diff options
Diffstat (limited to 'config/squidGuard/squidguard_configurator.inc')
-rw-r--r-- | config/squidGuard/squidguard_configurator.inc | 97 |
1 files changed, 64 insertions, 33 deletions
diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc index c69ef0ee..0100fba4 100644 --- a/config/squidGuard/squidguard_configurator.inc +++ b/config/squidGuard/squidguard_configurator.inc @@ -51,7 +51,12 @@ require_once('pfsense-utils.inc'); require_once('pkg-utils.inc'); require_once('filter.inc'); require_once('service-utils.inc'); -require_once('squid.inc'); + +# squid package must exists by default system path (for v.2.0/2.1) +# todo: move include string to the squid-function call string position +if (file_exists('/usr/local/pkg/squid.inc')) { + require_once('/usr/local/pkg/squid.inc'); +} # ------------------------------------------------------------------------------ # Allow additional execution time 0 = no limit @@ -89,8 +94,8 @@ define('CONFIG_SG_HEADER', " define('REDIRECTOR_OPTIONS_REM', '# squidGuard options'); define('REDIRECTOR_PROGRAM_OPT', 'redirect_program'); define('REDIRECT_BYPASS_OPT', 'redirector_bypass'); -define('REDIRECT_CHILDREN_OPT', 'redirect_children'); -define('REDIRECTOR_PROCESS_COUNT', '3'); # redirector processes count will started +define('REDIRECT_CHILDREN_OPT', 'url_rewrite_children'); +define('REDIRECTOR_PROCESS_COUNT', '5'); # redirector processes count will started # ------------------------------------------------------------------------------ # squidguard config options @@ -105,15 +110,28 @@ define('REDIRECT_URL_ARGS', '&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u'); # ------------------------------------------------------------------------------ # squidguard system constants # ------------------------------------------------------------------------------ -define('SQUID_CONFIGFILE', '/usr/local/etc/squid/squid.conf'); + +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version > 2.0) + define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-' . php_uname("m")); +else + define('SQUIDGUARD_LOCALBASE','/usr/local'); + +if (!defined('SQUID_LOCALBASE') && ($pf_version > 2.0)) + define('SQUID_LOCALBASE', '/usr/pbi/squid-' . php_uname("m")); +elseif (!defined('SQUID_LOCALBASE')) + define('SQUID_LOCALBASE','/usr/local'); + +define('SQUID_CONFIGFILE', SQUID_LOCALBASE . '/etc/squid/squid.conf'); define('TMP_DIR', '/var/tmp'); # define('SQUIDGUARD_CONFIGFILE', '/squidGuard.conf'); define('SQUIDGUARD_CONFLOGFILE', '/sg_configurator.log'); define('SQUIDGUARD_LOGFILE', 'block.log'); -define('SQUIDGUARD_CONFBASE', '/usr/local/etc/squid'); -define('SQUIDGUARD_WORKDIR', '/usr/local/etc/squidGuard'); -define('SQUIDGUARD_BINPATH', '/usr/local/bin'); +define('SQUIDGUARD_GUILOGFILE', 'squidGuard.log'); +define('SQUIDGUARD_CONFBASE', SQUID_LOCALBASE . '/etc/squid'); +define('SQUIDGUARD_WORKDIR', SQUIDGUARD_LOCALBASE . '/etc/squidGuard'); +define('SQUIDGUARD_BINPATH', SQUIDGUARD_LOCALBASE . '/bin'); define('SQUIDGUARD_TMP', '/tmp/squidGuard'); # SG temp define('SQUIDGUARD_VAR', '/var/squidGuard'); # SG variables define('SQUIDGUARD_STATE', '/squidGuard.state'); @@ -126,7 +144,7 @@ define('SQUIDGUARD_LOGDIR', '/var/squidGuard/log'); define('SQUIDGUARD_WEBGUI_LOG', '/squidguard_gui.log'); define('SQUIDGUARD_WEBGUI_HISTORY_LOG', '/squidguard_gui_history.log'); # -define('SQUIDGUARD_SCR_LOGROTATE', '/usr/local/etc/rc.d/squidGuard_logrotate'); # Logrotate script +define('SQUIDGUARD_SCR_LOGROTATE', SQUIDGUARD_LOCALBASE . '/etc/rc.d/squidGuard_logrotate'); # Logrotate script # # DB home catalog contains 'Blacklist' and 'User' sub-catalogs define('SQUIDGUARD_DB_BLACKLIST', '/bl'); @@ -371,7 +389,7 @@ function sg_reconfigure() if ($squidguard_config[F_WORKDIR]) $conf_file = $squidguard_config[F_WORKDIR] . SQUIDGUARD_CONFIGFILE; file_put_contents($conf_file, $conf); - file_put_contents('/usr/local/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); # << squidGuard want config '/usr/local/etc/squid' by default + file_put_contents(SQUID_LOCALBASE . '/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); # << squidGuard want config '/usr/local/etc/squid' by default set_file_access($squidguard_config[F_WORKDIR], OWNER_NAME, 0755); conf_mount_ro(); sg_addlog("sg_reconfigure", "Save squidGuard config to '$conf_file'.", SQUIDGUARD_INFO); @@ -385,9 +403,9 @@ function sg_reconfigure() # ------------------------------------------------------------------------------ # squid_reconfigure # Insert in '/usr/local/squid/etc/squid.conf' options: -# redirector_bypass on +# redirector_bypass off # redirect_program /usr/local/squidGuard/bin/squidGuard -c /path_to_config_file -# redirect_children 1 +# url_rewrite_children 5 # ------------------------------------------------------------------------------ function squid_reconfigure($remove_only = '') @@ -416,7 +434,7 @@ function squid_reconfigure($remove_only = '') $redirector_conf = $squidguard_config[F_WORKDIR] . SQUIDGUARD_CONFIGFILE; $conf[] = REDIRECTOR_PROGRAM_OPT . " $redirector_path -c $redirector_conf"; - $conf[] = REDIRECT_BYPASS_OPT . " on"; + $conf[] = REDIRECT_BYPASS_OPT . " off"; $conf[] = REDIRECT_CHILDREN_OPT . " " . REDIRECTOR_PROCESS_COUNT; sg_addlog("squid_reconfigure", "Add new redirector options to Squid config.", SQUIDGUARD_INFO); @@ -428,7 +446,10 @@ function squid_reconfigure($remove_only = '') $config['installedpackages']['squid']['config'][0]['custom_options'] = $conf; write_config('Update redirector options to squid config.'); - squid_resync(); + # resync squid package, if installed + if (function_exists('squid_resync')) { + squid_resync(); + } } # ------------------------------------------------------------------------------ @@ -659,7 +680,7 @@ function sg_rebuild_db($shtag, $rdb_dbhome, $rdb_itemslist) $sh_scr[] = "chown -R -v " . OWNER_NAME . " $dbhome"; # restart squid for changes to take effects - $sh_scr[] = "/usr/local/sbin/squid -k reconfigure"; + $sh_scr[] = SQUID_LOCALBASE . "/sbin/squid -k reconfigure"; # store & exec sh $sh_scr = implode("\n", $sh_scr); @@ -1543,11 +1564,10 @@ if(!function_exists("is_url")) { function is_url($url) { if (empty($url)) return false; - if (eregi("^http://", $url)) return true; - if (eregi("^https://", $url)) return true; + if (preg_match("/^(http|https):\/\//i", $url)) return true; if (strstr("blank", $url)) return true; if (strstr("blank_img", $url)) return true; - if (eregi("^((30[1235]{1})|(40[0-9]{1})|(41[0-7]{1})|(50[0-5]{1}))", $url)) return true; # http error code 30x, 4xx, 50x. + if (preg_match("/^((30[1235]{1})|(40[0-9]{1})|(41[0-7]{1})|(50[0-5]{1}))/i", $url)) return true; # http error code 30x, 4xx, 50x. return false; } } @@ -1558,7 +1578,7 @@ function is_dest_url($url) $fmt = "[a-zA-Z0-9_-]"; if (empty($url)) return false; - if (eregi("^(($fmt){1,}\.){1,}($fmt){2,}(/(.[^\*][^ ])*)", $url)) return true; + if (preg_match("/^(($fmt){1,}\.){1,}($fmt){2,}(\/(.[^\*][^ ])*)/i", $url)) return true; return false; } # ------------------------------------------------------------------------------ @@ -1603,8 +1623,8 @@ function is_ipaddr_valid($val) function is_domain_valid($domain) { $dm_fmt = "([a-z0-9\-]{1,})"; - $dm_fmt = "^(($dm_fmt{1,}\.){1,}$dm_fmt{2,})+$"; # example: (my.)(super.)(domain.)com - return is_string($domain) && eregi($dm_fmt, trim($domain)); + $dm_fmt = "/^(($dm_fmt{1,}\.){1,}$dm_fmt{2,})+$/i"; # example: (my.)(super.)(domain.)com + return is_string($domain) && preg_match($dm_fmt, trim($domain)); } # ------------------------------------------------------------------------------ @@ -1612,8 +1632,8 @@ function is_domain_valid($domain) # ------------------------------------------------------------------------------ function is_username($username) { - $unm_fmt = "^\'[a-zA-Z_0-9\.