X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fproxy.cgi;h=269ce36a2fa497519c90cc6f5b80a04b908ba24e;hp=ad2d1db39443f38e918aeebfa21a2effd8085c52;hb=8deebac86a150ae1fc9e5645a9c531330b01e7a6;hpb=cd1a2927226c734d96478e12bb768256fb64a06a diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index ad2d1db394..269ce36a2f 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -1,421 +1,3523 @@ -#!/usr/bin/perl -# -# SmoothWall CGIs -# -# This code is distributed under the terms of the GPL -# -# (c) The SmoothWall Team -# -# $Id: proxy.cgi,v 1.13.2.23 2006/01/29 09:29:47 eoberlander Exp $ -# - -use strict; - -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require 'CONFIG_ROOT/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %proxysettings=(); -my %netsettings=(); -my %mainsettings=(); -my $errormessage = ''; -my $NeedDoHTML = 1; - -&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); - -&Header::showhttpheaders(); - -$proxysettings{'ACTION'} = ''; -$proxysettings{'VALID'} = ''; - -$proxysettings{'UPSTREAM_PROXY'} = ''; -$proxysettings{'UPSTREAM_USER'} = ''; -$proxysettings{'UPSTREAM_PASSWORD'} = ''; -$proxysettings{'ENABLE'} = 'off'; -$proxysettings{'ENABLE_BLUE'} = 'off'; -$proxysettings{'CACHE_SIZE'} = '50'; -$proxysettings{'TRANSPARENT'} = 'off'; -$proxysettings{'TRANSPARENT_BLUE'} = 'off'; -$proxysettings{'MAX_SIZE'} = '4096'; -$proxysettings{'MIN_SIZE'} = '0'; -$proxysettings{'MAX_OUTGOING_SIZE'} = '0'; -$proxysettings{'MAX_INCOMING_SIZE'} = '0'; -$proxysettings{'LOGGING'} = 'off'; -$proxysettings{'PROXY_PORT'} = '800'; -$proxysettings{'EXTENSION_METHODS'} = ''; - -&Header::getcgihash(\%proxysettings); - -my $needhup = 0; -my $cachemem = ''; - -if ($proxysettings{'ACTION'} eq $Lang::tr{'save'}) -{ - - #assume error - my $configerror = 1; - - if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ || - $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ || - $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ || - $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) { - $errormessage = $Lang::tr{'invalid input'}; - goto ERROR; - } - if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) || - ($proxysettings{'CACHE_SIZE'} < 10)) - { - $errormessage = $Lang::tr{'invalid cache size'}; - goto ERROR; - } - if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/)) - { - $errormessage = $Lang::tr{'invalid maximum object size'}; - goto ERROR; - } - if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/)) - { - $errormessage = $Lang::tr{'invalid minimum object size'}; - goto ERROR; - } - if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/)) - { - $errormessage = $Lang::tr{'invalid maximum outgoing size'}; - goto ERROR; - } - if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/)) - { - $errormessage = $Lang::tr{'invalid maximum incoming size'}; - goto ERROR; - } - - if (!($proxysettings{'EXTENSION_METHODS'} =~ /^(|[A-Z0-9 _-]+)$/)) - { - $errormessage = $Lang::tr{'squid extension methods invalid'}; - goto ERROR; - } - - # Quick parent proxy error checking of username and password info. If username password don't both exist give an error. - my $proxy1 = 'YES'; - my $proxy2 = 'YES'; - if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';} - if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';} - if (($proxy1 ne $proxy2)) - { - $errormessage = $Lang::tr{'invalid upstream proxy username or password setting'}; - goto ERROR; - } - - $_ = $proxysettings{'UPSTREAM_PROXY'}; - my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); - $remoteport = 80 if ($remoteport eq ''); - - $proxysettings{'VALID'} = 'yes'; - &General::writehash("${General::swroot}/proxy/settings", \%proxysettings); - - # - # NAH, 03-Jan-2004 - # - my @free = `/usr/bin/free`; - $free[1] =~ m/(\d+)/; - $cachemem = int $1 / 10; - if ($cachemem < 4096) { - $cachemem = 4096; - } - if ($cachemem > $proxysettings{'CACHE_SIZE'} * 40) { - $cachemem = ( $proxysettings{'CACHE_SIZE'} * 40 ); - } - - open(FILE, ">/${General::swroot}/proxy/squid.conf") or die "Unable to write squid.conf file"; - flock(FILE, 2); - print FILE <) { - $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/; - $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/; - $_ =~ s/__BLUE_IP__/$blue_ip/; - $_ =~ s/__BLUE_NET__/$blue_net/; - $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/; - print FILE $_; - } - close (ACL); - - # This value is in bytes, so we must turn it from KB into bytes - my $max_incoming_size = $proxysettings{'MAX_INCOMING_SIZE'} * 1024; - - print FILE <$errormessage \n"; - &Header::closebox(); -} - -print "
\n"; - -&Header::openbox('100%', 'left', "$Lang::tr{'web proxy'}:"); -print < - - $Lang::tr{'enabled on'} Green: - - $Lang::tr{'upstream proxy host:port'}: * - - - - $Lang::tr{'transparent on'} Green: - - $Lang::tr{'upstream username'} * - - - -END -; -if ($netsettings{'BLUE_DEV'}) { - print "$Lang::tr{'enabled on'} Blue:"; - print ""; -} else { - print " "; -} -print <$Lang::tr{'upstream password'} * - - - -END -; -if ($netsettings{'BLUE_DEV'}) { - print "$Lang::tr{'transparent on'} Blue:"; - print ""; -} else { - print " "; -} -print <$Lang::tr{'proxy port'}: - - - - $Lang::tr{'log enabled'}: - - $Lang::tr{'squid extension methods'}: * - - - - -
$Lang::tr{'cache management'} - - - $Lang::tr{'cache size'} - - - - $Lang::tr{'min size'} - - $Lang::tr{'max size'} - - - -
$Lang::tr{'transfer limits'} - - - $Lang::tr{'max incoming size'} - - $Lang::tr{'max outgoing size'} - - - - -
- - - - - - - -
- *  - $Lang::tr{'this field may be blank'} - - -
-END -; -&Header::closebox(); - -print "\n"; - -&Header::closebigbox(); - -&Header::closepage(); - -} # end sub DoHTML -1 +#!/usr/bin/perl +# +# IPCop CGIs +# +# This code is distributed under the terms of the GPL +# +# $Id: advproxy.cgi,v 1.2.1 2006/04/02 00:00:00 marco.s Exp $ +# + +use strict; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +use IO::Socket; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +my %proxysettings=(); +my %netsettings=(); +my %filtersettings=(); +my %updaccsettings=(); +my %stdproxysettings=(); +my %mainsettings=(); +my $urlfilter_addon=0; +my $updacclrtr_addon=0; + +my %checked=(); +my %selected=(); + +my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120); +my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip"; +my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi"; +my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m"; + +my @useragent=(); +my @useragentlist=(); + +my $hintcolour='#FFFFCC'; +my $ncsa_buttontext=''; +my $language=''; +my $i=0; +my $n=0; +my $id=0; +my $line=''; +my $user=''; +my @userlist=(); +my @grouplist=(); +my @temp=(); +my @templist=(); + +my $cachemem=0; +my $proxy1=''; +my $proxy2=''; +my $replybodymaxsize=0; +my $browser_regexp=''; +my $needhup = 0; +my $errormessage=''; + +my $acldir = "${General::swroot}/proxy/advanced/acls"; +my $ncsadir = "${General::swroot}/proxy/advanced/ncsa"; +my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm"; +my $raddir = "${General::swroot}/proxy/advanced/radius"; +my $identdir = "${General::swroot}/proxy/advanced/ident"; +my $credir = "${General::swroot}/proxy/advanced/cre"; + +my $userdb = "$ncsadir/passwd"; +my $stdgrp = "$ncsadir/standard.grp"; +my $extgrp = "$ncsadir/extended.grp"; +my $disgrp = "$ncsadir/disabled.grp"; + +my $browserdb = "${General::swroot}/proxy/advanced/useragents"; +my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes"; +my $throttled_urls = "${General::swroot}/proxy/advanced/throttle"; + +my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable"; +my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms"; +my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors"; + +my $identhosts = "$identdir/hosts"; + +my $libexecdir = "/usr/lib/squid"; + +my $acl_src_subnets = "$acldir/src_subnets.acl"; +my $acl_src_banned_ip = "$acldir/src_banned_ip.acl"; +my $acl_src_banned_mac = "$acldir/src_banned_mac.acl"; +my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl"; +my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl"; +my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl"; +my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl"; +my $acl_dst_nocache = "$acldir/dst_nocache.acl"; +my $acl_dst_noauth = "$acldir/dst_noauth.acl"; +my $acl_dst_throttle = "$acldir/dst_throttle.acl"; +my $acl_include = "$acldir/include.acl"; + +unless (-d "$acldir") { mkdir("$acldir"); } +unless (-d "$ncsadir") { mkdir("$ncsadir"); } +unless (-d "$ntlmdir") { mkdir("$ntlmdir"); } +unless (-d "$raddir") { mkdir("$raddir"); } +unless (-d "$identdir") { mkdir("$identdir"); } +unless (-d "$credir") { mkdir("$credir"); } + +unless (-e $cre_groups) { system("touch $cre_groups"); } +unless (-e $cre_svhosts) { system("touch $cre_svhosts"); } + +unless (-e $userdb) { system("touch $userdb"); } +unless (-e $stdgrp) { system("touch $stdgrp"); } +unless (-e $extgrp) { system("touch $extgrp"); } +unless (-e $disgrp) { system("touch $disgrp"); } + +unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); } +unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); } +unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); } +unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); } +unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); } +unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); } +unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); } +unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); } +unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); } +unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); } +unless (-e $acl_include) { system("touch $acl_include"); } + +unless (-e $browserdb) { system("touch $browserdb"); } +unless (-e $mimetypes) { system("touch $mimetypes"); } + +open FILE, $browserdb; +@useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,; +close(FILE); + +my %filtersettings=(); +$filtersettings{'CHILDREN'} = '5'; +if (-e "${General::swroot}/urlfilter/settings") { + &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings); +} + +&General::readhash("${General::swroot}/ethernet/settings", \%netsettings); +&General::readhash("${General::swroot}/main/settings", \%mainsettings); + +if (-e "${General::swroot}/urlfilter/version") { $urlfilter_addon = 1; } +if (-e "${General::swroot}/updacclrtr/version") { $updacclrtr_addon = 1; } + +if ($urlfilter_addon) { + $filtersettings{'CHILDREN'} = '5'; + if (-e "${General::swroot}/urlfilter/settings") { + &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings); + } +} + +if ($updacclrtr_addon) { + $updaccsettings{'ACCELERATORS'} = '10'; + if (-e "${General::swroot}/updacclrtr/settings") { + &General::readhash("${General::swroot}/updacclrtr/settings", \%updaccsettings); + } +} + +&Header::showhttpheaders(); + +$proxysettings{'ENABLE_FILTER'} = 'off'; +$proxysettings{'ACTION'} = ''; +$proxysettings{'VALID'} = ''; + +$proxysettings{'ENABLE'} = 'off'; +$proxysettings{'ENABLE_BLUE'} = 'off'; +$proxysettings{'TRANSPARENT'} = 'off'; +$proxysettings{'TRANSPARENT_BLUE'} = 'off'; +$proxysettings{'PROXY_PORT'} = '800'; +$proxysettings{'VISIBLE_HOSTNAME'} = ''; +$proxysettings{'ADMIN_MAIL_ADDRESS'} = ''; +$proxysettings{'ERR_LANGUAGE'} = 'English'; +$proxysettings{'FORWARD_VIA'} = 'off'; +$proxysettings{'FORWARD_IPADDRESS'} = 'off'; +$proxysettings{'FORWARD_USERNAME'} = 'off'; +$proxysettings{'UPSTREAM_PROXY'} = ''; +$proxysettings{'UPSTREAM_USER'} = ''; +$proxysettings{'UPSTREAM_PASSWORD'} = ''; +$proxysettings{'LOGGING'} = 'off'; +$proxysettings{'LOGQUERY'} = 'off'; +$proxysettings{'LOGUSERAGENT'} = 'off'; +$proxysettings{'CACHE_MEM'} = '2'; +$proxysettings{'CACHE_SIZE'} = '50'; +$proxysettings{'MAX_SIZE'} = '4096'; +$proxysettings{'MIN_SIZE'} = '0'; +$proxysettings{'MEM_POLICY'} = 'LRU'; +$proxysettings{'CACHE_POLICY'} = 'LRU'; +$proxysettings{'L1_DIRS'} = '16'; +$proxysettings{'OFFLINE_MODE'} = 'off'; +$proxysettings{'CLASSROOM_EXT'} = 'off'; +$proxysettings{'SUPERVISOR_PASSWORD'} = ''; +$proxysettings{'TIME_ACCESS_MODE'} = 'allow'; +$proxysettings{'TIME_FROM_HOUR'} = '00'; +$proxysettings{'TIME_FROM_MINUTE'} = '00'; +$proxysettings{'TIME_TO_HOUR'} = '24'; +$proxysettings{'TIME_TO_MINUTE'} = '00'; +$proxysettings{'MAX_OUTGOING_SIZE'} = '0'; +$proxysettings{'MAX_INCOMING_SIZE'} = '0'; +$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited'; +$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited'; +$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited'; +$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited'; +$proxysettings{'THROTTLE_BINARY'} = 'off'; +$proxysettings{'THROTTLE_DSKIMG'} = 'off'; +$proxysettings{'THROTTLE_MMEDIA'} = 'off'; +$proxysettings{'ENABLE_MIME_FILTER'} = 'off'; +$proxysettings{'ENABLE_BROWSER_CHECK'} = 'off'; +$proxysettings{'FAKE_USERAGENT'} = ''; +$proxysettings{'FAKE_REFERER'} = ''; +$proxysettings{'AUTH_METHOD'} = 'none'; +$proxysettings{'AUTH_REALM'} = ''; +$proxysettings{'AUTH_MAX_USERIP'} = ''; +$proxysettings{'AUTH_CACHE_TTL'} = '60'; +$proxysettings{'AUTH_IPCACHE_TTL'} = '0'; +$proxysettings{'AUTH_CHILDREN'} = '5'; +$proxysettings{'NCSA_MIN_PASS_LEN'} = '6'; +$proxysettings{'NCSA_BYPASS_REDIR'} = 'off'; +$proxysettings{'NCSA_USERNAME'} = ''; +$proxysettings{'NCSA_GROUP'} = ''; +$proxysettings{'NCSA_PASS'} = ''; +$proxysettings{'NCSA_PASS_CONFIRM'} = ''; +$proxysettings{'LDAP_BASEDN'} = ''; +$proxysettings{'LDAP_TYPE'} = 'ADS'; +$proxysettings{'LDAP_SERVER'} = ''; +$proxysettings{'LDAP_PORT'} = '389'; +$proxysettings{'LDAP_BINDDN_USER'} = ''; +$proxysettings{'LDAP_BINDDN_PASS'} = ''; +$proxysettings{'LDAP_GROUP'} = ''; +$proxysettings{'NTLM_DOMAIN'} = ''; +$proxysettings{'NTLM_PDC'} = ''; +$proxysettings{'NTLM_BDC'} = ''; +$proxysettings{'NTLM_ENABLE_ACL'} = 'off'; +$proxysettings{'NTLM_USER_ACL'} = 'positive'; +$proxysettings{'RADIUS_SERVER'} = ''; +$proxysettings{'RADIUS_PORT'} = '1645'; +$proxysettings{'RADIUS_IDENTIFIER'} = ''; +$proxysettings{'RADIUS_SECRET'} = ''; +$proxysettings{'RADIUS_ENABLE_ACL'} = 'off'; +$proxysettings{'RADIUS_USER_ACL'} = 'positive'; +$proxysettings{'IDENT_REQUIRED'} = 'off'; +$proxysettings{'IDENT_TIMEOUT'} = '10'; +$proxysettings{'IDENT_ENABLE_ACL'} = 'off'; +$proxysettings{'IDENT_USER_ACL'} = 'positive'; + +if ($urlfilter_addon) { + $proxysettings{'ENABLE_FILTER'} = 'off'; +} + +if ($updacclrtr_addon) { + $proxysettings{'ENABLE_UPDACCEL'} = 'off'; +} + +$ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'}; + +&Header::getcgihash(\%proxysettings); + +if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';} +if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';} +if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';} +if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';} + +if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'}) +{ + $proxysettings{'NCSA_EDIT_MODE'} = 'yes'; +} + +if ($proxysettings{'ACTION'} eq $Lang::tr{'add'}) +{ + $proxysettings{'NCSA_EDIT_MODE'} = 'yes'; + if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) { + $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'}; + } + if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) { + $errormessage = $Lang::tr{'advproxy errmsg passwords different'}; + } + if ($proxysettings{'NCSA_USERNAME'} eq '') { + $errormessage = $Lang::tr{'advproxy errmsg no username'}; + } + if (!