aboutsummaryrefslogtreecommitdiffstats
path: root/config/dansguardian/dansguardian.inc
diff options
context:
space:
mode:
Diffstat (limited to 'config/dansguardian/dansguardian.inc')
-rwxr-xr-xconfig/dansguardian/dansguardian.inc156
1 files changed, 99 insertions, 57 deletions
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index 8177fe3f..b1c79a97 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -101,8 +101,13 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
$boot_process="on";
}
- if (is_process_running('dansguardian') && isset($boot_process) && $via_rpc==false)
+ if (is_process_running('dansguardian') && isset($boot_process) && $via_rpc==false){
+ log_error("[Dansguardian] - Detected boot process pr:".is_process_running('dansguardian')." bp:".isset($boot_process)." rpc:".$via_rpc);
return;
+ }
+ else{
+ log_error("[Dansguardian] - Save settings package call pr:".is_process_running('dansguardian')." bp:".isset($boot_process)." rpc:".$via_rpc);
+ }
#assign xml arrays
if (!is_array($config['installedpackages']['dansguardian']))
@@ -921,7 +926,8 @@ EOF;
#check blacklist download files
if ($install_process == true){
require_once("/usr/local/www/dansguardian.php");
- fetch_blacklist(false);
+ fetch_blacklist(false,true);
+ update_output_window("Blacklist check done, continuing package config sync.");
}
else{
if ($dansguardian_blacklist['cron']=="force_download"){
@@ -956,7 +962,6 @@ EOF;
$daemongroup = 'nobody';
}
$filtergroups=($count > 1?($count -1):1);
-
$filterip="";
$filterports="";
foreach (explode(",", $dansguardian['interface']) as $i => $iface) {
@@ -1084,7 +1089,6 @@ EOF;
conf_mount_rw();
write_config();
-
#update cron
if ($cron_found > 0){
$config['cron']=$new_cron;
@@ -1108,19 +1112,15 @@ EOF;
#check virus_scanner options
$libexec_dir= DANSGUARDIAN_DIR."/libexec/dansguardian/";
- if (preg_match("/clamd/",$dansguardian_config['content_scanners'])){
+ if ($install_process==true)
+ update_output_window("Skipping clamav check during package install.");
+ if (preg_match("/clamd/",$dansguardian_config['content_scanners']) && $install_process==false){
if (!(file_exists('/var/db/clamav/main.cvd')||file_exists('/var/db/clamav/main.cld'))){
file_notice("Dansguardian - No antivirus database found for clamav, running freshclam in background.","");
log_error('No antivirus database found for clamav, running freshclam in background. Content-scanner may not work until freshclam finishes.');
mwexec_bg(DANSGUARDIAN_DIR.'/bin/freshclam && /usr/local/etc/rc.d/clamav-clamd');
}
-
- $match=array();
- $match[0]='/NO/';
- $replace=array();
- $replace[0]='YES';
-
#clamdscan.conf dansguardian file
$cconf=DANSGUARDIAN_DIR . "/etc/dansguardian/contentscanners/clamdscan.conf";
$cconf_file=file_get_contents($cconf);
@@ -1128,7 +1128,6 @@ EOF;
$cconf_file=preg_replace('/#clamdudsfile/','clamdudsfile',$cconf_file);
file_put_contents($cconf, $cconf_file, LOCK_EX);
}
-
#clamd conf file
$cconf=DANSGUARDIAN_DIR."/etc/clamd.conf";
$cconf_file=file_get_contents($cconf);
@@ -1136,6 +1135,11 @@ EOF;
#clamd script file
$script='/usr/local/etc/rc.d/clamav-clamd';
$script_file=file($script);
+ $new_clamav_startup="";
+ $cpreg_m[0]="@NO@";
+ $cpreg_m[1]="@/usr/local@";
+ $cpreg_r[0]="YES";
+ $cpreg_r[1]=DANSGUARDIAN_DIR;
foreach ($script_file as $script_line){
if(preg_match("/command=/",$script_line)){
$new_clamav_startup.= 'if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi'."\n";
@@ -1147,12 +1151,12 @@ EOF;
$new_clamav_startup.=$script_line;
}
elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) {
- $new_clamav_startup.=preg_replace("/NO/","YES",$script_line);
- $new_clamav_startup.=preg_replace("@/usr/local@",DANSGUARDIAN_DIR,$script_line);
+ $new_clamav_startup.=preg_replace($cpreg_m,$cpreg_r,$script_line);
}
}
file_put_contents($script, $new_clamav_startup, LOCK_EX);
chmod ($script,0755);
+
if (file_exists('/var/run/dansguardian.pid') && is_process_running('clamd')){
