zentyal-squid-2.3.11+quantal1/0000775000000000000000000000000012017154761013025 5ustar zentyal-squid-2.3.11+quantal1/COPYING0000664000000000000000000004311012017154761014057 0ustar GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. zentyal-squid-2.3.11+quantal1/debian/0000775000000000000000000000000012017154761014247 5ustar zentyal-squid-2.3.11+quantal1/debian/ebox.dansguardian.upstart0000664000000000000000000000015612017154761021271 0ustar pre-start script invoke-rc.d dansguardian stop || true end script exec /usr/sbin/dansguardian -N respawn zentyal-squid-2.3.11+quantal1/debian/zentyal-squid.postrm0000664000000000000000000000033212017154761020324 0ustar #!/bin/bash set -e #DEBHELPER# case "$1" in remove) dpkg-trigger --no-await zentyal-core ;; purge) # purge configuration /usr/share/zentyal/purge-module squid ;; esac exit 0 zentyal-squid-2.3.11+quantal1/debian/compat0000664000000000000000000000000212017154761015445 0ustar 5 zentyal-squid-2.3.11+quantal1/debian/copyright0000664000000000000000000000214112017154761016200 0ustar This package was debianized by Zentyal Packaging Maintainers Fri, 20 Feb 2005 15:13:22 +0100. It was downloaded from http://www.zentyal.org/ Files: * Upstream Author: eBox Technologies S.L. Copyright (C) 2004-2012 eBox Technologies S.L. License: This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL-2 file. The Debian packaging is: (C) 2004-2011, Zentyal Packaging Maintainers and is licensed under the GPL, see `/usr/share/common-licenses/GPL-2'. zentyal-squid-2.3.11+quantal1/debian/control0000664000000000000000000000222212017154761015650 0ustar Source: zentyal-squid Section: web Priority: optional Maintainer: Zentyal Packaging Maintainers Uploaders: Jorge Salamero Sanz Build-Depends: zbuildtools Standards-Version: 3.9.2 Homepage: http://www.zentyal.org/ Vcs-Browser: http://git.zentyal.org/zentyal.git/tree/quantal:/main/squid Vcs-Git: git://git.zentyal.org/zentyal.git Package: zentyal-squid Architecture: all Replaces: ebox-squid (<< 2.0.100) Breaks: ebox-squid (<< 2.0.100) Depends: zentyal-core (>= 2.3), zentyal-core (<< 2.3.100), zentyal-firewall, zentyal-objects, zentyal-users, squid3, dansguardian (>= 2.9), adduser, adzapper, ${misc:Depends} Description: Zentyal - HTTP Proxy (Cache and Filter) Zentyal is a Linux small business server that can act as a Gateway, Unified Threat Manager, Office Server, Infrastructure Manager, Unified Communications Server or a combination of them. One single, easy-to-use platform to manage all your network services. . This module adds a transparent proxy cache, a HTTP content filter, object access policies, banned/allowed domains and custom MIME type and file extension filter to your Zentyal installation. zentyal-squid-2.3.11+quantal1/debian/source/0000775000000000000000000000000012017154761015547 5ustar zentyal-squid-2.3.11+quantal1/debian/source/format0000664000000000000000000000001512017154761016756 0ustar 3.0 (native) zentyal-squid-2.3.11+quantal1/debian/zentyal-squid.postinst0000664000000000000000000000044312017154761020666 0ustar #!/bin/bash set -e #DEBHELPER# case "$1" in configure) # initial setup /usr/share/zentyal/initial-setup --no-restart squid $2 # restart module invoke-rc.d zentyal squid restart || true dpkg-trigger --no-await zentyal-core ;; esac exit 0 zentyal-squid-2.3.11+quantal1/debian/rules0000775000000000000000000000010612017154761015324 0ustar #!/usr/bin/make -f include /usr/share/zbuildtools/1/rules/zentyal.mk zentyal-squid-2.3.11+quantal1/debian/changelog0000664000000000000000000003077012017154761016130 0ustar zentyal-squid (2.3.11+quantal1) quantal; urgency=low * New upstream release for Quantal -- Jorge Salamero Sanz Tue, 28 Aug 2012 16:46:33 +0200 zentyal-squid (2.3.11) precise; urgency=low * New upstream release -- José A. Calvo Mon, 27 Aug 2012 12:33:18 +0200 zentyal-squid (2.3.10) precise; urgency=low * New upstream release -- José A. Calvo Thu, 23 Aug 2012 03:21:14 +0200 zentyal-squid (2.3.9) precise; urgency=low * New upstream release -- José A. Calvo Thu, 16 Aug 2012 10:04:30 +0200 zentyal-squid (2.3.8) precise; urgency=low * New upstream release -- José A. Calvo Mon, 23 Jul 2012 18:21:54 +0200 zentyal-squid (2.3.7) precise; urgency=low * New upstream release -- José A. Calvo Thu, 19 Jul 2012 03:28:46 +0200 zentyal-squid (2.3.6) precise; urgency=low * New upstream release -- José A. Calvo Sun, 17 Jun 2012 23:44:38 +0200 zentyal-squid (2.3.5) precise; urgency=low * New upstream release -- José A. Calvo Mon, 02 Apr 2012 17:53:58 +0200 zentyal-squid (2.3.4) precise; urgency=low * New upstream release -- José A. Calvo Mon, 26 Mar 2012 14:08:35 +0200 zentyal-squid (2.3.1) precise; urgency=low * New upstream release -- José A. Calvo Tue, 06 Mar 2012 11:59:47 +0100 zentyal-squid (2.3-1) precise; urgency=low * Updated Standard-Versions to 3.9.2 -- José A. Calvo Wed, 08 Feb 2012 16:13:26 +0100 zentyal-squid (2.3) precise; urgency=low * New upstream release -- José A. Calvo Mon, 30 Jan 2012 01:45:36 +0100 zentyal-squid (2.2.1) lucid; urgency=low * New upstream release -- José A. Calvo Tue, 18 Oct 2011 00:25:44 +0200 zentyal-squid (2.2) lucid; urgency=low * New upstream release -- José A. Calvo Tue, 13 Sep 2011 04:46:46 +0200 zentyal-squid (2.1.11) lucid; urgency=low * New upstream release -- José A. Calvo Sun, 11 Sep 2011 23:12:14 +0200 zentyal-squid (2.1.10) lucid; urgency=low * New upstream release -- José A. Calvo Sat, 10 Sep 2011 12:33:26 +0200 zentyal-squid (2.1.9) lucid; urgency=low * New upstream release -- José A. Calvo Wed, 07 Sep 2011 18:19:57 +0200 zentyal-squid (2.1.8) lucid; urgency=low * New upstream release -- José A. Calvo Wed, 24 Aug 2011 11:55:02 +0200 zentyal-squid (2.1.7) lucid; urgency=low * New upstream release -- José A. Calvo Tue, 09 Aug 2011 10:43:48 +0200 zentyal-squid (2.1.6) lucid; urgency=low * New upstream release -- José A. Calvo Sat, 23 Jul 2011 12:27:02 +0200 zentyal-squid (2.1.5) lucid; urgency=low * New upstream release -- José A. Calvo Tue, 19 Jul 2011 14:02:59 +0200 zentyal-squid (2.1.4) lucid; urgency=low * New upstream release -- José A. Calvo Thu, 14 Jul 2011 17:59:46 +0200 zentyal-squid (2.1.3) lucid; urgency=low * New upstream release -- José A. Calvo Wed, 29 Jun 2011 19:36:35 +0200 zentyal-squid (2.1.2) lucid; urgency=low * New upstream release -- José A. Calvo Tue, 31 May 2011 16:57:34 +0200 zentyal-squid (2.1.1) lucid; urgency=low * New upstream release -- José A. Calvo Tue, 10 May 2011 22:38:14 +0200 zentyal-squid (2.1) lucid; urgency=low * New upstream release -- José A. Calvo Tue, 22 Feb 2011 03:28:28 +0100 ebox-squid (2.0.3) lucid; urgency=low * New upstream release -- José A. Calvo Sun, 09 Jan 2011 18:25:35 +0100 ebox-squid (2.0.2) lucid; urgency=low * New upstream release -- José A. Calvo Sun, 05 Dec 2010 16:32:02 +0100 ebox-squid (2.0.1) lucid; urgency=low * New upstream release -- José A. Calvo Sun, 17 Oct 2010 21:07:07 +0200 ebox-squid (2.0) lucid; urgency=low * New upstream release -- José A. Calvo Mon, 30 Aug 2010 22:08:21 +0200 ebox-squid (1.5.13-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Fri, 27 Aug 2010 02:28:08 +0200 ebox-squid (1.5.12-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Thu, 26 Aug 2010 16:05:03 +0200 ebox-squid (1.5.11-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Mon, 23 Aug 2010 02:25:23 +0200 ebox-squid (1.5.10-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Wed, 18 Aug 2010 02:58:15 +0200 ebox-squid (1.5.9-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Tue, 10 Aug 2010 19:33:19 +0200 ebox-squid (1.5.8-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Sat, 07 Aug 2010 13:15:32 +0200 ebox-squid (1.5.7-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Wed, 04 Aug 2010 15:46:56 +0200 ebox-squid (1.5.6-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Fri, 23 Jul 2010 11:12:03 +0200 ebox-squid (1.5.5-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Mon, 19 Jul 2010 12:08:15 +0200 ebox-squid (1.5.4-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Sun, 20 Jun 2010 20:40:31 +0200 ebox-squid (1.5.3-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Thu, 10 Jun 2010 16:34:44 +0200 ebox-squid (1.5.2-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Sun, 23 May 2010 19:31:56 +0200 ebox-squid (1.5.1-0ubuntu1~ppa1~lucid1) lucid; urgency=low * New upstream release -- José A. Calvo Thu, 20 May 2010 19:33:06 +0200 ebox-squid (1.5-0ubuntu1) lucid; urgency=low [Javier Uruen Val] * New upstream release (LP: #521805) * debian/control - Bump eBox dependency - Update description * debian/ebox-squid.postinst - Add new SQL tables * debian/ebox-squid.postrm - Drop new SQL tables when purging -- Javier Uruen Val Sun, 07 Feb 2010 18:51:11 +0100 ebox-squid (1.3.5-0ubuntu1) karmic; urgency=low [Javier Uruen Val] * New upstream release [LP: 411547] * cdbs/ebox.mk - GConf schemas are not used anymore - Remove SCHEMASPATH variable - Remove schemadir variable - Fix the script that copy upstart scripts - Use new upstart directory and file naming convention * debian/control - Bump standards version - Bump eBox depenency - Remove dependency on dpatch - Add dependency on ebox-firewall, clamav-daemon * debian/ebox-squid.postinst - Fix indentation - Do not pkill gconfd as it's not necessary anymore - Run ebox trigger - Add set -e - Add || true * debian/ebox-squid.postrm - Run ebox trigger - Add set -e * remove debian/ebox-squid.prerm - Not needed anymore as we don't use gconf schemas * debian/patches - Drop dpatch system + Drop 01_intrepid_dansguardian.dpatch (Already shipped by upstream) * debian/rules - Do not include debian/cdbs/gnome.mk * debian/watch - Change URL -- Javier Uruen Val Wed, 05 Aug 2009 12:29:43 +0200 ebox-squid (1.3.2-1) jaunty; urgency=low * New upstream release -- Isaac Clerencia Sun, 19 Jul 2009 16:40:38 +0200 ebox-squid (1.3.1-1) jaunty; urgency=low * New upstream release -- Isaac Clerencia Wed, 15 Jul 2009 12:02:50 +0100 ebox-squid (1.3.0-1) jaunty; urgency=low * New upstream release -- Isaac Clerencia Thu, 02 Jul 2009 15:27:12 +0100 ebox-squid (1.1.30) hardy; urgency=low * New upstream release -- José Antonio Calvo Mon, 15 Jun 2009 16:17:00 +0200 ebox-squid (1.1.20) hardy; urgency=low * New upstream release -- Javier Amor Garcia Fri, 05 Jun 2009 14:15:03 +0200 ebox-squid (0.12.100) hardy; urgency=low * New upstream release -- Javier Uruen Val Tue, 13 Jan 2009 12:06:10 +0100 ebox-squid (0.12-0ubuntu1) jaunty; urgency=low [ Javier Uruen Val ] * New upstream release. Closes (LP: #318817) * debian/watch: - add watch file. * debiain/patches/01_intrepid_dansguardian.dpatch - Patch to use the new configuration used by dansguardian 2.9.9.4 onwards -- Mathias Gug Mon, 26 Jan 2009 22:17:15 -0500 ebox-squid (0.11.99-0ubuntu3) hardy; urgency=low * debian/ebox.dansguardian.upstart - Fixed launching of dansguardian. * debian/patches/04_enable_squid_logs - Enable squid lo. -- Chuck Short Wed, 12 Mar 2008 12:29:30 -0400 ebox-squid (0.11.99-0ubuntu2) hardy; urgency=low * debian/control, debian/patches/01_fix_transparent_proxy.dpatch, debian/patches/02_add_to_proxy_group.dpatch, debian/patches/03_add_missing_used_files.dpatch - Added patches from upstream. -- Chuck Short Tue, 11 Mar 2008 10:35:34 -0400 ebox-squid (0.11.99-0ubuntu1) hardy; urgency=low * New upstream version. -- Chuck Short Wed, 27 Feb 2008 13:48:02 -0500 ebox-squid (0.11.99-0ubuntu1~ppa1) hardy; urgency=low * New upstream release -- Javier Uruen Val Mon, 25 Feb 2008 15:24:53 +0100 ebox-squid (0.11.99) unstable; urgency=low * New upstream release -- Enrique José Hernández Blasco Tue, 8 Jan 2008 16:14:41 +0100 ebox-squid (0.11.1-0ubuntu1~ppa1) hardy; urgency=low * New upstream release -- Javier Uruen Val Sun, 13 Jan 2008 20:13:00 +0100 ebox-squid (0.11) unstable; urgency=low * New upstream release -- Javier Uruen Val Wed, 28 Nov 2007 15:23:35 +0100 ebox-squid (0.10.99) unstable; urgency=low * New upstream release -- Javier Uruen Val Thu, 01 Nov 2007 21:38:15 +0100 ebox-squid (0.10) unstable; urgency=low * New upstream release -- Javier Uruen Val Wed, 10 Oct 2007 21:53:53 +0200 ebox-squid (0.9.100) unstable; urgency=low * New upstream release -- Javier Uruen Val Tue, 04 Sep 2007 14:22:30 +0200 ebox-squid (0.9.99) unstable; urgency=low * New upstream release -- Javier Amor Garcia Tue, 24 Jul 2007 13:01:36 +0200 ebox-squid (0.9.3) unstable; urgency=low * New upstream release -- Javier Uruen Val Sun, 24 Jun 2007 16:38:49 +0200 ebox-squid (0.9.2) unstable; urgency=low * New upstream release -- Javier Uruen Val Tue, 12 Jun 2007 18:59:28 +0200 ebox-squid (0.9.1) unstable; urgency=low * New upstream release -- Javier Uruen Val Tue, 15 May 2007 13:02:27 +0200 ebox-squid (0.9) unstable; urgency=low * New upstream release -- Javier Amor Garcia Mon, 26 Mar 2007 12:04:19 +0200 ebox-squid (0.7.99) unstable; urgency=low * New upstream release -- Enrique José Hernández Blasco Thu, 16 Nov 2006 12:39:56 +0100 ebox-squid (0.7.1) unstable; urgency=low * New upstream release -- Daniel Baeyens Sicilia Wed, 22 Mar 2006 16:08:04 +0100 ebox-squid (0.7.0.99-rc1+0.7.1-rc1) unstable; urgency=low * New upstream release -- Javier Uruen Val Tue, 17 Jan 2006 11:45:28 +0100 ebox-squid (0.5.1) unstable; urgency=low * New upstream release -- Guillermo Ontañón Mon, 14 Mar 2005 14:33:32 +0100 ebox-squid (0.5) unstable; urgency=low * New upstream release -- Isaac Clerencia Thu, 3 Mar 2005 19:56:06 +0100 ebox-squid (0.4-2) unstable; urgency=low * Added dansguardian in Depends: -- Isaac Clerencia Sat, 4 Dec 2004 16:36:45 +0100 ebox-squid (0.4-1) unstable; urgency=low * New upstream release -- Isaac Clerencia Fri, 3 Dec 2004 06:01:48 +0100 zentyal-squid-2.3.11+quantal1/conf/0000775000000000000000000000000012017154761013752 5ustar zentyal-squid-2.3.11+quantal1/conf/squid.conf0000664000000000000000000000167312017154761015755 0ustar # squid.conf - configuration file for zentyal-squid # # This file contains the most basic settings, most other stuff is configured # using the web interface. # # Everything after a '#' character is ignored # # All whitespace is ignored # # Config keys are set this way: # # key = value # # They may contain comments at the end: # # key = value # this is ignored # cache_mem [required]. Amount of memory to be used by squid (in MB) cache_mem = 128 # maximum_object_size [required]. Maximum object size to be cached (in MB) maximum_object_size = 300 # max_fd if this value set the maximum number of file descriptors wil be # increased if needed at squid's start. If not set it will not be changed. #max_fd= 167140 group = proxy ## Performance tuning ## # do not change if you really know what are you doing # DansGuardian parameters maxchildren = 120 minchildren = 8 minsparechildren = 4 preforkchildren = 6 maxsparechildren = 32 maxagechildren = 500 zentyal-squid-2.3.11+quantal1/src/0000775000000000000000000000000012017154761013614 5ustar zentyal-squid-2.3.11+quantal1/src/templates/0000775000000000000000000000000012017154761015612 5ustar zentyal-squid-2.3.11+quantal1/src/templates/ajax/0000775000000000000000000000000012017154761016535 5ustar zentyal-squid-2.3.11+quantal1/src/templates/ajax/viewer/0000775000000000000000000000000012017154761020036 5ustar zentyal-squid-2.3.11+quantal1/src/templates/ajax/viewer/unlimitedIntViewer.mas0000664000000000000000000000036312017154761024371 0ustar <%args> $data <%init> use EBox::Gettext; % if ( defined ($data->value()) and ($data->value() >= 0)) { <% $data->printableValue() %> <%$data->trailingText() %> % } % else { <% __('Unlimited') %> % } zentyal-squid-2.3.11+quantal1/src/templates/ajax/setter/0000775000000000000000000000000012017154761020043 5ustar zentyal-squid-2.3.11+quantal1/src/templates/ajax/setter/timePeriod.mas0000664000000000000000000000155312017154761022652 0ustar <%args> $tableName $data $cssClass => '' <%init> my $fieldName = $data->fieldName(); my $id = $tableName . '_' . $fieldName; my @days = @{ $data->days() }; <%__('From')%> ' /> <%__('To')%> ' /> <% __('Days of the week') %> % foreach my $day (@days) { % my $letter = $data->dayToPrintableLetter($day); <% $letter %> <& /input/checkbox.mas, 'name' => $id . "_$day", 'id' => $id . "_$day", 'value' => $data->$day(), &> % } zentyal-squid-2.3.11+quantal1/src/scripts/0000775000000000000000000000000012017154761015303 5ustar zentyal-squid-2.3.11+quantal1/src/scripts/manage-services0000775000000000000000000000057012017154761020304 0ustar #!/usr/bin/perl use strict; use warnings; use EBox; use EBox::Global; my ($action) = @ARGV; EBox::init(); my $squid = EBox::Global->modInstance('squid'); $squid->isEnabled() or exit 0; if ($action eq 'start') { $squid->_startService(); } elsif ($action eq 'stop') { $squid->_stopService(); } else { die "Bad action: $action. Must be start or stop"; } 1; zentyal-squid-2.3.11+quantal1/src/scripts/update-time-periods0000775000000000000000000000165412017154761021120 0ustar #!/usr/bin/perl # Copyright (C) 2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA use strict; use warnings; use EBox; use EBox::Global; use EBox::Sudo; EBox::init(); my $squid = EBox::Global->modInstance('squid'); if ($squid->filterNeeded()) { $squid->writeDgGroups(); EBox::Sudo::root('dansguardian -g'); } zentyal-squid-2.3.11+quantal1/src/scripts/initial-setup0000775000000000000000000000036412017154761020023 0ustar #!/bin/bash set -e # add ebox to proxy to read squid logs adduser --quiet ebox proxy || true # directory for extra dg domain lists DG_EXTRALISTS=/etc/dansguardian/extralists test -d $DG_EXTRALISTS || mkdir -p -m 0755 $DG_EXTRALISTS exit 0; zentyal-squid-2.3.11+quantal1/src/scripts/enable-module0000775000000000000000000000040512017154761017741 0ustar #!/bin/bash # stop daemons service squid stop invoke-rc.d dansguardian stop || true # if dansguardian has not been configured # it will fail always the first time # remove startup links update-rc.d -f dansguardian remove zentyal-squid-2.3.11+quantal1/src/EBox/0000775000000000000000000000000012017154761014451 5ustar zentyal-squid-2.3.11+quantal1/src/EBox/Squid.pm0000664000000000000000000011346012017154761016101 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid; use strict; use warnings; use base qw(EBox::Module::Service EBox::KerberosModule EBox::FirewallObserver EBox::LogObserver EBox::LdapModule EBox::Report::DiskUsageProvider EBox::NetworkObserver); use EBox::Service; use EBox::Objects; use EBox::Global; use EBox::Config; use EBox::Firewall; use EBox::Validate qw( :all ); use EBox::Exceptions::InvalidData; use EBox::Exceptions::Internal; use EBox::Exceptions::DataNotFound; use EBox::SquidFirewall; use EBox::Squid::LogHelper; use EBox::Squid::LdapUserImplementation; use EBox::DBEngineFactory; use EBox::Dashboard::Value; use EBox::Dashboard::Section; use EBox::Menu::Item; use EBox::Menu::Folder; use EBox::Sudo; use EBox::Gettext; use EBox; use Error qw(:try); use HTML::Mason; use File::Basename; use EBox::NetWrappers qw(to_network_with_mask); #Module local conf stuff use constant DGDIR => '/etc/dansguardian'; use constant { SQUIDCONFFILE => '/etc/squid3/squid.conf', MAXDOMAINSIZ => 255, SQUIDPORT => '3128', DGPORT => '3129', DGLISTSDIR => DGDIR . '/lists', DG_LOGROTATE_CONF => '/etc/logrotate.d/dansguardian', SQUID_LOGROTATE_CONF => '/etc/logrotate.d/squid3', CLAMD_SCANNER_CONF_FILE => DGDIR . '/contentscanners/clamdscan.conf', BLOCK_ADS_PROGRAM => '/usr/bin/adzapper.wrapper', BLOCK_ADS_EXEC_FILE => '/usr/bin/adzapper', ADZAPPER_CONF => '/etc/adzapper.conf', KEYTAB_FILE => '/etc/squid3/HTTP.keytab', SQUID3_DEFAULT_FILE => '/etc/default/squid3', CRONFILE => '/etc/cron.d/zentyal-squid', }; use constant SB_URL => 'https://store.zentyal.com/small-business-edition.html/?utm_source=zentyal&utm_medium=proxy&utm_campaign=smallbusiness_edition'; use constant ENT_URL => 'https://store.zentyal.com/enterprise-edition.html/?utm_source=zentyal&utm_medium=proxy&utm_campaign=enterprise_edition'; sub _create { my $class = shift; my $self = $class->SUPER::_create(name => 'squid', printableName => __('HTTP Proxy'), @_); $self->{logger} = EBox::logger(); bless ($self, $class); return $self; } sub kerberosServicePrincipals { my ($self) = @_; my $data = { service => 'proxy', principals => [ 'HTTP' ], keytab => KEYTAB_FILE, keytabUser => 'proxy' }; return $data; } # Method: initialSetup # # Overrides: # EBox::Module::Base::initialSetup # sub initialSetup { my ($self, $version) = @_; $self->SUPER::initialSetup($version); # Create default rules only if installing the first time unless ($version) { # Allow clients to browse Internet by default $self->model('AccessRules')->add( source => { any => undef }, policy => { allow => undef }, ); } } # Method: enableActions # # Override EBox::Module::Service::enableActions # sub enableActions { my ($self) = @_; # Create the kerberos service princiapl in kerberos, # export the keytab and set the permissions $self->kerberosCreatePrincipals(); try { # FIXME: this should probably be moved to _setConf # only if users is enabled and needed my @lines = (); push (@lines, 'KRB5_KTNAME=' . KEYTAB_FILE); push (@lines, 'export KRB5_KTNAME'); my $lines = join ('\n', @lines); my $cmd = "echo '$lines' >> " . SQUID3_DEFAULT_FILE; EBox::Sudo::root($cmd); } otherwise { my $error = shift; EBox::error("Error creating squid default file: $error"); }; # Execute enable-module script $self->SUPER::enableActions(); } sub isRunning { return EBox::Service::running('squid3'); } # Method: usedFiles # # Override EBox::Module::Service::usedFiles # sub usedFiles { return [ { 'file' => '/etc/squid3/squid.conf', 'module' => 'squid', 'reason' => __('HTTP Proxy configuration file') }, { 'file' => DGDIR . '/dansguardian.conf', 'module' => 'squid', 'reason' => __('Content filter configuration file') }, { 'file' => DGDIR . '/dansguardianf1.conf', 'module' => 'squid', 'reason' => __('Default filter group configuration') }, { 'file' => DGLISTSDIR . '/filtergroupslist', 'module' => 'squid', 'reason' => __('Filter groups membership') }, { 'file' => DGLISTSDIR . '/bannedextensionlist', 'module' => 'squid', 'reason' => __('Content filter banned extension list') }, { 'file' => DGLISTSDIR . '/bannedmimetypelist', 'module' => 'squid', 'reason' => __('Content filter banned mime type list') }, { 'file' => DGLISTSDIR . '/exceptionsitelist', 'module' => 'squid', 'reason' => __('Content filter exception site list') }, { 'file' => DGLISTSDIR . '/greysitelist', 'module' => 'squid', 'reason' => __('Content filter grey site list') }, { 'file' => DGLISTSDIR . '/bannedsitelist', 'module' => 'squid', 'reason' => __('Content filter banned site list') }, { 'file' => DGLISTSDIR . '/exceptionurllist', 'module' => 'squid', 'reason' => __('Content filter exception URL list') }, { 'file' => DGLISTSDIR . '/greyurllist', 'module' => 'squid', 'reason' => __('Content filter grey URL list') }, { 'file' => DGLISTSDIR . '/bannedurllist', 'module' => 'squid', 'reason' => __('Content filter banned URL list') }, { 'file' => DGLISTSDIR . '/bannedphraselist', 'module' => 'squid', 'reason' => __('Forbidden phrases list'), }, { 'file' => DGLISTSDIR . '/exceptionphraselist', 'module' => 'squid', 'reason' => __('Exception phrases list'), }, { 'file' => DGLISTSDIR . '/pics', 'module' => 'squid', 'reason' => __('PICS ratings configuration'), }, { 'file' => DG_LOGROTATE_CONF, 'module' => 'squid', 'reason' => __(q{Dansguardian's log rotation configuration}), }, { 'file' => CLAMD_SCANNER_CONF_FILE, 'module' => 'squid', 'reason' => __(q{Dansguardian's antivirus scanner configuration}), }, { 'file' => DGLISTSDIR . '/authplugins/ipgroups', 'module' => 'squid', 'reason' => __('Filter groups per IP'), }, { 'file' => ADZAPPER_CONF, 'module' => 'squid', 'reason' => __('Configuration of adzapper'), }, { 'file' => SQUID3_DEFAULT_FILE, 'module' => 'squid', 'reason' => __('Set the kerberos keytab path'), }, { 'file' => KEYTAB_FILE, 'module' => 'squid', 'reason' => __('Extract the service principal key'), } ]; } # Method: actions # # Override EBox::Module::Service::actions # sub actions { return [ { 'action' => __('Overwrite blocked page templates'), 'reason' => __('Dansguardian blocked page templates will be overwritten with Zentyal' . ' customized templates.'), 'module' => 'squid' }, { 'action' => __('Remove dansguardian init script link'), 'reason' => __('Zentyal will take care of starting and stopping ' . 'the services.'), 'module' => 'squid' } ]; } sub _cache_mem { my $cache_mem = EBox::Config::configkey('cache_mem'); ($cache_mem) or throw EBox::Exceptions::External(__('You must set the '. 'cache_mem variable in the Zentyal configuration file')); return $cache_mem; } sub _max_object_size { my $max_object_size = EBox::Config::configkey('maximum_object_size'); ($max_object_size) or throw EBox::Exceptions::External(__('You must set the '. 