$errormessage) { + $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/; + &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'}); + } + $proxysettings{'NCSA_USERNAME'} = ''; + $proxysettings{'NCSA_GROUP'} = ''; + $proxysettings{'NCSA_PASS'} = ''; + $proxysettings{'NCSA_PASS_CONFIRM'} = ''; +} + +if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'}) +{ + $proxysettings{'NCSA_EDIT_MODE'} = 'yes'; + &deluser($proxysettings{'ID'}); +} + +if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) +{ + $proxysettings{'NCSA_EDIT_MODE'} = 'yes'; + $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'}; + @temp = split(/:/,$proxysettings{'ID'}); + $proxysettings{'NCSA_USERNAME'} = $temp[0]; + $proxysettings{'NCSA_GROUP'} = $temp[1]; + $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE"; + $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'}; +} + +if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'})) +{ + if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ || + $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ || + $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ || + $proxysettings{'TRANSPARENT_BLUE'} !~ /^(on|off)$/ ) { + $errormessage = $Lang::tr{'invalid input'}; + goto ERROR; + } + if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) || + ($proxysettings{'CACHE_SIZE'} < 10)) + { + $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'}; + goto ERROR; + } + if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) || + ($proxysettings{'CACHE_MEM'} < 1)) + { + $errormessage = $Lang::tr{'advproxy errmsg mem cache size'}; + goto ERROR; + } + my @free = `/usr/bin/free`; + $free[1] =~ m/(\d+)/; + $cachemem = int $1 / 2048; + if ($proxysettings{'CACHE_MEM'} > $cachemem) { + $proxysettings{'CACHE_MEM'} = $cachemem; + } + if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/)) + { + $errormessage = $Lang::tr{'invalid maximum object size'}; + goto ERROR; + } + if (!($proxysettings{'MIN_SIZE'} =~ /^\d+/)) + { + $errormessage = $Lang::tr{'invalid minimum object size'}; + goto ERROR; + } + if (!($proxysettings{'MAX_OUTGOING_SIZE'} =~ /^\d+/)) + { + $errormessage = $Lang::tr{'invalid maximum outgoing size'}; + goto ERROR; + } + if ($proxysettings{'ENABLE_FILTER'} eq 'on') + { + print FILE < 255))) + { + $errormessage = $Lang::tr{'advproxy errmsg max userip'}; + goto ERROR; + } + if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/)) + { + $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'}; + goto ERROR; + } + if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/)) + { + $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'}; + goto ERROR; + } + if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) + { + $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'}; + goto ERROR; + } + if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255)) + { + $errormessage = $Lang::tr{'advproxy errmsg auth children'}; + goto ERROR; + } + } + if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') + { + if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255)) + { + $errormessage = $Lang::tr{'advproxy errmsg password length'}; + goto ERROR; + } + } + if ($proxysettings{'AUTH_METHOD'} eq 'ident') + { + if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1)) + { + $errormessage = $Lang::tr{'advproxy errmsg ident timeout'}; + goto ERROR; + } + } + if ($proxysettings{'AUTH_METHOD'} eq 'ldap') + { + if ($proxysettings{'LDAP_BASEDN'} eq '') + { + $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'}; + goto ERROR; + } + if (!&General::validip($proxysettings{'LDAP_SERVER'})) + { + $errormessage = $Lang::tr{'advproxy errmsg ldap server'}; + goto ERROR; + } + if (!&General::validport($proxysettings{'LDAP_PORT'})) + { + $errormessage = $Lang::tr{'advproxy errmsg ldap port'}; + goto ERROR; + } + if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS')) + { + if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq '')) + { + $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'}; + goto ERROR; + } + } + } + if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') + { + if ($proxysettings{'NTLM_DOMAIN'} eq '') + { + $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'}; + goto ERROR; + } + if ($proxysettings{'NTLM_PDC'} eq '') + { + $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'}; + goto ERROR; + } + if (!&General::validhostname($proxysettings{'NTLM_PDC'})) + { + $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'}; + goto ERROR; + } + if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'}))) + { + $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'}; + goto ERROR; + } + } + if ($proxysettings{'AUTH_METHOD'} eq 'radius') + { + if (!&General::validip($proxysettings{'RADIUS_SERVER'})) + { + $errormessage = $Lang::tr{'advproxy errmsg radius server'}; + goto ERROR; + } + if (!&General::validport($proxysettings{'RADIUS_PORT'})) + { + $errormessage = $Lang::tr{'advproxy errmsg radius port'}; + goto ERROR; + } + if ($proxysettings{'RADIUS_SECRET'} eq '') + { + $errormessage = $Lang::tr{'advproxy errmsg radius secret'}; + goto ERROR; + } + } + + # Quick parent proxy error checking of username and password info. If username password don't both exist give an error. + $proxy1 = 'YES'; + $proxy2 = 'YES'; + if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';} + if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';} + if (($proxy1 ne $proxy2)) + { + $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'}; + goto ERROR; + } + +ERROR: + &check_acls; + + if ($errormessage) { + $proxysettings{'VALID'} = 'no'; } + else { + $proxysettings{'VALID'} = 'yes'; } + + if ($proxysettings{'VALID'} eq 'yes') + { + &write_acls; + + delete $proxysettings{'SRC_SUBNETS'}; + delete $proxysettings{'SRC_BANNED_IP'}; + delete $proxysettings{'SRC_BANNED_MAC'}; + delete $proxysettings{'SRC_UNRESTRICTED_IP'}; + delete $proxysettings{'SRC_UNRESTRICTED_MAC'}; + delete $proxysettings{'DST_NOCACHE'}; + delete $proxysettings{'DST_NOAUTH'}; + delete $proxysettings{'MIME_TYPES'}; + delete $proxysettings{'NTLM_ALLOW_USERS'}; + delete $proxysettings{'NTLM_DENY_USERS'}; + delete $proxysettings{'RADIUS_ALLOW_USERS'}; + delete $proxysettings{'RADIUS_DENY_USERS'}; + delete $proxysettings{'IDENT_HOSTS'}; + delete $proxysettings{'IDENT_ALLOW_USERS'}; + delete $proxysettings{'IDENT_DENY_USERS'}; + + delete $proxysettings{'CRE_GROUPS'}; + delete $proxysettings{'CRE_SVHOSTS'}; + + delete $proxysettings{'NCSA_USERNAME'}; + delete $proxysettings{'NCSA_GROUP'}; + delete $proxysettings{'NCSA_PASS'}; + delete $proxysettings{'NCSA_PASS_CONFIRM'}; + + $proxysettings{'TIME_MON'} = 'off' unless exists $proxysettings{'TIME_MON'}; + $proxysettings{'TIME_TUE'} = 'off' unless exists $proxysettings{'TIME_TUE'}; + $proxysettings{'TIME_WED'} = 'off' unless exists $proxysettings{'TIME_WED'}; + $proxysettings{'TIME_THU'} = 'off' unless exists $proxysettings{'TIME_THU'}; + $proxysettings{'TIME_FRI'} = 'off' unless exists $proxysettings{'TIME_FRI'}; + $proxysettings{'TIME_SAT'} = 'off' unless exists $proxysettings{'TIME_SAT'}; + $proxysettings{'TIME_SUN'} = 'off' unless exists $proxysettings{'TIME_SUN'}; + + $proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'off' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'}; + $proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'off' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'}; + + &General::writehash("${General::swroot}/proxy/advanced/settings", \%proxysettings); + + if ($urlfilter_addon) + { + if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); } + $stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'}; + &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings); + } + + if ($updacclrtr_addon) + { + if (-e "${General::swroot}/proxy/settings") { &General::readhash("${General::swroot}/proxy/settings", \%stdproxysettings); } + $stdproxysettings{'ENABLE_UPDACCEL'} = $proxysettings{'ENABLE_UPDACCEL'}; + &General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings); + } + + &writeconfig; + &writepacfile; + + unlink "${General::swroot}/proxy/enable"; + unlink "${General::swroot}/proxy/transparent"; + unlink "${General::swroot}/proxy/enable_blue"; + unlink "${General::swroot}/proxy/transparent_blue"; + + if ($proxysettings{'ENABLE'} eq 'on') { + system ('/bin/touch', "${General::swroot}/proxy/enable"); } + if ($proxysettings{'TRANSPARENT'} eq 'on') { + system ('/bin/touch', "${General::swroot}/proxy/transparent"); } + if ($proxysettings{'ENABLE_BLUE'} eq 'on') { + system ('/bin/touch', "${General::swroot}/proxy/enable_blue"); } + if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') { + system ('/bin/touch', "${General::swroot}/proxy/transparent_blue"); } + + if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/restartsquid'); } + } +} + +if ($proxysettings{'ACTION'} eq $Lang::tr{'clear cache'}) +{ + system('/usr/local/bin/restartsquid','-f'); +} + +if (!