Browse files

Import upstream release

  • Loading branch information...
0 parents commit 58a7eec5c1fce6e6b9f11b31aa8d1be5054dbebf @andihofmeister committed May 1, 2012
Showing with 34,194 additions and 0 deletions.
  1. +213 −0 ANNOUNCE
  2. +670 −0 CHANGELOG
  3. +143 −0 CONFIGURATION
  4. +15 −0 COPYING
  5. +242 −0 FAQ
  6. +340 −0 GPL
  7. +81 −0 INSTALL
  8. +46 −0 ISSUES.txt
  9. +133 −0 Makefile.in
  10. +29 −0 README
  11. +159 −0 README.LDAP
  12. +34 −0 README.QuotedStrings
  13. +7,649 −0 configure
  14. +6,751 −0 configure-old
  15. +504 −0 configure.in
  16. +60 −0 contrib/Makefile.in
  17. +47 −0 contrib/hostbyname/hostbyname.in
  18. +203 −0 contrib/sgclean/sgclean
  19. +203 −0 contrib/sgclean/sgclean.in
  20. +15 −0 contrib/squidGuardRobot/RobotUserAgent.pm
  21. +2,055 −0 contrib/squidGuardRobot/squidGuardRobot.in
  22. +38 −0 doc/LDAPFlow.txt
  23. +5 −0 doc/README
  24. +448 −0 doc/authentication.html
  25. +244 −0 doc/authentication.txt
  26. +2,602 −0 doc/configuration.html
  27. +1,270 −0 doc/configuration.txt
  28. +199 −0 doc/configure.html
  29. +143 −0 doc/configure.txt
  30. +398 −0 doc/expressionlist.html
  31. +162 −0 doc/expressionlist.txt
  32. +200 −0 doc/extended.html
  33. +135 −0 doc/extended.txt
  34. +621 −0 doc/faq.html
  35. +316 −0 doc/faq.txt
  36. +215 −0 doc/features.html
  37. +107 −0 doc/features.txt
  38. +44 −0 doc/index.html
  39. +282 −0 doc/install.html
  40. +124 −0 doc/install.txt
  41. +598 −0 doc/installation.html
  42. +334 −0 doc/installation.txt
  43. +260 −0 doc/ldap-ad-tips.html
  44. +120 −0 doc/ldap-ad-tips.txt
  45. +254 −0 doc/ldap.html
  46. +115 −0 doc/ldap.txt
  47. +238 −0 doc/runtimeops.html
  48. +90 −0 doc/runtimeops.txt
  49. BIN doc/squidGuard.gif
  50. +233 −0 doc/troubleshoot.html
  51. +101 −0 doc/troubleshoot.txt
  52. +251 −0 install-sh
  53. +40 −0 mkinstalldirs
  54. +52 −0 samples/Makefile.in
  55. +20 −0 samples/babel.de
  56. +20 −0 samples/babel.en
  57. +20 −0 samples/babel.es
  58. +20 −0 samples/babel.fr
  59. +20 −0 samples/babel.nl
  60. +20 −0 samples/babel.no
  61. +20 −0 samples/babel.ru
  62. +13 −0 samples/dest/README
  63. +16 −0 samples/dest/README,D
  64. BIN samples/dest/blacklists.tar.gz
  65. +1 −0 samples/dest/financial/domainlist
  66. +83 −0 samples/sample.conf.in
  67. +109 −0 samples/squidGuard-simple-de.cgi.in
  68. +109 −0 samples/squidGuard-simple.cgi.in
  69. +396 −0 samples/squidGuard.cgi.in
  70. +37 −0 src/HTEscape.h
  71. +117 −0 src/HTParse.c
  72. +162 −0 src/Makefile.in
  73. +32 −0 src/config.h.in
  74. +2,084 −0 src/lex.yy.c.flex
  75. +289 −0 src/main.c
  76. +289 −0 src/main.c.in
  77. +486 −0 src/sg.h.in
Sorry, we could not display the entire diff because it was too big.
213 ANNOUNCE
@@ -0,0 +1,213 @@
+
+
+ squidGuard 1.3 has been released
+ =======================================
+
+Shalla Secure Services is proud to announce the release of squidGuard
+version 1.3. The new version contains bugfixes and some new features.
+See CHANGELOG for details. Please report problems and bugs to
+ sq-bugs@squidguard.org.
+
+
+
+ squidGuard 1.2.1 has been released
+ =======================================
+
+Shalla Secure Services is proud to announce the release of squidGuard
+version 1.2.1. See CHANGELOG for details. Please report problems and
+bugs to sq-bugs@squidguard.org.
+
+
+
+
+ squidGuard 1.2.0 has been released
+ ==================================
+
+Tele Danmark Internordia is proud to announce the release of
+squidGuard vesion 1.2.0
+
+ Introduction
+ ============
+
+squidGuard is a combined filter, redirector and
+ access controller plugin for Squid. It is
+ * free
+ * very flexible
+ * extremely fast *)
+ * easily installed
+ * portable
+
+ squidGuard can be used to
+ * limit the web access for some users to a list of accepted/well
+ known web servers and/or URLs only.
+ * block access to some listed or blacklisted web servers and/or URLs
+ for some users. **)
+ * block access to URLs matching a list of regular expressions or
+ words for some users. **)
+ * enforce the use of domainnames/prohibit the use of IP address in
+ URLs. **)
+ * redirect blocked URLs to an "intelligent" CGI based info page. **)
+ * redirect unregistered user to a registration form.
+ * redirect popular downloads like Netscape, MSIE etc. to local
+ copies.
+ * redirect banners to an empty GIF. **)
+ * have different access rules based on time of day, day of the week,
+ date etc.
+ * have different rules for different user groups.
+ * and much more..
+
+ Neither squidGuard nor Squid can be used to
+ * filter/censor/edit text inside documents
+ * filter/censor/edit embeded scripting languages like JavaScript or
+ VBscript inside HTML
+
+ *) 100,000 requests in 10seconds on a 500MHz Pentium with lists of
+ 5900 domains
+ 7880 urls
+ 13780 total
+
+ 100,000 requests in 12seconds on a 500MHz Pentium with lists of
+ 5900 domains
+ 200000 urls
+ 205900 total
+
+ I.e. domain and URL listsizes have neglectable performance effect
+
+
+ **) squidGuard is not a porn or banner filter/blocker, but it is very
+ well suited for these purposes too.
+
+ Capabilities
+ ============
+
+ squidGuard has many powerful configuration options that lets you:
+ 1. define different time spaces based on any reasonable
+ combination of
+ + time of day (00:00-08:00 17:00-24:00)
+ + day of the week (sa)
+ + date (1999-05-13)
+ + date range (1999-04-01-1999-04-05)
+ + date wildcards (*-01-01 *-05-17 *-12-25)
+ 2. group sources (users/clients) into distinct categories like
+ "managers", "employees", "teachers", "students", "customers",
+ "guests" etc. based on any reasonable combination of
+ + IP address ranges with
+ + prefix notation (172.16.0.0/12)
+ + netmask notation (172.16.0.0/255.240.0.0)
+ + first-last notation (172.16.0.11-172.16.0.35)
+ 3. address lists (172.16.134.54 172.16.156.23 ...)
+ 4. domain lists (foo.bar.com ...) *)
+ 5. user id lists (weho sdgh dfhj asef ...) **) and optionally
+ link the group to a given time space
+ + positively (within business-hours)
+ + negatively (outside leisure-time)
+ 6. group destinations (URLs/servers) into distinct categories
+ like "local", "customers", "vendors", "banners", "banned" etc.
+ based on an unlimited number of unlimited lists of
+ + domains, including subdomains (foo.bar.com)
+ + hosts (host.foo.bar.com)
+ + directory URLs, including subdirectories
+ (foo.bar.com/some/dir)
+ + file URLs (foo.bar.com/somewhere/file.html)
+ + regular expressions ((expr1|expr2|...))
+ and optionally link the group to a given time space:
+ + positively (within business-hours)
+ + negatively (outside leisure-time)
+ 7. rewrite/redirect URLs based on any reasonable combination of
+ + string/regular expression editing � la sed with
+ + silent squid redirecting rewrite (s@from@to@)
+ + visible client redirecting rewrite (s@from@to@r) ***)
+ + URL replacement with
+ + silent squid redirect to a common URL (redirect "new_url")
+ + visible client redirect to a common URL
+ (redirect "302:new_url") ***)
+ activated by
+ + 1-1 URL redirection
+ + destination group match
+ + a fallback/default for blocked URLs
+ + a fallback/default for blocked/unknown clients
+ and optionally with
+ + runtime string substitution � la strftime or printf
+ 8. define access control lists (acl) based on any reasonable
+ combination of the definitions above by
+ + giving each source (user/client) group
+ + a pass list with any reasonable combination of
+ + acceptable destination groups (good-dests ...)
+ + unacceptable destination groups (!bad-dests ...)
+ + block IP address URLs (enforce the use of domain names)
+ (!in-addr)
+ + wildcards/nothing (any|all|none)
+ 9. optionally a common rewrite rule set for the source group
+ 10. optionally a default replacement URL for blocked destinations
+ for the source group
+
+ and optionally:
+
+ 11. link the acl to a given time space
+ + positively (within business-hours)
+ + negatively (outside leisure-time)
+ 12. defining a fallback/default ruleset
+ 13. have selective logging by optional log statements in the: ****)
+ + source/client group declarations to log all translations
+ for the group (log "file")
+ + destination group declarations. Typically used to log
+ blacklist matches. (log "file")
+ + rewrite rule group declarations to log all translations
+ for the rule set (log "file")
+ and optionally anonymized to protect the individuals
+ (log anonymous "file")
+
+ *) Client access control based on domain name requires enabling
+ reverse lookups (log_fqdn on) in squid.conf.
+ **) Client access control based on user id requires enabling
+ RFC931/ident in squid.conf. Note: The RFC931/ident configuration is
+ changed in squid-2.2 and the RFC931/ident support is broken in
+ squid-2.2 at least up to STABLE2. We currently recommend using
+ squid-2.1.PATCH2 in production if RFC931 is used.
+ ***) Note: Visible redirects (302:new-url) are not supported by some
+ interim versions of Squid (presumably 1.2-2.0).
+ ****) Note: squidGuard is smart enough to open only one filedescriptor
+ per logfile (i.e. not necessarily one per log statement); per spawned
+ process of course. Though logging to too many different files may
+ exeed your system's concurrent filedescriptor limit.
+
+ Portability
+ ===========
+
+ squidGuard should compile right out of the box on any modern brand of
+ UNIX with a development environment and a recent version (2.7.X or
+ 3.2.X) of the Berkeley DB library. squidGuard is developed on Sun
+ Solaris-2.8 with gcc-2.95.3, bison-1.28, flex-2.5.4.
+ We also test regularly on Linux/RedHat with gcc and
+ our most recent copy of the Berkeley DB.
+
+ Users have reported success on at least, but not limited to:
+ * AIX: 4.1.3, 4.3.2.0/egcs-2.91.66
+ * Dec-Unix: OSF1-4.0/gcc-2.7.2.3, 3.2C/gcc-2.7.2.3
+ * Linux: RedHat-5.2/gcc-2.8.1 and later
+ * Solaris: 2.6/gcc-2.7.2.3
+ * Solaris: 2.8/gcc-2.95.3
+
+
+ Nota Bene!
