aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rwxr-xr-xconfig/dansguardian/dansguardian.inc101
-rw-r--r--config/dansguardian/dansguardian.xml5
-rw-r--r--config/dansguardian/dansguardian_config.xml6
-rwxr-xr-xconfig/dansguardian/dansguardian_rc.template35
4 files changed, 111 insertions, 36 deletions
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index 3d2d83f8..d6c73430 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -46,6 +46,41 @@ function dg_get_real_interface_address($iface) {
return array($ip, long2ip(hexdec($netmask)));
}
+function check_ca_hashes(){
+ global $config,$g;
+
+ #check certificates
+ $cert_count=0;
+ if (is_dir('/usr/local/share/certs'))
+ if ($handle = opendir('/usr/local/share/certs')) {
+ while (false !== ($file = readdir($handle)))
+ if (preg_match ("/\d+.0/",$file))
+ $cert_count++;
+ }
+ closedir($handle);
+ if ($cert_count < 10){
+ conf_mount_rw();
+ #create ca-root hashes from ca-root-nss package
+ log_error("Creating root certificate bundle hashes from the Mozilla Project");
+ $cas=file('/usr/local/share/certs/ca-root-nss.crt');
+ $cert=0;
+ foreach ($cas as $ca){
+ if (preg_match("/--BEGIN CERTIFICATE--/",$ca))
+ $cert=1;
+ if ($cert == 1)
+ $crt.=$ca;
+ if (preg_match("/-END CERTIFICATE-/",$ca)){
+ file_put_contents("/tmp/cert.pem",$crt, LOCK_EX);
+ $cert_hash=array();
+ exec("/usr/bin/openssl x509 -hash -noout -in /tmp/cert.pem",$cert_hash);
+ file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",$crt,LOCK_EX);
+ $crt="";
+ $cert=0;
+ }
+ }
+ }
+}
+
function sync_package_dansguardian() {
global $config,$g;
@@ -132,7 +167,13 @@ function sync_package_dansguardian() {
$recheckreplacedurls=(preg_match('/icapscan/',$dansguardian_config['misc_options'])?"on":"off");
$usexforwardedfor=(preg_match('/usexforwardedfor/',$dansguardian_config['misc_options'])?"on":"off");
$authplugin=(preg_match('/usr/',$dansguardian_config['auth_plugin'])?"authplugin = '".$dansguardian_config['auth_plugin']."'":"");
-
+ /*if ($dansguardian_config['auth_plugin']!=""){
+ $auth_plugins=explode(",",$dansguardian_config['auth_plugin']);
+ $authplugin="";
+ foreach ($auth_plugins as $auth_selected)
+ $authplugin.="authplugin = '".$auth_selected."'\n";
+ }
+ */
#limits
$maxuploadsize=($dansguardian_limits['maxuploadsize']?$dansguardian_limits['maxuploadsize']:"-1");
$maxcontentfiltersize=($dansguardian_limits['maxcontentfiltersize']?$dansguardian_limits['maxcontentfiltersize']:"256");
@@ -800,10 +841,11 @@ EOF;
$cron_found=0;
if (is_array($config['cron']['item']))
foreach($config['cron']['item'] as $cron)
- if (!preg_match("/usr.local.(bin.freshclam|www.dansguardian)/",$cron["command"])){
+ if (preg_match("/usr.local.(bin.freshclam|www.dansguardian)/",$cron["command"]))
$cron_found++;
+ else
$new_cron['item'][]=$cron;
- }
+
$cron_cmd="/usr/local/bin/freshclam";
if($dansguardian_config['cron'] && preg_match("/clamd/",$dansguardian_config['content_scanners']))
switch ($dansguardian_config['cron']){
@@ -913,6 +955,7 @@ EOF;
#update cron
if ($cron_found > 0){
$config['cron']=$new_cron;
+ write_config();
configure_cron();
}
@@ -980,28 +1023,38 @@ EOF;
}
}
-
+ #check certificate hashed
+
$script='/usr/local/etc/rc.d/dansguardian';
+
if($config['installedpackages']['dansguardian']['config'][0]['enable']){
- $script_file=file_get_contents($script);
- if (preg_match('/NO/',$script_file)){
- $script_file=preg_replace("/NO/","YES",$script_file);
- file_put_contents($script, $script_file, LOCK_EX);
- }
+ copy('/usr/local/pkg/dansguardian_rc.template','/usr/local/etc/rc.d/dansguardian');
chmod ($script,0755);
- mwexec("$script stop");
+ if (is_service_running('dansguardian')){
+ log_error('Reloading Dansguardian');
+ exec("/usr/local/sbin/dansguardian -r");
+ }
+ else{
+ log_error('Starting Dansguardian');
mwexec_bg("$script start");
+ }
}
else{
+ log_error('Stopping Dansguardian');
mwexec("$script stop");
chmod ($script,0444);
}
if (!file_exists('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8'))
file_put_contents('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8',"",LOCK_EX);
-
- conf_mount_ro();
- $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges'];
+
+ #check ca certs hashes
