#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2009  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
# Based on Steffen Schoch (sschoch@users.sourceforge.net)                     #
#                                                                             #
###############################################################################

use strict;
use IPC::Open2;
use IO::Handle;

my $redirectors;

require '/var/ipfire/general-functions.pl';

my %proxysettings=();
$proxysettings{'ENABLE_FILTER'} = 'off';
$proxysettings{'ENABLE_CLAMAV'} = 'off';
$proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);

# define here your redirectors (use a comma sperated list)
if ( $proxysettings{'ENABLE_FILTER'} eq 'on' && $proxysettings{'ENABLE_CLAMAV'} eq 'on' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' ){$redirectors = [ '/usr/bin/squidGuard', '/usr/bin/squidclamav', '/usr/sbin/updxlrator' ];}
elsif ( $proxysettings{'ENABLE_FILTER'} eq 'on' && $proxysettings{'ENABLE_CLAMAV'} eq 'on' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'off' ){$redirectors = [ '/usr/bin/squidGuard', '/usr/bin/squidclamav' ];}
elsif ( $proxysettings{'ENABLE_FILTER'} eq 'on' && $proxysettings{'ENABLE_CLAMAV'} eq 'off' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' ){$redirectors = [ '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];}
elsif ( $proxysettings{'ENABLE_FILTER'} eq 'on' && $proxysettings{'ENABLE_CLAMAV'} eq 'off' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'off' ){$redirectors = [ '/usr/bin/squidGuard' ];}
elsif ( $proxysettings{'ENABLE_FILTER'} eq 'off' && $proxysettings{'ENABLE_CLAMAV'} eq 'on' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' ){$redirectors = [ '/usr/bin/squidclamav', '/usr/sbin/updxlrator' ];}
elsif ( $proxysettings{'ENABLE_FILTER'} eq 'off' && $proxysettings{'ENABLE_CLAMAV'} eq 'on' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'off' ){$redirectors = [ '/usr/bin/squidclamav' ];}
elsif ( $proxysettings{'ENABLE_FILTER'} eq 'off' && $proxysettings{'ENABLE_CLAMAV'} eq 'off' && $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' ){$redirectors = [ '/usr/sbin/updxlrator' ];}
else  { $redirectors = [ '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];}

# Attention: keep in mind that the order of your redirectors is important.
# It doesn't make sense to scan for viruses on pages you restrict access to...
# So place first your tools which restrict access, then the tools which do the
# content filtering!

##### no need to change anything below this line #####

# init
$| = 1;
STDOUT->autoflush(1);
my $line;
my $return;
my $i;
my $debug=0; # enable only for debugging

if ( -e "/var/ipfire/proxy/enable_redirector_debug" ){
	$debug = 1;
	writetolog("Urlfilter = ".$proxysettings{'ENABLE_FILTER'}." Clamav = ".$proxysettings{'ENABLE_CLAMAV'}." Updxlrator = ".$proxysettings{'ENABLE_UPDXLRATOR'});
	}

# open progamms
my $pidlist = [];
my $rlist = [];
my $wlist = [];

for($i = 0; $i < @$redirectors; $i++) {
	$pidlist->[$i] = open2($rlist->[$i], $wlist->[$i], $redirectors->[$i]);
	if ($debug){
		writetolog("Current redirector is ".$redirectors->[$i]." number ".$i." PID ".$pidlist->[$i]);
		}
	}

# wait for data...
while($line = <>) {
	$return = "";

	for($i = 0; $i < @$redirectors; $i++) {
		$wlist->[$i]->print($line);
		$return = $rlist->[$i]->getline;

		if ( $return eq "Processing file and database" ){
			system("logger -t ipfire 'Emergency - squidGuard not initialised please run squidGuard -C all'");
			}

		if ($debug){
			my $dline = $line;my $dreturn = $return;chomp $dline;chomp $dreturn;
			if ( $return eq $line or $return eq "\n" or $return eq "" ){
				writetolog("Request equals result by ".$redirectors->[$i]." ".$dline);
				}
			else {
				writetolog($redirectors->[$i]." answers ".$dreturn."\n   Querried ".$dline);
				}
			}

		# break if redirector changes data
		if($return ne "\n" and $return ne $line ){
			if ( $redirectors->[$i] ne "/usr/sbin/updxlrator"){
				if ($debug){
					writetolog($redirectors->[$i]." is stopping querry because block was found.");
					}
				$i = @$redirectors;
				}
			}
		}
	print $return;
	}

exit 0;

sub writetolog {
	open(DATEI, ">>/var/log/squid/redirector_debug") || die "Unable to acces file /var/log/redirector_debug";
	my $log = shift;
	print DATEI $log."\n";
	close(DATEI);
	}
