diff options
Diffstat (limited to 'config/squidGuard')
-rw-r--r-- | config/squidGuard/squidguard.inc | 174 | ||||
-rw-r--r-- | config/squidGuard/squidguard.xml | 2 | ||||
-rw-r--r-- | config/squidGuard/squidguard_configurator.inc | 12 | ||||
-rw-r--r-- | config/squidGuard/squidguard_dest.xml | 16 | ||||
-rw-r--r-- | config/squidGuard/squidguard_sync.xml | 14 |
5 files changed, 164 insertions, 54 deletions
diff --git a/config/squidGuard/squidguard.inc b/config/squidGuard/squidguard.inc index fb7fad28..1ea1b5a5 100644 --- a/config/squidGuard/squidguard.inc +++ b/config/squidGuard/squidguard.inc @@ -1,17 +1,20 @@ <?php # ------------------------------------------------------------------------------ /* squidguard.inc - 2006-2011 Serg Dvoriancev + + Copyright (C) 2006-2011 Serg Dvoriancev + Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> + Copyright (C) 2013 Marcello Coutinho part of pfSense (www.pfSense.com) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright + 2. Redistributions in binary form MUST reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. @@ -302,13 +305,9 @@ function squidguard_validate_rewrite($post, $input_errors) { # ----------------------------------------------------------------------------- function squidguard_resync() { $upload_file = ''; - $submit = ''; - $url = ''; - $proxy = ''; - - $submit = isset($_POST['submit']) ? $_POST['submit'] : $_GET['submit']; - $url = isset($_POST[F_BLACKLISTURL]) ? $_POST[F_BLACKLISTURL] : $_GET[F_BLACKLISTURL]; - $proxy = isset($_POST['blacklist_proxy']) ? $_POST['blacklist_proxy'] : $_GET['blacklist_proxy']; + $submit = isset($_REQUEST['submit']) ? $_REQUEST['submit'] : ''; + $url = isset($_REQUEST[F_BLACKLISTURL]) ? $_REQUEST[F_BLACKLISTURL] : ''; + $proxy = isset($_REQUEST['blacklist_proxy'])? $_REQUEST['blacklist_proxy'] : ''; sg_init(convert_pfxml_to_sgxml()); @@ -332,7 +331,10 @@ function squidguard_resync() { //} squidguard_cron_install(); - squidguard_sync_on_changes(); + + //Sync only with apply button to avoid multiples reloads on backup server while editing master config + if ($submit == APPLY_BTN) + squidguard_sync_on_changes(); } # ----------------------------------------------------------------------------- @@ -373,6 +375,44 @@ function squidguard_resync_acl() { } } +# ----------------------------------------------------------------------------- +# squidguard_resync_dest +# ----------------------------------------------------------------------------- + +function squidguard_resync_dest() { + global $config; # !!! ORDER !!! + + $conf = $config['installedpackages'][MODULE_DESTINATION]['config']; + $id = isset($_POST['id']) ? $_POST['id'] : $_GET['id']; + + # --- sources part --- + # move current id by order + if (($id !== '') and is_array($conf)) { + $src_new = array(); + + foreach ($conf as $key => $src) { + $order = $src[F_ORDER]; + # n_key: no_move=$key+$order or move=$order+$key + $n_key = is_numeric($order) ? sprintf("%04d%04d", $order, $key) : sprintf("%04d%04d", $key, 9999); + unset($src[F_ORDER]); # ! must be unset for display correct default position in 'select'! + $src_new[$n_key] = $src; + } + # sort by key + ksort($src_new); + reset($src_new); + + $src_new = array_values($src_new); # make keys '0, 1, 2, ...' + + # renew config + unset ($config['installedpackages'][MODULE_DESTINATION]['config']); + $config['installedpackages'][MODULE_DESTINATION]['config'] = $src_new; + write_config('Update squidguarddest config'); + + # renew global $squidguard_config + sg_init(convert_pfxml_to_sgxml()); + } +} + # ============================================================================= # common functions # ============================================================================= @@ -596,6 +636,28 @@ function squidguard_before_form_acl($pkg, $is_acl=true) { } # ----------------------------------------------------------------------------- +# squidguard_before_form_dest +# ----------------------------------------------------------------------------- +function squidguard_before_form_dest($pkg) { + global $g, $squidguard_config; + $destination_items = get_sgconf_items_list(F_DESTINATIONS, 'name'); +//var_dump($squidguard_config); + $i=0; + foreach($pkg['fields']['field'] as $field) { + # order + if ($field['fieldname'] == 'order') { + $fld = &$pkg['fields']['field'][$i]; + if (is_array($destination_items)) + foreach($destination_items as $nmkey => $nm) + $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nmkey); + $fld['options']['option'][] = array('name'=>'--- Last ---', 'value'=>'9999'); + $fld['options']['option'][] = array('name'=>'-----', 'value'=>''); # ! this is must be last ! + } + $i++; + } +} + +# ----------------------------------------------------------------------------- # make_grid_general_items # ----------------------------------------------------------------------------- function make_grid_general_items($id = '') @@ -1406,52 +1468,75 @@ function squidguard_blacklist_list() /* Uses XMLRPC to synchronize the changes to a remote node */ function squidguard_sync_on_changes() { global $config, $g; - $varsyncenablexmlrpc = $config['installedpackages']['squidguardsync']['config'][0]['varsyncenablexmlrpc']; - $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout']; - - // if checkbox is NOT checked do nothing - if(!$varsyncenablexmlrpc) { + if (is_array($config['installedpackages']['squidguardsync'])){ + $synconchanges = $config['installedpackages']['squidguardsync']['config'][0]['varsyncenablexmlrpc']; + $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout']; + } + else + { return; } - - log_error("SquidGuard: Starting XMLRPC process (squidguard_do_xmlrpc_sync) with timeout {$varsynctimeout} seconds."); - - // if checkbox is checked get IP and password of the destination hosts - foreach ($config['installedpackages']['squidguardsync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ - // if checkbox is NOT checked do nothing - if($sh['varsyncdestinenable']) { - $varsyncprotocol = $sh['varsyncprotocol']; - $sync_to_ip = $sh['varsyncipaddress']; - $password = $sh['varsyncpassword']; - $varsyncport = $sh['varsyncport']; - // check if all credentials are complete for this host - if($password && $sync_to_ip && $varsyncport && $varsyncprotocol) { - squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol); + + // if checkbox is NOT checked do nothing + switch ($synconchanges){ + case "manual": + if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])){ + $rs=$config['installedpackages']['squidguardsync']['config'][0]['row']; + } + else{ + log_error("[Squidguard] xmlrpc sync is enabled but there is no hosts to push on Squidguard config."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ + $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['varsyncdestinenable']="on"; + $rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https"); + $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip']; + $rs[0]['varsyncpassword']=$system_carp['password']; + $rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443"); + if (! is_ipaddr($system_carp['synchronizetoip'])){ + log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); + return; + } + } + else{ + log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); + return; + } + break; + default: + return; + break; + } + if (is_array($rs)){ + log_error("[SquidGuard] xmlrpc sync is starting with timeout {$varsynctimeout} seconds."); + foreach($rs as $sh){ + if($sh['varsyncdestinenable']){ + $varsyncprotocol = $sh['varsyncprotocol']; + $sync_to_ip = $sh['varsyncipaddress']; + $password = $sh['varsyncpassword']; + $varsyncport = $sh['varsyncport']; + if($password && $sync_to_ip) + squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout); + else + log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!"); } else { - log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!"); + log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); } } - else { - log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); + log_error("[SquidGuard] xmlrpc sync is ending."); } - } - } - log_error("SquidGuard: Finished XMLRPC process (squidguard_do_xmlrpc_sync)."); } /* Do the actual XMLRPC sync */ -function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol) { +function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) { global $config, $g; - $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout']; - - if($varsynctimeout == '' || $varsynctimeout == 0) { + if($varsynctimeout == '' || $varsynctimeout == 0) $varsynctimeout = 150; - } - - // log_error("SquidGuard: Starting XMLRPC process (squidguard_do_xmlrpc_sync) with timeout {$varsynctimeout} seconds."); if(!