\-]{1,}\'$"; - return is_string($username) && eregi($unm_fmt, trim($username)); + $unm_fmt = "/^\'[a-zA-Z_0-9\.\-]{1,}\'$/i"; + return is_string($username) && preg_match($unm_fmt, trim($username)); } # ------------------------------------------------------------------------------ # check name @@ -1627,7 +1647,7 @@ function check_name_format ($name, $input_errors) $elog[] = " Size of name '$val' must be between [2..16]."; # All symbols must be [a-zA-Z_0-9\-] First symbol = letter. - if (!eregi("^([a-zA-Z]{1})([a-zA-Z_0-9\-]+)$", $val)) + if (!preg_match("/^([a-zA-Z]{1})([a-zA-Z_0-9\-]+)$/i", $val)) $elog[] = " Invalid name $name. Valid name symbols: ['a-Z', '_', '0-9', '-']. First symbol must be a letter."; # update log @@ -1784,15 +1804,15 @@ function check_date($date) { $err = ''; $val = trim($date); - $dtfmt = "([0-9]{4})\.([0-9]{2})\.([0-9]{2})"; + $dtfmt = "/^([0-9]{4})\.([0-9]{2})\.([0-9]{2})/i"; # check date range - if (eregi("^{$dtfmt}-{$dtfmt}$", $val)) { + if (preg_match("{$dtfmt}-{$dtfmt}$", $val)) { $val = explode("-", str_replace(".", '', $val)); if (intval($val[0]) >= intval($val[1])) $err .= "Invalid date range, begin range must be less than the end. {$val[0]} - {$val[1]}"; } - elseif (!eregi("^(([0-9]{4})|[*])\.(([0-9]{2})|[*])\.(([0-9]{2})|[*])$", $val)) { + elseif (!preg_match("/^(([0-9]{4})|[*])\.(([0-9]{2})|[*])\.(([0-9]{2})|[*])$/i", $val)) { $err .= "Bad date format."; } @@ -1815,7 +1835,7 @@ function check_time($time) if (empty($time)) return ''; # time range format: 'HH:MM-HH:MM' - if (!eregi("^([0-2][0-9])\:([0-5][0-9])-([0-2][0-9])\:([0-5][0-9])$", $time)) + if (!preg_match("/^([0-2][0-9])\:([0-5][0-9])-([0-2][0-9])\:([0-5][0-9])$/i", $time)) $err = "Invalid time range '$time'. You must use 'HH:MM-HH:MM' time range format. "; else { $tms = str_replace("-", "\n", $time); @@ -1863,18 +1883,29 @@ function acl_remove_blacklist_items($items) # ----------------------------------------------------------------------------- function sg_script_logrotate() { - $lines = 1000; # SG logfile truncate lines count - global $squidguard_config; - $sglogname = $squidguard_config[F_LOGDIR] . "/" . SQUIDGUARD_LOGFILE; + global $squidguard_config; + + $sglogname = $squidguard_config[F_LOGDIR] . "/" . SQUIDGUARD_LOGFILE; + $sgguilogname = $squidguard_config[F_LOGDIR] . "/" . SQUIDGUARD_GUILOGFILE; + $sgconflogname = $squidguard_config[F_LOGDIR] . "/" . SQUIDGUARD_CONFLOGFILE; $res = <<<EOD #!/bin/sh # # This file generated automaticly with SquidGuard configurator +# Rotates the block logfile tail -{$lines} {$sglogname} > {$sglogname}.0 tail -{$lines} {$sglogname}.0 > {$sglogname} rm -f {$sglogname}.0 +# Rotates the squidguard GUI logile +tail -{$lines} {$sgguilogname} > {$sgguilogname}.0 +tail -{$lines} {$sgguilogname}.0 > {$sgguilogname} +rm -f {$sgguilogname}.0 +# Rotates the squidguard conf logile +tail -{$lines} {$sgconflogname} > {$sgconflogname}.0 +tail -{$lines} {$sgconflogname}.0 > {$sgconflogname} +rm -f {$sgconflogname}.0 EOD; return $res; } @@ -2187,7 +2218,7 @@ function sg_update_blacklist($from_file) set_file_access($dbhome, OWNER_NAME, 0755); squidguard_update_log("Reconfigure Squid proxy."); - mwexec("/usr/local/sbin/squid -k reconfigure"); + mwexec(SQUID_LOCALBASE . "/sbin/squid -k reconfigure"); squidguard_update_log("Blacklist update complete."); @@ -2326,7 +2357,7 @@ function squidguard_blacklist_restore_arcdb() squidguard_rebuild_db("arc_", $dbhome, $files); squidguard_update_log("Reconfigure Squid proxy."); - mwexec("/usr/local/sbin/squid -k reconfigure"); + mwexec(SQUID_LOCALBASE . "/sbin/squid -k reconfigure"); conf_mount_ro(); squidguard_update_log("Restore success."); @@ -2460,4 +2491,4 @@ class TSgTag } } -?>
\ No newline at end of file +?> |