- $Lang::tr{'enabled on'} Green: |
- |
- $Lang::tr{'upstream proxy host:port'}: |
- |
+ $Lang::tr{'advproxy common settings'} |
- $Lang::tr{'transparent on'} Green: |
+ $Lang::tr{'advproxy enabled on'} Green: |
+ |
+ $Lang::tr{'advproxy proxy port'}: |
+ |
+
+
+ $Lang::tr{'advproxy transparent on'} Green: |
|
- $Lang::tr{'upstream username'} |
- |
+ $Lang::tr{'advproxy visible hostname'}: |
+ |
END
;
if ($netsettings{'BLUE_DEV'}) {
- print "$Lang::tr{'enabled on'} Blue: | ";
+ print "$Lang::tr{'advproxy enabled on'} Blue: | ";
print " | ";
} else {
print " | ";
}
print <$Lang::tr{'upstream password'}
- |
+ |
END
;
if ($netsettings{'BLUE_DEV'}) {
- print "$Lang::tr{'transparent on'} Blue: | ";
+ print "$Lang::tr{'advproxy transparent on'} Blue: | ";
print " | ";
} else {
print " | ";
}
print <$Lang::tr{'proxy port'}:
- |
+ $Lang::tr{'advproxy error language'}: |
+
+ |
- $Lang::tr{'log enabled'}: |
- |
- $Lang::tr{'squid extension methods'}: |
- |
+ $Lang::tr{'advproxy suppress version'}: |
+ |
+ $Lang::tr{'advproxy error design'}: |
+ |
-
- $Lang::tr{'cache management'} |
+ $Lang::tr{'advproxy squid version'}: |
+ [ $squidversion[0] ] |
+ |
+ |
+
+
+
";
+
+} else {
+ print <
+
+
+END
+;
+}
+
+# -------------------------------------------------------------------
+
+print <
+
+ $Lang::tr{'advproxy time restrictions'} |
+
+
+
+
+
+
+
+ $Lang::tr{'advproxy download throttling'} |
+
+
+ $Lang::tr{'advproxy throttling total on'} Green: |
+
+
+ |
+ $Lang::tr{'advproxy throttling per host on'} Green: |
+
+
+ |
+
+END
+;
+
+if ($netsettings{'BLUE_DEV'}) {
+ print <
+ $Lang::tr{'advproxy throttling total on'} Blue: |
+
+
+ |
+ $Lang::tr{'advproxy throttling per host on'} Blue: |
+
+
+ |
+
+END
+;
+}
+
+print <
+
+
+
+
+
+
+
+ $Lang::tr{'this field may be blank'}
+ |
+ |
+
+
+
+END
+;
+
+&Header::closebox();
+
+} else {
+
+# ===================================================================
+# NCSA user management
+# ===================================================================
+
+&Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}");
+print <
+
+
+
+
+
+
+
+ $Lang::tr{'advproxy NCSA user accounts'}: |
+
+
+
+END
+;
+
+if (-e $extgrp)
+{
+ open(FILE, $extgrp); @grouplist = ; close(FILE);
+ foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); }
+}
+if (-e $stdgrp)
+{
+ open(FILE, $stdgrp); @grouplist = ; close(FILE);
+ foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); }
+}
+if (-e $disgrp)
+{
+ open(FILE, $disgrp); @grouplist = ; close(FILE);
+ foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); }
+}
+
+@userlist = sort(@userlist);
+
+# If the password file contains entries, print entries and action icons
+
+if ( ! -z "$userdb" ) {
+ print <
+ $Lang::tr{'advproxy NCSA username'} |
+ $Lang::tr{'advproxy NCSA group membership'} |
+ |
+
+END
+;
+ $id = 0;
+ foreach $line (@userlist)
+ {
+ $id++;
+ chomp($line);
+ @temp = split(/:/,$line);
+ if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) {
+ print "\n"; }
+ elsif ($id % 2) {
+ print "
\n"; }
+ else {
+ print "
\n"; }
+
+ print <$temp[0]
+
+END
+;
+ if ($temp[1] eq 'standard') {
+ print $Lang::tr{'advproxy NCSA grp standard'};
+ } elsif ($temp[1] eq 'extended') {
+ print $Lang::tr{'advproxy NCSA grp extended'};
+ } elsif ($temp[1] eq 'disabled') {
+ print $Lang::tr{'advproxy NCSA grp disabled'}; }
+ print <
+
+
+ |
+
+
+
+ |
+ |
+END
+;
+ }
+
+print <
+
+
+
+ $Lang::tr{'legend'}: |
+ |
+ $Lang::tr{'edit'} |
+ |
+ $Lang::tr{'remove'} |
+
+END
+;
+} else {
+ print <
+ $Lang::tr{'advproxy NCSA no accounts'} |
+
+END
+;
+}
+
+print <
+END
+;
+
+&Header::closebox();
+
+}
+
+# ===================================================================
+
+&Header::closebigbox();
+
+&Header::closepage();
+
+# -------------------------------------------------------------------
+
+sub read_acls
+{
+ if (-e "$acl_src_subnets") {
+ open(FILE,"$acl_src_subnets");
+ delete $proxysettings{'SRC_SUBNETS'};
+ while () { $proxysettings{'SRC_SUBNETS'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$acl_src_banned_ip") {
+ open(FILE,"$acl_src_banned_ip");
+ delete $proxysettings{'SRC_BANNED_IP'};
