diff options
Diffstat (limited to 'packages')
-rw-r--r-- | packages/squidGuard/squidguard.inc | 1111 | ||||
-rw-r--r-- | packages/squidGuard/squidguard.xml | 70 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_acl.xml | 33 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_cls.inc | 1176 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_configurator.inc | 1564 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_default.xml | 31 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_dest.xml | 25 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_log.xml | 26 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_rewr.xml | 54 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_src.xml | 72 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_time.xml | 28 |
11 files changed, 2388 insertions, 1802 deletions
diff --git a/packages/squidGuard/squidguard.inc b/packages/squidGuard/squidguard.inc index 9f044574..344cf95f 100644 --- a/packages/squidGuard/squidguard.inc +++ b/packages/squidGuard/squidguard.inc @@ -1,8 +1,8 @@ <?php -# --------------------------------------------------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # squidguard.inc -# (C)2006 Serg Dvoriancev +# (C)2006, 2007 Serg Dvoriancev /* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -24,11 +24,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -# --------------------------------------------------------------------------------------------------------------------- - -if ($_SERVER['SCRIPT_FILENAME'] == '/usr/local/www/packages/config/squidguard.inc') { - exit; -} +# ------------------------------------------------------------------------------ require_once('globals.inc'); require_once('config.inc'); @@ -37,18 +33,20 @@ require_once('pfsense-utils.inc'); require_once('pkg-utils.inc'); require_once('filter.inc'); require_once('service-utils.inc'); -require_once('squidguard_cls.inc'); -# --------------------------------------------------------------------------------------------------------------------- -define('SQUIDGUARD_CONFBASE', '/usr/local/etc/squid'); -define('SQUIDGUARD_CONFFILE', '/squidguard.conf.test'); -define('SQUIDGUARD_BINPATH', '/usr/local/bin'); -define('SQUIDGUARD_WORKDIR', '/usr/local/etc/squidGuard'); -define('SQUIDGUARD_DBHOME', '/var/db/squidGuard'); +require_once('squidguard_configurator.inc'); +# ------------------------------------------------------------------------------ +define('SQUIDGUARD_CONFBASE', '/usr/local/etc/squid'); +define('SQUIDGUARD_CONFFILE', '/squidguard.conf'); +define('SQUIDGUARD_CONFXML', '/squidguard_conf.xml'); +define('SQUIDGUARD_BINPATH', '/usr/local/bin'); +define('SQUIDGUARD_WORKDIR', '/usr/local/etc/squidGuard'); +define('SQUIDGUARD_LOGDIR', '/var/squidGuard/log'); +define('SQUIDGUARD_DBHOME', '/var/db/squidGuard'); define('SQUIDGUARD_WEBGUI_LOG', '/squidguard_gui.log'); define('SQUIDGUARD_WEBGUI_HISTORY_LOG', '/squidguard_gui_history.log'); -# --------------------------------------------------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ define('FLD_NAME', 'name'); define('FLD_DEST', 'dest'); @@ -65,7 +63,7 @@ define('FLD_REPLACETO', 'replaceto'); define('FLD_TIMETYPE', 'timetype'); define('FLD_TIMEDAYS', 'timedays'); define('FLD_DATERANGE', 'daterange'); -define('FLD_TIMERANGE', 'timerange'); +define('FLD_TIMERANGE', 'sg_timerange'); define('FLD_IPLIST', 'iplist'); define('FLD_DESCRIPTION', 'description'); define('FLD_EXPRESSIONS', 'expressions'); @@ -73,6 +71,8 @@ define('FLD_DOMAINS', 'domains'); define('FLD_URLS', 'urls'); define('FLD_DISABLED', 'disabled'); define('FLD_ENABLELOG', 'enablelog'); +define('FLD_SQUIDGUARDENABLE','squidguard_enable'); +define('FLD_BLACKLIST', 'blacklist'); define('PREFLD_UPTIME', 'uptime_'); define('PREFLD_UPTIME_DENY', 'uptimedeny_'); @@ -88,9 +88,9 @@ define('MODULE_SOURCE', 'squidguardsrc'); define('MODULE_TIME', 'squidguardtime'); define('MODULE_LOG', 'squidguardlog'); -define('BLACKLIST_DEFAULT_URL', 'http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz'); // 360Kb -//define('BLACKLIST_DEFAULT_URL', 'http://squidguard.mesd.k12.or.us/blacklists.tgz'); // 3.5Mb -// define('BLACKLIST_DEFAULT_URL', 'http://blacklist.dansguardian.org/cgi-bin/download.pl?type=download&file=bigblacklist'); +define('BLACKLIST_DEFAULT_URL', 'http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz'); // 360Kb +define('BLACKLIST_DEFAULT_URL1', 'http://squidguard.mesd.k12.or.us/blacklists.tgz'); // 3.5Mb +define('BLACKLIST_DEFAULT_URL2', 'http://blacklist.dansguardian.org/cgi-bin/download.pl?type=download&file=bigblacklist'); define('BLACKLIST_TMP_FILE', '/var/tmp/blacklists.tar.gz'); define('BLACKLIST_BTN_STD', 'Upload Std'); define('BLACKLIST_BTN_URL', 'Upload Url'); @@ -103,216 +103,25 @@ define('WEBGUI_HISTORY_LOG', 'on'); define('TEST_LOG', '/var/tmp/sqtest.test'); -# --------------------------------------------------------------------------------------------------------------------- -# squidguard_object -# --------------------------------------------------------------------------------------------------------------------- -$squidguard_object = create_squidguard_object(); - - -# --------------------------------------------------------------------------------------------------------------------- -# functions -# --------------------------------------------------------------------------------------------------------------------- +# ============================================================================== +# Initialization +# ============================================================================== +sg_init(convert_pfxml_to_sgxml()); -function create_squidguard_object() { - $sg_object = new SquidGuardConfigClass(); - $sg_object->debug_history .= "->create_squidguard_object"; - $sg_object->set_options(SQUIDGUARD_BINPATH, SQUIDGUARD_WORKDIR, SQUIDGUARD_DBHOME); - - squidguard_ini_object(&$sg_object); - return $sg_object; -} - -function squidguard_ini_object($sg_object) { - global $config; +# ============================================================================== +# Validations +# ============================================================================== - $sg_object->debug_history .= "->squidguard_ini_object"; - $sg_object->init(); - if ($config['installedpackages'][MODULE_GENERAL]['config'][0]['squidguard_enable'] != '') - $sg_object->enabled = true; - else $sg_object->enabled = false; - - if ($config['installedpackages'][MODULE_GENERAL]['config'][0]['blacklist'] != '') - $sg_object->blacklist_enabled = true; - else $sg_object->blacklist_enabled = false; - - // rewrite's - $rewrite = $config['installedpackages'][MODULE_REWRITE]; // ['config']; - if (is_array($rewrite)) { - foreach($rewrite['config'] as $rew) { - // rewrite object - $sg_rew =& $sg_object->add_rewrite($rew[FLD_NAME], $rew[FLD_DESCRIPTION], $rew[FLD_ENABLELOG]); - if (is_array($rew) and count($rew['row'])) { - foreach($rew['row'] as $row) { - // rewrite items - $sg_rew->add_item($row[FLD_TARGETURL], $row[FLD_REPLACETO]); - } - } - } - } - - // time's - $time = $config['installedpackages'][MODULE_TIME]['config']; - if (is_array($time)) { - foreach($time as $tm) { - // time object - $sg_time =& $sg_object->add_time($tm[FLD_NAME], $tm[FLD_DESCRIPTION]); - foreach($tm['row'] as $row) { - // time items - if ($row[FLD_TIMETYPE] == 'date') // 0 - "date"$FLD_TIMETYPE - $sg_time->add_date ($row[FLD_DATERANGE], $row[FLD_TIMERANGE]); - else $sg_time->add_weekly ($row[FLD_TIMEDAYS], /* $row[FLD_DATERANGE], */$row[FLD_TIMERANGE]); - } - } - } - - // source's - $source = $config['installedpackages'][MODULE_SOURCE]['config']; - if (is_array($source)) { - foreach($source as $src) { - // source object - $sg_src =& $sg_object->add_src($src[FLD_NAME], $src[FLD_IPLIST], - $src[FLD_DESCRIPTION], $src[FLD_ENABLELOG]); - } - } - - // destination's - $destination = $config['installedpackages'][MODULE_DESTINATION]['config']; - if (is_array($destination)) { - foreach($destination as $dest) { - // destination object - $sg_ds =& $sg_object->add_dest($dest[FLD_NAME], $dest[FLD_DOMAINS], $dest[FLD_URLS], - $dest[FLD_EXPRESSIONS], $dest[FLD_REDIRECT], $dest[FLD_DESCRIPTION], - $dest[FLD_ENABLELOG]); - } - } - - // acl's - $acl = $config['installedpackages'][MODULE_ACL]['config']; - if (is_array($acl)) { - foreach($acl as $ac) { - $passes = str_replace("]", "", trim($ac[FLD_DESTINATION])); - $passes = explode("[", $passes); - $pass = ""; - $overpass = ""; - if (is_array($passes)) { - $pass = $passes[0]; - $overpass = $passes[1]; - } - // acl object; log defined only for default acl - $sg_acl =& $sg_object->add_acl( - $ac[FLD_SOURCE], $ac[FLD_TIME], $ac[FLD_DESCRIPTION], - array('pass' => $pass, 'rewrite'=>$ac[FLD_REWRITE], 'redirect'=>$ac[FLD_REDIRECT], 'log'=>''), - array('pass' => $overpass, 'rewrite'=>$ac[FLD_REWRITE], 'redirect'=>$ac[FLD_REDIRECT], 'log'=>''), - $ac[FLD_DISABLED] - ); - } - } - - // default acl; log defined only for default acl - $acdef = $config['installedpackages'][MODULE_DEFAULT]['config'][0]; - if (is_array($acdef)) { - $passes = str_replace("]", "", trim($acdef[FLD_DESTINATION])); - $passes = explode("[", $passes); - $pass = ""; - $overpass = ""; - if (is_array($passes)) { - $pass = $passes[0]; - $overpass = $passes[1]; - } - // default acl object - $sg_object->set_default_acl( - $acdef[FLD_TIME], $acdef[FLD_DESCRIPTION], - array('pass' => $pass, 'rewrite'=>$acdef[FLD_REWRITE], 'redirect'=>$acdef[FLD_REDIRECT], 'log'=>$acdef[FLD_ENABLELOG]), - array('pass' => $overpass, 'rewrite'=>$acdef[FLD_REWRITE], 'redirect'=>$acdef[FLD_REDIRECT], 'log'=>$acdef[FLD_ENABLELOG]), - $acdef[FLD_DISABLED] - ); - } - - // update squidguard object - $sg_object->update(); -} - - -# --------------------------------------------------------------------------------------------------------------------- -# install/deinstall -# --------------------------------------------------------------------------------------------------------------------- -function squidguard_deinstall() { - -} - -# --------------------------------------------------------------------------------------------------------------------- -# Upload file to /var/tmp directory -# --------------------------------------------------------------------------------------------------------------------- -function upload_file($file) { - global $squidguard_object; - - $res = ''; - $cat = '/var/tmp/'; - -$squidguard_object->add_log("FILES: " . count($_FILES)); - - if (isset($_FILES[$file])) { // if file exists - if (move_uploaded_file($_FILES[$file]['tmp_name'], $cat . $_FILES[$file]['name'])) { - $res = true; - } // else blacklist_add_log('Нифига нет Files=' . count($_FILES)); - } - return $res; -} - - -# --------------------------------------------------------------------------------------------------------------------- -# default squidguard blacklist -# http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz -# --------------------------------------------------------------------------------------------------------------------- -// upload file and put them to temp catalog -function upload_file_from_url($url_file, $destination_file, $proxy) { - global $squidguard_object; - - // open destination file - $upload_tmp = '/var/tmp/blacklists.tar.gz'; - $result = ''; - $squidguard_object->add_log("Begin upload from URL $url_file"); - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL,BLACKLIST_DEFAULT_URL); - curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); - if ($proxy != '') { - $ip = ''; - $login = ''; - $s = trim($proxy); - if (strpos($s, ' ')) { - $ip = substr($s, 0, strpos($s, ' ')); - $login = substr($s, strpos($s, ' ') + 1); - } else $ip = $s; - - if($ip != '') { - $s_log = "Host[$ip] "; - curl_setopt($ch, CURLOPT_PROXY, $ip); - if($login != '') { - $s_log .= "Login[$login]"; - curl_setopt($ch, CURLOPT_PROXYUSERPWD, $login); - } - $squidguard_object->add_log("Proxy settings: $s_log"); - } - } else $squidguard_object->add_log("Proxy: not defined"); - $result=curl_exec ($ch); - curl_close ($ch); - - // TODO: check uploaded content for '.gz' file format - - if (file_put_contents($upload_tmp, $result) > 0) { - $squidguard_object->add_log("Uploaded success."); - } else $squidguard_object->add_log("Upload error."); - return $upload_tmp; -} - -# --------------------------------------------------------------------------------------------------------------------- -# Validates -# --------------------------------------------------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ +# validate default +# ------------------------------------------------------------------------------ function squidguard_validate_default($post, $input_errors) { squidguard_validate_acl($post, &$input_errors); } +# ------------------------------------------------------------------------------ +# validate acl +# ------------------------------------------------------------------------------ function squidguard_validate_acl($post, $input_errors) { global $config; $pass_up = array(); @@ -322,7 +131,7 @@ function squidguard_validate_acl($post, $input_errors) { $deny_over = array(); $pass_over_val = ''; - // ===== store destinations to 'dest' value ===== + // store destinations to 'dest' value foreach ($post as $key => $val) { if (substr_count($key, PREFLD_UPTIME) != 0) { $name = str_replace(PREFLD_UPTIME, '', $key); @@ -358,7 +167,9 @@ function squidguard_validate_acl($post, $input_errors) { else $pass_over_val .= " $key"; } - // if not exists key 'all', then add '!all' - default 'deny all' (equiqalence 'none') + // !ATTENTION! on pfSense XML config must be must(shall) be '!all' instead of 'none' - it is a must for correct work GUI + + // if not exists key 'all', then add 'none' - default 'deny all' if ((substr_count($pass_up_val, 'all') == 0)) { $pass_up_val .= ' !all'; } @@ -372,6 +183,12 @@ function squidguard_validate_acl($post, $input_errors) { else $post[FLD_DEST] = "$pass_up_val [$pass_over_val]"; } +# ------------------------------------------------------------------------------ +# validate times +# Format: +# date: <date(or range)><time (or range)> -- days not parsed (reset to *) +# weekly: <day or *><time or range> -- dates not parsed (reset to '') +# ------------------------------------------------------------------------------ function squidguard_validate_times($post, $input_errors) { // check name @@ -382,45 +199,40 @@ function squidguard_validate_times($post, $input_errors) { $input_errors[] = $err; } - // check unique name - if (!check_unique_name(MODULE_TIME, $name)) + // check unique name + if (!check_unique_name(MODULE_TIME, $name)) $input_errors[] = "Name '$name' already exists"; - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # Format: - # date: <date(or range)><time (or range)> -- days not parsed (reset to *) - # weekly: <day or *><time or range> -- dates not parsed (reset to '') - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - + // check format $err = ''; for ($i=0; $post[FLD_TIMETYPE . "$i"] != ''; $i++) { - $timetype = strtolower($post[FLD_TIMETYPE . "$i"]); - if ($timetype == 'date') { - // set timedays to '*' - $post[FLD_TIMEDAYS . "$i"] = '*'; - - // check date and time - $date = trim($post[FLD_DATERANGE."$i"]); - $time = trim($post[FLD_TIMERANGE."$i"]); - $err = check_date($date); - if (!empty($err)) $input_errors[] = $err; - $err = check_time($time); - if (!empty($err)) $input_errors[] = $err; - } else { - // set daterange to '' - $post[FLD_DATERANGE . "$i"] = ''; - - // check time - $time = trim($post[FLD_TIMERANGE."$i"]); - $err = check_time($time); - if (!empty($err)) $input_errors[] = $err; - } - } - - if (!empty($err)) - $input_errors .= $err; + $timetype = strtolower($post[FLD_TIMETYPE . "$i"]); + if ($timetype == 'date') { + // set timedays to '*' + $post[FLD_TIMEDAYS . "$i"] = '*'; + + // check date and time + $date = trim($post[FLD_DATERANGE."$i"]); + $time = trim($post[FLD_TIMERANGE."$i"]); + $err = check_date($date); + if (!empty($err)) $input_errors[] = $err; + $err = check_time($time); + if (!empty($err)) $input_errors[] = $err; + } else { + // set daterange to '' + $post[FLD_DATERANGE . "$i"] = ''; + + // check time + $time = trim($post[FLD_TIMERANGE."$i"]); + $err = check_time($time); + if (!empty($err)) $input_errors[] = $err; + } + } } +# ------------------------------------------------------------------------------ +# validate sources +# ------------------------------------------------------------------------------ function squidguard_validate_source($post, $input_errors) { // check name $name = trim($post[FLD_NAME]); @@ -435,6 +247,9 @@ function squidguard_validate_source($post, $input_errors) { } } +# ------------------------------------------------------------------------------ +# validate destinations +# ------------------------------------------------------------------------------ function squidguard_validate_destination($post, $input_errors) { // check name $name = trim($post[FLD_NAME]); @@ -447,8 +262,21 @@ function squidguard_validate_destination($post, $input_errors) { if (!check_unique_name(MODULE_DESTINATION, $name)) $input_errors[] = "Name '$name' already exists"; } + // check redirect + $redirect = trim($post[FLD_REDIRECT]); + if(!empty($redirect)) { + // cut first redirect url, if entered more that one + $redirect = explode("\n", $redirect); + $redirect = $redirect[0]; + $post[FLD_REDIRECT] = $redirect; + if (is_url($redirect) === false) + $input_errors[] = "Redirect must contains valid url. Example: 'http://www.my.com', 'https://my.com', 'ftp://my.com'"; + } } +# ------------------------------------------------------------------------------ +# validate rewrites +# ------------------------------------------------------------------------------ function squidguard_validate_rewrite($post, $input_errors) { // check name $name = trim($post[FLD_NAME]); @@ -464,70 +292,81 @@ function squidguard_validate_rewrite($post, $input_errors) { } } -// --------------------------------------------------------------------------------------------------------------------- -// Resync & Make -// --------------------------------------------------------------------------------------------------------------------- - +// ----------------------------------------------------------------------------- +// squidguard_resync +// ----------------------------------------------------------------------------- function squidguard_resync() { - global $squidguard_object; - $sg_object; - if (is_null($squidguard_object)) { - $squidguard_object = create_squidguard_object(); - } - $sg_object = $squidguard_object; - $sg_object->debug_history .= "->squidguard_resync"; - squidguard_ini_object(&$sg_object); - $conf = ''; $upload_file = ''; - if ($_POST['submit'] == BLACKLIST_BTN_STD) { - // upload from std url - $proxy = $_POST['blacklist_proxy']; - $upload_file = upload_file_from_url(BLACKLIST_DEFAULT_URL, BLACKLIST_TMP_FILE, $proxy); - $sg_object->update_blacklist($upload_file); - } else - + // blacklist upload if ($_POST['submit'] == BLACKLIST_BTN_URL) { // upload from another url $url = $_POST['blacklist_url']; $proxy = $_POST['blacklist_proxy']; if ($url) - $upload_file = upload_file_from_url($url, BLACKLIST_TMP_FILE, $proxy); - $sg_object->update_blacklist($upload_file); - } else - - if ($_POST['submit'] == BLACKLIST_BTN_FILE) { - /* $upload_file = $_POST['blacklist_file']; - blacklist_add_log('Begin upload from file ' . $upload_file . '.\r'); - if (upload_file('')) - blacklist_add_log('Success.\r'); - else { - blacklist_add_log('Error.\r'); - $upload_file = ''; - } - $sg_object->update_blacklist($upload_file); */ - // $sg_object->update_blacklist('/var/tmp/blacklists.tar'); -upload_file(''); - } else - - // apply changes - if ($_POST['submit'] == APPLY_BTN) { - // reconfigure service - $sg_object->reconfigure(); - } else - - // start test squidGuard - /*if ($_POST['test_squidguard'] != '')*/ { - $result = ''; - $src_urls = $_POST['test_squidguard_urls']; - $result = $sg_object->test_work($src_urls); - file_put_contents(TEST_LOG, $result); + sg_reconfigure_blacklist($url, $proxy); } - + // apply changes + if ($_POST['submit'] == APPLY_BTN) sg_reconfigure(); } + +// ----------------------------------------------------------------------------- +// squidguard_resync_src // ----------------------------------------------------------------------------- +function squidguard_resync_src() { + global $config; + $conf = $config['installedpackages'][MODULE_SOURCE]['config']; + $id = $_GET['id']; + if (!