From 85e8988f685fa12327d6970cba2c1a5b7acf6a5d Mon Sep 17 00:00:00 2001
From: Marcello Coutinho <marcellocoutinho@gmail.com>
Date: Thu, 15 Mar 2012 18:46:09 -0300
Subject: dansguardian - version 0.1.5 with fixes and ldap group based
 authentication

---
 config/dansguardian/dansguardian.conf.template    |   2 +-
 config/dansguardian/dansguardian.inc              |  63 ++++++--
 config/dansguardian/dansguardian.xml              |  14 ++
 config/dansguardian/dansguardian_about.php        |   1 +
 config/dansguardian/dansguardian_blacklist.xml    |   4 +
 config/dansguardian/dansguardian_config.xml       |   8 +-
 config/dansguardian/dansguardian_groups.xml       |  31 +++-
 config/dansguardian/dansguardian_ips_header.xml   |   4 +
 config/dansguardian/dansguardian_ldap.php         | 148 +++++++++++++++++++
 config/dansguardian/dansguardian_ldap.xml         | 171 ++++++++++++++++++++++
 config/dansguardian/dansguardian_limits.xml       |   4 +
 config/dansguardian/dansguardian_log.xml          |   4 +
 config/dansguardian/dansguardian_sync.xml         |   4 +
 config/dansguardian/dansguardian_users_header.xml |   4 +
 config/dansguardian/dansguardianfx.conf.template  |   2 +-
 pkg_config.8.xml                                  |   2 +-
 pkg_config.8.xml.amd64                            |   2 +-
 17 files changed, 446 insertions(+), 22 deletions(-)
 create mode 100644 config/dansguardian/dansguardian_ldap.php
 create mode 100755 config/dansguardian/dansguardian_ldap.xml

diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template
index 5bee053e..27099332 100755
--- a/config/dansguardian/dansguardian.conf.template
+++ b/config/dansguardian/dansguardian.conf.template
@@ -680,7 +680,7 @@ softrestart = {$softrestart}
 
 #SSL certificate checking path
 #Path to CA certificates used to validate the certificates of https sites.
-sslcertificatepath = '/etc/ssl/certs/'
+sslcertificatepath = '/usr/local/share/certs/'
 
 #SSL man in the middle
 #CA certificate path
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index 6c6d6e93..a568b69e 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -215,27 +215,30 @@ function sync_package_dansguardian() {
 	$load_samples=0;
 	
 	#ssl men-in-the-middle feature
-	$dirs=array($dansguardian_dir."/ssl",$dansguardian_dir."/ssl/generatedcerts",$dansguardian_dir."/ssl/generatedlinks");
+	$dirs=array("/var/log/dansguardian/stats","/etc/ssl/demoCA","/etc/ssl/demoCA/private","/etc/ssl/demoCA/crl","/etc/ssl/demoCA/certs",$dansguardian_dir."/ssl/generatedcerts",$dansguardian_dir."/ssl/generatedlinks");
 	foreach ($dirs as $dir)
 		if (!is_dir($dir))
-			mkdir ($dir,0700,true);
-	$ca_cert = lookup_ca($dansguardian_config["ca"][0]);
+			mkdir ($dir,0755,true);
+	$ca_cert = lookup_ca($dansguardian_config["dca"]);
 	if ($ca_cert != false) {
 		if(base64_decode($ca_cert['prv'])) {
-			file_put_contents($dansguardian_dir. "/ssl/ssl_ca_key.pem",base64_decode($ca_cert['prv']));
-			$ca_pk = "caprivatekeypath = ".$dansguardian_dir . "/ssl/ssl_ca_key.pem";
+			file_put_contents("/etc/ssl/demoCA/private/cakey.pem",base64_decode($ca_cert['prv']));
+			$ca_pk = "caprivatekeypath = '/etc/ssl/demoCA/private/cakey.pem'";
 			}
 		if(base64_decode($ca_cert['crt'])) {
-			file_put_contents($dansguardian_dir . "/ssl/ssl_ca_cert.pem",base64_decode($ca_cert['crt']));