$errormessage) +{ + if (-e "${General::swroot}/proxy/advanced/settings") { + &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings); + } elsif (-e "${General::swroot}/proxy/settings") { + &General::readhash("${General::swroot}/proxy/settings", \%proxysettings); + } + &read_acls; +} + +$checked{'ENABLE'}{'off'} = ''; +$checked{'ENABLE'}{'on'} = ''; +$checked{'ENABLE'}{$proxysettings{'ENABLE'}} = "checked='checked'"; + +$checked{'TRANSPARENT'}{'off'} = ''; +$checked{'TRANSPARENT'}{'on'} = ''; +$checked{'TRANSPARENT'}{$proxysettings{'TRANSPARENT'}} = "checked='checked'"; + +$checked{'ENABLE_BLUE'}{'off'} = ''; +$checked{'ENABLE_BLUE'}{'on'} = ''; +$checked{'ENABLE_BLUE'}{$proxysettings{'ENABLE_BLUE'}} = "checked='checked'"; + +$checked{'TRANSPARENT_BLUE'}{'off'} = ''; +$checked{'TRANSPARENT_BLUE'}{'on'} = ''; +$checked{'TRANSPARENT_BLUE'}{$proxysettings{'TRANSPARENT_BLUE'}} = "checked='checked'"; + +$checked{'FORWARD_IPADDRESS'}{'off'} = ''; +$checked{'FORWARD_IPADDRESS'}{'on'} = ''; +$checked{'FORWARD_IPADDRESS'}{$proxysettings{'FORWARD_IPADDRESS'}} = "checked='checked'"; +$checked{'FORWARD_USERNAME'}{'off'} = ''; +$checked{'FORWARD_USERNAME'}{'on'} = ''; +$checked{'FORWARD_USERNAME'}{$proxysettings{'FORWARD_USERNAME'}} = "checked='checked'"; +$checked{'FORWARD_VIA'}{'off'} = ''; +$checked{'FORWARD_VIA'}{'on'} = ''; +$checked{'FORWARD_VIA'}{$proxysettings{'FORWARD_VIA'}} = "checked='checked'"; + +$selected{'MEM_POLICY'}{$proxysettings{'MEM_POLICY'}} = "selected='selected'"; +$selected{'CACHE_POLICY'}{$proxysettings{'CACHE_POLICY'}} = "selected='selected'"; +$selected{'L1_DIRS'}{$proxysettings{'L1_DIRS'}} = "selected='selected'"; +$checked{'OFFLINE_MODE'}{'off'} = ''; +$checked{'OFFLINE_MODE'}{'on'} = ''; +$checked{'OFFLINE_MODE'}{$proxysettings{'OFFLINE_MODE'}} = "checked='checked'"; + +$checked{'LOGGING'}{'off'} = ''; +$checked{'LOGGING'}{'on'} = ''; +$checked{'LOGGING'}{$proxysettings{'LOGGING'}} = "checked='checked'"; +$checked{'LOGQUERY'}{'off'} = ''; +$checked{'LOGQUERY'}{'on'} = ''; +$checked{'LOGQUERY'}{$proxysettings{'LOGQUERY'}} = "checked='checked'"; +$checked{'LOGUSERAGENT'}{'off'} = ''; +$checked{'LOGUSERAGENT'}{'on'} = ''; +$checked{'LOGUSERAGENT'}{$proxysettings{'LOGUSERAGENT'}} = "checked='checked'"; + +$selected{'ERR_LANGUAGE'}{$proxysettings{'ERR_LANGUAGE'}} = "selected='selected'"; + +$checked{'CLASSROOM_EXT'}{'off'} = ''; +$checked{'CLASSROOM_EXT'}{'on'} = ''; +$checked{'CLASSROOM_EXT'}{$proxysettings{'CLASSROOM_EXT'}} = "checked='checked'"; + +$selected{'TIME_ACCESS_MODE'}{$proxysettings{'TIME_ACCESS_MODE'}} = "selected='selected'"; +$selected{'TIME_FROM_HOUR'}{$proxysettings{'TIME_FROM_HOUR'}} = "selected='selected'"; +$selected{'TIME_FROM_MINUTE'}{$proxysettings{'TIME_FROM_MINUTE'}} = "selected='selected'"; +$selected{'TIME_TO_HOUR'}{$proxysettings{'TIME_TO_HOUR'}} = "selected='selected'"; +$selected{'TIME_TO_MINUTE'}{$proxysettings{'TIME_TO_MINUTE'}} = "selected='selected'"; + +$proxysettings{'TIME_MON'} = 'on' unless exists $proxysettings{'TIME_MON'}; +$proxysettings{'TIME_TUE'} = 'on' unless exists $proxysettings{'TIME_TUE'}; +$proxysettings{'TIME_WED'} = 'on' unless exists $proxysettings{'TIME_WED'}; +$proxysettings{'TIME_THU'} = 'on' unless exists $proxysettings{'TIME_THU'}; +$proxysettings{'TIME_FRI'} = 'on' unless exists $proxysettings{'TIME_FRI'}; +$proxysettings{'TIME_SAT'} = 'on' unless exists $proxysettings{'TIME_SAT'}; +$proxysettings{'TIME_SUN'} = 'on' unless exists $proxysettings{'TIME_SUN'}; + +$checked{'TIME_MON'}{'off'} = ''; +$checked{'TIME_MON'}{'on'} = ''; +$checked{'TIME_MON'}{$proxysettings{'TIME_MON'}} = "checked='checked'"; +$checked{'TIME_TUE'}{'off'} = ''; +$checked{'TIME_TUE'}{'on'} = ''; +$checked{'TIME_TUE'}{$proxysettings{'TIME_TUE'}} = "checked='checked'"; +$checked{'TIME_WED'}{'off'} = ''; +$checked{'TIME_WED'}{'on'} = ''; +$checked{'TIME_WED'}{$proxysettings{'TIME_WED'}} = "checked='checked'"; +$checked{'TIME_THU'}{'off'} = ''; +$checked{'TIME_THU'}{'on'} = ''; +$checked{'TIME_THU'}{$proxysettings{'TIME_THU'}} = "checked='checked'"; +$checked{'TIME_FRI'}{'off'} = ''; +$checked{'TIME_FRI'}{'on'} = ''; +$checked{'TIME_FRI'}{$proxysettings{'TIME_FRI'}} = "checked='checked'"; +$checked{'TIME_SAT'}{'off'} = ''; +$checked{'TIME_SAT'}{'on'} = ''; +$checked{'TIME_SAT'}{$proxysettings{'TIME_SAT'}} = "checked='checked'"; +$checked{'TIME_SUN'}{'off'} = ''; +$checked{'TIME_SUN'}{'on'} = ''; +$checked{'TIME_SUN'}{$proxysettings{'TIME_SUN'}} = "checked='checked'"; + +$selected{'THROTTLING_GREEN_TOTAL'}{$proxysettings{'THROTTLING_GREEN_TOTAL'}} = "selected='selected'"; +$selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "selected='selected'"; +$selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'"; +$selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'"; + +$checked{'THROTTLE_BINARY'}{'off'} = ''; +$checked{'THROTTLE_BINARY'}{'on'} = ''; +$checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'"; +$checked{'THROTTLE_DSKIMG'}{'off'} = ''; +$checked{'THROTTLE_DSKIMG'}{'on'} = ''; +$checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'"; +$checked{'THROTTLE_MMEDIA'}{'off'} = ''; +$checked{'THROTTLE_MMEDIA'}{'on'} = ''; +$checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'"; + +$checked{'ENABLE_MIME_FILTER'}{'off'} = ''; +$checked{'ENABLE_MIME_FILTER'}{'on'} = ''; +$checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'"; + +$checked{'ENABLE_BROWSER_CHECK'}{'off'} = ''; +$checked{'ENABLE_BROWSER_CHECK'}{'on'} = ''; +$checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'"; + +foreach (@useragentlist) { + @useragent = split(/,/); + $checked{'UA_'.@useragent[0]}{'off'} = ''; + $checked{'UA_'.@useragent[0]}{'on'} = ''; + $checked{'UA_'.@useragent[0]}{$proxysettings{'UA_'.