$id) + $id = $_POST['id']; + + // move current id by order + if (($id != '') and is_array($conf) and ($id !== intval($conf[$id]['order']))) { + // copy current item to temp and remove it's from list + $src_new = array(); + $src_cur = $conf[$id]; + unset ($conf[$id]); + + // rebuild list and insert current item by order + $i=0; + foreach($conf as $src) { + if (intval($src_cur['order']) === $i) { + $src_new[] = $src_cur; + unset($src_cur); + $i++; + } + $src_new[] = $src; + $i++; + } + // if current item not inserted - insert him to the end + if (isset($src_cur)) { + $src_new[] = $src_cur; + unset($src_cur); + } + + // renew order values + foreach($src_new as $key => $src) { + $src_new[$key]['order'] = $key; + } + + unset ($config['installedpackages'][MODULE_SOURCE]['config']); + $config['installedpackages'][MODULE_SOURCE]['config'] = $src_new; + write_config('Update squidguardsrc config'); + } else if (($_GET['act'] === 'del') or ($_POST['act'] === 'del')) { + // update order on delete item + foreach($config['installedpackages'][MODULE_SOURCE]['config'] as $key => $src) + $config['installedpackages'][MODULE_SOURCE]['config'][$key]['order'] = $key; + write_config('Update squidguardsrc config'); + } +} + +// ============================================================================= // common functions +// ============================================================================= + +// ----------------------------------------------------------------------------- +// get_pkg_items_list // ----------------------------------------------------------------------------- function get_pkg_items_list($pkg_gui_name, $fieldname) { $res = ''; @@ -538,101 +377,33 @@ function get_pkg_items_list($pkg_gui_name, $fieldname) { return $res; } +# ============================================================================== +# Before form +# ============================================================================== + // ----------------------------------------------------------------------------- -// Resync +// squidguard_before_form_src // ----------------------------------------------------------------------------- - -function squidguard_resync_rewrite() { // rewrite - $conf = ""; - // ----- nothing for do ----- - return $conf; -} - -function squidguard_resync_time() { // resync time - global $config; - - $conf = ''; - $times = $config['installedpackages']['squidguardtime']['config']; - - if (is_array($times)) { - foreach($times as $tm) { - $timevalue = ''; - $conf .= "\n time " . $tm['timename'] . " {"; - foreach($tm['row'] as $rw) { - if ($rw['timetype'] == 'date') { - $timevalue .= $rw['timetype'] . ' ' . $rw['timelist']; - $conf .= "\n date" . $rw['timelist']; - } else { - $timevalue .= $rw['timetype'] . ' ' . $rw['timedays'] . ' ' . $rw['timelist']; - $conf .= "\n weekly " . $rw['timedays'] . ' ' . $rw['timelist']; - } - } - $conf .= "\n } \n"; - $config['installedpackages']['squidguardtime']['config']['timevalue'] = "1110";//$timevalue; - } - } - -// file_put_contents("/var/tmp/squidguard.test", $conf); - - return $conf; -} - -function squidguard_resync_src() { // source - $conf = ""; - // ----- nothing for do ----- - return $conf; -} - -function squidguard_resync_std_dest() { // standart destinations - global $config; - $settings = $config['installedpackages']['squidguard']['config'][0]; - $conf = ""; - - // ads - $conf .= make_dest(FLT_ADS, "ads/domains", "ads/urls", "", ""); - // aggressive - $conf .= make_dest(FLT_AGGRESSIVE, "aggressive/domains", "aggressive/urls", "", ""); - // audio & video - $conf .= make_dest(FLT_AUDIOVIDEO, "audio-video/domains", "audio-video/urls", "", ""); - // Druggs - $conf .= make_dest(FLT_DRUGGS, "drugs/domains", "drugs/urls", "", ""); - // Gambling - $conf .= make_dest(FLT_GAMBLING, "gambling/domains", "gambling/urls", "", ""); - // Hacking - $conf .= make_dest(FLT_HACKING, "hacking/domains", "hacking/urls", "", ""); - // Mail - $conf .= make_dest(FLT_MAIL, "mail/domains", "mail/urls", "", ""); - // Porn - $conf .= make_dest(FLT_PORN, "porn/domains", "porn/urls", "", ""); - // proxy - $conf .= make_dest(FLT_PROXY, "proxy/domains", "proxy/urls", "", ""); - // Violence - $conf .= make_dest(FLT_VIOLENCE, "violence/domains", "violence/urls", "", ""); - // Warez - $conf .= make_dest(FLT_WAREZ, "warez/domains", "warez/urls", "", ""); - - return $conf; -} - -function squidguard_resync_user_dst() { // user destinations -} - -function squidguard_resync_dest() { // destination - $conf = ""; - // ----- nothing for do ----- - return $conf; -} - -function squidguard_resync_acl() { // acl - $conf = ""; - // ----- nothing for do ----- - return $conf; +function squidguard_before_form_src($pkg) { + global $config; + global $g; + $i=0; + foreach($pkg['fields']['field'] as $field) { + if ($field['fieldname'] == 'order') { + $fld = &$pkg['fields']['field'][$i]; + $img_up = "<img src='./themes/{$g['theme']}/images/icons/icon_up.gif' + title='move up' width='17' height='17' border='0' onclick='on_moveup()'>"; + $img_down = "<img src='./themes/{$g['theme']}/images/icons/icon_down.gif' + title='move down' width='17' height='17' border='0' onclick='on_movedown()'>"; + $s = "<b>Move to:</b> $img_up $img_down <br>" . $fld['description']; + $fld['description'] = $s; + } + $i++; + } } - // ----------------------------------------------------------------------------- -// Before form +// squidguard_before_form_dest // ----------------------------------------------------------------------------- - function squidguard_before_form_dest($pkg) { global $config; $expr_names = ''; @@ -659,11 +430,12 @@ function squidguard_before_form_dest($pkg) { } } +// ----------------------------------------------------------------------------- +// squidguard_before_form +// ----------------------------------------------------------------------------- function squidguard_before_form($pkg) { $i=0; -// <encType>multipart/form-data</encType>; - foreach($pkg['fields']['field'] as $field) { // blacklist controls if ($field['fieldname'] == 'blacklist') { @@ -685,9 +457,11 @@ function squidguard_before_form($pkg) { } +// ----------------------------------------------------------------------------- +// squidguard_before_form_acl +// ----------------------------------------------------------------------------- function squidguard_before_form_acl($pkg) { global $config; - global $squidguard_object; $current_id = ''; $sources = ''; @@ -710,9 +484,8 @@ function squidguard_before_form_acl($pkg) { // sources $sources = $config['installedpackages']['squidguardsrc']['config']; if (is_array($sources)) { - foreach($sources as $src) { + foreach($sources as $src) $source_items[] = $src['name']; - } } // generate sources list TODO: exclude used names from list, source name used in ACL unique @@ -720,7 +493,8 @@ function squidguard_before_form_acl($pkg) { foreach($pkg['fields']['field'] as $field) { if ($field['fieldname'] == 'source') { $fld = &$pkg['fields']['field'][$i]; - foreach($source_items as $nm) { + if (is_array($source_items)) { + foreach($source_items as $nm) $fld['options']['option'][] = array('name'=>$nm, 'value'=>$nm); } } @@ -756,22 +530,28 @@ function squidguard_before_form_acl($pkg) { } } - # -------------------------------------------------------------------------------------------------------------- - # destinations - # -------------------------------------------------------------------------------------------------------------- - if ($squidguard_object->blacklist_enabled) { - foreach($squidguard_object->blacklist as $dst) - $dest_items[] = array ('name'=>$dst->name, 'upt_value'=>$acls_up[$dst->name], - 'ovt_value'=>$acls_over[$dst->name], 'description'=>$dst->desc); + // --- Destinations --- + $general_cfg = $config['installedpackages'][MODULE_GENERAL]['config'][0]; + $dest_cfg = $config['installedpackages'][MODULE_DESTINATION]['config']; + + // Blacklist + if ($general_cfg['blacklist'] == 'on') { + $blk_entries = sg_entries_blacklist(); + if (!empty($blk_entries)) { + foreach($blk_entries as $dst) + $dest_items[] = array ('name'=>$dst, 'upt_value'=>$acls_up[$dst], + 'ovt_value'=>$acls_over[$dst], 'description'=>''); + } } - if ($squidguard_object->dests) { - foreach($squidguard_object->dests as $dst) - $dest_items[] = array ('name'=>$dst->name, 'upt_value'=>$acls_up[$dst->name], - 'ovt_value'=>$acls_over[$dst->name], 'description'=>$dst->desc); + // User destinations + if ($dest_cfg) { + foreach($dest_cfg as $dst) + $dest_items[] = array ('name'=>$dst[FLD_NAME], 'upt_value'=>$acls_up[$dst[FLD_NAME]], + 'ovt_value'=>$acls_over[$dst[FLD_NAME]], 'description'=>$dst[FLD_DESCRIPTION]); } - // default all + // Default all $dest_items[] = array('name'=>FLT_DEFAULT_ALL, 'upt_value'=>$acls_up[FLT_DEFAULT_ALL], 'ovt_value'=>$acls_over[FLT_DEFAULT_ALL], 'description'=>'Default access'); @@ -828,10 +608,15 @@ function squidguard_before_form_acl($pkg) { } } +// ----------------------------------------------------------------------------- +// squidguard_before_form_log +// ----------------------------------------------------------------------------- function squidguard_before_form_log($pkg) { global $config; - global $squidguard_object; $i=0; + $move_pos = 0; + $move_step = 50; + foreach($pkg['fields']['field'] as $field) { if ($field['fieldname'] == 'logtype') { $slog = ''; @@ -839,15 +624,19 @@ function squidguard_before_form_log($pkg) { $filename = ''; $fld = &$pkg['fields']['field'][$i]; - if ($mlog['logtype'] == 'access_log') { - $filename = $squidguard_object->log_dir . "/" . SQUIDGUARD_ACCESSBLOCK_FILE; + if (empty($move_pos)) $move_pos = 0; + if ($mlog['logtype'] == 'block_log') { + $filename = SQUIDGUARD_LOGDIR . "/" . SQUIDGUARD_ACCESSBLOCK_FILE; if (file_exists($filename)) { $s = file_get_contents($filename); $s = explode("\n", $s); + $move_pos = count ($s) - $move_step; + if ($move_pos < 0) $move_pos = 0; + $s = array_slice($s, $move_pos, $move_step); - $slog .= "<table cellSpacing=1 cellPadding=1 width='100%'>"; - $slog .= "<tr><th>DateTime</th><th>IP</th><th>URL</th><th>Filter</th><th>ID</th><th>Method</th></tr>"; - foreach($s as $vs) { + $slog .= "<tr><th>Num</th><th>DateTime</th><th>IP</th><th>URL</th><th>Filter</th><th>ID</th><th>Mtd</th></tr>"; + foreach($s as $key => $vs) { + $nkey = $move_pos + intval($key); $slog .= "<tr>"; $sx = $vs; $sx = str_replace("/- -", "", $sx); @@ -861,6 +650,7 @@ function squidguard_before_form_log($pkg) { $sx = explode(" ", $sx); if (!empty($vs)) $slog .= "<tr> + <td style='vertical-align: top; white-space: nowrap;'>" . strval($nkey) . "</td> <td style='vertical-align: top; white-space: nowrap;'>$sx[0] $sx[1]</td> <td style='vertical-align: top;'>$sx[5]</td> <td style='vertical-align: top;'>$sx[4]</td> @@ -868,11 +658,12 @@ function squidguard_before_form_log($pkg) { <td style='vertical-align: top;'>$sx[2]</td> <td style='vertical-align: top;'>$sx[6]</td></tr>"; } - $slog .= "</table>"; +# $slog .= "</table>"; } } else - if ($mlog['logtype'] == 'webgui_log') { - $filename = $squidguard_object->log_dir . SQUIDGUARD_LOG_FILE; + if ($mlog['logtype'] == 'configurator_log') { + $filename = SQUIDGUARD_LOGDIR . SQUIDGUARDCONF_LOGFILE; + $slog .= "<b>$filename</b><br>"; if (file_exists($filename)) { $slog .= file_get_contents($filename); $slog = str_replace("\n", "<br>", $slog); @@ -880,36 +671,64 @@ function squidguard_before_form_log($pkg) { } } else if ($mlog['logtype'] == 'squidguard_log') { - $filename = $squidguard_object->log_dir . "/squidGuard.log"; + $filename = SQUIDGUARD_LOGDIR . '/squidGuard.log'; + $slog .= "<b>$filename</b><br>"; + if (file_exists($filename)) { + $slog .= file_get_contents($filename); + $slog = explode("\n", $slog); + while (count($slog) > 500) array_shift($slog); + $slog = implode("\n", $slog); + $slog = str_replace("\n", "<br>", $slog); + $slog = "<tr><td>$slog</td></tr>"; + } + } else + if ($mlog['logtype'] == 'squid_config') { + $filename = SQUID_CONFIGFILE; + $slog .= "<b>$filename</b><br>"; + if (file_exists($filename)) { + $slog .= file_get_contents($filename); + $slog = str_replace("\n", "<br>", $slog); + $slog = str_replace("\t", " ", $slog); + $slog = "<tr><td>$slog</td></tr>"; + } + } else + if ($mlog['logtype'] == 'squidguard_config') { + $filename = SQUIDGUARD_WORKDIR . "/squidGuard.conf"; + $slog .= "<b>$filename</b><br>"; if (file_exists($filename)) { $slog .= file_get_contents($filename); $slog = str_replace("\n", "<br>", $slog); + $slog = str_replace("\t", " ", $slog); $slog = "<tr><td>$slog</td></tr>"; } } -// $slog .= $filename . "\n"; // debug - $fld['description'] .= - "</tr><tr><td><br></td> - <td><table width='100%' class=tabcont cellSpacing=0 cellPadding=1 border=1>$slog</table>"; -// "<table class=tabcont cellSpacing=0 cellPadding=0 border=1 width='100%'>$slog</table></td>"; + "<INPUT class=formbtn type=submit value='Get log' name=Submit> + </tr><tr> + <td colspan='2'><table width='100%' class=tabcont cellSpacing=0 cellPadding=1 border=1>$slog</table>"; + "<table class=tabcont cellSpacing=0 cellPadding=0 border=1 width='100%'>$slog</table></td></tr>"; + } $i++; } } +// ----------------------------------------------------------------------------- +// squidguard_update_acl_dest +// ----------------------------------------------------------------------------- function squidguard_update_acl_dest($acl_name, $post) { global $config; $post['dest'] = 'fig vam'; - #s='TST'; foreach($post as $k => $p) $s .= $k . '=' . $p; } +// ----------------------------------------------------------------------------- +// make_grid_general_items +// ----------------------------------------------------------------------------- function make_grid_general_items($id = '') { - global $squidguard_object; global $config; $res = ''; @@ -917,17 +736,21 @@ function make_grid_general_items($id = '') if ($id == '') { // Apply - $res .= "<tr><td>After changing configuration Squid or squidGuard you must - <b>apply all changes</b></td><td><input name='submit' - type='submit' value='Apply'></td></tr>"; + $res .= "<tr bgcolor='#dddddd'><td><big>For saving configuration YOU need click button 'Save' on bottom of page</big></td></tr> + <tr><td><big>After changing configuration Squid or squidGuard you must <b><span style='color: #800000;'>apply all changes</span></b></big></td></tr> + <tr><td><input name='submit' type='submit' value='Apply'></td></tr>"; + + // service state + $sgstate = "<span style='color: #800000;'>STOPPED</span>"; + if (is_service_running("squidGuard")) $sgstate = "<span style='color: #008000;'>STARTED</span>"; + $res .= "<tr bgcolor='#dddddd'><td><big>SquidGuard service state: <b>$sgstate</b></big></td></tr>"; } else if ($id == 'gui_log') { if ($config['installedpackages']['squidguardgeneral']['config'][0]['view_gui_log'] == 'on') { - $log_content = $squidguard_object->get_log(); - $res .= "<tr><td><br></td></tr>"; - $res .= "<tr><td>Web GUI log</td></tr>"; - $res .= "<tr><td vAlign=top width='100%'> - <textarea name='Name' rows=7 cols=65 wrap='on' readonly='on'>$log_content</textarea></td></tr>"; + $log_content = sg_getlog(50); + $log_content = str_replace("\n","<br>", $log_content); + $res .= "<tr bgcolor='#dddddd'><td><font size='-1'><b>Web GUI log (Last 50)</b></font></td></tr>"; + $res .= "<tr bgcolor='#dddddd'><td vAlign=top width='100%'><font size='-2'>$log_content</font></td></tr>"; } } @@ -935,31 +758,47 @@ function make_grid_general_items($id = '') return $res; } +// ----------------------------------------------------------------------------- +// make_grid_blacklist +// ----------------------------------------------------------------------------- function make_grid_blacklist() { - global $squidguard_object; - $style1 = 'class=vtable'; // 'class=vncell' ;// 'style="background-color: #FFF0E2;"'; + $style1 = ''; // 'style="background-color: ##CCCCC2;"'; $style2 = 'class=vtable'; $style2 = ''; - $e_size = '80'; + $e_size = '90'; $res = ''; $res .= "<table width='100%'>"; - $res .= "<tr><td><b>Proxy</b> settings</b></td> <td>Blacklist upload proxy - enter here, or leave blank.<br> - Format: host:[port login:pass] . Default proxy port 1080. Example: '192.168.0.1:8080 user:pass'</td><td> </td></tr>"; - $res .= "<tr><td $style1> </td><td $style1><input name='blacklist_proxy' id='blacklist_proxy' type='text' size='$e_size'></td><td $style1><br></td></tr>"; - $res .= "<tr><td $style3>Load from <b>Default</b></td> <td $style3><b>" . /*BLACKLIST_DEFAULT_URL .*/ "</b></td> <td $style3><input name='submit' value='" . - BLACKLIST_BTN_STD . "' type='submit'></td></tr>"; - $res .= "<tr><td $style3>Load from <b>Url </b></td> <td $style3><input name='blacklist_url' id='blacklist_url' - type='text' size='$e_size'></td> <td $style3><input name='submit' value='" . BLACKLIST_BTN_URL . "' type='submit'> - </td></tr>"; -// $res .= "<tr><td $style1>Load from <b>File</b></td> <td $style1><input name='blacklist_file' id='blacklist_file' -// type='file' size='$e_size'></td> <td $style1><input name='submit' value='" . BLACKLIST_BTN_FILE . -// "' type='submit'></td></tr>"; + $res .= "<tr $style1><td><b>Proxy</b> settings</b></td>"; + $res .= "<td $style1><input name='blacklist_proxy' id='blacklist_proxy' type='text' size='$e_size'></td></tr>"; + $res .= "<tr><td $style1> </td> + <td>Blacklist upload proxy - enter here, or leave blank.<br> + Format: host:[port login:pass] . Default proxy port 1080. <br> + Example: '192.168.0.1:8080 user:pass' + </td></tr>"; + $res .= "<tr><td $style3>Load from <b>Url </b></td> <td $style3><input name='blacklist_url' id='blacklist_url' + type='text' size='$e_size' value='http://squidguard.mesd.k12.or.us/blacklists.tgz'></td></tr>"; + $res .= "<tr><td $style1> </td> + <td>FTP, HTTP or LOCAL (pfSense) path to blacklist archive enter here, or leave blank.<br></td></tr>"; + // button + $res .= "<tr><td $style3> </td> + <td $style3><input name='submit' value='" . BLACKLIST_BTN_URL . "' type='submit'></td></tr>"; + +# $res .= "<tr><td $style3>Load from <b>Default</b></td> <td $style3><b>" . /*BLACKLIST_DEFAULT_URL .*/ "</b></td> <td $style3><input name='submit' value='" . +# BLACKLIST_BTN_STD . "' type='submit'></td></tr>"; + +# $res .= "<tr><td $style1>Load from <b>File</b></td> <td $style1><input name='blacklist_file' id='blacklist_file' +# type='file' size='$e_size'></td> <td $style1><input name='submit' value='" . BLACKLIST_BTN_FILE . +# "' type='submit'></td></tr>"; + $res .= "</table>"; return $res; } +// ----------------------------------------------------------------------------- +// make_grid_controls +// ----------------------------------------------------------------------------- function make_grid_controls($type, $items) { $res = ''; $tbl = ''; @@ -969,12 +808,12 @@ function make_grid_controls($type, $items) { foreach($items as $item) { if ($x == 0) { - $color = 'style="background-color: #FFF0E2;"'; + $color = 'style="background-color: #dddddd;"'; $color2 = ''; $x = 1; } else { $color = ''; - $color2 = 'style="background-color: #FFF0E2;"'; + $color2 = 'style="background-color: #dddddd;"'; $x = 0; } @@ -1012,31 +851,17 @@ function make_grid_controls($type, $items) { <td/><td>Select destination for overtime rule.<br>If time not defined, this part must be ignored</td><td/><td/></tr>" . $tbl; - $res .= "<table>" . $tbl . "</table>"; + $res .= "<table cellspacing='0'>" . $tbl . "</table>"; } return $res; } // ----------------------------------------------------------------------------- - -function check_name ($name) { - $err = ''; - $val = trim($name); - - if ((strlen($val) < 2) || (strlen($val) > 16)) - $err .= " Size of name must be between [2..16]."; - - // All symbols must be [a-zA-Z_0-9\-] First symbol = letter. - if (!eregi("^([a-zA-Z]{1})([a-zA-Z_0-9\-]+)$", $val)) - $err .