log_error('Stopping clamav-clamd');
mwexec("$script stop");
@@ -1164,8 +1168,7 @@ EOF;
mwexec_bg("$script start");
}
}
- }
-
+ }
#check certificate hashed
$script='/usr/local/etc/rc.d/dansguardian.sh';
@@ -1200,23 +1203,58 @@ EOF;
#mount read only
conf_mount_ro();
+
#avoid sync during boot process
if (!isset($boot_process)){
- $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges'];
- if(!$synconchanges && !$syncondbchanges)
- return;
- log_error("[dansguardian] dansguardian_xmlrpc_sync.php is starting.");
- foreach ($config['installedpackages']['dansguardiansync']['config'] as $rs ){
- foreach($rs['row'] as $sh){
+ /* Uses XMLRPC to synchronize the changes to a remote node */
+ if (is_array($config['installedpackages']['dansguardiansync']['config'])){
+ $dans_sync=$config['installedpackages']['dansguardiansync']['config'][0];
+ $synconchanges = $dans_sync['synconchanges'];
+ $synctimeout = $dans_sync['synctimeout'];
+ switch ($synconchanges){
+ case "manual":
+ if (is_array($dans_sync[row])){
+ $rs=$dans_sync[row];
+ }
+ else{
+ log_error("[Dansguardian] xmlrpc sync is enabled but there is no hosts to push on dansguardian config.");
+ return;
+ }
+ break;
+ case "auto":
+ if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
+ $system_carp=$config['installedpackages']['carpsettings']['config'][0];
+ $rs[0]['ipaddress']=$system_carp['synchronizetoip'];
+ $rs[0]['username']=$system_carp['username'];
+ $rs[0]['password']=$system_carp['password'];
+ if (! is_ipaddr($system_carp['synchronizetoip'])){
+ log_error("[Dansguardian] xmlrpc sync is enabled but there is no system backup hosts to push squid config.");
+ return;
+ }
+ }
+ else{
+ log_error("[Dansguardian] xmlrpc sync is enabled but there is no system backup hosts to push squid config.");
+ return;
+ }
+ break;
+ default:
+ return;
+ break;
+ }
+ if (is_array($rs)){
+ log_error("[Dansguardian] xmlrpc sync is starting.");
+ foreach($rs as $sh){
$sync_to_ip = $sh['ipaddress'];
- $password = $sh['password'];
- $sync_type = $sh['sync_type'];
+ $password = $sh['password'];
+ $username = ($sh['username']?$sh['username']:"admin");
if($password && $sync_to_ip)
- dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type);
+ dansguardian_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$synctimeout);
}
+ log_error("[Dansguardian] xmlrpc sync is ending.");
}
- log_error("[dansguardian] dansguardian_xmlrpc_sync.php is ending.");
- }
+ }
+ }
+
}
function dansguardian_validate_input($post, &$input_errors) {
@@ -1260,15 +1298,21 @@ function dansguardian_php_deinstall_command() {
}
}
-function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
+function dansguardian_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$synctimeout) {
global $config, $g;
+ if(!$username)
+ return;
+
if(!$password)
return;
if(!$sync_to_ip)
return;
+ if(!$synctimeout)
+ $synctimeout=30;
+
$xmlrpc_sync_neighbor = $sync_to_ip;
if($config['system']['webgui']['protocol'] != "") {
$synchronizetoip = $config['system']['webgui']['protocol'];
@@ -1286,28 +1330,26 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
/* xml will hold the sections to sync */
$xml = array();
- $sync_xml=$config['installedpackages']['dansguardiansync']['config'][0]['synconchanges'];
- if ($sync_xml){
- log_error("Include dansguardian config");
- $xml['dansguardian'] = $config['installedpackages']['dansguardian'];
- $xml['dansguardianantivirusacl'] = $config['installedpackages']['dansguardianantivirusacl'];
- $xml['dansguardianconfig'] = $config['installedpackages']['dansguardianconfig'];
- $xml['dansguardianblacklist'] = $config['installedpackages']['dansguardianblacklist'];
- $xml['dansguardianldap'] = $config['installedpackages']['dansguardianldap'];
- $xml['dansguardiancontentacl'] = $config['installedpackages']['dansguardiancontentacl'];
- $xml['dansguardianfileacl'] = $config['installedpackages']['dansguardianfileacl'];
