/**
* Common view/edit form.
*
* @param string $form_type form type
*
* @return view
*/
function _form($form_type)
{
// Load dependencies
//------------------
$this->lang->load('web_proxy');
$this->load->library('web_proxy/Squid');
$this->load->library('web_proxy/Squid_Firewall');
$ntlm_available = FALSE;
if (clearos_library_installed('samba_common/Samba')) {
$this->load->library('samba_common/Samba');
$ntlm_available = $this->samba->is_initialized();
}
// Handle form submit
//-------------------
if ($this->input->post('submit')) {
try {
if ($this->input->post('mode')) {
$mode = $this->input->post('mode');
if ($mode == 1) {
$this->squid_firewall->set_proxy_transparent_state(TRUE);
$this->squid->set_user_authentication_state(FALSE);
} else {
if ($mode == 2) {
$this->squid_firewall->set_proxy_transparent_state(FALSE);
$this->squid->set_ntlm_state(FALSE);
$this->squid->set_user_authentication_state(TRUE);
} else {
if ($mode == 3) {
$this->squid_firewall->set_proxy_transparent_state(FALSE);
$this->squid->set_ntlm_state(TRUE);
$this->squid->set_user_authentication_state(TRUE);
} else {
if ($mode == 4) {
$this->squid_firewall->set_proxy_transparent_state(FALSE);
$this->squid->set_user_authentication_state(FALSE);
}
}
}
}
} else {
$this->squid->set_ntlm_state($this->input->post('ntlm'));
$this->squid->set_user_authentication_state($this->input->post('user_authentication'));
}
// The network configuration needs to updated when the transparent
// mode changes around, ergo auto_configure().
$this->squid->auto_configure();
$this->squid->reset(TRUE);
$this->page->set_status_updated();
redirect('/web_proxy/authentication');
} catch (Exception $e) {
$this->page->view_exception($e);
return;
}
}
// Load view data
//---------------
try {
$data['form_type'] = $form_type;
$data['transparent_capable'] = $this->squid_firewall->get_proxy_transparent_capability();
$data['transparent'] = $this->squid_firewall->get_proxy_transparent_state();
$data['user_authentication'] = $this->squid->get_user_authentication_state();
$data['ntlm'] = $this->squid->get_ntlm_state();
$data['ntlm_available'] = $ntlm_available;
$data['modes']['1'] = lang('web_proxy_transparent_and_no_user_authentication');
$data['modes']['2'] = lang('web_proxy_non_transparent_with_user_authentication');
if ($ntlm_available) {
$data['modes']['3'] = lang('web_proxy_non_transparent_with_user_authentication_and_ntlm');
}
$data['modes']['4'] = lang('web_proxy_non_transaprent_Without_user_authentication');
if ($data['transparent'] && !$data['user_authentication']) {
$data['mode'] = 1;
} else {
if (!$data['transparent'] && $data['user_authentication'] && !$data['ntlm']) {
$data['mode'] = 2;
} else {
if (!$data['transparent'] && $data['user_authentication'] && $data['ntlm']) {
$data['mode'] = 3;
} else {
if (!$data['transparent'] && !$data['user_authentication']) {
$data['mode'] = 4;
} else {
$data['mode'] = 1;
}
}
}
}
} catch (Exception $e) {
$this->page->view_exception($e);
return;
}
// Load views
//-----------
$this->page->view_form('web_proxy/authentication', $data, lang('web_proxy_authentication'));
}
/**
* Sets basic authentication default values.
*
* @return void
* @throws Engine_Exception
*/
public function set_basic_authentication_info_default()
{
clearos_profile(__METHOD__, __LINE__);
$product = new Product();
$name = $product->get_name();
$realm = $name . ' - ' . lang('web_proxy_web_proxy');
$tuning = $this->get_tuning();
// TODO: deal with custom tuning
if ($tuning['level'] == Tuning::LEVEL_CUSTOM) {
$children = 60;
} else {
$children = $tuning['children'];
}
// Basic authentication
//---------------------
$file = new File(self::FILE_AUTH_CONFIG);
$lines = "# This file is managed by the ClearOS API. Use squid.conf for customization.\n";
$lines .= "auth_param basic children {$children}\n";
$lines .= "auth_param basic realm {$realm}\n";
$lines .= "auth_param basic credentialsttl 2 hours\n";
$lines .= "auth_param basic program {$this->file_pam_auth}\n";
// TODO - IPv4 hack below
$lines .= "external_acl_type system_group ipv4 %LOGIN {$this->file_squid_unix_group} -p\n";
// Add NTLM if desired and possible
//---------------------------------
if ($this->get_ntlm_state() && clearos_library_installed('samba_common/Samba')) {
clearos_load_library('samba_common/Samba');
$samba = new \clearos\apps\samba_common\Samba();
if ($samba->is_initialized()) {
$domain = $samba->get_workgroup();
// TODO: hard coded web_proxy_plugin below
$lines .= "# NTLM\n";
$lines .= "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp " . "--require-membership-of={$domain}+web_proxy_plugin\n";
$lines .= "auth_param ntlm children {$children}\n";
$lines .= "auth_param ntlm keep_alive on\n";
}
}
if ($file->exists()) {
$file->delete();
}
$file->create('root', 'root', '0644');
$file->add_lines($lines);
}
/**
* Returns the state of the proxy filter.
*
* @return boolean TRUE if proxy filter is enabled
* @throws Engine_Exception
*/
public function get_proxy_filter_state()
{
clearos_profile(__METHOD__, __LINE__);
$state = FALSE;
if (clearos_library_installed('content_filter/DansGuardian')) {
clearos_load_library('content_filter/DansGuardian');
$dansguardian = new \clearos\apps\content_filter\DansGuardian();
$state = $dansguardian->get_running_state();
}
return $state;
}