@useragent[0]}} = "checked='checked'"; +} + +$checked{'AUTH_METHOD'}{'none'} = ''; +$checked{'AUTH_METHOD'}{'ncsa'} = ''; +$checked{'AUTH_METHOD'}{'ident'} = ''; +$checked{'AUTH_METHOD'}{'ldap'} = ''; +$checked{'AUTH_METHOD'}{'ntlm'} = ''; +$checked{'AUTH_METHOD'}{'radius'} = ''; +$checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'"; + +$proxysettings{'AUTH_ALWAYS_REQUIRED'} = 'on' unless exists $proxysettings{'AUTH_ALWAYS_REQUIRED'}; + +$checked{'AUTH_ALWAYS_REQUIRED'}{'off'} = ''; +$checked{'AUTH_ALWAYS_REQUIRED'}{'on'} = ''; +$checked{'AUTH_ALWAYS_REQUIRED'}{$proxysettings{'AUTH_ALWAYS_REQUIRED'}} = "checked='checked'"; + +$checked{'NCSA_BYPASS_REDIR'}{'off'} = ''; +$checked{'NCSA_BYPASS_REDIR'}{'on'} = ''; +$checked{'NCSA_BYPASS_REDIR'}{$proxysettings{'NCSA_BYPASS_REDIR'}} = "checked='checked'"; + +$selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'"; + +$selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'"; + +$proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'}; + +$checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = ''; +$checked{'NTLM_ENABLE_INT_AUTH'}{'on'} = ''; +$checked{'NTLM_ENABLE_INT_AUTH'}{$proxysettings{'NTLM_ENABLE_INT_AUTH'}} = "checked='checked'"; + +$checked{'NTLM_ENABLE_ACL'}{'off'} = ''; +$checked{'NTLM_ENABLE_ACL'}{'on'} = ''; +$checked{'NTLM_ENABLE_ACL'}{$proxysettings{'NTLM_ENABLE_ACL'}} = "checked='checked'"; + +$checked{'NTLM_USER_ACL'}{'positive'} = ''; +$checked{'NTLM_USER_ACL'}{'negative'} = ''; +$checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'"; + +$checked{'RADIUS_ENABLE_ACL'}{'off'} = ''; +$checked{'RADIUS_ENABLE_ACL'}{'on'} = ''; +$checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'"; + +$checked{'RADIUS_USER_ACL'}{'positive'} = ''; +$checked{'RADIUS_USER_ACL'}{'negative'} = ''; +$checked{'RADIUS_USER_ACL'}{$proxysettings{'RADIUS_USER_ACL'}} = "checked='checked'"; + +$checked{'IDENT_REQUIRED'}{'off'} = ''; +$checked{'IDENT_REQUIRED'}{'on'} = ''; +$checked{'IDENT_REQUIRED'}{$proxysettings{'IDENT_REQUIRED'}} = "checked='checked'"; + +$checked{'IDENT_ENABLE_ACL'}{'off'} = ''; +$checked{'IDENT_ENABLE_ACL'}{'on'} = ''; +$checked{'IDENT_ENABLE_ACL'}{$proxysettings{'IDENT_ENABLE_ACL'}} = "checked='checked'"; + +$checked{'IDENT_USER_ACL'}{'positive'} = ''; +$checked{'IDENT_USER_ACL'}{'negative'} = ''; +$checked{'IDENT_USER_ACL'}{$proxysettings{'IDENT_USER_ACL'}} = "checked='checked'"; + +if ($urlfilter_addon) { + $checked{'ENABLE_FILTER'}{'off'} = ''; + $checked{'ENABLE_FILTER'}{'on'} = ''; + $checked{'ENABLE_FILTER'}{$proxysettings{'ENABLE_FILTER'}} = "checked='checked'"; +} + +if ($updacclrtr_addon) { + $checked{'ENABLE_UPDACCEL'}{'off'} = ''; + $checked{'ENABLE_UPDACCEL'}{'on'} = ''; + $checked{'ENABLE_UPDACCEL'}{$proxysettings{'ENABLE_UPDACCEL'}} = "checked='checked'"; +} + +&Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, ''); + +&Header::openbigbox('100%', 'left', '', $errormessage); + +if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "$errormessage \n"; + &Header::closebox(); +} + +# =================================================================== +# Main settings +# =================================================================== + +unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') { + +print "
\n"; + +&Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}"); + +print < + + $Lang::tr{'advproxy common settings'} + + + $Lang::tr{'advproxy enabled on'} Green: + + $Lang::tr{'advproxy proxy port'}: + + + + $Lang::tr{'advproxy transparent on'} Green: + + $Lang::tr{'advproxy visible hostname'}: * + + + +END +; +if ($netsettings{'BLUE_DEV'}) { + print "$Lang::tr{'advproxy enabled on'} Blue:"; + print ""; +} else { + print " "; +} +print <$Lang::tr{'advproxy admin mail'}: * + + + +END +; +if ($netsettings{'BLUE_DEV'}) { + print "$Lang::tr{'advproxy transparent on'} Blue:"; + print ""; +} else { + print " "; +} +print <$Lang::tr{'advproxy error language'}: + + +   + + +
+ + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy upstream proxy'}
$Lang::tr{'advproxy via forwarding'}:$Lang::tr{'advproxy upstream proxy host:port'} *
$Lang::tr{'advproxy client IP forwarding'}:$Lang::tr{'advproxy upstream username'}: *
$Lang::tr{'advproxy username forwarding'}:$Lang::tr{'advproxy upstream password'}: *
+
+ + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy log settings'}
$Lang::tr{'advproxy log enabled'}:$Lang::tr{'advproxy log query'}:
  $Lang::tr{'advproxy log useragent'}:
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy cache management'}
$Lang::tr{'advproxy ram cache size'}:$Lang::tr{'advproxy hdd cache size'}:
$Lang::tr{'advproxy min size'}:$Lang::tr{'advproxy max size'}:
$Lang::tr{'advproxy number of L1 dirs'}: + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy no cache sites'}: *
+
$Lang::tr{'advproxy memory replacement policy'}:
$Lang::tr{'advproxy cache replacement policy'}:
 
$Lang::tr{'advproxy offline mode'}:
+
+ + + + + + + + + + + + + + + +
$Lang::tr{'advproxy network based access'}
$Lang::tr{'advproxy allowed subnets'}: 
 
+ + + + + + + + + + + + +
$Lang::tr{'advproxy unrestricted ip clients'}: *$Lang::tr{'advproxy unrestricted mac clients'}: *
+ + + + + + + + + + + + +
$Lang::tr{'advproxy banned ip clients'}: *$Lang::tr{'advproxy banned mac clients'}: *
+ +
+ +END +; +# ------------------------------------------------------------------- +# CRE GUI - optional +# ------------------------------------------------------------------- + +if (-e $cre_enabled) { print < + + + $Lang::tr{'advproxy classroom extensions'} + + + + + + $Lang::tr{'advproxy enabled'}: + + $Lang::tr{'advproxy supervisor password'}: * + + + + $Lang::tr{'advproxy cre group definitions'}: + $Lang::tr{'advproxy cre supervisors'}: * + + + + + + + + +
+END +; +} else { + print < + + +END +; +} +# ------------------------------------------------------------------- + +print < + + $Lang::tr{'advproxy time restrictions'} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy access'} $Lang::tr{'advproxy monday'}$Lang::tr{'advproxy tuesday'}$Lang::tr{'advproxy wednesday'}$Lang::tr{'advproxy thursday'}$Lang::tr{'advproxy friday'}$Lang::tr{'advproxy saturday'}$Lang::tr{'advproxy sunday'}  $Lang::tr{'advproxy from'} $Lang::tr{'advproxy to'} 
+ +    + : + - + : +
+
+ + + + + + + + + + +
$Lang::tr{'advproxy transfer limits'}
$Lang::tr{'advproxy max download size'}:$Lang::tr{'advproxy max upload size'}:
+
+ + + + + + + + + + +END +; + +if ($netsettings{'BLUE_DEV'}) { + print < + + + + + +END +; +} + +print < +
$Lang::tr{'advproxy download throttling'}
$Lang::tr{'advproxy throttling total on'} Green: + + $Lang::tr{'advproxy throttling per host on'} Green: + +
$Lang::tr{'advproxy throttling total on'} Blue: + + $Lang::tr{'advproxy throttling per host on'} Blue: + +
+ + + + + + + + + + + + + +
$Lang::tr{'advproxy content based throttling'}:
$Lang::tr{'advproxy throttle binary'}:$Lang::tr{'advproxy throttle dskimg'}:$Lang::tr{'advproxy throttle mmedia'}:  
+
+ + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy MIME filter'}
$Lang::tr{'advproxy enabled'}:
$Lang::tr{'advproxy MIME block types'}: *  
  
+
+ + + + + + + + + + + + + +
$Lang::tr{'advproxy web browser'}
$Lang::tr{'advproxy UA enable filter'}:  
+END +; +if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; } +print <
+ +END +; + +for ($n=0; $n<=@useragentlist; $n = $n + $i) { + for ($i=0; $i<=3; $i++) { + if ($i eq 0) { print "\n"; } + if (($n+$i) < @useragentlist) { + @useragent = split(/,/,@useragentlist[$n+$i]); + print "\n"; + } + if ($i eq 3) { print "<\/tr>\n"; } + } +} + +print < +
+
@useragent[1]:<\/td>\n"; + print "
+ + + + + + + + + + + + + + + +
$Lang::tr{'advproxy privacy'}
$Lang::tr{'advproxy fake useragent'}: *
$Lang::tr{'advproxy fake referer'}: *
+
+END +; + +if (($updacclrtr_addon) && (!($urlfilter_addon))) { + print < + + $Lang::tr{'advproxy update accelerator'} + + + $Lang::tr{'advproxy enabled'}: + +   +   + + +
+END +; } + +print < + + $Lang::tr{'advproxy AUTH method'} + + + $Lang::tr{'advproxy AUTH method none'} + $Lang::tr{'advproxy AUTH method ncsa'} + $Lang::tr{'advproxy AUTH method ident'} + $Lang::tr{'advproxy AUTH method ldap'} + $Lang::tr{'advproxy AUTH method ntlm'} + $Lang::tr{'advproxy AUTH method radius'} + + +END +; + +if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print < + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy AUTH global settings'}
$Lang::tr{'advproxy AUTH number of auth processes'}: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy AUTH realm'}: *
$Lang::tr{'advproxy AUTH no auth'}: *