'max_object_size variable in the Zentyal configuration file')); return $max_object_size; } # Method: transproxy # # Returns if the transparent proxy mode is enabled # # Returns: # # boolean - true if enabled, otherwise undef # sub transproxy { my ($self) = @_; return $self->model('GeneralSettings')->value('transparentProxy'); } # Method: https # # Returns if the https mode is enabled # # Returns: # # boolean - true if enabled, otherwise undef # sub https { my ($self) = @_; return $self->model('GeneralSettings')->value('https'); } # Method: setPort # # Sets the listening port for the proxy # # Parameters: # # port - string: port number # sub setPort { my ($self, $port) = @_; $self->model('GeneralSettings')->setValue('port', $port); } # Method: port # # Returns the listening port for the proxy # # Returns: # # string - port number # sub port { my ($self) = @_; my $port = $self->model('GeneralSettings')->value('port'); unless (defined($port) and ($port =~ /^\d+$/)) { return SQUIDPORT; } return $port; } # Function: banThreshold # # Gets the weighted phrase value that will cause a page to be banned. # # Returns: # # A positive integer with the current ban threshold. # sub banThreshold { my ($self) = @_; my $model = $self->model('ContentFilterThreshold'); return $model->contentFilterThresholdValue(); } # Method: getAdBlockPostMatch # # Get the file with the ad-blocking post match # # Returns: # # String - the ad-block file path postmatch # sub getAdBlockPostMatch { my ($self) = @_; my $adBlockPostMatch = $self->get_string('ad_block_post_match'); defined $adBlockPostMatch or $adBlockPostMatch = ''; return $adBlockPostMatch; } # Method: setAdBlockPostMatch # # Set the file with the ad-blocking post match # # Parameters: # # file - String the ad-block file path postmatch # sub setAdBlockPostMatch { my ($self, $file) = @_; $self->set_string('ad_block_post_match', $file); } # Method: setAdBlockExecFile # # Set the adblocker exec file # # Parameters: # # file - String the ad-block exec file # sub setAdBlockExecFile { my ($self, $file) = @_; if ($file) { EBox::Sudo::root("cp -f $file " . BLOCK_ADS_EXEC_FILE); } } sub filterNeeded { my ($self) = @_; unless ($self->isEnabled()) { return 0; } my $rules = $self->model('AccessRules'); if ($rules->rulesUseFilter()) { return 1; } return 0; } sub authNeeded { my ($self) = @_; unless ($self->isEnabled()) { return 0; } my $rules = $self->model('AccessRules'); return $rules->rulesUseAuth(); } # Function: usesPort # # Implements EBox::FirewallObserver interface # sub usesPort { my ($self, $protocol, $port, $iface) = @_; ($protocol eq 'tcp') or return undef; # DGPORT is hard-coded, it is reported as used even if # the service is disabled. ($port eq DGPORT) and return 1; # the port selected by the user (by default SQUIDPORT) is only reported # if the service is enabled ($self->isEnabled()) or return undef; ($port eq $self->port) and return 1; return undef; } sub _setConf { my ($self) = @_; my $filter = $self->filterNeeded(); $self->_writeSquidConf($filter); if ($filter) { $self->_writeDgConf(); } } sub _antivirusNeeded { my ($self, $profiles_r) = @_; return 0 unless EBox::Global->modExists('antivirus'); return 0 unless EBox::Global->modInstance('antivirus')->isEnabled(); if (not $profiles_r) { my $profiles = $self->model('FilterProfiles'); return $profiles->antivirusNeeded(); } foreach my $profile (@{ $profiles_r }) { if ($profile->{antivirus}) { return 1; } } return 0; } sub notifyAntivirusEnabled { my ($self, $enabled) = @_; $self->filterNeeded() or return; $self->setAsChanged(); } sub _writeSquidConf { my ($self, $filter) = @_; my $rules = $self->model('AccessRules')->rules(); my $generalSettings = $self->model('GeneralSettings'); my $cacheDirSize = $generalSettings->cacheDirSizeValue(); my $removeAds = $generalSettings->removeAdsValue(); my $network = EBox::Global->modInstance('network'); my $sysinfo = EBox::Global->modInstance('sysinfo'); my $append_domain = $network->model('SearchDomain')->domainValue(); my $cache_host = $network->model('Proxy')->serverValue(); my $cache_port = $network->model('Proxy')->portValue(); my $cache_user = $network->model('Proxy')->usernameValue(); my $cache_passwd = $network->model('Proxy')->passwordValue(); my $krbRealm = ''; my $users = EBox::Global->modInstance('users'); if ($users->isEnabled()) { $krbRealm = $users->kerberosRealm(); } my $krbPrincipal = 'HTTP/' . $sysinfo->hostName() . '.' . $sysinfo->hostDomain(); my @writeParam = (); push @writeParam, ('filter' => $filter); push @writeParam, ('port' => $self->port()); push @writeParam, ('transparent' => $self->transproxy()); push @writeParam, ('https' => $self->https()); push @writeParam, ('localnets' => $self->_localnets()); push @writeParam, ('rules' => $rules); push @writeParam, ('objectsDelayPools' => $self->_objectsDelayPools); push @writeParam, ('nameservers' => $network->nameservers()); push @writeParam, ('append_domain' => $append_domain); push @writeParam, ('cache_host' => $cache_host); push @writeParam, ('cache_port' => $cache_port); push @writeParam, ('cache_user' => $cache_user); push @writeParam, ('cache_passwd' => $cache_passwd); push @writeParam, ('memory' => $self->_cache_mem); push @writeParam, ('max_object_size' => $self->_max_object_size); push @writeParam, ('notCachedDomains'=> $self->_notCachedDomains()); push @writeParam, ('cacheDirSize' => $cacheDirSize); push @writeParam, ('principal' => $krbPrincipal); push @writeParam, ('realm' => $krbRealm); my $global = EBox::Global->getInstance(1); if ($global->modExists('remoteservices')) { my $rs = EBox::Global->modInstance('remoteservices'); push(@writeParam, ('snmpEnabled' => $rs->eBoxSubscribed() )); } if ($removeAds) { push @writeParam, (urlRewriteProgram => BLOCK_ADS_PROGRAM); my @adsParams = (); push(@adsParams, ('postMatch' => $self->getAdBlockPostMatch())); $self->writeConfFile(ADZAPPER_CONF, 'squid/adzapper.conf.mas', \@adsParams); } $self->writeConfFile(SQUIDCONFFILE, 'squid/squid.conf.mas', \@writeParam, { mode => '0640'}); } sub _objectsDelayPools { my ($self) = @_; my @delayPools = @{$self->model('DelayPools')->delayPools()}; return \@delayPools; } sub _localnets { my ($self) = @_; my $network = EBox::Global->modInstance('network'); my $ifaces = $network->InternalIfaces(); my @localnets; for my $iface (@{$ifaces}) { my $ifaceNet = $network->ifaceNetwork($iface); my $ifaceMask = $network->ifaceNetmask($iface); next unless ($ifaceNet and $ifaceMask); my $net = to_network_with_mask($ifaceNet, $ifaceMask); push (@localnets, $net); } return \@localnets; } sub _writeDgConf { my ($self) = @_; # FIXME - get a proper lang name for the current locale my $lang = $self->_DGLang(); my @dgProfiles = @{ $self->_dgProfiles }; my @writeParam = (); push(@writeParam, 'port' => DGPORT); push(@writeParam, 'lang' => $lang); push(@writeParam, 'squidport' => $self->port); push(@writeParam, 'weightedPhraseThreshold' => $self->_banThresholdActive); push(@writeParam, 'nGroups' => scalar @dgProfiles); my $antivirus = $self->_antivirusNeeded(\@dgProfiles); push(@writeParam, 'antivirus' => $antivirus); my $maxchildren = EBox::Config::configkey('maxchildren'); push(@writeParam, 'maxchildren' => $maxchildren); my $minchildren = EBox::Config::configkey('minchildren'); push(@writeParam, 'minchildren' => $minchildren); my $minsparechildren = EBox::Config::configkey('minsparechildren'); push(@writeParam, 'minsparechildren' => $minsparechildren); my $preforkchildren = EBox::Config::configkey('preforkchildren'); push(@writeParam, 'preforkchildren' => $preforkchildren); my $maxsparechildren = EBox::Config::configkey('maxsparechildren'); push(@writeParam, 'maxsparechildren' => $maxsparechildren); my $maxagechildren = EBox::Config::configkey('maxagechildren'); push(@writeParam, 'maxagechildren' => $maxagechildren); $self->writeConfFile(DGDIR . '/dansguardian.conf', 'squid/dansguardian.conf.mas', \@writeParam); # disable banned, exception phrases lists, regex URLs and PICS ratings $self->writeConfFile(DGLISTSDIR . '/bannedphraselist', 'squid/bannedphraselist.mas', []); $self->writeConfFile(DGLISTSDIR . '/exceptionphraselist', 'squid/exceptionphraselist.mas', []); $self->writeConfFile(DGLISTSDIR . '/pics', 'squid/pics.mas', []); $self->writeConfFile(DGLISTSDIR . '/bannedregexpurllist', 'squid/bannedregexpurllist.mas', []); $self->writeDgGroups(); if ($antivirus) { my $avMod = EBox::Global->modInstance('antivirus'); $self->writeConfFile(CLAMD_SCANNER_CONF_FILE, 'squid/clamdscan.conf.mas', [ clamdSocket => $avMod->localSocket() ]); } foreach my $group (@dgProfiles) { my $number = $group->{number}; my $policy = $group->{policy}; @writeParam = (); push(@writeParam, 'group' => $number); push(@writeParam, 'policy' => $policy); push(@writeParam, 'antivirus' => $group->{antivirus}); push(@writeParam, 'threshold' => $group->{threshold}); push(@writeParam, 'groupName' => $group->{groupName}); push(@writeParam, 'defaults' => $group->{defaults}); EBox::Module::Base::writeConfFileNoCheck(DGDIR . "/dansguardianf$number.conf", 'squid/dansguardianfN.conf.mas', \@writeParam); if ($policy eq 'filter') { EBox::Module::Base::writeConfFileNoCheck(DGLISTSDIR . "/bannedextensionlist$number", 'squid/bannedextensionlist.mas', [ 'extensions' => $group->{bannedExtensions} ]); EBox::Module::Base::writeConfFileNoCheck(DGLISTSDIR . "/bannedmimetypelist$number", 'squid/bannedmimetypelist.mas', [ 'mimeTypes' => $group->{bannedMIMETypes} ]); $self->_writeDgDomainsConf($group); } } $self->_writeCronFile(); $self->_writeDgTemplates(); $self->writeConfFile(DG_LOGROTATE_CONF, 'squid/dansguardian.logrotate', []); } sub _writeCronFile { my ($self) = @_; my $times; my @cronTimes; my $rules = $self->model('AccessRules'); foreach my $profile (@{$rules->filterProfiles()}) { next unless $profile->{timePeriod}; foreach my $day (keys %{$profile->{days}}) { foreach my $time ($profile->{begin}, $profile->{end}) { unless (exists $times->{$time}) { $times->{$time} = {}; } $times->{$time}->{$day} = 1; } } } foreach my $time (keys %{$times}) { my ($hour, $min) = split (':', $time); my $days = join (',', sort (keys %{$times->{$time}})); push (@cronTimes, { days => $days, hour => $hour, min => $min }); } $self->writeConfFile(CRONFILE, 'squid/zentyal-squid.cron.mas', [ times => \@cronTimes ]); } sub writeDgGroups { my ($self) = @_; my $rules = $self->model('AccessRules'); my @profiles = @{$rules->filterProfiles()}; my @groups; my @objects; my (undef, $min, $hour, undef, undef, undef, $day) = localtime(); foreach my $profile (@profiles) { if ($profile->{timePeriod}) { next unless ($profile->{days}->{$day}); my ($beginHour, $beginMin) = split (':', $profile->{begin}); next if (($hour < $beginHour) and ($min < $beginMin)); my ($endHour, $endMin) = split (':', $profile->{begin}); next if (($hour > $endHour) and ($min < $endMin)); } if ($profile->{group}) { push (@groups, $profile); } else { push (@objects, $profile); } } $self->writeConfFile(DGLISTSDIR . '/filtergroupslist', 'squid/filtergroupslist.mas', [ groups => \@groups ]); $self->writeConfFile(DGLISTSDIR . '/authplugins/ipgroups', 'squid/ipgroups.mas', [ objects => \@objects ]); } # FIXME: template format has changed, reimplement this sub _writeDgTemplates { my ($self) = @_; my $lang = $self->_DGLang(); my $file = DGDIR . '/languages/' . $lang . '/template.html'; my $extra_messages = ''; my $edition = EBox::Global->edition(); if (($edition eq 'community') or ($edition eq 'basic')) { $extra_messages = __sx('This is an unsupported Community Edition. Get the fully supported {ohs}Small Business{ch} or {ohe}Enterprise Edition{ch} for automatic security updates.', ohs => '', ohe => '', ch => ''); } EBox::Module::Base::writeConfFileNoCheck($file, 'squid/template.html.mas', [ extra_messages => $extra_messages, image_name => "zentyal-$edition.png", ]); } sub _banThresholdActive { my ($self) = @_; my @dgProfiles = @{ $self->_dgProfiles }; foreach my $group (@dgProfiles) { if ($group->{threshold} > 0) { return 1; } } return 0; } sub _notCachedDomains { my ($self) = @_; my $model = $self->model('NoCacheDomains'); return $model->notCachedDomains(); } sub _dgProfiles { my ($self) = @_; my $profileModel = $self->model('FilterProfiles'); return $profileModel->profiles(); } sub _writeDgDomainsConf { my ($self, $group) = @_; my $number = $group->{number}; my @domainsFiles = ('bannedsitelist', 'bannedurllist', 'greysitelist', 'greyurllist', 'exceptionsitelist', 'exceptionurllist'); foreach my $file (@domainsFiles) { next if (exists $group->{defaults}->{$file}); my $path = DGLISTSDIR . '/' . $file . $number; my $template = "squid/$file.mas"; EBox::Module::Base::writeConfFileNoCheck($path, $template, $group->{$file}); } } sub firewallHelper { my ($self) = @_; my $ro = $self->isReadOnly(); if ($self->isEnabled()) { return new EBox::SquidFirewall(ro => $ro); } return undef; } # Method: menu # # Overrides EBox::Module method. # # sub menu { my ($self, $root) = @_; my $folder = new EBox::Menu::Folder('name' => 'Squid', 'text' => $self->printableName(), 'separator' => 'Gateway', 'order' => 210); $folder->add(new EBox::Menu::Item('url' => 'Squid/Composite/General', 'text' => __('General Settings'))); $folder->add(new EBox::Menu::Item('url' => 'Squid/View/AccessRules', 'text' => __(q{Access Rules}))); $folder->add(new EBox::Menu::Item('url' => 'Squid/View/FilterProfiles', 'text' => __(q{Filter Profiles}))); $folder->add(new EBox::Menu::Item('url' => 'Squid/View/CategorizedLists', 'text' => __(q{Categorized Lists}))); $folder->add(new EBox::Menu::Item('url' => 'Squid/View/DelayPools', 'text' => __(q{Bandwidth Throttling}))); $root->add($folder); } # Method: _daemons # # Override # # sub _daemons { return [ { 'name' => 'squid3' }, { 'name' => 'ebox.dansguardian', 'precondition' => \&filterNeeded } ]; } # Impelment LogHelper interface sub tableInfo { my ($self) = @_; my $titles = { 'timestamp' => __('Date'), 'remotehost' => __('Host'), 'rfc931' => __('User'), 'url' => __('URL'), 'bytes' => __('Bytes'), 'mimetype' => __('Mime/type'), 'event' => __('Event') }; my @order = ( 'timestamp', 'remotehost', 'rfc931', 'url', 'bytes', 'mimetype', 'event'); my $events = { 'accepted' => __('Accepted'), 'denied' => __('Denied'), 'filtered' => __('Filtered') }; return [{ 'name' => __('HTTP Proxy'), 'tablename' => 'squid_access', 'titles' => $titles, 'order' => \@order, 'filter' => ['url', 'remotehost', 'rfc931'], 'events' => $events, 'eventcol' => 'event', 'consolidate' => $self->_consolidateConfiguration(), }]; } sub _consolidateConfiguration { my ($self) = @_; my $traffic = { accummulateColumns => { requests => 1, accepted => 0, accepted_size => 0, denied => 0, denied_size => 0, filtered => 0, filtered_size => 0, }, consolidateColumns => { rfc931 => {}, event => { conversor => sub { return 1 }, accummulate => sub { my ($v) = @_; return $v; }, }, bytes => { # size is in Kb conversor => sub { my ($v) = @_; return sprintf("%i", $v/1024); }, accummulate => sub { my ($v, $row) = @_; my $event = $row->{event}; return $event . '_size'; } }, }, quote => { 'rfc931' => 1, } }; return { squid_traffic => $traffic, }; } sub logHelper { my ($self) = @_; return (new EBox::Squid::LogHelper); } # Overrides: # EBox::Report::DiskUsageProvider::_facilitiesForDiskUsage sub _facilitiesForDiskUsage { my ($self) = @_; my $cachePath = '/var/spool/squid3'; my $cachePrintableName = 'HTTP Proxy cache'; return { $cachePrintableName => [ $cachePath ] }; } # Method to return the language to use with DG depending on the locale # given by EBox sub _DGLang { my $locale = EBox::locale(); my $lang = 'ukenglish'; # TODO: Make sure this list is not obsolete my %langs = ( 'da' => 'danish', 'de' => 'german', 'es' => 'arspanish', 'fr' => 'french', 'it' => 'italian', 'nl' => 'dutch', 'pl' => 'polish', 'pt' => 'portuguese', 'sv' => 'swedish', 'tr' => 'turkish', ); $locale = substr($locale,0,2); if ( exists $langs{$locale} ) { $lang = $langs{$locale}; } return $lang; } sub report { my ($self, $beg, $end, $options) = @_; my $report = {}; my $db = EBox::DBEngineFactory::DBEngine(); my $traffic = $self->runMonthlyQuery($beg, $end, { 'select' => "CASE WHEN code ~ 'HIT' THEN 'hit' ELSE 'miss' END" . " AS main_code, SUM(bytes) AS bytes, SUM(hits) AS hits", 'from' => 'squid_access_report', 'where' => "event = 'accepted'", 'group' => "main_code", 'options' => { }, }, { key => 'main_code', keyGenerator => "CASE WHEN code ~ 'HIT' THEN 'hit' ELSE 'miss' END AS main_code", } ); my $newtraffic; for my $fk (keys(%{$traffic})) { for my $sk (keys(%{$traffic->{$fk}})) { if(!defined($newtraffic->{$sk})) { $newtraffic->{$sk} = {}; } $newtraffic->{$sk}->{$fk} = $traffic->{$fk}->{$sk}; } } $report->{'summarized_traffic'} = $newtraffic; $report->{'top_domains'} = $self->runQuery($beg, $end, { 'select' => 'domain, COALESCE(hit_bytes,0) AS hit_bytes, ' . 'COALESCE(miss_bytes,0) AS miss_bytes, ' . 'COALESCE(hit_bytes,0) + COALESCE(miss_bytes,0) ' . 'AS traffic_bytes, ' . 'COALESCE (hit_hits,0) + COALESCE(miss_hits,0) AS hits', 'from' => "(SELECT domain, SUM(bytes) AS hit_bytes, SUM(hits) AS hit_hits " . "FROM squid_access_report WHERE code ~ 'HIT' AND _date_ " . "GROUP BY domain) AS h " . "FULL OUTER JOIN " . "(SELECT domain, SUM(bytes) AS miss_bytes, SUM(hits) AS miss_hits " . "FROM squid_access_report WHERE code ~ 'MISS' AND _date_ " . "GROUP BY domain) AS m " . "USING (domain)", 'limit' => $options->{'max_top_domains'}, 'order' => 'hits DESC', 'options' => { 'no_date_in_where' => 1 } }); $report->{'top_blocked_domains'} = $self->runQuery($beg, $end, { 'select' => 'domain, SUM(hits) AS hits', 'from' => 'squid_access_report', 'where' => "event = 'denied' OR event = 'filtered'", 'group' => 'domain', 'limit' => $options->{'max_top_blocked_domains'}, 'order' => 'hits DESC' }); $report->{'top_subnets'} = $self->runQuery($beg, $end, { 'select' => 'subnet, COALESCE(hit_bytes,0) AS hit_bytes, ' . 'COALESCE(miss_bytes,0) AS miss_bytes, ' . 'COALESCE(hit_bytes,0) + COALESCE(miss_bytes,0) ' . 'AS traffic_bytes, ' . 'COALESCE (hit_hits,0) + COALESCE(miss_hits,0) AS hits', 'from' => "(SELECT network(inet(ip || '/24')) AS subnet, " . "SUM(bytes) AS hit_bytes, SUM(hits) AS hit_hits " . "FROM squid_access_report WHERE code ~ 'HIT' AND _date_ " . "GROUP BY subnet) AS h " . "FULL OUTER JOIN " . "(SELECT network(inet(ip || '/24')) AS subnet, " . "SUM(bytes) AS miss_bytes, SUM(hits) AS miss_hits " . "FROM squid_access_report WHERE code ~ 'MISS' AND _date_ " . "GROUP BY subnet) AS m " . "USING (subnet)", 'limit' => $options->{'max_top_subnets'}, 'order' => 'traffic_bytes DESC', 'options' => { 'no_date_in_where' => 1 } }); $report->{'top_blocked_subnets'} = $self->runQuery($beg, $end, { 'select' => "network(inet(ip || '/24')) AS subnet, SUM(hits) AS hits", 'from' => 'squid_access_report', 'where' => "event = 'denied' OR event = 'filtered'", 'group' => 'subnet', 'limit' => $options->{'max_top_blocked_subnets'}, 'order' => 'hits DESC' }); $report->{'top_ips'} = $self->runQuery($beg, $end, { 'select' => 'ip, COALESCE(hit_bytes,0) AS hit_bytes, ' . 'COALESCE(miss_bytes,0) AS miss_bytes, ' . 'COALESCE(hit_bytes,0) + COALESCE(miss_bytes,0) ' . 'AS traffic_bytes, ' . 'COALESCE (hit_hits,0) + COALESCE(miss_hits,0) AS hits', 'from' => "(SELECT ip, " . "SUM(bytes) AS hit_bytes, SUM(hits) AS hit_hits " . "FROM squid_access_report WHERE code ~ 'HIT' AND _date_ " . "GROUP BY ip) AS h " . "FULL OUTER JOIN " . "(SELECT ip, " . "SUM(bytes) AS miss_bytes, SUM(hits) AS miss_hits " . "FROM squid_access_report WHERE code ~ 'MISS' AND _date_ " . "GROUP BY ip) AS m " . "USING (ip)", 'limit' => $options->{'max_top_ips'}, 'order' => 'traffic_bytes DESC', 'options' => { 'no_date_in_where' => 1 } }); $report->{'top_blocked_ips'} = $self->runQuery($beg, $end, { 'select' => 'ip, SUM(hits) AS hits', 'from' => 'squid_access_report', 'where' => "event = 'denied' OR event = 'filtered'", 'group' => 'ip', 'limit' => $options->{'max_top_blocked_ips'}, 'order' => 'hits DESC' }); $report->{'top_users'} = $self->runQuery($beg, $end, { 'select' => 'username, SUM(bytes) AS traffic_bytes, SUM(hits) AS hits', 'from' => 'squid_access_report', 'where' => "event = 'accepted' AND username <> '-'", 'group' => 'username', 'limit' => $options->{'max_top_users'}, 'order' => 'traffic_bytes DESC' }); $report->{'top_blocked_users'} = $self->runQuery($beg, $end, { 'select' => 'username, SUM(hits) AS hits', 'from' => 'squid_access_report', 'where' => "(event = 'denied' OR event = 'filtered') AND username <> '-'", 'group' => 'username', 'limit' => $options->{'max_top_blocked_users'}, 'order' => 'hits DESC' }); $report->{'top_domains_by_user'} = $self->runCompositeQuery($beg, $end, { 'select' => 'username, SUM(bytes) AS bytes', 'from' => 'squid_access_report', 'where' => "event = 'accepted' AND username <> '-'", 'group' => 'username', 'limit' => $options->{'max_users_top_domains_by_user'}, 'order' => 'bytes DESC' }, 'username', { 'select' => 'domain, SUM(bytes) AS traffic_bytes, SUM(hits) AS hits', 'from' => 'squid_access_report', 'where' => "event = 'accepted' AND username = '_username_'", 'group' => 'domain', 'limit' => $options->{'max_domains_top_domains_by_user'}, 'order' => 'traffic_bytes DESC' }); return $report; } sub consolidateReportQueries { # FIXME: do the domain_from_url converssion elsewhere if possible # or just reimplement it with a MySQL stored procedure return [ { 'target_table' => 'squid_access_report', 'query' => { 'select' => 'rfc931 AS username, remotehost AS ip, domain_from_url(url) AS domain, event, code, SUM(bytes) AS bytes, COUNT(event) AS hits', 'from' => 'squid_access', 'group' => 'username, ip, domain, event, code' }, quote => { username => 1, domain => 1, }, } ]; } # LdapModule implementation sub _ldapModImplementation { return new EBox::Squid::LdapUserImplementation(); } # Method: regenGatewaysFailover # # Overrides: # # # sub regenGatewaysFailover { my ($self) = @_; $self->restartService(); } # Security Updates Add-On message sub _commercialMsg { return __sx('Want to avoid threats such as malware, phishing and bots? Get the {ohs}Small Business{ch} or {ohe}Enterprise Edition {ch} that include the Content Filtering feature in the automatic security updates.', ohs => '', ohe => '', ch => ''); } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/0000775000000000000000000000000012017154761015536 5ustar zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Composite/0000775000000000000000000000000012017154761017500 5ustar zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Composite/Domains.pm0000664000000000000000000000256712017154761021442 0ustar # Copyright (C) 2009-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Class: EBox::Squid::Composite::Domains # package EBox::Squid::Composite::Domains; use base 'EBox::Model::Composite'; use strict; use warnings; use EBox::Gettext; # Group: Public methods # Method: pageTitle # # Overrides: # # # # Returns: # # undef # sub pageTitle { return undef; } # Group: Protected methods # Method: _description # # Overrides: # # # sub _description { my $description = { layout => 'top-bottom', name => 'Domains', printableName => __('Domains and URLs'), compositeDomain => 'Squid', }; return $description; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Composite/General.pm0000664000000000000000000000333112017154761021413 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Class: EBox::Squid::Composite::General # # This class is used to manage the events module within a single # element whose components # are: and # inside a top-bottom # layout. # package EBox::Squid::Composite::General; use base 'EBox::Model::Composite'; use strict; use warnings; use EBox::Gettext; # Group: Public methods # Constructor: new # # Constructor for the general events composite # # Returns: # # - a # general events composite # sub new { my ($class, @params) = @_; my $self = $class->SUPER::new(@params); return $self; } # Group: Protected methods # Method: _description # # Overrides: # # # sub _description { my $description = { layout => 'top-bottom', name => 'General', pageTitle => __('HTTP Proxy'), compositeDomain => 'Squid', }; return $description; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Composite/TrafficReport.pm0000664000000000000000000000305712017154761022615 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Composite::TrafficReport; use base 'EBox::Model::Composite'; use strict; use warnings; use EBox::Gettext; # Group: Public methods # Constructor: new # # Constructor for the general events composite # # Returns: # # - a # general events composite # sub new { my ($class, @params) = @_; my $self = $class->SUPER::new(@params); return $self; } # Group: Protected methods # Method: _description # # Overrides: # # # sub _description { my $description = { layout => 'top-bottom', name => __PACKAGE__->nameFromClass(), printableName => __('HTTP proxy traffic report'), pageTitle => __('HTTP proxy traffic report'), compositeDomain => 'Squid', }; return $description; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Composite/FilterSettings.pm0000664000000000000000000000260312017154761023005 0ustar # Copyright (C) 2009-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Class: EBox::Squid::Composite::FilterSettings # package EBox::Squid::Composite::FilterSettings; use base 'EBox::Model::Composite'; use strict; use warnings; use EBox::Gettext; # Group: Public methods # Method: pageTitle # # Overrides: # # # # Returns: # # undef # sub pageTitle { return undef; } # Group: Protected methods # Method: _description # # Overrides: # # # sub _description { my $description = { layout => 'top-bottom', name => 'FilterSettings', printableName => __('Settings'), compositeDomain => 'Squid', }; return $description; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Composite/ProfileConfiguration.pm0000664000000000000000000000311512017154761024166 0ustar # Copyright (C) 2009-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Class: EBox::Squid::Composite::ProfileConfiguration # package EBox::Squid::Composite::ProfileConfiguration; use base 'EBox::Model::Composite'; use strict; use warnings; use EBox::Gettext; # Group: Protected methods # Method: _description # # Overrides: # # # sub _description { my $description = { layout => 'tabbed', name => 'ProfileConfiguration', compositeDomain => 'Squid', }; return $description; } sub HTMLTitle { my ($self) = @_; my $parentRow = $self->parentRow(); my $profile = $parentRow->elementByName('name')->printableValue(); return ([ { title => __('Filter Profiles'), link => '/Squid/View/FilterProfiles', }, { title => $profile, link => '', }, ]); } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/LogHelper.pm0000664000000000000000000000526012017154761017760 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::LogHelper; use base 'EBox::LogHelper'; use strict; use warnings; use EBox; use EBox::Config; use EBox::Gettext; use POSIX qw(strftime); use constant SQUIDLOGFILE => '/var/log/squid3/access.log'; use constant DANSGUARDIANLOGFILE => '/var/log/dansguardian/access.log'; sub new { my $class = shift; my $self = {}; bless($self, $class); return $self; } # Method: logFiles # # This function must return the file or files to be read from. # # Returns: # # array ref - containing the whole paths # sub logFiles { return [SQUIDLOGFILE, DANSGUARDIANLOGFILE]; } # Method: processLine # # This method will be run every time a new line is received in # the associated file. You must parse the line, and generate # the messages which will be logged to ebox through an object # implementing EBox::AbstractLogger interface. # Parameters: # # file - file name # line - string containing the log line # dbengine- An instance of class implemeting AbstractDBEngineinterface # sub processLine # (file, line, logger) { my ($self, $file, $line, $dbengine) = @_; chomp $line; my @fields = split (/\s+/, $line); if ($fields[2] eq '127.0.0.1') { return; } my $event; if (($fields[3] eq 'TCP_DENIED/403') and ($file eq DANSGUARDIANLOGFILE)) { $event = 'filtered'; } elsif ($fields[3] eq 'TCP_DENIED/403') { $event = 'denied'; } else { $event = 'accepted'; } my $time = strftime ('%Y-%m-%d %H:%M:%S', localtime $fields[0]); my $data = { 'timestamp' => $time, 'elapsed' => $fields[1], 'remotehost' => $fields[2], 'code' => $fields[3], 'bytes' => $fields[4], 'method' => $fields[5], # Trim URL string as DB stores it as a varchar(1024) 'url' => substr($fields[6], 0, 1023), 'rfc931' => $fields[7], 'peer' => $fields[8], 'mimetype' => $fields[9], 'event' => $event }; $dbengine->insert('squid_access', $data); } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Types/0000775000000000000000000000000012017154761016642 5ustar zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Types/TimePeriod.pm0000664000000000000000000002606712017154761021254 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Types::TimePeriod; use base 'EBox::Types::Abstract'; use strict; use warnings; use EBox::Gettext; use Perl6::Junction qw(all); my @days = qw(monday tuesday wednesday thursday friday saturday sunday); use constant ALL_DAYS => 'MTWHFAS'; my %daysToNumbers = (M => 1, T => 2, W => 3, H => 4, F => 5, A => 6, S => 0); my %daysToLetters = ( monday => 'M', tuesday => 'T', wednesday => 'W', thursday => 'H', friday => 'F', saturday => 'A', sunday => 'S', ); my %daysToPrintableLetters = ( monday => __('M'), tuesday => __('T'), wednesday => __('W'), thursday => __('H'), friday => __('F'), saturday => __('A'), sunday => __('S'), ); my %printableDays = ( monday => __('Monday'), tuesday => __('Tuesday'), wednesday => __('Wednesday'), thursday => __('Thursday'), friday => __('Friday'), saturday => __('Saturday'), sunday => __('Sunday'), ); sub new { my ($class, %params) = @_; unless (exists $params{'HTMLSetter'}) { $params{'HTMLSetter'} = '/squid/ajax/setter/timePeriod.mas'; } unless (exists $params{'HTMLViewer'}) { $params{'HTMLViewer'} = '/ajax/viewer/textViewer.mas'; } unless (exists $params{defaultValue}) { $params{defaultValue} = ALL_DAYS; } unless (exists $params{type}) { $params{type} = 'squid-timeperiod'; } my $self = $class->SUPER::new(%params); bless $self, $class; return $self; } sub value { my ($self) = @_; my $st = ''; my $hourlyPeriod = $self->hourlyPeriod(); if ($hourlyPeriod) { $st .= $hourlyPeriod; } my $weekDays = $self->weekDays(); if ($weekDays) { $st .= ' ' if $hourlyPeriod; $st .= $weekDays; } return $st; } sub isAllTime { my ($self) = @_; return $self->value() eq ALL_DAYS; } sub isAllWeek { my ($self) = @_; return $self->weekDays() eq ALL_DAYS; } sub printableValue { my ($self) = @_; my $st = ''; my $hourlyPeriod = $self->hourlyPeriod(); if ($hourlyPeriod) { $st .= $hourlyPeriod; } elsif ($self->weekDays() eq ALL_DAYS) { return __('All time'); } my $weekDays = $self->printableWeekDays(); if ($weekDays) { $st .= ' ' if $hourlyPeriod; $st .= $weekDays; } return $st; } # Method: compareToHash # # Overrides method # sub compareToHash { my ($self, $hash) = @_; my $name = $self->fieldName(); my @fields = ('from', 'to', @days); foreach my $field (@fields) { my $hashField = $name . '_' . $field; if ($self->$field() ne $hash->{$hashField}) { return 0; } } return 1; } sub weekDays { my ($self) = @_; my $st = ''; my $activeDays = 0; foreach my $day (@days) { if ($self->$day()) { $activeDays += 1; $st .= $daysToLetters{$day}; } } return $st; } sub days { return \@days; } sub dayToPrintableLetter { my ($self, $day) = @_; return $daysToPrintableLetters{$day}; } sub printableWeekDays { my ($self) = @_; my $st = ''; my %activeDays; foreach my $day (@days) { if ($self->$day()) { $activeDays{$day} = 1; $st .= $daysToPrintableLetters{$day}; } } my $nActiveDays = scalar keys %activeDays; if ($nActiveDays == scalar @days) { return __('All week'); } elsif ($nActiveDays == 1) { my ($day) = keys %activeDays; return $printableDays{$day}; } elsif ($nActiveDays == 2) { if ($activeDays{saturday} and $activeDays{sunday}) { return __('Weekend'); } } elsif ($nActiveDays == 5) { if ((not $activeDays{saturday}) and (not $activeDays{sunday}) ) { return __('Work days'); } } return $st; } sub hourlyPeriod { my ($self) = @_; my $from = $self->from(); my $to = $self->to(); if ((not $from) and (not $to)) { return ''; } return $from . '-' . $to; } # Method: cmp # # Overrides method # sub cmp { my ($self, $other) = @_; if ((ref $self) ne (ref $other)) { return undef; } return ($self->value() cmp $other->value()); } sub _attrs { return ['from', 'to', @days]; } # Method: from # # Return the "from" hour # # Returns: # # string - containing the hour sub from { my ($self) = @_; return $self->{'from'}; } # Method: to # # Return the "to" hour # # Returns: # # string - containing the hour sub to { my ($self) = @_; return $self->{'to'}; } sub monday { my ($self) = @_; return $self->{'monday'}; } sub tuesday { my ($self) = @_; return $self->{'tuesday'}; } sub wednesday { my ($self) = @_; return $self->{'wednesday'}; } sub thursday { my ($self) = @_; return $self->{'thursday'}; } sub friday { my ($self) = @_; return $self->{'friday'}; } sub saturday { my ($self) = @_; return $self->{'saturday'}; } sub sunday { my ($self) = @_; return $self->{'sunday'}; } # Method: _paramIsValid # # Overrides: # # # sub _paramIsValid { my ($self, $params) = @_; $self->_hoursParamsAreValid($params); $self->_daysParamsAreValid($params); return 1; } sub _hoursParamsAreValid { my ($self, $params) = @_; my $name = $self->fieldName(); my $to = $params->{$name . '_to'}; my $from = $params->{$name . '_from'}; if ((not $to) and not $from) { return } elsif (not $from) { throw EBox::Exceptions::MissingArgument(__('From hour..')); } elsif (not $to) { throw EBox::Exceptions::MissingArgument(__('to hour..')); } elsif ($to eq $from) { throw EBox::Exceptions::External( __('You must specify two diffrent hours to the range') ); } my @hourParams = ($name . '_from', $name . '_to'); foreach my $param (@hourParams) { my $value = $params->{$param}; if (not $value =~ m/:/) { # no minutes specified! $value .= ':00'; $params->{$param} = $value; } my ($hours, $minutes) = split ':', $value, 2; if ($hours =~ m/^\d+$/) { if (($hours < 0) or ($hours > 23)) { throw EBox::Exceptions::External( __x('Bad hour of the day value: {h}', h => $hours) ); } } else { throw EBox::Exceptions::External( __x('Bad hour of the day format: {h}', h => $hours) ); } if ($minutes =~ m/^\d+$/) { if (($minutes < 0) or ($minutes > 59)) { throw EBox::Exceptions::External( __x('Bad minutes value: {mi}', mi => $minutes) ); } } else { throw EBox::Exceptions::External( __x('Bad minutes format: {mi}', 'mi' => $minutes) ); } } # we need to fetch the value form the params bz the value could be changed # to add the missing minutes field my ($fromHours, $fromMinutes) = split ':', $params->{$name . '_from'}; my ($toHours, $toMinutes) = split ':', $params->{$name . '_to'}; if ($fromHours > $toHours) { throw EBox::Exceptions::External( __('The end of the range is greater than the begin') ); } elsif ($fromHours == $toHours) { if ($fromMinutes > $toMinutes) { throw EBox::Exceptions::External( __('The end of the range is greater than the begin') ); } } } sub _daysParamsAreValid { my ($self, $params) = @_; my $name = $self->fieldName(); my $allDaysBanned = 1; foreach my $day (@days) { my $param = $name . '_' . $day; if ($params->{$param}) { $allDaysBanned = 0; next; } } if ($allDaysBanned) { throw EBox::Exceptions::External( __('The time period must be at least active on one day') ); } } # Method: _paramIsSet # # Overrides: # # # sub _paramIsSet { my ($self, $params) = @_; return 1; } # Method: _setValue # # Set the value defined as a string in the # printableValue. That is, to define a port range, you can choose # one of following: # Overrides: # # # # Parameters: # # value - String as defined above # sub _setValue # (defaultValue) { my ($self, $value) = @_; my %memValueParams; my $name = $self->fieldName(); my ($hours, $days); if ($value =~ m/\s/) { ($hours, $days) = split '\s', $value; } else { if ($value =~ m/\-/) { $hours = $value; $days = ALL_DAYS; } else { $days = $value; } } if ($hours) { my ($from, $to) = split '-', $hours; $memValueParams{$name . '_from'} = $from; $memValueParams{$name . '_to'} = $to; } my %lettersToDays = reverse (%daysToLetters); my @letters = split //, $days; foreach my $letter (@letters) { my $day = delete $lettersToDays{$letter}; $memValueParams{$name . '_' . $day} = 1; } # days not used are false foreach my $day (values %lettersToDays) { $memValueParams{$name . '_' . $day} = 0; } $self->setMemValue(\%memValueParams); } sub dayNumbers { my ($self) = @_; my $numbers = {}; my $days = $self->weekDays(); for (my $i = 0; $i < length ($days); $i++) { my $day = substr ($days, $i, 1); $numbers->{$daysToNumbers{$day}} = 1; } return $numbers; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Types/ListArchive.pm0000664000000000000000000000371312017154761021421 0ustar # Copyright (C) 2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Class: EBox::Squid::Types::ListArchive # package EBox::Squid::Types::ListArchive; use strict; use warnings; use base 'EBox::Types::File'; use EBox; use EBox::Config; use EBox::Gettext; use EBox::Exceptions::External; use EBox::Sudo; use Error qw(:try); use File::Basename; my $UNPACK_PATH = '/var/lib/zentyal/files/squid'; # Group: Private methods sub _moveToPath { my ($self) = @_; $self->SUPER::_moveToPath(); my $path = $self->path(); unless ($self->_fileIsArchive($path)) { throw EBox::Exceptions::External(__x('Invalid .tar.gz file: {f}', f => $path)); } my $name = basename($path); my $dest = "$UNPACK_PATH/$name"; $self->_extractArchive($path, $dest); } sub _fileIsArchive { my ($self, $path) = @_; my $output = EBox::Sudo::root("/usr/bin/file -b $path"); return ($output->[0] =~ m/^gzip compressed/); } sub _extractArchive { my ($self, $path, $dir) = @_; EBox::Sudo::root("mkdir -p $dir", "tar xzf $path -C $dir", "chown -R root:ebox $dir", "chmod -R o+r $dir"); } # FIXME: what happens with this? when the file is removed? sub _cleanArchive { my ($self, $id) = @_; my $dir = $self->archiveContentsDir($id); EBox::Sudo::root("rm -rf $dir"); } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Types/UnlimitedInt.pm0000664000000000000000000000320112017154761021601 0ustar # Copyright (C) 2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Types::UnlimitedInt; use strict; use warnings; use base 'EBox::Types::Int'; use EBox::Exceptions::External; use EBox::Gettext; # Group: Public methods sub new { my $class = shift; my %opts = @_; unless (exists $opts{'HTMLViewer'}) { $opts{'HTMLViewer'} ='/squid/ajax/viewer/unlimitedIntViewer.mas'; } $opts{'type'} = 'unlimited_int'; $opts{'optional'} = 1; $opts{'optionalLabel'} = 0; my $self = $class->SUPER::new(%opts); bless($self, $class); return $self; } # Group: Protected methods # Method: _paramIsSet # # Overrides: # # # sub _paramIsSet { return 1; } # Method: _paramIsValid # # Overrides: # # # sub _paramIsValid { my ($self, $params) = @_; my $value = $params->{$self->fieldName()}; unless (defined ($value)) { return 1; } return $self->SUPER::_paramIsValid($params); } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/LdapUserImplementation.pm0000664000000000000000000000236612017154761022530 0ustar # Copyright (C) 2009 EBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA use strict; use warnings; package EBox::Squid::LdapUserImplementation; use base 'EBox::LdapUserBase'; use EBox::Global; sub _delGroup { my ($self, $group) = @_; my $squid = EBox::Global->modInstance('squid'); my $rules = $squid->model('AccessRules'); $rules->delPoliciesForGroup($group); } sub _delGroupWarning { my ($self, $group) = @_; my $squid = EBox::Global->modInstance('squid'); my $rules = $squid->model('AccessRules'); if ($rules->existsPoliciesForGroup($group)) { return (q{HTTP proxy access rules}); } return (); } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/0000775000000000000000000000000012017154761016576 5ustar zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/DelayPools.pm0000664000000000000000000002114212017154761021207 0ustar # Copyright (C) 2010-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::DelayPools; # Class: EBox::Squid::Model::DelayPools # # Rules to set the configuration for the delay pools # use base 'EBox::Model::DataTable'; use strict; use warnings; use integer; use EBox::Gettext; use EBox::Global; use EBox::Types::Select; use EBox::Types::Boolean; use EBox::Squid::Types::UnlimitedInt; use Math::BigInt; # Group: Public methods # Method: validateRow # # Overrides: # # # sub validateRow { my ($self, $action, %params) = @_; if ($params{acl_object}) { # check objects have members my $srcObjId = $params{acl_object}; my $objects = EBox::Global->modInstance('objects'); unless (@{$objects->objectAddresses($srcObjId)} > 0) { throw EBox::Exceptions::External( __x('Object {object} has no members. Please add at ' . 'least one to add rules using this object.', object => $params{acl_object})); } } if ($params{global_enabled}) { unless ($params{size} and $params{rate}) { throw EBox::Exceptions::External(__('If global limit is enabled you need to specifiy its size and rate values')); } } if ($params{clt_enabled}) { unless ($params{clt_size} and $params{clt_rate}) { throw EBox::Exceptions::External(__('If per-client limit is enabled you need to specifiy its size and rate values')); } } # Check the clt_rate is always lower than rate (network) if ($params{global_enabled} and $params{clt_enabled}) { my $netRate = defined ($params{rate}) ? $params{rate} : Math::BigInt->binf(); my $cltRate = defined ($params{clt_rate}) ? $params{clt_rate} : Math::BigInt->binf(); if ($cltRate > $netRate) { throw EBox::Exceptions::External(__x('Per-client rate ({clt_rate} KB/s) cannot be greater than global rate ({net_rate} KB/s)', clt_rate => $cltRate, net_rate => $netRate)); } } } sub addedRowNotify { my ($self, $row) = @_; $self->_setUndefinedValues($row); } sub updatedRowNotify { my ($self, $row) = @_; $self->_setUndefinedValues($row); } sub _setUndefinedValues { my ($self, $row) = @_; my $toStore; unless ($row->valueByName('global_enabled')) { $row->elementByName('size')->setValue(undef); $row->elementByName('rate')->setValue(undef); $toStore = 1; } unless ($row->valueByName('clt_enabled')) { $row->elementByName('clt_size')->setValue(undef); $row->elementByName('clt_rate')->setValue(undef); $toStore = 1; } if ($toStore) { $row->store(); } } # Group: Protected methods # Method: _table # # Overrides: # # # sub _table { my ($self) = @_; my @tableHead = ( new EBox::Types::Select( fieldName => 'acl_object', printableName => __('Network object'), foreignModel => $self->modelGetter('objects', 'ObjectTable'), foreignField => 'name', foreignNextPageField => 'members', editable => 1, unique => 1, ), new EBox::Types::Boolean( fieldName => 'global_enabled', printableName => __('Enable global limit for the object'), editable => 1, hiddenOnViewer => 1, defaultValue => 0, ), new EBox::Squid::Types::UnlimitedInt( fieldName => 'size', printableName => __('Maximum unlimited size'), help => __('Maximum unthrottled download size for the whole network object.'), size => 3, editable => 1, trailingText => __('MB'), min => 0, ), new EBox::Squid::Types::UnlimitedInt( fieldName => 'rate', printableName => __('Maximum download rate'), help => __('Limited download rate after maximum size is reached for the whole network object.'), size => 3, editable => 1, trailingText => __('KB/s'), ), new EBox::Types::Boolean( fieldName => 'clt_enabled', printableName => __('Enable per client limit'), editable => 1, hiddenOnViewer => 1, defaultValue => 0, ), new EBox::Squid::Types::UnlimitedInt( fieldName => 'clt_size', printableName => __('Maximum unlimited size per client'), help => __('Maximum unthrottled download size for each client.'), size => 3, editable => 1, trailingText => __('MB'), ), new EBox::Squid::Types::UnlimitedInt( fieldName => 'clt_rate', printableName => __('Maximum download rate per client'), help => __('Limited download rate after maximum size is reached for each client.'), size => 3, editable => 1, trailingText => __('KB/s'), ), ); my $dataTable = { 'tableName' => 'DelayPools', 'printableTableName' => __('Bandwidth Throttling Rules'), 'defaultActions' => [ 'add', 'del', 'editField', 'changeView', 'move' ], 'modelDomain' => 'Squid', 'tableDescription' => \@tableHead, 'class' => 'dataTable', # Priority field set the ordering through _order function 'order' => 1, 'pageTitle' => __('HTTP Proxy'), 'help' => __("Bandwith throttling allows you to control download rates for connections going though the HTTP proxy. The first rule to match is applied. If a connection doesn't match any rule, then no bandwidth throttling is applied."), 'rowUnique' => 1, 'printableRowName' => __('rule'), 'automaticRemove' => 1, 'enableProperty' => 1, 'defaultEnabledValue' => 1, # XXX notifyForeignModelAction to normalize values on interface bw change }; return $dataTable; } sub delayPools { my ($self) = @_; my $objects = EBox::Global->modInstance('objects'); my @pools; foreach my $pool (@{$self->enabledRows()}) { my $row = $self->row($pool); my $rate = $row->valueByName('rate'); my $size = $row->valueByName('size'); my $clt_rate = $row->valueByName('clt_rate'); my $clt_size = $row->valueByName('clt_size'); my $obj = $row->valueByName('acl_object'); my $addresses = $objects->objectAddresses($obj); push (@pools, { id => $pool, class => '2', rate => defined ($rate) ? $rate : -1, size => defined ($size) ? $size : -1, clt_rate => defined ($clt_rate) ? $clt_rate : -1, clt_size => defined ($clt_size) ? $clt_size : -1, object => $obj, addresses => $addresses }); } return \@pools; } # Method: viewCustomizer # # Overrides # # sub viewCustomizer { my ($self) = @_; my $customizer = new EBox::View::Customizer(); $customizer->setModel($self); $customizer->setOnChangeActions( { global_enabled => { 'on' => { enable => [ 'size', 'rate' ] }, 'off' => { disable => [ 'size', 'rate' ] }, }, clt_enabled => { 'on' => { enable => [ 'clt_size', 'clt_rate' ] }, 'off' => { disable => [ 'clt_size', 'clt_rate' ] }, }, }); return $customizer; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/ContentFilterThreshold.pm0000664000000000000000000000550412017154761023575 0ustar # Copyright (C) 2009-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Class: # # EBox::Squid::Model::ContentFilterThreshold # # This class is used as a model to describe a table which will be # used to select the logs domains the user wants to enable/disable. # # It subclasses # package EBox::Squid::Model::ContentFilterThreshold; use base 'EBox::Model::DataForm'; use strict; use warnings; use EBox::Global; use EBox::Gettext; use EBox::Types::Boolean; use EBox::Types::Select; use EBox::Exceptions::External; # Method: _table # # This method overrides to return # a table model description. # # sub _table { my @tableDesc = ( new EBox::Types::Select( fieldName => 'contentFilterThreshold', printableName => __('Threshold'), editable => 1, populate => \&_populateContentFilterThreshold, help => __('This specifies how strict the content filter is.'), ), ); my $dataForm = { tableName => 'ContentFilterThreshold', printableTableName => __('Content filter threshold'), modelDomain => 'Squid', defaultActions => [ 'editField', 'changeView' ], tableDescription => \@tableDesc, class => 'dataForm', messages => { update => __('Content filter threshold changed'), }, }; return $dataForm; } sub _populateContentFilterThreshold { return [ { value => 0, printableValue => __('Disabled') }, { value => 200, printableValue => __('Very permissive') }, { value => 160, printableValue => __('Permissive') }, { value => 120, printableValue => __('Medium') }, { value => 80, printableValue => __('Strict') }, { value => 50, printableValue => __('Very strict') }, ]; } sub threshold { my ($self) = @_; return $self->contentFilterThresholdValue(); } # Method: viewCustomizer # # Overrides # to show breadcrumbs # sub viewCustomizer { my ($self) = @_; my $custom = $self->SUPER::viewCustomizer(); $custom->setHTMLTitle([]); return $custom; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/TransparentExceptions.pm0000664000000000000000000000502112017154761023475 0ustar # Copyright (C) 2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::TransparentExceptions; use base 'EBox::Model::DataTable'; use strict; use warnings; use EBox; use EBox::Exceptions::Internal; use EBox::Gettext; use EBox::Types::DomainName; use EBox::Types::Boolean; use EBox::Validate; # Method: _table # # sub _table { my @tableHeader = ( new EBox::Types::DomainName( fieldName => 'domain', printableName => __('Domain Name Address'), unique => 1, editable => 1, optional => 0, ), new EBox::Types::Boolean( fieldName => 'enabled', printableName => __('Skip Transparent Proxy'), defaultValue => 1, editable => 1, ), ); my $dataTable = { tableName => 'TransparentExceptions', printableTableName => __('Transparent Proxy Exemptions'), modelDomain => 'Squid', defaultController => '/Squid/Controller/TransparentExceptions', defaultActions => [ 'add', 'del', 'editField', 'changeView' ], tableDescription => \@tableHeader, class => 'dataTable', order => 0, rowUnique => 1, printableRowName => __('domain name address'), help => __('You can exempt some addresses from transparent proxy'), messages => { add => __('Address added'), del => __('Address removed'), update => __('Address updated'), }, sortedBy => 'domain', }; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/TrafficReportOptions.pm0000664000000000000000000000210512017154761023260 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::TrafficReportOptions; use base 'EBox::Logs::Model::OptionsBase'; use strict; use warnings; sub new { my $class = shift; my $self = $class->SUPER::new(@_); bless $self, $class; return $self; } sub tableName { return 'TrafficReportOptions'; } sub modelDomain { return 'Squid'; } sub reportUrl { return '/Squid/Composite/TrafficReport'; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/TrafficSizeGraph.pm0000664000000000000000000000416212017154761022332 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::TrafficSizeGraph; use base 'EBox::Logs::Model::Graph'; use strict; use warnings; use EBox::Gettext; sub new { my $class = shift; my $self = $class->SUPER::new(@_); bless $self, $class; return $self; } sub dbTableName { return 'squid_traffic'; } sub altText { return __('Squid traffic size graph'); } sub dbFields { my ($package) = @_; return { accepted_size => { printableName => __('Accepted traffic size (Kb)') }, denied_size => { printableName => __('Denied traffic size (Kb)') }, filtered_size => { printableName => __('Filtered traffic size (Kb))') }, } } # Method: _table # # The table description which consists of three fields: # # You can only edit enabled and configuration fields. The event # name and description are read-only fields. # sub _table { my $dataTable = { tableDescription => [], tableName => 'TrafficSizeGraph', printableTableName => __('Traffic size'), modelDomain => 