-			$ca_pem = "cacertificatepath = ".$dansguardian_dir . "/ssl/ssl_ca_cert.pem";
-		$generatedcertpath= "generatedcertpath = ".$dansguardian_dir . "/ssl/generatedcerts";
-		$generatedlinkpath= "generatedlinkpath = ".$dansguardian_dir . "/ssl/generatedlinks";
+			file_put_contents("/etc/ssl/demoCA/cacert.pem",base64_decode($ca_cert['crt']));
+			exec("/usr/bin/openssl x509 -hash -noout -in /etc/ssl/demoCA/cacert.pem",$cert_hash);
+			file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",base64_decode($ca_cert['crt']));
+			$ca_pem = "cacertificatepath = '/etc/ssl/demoCA/cacert.pem'";
+		$generatedcertpath= "generatedcertpath = '/etc/ssl/demoCA/certs/'";
+		#generatedcertpath = ".$dansguardian_dir . "/ssl/generatedcerts";
+		$generatedlinkpath= "generatedlinkpath = '".$dansguardian_dir . "/ssl/generatedlinks'";
 			}
-		$svr_cert = lookup_cert($dansguardian_config["cert"][0]);
+		$svr_cert = lookup_cert($dansguardian_config["dcert"]);
 		if ($svr_cert != false) {
 			if(base64_decode($svr_cert['prv'])) {
-				file_put_contents($dansguardian_dir . "/ssl/ssl_server_key.pem",base64_decode($svr_cert['prv'])."\n".base64_decode($svr_cert['crt']));
-				$cert_key = "certprivatekeypath = ".$dansguardian_dir . '/ssl/ssl_server_key.pem';
+				file_put_contents("/etc/ssl/demoCA/private/serverkey.pem",base64_decode($svr_cert['prv']));
+				$cert_key = "certprivatekeypath = '/etc/ssl/demoCA/private/serverkey.pem' ";
 			}
 		}
 	}
@@ -796,7 +799,7 @@ EOF;
 	$cron_found=0;
 	if (is_array($config['cron']['item']))
 		foreach($config['cron']['item'] as $cron)
-			if (!preg_match("/usr.local.(bin.freshclam|www.dansguardian.php)/",$cron["command"])){
+			if (!preg_match("/usr.local.(bin.freshclam|www.dansguardian)/",$cron["command"])){
 				$cron_found++;
 				$new_cron['item'][]=$cron;
 			}
@@ -875,7 +878,32 @@ EOF;
 				break;
 		}
 
-		
+	$cron_cmd="/usr/local/bin/php /usr/local/www/dansguardian_ldap.php";
+	if (is_array($config['installedpackages']['dansguardiangroups']['config']))
+	 foreach ($config['installedpackages']['dansguardiangroups']['config'] as $dansguardian_groups){
+	  if(preg_match('/(\d+)m/',$dansguardian_groups['freq'],$matches)){
+				$new_cron['item'][]=array(	"minute" =>	"*/".$matches[1],
+											"hour"	 =>	"*",
+											"mday" 	 =>	"*",
+											"month"  =>	"*",
+											"wday"	 =>	"*",
+											"who"	 =>	"root",
+											"command"=>	$cron_cmd." ".$dansguardian_groups['name']);
+				$config['cron']=$new_cron;
+				$cron_found++;
+		}
+	  if(preg_match('/(\d+)h/',$dansguardian_groups['freq'],$matches)){
+				$new_cron['item'][]=array(	"minute" =>	"0",
+											"hour"	 =>	"*/".$matches[1],
+											"mday" 	 =>	"*",
+											"month"  =>	"*",
+											"wday"	 =>	"*",
+											"who"	 =>	"root",
+											"command"=>	$cron_cmd." ".$dansguardian_groups['name']);
+				$config['cron']=$new_cron;
+				$cron_found++;
+		}
+	}
 	#write files
 	conf_mount_rw();
 
@@ -997,7 +1025,10 @@ function dansguardian_validate_input($post, &$input_errors) {
 				$input_errors[] = "{$value} cannot be used as name.";
 		else if ($key == "name" && preg_match("/\W/",$value)) 
 				$input_errors[] = "{$value} cannot be used as name. Use only a-z 0-9 characters";
