diff options
Diffstat (limited to 'config')
-rwxr-xr-x | config/dansguardian/dansguardian.inc | 101 | ||||
-rw-r--r-- | config/dansguardian/dansguardian.xml | 5 | ||||
-rw-r--r-- | config/dansguardian/dansguardian_config.xml | 6 | ||||
-rwxr-xr-x | config/dansguardian/dansguardian_rc.template | 35 |
4 files changed, 111 insertions, 36 deletions
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index 3d2d83f8..d6c73430 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -46,6 +46,41 @@ function dg_get_real_interface_address($iface) { return array($ip, long2ip(hexdec($netmask))); } +function check_ca_hashes(){ + global $config,$g; + + #check certificates + $cert_count=0; + if (is_dir('/usr/local/share/certs')) + if ($handle = opendir('/usr/local/share/certs')) { + while (false !== ($file = readdir($handle))) + if (preg_match ("/\d+.0/",$file)) + $cert_count++; + } + closedir($handle); + if ($cert_count < 10){ + conf_mount_rw(); + #create ca-root hashes from ca-root-nss package + log_error("Creating root certificate bundle hashes from the Mozilla Project"); + $cas=file('/usr/local/share/certs/ca-root-nss.crt'); + $cert=0; + foreach ($cas as $ca){ + if (preg_match("/--BEGIN CERTIFICATE--/",$ca)) + $cert=1; + if ($cert == 1) + $crt.=$ca; + if (preg_match("/-END CERTIFICATE-/",$ca)){ + file_put_contents("/tmp/cert.pem",$crt, LOCK_EX); + $cert_hash=array(); + exec("/usr/bin/openssl x509 -hash -noout -in /tmp/cert.pem",$cert_hash); + file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",$crt,LOCK_EX); + $crt=""; + $cert=0; + } + } + } +} + function sync_package_dansguardian() { global $config,$g; @@ -132,7 +167,13 @@ function sync_package_dansguardian() { $recheckreplacedurls=(preg_match('/icapscan/',$dansguardian_config['misc_options'])?"on":"off"); $usexforwardedfor=(preg_match('/usexforwardedfor/',$dansguardian_config['misc_options'])?"on":"off"); $authplugin=(preg_match('/usr/',$dansguardian_config['auth_plugin'])?"authplugin = '".$dansguardian_config['auth_plugin']."'":""); - + /*if ($dansguardian_config['auth_plugin']!=""){ + $auth_plugins=explode(",",$dansguardian_config['auth_plugin']); + $authplugin=""; + foreach ($auth_plugins as $auth_selected) + $authplugin.="authplugin = '".$auth_selected."'\n"; + } + */ #limits $maxuploadsize=($dansguardian_limits['maxuploadsize']?$dansguardian_limits['maxuploadsize']:"-1"); $maxcontentfiltersize=($dansguardian_limits['maxcontentfiltersize']?$dansguardian_limits['maxcontentfiltersize']:"256"); @@ -800,10 +841,11 @@ EOF; $cron_found=0; if (is_array($config['cron']['item'])) foreach($config['cron']['item'] as $cron) - if (!preg_match("/usr.local.(bin.freshclam|www.dansguardian)/",$cron["command"])){ + if (preg_match("/usr.local.(bin.freshclam|www.dansguardian)/",$cron["command"])) $cron_found++; + else $new_cron['item'][]=$cron; - } + $cron_cmd="/usr/local/bin/freshclam"; if($dansguardian_config['cron'] && preg_match("/clamd/",$dansguardian_config['content_scanners'])) switch ($dansguardian_config['cron']){ @@ -913,6 +955,7 @@ EOF; #update cron if ($cron_found > 0){ $config['cron']=$new_cron; + write_config(); configure_cron(); } @@ -980,28 +1023,38 @@ EOF; } } - + #check certificate hashed + $script='/usr/local/etc/rc.d/dansguardian'; + if($config['installedpackages']['dansguardian']['config'][0]['enable']){ - $script_file=file_get_contents($script); - if (preg_match('/NO/',$script_file)){ - $script_file=preg_replace("/NO/","YES",$script_file); - file_put_contents($script, $script_file, LOCK_EX); - } + copy('/usr/local/pkg/dansguardian_rc.template','/usr/local/etc/rc.d/dansguardian'); chmod ($script,0755); - mwexec("$script stop"); + if (is_service_running('dansguardian')){ + log_error('Reloading Dansguardian'); + exec("/usr/local/sbin/dansguardian -r"); + } + else{ + log_error('Starting Dansguardian'); mwexec_bg("$script start"); + } } else{ + log_error('Stopping Dansguardian'); mwexec("$script stop"); chmod ($script,0444); } if (!file_exists('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8')) file_put_contents('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8',"",LOCK_EX); - - conf_mount_ro(); - $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges']; + + #check ca certs hashes + check_ca_hashes(); + + #mount read only + conf_mount_ro(); + + $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges']; if(!