Fixed authentication not working when using proxy

Changed redirector to be more dynamic and handle new redirectors
Changed proxy cgi to support one new redirector and allways use the default
Added recent changes to core 11
Changed clamd.conf file to handle streams up to 50M and not using the defaul
Started building squidclamav redirector to scan for viruses when using the p

config/clamav/clamd.conf

@@ -1,10 +1,9 @@
 ##
 ## ipfire config file for the Clam AV daemon
 ##
-
 LogSyslog yes
-
 PidFile /var/run/clamav/clamd.pid
 LocalSocket /var/run/clamav/clamd
-
 ArchiveMaxFileSize 15M
+StreamMaxLength 50M
+ScanPDF yes

config/rootfiles/core/11/files

@@ -19,3 +19,6 @@ usr/lib/php/.registry/pear.reg
 usr/lib/php/data/PEAR/package.dtd
 usr/lib/php/data/PEAR/template.spec
 usr/lib/php/pearcmd.php
+srv/web/ipfire/cgi-bin/proxy.cgi
+usr/sbin/redirect_wrapper
+var/ipfire/langs

config/rootfiles/core/11/update.sh

@@ -3,6 +3,7 @@
 /usr/local/bin/backupctrl exclude >/dev/null 2>&1
 /etc/init.d/squid stop
 extract_files
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
 squidGuard -d -C all
 chmod 666 /var/ipfire/urlfilter/blacklist/*/*.db
 /etc/init.d/squid start

config/rootfiles/packages/squidclamav

@@ -0,0 +1,3 @@
+usr/bin/squidclamav
+etc/squidclamav.conf
+srv/web/ipfire/html/clwarn.cgi

config/squidclamav/squidclamav.conf

@@ -1,6 +1,6 @@
 proxy none
 logfile /var/log/squidclamav.log
-redirect http://192.168.255.1:81/clwarn.cgi
+redirect http://127.0.0.1:81/clwarn.cgi
 debug 0
 force 1
 stat 0

config/urlfilter/redirect_wrapper

@@ -24,15 +24,25 @@
 use strict;
 use IPC::Open2;
 use IO::Handle;
+require '/var/ipfire/general-functions.pl';
+
+my %proxysettings=();
+&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
 
 # define here your redirectors (use a comma sperated list)
-my $redirectors = [ '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];
+my @redirectors = "";
+if ( $proxysettings{'ENABLE_FILTER'} eq 'on' && -e '/usr/bin/squidGuard' ){push(@redirectors,"/usr/bin/squidGuard"); }
+if ( $proxysettings{'ENABLE_CLAMAV'} eq 'on' && -e '/usr/bin/squidclamav' ){ push(@redirectors,"/usr/bin/squidclamav"); }
+if ( $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' && -e '/usr/sbin/updxlrator' ) { push(@redirectors,"/usr/sbin/updxlrator"); }
+
+#my $redirectors = [ '/usr/bin/squidclamav', '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];
 
 # Attention: keep in mind that the order of your redirectors is important.
 # It doesn't make sense to scan for viruses on pages you restrict access to...
 # So place first your tools which restrict access, then the tools which do the
 # content filtering!
 
+#print "Anzahl ".$#redirectors."\n";
 
 ##### no need to change anything below this line #####
 
@@ -47,13 +57,14 @@ my $i;
 my $pidlist = [];
 my $rlist = [];
 my $wlist = [];
-for($i = 0; $i < @$redirectors; $i++) {
-        $pidlist->[$i] = open2($rlist->[$i], $wlist->[$i], $redirectors->[$i]);
+for($i = 1; $i <= $#redirectors; $i++) {
+			  #print "i=".$i." redirector ".$redirectors[$i]."\n";
+        $pidlist->[$i] = open2($rlist->[$i], $wlist->[$i], $redirectors[$i] );
 }
 
 # wait for data...
 while($line = <>) {
-        for($i = 0; $i < @$redirectors; $i++) {
+        for($i = 1; $i <= $#redirectors; $i++) {
                 $wlist->[$i]->print($line);
                 $return = $rlist->[$i]->getline;
                 last if($return ne "\n" and $return ne $line);

html/cgi-bin/proxy.cgi

@@ -262,6 +262,7 @@ $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
 $proxysettings{'IDENT_USER_ACL'} = 'positive';
 $proxysettings{'ENABLE_FILTER'} = 'off';
 $proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
+$proxysettings{'ENABLE_CLAMAV'} = 'off';
 