-				
+		else if (empty($value))
+				continue;
+		else if($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0))
+				$input_errors[] = "A valid number with a time reference is required for the field 'Update Frequency'";
 	}
 }
 
@@ -1045,6 +1076,8 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
 		$xml['dansguardian'] = $config['installedpackages']['dansguardian'];
 		$xml['dansguardianantivirusacl'] = $config['installedpackages']['dansguardianantivirusacl'];
 		$xml['dansguardianconfig'] = $config['installedpackages']['dansguardianconfig'];
+		$xml['dansguardianblacklist'] = $config['installedpackages']['dansguardianblacklist'];
+		$xml['dansguardianldap'] = $config['installedpackages']['dansguardianldap'];
 		$xml['dansguardiancontentacl'] = $config['installedpackages']['dansguardiancontentacl'];
 		$xml['dansguardianfileacl'] = $config['installedpackages']['dansguardianfileacl'];
 		$xml['dansguardiangroups'] = $config['installedpackages']['dansguardiangroups'];
diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml
index 41f2a447..1188796c 100644
--- a/config/dansguardian/dansguardian.xml
+++ b/config/dansguardian/dansguardian.xml
@@ -68,6 +68,16 @@
 		<prefix>/usr/local/www/</prefix>
 		<chmod>0755</chmod>
 	</additional_files_needed>
+	<additional_files_needed>
+		<item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_ldap.php</item>
+		<prefix>/usr/local/www/</prefix>
+		<chmod>0755</chmod>
+	</additional_files_needed>
+	<additional_files_needed>
+		<item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_ldap.xml</item>
+		<prefix>/usr/local/pkg/</prefix>
+		<chmod>0755</chmod>
+	</additional_files_needed>
 	<additional_files_needed>
 		<item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml</item>
 		<prefix>/usr/local/pkg/</prefix>
@@ -200,6 +210,10 @@
 			<text>Access Lists</text>
 			<url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&amp;id=0</url>
 		</tab>
+		<tab>
+			<text>LDAP</text>
+			<url>/pkg.php?xml=dansguardian_ldap.xml</url>
+		</tab>
 		<tab>
 			<text>Groups</text>
 			<url>/pkg.php?xml=dansguardian_groups.xml</url>
diff --git a/config/dansguardian/dansguardian_about.php b/config/dansguardian/dansguardian_about.php
index f9c9e260..49359472 100755
--- a/config/dansguardian/dansguardian_about.php
+++ b/config/dansguardian/dansguardian_about.php
@@ -57,6 +57,7 @@ include("head.inc");
 	$tab_array[] = array(gettext("Limits"), false, "/pkg_edit.php?xml=dansguardian_limits.xml&id=0");
 	$tab_array[] = array(gettext("Blacklist"), false, "/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0");
 	$tab_array[] = array(gettext("Access Lists"), false, "/pkg_edit.php?xml=dansguardian_antivirus.xml&id=0");
+	$tab_array[] = array(gettext("LDAP"), false, "/pkg.php?xml=dansguardian_ldap.xml&id=0");
 	$tab_array[] = array(gettext("Groups"), false, "/pkg.php?xml=dansguardian_groups.xml&id=0");
 	$tab_array[] = array(gettext("Users"), false, "/pkg.php?xml=dansguardian_users.xml&id=0");
 	$tab_array[] = array(gettext("IPs"), false, "/pkg.php?xml=dansguardian_ips.xml&id=0");
diff --git a/config/dansguardian/dansguardian_blacklist.xml b/config/dansguardian/dansguardian_blacklist.xml
index a8895342..d95558e6 100644
--- a/config/dansguardian/dansguardian_blacklist.xml