+ ==========
+ .db files created with Berkeley DB version 2.7.X are NOT
+ compatible with Berkeley DB version 3.2.X! If you created files
+ with "squidGuard-1.1.X -C" you must export them to a plain text
+ file and remove all .db files and run "squidGuard-1.2.0 -C"
+
+ News in squidGuard-1.2.0
+ ========================
+ o Support for Berkeley DB version 3.2.X.
+ o Support for userquotas.
+ o All known bugs are fixed.
+ See the CHANGELOG for details.
+
+ You can download squidGuard from its homepage:
+
+ http://www.squidguard.org/
+
+
+ Kind regards
+
+ P�l Baltzersen Lars Erik H�land
670 CHANGELOG
@@ -0,0 +1,670 @@
+Release 1.5
+2010-09-09 Fixed inconsistent blocking (bug 59). Replaced defined routine
+ in sgDB.c
+2010-09-08 Added Russian translation from Vladimir Ipatov to squidGuard.cgi.in.
+2009-10-19 Fixed two bypass problems with URLs which length is close to
+ the limit defined by MAX_BUF. The resulting proxy line exceeds
+ this limit and causes either squid or squidGuard to properly
+ block a site.
+2009-10-15 Fixed a problem with very long URLs. SquidGuard will go into
+ emergency mode when a overlong URLs are encountered. The
+ emergency mode causes an entire stop of blocking. This is not
+ appropriate in this situation.
+2009-09-30 Added patch by beber and gentoo (thank you!) to fix a
+ problem when cross compiling (bug 56).
+2009-09-27 Added patch by gentoo to fix alocal warnings (bug 57).
+2009-09-15 Added a feature to send log messages to syslog based on the
+ patch from Jun Jiang (thank you). (bug 42) In order to use
+ syslog you have to run configure with the new option
+ "--with-syslog". In the configuration file you need to add
+ a line "syslog enable". If any other value but "enable" is
+ used syslog is disabled and logging to squidGuard.log takes
+ place as usual.
+ The following log level are used: DEBUG, NOTICE, WARN, ERROR
+ and EMERG. The local4 syslog facility is used by default.
+ If you want to change this, use the configure option
+ "--with-syslog-facility=<facility>".
+2009-09-12 Anonymized passwords (for connecting to the ldap or mysql
+ server) written to logfiles when squidGuard is starting.
+ Added two configure options for choosing different location
+ for the LDAP include and library files.
+2009-08-25 Added patch to check IP addresses against LDAP. Patch by
+ Denis Bonnenfant (bug 41) - thank you.
+2009-08-23 Added patch to allow quoted strings in the configuration
+ file (bug 53). For more information see README.QuotedStrings.
+ Thanks to Iain Fothergill for providing the patch.
+ Removed the fix for usernames starting with a number because
+ it breaks the time declarations.
+2009-05-08 Added patch by INL to enable blocking against DNS based
+ blacklists (bug 55).
+ Fixed re-opened bug 12: a problem with regular expressions.
+ An entry like "www\.google\.de" did not block www.google.de
+ which it was supposed to do. Solving this issue solved
+ bug 46 as well.
+2009-03-08 Fixed bug 52: Sometimes squidGuard crashes with an overflow
+ error message for vsprintf. Thanks to Dirk Schoebel for
+ suggesting the proper fix.
+ Fixed bug 49: Using numeric username made squidGuard goes
+ into emergency mode. This has been fixed. Usernames can
+ now start with a number, be numeric and can additionally
+ contain the following characters: @,à,é,è,ñ,á,ì,í,ò,ó,ù,ú.
+
+
+Release 1.4
+2008-12-23 Included last fixes for 1.4 final.
+2008-07-23 Some cleanup and fine work: added information about "-b"
+ parameter to the help output. Added "!" to the list of
+ allowed characters in urls.
+2008-07-14 Fixed bug40: When an url ended in "://" squidGuard crashed.
+ This has been fixed (the end of the url is now tested).
+ Fixed bug39: squid was complaining about stdout messages from
+ squidGuard during the db update as a result of the progress
+ bar output. The output has been moved to stderr.
+2008-07-11 Added a switch to turn on the progress bar. The old default
+ behaviour has been restored to not show anything. To see the
+ progress of the compilation of the db files, use the command
+ squidGuard -b
+ (-b for "bar" - the progressbar).
+2008-07-05 Fixed bug 37: The sample block script squidGuard.cgi has been
+ rewritten to fix some bugs (basically warnings due to old perl
+ syntax but problem with the language selection as well) and to
+ enable an easier integration of additional languages. If a new
+ language shall be supported create a babel file the same way
+ the others are build and add the language to the supported hash
+ in squidGuard.cgi. The location of the babel files is the same
+ as for squidGuard.cgi. If you want to change the location change
+ the path in squidGuard.cgi (line 298).
+ The layout of the block page has been improved a bit as well.
+ Fixed bug 23: Syntax error when using "~" in redirect statement.
+ The "~" was not in the list of allowed characters for the
+ redirect url.
+ Fixed bug 34: On some system y.tab.c and y.tab.h were not properly
+ created although bison was installed. This led to errors during
+ compilation. If now no _executable_ bison is found, make copies
+ the files over. The prepared files have been updated, too.
+2008-06-13 Fixed bug 38: Bypass vulnerability using trailing dots. This
+ problem only occurs when squid 3.0 is used. Squid 2.6 removes
+ trailing dots from domains before passing them to squidGuard.
+2008-05-17 Removed the automatic download of the documentation when running
+ "make install". From now on the documentation will be updated as
+ part of the release.
+2008-05-15 Corrected bugs 31 and 35: The "make install" command now tests
+ if the directory of the configuration file exists. If it is not
+ existing, the directory is created.
+ If flex/lex is not installed "make" gave errors instead of just
+ copying the prepared flex file. If no flex/lex is found during
+ the configure run, "make" checks again and copies the prepared
+ file now fine.
+2008-04-18 Added MySQL support for authentication based on a patch from
+ Chris Fletcher (thank you). (bug 19.) Tested with MySQL 5.0.
+ To use MySQL configure must be started with the new option
+ "--with-mysql". If MySQL is not installed under /usr or
+ /usr/local you can specify a directory with this option. The
+ database is assumed to be configured on localhost.
+ Four new statements are required for MySQL support in the
+ configuration file:
+ mysqlusername (user to connect to the database)
+ mysqlpassword (password to authenticate 'mysqlusername')
+ mysqldb (database to use within mysql)
+ userquery (the sql query WITHOUT the trailing ';')
+2008-04-16 Fixed configure.in to comply with the autoconf standard and
+ produced an updated version of configure. As a result a couple
+ of configure options changed their syntax:
+ . to set the squid runtime user use --with-squiduser=<username>
+ (default is "squid")
+ . to suppress log messages except for start and stop messages
+ use: --with-nolog=yes (default is "no").
+2008-03-12 Fixed broken "make test" (bug 17).
+ Adjusted version.h.
+2008-03-12 Added new runtime parameter "-P". This parameter changes
+ the default behaviour from stop (emergency mode) to pass
+ when an error in building the database files occurs. So
+ this parameter only works in connection with the runtime
+ paramter "-C". Before using "-P" in your environment
+ make sure that nothing breakes when the building of the
+ db files fail.
+2008-01-19 Included some changes of a set of patches collated or
+ developed by Chris Pates and Iain Fothegill of the CLEO
+ Systems at Lancaster University
+2007-12-31 Added Spanish translation to squidGuard.cgi (thank you, Samuel
+ García for the translation) (bug 26).
+
+
+Release 1.3
+2007-09-19 Included configurable logging. New configure option --nolog
+ suppress all runtime logmessages. Start and stop is still logged.
+ Default behaviour is now to log the non debug messages except
+ when the runtime option -d is supplied to squidGuard. May need
+ some more finetuning in later versions. (bug 11)
+ Made some slight changes to the outdated FAQ file.
+2007-09-13 Modified auth code to work with and without ldap (choosing
+ subroutine rfc1738_unescape or sgFindUser in sg.y.in)
+2007-08-20 Corrected include statement in sg.h.in.
+2007-07-16 Added patch by Marc Clayton to include a progressbar to the
+ build of the database files (bug 6).
+2007-07-01 Added patch by Eric Harrison to enable full sed compliance
+ to rewrite statements (bug 7).
+2007-06-02 Corrected missing evaluation of configure parameters for
+ logdir, dbhome and config file (bug 11).
+2007-05-25 Added patch from satish to block urls entries that include
+ hostnames (bug 4).
+2007-05-20 Fixed broken regex evaluation (bug 12)
+ Fixed a compile problem on some systems (bug 10).
+2007-05-10 Corrected an issue with the fix for the double
+ slash vulnerability (incorrectly found double
+ slashes) (bug 1).
+
+
+Release 1.2.1
+2007-04-10 Fixed multiple slash bypass vulnerabilty.
+2007-03-17 Fixed some bugs in squidGuard-simple.cgi and added a
+ German version of it.
+2007-03-16 Fixed encoding bypass vulnerabilty.
+2007-03-16 Updated y.tab.c.bison and y.tab.h.bison to the recent
+ version.
+2007-02-02 Fixed bug in user authentication.
+2007-01-20 Fixed some typos which broke compilation on Sun Solaris
+ when using the Sun CC compiler.
+2007-01-12 Corrected unproper evaluated if-clause, which broke the
+ BerkeleyDB 2 compatibility.
+ Fixed minor typo in samples/Makefile.in.
+2006-12-29 Replaced the sleepycat links from the configure program with
+ the oracle links.
+ Corrected typo in Makefile.in.
+2006-12-16 Removed a stupid bug from the Makefile in the docs directory.
+2006-12-10 Removed references to squidguard.org in Makefile.in in the
+ Doc directory (squidguard.org is down).
+ Added ISSUES.txt file about known problem with the current
+ code (any information that is missing and should go in there
+ is gladly welcomed).
+2006-06-17 Release now supports LDAP queries for authentication:
+ Added Chris Frey's ldap patches and fixes (03, 05, 06,
+ 07 and 10; Patches from:
+ http://www.netdirect.ca/software/category.php?cat=SquidGuard).
+ The LDAP feature can be included during the configure run
+ by setting --with-ldap. Per default ldap support will not
+ be compiled in.
+ Added a fix provided by Francesco Ranieri to solve an issue
+ with the (un)escaping of the authentication "domain%5cusername".
+
+Patch Release 1.2.0p3
+
+2005-12-09 Modfied configure Skript to allow to specify the name of
+ the useraccount the squid cache is using.
+ Modified Makefile.in that during the installation the
+ necessary squidGuard directories are created if they are
+ not existing. Additionally a default configuration file
+ will be copied to the default location for squidGuard unless
+ an old one is found there.
+
+Patch Release 1.2.0p2
+
+2005-10-13 Added Adam Gorski's bugfix to correct a a null pointer access
+ bug in logging.