 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
 
@@ -593,6 +594,7 @@ ERROR:
 		$stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
 		$stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
 		$stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
+		$stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
 		&General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
 
 		&writeconfig;
@@ -828,6 +830,10 @@ $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
 
+$checked{'ENABLE_CLAMAV'}{'off'} = '';
+$checked{'ENABLE_CLAMAV'}{'on'} = '';
+$checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
+
 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
 
 &Header::openbigbox('100%', 'left', '', $errormessage);
@@ -930,9 +936,19 @@ print <<END
 </table>
 <hr size='1'>
 <table width='100%'>
-<tr>
-	<td class='base' width='50%'><b>$Lang::tr{'advproxy url filter'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
-	<td class='base' width='50%'><b>$Lang::tr{'advproxy update accelerator'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_UPDXLRATOR' $checked{'ENABLE_UPDXLRATOR'}{'on'} /></td>
+END
+;
+if ( -e "/usr/bin/squidclamav" ) {
+	 print "<td class='base' width='33%'><b>$Lang::tr{'advproxy url filter'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>";
+	 print "<td class='base' width='33%'><b>$Lang::tr{'advproxy update accelerator'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_UPDXLRATOR' $checked{'ENABLE_UPDXLRATOR'}{'on'} /></td>";
+	 print "<td class='base' width='33%'><b>$Lang::tr{'advproxy squidclamav'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_CLAMAV' $checked{'ENABLE_CLAMAV'}{'on'} /></td>";
+}
+else
+{
+ print "<td class='base' width='50%'><b>$Lang::tr{'advproxy url filter'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>";
+ print "<td class='base' width='50%'><b>$Lang::tr{'advproxy update accelerator'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_UPDXLRATOR' $checked{'ENABLE_UPDXLRATOR'}{'on'} /></td>";
+}
+print <<END
 </tr>
 </table>
 <hr size='1'>
@@ -2813,7 +2829,7 @@ sub writeconfig
 
 	if ($proxysettings{'AUTH_REALM'} eq '')
 	{
-		$authrealm = "IPCop Advanced Proxy Server";
+		$authrealm = "IPFire Advanced Proxy Server";
 	} else {
 		$authrealm = $proxysettings{'AUTH_REALM'};
 	}
@@ -3684,7 +3700,7 @@ END
 		if ($proxysettings{'ENABLE_FILTER'} eq 'on')
 		{
 			print FILE <<END
-url_rewrite_program /usr/bin/squidGuard
+url_rewrite_program /usr/sbin/redirect_wrapper
 url_rewrite_children $filtersettings{'CHILDREN'}
 
 END
@@ -3693,7 +3709,7 @@ END
 		if ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on')
 		{
 			print FILE <<END
-url_rewrite_program /usr/sbin/updxlrator
+url_rewrite_program /usr/sbin/redirect_wrapper
 url_rewrite_children $xlratorsettings{'CHILDREN'}
 
 END
@@ -3723,7 +3739,7 @@ sub adduser
 		close(FILE);
 	} else {
 		&deluser($str_user);
-		system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
+		system("/usr/sbin/htpasswd -b $userdb $str_user $str_pass");
 	}
 
 	if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");

langs/de/cgi-bin/de.pl

@@ -92,6 +92,7 @@
 'advproxy AUTH method' => 'Authentifizierungsmethode',
 'advproxy AUTH method ident' => 'identd',
 'advproxy AUTH method ldap' => 'LDAP',
+'advproxy squidclamav' => 'SquidClamav',
 'advproxy AUTH method ncsa' => 'Lokal',
 'advproxy AUTH method none' => 'Keine',
 'advproxy AUTH method ntlm' => 'Windows',

langs/en/cgi-bin/en.pl

@@ -92,6 +92,7 @@
 'advproxy AUTH method' => 'Authentication method',
 'advproxy AUTH method ident' => 'identd',
 'advproxy AUTH method ldap' => 'LDAP',
+'advproxy squidclamav' => 'SquidClamav',
 'advproxy AUTH method ncsa' => 'Local',
 'advproxy AUTH method none' => 'None',
 'advproxy AUTH method ntlm' => 'Windows',