+++ b/config/dansguardian/dansguardian_blacklist.xml
@@ -68,6 +68,10 @@
 			<text>Access Lists</text>
 			<url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&amp;id=0</url>
 		</tab>
+		<tab>
+			<text>LDAP</text>
+			<url>/pkg.php?xml=dansguardian_ldap.xml</url>
+		</tab>
 		<tab>
 			<text>Groups</text>
 			<url>/pkg.php?xml=dansguardian_groups.xml</url>
diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml
index 11a34434..6016d80f 100644
--- a/config/dansguardian/dansguardian_config.xml
+++ b/config/dansguardian/dansguardian_config.xml
@@ -68,6 +68,10 @@
 			<text>Access Lists</text>
 			<url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&amp;id=0</url>
 		</tab>
+		<tab>
+			<text>LDAP</text>
+			<url>/pkg.php?xml=dansguardian_ldap.xml</url>
+		</tab>
 		<tab>
 			<text>Groups</text>
 			<url>/pkg.php?xml=dansguardian_groups.xml</url>
@@ -198,7 +202,7 @@
 		</field>
 		<field>
 			<fielddescr>CA</fielddescr>
-			<fieldname>ca</fieldname>
+			<fieldname>dca</fieldname>
 			<description><![CDATA[Select Certificate Authority to use when SSL filtering is enabled on Group options<br>
 								To create a CA on pfsense, go to <strong>system -> Cert Manager<strong>]]></description>
 	    	<type>select_source</type>
@@ -208,7 +212,7 @@
 		</field>
 		<field>
 			<fielddescr>Cert</fielddescr>
-			<fieldname>cert</fieldname>
+			<fieldname>dcert</fieldname>
 			<description><![CDATA[Select Certificate pair to use when SSL filtering is enabled on Group options<br>
 								To create a Certificate on pfsense, go to <strong>system -> Cert Manager<strong>]]></description>
 	    	<type>select_source</type>
diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml
index 4849126d..baa9b44a 100755
--- a/config/dansguardian/dansguardian_groups.xml
+++ b/config/dansguardian/dansguardian_groups.xml
@@ -66,6 +66,10 @@
 			<text>Access Lists</text>
 			<url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&amp;id=0</url>
 		</tab>
+		<tab>
+			<text>LDAP</text>
+			<url>/pkg.php?xml=dansguardian_ldap.xml</url>
+		</tab>
 		<tab>
 			<text>Groups</text>
 			<url>/pkg.php?xml=dansguardian_groups.xml</url>
@@ -148,7 +152,6 @@
  				<multiple/>
  				<size>10</size>
 		</field>
-		
 		<field>
 			<fielddescr>Pics</fielddescr>
 			<fieldname>picsacl</fieldname>
@@ -328,6 +331,32 @@
 			<type>input</type>
 			<size>10</size>
 		</field>
+		<field>
+			<name>LDAP</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>LDAP</fielddescr>
+			<fieldname>ldap</fieldname>
+			<description><![CDATA[Select Active directory servers to extract users from<br>
+								 The group must has the same name in dansguardian and on active directory<br>
+								 <strong>This is not aplicable for default group</strong>]]></description>
+	    	<type>select_source</type>
+	    	<size>05</size>
+	    	<multiple/>
+			<source><![CDATA[$config['installedpackages']['dansguardianldap']['config']]]></source>
+			<source_name>dc</source_name>
+			<source_value>dc</source_value>
+		</field>
+		<field>
+			<fielddescr>Update frequency</fielddescr>
+			<fieldname>freq</fieldname>
+			<description><![CDATA[How often extract users from active directory and verify changes<br>
+								Valid options are minutes(m), hours(h)<br>
+								Sample: To update every two minute, use 2m]]></description>
