X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fproxy.cgi;h=6daa7fbd2fe88d7df5fc51210139e942de933d0c;hp=9abcb9181f67981bf72fee7f2db4a7a90ae2231d;hb=d50a78220d220d755d5d86fe0dcfc249f8dd2afb;hpb=935c2f233b730a010b241029f559e837d93a7ea7 diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 9abcb9181f..6daa7fbd2f 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -27,6 +27,7 @@ # use strict; +use Apache::Htpasswd; # enable only the following on debugging purpose #use warnings; @@ -55,17 +56,11 @@ my %mainsettings=(); my %checked=(); my %selected=(); -my @throttle_limits=(64,128,256,384,512,768,1024,1280,1536,1792,2048,2560,3072,3584,4096,5120,6144,7168,8192,10240,12288,16384,20480); -my $throttle_binary="7z|arj|bin|bz2|cab|exe|gz|lzh|rar|sea|tar|tgz|xz|zip"; -my $throttle_dskimg="b5t|bin|bwt|ccd|cdi|cue|gho|img|iso|mds|nrg|pqi|vmdk"; -my $throttle_mmedia="aiff?|asf|avi|divx|mov|mp3|mpe?g|ogg|qt|ra?m|ts|vob"; +my @throttle_limits=(64,128,256,512,1024,1536,2048,3072,4096,5120,6144,7168,8192,10240,16384,20480,51200,102400); my $def_ports_safe="80 # http\n21 # ftp\n443 # https\n563 # snews\n70 # gopher\n210 # wais\n1025-65535 # unregistered ports\n280 # http-mgmt\n488 # gss-http\n591 # filemaker\n777 # multiling http\n800 # Squids port (for icons)\n"; my $def_ports_ssl="443 # https\n563 # snews\n"; -my @useragent=(); -my @useragentlist=(); - my $hintcolour='#FFFFCC'; my $ncsa_buttontext=''; my $language=''; @@ -88,7 +83,6 @@ my $errormessage=''; my $acldir = "${General::swroot}/proxy/advanced/acls"; my $ncsadir = "${General::swroot}/proxy/advanced/ncsa"; -my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm"; my $raddir = "${General::swroot}/proxy/advanced/radius"; my $identdir = "${General::swroot}/proxy/advanced/ident"; my $credir = "${General::swroot}/proxy/advanced/cre"; @@ -98,7 +92,6 @@ my $stdgrp = "$ncsadir/standard.grp"; my $extgrp = "$ncsadir/extended.grp"; my $disgrp = "$ncsadir/disabled.grp"; -my $browserdb = "${General::swroot}/proxy/advanced/useragents"; my $mimetypes = "${General::swroot}/proxy/advanced/mimetypes"; my $throttled_urls = "${General::swroot}/proxy/advanced/throttle"; @@ -108,7 +101,7 @@ my $cre_svhosts = "${General::swroot}/proxy/advanced/cre/supervisors"; my $identhosts = "$identdir/hosts"; -my $authdir = "/usr/lib/squid/"; +my $authdir = "/usr/lib/squid"; my $errordir = "/usr/lib/squid/errors"; my $acl_src_subnets = "$acldir/src_subnets.acl"; @@ -136,7 +129,6 @@ my $urlfilterversion = 'n/a'; unless (-d "$acldir") { mkdir("$acldir"); } unless (-d "$ncsadir") { mkdir("$ncsadir"); } -unless (-d "$ntlmdir") { mkdir("$ntlmdir"); } unless (-d "$raddir") { mkdir("$raddir"); } unless (-d "$identdir") { mkdir("$identdir"); } unless (-d "$credir") { mkdir("$credir"); } @@ -169,15 +161,10 @@ unless (-e $acl_ports_safe) { system("touch $acl_ports_safe"); } unless (-e $acl_ports_ssl) { system("touch $acl_ports_ssl"); } unless (-e $acl_include) { system("touch $acl_include"); } -unless (-e $browserdb) { system("touch $browserdb"); } unless (-e $mimetypes) { system("touch $mimetypes"); } my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth"); -open FILE, $browserdb; -@useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,; -close(FILE); - &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); &General::readhash("${General::swroot}/main/settings", \%mainsettings); @@ -201,7 +188,7 @@ $proxysettings{'TRANSPARENT_PORT'} = '3128'; $proxysettings{'VISIBLE_HOSTNAME'} = ''; $proxysettings{'ADMIN_MAIL_ADDRESS'} = ''; $proxysettings{'ADMIN_PASSWORD'} = ''; -$proxysettings{'ERR_LANGUAGE'} = 'German'; +$proxysettings{'ERR_LANGUAGE'} = 'en'; $proxysettings{'ERR_DESIGN'} = 'ipfire'; $proxysettings{'SUPPRESS_VERSION'} = 'off'; $proxysettings{'FORWARD_VIA'} = 'off'; @@ -216,8 +203,8 @@ $proxysettings{'CACHEMGR'} = 'off'; $proxysettings{'LOGQUERY'} = 'off'; $proxysettings{'LOGUSERAGENT'} = 'off'; $proxysettings{'FILEDESCRIPTORS'} = '16384'; -$proxysettings{'CACHE_MEM'} = '2'; -$proxysettings{'CACHE_SIZE'} = '50'; +$proxysettings{'CACHE_MEM'} = '128'; +$proxysettings{'CACHE_SIZE'} = '0'; $proxysettings{'MAX_SIZE'} = '4096'; $proxysettings{'MIN_SIZE'} = '0'; $proxysettings{'MEM_POLICY'} = 'LRU'; @@ -240,18 +227,13 @@ $proxysettings{'THROTTLING_GREEN_TOTAL'} = 'unlimited'; $proxysettings{'THROTTLING_GREEN_HOST'} = 'unlimited'; $proxysettings{'THROTTLING_BLUE_TOTAL'} = 'unlimited'; $proxysettings{'THROTTLING_BLUE_HOST'} = 'unlimited'; -$proxysettings{'THROTTLE_BINARY'} = 'off'; -$proxysettings{'THROTTLE_DSKIMG'} = 'off'; -$proxysettings{'THROTTLE_MMEDIA'} = 'off'; $proxysettings{'ENABLE_MIME_FILTER'} = 'off'; -$proxysettings{'ENABLE_BROWSER_CHECK'} = 'off'; $proxysettings{'FAKE_USERAGENT'} = ''; $proxysettings{'FAKE_REFERER'} = ''; $proxysettings{'AUTH_METHOD'} = 'none'; $proxysettings{'AUTH_REALM'} = ''; $proxysettings{'AUTH_MAX_USERIP'} = ''; $proxysettings{'AUTH_CACHE_TTL'} = '60'; -$proxysettings{'AUTH_IPCACHE_TTL'} = '0'; $proxysettings{'AUTH_CHILDREN'} = '5'; $proxysettings{'NCSA_MIN_PASS_LEN'} = '6'; $proxysettings{'NCSA_BYPASS_REDIR'} = 'off'; @@ -267,6 +249,7 @@ $proxysettings{'LDAP_BINDDN_USER'} = ''; $proxysettings{'LDAP_BINDDN_PASS'} = ''; $proxysettings{'LDAP_GROUP'} = ''; $proxysettings{'NTLM_AUTH_GROUP'} = ''; +$proxysettings{'NTLM_AUTH_BASIC'} = 'off'; $proxysettings{'NTLM_DOMAIN'} = ''; $proxysettings{'NTLM_PDC'} = ''; $proxysettings{'NTLM_BDC'} = ''; @@ -285,7 +268,6 @@ $proxysettings{'IDENT_USER_ACL'} = 'positive'; $proxysettings{'ENABLE_FILTER'} = 'off'; $proxysettings{'ENABLE_UPDXLRATOR'} = 'off'; $proxysettings{'ENABLE_CLAMAV'} = 'off'; -$proxysettings{'CHILDREN'} = '10'; $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'}; @@ -357,7 +339,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} $errormessage = $Lang::tr{'advproxy errmsg cache'}." ".$proxysettings{'CACHE_MEM'}." > ".$proxysettings{'CACHE_SIZE'}; goto ERROR; } - + if (!(&General::validport($proxysettings{'PROXY_PORT'}))) { $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'}; @@ -399,8 +381,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} $errormessage = $Lang::tr{'proxy errmsg filedescriptors'}; goto ERROR; } - if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) || - ($proxysettings{'CACHE_MEM'} < 1)) + if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/)) { $errormessage = $Lang::tr{'advproxy errmsg mem cache size'}; goto ERROR; @@ -435,27 +416,6 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} { $errormessage = $Lang::tr{'invalid maximum incoming size'}; goto ERROR; - } - if (!