+ while () { $proxysettings{'SRC_BANNED_IP'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$acl_src_banned_mac") {
+ open(FILE,"$acl_src_banned_mac");
+ delete $proxysettings{'SRC_BANNED_MAC'};
+ while () { $proxysettings{'SRC_BANNED_MAC'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$acl_src_unrestricted_ip") {
+ open(FILE,"$acl_src_unrestricted_ip");
+ delete $proxysettings{'SRC_UNRESTRICTED_IP'};
+ while () { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$acl_src_unrestricted_mac") {
+ open(FILE,"$acl_src_unrestricted_mac");
+ delete $proxysettings{'SRC_UNRESTRICTED_MAC'};
+ while () { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$acl_dst_nocache") {
+ open(FILE,"$acl_dst_nocache");
+ delete $proxysettings{'DST_NOCACHE'};
+ while () { $proxysettings{'DST_NOCACHE'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$acl_dst_noauth") {
+ open(FILE,"$acl_dst_noauth");
+ delete $proxysettings{'DST_NOAUTH'};
+ while () { $proxysettings{'DST_NOAUTH'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$acl_ports_safe") {
+ open(FILE,"$acl_ports_safe");
+ delete $proxysettings{'PORTS_SAFE'};
+ while () { $proxysettings{'PORTS_SAFE'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$acl_ports_ssl") {
+ open(FILE,"$acl_ports_ssl");
+ delete $proxysettings{'PORTS_SSL'};
+ while () { $proxysettings{'PORTS_SSL'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$mimetypes") {
+ open(FILE,"$mimetypes");
+ delete $proxysettings{'MIME_TYPES'};
+ while () { $proxysettings{'MIME_TYPES'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$ntlmdir/msntauth.allowusers") {
+ open(FILE,"$ntlmdir/msntauth.allowusers");
+ delete $proxysettings{'NTLM_ALLOW_USERS'};
+ while () { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$ntlmdir/msntauth.denyusers") {
+ open(FILE,"$ntlmdir/msntauth.denyusers");
+ delete $proxysettings{'NTLM_DENY_USERS'};
+ while () { $proxysettings{'NTLM_DENY_USERS'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$raddir/radauth.allowusers") {
+ open(FILE,"$raddir/radauth.allowusers");
+ delete $proxysettings{'RADIUS_ALLOW_USERS'};
+ while () { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$raddir/radauth.denyusers") {
+ open(FILE,"$raddir/radauth.denyusers");
+ delete $proxysettings{'RADIUS_DENY_USERS'};
+ while () { $proxysettings{'RADIUS_DENY_USERS'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$identdir/identauth.allowusers") {
+ open(FILE,"$identdir/identauth.allowusers");
+ delete $proxysettings{'IDENT_ALLOW_USERS'};
+ while () { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$identdir/identauth.denyusers") {
+ open(FILE,"$identdir/identauth.denyusers");
+ delete $proxysettings{'IDENT_DENY_USERS'};
+ while () { $proxysettings{'IDENT_DENY_USERS'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$identhosts") {
+ open(FILE,"$identhosts");
+ delete $proxysettings{'IDENT_HOSTS'};
+ while () { $proxysettings{'IDENT_HOSTS'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$cre_groups") {
+ open(FILE,"$cre_groups");
+ delete $proxysettings{'CRE_GROUPS'};
+ while () { $proxysettings{'CRE_GROUPS'} .= $_ };
+ close(FILE);
+ }
+ if (-e "$cre_svhosts") {
+ open(FILE,"$cre_svhosts");
+ delete $proxysettings{'CRE_SVHOSTS'};
+ while () { $proxysettings{'CRE_SVHOSTS'} .= $_ };
+ close(FILE);
+ }
+}
+
+# -------------------------------------------------------------------
+
+sub check_acls
+{
+ @temp = split(/\n/,$proxysettings{'PORTS_SAFE'});
+ undef $proxysettings{'PORTS_SAFE'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_)
+ {
+ $line = $_;
+ if (/^[^#]+\s+#\sSquids\sport/) { s/(^[^#]+)(\s+#\sSquids\sport)/$proxysettings{'PROXY_PORT'}\2/; $line=$_; }
+ s/#.*//g; s/\s+//g;
+ if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
+ @templist = split(/-/);
+ foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
+ $proxysettings{'PORTS_SAFE'} .= $line."\n";
+ }
+ }
+
+ @temp = split(/\n/,$proxysettings{'PORTS_SSL'});
+ undef $proxysettings{'PORTS_SSL'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_)
+ {
+ $line = $_;
+ s/#.*//g; s/\s+//g;
+ if (/.*-.*-.*/) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; }