+	    	<type>input</type>
+	    	<size>05</size>
+		</field>
 		</fields>
 	<custom_php_install_command>
 		dansguardian_php_install_command();
diff --git a/config/dansguardian/dansguardian_ips_header.xml b/config/dansguardian/dansguardian_ips_header.xml
index 2029fabf..33e50332 100644
--- a/config/dansguardian/dansguardian_ips_header.xml
+++ b/config/dansguardian/dansguardian_ips_header.xml
@@ -66,6 +66,10 @@
 			<text>Access Lists</text>
 			<url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&amp;id=0</url>
 		</tab>
+		<tab>
+			<text>LDAP</text>
+			<url>/pkg.php?xml=dansguardian_ldap.xml</url>
+		</tab>
 		<tab>
 			<text>Groups</text>
 			<url>/pkg.php?xml=dansguardian_groups.xml</url>
diff --git a/config/dansguardian/dansguardian_ldap.php b/config/dansguardian/dansguardian_ldap.php
new file mode 100644
index 00000000..79a6b21a
--- /dev/null
+++ b/config/dansguardian/dansguardian_ldap.php
@@ -0,0 +1,148 @@
+#!/usr/local/bin/php -f 
+<?php
+
+// based on http://samjlevy.com/2011/02/using-php-and-ldap-to-list-of-members-of-an-active-directory-group/
+// pfsense integration by marcelloc and ccesario
+/* $Id$ */
+/* ========================================================================== */
+/*
+    dansguardian_ldap.php
+    part of pfSense (http://www.pfSense.com)
+    Copyright (C) 2012 Marcello Coutinho
+    
+    All rights reserved.                                                      
+*/
+/* ========================================================================== */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+     1. Redistributions of source code must retain the above copyright notice,
+        this list of conditions and the following disclaimer.
+
+     2. Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+                                                                              */
+/* ========================================================================== */
+
+require_once("/etc/inc/util.inc");
+require_once("/etc/inc/functions.inc");
+require_once("/etc/inc/pkg-utils.inc");
+require_once("/etc/inc/globals.inc");
+
+function explode_dn($dn, $with_attributes=0)
+{
+    $result = ldap_explode_dn($dn, $with_attributes);
+    if (is_array($result))
+      foreach($result as $key => $value) {
+         $result[$key] = $value;
+     }
+    return $result;
+}
+
+function get_ldap_members($group,$user,$password) {
+	global $ldap_host;
+	global $ldap_dn;
+	$LDAPFieldsToFind = array("member");
+	$ldap = ldap_connect($ldap_host) or die("Could not connect to LDAP");
+
+	// OPTIONS TO AD
+	ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
+	ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);
+
+	ldap_bind($ldap, $user, $password) or die("Could not bind to LDAP");
+
+	$results = ldap_search($ldap,$ldap_dn,"cn=" . $group,$LDAPFieldsToFind);
+	
+	$member_list = ldap_get_entries($ldap, $results);
+	$group_member_details = array();
+	if (is_array($member_list[0]))
+	  foreach($member_list[0] as $list)
+		if (is_array($list)) 
+			foreach($list as $member) {
+				$member_dn = explode_dn($member);
+				$member_cn = str_replace("CN=","",$member_dn[0]);
+				$member_search = ldap_search($ldap, $ldap_dn, "(CN=" . $member_cn . ")");
+				$member_details = ldap_get_entries($ldap, $member_search);