+ Added Chris Freys bugfix a bug where it won't search the url
+ db if the domain db is empty.
+ Added Chris Frey's buffer overflow checks (except for commenting
+ out the part from line 446 to 470 in sgDb.c).
+ (Patches from:
+ http://www.netdirect.ca/software/category.php?cat=SquidGuard)
+
+Patch Release 1.2.0p1
+
+2005-10-11 Added support for Berkeley DB 4.x
+
+Changes in release 1.2.0:
+
+2001-06-01 The source block takes a new argument: continue. With this
+ command an ipaddress or user can be configured in serval
+ sourceblocks. If a client is found but not blocked, squidGuard
+ will continue to search in the next source block, if the
+ continue command is defined. Thanks to Valentin Chopov
+ <valentin@valcho.net> for the patch
+2001-06-01 Fixed configure.in so that it detects the supported
+ db lib.
+2001-05-15 Userquota: userqouta <seconds> <sporadic> <renew>
+ <renew> can be hourly|dayly|weekly|seconds. <sporadic>
+ if a request comes within the number of seconds given
+ in the sporadic field the remaining time of the user will
+ decrease. userquota 3600 60 14400, gives the user one hour
+ surfing every 4th hour. If a user have a pause for more
+ than a minute, the used timed does not increase.
+
+ userquota 3600 0 14400, gives the user one hour surfing
+ every 4th hour. userquota 3600 0 daily gies the user
+ one hour surfing a day.
+2001-05-11 Userquota. In an source block you can now write
+ "userquota seconds hourly|daily|weekly". This meens that
+ a timer starts ticking when a user access an url. The user
+ is blocked when the time is used up. The user does not get
+ access until the next hour,day or week. userquota 3600 daily,
+ gives the user one hour surfing a day.
+2001-03-02 Support for 3.2.* version of BerkleyDB. Previous version of
+ bdb 3.* is not suported. SquidGuard is still 2.7.7 compatible.
+ configure will check for vallid versions of bdb. (leh)
+
+Changes in release 1.1.5:
+
+2000-04-25 Removed dependency on LYNX in doc/Makefile.in. This should
+ make reported /bin/false dependency problems on some
+ platforms go away. (pb)
+
+Changes in release 1.1.4:
+
+2000-03-29 the %xx codes for whitespaces and newlines in the url, is not
+ decoded (0x20, 0x09, 0x0a and 0x0d) (leh)
+2000-03-27 old .db files is now truncated (with the DB_TRUNCATE flagg)
+ instead of removed (with unlink syscall) when running with the
+ -C option. defined() can now return DB_NOTFOUND. DB_NOTFOUND
+ from defined() indicates an empty database (leh)
+2000-03-27 %f in redirects will expand to file part of the url (leh)
+2000-03-27 the sgReloadConfig moved to the end of the while loop (leh)
+2000-03-21 sgReloadConfig uses execve instead of execvp, hopefully
+ solving exec problems with FreeBSD systems (leh)
+2000-03-21 squidGuard logs the version number when starting (leh)
+2000-03-21 squidGuard -C will not make .db files with no content (leh)
+2000-03-21 sgSourceIpList, sgSourceUserList and sgReadConfig now closes
+ open filehandle (leh)
+2000-03-21 sgReloadConfig closes the logfile and all DBs before exec(leh)
+2000-03-21 a sigHUP only sets a flag, sgReloadConfig is then called in the
+ main loop (leh)
+2000-03-21 the %u macro is not affected by the %xx decoding (leh)
+2000-03-09 uses sigaction() instead of signal() for masking the HUP
+ signal, With signal() the HUP signal would only work once
+ (on FreeBSD and Linux systems) (leh)
+2000-03-09 squidGuard would core when no pass statement was defined
+ in an acl block (specially when expanding the %t macro in the
+ redirect statement) (leh)
+2000-03-07 leading spaces in the redirect field in destination files
+ are removed. Defined RM = rm -f in Makefiles.in (Not defined
+ on FreeBSD 3.4) Thanks to Michail Vidiassov
+ <master@iaas.msu.ru> for patch (leh)
+
+Changes in release 1.1.3:
+
+2000-03-06 ident information is processed in lowercase (leh)
+2000-02-25 On the fly update should work, and small a change to usage(leh)
+2000-02-24 Contributed contrib/hostbyname (pb)
+2000-02-07 Fixed fopen mode when opening logfiles from "at" ??? to
+ "a"ppend. (leh)
+2000-02-07 Fixed db_open to use DB_RDONLY when DB_CREATE
+ isn't necessary. (pb)
+2000-02-01 speeding up the code of 2000-01-27 (and removed a small
+ case bug) (leh)
+2000-01-27 the url is %xx decoded, test data is updated (leh)
+
+Changes in release 1.1.2:
+
+1999-12-27 now ip 0.0.0.0/0, 0.0.0.0/0.0.0.0 and 0.0.0.0-255.255.255.255
+ works as expected. Thanks to bert_driehuis@nl.compuware.com
+ and driehuis@playbeing.org for fix (leh)
+1999-12-20 A crash caused by operating *p++ on a static string (leh)
+1999-12-20 BSD/OS doesn't have SA_NODEFER (leh)
+1999-12-07 two redirect bugs in sgDb.c defined() function fixed (leh)
+
+Changes in release 1.1.1:
+
+1999-11-02 fixed possible problem in the time scheduler when internal
+ clock has been changed by some external source like ntp (leh)
+1999-10-29 You can now define more than one timerange on a line in
+ the configfile: date 1999-*-* 08:00-09:00 16:00-18:00. So
+ now, at last is the doc right. Thanks to Andrew (red@skazna.ru)
+ for patch (leh)
+1999-10-25 fixed small bug with url lists. If an url was not found in db
+ sg would find the first entry in the db insted of the last(leh)
+1999-10-25 fixed problems with tabs in acl block (leh)
+1999-10-01 removed the restriction on redefinition of acl in the acl block
+ so you can write something like
+
+ acl {
+ clients within weekend { pass any }
+ clients within holidays { pass none }
+ } (leh)
+1999-09-30 All rewrites now works on the original url not the
+ stripped version. (leh)
+1999-09-24 SquidGuard now goes into emergency mode if default acl is
+ missing in the configfile (leh)
+1999-09-24 logfile will be placed relative to logdir (leh)
+1999-09-23 cleanup in the regexp functions. You can now use the @g switch
+ to substitute all occurences of a string. Uptil now only the
+ first one would be substituted (leh)
+1999-09-21 fixed a bug with cidr/mask notation in iplist and a bug
+ where /32 notation where not recognized in both ip and
+ iplist. (leh)
+1999-09-17 .db files will be opened with 644 mode (664 mode prev) (leh)
+1999-09-17 fixed rewrite logging, the request log is now on the
+ format: Request(src/dest/rew) url src/domain ident method (leh)
+1999-09-13 fixed bug in the domainCompare function. Thanks again
+ to Fabrice Prigent's contribution (leh)
+1999-09-13 added sgclean perl script. Use it to remove redudant entries
+ in domain and url files. Look in the contrib dir (leh)
+1999-09-10 fixed bug in string returned to squid during rewrite (leh)
+
+Changes in release 1.1.0:
+
+1999-08-24 Brought the doc up to date. (pb)
+
+Changes in release 1.1.0.beta1:
+
+1999-08-23 fixed bug with userlists. squidGuard used wrongly DB_SET_RANGE
+ flag when searching for users. Thanks to Joseph Lesko
+ <joe@nationnet.com> for patch. (leh)
+1999-08-06 A redirect string now expands %p to the path part of an url.
+ So you could do something like this in a url file:
+ ftp.linux.org/kernel/v2 ftp.yournet.com/%p (Thanks again to
+ Jiri A. Randus pointing out the need of %p) (leh)
+1999-08-05 squidGuard will now save case in the url when doing rewrite,
+ and the %u macro will now expand to the original url instead
+ of the lowercase version (Thanks to Jiri A. Randus
+ (Jiri.Randus@inway.cz) for finding this bug) (leh)
+1999-08-05 fixed seg fault bug in the rewrite function (Thanks to
+ Jiri A. Randus (Jiri.Randus@inway.cz) for patch) (leh)
+1999-08-02 autoconf now uses /usr/local/BerkleyDB instead of
+ $prefix/BerkleyDB. use --with-db=DIR to change location.(leh)
+1999-07-30 seg fault bug fixed, seg faulted if lines in expressionlists
+ didn't have newline (!) (leh)
+1999-07-26 updated usage function (leh)
+1999-07-26 Two new switches to squidGuard -u and -C. If squidGuard is
+ started with the "-C block" argument. squidGuard will make
+ a .db files out of the domain/url files belonging to that
+ destination block. An existsing .db file will be removed before
+ a new file is created. The argument "-C all" will create .db
+ files for all domain/url files found (look at the fix of
+ 1999-06-15).
+ If squidGuard is started with -u. SquidGuard will look for
+ .diff files in the directory where the domain/urls files
+ lies. squidGuard will add lines to the .db file if a line in
+ the .diff begins with a '+', and remove it, if the line begins
+ with a '-'. (leh)
+1999-07-26 fix of 1999-06-21 broke the lexer so that an ip adresses
+ begining with the number 3 would be parsed as a word not
+ as an ipaddress. The lexer now uses states to fix this (leh)
+1999-07-26 squidGuard logs a error if a logfile command is inserted into
+ an acl other than "default". The logfile command should be
+ used in the source block instead.(leh)
+1999-07-14 changed the parseLine function so it doesn't strip www|ftp
+ when searching in the domain base. urls searches will be
+ done with stripped url. (leh)
+1999-07-14 fixed small bug in parsing of date wildcard format, ignored
+ dot as separator. Now dot and dash can be used (leh)
+1999-07-09 Removed trailing slashes for DEFAULT_LOGDIR and DEFAULT_DBHOME
+ in src/sg.h.in (pb)
+1999-06-28 Renamed the blacklists "blacklist" so people don't jump
+ too easy into wrong conclusions in case they get a glimpse
+ of your screen.. (pb)
+1999-06-21 Problems with redirects commands begining with 301|302:http...,
+ fixed regexp in sg.l to cope with this (leh)
+1999-06-16 Added automatic fallback to prebuilt versions of y.tab.c,
+ y.tab.h and lex.yy.c to make it easier for those who have
+ problems with their yacc or lex (pb)
+1999-06-16 Added a prerelease of the squidGuardRobot in contrib (pb)
+1999-06-15 When loading urllist and domainlist squidGuard checks if a
+ .db file exists. If it does it will use the db
+ file instead of loading the textfile into memory. This will
+ speed up the initialization of squidGuard, and limit the
+ memory usage. (leh)
+1999-06-15 Fixed a bug with empty dest blocks, and dest blocks under time
+ control. Pre 1.1 an empty destblock would stop further
+ checks of the pass statment. Now an empty destblock will be
+ ignored (leh)
+1999-06-10 Added French texts to samples/squidGuard.cgi thanks to
+ Fabrice Prigent (pb)
+1999-06-09 Changed all functions and prototypes to start support for
+ both ANSI and old K&R C (pb)
+1999-06-09 Added own yywrap() (pb)
+
+Changes in release 1.0.0:
+
+1999-06-07 squidGuard skips chars after the first ':' in an userlist.
