function xstart()
{
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . ".pid";
$pidtime = "/etc/artica-postfix/pids/" . basename(__FILE__) . ".time";
$dbfile = "/var/log/squid/ufdbgclient.unlock.db";
$pid = @file_get_contents($pidfile);
if ($GLOBALS["VERBOSE"]) {
echo "{$pidtime}\n";
}
$unix = new unix();
$squid = $unix->LOCATE_SQUID_BIN();
if (!$GLOBALS["FORCE"]) {
if ($unix->process_exists($pid, basename(__FILE__))) {
$time = $unix->PROCCESS_TIME_MIN($pid);
unlock_events("Already executed pid {$pid} since {$time}mn-> DIE");
if ($GLOBALS["VERBOSE"]) {
echo "Already executed pid {$pid} since {$time}mn\n";
}
die;
}
}
$mypid = getmypid();
@file_put_contents($pidfile, $mypid);
$timefile = $unix->file_time_min($pidtime);
if ($GLOBALS["VERBOSE"]) {
echo "Timelock:{$pidtime} {$timefile} Mn\n";
}
if (!$GLOBALS["FORCE"]) {
if ($timefile < 5) {
if ($GLOBALS["VERBOSE"]) {
echo "{$timefile}mn require 5mn\n";
}
unlock_events("{$timefile}mn require 5mn");
return;
}
}
@unlink($pidtime);
@file_put_contents($pidtime, time());
$q = new mysql_squid_builder();
$sock = new sockets();
$EnableUfdbGuardArtica = $sock->EnableUfdbGuardArtica();
unlock_events("EnableUfdbGuardArtica={$EnableUfdbGuardArtica}");
$Count = $q->COUNT_ROWS("ufdbunlock");
if ($Count == 0) {
if ($GLOBALS["VERBOSE"]) {
echo "ufdbunlock = 0 rows\n";
}
unlock_events("ufdbunlock = 0 rows");
if (is_file($dbfile)) {
@unlink($dbfile);
if ($EnableUfdbGuardArtica == 0) {
if ($GLOBALS["FORCE"]) {
squid_admin_mysql(2, "Reconfigure Proxy service in order to release blocked {$_GET["reconfigure-unlock"]} website(s)", null, __FILE__, __LINE__);
unlock_events("/etc/init.d/squid reload --script=exec.ufdb.queue.release.php");
system("/etc/init.d/squid reload --script=exec.ufdb.queue.release.php/" . __LINE__);
return;
}
}
unlock_ufdbguard_artica();
return;
}
die;
}
if ($EnableUfdbGuardArtica == 1) {
unlock_ufdbguard_artica();
return;
}
$q->QUERY_SQL("DELETE FROM ufdbunlock WHERE finaltime <" . time());
$Count2 = $q->COUNT_ROWS("ufdbunlock");
if ($Count == $Count2) {
if ($Count2 == 0) {
@unlink($dbfile);
}
if ($GLOBALS["VERBOSE"]) {
echo "***** NOTHING ******\n";
}
if ($GLOBALS["FORCE"]) {
squid_admin_mysql(2, "Reconfigure Proxy service in order to release blocked {$_GET["reconfigure-unlock"]} website(s)", null, __FILE__, __LINE__);
system("/etc/init.d/squid reload --script=exec.ufdb.queue.release.php/" . __LINE__);
}
return;
}
$count3 = $Count - $Count2;
$unix = new unix();
$squid = $unix->LOCATE_SQUID_BIN();
squid_admin_mysql(2, "Reconfigure Proxy service in order to re-block blocked {$count3} websites", null, __FILE__, __LINE__);
system("/etc/init.d/squid reload --script=exec.ufdb.queue.release.php/" . __LINE__);
$sock = new sockets();
$EnableTransparent27 = intval($sock->GET_INFO("EnableTransparent27"));
if ($EnableTransparent27 == 1) {
system("/etc/init.d/squid-nat reload --script=" . basename(__FILE__));
}
}
function build()
{
$sock = new sockets();
$unix = new unix();
$ini = new Bs_IniHandler();
$IPADDRSSL = array();
$IPADDRSSL2 = array();
$ArticaSquidParameters = $sock->GET_INFO('ArticaSquidParameters');
