From: Maniacikarus <csm-mail@gmx.de>
Date: Sat, 5 Apr 2008 12:00:27 +0000 (+0200)
Subject: Fixed authentication not working when using proxy
X-Git-Tag: v2.3-beta1~130
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=d12aede7c0a7e935fd7418ffdc9e3d032a24f40e

Fixed authentication not working when using proxy
Changed redirector to be more dynamic and handle new redirectors
Changed proxy cgi to support one new redirector and allways use the default
Added recent changes to core 11
Changed clamd.conf file to handle streams up to 50M and not using the defaul
Started building squidclamav redirector to scan for viruses when using the p
---

diff --git a/config/clamav/clamd.conf b/config/clamav/clamd.conf
index da7e3970d1..900ace8b8a 100644
--- a/config/clamav/clamd.conf
+++ b/config/clamav/clamd.conf
@@ -1,10 +1,9 @@
 ##
 ## ipfire config file for the Clam AV daemon
 ##
-
 LogSyslog yes
-
 PidFile /var/run/clamav/clamd.pid
 LocalSocket /var/run/clamav/clamd
-
 ArchiveMaxFileSize 15M
+StreamMaxLength 50M
+ScanPDF yes
diff --git a/config/rootfiles/core/11/files b/config/rootfiles/core/11/files
index 897e7ef8cd..257db151bc 100644
--- a/config/rootfiles/core/11/files
+++ b/config/rootfiles/core/11/files
@@ -19,3 +19,6 @@ usr/lib/php/.registry/pear.reg
 usr/lib/php/data/PEAR/package.dtd
 usr/lib/php/data/PEAR/template.spec
 usr/lib/php/pearcmd.php
+srv/web/ipfire/cgi-bin/proxy.cgi
+usr/sbin/redirect_wrapper
+var/ipfire/langs
diff --git a/config/rootfiles/core/11/update.sh b/config/rootfiles/core/11/update.sh
index c0d94617b1..a933075577 100644
--- a/config/rootfiles/core/11/update.sh
+++ b/config/rootfiles/core/11/update.sh
@@ -3,6 +3,7 @@
 /usr/local/bin/backupctrl exclude >/dev/null 2>&1
 /etc/init.d/squid stop
 extract_files
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
 squidGuard -d -C all
 chmod 666 /var/ipfire/urlfilter/blacklist/*/*.db
 /etc/init.d/squid start
diff --git a/config/rootfiles/packages/squidclamav b/config/rootfiles/packages/squidclamav
index e69de29bb2..daf5d836ad 100644
--- a/config/rootfiles/packages/squidclamav
+++ b/config/rootfiles/packages/squidclamav
@@ -0,0 +1,3 @@
+usr/bin/squidclamav
+etc/squidclamav.conf
+srv/web/ipfire/html/clwarn.cgi
diff --git a/config/squidclamav/squidclamav.conf b/config/squidclamav/squidclamav.conf
index 3d36ea733d..970d9e7a90 100644
--- a/config/squidclamav/squidclamav.conf
+++ b/config/squidclamav/squidclamav.conf
@@ -1,6 +1,6 @@
 proxy none
 logfile /var/log/squidclamav.log
-redirect http://192.168.255.1:81/clwarn.cgi
+redirect http://127.0.0.1:81/clwarn.cgi
 debug 0
 force 1
 stat 0
diff --git a/config/urlfilter/redirect_wrapper b/config/urlfilter/redirect_wrapper
index 076764188a..a22a0e3f60 100644
--- a/config/urlfilter/redirect_wrapper
+++ b/config/urlfilter/redirect_wrapper
@@ -24,15 +24,25 @@
 use strict;
 use IPC::Open2;
 use IO::Handle;
+require '/var/ipfire/general-functions.pl';
+
+my %proxysettings=();
+&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
 
 # define here your redirectors (use a comma sperated list)
-my $redirectors = [ '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];
+my @redirectors = "";
+if ( $proxysettings{'ENABLE_FILTER'} eq 'on' && -e '/usr/bin/squidGuard' ){push(@redirectors,"/usr/bin/squidGuard"); }
+if ( $proxysettings{'ENABLE_CLAMAV'} eq 'on' && -e '/usr/bin/squidclamav' ){ push(@redirectors,"/usr/bin/squidclamav"); }
+if ( $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' && -e '/usr/sbin/updxlrator' ) { push(@redirectors,"/usr/sbin/updxlrator"); }
+
+#my $redirectors = [ '/usr/bin/squidclamav', '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];
 
 # Attention: keep in mind that the order of your redirectors is important.
 # It doesn't make sense to scan for viruses on pages you restrict access to...
 # So place first your tools which restrict access, then the tools which do the
 # content filtering!
 