= " Invalid name $name. Valid name symbols: ['a-Z', '_', '0-9', '-']. First symbol must be a letter."; - - return $err; -} - -// --- Check unique name --- +// check unique name +// ----------------------------------------------------------------------------- function check_unique_name($module_id, $name, $log='') { $res = true; - $count_names = 0; + $count_names = 0; $is_self ='notself'; $id = $_GET['id']; @@ -1074,51 +899,85 @@ function check_unique_name($module_id, $name, $log='') { return $res; } +// ----------------------------------------------------------------------------- +// check date +// ----------------------------------------------------------------------------- function check_date($date) { $err = ''; $val = trim($date); // date or date range format: 'yyyy-mm-dd', 'yyyy-m-d', 'yyyy.mm.dd' 'yyyy.mm.dd-yyyy.mm.dd' - if (!eregi("^([0-9*]{4})\.([0-9*]{1,2})\.([0-9*]{1,2})$", $val) && - !eregi("^([0-9*]{4})\.([0-9*]{1,2})\.([0-9*]{1,2})-([0-9*]{4})\.([0-9*]{1,2})\.([0-9*]{1,2})$", $val)) - $err .= " Invalid date " . $date . - " You mast use date or date range format: 'yyyy.mm.dd' and 'yyyy.mm.dd-yyyy.mm.dd' . - Any symbol in date can be set to *(any number). Example: '*-10-01', '199*-*1-*1' ." . $val ; + if (!eregi("^(([0-9]{4})|[*])\.(([0-9]{2})|[*])\.(([0-9]{2})|[*])$", $val) && + !eregi("^(([0-9]{4})|[*])\.(([0-9]{2})|[*])\.(([0-9]{2})|[*])-(([0-9]{4})|[*])\.(([0-9]{2})|[*])\.(([0-9]{2})|[*])$", $val)) + $err .= " Invalid date '$date'. + You mast use date or date range format: 'yyyy.mm.dd' and 'yyyy.mm.dd-yyyy.mm.dd'. + Any symbol in date can be set as * (any). Example: '*-10-01', '199*-*1-*1'."; return $err; } +// ----------------------------------------------------------------------------- +// check time +// ----------------------------------------------------------------------------- function check_time($time) { $err = ''; $val = trim($time); - // time range format: 'HH:MM-HH:MM' - if (!eregi("^([0-9]{2})\:([0-9]{2})-([0-9]{2})\:([0-9]{2})$", $val)) - $err = '';//" Invalid time range time . You must use 'HH:MM-HH:MM' time range format. "; - return $err; -} - -function check_ip($ip) { -} + if (empty($val)) return ''; + // time range format: 'HH:MM-HH:MM' + if (!eregi("^([0-9]{2})\:([0-9]{2})-([0-9]{2})\:([0-9]{2})$", $val)) + $err = "Invalid time range '$time'. You must use 'HH:MM-HH:MM' time range format. "; + else { + $tms = $time; + $tms = str_replace("-", "\n", $tms); + $tmsv = $tms; + $tms = str_replace(":", "", $tms); + $tms = explode("\n", $tms); + $tmsv = explode("\n", $tmsv); + if ($tms[0] >= 2400) + $err .= "Invalid time range var1='$tmsv[0]' must be < '24:00'. "; + if ($tms[1] > 2400) + $err .= "Invalid time range var2='$tmsv[1]' must be <= '24:00'. "; + if ($tms[0] >= $tms[1]) + $err .= "Invalid time range var1='$tmsv[0]' must be < var2='$tmsv[1]'. "; + } -function squidguard_print_javascript_main() { + return $err; } -# --------------------------------------------------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Install & deinstall -# --------------------------------------------------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ function squidguard_install_command() { - global $squidguard_object; + if (!is_service_running("squidGuard")) { + sg_init(convert_pfxml_to_sgxml()); + sg_check_system(); + + // generate squidGuard blacklist entries file (check with squidGuard PORT) + $entries = array("ads", "aggressive", "audio-video", "drugs", "gambling", "hacking", + "mail", "porn", "proxy", "violence", "warez"); + file_put_contents(SQUIDGUARD_WORKDIR . SQUIDGUARD_BLK_ENTRIES, implode("\n", $entries)); + set_file_access(SQUIDGUARD_WORKDIR, OWNER_NAME, 0755); + + sg_reconfigure(); + } } function squidguard_deinstall_command() { - mwexec('rm -rf ' . SQUIDGUARD_WORKDIR); - mwexec('rm -rf ' . SQUIDGUARD_DBHOME); + // remove entries from squid config + squid_reconfigure('remove redirector options'); + + // remove package and his depends + mwexec("pkg_delete squidGuard-1.2.0_1"); + mwexec("rm -rf " . SQUIDGUARD_WORKDIR); + // i known't, really need delete blacklist base? + mwexec("rm -rf " . SQUIDGUARD_DBHOME); + mwexec("/bin/rm -f " . SQUIDGUARD_CONFBASE . "/squidGuard*"); } -# --------------------------------------------------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # SquidGuard print JavaSrcript -# --------------------------------------------------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ function squidGuard_print_javascript() { $javascript = ''; @@ -1171,7 +1030,265 @@ function squidGuard_print_javascript() { $javascript .= "\n</script>"; } + if ($xml == "squidguard_src.xml") { + $javascript .= "\n<script language='JavaScript'>"; + $javascript .= "\n<!--"; + $javascript .= "\n function on_updatecontrols() {"; + $javascript .= "\n document.iform.elements['order'].disabled = 0;"; + $javascript .= "\n document.iform.elements['order'].onfocus = on_orderfocus;"; + $javascript .= "\n }"; + $javascript .= "\n function on_orderfocus() {"; + $javascript .= "\n document.iform.elements['order'].blur();"; + $javascript .= "\n }"; + $javascript .= "\n function on_moveup() {"; + $javascript .= "\n var order = parseInt(document.iform.elements['order'].value)"; + $javascript .= "\n if (order > 0)"; + $javascript .= "\n order = order - 1;"; + $javascript .= "\n else order = 0;"; + $javascript .= "\n document.iform.elements['order'].value = order;"; + $javascript .= "\n }"; + $javascript .= "\n function on_movedown() {"; + $javascript .= "\n var order = parseInt(document.iform.elements['order'].value)"; + $javascript .= "\n if (order >= 0)"; + $javascript .= "\n order = order + 1;"; + $javascript .= "\n else order = 0;"; + $javascript .= "\n document.iform.elements['order'].value = order;"; + $javascript .= "\n }"; + $javascript .= "\n on_updatecontrols();"; + $javascript .= "\n "; + $javascript .= "\n//-->"; + $javascript .= "\n</script>"; + } + print($javascript); } +# ============================================================================== +# SquidGuard 2 +# ============================================================================== + +// ----------------------------------------------------------------- +// convert_pfxml_to_sgxml +// ----------------------------------------------------------------- +function convert_pfxml_to_sgxml() { + global $config; + $sgxml = array(); + $pfxml = $config['installedpackages'][MODULE_GENERAL]['config'][0]; + + $sgxml[FLD_LOGDIR] = SQUIDGUARD_LOGDIR; + $sgxml[FLD_DBHOME] = SQUIDGUARD_DBHOME; + $sgxml[FLD_BINPATH] = SQUIDGUARD_BINPATH; + $sgxml[FLD_WORKDIR] = SQUIDGUARD_WORKDIR; + $sgxml[FLD_SGCONF_XML] = SQUIDGUARD_WORKDIR . SQUIDGUARD_CONFXML; + $sgxml[FLD_ENABLED] = $pfxml[FLD_SQUIDGUARDENABLE]; + $sgxml[FLD_BLACKLISTENABLED] = $pfxml[FLD_BLACKLIST]; + $sgxml[FLD_SOURCES] = convert_pfxml_to_sgxml_source($config); + $sgxml[FLD_DESTINATIONS] = convert_pfxml_to_sgxml_destination($config); + $sgxml[FLD_REWRITES] = convert_pfxml_to_sgxml_rewrite($config); + $sgxml[FLD_TIMES] = convert_pfxml_to_sgxml_time($config); + $sgxml[FLD_ACLS] = convert_pfxml_to_sgxml_acl($config); + $sgxml[FLD_DEFAULT] = convert_pfxml_to_sgxml_default($config); + + // transparent + $squidxml = $config['installedpackages']['squid']['config'][0]; + if(isset($squidxml['transparent_proxy'])) { + $lanip = $config['interfaces']['lan']['ipaddr']; + $sgxml[FLD_SQUID_TRANSPARENT_MODE] = 'on'; + $sgxml[FLD_CURRENT_LAN_IP] = $lanip; + } else { + unset($sgxml[FLD_SQUID_TRANSPARENT_MODE]); + unset($sgxml[FLD_CURRENT_LAN_IP]); + } + + // store cfg cache + $cfg_xml = dump_xml_config($sgxml, FLD_SQUIDGUARD); + file_put_contents($sgxml[FLD_SGCONF_XML], $cfg_xml); + + return $sgxml; +} + +// ----------------------------------------------------------------- +// convert_pfxml_to_sgxml_source +// sgxml_source: [name][ip][desc][log] +// ----------------------------------------------------------------- +function convert_pfxml_to_sgxml_source($pfconfig) { + $sgxml = array(); + + $pfxml = $pfconfig['installedpackages']['squidguardsrc']['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[FLD_NAME] = $pfx['name']; + $sgx[FLD_IP] = $pfx['iplist']; + $sgx[FLD_DOMAINS] = $pfx[FLD_DOMAINS]; + $sgx[FLD_LOG] = $pfx['enablelog']; + $sgx[FLD_DESCRIPTION] = $pfx['description']; + $sgxml[FLD_ITEM][] = $sgx; + } + } + return $sgxml; +} + +// ----------------------------------------------------------------- +// convert_pfxml_to_sgxml_destination +// sgxml_destination: [name][domains][expr][urls][redir][desc][log] +// ----------------------------------------------------------------- +function convert_pfxml_to_sgxml_destination($pfconfig) { + $sgxml = array(); + + $pfxml = $pfconfig['installedpackages']['squidguarddest']['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[FLD_NAME] = $pfx['name']; + $sgx[FLD_URLS] = $pfx['urls']; + $sgx[FLD_DOMAINS] = $pfx[FLD_DOMAINS]; + $sgx[FLD_EXPRESSIONS] = $pfx['expressions']; + $sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT]; + $sgx[FLD_DESCRIPTION] = $pfx['description']; + $sgx[FLD_LOG] = $pfx['enablelog']; + $sgxml[FLD_ITEM][] = $sgx; + } + } + return $sgxml; +} + +// ----------------------------------------------------------------- +// convert_pfxml_to_sgxml_rewrite +// sgxml_rewrite: [name][desc][log][items(array): [targeturl][replaceto]] +// ----------------------------------------------------------------- +function convert_pfxml_to_sgxml_rewrite($pfconfig) { + $sgxml = array(); + + $pfxml = $pfconfig['installedpackages']['squidguardrewrite']['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[FLD_NAME] = $pfx['name']; + $sgx[FLD_DESCRIPTION] = $pfx['description']; + $sgx[FLD_LOG] = $pfx['enablelog']; + + foreach($pfx['row'] as $pfx_row) { + $sgx_row = array(); + $sgx_row[FLD_TARGETURL] = $pfx_row['targeturl']; + $sgx_row[FLD_REPLACETO] = $pfx_row['replaceto']; + $sgx[FLD_ITEM][] = $sgx_row; + } + + $sgxml[FLD_ITEM][] = $sgx; + } + } + return $sgxml; +} + +// ----------------------------------------------------------------- +// convert_pfxml_to_sgxml_time +// sgxml_time: [name][desc][items(array): [timetype][timedays][daterange][timerange]] +// ----------------------------------------------------------------- +function convert_pfxml_to_sgxml_time($pfconfig) { + $sgxml = array(); + + $pfxml = $pfconfig['installedpackages']['squidguardtime']['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[FLD_NAME] = $pfx[FLD_NAME]; + $sgx[FLD_DESCRIPTION] = $pfx[FLD_DESCRIPTION]; + + foreach($pfx['row'] as $pfx_row) { + $sgx_row = array(); + $sgx_row[FLD_TIMETYPE] = $pfx_row[FLD_TIMETYPE]; + $sgx_row[FLD_TIMEDAYS] = $pfx_row[FLD_TIMEDAYS]; + $sgx_row[FLD_DATERANGE] = $pfx_row[FLD_DATERANGE]; + $sgx_row[FLD_TIMERANGE] = $pfx_row[FLD_TIMERANGE]; + $sgx[FLD_ITEM][] = $sgx_row; + } + + $sgxml[FLD_ITEM][] = $sgx; + } + } + + return $sgxml; +} + +// ----------------------------------------------------------------- +// convert_pfxml_to_sgxml_acl +// sgxml_acl: [name][desc][disabled][timename][destname][redirect][rewritename][over_redirect][over_rewritename] +// ----------------------------------------------------------------- +function convert_pfxml_to_sgxml_acl($pfconfig) { + $sgxml = array(); + + $pfxml = $pfconfig['installedpackages']['squidguardacl']['config']; + if (is_array($pfxml)) { + foreach($pfxml as $pfx) { + $sgx = array(); + $sgx[FLD_NAME] = $pfx[FLD_SOURCE]; + $sgx[FLD_DESCRIPTION] = $pfx[FLD_DESCRIPTION]; + $sgx[FLD_DISABLED] = $pfx[FLD_DISABLED]; + $sgx[FLD_TIMENAME] = $pfx[FLD_TIME]; + $sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT]; + $sgx[FLD_REWRITENAME] = $pfx[FLD_REWRITE]; + + // for overtime + $sgx[FLD_OVERREDIRECT] = $pfx[FLD_OVERREDIRECT]; + $sgx[FLD_OVERREWRITENAME] = $pfx[FLD_OVERREWRITE]; + + // destinations + if (strpos($pfx['dest'], '[') === false) { + $sgx[FLD_DESTINATIONNAME] = trim($pfx['dest']); + $sgx[FLD_OVERDESTINATIONNAME] = ''; + } else { + $sgx[FLD_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) ); + $sgx[FLD_OVERDESTINATIONNAME] = trim( strstr($pfx['dest'], '[') ); + $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace(']', '', $sgx[FLD_OVERDESTINATIONNAME]) ); + $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace('[', '', $sgx[FLD_OVERDESTINATIONNAME]) ); + } + + // !ATTENTION! '!all' must be convert to 'none' + $sgx[FLD_DESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_DESTINATIONNAME]); + $sgx[FLD_OVERDESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_OVERDESTINATIONNAME]); + + $sgxml[FLD_ITEM][] = $sgx; + } + } + return $sgxml; +} + +// ----------------------------------------------------------------- +// convert_pfxml_to_sgxml_default +// sgxml_acl: [name][desc][disabled][timename][destname][redirect][rewritename][over_redirect][over_rewritename] +// ----------------------------------------------------------------- +function convert_pfxml_to_sgxml_default($pfconfig) { + $pfxml = $pfconfig['installedpackages']['squidguarddefault']['config']; + + $pfx = $pfxml[0]; + $sgx = array(); + $sgx[FLD_NAME] = 'default'; + $sgx[FLD_DESCRIPTION] = ''; + $sgx[FLD_DISABLED] = ''; + $sgx[FLD_TIMENAME] = $pfx[FLD_TIME]; + $sgx[FLD_REDIRECT] = $pfx[FLD_REDIRECT]; + $sgx[FLD_REWRITENAME] = $pfx[FLD_REWRITE]; + // for overtime + $sgx[FLD_OVERREDIRECT] = $pfx[FLD_OVERREDIRECT]; + $sgx[FLD_OVERREWRITENAME] = $pfx[FLD_OVERREWRITE]; + + // destinations + if (strpos($pfx['dest'], '[') === false) { + $sgx[FLD_DESTINATIONNAME] = trim($pfx['dest']); + $sgx[FLD_OVERDESTINATIONNAME] = ''; + } else { + $sgx[FLD_DESTINATIONNAME] = trim( substr($pfx['dest'], 0, strpos($pfx['dest'], '[')) ); + $sgx[FLD_OVERDESTINATIONNAME] = trim( strstr($pfx['dest'], '[') ); + $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace(']', '', $sgx[FLD_OVERDESTINATIONNAME]) ); + $sgx[FLD_OVERDESTINATIONNAME] = trim( str_replace('[', '', $sgx[FLD_OVERDESTINATIONNAME]) ); + } + + // !ATTENTION! '!all' must be convert to 'none' + $sgx[FLD_DESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_DESTINATIONNAME]); + $sgx[FLD_OVERDESTINATIONNAME] = str_replace("!all", "none", $sgx[FLD_OVERDESTINATIONNAME]); + + return $sgx; +} + ?> diff --git a/packages/squidGuard/squidguard.xml b/packages/squidGuard/squidguard.xml index 45f20cfc..76db271e 100644 --- a/packages/squidGuard/squidguard.xml +++ b/packages/squidGuard/squidguard.xml @@ -2,29 +2,23 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>squidguardgeneral</name> <version>1.2.0_1</version> - <title>Proxy server filter SquidGuard: General settings</title> - <include_file>squidguard.inc</include_file> + <title>Proxy Content filter SquidGuard: General settings</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> <!-- Installation --> <menu> - <name>Proxy server filter</name> + <name>Proxy Content filter</name> <tooltiptext>Modify the proxy server's filter settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> </menu> - <service> - <name>squidGuard</name> - <executable>squidGuard</executable> - <description>Proxy server filter Service</description> - </service> - <tabs> <tab> <text>General settings</text> @@ -61,32 +55,46 @@ </tab> </tabs> + <service> + <name>squidGuard</name> + <description>Proxy server filter Service</description> + <executable>squidGuard</executable> + </service> + + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard.inc</item> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_configurator.inc</item> + </additional_files_needed> <additional_files_needed> - <item>http://diskatel.narod.ru/pfSense/packages/squidguard.inc</item> + <item>http://www.pfsense.org/packages/config/squidGuard/upload.inc</item> </additional_files_needed> <additional_files_needed> - <item>http://diskatel.narod.ru/pfSense/packages/squidguard_cls.inc</item> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_acl.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://diskatel.narod.ru/pfSense/packages/upload.inc</item> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_default.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://diskatel.narod.ru/pfSense/packages/squidguard_acl.xml</item> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_dest.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://diskatel.narod.ru/pfSense/packages/squidguard_default.xml</item> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_rewr.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://diskatel.narod.ru/pfSense/packages/squidguard_dest.xml</item> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_src.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://diskatel.narod.ru/pfSense/packages/squidguard_rewr.xml</item> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_time.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://diskatel.narod.ru/pfSense/packages/squidguard_src.xml</item> + <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_log.xml</item> </additional_files_needed> <additional_files_needed> - <item>http://diskatel.narod.ru/pfSense/packages/squidguard_time.xml</item> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squidGuard/sgerror.php</item> </additional_files_needed> <fields> @@ -103,33 +111,27 @@ <type>checkbox</type> </field> <field> - <fielddescr>Administrator email</fielddescr> - <fieldname>admin_email</fieldname> - <description>This is the email address displayed in error messages to the users.</description> - <type>input</type> - <size>100</size> - <default_value>admin@localhost</default_value> - </field> - <field> <fielddescr>View GUI log</fielddescr> <fieldname>view_gui_log</fieldname> <description>Check this for view GUI log</description> <type>checkbox</type> </field> </fields> - - <custom_php_install_command></custom_php_install_command> - <custom_add_php_command></custom_add_php_command> + <custom_add_php_command/> <custom_php_command_before_form> squidguard_before_form(&$pkg); </custom_php_command_before_form> <custom_php_after_form_command> - squidGuard_print_javascript(); + squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_resync_config_command> squidguard_resync(); </custom_php_resync_config_command> + <custom_php_install_command> + squidguard_install_command(); + squidguard_resync(); + </custom_php_install_command> <custom_php_deinstall_command> -# squidguard_deinstall(); + squidguard_deinstall_command(); </custom_php_deinstall_command> </packagegui>