$visible_hostname = $ini->_params["NETWORK"]["visible_hostname"];
if ($visible_hostname == null) {
$visible_hostname = $unix->hostname_g();
}
$SquidBinIpaddr = $sock->GET_INFO("SquidBinIpaddr");
$AllowAllNetworksInSquid = $sock->GET_INFO("AllowAllNetworksInSquid");
if (!is_numeric($AllowAllNetworksInSquid)) {
$AllowAllNetworksInSquid = 1;
}
$ini->loadString($ArticaSquidParameters);
NETWORK_ALL_INTERFACES();
$LISTEN_PORT = intval($ini->_params["NETWORK"]["LISTEN_PORT"]);
$ICP_PORT = intval(trim($ini->_params["NETWORK"]["ICP_PORT"]));
$certificate_center = $ini->_params["NETWORK"]["certificate_center"];
$SSL_BUMP = intval($ini->_params["NETWORK"]["SSL_BUMP"]);
$LogsWarninStop = intval($sock->GET_INFO("LogsWarninStop"));
$ssl = false;
if ($ICP_PORT == 0) {
$ICP_PORT = 3130;
}
if ($LISTEN_PORT == 0) {
$LISTEN_PORT = 3128;
}
$squid = new squidbee();
$q = new mysql_squid_builder();
$IPADDRS = array();
if ($SquidBinIpaddr != null) {
if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$SquidBinIpaddr])) {
$SquidBinIpaddr = null;
} else {
$IPADDRS[$SquidBinIpaddr] = $LISTEN_PORT;
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listens {$SquidBinIpaddr}\n";
}
}
}
if ($SSL_BUMP == 1) {
$ssl = true;
$ssl_port = $squid->get_ssl_port();
}
if ($SquidBinIpaddr == null) {
reset($GLOBALS["NETWORK_ALL_INTERFACES"]);
while (list($ipaddr, $val) = each($GLOBALS["NETWORK_ALL_INTERFACES"])) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Listens {$ipaddr}:{$LISTEN_PORT}\n";
}
$IPADDRS[$ipaddr] = $LISTEN_PORT;
$IPADDRSSL[$ipaddr] = $ssl_port;
}
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} visible hostname........: {$visible_hostname}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} AllowAllNetworksInSquid.: {$AllowAllNetworksInSquid}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} ICP Port................: {$ICP_PORT}\n";
}
if ($ssl) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} SSL Intercept...........: Yes - {$ssl_port}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Certificate.............: {$certificate_center}\n";
}
$MAINSSL = $squid->SaveCertificate($certificate_center, false, false, false, true);
$f[] = $MAINSSL[0];
$certificate = $MAINSSL[1]["certificate"];
$key = $MAINSSL[1]["key"];
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Certificate.............: {$certificate}\n";
}
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} Key.....................: {$key}\n";
}
}
$sql = "SELECT * FROM proxy_ports WHERE enabled=1 and transparent=1";
$results = $q->QUERY_SQL($sql);
$f[] = "# --------- proxy_ports enabled=1 and transparent=1 -> " . mysql_num_rows($results) . " ports";
while ($ligne = mysql_fetch_assoc($results)) {
$ipaddr = $ligne["ipaddr"];
$xport = $ligne["port"];
$transparent_text = null;
if (!isset($GLOBALS["NETWORK_ALL_INTERFACES"][$ipaddr])) {
$f[] = "# --------- table proxy_ports {$ipaddr}:{$xport} -> Hardware Error [" . __LINE__ . "]\n";
$f[] = "# --------- http {$ipaddr} -> Hardware Error [" . __LINE__ . "]\n";
continue;
}
if ($ssl) {