+ @templist = split(/-/);
+ foreach (@templist) { unless (&General::validport($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid destination port'}; } }
+ $proxysettings{'PORTS_SSL'} .= $line."\n";
+ }
+ }
+
+ @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
+ undef $proxysettings{'DST_NOCACHE'};
+ foreach (@temp)
+ {
+ s/^\s+//g;
+ unless (/^#/) { s/\s+//g; }
+ if ($_)
+ {
+ if (/^\./) { $_ = '*'.$_; }
+ $proxysettings{'DST_NOCACHE'} .= $_."\n";
+ }
+ }
+
+ @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'});
+ undef $proxysettings{'SRC_SUBNETS'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_)
+ {
+ unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
+ $proxysettings{'SRC_SUBNETS'} .= $_."\n";
+ }
+ }
+
+ @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'});
+ undef $proxysettings{'SRC_BANNED_IP'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_)
+ {
+ unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
+ $proxysettings{'SRC_BANNED_IP'} .= $_."\n";
+ }
+ }
+
+ @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'});
+ undef $proxysettings{'SRC_BANNED_MAC'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g; s/-/:/g;
+ if ($_)
+ {
+ unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
+ $proxysettings{'SRC_BANNED_MAC'} .= $_."\n";
+ }
+ }
+
+ @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'});
+ undef $proxysettings{'SRC_UNRESTRICTED_IP'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_)
+ {
+ unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
+ $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n";
+ }
+ }
+
+ @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'});
+ undef $proxysettings{'SRC_UNRESTRICTED_MAC'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g; s/-/:/g;
+ if ($_)
+ {
+ unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; }
+ $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n";
+ }
+ }
+
+ @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
+ undef $proxysettings{'DST_NOAUTH'};
+ foreach (@temp)
+ {
+ s/^\s+//g;
+ unless (/^#/) { s/\s+//g; }
+ if ($_)
+ {
+ if (/^\./) { $_ = '*'.$_; }
+ $proxysettings{'DST_NOAUTH'} .= $_."\n";
+ }
+ }
+
+ if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
+ {
+ @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'});
+ undef $proxysettings{'NTLM_ALLOW_USERS'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; }
+ }
+ if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
+ }
+
+ if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
+ {
+ @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'});
+ undef $proxysettings{'NTLM_DENY_USERS'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; }
+ }
+ if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
+ }
+
+ if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
+ {
+ @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'});
+ undef $proxysettings{'IDENT_ALLOW_USERS'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; }
+ }
+ if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
+ }
+
+ if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
+ {
+ @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'});
+ undef $proxysettings{'IDENT_DENY_USERS'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; }
+ }
+ if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
+ }
+
+ if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
+ {
+ @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'});
+ undef $proxysettings{'RADIUS_ALLOW_USERS'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; }
+ }
+ if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
+ }
+
+ if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
+ {
+ @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'});
+ undef $proxysettings{'RADIUS_DENY_USERS'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; }
+ }
+ if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; }
+ }
+
+ @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'});
+ undef $proxysettings{'IDENT_HOSTS'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_)
+ {
+ unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