+
$Lang::tr{'advproxy AUTH auth cache TTL'}:
$Lang::tr{'advproxy AUTH limit of IP addresses'}: *
$Lang::tr{'advproxy AUTH user IP cache TTL'}:
$Lang::tr{'advproxy AUTH always required'}:
 
+END +; +} + +# =================================================================== +# NCSA auth settings +# =================================================================== + +if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') { +print < + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy NCSA auth'}
$Lang::tr{'advproxy NCSA min password length'}:$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':

 		  
+END +; } + +# =================================================================== +# IDENTD auth settings +# =================================================================== + +if ($proxysettings{'AUTH_METHOD'} eq 'ident') { +print < + + + + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy IDENT identd settings'}
$Lang::tr{'advproxy IDENT required'}:$Lang::tr{'advproxy AUTH always required'}:
$Lang::tr{'advproxy IDENT timeout'}:  
$Lang::tr{'advproxy IDENT aware hosts'}:$Lang::tr{'advproxy AUTH no auth'}: *
+
+ + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy IDENT user based access restrictions'}
$Lang::tr{'advproxy enabled'}:  
+ $Lang::tr{'advproxy IDENT use positive access list'}: + $Lang::tr{'advproxy IDENT use negative access list'}:
$Lang::tr{'advproxy IDENT authorized users'}$Lang::tr{'advproxy IDENT unauthorized users'}
+END +; } + +# =================================================================== +# NTLM auth settings +# =================================================================== + +if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { +print < + + + + + + + + + + + + +
$Lang::tr{'advproxy NTLM domain settings'}
$Lang::tr{'advproxy NTLM domain'}:$Lang::tr{'advproxy NTLM PDC hostname'}:$Lang::tr{'advproxy NTLM BDC hostname'}: *
+
+ + + + + + + + + +
$Lang::tr{'advproxy NTLM auth mode'}
$Lang::tr{'advproxy NTLM use integrated auth'}: 
+
+ + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy NTLM user based access restrictions'}
$Lang::tr{'advproxy enabled'}:  
+ $Lang::tr{'advproxy NTLM use positive access list'}: + $Lang::tr{'advproxy NTLM use negative access list'}:
$Lang::tr{'advproxy NTLM authorized users'}$Lang::tr{'advproxy NTLM unauthorized users'}
+END +; } + +# =================================================================== +# LDAP auth settings +# =================================================================== + +if ($proxysettings{'AUTH_METHOD'} eq 'ldap') { +print < + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy LDAP common settings'}
$Lang::tr{'advproxy LDAP basedn'}:$Lang::tr{'advproxy LDAP type'}:
$Lang::tr{'advproxy LDAP server'}:$Lang::tr{'advproxy LDAP port'}:
+
+ + + + + + + + + + +
$Lang::tr{'advproxy LDAP binddn settings'}
$Lang::tr{'advproxy LDAP binddn username'}:$Lang::tr{'advproxy LDAP binddn password'}:
+
+ + + + + + + + + + +
$Lang::tr{'advproxy LDAP group access control'}
$Lang::tr{'advproxy LDAP group required'}: *  
+END +; } + +# =================================================================== +# RADIUS auth settings +# =================================================================== + +if ($proxysettings{'AUTH_METHOD'} eq 'radius') { +print < + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy RADIUS radius settings'}
$Lang::tr{'advproxy RADIUS server'}:$Lang::tr{'advproxy RADIUS port'}:
$Lang::tr{'advproxy RADIUS identifier'}: *$Lang::tr{'advproxy RADIUS secret'}:
+
+ + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy RADIUS user based access restrictions'}
$Lang::tr{'advproxy enabled'}:  
+ $Lang::tr{'advproxy RADIUS use positive access list'}: + $Lang::tr{'advproxy RADIUS use negative access list'}:
$Lang::tr{'advproxy RADIUS authorized users'}$Lang::tr{'advproxy RADIUS unauthorized users'}
+END +; } + +# =================================================================== + +} + +print "\n"; + +if ($proxysettings{'AUTH_METHOD'} eq 'none') { +print < + + + + + + +END +; } + +if ($proxysettings{'AUTH_METHOD'} eq 'ident') { +print < + + + + +END +; } + +if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) { +print < + +END +; } + +if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { +print < + + + + + + +END +; } + +if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) { +print < + + + + + + +END +; } + +if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) { +print < + + + + + + + +END +; } + +if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) { +print < + + + + + + + +END +; } + +print "
\n"; + +print < +END +; + +print < + +   + + + +   + + + +
+ + + + + +
*  + $Lang::tr{'this field may be blank'} + +   +
+ +END +; + +&Header::closebox(); + +} else { + +# =================================================================== +# NCSA user management +# =================================================================== + +&Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}"); +print < + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy NCSA user management'}
$Lang::tr{'advproxy NCSA username'}:$Lang::tr{'advproxy NCSA group'}: + +
$Lang::tr{'advproxy NCSA password'}:$Lang::tr{'advproxy NCSA password confirm'}:
+
+ + + + + + +END +; + if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { + print "\n"; + } + +print <  + + + +
  
+ +
+ + + + +
$Lang::tr{'advproxy NCSA user accounts'}:
+ +END +; + +if (-e $extgrp) +{ + open(FILE, $extgrp); @grouplist = ; close(FILE); + foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); } +} +if (-e $stdgrp) +{ + open(FILE, $stdgrp); @grouplist = ; close(FILE); + foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); } +} +if (-e $disgrp) +{ + open(FILE, $disgrp); @grouplist = ; close(FILE); + foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); } +} + +@userlist = sort(@userlist); + +# If the password file contains entries, print entries and action icons + +if (! -z "$userdb") { + print < + + + + +END +; + $id = 0; + foreach $line (@userlist) + { + $id++; + chomp($line); + @temp = split(/:/,$line); + if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) { + print "\n"; } + elsif ($id % 2) { + print "\n"; } + else { + print "\n"; } + + print <$temp[0] + + + + +END +; + } + +print < +
+
$Lang::tr{'advproxy NCSA username'}$Lang::tr{'advproxy NCSA group membership'} 
+END +; + if ($temp[1] eq 'standard') { + print $Lang::tr{'advproxy NCSA grp standard'}; + } elsif ($temp[1] eq 'extended') { + print $Lang::tr{'advproxy NCSA grp extended'}; + } elsif ($temp[1] eq 'disabled') { + print $Lang::tr{'advproxy NCSA grp disabled'}; } + print < + +
+ + + +
+ 		+
+ + + +
+