'Squid', defaultActions => [ 'editField', 'changeView', ], messages => { 'add' => undef, 'del' => undef, 'update' => undef, 'moveUp' => undef, 'moveDown' => undef, } }; return $dataTable; } sub timePeriodModelPath { return 'TrafficReportOptions'; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/NoCacheDomains.pm0000664000000000000000000000540012017154761021746 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::NoCacheDomains; use base 'EBox::Model::DataTable'; use strict; use warnings; use EBox; use EBox::Exceptions::Internal; use EBox::Gettext; use EBox::Types::DomainName; use EBox::Validate; # Method: _table # # sub _table { my @tableHeader = ( new EBox::Types::DomainName( fieldName => 'domain', printableName => __('Domain Name Address'), unique => 1, editable => 1, optional => 0, ), new EBox::Types::Boolean( fieldName => 'noCache', printableName => __('Exempt address from caching'), defaultValue => 1, editable => 1, ), ); my $dataTable = { tableName => 'NoCacheDomains', printableTableName => __('Cache Exemptions'), modelDomain => 'Squid', defaultController => '/Squid/Controller/NoCacheDomains', defaultActions => [ 'add', 'del', 'editField', 'changeView' ], tableDescription => \@tableHeader, class => 'dataTable', order => 0, rowUnique => 1, printableRowName => __('domain name address'), help => __('You can exempt some addresses from caching'), messages => { add => __('Address added'), del => __('Address removed'), update => __('Address updated'), }, sortedBy => 'domain', }; } sub notCachedDomains { my ($self, $policy) = @_; my @domains = map { my $row = $self->row($_); if ($row->valueByName('noCache')) { $row->valueByName('domain'); } else { () } } @{ $self->ids() }; return \@domains; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/MIME.pm0000664000000000000000000001273412017154761017672 0ustar # Copyright (C) 2009-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::MIME; use base 'EBox::Model::DataTable'; use strict; use warnings; use EBox; use EBox::Gettext; use EBox::Types::Boolean; use EBox::Types::Text; use EBox::Exceptions::Internal; use Perl6::Junction qw(all); use constant DEFAULT_MIME_TYPES => qw( audio/mpeg audio/x-mpeg audio/x-pn-realaudio audio/x-wav video/mpeg video/x-mpeg2 video/acorn-replay video/quicktime video/x-msvideo video/msvideo application/gzip application/x-gzip application/zip application/compress application/x-compress application/java-vm application/x-shockwave-flash application/x-shockwave-flash2-preview application/futuresplash image/vnd.rn-realflash ); sub new { my $class = shift; my $self = $class->SUPER::new(@_); bless $self, $class; return $self; } sub _tableHeader { my @tableHeader = ( new EBox::Types::Text( fieldName => 'MIMEType', printableName => __('MIME Type'), unique => 1, editable => 1, optional => 0, ), new EBox::Types::Boolean( fieldName => 'allowed', printableName => __('Allow'), optional => 0, editable => 1, defaultValue => 1, ), ); return \@tableHeader; } # Method: syncRows # # Overrides # sub syncRows { my ($self, $currentRows) = @_; unless (@{$currentRows}) { # if there are no rows, we have to add them foreach my $type (DEFAULT_MIME_TYPES) { $self->add(MIMEType => $type); } return 1; } else { return 0; } } sub validateTypedRow { my ($self, $action, $params_r) = @_; if (exists $params_r->{MIMEType} ) { my $type = $params_r->{MIMEType}->value(); $self->checkMimeType($type); } } # Function: bannedMimeTypes # # Fetch the banned MIME types # # Returns: # # Array ref - containing the MIME types sub banned { my ($self) = @_; my @banned = @{$self->findAllValue(allowed => 0)}; @banned = map { $self->row($_)->valueByName('MIMEType') } @banned; return \@banned; } # A MIME type follows this syntax: type/subtype # The current registrated types are: # my @ianaMimeTypes = ("application", "audio", "example", "image", "message", "model", "multipart", "text", "video", "[Xx]-.*" ); my $allIanaMimeType = all @ianaMimeTypes; sub checkMimeType { my ($self, $type) = @_; my ($mainType, $subType) = split '/', $type, 2; if (not defined $subType) { throw EBox::Exceptions::InvalidData( data => __('MIME Type'), value => $type, advice => __('A MIME Type must follow this syntax: type/subtype'), ); } if ($mainType ne $allIanaMimeType) { throw EBox::Exceptions::InvalidData( data => __('MIME Type'), value => $type, advice => __x( '{type} is not a valid IANA type', type => $mainType, ) ); } if (not $subType =~ m{^[\w\-\d\.+]+$} ) { throw EBox::Exceptions::InvalidData( data => __('MIME Type'), value => $type, advice => __x( '{t} subtype has a wrong syntax', t => $subType, ) ); } return 1; } sub _table { my ($self) = @_; my $dataTable = { tableName => 'MIME', modelDomain => 'Squid', printableTableName => __('MIME types'), defaultActions => [ 'add', 'del', 'editField', 'changeView' ], checkAll => [ 'allowed' ], tableDescription => $self->_tableHeader(), class => 'dataTable', order => 0, rowUnique => 1, printableRowName => __('MIME type'), help => __("Allow/Deny the HTTP traffic of the files which the given MIME types. MIME types not listed here are allowed.\nThe filter needs a 'filter' policy to be in effect"), messages => { add => __('MIME type added'), del => __('MIME type removed'), update => __('MIME type updated'), }, sortedBy => 'MIMEType', }; } # Method: viewCustomizer # # Overrides # to show breadcrumbs sub viewCustomizer { my ($self) = @_; my $custom = $self->SUPER::viewCustomizer(); $custom->setHTMLTitle([]); return $custom; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/GeneralSettings.pm0000664000000000000000000001271312017154761022236 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::GeneralSettings; use base 'EBox::Model::DataForm'; use strict; use warnings; use EBox::Global; use EBox::Gettext; use EBox::Validate qw(:all); use EBox::Types::Int; use EBox::Types::Text; use EBox::Types::Boolean; use EBox::Types::IPAddr; use EBox::Types::Port; use EBox::Sudo; use EBox::Exceptions::External; use constant SB_URL => 'https://store.zentyal.com/small-business-edition.html/?utm_source=zentyal&utm_medium=proxy_general&utm_campaign=smallbusiness_edition'; use constant ENT_URL => 'https://store.zentyal.com/enterprise-edition.html/?utm_source=zentyal&utm_medium=proxy_general&utm_campaign=enterprise_edition'; sub _table { my @tableDesc = ( new EBox::Types::Boolean( fieldName => 'transparentProxy', printableName => __('Transparent Proxy'), editable => 1, defaultValue => 0, ), new EBox::Types::Boolean( fieldName => 'https', printableName => __('HTTPS Proxy'), hidden => \&_sslSupportNotAvailable, editable => 1, defaultValue => 0, #help => __('FIXME: add help'), ), new EBox::Types::Boolean( fieldName => 'removeAds', printableName => __('Ad Blocking'), editable => 1, defaultValue => 0, help => __('Remove advertisements from all HTTP traffic') ), new EBox::Types::Port( fieldName => 'port', printableName => __('Port'), editable => 1, defaultValue => 3128, ), new EBox::Types::Int( fieldName => 'cacheDirSize', printableName => __('Cache files size (MB)'), editable => 1, size => 5, min => 10, defaultValue => 100, ), ); my $dataForm = { tableName => 'GeneralSettings', printableTableName => __('General Settings'), modelDomain => 'Squid', defaultActions => [ 'editField', 'changeView' ], tableDescription => \@tableDesc, messages => { update => __('Settings changed'), }, }; return $dataForm; } # Method: viewCustomizer # # To display a permanent message # # Overrides: # # # sub viewCustomizer { my ($self) = @_; my $customizer = $self->SUPER::viewCustomizer(); my $securityUpdatesAddOn = 0; if (EBox::Global->modExists('remoteservices')) { my $rs = EBox::Global->modInstance('remoteservices'); $securityUpdatesAddOn = $rs->securityUpdatesAddOn(); } unless ($securityUpdatesAddOn) { $customizer->setPermanentMessage($self->_commercialMsg(), 'ad'); } return $customizer; } sub validateTypedRow { my ($self, $action, $params_r, $actual_r) = @_; if (exists $params_r->{port}) { $self->_checkPortAvailable($params_r->{port}->value()); } my $trans = exists $params_r->{transparentProxy} ? $params_r->{transparentProxy}->value() : $actual_r->{transparentProxy}->value() ; if ($trans and $self->parentModule()->authNeeded()) { throw EBox::Exceptions::External( __('Transparent proxy is incompatible with the users group authorization policy found in some access rules') ); } } sub _checkPortAvailable { my ($self, $port) = @_; my $oldPort = $self->portValue(); if ($port == $oldPort) { # there isn't any change so we left tht things as they are return; } my $firewall = EBox::Global->modInstance('firewall'); if (not $firewall->availablePort('tcp', $port)) { throw EBox::Exceptions::External(__x('{port} is already in use. Please choose another', port => $port)); } } sub _transparentHelp { return __('Note that you cannot proxy HTTPS ' . 'transparently. You will need to add ' . 'a firewall rule if you enable this mode.'); } sub _commercialMsg { return __sx('Want to remove ads from the websites your users browse? Get the {ohs}Small Business{ch} or {ohe}Enterprise Edition {ch} that include the Ad blocking feature in the automatic security updates.', ohs => '', ohe => '', ch => ''); } sub _sslSupportNotAvailable { return system('ldd /usr/sbin/squid3 | grep -q libssl') != 0; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/AntiVirus.pm0000664000000000000000000000621112017154761021060 0ustar # Copyright (C) 2009-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::AntiVirus; use base 'EBox::Model::DataForm'; use strict; use warnings; use EBox::Global; use EBox::Gettext; use EBox::Types::Boolean; use EBox::Exceptions::External; sub new { my $class = shift @_ ; my $self = $class->SUPER::new(@_); bless($self, $class); return $self; } sub active { my ($self) = @_; if (not $self->precondition()) { return 0; } my $row = $self->row(); return $row->valueByName('avActive'); } sub precondition { my ($self) = @_; my $antivirus = EBox::Global->modInstance('antivirus'); defined $antivirus or return undef; return $antivirus->isEnabled(); } sub preconditionFailMsg { my $antivirus = EBox::Global->modInstance('antivirus'); my $msg; if ($antivirus) { $msg = __x('You cannot activate antivirus filter because the antivirus module is disabled. If you want to filter virus, first {openhref}activate the module{closehref} and come back here', openhref => qq{}, closehref => qq{}); } else { $msg = __x('You cannot activate antivirus filter because the antivirus module is not installed. If you want to filter virus, first install it and then {openhref}activate the module{closehref} and come back here', openhref => qq{}, closehref => qq{}); } return $msg; } sub _tableDescription { my @tableDescription = ( new EBox::Types::Boolean( fieldName => 'avActive', printableName => __('Use antivirus'), editable => 1, defaultValue => 1 ), ); return \@tableDescription; } # Method: _table # # This method overrides to return # a table model description. # sub _table { my ($self) = @_; my $tableDescription = $self->_tableDescription(); my $dataForm = { tableName => 'AntiVirus', printableTableName => __('Filter virus'), modelDomain => 'Squid', defaultActions => [ 'editField', 'changeView' ], tableDescription => $tableDescription, class => 'dataForm', }; return $dataForm; } # Method: viewCustomizer # # Overrides # to show breadcrumbs # sub viewCustomizer { my ($self) = @_; my $custom = $self->SUPER::viewCustomizer(); $custom->setHTMLTitle([]); return $custom; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/DomainFilter.pm0000664000000000000000000001337612017154761021523 0ustar # Copyright (C) 2009-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::DomainFilter; use base 'EBox::Model::DataTable'; use strict; use warnings; use EBox; use EBox::Gettext; use EBox::Types::Select; use EBox::Types::Text; use EBox::Validate; use EBox::Exceptions::Internal; sub _tableHeader { my @tableHeader = ( new EBox::Types::Text( fieldName => 'domain', printableName => __('Domain or URL'), unique => 1, editable => 1, optional => 0, ), new EBox::Types::Select( fieldName => 'policy', printableName => __('Decision'), populate => \&_populate, editable => 1, ), ); return \@tableHeader; } sub _populate { my @elements = ( { value => 'allow', printableValue => __('Allow') }, { value => 'deny', printableValue => __('Deny') }, ); return \@elements; } sub validateTypedRow { my ($self, $action, $params_r) = @_; return unless (exists $params_r->{domain}); my $domain = $params_r->{domain}->value(); if ($domain =~ m{/}) { # treat as url $self->_validateUrl($domain); } else { $self->_validateDomain($domain); } } sub _validateUrl { my ($self, $url) = @_; my ($domain, $dir) = split '/', $url, 2; $dir = '/' . $dir; EBox::Validate::checkDomainName($domain, __('Domain or IP address part of URL') ); } sub _validateDomain { my ($self, $domain) = @_; if ($domain =~ m{^www\.}) { throw EBox::Exceptions::InvalidData( data => __('Domain'), value => $domain, advice => __('You must not prefix the domain with www.'), ); } EBox::Validate::checkDomainName($domain, __('Domain or IP address')); } # Function: banned # # Fetch the banned domains # # Returns: # # Array ref - containing the domains sub banned { my ($self) = @_; return $self->_domainsByPolicy('deny'); } # Function: allowed # # Fetch the allowed domains # # Returns: # # Array ref - containing the domains sub allowed { my ($self) = @_; return $self->_domainsByPolicy('allow'); } # Function: filtered # # Fetch the filtered domains # # Returns: # # Array ref - containing the domains sub filtered { my ($self) = @_; return $self->_domainsByPolicy('filter'); } # Function: bannedUrls # # Fetch the banned urls # # Returns: # # Array ref - containing the urls sub bannedUrls { my ($self) = @_; return $self->_urlsByPolicy('deny'); } # Function: allowedUrls # # Fetch the allowed urls # # Returns: # # Array ref - containing the urls sub allowedUrls { my ($self) = @_; return $self->_urlsByPolicy('allow'); } # Function: filteredUrls # # Fetch the filtered urls # # Returns: # # Array ref - containing the urls sub filteredUrls { my ($self) = @_; return $self->_urlsByPolicy('filter'); } sub _domainsByPolicy { my ($self, $policy) = @_; my @domains; for my $id (@{$self->ids()}) { my $row = $self->row($id); my $domain = $row->valueByName('domain'); if ($domain =~ m{/}) { next; } if ($row->valueByName('policy') eq $policy) { push (@domains, $domain); } } return \@domains; } sub _urlsByPolicy { my ($self, $policy) = @_; my @urls; for my $id (@{$self->ids()}) { my $row = $self->row($id); my $url = $row->valueByName('domain'); if (not $url =~ m{/}) { next; } if ($row->valueByName('policy') eq $policy) { push (@urls, $url); } } return \@urls; } # Method: _table # # sub _table { my ($self) = @_; my $dataTable = { tableName => 'DomainFilter', printableTableName => __('Domains and URL rules'), modelDomain => 'Squid', defaultController => '/Squid/Controller/DomainFilter', defaultActions => [ 'add', 'del', 'editField', 'changeView' ], tableDescription => $self->_tableHeader(), class => 'dataTable', order => 0, rowUnique => 1, printableRowName => __('internet domain or URL'), help => __('Allow/Deny the HTTP traffic from/to the listed internet domains and URLs.'), messages => { add => __('Domain or URL added'), del => __('Domain or URL removed'), update => __('Domain or URL updated'), }, sortedBy => 'domain', }; } # Method: viewCustomizer # # Overrides # to show breadcrumbs sub viewCustomizer { my ($self) = @_; my $custom = $self->SUPER::viewCustomizer(); $custom->setHTMLTitle([]); return $custom; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/RequestsGraph.pm0000664000000000000000000000417712017154761021742 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::RequestsGraph; use base 'EBox::Logs::Model::Graph'; use strict; use warnings; use EBox::Gettext; sub new { my $class = shift; my $self = $class->SUPER::new(@_); bless $self, $class; return $self; } sub dbTableName { return 'squid_traffic'; } sub altText { return __('Squid traffic requests graph'); } sub dbFields { my ($package) = @_; return { requests => { printableName => __('Requests') }, accepted => { printableName => __('Accepted requests') }, denied => { printableName => __('Denied requests') }, filtered => { printableName => __('Filtered requests') }, } } # Method: _table # # The table description which consists of three fields: # # You can only edit enabled and configuration fields. The event # name and description are read-only fields. # sub _table { my $dataTable = { tableDescription => [], tableName => 'RequestsGraph', printableTableName => __('Access requests'), modelDomain => 'Squid', defaultActions => [ 'editField', 'changeView', ], messages => { 'add' => undef, 'del' => undef, 'update' => undef, 'moveUp' => undef, 'moveDown' => undef, } }; return $dataTable; } sub timePeriodModelPath { return 'TrafficReportOptions'; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/CategorizedLists.pm0000664000000000000000000000616612017154761022424 0ustar # Copyright (C) 2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA use strict; use warnings; package EBox::Squid::Model::CategorizedLists; use base 'EBox::Model::DataTable'; use EBox; use EBox::Global; use EBox::Gettext; use EBox::Validate; use EBox::Sudo; use EBox::Types::Text::WriteOnce; use EBox::Squid::Types::ListArchive; use Error qw(:try); use Perl6::Junction qw(any); use File::Basename; use constant LIST_FILE_DIR => '/etc/dansguardian/extralists'; # Method: _table # # sub _table { my ($self) = @_; my @tableHeader = ( new EBox::Types::Text::WriteOnce( fieldName => 'name', printableName => __('Name'), unique => 1, editable => 1, ), new EBox::Squid::Types::ListArchive( fieldName => 'fileList', printableName => __('File'), unique => 1, editable => 1, optional => 1, allowDownload => 1, dynamicPath => sub { my ($self) = @_; return '/tmp/' . $self->row()->valueByName('name'); }, user => 'root', group => 'root', ), ); my $dataTable = { tableName => 'CategorizedLists', pageTitle => __('HTTP Proxy'), printableTableName => __('Categorized Lists'), modelDomain => 'Squid', defaultActions => [ 'add', 'del', 'editField', 'changeView' ], tableDescription => \@tableHeader, class => 'dataTable', rowUnique => 1, automaticRemove => 1, printableRowName => __('categorized list'), help => __('You can upload files with categorized lists of domains. You will be able to filter by those categories in each filter profile.'), }; } # Method: viewCustomizer # # To display a permanent message # # Overrides: # # # sub viewCustomizer { my ($self) = @_; my $customizer = $self->SUPER::viewCustomizer(); my $securityUpdatesAddOn = 0; if (EBox::Global->modExists('remoteservices')) { my $rs = EBox::Global->modInstance('remoteservices'); $securityUpdatesAddOn = $rs->securityUpdatesAddOn(); } unless ($securityUpdatesAddOn) { $customizer->setPermanentMessage($self->parentModule()->_commercialMsg(), 'ad'); } return $customizer; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/Extensions.pm0000664000000000000000000001127212017154761021276 0ustar # Copyright (C) 2009-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::Extensions; use base 'EBox::Model::DataTable'; use strict; use warnings; use EBox; use EBox::Exceptions::Internal; use EBox::Gettext; use EBox::Types::Boolean; use EBox::Types::Text; use constant DEFAULT_EXTENSIONS => qw( ade adp asx bas bat cab chm cmd com cpl crt dll exe hlp ini hta inf ins isp lnk mda mdb mde mdt mdw mdz msc msi msp mst pcd pif prf reg scf scr sct sh shs shb sys url vb be vbs vxd wsc wsf wsh otf ops doc xls gz tar zip tgz bz2 cdr dmg smi sit sea bin hqx rar mp3 mpeg mpg avi asf iso ogg wmf cue sxw stw stc sxi sti sxd sxg odt ott ods ots odp otp odg otg odm odf odc odb odi pdf ); # Group: Public methods sub new { my $class = shift; my $self = $class->SUPER::new(@_); bless $self, $class; return $self; } sub validateTypedRow { my ($self, $action, $params_r) = @_; if (exists $params_r->{extension} ) { my $extension = $params_r->{extension}->value(); if ($extension =~ m{\.}) { throw EBox::Exceptions::InvalidData( data => __('File extension'), value => $extension, advice => ('Dots (".") are not allowed in file extensions') ); } } } # Function: bannedExtensions # # Fetch the banned extensions # # Returns: # # Array ref - containing the extensions sub banned { my ($self) = @_; my @banned = @{$self->findAllValue(allowed => 0)}; @banned = map { $self->row($_)->valueByName('extension') } @banned; return \@banned; } # Method: syncRows # # Overrides # sub syncRows { my ($self, $currentRows) = @_; unless (@{$currentRows}) { # if there are no rows, we have to add them foreach my $extension (DEFAULT_EXTENSIONS) { $self->add(extension => $extension); } return 1; } else { return 0; } } # Group: Protected methods sub _tableHeader { my @tableHeader = ( new EBox::Types::Text( fieldName => 'extension', printableName => __('Extension'), unique => 1, editable => 1, optional => 0, ), new EBox::Types::Boolean( fieldName => 'allowed', printableName => __('Allow'), optional => 0, editable => 1, defaultValue => 1, ), ); return \@tableHeader; } sub _table { my ($self) = @_; my $warnMsg = q{The extension filter needs a 'filter' policy to take effect}; my $dataTable = { tableName => 'Extensions', printableTableName => __('File extensions'), modelDomain => 'Squid', defaultActions => [ 'add', 'del', 'editField', 'changeView' ], checkAll => [ 'allowed' ], tableDescription => $self->_tableHeader(), class => 'dataTable', order => 0, rowUnique => 1, printableRowName => __('extension'), help => __("Allow/Deny the HTTP traffic of the files which the given extensions.\nExtensions not listed here are allowed.