+ You can use this for something like: userlist /etc/passwd (leh)
+
+Changes in release 1.0.0.beta3:
+
+1999-06-03 Changed the test requestst to be more realistic. (pb)
+1999-06-02 squdiGuard takes a new commandline argument:
+ -t yyyy-mm-ddTHH:MM:SS, and uses the value to -t in every
+ time calculation in squidGuard. With this you can easily
+ test your time blocks without altering the config all the
+ time. (leh)
+
+Changes in release 1.0.0.beta2:
+
+1999-05-31 The default acl block can take a log|logfile argument (leH)
+1999-05-31 A substitution in a rewrite block now can take a [rR]
+ argument in addition to [i]. With the lowercase r
+ squidGuard will return an 302 (redirect temporarily) code
+ in front of the rewritten url. And an 301 (redirect permanent)
+ with the uppercase R. (leh)
+1999-05-28 A src block can have a "userlist filename" command. (leh)
+1999-05-27 More cleaning in Makefiles.in and configure.in
+ Removed less portable :sh= dependencies
+ Added make tar (pb)
+1999-05-26 Completed the documentation (pb)
+1999-05-26 The global logfunctions now uses the same logfunctions
+ that the logfile command in the configfile. This means
+ one open filedescriptor per file. The file is also open
+ for writing aslong as squidGuard is running. (leh)
+1999-05-26 /dev/null as configfile will pass all (not seg fault) (leh)
+1999-05-25 configure now takes --with-sg-dbhome=DIR argument (leh)
+1999-05-20 src blocks can have a "iplist filename" command where the
+ ipaddresses of a src block is stored in the file "filename".
+ The file can look like this:
+ #
+ # iplist file for the admin src block
+ #
+ 1.2.3.4-1.2.3.10 # the managers
+ 1.2.4.0/24 # the servers
+ 1.2.5.3 1.2.6.0/255.255.255.0 #the rest (leh)
+1999-05-20 Added time support for the rewrite block (leh)
+1999-05-20 Added new log functionality. The source, destination and
+ rewrite blocks now take log|logfile commands. You can
+ write
+ src client {
+ user root
+ log anonymous /log/client.log
+ }
+
+ squidGuard will then log every redirects triggered by
+ the user root. The ident entry in the logfile will be "-". (leh)
+1999-05-19 dbfiles can have #comments (leh)
+1999-05-18 removed the hostpart stripping functionality from version
+ 0.0.9. Now only www[0-9]*, web[0-9]* and ftp[0-9]* will
+ be stripped from the hostpart of an url. (leh)
+1999-05-18 empty src blocks made some problems. Every src/dest block
+ is now terminated with a call to sgSourceEnd/sgDestEnd. The
+ functions check if a block is empty, and sets it to
+ innactive if that's the case. (leh)
+1999-05-18 fixed some very dangerous memmory allocations. I forgot to add
+ 1 to some of the strlen() calls. Thanks to Bruce Perens's
+ tool ElectricFence, for findig these ugly bugs so fast. (leh)
+1999-05-16 Added test and benchmark suite (pb)
+1999-05-16 Added test and benchmark suite (pb)
+1999-05-16 Added time logging for start, ready and stop to main.c (pb)
+1999-05-16 Reorganized the doc source in split files with
+ server side include (pb)
+1999-05-15 Added update uption and did some cleanup in the Makefiles.
+ Cleanup in the new samples/squidGuard.cgi. Now with
+ prototypes (pb)
+1999-05-12 Written a new heavily improved samples/squidGuard.cgi with
+ strict perl, subroutines, reverse lookup on
+ targetgroup=in-addr with optional auto redirect on 1-1 or
+ 1-N match, configurable multilingual messages and more.
+ Saved the old samples/squidGuard.cgi to
+ samples/squidGuard-simple.cgi as a simpler more straight
+ forward example (pb)
+1999-05-11 INSTALL now points to the online doc (pb)
+1999-05-11 Added make options dist, distribution, version,
+ readme and changelog (pb)
+1999-05-11 Added automatic update facility for doc/* from the
+ online versions via lynx (pb)
+1999-05-11 Renamed contrib/blocked.cgi samples/squidGuard.cgi (pb)
+1999-05-11 Done some code cleanup in contrib/blocked.cgi (pb)
+1999-05-11 Added in-addr hook in contrib/blocked.cgi (pb)
+1999-05-11 Added expires header in contrib/blocked.cgi (pb)
+1999-05-11 Fixed a minor (cosmetic) bug in sgParseRedirect
+ targetclass token %t now expands to
+ destgroup|none|in-addr|unknown (leh)
+
+Changes in release 1.0.0.beta1:
+
+1999-05-10 Added the latest documentation to the doc/ directory (pb)
+1999-05-10 Removed the out of date documentation from the README file (pb)
+1999-05-05 Removed the two last calls to scanf in parseLine (leh)
+1999-05-05 Rewrite will now fallback to the default acl's rewrite (leh)
+1999-05-05 Empty dbs will now be removed from memory. (leh)
+1999-04-23 Exchanged four strcmp functioncalls in sgAclAccess, with
+ two integer tests (leh)
+1999-04-21 Fixed minor bug in sgParseRedirect targetclass token %t
+ now expands to any,none and ipaddress (leh)
+1999-04-21 The pass command in an acl block got a new predefined
+ destination token "in-addr"
+
+ acl lan {
+ pass good !in-addr !adult any
+ }
+
+ all urls witch is not found in good or adult and the
+ hostpart is an ipaddress will be stopped. If the url does
+ not contains an ipaddress then squidGuard will continue
+ with the next token ("any" in this example) (leh)
+
+1999-04-30 New time function: (leh)
+
+ The config file can now take a new object; time <name>
+
+ The time object has to be configured before the src and
+ dest blocks
+
+ time workhours {
+ weekly mtwhf 08:00 - 16:00
+ 1999-12-24 08:00 - 12:00
+ 1999-06-10 - 1999-06-20
+ *-*-01 08:00 - 16:00 # every first in month
+ *-05-17 08:00 - 16:00 # every 17 may
+ }
+
+ the workhours object can now be used in the src and dest
+ block like this:
+
+ src lan {
+ ip ....
+ within workhours
+ }
+
+ dest good {
+ urllist -
+ outside workhours
+ }
+
+ or in the acl block
+
+ acl {
+ lan within workhours {
+ pass good !ipaddress !adult any
+ } else {
+ pass any
+ }
+
+ default {
+ ....
+ }
+ }
+
+Changes in release 0.9.11:
+
+1999-05-18 Added some ; in the yacc code, so yacc, not only bison
+ can compile. (leh)
+
+Changes in release 0.9.10:
+
+1999-04-07 If protocol is https squids sends a line to squidGuard
+ without the https:// in the url. Pre 0.9.10 squidGuard would
+ skip the line and log an error. Now squidGuard sets the
+ protocol to "unknown", and continues to parse the rest of the
+ line (leh)
+1999-03-31 fixed bug in parseLine (leh)
+
+Changes in release 0.9.9:
+
+1999-03-16 sgDbLoadTextFile will now strip user:pass, hostpart
+ and :port from the url before it's loaded into the db. So
+ user:passwd@www.yyy.xxx.com:80/~some/index.html will be
+ loaded as xxx.com/~some/index.html. The same goes for the
+ strippedurl in the SquidInfo struct. If a line in the urllist
+ begins with a '.', the hostpart of the url will be unchanged.
+ The line .abc.def.ghi.com:80/index.html in a urllist textfile
+ will be loaded as abc.def.ghi.com/index.html (leh)
+
+Changes in release 0.9.8:
+
+1999-03-15 Rewrite of the function parsing the url from squid.
+ the function will now take an url like
+ http://user:passwd@www.xxx.com:80/index.html
+ and normalize it to xxx.com (used in domainlist searches)
+ and xxx.com:80/index.html (used in urllist searches) (leh)
+1999-03-15 squidGuard will only lowercase the urlpart of the line
+ squid sends to squidGuard (GET where converted to get
+ pre 0.9.8) (leh)
+1999-03-12 Fixed bug in sgStrRncmp (leh)
+
+Changes in release 0.9.7:
+
+1999-03-10 Attempt to fix a problem with domains like xxx.com
+ and xxxx.com in domainfiles. Pre 0.9.7 may not find
+ the url http://aaa.xxx.com/ (leh)
+1999-03-09 Domain/url files can have trailing spaces (leh)
+1999-03-08 Any lines in domainfile or urlfile can have an optional
+ redirect field after the key (separted by space or tab). (leh)
+1999-03-08 A dest block can now take redirect and rewrite
+ directives as in the acl block. If both redirect and
+ rewrite is defined only redirect will be used. Both
+ directives will be triggered if one of domainlist, urllist
+ or expressionlist matches whith the destination url (leh)
+1999-03-08 squidGuard -v shows, beside the squidGuard version,
+ the BerkleyDB version (leh)
+1999-03-08 sgDbLoadTextFile and sgDestExpressionList now removes ^M
+ from end of line (leh)
+
+Changes in release 0.9.6:
+
+1999-02-24 Fixed bugs in sgLog.c (leh)
+1999-02-23 Fixed bug in configure.in checking db_version. (leh)
+1999-02-23 Default location of configfile is now
+ prefix/squidGuard/squidGuard.conf. You can change this
+ --with-sg-config= argument to configure. (leh)
+
+Changes in release 0.9.5:
+
+1999-02-22 Fixed a bug in our reverse-string-compare functions
+ Thanks to Gary Lindstrom (gplindstrom@exodus.nnc.edu)
+ for the patch (leh)
+1999-02-22 Now with configure script. Removed regex-0.12
+ distribution. Using native regexlib instead.
+1999-02-22 Changes in the directory structure (leh)
+1999-02-22 Fixed a couple of compiler warnings (leh)
+
+Changes in release 0.9.4:
+
+1999-02-01 Some minor changes in the README file (pb)
+1999-02-01 Somewhat stronger check of lines from squid (leh)
+1999-02-01 Db and Lines from squid is convertet to lowercase (leh)
+1999-02-01 Support for db-2.6.4 (leh)
+
+Changes in release 0.9.3:
+
+1999-01-04 Updated the sample adult database and README (pb)
+1998-12-18 Added Lex/Flex choice in the Makefile (pb)
+
+Changes in release 0.9.2:
+
+1998-12-07 Removed unnecessary lib dependencies from the Makefile (pb)
+ Added a more useful sample adult database (pb)
+ Changed sample.conf accordingly (pb)
+
+1998-10-18 Changed the sgLog time format to "%Y-%m-%d %T" (pb)
+
+Changes in release 0.9.1:
+
+1998-10-12 Fixed problems with db 2.4.14 (leh)
+ Added version.h (pb)
+ Added -v option to print version number and exit (pb)
143 CONFIGURATION
@@ -0,0 +1,143 @@
+ Another squidguard website
+
+ [1]Home [2]Documentation [3]Download [4]Blacklists [5]Useful stuff
+ [6]Installation [7]Basic Configuration [8]Extended Configuration
+ [9]Known Issues
+
+ Basic Configuration of SquidGuard
+
+ Once SquidGuard is successfully installed, you want to configure the
+ software according to your needs. A sample configuration has been
+ installed in the default directory /usr/local/squidGuard (or whatever
+ directory you pointed you intallation to).
