aboutsummaryrefslogtreecommitdiffstats
path: root/config/squidGuard
diff options
context:
space:
mode:
Diffstat (limited to 'config/squidGuard')
-rw-r--r--config/squidGuard/squidguard.inc174
-rw-r--r--config/squidGuard/squidguard.xml2
-rw-r--r--config/squidGuard/squidguard_configurator.inc12
-rw-r--r--config/squidGuard/squidguard_dest.xml16
-rw-r--r--config/squidGuard/squidguard_sync.xml14
5 files changed, 164 insertions, 54 deletions
diff --git a/config/squidGuard/squidguard.inc b/config/squidGuard/squidguard.inc
index fb7fad28..1ea1b5a5 100644
--- a/config/squidGuard/squidguard.inc
+++ b/config/squidGuard/squidguard.inc
@@ -1,17 +1,20 @@
<?php
# ------------------------------------------------------------------------------
/* squidguard.inc
- 2006-2011 Serg Dvoriancev
+
+ Copyright (C) 2006-2011 Serg Dvoriancev
+ Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
+ Copyright (C) 2013 Marcello Coutinho
part of pfSense (www.pfSense.com)
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
+ 1. Redistributions of source code MUST retain the above copyright notice,
this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
+ 2. Redistributions in binary form MUST reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
@@ -302,13 +305,9 @@ function squidguard_validate_rewrite($post, $input_errors) {
# -----------------------------------------------------------------------------
function squidguard_resync() {
$upload_file = '';
- $submit = '';
- $url = '';
- $proxy = '';
-
- $submit = isset($_POST['submit']) ? $_POST['submit'] : $_GET['submit'];
- $url = isset($_POST[F_BLACKLISTURL]) ? $_POST[F_BLACKLISTURL] : $_GET[F_BLACKLISTURL];
- $proxy = isset($_POST['blacklist_proxy']) ? $_POST['blacklist_proxy'] : $_GET['blacklist_proxy'];
+ $submit = isset($_REQUEST['submit']) ? $_REQUEST['submit'] : '';
+ $url = isset($_REQUEST[F_BLACKLISTURL]) ? $_REQUEST[F_BLACKLISTURL] : '';
+ $proxy = isset($_REQUEST['blacklist_proxy'])? $_REQUEST['blacklist_proxy'] : '';
sg_init(convert_pfxml_to_sgxml());
@@ -332,7 +331,10 @@ function squidguard_resync() {
//}
squidguard_cron_install();
- squidguard_sync_on_changes();
+
+ //Sync only with apply button to avoid multiples reloads on backup server while editing master config
+ if ($submit == APPLY_BTN)
+ squidguard_sync_on_changes();
}
# -----------------------------------------------------------------------------
@@ -373,6 +375,44 @@ function squidguard_resync_acl() {
}
}
+# -----------------------------------------------------------------------------
+# squidguard_resync_dest
+# -----------------------------------------------------------------------------
+
+function squidguard_resync_dest() {
+ global $config; # !!! ORDER !!!
+
+ $conf = $config['installedpackages'][MODULE_DESTINATION]['config'];
+ $id = isset($_POST['id']) ? $_POST['id'] : $_GET['id'];
+
+ # --- sources part ---
+ # move current id by order
+ if (($id !== '') and is_array($conf)) {
+ $src_new = array();
+
+ foreach ($conf as $key => $src) {
+ $order = $src[F_ORDER];
+ # n_key: no_move=$key+$order or move=$order+$key
+ $n_key = is_numeric($order) ? sprintf("%04d%04d", $order, $key) : sprintf("%04d%04d", $key, 9999);
+ unset($src[F_ORDER]); # ! must be unset for display correct default position in 'select'!
+ $src_new[$n_key] = $src;
+ }
+ # sort by key
+ ksort($src_new);
+ reset($src_new);
+
+ $src_new = array_values($src_new); # make keys '0, 1, 2, ...'
+
+ # renew config
+ unset ($config['installedpackages'][MODULE_DESTINATION]['config']);
+ $config['installedpackages'][MODULE_DESTINATION]['config'] = $src_new;
+ write_config('Update squidguarddest config');
+
+ # renew global $squidguard_config
+ sg_init(convert_pfxml_to_sgxml());
+ }
+}
+
# =============================================================================
# common functions
# =============================================================================
@@ -596,6 +636,28 @@ function squidguard_before_form_acl($pkg, $is_acl=true) {
}
# -----------------------------------------------------------------------------
+# squidguard_before_form_dest
+# -----------------------------------------------------------------------------
+function squidguard_before_form_dest($pkg) {
+ global $g, $squidguard_config;
+ $destination_items = get_sgconf_items_list(F_DESTINATIONS, 'name');
+//var_dump($squidguard_config);
+ $i=0;
+ foreach($pkg['fields']['field'] as $field) {
+ # order
+ if ($field['fieldname'] == 'order') {
+ $fld = &$pkg['fields']['field'][$i];
+ if (is_array($destination_items))
+ foreach($destination_items as $nmkey => $nm)
+ $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nmkey);
+ $fld['options']['option'][] = array('name'=>'--- Last ---', 'value'=>'9999');
+ $fld['options']['option'][] = array('name'=>'-----', 'value'=>''); # ! this is must be last !
