From: ms Date: Fri, 2 Jun 2006 19:03:53 +0000 (+0000) Subject: Hinzugefügt: X-Git-Tag: v2.3-beta1~1101 X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=ed38f89d27b0cabfb6b2f708ced49da1399671df Hinzugefügt: * AdvancedProxy Fähigkeiten Geändert: * Kleiner Fehler im OpenVPN GUI verblieben und daher behoben. git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@153 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- diff --git a/config/cfgroot/useragents b/config/cfgroot/useragents new file mode 100644 index 0000000000..17950d1127 --- /dev/null +++ b/config/cfgroot/useragents @@ -0,0 +1,20 @@ +APTGET,apt-get,(APT\-HTTP) +AOL,AOL,(AOL) +AVANT,AvantBrowser,(avantbrowser) +FIREFOX,Firefox,(Firefox) +FRONTPAGE,FrontPage,(FrontPage) +GEARTH,Google Earth,(kh_lt\/LT) +GECKO,Gecko compatible,(Gecko) +GETRIGHT,GetRight,(GetRight) +GOZILLA,Go!Zilla,(Go!Zilla) +GOOGLE,Google Toolbar,(Google\sToolbar) +JAVA,Java,(Java) +KONQUEROR,Konqueror,(Konqueror) +LYNX,Lynx,(Lynx) +MSIE,Internet Explorer,(MSIE.*[)]$) +NETSCAPE,Netscape,(^Mozilla\/4.[7|8])|(Netscape) +OPERA,Opera,(Opera) +WGA,WGA,(LegitCheck) +WGET,Wget,(Wget) +WINUPD,Windows Update,(Industry\sUpdate\sControl)|(Windows\sUpdate)|(Service\sPack\sSetup)|(Progressive\sDownload)|(Windows\-Update\-Agent)|(Microsoft\sBITS) +WMP,Media Player,(Windows\-Media\-Player)|(NSPlayer) diff --git a/config/httpd/httpd.conf b/config/httpd/httpd.conf index 801672c36d..585fcbc416 100644 --- a/config/httpd/httpd.conf +++ b/config/httpd/httpd.conf @@ -55,10 +55,14 @@ ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ AuthType Basic AuthUserFile /var/ipfire/auth/users Require user admin -# -# Satisfy Any -# Allow from All -# + + Satisfy Any + Allow from All + + + Satisfy Any + Allow from All + Satisfy Any Allow from All diff --git a/config/ovpn/verify b/config/ovpn/verify index f56b330b09..41f4432576 100644 --- a/config/ovpn/verify +++ b/config/ovpn/verify @@ -3,7 +3,7 @@ if [ $1 -eq 0 ]; then name2=`echo $2` name3=${name2##*/} name4=${name3##*CN=} - clientdisabled=`/bin/grep -iwc off,.*,$name4 /var/ipcop/ovpn/ovpnconfig` + clientdisabled=`/bin/grep -iwc off,.*,$name4 /var/ipfire/ovpn/ovpnconfig` if [ "$clientdisabled" = "1" ]; then exit 1 fi diff --git a/doc/packages-list.txt b/doc/packages-list.txt index 5cc9b04cbc..1e2e3c2aad 100644 --- a/doc/packages-list.txt +++ b/doc/packages-list.txt @@ -196,6 +196,7 @@ * spandsp-0.0.2pre25 * speedtouch-1.2 * squid-2.5.STABLE13 + * squid-2.5.STABLE13_1st * squid-graph-3.1 * startscripts * stund_0.96_Aug13 diff --git a/html/cgi-bin/chpasswd.cgi b/html/cgi-bin/chpasswd.cgi new file mode 100644 index 0000000000..41aba2986d --- /dev/null +++ b/html/cgi-bin/chpasswd.cgi @@ -0,0 +1,308 @@ +#!/usr/bin/perl + +# +# $Id: chpasswd.cgi,v 1.0 2005/01/25 00:00:00 marco Exp $ +# + +use CGI qw(param); + +$swroot = "/var/ipcop"; + +my %cgiparams; +my %mainsettings; +my %proxysettings; + +$proxysettings{'NCSA_MIN_PASS_LEN'} = 6; + +### Initialize environment +&readhash("${swroot}/main/settings", \%mainsettings); +&readhash("${swroot}/proxy/advanced/settings", \%proxysettings); +$language = $mainsettings{'LANGUAGE'}; + +### Initialize language +if ($language =~ /^(\w+)$/) {$language = $1;} + # + # Uncomment this to force a certain language: + # $language='en'; + # +require "${swroot}/langs/en.pl"; +require "${swroot}/langs/${language}.pl"; + +my $userdb = "$swroot/proxy/advanced/ncsa/passwd"; + +&readhash("$swroot/ethernet/settings", \%netsettings); + +my $success = 0; + +&getcgihash(\%cgiparams); + +if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'}) +{ + if ($cgiparams{'USERNAME'} eq '') + { + $errormessage = $tr{'advproxy errmsg no username'}; + goto ERROR; + } + if (($cgiparams{'OLD_PASSWORD'} eq '') || ($cgiparams{'NEW_PASSWORD_1'} eq '') || ($cgiparams{'NEW_PASSWORD_2'} eq '')) + { + $errormessage = $tr{'advproxy errmsg no password'}; + goto ERROR; + } + if (!($cgiparams{'NEW_PASSWORD_1'} eq $cgiparams{'NEW_PASSWORD_2'})) + { + $errormessage = $tr{'advproxy errmsg passwords different'}; + goto ERROR; + } + if (length($cgiparams{'NEW_PASSWORD_1'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) + { + $errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'}; + goto ERROR; + } + if (! -z $userdb) + { + open FILE, $userdb; + @users = ; + close FILE; + + $username = ''; + $cryptpwd = ''; + + foreach (@users) + { + chomp; + @temp = split(/:/,$_); + if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i) + { + $username = $temp[0]; + $cryptpwd = $temp[1]; + } + } + } + if ($username eq '') + { + $errormessage = $tr{'advproxy errmsg invalid user'}; + goto ERROR; + } + if (!(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd)) + { + $errormessage = $tr{'advproxy errmsg password incorrect'}; + goto ERROR; + } + $returncode = system("/usr/bin/htpasswd -b $userdb $username $cgiparams{'NEW_PASSWORD_1'}"); + if ($returncode == 0) + { + $success = 1; + undef %cgiparams; + } else { + $errormessage = $tr{'advproxy errmsg change fail'}; + goto ERROR; + } +} + +ERROR: + +print "Pragma: no-cache\n"; +print "Cache-control: no-cache\n"; +print "Connection: close\n"; +print "Content-type: text/html\n\n"; + +print < + + + + + + + +
+ +
+ + + + + + + + + + + +
+ +   + +
+ + + + + + + +END +; + +if ($errormessage) +{ + print < + + +END +; +} + +if ($success) +{ + print < + + +END +; +} + + +print < + +
+ + $tr{'advproxy chgwebpwd change web password'} + +
+ + + + + + + + + + + + + + + + + +
+ + $tr{'advproxy chgwebpwd username'}: + +
+ + $tr{'advproxy chgwebpwd old password'}: + +
+ + $tr{'advproxy chgwebpwd new password'}: + +
+ + $tr{'advproxy chgwebpwd new password confirm'}: + +
+ + + + +

+
+ + $tr{'advproxy chgwebpwd ERROR'} $errormessage + +
+ + $tr{'advproxy chgwebpwd SUCCESS'} $tr{'advproxy errmsg change success'} + +
+ +
+ + Advanced Proxy running on + + IPCop +
+ +
+ +
+ + + + +END +; + +# ------------------------------------------------------------------- + +sub readhash +{ + my $filename = $_[0]; + my $hash = $_[1]; + my ($var, $val); + + if (-e $filename) + { + open(FILE, $filename) or die "Unable to read file $filename"; + while () + { + chop; + ($var, $val) = split /=/, $_, 2; + if ($var) + { + $val =~ s/^\'//g; + $val =~ s/\'$//g; + + # Untaint variables read from hash + $var =~ /([A-Za-z0-9_-]*)/; $var = $1; + $val =~ /([\w\W]*)/; $val = $1; + $hash->{$var} = $val; + } + } + close FILE; + } +} + +# ------------------------------------------------------------------- + +sub getcgihash +{ + my ($hash, $params) = @_; + my $cgi = CGI->new (); + return if ($ENV{'REQUEST_METHOD'} ne 'POST'); + if (!$params->{'wantfile'}) { + $CGI::DISABLE_UPLOADS = 1; + $CGI::POST_MAX = 512 * 1024; + } else { + $CGI::POST_MAX = 10 * 1024 * 1024; + } + + $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/; + my $referer = $1; + $cgi->url() =~ m/^https?\:\/\/([^\/]+)/; + my $servername = $1; + return if ($referer ne $servername); + + ### Modified for getting multi-vars, split by | + %temp = $cgi->Vars(); + foreach my $key (keys %temp) { + $hash->{$key} = $temp{$key}; + $hash->{$key} =~ s/\0/|/g; + $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/; + } + + if (($params->{'wantfile'})&&($params->{'filevar'})) { + $hash->{$params->{'filevar'}} = $cgi->upload + ($params->{'filevar'}); + } + return; +} + +# ------------------------------------------------------------------- diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index bf90062378..73fbc392bb 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -1,12 +1,10 @@ #!/usr/bin/perl # -# SmoothWall CGIs +# IPCop CGIs # # This code is distributed under the terms of the GPL # -# (c) The SmoothWall Team -# -# $Id: proxy.cgi,v 1.13.2.23 2006/01/29 09:29:47 eoberlander Exp $ +# $Id: advproxy.cgi,v 1.2.1 2006/04/02 00:00:00 marco.s Exp $ # use strict; @@ -15,51 +13,294 @@ use strict; #use warnings; #use CGI::Carp 'fatalsToBrowser'; -require 'CONFIG_ROOT/general-functions.pl'; +use IO::Socket; + +require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; +my $advproxyversion = `cat ${General::swroot}/proxy/advanced/version`; +my $sysupdflagfile = "${General::swroot}/proxy/advanced/.up2date"; + my %proxysettings=(); my %netsettings=(); +my %filtersettings=(); +my %updaccsettings=(); +my %stdproxysettings=(); my %mainsettings=(); -my $errormessage = ''; -my $NeedDoHTML = 1; +my $urlfilter_addon=0; +my $updacclrtr_addon=0; + +my %checked=(); +my %selected=(); + +my @throttle_limits=(64,128,256,384,512,1024,2048,3072,5120); +my $throttle_binary="bin|cab|exe|gz|rar|sea|tar|tgz|zip"; +my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi"; +my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|qt|ra?m"; + +my @useragent=(); +my @useragentlist=(); + +my $hintcolour='#FFFFCC'; +my $ncsa_buttontext=''; +my $language=''; +my $i=0; +my $n=0; +my $id=0; +my $line=''; +my $user=''; +my @userlist=(); +my @grouplist=(); +my @temp=(); +my @templist=(); + +my $cachemem=0; +my $proxy1=''; +my $proxy2=''; +my $replybodymaxsize=0; +my $browser_regexp=''; +my $needhup = 0; +my $errormessage=''; + +my $acldir = "${General::swroot}/proxy/advanced/acls"; +my $ncsadir = "${General::swroot}/proxy/advanced/ncsa"; +my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm"; +my $raddir = "${General::swroot}/proxy/advanced/radius"; +my $identdir = "${General::swroot}/proxy/advanced/ident"; +my $credir = "${General::swroot}/proxy/advanced/cre"; + +my $userdb = "$ncsadir/passwd"; +my $stdgrp = "$ncsadir/standard.grp"; +my $extgrp = "$ncsadir/extended.grp"; +my $disgrp = "$ncsadir/disabled.grp"; + +my $browserdb = "${General::swroot}/proxy/advanced/useragents"; +my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes"; +my $throttled_urls = "${General::swroot}/proxy/advanced/throttle"; + +my $cre_enabled = "${General::swroot}/proxy/advanced/cre/enable"; +my $cre_groups = "${General::swroot}/proxy/advanced/cre/classrooms"; +my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors"; + +my $identhosts = "$identdir/hosts"; + +my $libexecdir = "/usr/lib/squid"; + +my $acl_src_subnets = "$acldir/src_subnets.acl"; +my $acl_src_banned_ip = "$acldir/src_banned_ip.acl"; +my $acl_src_banned_mac = "$acldir/src_banned_mac.acl"; +my $acl_src_unrestricted_ip = "$acldir/src_unrestricted_ip.acl"; +my $acl_src_unrestricted_mac = "$acldir/src_unrestricted_mac.acl"; +my $acl_src_noaccess_ip = "$acldir/src_noaccess_ip.acl"; +my $acl_src_noaccess_mac = "$acldir/src_noaccess_mac.acl"; +my $acl_dst_nocache = "$acldir/dst_nocache.acl"; +my $acl_dst_noauth = "$acldir/dst_noauth.acl"; +my $acl_dst_throttle = "$acldir/dst_throttle.acl"; +my $acl_include = "$acldir/include.acl"; + +unless (-d "$acldir") { mkdir("$acldir"); } +unless (-d "$ncsadir") { mkdir("$ncsadir"); } +unless (-d "$ntlmdir") { mkdir("$ntlmdir"); } +unless (-d "$raddir") { mkdir("$raddir"); } +unless (-d "$identdir") { mkdir("$identdir"); } +unless (-d "$credir") { mkdir("$credir"); } + +unless (-e $cre_groups) { system("touch $cre_groups"); } +unless (-e $cre_svhosts) { system("touch $cre_svhosts"); } + +unless (-e $userdb) { system("touch $userdb"); } +unless (-e $stdgrp) { system("touch $stdgrp"); } +unless (-e $extgrp) { system("touch $extgrp"); } +unless (-e $disgrp) { system("touch $disgrp"); } + +unless (-e $acl_src_subnets) { system("touch $acl_src_subnets"); } +unless (-e $acl_src_banned_ip) { system("touch $acl_src_banned_ip"); } +unless (-e $acl_src_banned_mac) { system("touch $acl_src_banned_mac"); } +unless (-e $acl_src_unrestricted_ip) { system("touch $acl_src_unrestricted_ip"); } +unless (-e $acl_src_unrestricted_mac) { system("touch $acl_src_unrestricted_mac"); } +unless (-e $acl_src_noaccess_ip) { system("touch $acl_src_noaccess_ip"); } +unless (-e $acl_src_noaccess_mac) { system("touch $acl_src_noaccess_mac"); } +unless (-e $acl_dst_nocache) { system("touch $acl_dst_nocache"); } +unless (-e $acl_dst_noauth) { system("touch $acl_dst_noauth"); } +unless (-e $acl_dst_throttle) { system("touch $acl_dst_throttle"); } +unless (-e $acl_include) { system("touch $acl_include"); } + +unless (-e $browserdb) { system("touch $browserdb"); } +unless (-e $mimetypes) { system("touch $mimetypes"); } + +open FILE, $browserdb; +@useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,; +close(FILE); &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); &General::readhash("${General::swroot}/main/settings", \%mainsettings); +if (-e "${General::swroot}/urlfilter/version") { $urlfilter_addon = 1; } +if (-e "${General::swroot}/updacclrtr/version") { $updacclrtr_addon = 1; } + +if ($urlfilter_addon) { + $filtersettings{'CHILDREN'} = '5'; + if (-e "${General::swroot}/urlfilter/settings") { + &General::readhash("${General::swroot}/urlfilter/settings", \%filtersettings); + } +} + +if ($updacclrtr_addon) { + $updaccsettings{'ACCELERATORS'} = '10'; + if (-e "${General::swroot}/updacclrtr/settings") { + &General::readhash("${General::swroot}/updacclrtr/settings", \%updaccsettings); + } +} + &Header::showhttpheaders(); $proxysettings{'ACTION'} = ''; $proxysettings{'VALID'} = ''; -$proxysettings{'UPSTREAM_PROXY'} = ''; -$proxysettings{'UPSTREAM_USER'} = ''; -$proxysettings{'UPSTREAM_PASSWORD'} = ''; $proxysettings{'ENABLE'} = 'off'; $proxysettings{'ENABLE_BLUE'} = 'off'; -$proxysettings{'CACHE_SIZE'} = '50'; $proxysettings{'TRANSPARENT'} = 'off'; $proxysettings{'TRANSPARENT_BLUE'} = 'off'; +$proxysettings{'PROXY_PORT'} = '800'; +$proxysettings{'VISIBLE_HOSTNAME'} = ''; +$proxysettings{'ADMIN_MAIL_ADDRESS'} = ''; +$proxysettings{'ERR_LANGUAGE'} = 'English'; +$proxysettings{'FORWARD_VIA'} = 'off'; +$proxysettings{'FORWARD_IPADDRESS'} = 'off'; +$proxysettings{'FORWARD_USERNAME'} = 'off'; +$proxysettings{'UPSTREAM_PROXY'} = ''; +$proxysettings{'UPSTREAM_USER'} = ''; +$proxysettings{'UPSTREAM_PASSWORD'} = ''; +$proxysettings{'LOGGING'} = 'off'; +$proxysettings{'LOGQUERY'} = 'off'; +$proxysettings{'LOGUSERAGENT'} = 'off'; +$proxysettings{'CACHE_MEM'} = '2'; +$proxysettings{'CACHE_SIZE'} = '50'; $proxysettings{'MAX_SIZE'} = '4096'; $proxysettings{'MIN_SIZE'} = '0'; +$proxysettings{'MEM_POLICY'} = 'LRU'; +$proxysettings{'CACHE_POLICY'} = 'LRU'; +$proxysettings{'L1_DIRS'} = '16'; +$proxysettings{'OFFLINE_MODE'} = 'off'; +$proxysettings{'CLASSROOM_EXT'} = 'off'; +$proxysettings{'SUPERVISOR_PASSWORD'} = ''; +$proxysettings{'TIME_ACCESS_MODE'} = 'allow'; +$proxysettings{'TIME_FROM_HOUR'} = '00'; +$proxysettings{'TIME_FROM_MINUTE'} = '00'; +$proxysettings{'TIME_TO_HOUR'} = '24'; +$proxysettings{'TIME_TO_MINUTE'} = '00'; $proxysettings{'MAX_OUTGOING_SIZE'} = '0'; $proxysettings{'MAX_INCOMING_SIZE'} = '0'; -$proxysettings{'LOGGING'} = 'off'; -$proxysettings{'PROXY_PORT'} = '800'; -$proxysettings{'EXTENSION_METHODS'} = ''; +$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited'; +$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited'; +$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited'; +$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited'; +$proxysettings{'THROTTLE_BINARY'} = 'off'; +$proxysettings{'THROTTLE_DSKIMG'} = 'off'; +$proxysettings{'THROTTLE_MMEDIA'} = 'off'; +$proxysettings{'ENABLE_MIME_FILTER'} = 'off'; +$proxysettings{'ENABLE_BROWSER_CHECK'} = 'off'; +$proxysettings{'FAKE_USERAGENT'} = ''; +$proxysettings{'FAKE_REFERER'} = ''; +$proxysettings{'AUTH_METHOD'} = 'none'; +$proxysettings{'AUTH_REALM'} = ''; +$proxysettings{'AUTH_MAX_USERIP'} = ''; +$proxysettings{'AUTH_CACHE_TTL'} = '60'; +$proxysettings{'AUTH_IPCACHE_TTL'} = '0'; +$proxysettings{'AUTH_CHILDREN'} = '5'; +$proxysettings{'NCSA_MIN_PASS_LEN'} = '6'; +$proxysettings{'NCSA_BYPASS_REDIR'} = 'off'; +$proxysettings{'NCSA_USERNAME'} = ''; +$proxysettings{'NCSA_GROUP'} = ''; +$proxysettings{'NCSA_PASS'} = ''; +$proxysettings{'NCSA_PASS_CONFIRM'} = ''; +$proxysettings{'LDAP_BASEDN'} = ''; +$proxysettings{'LDAP_TYPE'} = 'ADS'; +$proxysettings{'LDAP_SERVER'} = ''; +$proxysettings{'LDAP_PORT'} = '389'; +$proxysettings{'LDAP_BINDDN_USER'} = ''; +$proxysettings{'LDAP_BINDDN_PASS'} = ''; +$proxysettings{'LDAP_GROUP'} = ''; +$proxysettings{'NTLM_DOMAIN'} = ''; +$proxysettings{'NTLM_PDC'} = ''; +$proxysettings{'NTLM_BDC'} = ''; +$proxysettings{'NTLM_ENABLE_ACL'} = 'off'; +$proxysettings{'NTLM_USER_ACL'} = 'positive'; +$proxysettings{'RADIUS_SERVER'} = ''; +$proxysettings{'RADIUS_PORT'} = '1645'; +$proxysettings{'RADIUS_IDENTIFIER'} = ''; +$proxysettings{'RADIUS_SECRET'} = ''; +$proxysettings{'RADIUS_ENABLE_ACL'} = 'off'; +$proxysettings{'RADIUS_USER_ACL'} = 'positive'; +$proxysettings{'IDENT_REQUIRED'} = 'off'; +$proxysettings{'IDENT_TIMEOUT'} = '10'; +$proxysettings{'IDENT_ENABLE_ACL'} = 'off'; +$proxysettings{'IDENT_USER_ACL'} = 'positive'; + +if ($urlfilter_addon) { + $proxysettings{'ENABLE_FILTER'} = 'off'; +} + +if ($updacclrtr_addon) { + $proxysettings{'ENABLE_UPDACCEL'} = 'off'; +} + +$ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'}; &Header::getcgihash(\%proxysettings); -my $needhup = 0; -my $cachemem = ''; +if ($proxysettings{'THROTTLING_GREEN_TOTAL'} eq 0) {$proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited';} +if ($proxysettings{'THROTTLING_GREEN_HOST'} eq 0) {$proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited';} +if ($proxysettings{'THROTTLING_BLUE_TOTAL'} eq 0) {$proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited';} +if ($proxysettings{'THROTTLING_BLUE_HOST'} eq 0) {$proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited';} -if ($proxysettings{'ACTION'} eq $Lang::tr{'save'}) +if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy NCSA user management'}) { - - #assume error - my $configerror = 1; + $proxysettings{'NCSA_EDIT_MODE'} = 'yes'; +} + +if ($proxysettings{'ACTION'} eq $Lang::tr{'add'}) +{ + $proxysettings{'NCSA_EDIT_MODE'} = 'yes'; + if (length($proxysettings{'NCSA_PASS'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) { + $errormessage = $Lang::tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$Lang::tr{'advproxy errmsg password length 2'}; + } + if (!($proxysettings{'NCSA_PASS'} eq $proxysettings{'NCSA_PASS_CONFIRM'})) { + $errormessage = $Lang::tr{'advproxy errmsg passwords different'}; + } + if ($proxysettings{'NCSA_USERNAME'} eq '') { + $errormessage = $Lang::tr{'advproxy errmsg no username'}; + } + if (!$errormessage) { + $proxysettings{'NCSA_USERNAME'} =~ tr/A-Z/a-z/; + &adduser($proxysettings{'NCSA_USERNAME'}, $proxysettings{'NCSA_PASS'}, $proxysettings{'NCSA_GROUP'}); + } + $proxysettings{'NCSA_USERNAME'} = ''; + $proxysettings{'NCSA_GROUP'} = ''; + $proxysettings{'NCSA_PASS'} = ''; + $proxysettings{'NCSA_PASS_CONFIRM'} = ''; +} +if ($proxysettings{'ACTION'} eq $Lang::tr{'remove'}) +{ + $proxysettings{'NCSA_EDIT_MODE'} = 'yes'; + &deluser($proxysettings{'ID'}); +} + +if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) +{ + $proxysettings{'NCSA_EDIT_MODE'} = 'yes'; + $ncsa_buttontext = $Lang::tr{'advproxy NCSA update user'}; + @temp = split(/:/,$proxysettings{'ID'}); + $proxysettings{'NCSA_USERNAME'} = $temp[0]; + $proxysettings{'NCSA_GROUP'} = $temp[1]; + $proxysettings{'NCSA_PASS'} = "lEaVeAlOnE"; + $proxysettings{'NCSA_PASS_CONFIRM'} = $proxysettings{'NCSA_PASS'}; +} + +if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'})) +{ if ($proxysettings{'ENABLE'} !~ /^(on|off)$/ || $proxysettings{'TRANSPARENT'} !~ /^(on|off)$/ || $proxysettings{'ENABLE_BLUE'} !~ /^(on|off)$/ || @@ -70,9 +311,21 @@ if ($proxysettings{'ACTION'} eq $Lang::tr{'save'}) if (!($proxysettings{'CACHE_SIZE'} =~ /^\d+/) || ($proxysettings{'CACHE_SIZE'} < 10)) { - $errormessage = $Lang::tr{'invalid cache size'}; + $errormessage = $Lang::tr{'advproxy errmsg hdd cache size'}; + goto ERROR; + } + if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) || + ($proxysettings{'CACHE_MEM'} < 1)) + { + $errormessage = $Lang::tr{'advproxy errmsg mem cache size'}; goto ERROR; } + my @free = `/usr/bin/free`; + $free[1] =~ m/(\d+)/; + $cachemem = int $1 / 2048; + if ($proxysettings{'CACHE_MEM'} > $cachemem) { + $proxysettings{'CACHE_MEM'} = $cachemem; + } if (!($proxysettings{'MAX_SIZE'} =~ /^\d+/)) { $errormessage = $Lang::tr{'invalid maximum object size'}; @@ -88,179 +341,247 @@ if ($proxysettings{'ACTION'} eq $Lang::tr{'save'}) $errormessage = $Lang::tr{'invalid maximum outgoing size'}; goto ERROR; } + if (!($proxysettings{'TIME_TO_HOUR'}.$proxysettings{'TIME_TO_MINUTE'} gt $proxysettings{'TIME_FROM_HOUR'}.$proxysettings{'TIME_FROM_MINUTE'})) + { + $errormessage = $Lang::tr{'advproxy errmsg time restriction'}; + goto ERROR; + } if (!($proxysettings{'MAX_INCOMING_SIZE'} =~ /^\d+/)) { $errormessage = $Lang::tr{'invalid maximum incoming size'}; goto ERROR; } - - if (!($proxysettings{'EXTENSION_METHODS'} =~ /^(|[A-Z0-9 _-]+)$/)) + if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { - $errormessage = $Lang::tr{'squid extension methods invalid'}; - goto ERROR; + $browser_regexp = ''; + foreach (@useragentlist) + { + chomp; + @useragent = split(/,/); + if ($proxysettings{'UA_'.@useragent[0]} eq 'on') { $browser_regexp .= "@useragent[2]|"; } + } + chop($browser_regexp); + if (!$browser_regexp) + { + $errormessage = $Lang::tr{'advproxy errmsg no browser'}; + goto ERROR; + } + } + if (!($proxysettings{'AUTH_METHOD'} eq 'none')) + { + unless (($proxysettings{'AUTH_METHOD'} eq 'ident') && + ($proxysettings{'IDENT_REQUIRED'} eq 'off') && + ($proxysettings{'IDENT_ENABLE_ACL'} eq 'off')) + { + if ($netsettings{'BLUE_DEV'}) + { + if ((($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) && + (($proxysettings{'ENABLE_BLUE'} eq 'off') || ($proxysettings{'TRANSPARENT_BLUE'} eq 'on'))) + { + $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'}; + goto ERROR; + } + } else { + if (($proxysettings{'ENABLE'} eq 'off') || ($proxysettings{'TRANSPARENT'} eq 'on')) + { + $errormessage = $Lang::tr{'advproxy errmsg non-transparent proxy required'}; + goto ERROR; + } + } + } + if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && + ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255))) + { + $errormessage = $Lang::tr{'advproxy errmsg max userip'}; + goto ERROR; + } + if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/)) + { + $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'}; + goto ERROR; + } + if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/)) + { + $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'}; + goto ERROR; + } + if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) + { + $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'}; + goto ERROR; + } + if ((!($proxysettings{'AUTH_CHILDREN'} =~ /^\d+/)) || ($proxysettings{'AUTH_CHILDREN'} < 1) || ($proxysettings{'AUTH_CHILDREN'} > 255)) + { + $errormessage = $Lang::tr{'advproxy errmsg auth children'}; + goto ERROR; + } + } + if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') + { + if ((!($proxysettings{'NCSA_MIN_PASS_LEN'} =~ /^\d+/)) || ($proxysettings{'NCSA_MIN_PASS_LEN'} < 1) || ($proxysettings{'NCSA_MIN_PASS_LEN'} > 255)) + { + $errormessage = $Lang::tr{'advproxy errmsg password length'}; + goto ERROR; + } + } + if ($proxysettings{'AUTH_METHOD'} eq 'ident') + { + if ((!