diff options
| author | Andreas Brodmann <andreas.brodmann@gmail.com> | 2007-11-29 19:28:10 +0000 |
|---|---|---|
| committer | Andreas Brodmann <andreas.brodmann@gmail.com> | 2007-11-29 19:28:10 +0000 |
| commit | 4bbff2d10dbd88bb8781ada7c6e0549b51032018 (patch) | |
| tree | e8e14dfc6a303b2e230d589b4eaedb265d53a3ec | |
| parent | d778aa11d469fa8c415c471dfae92272da14d83b (diff) | |
| download | acf-squid-4bbff2d10dbd88bb8781ada7c6e0549b51032018.tar.bz2 acf-squid-4bbff2d10dbd88bb8781ada7c6e0549b51032018.tar.xz | |
/acf/squid: daily update on trunk
git-svn-id: svn://svn.alpinelinux.org/acf/squid/trunk@389 ab2d0c66-481e-0410-8bed-d214d4d58bed
| -rw-r--r-- | Makefile | 1 | ||||
| -rw-r--r-- | squid-authentication-html.lsp | 105 | ||||
| -rw-r--r-- | squid-basic-html.lsp | 23 | ||||
| -rw-r--r-- | squid-controller.lua | 27 | ||||
| -rw-r--r-- | squid-model.lua | 406 |
5 files changed, 414 insertions, 148 deletions
@@ -5,6 +5,7 @@ VERSION=1.0_alpha1 APP_DIST=squid-controller.lua \ squid-model.lua \ squid-basic-html.lsp \ + squid-authentication-html.lsp \ squid-advanced-html.lsp \ squid.menu \ dansguardian-controller.lua \ diff --git a/squid-authentication-html.lsp b/squid-authentication-html.lsp new file mode 100644 index 0000000..1c693f0 --- /dev/null +++ b/squid-authentication-html.lsp @@ -0,0 +1,105 @@ +<? + local form = ... + local data = form.option + local service = form.service + local config = form.service.config + + local srv1fill = "" + local srv2fill = "disabled" + if service.status == "running" then + srv1fill = "disabled" + srv2fill = "" + end + + local ifthen = function( variable, value, result ) + if variable == value then + io.write( result ) + end + end + +?> +<h1>Web Proxy</h1> +Squid is a web proxy server. It makes web requests in behalf of the client, and +inspecting the returned and optionally caches that content so that the next time +a client request is made, the content can be served from local disk. This can make +web surfing faster. Squid can also forward its requests on to a content filter, +such as DansGuardian.<br><br> +This page lets you modify the authentication scheme of squid.<br><br> + +<h1>Status</h1> +<form action="" method="POST"> +<table><tr> +<td>squid is: <b><? io.write( service.status ) ?> </b> </td> +<td><input type="submit" name="srvcmd" value="start" <? io.write( srv1fill ) ?> style="width:100px"></td> +<td><input type="submit" name="srvcmd" value="stop" <? io.write( srv2fill ) ?> style="width:100px"></td> +<td><input type="submit" name="srvcmd" value="restart" <? io.write( srv2fill ) ?> style="width:100px"></td> +</tr></table> +</form> + +<pre style="color: #ff2020;"><? io.write( service.message ) ?></pre><br> + +This process runs as a service. When you make and save changes, the configuration +files for the service are changed. However, the changes will not be <i>applied</i> +until you restart the service.<br><br> + +<form action="" method="POST"> +<h1>Configuration</h1> + +<h2>Authentication Scheme</h2> +Choose the desired authentication mechanisms and their order.<br><br> + +<input type="hidden" name="authmethod" value="<? io.write( config.authmethod.value ) ?>"> +<table> +<tr><td> + <table><tr><td> + <input type="submit" value="^"> + </td></tr><tr><td> + <input type="submit" value="v"> + </td></tr></table> +</td><td> + <b>Active</b><br> + <select name="tmpauth" size="5" style="width:150px;"> + <? + local lap = 1 + local method = config.authmethod.value + if #config.authmethod.value > 0 then + while lap <= #config.authmethod.value do + if string.sub( method, lap, lap ) == "D" then + io.write( "<option value=\"D\">Digest</option>\n" ) + elseif string.sub( method, lap, lap ) == "N" then + io.write( "<option value=\"N\">NTLM</option>\n" ) + elseif string.sub( method, lap, lap ) == "B" then + io.write( "<option value=\"B\">Basic</option>\n" ) + end + lap = lap + 1 + end + end + ?