+ Below you find three examples for the basic configuration of
+ SquidGuard.
+ 1. Most simple configuration
+
+ Most simple configuration: one category, one rule for all
+#
+# CONFIG FILE FOR SQUIDGUARD
+#
+
+dbhome /usr/local/squidGuard/db
+logdir /usr/local/squidGuard/logs
+
+dest porn {
+ domainlist porn/domains
+ urllist porn/urls
+ }
+
+acl {
+ default {
+ pass !porn all
+ redirect http://localhost/block.html
+ }
+ }
+
+ Make always sure that the very first line of your squidGuard.conf
+ is not empty!
+ The entries have the following meaning:
+
+ dbhome Location of the blacklists
+ logdir Location of the logfiles
+ dest Definition of a category to block. You can enter the domain and
+ url file along with a regular expression list (talk about regular
+ expressions later on).
+ acl The actual blocking defintion. In our example only the default is
+ displayed. You can have more than one acl in place. The category porn
+ you defined in dest is blocked by the expression !porn. You have to add
+ the identifier all after the blocklist or your users will not be able
+ to surf anyway.
+ The redirect directive is madatory! You must tell SquidGuard which page
+ to display instead of the blocked one.
+ 2. Choosing more than one category to block
+ First you define your categories. Just like you did above for porn.
+ For example:
+
+ Defining three categories for blocking
+dest adv {
+ domainlist adv/domains
+ urllist adv/urls
+}
+dest porn {
+ domainlist porn/domains
+ urllist porn/urls
+}
+dest warez {
+ domainlist warez/domains
+ urllist warez/urls
+}
+
+ Now your acl looks like that:
+
+acl {
+ default {
+ pass !adv !porn !warez all
+ redirect http://localhost/block.html
+ }
+}
+
+ 3. Whitelisting
+ Sometimes there is a demand to allow specific URLs and domains
+ although they are part of the blocklists for a good reason. In this
+ case you want to whitelist these domains and URLs.
+
+ Defining a whitelist
+dest white {
+ domainlist white/domains
+ urllist white/urls
+}
+
+acl {
+ default {
+ pass white !adv !porn !warez all
+ redirect http://localhost/block.html
+ }
+}
+
+ In this example we assumed that your whitelists are located in a
+ directory called white whithin the blacklist directory you
+ specified with dbhome.
+ Make sure that your white identifier is the first in the row of the
+ pass directive. It must not have an exclamation mark in front
+ (otherwise all entries belonging to white will be blocked, too).
+ 4. Initializing the blacklists
+ Before you start up your squidGuard you should initialize the
+ blacklists i.e. convert them from the textfiles to db files. Using
+ the db format will speed up the checking and blocking.
+ The initialization is performed by the following command:
+
+ Initializing the blacklists
+squidGuard -C all
+
+ Depending on the size of your blacklists and the power of your
+ computer this may take a while. If anything is running fine you
+ should see something like the following output:
+
+2006-01-29 12:16:14 [31977] squidGuard 1.2.0p2 started (1138533256.959)
+2006-01-29 12:16:14 [31977] db update done
+2006-01-29 12:16:14 [31977] squidGuard stopped (1138533374.571)
+
+ If you look into the directories holding the files domains and urls
+ you see that additional files have been created: domains.db and
+ urls.db. These new files must not be empty!
+ Only those files are converted you specified to block or whitelist
+ in your squidGuard.conf file.
+ Proceed with: [10]Extended Configuration of SquidGuard
+ ______________________________________________________________
+
+ Mirko Lorenz - mirko at shalla.de
+ 29.01.2006
+
+References
+
+ 1. http://www.squidguard.org/index.html
+ 2. http://www.squidguard.org/Doc/index.html
+ 3. http://www.squidguard.org/download.html
+ 4. http://www.squidguard.org/blacklists.html
+ 5. http://www.squidguard.org/addsoft.html
+ 6. http://www.squidguard.org/Doc/install.html
+ 7. http://www.squidguard.org/Doc/configure.html
+ 8. http://www.squidguard.org/Doc/extended.html
+ 9. http://www.squidguard.org/Doc/known_issues.html
+ 10. http://www.squidguard.org/Doc/extended.html
15 COPYING
@@ -0,0 +1,15 @@
+By accepting this notice, you agree to be bound by the following
+agreements:
+
+This software product, squidGuard, is copyrighted (C) 2006 by
+Shalla Secure Services, Gauting, Germany, with all rights reserved.
+
+This program is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License (version 2) as
+published by the Free Software Foundation. It is distributed in the
+hope that it will be useful, but WITHOUT ANY WARRANTY; without even the
+implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE. See the GNU General Public License (GPL) for more details.
+
+You should have received a copy of the GNU General Public License
+(GPL) along with this program.
242 FAQ
@@ -0,0 +1,242 @@
+ The squidGuard FAQ
+ squidGuard is an ultrafast and free filter, redirector and access
+ controller for Squid
+ Originally created by P�l Baltzersen and Lars Erik H�land
+ Maintained by Christine Kronberg.
+ Copyright � 2006-2007, Shalla Secure Services
+
+ FAQ - Frequently Asked/Answered Questions
+
+ This is out of date. Have a look at http://www.maynidea.com/squidguard/faq-plus.html
+
+ Currently in semirandom order:
+ 1.
+
+ Is there a mailing list for squidGuard?
+ Yes! See www.shalla.de/mailman/squidguard/.
+
+ 2.
+
+ squidGuard does not block?
+ There my be at least 2 reasons for this:
+
+ 1. You didn't end your pass rules with "none". Pass rules
+ ends with an implicit "all". It is good practice to
+ allways en the pass rules with either "all" or "none" to
+ make them clear. Ie. use:
+ pass good none
+ or
+ pass good !bad all
+ 2. squidGuard goes into emergency mode. Reasons may be
+ syntax errors in the config file, reference to non
+ existing database files, filprotection problems or
+ missing directories. Check the squidGuard log.
+ Note:When run under Squid, squidGuard is run with the
+ same user and group ID as Squid (cache_effective_user
+ and cache_effective_group in squid.conf). The squidGuard
+ configuration and database files must be readable for
+ this user and/or group and the squidGuard log directory
+ must be writable for this user and/or group. If not
+ squidGuard will go into the "pass all for all" emergency
+ mode.
+
+ 3.
+
+ How do I debug squidGuard?
+ Do something like this:
+ echo "http://foo/bar 10.0.0.1/- - GET" | /usr/local/bin/s
+ quidGuard -c /tmp/test.cfg -d
+ This redirects the log to stderr. The response is either
+ a blank line (pass on) or a the input with the URL part
+ rewritten (redirect).
+
+ 4.
+
+ How can I block audio and video?
+ Use an [11]expressionlist with something like this:
+ \.(ra?m|mpe?g?|mov|movie|qt|avi|dif|dvd?|mpv2|mp3)($|\?)
+
+
+
+ 5.
+
+ How can I test timeconstraints
+ You can set a simulated start time with the
+ -t yyyy-mm-ddTHH:MM:SS option:
+
+ squidGuard -c test.conf -t 1999-12-31T23:59:30 -d <
+ test.in>test.out 2>test.log
+
+ With the -t option squidGuard parses the given date&time
+ and calculates an offset from the current time at startup
+ and then adds this offset to all timevalues during
+ runtime.
+
+ 6.
+
+ squidGuard compiles fine and the tests succeed, but it seems to
+ pass all when run under Squid
+ There may be at leaste two reasons for this:
+
+ o Some versions of Squid (supposedly 2.2.*) silently
+ ignores argumets to the right of
+ redirect_program prefix/bin/squidGuard. Solutions are
+ one of:
+ # Set the actual config file location at
+ [13]compiletime with --with-sg-config
+ # Use a shell wraper with
+ redirect_program prefix/bin/squidGuard.sh and make
+ prefix/bin/squidGuard.sh an executable shell like:
+
+ #! /bin/sh -
+ exec prefix/bin/squidGuard -c whatever/
+ squidGuard.conf
+
+ o When run under Squid, squidGuard is run with the same
+ user and group ID as Squid (cache_effective_user and
+ cache_effective_group in squid.conf). The squidGuard
+ configuration and database files must be readable for
+ this user and/or group and the squidGuard log directory
+ must be writable for this user and/or group. If not
+ squidGuard will go into the "pass all for all" emergency
+ mode.
+
+ 7.
+
+ compilation of sg.l on fails with "sg.l:line ...: Error: Too many
+ positions" with native lex
+ Some native versions of lex have problems with sg.l. The
+ solution is to use [14]GNU flex wich is better anyway. Do
+ "setenv LEX flex" if configure selects the native lex
+ before flex. Flex should compile right out of the box
+ similar to other GNU programs. (Thanks to
+ laurent.foulonneau@mail.loyalty.nc).
+
+ 8.
+
+ Can I use proxy authenticated user the same way as RFC931/Ident
+ user?
+ Yes.
+
+ 9.
+
+ Can I manipulate domains.db and urls.db from Perl?
+ Yes, but you must bind custom comparefunctions. Also note
+ the domains are stored with a leading ".":
+
+ use DB_File;
+
+ sub mirror($) {
+ scalar(reverse(shift));
+ }
+
+ sub domainmatch($$) {
+ my $search = mirror(lc(shift));
+ my $found = mirror(lc(shift));
+ if ("$search." eq $found) {
+ return(0);
+ } else {
+ return(substr($search,0,length($found)) cmp $found);
+ }
+ }
+
+ sub urlmatch($$) {
+ my $search = lc(shift) . "/";
+ my $found = lc(shift) . "/";
+ if ($search eq $found) {
+ return(0);
+ } else {
+ return(substr($search,0,length($found)) cmp $found);
+ }
+ }
+
+ my (%url,%domain);
+
+ $DB_BTREE->{compare} = \&urlmatch;
+ my $url_db = tie(%url, "DB_File", "urls.db", O_CREAT|O_RDWR, 0664, $DB_
+BTREE)
+ || die("urls.db: $!\n");
+
+ $DB_BTREE->{compare} = \&domainmatch;
+ my $domain_db = tie(%domain, "DB_File", "domains.db", O_CREAT|O_RDWR, 0
+664, $DB_BTREE)
+ || die("domains.db: $!\n");
+
+ # Now you can operate on %url and %domain just as normal perl hashes:)
+ # Add "playboy.com" to the domainlist unless it's already there:
+ $domain{".playboy.com"} = "" unless(exists($domain{"playboy.com"}));
+ # or use the DB_File functions put, get, del and seq:
+ # Add "sex.com" and "dir.yahoo.com/business_and_economy/companies/sex"
+ # and delete "cnn.com":
+ $domain_db->put(".sex.com","") unless(exists($domain{"sex.com"}));
+ $domain_db->sync; # Seems to only sync the last change.
+ $domain_db->del("cnn.com") if(exists($domain{"cnn.com"}));
+ $domain_db->sync; # Seems to only sync the last change.