$synconchanges && !$syncondbchanges) return; log_error("[dansguardian] dansguardian_xmlrpc_sync.php is starting."); @@ -1034,29 +1087,11 @@ function dansguardian_validate_input($post, &$input_errors) { } function dansguardian_php_install_command() { - conf_mount_rw(); - #create ca-root hashes from ca-root-nss package - print "Creating root certificate bundle hashes from the Mozilla Project\n"; - $cas=file('/usr/local/share/certs/ca-root-nss.crt'); - $cert=0; - foreach ($cas as $ca){ - if (preg_match("/--BEGIN CERTIFICATE--/",$ca)) - $cert=1; - if ($cert == 1) - $crt.=$ca; - if (preg_match("/-END CERTIFICATE-/",$ca)){ - file_put_contents("/tmp/cert.pem",$crt, LOCK_EX); - $cert_hash=array(); - exec("/usr/bin/openssl x509 -hash -noout -in /tmp/cert.pem",$cert_hash); - file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",$crt,LOCK_EX); - $crt=""; - $cert=0; - } - } - sync_package_dansguardian(); + sync_package_dansguardian(); } function dansguardian_php_deinstall_command() { + global $config,$g; mwexec("/usr/local/etc/rc.d/dansguardian stop"); sleep(1); conf_mount_rw(); diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml index 1188796c..334c99e7 100644 --- a/config/dansguardian/dansguardian.xml +++ b/config/dansguardian/dansguardian.xml @@ -184,6 +184,11 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_rc.template</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> <item>http://www.pfsense.org/packages/config/dansguardian/blockedflash.swf</item> <prefix>/usr/local/share/dansguardian/</prefix> <chmod>0755</chmod> diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml index 6016d80f..0c14a7bb 100644 --- a/config/dansguardian/dansguardian_config.xml +++ b/config/dansguardian/dansguardian_config.xml @@ -103,10 +103,10 @@ <type>listtopic</type> </field> <field> - <fielddescr>Auth Plugin</fielddescr> + <fielddescr>Auth Plugins</fielddescr> <fieldname>auth_plugin</fieldname> <description><![CDATA[This option handle the extraction of client usernames from various sources, such as Proxy-Authorisation headers and ident servers, - enabling requests to be handled according to the settings of the user's filter group.]]></description> + enabling requests to be handled according to the settings of the user's filter group]]></description> <type>select</type> <options> <option><name>Proxy-Basic</name><value>/usr/local/etc/dansguardian/authplugins/proxy-basic.conf</value></option> @@ -114,7 +114,7 @@ <option><name>Proxy-Ntlm</name><value>/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf</value></option> <option><name>Ident</name><value>/usr/local/etc/dansguardian/authplugins/ident.conf</value></option> <option><name>Ip Address</name><value>/usr/local/etc/dansguardian/authplugins/ip.conf</value></option> - <option><name>none</name><value></value></option> + <option><name>none</name><value>none</value></option> </options> </field> <field> diff --git a/config/dansguardian/dansguardian_rc.template b/config/dansguardian/dansguardian_rc.template new file mode 100755 index 00000000..580fb835 --- /dev/null +++ b/config/dansguardian/dansguardian_rc.template @@ -0,0 +1,35 @@ +#!/bin/sh +# $FreeBSD: ports/www/dansguardian-devel/files/dansguardian.in,v 1.6 2012/01/14 08:57:12 dougb Exp $ + +# PROVIDE: dansguardian +# REQUIRE: NETWORKING SERVERS squid +# KEYWORD: shutdown + +# Define these dansguardian_* variables in one of these files: +# /etc/rc.conf +# /etc/rc.conf.local +# /etc/rc.conf.d/dansguardian +# +# DO YEST CHANGE THESE DEFAULT VALUES HERE +# +# dansguardian_enable="YES" +# dansguardian_flags="<set as needed>" +sysctl kern.ipc.somaxconn=16384 +sysctl kern.maxfiles=131072 +sysctl kern.maxfilesperproc=104856 +sysctl kern.threads.max_threads_per_proc=4096 + +dansguardian_enable=${dansguardian_enable:-"YES"} +dansguardian_pidfile=${dansguardian_pidfile:-"/var/run/dansguardian.pid"} + +. /etc/rc.subr + +name="dansguardian" +rcvar=dansguardian_enable +command="/usr/local/sbin/${name}" + +load_rc_config $name + +pidfile="${dansguardian_pidfile}" + +run_rc_command "$1" |