+ check_ca_hashes();
+
+ #mount read only
+ conf_mount_ro();
+
+ $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges'];
if(!$synconchanges && !$syncondbchanges)
return;
log_error("[dansguardian] dansguardian_xmlrpc_sync.php is starting.");
@@ -1034,29 +1087,11 @@ function dansguardian_validate_input($post, &$input_errors) {
}
function dansguardian_php_install_command() {
- conf_mount_rw();
- #create ca-root hashes from ca-root-nss package
- print "Creating root certificate bundle hashes from the Mozilla Project\n";
- $cas=file('/usr/local/share/certs/ca-root-nss.crt');
- $cert=0;
- foreach ($cas as $ca){
- if (preg_match("/--BEGIN CERTIFICATE--/",$ca))
- $cert=1;
- if ($cert == 1)
- $crt.=$ca;
- if (preg_match("/-END CERTIFICATE-/",$ca)){
- file_put_contents("/tmp/cert.pem",$crt, LOCK_EX);
- $cert_hash=array();
- exec("/usr/bin/openssl x509 -hash -noout -in /tmp/cert.pem",$cert_hash);
- file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",$crt,LOCK_EX);
- $crt="";
- $cert=0;
- }
- }
- sync_package_dansguardian();
+ sync_package_dansguardian();
}
function dansguardian_php_deinstall_command() {
+ global $config,$g;
mwexec("/usr/local/etc/rc.d/dansguardian stop");
sleep(1);
conf_mount_rw();
diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml
index 1188796c..334c99e7 100644
--- a/config/dansguardian/dansguardian.xml
+++ b/config/dansguardian/dansguardian.xml
@@ -184,6 +184,11 @@
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_rc.template</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
<item>http://www.pfsense.org/packages/config/dansguardian/blockedflash.swf</item>
<prefix>/usr/local/share/dansguardian/</prefix>
<chmod>0755</chmod>
diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml
index 6016d80f..0c14a7bb 100644
--- a/config/dansguardian/dansguardian_config.xml
+++ b/config/dansguardian/dansguardian_config.xml
@@ -103,10 +103,10 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Auth Plugin</fielddescr>
+ <fielddescr>Auth Plugins</fielddescr>
<fieldname>auth_plugin</fieldname>
<description><![CDATA[This option handle the extraction of client usernames from various sources, such as Proxy-Authorisation headers and ident servers,
- enabling requests to be handled according to the settings of the user's filter group.]]></description>
+ enabling requests to be handled according to the settings of the user's filter group]]></description>
<type>select</type>
<options>
<option><name>Proxy-Basic</name><value>/usr/local/etc/dansguardian/authplugins/proxy-basic.conf</value></option>
@@ -114,7 +114,7 @@
<option><name>Proxy-Ntlm</name><value>/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf</value></option>
<option><name>Ident</name><value>/usr/local/etc/dansguardian/authplugins/ident.conf</value></option>
<option><name>Ip Address</name><value>/usr/local/etc/dansguardian/authplugins/ip.conf</value></option>
- <option><name>none</name><value></value></option>
+ <option><name>none</name><value>none</value></option>
</options>
</field>
<field>
diff --git a/config/dansguardian/dansguardian_rc.template b/config/dansguardian/dansguardian_rc.template
new file mode 100755
index 00000000..580fb835
--- /dev/null
+++ b/config/dansguardian/dansguardian_rc.template
@@ -0,0 +1,35 @@
+#!/bin/sh
+# $FreeBSD: ports/www/dansguardian-devel/files/dansguardian.in,v 1.6 2012/01/14 08:57:12 dougb Exp $
+
+# PROVIDE: dansguardian
+# REQUIRE: NETWORKING SERVERS squid
+# KEYWORD: shutdown
+
+# Define these dansguardian_* variables in one of these files:
+# /etc/rc.conf
+# /etc/rc.conf.local
+# /etc/rc.conf.d/dansguardian
+#
+# DO YEST CHANGE THESE DEFAULT VALUES HERE
+#
+# dansguardian_enable="YES"
+# dansguardian_flags="<set as needed>"
+sysctl kern.ipc.somaxconn=16384
+sysctl kern.maxfiles=131072
+sysctl kern.maxfilesperproc=104856
+sysctl kern.threads.max_threads_per_proc=4096
+
+dansguardian_enable=${dansguardian_enable:-"YES"}
+dansguardian_pidfile=${dansguardian_pidfile:-"/var/run/dansguardian.pid"}
+
+. /etc/rc.subr
+
+name="dansguardian"
+rcvar=dansguardian_enable
+command="/usr/local/sbin/${name}"
+
+load_rc_config $name
+
+pidfile="${dansguardian_pidfile}"
+
+run_rc_command "$1"