+ $proxysettings{'IDENT_HOSTS'} .= $_."\n";
+ }
+ }
+
+ @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'});
+ undef $proxysettings{'CRE_SVHOSTS'};
+ foreach (@temp)
+ {
+ s/^\s+//g; s/\s+$//g;
+ if ($_)
+ {
+ unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; }
+ $proxysettings{'CRE_SVHOSTS'} .= $_."\n";
+ }
+ }
+}
+
+# -------------------------------------------------------------------
+
+sub write_acls
+{
+ open(FILE, ">$acl_src_subnets");
+ flock(FILE, 2);
+ if (!$proxysettings{'SRC_SUBNETS'})
+ {
+ print FILE "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}\n";
+ if ($netsettings{'BLUE_DEV'})
+ {
+ print FILE "$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}\n";
+ }
+ } else { print FILE $proxysettings{'SRC_SUBNETS'}; }
+ close(FILE);
+
+ open(FILE, ">$acl_src_banned_ip");
+ flock(FILE, 2);
+ print FILE $proxysettings{'SRC_BANNED_IP'};
+ close(FILE);
+
+ open(FILE, ">$acl_src_banned_mac");
+ flock(FILE, 2);
+ print FILE $proxysettings{'SRC_BANNED_MAC'};
+ close(FILE);
+
+ open(FILE, ">$acl_src_unrestricted_ip");
+ flock(FILE, 2);
+ print FILE $proxysettings{'SRC_UNRESTRICTED_IP'};
+ close(FILE);
+
+ open(FILE, ">$acl_src_unrestricted_mac");
+ flock(FILE, 2);
+ print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'};
+ close(FILE);
+
+ open(FILE, ">$acl_dst_noauth");
+ flock(FILE, 2);
+ print FILE $proxysettings{'DST_NOAUTH'};
+ close(FILE);
+
+ open(FILE, ">$acl_dst_noauth_net");
+ close(FILE);
+ open(FILE, ">$acl_dst_noauth_dom");
+ close(FILE);
+ open(FILE, ">$acl_dst_noauth_url");
+ close(FILE);
+
+ @temp = split(/\n/,$proxysettings{'DST_NOAUTH'});
+ foreach(@temp)
+ {
+ unless (/^#/)
+ {
+ if (/^\*\.\w/)
+ {
+ s/^\*//;
+ open(FILE, ">>$acl_dst_noauth_dom");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ elsif (&General::validipormask($_))
+ {
+ open(FILE, ">>$acl_dst_noauth_net");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
+ {
+ open(FILE, ">>$acl_dst_noauth_net");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ else
+ {
+ open(FILE, ">>$acl_dst_noauth_url");
+ flock(FILE, 2);
+ if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
+ close(FILE);
+ }
+ }
+ }
+
+ open(FILE, ">$acl_dst_nocache");
+ flock(FILE, 2);
+ print FILE $proxysettings{'DST_NOCACHE'};
+ close(FILE);
+
+ open(FILE, ">$acl_dst_nocache_net");
+ close(FILE);
+ open(FILE, ">$acl_dst_nocache_dom");
+ close(FILE);
+ open(FILE, ">$acl_dst_nocache_url");
+ close(FILE);
+
+ @temp = split(/\n/,$proxysettings{'DST_NOCACHE'});
+ foreach(@temp)
+ {
+ unless (/^#/)
+ {
+ if (/^\*\.\w/)
+ {
+ s/^\*//;
+ open(FILE, ">>$acl_dst_nocache_dom");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ elsif (&General::validipormask($_))
+ {
+ open(FILE, ">>$acl_dst_nocache_net");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ elsif (/\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?-\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?/)
+ {
+ open(FILE, ">>$acl_dst_nocache_net");
+ flock(FILE, 2);
+ print FILE "$_\n";
+ close(FILE);
+ }
+ else
+ {
+ open(FILE, ">>$acl_dst_nocache_url");
+ flock(FILE, 2);
+ if (/^[fh]tt?ps?:\/\//) { print FILE "$_\n"; } else { print FILE "^[fh]tt?ps?://$_\n"; }
+ close(FILE);
+ }
+ }
+ }
+
+ open(FILE, ">$acl_ports_safe");
+ flock(FILE, 2);
+ if (!$proxysettings{'PORTS_SAFE'}) { print FILE $def_ports_safe; } else { print FILE $proxysettings{'PORTS_SAFE'}; }
+ close(FILE);
+
+ open(FILE, ">$acl_ports_ssl");
+ flock(FILE, 2);
+ if (!$proxysettings{'PORTS_SSL'}) { print FILE $def_ports_ssl; } else { print FILE $proxysettings{'PORTS_SSL'}; }
+ close(FILE);
+
+ open(FILE, ">$acl_dst_throttle");
+ flock(FILE, 2);
+ if ($proxysettings{'THROTTLE_BINARY'} eq 'on')
+ {
+ @temp = split(/\|/,$throttle_binary);
+ foreach (@temp) { print FILE "\\.$_\$\n"; }
+ }
+ if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on')
+ {
+ @temp = split(/\|/,$throttle_dskimg);
+ foreach (@temp) { print FILE "\\.$_\$\n"; }
+ }
+ if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on')
+ {
+ @temp = split(/\|/,$throttle_mmedia);
+ foreach (@temp) { print FILE "\\.$_\$\n"; }
+ }
+ if (-s $throttled_urls)
+ {
+ open(URLFILE, $throttled_urls);