+				$group_member_details[] = array($member_details[0]['samaccountname'][0],
+												$member_details[0]['displayname'][0]);
+			}
+	ldap_close($ldap);
+	array_shift($group_member_details);
+	return $group_member_details;
+	ldap_unbind($ldap);
+}
+
+// Read Pfsense config 
+global $config,$g;
+
+#mount filesystem writable
+conf_mount_rw();
+
+$id=0;
+$apply_config=0;
+if (is_array($config['installedpackages']['dansguardiangroups']['config']))
+	foreach($config['installedpackages']['dansguardiangroups']['config'] as $group) {
+		#ignore default group
+		if ($id > 1)
+			if ($argv[1] == "" || $argv[1] == $group['name']){
+	   		$members="";
+	   		$ldap_servers= explode (',',$group['ldap']);
+	   		echo  "Group : " . $group['name']."\n";
+	   		if (is_array($config['installedpackages']['dansguardianldap']['config']))
+	   			foreach ($config['installedpackages']['dansguardianldap']['config'] as $server){
+		   			if (in_array($server['dc'],$ldap_servers)){
+		   				$ldap_dn = $server['dn'];
+		   				$ldap_host=$server['dc'];
+				   		$result = get_ldap_members($group['name'],$server['username'].','.$server['dn'],$server['password']);
+		   				foreach($result as $key => $value) {
+			    			if (preg_match ("/\w+/",$value[0])){
+			    				#var_dump($value);
+			    				$name= preg_replace('/[^(\x20-\x7F)]*/','', $value[1]);
+			    				$pattern[0]="/USER/";
+			    				$pattern[1]="/,/";
+			    				$pattern[2]="/NAME/";
+			    				$replace[0]=$value[0];
+			    				$replace[1]="\n";
+			    				$replace[2]="$name";
+		    	  				$members .= preg_replace($pattern,$replace,$server['mask'])."\n";
+			    				}
+		   					}
+		   			}
+	   			}
+		   	if (!empty($members)){
+		   	$import_users = explode("\n", $members);
+			asort($import_users);
+			$members=base64_encode(implode("\n", $import_users));
+		   	if($config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] != $members){
+		   		$config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] = $members;
+		   		$apply_config++;
+		   		}
+		   	}
+			}
+		$id++;			
+	}
+if ($apply_config > 0){
+	print "user list from LDAP is different from current group, applying new configuration...";
+	write_config();
+	include("/usr/local/pkg/dansguardian.inc");
+	sync_package_dansguardian();
+	print "done\n";
+}
+
+#mount filesystem read-only
+conf_mount_ro();
+
+?>
\ No newline at end of file
diff --git a/config/dansguardian/dansguardian_ldap.xml b/config/dansguardian/dansguardian_ldap.xml
new file mode 100755
index 00000000..3411f483
--- /dev/null
+++ b/config/dansguardian/dansguardian_ldap.xml
@@ -0,0 +1,171 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+        <copyright>
+        <![CDATA[
+/* ========================================================================== */
+/*
+    dansguardian_ldap.xml
+    part of pfSense (http://www.pfSense.com)
+    Copyright (C) 2012 Marcello Coutinho
+    
+    All rights reserved.                                                      
+*/
+/* ========================================================================== */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+     1. Redistributions of source code must retain the above copyright notice,
+        this list of conditions and the following disclaimer.