($proxysettings{'CHILDREN'} =~ /^\d+$/) || ($proxysettings{'CHILDREN'} < 1)) - { - $errormessage = $Lang::tr{'advproxy invalid num of children'}; - goto ERROR; - } - if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') - { - $browser_regexp = ''; - foreach (@useragentlist) - { - chomp; - @useragent = split(/,/); - if ($proxysettings{'UA_'.$useragent[0]} eq 'on') { $browser_regexp .= "$useragent[2]|"; } - } - chop($browser_regexp); - if (!$browser_regexp) - { - $errormessage = $Lang::tr{'advproxy errmsg no browser'}; - goto ERROR; - } } if (!($proxysettings{'AUTH_METHOD'} eq 'none')) { @@ -479,23 +439,18 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} } } } - if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && - ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255))) - { - $errormessage = $Lang::tr{'advproxy errmsg max userip'}; - goto ERROR; - } if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/)) { $errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'}; goto ERROR; } - if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/)) + if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && + ((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255))) { - $errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'}; + $errormessage = $Lang::tr{'advproxy errmsg max userip'}; goto ERROR; } - if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) + if (!($proxysettings{'AUTH_MAX_USERIP'} eq '')) { $errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'}; goto ERROR; @@ -551,33 +506,6 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} } } } - if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') - { - if ($proxysettings{'NTLM_DOMAIN'} eq '') - { - $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'}; - goto ERROR; - } - if ($proxysettings{'NTLM_PDC'} eq '') - { - $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'}; - goto ERROR; - } - if (!&General::validhostname($proxysettings{'NTLM_PDC'})) - { - $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'}; - goto ERROR; - } - if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'}))) - { - $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'}; - goto ERROR; - } - - $proxysettings{'NTLM_DOMAIN'} = lc($proxysettings{'NTLM_DOMAIN'}); - $proxysettings{'NTLM_PDC'} = lc($proxysettings{'NTLM_PDC'}); - $proxysettings{'NTLM_BDC'} = lc($proxysettings{'NTLM_BDC'}); - } if ($proxysettings{'AUTH_METHOD'} eq 'radius') { if (!&General::validip($proxysettings{'RADIUS_SERVER'})) @@ -693,7 +621,7 @@ ERROR: system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); } if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); } - if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); } + if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); } } } @@ -833,36 +761,14 @@ $selected{'THROTTLING_GREEN_HOST'}{$proxysettings{'THROTTLING_GREEN_HOST'}} = "s $selected{'THROTTLING_BLUE_TOTAL'}{$proxysettings{'THROTTLING_BLUE_TOTAL'}} = "selected='selected'"; $selected{'THROTTLING_BLUE_HOST'}{$proxysettings{'THROTTLING_BLUE_HOST'}} = "selected='selected'"; -$checked{'THROTTLE_BINARY'}{'off'} = ''; -$checked{'THROTTLE_BINARY'}{'on'} = ''; -$checked{'THROTTLE_BINARY'}{$proxysettings{'THROTTLE_BINARY'}} = "checked='checked'"; -$checked{'THROTTLE_DSKIMG'}{'off'} = ''; -$checked{'THROTTLE_DSKIMG'}{'on'} = ''; -$checked{'THROTTLE_DSKIMG'}{$proxysettings{'THROTTLE_DSKIMG'}} = "checked='checked'"; -$checked{'THROTTLE_MMEDIA'}{'off'} = ''; -$checked{'THROTTLE_MMEDIA'}{'on'} = ''; -$checked{'THROTTLE_MMEDIA'}{$proxysettings{'THROTTLE_MMEDIA'}} = "checked='checked'"; - $checked{'ENABLE_MIME_FILTER'}{'off'} = ''; $checked{'ENABLE_MIME_FILTER'}{'on'} = ''; $checked{'ENABLE_MIME_FILTER'}{$proxysettings{'ENABLE_MIME_FILTER'}} = "checked='checked'"; -$checked{'ENABLE_BROWSER_CHECK'}{'off'} = ''; -$checked{'ENABLE_BROWSER_CHECK'}{'on'} = ''; -$checked{'ENABLE_BROWSER_CHECK'}{$proxysettings{'ENABLE_BROWSER_CHECK'}} = "checked='checked'"; - -foreach (@useragentlist) { - @useragent = split(/,/); - $checked{'UA_'.$useragent[0]}{'off'} = ''; - $checked{'UA_'.$useragent[0]}{'on'} = ''; - $checked{'UA_'.$useragent[0]}{$proxysettings{'UA_'.$useragent[0]}} = "checked='checked'"; -} - $checked{'AUTH_METHOD'}{'none'} = ''; $checked{'AUTH_METHOD'}{'ncsa'} = ''; $checked{'AUTH_METHOD'}{'ident'} = ''; $checked{'AUTH_METHOD'}{'ldap'} = ''; -$checked{'AUTH_METHOD'}{'ntlm'} = ''; $checked{'AUTH_METHOD'}{'ntlm-auth'} = ''; $checked{'AUTH_METHOD'}{'radius'} = ''; $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'"; @@ -895,6 +801,10 @@ $checked{'NTLM_USER_ACL'}{'positive'} = ''; $checked{'NTLM_USER_ACL'}{'negative'} = ''; $checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'"; +$checked{'NTLM_AUTH_BASIC'}{'on'} = ''; +$checked{'NTLM_AUTH_BASIC'}{'off'} = ''; +$checked{'NTLM_AUTH_BASIC'}{$proxysettings{'NTLM_AUTH_BASIC'}} = "checked='checked'"; + $checked{'RADIUS_ENABLE_ACL'}{'off'} = ''; $checked{'RADIUS_ENABLE_ACL'}{'on'} = ''; $checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'"; @@ -964,13 +874,13 @@ print < $Lang::tr{'advproxy enabled on'} Green: - $Lang::tr{'advproxy proxy port'}: + $Lang::tr{'advproxy proxy port'}: * $Lang::tr{'advproxy transparent on'} Green: - $Lang::tr{'advproxy proxy port transparent'}: + $Lang::tr{'advproxy proxy port transparent'}: * @@ -983,7 +893,7 @@ if ($netsettings{'BLUE_DEV'}) { print " "; } print <$Lang::tr{'advproxy visible hostname'}: * + $Lang::tr{'advproxy visible hostname'}: @@ -1029,12 +939,8 @@ print <
- - END ; -my $count = `ip n| wc -l`; -if ( $count < 1 ){$count = 1;} if ( -e "/usr/bin/squidclamav" ) { print ""; } else { print ""; } -print ""; -print ""; print < @@ -1066,19 +970,19 @@ print < - + - + - + @@ -1112,30 +1016,30 @@ print <$Lang::tr{'advproxy cache management'} - + - + - + - + - + - + - + - + @@ -1153,7 +1057,7 @@ print < - + @@ -1213,8 +1117,8 @@ print < - - + + - - -
$Lang::tr{'advproxy redirector children'}
$Lang::tr{'processes'}".$Lang::tr{'advproxy squidclamav'}."
"; if ( ! -e "/var/run/clamav/clamd.pid" ){ @@ -1043,18 +949,16 @@ if ( -e "/usr/bin/squidclamav" ) { } else { print $Lang::tr{'advproxy enabled'}."
"; - print "+ ".int(( $count**(1/3)) * 8);} +} print "		".$Lang::tr{'advproxy url filter'}."
"; +print "		".$Lang::tr{'advproxy url filter'}."
"; print $Lang::tr{'advproxy enabled'}."
"; -print "+ ".int(($count**(1/3)) * 6); print "		".$Lang::tr{'advproxy update accelerator'}."
"; +print "		".$Lang::tr{'advproxy update accelerator'}."
"; print $Lang::tr{'advproxy enabled'}."
