From d12aede7c0a7e935fd7418ffdc9e3d032a24f40e Mon Sep 17 00:00:00 2001
From: Maniacikarus <csm-mail@gmx.de>
Date: Sat, 5 Apr 2008 14:00:27 +0200
Subject: [PATCH] Fixed authentication not working when using proxy Changed
 redirector to be more dynamic and handle new redirectors Changed proxy cgi to
 support one new redirector and allways use the default Added recent changes
 to core 11 Changed clamd.conf file to handle streams up to 50M and not using
 the defaul Started building squidclamav redirector to scan for viruses when
 using the p

---
 config/clamav/clamd.conf              |  5 ++---
 config/rootfiles/core/11/files        |  3 +++
 config/rootfiles/core/11/update.sh    |  1 +
 config/rootfiles/packages/squidclamav |  3 +++
 config/squidclamav/squidclamav.conf   |  2 +-
 config/urlfilter/redirect_wrapper     | 19 +++++++++++++----
 html/cgi-bin/proxy.cgi                | 30 ++++++++++++++++++++-------
 langs/de/cgi-bin/de.pl                |  1 +
 langs/en/cgi-bin/en.pl                |  1 +
 9 files changed, 50 insertions(+), 15 deletions(-)

diff --git a/config/clamav/clamd.conf b/config/clamav/clamd.conf
index da7e3970d..900ace8b8 100644
--- a/config/clamav/clamd.conf
+++ b/config/clamav/clamd.conf
@@ -1,10 +1,9 @@
 ##
 ## ipfire config file for the Clam AV daemon
 ##
-
 LogSyslog yes
-
 PidFile /var/run/clamav/clamd.pid
 LocalSocket /var/run/clamav/clamd
-
 ArchiveMaxFileSize 15M
+StreamMaxLength 50M
+ScanPDF yes
diff --git a/config/rootfiles/core/11/files b/config/rootfiles/core/11/files
index 897e7ef8c..257db151b 100644
--- a/config/rootfiles/core/11/files
+++ b/config/rootfiles/core/11/files
@@ -19,3 +19,6 @@ usr/lib/php/.registry/pear.reg
 usr/lib/php/data/PEAR/package.dtd
 usr/lib/php/data/PEAR/template.spec
 usr/lib/php/pearcmd.php
+srv/web/ipfire/cgi-bin/proxy.cgi
+usr/sbin/redirect_wrapper
+var/ipfire/langs
diff --git a/config/rootfiles/core/11/update.sh b/config/rootfiles/core/11/update.sh
index c0d94617b..a93307557 100644
--- a/config/rootfiles/core/11/update.sh
+++ b/config/rootfiles/core/11/update.sh
@@ -3,6 +3,7 @@
 /usr/local/bin/backupctrl exclude >/dev/null 2>&1
 /etc/init.d/squid stop
 extract_files
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
 squidGuard -d -C all
 chmod 666 /var/ipfire/urlfilter/blacklist/*/*.db
 /etc/init.d/squid start
diff --git a/config/rootfiles/packages/squidclamav b/config/rootfiles/packages/squidclamav
index e69de29bb..daf5d836a 100644
--- a/config/rootfiles/packages/squidclamav
+++ b/config/rootfiles/packages/squidclamav
@@ -0,0 +1,3 @@
+usr/bin/squidclamav
+etc/squidclamav.conf
+srv/web/ipfire/html/clwarn.cgi
diff --git a/config/squidclamav/squidclamav.conf b/config/squidclamav/squidclamav.conf
index 3d36ea733..970d9e7a9 100644
--- a/config/squidclamav/squidclamav.conf
+++ b/config/squidclamav/squidclamav.conf
@@ -1,6 +1,6 @@
 proxy none
 logfile /var/log/squidclamav.log
-redirect http://192.168.255.1:81/clwarn.cgi
+redirect http://127.0.0.1:81/clwarn.cgi
 debug 0
 force 1
 stat 0
diff --git a/config/urlfilter/redirect_wrapper b/config/urlfilter/redirect_wrapper
index 076764188..a22a0e3f6 100644
--- a/config/urlfilter/redirect_wrapper
+++ b/config/urlfilter/redirect_wrapper
@@ -24,15 +24,25 @@
 use strict;
 use IPC::Open2;
 use IO::Handle;
+require '/var/ipfire/general-functions.pl';
+
+my %proxysettings=();
+&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
 
