aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRenato Botelho <renato@netgate.com>2015-10-12 10:41:02 -0300
committerRenato Botelho <renato@netgate.com>2015-10-12 10:41:02 -0300
commit4f951504174c2b8d5fd1304a75db9ac7f44232f0 (patch)
treea16bd69be301c8fc67c33c02163a2ea748fdf776
parent675b121ee2de4c1c430219053a9ba5f0d6a7e568 (diff)
parent728cff6789e918203f45b5c85e2b823f00f1b3bf (diff)
downloadpfsense-packages-4f951504174c2b8d5fd1304a75db9ac7f44232f0.tar.gz
pfsense-packages-4f951504174c2b8d5fd1304a75db9ac7f44232f0.tar.bz2
pfsense-packages-4f951504174c2b8d5fd1304a75db9ac7f44232f0.zip
Merge pull request #1093 from doktornotor/patch-2
-rwxr-xr-xconfig/squid3/34/squid.inc78
-rw-r--r--config/squid3/34/squid.xml10
-rw-r--r--config/squid3/34/squid_antivirus.inc170
-rwxr-xr-xconfig/squid3/34/squid_antivirus.xml4
-rw-r--r--config/squid3/34/squid_antivirus_status.inc7
-rw-r--r--config/squid3/34/squid_antivirus_status.widget.php176
-rwxr-xr-xconfig/squid3/34/squid_cache.xml15
-rw-r--r--config/squid3/34/squid_js.inc3
-rwxr-xr-xconfig/squid3/34/squid_reverse.inc53
-rw-r--r--pkg_config.10.xml2
10 files changed, 405 insertions, 113 deletions
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc
index cbb24a04..07d1da26 100755
--- a/config/squid3/34/squid.inc
+++ b/config/squid3/34/squid.inc
@@ -324,10 +324,22 @@ function squid_install_cron($should_install) {
}
$cron_cmd = SQUID_BASE . "/sbin/squid -k rotate -f " . SQUID_CONFFILE;
+ /*
+ * This is here to prevent Squid from filling disk completely on misconfigured boxes.
+ * When 'Hard Disk Cache System' is set to null, the script silently returns, no need to check here.
+ * Otherwise, swapstate_check.php will only clear the disk cache on the following conditions:
+ * - if the swap.state file is taking up more than 75% of disk space,
+ * - or the drive is 90% full and swap.state is larger than 1GB.
+ */
+ $swapstate_cmd = "/usr/local/pkg/swapstate_check.php";
if (($should_install) && (squid_enabled())) {
+ log_error("[squid] Adding cronjobs ...");
install_cron_job("{$cron_cmd}", $should_install, "0", "0", "*", "*", "*", "root");
+ install_cron_job("{$swapstate_cmd}", $should_install, "15", "0", "*", "*", "*", "root");
} else {
+ log_error("[squid] Removing cronjobs ...");
install_cron_job("{$cron_cmd}", false);
+ install_cron_job("{$swapstate_cmd}", false);
}
}
@@ -607,6 +619,7 @@ function squid_deinstall_command() {
/* Migrate configuration from god knows which Squid package versions */
/* None of these ever existed with Squid 3.4 package and this cruft should be most likely just removed */
function squid_upgrade_config() {
+ global $config;
/* migrate existing csv config fields */
if (is_array($config['installedpackages']['squidauth']['config'])) {
$settingsauth = $config['installedpackages']['squidauth']['config'][0];
@@ -679,63 +692,11 @@ function squid_upgrade_config() {
$config['installedpackages']['squidnac']['config'][0]['block_reply_mime_type'] = $settingsnac['block_reply_mime_type'];
}
- /* migrate reverse settings */
- if (is_array($config['installedpackages']['squidreverse'])) {
- $old_reverse_settings = $config['installedpackages']['squidreverse']['config'][0];
-
- // settings
- if (!is_array($config['installedpackages']['squidreversegeneral'])) {
- $config['installedpackages']['squidreversegeneral']['config'][0] = $old_reverse_settings;
- unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_cache_peer']);
- unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_uri']);
- unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_acl']);
- }
-
- // peers
- if (!is_array($config['installedpackages']['squidreversepeer'])) {
- foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_cache_peer'])) as $cache_peers) {
- foreach (explode(";", $cache_peers) as $cache_peer) {
- $config['installedpackages']['squidreversepeer']['config'][] = array(
- 'description' => 'migrated',
- 'enable' => 'on',
- 'name' => $cache_peer[0],
- 'port' => $cache_peer[1],
- 'protocol' => $cache_peer[2]
- );
- }
- }
- }
-
- // mappings
- if (!is_array($config['installedpackages']['squidreverseuri'])) {
- foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_acl'])) as $acls) {
- foreach (explode(";", $acls) as $acl) {
- array_push(${'peer_'.$acl[0]}, $acl[1]);
- }
- }
- foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_uri'])) as $uris) {
- foreach (explode(";", $uris) as $uri) {
- $peer_list = (is_array(${'peer_' . $uri[0]}) ? implode(",", ${'peer_' . $uri[0]}) : "");
- $config['installedpackages']['squidreverseuri']['config'][] = array(
- 'description' => 'migrated',
- 'enable' => 'on',
- 'name' => $uri[0],
- 'uri' => $uri[1],
- 'vhost' => $uri[2],
- 'peers' => $peer_list
- );
- }
- }
- }
- }
+ /* migrate reverse proxy settings */
+ squid_reverse_upgrade_config();
/* unset broken antivirus settings */
- if (is_array($config['installedpackages']['squidantivirus'])) {
- unset($config['installedpackages']['squidantivirus']['config'][0]['squidclamav']);
- unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']);
- unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']);
- unset($config['installedpackages']['squidantivirus']['config'][0]['freshclam_conf']);
- }
+ squid_antivirus_upgrade_config();
update_output_window("Writing configuration... One moment please...");
write_config();
@@ -861,6 +822,13 @@ function squid_validate_upstream($post, &$input_errors) {
/* Proxy Server: Cache Management input validation */
function squid_validate_cache($post, &$input_errors) {
+ /* Manually clear hard disk cache */
+ if ($post['clear_cache'] == 'Clear Disk Cache NOW') {
+ log_error("[squid] Clear disk cache forced via GUI. Clearing cache now...");
+ squid_dash_z("clean");
+ return;
+ }
+
$num_fields = array(
'harddisk_cache_size' => 'Hard disk cache size',
'memory_cache_size' => 'Memory cache size',
diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml
index ccaca843..f0289e6e 100644
--- a/config/squid3/34/squid.xml
+++ b/config/squid3/34/squid.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>squid</name>
- <version>0.3.9</version>
+ <version>0.4.0</version>
<title>Proxy Server: General Settings</title>
<include_file>/usr/local/pkg/squid.inc</include_file>
<menu>
@@ -128,6 +128,10 @@
<item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus.inc</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/usr/local/www/widgets/include</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus_status.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/squid3/34/squid_js.inc</item>
</additional_files_needed>
@@ -200,6 +204,10 @@
<!-- END XML files -->
<!-- START additional PHP files -->
<additional_files_needed>
+ <prefix>/usr/local/www/widgets/widgets</prefix>
+ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus_status.widget.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/</prefix>
<item>https://packages.pfsense.org/packages/config/squid3/34/squid_clwarn.php</item>
</additional_files_needed>
diff --git a/config/squid3/34/squid_antivirus.inc b/config/squid3/34/squid_antivirus.inc
index 03b9e129..9a678fa9 100644
--- a/config/squid3/34/squid_antivirus.inc
+++ b/config/squid3/34/squid_antivirus.inc
@@ -37,16 +37,16 @@ require_once('config.inc');
*/
/* clamav user account hadling (only needed for PBI/pfSense <2.3) */
-function squid_check_clamav_user($user) {
+function squid_check_clamav_user() {
if (SQUID_BASE == '/usr/local') {
return;
- }
-
- $_gc = exec("/usr/sbin/pw usershow {$user}", $sq_ex_output, $sq_ex_return);
- $user_arg = ($sq_ex_return == 0 ? "mod" : "add");
- $_gc = exec("/usr/sbin/pw user{$user_arg} {$user} -G wheel -u 9595 -s /sbin/nologin", $sq_ex_output, $sq_ex_return);
- if ($sq_ex_return != 0) {
- log_error("[squid] Could not change clamav user settings. " . serialize($sq_ex_output));
+ } else {
+ if (!exec("/usr/sbin/pw usershow clamav")) {
+ mwexec("/usr/sbin/pw useradd clamav -G wheel -u 9595 -s /sbin/nologin");
+ }
+ if (!exec("/usr/sbin/pw groupshow wheel | /usr/bin/grep clamav")) {
+ mwexec("/usr/sbin/pw usermod clamav -G wheel");
+ }
}
}
@@ -61,7 +61,8 @@ function squid_check_antivirus_dirs() {
);
foreach ($dirs as $dir_path => $dir_user) {
safe_mkdir($dir_path, 0755);
- squid_chown_recursive($dir_path, $dir_user, "wheel");
+ chown($dir_path, $dir_user);
