From c8539d3211d79c628b59bdcc3eb363cc00e93707 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Thu, 20 Nov 2014 16:09:48 -0200 Subject: squid3.4 - first package files --- config/squid3/34/squid_auth.inc | 446 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 446 insertions(+) create mode 100644 config/squid3/34/squid_auth.inc (limited to 'config/squid3/34/squid_auth.inc') diff --git a/config/squid3/34/squid_auth.inc b/config/squid3/34/squid_auth.inc new file mode 100644 index 00000000..cc511607 --- /dev/null +++ b/config/squid3/34/squid_auth.inc @@ -0,0 +1,446 @@ + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +function global_eval_auth_options() +{ + global $config; + conf_mount_rw(); + config_lock(); + + switch ($config['installedpackages']['squidauth']['config'][0]['auth_method']) { + case "none": + dynamic_auth_content("pkg_edit"); + dynamic_no_auth(); + break; + case "local_auth": + dynamic_auth_content("pkg"); + /* create empty passwd file to prevent stat error with squid reload */ + touch ("/usr/local/etc/squid/advanced/ncsa/passwd"); + dynamic_local_auth(); + break; + case "ldap_bind": + dynamic_auth_content("pkg_edit"); + dynamic_ldap_auth(); + break; + case "domain_auth": + $filecontents = file("/usr/local/pkg/squid_auth.xml"); + dynamic_auth_content("pkg_edit"); + dynamic_domain_auth(); + break; + case "radius_auth": + $filecontents = file("/usr/local/pkg/squid_auth.xml"); + dynamic_auth_content("pkg_edit"); + dynamic_radius_auth(); + break; + default: + $filecontents = file("/usr/local/pkg/squid_auth.xml"); + dynamic_auth_content("pkg_edit"); + dynamic_no_auth(); + break; + } + + config_unlock(); + conf_mount_ro(); + +} /* end function global_eval_auth_options */ + +function dynamic_no_auth() { + global $config; + conf_mount_rw(); + $fout = fopen("/usr/local/pkg/squid_extauth.xml", "w"); + fwrite($fout, "\n"); + fwrite($fout, "\n"); + fwrite($fout, " squidextnoauth\n"); + fwrite($fout, " Services: Proxy Server -> Extended Authentication Settings\n"); + fwrite($fout, " installedpackages->package->squidextnoauth->configuration->settings\n"); + fwrite($fout, "\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_extauth.xml&id=0\n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " General Settings\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_ng.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Upstream Proxy\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_upstream.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Cache Mgmt\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_cache.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Network Access Control\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_nac.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Traffic Mgmt\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_traffic.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Auth Settings\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_auth.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Extended Auth Settings\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_extauth.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " No Authentication Defined\n"); + fwrite($fout, " no_auth\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " require_once(\"/usr/local/pkg/squid_ng.inc\");"); + fwrite($fout, "\n"); + fwrite($fout, " global_write_squid_config();\n"); + fwrite($fout, " mwexec(\"/usr/local/sbin/squid -k reconfigure\");\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, "\n"); + fclose($fout); + + /* mount filesystem read-only */ + conf_mount_ro(); +} + +function dynamic_local_auth() { + global $config; + conf_mount_rw(); + + $fout = fopen("/usr/local/pkg/squid_extauth.xml", "w"); + + fwrite($fout, "\n"); + fwrite($fout, "\n"); + fwrite($fout, "\n"); + fwrite($fout, " squidextlocalauth\n"); + fwrite($fout, " Services: Proxy Server -> Extended Auth Settings\n"); + fwrite($fout, " 2.5.10_4\n"); + fwrite($fout, " installedpackages->package->squidextlocalauth->configuration->settings\n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " /pkg.php?xml=squid_extauth.xml&id=0\n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " General Settings\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_ng.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Upstream Proxy\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_upstream.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Cache Mgmt\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_cache.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Network Access Control\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_nac.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Traffic Mgmt\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_traffic.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Auth Settings\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_auth.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Extended Auth Settings\n"); + fwrite($fout, " /pkg.php?xml=squid_extauth.