+
+     2. Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+                                                                              */
+/* ========================================================================== */
+        ]]>
+        </copyright>
+    <description>Describe your package here</description>
+    <requirements>Describe your package requirements here</requirements>
+    <faq>Currently there are no FAQ items provided.</faq>
+	<name>dansguardianldap</name>
+	<version>1.0</version>
+	<title>Services: Dansguardian</title>
+	<include_file>/usr/local/pkg/dansguardian.inc</include_file>
+	<tabs>
+		<tab>
+			<text>Daemon</text>
+			<url>/pkg_edit.php?xml=dansguardian.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>General</text>
+			<url>/pkg_edit.php?xml=dansguardian_config.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>Limits</text>
+			<url>/pkg_edit.php?xml=dansguardian_limits.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>Blacklist</text>
+			<url>/pkg_edit.php?xml=dansguardian_blacklist.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>Access Lists</text>
+			<url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>LDAP</text>
+			<url>/pkg.php?xml=dansguardian_ldap.xml</url>
+			<active/>
+		</tab>
+		<tab>
+			<text>Groups</text>
+			<url>/pkg.php?xml=dansguardian_groups.xml</url>
+		</tab>
+		<tab>
+			<text>Users</text>
+			<url>/pkg_edit.php?xml=dansguardian_users.xml</url>
+		</tab>
+		<tab>
+			<text>IPs</text>
+			<url>/pkg_edit.php?xml=dansguardian_ips.xml</url>
+		</tab>
+		<tab>
+			<text>Report and log</text>
+			<url>/pkg_edit.php?xml=dansguardian_log.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>XMLRPC Sync</text>
+			<url>/pkg_edit.php?xml=dansguardian_sync.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>Help</text>
+			<url>/dansguardian_about.php</url>
+		</tab>
+</tabs>
+<adddeleteeditpagefields>
+		<columnitem>
+			<fielddescr>hostname</fielddescr>
+			<fieldname>dc</fieldname>
+		</columnitem>	
+		<columnitem>
+			<fielddescr>domain</fielddescr>
+			<fieldname>dn</fieldname>
+		</columnitem>	
+
+		<columnitem>
+			<fielddescr>username</fielddescr>
+			<fieldname>username</fieldname>
+		</columnitem>	
+	</adddeleteeditpagefields>
+	<fields>
+	<field>
+		<name>Ldap configuration</name>
+		<type>listtopic</type>
+	</field>
+	<field>
+		<fielddescr>Hostname</fielddescr>
+		<description><![CDATA[LDAP hostname example:<strong>dc1.mysite.com</strong>]]></description>
+		<fieldname>dc</fieldname>
+		<type>input</type>
+		<size>25</size>
+	</field>
+	<field>
+		<fielddescr>Domain</fielddescr>
+		<description><![CDATA[LDAP Domain example:<strong> dc=mysite,dc=com</strong>]]></description>
+		<fieldname>dn</fieldname>
+		<type>input</type>
+		<size>25</size>
+	</field>
+	<field>
+		<fielddescr>Username</fielddescr>
+		<description><![CDATA[Username Example:<strong>cn=antispam,cn=Users</strong>]]></description>
+		<fieldname>username</fieldname>
+		<type>input</type>
+		<size>25</size>
+	</field>
+	<field>
+		<fielddescr>Password</fielddescr>
+		<description><![CDATA[User password]]></description>
+		<fieldname>password</fieldname>
+		<type>password</type>
+		<size>10</size>
+	</field>
+	<field>
+		<fielddescr>mask</fielddescr>
+		<description><![CDATA[Default: USER<br>Apply prefix or sufix any info to username extracted.<br>
+								use "," if you need more than one mask for each user<br>
+								<strong>domain\USER #NAME,USER@MYDOMAIN.COM</strong><br>
+								NAME shows user name<br>
+								USER shows user login<br>]]></description>
+		<fieldname>mask</fieldname>
+		<type>input</type>
+		<size>50</size>
+	</field>
+	</fields>
+	<custom_php_install_command>
+		dansguardian_php_install_command();
+	</custom_php_install_command>
+	<custom_php_deinstall_command>
+		dansguardian_php_deinstall_command();
+	</custom_php_deinstall_command>
+	<custom_php_validation_command>
+		dansguardian_validate_input($_POST, &amp;$input_errors);
+	</custom_php_validation_command>	