\nThe extension filter needs a 'filter' policy to be in effect"), messages => { add => __('Extension added'), del => __('Extension removed'), update => __('Extension updated'), }, sortedBy => 'extension', }; } # Method: viewCustomizer # # Overrides # to show breadcrumbs # sub viewCustomizer { my ($self) = @_; my $custom = $self->SUPER::viewCustomizer(); $custom->setHTMLTitle([]); return $custom; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/AccessRules.pm0000664000000000000000000002452012017154761021353 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA use strict; use warnings; package EBox::Squid::Model::AccessRules; use base 'EBox::Model::DataTable'; # Class: # # EBox::Squid::Model::AccessRules # # # It subclasses # use EBox; use EBox::Global; use EBox::Exceptions::Internal; use EBox::Gettext; use EBox::Types::Text; use EBox::Types::Select; use EBox::Types::Union; use EBox::Types::Union::Text; use EBox::Squid::Types::TimePeriod; use constant MAX_DG_GROUP => 99; # max group number allowed by dansguardian # Method: _table # # sub _table { my ($self) = @_; my @tableHeader = ( new EBox::Squid::Types::TimePeriod( fieldName => 'timePeriod', printableName => __('Time period'), help => __('Time period when the this rule is applied'), editable => 1, ), new EBox::Types::Union( fieldName => 'source', printableName => __('Source'), filter => \&_filterSourcePrintableValue, subtypes => [ new EBox::Types::Select( fieldName => 'object', foreignModel => $self->modelGetter('objects', 'ObjectTable'), foreignField => 'name', foreignNextPageField => 'members', printableName => __('Network Object'), unique => 1, editable => 1, optional => 0, ), new EBox::Types::Select( fieldName => 'group', printableName => __('Users Group'), populate => \&populateGroups, unique => 1, editable => 1, optional => 0, disableCache => 1, ), new EBox::Types::Union::Text( fieldName => 'any', printableName => __('Any'), ) ] ), new EBox::Types::Union( fieldName => 'policy', printableName => __('Decision'), filter => \&_filterProfilePrintableValue, subtypes => [ new EBox::Types::Union::Text( fieldName => 'allow', printableName => __('Allow All'), ), new EBox::Types::Union::Text( fieldName => 'deny', printableName => __('Deny All'), ), new EBox::Types::Select( fieldName => 'profile', printableName => __('Apply Filter Profile'), foreignModel => $self->modelGetter('squid', 'FilterProfiles'), foreignField => 'name', editable => 1, ) ] ), ); my $dataTable = { tableName => 'AccessRules', pageTitle => __('HTTP Proxy'), printableTableName => __('Access Rules'), modelDomain => 'Squid', defaultActions => [ 'add', 'del', 'editField', 'changeView', 'clone', 'move' ], tableDescription => \@tableHeader, class => 'dataTable', order => 1, rowUnique => 1, automaticRemove => 1, printableRowName => __('rule'), help => __('Here you can filter, block or allow access by user group or network object. Rules are only applied during the selected time period.'), }; } sub populateGroups { my $userMod = EBox::Global->modInstance('users'); return [] unless ($userMod->isEnabled()); my @groups; foreach my $group (@{$userMod->groups()}) { my $name = $group->name(); push (@groups, { value => $name, printableValue => $name }); } return \@groups; } sub validateTypedRow { my ($self, $action, $params_r, $actual_r) = @_; my $squid = $self->parentModule(); my $type = exists $params_r->{source} ? $params_r->{source}->selectedType(): $actual_r->{source}->selectedType(); if ($squid->transproxy() and ($type eq 'group')) { throw EBox::Exceptions::External(__('Source matching by user group is not compatible with transparent proxy mode')); } } sub rules { my ($self) = @_; my $objectMod = $self->global()->modInstance('objects'); my $userMod = $self->global()->modInstance('users'); my $usersEnabled = $userMod->isEnabled(); my @rules; foreach my $id (@{$self->ids()}) { my $row = $self->row($id); my $source = $row->elementByName('source'); my $rule = {}; if ($source->selectedType() eq 'object') { my $object = $source->value(); $rule->{object} = $object; $rule->{members} = $objectMod->objectMembers($object); $rule->{addresses} = $objectMod->objectAddresses($object); } elsif ($source->selectedType() eq 'group') { next unless ($usersEnabled); my $group = $source->value(); $rule->{group} = $group; $rule->{users} = [ (map { $_->name() } @{$userMod->group($group)->users()}) ]; } elsif ($source->selectedType() eq 'any') { $rule->{any} = 1; } $rule->{policy} = $row->elementByName('policy')->selectedType(); my $timePeriod = $row->elementByName('timePeriod'); if (not $timePeriod->isAllTime) { if (not $timePeriod->isAllWeek()) { $rule->{timeDays} = $timePeriod->weekDays(); } my $hours = $timePeriod->hourlyPeriod(); if ($hours) { $rule->{timeHours} = $hours; } } push (@rules, $rule); } return \@rules; } sub existsPoliciesForGroup { my ($self, $group) = @_; foreach my $id (@{ $self->ids() }) { my $row = $self->row($id); my $source = $row->elementByName('source'); next unless $source->selectedType() eq 'group'; my $userGroup = $source->printableValue(); if ($group eq $userGroup) { return 1; } } return 0; } sub delPoliciesForGroup { my ($self, $group) = @_; my @ids = @{ $self->ids() }; foreach my $id (@ids) { my $row = $self->row($id); my $source = $row->elementByName('source'); next unless $source->selectedType() eq 'group'; my $userGroup = $source->printableValue(); if ($group eq $userGroup) { $self->removeRow($id); } } } sub filterProfiles { my ($self) = @_; my %profileIdByRowId = %{ $self->parentModule()->model('FilterProfiles')->idByRowId() }; my $objectMod = $self->global()->modInstance('objects'); my $userMod = $self->global()->modInstance('users'); my @profiles; foreach my $id (@{$self->ids()}) { my $row = $self->row($id); my $profile = {}; my $policy = $row->elementByName('policy'); if ($policy->selectedType() eq 'allow') { $profile->{number} = 1; } elsif ($policy->selectedType() eq 'deny') { $profile->{number} = 2; } else { $profile->{number} = $profileIdByRowId{$policy->value()}; } my $timePeriod = $row->elementByName('timePeriod'); unless ($timePeriod->isAllTime()) { $profile->{timePeriod} = 1; $profile->{begin} = $timePeriod->from(); $profile->{end} = $timePeriod->to(); $profile->{days} = $timePeriod->dayNumbers(); } my $source = $row->elementByName('source'); if ($source->selectedType() eq 'object') { my $obj = $source->value(); my @addresses = @{ $objectMod->objectAddresses($obj, mask => 1) }; foreach my $cidrAddress (@addresses) { my ($addr, $netmask) = ($cidrAddress->[0], EBox::NetWrappers::mask_from_bits($cidrAddress->[1])); my %profileCopy = %{$profile}; $profileCopy{address} = "$addr/$netmask"; push (@profiles, \%profileCopy); } } else { if ($source->selectedType() eq 'group') { my $group = $source->value(); $profile->{group} = $group; $profile->{users} = [ (map { $_->name() } @{$userMod->group($group)->users()}) ]; } else { $profile->{address} = '0.0.0.0/0.0.0.0'; } push (@profiles, $profile); } } return \@profiles; } sub rulesUseAuth { my ($self) = @_; foreach my $id (@{$self->ids()}) { my $row = $self->row($id); my $source = $row->elementByName('source'); if ($source->selectedType() eq 'group') { return 1; } } return 0; } sub rulesUseFilter { my ($self) = @_; foreach my $id (@{$self->ids()}) { my $row = $self->row($id); my $policy = $row->elementByName('policy'); if ($policy->selectedType() eq 'profile') { return 1; } } return 0; } sub _filterSourcePrintableValue { my ($type) = @_; my $selected = $type->selectedType(); my $value = $type->printableValue(); if ($selected eq 'object') { return __x('Object: {o}', o => $value); } elsif ($selected eq 'group') { return __x('Group: {g}', g => $value); } else { return $value; } } sub _filterProfilePrintableValue { my ($type) = @_; if ($type->selectedType() eq 'profile') { return __x("Apply '{p}' profile", p => $type->printableValue()); } else { return $type->printableValue(); } } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/DomainFilterSettings.pm0000664000000000000000000000507112017154761023235 0ustar # Copyright (C) 2009-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::DomainFilterSettings; use base 'EBox::Model::DataForm'; use strict; use warnings; use EBox; use EBox::Gettext; use EBox::Validate; use EBox::Types::Text; use EBox::Exceptions::Internal; # Group: Public methods sub new { my $class = shift; my $self = $class->SUPER::new(@_); bless $self, $class; return $self; } # Method: _table # # sub _table { my ($self) = @_; my @tableDesc = ( new EBox::Types::Boolean( fieldName => 'blanketBlock', printableName => __('Block not listed domains and URLs'), defaultValue => 0, editable => 1, help => __('If this is enabled, ' . 'any domain or URL which is neither present neither in the ' . 'Domains and URLrules nor in the Domain list files sections below will be ' . 'forbidden.'), ), new EBox::Types::Boolean( fieldName => 'blockIp', printableName => __('Block sites specified only as IP'), defaultValue => 0, editable => 1, ), ); my $dataForm = { tableName => 'DomainFilterSettings', printableTableName => __('Domain filter settings'), modelDomain => 'Squid', defaultActions => [ 'editField', 'changeView' ], tableDescription => \@tableDesc, messages => { update => __('Filtering settings changed'), }, }; return $dataForm; } # Method: viewCustomizer # # Overrides # to show breadcrumbs # sub viewCustomizer { my ($self) = @_; my $custom = $self->SUPER::viewCustomizer(); $custom->setHTMLTitle([]); return $custom; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/DomainFilterCategories.pm0000664000000000000000000001453712017154761023531 0ustar # Copyright (C) 2009-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::DomainFilterCategories; use base 'EBox::Model::DataTable'; use strict; use warnings; use EBox; use EBox::Global; use EBox::Gettext; use EBox::Exceptions::Internal; use EBox::Types::Text; use EBox::Types::Boolean; use EBox::Validate; use EBox::Sudo; use Error qw(:try); use File::Basename; use Perl6::Junction qw(any); # Method: syncRows # # Overrides # sub syncRows { my ($self, $currentRows) = @_; my @dirs = ; my $lists; foreach my $dir (@dirs) { my @files = @{ EBox::Sudo::root("find $dir") }; foreach my $file (@files) { chomp $file; my ($dirname, $listname, $category, $basename) = $file =~ m{^(.*)/(.*?)/BL/(.*)/(.*?)$}; my $dir = "$dirname/$listname/BL/$category"; if ($basename eq any(qw(domains urls))) { unless (exists $lists->{$listname}) { $lists->{$listname} = {}; } $lists->{$listname}->{$category} = $dir; } } } my $modified = 0; foreach my $list (keys %{$lists}) { my @currentRows = grep { $self->row($_)->valueByName('list') eq $list } @{$currentRows}; my %current = map { $self->row($_)->valueByName('category') => 1 } @currentRows; my %categories = %{$lists->{$list}}; my @toAdd = grep { not exists $current{$_} } keys %categories; foreach my $category (@toAdd) { my $dir = $categories{$category}; $self->add(category => $category, list => $list, present => 1, dir => $dir, policy => 'ignore'); $modified = 1; } # FIXME: instead of remove, set present to 0 # Remove old rows # foreach my $id (@{$currentRows}) { # my $row = $self->row($id); # my $category = $row->valueByName('category'); # unless (exists $new{$category}) { # $self->removeRow($id); # $modified = 1; # } # } } return $modified; } # Method: _table # sub _table { my ($self) = @_; my @tableHeader = ( new EBox::Types::Text( fieldName => 'category', printableName => __('Category'), unique => 0, editable => 0, ), new EBox::Types::Text( fieldName => 'list', printableName => __('List File'), unique => 0, editable => 0, ), new EBox::Types::Boolean( fieldName => 'present', printableName => __('File Present'), editable => 0, ), new EBox::Types::Select( fieldName => 'policy', printableName => __('Decision'), populate => \&_populate, editable => 1, ), new EBox::Types::Text( fieldName => 'dir', hidden => 1, unique => 1, editable => 0, ), ); my $dataTable = { tableName => 'DomainFilterCategories', printableTableName => __('Domain categories'), modelDomain => 'Squid', defaultActions => [ 'editField', 'changeView' ], tableDescription => \@tableHeader, class => 'dataTable', order => 0, rowUnique => 1, printableRowName => __('category'), sortedBy => 'category', }; } sub _populate { my @elements = ( { value => 'ignore', printableValue => __('None') }, { value => 'deny', printableValue => __('Deny All') }, { value => 'allow', printableValue => __('Allow All') }, ); return \@elements; } sub precondition { my ($self) = @_; $self->size() > 0; } sub preconditionFailMsg { return __('There are no categories defined. You need to add categorized lists files if you want to filter by category.'); } # Function: banned # # Fetch the banned domains files # # Returns: # # Array ref - containing the files sub banned { my ($self) = @_; return $self->_filesByPolicy('deny', 'domains'); } # Function: allowed # # Fetch the allowed domains files # # Returns: # # Array ref - containing the files sub allowed { my ($self) = @_; return $self->_filesByPolicy('allow', 'domains'); } # Function: bannedUrls # # Fetch the banned urls files # # Returns: # # Array ref - containing the files # sub bannedUrls { my ($self) = @_; return $self->_filesByPolicy('deny', 'urls'); } # Function: allowedUrls # # Fetch the allowed urls files # # Returns: # # Array ref - containing the files # sub allowedUrls { my ($self) = @_; return $self->_filesByPolicy('allow', 'urls'); } sub _filesByPolicy { my ($self, $policy, $scope) = @_; my @files; foreach my $id (@{$self->enabledRows()}) { my $row = $self->row($id); my $present = $row->valueByName('present'); next unless $present; my $thisPolicy = $row->valueByName('policy'); if ($thisPolicy eq $policy) { my $dir = $row->valueByName('dir'); if (-f "$dir/$scope") { push (@files, "$dir/$scope"); } } } return \@files; } # Method: viewCustomizer # # Overrides # to show breadcrumbs sub viewCustomizer { my ($self) = @_; my $custom = $self->SUPER::viewCustomizer(); $custom->setHTMLTitle([]); return $custom; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/TrafficDetails.pm0000664000000000000000000001111412017154761022016 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::Squid::Model::TrafficDetails; use base 'EBox::Logs::Model::Details'; use strict; use warnings; use EBox::Gettext; sub new { my $class = shift @_; my $self = $class->SUPER::new(@_); bless($self, $class); return $self; } sub dbFields { my ($package) = @_; return { requests => { printableName => __('Requests') }, rfc931 => { printableName => __('User') }, accepted => { printableName => __('Accepted requests') }, accepted_size => { printableName => __('Accepted traffic size (Kb)') }, denied => { printableName => __('Denied requests') }, denied_size => { printableName => __('Denied traffic size (Kb)') }, filtered => { printableName => __('Filtered requests') }, filtered_size => { printableName => __('Filtered traffic size (Kb))') }, } } sub _table { my ($class) = @_; my $tableHead = [ new EBox::Types::Text ( fieldName => 'date', printableName => __('Date') ), new EBox::Types::Text ( fieldName => 'rfc931', printableName => __('User') ), new EBox::Types::Text ( fieldName => 'requests', printableName => __('Requests') ), new EBox::Types::Text ( fieldName => 'accepted', printableName => __('Accepted requests') ), new EBox::Types::Text ( fieldName => 'accepted_size', printableName => __('Accepted traffic size (Kb)') ), new EBox::Types::Text ( fieldName => 'denied', printableName => __('Denied requests') ), new EBox::Types::Text ( fieldName => 'denied_size', printableName => __('Denied traffic size (Kb)') ), new EBox::Types::Text ( fieldName => 'filtered', printableName => __('Filtered requests') ), new EBox::Types::Text ( fieldName => 'filtered_size', printableName => __('Filtered traffic size (Kb))') ), ]; my $dataTable = { 'tableName' =>__PACKAGE__->tableName(), 'printableTableName' => __('Web traffic details'), 'defaultController' => '/Squid/Controller/TrafficDetails', 'defaultActions' => [ 'changeView' ], 'tableDescription' => $tableHead, 'class' => 'dataTable', 'order' => 0, 'rowUnique' => 0, 'printableRowName' => __('traffic'), 'sortedBy' => 'date', 'withoutActions' => 1, }; return $dataTable; } sub dbTableName { return 'squid_traffic'; } sub tableName { return 'TrafficDetails'; } sub timePeriodModelPath { return 'TrafficReportOptions'; } # the user should not be take in accout in the 'all' row sub _noAggregateFields { return ['rfc931']; } 1; zentyal-squid-2.3.11+quantal1/src/EBox/Squid/Model/FilterProfiles.pm0000664000000000000000000002021212017154761022062 0ustar # Copyright (C) 2009-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA use strict; use warnings; package EBox::Squid::Model::FilterProfiles; use base 'EBox::Model::DataTable'; use EBox; use EBox::Global; use EBox::Exceptions::Internal; use EBox::Exceptions::External; use EBox::Gettext; use EBox::Types::Text; use EBox::Squid::Types::TimePeriod; use EBox::Types::HasMany; use constant MAX_DG_GROUP => 99; # max group number allowed by dansguardian # Group: Public methods # Constructor: new # # Create the new model # # Overrides: # # # # Returns: # # - the recently # created model # sub new { my $class = shift; my $self = $class->SUPER::new(@_); bless $self, $class; return $self; } # Method: viewCustomizer # # To display a permanent message # # Overrides: # # # sub viewCustomizer { my ($self) = @_; my $customizer = $self->SUPER::viewCustomizer(); my $securityUpdatesAddOn = 0; if (EBox::Global->modExists('remoteservices')) { my $rs = EBox::Global->modInstance('remoteservices'); $securityUpdatesAddOn = $rs->securityUpdatesAddOn(); } unless ($securityUpdatesAddOn) { $customizer->setPermanentMessage($self->parentModule()->_commercialMsg(), 'ad'); } return $customizer; } # Method: _table # # sub _table { my ($self) = @_; my $dataTable = { tableName => 'FilterProfiles', pageTitle => __('HTTP Proxy'), printableTableName => __('Filter Profiles'), modelDomain => 'Squid', defaultActions => [ 'add', 'del', 'editField', 'changeView', 'clone' ], tableDescription => $self->tableHeader(), class => 'dataTable', rowUnique => 1, automaticRemove => 1, printableRowName => __("filter profile"), messages => { add => __(q{Added filter profile}), del => __(q{Removed filter profile}), update => __(q{Updated filter profile}), }, }; } sub tableHeader { my ($self) = @_; my @header = ( new EBox::Types::Text( fieldName => 'name', printableName => __('Name'), editable => 1, ), new EBox::Types::HasMany( fieldName => 'filterPolicy', printableName => __('Configuration'), foreignModel => 'squid/ProfileConfiguration', foreignModelIsComposite => 1, view => '/Squid/Composite/ProfileConfiguration', backView => '/Squid/View/FilterProfiles', ), ); return \@header; } sub validateTypedRow { my ($self, $action, $params_r, $actual_r) = @_; if (($self->size() + 1) == MAX_DG_GROUP) { throw EBox::Exceptions::External( __('Maximum number of filter groups reached') ); } my $name = exists $params_r->{name} ? $params_r->{name}->value() : $actual_r->{name}->value(); # no whitespaces allowed in profile name if ($name =~ m/\s/) { throw EBox::Exceptions::External(__('No spaces are allowed in profile names')); } } # Method: idByRowId # # Returns: # hash with row IDs as key and the filter group id number as value sub idByRowId { my ($self) = @_; my %idByRowId; my $id = 3; foreach my $rowId (@{ $self->ids() }) { $idByRowId{$rowId} = $id++; } return \%idByRowId; } sub profiles { my ($self) = @_; my @profiles = (); push (@profiles, { number => 1, policy => 'allow' }); push (@profiles, { number => 2, policy => 'deny' }); # groups will have ids greater that this number my $id = 3; foreach my $rowId ( @{ $self->ids() } ) { my $row = $self->row($rowId); my $name = $row->valueByName('name'); if ($id > MAX_DG_GROUP) { EBox::info("Filter group $name and following groups will use default content filter policy because the maximum number of Dansguardian groups is reached"); last; } my $group = { number => $id++, groupName => $name, policy => 'filter' }; my $policy = $row->elementByName('filterPolicy')->foreignModelInstance(); $group->{antivirus} = $policy->componentByName('AntiVirus', 1)->active(), $group->{threshold} = $policy->componentByName('ContentFilterThreshold', 1)->threshold(); $group->{bannedExtensions} = $policy->componentByName('Extensions', 1)->banned(); $group->{bannedMIMETypes} = $policy->componentByName('MIME', 1)->banned(); $self->_setProfileDomainsPolicy($group, $policy); push (@profiles, $group); } return \@profiles; } sub _setProfileDomainsPolicy { my ($self, $group, $policy) = @_; my $domainFilter = $policy->componentByName('Domains', 1)->componentByName('DomainFilter', 1); my $domainFilterFiles = $policy->componentByName('DomainFilterCategories', 1); $group->{exceptionsitelist} = [ domains => $domainFilter->allowed(), includes => $domainFilterFiles->allowed(), ]; $group->{exceptionurllist} = [ urls => $domainFilter->allowedUrls(), includes => $domainFilterFiles->allowedUrls(), ]; $group->{greysitelist} = [ domains => [], includes => [], ]; $group->{greyurllist} = [ urls => [], includes => [], ]; $group->{bannedurllist} = [ urls => => $domainFilter->bannedUrls(), includes => $domainFilterFiles->bannedUrls(), ]; my $domainFilterSettings = $policy->componentByName('DomainFilterSettings', 1); $group->{bannedsitelist} = [ blockIp => $domainFilterSettings->blockIpValue, blanketBlock => $domainFilterSettings->blanketBlockValue, domains => $domainFilter->banned(), includes => $domainFilterFiles->banned(), ]; } sub antivirusNeeded { my ($self) = @_; my $id = 0; foreach my $rowId ( @{ $self->ids() } ) { my $antivirusModel; my $row = $self->row($rowId); next unless defined ($row); my $policy = $row->elementByName('filterPolicy')->foreignModelInstance(); if ($id > MAX_DG_GROUP) { my $name = $row->valueByName('name'); EBox::info( "Maximum nuber of dansguardian groups reached, group $name and following groups antivirus configuration is not used" ); last; } else { $antivirusModel = $policy->componentByName('AntiVirus', 1); } if ($antivirusModel->active()) { return 1; } $id += 1 ; } # no profile with antivirus enabled found... return 0; } # this must be only called one time sub restoreConfig { my ($class, $dir) = @_; EBox::Squid::Model::DomainFilterFiles->restoreConfig($dir); } 1; zentyal-squid-2.3.11+quantal1/src/EBox/SquidFirewall.pm0000664000000000000000000000766012017154761017573 0ustar # Copyright (C) 2008-2012 eBox Technologies S.L. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2, as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA package EBox::SquidFirewall; use strict; use warnings; use base 'EBox::FirewallHelper'; use EBox::Objects; use EBox::Global; use EBox::Config; use EBox::Firewall; use EBox::Gettext; sub prerouting { my ($self) = @_; my $sq = $self->_global()->modInstance('squid'); if ($sq->transproxy()) { return $self->_trans_prerouting(); } else { return $self->_normal_prerouting(); } } sub _normal_prerouting { my ($self) = @_; my $global = $self->_global(); my $sq = $global->modInstance('squid'); return [] unless ($sq->filterNeeded()); my $net = $global->modInstance('network'); my $sqport = $sq->port(); my $dgport = $sq->DGPORT(); my @rules = (); my @ifaces = @{$net->InternalIfaces()}; foreach my $ifc (@ifaces) { my $addrs = $net->ifaceAddresses($ifc); my $input = $self->_inputIface($ifc); foreach my $addr (map { $_->{address} } @{$addrs}) { (defined($addr) && $addr ne "") or next; my $r = "$input -d $addr -p tcp --dport $sqport -j REDIRECT --to-ports $dgport"; push (@rules, $r); } } return \@rules; } sub _trans_prerouting { my ($self) = @_; my $global = $self->_global(); my $sq = $global->modInstance('squid'); my $net = $global->modInstance('network'); my $sqport = $sq->port(); my $dgport = $sq->DGPORT(); my @rules = (); my $exceptions = $sq->model('TransparentExceptions'); foreach my $id (@{$exceptions->enabledRows()}) { my $row = $exceptions->row($id); my $addr = $row->valueByName('domain'); push (@rules, "-p tcp -d $addr --dport 80 -j ACCEPT"); if ($sq->https()) { push (@rules, "-p tcp -d $addr --dport 443 -j ACCEPT"); } } my @ifaces = @{$net->InternalIfaces()}; foreach my $ifc (@ifaces) { my $addrs = $net->ifaceAddresses($ifc); my $input = $self->_inputIface($ifc); foreach my $addr (map { $_->{address} } @{$addrs}) { (defined($addr) && $addr ne "") or next; my $port = $sq->filterNeeded() ? $dgport : $sqport; my $r = "$input ! -d $addr -p tcp --dport 80 -j REDIRECT --to-ports $port"; push (@rules, $r); # TODO: https? will it work with dansguardian? } } return \@rules; } sub input { my ($self) = @_; my $global = $self->_global(); my $sq = $global->modInstance('squid'); my $net = $global->modInstance('network'); my $sqport = $sq->port(); my $dgport = $sq->DGPORT(); my @rules = (); my @ifaces = @{$net->InternalIfaces()}; foreach my $ifc (@ifaces) { my $input = $self->_inputIface($ifc); my $port = $sq->filterNeeded() ? $dgport : $sqport; my $r = "-m state --state NEW $input -p tcp --dport $port -j ACCEPT"; push(@rules, $r); } push(@rules, "-m state --state NEW -p tcp --dport $sqport -j DROP"); return \@rules; } sub output { my ($self) = @_; my @rules = (); push(@rules, "-m state --state NEW -p tcp --dport 80 -j ACCEPT"); push(@rules, "-m state --state NEW -p tcp --dport 443 -j ACCEPT"); return \@rules; } sub _global { my ($self) = @_; my $ro = $self->{ro}; return EBox::Global->getInstance($ro); } 1; zentyal-squid-2.3.11+quantal1/stubs/0000775000000000000000000000000012017154761014165 5ustar zentyal-squid-2.3.11+quantal1/stubs/adzapper.conf.mas0000664000000000000000000000347512017154761017432 0ustar <%args> $postMatch => '' # Configfile for adzapper. # # by Paul van Tilburg . # based on the wrapzap script by Cameron Simpson . # ZAP_MODE # # Sets the way zapped ads, popups, etc are shown. # Use empty for default or "CLEAR" to get transparent replacement images. # #ZAP_MODE="" ZAP_MODE="CLEAR" # ZAP_BASE # ZAP_BASE_SSL # # Defines the base URL where the substituted ad gifs, swf's, js # scripts, etc can be found. ZAP_BASE_SSL is for HTTPS # but is not used at the moment. # # Note: a local web server will be much better. # ZAP_BASE=http://adzapper.sourceforge.net/zaps ZAP_BASE_SSL=https://adzapper.sourceforge.net/zaps # this can probably be ignored # ZAP_PREMATCH # # Pathname of extra pattern file for patters to preempt the stock # pattern files of adzapper itself. # Preferably use ZAP_POSTMATCH. # ZAP_PREMATCH= # ZAP_POSTMATCH # # Pathname of extra pattern file for patterns in addition to the stock # patterns of adzapper itself. This is the one to which you # should add new adzap patterns. ZAP_POSTMATCH=<% $postMatch %> # STUBURL_* # # Files for used in substition of ads. # STUBURL_AD=$ZAP_BASE/ad.gif STUBURL_ADSSL=$ZAP_BASE_SSL/ad.gif STUBURL_ADBG=$ZAP_BASE/adbg.gif STUBURL_ADJS=$ZAP_BASE/no-op.js STUBURL_ADHTML=$ZAP_BASE/no-op.html STUBURL_ADMP3=$ZAP_BASE/ad.mp3 STUBURL_ADPOPUP=$ZAP_BASE/closepopup.html STUBURL_ADSWF=$ZAP_BASE/ad.swf STUBURL_COUNTER=$ZAP_BASE/counter.gif STUBURL_COUNTERJS=$ZAP_BASE/no-op-counter.js STUBURL_WEBBUG=$ZAP_BASE/webbug.gif STUBURL_WEBBUGJS=$ZAP_BASE/webbug.js # NO_CHANGE_VALUE # # This defines what adzapper outputs when nothing should be redirected. # For squid, this must be empty or undefined (default is empty). # For Apache2's mod_rewrite RewriteMap directive, set this to NULL: #NO_CHANGE_VALUE="NULL" zentyal-squid-2.3.11+quantal1/stubs/dansguardian.logrotate0000664000000000000000000000043412017154761020550 0ustar /var/log/dansguardian/access.log { rotate 5 daily create 644 dansguardian dansguardian prerotate /usr/share/zentyal-squid/manage-services stop > /dev/null 2>&1 || true endscript postrotate /usr/share/zentyal-squid/manage-services start > /dev/null 2>&1 || true endscript } zentyal-squid-2.3.11+quantal1/stubs/zentyal-squid.cron.mas0000664000000000000000000000046712017154761020447 0ustar <%args> @times # /etc/cron.d/zentyal-squid SHELL=/bin/sh PATH=/usr/bin:/bin # regenerate dansguardian conf every time we enter or left a time period % foreach my $time (@times) { <% $time->{min} %> <% $time->{hour} %> * * <% $time->{days} %> root /usr/share/zentyal-squid/update-time-periods % } zentyal-squid-2.3.11+quantal1/stubs/greysitelist.mas0000664000000000000000000000223612017154761017421 0ustar <%args> @domains @includes => () #domains in grey list #Don't bother with the www. or the http:// #The 'grey' lists override the 'banned' lists. #The 'exception' lists override the 'banned' lists also. #The difference is that the 'exception' lists completely switch #off *all* other filtering for the match. 