\ No newline at end of file diff --git a/packages/squidGuard/squidguard_acl.xml b/packages/squidGuard/squidguard_acl.xml index 2d36dcf3..aa3349cd 100644 --- a/packages/squidGuard/squidguard_acl.xml +++ b/packages/squidGuard/squidguard_acl.xml @@ -2,14 +2,14 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>squidguardacl</name> <version>none</version> - <title>Proxy server filter SquidGuard: Access Control List (ACL)</title> - <include_file>squidguard.inc</include_file> + <title>Proxy Content filter SquidGuard: Access Control List (ACL)</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> <delete_string>A proxy server user has been deleted.</delete_string> <addedit_string>A proxy server user has been created/modified.</addedit_string> @@ -49,8 +49,13 @@ <url>/pkg_edit.php?xml=squidguard_log.xml</url> </tab> </tabs> + <adddeleteeditpagefields> <columnitem> + <fielddescr>Disable</fielddescr> + <fieldname>disabled</fieldname> + </columnitem> + <columnitem> <fielddescr>Source</fielddescr> <fieldname>source</fieldname> </columnitem> @@ -75,6 +80,7 @@ <fieldname>description</fieldname> </columnitem> </adddeleteeditpagefields> + <fields> <field> <fielddescr>Disabled</fielddescr> @@ -86,8 +92,8 @@ <fielddescr>Source name</fielddescr> <fieldname>source</fieldname> <description>Select source name here (required). Any ACL must have unique source name.</description> - <type>select</type> <required/> + <type>select</type> </field> <field> <fielddescr>Time</fielddescr> @@ -105,15 +111,21 @@ <field> <fielddescr>Redirect</fielddescr> <fieldname>redirect</fieldname> - <description>Enter redirection URL or Error page message for this rule, or leave blank.</description> + <description> + Enter redirection URL or Error page code for this rule, or leave blank. + Supported error page codes: 403, 404, 410. + </description> <type>textarea</type> <cols>70</cols> - <rows>5</rows> + <rows>5</rows> </field> <field> <fielddescr>Overtime redirect</fielddescr> <fieldname>overredirect</fieldname> - <description>Enter redirection URL or Error page message for this rule, or leave blank.</description> + <description> + Enter redirection URL or Error page code for this rule, or leave blank. + Supported error page codes: 403, 404, 410. + </description> <type>textarea</type> <cols>70</cols> <rows>5</rows> @@ -132,12 +144,13 @@ </field> <field> <fielddescr>Description</fielddescr> - <description>You may enter a description here for your reference (not parsed).</description> <fieldname>description</fieldname> + <description>You may enter a description here for your reference (not parsed).</description> <type>input</type> <size>114</size> </field> </fields> + <custom_php_validation_command> squidguard_validate_acl(&$_POST, &$input_errors); </custom_php_validation_command> diff --git a/packages/squidGuard/squidguard_cls.inc b/packages/squidGuard/squidguard_cls.inc deleted file mode 100644 index 34bf8c2a..00000000 --- a/packages/squidGuard/squidguard_cls.inc +++ /dev/null @@ -1,1176 +0,0 @@ -<?php -# ---------------------------------------------------------------------------------------------------------------------~ -/* squidguard_cls.inc - (C)2006 Serg Dvoriancev - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -# --------------------------------------------------------------------------------------------------------------------- -# SquidGuardConfigClass -# Generator SquidGuard configuration -# email: dv_serg@mail.ru -# --------------------------------------------------------------------------------------------------------------------- -# squidGuard command: -# squidGuard -C all - apdate database -# squidGuard -c <configfile> - create squidGuard with specified config file -# --------------------------------------------------------------------------------------------------------------------- -# Directories: -# work path - $workdir -# log path - $workdir + $logdir -# --------------------------------------------------------------------------------------------------------------------- - -define('FILES_DB_HEADER', ' -# ----------------------------------------------------------------------------- -# File created by squidGuard package GUI -# (C)2006 Serg Dvoriancev -# ----------------------------------------------------------------------------- -'); - -define('ACL_WARNING_ABSENSE_PASS', "!WARNING! Absence PASS 'all' or 'none' added as 'none'"); - -# --------------------------------------------------------------------------------------------------------------------- -define('REDIRECTOR_OPTIONS_REM', '# squidGuard options'); -define('REDIRECTOR_PROGRAM_OPT', 'redirect_program'); -define('REDIRECT_BYPASS_OPT', 'redirector_bypass'); -define('REDIRECT_CHILDREN_OPT', 'redirect_children'); -define('REDIRECTOR_PROCESS_COUNT', '3'); -define('SQUID_CONFIG_FILE', '/usr/local/etc/squid/squid.conf'); -define('SQUIDGUARD_CONFIG_FILE', '/squidGuard.conf'); -define('TMP_DIR', '/var/tmp'); -define('SQUIDGUARD_LOG_FILE', '/squidGuard_webgui.log'); -define('SQUIDGUARD_ACCESSBLOCK_FILE', 'squidguard_accessblock.log'); -define('SQUIDGUARD_BLK_ENTRIES', '/squidguard_blk_entries.ini'); -define('BLACKLIST_ARCHIVE', '/blacklists.tar.gz'); - -define('REDIRECT_BASE_URL', 'http://10.62.0.3/sgerror.php'); - -// debug options -define('DEBUG_UPDATE_SQUID_CONF', 'true'); -define('DEBUG_UPDATE_SQUIDGUARD_DB', 'true'); -define('DEBUG_MAKE_SQUIDGUARD_CONFIG', 'true'); - -define('SQUIDGUARD_LOG_DIR', '/log'); -define('SQUIDGUARD_BACKUP_DIR', '/backup'); - -// options -define('SQUIDGUARD_LOG_MAX_COUNT', '500'); // max log lines - -define('FLT_AD', 'ads'); -define('FLT_AGGRESSIVE', 'aggressive'); -define('FLT_AUDIOVIDEO', 'audio-video'); -define('FLT_DRUGGS', 'druggs'); -define('FLT_GAMBLING', 'gambling'); -define('FLT_HACKING', 'hacking'); -define('FLT_MAIL', 'mail'); -define('FLT_PORN', 'porn'); -define('FLT_PROXY', 'proxy'); -define('FLT_VIOLENCE', 'viol'); -define('FLT_WAREZ', 'warez'); - -define('FLT_DEFAULT_ALL', 'all'); - -define('OWNER_NAME', 'proxy'); // owner user name - -define('DEBUG_ON', 'true'); -# ------------------------------------------------------------------------------ -# -# ------------------------------------------------------------------------------ -function scan_dir($dir) { - $files = array(); - if (file_exists($dir)) { - $dh = opendir($dir); - while (false !== ($filename = readdir($dh))) - $files[] = $filename; - sort($files); - } - return $files; -} - -function std_blacklist_get_description() { - $dst_std = array(); - $dst_std[FLT_AD] = 'Reclama & banners filter'; - $dst_std[FLT_AGGRESSIVE] = 'Agressive content sites filter'; - $dst_std[FLT_AUDIOVIDEO] = 'Audio and Video sites filter'; - $dst_std[FLT_DRUGGS] = 'Druggs filter'; - $dst_std[FLT_GAMBLING] = 'Games sites filter'; - $dst_std[FLT_HACKING] = 'Hacking sites filter'; - $dst_std[FLT_MAIL] = 'Mail sites filter'; - $dst_std[FLT_PORN] = 'Porno sites filter'; - $dst_std[FLT_PROXY] = 'Proxy sites filter'; - $dst_std[FLT_VIOLENCE] = 'Violence content sites filter'; - $dst_std[FLT_WAREZ] = 'Wares, soft, downloads sites filter'; - return $dst_std; -} - -# ------------------------------------------------------------------------------ - -class SquidGuardConfigClass { - // variables - var $work_dir; - var $dbhome; - var $bin_path; - var $log_dir; // $work_dir + SQUIDGUARD_BACKUP_DIR - var $log_file; // $log_dir + SQUIDGUARD_LOG_FILE - - var $enabled; - var $blacklist_enabled; - - var $debug_history; - - // objects - var $sources; - var $dests; - var $blacklist; - var $times; - var $rewr; - var $acls; - var $acldef; - var $enable_deflog; // TODO: check for delete - - // temporary objects - var $expr; // temporary expressions list - not apply to config! - var $redir; // temporary expressions list - not apply to config! - - function __construct() { - $this->work_dir = ''; - $this->dbhome = ''; - $this->bin_path = ''; - $this->log_dir = ''; - $this->log_file = ''; - $this->init(); - } - - function init() { - $this->enabled = true; - $thus->blacklist_enabled = true; - - $this->acls = Array(); - $this->enable_deflog = ''; - $this->acldef = new ACLClass(); - $this->acldef->ini("default", "", "default acl"); - $this->acldef->assign("all"); - - $this->redir = Array(); - $this->expr = Array(); - $this->rewr = Array(); - $this->times = Array(); - $this->sources = Array(); - $this->dests = Array(); - $this->blacklist = Array(); - - // log - $this->add_log("Init squidGuard object."); - } - - function set_options($bin_path, $work_dir, $dbhome) { - $this->bin_path = $bin_path; - $this->work_dir = $work_dir; - $this->dbhome = $dbhome; - - $this->backup_dir = $work_dir . SQUIDGUARD_BACKUP_DIR; - $this->log_dir = $work_dir . SQUIDGUARD_LOG_DIR; - $this->log_file = $this->log_dir . SQUIDGUARD_LOG_FILE; - - // log - $this->add_log("Set bin path " . $this->bin_path, DEBUG_ON); - $this->add_log("Set work path " . $this->work_dir, DEBUG_ON); - $this->add_log("Set db path " . $this->dbhome, DEBUG_ON); - - $this->update(); - } - - function update() { - $this->add_log("Update squidGuard object."); - - // check work_dir, log_dir & create if not exists - if (!empty($this->work_dir)) { - $this->add_log("Check work directory."); - // check dir's - if (!file_exists($this->work_dir)) { - mwexec("mkdir " . $this->work_dir); - $this->add_log("Create work dir " . $this->work_dir, DEBUG_ON); - } - if (!file_exists($this->log_dir)) { - mwexec("mkdir " . $this->log_dir); - $this->add_log("Create log dir " . $this->log_dir, DEBUG_ON); - } - // set access right - set_file_access($this->work_dir, OWNER_NAME, 0755); - } - - // check squidguard db - if (!empty($this->dbhome)) { - $this->add_log("Check db directory."); - if (!file_exists($this->dbhome)) { - mwexec("mkdir " . $this->dbhome); - $this->add_log("Create db dir " . $this->dbhome, DEBUG_ON); - } - // set access right - set_file_access($this->dbhome, OWNER_NAME, 0755); - } - - // load blacklist configuration - if ($this->blacklist_enabled) { - $this->add_log("Load blacklist configuration."); - - if (file_exists($this->work_dir . SQUIDGUARD_BLK_ENTRIES)) { - $db_items = array(); - $blk_entries = explode("\n", file_get_contents($this->work_dir . SQUIDGUARD_BLK_ENTRIES)); - - // check files as dir's - $std_blk = std_blacklist_get_description(); - foreach($blk_entries as $df) { - if (($df != ".") && ($df != "..") && (is_dir($this->dbhome . "/" . $df))) { - $this->add_blacklist($df, $str_blk[$df]); - $this->add_log("Create $df", DEBUG_ON); - } - } - } - else $this->add_log("File " . $this->work_dir . SQUIDGUARD_BLK_ENTRIES . " not found."); - } - else $this->add_log("Blacklist disabled."); - } - - function reconfigure() { // TODO: check restart function order - $this->update(); - - // check and rebuild squidguard db - $this->add_log("Reconfigure squidGuard object"); - $this->update_destination_files(); - $this->remove_unused_db_entries(); - - // update only user dest items; blacklist rebuilded with when updated - if(!empty($this->dests)){ - $dblist = array(); - foreach($this->dests as $dst) - $dblist[] = $dst->name; - $this->rebuild_squidguard_db($dblist); - } - // generate squidGuard config - $this->add_log("Generate squidGuard config."); - $conf = $this->make_config(); - file_put_contents($this->work_dir . SQUIDGUARD_CONFIG_FILE, $conf); - file_put_contents('/usr/local/etc/squid' . SQUIDGUARD_CONFIG_FILE, $conf); // << my squidGuard want config '/usr/local/etc/squid' by default - set_file_access($this->work_dir, OWNER_NAME, 0755); - - // update squid config - $this->update_squid_conf(); - - // restart squid - squid automaticly restart redirector too - mwexec('squid'); - if (!mwexec('killall -HUP squid')) - $this->add_log("Restart squid .. success."); - else $this->add_log("Restart squid .. error."); - } - - # -------------------------------------------------------------------------------------------------------------- - # BLACKLIST - # If backup list set 'disable' - all his entries not used for filtering - # -------------------------------------------------------------------------------------------------------------- - - # - # Update blacklist db from file - # - function update_blacklist($upload_file) { - $this->add_log("Upload file $upload_file."); - if ($upload_file) { - // 1. unpack blacklist file - $this->add_log("Unpack file $upload_file .. "); - $bl_temp = '/var/tmp/blacklists'; - if (!mwexec('tar zxvf ' . $upload_file . ' -C /var/tmp/')) - $this->add_log("Success."); - else $this->add_log("Error!"); - - // 2. copy blacklist to squidGuard base - if (file_exists($bl_temp)) { - $this->add_log("Copy files to db.. "); - - // - copy blacklist & create entries list - $blk_files = scan_dir($bl_temp); - $blk_entries = array(); - foreach($blk_files as $bf) { - if (($bf != '.') && ($bf != '..')) { - $blk_entries[] = $bf; - if (!mwexec("cp -Rf $bl_temp/$bf " . $this->dbhome)) { - $this->add_log(" copy $bf success."); - } else $this->add_log(" copy $bl_temp/$bf -> $this->dbhome error."); - } - } - - // create entries list - if (count($blk_entries)) { - file_put_contents($this->work_dir . SQUIDGUARD_BLK_ENTRIES, implode("\n", $blk_entries)); - set_file_access($this->work_dir . SQUIDGUARD_BLK_ENTRIES, OWNER_NAME, 0755); - } - $this->remove_unused_db_entries(); - - // clearing temp - mwexec("rm -R $bl_temp"); - } - set_file_access($this->dbhome, OWNER_NAME, 0755); - } - } - - # - # remove unused DB entries - # - function remove_unused_db_entries() { - $this->add_log("Remove unused db entries."); - $db_entries = array(); - $file_list = ''; - // blk entries - if (file_exists($this->work_dir . SQUIDGUARD_BLK_ENTRIES)) { - $db_entries = explode("\n", file_get_contents($this->work_dir . SQUIDGUARD_BLK_ENTRIES)); - - // user entries - foreach($this->dests as $dst) - $db_entries[] = $dst->name; - - $file_list = scan_dir($this->dbhome); - $file_for_del = array_diff($file_list, $db_entries); - - foreach($file_for_del as $fd) { - $file_fd = $this->dbhome . "/" . $fd; - if (($fd != "") && ($fd != ".") && ($fd != "..")) { - if (file_exists($file_fd)) { - if (!mwexec("rm -R . $file_fd")) - $this->add_log("Delete $file_fd"); - else $this->add_log("Error delete $file_fd"); - } else $this->add_log("File $file_fd not found"); - } - } - } - - } - - # - # Update squidGuard DB from user defined destinations - # - function update_destination_files() { - $this->add_log("Update destination files to db."); - if(!empty($this->dests)){ - foreach($this->dests as $dst) { - $log = $dst->update_destination_files($this->dbhome); - $this->add_log($log); - } - } - $this->add_log($log); - set_file_access($this->dbhome, OWNER_NAME, 0755); - } - - # - # rebuild db: All ($dblist == '') or from listing ($dblist is array) - # - function rebuild_squidguard_db($dblist='') { - - set_file_access($this->dbhome, OWNER_NAME, 0755); // before - - $this->add_log("Start rebuild database."); - if (is_array($dblist)) { - foreach($dblist as $dbn) { - if (($dbn !== ".") && ($dbn !== "..") && file_exists($this->dbhome . "/$dbn")) { - if (!mwexec($this->bin_path . "/squidGuard -C"))// $dbn")) - $this->add_log("Rebuild $dbn - success."); - else $this->add_log("Rebuild $dbn - error."); - } else - $this->add_log("Error rebuild database! Dir " . $this->dbhome . "/$dbn not found."); - } - } else { - // rebuild squidGuard DB - // -C - create db files; -u - update '.diff' files to db - if (!mwexec($this->bin_path . '/squidGuard -C all')/* && - !mwexec($this->bin_path . '/squidGuard -u')*/) - $this->add_log("Rebuild all db - success."); - else $this->add_log("Rebuild all db - error!"); - } - // set_file_access($this->dbhome, OWNER_NAME, 0755); // after - } - - // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - // Insert to '/usr/local/squid/etc/squid.conf' options: - // redirector_bypass on - // redirect_program /usr/local/squidGuard/bin/squidGuard -c /path_to_config_file - // redirect_children 1 - // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - // Command for restart squid with all redirectors - // # killall -HUP squid - // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - function update_squid_conf() { - $this->add_log("Update 'squid.conf' file"); - $opt = ''; - $squid_conf_file = SQUID_CONFIG_FILE; - $redirector_path = $this->bin_path . '/squidGuard'; - $redirector_conf = $this->work_dir . SQUIDGUARD_CONFIG_FILE; - $this->add_log("Redirector path=$redirector_path", DEBUG_ON); - - // update squid.conf file - if (file_exists($squid_conf_file)) { - $conf = file_get_contents($squid_conf_file); - - // remove redirector options from 'squid.conf' - $conf = explode("\n", $conf); - for($i=0; $i<count($conf); $i++) { - $s = trim($conf[$i]); - if (strpos($s, REDIRECTOR_OPTIONS_REM) === 0) $conf[$i] = ''; - if (strpos($s, REDIRECTOR_PROGRAM_OPT) === 0) $conf[$i] = ''; - if (strpos($s, REDIRECT_BYPASS_OPT) === 0) $conf[$i] = ''; - if (strpos($s, REDIRECT_CHILDREN_OPT) === 0) $conf[$i] = ''; - } - $conf = implode("\n", $conf); - $conf = rtrim($conf); - - if ($this->enabled) { - // add redirector options from 'squid.conf' - $conf .= "\n"; - $conf .= "\n" . REDIRECTOR_OPTIONS_REM; - $conf .= "\n" . REDIRECTOR_PROGRAM_OPT . " $redirector_path -c $redirector_conf"; - $conf .= "\n" . REDIRECT_BYPASS_OPT . ' on'; - $conf .= "\n" . REDIRECT_CHILDREN_OPT . " " . REDIRECTOR_PROCESS_COUNT; - } - $conf .= "\n"; - file_put_contents($squid_conf_file, $conf); - } - else { - $this->add_log("File '$squid_conf_file' not found"); - } - } - - # ------------------------------------------------------------------------------------------------------------- - # Operations - # ------------------------------------------------------------------------------------------------------------- - - function set_default_acl($time, $desc, - $ontime_rule, /*[pass][$rewr][$redir][$log]*/ - $overtime_rule = '', /*[$overpass][$overrew][$overredir][$overlog]*/ - $disabled = '', $enable_deflog = '') - { - $this->enable_deflog = $enable_deflog; - $this->acldef->ini("default", $time, $desc, $disabled); - if (is_array($ontime_rule)) - $this->acldef->assign($ontime_rule['pass'], $ontime_rule['redirect'], $ontime_rule['rewrite'], $ontime_rule['log']); - - if (is_array($overtime_rule)) - $this->acldef->assign_over($overtime_rule['pass'], $overtime_rule['redirect'], $overtime_rule['rewrite'], $overtime_rule['log']); - } - - function & add_acl($src_name, $time, $desc, - $ontime_rule, /*[pass][$rewr][$redir][$log]*/ - $overtime_rule = '', /*[$overpass][$overrew][$overredir][$overlog]*/ - $disabled = '') - { - $item = new ACLClass(); - $item->ini($src_name, $time, $desc, $disabled); - if (is_array($ontime_rule)) - $item->assign($ontime_rule['pass'], $ontime_rule['redirect'], $ontime_rule['rewrite'], $ontime_rule['log']); - - if (is_array($overtime_rule)) - $item->assign_over($overtime_rule['pass'], $overtime_rule['redirect'], $overtime_rule['rewrite'], $overtime_rule['log']); - - $this->acls[$src_name] = $item; - return $this->acls[$src_name]; - } - - function del_acl($name, $time, $desc) { - $this->acls[$name] = ''; - } - - function & add_src($name, $ip, $desc, $enablelog) { - $item = new SrcClass(); - $item->ini($name, $ip, $desc, $enablelog); - $this->sources[$name] = $item; - return $this->sources[$name]; - } - - function del_src($name) { - $this->sources[$name] = ""; - } - - function & add_dest($name, $domains, $urls, $expr, $redir, $desc, $enablelog) { - $item = new DestClass(); - $item->ini($name, $domains, $urls, $expr, $redir, $desc, $enablelog); - $this->dests[$name] = $item; - return $this->dests[$name]; - } - - function del_dest($name) { - $this->dests[$name] = ""; - } - - function & add_blacklist($name, $desc) { - $item = new DestClass(); - $item->ini($name, "", "", "", "", $desc); - $this->blacklist[$name] = $item; - return $this->blacklist[$name]; - } - - function & add_time($name, $desc) { - $item = new TimeClass(); - $item->ini($name, $desc); - $this->times[$name] = $item; - return $this->times[$name]; - } - - function del_time($name) { - $this->times[$name] = ""; - } - - function & add_rewrite($name, $desc, $enablelog) { - $item = new RewrClass(); - $item->ini($name, $desc, $enablelog); - $this->rewr[$name] = $item; - return $this->rewr[$name]; - } - - function del_rewrite($name) { - $this->rewr[$name] = ''; - } - - function goto_dir($workdir, $subdir) { - $res = false; - $dir = @chdir($workdir); - if ($dir) { // workdir exists - $dir = "$workdir \\ $subdir"; - if (@chdir($dir)) // dir exists - $res = true; - elseif (@mkdir($dir, 0755)) // need create dir - $res = true; - else $this->add_log("ERROR: Can't create dir $dir"); - } else $this->add_log("ERROR: Work path $workdir not found."); - return $res; - } - - # - # Make config - # - function make_config() { - $conf = ''; - // header - // ================================================================================================================= - $conf .= "\n# " . str_repeat("=", 119); - $conf .= "\n# SquidGuard configuration file"; - $conf .= "\n# "; - $conf .= "\n# This file generated automaticly with SquidGuardClass"; - $conf .= "\n# "; - $conf .= "\n# SquidGuardConfigClass (C)2006 Serg Dvoriancev"; - $conf .= "\n# email: dv_serg@mail.ru"; - $conf .= "\n# "; - $conf .= "\n# " . str_repeat("=", 119); - $conf .= "\n"; - // ================================================================================================================= - - if(!empty($this->log_dir)) - $conf .= "\nlogdir " . $this->log_dir; - - if(!empty($this->dbhome)) - $conf .= "\ndbhome " . $this->dbhome; - - $conf .= "\n"; - - // make times - if(!empty($this->times)){ - foreach($this->times as $time) { - $conf .= $time->make_config($this); - } - } - - // make sources - if(!empty($this->sources)){ - foreach($this->sources as $src) { - $conf .= $src->make_config($this); - } - } - - // make blacklist - $conf .= "\n# Blacklist"; - if($this->blacklist_enabled) { - if (!empty($this->blacklist)) { - foreach($this->blacklist as $dest) - $conf .