+ @temp = ;
+ close(URLFILE);
+ foreach (@temp) { print FILE; }
+ }
+ close(FILE);
+
+ open(FILE, ">$mimetypes");
+ flock(FILE, 2);
+ print FILE $proxysettings{'MIME_TYPES'};
+ close(FILE);
+
+ open(FILE, ">$ntlmdir/msntauth.allowusers");
+ flock(FILE, 2);
+ print FILE $proxysettings{'NTLM_ALLOW_USERS'};
+ close(FILE);
+
+ open(FILE, ">$ntlmdir/msntauth.denyusers");
+ flock(FILE, 2);
+ print FILE $proxysettings{'NTLM_DENY_USERS'};
+ close(FILE);
+
+ open(FILE, ">$raddir/radauth.allowusers");
+ flock(FILE, 2);
+ print FILE $proxysettings{'RADIUS_ALLOW_USERS'};
+ close(FILE);
+
+ open(FILE, ">$raddir/radauth.denyusers");
+ flock(FILE, 2);
+ print FILE $proxysettings{'RADIUS_DENY_USERS'};
+ close(FILE);
+
+ open(FILE, ">$identdir/identauth.allowusers");
+ flock(FILE, 2);
+ print FILE $proxysettings{'IDENT_ALLOW_USERS'};
+ close(FILE);
+
+ open(FILE, ">$identdir/identauth.denyusers");
+ flock(FILE, 2);
+ print FILE $proxysettings{'IDENT_DENY_USERS'};
+ close(FILE);
+
+ open(FILE, ">$identhosts");
+ flock(FILE, 2);
+ print FILE $proxysettings{'IDENT_HOSTS'};
+ close(FILE);
+
+ open(FILE, ">$cre_groups");
+ flock(FILE, 2);
+ print FILE $proxysettings{'CRE_GROUPS'};
+ close(FILE);
+
+ open(FILE, ">$cre_svhosts");
+ flock(FILE, 2);
+ print FILE $proxysettings{'CRE_SVHOSTS'};
+ close(FILE);
+}
+
+# -------------------------------------------------------------------
+
+sub writepacfile
+{
+ open(FILE, ">/srv/web/ipfire/html/proxy.pac");
+ flock(FILE, 2);
+ print FILE "function FindProxyForURL(url, host)\n";
+ print FILE "{\n";
+ if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on'))
+ {
+ print FILE <;
+ close(SUBNETS);
+ }
+
+ foreach (@templist)
+ {
+ @temp = split(/\//);
+ if (
+ ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
+ ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
+ )
+ {
+ chomp $temp[1];
+ print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";
+ }
+ }
+
+ print FILE "\n";
+
+ print FILE <${General::swroot}/proxy/squid.conf");
+ flock(FILE, 2);
+ print FILE < 0)
+ {
+ print FILE "\n";
+
+ if (!-z $acl_dst_nocache_dom) {
+ print FILE "acl no_cache_domains dstdomain \"$acl_dst_nocache_dom\"\n";
+ print FILE "cache deny no_cache_domains\n";
+ }
+ if (!-z $acl_dst_nocache_net) {
+ print FILE "acl no_cache_ipaddr dst \"$acl_dst_nocache_net\"\n";
+ print FILE "cache deny no_cache_ipaddr\n";
+ }
+ if (!-z $acl_dst_nocache_url) {
+ print FILE "acl no_cache_hosts url_regex -i \"$acl_dst_nocache_url\"\n";
+ print FILE "cache deny no_cache_hosts\n";
+ }
+ }
+
+ print FILE <$ntlmdir/msntauth.conf");
+ flock(MSNTCONF,2);
+ print MSNTCONF "server $proxysettings{'NTLM_PDC'}";
+ if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; }
+ print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n";
+ if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')
+ {
+ if ($proxysettings{'NTLM_USER_ACL'} eq 'positive')
+ {
+ print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n";
+ } else {
+ print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n";
+ }
+ }
+ close(MSNTCONF);
+ }
+ }
+
+ if ($proxysettings{'AUTH_METHOD'} eq 'radius')
+ {
+ print FILE "auth_param basic program $authdir/squid_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
+ if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; }
+ print FILE "-w $proxysettings{'RADIUS_SECRET'}\n";
+ print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
+ print FILE "auth_param basic realm $authrealm\n";
+ print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
+ if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
+ }
+
+ print FILE "\n";
+ print FILE "acl for_inetusers proxy_auth REQUIRED\n";
+ if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on'))
+ {
+ if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive'))
+ {
+ print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n";
+ }
+ if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative'))
+ {
+ print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n";
+ }
+ }
+ if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on'))
+ {
+ if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive'))
+ {
