aboutsummaryrefslogtreecommitdiffstats
path: root/config/sarg/sarg.inc
diff options
context:
space:
mode:
Diffstat (limited to 'config/sarg/sarg.inc')
-rw-r--r--config/sarg/sarg.inc403
1 files changed, 403 insertions, 0 deletions
diff --git a/config/sarg/sarg.inc b/config/sarg/sarg.inc
new file mode 100644
index 00000000..93126def
--- /dev/null
+++ b/config/sarg/sarg.inc
@@ -0,0 +1,403 @@
+<?php
+/* ========================================================================== */
+/*
+ sarg.inc
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2007 Joao Henrique F. Freitas
+ Copyright (C) 2012 Marcello Coutinho
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+
+
+function sarg_install() {
+ // reserved
+}
+
+function sarg_deinstall() {
+ // reserved
+}
+
+function sarg_start() {
+ global $g, $config;
+
+ // reserved
+}
+
+function sarg_text_area_decode($text){
+ return preg_replace('/\r\n/', "\n",base64_decode($text));
+}
+
+function sarg_resync() {
+ global $config;
+ if (($_POST['Submit'] == 'Save') || !isset($_POST['Submit']))
+ sync_package_sarg();
+ if ($_POST['Submit'] == 'Force udpate now')
+ run_sarg();
+
+}
+function log_rotate($log_file){
+ global $config, $g;
+
+ #remove .10 rotate log file
+ unlink_if_exists($log_file.".10");
+
+ #rotate logs from 0 to 9
+ for ($i = 9; $i < 0; $i--)
+ if (file_exists($log_file.".$i"))
+ rename ($log_file,$log_file.".".($i+1));
+
+ #rotate current log
+ rename ($log_file,$log_file.".0");
+}
+function run_sarg($id=-1) {
+ global $config, $g;
+ #mount filesystem writeable
+ conf_mount_rw();
+ $cmd = "/usr/local/bin/sarg";
+ if ($id > 0 && is_array($config['installedpackages']['sargschedule']['config'])){
+ $args=$config['installedpackages']['sargschedule']['config'][$id]['args'];
+ $action=$config['installedpackages']['sargschedule']['config'][$id]['action'];
+ }
+ else{
+ $args=$_POST['args'];
+ $action=$post['action'];
+ }
+ log_error("Sarg: force refresh now with '".$args."' args.");
+
+ mwexec($cmd. " ".$args);
+ #check if there is a script to run after file save
+ if (is_array($config['installedpackages']['sarg']))
+ switch ($config['installedpackages']['sarg']['config'][0]['proxy_server']){
+ case "squid":
+ if ($action =="both" || $action=="rotate")
+ mwexec('squid -k rotate');
+ if ($action =="both" || $action=="restart")
+ mwexec_bg('/usr/local/etc/rc.d/squid restart');
+ break;
+ case "dansguardian":
+ if ($action !="none"){
+ log_rotate('/var/log/dansguardian/access.log');
+ mwexec('/usr/local/sbin/dansguardian -r');
+ }
+ break;
+ /*case "squidguard":
+ #todo
+ if ($action !="xnonex"){
+ log_rotate('/var/log/dansguardian/access.log');
+ mwexec('/usr/local/sbin/dansguardian -r');
+ }
+ break;
+ */
+ }
+ #mount filesystem readonly
+ conf_mount_ro();
+}
+
+function sync_package_sarg() {
+ global $config, $g;
+ $update_conf=0;
+ #mount filesystem writeable
+ conf_mount_rw();
+ if (!is_array($config['installedpackages']['sarg']['config']))
+ $config['installedpackages']['sarg']['config'][0]=array('report_options'=>'use_graphs,remove_temp_files,main_index,use_comma,overwrite_report',
+ 'user_sort_field'=>'BYTES',
+ 'report_type'=>'topusers,topsites,sites_users,users_sites,date_time,denied,auth_failures,site_user_time_date,downloads');
+ $sarg=$config['installedpackages']['sarg']['config'][0];
+
+ switch ($sarg['proxy_server']){
+ case 'dansguardian':
+ $access_log='/var/log/dansguardian/access.log';
+ $dansguardian_conf='/usr/local/etc/dansguardian/dansguardian.conf';
+ $dansguardian_filter_out_date="dansguardian_filter_out_date on";
+ $squidguard_conf='none';
+ break;
+ case 'squid':
+ $access_log='/var/squid/logs/access.log';
+ break;
+ case 'squidguard':
+ $access_log='/var/squid/logs/access.log';
+ break;
+ }
+
+ $graphs=(preg_match('/use_graphs/',$sarg['report_options'])?"yes":"no");
+ $anonymous_output_files=(preg_match('/anonymous_output_files/',$sarg['report_options'])?"yes":"no");
+ $resolve_ip=(preg_match('/resolve_ip/',$sarg['report_options'])?"yes":"no");
+ $user_ip=(preg_match('/user_ip/',$sarg['report_options'])?"yes":"no");
+ $sort_order=(preg_match('/user_ip/',$sarg['report_options'])?"REVERSE":"NORMAL");
