Project

General

Profile

Actions

Bug #11434

closed

SquidGuard over 1.16.18_11

Added by Robson Ferreira about 3 years ago. Updated 6 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
squidguard
Target version:
-
Start date:
02/17/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

Hi, first problem thatI found is when we are using ldapusersearch on groups acl.
In older version when I insert ldapusersearch it was show on filter log. But now this option is not applicable, and that is the reason that filter not happens.
Ill send pictures .


Files

screen2.PNG (17.2 KB) screen2.PNG Robson Ferreira, 02/17/2021 01:22 PM
screen1.PNG (30.1 KB) screen1.PNG Robson Ferreira, 02/17/2021 01:22 PM
screen3.PNG (18.3 KB) screen3.PNG Robson Ferreira, 02/17/2021 01:35 PM
Log_filter_config_page.png (732 KB) Log_filter_config_page.png Azamat Khakimyanov, 09/23/2023 06:24 PM
Actions #2

Updated by Eduardo Silva about 3 years ago

Hi, i have same problem. i try change Client (source) with ip, domain, etc.. and config file is written with correct parameter, but with ldapusersearch, the parameter is not written in config file.

Actions #3

Updated by Eduardo Silva about 3 years ago

I found the problem in /usr/local/pkg/squidguard_configurator.inc

Line: 903

            # separate IP, domains, usernames
            if (strpos(trim($src[F_SOURCE]), 'ldapusersearch') === false) {
                $tsrc = explode(" ", trim($src[F_SOURCE]));
                foreach($tsrc as $sr) {
                    $sr = trim($sr);
                    if (empty($sr)) {
                        continue;
                    }

                    if (is_ipaddr_valid($sr)) {
                        $sg_tag->items[] = "ip     $sr";
                    } elseif (is_domain_valid($sr)) {
                        $sg_tag->items[] = "domain $sr";
                    } elseif (is_username($sr)) { 
                        $sg_tag->items[] = "user   " . str_replace("'", "", $sr);
                    } else {
                        $sg_tag->items[] = trim($src[F_SOURCE]);
                    }
                }
            }

i change with:

             # separate IP, domains, usernames
            if (strpos(trim($src[F_SOURCE]), 'ldapusersearch') === false) {
                $tsrc = explode(" ", trim($src[F_SOURCE]));
                foreach($tsrc as $sr) {
                    $sr = trim($sr);
                    if (empty($sr)) {
                        continue;
                    }

                    if (is_ipaddr_valid($sr)) {
                        $sg_tag->items[] = "ip     $sr";
                    } elseif (is_domain_valid($sr)) {
                        $sg_tag->items[] = "domain $sr";
                    } elseif (is_username($sr)) { 
                        $sg_tag->items[] = "user   " . str_replace("'", "", $sr);
                    }
                }
            } else {
                $sg_tag->items[] = trim($src[F_SOURCE]);
            }

Actions #4

Updated by Renato Botelho about 3 years ago

  • Status changed from New to Feedback
  • Assignee set to Renato Botelho

Fix pushed to version 1.16.18_15. Thank you!

Actions #5

Updated by Renato Botelho almost 2 years ago

  • Assignee deleted (Renato Botelho)
Actions #6

Updated by Azamat Khakimyanov 6 months ago

Tested on 23.05_1

After adding ldapusersearch option into Group ACL

ldapusersearch ldap://192.168.0.100/DC=domain,DC=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=it%2cCN=Users%2cDC=domain%2cDC=com))

I see it on /Services/SquidGuard Proxy Filter/Log/Filter config page ('Log_filter_config_page.png')
and in /usr/local/etc/squidGuard/squidGuard.conf file.

I marked this Bug as resolved.

Actions

Also available in: Atom PDF