($proxysettings{'IDENT_TIMEOUT'} =~ /^\d+/)) || ($proxysettings{'IDENT_TIMEOUT'} < 1)) + { + $errormessage = $Lang::tr{'advproxy errmsg ident timeout'}; + goto ERROR; + } + } + if ($proxysettings{'AUTH_METHOD'} eq 'ldap') + { + if ($proxysettings{'LDAP_BASEDN'} eq '') + { + $errormessage = $Lang::tr{'advproxy errmsg ldap base dn'}; + goto ERROR; + } + if (!&General::validip($proxysettings{'LDAP_SERVER'})) + { + $errormessage = $Lang::tr{'advproxy errmsg ldap server'}; + goto ERROR; + } + if (!&General::validport($proxysettings{'LDAP_PORT'})) + { + $errormessage = $Lang::tr{'advproxy errmsg ldap port'}; + goto ERROR; + } + if (($proxysettings{'LDAP_TYPE'} eq 'ADS') || ($proxysettings{'LDAP_TYPE'} eq 'NDS')) + { + if (($proxysettings{'LDAP_BINDDN_USER'} eq '') || ($proxysettings{'LDAP_BINDDN_PASS'} eq '')) + { + $errormessage = $Lang::tr{'advproxy errmsg ldap bind dn'}; + goto ERROR; + } + } + } + if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') + { + if ($proxysettings{'NTLM_DOMAIN'} eq '') + { + $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'}; + goto ERROR; + } + if ($proxysettings{'NTLM_PDC'} eq '') + { + $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'}; + goto ERROR; + } + if (!&General::validhostname($proxysettings{'NTLM_PDC'})) + { + $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'}; + goto ERROR; + } + if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'}))) + { + $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'}; + goto ERROR; + } + } + if ($proxysettings{'AUTH_METHOD'} eq 'radius') + { + if (!&General::validip($proxysettings{'RADIUS_SERVER'})) + { + $errormessage = $Lang::tr{'advproxy errmsg radius server'}; + goto ERROR; + } + if (!&General::validport($proxysettings{'RADIUS_PORT'})) + { + $errormessage = $Lang::tr{'advproxy errmsg radius port'}; + goto ERROR; + } + if ($proxysettings{'RADIUS_SECRET'} eq '') + { + $errormessage = $Lang::tr{'advproxy errmsg radius secret'}; + goto ERROR; + } } # Quick parent proxy error checking of username and password info. If username password don't both exist give an error. - my $proxy1 = 'YES'; - my $proxy2 = 'YES'; + $proxy1 = 'YES'; + $proxy2 = 'YES'; if (($proxysettings{'UPSTREAM_USER'} eq '')) {$proxy1 = '';} if (($proxysettings{'UPSTREAM_PASSWORD'} eq '')) {$proxy2 = '';} if (($proxy1 ne $proxy2)) { - $errormessage = $Lang::tr{'invalid upstream proxy username or password setting'}; + $errormessage = $Lang::tr{'advproxy errmsg invalid upstream proxy username or password setting'}; goto ERROR; } - $_ = $proxysettings{'UPSTREAM_PROXY'}; - my ($remotehost, $remoteport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); - $remoteport = 80 if ($remoteport eq ''); - - $proxysettings{'VALID'} = 'yes'; - &General::writehash("${General::swroot}/proxy/settings", \%proxysettings); - - # - # NAH, 03-Jan-2004 - # - my @free = `/usr/bin/free`; - $free[1] =~ m/(\d+)/; - $cachemem = int $1 / 10; - if ($cachemem < 4096) { - $cachemem = 4096; - } - if ($cachemem > $proxysettings{'CACHE_SIZE'} * 40) { - $cachemem = ( $proxysettings{'CACHE_SIZE'} * 40 ); - } - - open(FILE, ">/${General::swroot}/proxy/squid.conf") or die "Unable to write squid.conf file"; - flock(FILE, 2); - print FILE <) { - $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/; - $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/; - $_ =~ s/__BLUE_IP__/$blue_ip/; - $_ =~ s/__BLUE_NET__/$blue_net/; - $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/; - print FILE $_; - } - close (ACL); + &write_acls; - # This value is in bytes, so we must turn it from KB into bytes - my $max_incoming_size = $proxysettings{'MAX_INCOMING_SIZE'} * 1024; - - print FILE <\n"; + print "\n"; + print "$Lang::tr{'advproxy update information'}"; + print "\n"; + print "\n"; + &Header::closebox(); +} + +# =================================================================== +# Main settings +# =================================================================== + +unless ($proxysettings{'NCSA_EDIT_MODE'} eq 'yes') { + print "
\n"; -&Header::openbox('100%', 'left', "$Lang::tr{'web proxy'}:"); +&Header::openbox('100%', 'left', "$Lang::tr{'advproxy advanced web proxy'}"); + print < - $Lang::tr{'enabled on'} Green: - - $Lang::tr{'upstream proxy host:port'}: * - + $Lang::tr{'advproxy common settings'} + + + $Lang::tr{'advproxy enabled on'} Green: + + $Lang::tr{'advproxy proxy port'}: + - $Lang::tr{'transparent on'} Green: + $Lang::tr{'advproxy transparent on'} Green: - $Lang::tr{'upstream username'} * - + $Lang::tr{'advproxy visible hostname'}: * + END ; if ($netsettings{'BLUE_DEV'}) { - print "$Lang::tr{'enabled on'} Blue:"; + print "$Lang::tr{'advproxy enabled on'} Blue:"; print ""; } else { print " "; } print <$Lang::tr{'upstream password'} * - + $Lang::tr{'advproxy admin mail'}: * + END ; if ($netsettings{'BLUE_DEV'}) { - print "$Lang::tr{'transparent on'} Blue:"; + print "$Lang::tr{'advproxy transparent on'} Blue:"; print ""; } else { print " "; } print <$Lang::tr{'proxy port'}: - - - - $Lang::tr{'log enabled'}: - - $Lang::tr{'squid extension methods'}: * - + $Lang::tr{'advproxy error language'}: + + + $Lang::tr{'advproxy upstream proxy host:port'} * + + + + $Lang::tr{'advproxy client IP forwarding'}: + + $Lang::tr{'advproxy upstream username'}: * + - -
$Lang::tr{'cache management'} + $Lang::tr{'advproxy username forwarding'}: + + $Lang::tr{'advproxy upstream password'}: * + + + +
+ + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy log settings'}
$Lang::tr{'advproxy log enabled'}:$Lang::tr{'advproxy log query'}:
  $Lang::tr{'advproxy log useragent'}:
+
+ + + + + + - + + + - + - + - + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy cache management'}
$Lang::tr{'cache size'}$Lang::tr{'advproxy ram cache size'}:$Lang::tr{'advproxy hdd cache size'}:
$Lang::tr{'min size'}$Lang::tr{'advproxy min size'}: $Lang::tr{'max size'}$Lang::tr{'advproxy max size'}:
$Lang::tr{'transfer limits'}		$Lang::tr{'advproxy number of L1 dirs'}: + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy no cache sites'}: *
+
$Lang::tr{'advproxy memory replacement policy'}:
$Lang::tr{'advproxy cache replacement policy'}:
 
$Lang::tr{'advproxy offline mode'}:
+
+ + + + + + + + + + + + + + + +
$Lang::tr{'advproxy network based access'}
$Lang::tr{'advproxy allowed subnets'}: 
 
+ + + + + + + + + + + + +
$Lang::tr{'advproxy unrestricted ip clients'}: *$Lang::tr{'advproxy unrestricted mac clients'}: *
+ + + + + + + + + + + + +
$Lang::tr{'advproxy banned ip clients'}: *$Lang::tr{'advproxy banned mac clients'}: *
+ +
+ +END +; +# ------------------------------------------------------------------- +# CRE GUI - optional +# ------------------------------------------------------------------- + +if (-e $cre_enabled) { print < + + + $Lang::tr{'advproxy classroom extensions'} + + + + + + $Lang::tr{'advproxy enabled'}: + + $Lang::tr{'advproxy supervisor password'}: * + + + + $Lang::tr{'advproxy cre group definitions'}: + $Lang::tr{'advproxy cre supervisors'}: * + + + + + + + + +
+END +; +} else { + print < + + +END +; +} +# ------------------------------------------------------------------- + +print < + + $Lang::tr{'advproxy time restrictions'} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy access'} $Lang::tr{'advproxy monday'}$Lang::tr{'advproxy tuesday'}$Lang::tr{'advproxy wednesday'}$Lang::tr{'advproxy thursday'}$Lang::tr{'advproxy friday'}$Lang::tr{'advproxy saturday'}$Lang::tr{'advproxy sunday'}  $Lang::tr{'advproxy from'} $Lang::tr{'advproxy to'} 
+ +    + : + - + : +
+
+ + + - - - - + + + +
$Lang::tr{'advproxy transfer limits'}
$Lang::tr{'max incoming size'}$Lang::tr{'max outgoing size'}$Lang::tr{'advproxy max download size'}:$Lang::tr{'advproxy max upload size'}:
+
-
- + + + + + + + +END +; + +if ($netsettings{'BLUE_DEV'}) { + print < + + + + - - - +END +; +} +print < +
- *  - $Lang::tr{'this field may be blank'} + $Lang::tr{'advproxy download throttling'}
$Lang::tr{'advproxy throttling total on'} Green: + + $Lang::tr{'advproxy throttling per host on'} Green: + +
$Lang::tr{'advproxy throttling total on'} Blue: + + $Lang::tr{'advproxy throttling per host on'} Blue: + - -
+ + + + + + + + + + + + +
$Lang::tr{'advproxy content based throttling'}:
$Lang::tr{'advproxy throttle binary'}:$Lang::tr{'advproxy throttle dskimg'}:$Lang::tr{'advproxy throttle mmedia'}:  
+
+ + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy MIME filter'}
$Lang::tr{'advproxy enabled'}:
$Lang::tr{'advproxy MIME block types'}: *  
  
+
+ + + + + + + + + + + + + +
$Lang::tr{'advproxy web browser'}
$Lang::tr{'advproxy UA enable filter'}:  
+END +; +if (@useragentlist) { print "$Lang::tr{'advproxy allowed web browsers'}:"; } else { print "$Lang::tr{'advproxy no clients defined'}"; } +print <
+ +END +; -&Header::closepage(); +for ($n=0; $n<=@useragentlist; $n = $n + $i) { + for ($i=0; $i<=3; $i++) { + if ($i eq 0) { print "\n"; } + if (($n+$i) < @useragentlist) { + @useragent = split(/,/,@useragentlist[$n+$i]); + print "\n"; + } + if ($i eq 3) { print "<\/tr>\n"; } + } +} + +print < +
+
@useragent[1]:<\/td>\n"; + print "
+ + + + + + + + + + + + + + + +
$Lang::tr{'advproxy privacy'}
$Lang::tr{'advproxy fake useragent'}: *
$Lang::tr{'advproxy fake referer'}: *
+
+END +; + +if ($urlfilter_addon) { + print < + + $Lang::tr{'advproxy url filter'} + + + $Lang::tr{'advproxy enabled'}: + +   +   + + +
+END +; } + +if (($updacclrtr_addon) && (!($urlfilter_addon))) { + print < + + $Lang::tr{'advproxy update accelerator'} + + + $Lang::tr{'advproxy enabled'}: + +   +   + + +
+END +; } + +print < + + $Lang::tr{'advproxy AUTH method'} + + + $Lang::tr{'advproxy AUTH method none'} + $Lang::tr{'advproxy AUTH method ncsa'} + $Lang::tr{'advproxy AUTH method ident'} + $Lang::tr{'advproxy AUTH method ldap'} + $Lang::tr{'advproxy AUTH method ntlm'} + $Lang::tr{'advproxy AUTH method radius'} + + +END +; + +if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { print < + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy AUTH global settings'}
$Lang::tr{'advproxy AUTH number of auth processes'}: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy AUTH realm'}: *
$Lang::tr{'advproxy AUTH no auth'}: *
+
$Lang::tr{'advproxy AUTH auth cache TTL'}:
$Lang::tr{'advproxy AUTH limit of IP addresses'}: *
$Lang::tr{'advproxy AUTH user IP cache TTL'}:
$Lang::tr{'advproxy AUTH always required'}:
 
+END +; +} + +# =================================================================== +# NCSA auth settings +# =================================================================== + +if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') { +print < + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy NCSA auth'}
$Lang::tr{'advproxy NCSA min password length'}:$Lang::tr{'advproxy NCSA redirector bypass'} \'$Lang::tr{'advproxy NCSA grp extended'}\':

 		  
+END +; } + +# =================================================================== +# IDENTD auth settings +# =================================================================== + +if ($proxysettings{'AUTH_METHOD'} eq 'ident') { +print < + + + + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy IDENT identd settings'}
$Lang::tr{'advproxy IDENT required'}:$Lang::tr{'advproxy AUTH always required'}:
$Lang::tr{'advproxy IDENT timeout'}:  
$Lang::tr{'advproxy IDENT aware hosts'}:$Lang::tr{'advproxy AUTH no auth'}: *
+
+ + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy IDENT user based access restrictions'}
$Lang::tr{'advproxy enabled'}:  
+ $Lang::tr{'advproxy IDENT use positive access list'}: + $Lang::tr{'advproxy IDENT use negative access list'}:
$Lang::tr{'advproxy IDENT authorized users'}$Lang::tr{'advproxy IDENT unauthorized users'}