+ $remove_temp_files=(preg_match('/remove_temp_files/',$sarg['report_options'])?"yes":"no");
+ $main_index=(preg_match('/main_index/',$sarg['report_options'])?"yes":"no");
+ $index_tree=(preg_match('/index_tree/',$sarg['report_options'])?"file":"date");
+ $overwrite_report=(preg_match('/overwrite_report/',$sarg['report_options'])?"yes":"no");
+ $use_comma=(preg_match('/use_comma/',$sarg['report_options'])?"yes":"no");
+ $long_url=(preg_match('/long_url/',$sarg['report_options'])?"yes":"no");
+ $privacy=(preg_match('/privacy/',$sarg['report_options'])?"yes":"no");
+
+ $report_type=preg_replace('/,/',' ',$sarg['report_type']);
+ if(!empty($sarg['include_userlist']))
+ $include_users="$include_users ".$sarg['include_userlist'];
+
+ include("/usr/local/pkg/sarg.template");
+ file_put_contents("/usr/local/etc/sarg/sarg.conf", $sg, LOCK_EX);
+
+ file_put_contents('/usr/local/etc/sarg/exclude_users.conf', sarg_text_area_decode($sarg['exclude_userlist']),LOCK_EX);
+ if(empty($sarg['include_userlist'])){
+ $usertab="none";
+ }
+ else{
+ $usertab="/usr/local/etc/sarg/usertab.conf";
+ file_put_contents('/usr/local/etc/sarg/usertab.conf', sarg_text_area_decode($sarg['usertab']),LOCK_EX);
+ }
+ $dirs=array("/usr/local/www/sarg-reports");
+ foreach ($dirs as $dir)
+ if (!is_dir($dir))
+ mkdir ($dir,0755,true);
+
+ #check cron_tab
+ $new_cron=array();
+ $cron_found=0;
+ if (is_array($config['cron']['item']))
+ foreach($config['cron']['item'] as $cron){
+ if (preg_match("/usr.local.www.sarg.php/",$cron["command"]))
+ $cron_found++;
+ else
+ $new_cron['item'][]=$cron;
+ }
+ $cron_cmd="/usr/local/bin/php /usr/local/www/sarg.php";
+ $sarg_schedule_id=0;
+ if (is_array($config['installedpackages']['sargschedule']['config']))
+ foreach ($config['installedpackages']['sargschedule']['config'] as $sarg_schedule){
+ if(preg_match('/(\d+)m/',$sarg_schedule['frequency'],$matches) && $sarg_schedule['enable']){
+ $new_cron['item'][]=array( "minute" => "*/".$matches[1],
+ "hour" => "*",
+ "mday" => "*",
+ "month" => "*",
+ "wday" => "*",
+ "who" => "root",
+ "command"=> $cron_cmd." ".$sarg_schedule_id);
+ $config['cron']=$new_cron;
+ $cron_found++;
+ }
+ if(preg_match('/(\d+)h/',$sarg_schedule['frequency'],$matches) && $sarg_schedule['enable']){
+ $new_cron['item'][]=array( "minute" => "0",
+ "hour" => "*/".$matches[1],
+ "mday" => "*",
+ "month" => "*",
+ "wday" => "*",
+ "who" => "root",
+ "command"=> $cron_cmd." ".$sarg_schedule_id);
+ $config['cron']=$new_cron;
+ $cron_found++;
+ }
+ if(preg_match('/(\d+)d/',$sarg_schedule['frequency'],$matches) && $sarg_schedule['enable']){
+ $new_cron['item'][]=array( "minute" => "0",
+ "hour" => "0",
+ "mday" => "*/".$matches[1],
+ "month" => "*",
+ "wday" => "*",
+ "who" => "root",
+ "command"=> $cron_cmd." ".$sarg_schedule_id);
+ $config['cron']=$new_cron;
+ $cron_found++;
+ }
+ $sarg_schedule_id++;
+ }
+
+ #update cron
+ if ($cron_found > 0){
+ $config['cron']=$new_cron;
+ write_config();
+ configure_cron();
+ }
+ #Write config if any file from filesystem was loaded
+ if ($update_conf > 0)
+ write_config();
+
+ #mount filesystem readonly
+ conf_mount_ro();
+
+ sarg_sync_on_changes();
+}
+
+function sarg_validate_input($post, &$input_errors) {
+ global $config,$g;
+ foreach ($post as $key => $value) {
+ if (empty($value))
+ continue;
+ # check dansguardian
+ if (substr($key, 0, 12) == "proxy_server" && $value == "dansguardian"){
+ if (is_array($config['installedpackages']['dansguardianlog'])){
+ if ($config['installedpackages']['dansguardianlog']['config'][0]['logfileformat']!=3){
+ $input_errors[]='Sarg is only compatible with dansguardian log squid mode';
+ $input_errors[]='Please change it on service -> dansguarian -> report and log -> log file format';
+ }
+ }
+ else
+ $input_errors[]='dansguardian package not detected';
+ }
+
+ # check squidguard
+ if (substr($key, 0, 10) == "proxy_server" && $value == "squidguard")
+ if (!is_array($config['installedpackages']['squidguardgeneral']))
+ $input_errors[]='squidguard package not detected';
+
+ # check squid
+ if (substr($key, 0, 5) == "proxy_server" && $value == "squid"){