> + </select> +</td><td> + <table border="0"><tr><td> + <input type="submit" value=" << "> + </td></tr><tr><td> + <input type="submit" value=" >> "> + </td></tr></table> +</td><td> + <b>Selectable</b><br> + <select name="tmpempty" size="5" style="width:150px;"> +<? + if string.match( config.authmethod.value, "D" ) == nil then + io.write( "<option value=\"D\">Digest</option>\n" ) + end + if string.match( config.authmethod.value, "N" ) == nil then + io.write( "<option value=\"N\">NTLM</option>\n" ) + end + if string.match( config.authmethod.value, "B" ) == nil then + io.write( "<option value=\"B\">Basic</option>\n" ) + end +?> + </select> +</td></tr> +</table><br> + +<input type="submit" name="cmd" value="save" style="width:100px"><br> +</form><br> + diff --git a/squid-basic-html.lsp b/squid-basic-html.lsp index b56b9e6..692bd06 100644 --- a/squid-basic-html.lsp +++ b/squid-basic-html.lsp @@ -44,6 +44,7 @@ until you restart the service.<br><br> <form action="" method="POST"> <h1>Configuration</h1> +<? io.write("<pre style=\"color: #ff2020;\">" .. service.error .. "</pre><br>\n" ) ?> <h2>Primary Listener service</h2> These parameters define the interface and port that the web proxy uses to accept connections.<br><br> @@ -64,7 +65,7 @@ It is safe to leave this at the default settings.<br><br> <table> <tr><td align="right"><b>filterip</b></td><td><input type="text" name="filterip" value="<? io.write( config.filterip.value ) ?>"</td></tr> <tr><td align="right"><b>filterport</b></td><td><input type="text" name="filterport" value="<? io.write( config.filterport.value ) ?>"></td></tr> -<tr><td align="right"><b>FilterRegex</b></td><td><input type="text" name="filterregex" value="<? io.write( config.filterregex.value ) ?>"></td></tr> +<tr><td align="right"><b>FilterRegex</b></td><td><input type="text" name="filterregex" value="<? io.write( config.filterregex.value ) ?>" style="width:400px;"></td></tr> </table><br> <h2>Access Logs</h2> @@ -80,18 +81,8 @@ This determines if the disk is used for caching. This can speed up web surfing w but it requires a local hard disk.<br><br> <table> -<tr><td><input type="radio" name="diskcache" value="no"<? ifthen( config.diskcache.value, "no", " checked" ); ?>> No caching</td></tr> -<tr><td><input type="radio" name="diskcache" value="yes"<? ifthen( config.diskcache.value, "yes", " checked" ); ?>> Use disk cache</td></tr> -</table><br> - -<h2>Authentication Method</h2> -Squid can use the Digest or NTLM authentication method. Unless you have a Windows domain controller in your ISM network, -use Digest authentication.<br><br> - -<table> -<tr><td><input type="radio" name="authmethod" value="digest"<? ifthen( config.authmethod.value, "digest", " checked" ); ?>> Digest Authentication</td></tr> -<tr><td><input type="radio" name="authmethod" value="ntlm"<? ifthen( config.authmethod.value, "ntlm", " checked" ); ?>> NTLM Authentication (also requires configuring NTLM authenticator)</td></tr> -<tr><td><input type="radio" name="authmethod" value="none"<? ifthen( config.authmethod.value, "none", " checked" ); ?>> No Authentication (Not Recomended)</td></tr> +<tr><td><input type="radio" name="diskcache" value="no"<? ifthen( config.diskcache.value, "no", " checked" ); ?>>No caching</td></tr> +<tr><td><input type="radio" name="diskcache" value="yes"<? ifthen( config.diskcache.value, "yes", " checked" ); ?