+END +; } + +# =================================================================== +# NTLM auth settings +# =================================================================== + +if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { +print < + + + + + + + + + + + + +
$Lang::tr{'advproxy NTLM domain settings'}
$Lang::tr{'advproxy NTLM domain'}:$Lang::tr{'advproxy NTLM PDC hostname'}:$Lang::tr{'advproxy NTLM BDC hostname'}: *
+
+ + + + + + + + + +
$Lang::tr{'advproxy NTLM auth mode'}
$Lang::tr{'advproxy NTLM use integrated auth'}: 
+
+ + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy NTLM user based access restrictions'}
$Lang::tr{'advproxy enabled'}:  
+ $Lang::tr{'advproxy NTLM use positive access list'}: + $Lang::tr{'advproxy NTLM use negative access list'}:
$Lang::tr{'advproxy NTLM authorized users'}$Lang::tr{'advproxy NTLM unauthorized users'}
+END +; } + +# =================================================================== +# LDAP auth settings +# =================================================================== + +if ($proxysettings{'AUTH_METHOD'} eq 'ldap') { +print < + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy LDAP common settings'}
$Lang::tr{'advproxy LDAP basedn'}:$Lang::tr{'advproxy LDAP type'}:
$Lang::tr{'advproxy LDAP server'}:$Lang::tr{'advproxy LDAP port'}:
+
+ + + + + + + + + + +
$Lang::tr{'advproxy LDAP binddn settings'}
$Lang::tr{'advproxy LDAP binddn username'}:$Lang::tr{'advproxy LDAP binddn password'}:
+
+ + + + + + + + + + +
$Lang::tr{'advproxy LDAP group access control'}
$Lang::tr{'advproxy LDAP group required'}: *  
+END +; } + +# =================================================================== +# RADIUS auth settings +# =================================================================== + +if ($proxysettings{'AUTH_METHOD'} eq 'radius') { +print < + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy RADIUS radius settings'}
$Lang::tr{'advproxy RADIUS server'}:$Lang::tr{'advproxy RADIUS port'}:
$Lang::tr{'advproxy RADIUS identifier'}: *$Lang::tr{'advproxy RADIUS secret'}:
+
+ + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy RADIUS user based access restrictions'}
$Lang::tr{'advproxy enabled'}:  
+ $Lang::tr{'advproxy RADIUS use positive access list'}: + $Lang::tr{'advproxy RADIUS use negative access list'}:
$Lang::tr{'advproxy RADIUS authorized users'}$Lang::tr{'advproxy RADIUS unauthorized users'}
+END +; } + +# =================================================================== + +} + +print "\n"; + +if ($proxysettings{'AUTH_METHOD'} eq 'none') { +print < + + + + + + +END +; } + +if ($proxysettings{'AUTH_METHOD'} eq 'ident') { +print < + + + + +END +; } + +if (!($proxysettings{'AUTH_METHOD'} eq 'ncsa')) { +print < + +END +; } + +if (!($proxysettings{'AUTH_METHOD'} eq 'ident')) { +print < + + + + + + +END +; } + +if (!($proxysettings{'AUTH_METHOD'} eq 'ldap')) { +print < + + + + + + +END +; } + +if (!($proxysettings{'AUTH_METHOD'} eq 'ntlm')) { +print < + + + + + + + +END +; } + +if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) { +print < + + + + + + + +END +; } + +print "
\n"; + +print < +END +; + +print < + +   + + + +   + + + +
+ + + + + +
*  + $Lang::tr{'this field may be blank'} + + Advanced Proxy $advproxyversion +
+ +END +; + +&Header::closebox(); + +} else { + +# =================================================================== +# NCSA user management +# =================================================================== + +&Header::openbox('100%', 'left', "$Lang::tr{'advproxy NCSA auth'}"); +print < + + + + + + + + + + + + + + + + + +
$Lang::tr{'advproxy NCSA user management'}
$Lang::tr{'advproxy NCSA username'}:$Lang::tr{'advproxy NCSA group'}: + +
$Lang::tr{'advproxy NCSA password'}:$Lang::tr{'advproxy NCSA password confirm'}:
+
+ + + + + + +END +; + if ($proxysettings{'ACTION'} eq $Lang::tr{'edit'}) { + print "\n"; + } + +print <  + + + +
  
+ +
+ + + + +
$Lang::tr{'advproxy NCSA user accounts'}:
+ +END +; + +if (-e $extgrp) +{ + open(FILE, $extgrp); @grouplist = ; close(FILE); + foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":extended"); } +} +if (-e $stdgrp) +{ + open(FILE, $stdgrp); @grouplist = ; close(FILE); + foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":standard"); } +} +if (-e $disgrp) +{ + open(FILE, $disgrp); @grouplist = ; close(FILE); + foreach $user (@grouplist) { chomp($user); push(@userlist,$user.":disabled"); } +} + +@userlist = sort(@userlist); + +# If the password file contains entries, print entries and action icons + +if (! -z "$userdb") { + print < + + + + +END +; + $id = 0; + foreach $line (@userlist) + { + $id++; + chomp($line); + @temp = split(/:/,$line); + if($proxysettings{'ACTION'} eq $Lang::tr{'edit'} && $proxysettings{'ID'} eq $line) { + print "\n"; } + elsif ($id % 2) { + print "\n"; } + else { + print "\n"; } + + print <$temp[0] + + + + +END +; + } + +print < +
+
$Lang::tr{'advproxy NCSA username'}$Lang::tr{'advproxy NCSA group membership'} 
+END +; + if ($temp[1] eq 'standard') { + print $Lang::tr{'advproxy NCSA grp standard'}; + } elsif ($temp[1] eq 'extended') { + print $Lang::tr{'advproxy NCSA grp extended'}; + } elsif ($temp[1] eq 'disabled') { + print $Lang::tr{'advproxy NCSA grp disabled'}; } + print < + +
+ + + +
+ 		+
+ + + +
+
+ + + + + + + +END +; +} else { + print < + + +END +; +} + +print < +END +; + +&Header::closebox(); + +} + +# =================================================================== + +&Header::closebigbox(); + +&Header::closepage(); + +# ------------------------------------------------------------------- + +sub read_acls +{ + if (-e "$acl_src_subnets") { + open(FILE,"$acl_src_subnets"); + delete $proxysettings{'SRC_SUBNETS'}; + while () { $proxysettings{'SRC_SUBNETS'} .= $_ }; + close(FILE); + } + if (-e "$acl_src_banned_ip") { + open(FILE,"$acl_src_banned_ip"); + delete $proxysettings{'SRC_BANNED_IP'}; + while () { $proxysettings{'SRC_BANNED_IP'} .= $_ }; + close(FILE); + } + if (-e "$acl_src_banned_mac") { + open(FILE,"$acl_src_banned_mac"); + delete $proxysettings{'SRC_BANNED_MAC'}; + while () { $proxysettings{'SRC_BANNED_MAC'} .= $_ }; + close(FILE); + } + if (-e "$acl_src_unrestricted_ip") { + open(FILE,"$acl_src_unrestricted_ip"); + delete $proxysettings{'SRC_UNRESTRICTED_IP'}; + while () { $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_ }; + close(FILE); + } + if (-e "$acl_src_unrestricted_mac") { + open(FILE,"$acl_src_unrestricted_mac"); + delete $proxysettings{'SRC_UNRESTRICTED_MAC'}; + while () { $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_ }; + close(FILE); + } + if (-e "$acl_dst_nocache") { + open(FILE,"$acl_dst_nocache"); + delete $proxysettings{'DST_NOCACHE'}; + while () { $proxysettings{'DST_NOCACHE'} .= $_ }; + close(FILE); + } + if (-e "$acl_dst_noauth") { + open(FILE,"$acl_dst_noauth"); + delete $proxysettings{'DST_NOAUTH'}; + while () { $proxysettings{'DST_NOAUTH'} .= $_ }; + close(FILE); + } + if (-e "$mimetypes") { + open(FILE,"$mimetypes"); + delete $proxysettings{'MIME_TYPES'}; + while () { $proxysettings{'MIME_TYPES'} .= $_ }; + close(FILE); + } + if (-e "$ntlmdir/msntauth.allowusers") { + open(FILE,"$ntlmdir/msntauth.allowusers"); + delete $proxysettings{'NTLM_ALLOW_USERS'}; + while () { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ }; + close(FILE); + } + if (-e "$ntlmdir/msntauth.denyusers") { + open(FILE,"$ntlmdir/msntauth.denyusers"); + delete $proxysettings{'NTLM_DENY_USERS'}; + while () { $proxysettings{'NTLM_DENY_USERS'} .= $_ }; + close(FILE); + } + if (-e "$raddir/radauth.allowusers") { + open(FILE,"$raddir/radauth.allowusers"); + delete $proxysettings{'RADIUS_ALLOW_USERS'}; + while () { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_ }; + close(FILE); + } + if (-e "$raddir/radauth.denyusers") { + open(FILE,"$raddir/radauth.denyusers"); + delete $proxysettings{'RADIUS_DENY_USERS'}; + while () { $proxysettings{'RADIUS_DENY_USERS'} .= $_ }; + close(FILE); + } + if (-e "$identdir/identauth.allowusers") { + open(FILE,"$identdir/identauth.allowusers"); + delete $proxysettings{'IDENT_ALLOW_USERS'}; + while () { $proxysettings{'IDENT_ALLOW_USERS'} .= $_ }; + close(FILE); + } + if (-e "$identdir/identauth.denyusers") { + open(FILE,"$identdir/identauth.denyusers"); + delete $proxysettings{'IDENT_DENY_USERS'}; + while () { $proxysettings{'IDENT_DENY_USERS'} .= $_ }; + close(FILE); + } + if (-e "$identhosts") { + open(FILE,"$identhosts"); + delete $proxysettings{'IDENT_HOSTS'}; + while () { $proxysettings{'IDENT_HOSTS'} .= $_ }; + close(FILE); + } + if (-e "$cre_groups") { + open(FILE,"$cre_groups"); + delete $proxysettings{'CRE_GROUPS'}; + while () { $proxysettings{'CRE_GROUPS'} .= $_ }; + close(FILE); + } + if (-e "$cre_svhosts") { + open(FILE,"$cre_svhosts"); + delete $proxysettings{'CRE_SVHOSTS'}; + while () { $proxysettings{'CRE_SVHOSTS'} .= $_ }; + close(FILE); + } +} + +# ------------------------------------------------------------------- + +sub check_acls +{ + @temp = split(/\n/,$proxysettings{'SRC_SUBNETS'}); + undef $proxysettings{'SRC_SUBNETS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipandmask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } + $proxysettings{'SRC_SUBNETS'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'SRC_BANNED_IP'}); + undef $proxysettings{'SRC_BANNED_IP'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } + $proxysettings{'SRC_BANNED_IP'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'SRC_BANNED_MAC'}); + undef $proxysettings{'SRC_BANNED_MAC'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; s/-/:/g; + if ($_) + { + unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; } + $proxysettings{'SRC_BANNED_MAC'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_IP'}); + undef $proxysettings{'SRC_UNRESTRICTED_IP'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } + $proxysettings{'SRC_UNRESTRICTED_IP'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'SRC_UNRESTRICTED_MAC'}); + undef $proxysettings{'SRC_UNRESTRICTED_MAC'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; s/-/:/g; + if ($_) + { + unless (&General::validmac($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid mac'}; } + $proxysettings{'SRC_UNRESTRICTED_MAC'} .= $_."\n"; + } + } + + if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) + { + @temp = split(/\n/,$proxysettings{'NTLM_ALLOW_USERS'}); + undef $proxysettings{'NTLM_ALLOW_USERS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) { $proxysettings{'NTLM_ALLOW_USERS'} .= $_."\n"; } + } + if ($proxysettings{'NTLM_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } + } + + if (($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && ($proxysettings{'NTLM_USER_ACL'} eq 'negative')) + { + @temp = split(/\n/,$proxysettings{'NTLM_DENY_USERS'}); + undef $proxysettings{'NTLM_DENY_USERS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) { $proxysettings{'NTLM_DENY_USERS'} .= $_."\n"; } + } + if ($proxysettings{'NTLM_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } + } + + if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'positive')) + { + @temp = split(/\n/,$proxysettings{'IDENT_ALLOW_USERS'}); + undef $proxysettings{'IDENT_ALLOW_USERS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) { $proxysettings{'IDENT_ALLOW_USERS'} .= $_."\n"; } + } + if ($proxysettings{'IDENT_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } + } + + if (($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') && ($proxysettings{'IDENT_USER_ACL'} eq 'negative')) + { + @temp = split(/\n/,$proxysettings{'IDENT_DENY_USERS'}); + undef $proxysettings{'IDENT_DENY_USERS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) { $proxysettings{'IDENT_DENY_USERS'} .= $_."