+ print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n";
+ }
+ if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative'))
+ {
+ print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n";
+ }
+ }
+ if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
+ {
+ print FILE "\n";
+ if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; }
+ if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; }
+ }
+ if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; }
+ print FILE "\n";
+
+ if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
+ if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
+ if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
+ print FILE "\n";
+
+ }
+
+ if ($proxysettings{'AUTH_METHOD'} eq 'ident')
+ {
+ if ($proxysettings{'IDENT_REQUIRED'} eq 'on')
+ {
+ print FILE "acl for_inetusers ident REQUIRED\n";
+ }
+ if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on')
+ {
+ if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive'))
+ {
+ print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n";
+ }
+ if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative'))
+ {
+ print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n";
+ }
+ }
+ if (!-z $acl_dst_noauth_net) { print FILE "acl to_ipaddr_without_auth dst \"$acl_dst_noauth_net\"\n"; }
+ if (!-z $acl_dst_noauth_dom) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth_dom\"\n"; }
+ if (!-z $acl_dst_noauth_url) { print FILE "acl to_hosts_without_auth url_regex -i \"$acl_dst_noauth_url\"\n"; }
+ print FILE "\n";
+ }
+
+ if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; }
+
+ if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; }
+
+ print FILE "acl within_timeframe time ";
+ if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; }
+ if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; }
+ if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; }
+ if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; }
+ if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; }
+ if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; }
+ if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; }
+ print FILE " $proxysettings{'TIME_FROM_HOUR'}:";
+ print FILE "$proxysettings{'TIME_FROM_MINUTE'}-";
+ print FILE "$proxysettings{'TIME_TO_HOUR'}:";
+ print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n";
+
+ if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) {
+ print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n";
+ }
+
+ print FILE <;
+close PORTS;
+if (@temp)
+{
+ foreach (@temp) { print FILE "acl SSL_ports port $_"; }
+}
+open (PORTS,"$acl_ports_safe");
+@temp = ;
+close PORTS;
+if (@temp)
+{
+ foreach (@temp) { print FILE "acl Safe_ports port $_"; }
+}
+ print FILE <) {
+ $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/;
+ $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/;
+ $_ =~ s/__BLUE_IP__/$blue_ip/;
+ $_ =~ s/__BLUE_NET__/$blue_net/;
+ $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
+ print FILE $_;
+ }
+ print FILE "\n#End of custom includes\n";
+ close (ACL);
+ }
+ if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
+ print FILE < 0)
+ {
+ print FILE < 0) {
+ if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 deny IPFire_unrestricted_ips\n"; }
+ if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 deny IPFire_unrestricted_mac\n"; }
+ if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
+ {
+ if (!-z $extgrp) { print FILE "reply_body_max_size 0 deny for_extended_users\n"; }
+ }
+ }
+#FIX ME print FILE "reply_body_max_size $replybodymaxsize deny all\n\n";
+
+ print FILE "visible_hostname";
+ if ($proxysettings{'VISIBLE_HOSTNAME'} eq '')
+ {
+ print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
+ } else {
+ print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
+ }
+
+ if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n"; }
+ if (!($proxysettings{'ADMIN_PASSWORD'} eq '')) { print FILE "cachemgr_passwd $proxysettings{'ADMIN_PASSWORD'} all\n"; }
+ print FILE "\n";
+
+ print FILE "max_filedescriptors $proxysettings{'FILEDESCRIPTORS'}\n\n";
+
+ # Write the parent proxy info, if needed.
