diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2014-12-29 23:37:56 -0200 |
---|---|---|
committer | Charlie Root <root@proxy03.lab.local> | 2014-12-29 23:37:56 -0200 |
commit | 1aab45a41e4f0bc3b493bac0cbd25a32bff129ac (patch) | |
tree | 11e7530747c9356efe1851b8d247cdcdfe072e98 | |
parent | 28c552b11ab71035755720ff2a6092f45b961439 (diff) | |
download | pfsense-packages-1aab45a41e4f0bc3b493bac0cbd25a32bff129ac.tar.gz pfsense-packages-1aab45a41e4f0bc3b493bac0cbd25a32bff129ac.tar.bz2 pfsense-packages-1aab45a41e4f0bc3b493bac0cbd25a32bff129ac.zip |
squid3.4 - update compile args
fix captive portal check_ip for 2.2
fix ssl_bump with no authentication
bump package version
-rw-r--r-- | config/squid3/34/check_ip.php | 56 | ||||
-rwxr-xr-x | config/squid3/34/squid.inc | 5 | ||||
-rw-r--r-- | pkg_config.10.xml | 6 |
3 files changed, 37 insertions, 30 deletions
diff --git a/config/squid3/34/check_ip.php b/config/squid3/34/check_ip.php index a3f07204..5865037b 100644 --- a/config/squid3/34/check_ip.php +++ b/config/squid3/34/check_ip.php @@ -3,7 +3,7 @@ /* $Id$ */ /* check_ip.php - Copyright (C) 2013-2014 Marcello Coutinho + Copyright (C) 2013-2015 Marcello Coutinho All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,6 +27,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once("config.inc"); error_reporting(0); // stdin loop if (! defined(STDIN)) { @@ -39,40 +40,24 @@ while( !feof(STDIN)){ $line = trim(fgets(STDIN)); // %SRC -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); unset($cp_db); -if ($pf_version > 2.0){ - $dir="/var/db"; - $files=scandir($dir); - foreach ($files as $file){ - if (preg_match("/captive.*db/",$file)){ - $dbhandle = sqlite_open("$dir/$file", 0666, $error); - if ($dbhandle){ - $query = "select * from captiveportal"; - $result = sqlite_array_query($dbhandle, $query, SQLITE_ASSOC); - if ($result){ - foreach ($result as $rownum => $row){ - $cp_db[$rownum]=implode(",",$row); - } - sqlite_close($dbhandle); - } - } +$files=scandir($g['vardb_path']); +foreach ($files as $file){ + if (preg_match("/captive.*db/",$file)){ + $result=squid_cp_read_db("{$g['vardb_path']}/{$file}"); + foreach ($result as $rownum => $row){ + $cp_db[$rownum]=implode(",",$row); } - } + } } -else{ - $filename="/var/db/captiveportal.db"; - if (file_exists($filename)) - $cp_db=file($filename); -} $usuario=""; - // 1376630450,2,172.16.3.65,00:50:56:9c:00:c7,admin,e1779ea20d0a11c7,,,, + //1419045939,1419045939,2000,2000,192.168.10.11,192.168.10.11,08:00:27:5c:e1:ee,08:00:27:5c:e1:ee,marcello,marcello,605a1f46e2d64556,605a1f46e2d64556,,,,,,,,,,,first,first if (is_array($cp_db)){ foreach ($cp_db as $cpl){ $fields=explode(",",$cpl); - if ($fields[2] != "" && $fields[2]==$line) - $usuario=$fields[4]; + if ($fields[4] != "" && $fields[4]==$line) + $usuario=$fields[8]; } } if ($usuario !="") @@ -82,5 +67,22 @@ else{ fwrite (STDOUT, "{$resposta}\n"); unset($cp_db); } + +/* read captive portal DB into array */ +function squid_cp_read_db($file) { + $cpdb = array(); + $DB = new SQLite3($file); + if ($DB) { + $response = $DB->query("SELECT * FROM captiveportal"); + if ($response != FALSE) { + while ($row = $response->fetchArray()) + $cpdb[] = $row; + } + $DB->close(); + } + + return $cpdb; +} + ?> diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index a2917515..0e5a173c 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -1698,6 +1698,11 @@ function squid_resync_auth() { $conf .="http_access deny sglog\n"; } if ($auth_method == 'none' ) { + // SSL interception acl options part 2 without authentication + if ($settingsconfig['ssl_proxy'] == "on"){ + $conf .= "always_direct allow all\n"; + $conf .= "ssl_bump server-first all\n"; + } $conf .="# Setup allowed acls\n"; $allowed = array('allowed_subnets'); if ($settingsconfig['allow_interface'] == 'on') { diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 700110c6..7673661f 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -904,11 +904,11 @@ <internal_name>squid</internal_name> <descr><![CDATA[High performance web proxy cache.<br /> It combines squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.<br /> - It includes an Exchange-Web-Access (OWA) Assistant.]]></descr> + It includes an Exchange-Web-Access (OWA) Assistant, ssl filtering and antivirus integration via i-cap]]></descr> <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.4.10_2 pkg 0.2</version> + <version>3.4.10_2 pkg 0.2.1</version> <status>beta</status> <required_version>2.2</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -917,7 +917,7 @@ <port>www/squid</port> <ports_after>www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss www/c-icap-modules</ports_after> </build_pbi> - <build_options>c-icap_UNSET_FORCE=IPV6;squid_UNSET_FORCE=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES AUTH_SASL;squid_SET_FORCE=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <build_options>squid_UNSET_FORCE=AUTH_SASL AUTH_SMB AUTH_SQL DEBUG DNS_HELPER ESI FS_ROCK TP_IPF NETTLE STACKTRACES VIA_DB DOCS EXAMPLES;squid_SET_FORCE=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS DELAY_POOLS ECAP FOLLOW_XFF FS_AUFS FS_DISKD HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SNMP SSL SSL_CRTD LAX_HTTP TP_IPFW TP_PF WCCP WCCPV2 CACHE_DIGESTS</build_options> <config_file>https://packages.pfsense.org/packages/config/squid3/34/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> <depends_on_package_pbi>squid-3.4.10_2-##ARCH##.pbi</depends_on_package_pbi> |