\n"; } + } + if ($proxysettings{'IDENT_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } + } + + if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive')) + { + @temp = split(/\n/,$proxysettings{'RADIUS_ALLOW_USERS'}); + undef $proxysettings{'RADIUS_ALLOW_USERS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) { $proxysettings{'RADIUS_ALLOW_USERS'} .= $_."\n"; } + } + if ($proxysettings{'RADIUS_ALLOW_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } + } + + if (($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative')) + { + @temp = split(/\n/,$proxysettings{'RADIUS_DENY_USERS'}); + undef $proxysettings{'RADIUS_DENY_USERS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) { $proxysettings{'RADIUS_DENY_USERS'} .= $_."\n"; } + } + if ($proxysettings{'RADIUS_DENY_USERS'} eq '') { $errormessage = $Lang::tr{'advproxy errmsg acl cannot be empty'}; } + } + + @temp = split(/\n/,$proxysettings{'IDENT_HOSTS'}); + undef $proxysettings{'IDENT_HOSTS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } + $proxysettings{'IDENT_HOSTS'} .= $_."\n"; + } + } + + @temp = split(/\n/,$proxysettings{'CRE_SVHOSTS'}); + undef $proxysettings{'CRE_SVHOSTS'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipormask($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid ip or mask'}; } + $proxysettings{'CRE_SVHOSTS'} .= $_."\n"; + } + } +} + + +# ------------------------------------------------------------------- + +sub write_acls +{ + open(FILE, ">$acl_src_subnets"); + flock(FILE, 2); + print FILE $proxysettings{'SRC_SUBNETS'}; + close(FILE); + + open(FILE, ">$acl_src_banned_ip"); + flock(FILE, 2); + print FILE $proxysettings{'SRC_BANNED_IP'}; + close(FILE); + + open(FILE, ">$acl_src_banned_mac"); + flock(FILE, 2); + print FILE $proxysettings{'SRC_BANNED_MAC'}; + close(FILE); + + open(FILE, ">$acl_src_unrestricted_ip"); + flock(FILE, 2); + print FILE $proxysettings{'SRC_UNRESTRICTED_IP'}; + close(FILE); + + open(FILE, ">$acl_src_unrestricted_mac"); + flock(FILE, 2); + print FILE $proxysettings{'SRC_UNRESTRICTED_MAC'}; + close(FILE); + + open(FILE, ">$acl_dst_nocache"); + flock(FILE, 2); + print FILE $proxysettings{'DST_NOCACHE'}; + close(FILE); + + open(FILE, ">$acl_dst_noauth"); + flock(FILE, 2); + print FILE $proxysettings{'DST_NOAUTH'}; + close(FILE); + + open(FILE, ">$acl_dst_throttle"); + flock(FILE, 2); + if ($proxysettings{'THROTTLE_BINARY'} eq 'on') + { + @temp = split(/\|/,$throttle_binary); + foreach (@temp) { print FILE "\\.$_\$\n"; } + } + if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on') + { + @temp = split(/\|/,$throttle_dskimg); + foreach (@temp) { print FILE "\\.$_\$\n"; } + } + if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on') + { + @temp = split(/\|/,$throttle_mmedia); + foreach (@temp) { print FILE "\\.$_\$\n"; } + } + if (-s $throttled_urls) + { + open(URLFILE, $throttled_urls); + @temp = ; + close(URLFILE); + foreach (@temp) { print FILE; } + } + close(FILE); + + open(FILE, ">$mimetypes"); + flock(FILE, 2); + print FILE $proxysettings{'MIME_TYPES'}; + close(FILE); + + open(FILE, ">$ntlmdir/msntauth.allowusers"); + flock(FILE, 2); + print FILE $proxysettings{'NTLM_ALLOW_USERS'}; + close(FILE); + + open(FILE, ">$ntlmdir/msntauth.denyusers"); + flock(FILE, 2); + print FILE $proxysettings{'NTLM_DENY_USERS'}; + close(FILE); + + open(FILE, ">$raddir/radauth.allowusers"); + flock(FILE, 2); + print FILE $proxysettings{'RADIUS_ALLOW_USERS'}; + close(FILE); + + open(FILE, ">$raddir/radauth.denyusers"); + flock(FILE, 2); + print FILE $proxysettings{'RADIUS_DENY_USERS'}; + close(FILE); + + open(FILE, ">$identdir/identauth.allowusers"); + flock(FILE, 2); + print FILE $proxysettings{'IDENT_ALLOW_USERS'}; + close(FILE); + + open(FILE, ">$identdir/identauth.denyusers"); + flock(FILE, 2); + print FILE $proxysettings{'IDENT_DENY_USERS'}; + close(FILE); + + open(FILE, ">$identhosts"); + flock(FILE, 2); + print FILE $proxysettings{'IDENT_HOSTS'}; + close(FILE); + + open(FILE, ">$cre_groups"); + flock(FILE, 2); + print FILE $proxysettings{'CRE_GROUPS'}; + close(FILE); + + open(FILE, ">$cre_svhosts"); + flock(FILE, 2); + print FILE $proxysettings{'CRE_SVHOSTS'}; + close(FILE); +} + +# ------------------------------------------------------------------- + +sub writepacfile +{ + open(FILE, ">/home/httpd/html/proxy.pac"); + flock(FILE, 2); + print FILE "function FindProxyForURL(url, host)\n"; + print FILE "{\n"; + if (($proxysettings{'ENABLE'} eq 'on') || ($proxysettings{'ENABLE_BLUE'} eq 'on')) + { + print FILE <${General::swroot}/proxy/squid.conf"); + flock(FILE, 2); + print FILE <$ntlmdir/msntauth.conf"); + flock(MSNTCONF,2); + print MSNTCONF "server $proxysettings{'NTLM_PDC'}"; + if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; } + print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n"; + if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') + { + if ($proxysettings{'NTLM_USER_ACL'} eq 'positive') + { + print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n"; + } else { + print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n"; + } + } + close(MSNTCONF); + } + } + + if ($proxysettings{'AUTH_METHOD'} eq 'radius') + { + print FILE "auth_param basic program $libexecdir/squid_rad_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} "; + if (!($proxysettings{'RADIUS_IDENTIFIER'} eq '')) { print FILE "-i $proxysettings{'RADIUS_IDENTIFIER'} "; } + print FILE "-w $proxysettings{'RADIUS_SECRET'}\n"; + print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n"; + print FILE "auth_param basic realm $authrealm\n"; + print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n"; + if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; } + } + + print FILE "\n"; + print FILE "acl for_inetusers proxy_auth REQUIRED\n"; + if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')) + { + if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) + { + print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n"; + } + if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative')) + { + print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n"; + } + } + if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')) + { + if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive')) + { + print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.allowusers\"\n"; + } + if ((!-z "$raddir/radauth.denyusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'negative')) + { + print FILE "acl for_acl_users proxy_auth \"$raddir/radauth.denyusers\"\n"; + } + } + if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') + { + print FILE "\n"; + if (!-z $extgrp) { print FILE "acl for_extended_users proxy_auth \"$extgrp\"\n"; } + if (!-z $disgrp) { print FILE "acl for_disabled_users proxy_auth \"$disgrp\"\n"; } + } + if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { print FILE "\nacl concurrent max_user_ip -s $proxysettings{'AUTH_MAX_USERIP'}\n"; } + print FILE "\n"; + + if (!-z $acl_dst_noauth) { print FILE "acl to_domains_without_auth dstdomain \"$acl_dst_noauth\"\n\n"; } + } + + if ($proxysettings{'AUTH_METHOD'} eq 'ident') + { + if ($proxysettings{'IDENT_REQUIRED'} eq 'on') + { + print FILE "acl for_inetusers ident REQUIRED\n"; + } + if ($proxysettings{'IDENT_ENABLE_ACL'} eq 'on') + { + if ((!-z "$identdir/identauth.allowusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'positive')) + { + print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.allowusers\"\n\n"; + } + if ((!-z "$identdir/identauth.denyusers") && ($proxysettings{'IDENT_USER_ACL'} eq 'negative')) + { + print FILE "acl for_acl_users ident_regex -i \"$identdir/identauth.denyusers\"\n\n"; + } + } + } + + if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; } + + if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; } + + print FILE "acl within_timeframe time "; + if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; } + if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; } + if ($proxysettings{'TIME_WED'} eq 'on') { print FILE "W"; } + if ($proxysettings{'TIME_THU'} eq 'on') { print FILE "H"; } + if ($proxysettings{'TIME_FRI'} eq 'on') { print FILE "F"; } + if ($proxysettings{'TIME_SAT'} eq 'on') { print FILE "A"; } + if ($proxysettings{'TIME_SUN'} eq 'on') { print FILE "S"; } + print FILE " $proxysettings{'TIME_FROM_HOUR'}:"; + print FILE "$proxysettings{'TIME_FROM_MINUTE'}-"; + print FILE "$proxysettings{'TIME_TO_HOUR'}:"; + print FILE "$proxysettings{'TIME_TO_MINUTE'}\n\n"; + + if ((!-z $mimetypes) && ($proxysettings{'ENABLE_MIME_FILTER'} eq 'on')) { + print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n"; + } + + print FILE <) { + $_ =~ s/__GREEN_IP__/$netsettings{'GREEN_ADDRESS'}/; + $_ =~ s/__GREEN_NET__/$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}/; + $_ =~ s/__BLUE_IP__/$blue_ip/; + $_ =~ s/__BLUE_NET__/$blue_net/; + print FILE $_; + } + print FILE "#End of custom includes\n"; + close (ACL); + } + if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; } + print FILE < 0) { + if (!-z $acl_src_unrestricted_ip) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_ips\n"; } + if (!-z $acl_src_unrestricted_mac) { print FILE "reply_body_max_size 0 allow IPCop_unrestricted_mac\n"; } + if ($proxysettings{'AUTH_METHOD'} eq 'ncsa') + { + if (!-z $extgrp) { print FILE "reply_body_max_size 0 allow for_extended_users\n"; } + } + } + print FILE "reply_body_max_size $replybodymaxsize allow all\n\n"; + + print FILE "visible_hostname"; + if ($proxysettings{'VISIBLE_HOSTNAME'} eq '') + { + print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n"; + } else { + print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n"; + } + + if (!($proxysettings{'ADMIN_MAIL_ADDRESS'} eq '')) { print FILE "cache_mgr $proxysettings{'ADMIN_MAIL_ADDRESS'}\n\n"; } + + # Write the parent proxy info, if needed. + if ($remotehost ne '') + { + # Enter authentication for the parent cache (format is login=user:password) + if ($proxy1 eq 'YES') { + print FILE <; + close(FILE); + foreach $line (@groupmembers) { if ($line =~ /^$str_user:/i) { $str_pass = substr($line,index($line,":")); } } + &deluser($str_user); + open(FILE, ">>$userdb"); + flock FILE,2; + print FILE "$str_user$str_pass"; + close(FILE); + } else { + &deluser($str_user); + system("/usr/bin/htpasswd -b $userdb $str_user $str_pass"); + } + + if ($str_group eq 'standard') { open(FILE, ">>$stdgrp"); + } elsif ($str_group eq 'extended') { open(FILE, ">>$extgrp"); + } elsif ($str_group eq 'disabled') { open(FILE, ">>$disgrp"); } + flock FILE, 2; + print FILE "$str_user\n"; + close(FILE); + + return; +} + +# ------------------------------------------------------------------- + +sub deluser +{ + my ($str_user) = @_; + my $groupfile=''; + my @groupmembers=(); + my @templist=(); + + foreach $groupfile ($stdgrp, $extgrp, $disgrp) + { + undef @templist; + open(FILE, "$groupfile"); + @groupmembers = ; + close(FILE); + foreach $line (@groupmembers) { if (!($line =~ /^$str_user$/i)) { push(@templist, $line); } } + open(FILE, ">$groupfile"); + flock FILE, 2; + print FILE @templist; + close(FILE); + } + + undef @templist; + open(FILE, "$userdb"); + @groupmembers = ; + close(FILE); + foreach $line (@groupmembers) { if (!($line =~ /^$str_user:/i)) { push(@templist, $line); } } + open(FILE, ">$userdb"); + flock FILE, 2; + print FILE @templist; + close(FILE); + + return; +} -} # end sub DoHTML -1 +# ------------------------------------------------------------------- diff --git a/html/cgi-bin/webaccess.cgi b/html/cgi-bin/webaccess.cgi new file mode 100644 index 0000000000..87f2df3443 --- /dev/null +++ b/html/cgi-bin/webaccess.cgi @@ -0,0 +1,377 @@ +#!