diff options
author | Olivier Blin <oblin@mandriva.com> | 2008-03-26 16:32:45 +0000 |
---|---|---|
committer | Olivier Blin <oblin@mandriva.com> | 2008-03-26 16:32:45 +0000 |
commit | 32c519911b943d8411de708dc42c46a3f66fce6f (patch) | |
tree | 69c493118b9b8cc40f4b1bc25fc52bd77a17b07a /bin | |
parent | f131f5cca3f5539b2febec0186f894483b80a7e9 (diff) | |
download | drakguard-32c519911b943d8411de708dc42c46a3f66fce6f.tar drakguard-32c519911b943d8411de708dc42c46a3f66fce6f.tar.gz drakguard-32c519911b943d8411de708dc42c46a3f66fce6f.tar.bz2 drakguard-32c519911b943d8411de708dc42c46a3f66fce6f.tar.xz drakguard-32c519911b943d8411de708dc42c46a3f66fce6f.zip |
write shorewall/squid/dansguardian configuration and enable/disable them when needed
Diffstat (limited to 'bin')
-rwxr-xr-x | bin/drakguard | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/bin/drakguard b/bin/drakguard index 524bde9..27ecb5b 100755 --- a/bin/drakguard +++ b/bin/drakguard @@ -11,6 +11,9 @@ use mygtk2; use ugtk2 qw(:create :helpers :wrappers); use Gtk2::SimpleList; use interactive; +use network::shorewall; +use network::squid; +use services; my $toolname = 'drakguard'; my $title = N("Parental Control"); @@ -22,6 +25,8 @@ my $w = ugtk2->new($title); $::main_window = $w->{real_window}; my $in = interactive->vnew('su'); +my $shorewall = network::shorewall::read(); + my $allusers_list = Gtk2::SimpleList->new(N("All users") => 'text'); $allusers_list->get_selection->set_mode('multiple'); @{$allusers_list->{data}} = sort(list_users()); @@ -161,5 +166,62 @@ sub unwhitelist { sub quit_gui() { Gtk2->main_quit } sub save { + my $proxy_port = 3128; + my $proxy_user = 'squid'; + my $guardian_port = 8080; + my $guardian_user = 'dansguardian'; + + $enable && + $in->do_pkgs->ensure_binary_is_installed('shorewall', 'shorewall') && + $in->do_pkgs->ensure_is_installed('squid', '/usr/sbin/squid') && + $in->do_pkgs->ensure_is_installed('dansguardian', '/usr/sbin/dansguardian') + or quit_gui(); + + apply_blacklist(); + apply_whitelist(); + enable_transparent_proxy($proxy_port); + services::set_status($_, $enable) foreach qw(squid dansguardian); + + $shorewall->{disabled} = 0 if $enable; + $shorewall->{accept_local_user}{http} = $enable && $proxy_user; + $shorewall->{accept_local_user}{$proxy_port} = $enable && $guardian_user; + network::shorewall::set_redirected_ports($shorewall, 'tcp', $guardian_port, if_($enable, 'http', $proxy_port)); + network::shorewall::write($shorewall, $in); + + quit_gui(); +} + +sub enable_transparent_proxy { + my ($port) = @_; + #- FIXME: use network::squid once it is rewritten to be more gentle with the config file + my $done; + my $to_add = "http_port $port transparent\n"; + substInFile { + $done = 1 if s|^\s*http_port.*\n|$to_add|; + $_ .= $to_add if eof && !$done; + } $network::squid::squid_conf_file; +} + +sub include_guardian_file { + my ($guardian_file, $external_file, $o_category) = @_; + my $to_add = ".Include<$external_file>\n"; + my @all = cat_($guardian_file); + if (!member($to_add, @all)) { + output_p($guardian_file, @all, $to_add); + } + output_p($external_file, if_($o_category, qq(#listcategory: "$o_category"\n))) + unless -f $external_file; +} + +sub apply_blacklist() { + my $blacklist_top = "/etc/dansguardian/lists/bannedsitelist"; + my $blacklist_url_file = "/etc/dansguardian/lists/blacklists/drakguard/urls"; + my $blacklist_category = "blocked by Mandriva parental control tool"; + include_guardian_file($blacklist_top, $blacklist_url_file, $blacklist_category); +} +sub apply_whitelist() { + my $whitelist_top = "/etc/dansguardian/lists/exceptionurllist"; + my $whitelist_url_file = "/etc/dansguardian/lists/whitelists/drakguard/urls"; + include_guardian_file($whitelist_top, $whitelist_url_file); } |