 # define here your redirectors (use a comma sperated list)
-my $redirectors = [ '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];
+my @redirectors = "";
+if ( $proxysettings{'ENABLE_FILTER'} eq 'on' && -e '/usr/bin/squidGuard' ){push(@redirectors,"/usr/bin/squidGuard"); }
+if ( $proxysettings{'ENABLE_CLAMAV'} eq 'on' && -e '/usr/bin/squidclamav' ){ push(@redirectors,"/usr/bin/squidclamav"); }
+if ( $proxysettings{'ENABLE_UPDXLRATOR'} eq 'on' && -e '/usr/sbin/updxlrator' ) { push(@redirectors,"/usr/sbin/updxlrator"); }
+
+#my $redirectors = [ '/usr/bin/squidclamav', '/usr/bin/squidGuard', '/usr/sbin/updxlrator' ];
 
 # Attention: keep in mind that the order of your redirectors is important.
 # It doesn't make sense to scan for viruses on pages you restrict access to...
 # So place first your tools which restrict access, then the tools which do the
 # content filtering!
 
+#print "Anzahl ".$#redirectors."\n";
 
 ##### no need to change anything below this line #####
 
@@ -47,13 +57,14 @@ my $i;
 my $pidlist = [];
 my $rlist = [];
 my $wlist = [];
-for($i = 0; $i < @$redirectors; $i++) {
-        $pidlist->[$i] = open2($rlist->[$i], $wlist->[$i], $redirectors->[$i]);
+for($i = 1; $i <= $#redirectors; $i++) {
+			  #print "i=".$i." redirector ".$redirectors[$i]."\n";
+        $pidlist->[$i] = open2($rlist->[$i], $wlist->[$i], $redirectors[$i] );
 }
 
 # wait for data...
 while($line = <>) {
-        for($i = 0; $i < @$redirectors; $i++) {
+        for($i = 1; $i <= $#redirectors; $i++) {
                 $wlist->[$i]->print($line);
                 $return = $rlist->[$i]->getline;
                 last if($return ne "\n" and $return ne $line);
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index fbf98d0b1..436261cc6 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -262,6 +262,7 @@ $proxysettings{'IDENT_ENABLE_ACL'} = 'off';
 $proxysettings{'IDENT_USER_ACL'} = 'positive';
 $proxysettings{'ENABLE_FILTER'} = 'off';
 $proxysettings{'ENABLE_UPDXLRATOR'} = 'off';
+$proxysettings{'ENABLE_CLAMAV'} = 'off';
 
 $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'};
 
@@ -593,6 +594,7 @@ ERROR:
 		$stdproxysettings{'PROXY_PORT'} = $proxysettings{'PROXY_PORT'};
 		$stdproxysettings{'ENABLE_FILTER'} = $proxysettings{'ENABLE_FILTER'};
 		$stdproxysettings{'ENABLE_UPDXLRATOR'} = $proxysettings{'ENABLE_UPDXLRATOR'};
+		$stdproxysettings{'ENABLE_CLAMAV'} = $proxysettings{'ENABLE_CLAMAV'};
 		&General::writehash("${General::swroot}/proxy/settings", \%stdproxysettings);
 
 		&writeconfig;
@@ -828,6 +830,10 @@ $checked{'ENABLE_UPDXLRATOR'}{'off'} = '';
 $checked{'ENABLE_UPDXLRATOR'}{'on'} = '';
 $checked{'ENABLE_UPDXLRATOR'}{$proxysettings{'ENABLE_UPDXLRATOR'}} = "checked='checked'";
 
+$checked{'ENABLE_CLAMAV'}{'off'} = '';
+$checked{'ENABLE_CLAMAV'}{'on'} = '';
+$checked{'ENABLE_CLAMAV'}{$proxysettings{'ENABLE_CLAMAV'}} = "checked='checked'";
+
 &Header::openpage($Lang::tr{'advproxy advanced web proxy configuration'}, 1, '');
 