'grey' lists only #stop the URL filtering and allow the normal filtering to work. #An example of grey list use is when in Blanket Block (whitelist) #mode and you want to allow some sites but still filter as normal #on their content #Another example of grey list use is when you ban a site but want #to allow part of it. #The greyurllist is for partly unblocking PART of a site #The greysitelist is for partly unblocking ALL of a site #As of DansGuardian 2.7.3 you can now include #.tld so for example you can match .gov for example #To include additional files in this list use this example: #.Include #You can have multiple .Includes. #List other sites to block: % foreach my $domain (@domains) { <% $domain %> % } # included files % foreach my $path (@includes) { % $path = '<' . $path . '>'; .Include<% $path %> % }zentyal-squid-2.3.11+quantal1/stubs/bannedextensionlist.mas0000664000000000000000000000017212017154761020747 0ustar <%args> @extensions #Banned extension list % foreach my $extension (@extensions) { <% '.' . $extension %> % } zentyal-squid-2.3.11+quantal1/stubs/exceptionsitelist.mas0000664000000000000000000000164012017154761020447 0ustar <%args> @domains @includes => () #Sites in exception list #Don't bother with the www. or #the http:// # #These are specifically domains and are not URLs. #For example 'foo.bar/porn/' is no good, you need #to just have 'foo.bar'. # #You can also match IPs here too. # #As of DansGuardian 2.7.3 you can now include #.tld so for example you can match .gov for example # Blanket SSL/CONNECT exception. To allow all SSL # and CONNECT tunnels except to addresses in the # exceptionsitelist and greysitelist files, remove # the # from the next line to leave only a '**s': #**s # Blanket SSL/CONNECT IP exception. To allow all SSL and CONNECT # tunnels to sites specified only as an IP, # remove the # from the next line to leave only a '*ips': #*ips % foreach my $domain (@domains) { <% $domain %> % } # included files % foreach my $path (@includes) { % $path = '<' . $path . '>'; .Include<% $path %> % } zentyal-squid-2.3.11+quantal1/stubs/bannedphraselist.mas0000664000000000000000000000243712017154761020223 0ustar # BANNEDPHRASELIST - INSTRUCTIONS FOR USE # # To block any page with the word "sex". # < sex > # # To block any page with words that contain the string "sex". (ie. sexual) # # # To block any page with the string "sex magazine". # # # To block any page containing the words/strings "sex" and "fetish". # , # # < test> will match any word with the string 'test' at the beginning # will match any word with the string 'test' at the end # will match any word with the string 'test' at any point in the word # < test > will match only the word 'test' # will match that exact phrase # , will match if both words are found in the page # A combination of the above can also be used eg < test>, # # # Extra phrase-list files to include # .Include # # # All phrases need to be within < and > to work, othewise they will be # ignored. # MORE EXAMPLE LISTS CAN BE DOWNLOADED FROM DANSGUARDIAN.ORG # Phrase Exceptions are no longer listed in this file, they are now # listed in the exceptionphraselist file. # #.Include #.Include #.Include zentyal-squid-2.3.11+quantal1/stubs/filtergroupslist.mas0000664000000000000000000000061212017154761020307 0ustar <%args> @groups # Filter Groups List file for DansGuardian # # Format is =filter<1-99> where 1-99 are the groups # # Eg: # daniel=filter2 # # This file is only of use if you have more than 1 filter group # <%perl> foreach my $group (@groups) { my $number = $group->{number}; foreach my $user (@{$group->{users}}) { <% $user %>=filter<% $number %> % } % } zentyal-squid-2.3.11+quantal1/stubs/clamdscan.conf.mas0000664000000000000000000000174112017154761017543 0ustar <%args> $clamdSocket plugname = 'clamdscan' # edit this to match the location of your ClamD UNIX domain socket clamdudsfile = '<% $clamdSocket %>' # If this string is set, the text it contains shall be removed from the # beginning of filenames when passing them to ClamD. # Use it to - for example - support a ClamD running inside a chroot jail: # if DG's filecachedir is set to "/var/clamdchroot/downloads/" and pathprefix # is set to "/var/clamdchroot", then file names given to ClamD will be of the # form "/downloads/tf*" instead of "/var/clamdchroot/downloads/tf*". #pathprefix = '/var/clamdchroot' exceptionvirusmimetypelist = '/etc/dansguardian/lists/contentscanners/exceptionvirusmimetypelist' exceptionvirusextensionlist = '/etc/dansguardian/lists/contentscanners/exceptionvirusextensionlist' exceptionvirussitelist = '/etc/dansguardian/lists/contentscanners/exceptionvirussitelist' exceptionvirusurllist = '/etc/dansguardian/lists/contentscanners/exceptionvirusurllist' zentyal-squid-2.3.11+quantal1/stubs/dansguardian.conf.mas0000664000000000000000000005276112017154761020266 0ustar <%args> $port $lang $squidport $weightedPhraseThreshold $nGroups $antivirus => 1 $maxchildren $minchildren $minsparechildren $preforkchildren $maxsparechildren $maxagechildren # Web Access Denied Reporting (does not affect logging) # # -1 = log, but do not block - Stealth mode # 0 = just say 'Access Denied' # 1 = report why but not what denied phrase # 2 = report fully # 3 = use HTML template file (accessdeniedaddress ignored) - recommended # reportinglevel = 3 # Language dir where languages are stored for internationalisation. # The HTML template within this dir is only used when reportinglevel # is set to 3. When used, DansGuardian will display the HTML file instead of # using the perl cgi script. This option is faster, cleaner # and easier to customise the access denied page. # The language file is used no matter what setting however. # languagedir = '/etc/dansguardian/languages' # language to use from languagedir. language = <% $lang %> # Logging Settings # # 0 = none 1 = just denied 2 = all text based 3 = all requests loglevel = 3 # Log Exception Hits # Log if an exception (user, ip, URL, phrase) is matched and so # the page gets let through. Can be useful for diagnosing # why a site gets through the filter. # 0 = never log exceptions # 1 = log exceptions, but do not explicitly mark them as such # 2 = always log & mark exceptions (default) logexceptionhits = 1 # Log File Format # 1 = DansGuardian format (space delimited) # 2 = CSV-style format # 3 = Squid Log File Format # 4 = Tab delimited logfileformat = 3 # truncate large items in log lines #maxlogitemlength = 400 # anonymize logs (blank out usernames & IPs) #anonymizelogs = on # Syslog logging # # Use syslog for access logging instead of logging to the file # at the defined or built-in "loglocation" #syslog = on # Log file location # # Defines the log directory and filename. loglocation = '/var/log/dansguardian/access.log' # Statistics log file location # # Defines the stat file directory and filename. # Only used in conjunction with maxips > 0 # Once every 3 minutes, the current number of IPs in the cache, and the most # that have been in the cache since the daemon was started, are written to this # file. IPs persist in the cache for 7 days. #statlocation = '/var/log/dansguardian/stats' # Network Settings # # the IP that DansGuardian listens on. If left blank DansGuardian will # listen on all IPs. That would include all NICs, loopback, modem, etc. # Normally you would have your firewall protecting this, but if you want # you can limit it to a certain IP. To bind to multiple interfaces, # specify each IP on an individual filterip line. filterip = # the port that DansGuardian listens to. filterport = <% $port %> # the ip of the proxy (default is the loopback - i.e. this server) proxyip = 127.0.0.1 # the port DansGuardian connects to proxy on proxyport = <% $squidport %> # accessdeniedaddress is the address of your web server to which the cgi # dansguardian reporting script was copied. Only used in reporting levels 1 and 2. # # This webserver must be either: # 1. Non-proxied. Either a machine on the local network, or listed as an exception # in your browser's proxy configuration. # 2. Added to the exceptionsitelist. Option 1 is preferable; this option is # only for users using both transparent proxying and a non-local server # to host this script. # # Individual filter groups can override this setting in their own configuration. # accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' # Non standard delimiter (only used with accessdeniedaddress) # To help preserve the full banned URL, including parameters, the variables # passed into the access denied CGI are separated using non-standard # delimiters. This can be useful to ensure correct operation of the filter # bypass modes. Parameters are split using "::" in place of "&", and "==" in # place of "=". # Default is enabled, but to go back to the standard mode, disable it. nonstandarddelimiter = on # Banned image replacement # Images that are banned due to domain/url/etc reasons including those # in the adverts blacklists can be replaced by an image. This will, # for example, hide images from advert sites and remove broken image # icons from banned domains. # on (default) | off usecustombannedimage = on custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif' # Filter groups options # filtergroups sets the number of filter groups. A filter group is a set of content # filtering options you can apply to a group of users. The value must be 1 or more. # DansGuardian will automatically look for dansguardianfN.conf where N is the filter # group. To assign users to groups use the filtergroupslist option. All users default # to filter group 1. You must have some sort of authentication to be able to map users # to a group. The more filter groups the more copies of the lists will be in RAM so # use as few as possible. filtergroups = <% $nGroups %> filtergroupslist = '/etc/dansguardian/lists/filtergroupslist' # Authentication files location bannediplist = '/etc/dansguardian/lists/bannediplist' exceptioniplist = '/etc/dansguardian/lists/exceptioniplist' # Show weighted phrases found # If enabled then the phrases found that made up the total which excedes # the naughtyness limit will be logged and, if the reporting level is # high enough, reported. on | off showweightedfound = on # Weighted phrase mode # There are 3 possible modes of operation: # 0 = off = do not use the weighted phrase feature. # 1 = on, normal = normal weighted phrase operation. # 2 = on, singular = each weighted phrase found only counts once on a page. # weightedphrasemode = <% $weightedPhraseThreshold ? 2 : 0 %> # Positive (clean) result caching for URLs # Caches good pages so they don't need to be scanned again. # It also works with AV plugins. # 0 = off (recommended for ISPs with users with disimilar browsing) # 1000 = recommended for most users # 5000 = suggested max upper limit # If you're using an AV plugin then use at least 5000. urlcachenumber = 1000 # # Age before they are stale and should be ignored in seconds # 0 = never # 900 = recommended = 15 mins urlcacheage = 900 # Clean cache for content (AV) scan results # By default, to save CPU, files scanned and found to be # clean are inserted into the clean cache and NOT scanned # again for a while. If you don't like this then choose # to disable it. # (on|off) default = on. scancleancache = on # Smart, Raw and Meta/Title phrase content filtering options # Smart is where the multiple spaces and HTML are removed before phrase filtering # Raw is where the raw HTML including meta tags are phrase filtered # Meta/Title is where only meta and title tags are phrase filtered (v. quick) # CPU usage can be effectively halved by using setting 0 or 1 compared to 2 # 0 = raw only # 1 = smart only # 2 = both of the above (default) # 3 = meta/title phrasefiltermode = 2 # Lower casing options # When a document is scanned the uppercase letters are converted to lower case # in order to compare them with the phrases. However this can break Big5 and # other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented # characters are supported. # 0 = force lower case (default) # 1 = do not change case # 2 = scan first in lower case, then in original case preservecase = 0 # Note: # If phrasefiltermode and preserve case are both 2, this equates to 4 phrase # filtering passes. If you have a large enough userbase for this to be a # worry, and need to filter pages in exotic character encodings, it may be # better to run two instances on separate servers: one with preservecase 1 # (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one # with preservecase 0 and ASCII/UTF-8 lists. # Hex decoding options # When a document is scanned it can optionally convert %XX to chars. # If you find documents are getting past the phrase filtering due to encoding # then enable. However this can break Big5 and other 16-bit texts. # off = disabled (default) # on = enabled hexdecodecontent = off # Force Quick Search rather than DFA search algorithm # The current DFA implementation is not totally 16-bit character compatible # but is used by default as it handles large phrase lists much faster. # If you wish to use a large number of 16-bit character phrases then # enable this option. # off (default) | on (Big5 compatible) forcequicksearch = off # Reverse lookups for banned site and URLs. # If set to on, DansGuardian will look up the forward DNS for an IP URL # address and search for both in the banned site and URL lists. This would # prevent a user from simply entering the IP for a banned address. # It will reduce searching speed somewhat so unless you have a local caching # DNS server, leave it off and use the Blanket IP Block option in the # bannedsitelist file instead. reverseaddresslookups = off # Reverse lookups for banned and exception IP lists. # If set to on, DansGuardian will look up the forward DNS for the IP # of the connecting computer. This means you can put in hostnames in # the exceptioniplist and bannediplist. # If a client computer is matched against an IP given in the lists, then the # IP will be recorded in any log entries; if forward DNS is successful and a # match occurs against a hostname, the hostname will be logged instead. # It will reduce searching speed somewhat so unless you have a local DNS server, # leave it off. reverseclientiplookups = off # Perform reverse lookups on client IPs for successful requests. # If set to on, DansGuardian will look up the forward DNS for the IP # of the connecting computer, and log host names (where available) rather than # IPs against requests. # This is not dependent on reverseclientiplookups being enabled; however, if it # is, enabling this option does not incur any additional forward DNS requests. logclienthostnames = off # Build bannedsitelist and bannedurllist cache files. # This will compare the date stamp of the list file with the date stamp of # the cache file and will recreate as needed. # If a bsl or bul .processed file exists, then that will be used instead. # It will increase process start speed by 300%. On slow computers this will # be significant. Fast computers do not need this option. on | off createlistcachefiles = on # POST protection (web upload and forms) # does not block forms without any file upload, i.e. this is just for # blocking or limiting uploads # measured in kibibytes after MIME encoding and header bumph # use 0 for a complete block # use higher (e.g. 512 = 512Kbytes) for limiting # use -1 for no blocking #maxuploadsize = 512 #maxuploadsize = 0 maxuploadsize = -1 # Max content filter size # Sometimes web servers label binary files as text which can be very # large which causes a huge drain on memory and cpu resources. # To counter this, you can limit the size of the document to be # filtered and get it to just pass it straight through. # This setting also applies to content regular expression modification. # The value must not be higher than maxcontentramcachescansize # The size is in Kibibytes - eg 2048 = 2Mb # use 0 to set it to maxcontentramcachescansize maxcontentfiltersize = 256 # Max content ram cache scan size # This is only used if you use a content scanner plugin such as AV # This is the max size of file that DG will download and cache # in RAM. After this limit is reached it will cache to disk # This value must be less than or equal to maxcontentfilecachescansize. # The size is in Kibibytes - eg 10240 = 10Mb # use 0 to set it to maxcontentfilecachescansize # This option may be ignored by the configured download manager. maxcontentramcachescansize = 2000 # Max content file cache scan size # This is only used if you use a content scanner plugin such as AV # This is the max size file that DG will download # so that it can be scanned or virus checked. # This value must be greater or equal to maxcontentramcachescansize. # The size is in Kibibytes - eg 10240 = 10Mb maxcontentfilecachescansize = 20000 # File cache dir # Where DG will download files to be scanned if too large for the # RAM cache. filecachedir = '/tmp' # Delete file cache after user completes download # When a file gets save to temp it stays there until it is deleted. # You can choose to have the file deleted when the user makes a sucessful # download. This will mean if they click on the link to download from # the temp store a second time it will give a 404 error. # You should configure something to delete old files in temp to stop it filling up. # on|off (defaults to on) deletedownloadedtempfiles = on # Initial Trickle delay # This is the number of seconds a browser connection is left waiting # before first being sent *something* to keep it alive. The # *something* depends on the download manager chosen. # Do not choose a value too low or normal web pages will be affected. # A value between 20 and 110 would be sensible # This may be ignored by the configured download manager. initialtrickledelay = 20 # Trickle delay # This is the number of seconds a browser connection is left waiting # before being sent more *something* to keep it alive. The # *something* depends on the download manager chosen. # This may be ignored by the configured download manager. trickledelay = 10 # Download Managers # These handle downloads of files to be filtered and scanned. # They differ in the method they deal with large downloads. # Files usually need to be downloaded 100% before they can be # filtered and scanned before being sent on to the browser. # Normally the browser can just wait, but with content scanning, # for example to AV, the browser may timeout or the user may get # confused so the download manager has to do some sort of # 'keep alive'. # # There are various methods possible but not all are included. # The author does not have the time to write them all so I have # included a plugin systam. Also, not all methods work with all # browsers and clients. Specifically some fancy methods don't # work with software that downloads updates. To solve this, # each plugin can support a regular expression for matching # the client's user-agent string, and lists of the mime types # and extensions it should manage. # # Note that these are the matching methods provided by the base plugin # code, and individual plugins may override or add to them. # See the individual plugin conf files for supported options. # # The plugins are matched in the order you specify and the last # one is forced to match as the default, regardless of user agent # and other matching mechanisms. # downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf' #downloadmanager = '/etc/dansguardian/downloadmanagers/trickle.conf' downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf' # Content Scanners (Also known as AV scanners) # These are plugins that scan the content of all files your browser fetches # for example to AV scan. The options are limitless. Eventually all of # DansGuardian will be plugin based. You can have more than one content # scanner. The plugins are run in the order you specify. # This is one of the few places you can have multiple options of the same name. # # Some of the scanner(s) require 3rd party software and libraries eg clamav. # See the individual plugin conf file for more options (if any). # % if ($antivirus) { contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf' % } # Content scanner timeout # Some of the content scanners support using a timeout value to stop # processing (eg AV scanning) the file if it takes too long. # If supported this will be used. # The default of 60 seconds is probably reasonable. contentscannertimeout = 60 # Content scan exceptions # If 'on' exception sites, urls, users etc will be scanned # This is probably not desirable behavour as exceptions are # supposed to be trusted and will increase load. # Correct use of grey lists are a better idea. # (on|off) default = off contentscanexceptions = off # Auth plugins # These replace the usernameidmethod* options in previous versions. They # handle the extraction of client usernames from various sources, such as # Proxy-Authorisation headers and ident servers, enabling requests to be # handled according to the settings of the user's filter group. # Multiple plugins can be specified, and will be queried in order until one # of them either finds a username or throws an error. For example, if Squid # is configured with both NTLM and Basic auth enabled, and both the 'proxy-basic' # and 'proxy-ntlm' auth plugins are enabled here, then clients which do not support # NTLM can fall back to Basic without sacrificing access rights. # # If you do not use multiple filter groups, you need not specify this option. # authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf' #authplugin = '/etc/dansguardian/authplugins/proxy-digest.conf' #authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf' #authplugin = '/etc/dansguardian/authplugins/ident.conf' authplugin = '/etc/dansguardian/authplugins/ip.conf' # Re-check replaced URLs # As a matter of course, URLs undergo regular expression search/replace (urlregexplist) # *after* checking the exception site/URL/regexpURL lists, but *before* checking against # the banned site/URL lists, allowing certain requests that would be matched against the # latter in their original state to effectively be converted into grey requests. # With this option enabled, the exception site/URL/regexpURL lists are also re-checked # after replacement, making it possible for URL replacement to trigger exceptions based # on them. # Defaults to off. recheckreplacedurls = off # Misc settings # if on it adds an X-Forwarded-For: to the HTTP request # header. This may help solve some problem sites that need to know the # source ip. on | off forwardedfor = off # if on it uses the X-Forwarded-For: to determine the client # IP. This is for when you have squid between the clients and DansGuardian. # Warning - headers are easily spoofed. on | off usexforwardedfor = off # if on it logs some debug info regarding fork()ing and accept()ing which # can usually be ignored. These are logged by syslog. It is safe to leave # it on or off logconnectionhandlingerrors = off # Fork pool options # If on, this causes DG to write to the log file whenever child processes are # created or destroyed (other than by crashes). This information can help in # understanding and tuning the following parameters, but is not generally # useful in production. logchildprocesshandling = off # sets the maximum number of processes to spawn to handle the incoming # connections. Max value usually 250 depending on OS. # On large sites you might want to try 180. maxchildren = <% $maxchildren %> # sets the minimum number of processes to spawn to handle the incoming connections. # On large sites you might want to try 32. minchildren = <% $minchildren %> minsparechildren = <% $minsparechildren %> # sets the minimum number of processes to spawn when it runs out # On large sites you might want to try 10. preforkchildren = <% $preforkchildren %> # sets the maximum number of processes to have doing nothing. # When this many are spare it will cull some of them. # On large sites you might want to try 64. maxsparechildren = <% $maxsparechildren %> # sets the maximum age of a child process before it croaks it. # This is the number of connections they handle before exiting. # On large sites you might want to try 10000. maxagechildren = <% $maxagechildren %> # Sets the maximum number client IP addresses allowed to connect at once. # Use this to set a hard limit on the number of users allowed to concurrently # browse the web. Set to 0 for no limit, and to disable the IP cache process. maxips = 0 # Process options # (Change these only if you really know what you are doing). # These options allow you to run multiple instances of DansGuardian on a single machine. # Remember to edit the log file path above also if that is your intention. # IPC filename # # Defines IPC server directory and filename used to communicate with the log process. ipcfilename = '/tmp/.dguardianipc' # URL list IPC filename # # Defines URL list IPC server directory and filename used to communicate with the URL # cache process. urlipcfilename = '/tmp/.dguardianurlipc' # IP list IPC filename # # Defines IP list IPC server directory and filename, for communicating with the client # IP cache process. ipipcfilename = '/tmp/.dguardianipipc' # PID filename # # Defines process id directory and filename. #pidfilename = '/var/run/dansguardian.pid' # Disable daemoning # If enabled the process will not fork into the background. # It is not usually advantageous to do this. # on|off (defaults to off) nodaemon = off # Disable logging process # on|off (defaults to off) nologger = off # Enable logging of "ADs" category blocks # on|off (defaults to off) logadblocks = off # Enable logging of client User-Agent # Some browsers will cause a *lot* of extra information on each line! # on|off (defaults to off) loguseragent = off # Daemon runas user and group # This is the user that DansGuardian runs as. Normally the user/group nobody. # Uncomment to use. Defaults to the user set at compile time. # Temp files created during virus scanning are given owner and group read # permissions; to use content scanners based on external processes, such as # clamdscan, the two processes must run with either the same group or user ID. #daemonuser = 'nobody' #daemongroup = 'nobody' # Soft restart # When on this disables the forced killing off all processes in the process group. # This is not to be confused with the -g run time option - they are not related. # on|off (defaults to off) softrestart = off zentyal-squid-2.3.11+quantal1/stubs/greyurllist.mas0000664000000000000000000000212012017154761017247 0ustar <%args> @urls @includes => () #URLs in grey list #Don't bother with the http:// or the www #The greyurllist is for partly unblocking PART of a site #The greysitelist is for partly unblocking ALL of a site #The 'grey' lists override the 'banned' lists. #The 'exception' lists override the 'banned' lists also. #The difference is that the 'exception' lists completely switch #off *all* other filtering for the match. 