+#print "Anzahl ".$#redirectors."\n";
 
 ##### no need to change anything below this line #####
 
@@ -47,13 +57,14 @@ my $i;
 my $pidlist = [];
 my $rlist = [];
 my $wlist = [];
-for($i = 0; $i < @$redirectors; $i++) {
-        $pidlist->[$i] = open2($rlist->[$i], $wlist->[$i], $redirectors->[$i]);
+for($i = 1; $i <= $#redirectors; $i++) {
+			  #print "i=".$i." redirector ".$redirectors[$i]."\n";
+        $pidlist->[$i] = open2($rlist->[$i], $wlist->[$i], $redirectors[$i] );
 }
 
 # wait for data...
 while($line = <>) {
-        for($i = 0; $i < @$redirectors; $i++) {
+        for($i = 1; $i <= $#redirectors; $i++) {
                 $wlist->[$i]->print($line);
                 $return = $rlist->[$i]->getline;
                 last if($return ne "\n" and $return ne $line);
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index fbf98d0b18..436261cc60 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -262,6 +262,7 @@ $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
 $proxysettings{'IDENT_USER_ACL'} = 'positive';
 $proxysettings{'ENABLE_FILTER'} = 'off';
 $proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
+$proxysettings{'ENABLE_CLAMAV'} = 'off';
 
 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
 
@@ -593,6 +594,7 @@ ERROR:
 		$stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
 		$stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
 		$stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
+		$stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
 		&General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
 
 		&writeconfig;
@@ -828,6 +830,10 @@ $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
 
+$checked{'ENABLE_CLAMAV'}{'off'} = '';
+$checked{'ENABLE_CLAMAV'}{'on'} = '';
+$checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
+
 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
 
 &Header::openbigbox('100%', 'left', '', $errormessage);
@@ -930,9 +936,19 @@ print <<END
 </table>
 <hr size='1'>
 <table width='100%'>
-<tr>
-	<td class='base' width='50%'><b>$Lang::tr{'advproxy url filter'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
-	<td class='base' width='50%'><b>$Lang::tr{'advproxy update accelerator'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_UPDXLRATOR' $checked{'ENABLE_UPDXLRATOR'}{'on'} /></td>
+END
+;
+if ( -e "/usr/bin/squidclamav" ) {
+	 print "<td class='base' width='33%'><b>$Lang::tr{'advproxy url filter'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>";
+	 print "<td class='base' width='33%'><b>$Lang::tr{'advproxy update accelerator'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_UPDXLRATOR' $checked{'ENABLE_UPDXLRATOR'}{'on'} /></td>";
+	 print "<td class='base' width='33%'><b>$Lang::tr{'advproxy squidclamav'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_CLAMAV' $checked{'ENABLE_CLAMAV'}{'on'} /></td>";
+}
+else
+{
+ print "<td class='base' width='50%'><b>$Lang::tr{'advproxy url filter'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>";
+ print "<td class='base' width='50%'><b>$Lang::tr{'advproxy update accelerator'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_UPDXLRATOR' $checked{'ENABLE_UPDXLRATOR'}{'on'} /></td>";
+}
+print <<END
 </tr>
 </table>
 <hr size='1'>
@@ -2813,7 +2829,7 @@ sub writeconfig
 
 	if ($proxysettings{'AUTH_REALM'} eq '')
 	{
-		$authrealm = "IPCop Advanced Proxy Server";
+		$authrealm = "IPFire Advanced Proxy Server";
 	} else {
 		$authrealm = $proxysettings{'AUTH_REALM'};
 	}
@@ -3684,7 +3700,7 @@ END
 		if ($proxysettings{'ENABLE_FILTER'} eq 'on')
 		{
 			print FILE <<END
-url_rewrite_program /usr/bin/squidGuard
+url_rewrite_program /usr/sbin/redirect_wrapper
 url_rewrite_children $filtersettings{'CHILDREN'}
 
 END
@@ -3693,7 +3709,7 @@ END
 		if ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on')
 		{
 			print FILE <<END
-url_rewrite_program /usr/sbin/updxlrator
+url_rewrite_program /usr/sbin/redirect_wrapper
 url_rewrite_children $xlratorsettings{'CHILDREN'}
 
 END
@@ -3723,7 +3739,7 @@ sub adduser
 		close(FILE);
 	} else {
 		&deluser($str_user);
-		system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
+		system("/usr/sbin/htpasswd -b $userdb $str_user $str_pass");
 	}
 
 	if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 25d117b161..67a92356ab 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -92,6 +92,7 @@
 'advproxy AUTH method' => 'Authentifizierungsmethode',
 'advproxy AUTH method ident' => 'identd',
 'advproxy AUTH method ldap' => 'LDAP',
+'advproxy squidclamav' => 'SquidClamav',
 'advproxy AUTH method ncsa' => 'Lokal',
 'advproxy AUTH method none' => 'Keine',
 'advproxy AUTH method ntlm' => 'Windows',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index aa0add61d6..0ef071cc90 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -92,6 +92,7 @@
 'advproxy AUTH method' => 'Authentication method',
 'advproxy AUTH method ident' => 'identd',
 'advproxy AUTH method ldap' => 'LDAP',
+'advproxy squidclamav' => 'SquidClamav',
 'advproxy AUTH method ncsa' => 'Local',
 'advproxy AUTH method none' => 'None',
 'advproxy AUTH method ntlm' => 'Windows',