= $dest->make_config($this); - } else $conf .= "\n# Blacklist empty\n"; - } else $conf .= "\n# Blacklist disabled\n"; - - // make destinations - $conf .= "\n# User destinations"; - if(!empty($this->dests)){ - foreach($this->dests as $dest) { - $conf .= $dest->make_config($this); - } - } - - // make rewrites - if (!empty($this->rewr)) { - foreach($this->rewr as $rewr) { - $conf .= $rewr->make_config($this); - } - } - - // make acls - $conf .= "\nacl {"; - if (!empty($this->acls)) { - foreach($this->acls as $acl) { - $conf .= $acl->make_config($this); - } - } - $conf .= $this->acldef->make_config($this); - $conf .= "\n }"; - - return $conf; - } - - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # Log - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - function add_log($str, $is_debug = '') { - - // if set $is_debug as value, but ($is_debug != 'on') then return - // this defined for include debug info to log; - // add_log('str') - simple log, add_log('str', 'on') - debig log; - // looking constant 'DEBUG_ON' - if ($is_debug && ($is_debug != 'on')) return; - - if (file_exists($this->log_dir)) { - if (file_exists($this->log_file)) - $log = file_get_contents($this->log_file); - $log = explode("\n", $log); - - $s = trim($str); - if (!empty($s)) $log[] = date("d.m.Y H:i:s") . ": $s"; - - // check log lines count - while(count($log) > SQUIDGUARD_LOG_MAX_COUNT) : - $log = array_shift($log); - endwhile; - - if ($log) - $log = implode("\n", $log); - file_put_contents($this->log_file, $log); - set_file_access($this->log_file, OWNER_NAME, 0755); - } - } - - function get_log() { - $log = ''; - if (file_exists($this->log_file)) - $log = file_get_contents($this->log_file); - return $log; - } - - function get_log_html() { - $log = $this->get_log(); - return str_replace("\n", "<br>", $this->get_log()); - } - - function test_work($urls_src) { - $result = ''; - $urls = ''; - if (is_array($urls_src)) - $urls = implode("\n", $urls_src); - else $urls = $urls_src; - $test_file = "/var/tmp/test.urls"; - file_put_contents($test_file, $urls); - $result = exec ("/usr/local/bin/squidGuard < $test_file"); - file_put_contents("$test_file.result", $result); - return $result; - } - -} - -// ===================================================================================================================== -// RewrClass -// ===================================================================================================================== - -class RewrClass { - var $name; - var $desc; - var $rewrites; - var $enablelog; - - function __construct() { - $this->name = ''; - $this->desc = ''; - $this->rewrites = Array(); - $this->enablelog = ''; - } - - function ini($name, $desc, $enablelog = '') { - $this->name = $name; - $this->desc = $desc; - $this->enablelog = $enablelog; - } - - function add_item($target_url, $replace_to, $case_ins='', $http_301='', $http_302='') { - $item .= "s@$target_url@$replace_to@"; - if (!empty($case_ins)) $item .= 'i'; - if (!empty($case_ins)) $item .= 'r'; // TODO: r and R - check work options? - if (!empty($case_ins)) $item .= 'R'; // -//- - $this->rewrites[] = $item; - } - - function make_config($owner) { - $name = $this->name; - $desc = $this->desc; - $enablelog = $this->enablelog; - $conf = ''; - $conf .= "\nrew $name { "; - if (!empty($desc)) - $conf .= "\t# $desc"; - - if (is_array($this->rewrites)) { - foreach($this->rewrites as $rew) { - $conf .= "\n $rew"; - } - } - if ($enablelog) - $conf .= "\n log = $name"; - $conf .= "\n }"; - $conf .= "\n"; - return $conf; - } -} - -class TimeClass { - var $name; - var $items; - var $desc; - - function __construct() { - $this->name = ''; - $this->desc = ''; - $this->items = Array(); - } - - function ini($name, $desc) { - $this->name = $name; - $this->desc = $desc; - } - - function & add_date($daterange, $timerange) { - $item = new TimeItem(); - $item->ini("date", '', $daterange, $timerange); - $this->items[] = $item; -// return $this->items[count($this->items-1)]; - } - - function & add_weekly($days, $timerange) { - $item = new TimeItem(); - $item->ini("weekly", $days, '', $timerange); - $this->items[] = $item; -// return $this->items[count($this->items-1)]; - } - - function make_config($owner) { - $conf = ''; - $name = $this->name; - $desc = $this->desc; - $conf .= "\ntime $name { "; - if ($desc != "") - $conf .= "\t# $desc"; - if (is_array($this->items)) { - foreach($this->items as $item) { - $type = $item->type; - $days = $item->days; - $dates = $item->dates; - $hours = $item->hours; - if ($item->type == "date") - $conf .= "\n date $dates $hours"; - else $conf .= "\n weekly $days $hours"; - } - } - $conf .= "\n }"; - $conf .= "\n"; - return $conf; - } -} - -class TimeItem { - var $type; - var $days; - var $dates; - var $hours; - - function __construct() { - $this->type = ''; - $this->days = ''; - $this->dates = ''; - $this->hours = ''; - } - - function ini($type, $days, $dates, $hours) { - $this->type = $type; - $this->days = $days; - $this->dates = $dates; - $this->hours = $hours; - } -} - -class DestClass { - var $name; - var $domains; // array - var $urls; // array - var $expr; // array - var $redir; - var $desc; - var $enablelog; - - function __construct() { - $this->name = ''; - $this->domains = array(); - $this->urls = array(); - $this->expr = array(); - $this->redir = ''; - $this->desc = ''; - $this->enablelog = ''; - } - - function ini($name, $domains, $urls, $expr, $redir, $desc, $enablelog = '') { - $this->name = $name; - $this->domains = explode(' ', $domains); - $this->urls = explode(' ', $urls); - $this->expr = explode(' ', $expr); - $this->redir = $redir; - $this->desc = $desc; - $this->enablelog = $enablelog; - } - - // create custom destination files - function update_destination_files($dbcatalog) { - $log = "\n\nUpdate destination file " . $this->name; - $path = $dbcatalog . '/' . $this->name . '/'; - $log .= "\npath = $path"; - - // 1 - set/check destination catalog - if (!file_exists($path)) { - if (!mkdir ($path, 0755)) { - $log .= "\nError create dir $path"; - return $log; // error create dir - } else $log .= "\nCreate dir."; - } - - // 2 - build domains file - if (!empty($this->domains)) { - $content = ''; - foreach($this->domains as $dm) { - $content .= "\n$dm"; - } - - $content = trim($content); - if (!empty($content)) { - file_put_contents($path . '/domains', $content); - $log .= "\nadd domains"; - } - } - - // 3 - build urls file - if (!empty($this->urls)) { - $content = ''; - foreach($this->urls as $url) { - $content .= "\n$url"; - } - - $content = trim($content); - if (!empty($content)) { - file_put_contents($path . '/urls', $content); - $log .= "\nadd urls"; - } - } - - // 4 - build expression file - if (!empty($this->expr)) { - $content = ''; - foreach($this->expr as $ex) { - $content .= "\n$ex"; - } - - $content = trim($content); - if (!empty($content)) { - file_put_contents($path . '/expressions', $content); - $log .= "\nadd expressions"; - } - } - - return $log; - } - - function make_config($owner) { - $file = ''; - $conf = ''; - $name = $this->name; - $dbhome = $owner->dbhome; - $domains = $this->domains; - $urls = $this->urls; - $expr = $this->expr; - $redir = $this->redir; - $desc = $this->desc; - $enablelog = $this->enablelog; - - $conf .= "\ndest $name { "; - - # description - if ($desc != "") - $conf .= "\t# $desc"; - - # domains - if ($domains != "") { - $file = $dbhome . "/$name/domains"; - if (file_exists($file)) - $conf .= "\n domainlist $name/domains"; - } - - # expressions - if ($expr != "") { - $file = $dbhome . "/$name/expressions"; - if (file_exists($file)) - $conf .= "\n expressionlist $name/expressions"; - } - - # urls - if ($urls != "") { - $file = $dbhome . "/$name/urls"; - if (file_exists($file)) - $conf .= "\n urllist $name/urls"; - } - - if ($redir != "") - $conf .= "\n redirect $redir"; - - if ($enablelog) - $conf .= "\n log " . SQUIDGUARD_ACCESSBLOCK_FILE; - - $conf .= "\n }"; - $conf .= "\n"; - - return $conf; - } -} - -class SrcClass { - var $name; - var $ip; - var $domain; - var $users; - var $desc; - var $enablelog; - - function __construct() { - $this->name = ''; - $this->ip = ''; - $this->domain = ''; - $this->desc = ''; - $this->enablelog = ''; - $this->users = Array(); - } - - function ini($name, $ip, $desc, $enablelog = '') { - $this->name = $name; - $this->ip = $ip; - $this->domain = ''; - $this->desc = $desc; - $this->enablelog = $enablelog; - } - - function make_config($owner) { - $conf = ''; - $name = $this->name; - $ip = $this->ip; - $desc = $this->desc; - $enablelog = $this->enablelog; - $conf .= "\nsrc $name { "; - if ($desc != "") - $conf .= "\t# $desc"; - $conf .= "\n ip $ip"; - if ($enablelog) - $conf .= "\n log " . SQUIDGUARD_ACCESSBLOCK_FILE; - $conf .= "\n }"; - $conf .= "\n"; - return $conf; - } -} - -class ACLClass { - var $src; - var $time; - var $desc; - var $disabled; - - var $pass; // pass array. if last item = 'all' then 'pass all' or 'pass none' - var $redir; - var $rewr; - var $log; - - var $over_pass; // array of overtime dest's - var $over_redir; - var $over_rewr; - var $over_log; - - function __construct() { - $this->src = ''; - $this->time = ''; - $this->desc = ''; - $this->disabled = ''; - } - - function ini($src, $time, $desc, $disabled='') { - $this->src = $src; - $this->time = $time; - $this->desc = $desc; - $this->disabled = $disabled; - } - - function assign($pass, $redir='', $rewr='', $log='') { - $this->pass = $pass; - // check and fix absence of "all" and "none" - if (!empty($pass) && (substr_count($pass, "all") == 0) && (substr_count($pass, "none") == 0)) { - $this->pass .= " none"; - $this->desc .= " <Uptime> " . ACL_WARNING_ABSENSE_PASS . " "; - } - - $this->redir = $redir; - $this->rewr = $rewr; - $this->log = $log; - } - - function assign_over($pass, $redir='', $rewr='', $log='') { // used only if assigned time - $this->over_pass = $pass; - // check and fix absence of "all" and "none" - if (!empty($pass) && (substr_count($pass, "all") == 0) && (substr_count($pass, "none") == 0)) { - $this->over_pass .= " none"; - $this->desc .= " <Overtime> " . ACL_WARNING_ABSENSE_PASS; - } - - $this->over_redir = $redir; - $this->over_rewr = $rewr; - $this->over_log = $log; - } - - function make_config($owner) { - $conf = ''; - $src = $this->src; - $time = $this->time; - $desc = $this->desc; - - // if item disabled - skip make_config - if ($this->disabled == 'on') { - $conf .= "\n\n # rule $src disabled"; - return $conf; - } - - $conf .= "\n"; - $conf .= "\n $src $time { "; - if (!empty($desc)) - $conf .= "\t# $desc"; - $err_comment = ''; - $pass = $this->pass; - if (is_array($pass)) { - // check dest's - foreach ($pass as $dst) { - if (($dst != 'all') && ($dst != 'none')) { - $obj = $owner->dests[$dst]; - if (!is_object($obj)) $err_comment .= " $dst"; - } - } - $err_comment .= "***!!!***"; - if (!empty($err_comment)) - $err_comment .= " error: dest's '$err_comment' not found"; - $pass = implode(" ", $pass); - } - - $conf .= "\n pass $pass"; - if (!empty($err_comment)) $conf .= " # $err_comment"; - unset($err_comment); - - $redir = $this->redir; - if (!empty($redir)) { - $rstr = strtolower(trim($redir)); - if ((strpos($rstr, 'http://') !== false) || - (strpos($rstr, 'https://') !== false) || - (strpos($rstr, 'ftp://') !== false)) - $conf .= "\n redirect " . REDIRECT_BASE_URL . "?url=" . $rstr; - else $conf .= "\n redirect " . REDIRECT_BASE_URL . "?msg=" . urlencode($redir); - } - - $rewr = $this->rewr; - if (!empty($rewr)) { - // check redirection name for exists - $err_comment = ''; - $obj = $owner->rewr[$rewr]; - if (empty($obj) || !is_object($obj)) - $err_comment = " rewrite '$rewr' not found"; - - $conf .= "\n rewrite $rewr # $err_comment"; - } - - $log = $this->log; - if (!empty($log) && ($src=='default')) - $conf .= "\n log " . SQUIDGUARD_ACCESSBLOCK_FILE; - - $conf .= "\n }"; - - // alternative - $pass = $this->over_pass; - $redir = $this->over_redir; - $rewr = $this->over_rewr; - $log = $this->over_log; - if (!empty($time) && !empty($pass)) { - $conf .= " else {"; - $conf .= "\n pass $pass"; - if (empty($this->pass) || ($this->pass[count($this->pass) - 1] != 'all')) - $conf .= " none"; - if (!empty($redir)) - $conf .= "\n redirect $redir"; - if (!empty($rewr)) - $conf .= "\n rewrite $rewrite"; - // log only for default - if (!empty($log) && ($src=='default')) - $conf .= "\n log " . SQUIDGUARD_ACCESSBLOCK_FILE; - $conf .= "\n }"; - } - - return $conf; - } -} - -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# Set file access -# -function set_file_access($dir, $owner, $mod) { - chown($dir, $owner); - chgrp($dir, $owner); - chmod($dir, $mod); - - if (is_dir($dir)) { - $hd = opendir($dir); - while (($item = readdir($hd)) !== false) { - if (($item != ".") && ($item != "..")) { - $path = "$dir/$item"; - if (is_dir($path)) - set_file_access($path, $owner, $mod); - else { - chown($path, $owner); - chgrp($path, $owner); - chmod($path, $mod); - } - } - } - } -} - -?> diff --git a/packages/squidGuard/squidguard_configurator.inc b/packages/squidGuard/squidguard_configurator.inc new file mode 100644 index 00000000..06cddb99 --- /dev/null +++ b/packages/squidGuard/squidguard_configurator.inc @@ -0,0 +1,1564 @@ +<?php +# ------------------------------------------------------------------------------ +/* squidguard_configurator.inc + (C)2006 Serg Dvoriancev + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +# ------------------------------------------------------------------------------ +# SquidGuard Configurator +# email: dv_serg@mail.ru +# ------------------------------------------------------------------------------ +# squidGuard inline options: +# squidGuard -C all - apdate database +# squidGuard -c <configfile> - create squidGuard with specified config file +# ------------------------------------------------------------------------------ +# Directories: +# work path - $workdir +# log path - $workdir + $logdir +# ------------------------------------------------------------------------------ +# Functions: +# sg_init($init_xml) +# sg_load_configxml($filename) +# sg_save_configxml($filename) +# sg_reconfigure() +# sg_reconfigure_blacklist($source_filename, $opt) +# $source_filename - file name or url +# $opt - option: +# '' or 'local' - update from local file (example: '/tmp/blacklist.tar') +# 'url' - update from url +# ------------------------------------------------------------------------------ +# Config XML structure: +# ------------------------------------------------------------------------------ +/* +<?xml version="1.0"?> +<squidGuard> + <logdir/> + <dbhome/> + <workdir/> + <enabled/> + <blacklist_enabled> + <sources> + <item> + <name/> + <ip/> + <log>on</log> + <description/> + </item> + <item> + ... + </item> + </sources> + <destinations> + <item> + <name/> + <urls/> + <domains/> + <expressions/> + <redirect/> + <description/> + <log>on</log> + </item> + <item> + ... + </item> + </destinations> + <rewrites> + <item> + <name/> + <description/> + <log>on</log> + <item> + <targeturl/> + <replaceto/> + </item> + <item> + ... + </item> + </item> + <item> + ... + </item> + </rewrites> + <times> + <item> + <name/> + <description/> + <item> + <timetype/> + <timedays/> + <daterange/> + <sg_timerange/> + </item> + <item> + ... + </item> + </item> + <item> + ... + </item> + </times> + <acls> + <item> + <name/> + <description/> + <disabled/> + <timename/> + <redirect/> + <rewritename/> + <overredirect/> + <overrewritename/> + <destname/> + <overdestname/> + </item> + <item> + ... + </item> + </acls> + <default> + <name/> + <description/> + <disabled/> + <timename/> + <redirect/> + <rewritename/> + <overredirect/> + <overrewritename/> + <destname/> + <overdestname/> + </default> +</squidGuard> +*/ +require_once('globals.inc'); +require_once('config.inc'); +require_once('util.inc'); +require_once('pfsense-utils.inc'); +require_once('pkg-utils.inc'); +require_once('filter.inc'); +require_once('service-utils.inc'); + +# ------------------------------------------------------------------------------ + +define('FILES_DB_HEADER', ' +# ------------------------------------------------------------------------------ +# File created by squidGuard package GUI +# (C)2006 Serg Dvoriancev +# ------------------------------------------------------------------------------ +'); + +define('CONFIG_SG_HEADER', ' +# ============================================================ +# SquidGuard configuration file +# +# This file generated automaticly with SquidGuard configurator +# +# (C)2006 Serg Dvoriancev +# email: dv_serg@mail.ru +# ============================================================ +'); + +define('ACL_WARNING_ABSENSE_PASS', "!WARNING! Absence PASS 'all' or 'none' added as 'none'"); + +# ------------------------------------------------------------------------------ +# squid config options +# ------------------------------------------------------------------------------ +define('REDIRECTOR_OPTIONS_REM', '# squidGuard options'); +define('REDIRECTOR_PROGRAM_OPT', 'redirect_program'); +define('REDIRECT_BYPASS_OPT', 'redirector_bypass'); +define('REDIRECT_CHILDREN_OPT', 'redirect_children'); +# ------------------------------------------------------------------------------ +# setup count redirector processes will started +# * for big count users service increase this option, +# but you need use this on powerful system +define('REDIRECTOR_PROCESS_COUNT', '3'); + +# ------------------------------------------------------------------------------ +# squidguard config options +# ------------------------------------------------------------------------------ +# define default redirection url (redirector get this url for all blocked url's) +# * !ATTENTION! this url must be exists; IF url not exist, redirector will't block +# (returned to squid some url, what blocked) +# this may use '301:' or '302:' value (only) +#define('REDIRECT_BASE_URL', '302:'); +define('REDIRECT_BASE_URL', 'http://127.0.0.1/sgerror.php'); +define('REDIRECT_TRANSPARENT_BASE_URL', '/sgerror.php'); + +# ------------------------------------------------------------------------------ +# squidguard system defines +# ------------------------------------------------------------------------------ +# !check this! +define('SQUID_CONFIGFILE', '/usr/local/etc/squid/squid.conf'); +define('TMP_DIR', '/var/tmp'); + +# not need for check +define('SQUIDGUARD_CONFIGFILE', '/squidGuard.conf'); +define('SQUIDGUARDCONF_LOGFILE', '/sg_configurator.log'); +define('SQUIDGUARD_ACCESSBLOCK_FILE', 'block.log'); +define('SQUIDGUARD_BLK_ENTRIES', '/blacklist.files'); +define('BLACKLIST_ARCHIVE', '/blacklists.tar'); +# ? may be not used ? +define('SQUIDGUARD_CONFBASE_DEF', '/usr/local/etc/squid'); +define('SQUIDGUARD_LOGDIR_DEF', '/tmp'); +define('SQUIDGUARD_WORKDIR_DEF', '/usr/local/etc/squidGuard'); +define('SQUIDGUARD_BINPATH_DEF', '/usr/local/bin'); +define('SQUIDGUARD_DBHOME_DEF', '/var/db/squidGuard'); +define('BLK_LOCALFILE', '/tmp/sg_blacklists.tar'); + +# ------------------------------------------------------------------------------ +// debug options +define('DEBUG_UPDATE_SQUID_CONF', 'true'); +define('DEBUG_UPDATE_SQUIDGUARD_DB', 'true'); +define('DEBUG_MAKE_SQUIDGUARD_CONFIG', 'true'); + +// options +define('SQUIDGUARD_LOG_MAXCOUNT', 1000); // max log lines + +# ------------------------------------------------------------------------------ +# +define('FLT_DEFAULT_ALL', 'all'); +# ------------------------------------------------------------------------------ +# owner user name (squid system user - need for define rights access) +# ------------------------------------------------------------------------------ +define('OWNER_NAME', 'proxy'); +# ------------------------------------------------------------------------------ +# +define('DEBUG_ON', 'true'); + +# ============================================================================== +# black list +# ============================================================================== +# known black list standard names +# ------------------------------------------------------------------------------ +define('FLT_AD', 'ads'); +define('FLT_AGGRESSIVE', 'aggressive'); +define('FLT_AUDIOVIDEO', 'audio-video'); +define('FLT_DRUGGS', 'druggs'); +define('FLT_GAMBLING', 'gambling'); +define('FLT_HACKING', 'hacking'); +define('FLT_MAIL', 'mail'); +define('FLT_PORN', 'porn'); +define('FLT_PROXY', 'proxy'); +define('FLT_VIOLENCE', 'viol'); +define('FLT_WAREZ', 'warez'); + +# ------------------------------------------------------------------------------ +# std_blacklist_get_description - black list std names description +# ------------------------------------------------------------------------------ +function std_blacklist_get_description() { + $dst_std = array(); + $dst_std[FLT_AD] = 'Reclama & banners filter'; + $dst_std[FLT_AGGRESSIVE] = 'Agressive content sites filter'; + $dst_std[FLT_AUDIOVIDEO] = 'Audio and Video sites filter'; + $dst_std[FLT_DRUGGS] = 'Druggs filter'; + $dst_std[FLT_GAMBLING] = 'Games sites filter'; + $dst_std[FLT_HACKING] = 'Hacking sites filter'; + $dst_std[FLT_MAIL] = 'Mail sites filter'; + $dst_std[FLT_PORN] = 'Porno sites filter'; + $dst_std[FLT_PROXY] = 'Proxy sites filter'; + $dst_std[FLT_VIOLENCE] = 'Violence content sites filter'; + $dst_std[FLT_WAREZ] = 'Wares, soft, downloads sites filter'; + return $dst_std; +} + +# ============================================================================== +# SquidGuard Configurator +# ============================================================================== +// squidGuard config array +$squidguard_config = array(); +// default init +sg_init(); + +# ------------------------------------------------------------------------------ +# squidguard system fields +# ------------------------------------------------------------------------------ +define('FLD_SQUIDGUARD', 'squidGuard'); +define('FLD_LOGDIR', 'logdir'); +define('FLD_DBHOME', 'dbhome'); +define('FLD_WORKDIR', 'workdir'); +define('FLD_BINPATH', 'binpath'); +define('FLD_PROCCESSCOUNT', 'process_count'); +define('FLD_SQUIDCONFIGFILE', 'squid_configfile'); +define('FLD_ENABLED', 'enabled'); +define('FLD_BLACKLISTENABLED', 'blacklist_enabled'); +define('FLD_SGCONF_XML', 'sgxml_file'); + +// other fields +define('FLD_ITEM', 'item'); +define('FLD_TIMES', 'times'); +define('FLD_SOURCES', 'sources'); +define('FLD_DESTINATIONS', 'destinations'); +define('FLD_REWRITES', 'rewrites'); +define('FLD_ACLS', 'acls'); +define('FLD_DEFAULT', 'default'); +define('FLD_NAME', 'name'); +define('FLD_DESCRIPTION', 'description'); +define('FLD_IP', 'ip'); +define('FLD_URLS', 'urls'); +define('FLD_DOMAINS', 'domains'); +define('FLD_EXPRESSIONS', 'expressions'); +define('FLD_REDIRECT', 'redirect'); +define('FLD_TARGETURL', 'targeturl'); +define('FLD_REPLACETO', 'replaceto'); +define('FLD_LOG', 'log'); +define('FLD_ITEM', 'item'); +define('FLD_DISABLED', 'disabled'); +define('FLD_TIMENAME', 'timename'); +define('FLD_DESTINATIONNAME', 'destname'); +define('FLD_REDIRECT', 'redirect'); +define('FLD_REWRITE', 'rewrite'); +define('FLD_REWRITENAME', 'rewritename'); +define('FLD_OVERDESTINATIONNAME', 'overdestname'); +define('FLD_OVERREDIRECT', 'overredirect'); +define('FLD_OVERREWRITE', 'overrewrite'); +define('FLD_OVERREWRITENAME', 'overrewritename'); +define('FLD_TIMETYPE', 'timetype'); +define('FLD_TIMEDAYS', 'timedays'); +define('FLD_DATRANGE', 'daterange'); +define('FLD_TIMERANGE', 'sg_timerange'); + +// transparent mode +define('FLD_SQUID_TRANSPARENT_MODE', 'squid_transparent_mode'); +define('FLD_CURRENT_LAN_IP', 'current_lan_ip'); + +# ------------------------------------------------------------------------------ +# sg_init +# - initialize config array +# ------------------------------------------------------------------------------ +function sg_init($init = '') { + global $squidguard_config; + + $squidguard_config = array(); + if(empty($init) or !is_array($init) ) { + // default init (for generate minimal config) + $squidguard_config[FLD_LOGDIR] = SQUIDGUARD_LOGDIR_DEF; + $squidguard_config[FLD_DBHOME] = SQUIDGUARD_DBHOME_DEF; + $squidguard_config[FLD_WORKDIR] = SQUIDGUARD_WORKDIR_DEF; + $squidguard_config[FLD_BINPATH] = SQUIDGUARD_BINPATH_DEF; + $squidguard_config[FLD_SQUIDCONFIGFILE] = SQUID_CONFIGFILE; + $squidguard_config[FLD_PROCCESSCOUNT] = REDIRECTOR_PROCESS_COUNT; + sg_addlog("sg_init: default initialization squidguard_config"); + } else { + $squidguard_config = $init; + sg_addlog("sg_init: ext initialization squidguard_config"); + } + return $squidguard_config; +} + +# ------------------------------------------------------------------------------ +# sg_loadconfig_xml +# ------------------------------------------------------------------------------ +function sg_load_configxml($filename) { + global $squidguard_config; + sg_init(); + if (file_exists($filename)) { + $xmlconf = file_get_contents($filename); + sg_addlog("sg_load_configxml: load config from $filename"); + + if (!empty($xmlconf)) { + $squidguard_config = $xmlconf[FLD_SQUIDGUARD]; + sg_addlog("sg_load_configxml: update config success."); + } else + sg_addlog("sg_load_configxml: update config error."); + } else + sg_addlog("sg_load_configxml: error load config from $filename - file not exists."); +} + +# ------------------------------------------------------------------------------ +# sg_saveconfig_xml +# ------------------------------------------------------------------------------ +function sg_save_configxml($filename) { + global $squidguard_config; + $xmlconf = dump_xml_config($squidguard_config, FLD_SQUIDGUARD); + file_put_contents($filename, $xmlconf); +} + +# ------------------------------------------------------------------------------ +# sg_reconfigure +# - squidguard reconfiguration +# ------------------------------------------------------------------------------ +function sg_reconfigure() { + global $squidguard_config; + sg_addlog("sg_reconfigure: start."); + + // 1. check system + sg_check_system(); + + // 2. reconfigure user db + sg_reconfigure_user_db(); + + // 3. generate squidGuard config + $conf_file = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARD_CONFIGFILE; + $conf = sg_build_config(); + if ($conf) { + $conf = implode("\n", $conf); + if ($squidguard_config[FLD_WORKDIR]) + $conf_file = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_CONFIGFILE; + file_put_contents($conf_file, $conf); + file_put_contents('/usr/local/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); // << squidGuard want config '/usr/local/etc/squid' by default + set_file_access($squidguard_config[FLD_WORKDIR], OWNER_NAME, 0755); + sg_addlog("sg_reconfigure: generate squidGuard config and save to $conf_file."); + } + + // 4. reconfigure squid + squid_reconfigure(); + + sg_addlog("sg_reconfigure: end."); +} + +// ------------------------------------------------------------ +// squid_reconfigure +// Insert in '/usr/local/squid/etc/squid.conf' options: +// redirector_bypass on +// redirect_program /usr/local/squidGuard/bin/squidGuard -c /path_to_config_file +// redirect_children 1 +// ------------------------------------------------------------ +function squid_reconfigure($remove_only = '') { + global $squidguard_config; + + sg_addlog("squid_reconfigure: begin"); + + // 1. update squid config + $opt = ''; + $squid_conf_file = SQUID_CONFIGFILE; + $redirector_path = $squidguard_config[FLD_BINPATH] . '/squidGuard'; + $redirector_conf = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_CONFIGFILE; + + // update squid.conf file + if (file_exists($squid_conf_file)) { + sg_addlog("squid_reconfigure: config file '$squid_conf_file'"); + $conf = file_get_contents($squid_conf_file); + + // remove old redirector options from 'squid.conf' + sg_addlog("squid_reconfigure: remove old redirector options from 'squid.conf'"); + $conf = explode("\n", $conf); + for($i=0; $i<count($conf); $i++) { + $s = trim($conf[$i]); + if (strpos($s, REDIRECTOR_OPTIONS_REM) === 0) $conf[$i] = ''; + if (strpos($s, REDIRECTOR_PROGRAM_OPT) === 0) $conf[$i] = ''; + if (strpos($s, REDIRECT_BYPASS_OPT) === 0) $conf[$i] = ''; + if (strpos($s, REDIRECT_CHILDREN_OPT) === 0) $conf[$i] = ''; + } + $conf = implode("\n", $conf); + $conf = rtrim($conf); + + // if squidGuard enabled - add new options to squid config + if (empty($remove_only) && ($squidguard_config[FLD_ENABLED] === 'on')) { + sg_addlog("squid_reconfigure: add new redirector options to 'squid.conf'"); + // add redirector options to 'squid.conf' + $conf .= "\n"; + $conf .= "\n" . REDIRECTOR_OPTIONS_REM; + $conf .= "\n" . REDIRECTOR_PROGRAM_OPT . " $redirector_path -c $redirector_conf"; + $conf .= "\n" . REDIRECT_BYPASS_OPT . ' on'; + $conf .= "\n" . REDIRECT_CHILDREN_OPT . " " . REDIRECTOR_PROCESS_COUNT; + } + $conf .= "\n"; + file_put_contents($squid_conf_file, $conf); + } else + sg_addlog("squid_reconfigure: error config file '$squid_conf_file' not found."); + + + // 2. restart squid - squid automaticly restart redirector too + if (is_service_running('squid')) + mwexec("/usr/local/sbin/squid -k reconfigure"); + +# // 2.1. another method +# if (is_service_running('squid')) +# mwexec('killall -HUP squid'); +} +// ------------------------------------------------------------ +// sg_check_system +// - check squidguard catalog's and access right's +// ------------------------------------------------------------ +function sg_check_system() { + global $squidguard_config; + + // check work_dir & create if not exists + $work_dir = $squidguard_config[FLD_WORKDIR]; + if (!empty($work_dir)) { + // check dir's + if (!file_exists($work_dir)) { + mwexec("mkdir -p " . $work_dir); + sg_addlog("Create work dir $work_dir"); + // set access right + set_file_access($work_dir, OWNER_NAME, 0755); + } + } + unset($work_dir); + + // check log_dir & create if not exists + $log_dir = $squidguard_config[FLD_LOGDIR]; + if (!empty($log_dir)) { + if (!file_exists($log_dir)) { + mwexec("mkdir -p " . $log_dir); + sg_addlog("Create log dir $log_dir"); + } + // set access right - need start any time; + // (SG possible start from console and log file will have only root access) + set_file_access($log_dir, OWNER_NAME, 0755); + } + unset($log_dir); + + // check db dir + $db_dir = $squidguard_config[FLD_DBHOME]; + if (!empty($db_dir)) { + if (!file_exists($db_dir)) { + mwexec("mkdir -p $db_dir"); + $sg_addlog("Create db dir $db_dir"); + // set access right + set_file_access($db_dir, OWNER_NAME, 0755); + } + } + unset($db_dir); +} +// ------------------------------------------------------------ +// sg_reconfigure_user_db +// - reconfigure(update) db user entries +// ------------------------------------------------------------ +function sg_reconfigure_user_db() { + global $squidguard_config; + $dbhome = $squidguard_config[FLD_DBHOME]; + + sg_addlog("sg_reconfigure_user_db: begin"); + + if (!file_exists($dbhome)) { + sg_addlog("sg_reconfigure_user_db: error - path not found $dbhome"); + return; + } + + // update destinations to db + $dests = $squidguard_config[FLD_DESTINATIONS]; + if(!empty($dests)){ + $dst_names = array(); + + foreach($dests[FLD_ITEM] as $dst) { + $path = "$dbhome/" . $dst[FLD_NAME]; + $dst_names[] = $path; + + // 1. check destination catalog + if (!file_exists($path)) { + if (!mkdir ($path, 0755)) { + sg_addlog("sg_reconfigure_user_db: error create dir $path"); + return; + } else sg_addlog("Create dir $path"); + } + + // 2. build domains file + $domains = $dst[FLD_DOMAINS]; + if (!empty($domains)) { + $content = ''; + $content = str_replace(" ", "\n", $domains); + $content = trim($content); + file_put_contents($path . '/domains', $content); + sg_addlog("sg_reconfigure_user_db: add domains '$domains'"); + } + unset($domains); + + // 3. build urls file + $urls = $dst[FLD_URLS]; + if (!empty($urls)) { + $content = ''; + $content = str_replace(" ", "\n", $urls); + $content = trim($content); + file_put_contents($path . '/urls', $content); + sg_addlog("sg_reconfigure_user_db: add urls '$content'"); + } + unset($urls); + + // 4. build expression file + $expr = $dst[FLD_EXPRESSIONS]; + if (!empty($expr)) { + $content = str_replace("|", " ", $expr); + $content = trim($content); // delete first and last unnecessary '|' symbols + $content = str_replace(" ", "|", $content); + file_put_contents($path . '/expressions', $content); + sg_addlog("sg_reconfigure_user_db: add expressions '$content'"); + } + unset($expr); + } + + // 4. recursive set files access + set_file_access($dbhome, OWNER_NAME, 0755); + + // 5. rebuild user db + //$dst_names + foreach($dst_names as $dname) + sg_full_rebuild_db($dname); + + } else + sg_addlog("sg_reconfigure_user_db: stopped - destinations list empty"); + + // 6. remove unused db entries + sg_remove_unused_db_entries(); + + sg_addlog("sg_reconfigure_user_db: end"); +} + +// ------------------------------------------------------------ +// sg_remove_unused_db_entries +// - remove unused DB entries +// ------------------------------------------------------------ +function sg_remove_unused_db_entries() { + global $squidguard_config; + $db_entries = array(); + $file_list = ''; + $dbhome = $squidguard_config[FLD_DBHOME]; + + sg_addlog("sg_remove_unused_db_entries: begin"); + + // black list entries + // * worked only with 'blacklist entries list file - else may be deleted black list entry + if (file_exists($dbhome . SQUIDGUARD_BLK_ENTRIES)) { + $db_entries = explode("\n", file_get_contents($dbhome . SQUIDGUARD_BLK_ENTRIES)); + // user entries + $dests = $squidguard_config[FLD_DESTINATIONS]; + foreach($dests[FLD_ITEM] as $dst) { + $db_entries[] = $dst[FLD_NAME]; + + $file_list = scan_dir($dbhome); + $file_for_del = array_diff($file_list, $db_entries); + + foreach($file_for_del as $fd) { + $file_fd = $dbhome . "/" . $fd; + if (($fd != "") && ($fd != ".") && ($fd != "..")) { + if (file_exists($file_fd)) { + if (!mwexec("rm -R . $file_fd")) + sg_addlog("sg_remove_unused_db_entries: Delete $file_fd"); + else sg_addlog("sg_remove_unused_db_entries: Error delete $file_fd"); + } else sg_addlog("sg_remove_unused_db_entries: File $file_fd not found"); + } + } + } + } + sg_addlog("sg_remove_unused_db_entries: end"); +} + +// ------------------------------------------------------------ +// sg_full_rebuild_db +// squidguard inline options: -C - create db files; -u - update '.diff' files to db +// ------------------------------------------------------------ +function sg_full_rebuild_db($dblist='') { + global $squidguard_config; + $sg_cfgfile = ''; + + sg_addlog("sg_rebuild_db: begin with $dblist"); + + if ($squidguard_config[FLD_WORKDIR]) + $sg_cfgfile = $squidguard_config[FLD_WORKDIR]; + else $sg_cfgfile = SQUIDGUARD_WORKDIR_DEF; + $sg_cfgfile .= SQUIDGUARD_CONFIGFILE; + + // set files access + set_file_access($squidguard_config[FLD_DBHOME], OWNER_NAME, 0755); + + // rebuild squidGuard DB (without waite) + if (file_exists($sg_cfgfile)) { + if (empty($dblist)) { + // full rebuild + $cmd = $squidguard_config[FLD_BINPATH] . '/squidGuard -c $sg_cfgfile -C all'; + mwexec_bg($cmd); + sg_addlog("sg_rebuild_db: start full rebuild db"); + } else { + // partually rebuild + $cmd_domains = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $sg_cfgfile -C $dblist/domains"; + $cmd_urls = $squidguard_config[FLD_BINPATH] . "/squidGuard -c $sg_cfgfile -C $dblist/urls"; + mwexec_bg($cmd_domains); + mwexec_bg($cmd_urls); + sg_addlog("sg_rebuild_db: start rebuild DB '$dblist'"); + } + // update .diff files +# mwexec_bg($squidguard_config[FLD_BINPATH] . '/squidGuard -c $sg_cfgfile -u')*/) + } else { + sg_addlog("sg_rebuild_db: error, config file '$sg_cfgfile' not found"); + } + + sg_addlog("sg_rebuild_db: end"); +} +// ============================================================ +// Log +// ============================================================ +// ------------------------------------------------------------ +// sg_addlog +// ------------------------------------------------------------ +function sg_addlog($log) { + global $squidguard_config; + + $logfile = ''; + $logfile = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARDCONF_LOGFILE; + $log_content = array(); + + if (!empty($squidguard_config)) { + // define logfile + if (file_exists($squidguard_config[FLD_LOGDIR])) + $logfile = $squidguard_config[FLD_LOGDIR] . SQUIDGUARDCONF_LOGFILE; + } else { + $log_content[] = date("d.m.Y H:i:s") . ": " . "sg_addlog: Error, squidguard_config is empty"; + } + + $tmplog = ''; + if (file_exists($logfile)) + $tmplog = file_get_contents($logfile); + $log_content = explode("\n", $tmplog); + unset($tmplog); + + $log_content[] = date("d.m.Y H:i:s") . ": $log"; + while (count($log_content) > SQUIDGUARD_LOG_MAXCOUNT) array_shift($log_content); + + $tlog = implode("\n", $log_content); + file_put_contents($logfile, $tlog); +# file_put_contents("/tmp/_sg.log", $tmp_log); +} +// ------------------------------------------------------------ +// sg_getlog +// ------------------------------------------------------------ +function sg_getlog($last_entries_count) { + global $squidguard_config; + $log_content = ''; + $logfile = SQUIDGUARD_LOGDIR_DEF . SQUIDGUARDCONF_LOGFILE; + + // define logfile + if (!empty($squidguard_config)) + if (file_exists($squidguard_config[FLD_LOGDIR])) + $logfile = $squidguard_config[FLD_LOGDIR] . SQUIDGUARDCONF_LOGFILE; + + // get log last 100 entries + if (file_exists($logfile)) { + $log_content = file_get_contents($logfile); + $log_content = explode("\n", $log_content); + while (count($log_content) > $last_entries_count) array_shift($log_content); + // insert log file name on top + $log_content[0] = $logfile; + $log_content = implode("\n", $log_content); + } + + return $log_content; +} +# ------------------------------------------------------------- +# sg_build_default_config +# default rule - block all +# ------------------------------------------------------------- +function sg_build_default_config() { + global $squidguard_config; + $sgconf = array(); + $redirect_base_url = REDIRECT_BASE_URL; + +// TODO: need fix for transparentproxy + + // header + $sgconf[] = CONFIG_SG_HEADER; + // init section + $sgconf[] = "logdir {$squidguard_config[FLD_LOGDIR]}"; + $sgconf[] = "dbhome {$squidguard_config[FLD_DBHOME]}"; + $sgconf[] = ""; + + // acl section + $sgconf[] = "acl {"; + $sgconf[] = "\t default {"; + $sgconf[] = "\t\t pass none"; + $sgconf[] = "\t\t redirect " . $redirect_base_url; + $sgconf[] = "\t }"; + $sgconf[] = "}"; + + sg_addlog("sg_build_default_config: Created default configuration. All content will blocked."); + return $sgconf; +} + +// ------------------------------------------------------------ +// sg_build_config +// ------------------------------------------------------------ +function sg_build_config() { + global $squidguard_config; + $sgconf = array(); + $redirect_base_url = REDIRECT_BASE_URL; + + sg_addlog("sg_build_config: create squidGuard config"); + if(!is_array($squidguard_config)) { + sg_addlog("sg_build_config: error configuration in squidguard_config"); + return sg_build_default_config(); + } + + // check configuration data + sg_addlog("sg_build_config: check configuration data"); + $s = sg_check_config_data(); + if ($s) { + sg_addlog("sg_build_config: error configuration data. It's all errors: \n$s"); + sg_addlog("sg_build_config: terminated."); + return sg_build_default_config(); + } + unset($s); + + // --- Header --- + $sgconf[] = CONFIG_SG_HEADER; + + // Transparent redirector base url + if (isset($squidguard_config[FLD_SQUID_TRANSPARENT_MODE]) and + isset($squidguard_config[FLD_CURRENT_LAN_IP])) { + $redirect_base_url = "http://" . $squidguard_config[FLD_CURRENT_LAN_IP] . REDIRECT_TRANSPARENT_BASE_URL; + sg_addlog("sg_build_config: select LAN redirector base url ($redirect_base_url)"); + } else + sg_addlog("sg_build_config: select localhost redirector base url ($redirect_base_url)"); + + // init + $sgconf[] = "logdir " . $squidguard_config[FLD_LOGDIR]; + $sgconf[] = "dbhome " . $squidguard_config[FLD_DBHOME]; + + // --- Times --- + if ($squidguard_config[FLD_TIMES]) { + sg_addlog("sg_build_config: add times"); + foreach($squidguard_config[FLD_TIMES][FLD_ITEM] as $tm) { + $sgconf[] = ""; + if ($tm[FLD_DESCRIPTION]) + $sgconf[] = "# " . $tm[FLD_DESCRIPTION]; + $sgconf[] = "time " . $tm[FLD_NAME] . " {"; + foreach($tm[FLD_ITEM] as $itm) { + switch ($itm[FLD_TIMETYPE]) { + case "weekly": + $sgconf[] = "\t weekly " . $itm[FLD_TIMEDAYS] . " " . $itm[FLD_TIMERANGE]; + break; + case "date": + $sgconf[] = "\t date " . $itm[FLD_DATERANGE] . " " . $itm[FLD_TIMERANGE]; + break; + } + } + $sgconf[] = "}"; + } + } + + // --- Sources --- + if ($squidguard_config[FLD_SOURCES]) { + sg_addlog("sg_build_config: add sources"); + foreach($squidguard_config[FLD_SOURCES][FLD_ITEM] as $src) { + $sgconf[] = ""; + if ($src[FLD_DESCRIPTION]) + $sgconf[] = "# " . $src[FLD_DESCRIPTION]; + $sgconf[] = "src " . $src[FLD_NAME] . " {"; + // IP + if ($src[FLD_IP]) { + $s_ip = explode(" ", $src[FLD_IP]); + foreach($s_ip as $ip) + if (!empty($ip)) $sgconf[] = "\t ip " . $ip; + } + // domains + if ($src[FLD_DOMAINS]) { + $dms = explode(" ", $src[FLD_DOMAINS]); + foreach($dms as $dm) + if (!empty($dm)) $sgconf[] = "\t domain " . $dm; + } + if ($src[FLD_LOG]) + $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; + $sgconf[] = "}"; + } + } + + // --- Blacklist --- + # + # Note! Blacklist must be added to config constantly. It's need for rebuild DB + # + $db_entries = sg_entries_blacklist(); + if (($squidguard_config[FLD_BLACKLISTENABLED] === 'on') and $db_entries) { + sg_addlog("sg_build_config: add blacklist entries"); + foreach($db_entries as $key => $ent) { + $ent_state = array(); + $file_dms = $squidguard_config[FLD_DBHOME] . "/$ent/domains"; + $file_urls = $squidguard_config[FLD_DBHOME] . "/$ent/urls"; + $file_expr = $squidguard_config[FLD_DBHOME] . "/$ent/expressions"; + + // check blacklist acl state + if (file_exists($file_dms)) { + $ent_state['exists'] = 'on'; + $ent_state[FLD_DOMAINS] = 'on'; + } + if (file_exists($file_urls)) { + $ent_state['exists'] = 'on'; + $ent_state[FLD_URLS] = 'on'; + } + if (file_exists($file_expr)) { + $ent_state['exists'] = 'on'; + $ent_state[FLD_EXPRESSIONS] = 'on'; + } + + // create config + $sgconf[] = ""; + if ($ent_state['exists']) { + $sgconf[] = "dest $ent {"; + $dstname = $ent; + if ($ent_state[FLD_DOMAINS]) $sgconf[] = "\t domainlist $ent/domains"; + if ($ent_state[FLD_EXPRESSIONS]) $sgconf[] = "\t expressionlist $ent/expressions"; + if ($ent_state[FLD_URLS]) $sgconf[] = "\t urllist $ent/urls"; + $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; + $sgconf[] = "}"; + sg_addlog("sg_build_config: -- add '$ent' entry"); + } else { + $sgconf[] = "\t# Config ERROR: Destination '$ent' not found in DB"; + sg_addlog("sg_build_config: uncompleted or error '$ent' entry - disabled"); + } + } + } + + // --- Destinations --- + if ($squidguard_config[FLD_DESTINATIONS]) { + sg_addlog("sg_build_config: add destinations"); + $sgconf[] = ""; +# $sgconf[] = "dest localhost { # fix localhost access problem on transparent proxy "; +# $sgconf[] = "\t ip 127.0.0.1"; +# $sgconf[] = "}"; + foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) { + $dstname = $dst[FLD_NAME]; + $sgconf[] = ""; + if ($dst[FLD_DESCRIPTION]) + $sgconf[] = "# " . $dst[FLD_DESCRIPTION]; + $sgconf[] = "dest $dstname {"; + if ($dst[FLD_DOMAINS]) + $sgconf[] = "\t domainlist $dstname/domains"; + if ($dst[FLD_EXPRESSIONS]) + $sgconf[] = "\t expressionlist $dstname/expressions"; + if ($dst[FLD_URLS]) + $sgconf[] = "\t urllist $dstname/urls"; + if ($dst[FLD_REDIRECT] && is_url($dst[FLD_REDIRECT])) + $sgconf[] = "\t redirect " . $redirect_base_url . "?url={$dst[FLD_REDIRECT]}"; + if ($dst[FLD_LOG]) + $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; + $sgconf[] = "}"; + } + } + + // --- Rewrites --- + if ($squidguard_config[FLD_REWRITES]) { + sg_addlog("sg_build_config: add rewrites"); + foreach($squidguard_config[FLD_REWRITES][FLD_ITEM] as $rew) { + $sgconf[] = ""; + $sgconf[] = "rew " . $rew[FLD_NAME] . " {"; + foreach ($rew[FLD_ITEM] as $rw) + $sgconf[] = "\t s@." . $rw[FLD_TARGETURL] . "@" . $rw[FLD_REPLACETO]."@"; + if ($rew[FLD_LOG]) + $sgconf[] = "\t log " . SQUIDGUARD_ACCESSBLOCK_FILE; + $sgconf[] = "}"; + } + } + + # ---------------------------------------- + $entry_blacklist = sg_entries_blacklist(); + + // --- ACL --- + $sgconf[] = ""; + $sgconf[] = "acl {"; + if ($squidguard_config[FLD_ACLS]) { + sg_addlog("sg_build_config: add ACL"); + foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) { + + // delete blacklist entries from 'pass' if blacklist disabled + if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') { + $tarray = explode(" ", $acl[FLD_DESTINATIONNAME]); + $varray = explode(" ", $acl[FLD_OVERDESTINATIONNAME]); + foreach($entry_blacklist as $entry) { + $tk = array_search($entry, $tarray); + if ($tk !== false) unset ($tarray[$tk]); + + $tk = array_search("!$entry", $tarray); + if ($tk !== false) unset($tarray[$tk]); + + $tk = array_search($entry, $varray); + if ($tk !== false) unset ($varray[$tk]); + + $tk = array_search("!$entry", $varray); + if ($tk !== false) unset ($varray[$tk]); + } + $acl[FLD_DESTINATIONNAME] = implode (" ", $tarray); + $acl[FLD_OVERDESTINATIONNAME] = implode (" ", $varray); + } + + if (!$acl[FLD_DISABLED]) { + if ($acl[FLD_DESCRIPTION]) + $sgconf[] = "\t # " . $acl[FLD_DESCRIPTION]; + + if ($acl[FLD_TIMENAME]) { + // ontime + $sgconf[] = "\t " . $acl[FLD_NAME] . " within " . $acl[FLD_TIMENAME] . " { "; + $sgconf[] = "\t\t pass " . $acl[FLD_DESTINATIONNAME]; + if ($acl[FLD_REDIRECT]) { + if (is_url($acl[FLD_REDIRECT])) + $sgconf[] = "\t\t redirect " . $redirect_user_url . "?url={$acl[FLD_REDIRECT]}"; + else $sgconf[] = "\t\t redirect " . $redirect_user_url . "?msg=" . htmlspecialchars($acl[FLD_REDIRECT]); + } + if ($acl[FLD_REWRITENAME]) + $sgconf[] = "\t\t rewrite " . $acl[FLD_REWRITENAME]; + + // overtime + $sgconf[] = "\t } else {"; + $sgconf[] = "\t\t pass " . $acl[FLD_OVERDESTINATIONNAME]; + if ($acl[FLD_OVERREDIRECT] && is_url($acl[FLD_OVERREDIRECT])) + $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$acl[FLD_OVERREDIRECT]}"; + if ($acl[FLD_OVERREWRITENAME]) + $sgconf[] = "\t\t rewrite " . $acl[FLD_OVERREWRITENAME]; + + $sgconf[] = "\t }"; + } else { + $sgconf[] = "\t " . $acl[FLD_NAME] . " { "; + + $sgconf[] = "\t\t pass " . $acl[FLD_DESTINATIONNAME]; + + if ($acl[FLD_REDIRECT] && is_url($acl[FLD_REDIRECT])) + $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$acl[FLD_REDIRECT]}"; + if ($acl[FLD_REWRITENAME]) + $sgconf[] = "\t\t rewrite " . $acl[FLD_REWRITENAME]; + + $sgconf[] = "\t }"; + } + $sgconf[] = ""; + } + } + } + + // --- Default --- + $def = $squidguard_config[FLD_DEFAULT]; + sg_addlog("sg_build_config: add Default"); + if ($def) { + // delete blacklist entries from 'pass' if blacklist disabled + if ($squidguard_config[FLD_BLACKLISTENABLED] !== 'on') { + $tarray = explode(" ", $def[FLD_DESTINATIONNAME]); + $varray = explode(" ", $def[FLD_OVERDESTINATIONNAME]); + foreach($entry_blacklist as $entry) { + $tk = array_search($entry , $tarray); + if ($tk !== false) unset ($tarray[$tk]); + + $tk = array_search("!$entry" , $tarray); + if ($tk !== false) unset ($tarray[$tk]); + + $tk = array_search($entry , $varray); + if ($tk !== false) unset ($varray[$tk]); + + $tk = array_search("!$entry" , $varray); + if ($tk !== false) unset ($varray[$tk]); + } + $def[FLD_DESTINATIONNAME] = implode (" ", $tarray); + $def[FLD_OVERDESTINATIONNAME] = implode (" ", $varray); + } + + if ($def[FLD_TIMENAME]) { + // ontime + $sgconf[] = "\t default within " . $def[FLD_TIMENAME] . " { "; + $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME]; + if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT])) + $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$def[FLD_REDIRECT]}"; + else $sgconf[] = "\t\t redirect " . $redirect_base_url; + // overtime + $sgconf[] = "\t } else {"; + $sgconf[] = "\t\t pass " . $def[FLD_OVERDESTINATIONNAME]; + if ($def[FLD_OVERREDIRECT] && is_url($def[FLD_OVERREDIRECT])) { + $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$def[FLD_OVERREDIRECT]}"; + } + else $sgconf[] = "\t\t redirect " . $redirect_base_url; + $sgconf[] = "\t }"; + } else { + // without time + $sgconf[] = "\t default { "; + $sgconf[] = "\t\t pass " . $def[FLD_DESTINATIONNAME]; + if ($def[FLD_REDIRECT] && is_url($def[FLD_REDIRECT])) { + $sgconf[] = "\t\t redirect " . $redirect_base_url . "?url={$def[FLD_REDIRECT]}"; + } + else $sgconf[] = "\t\t redirect " . $redirect_base_url; + $sgconf[] = "\t }"; + } + } // if def + else { + sg_addlog("sg_build_config: error - ACL 'default' is empty, use as default 'block all'."); + $sgconf[] = "\t default { "; + $sgconf[] = "\t\t pass none"; + $sgconf[] = "\t\t redirect " . $redirect_base_url; + $sgconf[] = "\t }"; + } + + // --- ACL end --- + $sgconf[] = "}"; + + return $sgconf; +} + +// ------------------------------------------------------------ +// sg_check_config_data +// ------------------------------------------------------------ +function sg_check_config_data () { + global $squidguard_config; + $check_log = array(); + $times = array(); + $sources = array(); + $destinations = array(); + $rewrites = array(); + $acls = array(); + + // --- Times --- + if ($squidguard_config[FLD_TIMES]) { + foreach($squidguard_config[FLD_TIMES][FLD_ITEM] as $tm) { + // check name as unique and name format + $tm_name = $tm[FLD_NAME]; + $s = check_name($tm_name); + if ($s) + $check_log[] = "TIME '$tm_name' error: $s"; + + $times[] = $tm_name; + $key_tm = array_count_values($times); + if ($key_tm[$tm_name] > 1) + $check_log[] = "TIME '$tm_name' error: duplicate time name '$tm_name'"; + + // check time items format + } + } + + // --- Sources --- + if ($squidguard_config[FLD_SOURCES]) { + foreach($squidguard_config[FLD_SOURCES][FLD_ITEM] as $src) { + // check name as unique and name format + $src_name = $src[FLD_NAME]; + $s = check_name($src_name); + if ($s) + $check_log[] = "SOURCE '$src_name'error: $s"; + + $sources[] = $src_name; + $key_src = array_count_values($sources); + if ($key_src[$src_name] > 1) + $check_log[] = "SOURCE '$src_name' error: duplicate source name '$src_name'"; + + // check IP's + } + } + + // --- Destinations --- + if ($squidguard_config[FLD_DESTINATIONS]) { + foreach($squidguard_config[FLD_DESTINATIONS][FLD_ITEM] as $dst) { + // check name as unique and name format + $dst_name = $dst[FLD_NAME]; + $s = check_name($dst_name); + if ($s) + $check_log[] = "DESTINATION '$dst_name' error: $s"; + + $destinations[] = $dst_name; + $key_dst = array_count_values($destinations); + if ($key_dst[$dst_name] > 1) + $check_log[] = "DESTINATION '$dst_name' error: duplicate destination name '$dst_name'"; + + // check urls + // check domains + // check expressions + // check redirection url + } + } + + // --- Blacklist --- + $blk_entries_file = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES; + if (file_exists($blk_entries_file)) { + $blk_entr = explode("\n", file_get_contents($blk_entries_file)); + foreach($blk_entr as $entr) { + if ($entr) { + $destinations[] = $entr; + // check entry for exists + $dbfile = $squidguard_config[FLD_DBHOME] . "/$entr"; + if (!file_exists($dbfile)) + $check_log[] = "BLACKLIST '$entr' error: file '$dbfile' not found"; + } + } + } + + // --- Rewrites --- + if ($squidguard_config[FLD_REWRITES]) { + foreach($squidguard_config[FLD_REWRITES][FLD_ITEM] as $rw) { + // check check name as unique and name format + $rw_name = $rw[FLD_NAME]; + $s = check_name($dst_name); + if ($s) + $check_log[] = "REWRITE '$rw_name' error: $s"; + + $rewrites[] = $rw_name; + $key_rw = array_count_values($rewrites); + if ($key_rw[$rw_name] > 1) + $check_log[] = "REWRITE '$rw_name' error: duplicate rewrite name '$rw_name'"; + } + } + + $key_times = array_count_values($times); + $key_sources = array_count_values($sources); + $key_destinations = array_count_values($destinations); + $key_rewrites = array_count_values($rewrites); + + // --- ACLs --- + if ($squidguard_config[FLD_ACLS]) { + $acls = array(); + foreach($squidguard_config[FLD_ACLS][FLD_ITEM] as $acl) { + // skip disabled acl + if ($acls[FLD_DISABLED]) continue; + + $acl_name = $acl[FLD_NAME]; + + // check acl name for unique and exists (as source items) + if ($acl_name and !$key_sources[$acl_name]) + $check_log[] = "ACL '$acl_name' error: acl name '$acl_name' not found"; + + $acls[] = $acl_name; + $key_acls = array_count_values($acls); + if ($key_acls[$acl_name] > 1) + $check_log[] = "ACL '$acl_name' error: duplicate acl name '$acl_name'"; + + // check time + $time = $acl[FLD_TIMENAME]; + if ($time and !$key_times[$time]) // time name must exists + $check_log[] = "ACL '$acl_name' error: time name '$time' not found"; + + // check destinations + if ($acl[FLD_DESTINATIONNAME]) { + $acldest = str_replace("!", "", $acl[FLD_DESTINATIONNAME]); + $acldest = explode(" ", $acldest); + $key_acldest = array_count_values($acldest); + foreach($acldest as $adest) { + // check duplicates destinations in acl + if ($key_acldest[$adest] > 1) + $check_log[] = "ACL '$acl_name' error: duplicate destination name '$adest'. Any destination must included once."; + // check destinations for exists + if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) + $check_log[] = "ACL '$acl_name' error: destination name '$adest' not found"; + } + } else { + $check_log[] = "ACL '$acl_name' error: ontime pass list is empty."; + } + + // check overtime destinations + if ($time) { + if ($acl[FLD_OVERDESTINATIONNAME]) { + $acloverdest = str_replace("!", "", $acl[FLD_OVERDESTINATIONNAME]); + $acloverdest = explode(" ", $acloverdest); + $key_acloverdest = array_count_values($acloverdest); + foreach($acloverdest as $adest) { + // check duplicates destinations in acl + if ($key_acloverdest[$adest] > 1) + $check_log[] = "ACL '$acl_name' error: duplicate overtime destination name '$adest'. Any destination must included once."; + // check destinations for exists + if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) + $check_log[] = "ACL '$acl_name' error: overtime destination name '$adest' not found"; + } + } else { + $check_log[] = "ACL '$acl_name' error: overtime pass list is empty."; + } + } + + // check rewrite + $rew = $acl[FLD_REWRITENAME]; + if ($rew and !$key_rewrites[$rew]) + $check_log[] = "ACL '$acl_name' error: rewrite name '$rew' not found"; + + // check overtime rewrite + $overrew = $acl[FLD_OVERREWRITENAME]; + if ($time and $overrew and !$key_rewrites[$overrew]) + $check_log[] = "ACL '$acl_name' error: overtime rewrite name '$overrew' not found"; + + // check redirect + $redir = $acl[FLD_REDIRECT]; + $overredir = $acl[FLD_OVERREDIRECT]; + } + } + + + // --- Default --- + if ($squidguard_config[FLD_ACLS]) { + $def = $squidguard_config[FLD_DEFAULT]; + + // check time + $time = $def[FLD_TIMENAME]; + if ($time and !$key_times[$time]) // time name must exists + $check_log[] = "ACL 'default' error: time name '$time' not found"; + + // check destinations + if ($def[FLD_DESTINATIONNAME]) { + $defdest = str_replace("!", "", $def[FLD_DESTINATIONNAME]); + $defdest = explode(" ", $defdest); + $key_defdest = array_count_values($defdest); + foreach($defdest as $adest) { + // check duplicates destinations in acl + if ($key_defdest[$adest] > 1) + $check_log[] = "ACL 'default' error: duplicate destination name '$adest'. Any destination must included once."; + // check destinations for exists + if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) + $check_log[] = "ACL 'default' error: destination name '$adest' not found"; + } + } else { + $check_log[] = "ACL 'default' error: ontime pass list is empty."; + } + + // check overtime destinations + if ($time) { + if ($def[FLD_OVERDESTINATIONNAME]) { + $defoverdest = str_replace("!", "", $def[FLD_OVERDESTINATIONNAME]); + $defoverdest = explode(" ", $defoverdest); + $key_defoverdest = array_count_values($defoverdest); + foreach($defoverdest as $adest) { + // check duplicates destinations in acl + if ($key_defoverdest[$adest] > 1) + $check_log[] = "ACL 'default' error: duplicate overtime destination name '$adest'. Any destination must included once."; + // check destinations for exists + if ($adest and ($adest != 'all') and ($adest != 'none') and !$key_destinations[$adest]) + $check_log[] = "ACL 'default' error: overtime destination name '$adest' not found"; + } + } else { + $check_log[] = "ACL 'default' error: overtime pass list is empty."; + } + } + + // check rewrite + $rew = $def[FLD_REWRITENAME]; + if ($rew and !$key_rewrites[$rew]) + $check_log[] = "ACL 'default' error: rewrite name '$rew' not found"; + + // check overtime rewrite + $overrew = $def[FLD_OVERREWRITENAME]; + if ($time and $overrew and !$key_rewrites[$overrew]) + $check_log[] = "ACL 'default' error: overtime rewrite name '$overrew' not found"; + + // check redirect + $redir = $def[FLD_REDIRECT]; + $overredir = $def[FLD_OVERREDIRECT]; + } + + return implode("\n", $check_log); +} + +// ============================================================================= +// blacklist +// ============================================================================= +// sg_reconfigure_blacklist($source_filename, $opt) +// $source_filename - file name or url +// $opt - option: +// '' or 'local' - update from local file +// 'url' - update from url +// ----------------------------------------------------------------------------- +function sg_reconfigure_blacklist($source_filename, $opt = '') { + global $squidguard_config; + $sf = trim($source_filename); + $sf_contents = ''; + + sg_addlog("sg_reconfigure_blacklist: start "); + + // 1. check system + sg_check_system(); + + // 2. upload + sg_addlog("sg_reconfigure_blacklist: begin upload from '$sf'."); + if ($sf[0] === "/") { // local file - example '/tmp/blacklists.tar' + if (file_exists($sf)) { + $sf_contents = file_get_contents($sf); + sg_addlog("sg_reconfigure_blacklist: get file '$sf'."); + } else { + sg_addlog("sg_reconfigure_blacklist: error get file '$sf', file not found."); + return; + } + } else {// url + sg_addlog("sg_reconfigure_blacklist: get url '$sf'."); + $sf_contents = sg_uploadfile_from_url($sf, BLK_LOCALFILE, $opt); + } + + // 3. update + if (empty($sf_contents)) { + sg_addlog("sg_reconfigure_blacklist: error file content '$sf'."); + return; + } + // manually content save to local file + file_put_contents(BLK_LOCALFILE, $sf_contents); + sg_update_blacklist(BLK_LOCALFILE); + + // 4. rebuild db + sg_full_rebuild_db(); + + sg_addlog("sg_reconfigure_blacklist: end"); +} + +// ----------------------------------------------------------------------------- +// sg_update_blacklist - update blacklist from file +// ----------------------------------------------------------------------------- +function sg_update_blacklist($from_file) { + global $squidguard_config; + $dbhome = SQUIDGUARD_DBHOME_DEF; + $workdir = SQUIDGUARD_WORKDIR_DEF; + + if (file_exists($squidguard_config[FLD_DBHOME])) $dbhome = $squidguard_config[FLD_DBHOME]; + if (file_exists($squidguard_config[FLD_WORKDIR])) $workdir = $squidguard_config[FLD_WORKDIR]; + sg_addlog("sg_update_blacklist: begin '$dbhome'"); + + if (file_exists($from_file)) { + // 1. unpack blacklist file + $bl_temp = '/var/tmp/blacklists'; + mwexec('tar zxvf ' . $from_file . ' -C /var/tmp/'); + sg_addlog("sg_update_blacklist: unpack uploaded file $from_file -> $bl_temp"); + + // 2. copy blacklist to squidGuard base + if (file_exists($bl_temp)) { + // - copy blacklist & create entries list + sg_addlog("sg_update_blacklist: create entries"); + $blk_files = scan_dir($bl_temp); + $blk_entries = array(); + foreach($blk_files as $bf) { + if (($bf != '.') && ($bf != '..')) { + $blk_entries[] = $bf; + mwexec("cp -Rf $bl_temp/$bf $dbhome"); + sg_addlog("sg_update_blacklist: $bf"); + } + } + + // create entries list + if (count($blk_entries)) { + file_put_contents($workdir . SQUIDGUARD_BLK_ENTRIES, implode("\n", $blk_entries)); + set_file_access($workdir . SQUIDGUARD_BLK_ENTRIES, OWNER_NAME, 0755); + sg_addlog("sg_update_blacklist: create entries " . $workdir . SQUIDGUARD_BLK_ENTRIES); + } + sg_remove_unused_db_entries(); + + // clearing temp + mwexec("rm -R $bl_temp"); + } + set_file_access($squidguard_config[FLD_DBHOME], OWNER_NAME, 0755); +# sg_full_rebuild_db(); + } + sg_addlog("sg_update_blacklist: end"); +} + +// ----------------------------------------------------------------------------- +// sg_entries_blacklist - update blacklist from file +// ----------------------------------------------------------------------------- +function sg_entries_blacklist() { + global $squidguard_config; + $contentS = ''; + $fl = SQUIDGUARD_WORKDIR_DEF . SQUIDGUARD_BLK_ENTRIES; + if (file_exists($squidguard_config[FLD_WORKDIR])) + $fl = $squidguard_config[FLD_WORKDIR] . SQUIDGUARD_BLK_ENTRIES; + + if (file_exists($fl)) { + $contents = file_get_contents($fl); + $contents = explode("\n", $contents); + } + return $contents; +} + +# -------------------------- UTILS --------------------------------------------- +# sg_uploadfile_from_url +# upload file and put them to $destination_file +# return = upload content +# ------------------------------------------------------------------------------ +function sg_uploadfile_from_url($url_file, $destination_file, $proxy = '') { + // open destination file + sg_addlog("sg_uploadfile_from_url: begin url'$url_file' proxy'$proxy'"); + + $result = ''; + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url_file); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + if (!empty($proxy)) { + $ip = ''; + $login = ''; + $s = trim($proxy); + if (strpos($s, ' ')) { + $ip = substr($s, 0, strpos($s, ' ')); + $login = substr($s, strpos($s, ' ') + 1); + } else $ip = $s; + + if($ip != '') { + curl_setopt($ch, CURLOPT_PROXY, $ip); + if($login != '') + curl_setopt($ch, CURLOPT_PROXYUSERPWD, $login); + } + } + $result=curl_exec ($ch); + curl_close ($ch); + if (!empty($destination_file)) + file_put_contents($destination_file, $result); + else sg_addlog("sg_uploadfile_from_url: error upload file"); + + + // for test + file_put_contents(BLK_LOCALFILE, $result); + + sg_addlog("sg_uploadfile_from_url: end"); + return $result; +} + +// ----------------------------------------------------------------------------- +// Set file access +// ----------------------------------------------------------------------------- +function set_file_access($dir, $owner, $mod) { + + if (!file_exists($dir)) return; + + chown($dir, $owner); + chgrp($dir, $owner); + chmod($dir, $mod); + + if (is_dir($dir)) { + $hd = opendir($dir); + while (($item = readdir($hd)) !