+ if (is_array($config['installedpackages']['squid']))
+ if (!$config['installedpackages']['squid']['log_enabled'])
+ $input_errors[]='squidlogs not enabled';
+ else
+ $input_errors[]='squid package not installed';
+ }
+
+ if (substr($key, 0, 11) == "description" && !preg_match("@^[a-zA-Z0-9 _/.-]+$@", $value))
+ $input_errors[] = "Do not use special characters on description";
+ if (substr($key, 0, 8) == "fullfile" && !preg_match("@^[a-zA-Z0-9_/.-]+$@", $value))
+ $input_errors[] = "Do not use special characters on filename";
+ #check cron option
+ if($key == "frequency" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0))
+ $input_errors[] = "A valid number with a time reference is required for the field 'Update Frequency'";
+ }
+}
+
+
+/* Uses XMLRPC to synchronize the changes to a remote node */
+function sarg_sync_on_changes() {
+ global $config, $g;
+
+ log_error("[sarg] sarg_xmlrpc_sync.php is starting.");
+ $synconchanges = $config['installedpackages']['sargsync']['config'][0]['synconchanges'];
+ if(!$synconchanges)
+ return;
+ foreach ($config['installedpackages']['sargsync']['config'] as $rs ){
+ foreach($rs['row'] as $sh){
+ $sync_to_ip = $sh['ipaddress'];
+ $password = $sh['password'];
+ if($sh['username'])
+ $username = $sh['username'];
+ else
+ $username = 'admin';
+ if($password && $sync_to_ip)
+ sarg_do_xmlrpc_sync($sync_to_ip, $username, $password);
+ }
+ }
+ log_error("[sarg] sarg_xmlrpc_sync.php is ending.");
+}
+/* Do the actual XMLRPC sync */
+function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password) {
+ global $config, $g;
+
+ if(!$username)
+ return;
+
+ if(!$password)
+ return;
+
+ if(!$sync_to_ip)
+ return;
+
+ $xmlrpc_sync_neighbor = $sync_to_ip;
+ if($config['system']['webgui']['protocol'] != "") {
+ $synchronizetoip = $config['system']['webgui']['protocol'];
+ $synchronizetoip .= "://";
+ }
+ $port = $config['system']['webgui']['port'];
+ /* if port is empty lets rely on the protocol selection */
+ if($port == "") {
+ if($config['system']['webgui']['protocol'] == "http")
+ $port = "80";
+ else
+ $port = "443";
+ }
+ $synchronizetoip .= $sync_to_ip;
+
+ /* xml will hold the sections to sync */
+ $xml = array();
+ $xml['sarg'] = $config['installedpackages']['sarg'];
+
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($xml)
+ );
+
+ /* set a few variables needed for sync code borrowed from filter.inc */
+ $url = $synchronizetoip;
+ log_error("Beginning sarg XMLRPC sync to {$url}:{$port}.");
+ $method = 'pfsense.merge_installedpackages_section_xmlrpc';
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials($username, $password);
+ if($g['debug'])
+ $cli->setDebug(1);
+ /* send our XMLRPC message and timeout after 250 seconds */
+ $resp = $cli->send($msg, "250");
+ if(!$resp) {
+ $error = "A communications error occurred while attempting sarg XMLRPC sync with {$url}:{$port}.";
+ log_error($error);
+ file_notice("sync_settings", $error, "sarg Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, "250");
+ $error = "An error code was received while attempting sarg XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "sarg Settings Sync", "");
+ } else {
+ log_error("sarg XMLRPC sync successfully completed with {$url}:{$port}.");
+ }
+
+ /* tell sarg to reload our settings on the destionation sync host. */
+ $method = 'pfsense.exec_php';
+ $execcmd = "require_once('/usr/local/pkg/sarg.inc');\n";
+ $execcmd .= "sync_package_sarg();";
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($execcmd)
+ );
+
+ log_error("sarg XMLRPC reload data {$url}:{$port}.");
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, "250");
+ if(!$resp) {
+ $error = "A communications error occurred while attempting sarg XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+ log_error($error);
+ file_notice("sync_settings", $error, "sarg Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, "250");
+ $error = "An error code was received while attempting sarg XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "sarg Settings Sync", "");
+ } else {
+ log_error("sarg XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+ }
+
+}
+
+?>