$IPADDRSSL[$ipaddr] = $ssl_port;
}
$IPADDRS[$ipaddr] = $xport;
}
$transparent = " transparent";
while (list($ipaddr, $xport) = each($IPADDRSSL)) {
$IPADDRSSL2["{$ipaddr}:{$xport}"] = true;
}
while (list($ipaddr, $xport) = each($IPADDRS)) {
$IPADDRS2["{$ipaddr}:{$xport}"] = true;
}
while (list($ipaddr, $none) = each($IPADDRS2)) {
$f[] = "http_port {$ipaddr}{$transparent}";
}
if ($ssl) {
$f[] = "# --------- https -> " . count($IPADDRSSL2) . " addresses";
while (list($ipaddr, $none) = each($IPADDRSSL2)) {
$f[] = "https_port {$ipaddr} transparent cert={$certificate} key={$key}";
}
}
if ($AllowAllNetworksInSquid == 1) {
$f[] = "acl localnet src all";
}
if ($AllowAllNetworksInSquid == 0) {
$k = array();
$NetworkScannerMasks = $sock->GET_INFO('NetworkScannerMasks');
$tbl = explode("\n", $NetworkScannerMasks);
if (is_array($tbl)) {
while (list($num, $cidr) = each($tbl)) {
if (trim($cidr) == null) {
continue;
}
$k[$cidr] = $cidr;
}
}
if (count($this->network_array) > 0) {
while (list($num, $val) = each($this->network_array)) {
if ($val == null) {
continue;
}
$k[$val] = $val;
}
}
if (count($k == 0)) {
$f[] = "acl localnet src all";
}
if (count($k > 0)) {
while (list($m, $l) = each($k)) {
$s[] = $l;
}
$f[] = "acl localnet src " . implode(" ", $s);
}
}
if ($ssl) {
}
$f[] = "acl all src all";
$f[] = "acl manager proto cache_object";
$f[] = "acl localhost src 127.0.0.1/32";
$f[] = "acl to_localhost dst 127.0.0.0/8 0.0.0.0/32";
$f[] = "acl SSL_ports port \"/etc/squid3/acls/SSLPorts\"";
$f[] = "acl Safe_ports port 80\t\t# http";
$f[] = "acl Safe_ports port 21\t\t# ftp";
$f[] = "acl Safe_ports port 443\t\t# https";
$f[] = "acl Safe_ports port 70\t\t# gopher";
$f[] = "acl Safe_ports port 210\t\t# wais";
$f[] = "acl Safe_ports port 1025-65535\t# unregistered ports";
$f[] = "acl Safe_ports port 280\t\t# http-mgmt";
$f[] = "acl Safe_ports port 488\t\t# gss-http";
$f[] = "acl Safe_ports port 591\t\t# filemaker";
$f[] = "acl Safe_ports port 777\t\t# multiling http";
$f[] = "acl CONNECT method CONNECT";
$f[] = "";
$f[] = "";
if ($sock->EnableUfdbGuard() == 1) {
$f[] = ufdbguard27();
$EnableUfdbGuardArtica = $sock->EnableUfdbGuardArtica();
if (!is_file("/etc/squid3/acls/office365-nets.acl")) {
@touch("/etc/squid3/acls/office365-nets.acl");
}
if (!is_file("/etc/squid3/acls/office365-domains.acl")) {
@touch("/etc/squid3/acls/office365-domains.acl");
}
if (!is_file("/etc/squid3/acls/skype-nets.acl")) {
@touch("/etc/squid3/acls/skype-nets.acl");
}
if (!is_file("/etc/squid3/acls/dropbox-nets.acl")) {
@touch("/etc/squid3/acls/dropbox-nets.acl");
}
$f[] = "acl squidclient proto cache_object";
$f[] = "acl MgRDest dst 127.0.0.1";
$f[] = "acl MgRPort dst 127.0.0.1";
$f[] = "acl MyTestPort src 127.0.0.1";
$f[] = "acl MyLocalIpsDest dst 127.0.0.1";
$f[] = "acl ToArticaWWW dstdomain .artica.fr .articatech.net .articatech.com";
if ($EnableUfdbGuardArtica == 0) {
$f[] = "acl UrlRewriteDenyList dstdomain \"/etc/squid3/url_rewrite_program.deny.db\"";
}
$f[] = "acl ArticaMetaWhiteDoms dstdomain \"/etc/squid3/artica-meta/whitelist-domains.db\"";