'grey' lists only #stop the URL filtering and allow the normal filtering to work. #An example of grey list use is when in Blanket Block (whitelist) #mode and you want to allow some sites but still filter as normal #on their content #Another example of grey list use is when you ban a site but want #to allow part of it. #To include additional files in this list use this example: #.Include #You can have multiple .Includes. #List other URLs to block: #members.home.net/nice % foreach my $url (@urls) { <% $url %> % } # included files % foreach my $path (@includes) { % $path = '<' . $path . '>'; .Include<% $path %> % } zentyal-squid-2.3.11+quantal1/stubs/bannedsitelist.mas0000664000000000000000000000650612017154761017706 0ustar <%args> @domains $blockIp $blanketBlock @includes => () #domains in banned list #Don't bother with the www. or the http:// #The bannedurllist is for blocking PART of a site #The bannedsitelist is for blocking ALL of a site #As of DansGuardian 2.7.3 you can now include #.tld so for example you can match .gov for example #List other sites to block: % foreach my $domain (@domains) { <% $domain %> % } # Blanket Block. To block all sites except those in the # exceptionsitelist and greysitelist files remove # the # from the next line to leave only a '**': % if ($blanketBlock) { ** **s % } #Blanket IP Block. To block all sites specified only as an IP #remove the # from the next line to leave only a '*ip': % if ($blockIp) { *ip *ips % } #Remove the # from the following and edit as needed to use a stock #squidGuard/urlblacklist blacklists collection. #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include #.Include % foreach my $path (@includes) { % $path = '<' . $path . '>'; .Include<% $path %> % } zentyal-squid-2.3.11+quantal1/stubs/exceptionurllist.mas0000664000000000000000000000106012017154761020301 0ustar <%args> @urls @includes => () #URLs in exception list #Don't bother with the www. or #the http:// # #These are parts of sites that filtering should #be switched off for. # #These should not be domains, i.e. entire sites, #they should be a domain with a path. # #For example 'foo.bar' is no good, you need #to just have 'foo.bar/porn/'. # #Another example: #generallybadsite.tld/partthatsok/ % foreach my $url (@urls) { <% $url %> % } # included files % foreach my $path (@includes) { % $path = '<' . $path . '>'; .Include<% $path %> % }zentyal-squid-2.3.11+quantal1/stubs/ipgroups.mas0000664000000000000000000000070412017154761016540 0ustar <%args> @objects # IP-Group list # Used by the IP-based auth plugin to assign IP addresses to filter groups. # # Examples: # Straight IP matching: #192.168.0.1 = filter1 # Subnet matching: #192.168.1.0/255.255.255.0 = filter1 # Range matching: #192.168.1.0-192.168.1.255 = filter1 % foreach my $obj (@objects) { <% $obj->{address} %>=filter<% $obj->{number} %> % } # Deny all if no other filter profiles have applied 0.0.0.0/0.0.0.0=filter2 zentyal-squid-2.3.11+quantal1/stubs/bannedurllist.mas0000664000000000000000000000206112017154761017534 0ustar <%args> @urls @includes => () #URLs in banned list #Don't bother with the http:// or the www #The bannedurllist is for blocking PART of a site #The bannedsitelist is for blocking ALL of a site #The 'grey' lists override the 'banned' lists. #The 'exception' lists override the 'banned' lists also. #The difference is that the 'exception' lists completely switch #off *all* other filtering for the match. 'grey' lists only #stop the URL filtering and allow the normal filtering to work. #An example of grey list use is when in Blanket Block (whitelist) #mode and you want to allow some sites but still filter as normal #on their content #Another example of grey list use is when you ban a site but want #to allow part of it. #To include additional files in this list use this example: #.Include #You can have multiple .Includes. #List other URLs to block: % foreach my $url (@urls) { <% $url %> % } # included files % foreach my $path (@includes) { % $path = '<' . $path . '>'; .Include<% $path %> % } zentyal-squid-2.3.11+quantal1/stubs/bannedregexpurllist.mas0000664000000000000000000001262012017154761020751 0ustar # The regexp are disabled by Zentyal due to the great number of false positives # If you want to enable them uncomment the appropiates lines in # /usr/share/zentyal/stubs/squid/bannedregexpurllist.mas and restart the proxy # module with the command '/etc/init.d/zentyal squid restart' # #Banned URLs based on Regular Expressions # # E.g. 'sex' would block sex.com and middlesex.com etc #listcategory: "Banned Regular Expression URLs" #Banned URLs based on Regular Expressions ###################################################### # Pornography, Modelling and Adult Sites ###################################################### # The following two lines may work better than the above - Philip Pearce 9/11/2004 #(big|cyber|hard|huge|mega|small|soft|super|tiny|bare|naked|nude|anal|oral|topp?les|sex|phone)+.*(anal|babe|bharath|boob|breast|busen|busty|clit|cum|cunt|dick|fetish|fuck|girl|hooter|lez|lust|naked|nude|oral|orgy|penis|porn|porno|pupper|pussy|rotten|sex|shit|smutpump|teen|tit|topp?les|xxx)s? #(anal|babe|bharath|boob|breast|busen|busty|clit|cum|cunt|dick|fetish|fuck|girl|hooter|lez|lust|naked|nude|oral|orgy|penis|porn|porno|pupper|pussy|rotten|sex|shit|smutpump|teen|tit|topp?les|xxx)+.*(big|cyber|hard|huge|mega|small|soft|super|tiny|bare|naked|nude|anal|oral|topp?les|sex)+ #HardCore phrases #(adultsight|adultsite|adultsonly|adultweb|blowjob|bondage|centerfold|cumshot|cyberlust|cybercore|hardcore|masturbat) #bangbros|pussylip|playmate|pornstar|sexdream|showgirl|softcore|striptease) #SoftCore phrases - more likely to overblock - possibly on news sites #(incest|obscene|pedophil|pedofil) #Photo Modeling - supplied by David Burkholder #(male|m[ae]n|boy|girl|beaut|agen[ct]|glam)+.*(model|talent) # The following will help to block explicit media files (images and video) #(sex|fuck|boob|cunt|fetish|tits|anal|hooter|asses|shemale|submission|porn|xxx|busty|knockers|slut|nude|naked|pussy)+.*(\.jpg|\.wmv|\.mpg|\.mpeg|\.gif|\.mov) #(girls|babes|bikini|model)+.*(\.jpg|\.wmv|\.mpg|\.mpeg|\.gif|\.mov) #Block Naturism and Nudist sites #(naturism|naturist|nude|nudist|nudism|nekkid|nakt|naakt) ###################################################### # Search Engine and Related ###################################################### #Block unfiltered options on various search engines #(^|[\?+=&/])(.*\.google\..*/.*\?.*safe=off)([\?+=&/]|$) #(^|[\?+=&/])(.*\.alltheweb.com/customize\?.*copt_offensive=off)([\?+=&/]|$) #Block images and video on altavista, alltheweb, yahoo etc - as they are anonomised #(yahoo.com\/image\/) #(yimg.com\/image\/) #(altavista.com\/image\/) #(altavista.com\/video\/) #(picsearch.com\/is) #Block images and video on google #(images.google)+.*(\.jpg|\.wmv|\.mpg|\.mpeg|\.gif|\.mov) #(google.com\/video) #block all video #(google.com\/ThumbnailServer) #block video thumbnails #(google.com\/videoplay) #block only playing the video ###################################################### # Proxy Sites ###################################################### #Block Cgiproxy, Poxy, PHProxy and other Web-based proxies #cecid.php|nph-webpr|nph-pro|/dmirror|cgiproxy|phpwebproxy|__proxy_url|proxy.php) #Block websites containing proxy lists #anonymizer|proxify|megaproxy) #AGRESSIVE blocking of all URLs containing proxy - WARNING - this WILL overblock!! #(proxy) ###################################################### # Gambling - supplied by David Burkholder ###################################################### #(casino|bet(ting|s)|lott(ery|o)|gam(e[rs]|ing|bl(e|ing))|sweepstake|poker) ###################################################### # Sport - supplied by David Burkholder ###################################################### #(bowling|badminton|box(e[dr]|ing)|skat(e[rs]|ing)|hockey|soccer|nascar|wrest|rugby|tennis|sports|cheerlead|rodeo|cricket|badminton|stadium|derby) #((paint|volley|bas(e|ket)|foot|quet)ball|/players[/\.]?|(carn|fest)ival) #Racing - supplied by David Burkholder #(speed(st|wa|y)|corvette|rac[eiy]|wrest|harley|motorcycle|nascar) ###################################################### # News sites - supplied by David Burkholder ###################################################### #(news(watch|pap|cast)|herald|sentinel|courier|gazet|tribune|chronicle|daily|ning)news) ###################################################### # Dating Sites - supplied by David Burkholder ###################################################### #(meet|hook|mailord|latin|(asi|mexic|dominic|russi|kore|colombi|balk)an|brazil|filip|french|chinese|ukrain|thai|tour|foreign|date)+.*(dar?[lt]ing|(sing|coup)le|m[ae]n|girl|boy|guy|mat(e|ing)|l[ou]ve?|partner|meet) #(marr(y|i[ae])|roman(ce|tic)|fiance|bachelo|dating|affair|personals) ###################################################### # Miscellaneous - Productivity etc. ###################################################### #Use this to block web counters: #(adlog.php|cnt.cgi|count.cgi|count.dat|count.jsp|count.pl|count.php|counter.cgi|counter.js|counter.pl|countlink.cgi|fpcount.exe|logitpro.cgi|rcounter.dll|track.pl|w_counter.js) #Contributed by proxy@barendse.to #Free stuff - supplied by David Burkholder #(free|phone|mobile)+.*(love|music|movie|dvd|video|stuff|site|arcade|wallpaper|mp3) #((ring|real)tone) #Music - supplied by David Burkholder #(rock|pop|jazz|rap|punk)+.*(cult|roll|geek|drum|music|history|band) # WARNING: This is part of the URL for the dansguardian.org sample virus archive. # You probably don't want to go there unintentionally. #Variants/AVTest) zentyal-squid-2.3.11+quantal1/stubs/dansguardianfN.conf.mas0000664000000000000000000002723012017154761020543 0ustar <%args> $policy $threshold $group $groupName => undef $antivirus => 1 <%init> my @groupConfigFiles = ( 'bannedsitelist', 'bannedurllist', 'greysitelist', 'greyurllist', 'exceptionsitelist', 'exceptionurllist', 'bannedextensionlist', 'bannedmimetypelist', ); defined $groupName or $groupName = 'group' . $group; # DansGuardian filter group config file for version 2.8.0 # Filter group mode # This option determines whether members of this group have their web access # unfiltered, filtered, or banned. This mechanism replaces the "banneduserlist" # and "exceptionuserlist" files from previous versions. # # 0 = banned # 1 = filtered # 2 = unfiltered (exception) # # Only filter groups with a mode of 1 need to define phrase, URL, site, extension, # mimetype and PICS lists; in other modes, these options are ignored to conserve # memory. # # Defaults to 0 if unspecified. # Unauthenticated users are treated as being in the first filter group. % if ($policy eq 'deny') { groupmode = 0 % } elsif ($policy eq 'allow') { groupmode = 2 % } else { groupmode = 1 % } # Filter group name # Used to fill in the -FILTERGROUP- placeholder in the HTML template file and to # name the group in the access logs # Defaults to empty string groupname = '<% $groupName %>' # Content filtering files location bannedphraselist = '/etc/dansguardian/lists/bannedphraselist' weightedphraselist = '/etc/dansguardian/lists/weightedphraselist' exceptionphraselist = '/etc/dansguardian/lists/exceptionphraselist' % if ($policy eq 'filter') { % foreach my $configFile (@groupConfigFiles) { <% $configFile %> = '/etc/dansguardian/lists/<% $configFile . $group %>' % } % } exceptionregexpurllist = '/etc/dansguardian/lists/exceptionregexpurllist' bannedregexpurllist = '/etc/dansguardian/lists/bannedregexpurllist' picsfile = '/etc/dansguardian/lists/pics' contentregexplist = '/etc/dansguardian/lists/contentregexplist' urlregexplist = '/etc/dansguardian/lists/urlregexplist' # Filetype filtering # # Blanket download blocking # If enabled, all files will be blocked, unless they match the # exceptionextensionlist or exceptionmimetypelist. # These lists do not override virus scanning. # Exception lists defined above override all types of filtering, including # the blanket download block. # Defaults to disabled. # (on | off) # blockdownloads = off exceptionextensionlist = '/etc/dansguardian/lists/exceptionextensionlist' exceptionmimetypelist = '/etc/dansguardian/lists/exceptionmimetypelist' # # In either file filtering mode, the following list can be used to override # MIME type & extension blocks for particular domains & URLs (trusted download sites). # exceptionfilesitelist = '/etc/dansguardian/lists/exceptionfilesitelist' exceptionfileurllist = '/etc/dansguardian/lists/exceptionfileurllist' # Categorise without blocking: # Supply categorised lists here and the category string shall be logged against # matching requests, but matching these lists does not perform any filtering # action. #logsitelist = '/etc/dansguardian/lists/logsitelist' #logurllist = '/etc/dansguardian/lists/logurllist' #logregexpurllist = '/etc/dansguardian/lists/logregexpurllist' # Outgoing HTTP header rules: # Optional lists for blocking based on, and modification of, outgoing HTTP # request headers. Format for headerregexplist is one modification rule per # line, similar to content/URL modifications. Format for # bannedregexpheaderlist is one regular expression per line, with matching # headers causing a request to be blocked. # Headers are matched/replaced on a line-by-line basis, not as a contiguous # block. # Use for example, to remove cookies or prevent certain user-agents. headerregexplist = '/etc/dansguardian/lists/headerregexplist' bannedregexpheaderlist = '/etc/dansguardian/lists/bannedregexpheaderlist' # Naughtyness limit # This the limit over which the page will be blocked. Each weighted phrase is given # a value either positive or negative and the values added up. Phrases to do with # good subjects will have negative values, and bad subjects will have positive # values. See the weightedphraselist file for examples. # As a guide: # 50 is for young children, 100 for old children, 160 for young adults. % if ($threshold == 0) { # weighted phrase list is disabled in this filter profile, so we put here a # big value naughtynesslimit = 9999 % } else { naughtynesslimit = <% $threshold %> % } # Category display threshold # This option only applies to pages blocked by weighted phrase filtering. # Defines the minimum score that must be accumulated within a particular # category in order for it to show up on the block pages' category list. # All categories under which the page scores positively will be logged; those # that were not displayed to the user appear in brackets. # # -1 = display only the highest scoring category # 0 = display all categories (default) # > 0 = minimum score for a category to be displayed categorydisplaythreshold = 0 # Embedded URL weighting # When set to something greater than zero, this option causes URLs embedded within a # page's HTML (from links, image tags, etc.) to be extracted and checked against the # bannedsitelist and bannedurllist. Each link to a banned page causes the amount set # here to be added to the page's weighting. # The behaviour of this option with regards to multiple occurrences of a site/URL is # affected by the weightedphrasemode setting. # # NB: Currently, this feature uses regular expressions that require the PCRE library. # As such, it is only available if you compiled DansGuardian with '--enable-pcre=yes'. # You can check compile-time options by running 'dansguardian -v'. # # Set to 0 to disable. # Defaults to 0. # WARNING: This option is highly CPU intensive! embeddedurlweight = 0 # Enable PICS rating support # # Defaults to disabled # (on | off) enablepics = off # Temporary Denied Page Bypass # This provides a link on the denied page to bypass the ban for a few minutes. To be # secure it uses a random hashed secret generated at daemon startup. You define the # number of seconds the bypass will function for before the deny will appear again. # To allow the link on the denied page to appear you will need to edit the template.html # or dansguardian.pl file for your language. # 300 = enable for 5 minutes # 0 = disable ( defaults to 0 ) # -1 = enable but you require a separate program/CGI to generate a valid link bypass = 0 # Temporary Denied Page Bypass Secret Key # Rather than generating a random key you can specify one. It must be more than 8 chars. # '' = generate a random one (recommended and default) # 'Mary had a little lamb.' = an example # '76b42abc1cd0fdcaf6e943dcbc93b826' = an example bypasskey = '' # Infection/Scan Error Bypass # Similar to the 'bypass' setting, but specifically for bypassing files scanned and found # to be infected, or files that trigger scanner errors - for example, archive types with # recognised but unsupported compression schemes, or corrupt archives. # The option specifies the number of seconds for which the bypass link will be valid. # 300 = enable for 5 minutes # 0 = disable (default) # -1 = enable, but require a separate program/CGI to generate a valid link infectionbypass = 0 # Infection/Scan Error Bypass Secret Key # Same as the 'bypasskey' option, but used for infection bypass mode. infectionbypasskey = '' # Infection/Scan Error Bypass on Scan Errors Only # Enable this option to allow infectionbypass links only when virus scanning fails, # not when a file is found to contain a virus. # on = enable (default and highly recommended) # off = disable infectionbypasserrorsonly = on # Disable content scanning # If you enable this option you will disable content scanning for this group. # Content scanning primarily is AV scanning (if enabled) but could include # other types. # (on|off) default = off. % if ($antivirus) { disablecontentscan = off % } else { disablecontentscan = on % } # Enable Deep URL Analysis # When enabled, DG looks for URLs within URLs, checking against the bannedsitelist and # bannedurllist. This can be used, for example, to block images originating from banned # sites from appearing in Google Images search results, as the original URLs are # embedded in the thumbnail GET requests. # (on|off) default = off deepurlanalysis = off # reportinglevel # # -1 = log, but do not block - Stealth mode # 0 = just say 'Access Denied' # 1 = report why but not what denied phrase # 2 = report fully # 3 = use HTML template file (accessdeniedaddress ignored) - recommended # # If defined, this overrides the global setting in dansguardian.conf for # members of this filter group. # #reportinglevel = 3 # accessdeniedaddress is the address of your web server to which the cgi # dansguardian reporting script was copied. Only used in reporting levels # 1 and 2. # # This webserver must be either: # 1. Non-proxied. Either a machine on the local network, or listed as an # exception in your browser's proxy configuration. # 2. Added to the exceptionsitelist. Option 1 is preferable; this option is # only for users using both transparent proxying and a non-local server # to host this script. # # If defined, this overrides the global setting in dansguardian.conf for # members of this filter group. # #accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' # HTML Template override # If defined, this specifies a custom HTML template file for members of this # filter group, overriding the global setting in dansguardian.conf. This is # only used in reporting level 3. # # The default template file path is //template.html # e.g. /usr/share/dansguardian/languages/ukenglish/template.html when using 'ukenglish' # language. # # This option generates a file path of the form: # // # e.g. /usr/share/dansguardian/languages/ukenglish/custom.html # #htmltemplate = 'custom.html' # Email reporting - original patch by J. Gauthier # Use SMTP # If on, will enable system wide events to be reported by email. # need to configure mail program (see 'mailer' in global config) # and email recipients # default usesmtp = off usesmtp = off # mailfrom # who the email would come from # example: mailfrom = 'dansguardian@mycompany.com' mailfrom = '' # avadmin # who the virus emails go to (if notify av is on) # example: avadmin = 'admin@mycompany.com' avadmin = '' # contentdmin # who the content emails go to (when thresholds are exceeded) # and contentnotify is on # example: contentadmin = 'admin@mycompany.com' contentadmin = '' # avsubject # Subject of the email sent when a virus is caught. # only applicable if notifyav is on # default avsubject = 'dansguardian virus block' avsubject = 'dansguardian virus block' # content # Subject of the email sent when violation thresholds are exceeded # default contentsubject = 'dansguardian violation' contentsubject = 'dansguardian violation' # notifyAV # This will send a notification, if usesmtp/notifyav is on, any time an # infection is found. # Important: If this option is off, viruses will still be recorded like a # content infraction. notifyav = off # notifycontent # This will send a notification, if usesmtp is on, based on thresholds # below notifycontent = off # thresholdbyuser # results are only predictable with user authenticated configs # if enabled the violation/threshold count is kept track of by the user thresholdbyuser = off #violations # number of violations before notification # setting to 0 will never trigger a notification violations = 0 #threshold # this is in seconds. If 'violations' occur in 'threshold' seconds, then # a notification is made. # if this is set to 0, then whenever the set number of violations are made a # notifaction will be sent. threshold = 0 zentyal-squid-2.3.11+quantal1/stubs/squid.conf.mas0000664000000000000000000002107712017154761016747 0ustar <%doc> Main configuration file for Squid daemon Parameters: snmpEnabled - Boolean indicating if SNMP is enabled or not <%args> $port $transparent $https @localnets @rules @objectsDelayPools @notCachedDomains @nameservers $append_domain $cache_host $cache_port $cache_user $cache_passwd $filter $memory $max_object_size $cacheDirSize $snmpEnabled => 0 $urlRewriteProgram => undef $principal $realm <%perl> our $maxAclNameLength = 31; our %longAclNames = (); sub _timeAclsInPolicy { my ($policy, @ids) = @_; @ids = grep { defined ($_) } @ids; my $id = join '_', @ids; my $acls = ''; if ($policy->{timeDays}) { $acls = _aclName('timeDays_' . $id); $acls .= ' '; } if ($policy->{timeHours}) { $acls .= _aclName('timeHours_' . $id); } return $acls; } # needed because space scape doesnt work in acl names sub _escapeWS { my ($string) = @_; $string =~ s{ }{__}g; return $string; } # needed to avoid log acl problems sub _aclName { my ($name) = @_; if (length($name) <= $maxAclNameLength) { return _escapeWS($name); } if (not exists $longAclNames{$name}) { my $nextId = 1 + keys %longAclNames; $nextId = 'longAcl' . $nextId; $longAclNames{$name} = $nextId; } return _escapeWS($longAclNames{$name}); } # TAG_HTTPORT # % my $transKey = ''; % if ($transparent) { % $transKey = 'transparent'; % } % my $sslKey = ''; % if ($https) { % $sslKey = 'ssl-bump'; % } http_port <% $port %> <% $transKey %> <% $sslKey %> # END_TAG # visible_hostname localhost % if (@nameservers) { % my $dns_nameservers; % foreach my $srv (@nameservers) { % $dns_nameservers .= "$srv "; % } dns_nameservers <% $dns_nameservers %> % } % if ($append_domain) { append_domain .<% $append_domain %> % } hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY # refresh patterns # windows updates refresh_pattern http://.*\.windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://.*\.update\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://download\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://.