>>Use disk cache</td></tr> </table><br> <h2>Allowed Ports</h2> @@ -102,10 +93,10 @@ servers run on other ports as well. These fields list all ports and port ranges It is safe to leave these values at their default values.<br><br> <table> -<tr><td align="right"><b>Safe_ports</b></td><td><input type="text" name="safeports" value="<? io.write( config.safeports.value ) ?>"></td></tr> -<tr><td align="right"><b>SSL_ports</b></td><td><input type="text" name="sslports" value="<? io.write( config.sslports.value ) ?>"></td></tr> +<tr><td align="right"><b>Safe_ports</b></td><td><input type="text" name="safeports" value="<? io.write( config.safeports.value ) ?>" style="width:400px;"></td></tr> +<tr><td align="right"><b>SSL_ports</b></td><td><input type="text" name="sslports" value="<? io.write( config.sslports.value ) ?>" style="width:400px;"></td></tr> </table><br> <input type="submit" name="cmd" value="save" style="width:100px"><br> -</form> +</form><br> diff --git a/squid-controller.lua b/squid-controller.lua index 4e9c134..4d3ffa5 100644 --- a/squid-controller.lua +++ b/squid-controller.lua @@ -38,7 +38,7 @@ basic = function( self ) extra = "" } - local service = { message="", status="" } + local service = { message="", status="", error="" } if self.clientdata.srvcmd then local srvcmd = self.clientdata.srvcmd if srvcmd == "start" or srvcmd == "stop" or srvcmd == "restart" then @@ -47,7 +47,30 @@ basic = function( self ) end service.status = self.model.get_status() - service.config = self.model.get_basic_config() + service.config, service.error = self.model.get_basic_config() + + return ( cfe ({ option = option, service = service }) ) +end + +authentication = function( self ) + + local option = { script = ENV["SCRIPT_NAME"], + prefix = self.conf.prefix, + controller = self.conf.controller, + action = self.conf.action, + extra = "" + } + + local service = { message="", status="", error="" } + if self.clientdata.srvcmd then + local srvcmd = self.clientdata.srvcmd + if srvcmd == "start" or srvcmd == "stop" or srvcmd == "restart" then + service.message = self.model.service_control( srvcmd ) + end + end + + service.status = self.model.get_status() + service.config, service.error = self.model.get_basic_config() return ( cfe ({ option = option, service = service }) ) end diff --git a/squid-model.lua b/squid-model.lua index 9010039..f56750c 100644 --- a/squid-model.lua +++ b/squid-model.lua @@ -2,29 +2,55 @@ -- Copyright(c) 2007 A. Brodmann - Licensed under terms of GPL2 module (..., package.seeall) -dansguardiancfg = "/etc/dansguardian/dansguardian.conf" +squidconf = "/etc/squid/squid.conf" -get_status = function() - - local retval = "stopped" +--- the tokenizer functions - must be dislocated into a library later +tokenizer = {} - local ptr = io.popen( "/bin/pidof squid" ) - local pid = ptr:read( "*a" ) - ptr:close() - if pid ~= nil then - if #pid > 1 then - retval = "running" +tokenizer.new = function( str, delim ) + local token = {} + token.value = str; + token.delim = delim; + token.pos = 1 + return token +end + +tokenizer.pos = function( value, substr, pos ) + local retval = pos + local done = false + while not done and retval <= #value do + if string.sub( value, retval, retval ) == substr then + done = true + else + retval = retval + 1 end end - return retval end + +tokenizer.next = function( token ) + if token.pos > #token.value then + return token, nil + end + + local strpos = tokenizer.pos( token.value, token.delim, token.pos ) + retval = string.sub(token.value, token.pos, strpos-1) + if retval == token.delim then + retval = "" + token.pos = token.pos + 1 + else + token.pos = strpos + 