$f[] = "acl ArticaMetaWhiteIPs dst \"/etc/squid3/artica-meta/whitelist-nets.db\"";
$f[] = "acl BrowsersNoWebF browser -i \"/etc/squid3/acls/Browsers-nofilter.acl\"";
$f[] = "acl whitelisted_mac_computers arp \"/etc/squid3/whitelisted-computers-by-mac.acl\"";
$f[] = "acl office365_ips dst \"/etc/squid3/acls/office365-nets.acl\"";
$f[] = "acl office365_www dstdomain \"/etc/squid3/acls/office365-domains.acl\"";
$f[] = "acl skype_www dstdomain .live.com .skypeassets.com";
$f[] = "acl skype_ips dst \"/etc/squid3/acls/skype-nets.acl\"";
$f[] = "acl dropbox_ips dst \"/etc/squid3/acls/dropbox-nets.acl\"";
$f[] = "acl dropbox_www dstdomain .dropbox.com";
$f[] = @file_get_contents("/etc/squid3/url_rewrite_access.conf");
}
$f[] = "http_access allow manager localhost";
$f[] = "http_access deny manager";
$f[] = "http_access deny !Safe_ports";
$f[] = "http_access deny CONNECT !SSL_ports";
$f[] = "http_access allow localnet";
$f[] = "http_access deny all";
$f[] = "icp_access allow localnet";
$f[] = "icp_access deny all";
$f[] = "cache_peer 127.0.0.1\tparent\t{$LISTEN_PORT}\t3130\tdefault";
$f[] = "never_direct allow all";
$f[] = "cache_mem 64 MB";
$f[] = "maximum_object_size_in_memory 256 KB";
$f[] = "memory_replacement_policy lru";
$LOGFORMAT[] = "%>a";
$LOGFORMAT[] = "%[ui";
$LOGFORMAT[] = "%[un";
$LOGFORMAT[] = "[%tl]";
$LOGFORMAT[] = "\"%rm %ru HTTP/%rv\"";
$LOGFORMAT[] = "%Hs";
$LOGFORMAT[] = "%<st";
$LOGFORMAT[] = "%Ss:";
$LOGFORMAT[] = "%Sh";
$LOGFORMAT[] = "UserAgent:\"%{User-Agent}>h\"";
$LOGFORMAT[] = "Forwarded:\"%{X-Forwarded-For}>h\"";
$f[] = "logformat common MAC:00:00:00:00:00:00 " . @implode(" ", $LOGFORMAT);
$f[] = "access_log none";
$f[] = "cache_store_log none";
if ($LogsWarninStop == 0) {
$f[] = "logfile_rotate 10";
}
if ($LogsWarninStop == 1) {
$f[] = "logfile_rotate 0";
}
$f[] = "# emulate_httpd_log off";
$f[] = "log_ip_on_direct on";
$f[] = "mime_table /etc/squid27/mime.conf";
$f[] = "# log_mime_hdrs off";
$f[] = "pid_filename /var/run/squid/squid-nat.pid";
$f[] = "debug_options ALL,1";
$f[] = "log_fqdn on";
$f[] = "client_netmask 255.255.255.255";
$f[] = "strip_query_terms off";
$f[] = "buffered_logs on";
$f[] = "netdb_filename /var/log/squid/netdb_nat.state";
if ($LogsWarninStop == 0) {
$f[] = "cache_log /var/log/squid/cache-nat.log";
}
if ($LogsWarninStop == 1) {
$f[] = "cache_log /dev/null";
}
$f[] = "#url_rewrite_program";
$f[] = "# url_rewrite_children 5";
$f[] = "# url_rewrite_concurrency 0";
$f[] = "# url_rewrite_host_header on";
$f[] = "refresh_pattern .\t\t0\t20%\t4320";
$f[] = "cache_effective_user squid";
$f[] = "cache_effective_group squid";
$f[] = "httpd_suppress_version_string on";
$f[] = "visible_hostname {$visible_hostname}";
$f[] = "cache_dir null /tmp";
$f[] = "# icon_directory /usr/share/squid27/icons";
$f[] = "# error_directory /usr/share/squid27/errors/English";
$f[] = "forwarded_for on";
$f[] = "client_db on";
$f[] = "";
CheckFilesAndSecurity();
@file_put_contents("/etc/squid27/squid.conf", @implode("\n", $f));
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["SERVICE_NAME"]} /etc/squid27/squid.conf done\n";
}
}
