die;
}
}
}
echo "Starting......: " . date("H:i:s") . " [SERV]: is connected to remote appliance ? `{$EnableRemoteStatisticsAppliance}`\n";
if ($EnableRemoteStatisticsAppliance == 1) {
squid_admin_notifs("Start to rebuilding Proxy settings", "MAIN", __FILE__, __LINE__);
$r = new squid_stats_appliance();
echo "Starting......: " . date("H:i:s") . " [SERV]: ################################\n";
echo "Starting......: " . date("H:i:s") . " [SERV]: # This server is connected to: #\n";
echo "Starting......: " . date("H:i:s") . " [SERV]: # {$r->URI} #\n";
echo "Starting......: " . date("H:i:s") . " [SERV]: ################################\n";
remote_appliance_restore_tables();
}
build_progress("{reconfigure}", 5);
squid_reconfigure_build_tool();
build_progress("{reconfigure}", 10);
squid_pactester();
build_progress("{reconfigure}", 15);
$childpid = posix_getpid();
$sock = new sockets();
$squid_user = SquidUser();
$SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH();
$PHP = LOCATE_PHP5_BIN2();
$NOHUP = $unix->find_program("nohup");
build_progress("{reconfigure}", 20);
writeinitd();
@file_put_contents($EXEC_PID_FILE, $childpid);
if (is_file("/etc/squid3/mime.conf")) {
shell_exec("/bin/chown squid:squid /etc/squid3/mime.conf");
}
function build()
{
build_progress("{reconfigure} (1)", 2);
if ($GLOBALS["VERBOSE"]) {
echo "Running build...\n";
}
$unix = new unix();
$sock = new sockets();
$users = new usersMenus();
$forceCMD = null;
$argv = null;
$PHP = $unix->LOCATE_PHP5_BIN();
$mypid = getmypid();
if (isset($argv[1])) {
$argv = $argv[1];
}
$pids = $unix->PIDOF_PATTERN_ALL(basename(__FILE__) . ".*?{$argv}");
if (count($pids) > 1) {
build_progress("{already_process_exists_try_later}", 110);
while (list($num, $ligne) = each($pids)) {
$cmdline = @file_get_contents("/proc/{$num}/cmdline");
echo "Starting......: " . date("H:i:s") . " [SERV]: [{$mypid}] Already process PID {$num} {$cmdline} exists..\n";
echo "Starting......: " . date("H:i:s") . " [SERV]: [{$mypid}] Running " . @file_get_contents("/proc/{$num}/cmdline") . "\n";
}
die;
}
$EnableKerbAuth = $sock->GET_INFO("EnableKerbAuth");
if (!is_numeric($EnableKerbAuth)) {
$EnableKerbAuth = 0;
}
$EnableWebProxyStatsAppliance = $sock->GET_INFO("EnableWebProxyStatsAppliance");
$EnableRemoteStatisticsAppliance = $sock->GET_INFO("EnableRemoteStatisticsAppliance");
if (!is_numeric($EnableRemoteStatisticsAppliance)) {
$EnableRemoteStatisticsAppliance = 0;
}
if (!is_numeric($EnableWebProxyStatsAppliance)) {
$EnableWebProxyStatsAppliance = 0;
}
$UnlockWebStats = $sock->GET_INFO("UnlockWebStats");
if (!is_numeric($UnlockWebStats)) {
$UnlockWebStats = 0;
}
$ServiceFTPEnabled = intval($sock->GET_INFO("ServiceFTPEnabled"));
if ($users->WEBSTATS_APPLIANCE) {
$EnableWebProxyStatsAppliance = 1;
$sock->SET_INFO("{$EnableWebProxyStatsAppliance}", 1);
}
if ($EnableWebProxyStatsAppliance == 1) {
notify_remote_proxys();
}
if ($UnlockWebStats == 1) {
$EnableRemoteStatisticsAppliance = 0;
}
//Vérifie le compte utilisateur.