1 + end + + return token, retval +end +--- -get_dansguardian_status = function() +get_status = function() local retval = "stopped" - - local ptr = io.popen( "/bin/pidof dansguardian" ) + + local ptr = io.popen( "/bin/pidof squid" ) local pid = ptr:read( "*a" ) ptr:close() if pid ~= nil then @@ -74,141 +100,77 @@ get_adv_config = function() return retval end -get_filter_config = function() +update_adv_config = function( config ) - local retval = {} - local error = "" - - retval = { filterip = { label="Filter IP", type="text", value="" }, - filterport = { label="Filter Port", type="text", value="" }, - proxyip = { label="Proxy IP", type="text", value="" }, - proxyport = { label="Proxy Port", type="text", value="" }, - accessdeniedaddress = { label="AccessDeniedAddress", type="text", value="" }, - naughtynesslimit = { label="NaughtynessLimit", type="text", value="" } - } - - local fptr = io.open( dansguardiancfg, "r" ) - if fptr ~= nil then - local line = fptr:read( "*l" ) - while line ~= nil do - if string.sub( line, 1, 1 ) ~= "#" then - if string.sub( line, 1, 8 ) == "filterip" then - retval.filterip.value = get_cfg_value( line ) - elseif string.sub( line, 1, 10 ) == "filterport" then - retval.filterport.value = get_cfg_value( line ) - elseif string.sub( line, 1, 7 ) == "proxyip" then - retval.proxyip.value = get_cfg_value( line ) - elseif string.sub( line, 1, 9 ) == "proxyport" then - retval.proxyport.value = get_cfg_value( line ) - elseif string.sub( line, 1, 19 ) == "accessdeniedaddress" then - retval.accessdeniedaddress.value = get_cfg_value( line ) - end - end - line = fptr:read( "*l" ) -- read one config file - end - fptr:close() + local retval = "Successfully updated /etc/squid/squid.conf!" + + local ptr = io.open( "/etc/squid/squid.conf", "wb+" ) + if ptr ~= nil then + ptr:write( config ) + ptr:close() else - error = "Failed to open /etc/dansguardian/dansguardian.conf file!" + retval = "update_config(): Error, failed to open /etc/squid/squid.conf!\n" end - - return retval, error -end - -update_filter_config = function( config ) - local retval = "" - local tmpfilename = os.tmpname() - local tmpfile = -1 - local cfgptr = -1 - local line = "" - - tmpfile = io.open( tmpfilename, "wb+" ) - if tmpfile == nil then - return "Failed to create temporary config file!" - end - - cfgptr = io.open( dansguardiancfg, "r" ) - if cfgptr == nil then - tmpfile:close() - os.remove( tmpfilename ) - return "Failed to open " .. dansguardiancfg .. "!" - end - - line = cfgptr:read( "*l" ) - while line ~= nil do - if string.sub( line, 1, 8 ) == "filterip" then - tmpfile:write( "filterip = " .. config.filterip .. "\n" ) - elseif string.sub( line, 1, 10 ) == "filterport" then - tmpfile:write( "filterport = " .. config.filterport .. "\n" ) - elseif string.sub( line, 1, 7 ) == "proxyip" then - tmpfile:write( "proxyip = " .. config.proxyip .. "\n" ) - elseif string.sub( line, 1, 9 ) == "proxyport" then - tmpfile:write( "proxyport = " .. config.proxyport .. "\n" ) - elseif string.sub( line, 1, 19 ) == "accessdeniedaddress" then - tmpfile:write( "accessdeniedaddress = " .. config.accessdeniedaddress .. "\n" ) - else - tmpfile:write( line .. "\n" ) - end - line = cfgptr:read( "*l" ) - end - - tmpfile:close() - cfgptr:close() - - os.rename( tmpfilename, dansguardiancfg ) - return retval end -get_cfg_value = function( str ) +get_conf_tag = function( tag, gat ) local retval = "" - local pos = 1 + local error = "" local found = false - local found2 = false + local done = false - while not found and pos < #str -1 do - if string.sub( str, pos, pos ) == "=" then - found = true - end - pos = pos + 1 + local