From d52a7fba0e525484dffa7cc8c5e286a91ac5a2e7 Mon Sep 17 00:00:00 2001
From: Marcello Coutinho <marcellocoutinho@gmail.com>
Date: Thu, 3 May 2012 13:22:49 -0300
Subject: dansguardian - include per group report options and passkey for
 denied pages

---
 config/dansguardian/dansguardian.conf.template   |  3 +-
 config/dansguardian/dansguardian.inc             | 38 ++++++++++++++++++++++--
 config/dansguardian/dansguardian_groups.xml      | 26 ++++++++++++++--
 config/dansguardian/dansguardian_log.xml         |  8 +++++
 config/dansguardian/dansguardianfx.conf.template |  8 ++---
 5 files changed, 74 insertions(+), 9 deletions(-)

(limited to 'config/dansguardian')

diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template
index 27099332..ab30527a 100755
--- a/config/dansguardian/dansguardian.conf.template
+++ b/config/dansguardian/dansguardian.conf.template
@@ -157,7 +157,8 @@ proxyport = {$proxyport}
 #
 # Individual filter groups can override this setting in their own configuration.
 #
-accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
+#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
+{$accessdeniedaddress}
 
 # Non standard delimiter (only used with accessdeniedaddress)
 # To help preserve the full banned URL, including parameters, the variables
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index 56acfc5e..26e213a2 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -181,6 +181,16 @@ function sync_package_dansguardian() {
 	
 	#report and log
 	$reportlevel=($dansguardian_log['report_level']?$dansguardian_log['report_level']:"3");
+	if ($reportlevel == 1 || $reportlevel== 2){
+		if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_log['reportingcgi'],$cgimatches)){
+			$accessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'";
+			}
+		else{
+			log_error("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url");
+			file_notice("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url","");
+			}
+	}
+	$accessdenied=($dansguardian_log['reportingcgi']?$dansguardian_log['report_level']:"3");
 	$reportlanguage=($dansguardian_log['report_language']?$dansguardian_log['report_language']:"ukenglish");
 	$showweightedfound=(preg_match('/showweightedfound/',$dansguardian_log['report_options'])?"on":"off");
 	$usecustombannedflash=(preg_match('/usecustombannedflash/',$dansguardian_log['report_options'])?"on":"off");
@@ -657,7 +667,7 @@ function sync_package_dansguardian() {
 		$config['installedpackages']['dansguardianlog']['config'][0]['report_file']=base64_encode($report_file);
 		$dansguardian_log['report_file']=base64_encode($report_file);
 		$load_samples++;
-	}	
+	}
 
 	if($load_samples > 0)
 		write_config();
@@ -676,7 +686,8 @@ function sync_package_dansguardian() {
 																				'urlacl'=> "Default",
 																				'group_options' => "scancleancache,infectionbypasserrorsonly",
 																				'reportinglevel'=>'3',
-																				'mode'=> "1");
+																				'mode'=> "1",
+																				'report_level'=>"general");
 