+ }
+ $i++;
+ }
+}
+
+# -----------------------------------------------------------------------------
# make_grid_general_items
# -----------------------------------------------------------------------------
function make_grid_general_items($id = '')
@@ -1406,52 +1468,75 @@ function squidguard_blacklist_list()
/* Uses XMLRPC to synchronize the changes to a remote node */
function squidguard_sync_on_changes() {
global $config, $g;
- $varsyncenablexmlrpc = $config['installedpackages']['squidguardsync']['config'][0]['varsyncenablexmlrpc'];
- $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout'];
-
- // if checkbox is NOT checked do nothing
- if(!$varsyncenablexmlrpc) {
+ if (is_array($config['installedpackages']['squidguardsync'])){
+ $synconchanges = $config['installedpackages']['squidguardsync']['config'][0]['varsyncenablexmlrpc'];
+ $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout'];
+ }
+ else
+ {
return;
}
-
- log_error("SquidGuard: Starting XMLRPC process (squidguard_do_xmlrpc_sync) with timeout {$varsynctimeout} seconds.");
-
- // if checkbox is checked get IP and password of the destination hosts
- foreach ($config['installedpackages']['squidguardsync']['config'] as $rs ){
- foreach($rs['row'] as $sh){
- // if checkbox is NOT checked do nothing
- if($sh['varsyncdestinenable']) {
- $varsyncprotocol = $sh['varsyncprotocol'];
- $sync_to_ip = $sh['varsyncipaddress'];
- $password = $sh['varsyncpassword'];
- $varsyncport = $sh['varsyncport'];
- // check if all credentials are complete for this host
- if($password && $sync_to_ip && $varsyncport && $varsyncprotocol) {
- squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol);
+
+ // if checkbox is NOT checked do nothing
+ switch ($synconchanges){
+ case "manual":
+ if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])){
+ $rs=$config['installedpackages']['squidguardsync']['config'][0]['row'];
+ }
+ else{
+ log_error("[Squidguard] xmlrpc sync is enabled but there is no hosts to push on Squidguard config.");
+ return;
+ }
+ break;
+ case "auto":
+ if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
+ $system_carp=$config['installedpackages']['carpsettings']['config'][0];
+ $rs[0]['varsyncdestinenable']="on";
+ $rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https");
+ $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip'];
+ $rs[0]['varsyncpassword']=$system_carp['password'];
+ $rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443");
+ if (! is_ipaddr($system_carp['synchronizetoip'])){
+ log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config.");
+ return;
+ }
+ }
+ else{
+ log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config.");
+ return;
+ }
+ break;
+ default:
+ return;
+ break;
+ }
+ if (is_array($rs)){
+ log_error("[SquidGuard] xmlrpc sync is starting with timeout {$varsynctimeout} seconds.");
+ foreach($rs as $sh){
+ if($sh['varsyncdestinenable']){
+ $varsyncprotocol = $sh['varsyncprotocol'];
+ $sync_to_ip = $sh['varsyncipaddress'];
+ $password = $sh['varsyncpassword'];
+ $varsyncport = $sh['varsyncport'];
+ if($password && $sync_to_ip)
+ squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout);
+ else
+ log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!");
}
else {
- log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!");
+ log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled");
}
}
- else {
- log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled");
+ log_error("[SquidGuard] xmlrpc sync is ending.");
}
- }
- }
- log_error("SquidGuard: Finished XMLRPC process (squidguard_do_xmlrpc_sync).");
}
/* Do the actual XMLRPC sync */
-function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol) {
+function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) {
global $config, $g;
- $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout'];
-
- if($varsynctimeout == '' || $varsynctimeout == 0) {
+ if($varsynctimeout == '' || $varsynctimeout == 0)
$varsynctimeout = 150;
- }
-
- // log_error("SquidGuard: Starting XMLRPC process (squidguard_do_xmlrpc_sync) with timeout {$varsynctimeout} seconds.");
if(!$password)
return;
@@ -1551,6 +1636,7 @@ function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn
function squidguard_all_after_XMLRPC_resync() {
squidguard_resync_acl();
+ squidguard_resync_dest();
squidguard_resync();
log_error("SquidGuard: Finished XMLRPC process. It should be OK. For more information look at the host which started sync.");
diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml
index c9df88ca..21356e1c 100644
--- a/config/squidGuard/squidguard.xml
+++ b/config/squidGuard/squidguard.xml