- $xml['dansguardiangroups'] = $config['installedpackages']['dansguardiangroups'];
- $xml['dansguardianheaderacl'] = $config['installedpackages']['dansguardianheaderacl'];
- $xml['dansguardianlimits'] = $config['installedpackages']['dansguardianlimits'];
- $xml['dansguardianlog'] = $config['installedpackages']['dansguardianlog'];
- $xml['dansguardianphraseacl'] = $config['installedpackages']['dansguardianphraseacl'];
- $xml['dansguardianpicsacl'] = $config['installedpackages']['dansguardianpicsacl'];
- $xml['dansguardiansearchacl'] = $config['installedpackages']['dansguardiansearchacl'];
- $xml['dansguardiansiteacl'] = $config['installedpackages']['dansguardiansiteacl'];
- $xml['dansguardianurlacl'] = $config['installedpackages']['dansguardianurlacl'];
- $xml['dansguardianusers'] = $config['installedpackages']['dansguardianusers'];
+ log_error("Include dansguardian config");
+ $xml['dansguardian'] = $config['installedpackages']['dansguardian'];
+ $xml['dansguardianantivirusacl'] = $config['installedpackages']['dansguardianantivirusacl'];
+ $xml['dansguardianconfig'] = $config['installedpackages']['dansguardianconfig'];
+ $xml['dansguardianblacklist'] = $config['installedpackages']['dansguardianblacklist'];
+ $xml['dansguardianldap'] = $config['installedpackages']['dansguardianldap'];
+ $xml['dansguardiancontentacl'] = $config['installedpackages']['dansguardiancontentacl'];
+ $xml['dansguardianfileacl'] = $config['installedpackages']['dansguardianfileacl'];
+ $xml['dansguardiangroups'] = $config['installedpackages']['dansguardiangroups'];
+ $xml['dansguardianheaderacl'] = $config['installedpackages']['dansguardianheaderacl'];
+ $xml['dansguardianlimits'] = $config['installedpackages']['dansguardianlimits'];
+ $xml['dansguardianlog'] = $config['installedpackages']['dansguardianlog'];
+ $xml['dansguardianphraseacl'] = $config['installedpackages']['dansguardianphraseacl'];
+ $xml['dansguardianpicsacl'] = $config['installedpackages']['dansguardianpicsacl'];
+ $xml['dansguardiansearchacl'] = $config['installedpackages']['dansguardiansearchacl'];
+ $xml['dansguardiansiteacl'] = $config['installedpackages']['dansguardiansiteacl'];
+ $xml['dansguardianurlacl'] = $config['installedpackages']['dansguardianurlacl'];
+ $xml['dansguardianusers'] = $config['installedpackages']['dansguardianusers'];
+ $xml['dansguardianips'] = $config['installedpackages']['dansguardianips'];
- }
if (count($xml) > 0){
/* assemble xmlrpc payload */
$params = array(
@@ -1321,18 +1363,18 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
+ $cli->setCredentials($username, $password);
if($g['debug'])
$cli->setDebug(1);
- /* send our XMLRPC message and timeout after 30 seconds */
- $resp = $cli->send($msg, "30");
+ /* send our XMLRPC message and timeout after $synctimeout seconds */
+ $resp = $cli->send($msg, $synctimeout);
if(!$resp) {
$error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port}.";
log_error($error);
file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
} elseif($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "30");
+ $resp = $cli->send($msg, $synctimeout);
$error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
@@ -1354,15 +1396,15 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
log_error("dansguardian XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- $resp = $cli->send($msg, "30");
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, $synctimeout);
if(!$resp) {
$error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
log_error($error);
file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
} elseif($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "30");
+ $resp = $cli->send($msg, $synctimeout);
$error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
@@ -1372,4 +1414,4 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
}
}
-?>
+?> \ No newline at end of file