 	$groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm");
 	#loop on array
@@ -695,6 +706,29 @@ function sync_package_dansguardian() {
 		$dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0");
 		$dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0");
 		$dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da");
+		switch ($dansguardian_groups['reportinglevel']){
+			case "1":
+			case "2":
+				$groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel'];
+				if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_groups['reportingcgi'],$cgimatches)){
+					$groupaccessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'";
+					}
+				else{
+					log_error('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.');
+					file_notice('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.',"");
+					}
+			break;		
+			case "-1": 
+			case "0":
+			case "3":
+				$groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel'];
+				$groupaccessdeniedaddress="";
+			break;
+			default:
+				$groupreportinglevel="";
+				$groupaccessdeniedaddress="";
+		}
+
 		foreach ($groups as $group)
 			$dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off");
 		include("/usr/local/pkg/dansguardianfx.conf.template");
diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml
index baa9b44a..063d55fa 100755
--- a/config/dansguardian/dansguardian_groups.xml
+++ b/config/dansguardian/dansguardian_groups.xml
@@ -105,7 +105,10 @@
 			<fielddescr>Group mode</fielddescr>
 			<fieldname>mode</fieldname>
 		</columnitem>	
-
+		<columnitem>
+			<fielddescr>Reporting level</fielddescr>
+			<fieldname>reportinglevel</fieldname>
+		</columnitem>	
 		<columnitem>
 			<fielddescr>Description</fielddescr>
 			<fieldname>description</fieldname>
@@ -247,13 +250,23 @@
 								If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]></description>
 	    	<type>select</type>
  				<options>
- 				<option><name>Use HTML template file (accessdeniedaddress ignored) - recommended</name><value>3</value></option>
+ 				<option><name>Use General log option selected on Report and log - recommended</name><value>Global</value></option>
+ 				<option><name>Use HTML template file (accessdeniedaddress ignored)</name><value>3</value></option>
  				<option><name>Report fully</name><value>2</value></option>
  				<option><name>Report why but not what denied phrase</name><value>1</value></option>
  				<option><name>Just say 'Access Denied'</name><value>0</value></option>
  				<option><name>Log but do not block - Stealth mode</name><value>-1</value></option>
 				</options>
 		</field>
+		<field>
+			<fielddescr>Access Denied cgi</fielddescr>
+			<fieldname>reportingcgi</fieldname>
+			<description><![CDATA[While using Report Level (report fully) or (Report why but not what denied phrase), specify here the url link to your access denied cgi script
+								  ex:http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl]]></description>
+			<type>input</type>
+			<size>70</size>
+		</field>
+		
 		<field>
 			<fielddescr>Weighted phrase mode</fielddescr>
 			<fieldname>weightedphrasemode</fieldname>
@@ -320,6 +333,15 @@
 			<strong>0 = disable ( defaults to 0 )</strong>]]></description>
 			<type>input</type>
 			<size>10</size>
+		</field>
+		<field>
+			<fielddescr>Temporary Denied Page Bypass Secret Key</fielddescr>
+			<fieldname>bypasskey</fieldname>
+			<description><![CDATA[If not empty, rather than generating a random key you can specify one. It must be more than 8 chars.<br>
+									Ex1:Mary had a little lamb.<br>
+									Ex2:76b42abc1cd0fdcaf6e943dcbc93b826]]></description>
+			<type>input</type>
+			<size>70</size>
 		</field>
 			<field>
 			<fielddescr>Infection/Scan Error Bypass</fielddescr>
diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml
index a3448d44..a9b9d0e9 100644
--- a/config/dansguardian/dansguardian_log.xml
+++ b/config/dansguardian/dansguardian_log.xml
@@ -114,6 +114,14 @@
  				<option><name>Just say 'Access Denied'</name><value>0</value></option>
  				<option><name>Log but do not block - Stealth mode</name><value>-1</value></option>
 				</options>
+		</field>
+		<field>
+			<fielddescr>Access Denied cgi</fielddescr>
+			<fieldname>reportingcgi</fieldname>
+			<description><![CDATA[While using Report Level (report fully) or (Report why but not what denied phrase), specify here the url link to your access denied cgi script
+								  ex:http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl]]></description>
+			<type>input</type>
+			<size>70</size>
 		</field>	
 		<field>
 			<fielddescr>Report Language</fielddescr>
diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template
index c2d10853..c827cfe4 100644
--- a/config/dansguardian/dansguardianfx.conf.template
+++ b/config/dansguardian/dansguardianfx.conf.template
@@ -268,8 +268,8 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']}
 #
 # If defined, this overrides the global setting in dansguardian.conf for
 # members of this filter group.
-#
-reportinglevel = {$dansguardian_groups['reportinglevel']}
+# reportinglevel = 3
+{$groupreportinglevel}
 
 # accessdeniedaddress is the address of your web server to which the cgi
 # dansguardian reporting script was copied. Only used in reporting levels
@@ -284,8 +284,8 @@ reportinglevel = {$dansguardian_groups['reportinglevel']}
 #
 # If defined, this overrides the global setting in dansguardian.conf for
 # members of this filter group.
-#
-accessdeniedaddress = '{$dansguardian_groups['accessdeniedaddress']}'
+# accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
+{$groupaccessdeniedaddress}
 
 # HTML Template override
 # If defined, this specifies a custom HTML template file for members of this
-- 
cgit v1.2.3