+ + + + + + + +END +; +} else { + print < + + +END +; +} + +print < +END +; + +&Header::closebox(); + +} + +# =================================================================== + +&Header::closebigbox(); + +&Header::closepage(); + +# ------------------------------------------------------------------- + +sub read_acls +{ + if (-e "$acl_src_subnets") { + open(FILE,"$acl_src_subnets"); + delete $proxysettings{'SRC_SUBNETS'}; + while () { $proxysettings{'SRC_SUBNETS'} .= $_ }; + close(FILE); + } + if (-e "$acl_src_banned_ip") { + open(FILE,"$acl_src_banned_ip"); + delete $proxysettings{'SRC_BANNED_IP'}; + while () { $proxysettings{'SRC_BANNED_IP'} .= $_ }; + close(FILE); + } + if (-e "$acl_src_banned_mac") { + open(FILE,"$acl_src_banned_mac"); + delete $proxysettings{'SRC_BANNED_MAC'}; + while () { $proxysettings{'SRC_BANNED_MAC'} .= $_ }; + close(FILE); + } + if (-e "$acl_src_unrestricted_ip") { + open(FILE,"$acl_src_unrestricted_ip"); + delete $proxysettings{'SRC_UNRESTRICTED_IP'}; + while () { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ }; + close(FILE); + } + if (-e "$acl_src_unrestricted_mac") { + open(FILE,"$acl_src_unrestricted_mac"); + delete $proxysettings{'SRC_UNRESTRICTED_MAC'}; + while () { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ }; + close(FILE); + } + if (-e "$acl_dst_nocache") { + open(FILE,"$acl_dst_nocache"); + delete $proxysettings{'DST_NOCACHE'}; + while () { $proxysettings{'DST_NOCACHE'} .= $_ }; + close(FILE); + } + if (-e "$acl_dst_noauth") { + open(FILE,"$acl_dst_noauth"); + delete $proxysettings{'DST_NOAUTH'}; + while () { $proxysettings{'DST_NOAUTH'} .= $_ }; + close(FILE); + } + if (-e "$mimetypes") { + open(FILE,"$mimetypes"); + delete $proxysettings{'MIME_TYPES'}; + while () { $proxysettings{'MIME_TYPES'} .= $_ }; + close(FILE); + } + if (-e "$ntlmdir/msntauth.allowusers") { + open(FILE,"$ntlmdir/msntauth.allowusers"); + delete $proxysettings{'NTLM_ALLOW_USERS'}; + while () { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ }; + close(FILE); + } + if (-e "$ntlmdir/msntauth.denyusers") { + open(FILE,"$ntlmdir/msntauth.denyusers"); + delete $proxysettings{'NTLM_DENY_USERS'}; + while () { $proxysettings{'NTLM_DENY_USERS'} .= $_ }; + close(FILE); + } + if (-e "$raddir/radauth.allowusers") { + open(FILE,"$raddir/radauth.allowusers"); + delete $proxysettings{'RADIUS_ALLOW_USERS'}; + while () { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ }; + close(FILE); + } + if (-e "$raddir/radauth.denyusers") { + open(FILE,"$raddir/radauth.denyusers"); + delete $proxysettings{'RADIUS_DENY_USERS'}; + while () { $proxysettings{'RADIUS_DENY_USERS'} .= $_ }; + close(FILE); + } + if (-e "$identdir/identauth.allowusers") { + open(FILE,"$identdir/identauth.allowusers"); + delete $proxysettings{'IDENT_ALLOW_USERS'}; + while () { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ }; + close(FILE); + } + if (-e "$identdir/identauth.denyusers") { + open(FILE,"$identdir/identauth.denyusers"); + delete $proxysettings{'IDENT_DENY_USERS'}; + while () { $proxysettings{'IDENT_DENY_USERS'} .= $_ }; + close(FILE); + } + if (-e "$identhosts") { + open(FILE,"$identhosts"); + delete $proxysettings{'IDENT_HOSTS'}; + while () { $proxysettings{'IDENT_HOSTS'} .= $_ }; + close(FILE); + } + if (-e "$cre_groups") { + open(FILE,"$cre_groups"); + delete $proxysettings{'CRE_GROUPS'}; + while () { $proxysettings{'CRE_GROUPS'} .= $_ }; + close(FILE); + } + if (-e "$cre_svhosts") { + open(FILE,"$cre_svhosts"); + delete $proxysettings{'CRE_SVHOSTS'}; + while () { $proxysettings{'CRE_SVHOSTS'} .= $_ }; + close(FILE); + } +} + +# ------------------------------------------------------------------- + +sub check_acls +{ + @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'}); + undef $proxysettings{'SRC_SUBNETS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } + $proxysettings{'SRC_SUBNETS'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'}); + undef $proxysettings{'SRC_BANNED_IP'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } + $proxysettings{'SRC_BANNED_IP'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'}); + undef $proxysettings{'SRC_BANNED_MAC'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; s/-/:/g; + if ($_) + { + unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; } + $proxysettings{'SRC_BANNED_MAC'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'}); + undef $proxysettings{'SRC_UNRESTRICTED_IP'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } + $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'}); + undef $proxysettings{'SRC_UNRESTRICTED_MAC'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; s/-/:/g; + if ($_) + { + unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; } + $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n"; + } + } + + if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) + { + @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'}); + undef $proxysettings{'NTLM_ALLOW_USERS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; } + } + if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } + } + + if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative')) + { + @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'}); + undef $proxysettings{'NTLM_DENY_USERS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; } + } + if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } + } + + if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive')) + { + @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'}); + undef $proxysettings{'IDENT_ALLOW_USERS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; } + } + if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } + } + + if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative')) + { + @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'}); + undef $proxysettings{'IDENT_DENY_USERS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; } + } + if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } + } + + if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive')) + { + @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'}); + undef $proxysettings{'RADIUS_ALLOW_USERS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; } + } + if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } + } + + if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative')) + { + @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'}); + undef $proxysettings{'RADIUS_DENY_USERS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; } + } + if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } + } + + @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'}); + undef $proxysettings{'IDENT_HOSTS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } + $proxysettings{'IDENT_HOSTS'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'}); + undef $proxysettings{'CRE_SVHOSTS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } + $proxysettings{'CRE_SVHOSTS'} .= $_."\n"; + } + } +} + + +# ------------------------------------------------------------------- + +sub write_acls +{ + open(FILE, ">$acl_src_subnets"); + flock(FILE, 2); + print FILE $proxysettings{'SRC_SUBNETS'}; + close(FILE); + + open(FILE, ">$acl_src_banned_ip"); + flock(FILE, 2); + print FILE $proxysettings{'SRC_BANNED_IP'}; + close(FILE); + + open(FILE, ">$acl_src_banned_mac"); + flock(FILE, 2); + print FILE $proxysettings{'SRC_BANNED_MAC'}; + close(FILE); + + open(FILE, ">$acl_src_unrestricted_ip"); + flock(FILE, 2); + print FILE $proxysettings{'SRC_UNRESTRICTED_IP'}; + close(FILE); + + open(FILE, ">$acl_src_unrestricted_mac"); + flock(FILE, 2); + print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'}; + close(FILE); + + open(FILE, ">$acl_dst_nocache"); + flock(FILE, 2); + print FILE $proxysettings{'DST_NOCACHE'}; + close(FILE); + + open(FILE, ">$acl_dst_noauth"); + flock(FILE, 2); + print FILE $proxysettings{'DST_NOAUTH'}; + close(FILE); + + open(FILE, ">$acl_dst_throttle"); + flock(FILE, 2); + if ($proxysettings{'THROTTLE_BINARY'} eq 'on') + { + @temp = split(/\|/,$throttle_binary); + foreach (@temp) { print FILE "\\.$_\$\n"; } + } + if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on') + { + @temp = split(/\|/,$throttle_dskimg); + foreach (@temp) { print FILE "\\.$_\$\n"; } + } + if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on') + { + @temp = split(/\|/,$throttle_mmedia); + foreach (@temp) { print FILE "\\.