+ $url_db->put("xyz.com/~sex","") unless(exists($url{"xyz.com/~sex"}));
+ $url_db->sync; # Seems to only sync the last change.
+
+ $url_db->sync; # Seems to only sync the last change.
+ $domain_db->sync; # Seems to only sync the last change.
+ undef($url_db); # Destroy the object
+ undef($domain_db); # Destroy the object
+ untie(%url); # Sync and close the file and undef the hash
+ untie(%domain); # Sync and close the file and undef the hash
+
+ See the perltie(1) and DB_File(3) man pages that comes
+ with Perl for more info.
+
+ 10.
+
+ How can I list domains.db or urls.db from Perl?
+ Use a script like this:
+
+ #!/local/bin/perl -w
+ use strict;
+ use DB_File;
+
+ foreach (@ARGV) {
+ my (%db, $key, $val);
+ die("$_: $!\n") unless(-f);
+ tie(%db, "DB_File", $_, O_RDONLY, 0664, $DB_BTREE) || die("$_: $!\n")
+;
+ foreach $key (keys(%db)) {
+ if($val = $db{$key}) {
+ $val = "\"$val\"";
+ } else {
+ $val = "undef";
+ }
+ print "$key -> $val\n";
+ }
+ untie(%db);
+ }
+
+ See the perltie(1) and DB_File(3) man pages that comes
+ with Perl for more info.
+
+ 11.
+
+ How can I get around "make: don't know how to make /bin/false.
+ Stop"?
+ Your system does not have lynx and not /bin/false either:
+ If it has /usr/bin/false do:
+
+ # ln -s ../usr/bin/false /bin/.
+
+ Alternatively:
+
+ # echo exit 255 >/bin/false
+ # chmod a+rx /bin/false
+
+ If you have questions and/or answers that should be on the FAQ list
+ please send them to sg-bugs (at) squidguard.org
+ ____________________________
+
+
+References
+
+ 1. http://www.squidguard.org/
+ 2. http://www.squid-cache.org/
+ 4. http://www.squidguard.org/Doc/
+ 5. http://www.gnu.org/
+ 6. http://www.perl.com/
+ 7. http://www.squid-cache.org/
340 GPL
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) 19yy <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) 19yy name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
81 INSTALL
@@ -0,0 +1,81 @@
+ SquidGuard
+
+ [1]Home [2]Documentation [3]Download [4]Blacklists [5]Useful stuff
+ [6]Installation [7]Basic Configuration [8]Extended Configuration
+ [9]Known Issues
+
+ Installing SquidGuard
+
+ 1. Unpack the source
+
+ tar xvzf squidGuard-1.2.0.tar.gz
+
+ 2. Compiling
+ Let's assume it is squidGuard-1.2.0 we are trying to install:
+
+ cd squidGuard-1.2.0
+ ./configure
+ make
+
+ If no errors occurred squidGuard is now installed in /usr/local/.
+ There are a couple of option you can use when running .configure.
+ For example:
+
+ Installing in a different location
+ ./configure --prefix=/some/other/directory
+
+ BerkeleyDB not in /usr/local/BerkeleyDB installed
+ ./configure --with-db=/directory/of/BerkeleyDB/installation
+
+ Annotation: Make sure that the shared library of your BerkeleyDB
+ installation is known by your system (check /etc/ld.so.conf).
+
+ See all .configure options
+ ./configure --help
+
+ 3. Installing
+
+ su -
+ make install
+
+ 4. Installing the blacklists
+ Copy your blacklists into the desired blacklist directory (default:
+ /usr/local/squidGuard/db) and unpack them. In the table below we
+ assume that the default location is used. Make sure that you have
+ the proper permissions to write to that directory.
+
+ cp /path/to/your/blacklist.tar.gz /usr/local/squidGuard/db
+ cd /usr/local/squidGuard/db
+ gzip -d blacklist.tar.gz
+ tar xfv blacklist.tar
+
+ Now the blacklists should be ready to use.
+
+ Congratulation. You have just completed the installation of squidGuard.
+ The next step is to configure the software according to your needs.
+ First start configuring SquidGuard. After you verified that SquidGuard
+ is working fine, make the required modification to your Squid by adding
+ the following line:
+
+ redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.
+conf
+
+ The other way round will make you unhappy.
+ Proceed with: [10]Basic Configuration of SquidGuard
+ __________________________________________________________________
+
+ Mirko Lorenz - mirko at shalla.de
+ 30.11.2006
+
+References
+
+ 1. http://www.squidguard.org/index.html
+ 2. http://www.squidguard.org/Doc/index.html
+ 3. http://www.squidguard.org/download.html
+ 4. http://www.squidguard.org/blacklists.html
+ 5. http://www.squidguard.org/addsoft.html
+ 6. http://www.squidguard.org/Doc/install.html
+ 7. http://www.squidguard.org/Doc/configure.html
+ 8. http://www.squidguard.org/Doc/extended.html
+ 9. http://www.squidguard.org/Doc/known_issues.html
+ 10. http://www.squidguard.org/Doc/configure.html
46 ISSUES.txt
@@ -0,0 +1,46 @@
+Known issues:
+=============
+
+Check /www2.squidguard.org/cgi-bin/bugs/query.cgi for more accurate information.
+
+----------------------------------------------------------------------
+
+- squidGuard 1.4-alpha and below:
+ Compilation error with BerkeleyDB 4.7
+
+ Reason:
+ Some old stuff has (finally) been removed from the db sources. SquidGuard
+ unfortunately still uses the old syntax (historical reasons).
+
+ Fix/Workaround:
+ BerkeleyDB up to version 4.6 is known to work properly.
+ Will be fixed in the next version.
+
+ Annotation:
+ There are also messages from users working with BerkeleyDB 4.7 without
+ problems.
+
+----------------------------------------------------------------------
+
+- squidGuard 1.2.1-beta under Windows (with LDAP support configured):
+ A linker error has been reported:
+
+ld.exe: symbol `_yyin' defined more than once in lex.yy.o
+make[1]: *** [squidGuard] Error 1
+make[1]: Leaving directory
+`/squidguardsrc/121beta/squidguard-1.2.1-beta/src'
+make: *** [all] Error 1
+
+ Reason: Flex generates code that has two lines for defining yyin
+ (flex is doing this at least since 2001).
+ While this makes no problems on Unix the Windows linker
+ dislikes that.
+ Remedy: Comment the following in lex.yy.c out
+ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
+ Compile lex.yy.c manually and link the object files
+ manually.
+
+----------------------------------------------------------------------
+
+
+
133 Makefile.in
@@ -0,0 +1,133 @@
+SHELL=/bin/sh
+.SUFFIXES:
+.SUFFIXES: .c .o .pl .pm .pod .html .man
+
+PERL = @PERL@
+
+CC = @CC@
+CFLAGS = @CFLAGS@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBS = @LIBS@
+
+RM = rm -f
+MKINSTALLDIRS = mkdir -p
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = $(exec_prefix)/bin
+infodir = $(prefix)/info
+logdir = @sg_logdir@
+configfile = @sg_config@
+dbhomedir = @sg_dbhome@
+SQUIDUSER = @squiduser@
+
+SUBDIRS = src test samples contrib
+INSTALL_TARGETS = install-conf install-build
+
+all::
+ @echo making $@ in `basename \`pwd\``
+
+all update clean distclean realclean::
+ @for subdir in $(SUBDIRS); do \
+ (cd $$subdir && $(MAKE) $(MAKEDEFS) $@) || exit 1; \
+ done
+
+test::
+ @echo making $@ in `basename \`pwd\``
+ (cd $@ && $(MAKE) $(MAKEDEFS) $@)
+
+#
+# Dependencies for installing
+#
+
+install: install-build install-conf
+
+install-conf:
+ @echo Installing configuration file ;
+ @if [ ! -d $(prefix)/squidGuard ]; then \
+ $(MKINSTALLDIRS) $(prefix)/squidGuard ; \
+ echo Created directory $(prefix)/squidGuard ; \
+ chown -R $(SQUIDUSER) $(prefix)/squidGuard || exit 1 ; \
+ echo Assigned $(prefix)/squidGuard to user $(SQUIDUSER) ; \
+ fi ;
+ @if [ ! -d $(dbhomedir) ]; then \
+ $(MKINSTALLDIRS) $(dbhomedir) ; \
+ echo Created directory $(dbhomedir) ; \
+ chown -R $(SQUIDUSER) $(dbhomedir) || exit 1 ; \
+ echo Assigned $(dbhomedir) to user $(SQUIDUSER) ; \
+ fi ;
+ @if [ ! -d $(logdir) ]; then \
+ $(MKINSTALLDIRS) $(logdir) ; \
+ echo Created directory $(logdir) ; \
+ chown -R $(SQUIDUSER) $(logdir) || exit 1 ; \
+ echo Assigned $(logdir) to user $(SQUIDUSER) ; \
+ fi ;
+ @if [ ! -d `dirname $(configfile)` ]; then \
+ umask 022 ; \
+ mkdir -p `dirname $(configfile)` ; \
+ echo No configuration directory found. Created `dirname $(configfile)`. ; \
+ fi;
+ @if test ! -f $(configfile); then \
+ cp samples/sample.conf $(configfile) || exit 1 ; \
+ echo Copied sample squidGuard.conf ; \
+ chmod 644 $(configfile) || exit 1 ; \
+ echo $(configfile) is now readable ; \
+ echo The initial configuration is complete. ; \
+ else \
+ echo Configuration file found. Not changing anything ; \
+ fi;
+ @echo ;
+ @echo Congratulation. SquidGuard is sucessfully installed. ;
+ @echo ;
+
+install-build:
+ @echo Installing squidGuard
+ @if [ ! -d $(bindir) ]; then \
+ $(MKINSTALLDIRS) $(bindir) ; \
+ fi ; \
+ cp src/squidGuard $(bindir) || exit 1 ; \
+ echo Done. ;
+
+clean::
+ @echo making $@ in `basename \`pwd\``
+ $(RM) *~ *.bak core *.log *.error
+
+realclean::
+ @echo making $@ in `basename \`pwd\``
+ $(RM) *~ *.bak core
+ $(RM) TAGS *.orig
+
+distclean::
+ @echo making $@ in `basename \`pwd\``
+ $(RM) *~ *.bak core
+ $(RM) TAGS *.orig
+ $(RM) Makefile config.h config.status config.log config.cache
+
+version:: src/version.h
+ @echo making $@ in `basename \`pwd\``
+ cp -p src/version.h src/version.h~
+ sed 's/^#define VERSION .*/#define VERSION "@VERSION@"/' <src/version.h~ >src/version.h \
+ || mv -f src/version.h~ src/version.h
+ -cmp -s src/version.h~ src/version.h && mv -f src/version.h~ src/version.h || :
+ $(RM) src/version.h~
+
+update:: announce readme changelog
+ @echo making $@ in `basename \`pwd\``
+
+announce:: ANNOUNCE
+ @echo making $@ in `basename \`pwd\``
+ test -d @FTPDIR@ && ( cmp -s ANNOUNCE @FTPDIR@/ANNOUNCE || \
+ $(INSTALL_DATA) ANNOUNCE @FTPDIR@/ANNOUNCE )
+
+readme:: README
+ @echo making $@ in `basename \`pwd\``
+ test -d @FTPDIR@ && ( cmp -s README @FTPDIR@/README || \
+ $(INSTALL_DATA) README @FTPDIR@/README )
+
+changelog:: CHANGELOG
+ @echo making $@ in `basename \`pwd\``
+ test -d @FTPDIR@ && ( cmp -s CHANGELOG @FTPDIR@/CHANGELOG || \
+ $(INSTALL_DATA) CHANGELOG @FTPDIR@/CHANGELOG )
29 README
@@ -0,0 +1,29 @@
+The official squidGuard homepage is:
+
+ http://www.squidguard.org/
+
+ What it is
+ ~~~~~~~~~~
+
+squidGuard is a free (GPL), flexible and ultra fast filter, redirector
+and access controller plugin for squid. It lets you define multiple
+access rules with different restrictions for different user groups on
+a squid cache. squidGuard uses squid's standard redirector interface.