"; -print "+ ".int(($count**(1/3)) * 5); print "
$Lang::tr{'advproxy via forwarding'}: $Lang::tr{'advproxy upstream proxy host:port'} *$Lang::tr{'advproxy upstream proxy host:port'}:
$Lang::tr{'advproxy client IP forwarding'}: $Lang::tr{'advproxy upstream username'}: *$Lang::tr{'advproxy upstream username'}:
$Lang::tr{'advproxy username forwarding'}: $Lang::tr{'advproxy upstream password'}: *$Lang::tr{'advproxy upstream password'}:
$Lang::tr{'proxy cachemgr'}:$Lang::tr{'proxy cachemgr'}: $Lang::tr{'advproxy admin mail'}: *$Lang::tr{'advproxy admin mail'}:
$Lang::tr{'proxy filedescriptors'}:$Lang::tr{'proxy filedescriptors'}: * $Lang::tr{'proxy admin password'}: *$Lang::tr{'proxy admin password'}:
$Lang::tr{'advproxy ram cache size'}:$Lang::tr{'advproxy ram cache size'}: * $Lang::tr{'advproxy hdd cache size'}:$Lang::tr{'advproxy hdd cache size'}: *
$Lang::tr{'advproxy min size'}:$Lang::tr{'advproxy min size'}: * $Lang::tr{'advproxy max size'}:$Lang::tr{'advproxy max size'}: *
$Lang::tr{'advproxy no cache sites'}: *$Lang::tr{'advproxy no cache sites'}:
$Lang::tr{'advproxy standard ports'}:$Lang::tr{'advproxy ssl ports'}:$Lang::tr{'advproxy standard ports'}: *$Lang::tr{'advproxy ssl ports'}: *
-END -; } - # =================================================================== # NTLM-AUTH settings # =================================================================== @@ -2002,12 +1785,20 @@ END if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') { print < + + + + +
$Lang::tr{'advproxy basic authentication'}: 
+ +
+ - + @@ -2063,7 +1854,7 @@ print <$Lang::tr{'advproxy LDAP group access control'} - + @@ -2090,7 +1881,7 @@ print < - + @@ -2150,7 +1941,6 @@ print < - @@ -2162,7 +1952,6 @@ print < - END ; } @@ -2198,19 +1987,6 @@ print < - - - - - - - -END -; } - if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) { print < @@ -2246,9 +2022,7 @@ print <
$Lang::tr{'advproxy group access control'}
$Lang::tr{'advproxy group required'}: *$Lang::tr{'advproxy group required'}:    
$Lang::tr{'advproxy LDAP group required'}: *$Lang::tr{'advproxy LDAP group required'}:    
$Lang::tr{'advproxy RADIUS identifier'}: *$Lang::tr{'advproxy RADIUS identifier'}: $Lang::tr{'advproxy RADIUS secret'}:
- +
*  - $Lang::tr{'this field may be blank'} - * $Lang::tr{'required field'}  
@@ -2502,18 +2276,6 @@ sub read_acls while () { $proxysettings{'MIME_TYPES'} .= $_ }; close(FILE); } - if (-e "$ntlmdir/msntauth.allowusers") { - open(FILE,"$ntlmdir/msntauth.allowusers"); - delete $proxysettings{'NTLM_ALLOW_USERS'}; - while () { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ }; - close(FILE); - } - if (-e "$ntlmdir/msntauth.denyusers") { - open(FILE,"$ntlmdir/msntauth.denyusers"); - delete $proxysettings{'NTLM_DENY_USERS'}; - while () { $proxysettings{'NTLM_DENY_USERS'} .= $_ }; - close(FILE); - } if (-e "$raddir/radauth.allowusers") { open(FILE,"$raddir/radauth.allowusers"); delete $proxysettings{'RADIUS_ALLOW_USERS'}; @@ -2922,23 +2684,6 @@ sub write_acls if (!$proxysettings{'PORTS_SSL'}) { print FILE $def_ports_ssl; } else { print FILE $proxysettings{'PORTS_SSL'}; } close(FILE); - open(FILE, ">$acl_dst_throttle"); - flock(FILE, 2); - if ($proxysettings{'THROTTLE_BINARY'} eq 'on') - { - @temp = split(/\|/,$throttle_binary); - foreach (@temp) { print FILE "\\.$_\$\n"; } - } - if ($proxysettings{'THROTTLE_DSKIMG'} eq 'on') - { - @temp = split(/\|/,$throttle_dskimg); - foreach (@temp) { print FILE "\\.$_\$\n"; } - } - if ($proxysettings{'THROTTLE_MMEDIA'} eq 'on') - { - @temp = split(/\|/,$throttle_mmedia); - foreach (@temp) { print FILE "\\.$_\$\n"; } - } if (-s $throttled_urls) { open(URLFILE, $throttled_urls); @@ -2953,16 +2698,6 @@ sub write_acls print FILE $proxysettings{'MIME_TYPES'}; close(FILE); - open(FILE, ">$ntlmdir/msntauth.allowusers"); - flock(FILE, 2); - print FILE $proxysettings{'NTLM_ALLOW_USERS'}; - close(FILE); - - open(FILE, ">$ntlmdir/msntauth.denyusers"); - flock(FILE, 2); - print FILE $proxysettings{'NTLM_DENY_USERS'}; - close(FILE); - open(FILE, ">$raddir/radauth.allowusers"); flock(FILE, 2); print FILE $proxysettings{'RADIUS_ALLOW_USERS'}; @@ -3065,8 +2800,6 @@ END print FILE "\n"; print FILE < 0) + if (($proxysettings{'CACHE_SIZE'} > 0) || ($proxysettings{'CACHE_MEM'} > 0)) { print FILE "\n"; @@ -3194,7 +2927,7 @@ END if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; } if ($proxysettings{'CACHE_DIGESTS'} eq 'on') { print FILE "digest_generation on\n\n"; } else { print FILE "digest_generation off\n\n"; } - + if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))) { if (!