summaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
authorOlivier Blin <oblin@mandriva.com>2008-03-26 16:32:45 +0000
committerOlivier Blin <oblin@mandriva.com>2008-03-26 16:32:45 +0000
commit32c519911b943d8411de708dc42c46a3f66fce6f (patch)
tree69c493118b9b8cc40f4b1bc25fc52bd77a17b07a /bin
parentf131f5cca3f5539b2febec0186f894483b80a7e9 (diff)
downloaddrakguard-32c519911b943d8411de708dc42c46a3f66fce6f.tar
drakguard-32c519911b943d8411de708dc42c46a3f66fce6f.tar.gz
drakguard-32c519911b943d8411de708dc42c46a3f66fce6f.tar.bz2
drakguard-32c519911b943d8411de708dc42c46a3f66fce6f.tar.xz
drakguard-32c519911b943d8411de708dc42c46a3f66fce6f.zip
write shorewall/squid/dansguardian configuration and enable/disable them when needed
Diffstat (limited to 'bin')
-rwxr-xr-xbin/drakguard62
1 files changed, 62 insertions, 0 deletions
diff --git a/bin/drakguard b/bin/drakguard
index 524bde9..27ecb5b 100755
--- a/bin/drakguard
+++ b/bin/drakguard
@@ -11,6 +11,9 @@ use mygtk2;
use ugtk2 qw(:create :helpers :wrappers);
use Gtk2::SimpleList;
use interactive;
+use network::shorewall;
+use network::squid;
+use services;
my $toolname = 'drakguard';
my $title = N("Parental Control");
@@ -22,6 +25,8 @@ my $w = ugtk2->new($title);
$::main_window = $w->{real_window};
my $in = interactive->vnew('su');
+my $shorewall = network::shorewall::read();
+
my $allusers_list = Gtk2::SimpleList->new(N("All users") => 'text');
$allusers_list->get_selection->set_mode('multiple');
@{$allusers_list->{data}} = sort(list_users());
@@ -161,5 +166,62 @@ sub unwhitelist {
sub quit_gui() { Gtk2->main_quit }
sub save {
+ my $proxy_port = 3128;
+ my $proxy_user = 'squid';
+ my $guardian_port = 8080;
+ my $guardian_user = 'dansguardian';
+
+ $enable &&
+ $in->do_pkgs->ensure_binary_is_installed('shorewall', 'shorewall') &&
+ $in->do_pkgs->ensure_is_installed('squid', '/usr/sbin/squid') &&
+ $in->do_pkgs->ensure_is_installed('dansguardian', '/usr/sbin/dansguardian')
+ or quit_gui();
+
+ apply_blacklist();
+ apply_whitelist();
+ enable_transparent_proxy($proxy_port);
+ services::set_status($_, $enable) foreach qw(squid dansguardian);
+
+ $shorewall->{disabled} = 0 if $enable;
+ $shorewall->{accept_local_user}{http} = $enable && $proxy_user;
+ $shorewall->{accept_local_user}{$proxy_port} = $enable && $guardian_user;
+ network::shorewall::set_redirected_ports($shorewall, 'tcp', $guardian_port, if_($enable, 'http', $proxy_port));
+ network::shorewall::write($shorewall, $in);
+
+ quit_gui();
+}
+
+sub enable_transparent_proxy {
+ my ($port) = @_;
+ #- FIXME: use network::squid once it is rewritten to be more gentle with the config file
+ my $done;
+ my $to_add = "http_port $port transparent\n";
+ substInFile {
+ $done = 1 if s|^\s*http_port.*\n|$to_add|;
+ $_ .= $to_add if eof && !$done;
+ } $network::squid::squid_conf_file;
+}
+
+sub include_guardian_file {
+ my ($guardian_file, $external_file, $o_category) = @_;
+ my $to_add = ".Include<$external_file>\n";
+ my @all = cat_($guardian_file);
+ if (!member($to_add, @all)) {
+ output_p($guardian_file, @all, $to_add);
+ }
+ output_p($external_file, if_($o_category, qq(#listcategory: "$o_category"\n)))
+ unless -f $external_file;
+}
+
+sub apply_blacklist() {
+ my $blacklist_top = "/etc/dansguardian/lists/bannedsitelist";
+ my $blacklist_url_file = "/etc/dansguardian/lists/blacklists/drakguard/urls";
+ my $blacklist_category = "blocked by Mandriva parental control tool";
+ include_guardian_file($blacklist_top, $blacklist_url_file, $blacklist_category);
+}
+sub apply_whitelist() {
+ my $whitelist_top = "/etc/dansguardian/lists/exceptionurllist";
+ my $whitelist_url_file = "/etc/dansguardian/lists/whitelists/drakguard/urls";
+ include_guardian_file($whitelist_top, $whitelist_url_file);
}