+
+
+ Authors
+ ~~~~~~~
+
+The initial squidGuard concept was designed by P�l Baltzersen and was
+implemented and was maintained and extended by Lars Erik H�land at
+ElTele �st AS.
+Since December 2006 squidGuard is maintained by Shalla Secure Services.
+
+
+ Distribution
+ ~~~~~~~~~~~~
+
+squidGuard is distributed by Shalla Secure Services under GPLv2 and may
+therefore be freely used and distributed according to the conditions of
+the licence.
+
159 README.LDAP
@@ -0,0 +1,159 @@
+(LDAP functionality provided by applying the ldap patch from Chris Frey
+ Extended for source IP address support by Denis Bonnenfant)
+
+
+LDAP User and Source IP Grouping Support:
+-----------------------------------------
+
+Squidguard now searches LDAP using specified LDAP search URLs whenever
+a username or an IP address is not found in an existing user list. The
+three new keywords in the squidguard.conf file that enable this are as
+follows:
+
+ ldapusersearch This keyword goes in the Source {} config block, and
+ specifies an LDAP URL to use to search for an unknown
+ user name.
+
+ You can specify multple LDAP URLs per Source block.
+
+ Use '%s' to reference the username in your LDAP URL.
+
+ If the search returns a record, the user is considered
+ "found", otherwise the next URL in the same Source
+ block is tried.
+
+ Squidguard caches the "found" state of each search,
+ even when a user name is not found. The cache
+ is valid for ldapcachetime seconds.
+
+
+ ldapipsearch This keyword goes in the Source {} config block, and
+ specifies an LDAP URL to use to search for a source ip.
+
+ You can specify multple LDAP URLs per Source block.
+
+ Use '%s' to reference the ip in your LDAP URL.
+
+ If the search returns a record, the ip is considered
+ "found", otherwise the next URL in the same Source
+ block is tried.
+
+ Squidguard caches the "found" state of each search,
+ even when an ip is not found. The cache
+ is valid for ldapcachetime seconds.
+
+
+ ldapcachetime This global keyword specifies the number of seconds
+ to cache LDAP search results before contacting
+ the LDAP server again. This keyword is global and
+ must go outside any Source/Destination/Rule blocks.
+
+ Setting this value to a reasonably low value can
+ allow simulation of near-realtime user groupings
+ in LDAP without restarting squidguard.
+
+ Recommended value: 300
+
+ ldapbinddn This global keyword specifies the DN to bind to
+ the LDAP server as.
+
+ ldapbindpass Password to bind to the LDAP server. This is a
+ global keyword.
+
+ ldapprotover LDAP protocol version. This is a global keyword.
+ Use this to force squidguard to connect to the
+ LDAP server with a certain protocol version. If
+ unable to use the specified protocol version,
+ squidguard will enter emergency mode.
+
+ Valid values: 2 or 3
+
+
+
+Programmatic User Lists:
+------------------------
+
+Instead of putting a list of users in a file, you can now run a program
+or script to list users on stdout. This user list behaves exactly like
+a regular userlist, loaded at start time, and stored in memory statically.
+
+ execuserlist This keyword goes in the Source {} block, and
+ specifies a command to run that will write a list
+ of usernames on stdout.
+
+
+Supported LDAP URL extensions:
+------------------------------
+
+According to the available LDAP RFC's, there is only one defined extension,
+called "bindname". This extension can be used to define a DN to bind with,
+on a per-URL basis.
+
+The format of such an URL is rather hideous, since commas are used to
+separate both the extensions in the URL and the elements of the DN.
+To handle this, commas separating the URL extensions are real commas, while
+the commas in the DN are defined with hex codes. (Hex %2c is a comma)
+
+Example:
+
+ ldap://ldap.example.com/ou=groups,dc=example,dc=com\
+ ?homeDirectory?sub?(uid=cdfrey)\
+ ?bindname=cn=cdfrey%2cdc=example%2cdc=com,x-bindpass=password
+
+The above example shows multiple extensions specified in one URL.
+
+As it happens, both of those extensions are supported in the LDAP patch,
+and have the following meanings:
+
+ bindname As specified in RFC2255, this extension defines
+ the DN name to use during the bind to the LDAP
+ server.
+
+ x-bindpass As specified in RFC2255, extensions starting with
+ "x-" are user defined. This extension allows the
+ URL to define the password required to bind to
+ the LDAP server.
+
+Both of these extensions override the global defaults "ldapbinddn" and
+"ldapbindpass" (see above).
+
+
+
+Example Configuration:
+----------------------
+
+
+Below is an example squidguard.conf file, showing the various user list
+options:
+
+------------------- Example squidguard.conf snippet ------------------------
+
+dbhome /var/lib/squidguard
+logdir /var/log/squidguard
+
+# ldap cache time in seconds
+ldapcachetime 300
+
+ldapbinddn cn=root, dc=example, dc=com
+ldapbindpass secret
+
+src INTERNAL_LAN {
+ ip 192.168.0.0/24 127.0.0.1
+ within workhours
+ user dave,chris,john, marconi
+ # uses the default binddn and bindpass above
+ ldapusersearch ldap://ldap.example.com/cn=squidguardusers,ou=groups,dc=example,dc=com?memberUid?sub?(&(objectclass=posixGroup)(memberUid=%s))
+ ldapipsearch ldap://ldap.example.com/ou=computers,dc=example,dc=com?iphostnumber?sub?(&(objectclass=iphost)(iphostnumber=%s))
+
+ execuserlist sed "s/:.*$//" /etc/passwd
+ log internal_lan
+}
+
+------------------------------ End snippet ---------------------------------
+
+By: Chris Frey
+<cdfrey@netdirect.ca>
+2004/09/29
+
+LDAPIp by ldapip : Denis Bonnenfant, 2007.
+
34 README.QuotedStrings
@@ -0,0 +1,34 @@
+Starting with squidGuard 1.5 you can use quotes in the configuration file.
+
+A quoted string is surrounded by double quotes ("") and can contain \n
+\r \a \b \t \" and \xXX (to introduce a character by its hexadecimal
+value). The string can be split across lines by ending a line with a \
+(in which case the newline is ignored) or if you don't end the line with
+a \ the newline will be kept.
+
+Quoted strings cn be used with the following directives in the configuration
+file:
+
+dbhome
+logdir
+ldapbindpass
+mysqlusername
+mysqlpassword
+mysqldb
+domainlist
+urllist
+expressionlist
+rewrite
+logfile
+userlist
+iplist
+domain
+user
+
+All other directives must be used without quotes.
+ATTENTION: If you use the user directive with quoted_strings, only usernames
+with less than 16 characters will be treated correctly.
+
+Special thanks to Iain Fothergill for submitting the patch for this
+feature.
+
7,649 configure
7,649 additions, 0 deletions not shown because the diff is too large. Please use a local Git client to view these changes.
6,751 configure-old
6,751 additions, 0 deletions not shown because the diff is too large. Please use a local Git client to view these changes.
504 configure.in
@@ -0,0 +1,504 @@
+dnl
+dnl Autoconf configuration for squidGuard
+dnl
+
+AC_INIT(src/main.c)
+AC_CONFIG_HEADER(src/config.h)
+
+dnl
+dnl Checks for programs.
+dnl
+AC_PROG_CC
+AC_PROG_CPP
+AC_PROG_MAKE_SET
+AC_PROG_INSTALL
+AC_PROG_YACC
+AC_PROG_LEX
+AC_PATH_PROG(LYNX,lynx,false,$PATH:/usr/bin:/usr/local/bin/:/local/bin:/local/perl/bin:/usr/local/perl/bin)
+AC_PATH_PROG(PERL,perl,no,$PATH:/usr/bin:/usr/local/bin/:/local/bin:/local/perl/bin:/usr/local/perl/bin)
+if test $PERL = no; then
+ echo
+ echo "** No Perl found in the PATH. Perl is required"
+ echo " for squidGuard.cgi to work "
+ echo
+fi
+
+squiduser=squid
+NOLOG1=
+NOLOG2=
+ldap_yacc=""
+sg_config=/usr/local/squidGuard/squidGuard.conf
+sg_dbhome=/usr/local/squidGuard/db
+sg_logdir=/usr/local/squidGuard/log
+sg_cfgdir=/usr/local/squidGuard
+syslog_facility=LOCAL4
+dbprefix=/usr/local
+ldapprefix=/usr
+
+default_directory="/usr /usr/local"
+
+db_lib=-L$dbprefix/BerkeleyDB/lib
+db_inc=-I$dbprefix/BerkeleyDB/include
+ldap_lib=-L$ldapprefix/lib
+ldap_inc=-I$ldapprefix/include
+
+AC_DEFUN(FAIL_MESSAGE,[
+ echo
+ echo
+ echo "**********************************************"
+ echo " ERROR: unable to find" $1
+ echo " checked in the following places"
+ echo " "
+ echo " /usr /usr/local"
+ echo " "
+ echo "**********************************************"
+ echo
+ exit 1
+])
+
+dnl
+dnl Handle command line arguments
+dnl
+
+AC_ARG_WITH(db,
+ [ --with-db=DIR location of the Berkley DB distribution],
+ db_distribution=$withval)
+
+if test -n "$db_distribution"; then
+ db_lib="-L${db_distribution}/lib"
+ db_inc="-I${db_distribution}/include"
+fi
+
+AC_ARG_WITH(db_lib,
+ [ --with-db-lib=DIR location of the Berkley DB library],
+ [db_lib="-L${withval}"])
+AC_ARG_WITH(db_inc,
+ [ --with-db-inc=DIR location of the Berkley DB include files],
+ [db_inc="-I${withval}"])
+
+AC_ARG_WITH(sg_config,
+ [ --with-sg-config=FILE location of squidGuard config file],
+ sg_config=$withval)
+
+AC_ARG_WITH(sg_logdir,
+ [ --with-sg-logdir=DIR location of squidGuard log file],
+ sg_logdir=$withval)
+
+AC_ARG_WITH(sg_dbhome,
+ [ --with-sg-dbhome=DIR location of squidGuard db dirs],
+ sg_dbhome=$withval)
+
+AC_ARG_WITH(nolog,
+ [ --with-nolog=ARG supress logging except for start and stop messages (default: ARG=no)],
+ nolog=$withval )
+
+AC_ARG_WITH(syslog,
+ [ --with-syslog=ARG send log messages to syslog for logging (default: ARG=no)],
+ syslog=$withval )
+
+AC_ARG_WITH(syslog_facility,
+ [ --with-syslog-facility=FAC use FAC as syslog facility (default: FAC=LOCAL4)],
+ syslog_facility=$withval )
+
+AC_ARG_WITH(squiduser,
+ [ --with-squiduser=USER do set squid user to USER (default: squid)],
+ squiduser=$withval)
+
+AC_ARG_WITH(ldap, AC_HELP_STRING([--with-ldap], [use ldap for authentication (default: no ldap)]))
+
+AC_ARG_WITH(ldap_lib,
+ [ --with-ldap-lib=DIR location of the LDAP library],
+ [ldap_lib="-L${withval}"])
+
+AC_ARG_WITH(ldap_inc,
+ [ --with-ldap-inc=DIR location of the LDAP include files],
+ [ldap_inc="-I${withval}"])
+
+
+if test -n "$sg_config"; then
+ AC_DEFINE(ACCONFIG, 1, [Defined if you supply --with-sg-config])
+changequote(, )dnl
+ sg_cfgdir=`echo $sg_config|sed "s%/[^/][^/]*$%%"`
+changequote([, ])dnl
+fi
+
+if test -n "$sg_logdir"; then
+ AC_DEFINE(ACLOGDIR, 1, [Defined if you supply --with-sg-logdir])
+fi
+
+if test -n "$sg_dbhome"; then
+ AC_DEFINE(ACDBHOME, 1, [Defined if you supply --with-sg-dbhome])
+fi
+
+CFLAGS="$CFLAGS $db_inc $ldap_inc"
+CXXFLAGS="$CXXFLAGS $db_inc $ldap_inc"
+CPPFLAGS="$CPPFLAGS $db_inc $ldap_inc"
+LDFLAGS="$LDFLAGS $db_lib $ldap_lib"
+
+dnl
+dnl Checks for header files.