+ if ($remotehost ne '')
+ {
+ print FILE "cache_peer $remotehost parent $remoteport 3130 default no-query";
+
+ # Enter authentication for the parent cache. Option format is
+ # login=user:password ($proxy1='YES')
+ # login=PASS ($proxy1='PASS')
+ # login=*:password ($proxysettings{'FORWARD_USERNAME'} eq 'on')
+ if (($proxy1 eq 'YES') || ($proxy1 eq 'PASS'))
+ {
+ print FILE " login=$proxysettings{'UPSTREAM_USER'}";
+ if ($proxy1 eq 'YES') { print FILE ":$proxysettings{'UPSTREAM_PASSWORD'}"; }
+ }
+ elsif ($proxysettings{'FORWARD_USERNAME'} eq 'on') { print FILE " login=*:password"; }
+
+ print FILE "\nalways_direct allow IPFire_ips\n";
+ print FILE "never_direct allow all\n\n";
+ }
+ if (($proxysettings{'ENABLE_FILTER'} eq 'on') || ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on') || ($proxysettings{'ENABLE_CLAMAV'} eq 'on'))
+ {
+ print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n";
+ print FILE "url_rewrite_children $proxysettings{'CHILDREN'}\n\n";
+ }
+ close FILE;
+}
+
+# -------------------------------------------------------------------
+
+sub adduser
+{
+ my ($str_user, $str_pass, $str_group) = @_;
+ my @groupmembers=();
+
+ if ($str_pass eq 'lEaVeAlOnE')
+ {
+ open(FILE, "$userdb");
+ @groupmembers = ;
+ close(FILE);
+ foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } }
+ &deluser($str_user);
+ open(FILE, ">>$userdb");
+ flock FILE,2;
+ print FILE "$str_user$str_pass";
+ close(FILE);
+ } else {
+ &deluser($str_user);
+ system("/usr/sbin/htpasswd -b $userdb $str_user $str_pass");
+ }
+
+ if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
+ } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp");
+ } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); }
+ flock FILE, 2;
+ print FILE "$str_user\n";
+ close(FILE);
+
+ return;
+}
+
+# -------------------------------------------------------------------
+
+sub deluser
+{
+ my ($str_user) = @_;
+ my $groupfile='';
+ my @groupmembers=();
+ my @templist=();
+
+ foreach $groupfile ($stdgrp, $extgrp, $disgrp)
+ {
+ undef @templist;
+ open(FILE, "$groupfile");
+ @groupmembers = ;
+ close(FILE);
+ foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } }
+ open(FILE, ">$groupfile");
+ flock FILE, 2;
+ print FILE @templist;
+ close(FILE);
+ }
+
+ undef @templist;
+ open(FILE, "$userdb");
+ @groupmembers = ;
+ close(FILE);
+ foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } }
+ open(FILE, ">$userdb");
+ flock FILE, 2;
+ print FILE @templist;
+ close(FILE);
+
+ return;
+}
+
+# -------------------------------------------------------------------
+
+sub writecachemgr
+{
+ open(FILE, ">${General::swroot}/proxy/cachemgr.conf");
+ flock(FILE, 2);
+ print FILE "$netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}\n";
+ print FILE "localhost";
+ close(FILE);
+ return;
+}
-} # end sub DoHTML
-1
+# -------------------------------------------------------------------