/usr/bin/perl + +# +# $Id: webaccess.cgi,v 2.0 2006/01/11 00:00:00 marco.s Exp $ +# + +use CGI; + +my $swroot = "/var/ipcop"; +my $apdir = "$swroot/proxy/advanced"; +my $group_def_file = "$apdir/cre/classrooms"; +my $svhosts_file = "$apdir/cre/supervisors"; +my $acl_src_noaccess_ips = "$apdir/acls/src_noaccess_ip.acl"; +my $acl_src_noaccess_mac = "$apdir/acls/src_noaccess_mac.acl"; + +my $banner = "A D V A N C E D   P R O X Y   -   W E B   A C C E S S   M A N A G E R"; +my %cgiparams; +my %mainsettings; +my %proxysettings; + +my %acl=(); +my @group_defs=(); +my @groups=(); + +### Initialize environment +&readhash("${swroot}/main/settings", \%mainsettings); +&readhash("${swroot}/proxy/advanced/settings", \%proxysettings); +$language = $mainsettings{'LANGUAGE'}; + +### Initialize language +if ($language =~ /^(\w+)$/) {$language = $1;} + # + # Uncomment this to force a certain language: + # $language='en'; + # +require "${swroot}/langs/en.pl"; +require "${swroot}/langs/${language}.pl"; + +&getcgihash(\%cgiparams); + +&read_all_groups; +&read_acl_groups; + +foreach (@groups) +{ + if ($cgiparams{$_} eq $tr{'advproxy mode deny'}) { $acl{$_}='on'; } + if ($cgiparams{$_} eq $tr{'advproxy mode allow'}) { $acl{$_}='off'; } +} + +&read_all_groups; + +my $is_supervisor=0; + +if ((-e $svhosts_file) && (!-z $svhosts_file)) +{ + open (FILE, $svhosts_file); + while () + { + chomp; + if ($ENV{'REMOTE_ADDR'} eq $_) { $is_supervisor=1; } + } + close (FILE); + +} else { $is_supervisor=1; } + +if (($cgiparams{'ACTION'} eq 'submit') && ($is_supervisor)) +{ + if ( ($cgiparams{'PASSWORD'} eq $proxysettings{'SUPERVISOR_PASSWORD'}) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')) || + ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && ($proxysettings{'SUPERVISOR_PASSWORD'} eq ''))) + { + &write_acl; + system("/usr/local/bin/restartsquid"); + } +} + +&read_acl_groups; + +#undef(%cgiparams); + +# ------------------------------------------------------------------- + +print < + + + +Advanced Proxy - Web Access Manager + + + + +
+ +
+ +
  $Lang::tr{'legend'}:    $Lang::tr{$Lang::tr{'edit'}    $Lang::tr{$Lang::tr{'remove'}
$Lang::tr{'advproxy NCSA no accounts'}
+ + + + + + +
+ + + + + + +END +; +if ($proxysettings{'CLASSROOM_EXT'} eq 'on') +{ +if (@groups) +{ +print < + +END +; +} else { + print " \n"; + print " \n"; + print " \n"; +} +} else { + print " \n"; + print " \n"; + print " \n"; +} + +print < + + + + + + + + +
+ $banner +
+ + + +END +; +if (($is_supervisor) && ((defined($proxysettings{'SUPERVISOR_PASSWORD'})) && (!($proxysettings{'SUPERVISOR_PASSWORD'} eq '')))) +{ +print < + $tr{'advproxy supervisor password'}: + + +END +; +} +print < + +
+ +

+ +END +; + foreach (@groups) { + if ($is_supervisor) + { + print""; + } else { + print"
"; + } + print "\n"; + if ((defined($acl{$_})) && ($acl{$_} eq 'on')) + { + print " \n"; + } else { + print "\n"; + } + } + print "\n"; + print "
$_"; + } else { print " $_"; } + if ($is_supervisor) + { + if ((defined($acl{$_})) && ($acl{$_} eq 'on')) + { + print ""; + print ""; + print " "; + print ""; + print " 
\n"; + print""; + print "\n"; + print "
\n"; + } + +print < +

\n"; + print " $tr{'advproxy no cre groups'}\n"; + print "
\n"; + print " $tr{'advproxy cre disabled'}\n"; + print "
+ + Advanced Proxy running on + IPCop + +
+ + + + + + + + +END +; + +# ------------------------------------------------------------------- + +sub readhash +{ + my $filename = $_[0]; + my $hash = $_[1]; + my ($var, $val); + + if (-e $filename) + { + open(FILE, $filename) or die "Unable to read file $filename"; + while () + { + chop; + ($var, $val) = split /=/, $_, 2; + if ($var) + { + $val =~ s/^\'//g; + $val =~ s/\'$//g; + + # Untaint variables read from hash + $var =~ /([A-Za-z0-9_-]*)/; $var = $1; + $val =~ /([\w\W]*)/; $val = $1; + $hash->{$var} = $val; + } + } + close FILE; + } +} + +# ------------------------------------------------------------------- + +sub getcgihash +{ + my ($hash, $params) = @_; + my $cgi = CGI->new (); + return if ($ENV{'REQUEST_METHOD'} ne 'POST'); + if (!$params->{'wantfile'}) { + $CGI::DISABLE_UPLOADS = 1; + $CGI::POST_MAX = 512 * 1024; + } else { + $CGI::POST_MAX = 10 * 1024 * 1024; + } + + $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/; + my $referer = $1; + $cgi->url() =~ m/^https?\:\/\/([^\/]+)/; + my $servername = $1; + return if ($referer ne $servername); + + ### Modified for getting multi-vars, split by | + %temp = $cgi->Vars(); + foreach my $key (keys %temp) { + $hash->{$key} = $temp{$key}; + $hash->{$key} =~ s/\0/|/g; + $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/; + } + + if (($params->{'wantfile'})&&($params->{'filevar'})) { + $hash->{$params->{'filevar'}} = $cgi->upload + ($params->{'filevar'}); + } + return; +} + +# ------------------------------------------------------------------- + +sub read_acl_groups +{ + undef(%acl); + open (FILE,"$acl_src_noaccess_ips"); + my @aclgroups = ; + close (FILE); + foreach (@aclgroups) + { + chomp; + if (/^\#/) + { + s/^\# //; + $acl{$_}='on'; + } + } +} + +# ------------------------------------------------------------------- + +sub read_all_groups +{ + my $grpstr; + + open (FILE,"$group_def_file"); + @group_defs = ; + close (FILE); + + undef(@groups); + foreach (@group_defs) + { + chomp; + if (/^\s*\[.*\]\s*$/) + { + $grpstr=$_; + $grpstr =~ s/^\s*\[\s*//; + $grpstr =~ s/\s*\]\s*$//; + push(@groups,$grpstr); + } + } +} + +# ------------------------------------------------------------------- + +sub write_acl +{ + my $is_blocked=0; + + open (FILE_IPS,">$acl_src_noaccess_ips"); + open (FILE_MAC,">$acl_src_noaccess_mac"); + flock (FILE_IPS, 2); + flock (FILE_MAC, 2); + foreach (@group_defs) + { + if (/^\s*\[.*\]\s*$/) + { + s/^\s*\[\s*//; + s/\s*\]\s*$//; + if ((defined($acl{$_})) && ($acl{$_} eq 'on')) + { + print FILE_IPS "# $_\n"; + print FILE_MAC "# $_\n"; + $is_blocked=1; + } else { $is_blocked=0; } + } elsif (($is_blocked) && ($_)) + { + s/^\s+//g; s/\s+$//g; + /^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i ? print FILE_MAC "$_\n" : print FILE_IPS "$_\n"; + } + } + + close (FILE_IPS); + close (FILE_MAC); +} + +# ------------------------------------------------------------------- diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index b06f13c81f..07df2d9e8f 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1058,6 +1058,213 @@ 'add-route' => 'Additional push route', 'subnet' => 'Subnet', 'route subnet is invalid' => 'Additional push route subnet is invalid', +'advproxy advanced proxy' => 'Advanced Proxy', +'advproxy ssadvanced proxy' => 'advanced proxy', +'advproxy advanced web proxy' => 'Advanced Web Proxy', +'advproxy advanced web proxy configuration' => 'Advanced Web Proxy Konfiguration', +'advproxy common settings' => 'Allgemeine Einstellungen', +'advproxy enabled on' => 'Aktiviert auf', +'advproxy transparent on' => 'Transparent auf', +'advproxy proxy port' => 'Proxy Port', +'advproxy visible hostname' => 'Sichtbarer Hostname', +'advproxy admin mail' => 'Cache Administrator E-Mail', +'advproxy error language' => 'Sprache der Fehlermeldungen', +'advproxy upstream proxy' => 'Vorgelagerter Proxy', +'advproxy via forwarding' => 'Proxy-Adresse weiterleiten', +'advproxy client IP forwarding' => 'Client-IP-Adresse weiterleiten', +'advproxy username forwarding' => ' Benutzernamen weiterleiten', +'advproxy upstream proxy host:port' => 'Vorgelagerter Proxy (Host:Port)', +'advproxy upstream username' => 'Proxy-Benutzername', +'advproxy upstream password' => 'Proxy-Passwort', +'advproxy log settings' => 'Protokolleinstellungen', +'advproxy log enabled' => 'Protokoll aktiviert', +'advproxy log query' => 'Protokolliere Query Terms', +'advproxy log useragent' => 'Protokolliere Useragents', +'advproxy cache management' => 'Cacheverwaltung', +'advproxy hdd cache size' => 'Cachegröße auf der Festplatte (MB)', +'advproxy ram cache size' => 'Cachegröße im Arbeitsspeicher (MB)', +'advproxy min size' => 'Min. Objektgröße (KB)', +'advproxy max size' => 'Max. Objektgröße (KB)', +'advproxy memory replacement policy' => 'Speicher Ersetzungsrichtlinie', +'advproxy cache replacement policy' => 'Cache Ersetzungsrichtlinie', +'advproxy no cache sites' => 'Diese Domains nicht zwischenspeichern (eine pro Zeile)', +'advproxy number of L1 dirs' => 'Anzahl der Level-1 Unterverzeichnisse', +'advproxy offline mode' => 'Aktiviere Offline-Modus', +'advproxy network based access' => 'Netzwerkbasierte Zugriffskontrolle', +'advproxy allowed subnets' => 'Erlaubte Subnetze (eins pro Zeile)', +'advproxy unrestricted ip clients' => 'Uneingeschränkte IP-Adressen (eine pro Zeile)', +'advproxy unrestricted mac clients' => 'Uneingeschränkte MAC-Adressen (eine pro Zeile)', +'advproxy banned ip clients' => 'Gesperrte IP-Adressen (eine pro Zeile)', +'advproxy banned mac clients' => 'Gesperrte MAC-Adressen (eine pro Zeile)', +'advproxy classroom extensions' => 'Erweiterungen für Klassenräume', +'advproxy supervisor password' => 'Supervisor-Passwort', +'advproxy no cre groups' => 'Es sind keine Zugriffsgruppen verfügbar', +'advproxy cre disabled' => 'Die Verwaltungsoberfläche wurde vom Administrator deaktiviert', +'advproxy cre group definitions' => 'Klassenraum-Gruppendefinitionen', +'advproxy cre supervisors' => 'Supervisor IP-Adressen (eine pro Zeile)', +'advproxy time restrictions' => 'Zeitbeschränkungen', +'advproxy access' => 'Zugriff', +'advproxy from' => 'Von', +'advproxy to' => 'Bis', +'advproxy mode allow' => 'Zulassen', +'advproxy mode deny' => 'Verweigern', +'advproxy monday' => 'Mon', +'advproxy tuesday' => 'Die', +'advproxy wednesday' => 'Mit', +'advproxy thursday' => 'Don', +'advproxy friday' => 'Fre', +'advproxy saturday' => 'Sam', +'advproxy sunday' => 'Son', +'advproxy transfer limits' => 'Transfergrenzen', +'advproxy max download size' => 'Max. Größe von Downloads (KB)', +'advproxy max upload size' => 'Max. Größe von Uploads (KB)', +'advproxy download throttling' => 'Download-Drosselung', +'advproxy throttling total on' => 'Begrenzung insgesamt auf', +'advproxy throttling per host on' => 'Begrenzung pro Host auf', +'advproxy throttling unlimited' => 'unbegrenzt', +'advproxy content based throttling' => 'Aktiviere inhaltsbasierte Drosselung', +'advproxy throttle binary' => 'Binärdateien', +'advproxy throttle dskimg' => 'CD-Images', +'advproxy throttle mmedia' => 'Multimedia', +'advproxy MIME filter' => 'MIME-Type Filter', +'advproxy MIME block types' => ' Sperre diese MIME-Typen (einer pro Zeile)', +'advproxy web browser' => 'Web-Browser', +'advproxy allowed web browsers' => 'Zulässige Clients für Web-Zugriffe', +'advproxy no clients defined' => 'Keine Clients definiert', +'advproxy UA enable filter' => 'Aktiviere Web-Browser-Prüfung', +'advproxy privacy' => 'Datenschutz', +'advproxy fake useragent' => 'Gefälschter Useragent für externe Web-Sites', +'advproxy fake referer' => 'Gefälschter Referer für externe Web-Sites', +'advproxy url filter' => 'URL-Filter', +'advproxy update accelerator' => 'Update-Beschleuniger', +'advproxy enabled' => 'Aktiviert', +'advproxy save and restart' => 'Speichern und Neustart', +'advproxy clear cache' => 'Cache leeren', +'advproxy reset' => 'Zurücksetzen', +'advproxy back to main page' => 'Zurück zur Hauptseite', +'advproxy AUTH method' => 'Authentifizierungsmethode', +'advproxy AUTH global settings' => 'Globale Authentifizierungseinstellungen', +'advproxy AUTH method none' => 'Keine', +'advproxy AUTH method ncsa' => 'Lokal', +'advproxy AUTH method ident' => 'identd', +'advproxy AUTH method ldap' => 'LDAP', +'advproxy AUTH method ntlm' => 