fptr = io.open( squidconf, "r" ) + if fptr == nil then + return "", "Failed to open squid config file!" end - if found then - pos = pos - 1 - while not found2 and pos < #str -1 do - if string.sub( str, pos+1, pos+1 ) ~= " " then - found2 = true + while not found and not done do + local line = fptr:read( "*l" ) + if line == nil then + done = true + else + if string.sub( line, 1, 22 ) == tag then + found = true end - pos = pos + 1 end end - if found2 then - retval = string.sub( str, pos ) + if done then + fptr:close() + return "", "TAG not found in squid config!" end - return retval -end - -update_adv_config = function( config ) - - local retval = "Successfully updated /etc/squid/squid.conf!" - - local ptr = io.open( "/etc/squid/squid.conf", "wb+" ) - if ptr ~= nil then - ptr:write( config ) - ptr:close() - else - retval = "update_config(): Error, failed to open /etc/squid/squid.conf!\n" + found = false + done = false + + while not found and not done do + local line = fptr:read( "*l" ) + if line == nil then + done = true + elseif string.sub( line, 1, 22 ) == gat then + found = true + else + retval = retval .. "\n" .. line + end end - - return retval + + if done then + fptr:close() + return "", "End TAG (GAT) not found in squid config! '" .. gat .. "'" + end + + fptr:close() + + return retval, error end get_basic_config = function() - local config = { proxyip = { value="", type="text", label="Proxy IP" }, + local error = "" + local config = { proxyip = { value="empty", type="text", label="Proxy IP" }, proxyport = { value="", type="text", label="Proxy Port" }, filterip = { value="", type="text", label="Filter IP" }, filterport = { value="", type="text", label="Filter Port" }, @@ -217,13 +179,197 @@ get_basic_config = function() sslports = { value="", type="text", label="SSL_ports" }, accesslog = { value="", type="select", label="Access Logs", option={ "yes", "no" } }, diskcache = { value="", type="select", label="Disk Cache Parameters", option={ "yes", "no" } }, - authmethod = { value="", type="select", label="Authentication Method", option={ "digest", "ntlm", "none" } } + authmethod = { value="", type="text", label="Authentication Method" } } - config.proxyip.value = "192.168.83.129" - config.proxyport.value = 8080 - config.accesslog.value = "yes" + local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0001", "### ACF-SQUID-GAT-0001" ) + if #error > 0 then + return config, error + end + + local cfg1tok = "" + local cfg2tok = "" + local cfg3tok = "" + + --- get proxyip, proxyport + cfg1tok = tokenizer.new( cfg1, "\n" ) + local done = false + while not done do + local str1 = "" + cfg1tok, str1 = tokenizer.next( cfg1tok ) + if str1 == nil then + return nil, "Corrupt squid.conf! Missing 'http_port' statement!" + else + if string.sub( str1, 1, 10 ) == "http_port " then + local str2 = "" + local ipport = "" + local ip = "" + local port = "" + cfg2tok = tokenizer.new( str1, " " ) + cfg2tok, ipport = tokenizer.next( cfg2tok ) + cfg2tok, ipport = tokenizer.next( cfg2tok ) + if ipport == nil then + return config, "Corrupt squid.conf! Missing parameter #1 for 'http_port' statement!" + end + cfg3tok = tokenizer.new( ipport, ":" ) + cfg3tok, ip = tokenizer.next( cfg3tok ) + cfg3tok, port = tokenizer.next( cfg3tok ) + if port == nil then + port = ip + ip = "" + end + + config.proxyip.value = ip + config.proxyport.value = port + done = true + end + end + end + cfg1tok = nil + cfg2tok = nil + cfg3tok = nil + + --- get filterip, filterport + local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0007", "### ACF-SQUID-GAT-0007" ) + if #error > 0 then + return config, error + end + + cfg1tok = tokenizer.new( cfg1, "\n" ) + done = false + while not done do + local str1 = "" + cfg1tok, str1 = tokenizer.next( cfg1tok ) + if str1 == nil then + return nil, "Corrupt squid.conf! Missing 'cache_peer' statement!" + else + if string.sub( str1, 1, 11 ) == "cache_peer " then + local str2 = "" + local tmp = "" + local ip = "" + local port = "" + cfg2tok = tokenizer.new( str1, " " ) + cfg2tok, tmp = tokenizer.next( cfg2tok ) + cfg2tok, ip = tokenizer.next( cfg2tok ) + cfg2tok, tmp = tokenizer.next( cfg2tok ) + cfg2tok, port = tokenizer.next( cfg2tok ) + if ip == nil or port == nil then + return config, "Corrupt squid.conf! Missing parameters #2 and/or #4 for 'cache_peer' statement!" + end + config.filterip.value = ip + config.filterport.value = port + done = true + end + end + end + cfg1tok = nil + cfg2tok = nil + cfg3tok = nil + + --- get diskcache + local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0002", "### ACF-SQUID-GAT-0002" ) + if #error > 0 then + return config, error + end + + cfg1tok = tokenizer.new( cfg1, "\n" ) + done = false + while not done do + local str1 = "" + cfg1tok, str1 = tokenizer.next( cfg1tok ) + if str1 == nil then + return nil, "Corrupt squid.conf! Missing 'cache_dir' statement!" + else + if string.sub( str1, 1, 15 ) == "cache_dir diskd" then + config.diskcache.value = "yes" + done = true + elseif string.sub( str1, 1, 14 ) == "cache_dir null" then + config.diskcache.value = "no" + done = true + end + + end + end + cfg1tok = nil + + --- authentication method + local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0004", "### ACF-SQUID-GAT-0004" ) + if #error > 0 then + return config, error + end + + cfg1tok = tokenizer.new( cfg1, "\n" ) + local done = false + local auth = "" + while not done do + local str1 = "" + cfg1tok, str1 = tokenizer.next( cfg1tok ) + if str1 == nil then + done = true + else + if string.sub( str1, 1, 18 ) == "auth_param digest " then + if string.match( auth, "D" ) == nil then + auth = auth .. "D" + end + elseif string.sub( str1, 1, 16 ) == "auth_param ntlm " then + if string.match( auth, "N" ) == nil then + auth = auth .. "N" + end + elseif string.sub( str1, 1, 17 ) == "auth_param basic " then + if string.match( auth, "B" ) == nil then + auth = auth .. "B" + end + end + end + end + config.authmethod.value = auth + cfg1tok = nil + + --- get filterregex + local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0005", "### ACF-SQUID-GAT-0005" ) + if #error > 0 then + return config, error + end + + cfg1tok = tokenizer.new( cfg1, "\n" ) + done = false + while not done do + local str1 = "" + cfg1tok, str1 = tokenizer.next( cfg1tok ) + if str1 == nil then + return nil, "Corrupt squid.conf! Missing 'acl ContentFilter urlpath_regex -i' statement!" + else + if string.sub( str1, 1, 35 ) == "acl ContentFilter urlpath_regex -i " then + config.filterregex.value = string.sub( str1, 36 ) + done = true + end + end + end + cfg1tok = nil + cfg2tok = nil + cfg3tok = nil + + --- get SSL_ports, Safe_ports + local done1 = false + local done2 = false + cfg1tok = tokenizer.new( cfg1, "\n" ) + while not done1 or not done2 do + local str1 = "" + cfg1tok, str1 = tokenizer.next( cfg1tok ) + if str1 == nil then + return nil, "Corrupt squid.conf! Missing 'acl SSL_ports/Safe_ports' statement!" + else + if string.sub( str1, 1, 19 ) == "acl SSL_ports port " then + config.sslports.value = string.sub( str1, 20 ) + done1 = true + elseif string.sub( str1, 1, 20 ) == "acl Safe_ports port " then + config.safeports.value = string.sub( str1, 21 ) + done2 = true + end + end + end + cfg1tok = nil - return config + return config, error end |