//------------------------------------------------------------------------------------------------------------------------------------------------------------
$unix->CreateUnixUser("squid", "squid", "Squid Cache Service");
$MustHave[] = "/etc/squid3/artica-meta/whitelist-nets.db";
$MustHave[] = "/var/logs/cache.log";
$MustHave[] = "/etc/squid3/squid-block.acl";
$MustHave[] = "/etc/squid3/allowed-user-agents.acl";
$MustHave[] = "/etc/squid3/GlobalAccessManager_auth.conf";
$MustHave[] = "/etc/squid3/icap.conf";
$MustHave[] = "/etc/squid3/GlobalAccessManager_url_rewrite.conf";
$MustHave[] = "/etc/squid3/GlobalAccessManager_deny_cache.conf";
$MustHave[] = "/etc/squid3/GlobalAccessManager_deny.conf";
$MustHave[] = "/etc/squid3/squid-block.acl";
$MustHave[] = "/etc/squid3/clients_ftp.acl";
$MustHave[] = "/etc/squid3/allowed-user-agents.acl";
$MustHave[] = "/etc/squid3/whitelisted-computers-by-mac.acl";
while (list($none, $path) = each($MustHave)) {
echo "Starting......: " . date("H:i:s") . " [SYS]: checking {$path}\n";
if (!is_file($path)) {
@touch($path);
}
@chown($path, "squid");
@chgrp($path, "squid");
}
if ($GLOBALS["FORCE"]) {
$forceCMD = " --force";
}
$squidbin = $unix->LOCATE_SQUID_BIN();
if (!is_file($squidbin)) {
build_progress("{squid_binary_not_found}", 110);
echo "Starting......: " . date("H:i:s") . " [SERV]: Unable to stat squid binary, aborting..\n";
die;
}
$EXEC_TIME_FILE = "/etc/artica-postfix/" . basename(__FILE__) . ".build.time";
if (!$GLOBALS["FORCE"]) {
$time = $unix->file_time_min($EXEC_TIME_FILE);
if ($time == 0) {
build_progress("Failed! Only one config per minute !!!", 110);
echo "Starting......: " . date("H:i:s") . " [SERV]: Only one config per minute...\n";
die;
}
}
@unlink($EXEC_TIME_FILE);
@file_put_contents($EXEC_TIME_FILE, time());
if ($GLOBALS["EMERGENCY"]) {
squid_admin_mysql(0, "Reconfiguring Proxy service after Emergency enabled", null, __FILE__, __LINE__);
}
$TimeStart = time();
$EXEC_PID_FILE = "/etc/artica-postfix/" . basename(__FILE__) . ".build.pid";
$kill = $unix->find_program("kill");
$pid = @file_get_contents($EXEC_PID_FILE);
if ($unix->process_exists($pid, basename(__FILE__))) {
$TimePid = $unix->PROCCESS_TIME_MIN($pid);
if ($TimePid > 30) {
posix_kill(intval($pid), 9);
} else {
if (!$GLOBALS["FORCE"]) {
print "Starting......: " . date("H:i:s") . " Checking (L." . __LINE__ . ") Squid Already executed pid {$pid} since {$TimePid}mn ...\n";
die;
}
}
}
echo "Starting......: " . date("H:i:s") . " [SERV]: is connected to remote appliance ? `{$EnableRemoteStatisticsAppliance}`\n";
if ($EnableRemoteStatisticsAppliance == 1) {
$r = new squid_stats_appliance();
echo "Starting......: " . date("H:i:s") . " [SERV]: ################################\n";
echo "Starting......: " . date("H:i:s") . " [SERV]: # This server is connected to: #\n";
echo "Starting......: " . date("H:i:s") . " [SERV]: # {$r->URI} #\n";
echo "Starting......: " . date("H:i:s") . " [SERV]: ################################\n";
remote_appliance_restore_tables();
}
build_progress("{reconfigure} (1)", 5);
if (!PortsConversion()) {
build_progress("{reconfigure} {failed} !PortsConversion", 110);
return;
}
squid_reconfigure_build_tool();
build_progress("{reconfigure}", 10);
squid_pactester();
build_progress("{reconfigure}", 15);
$childpid = posix_getpid();
$sock = new sockets();
$squid_user = SquidUser();
$SQUID_CONFIG_PATH = $unix->SQUID_CONFIG_PATH();
$PHP = LOCATE_PHP5_BIN2();
$NOHUP = $unix->find_program("nohup");
build_progress("{reconfigure}", 20);
@file_put_contents($EXEC_PID_FILE, $childpid);
if (is_file("/etc/squid3/mime.conf")) {
shell_exec("/bin/chown squid:squid /etc/squid3/mime.conf");
}
$EnableKerbAuth = $sock->GET_INFO("EnableKerbAuth");
if (!is_numeric("{$EnableKerbAuth}")) {
$EnableKerbAuth = 0;
}
if (!is_dir("/usr/share/squid-langpack")) {
TemplatesInMysql(true);
exit;
}
echo "Starting......: " . date("H:i:s") . " Checking squid kerberos authentification is set to {$EnableKerbAuth}\n";
echo "Starting......: " . date("H:i:s") . " Checking squid certificate\n";
build_progress("{reconfigure} Check database", 25);
checkdatabase();
build_progress("{reconfigure} certificates", 30);
certificate_generate();
build_progress("{reconfigure}", 35);
remote_appliance_restore_tables();
build_progress("{reconfigure}", 40);
echo "Starting......: " . date("H:i:s") . " Instanciate squid library..\n";
$squid = new squidbee();
$squidbin = $unix->find_program("squid3");
echo "Starting......: " . date("H:i:s") . " checking squid binaries..\n";
if (!is_file($squidbin)) {
$squidbin = $unix->find_program("squid");