+	<custom_php_resync_config_command>
+		sync_package_dansguardian();
+	</custom_php_resync_config_command>	
+</packagegui>
\ No newline at end of file
diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml
index eef24d52..4974bc7d 100644
--- a/config/dansguardian/dansguardian_limits.xml
+++ b/config/dansguardian/dansguardian_limits.xml
@@ -68,6 +68,10 @@
 			<text>Access Lists</text>
 			<url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&amp;id=0</url>
 		</tab>
+		<tab>
+			<text>LDAP</text>
+			<url>/pkg.php?xml=dansguardian_ldap.xml</url>
+		</tab>
 		<tab>
 			<text>Groups</text>
 			<url>/pkg.php?xml=dansguardian_groups.xml</url>
diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml
index 3a0f241e..a3448d44 100644
--- a/config/dansguardian/dansguardian_log.xml
+++ b/config/dansguardian/dansguardian_log.xml
@@ -67,6 +67,10 @@
 			<text>Access Lists</text>
 			<url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&amp;id=0</url>
 		</tab>
+		<tab>
+			<text>LDAP</text>
+			<url>/pkg.php?xml=dansguardian_ldap.xml</url>
+		</tab>
 		<tab>
 			<text>Groups</text>
 			<url>/pkg.php?xml=dansguardian_groups.xml</url>
diff --git a/config/dansguardian/dansguardian_sync.xml b/config/dansguardian/dansguardian_sync.xml
index c041f398..f91eae6a 100755
--- a/config/dansguardian/dansguardian_sync.xml
+++ b/config/dansguardian/dansguardian_sync.xml
@@ -66,6 +66,10 @@
 			<text>Access Lists</text>
 			<url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&amp;id=0</url>
 		</tab>
+		<tab>
+			<text>LDAP</text>
+			<url>/pkg.php?xml=dansguardian_ldap.xml</url>
+		</tab>
 		<tab>
 			<text>Groups</text>
 			<url>/pkg.php?xml=dansguardian_groups.xml</url>
diff --git a/config/dansguardian/dansguardian_users_header.xml b/config/dansguardian/dansguardian_users_header.xml
index 70edb5fe..1f15a610 100644
--- a/config/dansguardian/dansguardian_users_header.xml
+++ b/config/dansguardian/dansguardian_users_header.xml
@@ -66,6 +66,10 @@
 			<text>Access Lists</text>
 			<url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&amp;id=0</url>
 		</tab>
+		<tab>
+			<text>LDAP</text>
+			<url>/pkg.php?xml=dansguardian_ldap.xml</url>
+		</tab>
 		<tab>
 			<text>Groups</text>
 			<url>/pkg.php?xml=dansguardian_groups.xml</url>
diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template
index d420871f..ccc24f19 100644
--- a/config/dansguardian/dansguardianfx.conf.template
+++ b/config/dansguardian/dansguardianfx.conf.template
@@ -376,7 +376,7 @@ sslcertcheck = {$dansguardian_groups['sslcertcheck']}
 # Forge ssl certificates for all sites, decrypt the data then re encrypt it
 # using a different private key. Used to filter ssl sites
 sslmitm = {$dansguardian_groups['sslmitm']}
-mitmkey = '{$dansguardian_groups['mitmkey']}'
+#mitmkey = '{$dansguardian_groups['mitmkey']}'
 
 EOF;
 
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 4dadf330..9e76292b 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -449,7 +449,7 @@
 		<depends_on_package_base_url>http://e-sac.siteseguro.ws/packages/8/All/</depends_on_package_base_url>
 		<depends_on_package>dansguardian-2.12.0.0.tbz</depends_on_package>
 		<depends_on_package>clamav-0.97.3_1.tbz</depends_on_package>
-		<version>2.12.0.0 pkg v.0.1.4_1</version>
+		<version>2.12.0.0 pkg v.0.1.5</version>
 		<status>beta</status>
 		<required_version>2.0</required_version>
 		<configurationfile>dansguardian.xml</configurationfile>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 9ee66667..117cc86b 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -555,7 +555,7 @@
 		<depends_on_package_base_url>http://e-sac.siteseguro.ws/packages/amd64/8/All/</depends_on_package_base_url>
 		<depends_on_package>dansguardian-2.12.0.0.tbz</depends_on_package>
 		<depends_on_package>clamav-0.97.3_1.tbz</depends_on_package>
-		<version>2.12.0.0 pkg v.0.1.4_1</version>
+		<version>2.12.0.0 pkg v.0.1.5</version>
 		<status>beta</status>
 		<required_version>2.0</required_version>
 		<configurationfile>dansguardian.xml</configurationfile>
-- 
cgit v1.2.3