package_pbi> + <build_pbi> + <ports_before>databases/db46</ports_before> + <port>www/squidguard-devel</port> + </build_pbi> + <build_options>squidGuard-devel_UNSET=SQUID32 SQUID33;squidGuard-devel_SET=LDAP STRIPNT SQUID27;squid_UNSET=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options> + <config_file>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard.xml</config_file> + <configurationfile>squidguard.xml</configurationfile> + </package> + <package> <name>squidGuard-squid3</name> <descr>High perfomance web proxy URL filter. Requires proxy Squid 3.x package.</descr> <website>http://www.squidGuard.org/</website> @@ -1422,7 +1441,7 @@ <depends_on_package_pbi>p7zip-9.20.1-amd64.pbi zip-3.0-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.0.7</version> + <version>1.0.11</version> <status>RELEASE</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> @@ -1477,7 +1496,7 @@ <name>blinkled</name> <descr>Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.3</version> + <version>0.4</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> @@ -1635,7 +1654,7 @@ </build_pbi> <build_options>nrpe2_SET=SSL;nrpe2_UNSET=ARGS</build_options> <config_file>http://www.pfsense.com/packages/config/nrpe2/nrpe2.xml</config_file> - <version>2.12_3 v2.1</version> + <version>2.12_3 v2.2</version> <status>Beta</status> <required_version>1.2</required_version> <maintainer>erik@erikkristensen.com</maintainer> @@ -1732,7 +1751,7 @@ <name>System Patches</name> <descr>A package to apply and maintain custom system patches.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>0.9</version> + <version>1.0</version> <category>System</category> <status>RELEASE</status> <config_file>http://www.pfsense.com/packages/config/systempatches/systempatches.xml</config_file> @@ -1923,7 +1942,7 @@ <pkginfolink>http://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> - <version>0.1</version> + <version>0.2</version> <status>Beta</status> <required_version>2.0.2</required_version> <config_file>http://www.pfsense.com/packages/config/sudo/sudo.xml</config_file> @@ -1937,5 +1956,17 @@ <depends_on_package>sudo-1.8.6.p8.tbz</depends_on_package> <depends_on_package_pbi>sudo-1.8.6p8-amd64.pbi</depends_on_package_pbi> </package> + <package> + <name>Service Watchdog</name> + <descr>Monitors for stopped services and restarts them.</descr> + <maintainer>jimp@pfsense.org</maintainer> + <version>1.4</version> + <category>Services</category> + <status>BETA</status> + <config_file>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog.xml</config_file> + <pkginfolink></pkginfolink> + <required_version>2.1</required_version> + <configurationfile>servicewatchdog.xml</configurationfile> + </package> </packages> </pfsensepkgs> |