/** * Common view/edit form. * * @param string $form_type form type * * @return view */ function _form($form_type) { // Load dependencies //------------------ $this->lang->load('web_proxy'); $this->load->library('web_proxy/Squid'); $this->load->library('web_proxy/Squid_Firewall'); $ntlm_available = FALSE; if (clearos_library_installed('samba_common/Samba')) { $this->load->library('samba_common/Samba'); $ntlm_available = $this->samba->is_initialized(); } // Handle form submit //------------------- if ($this->input->post('submit')) { try { if ($this->input->post('mode')) { $mode = $this->input->post('mode'); if ($mode == 1) { $this->squid_firewall->set_proxy_transparent_state(TRUE); $this->squid->set_user_authentication_state(FALSE); } else { if ($mode == 2) { $this->squid_firewall->set_proxy_transparent_state(FALSE); $this->squid->set_ntlm_state(FALSE); $this->squid->set_user_authentication_state(TRUE); } else { if ($mode == 3) { $this->squid_firewall->set_proxy_transparent_state(FALSE); $this->squid->set_ntlm_state(TRUE); $this->squid->set_user_authentication_state(TRUE); } else { if ($mode == 4) { $this->squid_firewall->set_proxy_transparent_state(FALSE); $this->squid->set_user_authentication_state(FALSE); } } } } } else { $this->squid->set_ntlm_state($this->input->post('ntlm')); $this->squid->set_user_authentication_state($this->input->post('user_authentication')); } // The network configuration needs to updated when the transparent // mode changes around, ergo auto_configure(). $this->squid->auto_configure(); $this->squid->reset(TRUE); $this->page->set_status_updated(); redirect('/web_proxy/authentication'); } catch (Exception $e) { $this->page->view_exception($e); return; } } // Load view data //--------------- try { $data['form_type'] = $form_type; $data['transparent_capable'] = $this->squid_firewall->get_proxy_transparent_capability(); $data['transparent'] = $this->squid_firewall->get_proxy_transparent_state(); $data['user_authentication'] = $this->squid->get_user_authentication_state(); $data['ntlm'] = $this->squid->get_ntlm_state(); $data['ntlm_available'] = $ntlm_available; $data['modes']['1'] = lang('web_proxy_transparent_and_no_user_authentication'); $data['modes']['2'] = lang('web_proxy_non_transparent_with_user_authentication'); if ($ntlm_available) { $data['modes']['3'] = lang('web_proxy_non_transparent_with_user_authentication_and_ntlm'); } $data['modes']['4'] = lang('web_proxy_non_transaprent_Without_user_authentication'); if ($data['transparent'] && !$data['user_authentication']) { $data['mode'] = 1; } else { if (!$data['transparent'] && $data['user_authentication'] && !$data['ntlm']) { $data['mode'] = 2; } else { if (!$data['transparent'] && $data['user_authentication'] && $data['ntlm']) { $data['mode'] = 3; } else { if (!$data['transparent'] && !$data['user_authentication']) { $data['mode'] = 4; } else { $data['mode'] = 1; } } } } } catch (Exception $e) { $this->page->view_exception($e); return; } // Load views //----------- $this->page->view_form('web_proxy/authentication', $data, lang('web_proxy_authentication')); }
/** * Sets basic authentication default values. * * @return void * @throws Engine_Exception */ public function set_basic_authentication_info_default() { clearos_profile(__METHOD__, __LINE__); $product = new Product(); $name = $product->get_name(); $realm = $name . ' - ' . lang('web_proxy_web_proxy'); $tuning = $this->get_tuning(); // TODO: deal with custom tuning if ($tuning['level'] == Tuning::LEVEL_CUSTOM) { $children = 60; } else { $children = $tuning['children']; } // Basic authentication //--------------------- $file = new File(self::FILE_AUTH_CONFIG); $lines = "# This file is managed by the ClearOS API. Use squid.conf for customization.\n"; $lines .= "auth_param basic children {$children}\n"; $lines .= "auth_param basic realm {$realm}\n"; $lines .= "auth_param basic credentialsttl 2 hours\n"; $lines .= "auth_param basic program {$this->file_pam_auth}\n"; // TODO - IPv4 hack below $lines .= "external_acl_type system_group ipv4 %LOGIN {$this->file_squid_unix_group} -p\n"; // Add NTLM if desired and possible //--------------------------------- if ($this->get_ntlm_state() && clearos_library_installed('samba_common/Samba')) { clearos_load_library('samba_common/Samba'); $samba = new \clearos\apps\samba_common\Samba(); if ($samba->is_initialized()) { $domain = $samba->get_workgroup(); // TODO: hard coded web_proxy_plugin below $lines .= "# NTLM\n"; $lines .= "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp " . "--require-membership-of={$domain}+web_proxy_plugin\n"; $lines .= "auth_param ntlm children {$children}\n"; $lines .= "auth_param ntlm keep_alive on\n"; } } if ($file->exists()) { $file->delete(); } $file->create('root', 'root', '0644'); $file->add_lines($lines); }
/** * Returns the state of the proxy filter. * * @return boolean TRUE if proxy filter is enabled * @throws Engine_Exception */ public function get_proxy_filter_state() { clearos_profile(__METHOD__, __LINE__); $state = FALSE; if (clearos_library_installed('content_filter/DansGuardian')) { clearos_load_library('content_filter/DansGuardian'); $dansguardian = new \clearos\apps\content_filter\DansGuardian(); $state = $dansguardian->get_running_state(); } return $state; }