'Windows', +'advproxy AUTH method radius' => 'RADIUS', +'advproxy AUTH limit of IP addresses' => 'Begrenzung von IP-Adressen pro Benutzer', +'advproxy AUTH auth cache TTL' => 'Authentifizierungscache TTL (in Minuten)', +'advproxy AUTH user IP cache TTL' => 'Benutzer/IP-Cache TTL (in Minuten)', +'advproxy AUTH number of auth processes' => 'Anzahl der Authentifizierungsprozesse', +'advproxy AUTH always required' => 'Authentifizierung für uneingeschränkte Quelladressen erforderlich', +'advproxy AUTH realm' => 'Authentifizierungs-Realm Anzeige', +'advproxy AUTH no auth' => 'Domains ohne Authentifizierung (eine pro Zeile)', +'advproxy NCSA auth' => 'Lokale Benutzerauthentifizierung', +'advproxy NCSA user management' => 'Benutzerverwaltung', +'advproxy NCSA min password length' => 'Min. Passwordlänge', +'advproxy NCSA redirector bypass' => 'Umleitung umgehen für Mitglieder der Gruppe', +'advproxy NCSA create user' => 'Benutzer erstellen', +'advproxy NCSA update user' => 'Benutzer aktualisieren', +'advproxy NCSA user accounts' => 'Benutzerkonten', +'advproxy NCSA no accounts' => 'Keine Benutzerkonten verfügbar', +'advproxy NCSA username' => 'Benutzername', +'advproxy NCSA password' => 'Passwort', +'advproxy NCSA password confirm' => 'Passwort (Bestätigung)', +'advproxy NCSA group' => 'Gruppe', +'advproxy NCSA group membership' => 'Gruppenmitgliedschaft', +'advproxy NCSA grp standard' => 'Standard', +'advproxy NCSA grp extended' => 'Erweitert', +'advproxy NCSA grp disabled' => 'Deaktiviert', +'advproxy IDENT identd settings' => 'Allgemeine identd Einstellungen', +'advproxy IDENT required' => 'Identd-Authentifizierung erforderlich', +'advproxy IDENT timeout' => 'Timeout für ident (in Sekunden)', +'advproxy IDENT aware hosts' => 'Ident-fähige Hosts (einer pro Zeile)', +'advproxy IDENT user based access restrictions' => 'Benutzerbasierte Zugriffsbeschränkungen', +'advproxy IDENT authorized users' => 'Autorisierte Benutzer (einer pro Zeile)', +'advproxy IDENT unauthorized users' => 'Unautorisierte Benutzer (einer pro Zeile)', +'advproxy IDENT use positive access list' => 'Verwende positive Zugriffskontrolle', +'advproxy IDENT use negative access list' => 'Verwende negative Zugriffskontrolle', +'advproxy LDAP auth' => 'LDAP Authentifizierung', +'advproxy LDAP common settings' => 'Allgemeine LDAP-Einstellungen', +'advproxy LDAP binddn settings' => 'Bind DN Einstellungen', +'advproxy LDAP binddn username' => 'Bind DN Benutzername', +'advproxy LDAP binddn password' => 'Bind DN Passwort', +'advproxy LDAP basedn' => 'Base DN', +'advproxy LDAP server' => 'LDAP-Server', +'advproxy LDAP port' => 'Port', +'advproxy LDAP group access control' => 'Gruppenbasierte Zugriffskontrolle', +'advproxy LDAP group required' => 'Erforderliche Gruppe', +'advproxy LDAP type' => 'LDAP-Typ', +'advproxy LDAP ADS' => 'Active Directory', +'advproxy LDAP NDS' => 'Novell eDirectory', +'advproxy LDAP V2' => 'LDAP Version 2', +'advproxy LDAP V3' => 'LDAP Version 3', +'advproxy NTLM auth' => 'Windows NT/2003 Authentifizierung', +'advproxy NTLM domain settings' => 'Allgemeine Domäneneinstellungen', +'advproxy NTLM domain' => 'Domäne', +'advproxy NTLM PDC hostname' => 'PDC Hostname', +'advproxy NTLM BDC hostname' => 'BDC Hostname', +'advproxy NTLM user based access restrictions' => 'Benutzerbasierte Zugriffsbeschränkungen', +'advproxy NTLM auth mode' => 'Authentifizierungsmodus', +'advproxy NTLM use integrated auth' => 'Aktiviere integrierte Windows-Authentifizierung', +'advproxy NTLM authorized users' => 'Autorisierte Domänenbenutzer (einer pro Zeile)', +'advproxy NTLM unauthorized users' => 'Unautorisierte Domänenbenutzer (einer pro Zeile)', +'advproxy NTLM use positive access list' => 'Verwende positive Zugriffskontrolle', +'advproxy NTLM use negative access list' => 'Verwende negative Zugriffskontrolle', +'advproxy RADIUS radius settings' => 'Allgemeine RADIUS-Einstellungen', +'advproxy RADIUS server' => 'RADIUS Server', +'advproxy RADIUS port' => 'Port', +'advproxy RADIUS identifier' => 'Kennung', +'advproxy RADIUS secret' => 'Shared Secret', +'advproxy RADIUS user based access restrictions' => 'Benutzerbasierte Zugriffsbeschränkungen', +'advproxy RADIUS authorized users' => 'Autorisierte Benutzer (einer pro Zeile)', +'advproxy RADIUS unauthorized users' => 'Unautorisierte Benutzer (einer pro Zeile)', +'advproxy RADIUS use positive access list' => 'Verwende positive Zugriffskontrolle', +'advproxy RADIUS use negative access list' => 'Verwende negative Zugriffskontrolle', +'advproxy errmsg invalid upstream proxy username or password setting' => 'Ungültiger Benutzername oder ungültiges Kennwort für Upstream Proxy', +'advproxy errmsg hdd cache size' => 'Ungültiger Wert für die Größe des Festplatten-Cachespeichers (min. 10 MB erforderlich)', +'advproxy errmsg mem cache size' => 'Ungültiger Wert für die Größe des RAM-Cachespeichers', +'advproxy errmsg time restriction' => 'Ungültige Zeitbeschränkung', +'advproxy errmsg no browser' => 'Mindestens ein Browser oder Client muss für den Web-Zugriff zugelassen sein', +'advproxy errmsg auth children' => 'Ungültige Anzahl Authentifizierungsprozesse', +'advproxy errmsg auth cache ttl' => 'Ungültiger Wert für Authentifizierungscache TTL', +'advproxy errmsg auth ipcache ttl' => 'Ungültiger Wert für Benutzer/IP-Cache TTL', +'advproxy errmsg max userip' => 'Ungültige Anzahl von IP-Adressen pro Benutzer', +'advproxy errmsg auth ipcache may not be null' => 'Authentifizierungscache TTL darf nicht 0 sein wenn IP-Adressbeschränkungen verwendet werden', +'advproxy errmsg invalid ip or mask' => 'Ungültige IP-Adresse oder Subnetzmaske', +'advproxy errmsg invalid mac' => 'Ungültige MAC-Adresse', +'advproxy errmsg non-transparent proxy required' => 'Web Proxy muss für die Authentifizierung im Nicht-transparenten Modus laufen', +'advproxy errmsg ident timeout' => 'Ungültiger ident Timeout', +'advproxy errmsg ldap base dn' => 'LDAP base DN erforderlich', +'advproxy errmsg ldap server' => 'Ungültige IP-Adresse für den LDAP-Server', +'advproxy errmsg ldap port' => 'Ungültige LDAP Portnummer', +'advproxy errmsg ldap bind dn' => 'LDAP bind DN Benutzername und Passwort erforderlich', +'advproxy errmsg ntlm domain' => 'Windows Domänenname erforderlich', +'advproxy errmsg ntlm pdc' => 'Hostname der Primary Domain Controllers erforderlich', +'advproxy errmsg invalid pdc' => 'Ungültiger Hostname für den Primary Domain Controller', +'advproxy errmsg invalid bdc' => 'Ungültiger Hostname für den Backup Domain Controller', +'advproxy errmsg radius server' => 'Ungültige IP-Adresse für den RADIUS-Server', +'advproxy errmsg radius port' => 'Ungültige RADIUS Portnummer', +'advproxy errmsg radius secret' => 'Shared Secret erforderlich', +'advproxy errmsg acl cannot be empty' => 'Zugriffskontrollliste darf nicht leer sein', +'advproxy errmsg no username' => 'Benutzername darf nicht leer sein', +'advproxy errmsg passwords different' => 'Passwörter stimmen nicht überein', +'advproxy errmsg password length 1' => 'Passwort muss mindestens', +'advproxy errmsg password length 2' => ' Zeichen enthalten', +'advproxy errmsg password length' => 'Ungültiger Wert für Passwortlänge', +'advproxy chgwebpwd change web password' => 'Ä n d e r u n g   d e s   P a s s w o r t e s   f ü r   d e n   W e b z u g r i f f', +'advproxy chgwebpwd username' => 'Benutzername', +'advproxy chgwebpwd old password' => 'Aktuelles Passwort', +'advproxy chgwebpwd new password' => 'Neues Passwort', +'advproxy chgwebpwd new password confirm' => 'Neues Passwort (Bestätigung)', +'advproxy chgwebpwd change password' => 'Passwort ändern', +'advproxy errmsg no password' => 'Passwort kann nicht leer sein', +'advproxy errmsg invalid user' => 'Benutzername existiert nicht', +'advproxy errmsg password incorrect' => 'Falsches Passwort', +'advproxy errmsg change fail' => 'Passwort konnte nicht geändert werden', +'advproxy errmsg change success' => 'Passwort für Webzugriff erfolgreich geändert', +'advproxy chgwebpwd SUCCESS' => 'E R F O L G :', +'advproxy chgwebpwd ERROR' => 'F E H L E R :', +'advproxy update notification' => 'Update-Benachrichtigung!', +'advproxy update information' => 'Eine aktualisierte Version steht zum Download bereit. Besuchen Sie http://www.advproxy.net für weitere Informationen.', ); diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 64bda8cef8..bc8befa317 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1091,5 +1091,212 @@ 'add-route' => 'Additional push route', 'subnet' => 'Subnet', 'route subnet is invalid' => 'Additional push route subnet is invalid', +'advproxy advanced proxy' => 'Advanced Proxy', +'advproxy ssadvanced proxy' => 'advanced proxy', +'advproxy advanced web proxy' => 'Advanced Web Proxy', +'advproxy advanced web proxy configuration' => 'Advanced web proxy configuration', +'advproxy common settings' => 'Common settings', +'advproxy enabled on' => 'Enabled on', +'advproxy transparent on' => 'Transparent on', +'advproxy proxy port' => 'Proxy port', +'advproxy visible hostname' => 'Visible hostname', +'advproxy admin mail' => 'Cache administrator e-mail', +'advproxy error language' => 'Error messages language', +'advproxy upstream proxy' => 'Upstream proxy', +'advproxy via forwarding' => 'Proxy address forwarding', +'advproxy client IP forwarding' => 'Client IP address forwarding', +'advproxy username forwarding' => 'Username forwarding', +'advproxy upstream proxy host:port' => 'Upstream proxy (host:port)', +'advproxy upstream username' => 'Upstream username', +'advproxy upstream password' => 'Upstream password', +'advproxy log settings' => 'Log settings', +'advproxy log enabled' => 'Log enabled', +'advproxy log query' => 'Log query terms', +'advproxy log useragent' => 'Log useragents', +'advproxy cache management' => 'Cache management', +'advproxy hdd cache size' => 'Harddisk cache size (MB)', +'advproxy ram cache size' => 'Memory cache size (MB)', +'advproxy min size' => 'Min object size (KB)', +'advproxy max size' => 'Max object size (KB)', +'advproxy memory replacement policy' => 'Memory replacement policy', +'advproxy cache replacement policy' => 'Cache replacement policy', +'advproxy no cache sites' => 'Do not cache these domains (one per line)', +'advproxy number of L1 dirs' => 'Number of level-1 subdirectories', +'advproxy offline mode' => 'Enable offline mode', +'advproxy network based access' => 'Network based access control', +'advproxy allowed subnets' => 'Allowed subnets (one per line)', +'advproxy unrestricted ip clients' => 'Unrestricted IP addresses (one per line)', +'advproxy unrestricted mac clients' => 'Unrestricted MAC addresses (one per line)', +'advproxy banned ip clients' => 'Banned IP addresses (one per line)', +'advproxy banned mac clients' => 'Banned MAC addresses (one per line)', +'advproxy classroom extensions' => 'Classroom extensions', +'advproxy supervisor password' => 'Supervisor password', +'advproxy no cre groups' => 'There are no access groups available', +'advproxy cre disabled' => 'The management interface has been disabled by the Administrator', +'advproxy cre group definitions' => 'Classroom group definitions', +'advproxy cre supervisors' => 'Supervisor IP addresses (one per line)', +'advproxy time restrictions' => 'Time restrictions', +'advproxy access' => 'Access', +'advproxy from' => 'From', +'advproxy to' => 'To', +'advproxy mode allow' => 'allow', +'advproxy mode deny' => 'deny', +'advproxy monday' => 'Mon', +'advproxy tuesday' => 'Tue', +'advproxy wednesday' => 'Wed', +'advproxy thursday' => 'Thu', +'advproxy friday' => 'Fri', +'advproxy saturday' => 'Sat', +'advproxy sunday' => 