diff options
Diffstat (limited to 'config/dansguardian/dansguardian.inc')
-rwxr-xr-x | config/dansguardian/dansguardian.inc | 156 |
1 files changed, 99 insertions, 57 deletions
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index 8177fe3f..b1c79a97 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -101,8 +101,13 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) { $boot_process="on"; } - if (is_process_running('dansguardian') && isset($boot_process) && $via_rpc==false) + if (is_process_running('dansguardian') && isset($boot_process) && $via_rpc==false){ + log_error("[Dansguardian] - Detected boot process pr:".is_process_running('dansguardian')." bp:".isset($boot_process)." rpc:".$via_rpc); return; + } + else{ + log_error("[Dansguardian] - Save settings package call pr:".is_process_running('dansguardian')." bp:".isset($boot_process)." rpc:".$via_rpc); + } #assign xml arrays if (!is_array($config['installedpackages']['dansguardian'])) @@ -921,7 +926,8 @@ EOF; #check blacklist download files if ($install_process == true){ require_once("/usr/local/www/dansguardian.php"); - fetch_blacklist(false); + fetch_blacklist(false,true); + update_output_window("Blacklist check done, continuing package config sync."); } else{ if ($dansguardian_blacklist['cron']=="force_download"){ @@ -956,7 +962,6 @@ EOF; $daemongroup = 'nobody'; } $filtergroups=($count > 1?($count -1):1); - $filterip=""; $filterports=""; foreach (explode(",", $dansguardian['interface']) as $i => $iface) { @@ -1084,7 +1089,6 @@ EOF; conf_mount_rw(); write_config(); - #update cron if ($cron_found > 0){ $config['cron']=$new_cron; @@ -1108,19 +1112,15 @@ EOF; #check virus_scanner options $libexec_dir= DANSGUARDIAN_DIR."/libexec/dansguardian/"; - if (preg_match("/clamd/",$dansguardian_config['content_scanners'])){ + if ($install_process==true) + update_output_window("Skipping clamav check during package install."); + if (preg_match("/clamd/",$dansguardian_config['content_scanners']) && $install_process==false){ if (!(file_exists('/var/db/clamav/main.cvd')||file_exists('/var/db/clamav/main.cld'))){ file_notice("Dansguardian - No antivirus database found for clamav, running freshclam in background.",""); log_error('No antivirus database found for clamav, running freshclam in background. Content-scanner may not work until freshclam finishes.'); mwexec_bg(DANSGUARDIAN_DIR.'/bin/freshclam && /usr/local/etc/rc.d/clamav-clamd'); } - - $match=array(); - $match[0]='/NO/'; - $replace=array(); - $replace[0]='YES'; - #clamdscan.conf dansguardian file $cconf=DANSGUARDIAN_DIR . "/etc/dansguardian/contentscanners/clamdscan.conf"; $cconf_file=file_get_contents($cconf); @@ -1128,7 +1128,6 @@ EOF; $cconf_file=preg_replace('/#clamdudsfile/','clamdudsfile',$cconf_file); file_put_contents($cconf, $cconf_file, LOCK_EX); } - #clamd conf file $cconf=DANSGUARDIAN_DIR."/etc/clamd.conf"; $cconf_file=file_get_contents($cconf); @@ -1136,6 +1135,11 @@ EOF; #clamd script file $script='/usr/local/etc/rc.d/clamav-clamd'; $script_file=file($script); + $new_clamav_startup=""; + $cpreg_m[0]="@NO@"; + $cpreg_m[1]="@/usr/local@"; + $cpreg_r[0]="YES"; + $cpreg_r[1]=DANSGUARDIAN_DIR; foreach ($script_file as $script_line){ if(preg_match("/command=/",$script_line)){ $new_clamav_startup.= 'if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi'."\n"; @@ -1147,12 +1151,12 @@ EOF; $new_clamav_startup.=$script_line; } elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) { - $new_clamav_startup.=preg_replace("/NO/","YES",$script_line); - $new_clamav_startup.=preg_replace("@/usr/local@",DANSGUARDIAN_DIR,$script_line); + $new_clamav_startup.=preg_replace($cpreg_m,$cpreg_r,$script_line); } } file_put_contents($script, $new_clamav_startup, LOCK_EX); chmod ($script,0755); + if (file_exists('/var/run/dansguardian.pid') && is_process_running('clamd')){ log_error('Stopping clamav-clamd'); mwexec("$script stop"); @@ -1164,8 +1168,7 @@ EOF; mwexec_bg("$script start"); } } - } - + } #check certificate hashed $script='/usr/local/etc/rc.d/dansguardian.sh'; @@ -1200,23 +1203,58 @@ EOF; #mount read only conf_mount_ro(); + #avoid sync during boot process if (!isset($boot_process)){ - $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges']; - if(!$synconchanges && !$syncondbchanges) - return; - log_error("[dansguardian] dansguardian_xmlrpc_sync.php is starting."); - foreach ($config['installedpackages']['dansguardiansync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ + /* Uses XMLRPC to synchronize the changes to a remote node */ + if (is_array($config['installedpackages']['dansguardiansync']['config'])){ + $dans_sync=$config['installedpackages']['dansguardiansync']['config'][0]; + $synconchanges = $dans_sync['synconchanges']; + $synctimeout = $dans_sync['synctimeout']; + switch ($synconchanges){ + case "manual": + if (is_array($dans_sync[row])){ + $rs=$dans_sync[row]; + } + else{ + log_error("[Dansguardian] xmlrpc sync is enabled but there is no hosts to push on dansguardian config."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ + $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['ipaddress']=$system_carp['synchronizetoip']; + $rs[0]['username']=$system_carp['username']; + $rs[0]['password']=$system_carp['password']; + if (! is_ipaddr($system_carp['synchronizetoip'])){ + log_error("[Dansguardian] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); + return; + } + } + else{ + log_error("[Dansguardian] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); + return; + } + break; + default: + return; + break; + } + if (is_array($rs)){ + log_error("[Dansguardian] xmlrpc sync is starting."); + foreach($rs as $sh){ $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - $sync_type = $sh['sync_type']; + $password = $sh['password']; + $username = ($sh['username']?