@@ -6,7 +6,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>squidguardgeneral</name>
- <version>1.3_1 pkg v.1.9</version>
+ <version>1.4_4 pkg v.1.9.3</version>
<title>Proxy filter SquidGuard: General settings</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<!-- Installation -->
diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc
index 81f9cd96..b900a477 100644
--- a/config/squidGuard/squidguard_configurator.inc
+++ b/config/squidGuard/squidguard_configurator.inc
@@ -112,9 +112,12 @@ define('REDIRECT_URL_ARGS', '&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u');
# ------------------------------------------------------------------------------
$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
-if ($pf_version > 2.0)
- define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-' . php_uname("m"));
-else
+if ($pf_version > 2.0) {
+ if (file_exists('/usr/pbi/squidguard-squid3-' . php_uname("m")))
+ define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-squid3-' . php_uname("m"));
+ else
+ define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-' . php_uname("m"));
+} else
define('SQUIDGUARD_LOCALBASE','/usr/local');
if (!defined('SQUID_LOCALBASE') && ($pf_version > 2.0))
@@ -414,7 +417,6 @@ function squid_reconfigure($remove_only = '')
global $squidguard_config;
$conf = '';
$cust_opt = $config['installedpackages']['squid']['config'][0]['custom_options'];
-
# remove old options
if (!empty($cust_opt)) {
$conf = explode(";", $cust_opt);
@@ -444,7 +446,7 @@ function squid_reconfigure($remove_only = '')
if (is_array($conf)) $conf = implode(";", $conf);
/* Only update squid options if we have something to do, otherwise this can interfere with squid's default options in a new install. */
- if (!empty($conf)) {
+ if ($conf != $cust_opt) {
$config['installedpackages']['squid']['config'][0]['custom_options'] = $conf;
write_config('Update redirector options to squid config.');
}
diff --git a/config/squidGuard/squidguard_dest.xml b/config/squidGuard/squidguard_dest.xml
index 5ffc0aa6..3525098e 100644
--- a/config/squidGuard/squidguard_dest.xml
+++ b/config/squidGuard/squidguard_dest.xml
@@ -77,6 +77,14 @@
<required/>
</field>
<field>
+ <fielddescr>Order</fielddescr>
+ <fieldname>order</fieldname>
+ <description><![CDATA[
+ Select the new position for this target category. Target categories are listed in this order on ALCs and are matched from the top down in sequence.<br>
+ ]]></description>
+ <type>select</type>
+ </field>
+ <field>
<fielddescr>Domain List</fielddescr>
<fieldname>domains</fieldname>
<description><![CDATA[
@@ -163,12 +171,18 @@
<description><![CDATA[Check this option to enable logging for this ACL.]]></description>
</field>
</fields>
- <custom_delete_php_command/>
+ <custom_php_command_before_form>
+ squidguard_before_form_dest(&amp;$pkg);
+ </custom_php_command_before_form>
<custom_php_validation_command>
squidguard_validate_destination($_POST, &amp;$input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
+ squidguard_resync_dest();
</custom_php_resync_config_command>
+ <custom_delete_php_command>
+ squidguard_resync_dest();
+ </custom_delete_php_command>
<custom_php_after_form_command>
squidGuard_print_javascript();
</custom_php_after_form_command>
diff --git a/config/squidGuard/squidguard_sync.xml b/config/squidGuard/squidguard_sync.xml
index cf21c1bf..f0537faf 100644
--- a/config/squidGuard/squidguard_sync.xml
+++ b/config/squidGuard/squidguard_sync.xml
@@ -10,6 +10,7 @@
squidguardsync.xml
part of pfSense (http://www.pfSense.com)
Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
+Copyright (C) 2013 Marcello Coutinho
based on pfblocker_sync.xml
All rights reserved.
@@ -94,11 +95,18 @@ POSSIBILITY OF SUCH DAMAGE.
<type>listtopic</type>
</field>
<field>
- <fielddescr>Automatically sync SquidGuard configuration changes?</fielddescr>
+ <fielddescr>Enable Sync</fielddescr>
<fieldname>varsyncenablexmlrpc</fieldname>
<description><![CDATA[All changes will be synced immediately to the IPs listed below if this option is checked.<br>
- <b>Important:</b> Only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description>
- <type>checkbox</type>
+ <b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description>
+ <type>select</type>
+ <required/>
+ <default_value>auto</default_value>
+ <options>
+ <option><name>Sync to configured system backup server</name><value>auto</value></option>
+ <option><name>Sync to host(s) defined below</name><value>manual</value></option>
+ <option><name>Do not sync this package configuration</name><value>disabled</value></option>
+ </options>
</field>
<field>
<fielddescr>XMLRPC timeout</fielddescr>