($proxysettings{'MEM_POLICY'} eq 'LRU')) @@ -3208,6 +2941,48 @@ END print FILE "\n"; } + open (PORTS,"$acl_ports_ssl"); + my @ssl_ports = ; + close PORTS; + + if (@ssl_ports) { + foreach (@ssl_ports) { + print FILE "acl SSL_ports port $_"; + } + } + + open (PORTS,"$acl_ports_safe"); + my @safe_ports = ; + close PORTS; + + if (@safe_ports) { + foreach (@safe_ports) { + print FILE "acl Safe_ports port $_"; + } + } + + print FILE < 0) { print FILE < 0) { + # always 2% of CACHE_MEM defined as max object size + print FILE "maximum_object_size_in_memory " . int($proxysettings{'CACHE_MEM'} * 1024 * 0.02) . " KB\n\n"; + } else { + print FILE "cache deny all\n\n"; + } } print FILE <$ntlmdir/msntauth.conf"); - flock(MSNTCONF,2); - print MSNTCONF "server $proxysettings{'NTLM_PDC'}"; - if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; } - print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n"; - if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') - { - if ($proxysettings{'NTLM_USER_ACL'} eq 'positive') - { - print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n"; - } else { - print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n"; - } - } - close(MSNTCONF); - } } if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') @@ -3372,11 +3122,27 @@ END my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'}; $ntlm_auth_group =~ s/\\/\+/; - print FILE " --require-membership-of=\"$ntlm_auth_group\""; + print FILE " --require-membership-of=$ntlm_auth_group"; } print FILE "\n"; - print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n"; + print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n\n"; + print FILE "auth_param ntlm credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n\n"; + + # BASIC authentication + if ($proxysettings{'NTLM_AUTH_BASIC'} eq "on") { + print FILE "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic"; + if ($proxysettings{'NTLM_AUTH_GROUP'}) { + my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'}; + $ntlm_auth_group =~ s/\\/\+/; + + print FILE " --require-membership-of=$ntlm_auth_group"; + } + print FILE "\n"; + print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n"; + print FILE "auth_param basic realm $authrealm\n"; + print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n\n"; + } } if ($proxysettings{'AUTH_METHOD'} eq 'radius') @@ -3387,22 +3153,10 @@ END print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n"; print FILE "auth_param basic realm $authrealm\n"; print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n"; - if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; } } print FILE "\n"; print FILE "acl for_inetusers proxy_auth REQUIRED\n"; - if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')) - { - if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) - { - print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n"; - } - if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative')) - { - print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n"; - } - } if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')) { if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive')) @@ -3455,8 +3209,6 @@ END if (($delaypools) && (!-z $acl_dst_throttle)) { print FILE "acl for_throttled_urls url_regex -i \"$acl_dst_throttle\"\n\n"; } - if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { print FILE "acl with_allowed_useragents browser $browser_regexp\n\n"; } - print FILE "acl within_timeframe time "; if ($proxysettings{'TIME_MON'} eq 'on') { print FILE "M"; } if ($proxysettings{'TIME_TUE'} eq 'on') { print FILE "T"; } @@ -3474,48 +3226,6 @@ END print FILE "acl blocked_mimetypes rep_mime_type \"$mimetypes\"\n\n"; } -open (PORTS,"$acl_ports_ssl"); -my @ssl_ports = ; -close PORTS; - -if (@ssl_ports) { - foreach (@ssl_ports) { - print FILE "acl SSL_ports port $_"; - } -} - -open (PORTS,"$acl_ports_safe"); -my @safe_ports = ; -close PORTS; - -if (@safe_ports) { - foreach (@safe_ports) { - print FILE "acl Safe_ports port $_"; - } -} - - print FILE <htpasswd($str_user, $str_pass); } if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");