+dnl
+
+AC_HEADER_STDC
+AC_CHECK_HEADERS(db.h regex.h unistd.h)
+
+AC_CHECK_HEADER(db.h,,[
+ echo
+ echo "** No db.h found"
+ echo " The Berkley DB library is required for squidGuard"
+ echo " to compile. Get it from http://www.oracle.com"
+ echo " use --with-db=DIR or --with-db-inc=DIR to specify"
+ echo " its location. (default is $dbprefix/BerkeleyDB)"
+ echo
+ exit 1
+ ])
+
+if test $HAVE_REGEX.H = no; then
+ echo
+ echo "** No regex.h found"
+ echo " The regexp library is required for squidGuard"
+ echo " to compile. Get it from http://www.gnu.org"
+ echo
+ exit 1
+fi
+
+dnl
+dnl Checks if runtime logmessages shall be suppressed.
+dnl
+AC_ARG_WITH(nolog)
+if test "$nolog" = "yes" -o "$nolog" = "true"; then
+echo "checking suppress runtime logging... yes"
+NOLOG1="/* nolog option set:"
+NOLOG2="*/"
+else
+echo "checking suppress runtime logging... no"
+fi
+
+dnl
+dnl Checks if logmessages shall be send to syslog.
+dnl
+AC_ARG_WITH(syslog)
+if test "$syslog" = "yes" -o "$syslog" = "true"; then
+AC_CHECK_HEADER(syslog.h,,[
+ echo
+ echo "** No syslog.h found"
+ echo " You cannot use syslog for logging."
+ echo
+ exit 1
+ ])
+echo "checking syslog for logging... yes"
+LOGFAC="$syslog_facility"
+AC_DEFINE(USE_SYSLOG, 1, [Defined if SYSLOG support should be compiled])
+else
+NOSYSLOG1="/* syslog not configured"
+NOSYSLOG2="*/"
+echo "checking syslog for logging... no"
+fi
+
+dnl
+dnl Checks if squid runtime user is set
+dnl
+AC_ARG_WITH(squiduser)
+if test "$squiduser"; then
+echo "checking squid runtime user ... $squiduser"
+squiduser=$squiduser
+fi
+
+
+dnl
+dnl Checks for libraries. Do in least-dependent to most-dependent order.
+dnl
+
+dnl Check ldap
+if test "$with_ldap" = "yes" -o "$with_ldap" = "true"; then
+ AC_CHECK_LIB( ldap, ldap_init,
+ [
+ echo "checking for ldap support... yes"
+ with_ldap=yes
+ LIBS="$LIBS -lldap $ldap_lib"
+ YACCLINE=" | LDAPUSERSEARCH STRING { sgSourceLdapUserSearch(\$2); }"
+ YACCLINE2=" | LDAPIPSEARCH WORD { sgSourceLdapIpSearch(\$2); }"
+ ],[
+ AC_MSG_WARN([Cannot find LDAP libraries. LDAP support disabled])
+ with_ldap=no
+ ])
+else
+ echo "checking for ldap support... no"
+ with_ldap=no
+ YACCLINE=""
+ YACCLINE2=""
+fi
+if test "$with_ldap" = "yes"; then
+ AC_DEFINE(HAVE_LIBLDAP, 1, [Define if LDAP support should be compiled])
+ AC_RUN_IFELSE([
+
+ #include <ldap.h>
+ int main()
+ {
+ LDAP *p;
+ p = ldap_init("localhost", LDAP_PORT);
+ exit(0);
+ }
+ ],,[
+ echo
+ echo "Unable to link to LDAP library."
+ echo
+ exit 1
+ ],[
+ ac_status=0
+ ])
+fi
+
+dnl
+dnl Checks for libraries. Do in least-dependent to most-dependent order.
+dnl
+
+dnl Check mysql
+AC_ARG_WITH(mysql,
+ [ --with-mysql=DIR support for mysql],
+ [ with_mysql="$withval" ],
+ [ with_mysql=no ])
+
+if test "$with_mysql" != "no"; then
+ if test "$with_mysql" = "yes"; then
+ mysql_directory="$default_directory";
+ mysql_fail="yes"
+ elif test -d "$withval"; then
+ mysql_directory="$withval"
+ mysql_fail="yes"
+ elif test "$with_mysql" = ""; then
+ mysql_directory="$default_directory";
+ mysql_fail="yes"
+ fi
+
+ AC_MSG_CHECKING(for mysql)
+ MYSQLLINE=" | USERQUERY WORD WORD WORD WORD { sgSourceUserQuery(\$2,\$3,\$4,\$5); }"
+
+ for i in $mysql_directory; do
+ if test -r $i/include/mysql/mysql.h; then
+ MYSQL_DIR=$i
+ MYSQL_INC_DIR=$i/include/mysql
+ elif test -r $i/include/mysql.h; then
+ MYSQL_DIR=$i
+ MYSQL_INC_DIR=$i/include
+ fi
+ done
+
+ if test -z "$MYSQL_DIR"; then
+ if test "$mysql_fail" != "no"; then
+
+ tmp=""
+ for i in $mysql_directory; do
+ tmp="$tmp $i/include $i/include/mysql"
+ done
+ FAIL_MESSAGE("mysql headers (mysql.h)", $tmp)
+ else
+ MYSQLLINE=""
+ AC_MSG_RESULT(no)
+ fi
+ else
+
+ for i in lib lib/mysql; do
+ str="$MYSQL_DIR/$i/libmysqlclient.*"
+ for j in `echo $str`; do
+ if test -r $j; then
+ MYSQL_LIB_DIR="$MYSQL_DIR/$i"
+ break 2
+ fi
+ done
+ done
+
+ if test -z "$MYSQL_LIB_DIR"; then
+ if test "$mysql_fail" != "no"; then
+ FAIL_MESSAGE("mysqlclient library",
+ "$MYSQL_DIR/lib $MYSQL_DIR/lib/mysql")
+ else
+ MYSQLLINE=""
+ AC_MSG_RESULT(no)
+ fi
+ else
+ AC_MSG_RESULT(yes)
+ LDFLAGS="${LDFLAGS} -L${MYSQL_LIB_DIR}"
+ CPPFLAGS="${CPPFLAGS} -I${MYSQL_INC_DIR}"
+ AC_CHECK_LIB(z, compress)
+ LIBS="-lmysqlclient ${LIBS}"
+ AC_DEFINE(HAVE_MYSQL, 1, [Define if MySQL support should be compiled])
+ fi
+ fi
+else
+ MYSQLLINE=""
+ echo "checking for mysql support... no"
+fi
+
+dnl Check threads... ok if it fails
+AC_CHECK_LIB(pthread,pthread_create,,[
+ echo
+ echo "Thread library not found, this may cause problems if your"
+ echo "db libraries require threading support, but most of the time"
+ echo "it is not an issue."
+ echo
+ ])
+
+dnl Check DB
+LIBS="$LIBS -ldb"
+AC_RUN_IFELSE([
+ #include <db.h>
+ int main()
+ {
+ int major, minor, patch;
+ float ver;
+#if DB_VERSION_MAJOR
+ major = DB_VERSION_MAJOR;
+ minor = DB_VERSION_MINOR;
+ patch = DB_VERSION_PATCH;
+#else
+ db_version(&major, &minor, &patch);
+#endif
+ ver = major + ((float) minor / 1000);
+ if (ver >= 2.006)
+ exit (0);
+ exit (1);
+ }
+ ], db_ok_version=yes, db_ok_version=no, db_ok_version=yes)
+
+if test $db_ok_version = no; then
+ echo
+ echo "** The Berkley DB library version 2.6.4 or newer"
+ echo " is required. Get it from http://www.oracle.com"
+ echo " use --with-db=DIR or --with-db-inc=DIR, "
+ echo " --with-db-lib=DIR to specify its location"
+ echo " (default is $dbprefix/BerkeleyDB)"
+ echo
+ exit 1;
+fi
+
+AC_RUN_IFELSE([
+ #include <db.h>
+ int main()
+ {
+ int major, minor, patch;
+ float ver;
+#if DB_VERSION_MAJOR
+ major = DB_VERSION_MAJOR;
+ minor = DB_VERSION_MINOR;
+ patch = DB_VERSION_PATCH;
+#else
+ db_version(&major, &minor, &patch);
+#endif
+ ver = major + ((float) minor / 1000);
+ if (ver > 2.007 && ver < 3.002)
+ exit (1);
+ exit (0);
+ }
+ ], db_ok_version=yes, db_ok_version=no, db_ok_version=yes)
+
+if test $db_ok_version = no; then
+ echo
+ echo "** The Berkley DB library version 3.2.* or newer"
+ echo " is required, when using 3.* versions of the library"
+ echo " Get it from http://www.oracle.com"
+ echo " use --with-db=DIR or --with-db-inc=DIR, "
+ echo " --with-db-lib=DIR to specify its location"
+ echo " (default is $dbprefix/BerkeleyDB)"
+ echo
+ exit 1;
+fi
+
+AC_RUN_IFELSE([
+ #include <db.h>
+ int main()