*\.download\.windowsupdate\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://w?xpsp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://w2ksp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims # linux updates refresh_pattern http://.*\.archive\.ubuntu\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://(ftp|http)[0-9]*\.[a-z]+\.debian\.org/ 0 80% 20160 reload-into-ims refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 # end refresh patterns coredump_dir /var/spool/squid3 cache_effective_user proxy cache_effective_group proxy cache_mem <% $memory %> MB maximum_object_size <% $max_object_size %> MB access_log /var/log/squid3/access.log squid pid_filename /var/run/squid3.pid cache_dir ufs /var/spool/squid3 <% $cacheDirSize %> 16 256 % if ($cache_host and $cache_port) { % my $peerAuth = ''; % if ($cache_user and $cache_passwd) { # WARN: remember that for squid auth % are HTML escapes % $peerAuth = 'login=' . $cache_user . ':' . $cache_passwd; % } cache_peer <% $cache_host %> parent <% $cache_port %> 0 no-query no-digest <% $peerAuth %> % } # TAG_ACL # % if ($realm) { auth_param basic realm Zentyal HTTP proxy auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -s <% $principal %>@<% $realm %> auth_param negotiate children 10 auth_param negotiate keep_alive on acl authorized proxy_auth REQUIRED % } % if ($urlRewriteProgram) { url_rewrite_program <% $urlRewriteProgram %> % } % unless ($filter) { <& .rulesACLs, rules => [ @rules ] &> % } <& .rulesACLs, rules => [ @objectsDelayPools ] &> # no cache domains acl % foreach my $domain (@notCachedDomains) { acl noCached dstdomain <% $domain %> % } # END_TAG # acl localhost src 127.0.0.0/8 acl localhostdst dst 127.0.0.0/8 acl manager proto cache_object acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT follow_x_forwarded_for allow localhost log_uses_indirect_client off http_access allow localhost http_access deny manager http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_reply_access allow all % if ($cache_host and $cache_port) { never_direct allow all % } % if ($https) { # ssl-bump options always_direct allow SSL_ports ssl_bump allow SSL_ports % } # TAG_DELAYPOOLS # % if (@localnets) { acl localnets_zentyal dst <% join ' ', @localnets %> % } <& .delayPools, objectsDelayPools => \@objectsDelayPools &> # END_TAG # TAG_HTTP_ACCESS # % if (@notCachedDomains) { cache deny noCached % } % if ($filter) { # All allowed here as dansguardian takes care of the access rules http_access allow all % } else { <& .rulesAccess, rules => \@rules &> # default policy section # All denied by default if no other allow rule matchs http_access deny all % } # END_TAG # # TAG SNMP # % if ( $snmpEnabled ) { <& .snmp &> % } # END_TAG # always_direct allow localhostdst <%def .rulesACLs> <%args> @rules % foreach my $rule (@rules) { % next if $rule->{any}; % my $object = $rule->{object}; % my $group = $rule->{group}; % my $src = $object ? $object : $group; % my $aclName = _aclName($src); % if ($object) { acl <% $aclName %> src <% join ' ', @{ $rule->{addresses} } %> % } else { % # escape user names % my @users = map { $_ =~ s{ }{\\ }g; $_ } @{$rule->{users}}; acl <% $aclName %> proxy_auth <% join (' ', @users) %> % } <& .timeACLs, rule => $rule, id => $src &> % } <%def .timeACLs> <%args> $rule $id % if ($rule->{timeDays}) { acl <% _aclName('timeDays_' . $id) %> time <% $rule->{timeDays} %> % } % if ($rule->{timeHours}) { acl <% _aclName('timeHours_' . $id) %> time <% $rule->{timeHours} %> % } <%def .rulesAccess> <%args> @rules % foreach my $rule (@rules) { % my $object = $rule->{'object'}; % my $group = $rule->{'group'}; % my $groupAcl = $group ? _aclName($group) : ''; % my $objectAcl = $rule->{'any'} ? 'all' : ($object ? _aclName($object) : ''); % my $acl = $groupAcl ? $groupAcl : $objectAcl; % my $timeAcls = _timeAclsInPolicy($rule, $object, $group); % my $policy = $rule->{'policy'}; % next unless (($policy eq 'allow') or ($policy eq 'deny')); % if ($group) { http_access allow authorized % } http_access <% $policy %> <% $timeAcls %> <% $acl %> % } <%def .delayPools> <%args> @objectsDelayPools % if ( @objectsDelayPools ) { % my $pools = @objectsDelayPools; delay_pools <% $pools + 1%> delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_access 1 allow localnets_zentyal % } <%perl> my $id = 1; foreach my $objPool (@objectsDelayPools) { $id++; my $rate = $objPool->{rate}; if ($rate > 0) { $rate *= 1024; } my $size = $objPool->{size}; if ($size > 0) { $size *= 1024 * 1024; } delay_class <% $id %> <% $objPool->{class} %> % if ( $objPool->{class} eq '1' ) { delay_parameters <% $id %> <% $rate %>/<% $size %> % } elsif ( $objPool->{class} eq '2' ) { <%perl> my $clt_rate = $objPool->{clt_rate}; if ($clt_rate > 0) { $clt_rate *= 1024; } my $clt_size = $objPool->{clt_size}; if ($clt_size > 0) { $clt_size *= 1024 * 1024; } delay_parameters <% $id %> <% $rate %>/<% $size %> <% $clt_rate %>/<% $clt_size %> % } delay_initial_bucket_level 90 delay_access <% $id %> allow <% $objPool->{object} %> delay_access <% $id %> deny all % } <%def .snmp> <%doc> Define the SNMP configuration as SNMP agent acl snmppublic snmp_community public snmp_port 3401 snmp_access allow snmppublic localhost snmp_access deny all zentyal-squid-2.3.11+quantal1/stubs/bannedmimetypelist.mas0000664000000000000000000000016112017154761020562 0ustar <%args> @mimeTypes # Banned MIME type list % foreach my $mimeType (@mimeTypes) { <% $mimeType %> % } zentyal-squid-2.3.11+quantal1/stubs/pics.mas0000664000000000000000000000547612017154761015641 0ustar # Zentyal: we have disabled all the PICS blocking until we allow to set express configuration throught the Zentyal interface # # A more detailed discussion of the options in this file # can be found in the Detailed Installation Guide on # the DansGuardian web site. # The default settings below are aimed at early teens. # You may wish to reduce or increase this. # ICRA is a new version of RSAC # 0 = none 1 = some ICRAchat = 1 ICRAmoderatedchat = 1 ICRAlanguagesexual = 1 ICRAlanguageprofanity = 1 ICRAlanguagemildexpletives = 1 ICRAnuditygraphic = 1 ICRAnuditymalegraphic = 1 ICRAnudityfemalegraphic = 1 ICRAnuditytopless = 1 ICRAnuditybottoms = 1 ICRAnuditysexualacts = 1 ICRAnudityobscuredsexualacts = 1 ICRAnuditysexualtouching = 1 ICRAnuditykissing = 1 ICRAnudityartistic = 1 ICRAnudityeducational = 1 ICRAnuditymedical = 1 ICRAdrugstobacco = 1 ICRAdrugsalcohol = 1 ICRAdrugsuse = 1 ICRAgambling = 1 ICRAweaponuse = 1 ICRAintolerance = 1 ICRAbadexample = 1 ICRApgmaterial = 1 ICRAviolencerape = 1 ICRAviolencetohumans = 1 ICRAviolencetoanimals = 1 ICRAviolencetofantasy = 1 ICRAviolencekillinghumans = 1 ICRAviolencekillinganimals = 1 ICRAviolencekillingfantasy = 1 ICRAviolenceinjuryhumans = 1 ICRAviolenceinjuryanimals = 1 ICRAviolenceinjuryfantasy = 1 ICRAviolenceartisitic = 1 ICRAviolenceeducational = 1 ICRAviolencemedical = 1 ICRAviolencesports = 1 ICRAviolenceobjects = 1 # RSAC # 0 = none 2 = default 4 = wanton and gratuitous RSACviolence = 4 RSACsex = 4 RSACnudity = 4 RSAClanguage = 4 # evaluWEB # 0 = U 1 = PG 2 = 18 evaluWEBrating = 2 # CyberNOT # 0 = none 8 = lots CyberNOTsex = 8 CyberNOTother = 8 # SafeSurf # 0 = full filtering 9 = wanton and gratuitous SafeSurfprofanity = 9 SafeSurfheterosexualthemes = 9 SafeSurfhomosexualthemes = 9 SafeSurfnudity = 9 SafeSurfviolence = 9 SafeSurfsexviolenceandprofanity = 9 SafeSurfintolerance = 9 SafeSurfdruguse = 9 SafeSurfotheradultthemes = 9 SafeSurfgambling = 9 # 1 = All ages 9 = early teens 9 = explicitly for adults SafeSurfagerange = 9 # Weburbia # 0 = U 1 = PG 2 = 18 Weburbiarating = 2 #Vancouver Webpages - low is good high is bad Vancouvermulticulturalism = -3 # -3 to 2 Vancouvereducationalcontent = -3 # -3 to 1 Vancouverenvironmentalawareness = -3 # -3 to 1 Vancouvertolerance = -3 # -2 to 4 Vancouverviolence = 0 # 0 to 5 Vancouversex = 0 # 0 to 7 Vancouverprofanity = 0 # 0 to 4 Vancouversafety = -2 # -2 to 2 Vancouvercanadiancontent = -2 # -2 to 0 Vancouvercommercialcontent = 0 # 0 to 3 Vancouvergambling = -1 # -1 to 3 # Korean PICS services # Thanks to Richard Lee for outlining tag formats # ICEC - service.icec.or.kr ICECrating = 1 # 0 to 1 # SafeNet - www.safenet.ne.kr SafeNetnudity = 4 # 0 to 4 SafeNetsex = 4 # 0 to 4 SafeNetviolence = 4 # 0 to 4 SafeNetlanguage = 4 # 0 to 4 SafeNetgambling = 1 # 0 to 1 SafeNetalcoholtobacco = 1 # 0 to 1 zentyal-squid-2.3.11+quantal1/stubs/exceptionphraselist.mas0000664000000000000000000000101712017154761020763 0ustar # EXCEPTIONPHRASELIST - INSTRUCTIONS FOR USE # # If any of the phrases listed below appear in a web page # then it will bypass the filtering and be allowed through # eg # < medical > # # # Combinations # Unblock the page if the following phrases are found on the same page. # Each line is a new combination. # eg #,, # # See the bannedphraselist for more examples. #.Include #.Include zentyal-squid-2.3.11+quantal1/stubs/template.html.mas0000664000000000000000000000677312017154761017462 0ustar <%args> $image_name => 'zentyal.png' $extra_messages => '' <%init> use EBox::Gettext; Zentyal - <% __('Access Denied') %>
Zentyal

<% __('Access has been Denied') %>

<% __x("Access to the page: {page} has been denied for the following reason", page => '-URL-') %>:

-REASONGIVEN-

<% __('Categories') %>:

-CATEGORIES-

<% __('You are seeing this error because what you attempted to access appears to contain, or is labeled as containing, material that has been deemed inappropriate.') %>

% if ($extra_messages) {

<% $extra_messages %>

% }

<% __('If you have any queries contact your ICT Coordinator or Network Manager.') %>
<% __('Powered by') %> Zentyal
zentyal-squid-2.3.11+quantal1/ChangeLog0000664000000000000000000003012012017154761014573 0ustar 2.3.11 + Removed duplicated Domain Filter Settings model in tabs + Better order and names in Filter Profile models + Better order for menu items 2.3.10 + Added users as enabledepend + Add rule to allow web browsing by default on initial setup + Categorized lists now work 2.3.9 + Summarized report works again + Added modeldepends to yaml schema + Fixed cache-peer authorization parameters when using a global proxy. Due to this change squid.conf is no longer readable by all + Avoid multiple calls to store row in DelayPools::_setUndefinedValues() 2.3.8 + Fixed group-based authorization + Fixed wrongly set time period acls in squid configuration in some cases + Fixed 'any' rules in dansguardian configuration 2.3.7 + Unify FirewallHelper, removed no longer needed SquidOnlyFirewall + Support for different filter profiles depending on the time period + Update dansguardian conf templates to 2.10 version + Use new clone and check all options in tables + Added HTTPS proxy support if squid is compiled with SSL support + New Transparent Exemptions model to skip proxying of some websites + Rearranged components on filter profile configuration + New Categorized Lists model to upload the lists archives + Download sizes for Bandwidth Throttling now use MB instead of KB + Users and Antivirus enable dependencies are now optional + Default policy if no other allow or filter rules are present is deny + There is no need of manually specify global authorize or filter policy + New AccessRules model instead of objects and groups policy tables + Simplified Bandwidth Throttling using a single table + Removed useless HTTP proxy status widget + Using EBox::Object::Members class to generate iptables rules + Removed greylist feature that was confusing 2.3.6 + Added enabled control to domains files lists + Remove duplicated models for default profile and custom filter profiles + Remove "apply on all" and "use defaults" models + Adapted to new Model management framework + Use new _keys() which takes cache into account instead of _redis_call() + Adapted TimePeriod type to the changes in the types framework + Kerberized authentication + Implement new EBox::NetworkObserver::regenGatewaysFailover() 2.3.5 + Create tables with MyISAM engine by default 2.3.4 + Use new tableBody.mas in TrafficDetails.pm + Fixed regresion which broke the apply all button for MIME and extensions 2.3.3 + Packaging fixes for precise 2.3.2 + Updated Standard-Versions to 3.9.2 2.3.1 + Adapted messages in the UI for new editions + Uniformize config boolean values (from true/false to yes/no) + Now you can use the default profile in a custom profile for file extensions 2.3 + Adapted to new MySQL logs backend + Ignore localnets with undefined DHCP address when writing conf + Adapted to squid3 new paths and daemon and squid.conf syntax + Replaced autotools with zbuildtools + Fixed regression on filter selection depending on the objects policy. Now it works again + Fixed regression which broke filter policies in objects when a non-filter global policy was selected + Fixed use of not-defined yet ACL when using parent peer 2.2.1 + Fixed deprecated syntax for some iptables rules + Fixed parameter for unlimited value in delay pools + Fixed order of refresh patterns + Properly set of never_direct option when setting a parent peer 2.1.11 + Improved bandwidth throttling texts + Set proper message type in General Settings model 2.1.10 + Remove dansguardian startup link to avoid start when disabled 2.1.9 + Fixed encoding in blocked page template + Reviewed some subscription strings 2.1.8 + Differentiate ads from notes + Removed /zentyal prefix from URLs + Added configuration key to omit domain categorized files from backup + Avoid duplicated restart during postinst + Give support for setting a new adblocking redirector + Give support for adding postmatch patterns in Ad-blocking 2.1.7 + HTTPS works both for banned domains and block blanket options + Added guard against missing rows in antivirusNeeded method + Order top domains by visits instead of traffic bytes in reporting 2.1.6 + Include missing dansguardian.logrotate file 2.1.5 + No longer use custom upstart scripts and custom logrotate conf 2.1.4 + Humanize units in Delay Pools (from Bytes to KB) + Use the new "Add new..." option in the object selectors + Added global ad-blocking option + Use quote column option for periodic and report log consolidation + Guard against generating empty localeboxnet ACL 2.1.3 + Dansguardian is only started when a global filter policy is choosen + Applied keyGenerator option to report queries 2.1.2 + Removed workarounds on component's parent/child relationship + Adapted logrotate configuration to new PID file 2.1.1 + Added guard against empty fileList_path keys + Added missing Microsoft updates server in squid.conf.mas + Zentyal squid daemon uses a different pidfile now + Fixed bug that could delete the default profile file list + Avoid call to set_string with undefined value + Added missing dependency on network module 2.1 + Use new standard enable-module script + Improved order of tabs in filter profiles + Custom filter profiles are also populated with default extensions and MIME types + Delete all migrations and use initial-setup + Replace /etc/ebox/80squid.conf with /etc/zentyal/squid.conf + Disable default arbitrary regexes in bannedregexpurllist.mas 2.0.3 + Bugfix: when having different filter profiles with domain lists, the lists files are no longer deleted on the second restart 2.0.2 + Filter profiles names with spaces are forbidden to avoid errors + Avoid problems with some languages on disk usage graph 2.0.1 + Added commercial message + Set DNS servers in Squid configuration 1.5.13 + Rebranded access denied page 1.5.12 + Add SNMP server from Squid when required 1.5.11 + More global proxy configuration and domain configuration improvements + Zentyal rebrand + Running squid daemons are killed when starting ebox proxy if pidfile exists 1.5.10 + Fixed dansguardian/squid crash when logrotate was daily executed 1.5.9 + Fixed profile mime types migrations 1.5.8 + Added upstart script for squid to avoid first start problems 1.5.7 + Fixed problems with ACL names 1.5.6 + Fixed problem with whitespaces in users/groups/objects in squid configuration file 1.5.5 + Revert range_offset_limit option to default value because was causing troubles with streaming sites. 1.5.4 + Added bridged mode support in firewall helper 1.5.3 + Bugfix: Delay pools ordering works on UI 1.5.2 + Bugfix: use default squid init script instead of old missing ebox.squid 1.5.1 + Maximum file descriptor option in now set in /etc/default/squid + Bugfix: Log exception hits in dansguardian so whitelisted domains are now logged properly + Bugfix: Get virtual interfaces as well to set firewall rules + Bugfix: Make some checks in delay pools to avoid misconfiguration, do not write the disabled rules and set the proper labels and more detailed explanation + New bandwidth throttling support with delay pools + Bugfix: trim URL string as DB stores it as a varchar(1024) (Log) + Disabled ban URL regexes + Added filter profile per object + Bugfix, breadcrumbs triggered old problem with parent method in DomainFilterCategories model, so we enable again the old workaround to avoid this error + Add new information about saved bandwidth to the reports + Fixed bug in filter profile by object with network addresses + Customized Dansguardian blocked page template + Exclude localnetworks from bandwidth throttling + Added flash MIME types to default MIME types + Squid default cache_mem set to 128 MB + New option to configure maximum_object_size which defaults to 300 MB + Add refresh_pattern options for Microsoft Windows, Debian and Ubuntu updates + Removed dead code in dumpConfig/restoreConfig methods + In configuration report mode the module does not longe include the domain lists archives 1.3.14 + Bugfix: in restartService we assure that all files are in place before restarting the daemons + Changed labels in cache exemptions form 'domain' to 'domain name address' to make clearer the actual working of the feature + Better help messages for time period parameters + Added custom script to delay downtime while log rotation is done + Only unzip domain categoris archives when they have changed, this speeds up the module startup + You can establish the same policies for URLs than for full domains 1.3.13 + Switching antivirus from clamavscan to clamdscan + Better MIME type check, removed false negatives with some subtypes 1.3.12 + Bug fix: Added migration to rename access table to squid_access. + Add breadcrumbs 1.3.11 + Added report support 1.3.6 + Bug fix: Disable cache in Group Policy base to be able to fetch new groups in "Group" select + Bug fix: no more duplicated log for the same URL + UI improvement: precondition in objects and user polices 1.3.5 + tableInfo returns an array of hash refs + Bugfix: group policies are deleted when the group is deleted + Bugfix: added notification when antivirus is enabled to assure that we have a correct configuration 1.1.30 + Added to Traffic details report _noAggregateFileds and fixed bug with defaultController + Bugfix: HTTPS traffic tunneled correctly 1.1.20 + Disable PICs ratings by default + logs are sesrchable by user 1.1.10 + Change default dansguardian conf to make it work with dansguardian 2.9.9.7 1.0 + new release 0.12.100 + New release + Added user based authorization + Added filter profiles + Added group polices + Added time period option to policies + Added per-object group policies + Added antivirus support + Added dansguardian's custom logrotate file + Added cache exceptions + Added cache size + Disabled exception and banned phrases to avoid uncontrolled content filter results 0.12.99 + Add support for reporting + User support + Exemption for cache option added + Adapted to objects with overlapping addresses 0.12 + Use the new EBox::Model::Row api + Add field help to models + Fix titles within tabs + Set deny as default policy 0.11.101 + New release 0.11.100 + Use the new syntax to enable transparent proxy + Do not launch dansguardian with setsid. It was necessary with runit, but not with upstart any more. + do not remove rc scripts, stop on pre-start 0.11.99 + Set proper language to show denied access page by dansguardian using eBox locale (Currently manually maintained) 0.11.1 + Bugfix. MIME and extension filter allow attribute is NOT optional but they have a default value O.11 + New release 0.10.99 + Use new model/view framework. UI uses Ajax + Attempt to simplify content filter interface 0.10 + New release 0.9.100 + New release 0.9.99 + New release 0.9.3 + New release 0.9.2 + Add nasty workaround to try to stop and create swap directories for squid O.9.1 + New release 0.9 + Added Polish translation.00 + Added German Translation 0.8.99 + New release 0.8.1 + force creation of swap directories in postinst 0.8 + New release 0.7.99 + Add Mime Type Filter Support + Add custom filter support for file extensions and Mime Type + Merge portuguese translation thanks to JC Junior + Add some explanatory notes + Fix some small bugs + Fix a bug which made dansguardian crash at start + Dansguardian does not start when it shouldn't 0.7.1 + Add support to configure banned extension list in dansguardian + GUI consitency + Use of ebox-sudoers-friendly 0.7 + First public release 0.6 + move to client + API documented using naturaldocs + Update install + Update debian scripts 0.5.2 + Fix some packaging issues 0.5.1 + Convert module to new menu system 0.5 + No changes 0.4 + debian package + Added content filter based on dansguardian + Rework to support dansguardian + Added French translation + Added Catalan translation 0.3 + Supports i18n + Supports banned domains + API name consistency + Use Mason for templates + added tips to GUI + Fixed bugs to IE compliant + Several bugfixes 0.2 + All modules are now based on gconf. + Removed dependencies on xml-simple, xerces and xpath + New MAC address field in Object members. + Several bugfixes. 0.1 + Initial release zentyal-squid-2.3.11+quantal1/AUTHORS0000664000000000000000000000024012017154761014071 0ustar Copyright (C) 2004-2012 eBox Technologies S.L. For an updated list of the current and past developers please visit: http://trac.zentyal.org/wiki/Contributors zentyal-squid-2.3.11+quantal1/schemas/0000775000000000000000000000000012017154761014450 5ustar zentyal-squid-2.3.11+quantal1/schemas/sql/0000775000000000000000000000000012017154761015247 5ustar zentyal-squid-2.3.11+quantal1/schemas/sql/period/0000775000000000000000000000000012017154761016531 5ustar zentyal-squid-2.3.11+quantal1/schemas/sql/period/squid_traffic.sql0000664000000000000000000000063412017154761022100 0ustar CREATE TABLE IF NOT EXISTS squid_traffic ( `date` TIMESTAMP, rfc931 CHAR(255) DEFAULT '-', requests BIGINT DEFAULT 0, accepted BIGINT DEFAULT 0, accepted_size BIGINT DEFAULT 0, denied BIGINT DEFAULT 0, denied_size BIGINT DEFAULT 0, filtered BIGINT DEFAULT 0, filtered_size BIGINT DEFAULT 0, INDEX(`date`) ) ENGINE = MyISAM; zentyal-squid-2.3.11+quantal1/schemas/sql/squid_access_report.sql0000664000000000000000000000205612017154761022034 0ustar CREATE TABLE IF NOT EXISTS squid_access_report ( timestamp DATE, ip INT UNSIGNED, username VARCHAR(255), domain VARCHAR(255), event VARCHAR(10), code VARCHAR(32), bytes BIGINT, hits INT ) ENGINE = MyISAM; -- FIXME: reimplement this in mysql or perl -- CREATE OR REPLACE FUNCTION domain_from_url(url VARCHAR) RETURNS TEXT AS $$ -- DECLARE -- tmp VARCHAR; -- components VARCHAR[]; -- domain VARCHAR; -- i INTEGER; -- BEGIN -- tmp := url; -- tmp := regexp_replace(tmp,'http(s?)://',''); -- tmp := regexp_replace(tmp,'(:|/).*',''); -- components := regexp_split_to_array(tmp,E'\\.'); -- -- domain := ''; -- FOR i IN REVERSE array_upper(components,1)..1 LOOP -- IF domain = '' THEN -- domain := components[i]; -- ELSE -- IF i > 1 or char_length(domain) < 8 THEN -- domain := components[i] || '.' || domain; -- END IF; -- END IF; -- END LOOP; -- -- RETURN domain; -- END; -- $$ LANGUAGE plpgsql; zentyal-squid-2.3.11+quantal1/schemas/sql/squid_access.sql0000664000000000000000000000064412017154761020442 0ustar CREATE TABLE IF NOT EXISTS squid_access ( timestamp TIMESTAMP, elapsed INT, remotehost VARCHAR(255), code VARCHAR(255), bytes INT, method VARCHAR(10), url VARCHAR(1024), rfc931 VARCHAR(255) DEFAULT '-', peer VARCHAR(255), mimetype VARCHAR(255), event VARCHAR(255), filterProfile VARCHAR(100), INDEX(timestamp) ) ENGINE = MyISAM; zentyal-squid-2.3.11+quantal1/schemas/squid.yaml0000664000000000000000000000211012017154761016453 0ustar class: 'EBox::Squid' depends: - objects - network enabledepends: - firewall - users models: - GeneralSettings - AccessRules - NoCacheDomains - TransparentExceptions - FilterProfiles - ContentFilterThreshold - Extensions - MIME - DomainFilter - DomainFilterCategories - DomainFilterSettings - AntiVirus - DelayPools - CategorizedLists - RequestsGraph - TrafficSizeGraph - TrafficDetails - TrafficReportOptions composites: General: [GeneralSettings, NoCacheDomains, TransparentExceptions] FilterSettings: [ContentFilterThreshold, AntiVirus] Domains: [DomainFilterSettings, DomainFilter] ProfileConfiguration: [FilterSettings, Domains, DomainFilterCategories, MIME, Extensions] TrafficReport: [TrafficReportOptions, RequestsGraph, TrafficSizeGraph, TrafficDetails] modeldepends: AccessRules: objects/ObjectTable: [object] squid/FilterProfiles: [profile] DelayPools: objects/ObjectTable: [acl_object] foreign: FilterProfiles: [ProfileConfiguration]