$password) return; @@ -1551,6 +1636,7 @@ function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn function squidguard_all_after_XMLRPC_resync() { squidguard_resync_acl(); + squidguard_resync_dest(); squidguard_resync(); log_error("SquidGuard: Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml index c9df88ca..21356e1c 100644 --- a/config/squidGuard/squidguard.xml +++ b/config/squidGuard/squidguard.xml @@ -6,7 +6,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>squidguardgeneral</name> - <version>1.3_1 pkg v.1.9</version> + <version>1.4_4 pkg v.1.9.3</version> <title>Proxy filter SquidGuard: General settings</title> <include_file>/usr/local/pkg/squidguard.inc</include_file> <!-- Installation --> diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc index 81f9cd96..b900a477 100644 --- a/config/squidGuard/squidguard_configurator.inc +++ b/config/squidGuard/squidguard_configurator.inc @@ -112,9 +112,12 @@ define('REDIRECT_URL_ARGS', '&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u'); # ------------------------------------------------------------------------------ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version > 2.0) - define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-' . php_uname("m")); -else +if ($pf_version > 2.0) { + if (file_exists('/usr/pbi/squidguard-squid3-' . php_uname("m"))) + define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-squid3-' . php_uname("m")); + else + define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-' . php_uname("m")); +} else define('SQUIDGUARD_LOCALBASE','/usr/local'); if (!defined('SQUID_LOCALBASE') && ($pf_version > 2.0)) @@ -414,7 +417,6 @@ function squid_reconfigure($remove_only = '') global $squidguard_config; $conf = ''; $cust_opt = $config['installedpackages']['squid']['config'][0]['custom_options']; - # remove old options if (!empty($cust_opt)) { $conf = explode(";", $cust_opt); @@ -444,7 +446,7 @@ function squid_reconfigure($remove_only = '') if (is_array($conf)) $conf = implode(";", $conf); /* Only update squid options if we have something to do, otherwise this can interfere with squid's default options in a new install. */ - if (!empty($conf)) { + if ($conf != $cust_opt) { $config['installedpackages']['squid']['config'][0]['custom_options'] = $conf; write_config('Update redirector options to squid config.'); } diff --git a/config/squidGuard/squidguard_dest.xml b/config/squidGuard/squidguard_dest.xml index 5ffc0aa6..3525098e 100644 --- a/config/squidGuard/squidguard_dest.xml +++ b/config/squidGuard/squidguard_dest.xml @@ -77,6 +77,14 @@ <required/> </field> <field> + <fielddescr>Order</fielddescr> + <fieldname>order</fieldname> + <description><![CDATA[ + Select the new position for this target category. Target categories are listed in this order on ALCs and are matched from the top down in sequence.<br> + ]]></description> + <type>select</type> + </field> + <field> <fielddescr>Domain List</fielddescr> <fieldname>domains</fieldname> <description><![CDATA[ @@ -163,12 +171,18 @@ <description><![CDATA[Check this option to enable logging for this ACL.]]></description> </field> </fields> - <custom_delete_php_command/> + <custom_php_command_before_form> + squidguard_before_form_dest(&$pkg); + </custom_php_command_before_form> <custom_php_validation_command> squidguard_validate_destination($_POST, &$input_errors); </custom_php_validation_command> <custom_php_resync_config_command> + squidguard_resync_dest(); </custom_php_resync_config_command> + <custom_delete_php_command> + squidguard_resync_dest(); + </custom_delete_php_command> <custom_php_after_form_command> squidGuard_print_javascript(); </custom_php_after_form_command> diff --git a/config/squidGuard/squidguard_sync.xml b/config/squidGuard/squidguard_sync.xml index cf21c1bf..f0537faf 100644 --- a/config/squidGuard/squidguard_sync.xml +++ b/config/squidGuard/squidguard_sync.xml @@ -10,6 +10,7 @@ squidguardsync.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> +Copyright (C) 2013 Marcello Coutinho based on pfblocker_sync.xml All rights reserved. @@ -94,11 +95,18 @@ POSSIBILITY OF SUCH DAMAGE. <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync SquidGuard configuration changes?</fielddescr> + <fielddescr>Enable Sync</fielddescr> <fieldname>varsyncenablexmlrpc</fieldname> <description><![CDATA[All changes will be synced immediately to the IPs listed below if this option is checked.<br> - <b>Important:</b> Only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description> - <type>checkbox</type> + <b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description> + <type>select</type> + <required/> + <default_value>auto</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> </field> <field> <fielddescr>XMLRPC timeout</fielddescr> |