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " Username\n"); + fwrite($fout, " username\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Description\n"); + fwrite($fout, " description\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Restriction Group\n"); + fwrite($fout, " group\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " Username\n"); + fwrite($fout, " username\n"); + fwrite($fout, " input\n"); + fwrite($fout, " 15\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Password\n"); + fwrite($fout, " password\n"); + fwrite($fout, " password\n"); + fwrite($fout, " 8\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Description (Optional)\n"); + fwrite($fout, " description\n"); + fwrite($fout, " input\n"); + fwrite($fout, " 30\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Restriction Group\n"); + fwrite($fout, " group\n"); + fwrite($fout, " select\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " require_once(\"/usr/local/pkg/squid_ng.inc\");\n"); + fwrite($fout, "\n"); + fwrite($fout, " mod_htpasswd();\n"); + fwrite($fout, " global_write_squid_config();\n"); + fwrite($fout, " mwexec(\"/usr/local/sbin/squid -k reconfigure\");\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, "\n"); + + fclose($fout); + + /* mount filesystem read-only */ + conf_mount_ro(); +} + +function dynamic_ldap_auth() { + global $config; + conf_mount_rw(); + + $fout = fopen("/usr/local/pkg/squid_extauth.xml", "w"); + + fwrite($fout, "\n"); + fwrite($fout, "\n"); + fwrite($fout, "\n"); + fwrite($fout, " squidextldapauth\n"); + fwrite($fout, " Services: Proxy Server -> Extended Auth Settings\n"); + fwrite($fout, " 2.5.11\n"); + fwrite($fout, " installedpackages->package->squidextldapauth->configuration->settings\n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_extauth.xml&id=0\n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " General Settings\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_ng.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Upstream Proxy\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_upstream.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Cache Mgmt\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_cache.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Network Access Control\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_nac.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Traffic Mgmt\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_traffic.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Auth Settings\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_auth.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Extended Auth Settings\n"); + fwrite($fout, " /pkg_edit.php?xml=squid_extauth.xml&id=0\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " Base DN\n"); + fwrite($fout, " ldap_basedn\n"); + fwrite($fout, " This is the base where the LDAP search starts. All subsequent organizational units (OUs)will be included. Example: \"ou=users,o=company\" will search for users in and under the specified company.\n"); + fwrite($fout, " input\n"); + fwrite($fout, " 50\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " LDAP Server\n"); + fwrite($fout, " ldap_server\n"); + fwrite($fout, " This is the LDAP server that the bind will be attempted against.\n"); + fwrite($fout, " input\n"); + fwrite($fout, " 20\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " LDAP Type\n"); + fwrite($fout, " ldap_type\n"); + fwrite($fout, " This specifies the supported LDAP types.\n"); + fwrite($fout, " select\n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " LDAP Port\n"); + fwrite($fout, " ldap_port\n"); + fwrite($fout, " This is the port that LDAP bind will attempt on. The default is \"389\".\n"); + fwrite($fout, " input\n"); + fwrite($fout, " 5\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Bind DN Username\n"); + fwrite($fout, " bind_dn_username\n"); + fwrite($fout, " If \"anonymous bind\" is not supported, please specify the bind username that can access the Base DN hierarchy.\n"); + fwrite($fout, " input\n"); + fwrite($fout, " 30\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " Bind DN Password\n"); + fwrite($fout, " bind_dn_password\n"); + fwrite($fout, " This is the associated password with the Bind DN Username previously specified.\n"); + fwrite($fout, " password\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, " \n"); + fwrite($fout, " require_once(\"/usr/local/pkg/squid_ng.inc\");\n"); + fwrite($fout, "\n"); + fwrite($fout, " mod_htpasswd();\n"); + fwrite($fout, "\n"); + fwrite($fout, " global_write_squid_config();\n"); + fwrite($fout, " mwexec(\"/usr/local/sbin/squid -k reconfigure\");\n"); + fwrite($fout, " \n"); + fwrite($fout, "\n"); + fwrite($fout, "\n"); + + fclose($fout); + + /* mount filesystem read-only */ + conf_mount_ro(); +} + +/* dynamically re-writes all squid xml files to handle adddeletecolumnitems properly */ +function dynamic_auth_content($pkgvar) { + + switch ($pkgvar) { + case "pkg": + if ($handle = opendir("/usr/local/pkg")) { + while (($file = readdir($handle)) != false) { + if (stristr($file, "squid_") && stristr($file, ".xml")) { + $filecontents = file("/usr/local/pkg/" . $file); + $fout = fopen("/usr/local/pkg/" . $file, "w"); + foreach($filecontents as $line) { + if (stristr($line, "/pkg_edit.php?xml=squid_extauth.xml&id=0")) { + fwrite($fout, " /pkg.php?xml=squid_extauth.xml&id=0\n"); + } else { + fwrite($fout, $line); + } + } + } + } + } + break; + + case "pkg_edit": + if ($handle = opendir("/usr/local/pkg")) { + while (($file = readdir($handle)) != false) { + if (stristr($file, "squid_") && stristr($file, ".xml")) { + $filecontents = file("/usr/local/pkg/" . $file); + $fout = fopen("/usr/local/pkg/" . $file,"w"); + foreach($filecontents as $line) { + if (stristr($line, "/pkg.php?xml=squid_extauth.xml&id=0")) { + fwrite($fout, " /pkg_edit.php?xml=squid_extauth.xml&id=0\n"); + } else { + fwrite($fout, $line); + } + } + } + } + } + break; + } + +} /* end function dynamic_auth_content */ +?> \ No newline at end of file -- cgit v1.2.3