}
echo "Starting......: " . date("H:i:s") . " Binary: {$squidbin}\n";
echo "Starting......: " . date("H:i:s") . " Config: {$SQUID_CONFIG_PATH}\n";
echo "Starting......: " . date("H:i:s") . " User..: {$squid_user}\n";
echo "Starting......: " . date("H:i:s") . " Checking blocked sites\n";
build_progress("{reconfigure} {building} NET ADS", 45);
shell_exec("{$NOHUP} {$PHP} " . basename(__FILE__) . "/exec.squid.netads.php >/dev/null 2>&1 &");
echo "Starting......: " . date("H:i:s") . " Building master configuration\n";
$squid->ASROOT = true;
echo "Starting......: " . date("H:i:s") . " Checking Watchdog\n";
build_progress("{reconfigure} checking Watchdog settings", 46);
watchdog_config();
build_progress("{reconfigure} build errors", 47);
errors_details_txt();
build_progress("{reconfigure} Checking caches", 48);
BuildCaches(true);
build_progress("{reconfigure} Check files and security", 49);
CheckFilesAndSecurity();
build_progress("{reconfigure} Building schedules", 50);
build_schedules(true);
build_progress("{reconfigure} Building SSL passwords", 89);
build_sslpasswords();
build_progress("{reconfigure} Building blacklists", 90);
build_blacklists();
build_progress("{reconfigure} Building No caches list", 91);
build_denycaches();
build_progress("{reconfigure} Building {GLOBAL_ACCESS_CENTER}", 93);
system("{$PHP} /usr/share/artica-postfix/exec.squid.global.access.php --nochek");
build_progress("{reconfigure} Building main configuration", 94);
if (!ApplyConfig()) {
build_progress("Apply configuration failed", 110);
echo "Starting......: " . date("H:i:s") . " Apply configuration failed....\n";
return;
}
build_progress("{reconfigure} FTP Proxy service", 95);
system("{$NOHUP} {$PHP} /usr/share/artica-postfix/exec.ftpproxy-multi.php --build >/dev/null 2>&1 &");
build_progress("{reconfigure} Wan Compressor Proxy service", 95);
system("{$NOHUP} {$PHP} /usr/share/artica-postfix/exec.wanproxy.php --build-squid >/dev/null 2>&1 &");
build_progress("{checking_transparent_mode}", 95);
if ($unix->IS_FIREHOLE_ACTIVE()) {
build_progress("{restarting_firewall}", 95);
system("{$PHP} /usr/share/artica-postfix/exec.firehol.php");
system("/etc/init.d/firehol restart");
} else {
system("{$PHP} /usr/share/artica-postfix/exec.squid.transparent.php");
system("{$PHP} /usr/share/artica-postfix/exec.secure.gateway.php");
if (is_file("/etc/init.d/iptables-transparent")) {
build_progress("{restarting_firewall}", 95);
system("/etc/init.d/iptables-transparent restart");
}
if (is_file("/bin/iptables-parents.sh")) {
build_progress("{restarting_firewall} (parent)", 95);
system("/bin/iptables-parents.sh");
}
if (is_file("/bin/artica-secure-gateway.sh")) {
build_progress("{restarting_firewall} (Secure gateway)", 95);
shell_exec("/bin/artica-secure-gateway.sh");
}
}
build_progress("{checking_wccp_mode}", 95);
system("{$PHP} /usr/share/artica-postfix/exec.squid.wccp.php --reconfigure");
build_progress("{checking_mikrotik_mode}", 95);
system("{$PHP} /usr/share/artica-postfix/exec.mikrotik.php");
build_progress("{reconfigure}", 96);
$GLOBALS["OUTPUT"] = true;
if ($GLOBALS["NOAPPLY"]) {
build_progress("{reconfiguring_proxy_service} {success}", 100);
return;
}
if (!$GLOBALS["RESTART"]) {
build_progress("{reloading_service}", 91);
if (!$GLOBALS["NORELOAD"]) {
Reload_Squid();
}
}
if ($GLOBALS["RESTART"]) {
if (!$GLOBALS["NORELOAD"]) {
build_progress("{stopping_service}", 91);
system("{$PHP} /usr/share/artica-postfix/exec.squid.watchdog.php --stop {$forceCMD} --byForceReconfigure");
build_progress("{starting_service}", 93);
system("{$PHP} /usr/share/artica-postfix/exec.squid.watchdog.php --start {$forceCMD} --byForceReconfigure");
build_progress("{starting_service}", 95);
}
}
build_progress("{building} Cached Web frontend pages", 97);
shell_exec("{$NOHUP} {$PHP} " . basename(__FILE__) . "/exec.cache.pages.php --force >/dev/null 2>&1 &");
$BuildAllTemplatesDone = $sock->GET_INFO("BuildAllTemplatesDone");
if (!is_numeric($BuildAllTemplatesDone)) {
$BuildAllTemplatesDone = 0;
}
if ($BuildAllTemplatesDone == 0) {
build_progress("{building} Templates schedules", 97);
echo "Starting......: " . date("H:i:s") . " scheduling Building templates\n";
sys_THREAD_COMMAND_SET("{$PHP} " . __FILE__ . " --tpl-save");
$sock->SET_INFO("BuildAllTemplatesDone", 1);
}
build_progress("{building} Templates", 98);
sys_THREAD_COMMAND_SET("{$PHP} " . __FILE__ . " --mysql-tpl");
build_progress("{reconfiguring_proxy_service} {success}", 100);
echo "Starting......: " . date("H:i:s") . " Done (Took: " . $unix->distanceOfTimeInWords($TimeStart, time()) . ")\n";
die;
}