'Sun', +'advproxy transfer limits' => 'Transfer limits', +'advproxy max download size' => 'Max download size (KB)', +'advproxy max upload size' => 'Max upload size (KB)', +'advproxy download throttling' => 'Download throttling', +'advproxy throttling total on' => 'Overall limit on', +'advproxy throttling per host on' => 'Limit per host on', +'advproxy throttling unlimited' => 'unlimited', +'advproxy content based throttling' => 'Enable content based throttling', +'advproxy throttle binary' => 'Binary files', +'advproxy throttle dskimg' => 'CD images', +'advproxy throttle mmedia' => 'Multimedia', +'advproxy MIME filter' => 'MIME type filter', +'advproxy MIME block types' => ' Block these MIME types (one per line)', +'advproxy web browser' => 'Web browser', +'advproxy allowed web browsers' => 'Allowed clients for web access', +'advproxy no clients defined' => 'No clients defined', +'advproxy UA enable filter' => 'Enable browser check', +'advproxy privacy' => 'Privacy', +'advproxy fake useragent' => 'Fake useragent submitted to external sites', +'advproxy fake referer' => 'Fake referer submitted to external sites', +'advproxy url filter' => 'URL filter', +'advproxy update accelerator' => 'Update accelerator', +'advproxy enabled' => 'Enabled', +'advproxy save and restart' => 'Save and restart', +'advproxy clear cache' => 'Clear Cache', +'advproxy reset' => 'Reset', +'advproxy back to main page' => 'Back to main page', +'advproxy AUTH method' => 'Authentication method', +'advproxy AUTH global settings' => 'Global authentication settings', +'advproxy AUTH method none' => 'None', +'advproxy AUTH method ncsa' => 'Local', +'advproxy AUTH method ident' => 'identd', +'advproxy AUTH method ldap' => 'LDAP', +'advproxy AUTH method ntlm' => 'Windows', +'advproxy AUTH method radius' => 'RADIUS', +'advproxy AUTH limit of IP addresses' => 'Limit of IP addresses per user', +'advproxy AUTH auth cache TTL' => 'Authentication cache TTL (in minutes)', +'advproxy AUTH user IP cache TTL' => 'User/IP cache TTL (in minutes)', +'advproxy AUTH number of auth processes' => 'Number of authentication processes', +'advproxy AUTH always required' => 'Require authentication for unrestricted source addresses', +'advproxy AUTH realm' => 'Authentication realm prompt', +'advproxy AUTH no auth' => 'Domains without authentication (one per line)', +'advproxy NCSA auth' => 'Local user authentication', +'advproxy NCSA user management' => 'User management', +'advproxy NCSA min password length' => 'Min password length', +'advproxy NCSA redirector bypass' => 'Bypass redirection for members of the group', +'advproxy NCSA create user' => 'Create user', +'advproxy NCSA update user' => 'Update user', +'advproxy NCSA user accounts' => 'User accounts', +'advproxy NCSA no accounts' => 'No user accounts available', +'advproxy NCSA username' => 'Username', +'advproxy NCSA password' => 'Password', +'advproxy NCSA password confirm' => 'Password (confirm)', +'advproxy NCSA group' => 'Group', +'advproxy NCSA group membership' => 'Group membership', +'advproxy NCSA grp standard' => 'Standard', +'advproxy NCSA grp extended' => 'Extended', +'advproxy NCSA grp disabled' => 'Disabled', +'advproxy IDENT identd settings' => 'Common identd settings', +'advproxy IDENT required' => 'Require identd authentication', +'advproxy IDENT timeout' => 'Ident timeout (in seconds)', +'advproxy IDENT aware hosts' => 'Ident aware hosts (one per line)', +'advproxy IDENT user based access restrictions' => 'User based access restrictions', +'advproxy IDENT authorized users' => 'Authorized users (one per line)', +'advproxy IDENT unauthorized users' => 'Unauthorized users (one per line)', +'advproxy IDENT use positive access list' => 'Use positive access control', +'advproxy IDENT use negative access list' => 'Use negative access control', +'advproxy LDAP auth' => 'LDAP authentication', +'advproxy LDAP common settings' => 'Common LDAP settings', +'advproxy LDAP binddn settings' => 'Bind DN settings', +'advproxy LDAP binddn username' => 'Bind DN username', +'advproxy LDAP binddn password' => 'Bind DN password', +'advproxy LDAP basedn' => 'Base DN', +'advproxy LDAP server' => 'LDAP Server', +'advproxy LDAP port' => 'Port', +'advproxy LDAP group access control' => 'Group based access control', +'advproxy LDAP group required' => 'Required group', +'advproxy LDAP type' => 'LDAP type', +'advproxy LDAP ADS' => 'Active Directory', +'advproxy LDAP NDS' => 'Novell eDirectory', +'advproxy LDAP V2' => 'LDAP version 2', +'advproxy LDAP V3' => 'LDAP version 3', +'advproxy NTLM auth' => 'Windows NT/2003 authentication', +'advproxy NTLM domain settings' => 'Common domain settings', +'advproxy NTLM domain' => 'Domain', +'advproxy NTLM PDC hostname' => 'PDC hostname', +'advproxy NTLM BDC hostname' => 'BDC hostname', +'advproxy NTLM user based access restrictions' => 'User based access restrictions', +'advproxy NTLM auth mode' => 'Authentication mode', +'advproxy NTLM use integrated auth' => 'Enable Windows integrated authentication', +'advproxy NTLM authorized users' => 'Authorized domain users (one per line)', +'advproxy NTLM unauthorized users' => 'Unauthorized domain users (one per line)', +'advproxy NTLM use positive access list' => 'Use positive access control', +'advproxy NTLM use negative access list' => 'Use negative access control', +'advproxy RADIUS radius settings' => 'Common RADIUS settings', +'advproxy RADIUS server' => 'RADIUS Server', +'advproxy RADIUS port' => 'Port', +'advproxy RADIUS identifier' => 'Identifier', +'advproxy RADIUS secret' => 'Shared secret', +'advproxy RADIUS user based access restrictions' => 'User based access restrictions', +'advproxy RADIUS authorized users' => 'Authorized users (one per line)', +'advproxy RADIUS unauthorized users' => 'Unauthorized users (one per line)', +'advproxy RADIUS use positive access list' => 'Use positive access control', +'advproxy RADIUS use negative access list' => 'Use negative access control', +'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting', +'advproxy errmsg hdd cache size' => 'Invalid value for harddisk cache size (min 10 MB required)', +'advproxy errmsg mem cache size' => 'Invalid value for memory cache size', +'advproxy errmsg time restriction' => 'Invalid time restriction', +'advproxy errmsg no browser' => 'At least one browser or client must be selected for web access', +'advproxy errmsg auth children' => 'Invalid number of authentication processes', +'advproxy errmsg auth cache ttl' => 'Invalid value for authentication cache TTL', +'advproxy errmsg auth ipcache ttl' => 'Invalid value for user/IP cache TTL', +'advproxy errmsg max userip' => 'Invalid number of IP addresses per user', +'advproxy errmsg auth ipcache may not be null' => 'Authentication cache TTL may not be 0 when using IP address limits', +'advproxy errmsg invalid ip or mask' => 'Invalid IP address or network mask', +'advproxy errmsg invalid mac' => 'Invalid MAC address', +'advproxy errmsg non-transparent proxy required' => 'Web Proxy must be running in non-transparent mode for authentication', +'advproxy errmsg ident timeout' => 'Invalid ident timeout', +'advproxy errmsg ldap base dn' => 'LDAP base DN required', +'advproxy errmsg ldap server' => 'Invalid IP address for LDAP Server', +'advproxy errmsg ldap port' => 'Invalid LDAP port number', +'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required', +'advproxy errmsg ntlm domain' => 'Windows domain name required', +'advproxy errmsg ntlm pdc' => 'Hostname for Primary Domain Controller required', +'advproxy errmsg invalid pdc' => 'Invalid hostname for Primary Domain Controller', +'advproxy errmsg invalid bdc' => 'Invalid hostname for Backup Domain Controller', +'advproxy errmsg radius server' => 'Invalid IP address for RADIUS Server', +'advproxy errmsg radius port' => 'Invalid RADIUS port number', +'advproxy errmsg radius secret' => 'RADIUS shared secret required', +'advproxy errmsg acl cannot be empty' => 'Access control list cannot be empty', +'advproxy errmsg no username' => 'Username can not be empty', +'advproxy errmsg passwords different' => 'Passwords don\'t match', +'advproxy errmsg password length 1' => 'Password must have at least ', +'advproxy errmsg password length 2' => ' characters', +'advproxy errmsg password length' => 'Invalid value for password length', +'advproxy chgwebpwd change web password' => 'C h a n g e   w e b   a c c e s s   p a s s w o r d', +'advproxy chgwebpwd username' => 'Username', +'advproxy chgwebpwd old password' => 'Current password', +'advproxy chgwebpwd new password' => 'New password', +'advproxy chgwebpwd new password confirm' => 'New password (confirm)', +'advproxy chgwebpwd change password' => 'Change password', +'advproxy errmsg no password' => 'Password can not be empty', +'advproxy errmsg invalid user' => 'Username does not exist', +'advproxy errmsg password incorrect' => 'Password incorrect', +'advproxy errmsg change fail' => 'Password could not be changed', +'advproxy errmsg change success' => 'Password for web access sucessfully changed', +'advproxy chgwebpwd SUCCESS' => 'S U C C E S S :', +'advproxy chgwebpwd ERROR' => 'E R R O R :', +'advproxy update notification' => 'Update notification!', +'advproxy update information' => 'There is an updated version available for download. Visit http://www.advproxy.net for more information.', ); diff --git a/lfs/configroot b/lfs/configroot index 599156f46b..102dc55052 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -52,7 +52,7 @@ $(TARGET) : # Create all directories for i in addon-lang alcatelusb auth backup backup/sets ca certs cnx_pci crls ddns dhcp dhcpc dmzholes \ eagle-usb eciadsl ethernet isdn key langs logging main modem net-traffic optionsfw patches pakfire portfw \ - ppp private proxy red remote shaping snort time uplinks vpn wireless xtaccess ; do \ + ppp private proxy/advanced red remote shaping snort time uplinks vpn wireless xtaccess ; do \ mkdir -p $(CONFIG_ROOT)/$$i; \ done @@ -84,8 +84,8 @@ $(TARGET) : cp $(DIR_SRC)/config/cfgroot/xtaccess-config $(CONFIG_ROOT)/xtaccess/config cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings -# cp $(DIR_SRC)/config/cfgroot/ipcop.gpg $(CONFIG_ROOT)/key/ - cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/ + cp $(DIR_SRC)/config/cfgroot/useragents $(CONFIG_ROOT)/proxy/advanced + cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/ # Oneliner configfiles echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings diff --git a/lfs/squid b/lfs/squid index c903f2b77a..b933de2727 100644 --- a/lfs/squid +++ b/lfs/squid @@ -83,17 +83,19 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --datadir=/usr/lib/squid \ --mandir=/usr/share/man --libexecdir=/usr/lib/squid \ --localstatedir=/var --sysconfdir=/etc/squid \ - --disable-poll --disable-snmp --disable-icmp \ + --disable-poll --disable-snmp --disable-icmp --disable-wccp \ --disable-http-violations --disable-ident-lookups \ --enable-storeio="aufs,coss,diskd,ufs" --enable-ssl \ - --enable-underscores --enable-ntlm-fail-open \ + --enable-underscores --enable-ntlm-fail-open --enable-arp-acl \ + --enable-http-violations --enable-auth=basic,ntlm \ --enable-removal-policies="heap,lru" \ --enable-delay-pools --enable-linux-netfilter \ - --enable-basic-auth-helpers="NCSA,SMB,MSNT" \ - --enable-ntlm-auth-helpers="SMB,winbind" \ + --enable-basic-auth-helpers="NCSA,SMB,MSNT,LDAP,multi-domain-NTLM" \ + --enable-ntlm-auth-helpers="SMB" \ --enable-useragent-log \ --enable-referer-log \ - --with-pthreads + --with-pthreads --with-dl + cd $(DIR_APP) && make -j 3 cd $(DIR_APP) && make install