== false) { + if (($item != ".") && ($item != "..")) { + $path = "$dir/$item"; + if (is_dir($path)) + set_file_access($path, $owner, $mod); + else { + chown($path, $owner); + chgrp($path, $owner); + chmod($path, $mod); + } + } + } + } +} +# ============================================================================== +# self utils +# ============================================================================== +# scan_dir - build files listing for $dir +# ------------------------------------------------------------------------------ +function scan_dir($dir) { + $files = array(); + if (file_exists($dir)) { + $dh = opendir($dir); + while (false !== ($filename = readdir($dh))) + $files[] = $filename; + sort($files); + } + return $files; +} +# ------------------------------------------------------------------------------ +# is_url - build files listing for $dir +# ------------------------------------------------------------------------------ +function is_url($url) { + if (empty($url)) return false; + if (eregi("^http://", $url)) return true; + if (eregi("^https://", $url)) return true; + if (eregi("^([0-9]{3})", $url)) return true; // http error code 403, 404, 410, 500, + return false; +} +# ------------------------------------------------------------------------------ +# check name +# ------------------------------------------------------------------------------ +function check_name ($name) { + $err = ''; + $val = trim($name); + + if ((strlen($val) < 2) || (strlen($val) > 16)) + $err .= " Size of name must be between [2..16]."; + + // All symbols must be [a-zA-Z_0-9\-] First symbol = letter. + if (!eregi("^([a-zA-Z]{1})([a-zA-Z_0-9\-]+)$", $val)) + $err .= " Invalid name $name. Valid name symbols: ['a-Z', '_', '0-9', '-']. First symbol must be a letter."; + + return $err; +} + +?> diff --git a/packages/squidGuard/squidguard_default.xml b/packages/squidGuard/squidguard_default.xml index 2318f95b..122206ab 100644 --- a/packages/squidGuard/squidguard_default.xml +++ b/packages/squidGuard/squidguard_default.xml @@ -2,15 +2,15 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>squidguarddefault</name> <version>none</version> - <title>Proxy server filter SquidGuard: Default</title> - <include_file>squidguard.inc</include_file> - + <title>Proxy Content filter SquidGuard: Default</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> + <tabs> <tab> <text>General settings</text> @@ -46,12 +46,13 @@ <url>/pkg_edit.php?xml=squidguard_log.xml</url> </tab> </tabs> + <fields> <field> <fielddescr>Default Time</fielddescr> <fieldname>time</fieldname> - <type>select</type> <description>Enter time name in current which this rule permitted.</description> + <type>select</type> </field> <field> <fielddescr>Default destination</fielddescr> @@ -63,7 +64,10 @@ <field> <fielddescr>Default Redirect</fielddescr> <fieldname>redirect</fieldname> - <description>Enter redirection URL or Error page message for this rule, or leave blank.</description> + <description> + Enter redirection URL or Error page code for this rule, or leave blank. + Supported error page codes: 403, 404, 410. + </description> <type>textarea</type> <cols>70</cols> <rows>5</rows> @@ -71,7 +75,10 @@ <field> <fielddescr>Default overtime redirect</fielddescr> <fieldname>overredirect</fieldname> - <description>Enter redirection URL or Error page message for this rule, or leave blank.</description> + <description> + Enter redirection URL or Error page code for this rule, or leave blank. + Supported error page codes: 403, 404, 410. + </description> <type>textarea</type> <cols>70</cols> <rows>5</rows> @@ -95,6 +102,7 @@ <type>checkbox</type> </field> </fields> + <custom_php_validation_command> squidguard_validate_acl(&$_POST, &$input_errors); </custom_php_validation_command> @@ -102,10 +110,9 @@ squidguard_before_form_acl(&$pkg); </custom_php_command_before_form> <custom_php_after_form_command> - squidGuard_print_javascript(); + squidGuard_print_javascript(); </custom_php_after_form_command> - <custom_add_php_command> </custom_add_php_command> - + <custom_add_php_command/> <custom_php_resync_config_command> // squidguard_resync(); </custom_php_resync_config_command> diff --git a/packages/squidGuard/squidguard_dest.xml b/packages/squidGuard/squidguard_dest.xml index b70d8acc..0643c08f 100644 --- a/packages/squidGuard/squidguard_dest.xml +++ b/packages/squidGuard/squidguard_dest.xml @@ -2,14 +2,14 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>squidguarddest</name> <version>none</version> - <title>Proxy server filter SquidGuard: Destinations</title> - <include_file>squidguard.inc</include_file> + <title>Proxy Content filter SquidGuard: Destinations</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> <delete_string>A proxy server user has been deleted.</delete_string> <addedit_string>A proxy server user has been created/modified.</addedit_string> @@ -49,6 +49,7 @@ <url>/pkg_edit.php?xml=squidguard_log.xml</url> </tab> </tabs> + <adddeleteeditpagefields> <columnitem> <fielddescr>Destination name</fielddescr> @@ -68,13 +69,14 @@ </columnitem> <columnitem> <fielddescr>Redirect</fielddescr> - <fieldname>redir</fieldname> + <fieldname>redirect</fieldname> </columnitem> <columnitem> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> </columnitem> </adddeleteeditpagefields> + <fields> <field> <fielddescr>Name</fielddescr> @@ -124,8 +126,11 @@ </field> <field> <fielddescr>Redirect</fielddescr> - <fieldname>redir</fieldname> - <description>Enter redirection URL or Error page message for this rule, or leave blank.</description> + <fieldname>redirect</fieldname> + <description> + Enter redirection URL or Error page code for this rule, or leave blank. + Supported error page codes: 403, 404, 410. + </description> <type>textarea</type> <cols>60</cols> <rows>5</rows> @@ -133,8 +138,8 @@ <field> <fielddescr>Enable log</fielddescr> <fieldname>enablelog</fieldname> - <description>Check this for enable log.</description> <type>checkbox</type> + <description>Check this for enable log.</description> </field> <field> <fielddescr>Description</fielddescr> @@ -144,6 +149,8 @@ <size>90</size> </field> </fields> + + <custom_delete_php_command/> <custom_php_validation_command> squidguard_validate_destination($_POST, &$input_errors); </custom_php_validation_command> diff --git a/packages/squidGuard/squidguard_log.xml b/packages/squidGuard/squidguard_log.xml index 9769c3fb..c201e9f3 100644 --- a/packages/squidGuard/squidguard_log.xml +++ b/packages/squidGuard/squidguard_log.xml @@ -2,14 +2,14 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>squidguardlog</name> <version>none</version> - <title>Proxy server filter SquidGuard: Log</title> - <include_file>squidguard.inc</include_file> + <title>Proxy Content filter SquidGuard: Log</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> <delete_string>A proxy server user has been deleted.</delete_string> <addedit_string>A proxy server user has been created/modified.</addedit_string> @@ -45,29 +45,33 @@ </tab> <tab> <text>Log</text> - <url>/pkg_edit.php?xml=squidguard_log.xml</url> + <url>/pkg_edit.php?xml=squidguard_log.xml&id=0</url> <active/> </tab> </tabs> + <fields> <field> <fielddescr>Log type</fielddescr> <fieldname>logtype</fieldname> - <description>LOG</description> + <description></description> <type>select</type> <value>access_log</value> <options> - <option><name>User access log</name><value>access_log</value></option> - <option><name>WebGUI log</name><value>webgui_log</value></option> - <option><name>squidGuard log</name><value>squidguard_log</value></option> + <option><name>Blocked URL's log</name><value>block_log</value></option> + <option><name>Configurator log</name><value>configurator_log</value></option> + <option><name>squidGuard log</name><value>squidguard_log</value></option> + <option><name>squid config</name><value>squid_config</value></option> + <option><name>squidGuard config</name><value>squidguard_config</value></option> </options> </field> </fields> + <custom_php_command_before_form> squidguard_before_form_log(&$pkg); </custom_php_command_before_form> <custom_php_after_form_command> - squidGuard_print_javascript(); + squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_validation_command> </custom_php_validation_command> diff --git a/packages/squidGuard/squidguard_rewr.xml b/packages/squidGuard/squidguard_rewr.xml index 6dcdec5e..0de007ac 100644 --- a/packages/squidGuard/squidguard_rewr.xml +++ b/packages/squidGuard/squidguard_rewr.xml @@ -2,14 +2,14 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>squidguardrewrite</name> <version>none</version> - <title>Proxy server filter SquidGuard: Rewrites</title> - <include_file>squidguard.inc</include_file> + <title>Proxy Content filter SquidGuard: Rewrites</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> <tabs> <tab> @@ -46,6 +46,7 @@ <url>/pkg_edit.php?xml=squidguard_log.xml</url> </tab> </tabs> + <adddeleteeditpagefields> <columnitem> <fielddescr>Name</fielddescr> @@ -56,6 +57,7 @@ <fieldname>description</fieldname> </columnitem> </adddeleteeditpagefields> + <fields> <field> <fielddescr>Name</fielddescr> @@ -69,37 +71,25 @@ <size>100</size> </field> <field> - <fielddescr>Enable log</fielddescr> - <fieldname>enablelog</fieldname> - <type>checkbox</type> - <description>Check this for enable log.</description> - </field> - <field> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description>You may enter a description here for your reference (not parsed).</description> - <type>input</type> - <size>100</size> - </field> - <field> <fielddescr> <b>Rewrite rule.</b><br> Define how url will be replaced.</fielddescr> <type>rowhelper</type> <rowhelper> <rowhelperfield> - <fielddescr>Target URL</fielddescr> + <fielddescr>Target URL or regular expression</fielddescr> <fieldname>targeturl</fieldname> <type>input</type> <size>50</size> </rowhelperfield> <rowhelperfield> - <fielddescr>Replace to</fielddescr> + <fielddescr>Replace to URL</fielddescr> <fieldname>replaceto</fieldname> <type>input</type> <size>69</size> </rowhelperfield> - <rowhelperfield> + +<!-- <rowhelperfield> <fielddescr>Case ins.</fielddescr> <fieldname>caseins</fieldname> <type>checkbox</type> @@ -114,19 +104,29 @@ <fieldname>http302</fieldname> <type>checkbox</type> </rowhelperfield> +--> </rowhelper> </field> <field> - <fielddescr>Note</fielddescr> - <fieldname>note</fieldname> + <fielddescr>Enable log</fielddescr> + <fieldname>enablelog</fieldname> + <description>Check this for enable log.</description> <type>checkbox</type> - <description> - <b>Rewrite rule</b>-define how url will are replaced.<br> - <b>Target url</b>-contains destination url or his template. Url template example: */cc32e46.exe <br> - <b>Replace to</b>-contains replacing url. + </field> + <field> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description>You may enter a description here for your reference (not parsed).<br> + <b> Note: </b> <br> + <b>Rewrite rule</b> - define how url will are replaced.<br> + <b>Target URL or regular expression</b> - contains destination url or regular expression. Regular expression example: */cc32e46.exe <br> + <b>Replace to</b> - contains replacing url. </description> + <type>input</type> + <size>100</size> </field> </fields> + <custom_php_after_form_command> squidGuard_print_javascript(); </custom_php_after_form_command> diff --git a/packages/squidGuard/squidguard_src.xml b/packages/squidGuard/squidguard_src.xml index 3a291c42..000528db 100644 --- a/packages/squidGuard/squidguard_src.xml +++ b/packages/squidGuard/squidguard_src.xml @@ -2,18 +2,18 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>squidguardsrc</name> <version>none</version> - <title>Proxy server filter SquidGuard: Sources</title> - <include_file>squidguard.inc</include_file> + <title>Proxy Content filter SquidGuard: Sources</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> <delete_string>A proxy server user has been deleted.</delete_string> <addedit_string>A proxy server user has been created/modified.</addedit_string> - + <tabs> <tab> <text>General settings</text> @@ -49,8 +49,13 @@ <url>/pkg_edit.php?xml=squidguard_log.xml</url> </tab> </tabs> + <adddeleteeditpagefields> <columnitem> + <fielddescr>Order</fielddescr> + <fieldname>order</fieldname> + </columnitem> + <columnitem> <fielddescr>Source name</fielddescr> <fieldname>name</fieldname> </columnitem> @@ -59,10 +64,15 @@ <fieldname>iplist</fieldname> </columnitem> <columnitem> + <fielddescr>domains list</fielddescr> + <fieldname>domains</fieldname> + </columnitem> + <columnitem> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> </columnitem> </adddeleteeditpagefields> + <fields> <field> <fielddescr>Source name</fielddescr> @@ -72,21 +82,46 @@ All other symbols is [a-Z_0-9]. Source name must be <b>unique</b> . </description> <type>input</type> - <size>80</size> <required/> + <size>80</size> + </field> + <field> + <fielddescr>Order</fielddescr> + <fieldname>order</fieldname> + <description> + Order source in list. <br> + <b>Note:</b> <br> + Sources order have very high importance. Sources are evaluated on a first-match basis. <br> + If your sources have an overlaying ranges, then act will be first in list. <br> + <b>For example:</b> <br> + Wrong order: <br> + First source entry is the range 10.0.0.0/24 and second entry is 10.0.0.15 (or 10.0.0.15/32 ) <br> + Right order: <br> + First source entry is the single ip 10.0.0.15 (or 10.0.0.15/32 ) then the overlaying range 10.0.0.0/24 <br> + </description> + <type>input</type> + <size>5</size> </field> <field> <fielddescr>IP addresses</fielddescr> <fieldname>iplist</fieldname> <description> Enter IP addresses here with space(' ') divider. <br> - IP addresses must be in format:<br> - ip xxx.xxx.xxx.xxx [...] or ip xxx.xxx.xxx.xxx/nn [...] or <br> - ip xxx.xxx.xxx.xxx/mmm.mmm.mmm.mmm [...] or ip xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy [...] <br> - where: <br> - xxx.xxx.xxx.xxx is an IP address (host or net, i.e. 10.11.12.13 or 10.11.12.0), /nn a net prefix (i.e. /23), <br> - mmm.mmm.mmm.mmm is a netmask (i.e. 255.255.254.0) and yyy.yyy.yyy.yyy is a host address <br> - (must be >= xxx.xxx.xxx.xxx) + IP addresses must have format:<br> + single example: '192.168.0.1' <br> + range examples: <br> + '192.168.0.0/24', '192.168.1.0/255.255.255.0', '192.168.1.1-192.168.1.10' <br> + </description> + <type>textarea</type> + <cols>50</cols> + <rows>10</rows> + </field> + <field> + <fielddescr>Domains</fielddescr> + <fieldname>domains</fieldname> + <description> + Enter domains names here with space(' ') divider. <br> + Example: <b>'foo.bar'</b> match <b>'foo.bar'</b> or <b>'*.foo.bar'</b>. </description> <type>textarea</type> <cols>50</cols> @@ -106,6 +141,10 @@ <size>80</size> </field> </fields> + + <custom_php_command_before_form> + squidguard_before_form_src(&$pkg); + </custom_php_command_before_form> <custom_php_after_form_command> squidGuard_print_javascript(); </custom_php_after_form_command> @@ -113,6 +152,9 @@ squidguard_validate_source($_POST, &$input_errors); </custom_php_validation_command> <custom_php_resync_config_command> -// squidguard_resync_time(); + squidguard_resync_src(); </custom_php_resync_config_command> + <custom_delete_php_command> + squidguard_resync_src(); + </custom_delete_php_command> </packagegui> diff --git a/packages/squidGuard/squidguard_time.xml b/packages/squidGuard/squidguard_time.xml index 89f37590..360a2930 100644 --- a/packages/squidGuard/squidguard_time.xml +++ b/packages/squidGuard/squidguard_time.xml @@ -2,14 +2,14 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>squidguardtime</name> <version>none</version> - <title>Proxy server filter SquidGuard: Times</title> - <include_file>squidguard.inc</include_file> + <title>Proxy Content filter SquidGuard: Times</title> + <include_file>/usr/local/pkg/squidguard.inc</include_file> <delete_string>A proxy server user has been deleted.</delete_string> <addedit_string>A proxy server user has been created/modified.</addedit_string> @@ -49,6 +49,7 @@ <url>/pkg_edit.php?xml=squidguard_log.xml</url> </tab> </tabs> + <adddeleteeditpagefields> <columnitem> <fielddescr>Timename</fielddescr> @@ -65,12 +66,12 @@ <fieldname>name</fieldname> <description>Enter the time name here.</description> <type>input</type> - <size>80</size> <required/> + <size>80</size> </field> <field> - <type>rowhelper</type> <fielddescr>Values</fielddescr> + <type>rowhelper</type> <rowhelper> <rowhelperfield> <fielddescr>Time type</fielddescr> @@ -103,13 +104,12 @@ <rowhelperfield> <fielddescr>Date or Date range</fielddescr> <fieldname>daterange</fieldname> - <description>00:00-08:00 15:00-21:00 Format: *.01.01</description> <type>input</type> <size>40</size> </rowhelperfield> <rowhelperfield> <fielddescr>Time range</fielddescr> - <fieldname>timerange</fieldname> + <fieldname>sg_timerange</fieldname> <description>00:00-08:00</description> <type>input</type> <size>20</size> @@ -119,13 +119,19 @@ <field> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - <description>You may enter a description here for your reference (not parsed).</description> + <description>You may enter a description here for your reference (not parsed). <br> + <b> Note: </b> <br> + Field <b>'Date or date range'</b> have format 'yyyy.mm.dd'; 'yyyy.mm.dd-yyyy.mm.dd'; or use '*' in format. <br> + Example: '2007.05.01'; '2007.04.14-2007.04.17'; '*.12.24'; '2007.*.01'; <br> + Field <b>'Time range'</b> have format 'hh:mm-hh:mm'. Example: '08:00-18:00'; + </description> <type>input</type> <size>80</size> </field> </fields> + <custom_php_after_form_command> - squidGuard_print_javascript(); + squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_validation_command> squidguard_validate_times(&$_POST, &$input_errors); |