 &Header::openbigbox('100%', 'left', '', $errormessage);
@@ -930,9 +936,19 @@ print <<END
 </table>
 <hr size='1'>
 <table width='100%'>
-<tr>
-	<td class='base' width='50%'><b>$Lang::tr{'advproxy url filter'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>
-	<td class='base' width='50%'><b>$Lang::tr{'advproxy update accelerator'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_UPDXLRATOR' $checked{'ENABLE_UPDXLRATOR'}{'on'} /></td>
+END
+;
+if ( -e "/usr/bin/squidclamav" ) {
+	 print "<td class='base' width='33%'><b>$Lang::tr{'advproxy url filter'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>";
+	 print "<td class='base' width='33%'><b>$Lang::tr{'advproxy update accelerator'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_UPDXLRATOR' $checked{'ENABLE_UPDXLRATOR'}{'on'} /></td>";
+	 print "<td class='base' width='33%'><b>$Lang::tr{'advproxy squidclamav'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_CLAMAV' $checked{'ENABLE_CLAMAV'}{'on'} /></td>";
+}
+else
+{
+ print "<td class='base' width='50%'><b>$Lang::tr{'advproxy url filter'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_FILTER' $checked{'ENABLE_FILTER'}{'on'} /></td>";
+ print "<td class='base' width='50%'><b>$Lang::tr{'advproxy update accelerator'}</b> $Lang::tr{'advproxy enabled'}<input type='checkbox' name='ENABLE_UPDXLRATOR' $checked{'ENABLE_UPDXLRATOR'}{'on'} /></td>";
+}
+print <<END
 </tr>
 </table>
 <hr size='1'>
@@ -2813,7 +2829,7 @@ sub writeconfig
 
 	if ($proxysettings{'AUTH_REALM'} eq '')
 	{
-		$authrealm = "IPCop Advanced Proxy Server";
+		$authrealm = "IPFire Advanced Proxy Server";
 	} else {
 		$authrealm = $proxysettings{'AUTH_REALM'};
 	}
@@ -3684,7 +3700,7 @@ END
 		if ($proxysettings{'ENABLE_FILTER'} eq 'on')
 		{
 			print FILE <<END
-url_rewrite_program /usr/bin/squidGuard
+url_rewrite_program /usr/sbin/redirect_wrapper
 url_rewrite_children $filtersettings{'CHILDREN'}
 
 END
@@ -3693,7 +3709,7 @@ END
 		if ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on')
 		{
 			print FILE <<END
-url_rewrite_program /usr/sbin/updxlrator
+url_rewrite_program /usr/sbin/redirect_wrapper
 url_rewrite_children $xlratorsettings{'CHILDREN'}
 
 END
@@ -3723,7 +3739,7 @@ sub adduser
 		close(FILE);
 	} else {
 		&deluser($str_user);
-		system("/usr/bin/htpasswd -b $userdb $str_user $str_pass");
+		system("/usr/sbin/htpasswd -b $userdb $str_user $str_pass");
 	}
 
 	if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 25d117b16..67a92356a 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -92,6 +92,7 @@
 'advproxy AUTH method' => 'Authentifizierungsmethode',
 'advproxy AUTH method ident' => 'identd',
 'advproxy AUTH method ldap' => 'LDAP',
+'advproxy squidclamav' => 'SquidClamav',
 'advproxy AUTH method ncsa' => 'Lokal',
 'advproxy AUTH method none' => 'Keine',
 'advproxy AUTH method ntlm' => 'Windows',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index aa0add61d..0ef071cc9 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -92,6 +92,7 @@
 'advproxy AUTH method' => 'Authentication method',
 'advproxy AUTH method ident' => 'identd',
 'advproxy AUTH method ldap' => 'LDAP',
+'advproxy squidclamav' => 'SquidClamav',
 'advproxy AUTH method ncsa' => 'Local',
 'advproxy AUTH method none' => 'None',
 'advproxy AUTH method ntlm' => 'Windows',