$_\$\n"; } + } + if (-s $throttled_urls) + { + open(URLFILE, $throttled_urls); + @temp = ; + close(URLFILE); + foreach (@temp) { print FILE; } + } + close(FILE); + + open(FILE, ">$mimetypes"); + flock(FILE, 2); + print FILE $proxysettings{'MIME_TYPES'}; + close(FILE); + + open(FILE, ">$ntlmdir/msntauth.allowusers"); + flock(FILE, 2); + print FILE $proxysettings{'NTLM_ALLOW_USERS'}; + close(FILE); + + open(FILE, ">$ntlmdir/msntauth.denyusers"); + flock(FILE, 2); + print FILE $proxysettings{'NTLM_DENY_USERS'}; + close(FILE); + + open(FILE, ">$raddir/radauth.allowusers"); + flock(FILE, 2); + print FILE $proxysettings{'RADIUS_ALLOW_USERS'}; + close(FILE); + + open(FILE, ">$raddir/radauth.denyusers"); + flock(FILE, 2); + print FILE $proxysettings{'RADIUS_DENY_USERS'}; + close(FILE); + + open(FILE, ">$identdir/identauth.allowusers"); + flock(FILE, 2); + print FILE $proxysettings{'IDENT_ALLOW_USERS'}; + close(FILE); + + open(FILE, ">$identdir/identauth.denyusers"); + flock(FILE, 2); + print FILE $proxysettings{'IDENT_DENY_USERS'}; + close(FILE); + + open(FILE, ">$identhosts"); + flock(FILE, 2); + print FILE $proxysettings{'IDENT_HOSTS'}; + close(FILE); + + open(FILE, ">$cre_groups"); + flock(FILE, 2); + print FILE $proxysettings{'CRE_GROUPS'}; + close(FILE); + + open(FILE, ">$cre_svhosts"); + flock(FILE, 2); + print FILE $proxysettings{'CRE_SVHOSTS'}; + close(FILE); +} + +# ------------------------------------------------------------------- + +sub writepacfile +{ + open(FILE, ">/home/httpd/html/proxy.pac"); + flock(FILE, 2); + print FILE "function FindProxyForURL(url, host)\n"; + print FILE "{\n"; + if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on')) + { + print FILE <${General::swroot}/proxy/squid.conf"); + flock(FILE, 2); + print FILE <$ntlmdir/msntauth.conf"); + flock(MSNTCONF,2); + print MSNTCONF "server $proxysettings{'NTLM_PDC'}"; + if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; } + print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n"; + if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') + { + if ($proxysettings{'NTLM_USER_ACL'} eq 'positive') + { + print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n"; + } else { + print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n"; + } + } + close(MSNTCONF); + } + } + + if ($proxysettings{'AUTH_METHOD'} eq 'radius') + { + print FILE "auth_param basic program $libexecdir/squid_rad_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} "; + if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; } + print FILE "-w $proxysettings{'RADIUS_SECRET'}\n"; + print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n"; + print FILE "auth_param basic realm $authrealm\n"; + print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n"; + if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; } + } + + print FILE "\n"; + print FILE "acl for_inetusers proxy_auth REQUIRED\n"; + if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')) + { + if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) + { + print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n"; + } + if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative')) + { + print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n"; + } + } + if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')) + { + if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive')) + { + print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n"; + } + if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative')) + { + print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n"; + } + } + if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') + { + print FILE "\n"; + if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; } + if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; } + } + if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; } + print FILE "\n"; + + if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n\n"; } + } + + if ($proxysettings{'AUTH_METHOD'} eq 'ident') + { + if ($proxysettings{'IDENT_REQUIRED'} eq 'on') + { + print FILE "acl for_inetusers ident REQUIRED\n"; + } + if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') + { + if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive')) + { + print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n"; + } + if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative')) + { + print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n"; + } + } + } + + if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; } + + if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; } + + print FILE "acl within_timeframe time "; + if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; } + if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; } + if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; } + if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; } + if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; } + if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; } + if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; } + print FILE " $proxysettings{'TIME_FROM_HOUR'}:"; + print FILE "$proxysettings{'TIME_FROM_MINUTE'}-"; + print FILE "$proxysettings{'TIME_TO_HOUR'}:"; + print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n"; + + if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) { + print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n"; + } + + print FILE <) { + $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/; + $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/; + $_ =~ s/__BLUE_IP__/$blue_ip/; + $_ =~ s/__BLUE_NET__/$blue_net/; + print FILE $_; + } + print FILE "#End of custom includes\n"; + close (ACL); + } + if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; } + print FILE < 0) { + if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; } + if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; } + if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') + { + if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; } + } + } + print FILE "reply_body_max_size $replybodymaxsize allow all\n\n"; + + print FILE "visible_hostname"; + if ($proxysettings{'VISIBLE_HOSTNAME'} eq '') + { + print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n"; + } else { + print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n"; + } + + if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; } + + # Write the parent proxy info, if needed. + if ($remotehost ne '') + { + # Enter authentication for the parent cache (format is login=user:password) + if ($proxy1 eq 'YES') { + print FILE <; + close(FILE); + foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } } + &deluser($str_user); + open(FILE, ">>$userdb"); + flock FILE,2; + print FILE "$str_user$str_pass"; + close(FILE); + } else { + &deluser($str_user); + system("/usr/bin/htpasswd -b $userdb $str_user $str_pass"); + } + + if ($str_group eq 'standard') { open(FILE, ">>$stdgrp"); + } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp"); + } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); } + flock FILE, 2; + print FILE "$str_user\n"; + close(FILE); + + return; +} + +# ------------------------------------------------------------------- + +sub deluser +{ + my ($str_user) = @_; + my $groupfile=''; + my @groupmembers=(); + my @templist=(); + + foreach $groupfile ($stdgrp, $extgrp, $disgrp) + { + undef @templist; + open(FILE, "$groupfile"); + @groupmembers = ; + close(FILE); + foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } } + open(FILE, ">$groupfile"); + flock FILE, 2; + print FILE @templist; + close(FILE); + } + + undef @templist; + open(FILE, "$userdb"); + @groupmembers = ; + close(FILE); + foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } } + open(FILE, ">$userdb"); + flock FILE, 2; + print FILE @templist; + close(FILE); + + return; +} + +# -------------------------------------------------------------------
  $Lang::tr{'legend'}:    $Lang::tr{$Lang::tr{'edit'}    $Lang::tr{$Lang::tr{'remove'}
$Lang::tr{'advproxy NCSA no accounts'}