$sh['username']:"admin"); if($password && $sync_to_ip) - dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type); + dansguardian_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$synctimeout); } + log_error("[Dansguardian] xmlrpc sync is ending."); } - log_error("[dansguardian] dansguardian_xmlrpc_sync.php is ending."); - } + } + } + } function dansguardian_validate_input($post, &$input_errors) { @@ -1260,15 +1298,21 @@ function dansguardian_php_deinstall_command() { } } -function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { +function dansguardian_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$synctimeout) { global $config, $g; + if(!$username) + return; + if(!$password) return; if(!$sync_to_ip) return; + if(!$synctimeout) + $synctimeout=30; + $xmlrpc_sync_neighbor = $sync_to_ip; if($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; @@ -1286,28 +1330,26 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { /* xml will hold the sections to sync */ $xml = array(); - $sync_xml=$config['installedpackages']['dansguardiansync']['config'][0]['synconchanges']; - if ($sync_xml){ - log_error("Include dansguardian config"); - $xml['dansguardian'] = $config['installedpackages']['dansguardian']; - $xml['dansguardianantivirusacl'] = $config['installedpackages']['dansguardianantivirusacl']; - $xml['dansguardianconfig'] = $config['installedpackages']['dansguardianconfig']; - $xml['dansguardianblacklist'] = $config['installedpackages']['dansguardianblacklist']; - $xml['dansguardianldap'] = $config['installedpackages']['dansguardianldap']; - $xml['dansguardiancontentacl'] = $config['installedpackages']['dansguardiancontentacl']; - $xml['dansguardianfileacl'] = $config['installedpackages']['dansguardianfileacl']; - $xml['dansguardiangroups'] = $config['installedpackages']['dansguardiangroups']; - $xml['dansguardianheaderacl'] = $config['installedpackages']['dansguardianheaderacl']; - $xml['dansguardianlimits'] = $config['installedpackages']['dansguardianlimits']; - $xml['dansguardianlog'] = $config['installedpackages']['dansguardianlog']; - $xml['dansguardianphraseacl'] = $config['installedpackages']['dansguardianphraseacl']; - $xml['dansguardianpicsacl'] = $config['installedpackages']['dansguardianpicsacl']; - $xml['dansguardiansearchacl'] = $config['installedpackages']['dansguardiansearchacl']; - $xml['dansguardiansiteacl'] = $config['installedpackages']['dansguardiansiteacl']; - $xml['dansguardianurlacl'] = $config['installedpackages']['dansguardianurlacl']; - $xml['dansguardianusers'] = $config['installedpackages']['dansguardianusers']; + log_error("Include dansguardian config"); + $xml['dansguardian'] = $config['installedpackages']['dansguardian']; + $xml['dansguardianantivirusacl'] = $config['installedpackages']['dansguardianantivirusacl']; + $xml['dansguardianconfig'] = $config['installedpackages']['dansguardianconfig']; + $xml['dansguardianblacklist'] = $config['installedpackages']['dansguardianblacklist']; + $xml['dansguardianldap'] = $config['installedpackages']['dansguardianldap']; + $xml['dansguardiancontentacl'] = $config['installedpackages']['dansguardiancontentacl']; + $xml['dansguardianfileacl'] = $config['installedpackages']['dansguardianfileacl']; + $xml['dansguardiangroups'] = $config['installedpackages']['dansguardiangroups']; + $xml['dansguardianheaderacl'] = $config['installedpackages']['dansguardianheaderacl']; + $xml['dansguardianlimits'] = $config['installedpackages']['dansguardianlimits']; + $xml['dansguardianlog'] = $config['installedpackages']['dansguardianlog']; + $xml['dansguardianphraseacl'] = $config['installedpackages']['dansguardianphraseacl']; + $xml['dansguardianpicsacl'] = $config['installedpackages']['dansguardianpicsacl']; + $xml['dansguardiansearchacl'] = $config['installedpackages']['dansguardiansearchacl']; + $xml['dansguardiansiteacl'] = $config['installedpackages']['dansguardiansiteacl']; + $xml['dansguardianurlacl'] = $config['installedpackages']['dansguardianurlacl']; + $xml['dansguardianusers'] = $config['installedpackages']['dansguardianusers']; + $xml['dansguardianips'] = $config['installedpackages']['dansguardianips']; - } if (count($xml) > 0){ /* assemble xmlrpc payload */ $params = array( @@ -1321,18 +1363,18 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); + $cli->setCredentials($username, $password); if($g['debug']) $cli->setDebug(1); - /* send our XMLRPC message and timeout after 30 seconds */ - $resp = $cli->send($msg, "30"); + /* send our XMLRPC message and timeout after $synctimeout seconds */ + $resp = $cli->send($msg, $synctimeout); if(!$resp) { $error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "dansguardian Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "30"); + $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "dansguardian Settings Sync", ""); @@ -1354,15 +1396,15 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { log_error("dansguardian XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - $resp = $cli->send($msg, "30"); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); if(!$resp) { $error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "dansguardian Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "30"); + $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "dansguardian Settings Sync", ""); @@ -1372,4 +1414,4 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { } } -?> +?>
\ No newline at end of file |