+ chgrp($dir_path, "wheel");
}
}
@@ -125,7 +126,16 @@ function squid_antivirus_install_command() {
symlink(SQUID_LOCALBASE . "/lib/libicapapi.so.3.0.5", "/usr/local/lib/libicapapi.so.3");
}
- // check dirs
+ // remove dirs with possibly broken file permissions after previous versions
+ $dirs = array("/var/run/c-icap", "/var/log/c-icap");
+ foreach ($dirs as $dir) {
+ if (is_dir("{$dir}")) {
+ mwexec("/bin/rm -rf {$dir}");
+ }
+ }
+
+ // create required dirs and set up clamav user if needed
+ squid_check_clamav_user();
squid_check_antivirus_dirs();
// remove unwanted PBI rc scripts
@@ -136,6 +146,7 @@ function squid_antivirus_install_command() {
/* Run on Squid package uninstall */
function squid_antivirus_deinstall_command() {
+ global $config, $keep;
/* kill all running services */
if (is_process_running("c-icap")) {
mwexec('/bin/echo -n "stop" > /var/run/c-icap/c-icap.ctl');
@@ -183,6 +194,21 @@ function squid_antivirus_deinstall_command() {
}
}
+ /* clean up user/groups if needed */
+ if (SQUID_BASE == '/usr/local') {
+ return;
+ } else {
+ if (exec("/usr/sbin/pw groupshow wheel | /usr/bin/grep clamav")) {
+ mwexec("/usr/sbin/pw groupmod wheel -d clamav");
+ }
+ if (exec("/usr/sbin/pw usershow clamav")) {
+ mwexec("/usr/sbin/pw userdel clamav");
+ }
+ if (exec("/usr/sbin/pw groupshow clamav")) {
+ mwexec("/usr/sbin/pw groupdel clamav");
+ }
+ }
+
/* check if clamav/c_icap is enabled in rc.conf.local */
// XXX: This hasn't been used since 0.3.7; to be removed in future
if (file_exists("/etc/rc.conf.local")) {
@@ -196,6 +222,18 @@ function squid_antivirus_deinstall_command() {
}
}
+/* Migrate configuration from old Squid package versions */
+function squid_antivirus_upgrade_config() {
+ global $config;
+ /* unset broken antivirus settings */
+ if (is_array($config['installedpackages']['squidantivirus'])) {
+ unset($config['installedpackages']['squidantivirus']['config'][0]['squidclamav']);
+ unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']);
+ unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']);
+ unset($config['installedpackages']['squidantivirus']['config'][0]['freshclam_conf']);
+ }
+}
+
/*
* Antivirus features configuration
*
@@ -219,7 +257,7 @@ function squid_antivirus_deinstall_command() {
/* Proxy Server: Antivirus configuration handler */
function squid_resync_antivirus() {
- global $config;
+ global $config, $antivirus_config;
if (is_array($config['installedpackages']['squidantivirus'])) {
$antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];
@@ -266,7 +304,7 @@ adaptation_access service_avi_resp allow all
EOF;
// check clamav user and dirs
- squid_check_clamav_user('clamav');
+ squid_check_clamav_user();
squid_check_antivirus_dirs();
if ($antivirus_config['enable_advanced'] == "enabled") {
@@ -290,15 +328,20 @@ EOF;
$cf = SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf";
if (file_exists("{$cf}.pfsense")) {
$sample_file = file_get_contents("{$cf}.pfsense");
+ $squidclamav_m[0] = "@#This file was automatically generated by pfSense@";
+ $squidclamav_r[0] = "#This file was automatically generated by pfSense WebGUI configuration";
if ($antivirus_config['clamav_safebrowsing'] == "on") {
- $squidclamav_m[0] = "@safebrowsing\s0@";
- $squidclamav_r[0] = "safebrowsing 1";
+ $squidclamav_m[1] = "@safebrowsing\s0@";
+ $squidclamav_r[1] = "safebrowsing 1";
}
if ($antivirus_config['clamav_url'] != "") {
- $squidclamav_m[1] = "@redirect http@";
- $squidclamav_r[1] = "{$antivirus_config['clamav_url']}";
+ $squidclamav_m[2] = "@(redirect http.*)@";
+ $squidclamav_r[2] = "redirect {$antivirus_config['clamav_url']}";
+ }
+ /* Trying to overwrite squidclamav.conf via file_put_contents() may fail when Squid is running */
+ if (!file_put_contents("{$cf}", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX)) {
+ log_error("[squid] Could not save generated {$cf} file!");
}
- file_put_contents("{$cf}", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX);
} else {
log_error("[squid] Template not found; could not generate '{$cf}' file!");
}
@@ -310,20 +353,17 @@ EOF;
if (!preg_match("/squid_clamav/", $sample_file)) {
$sample_file .= "\nService squid_clamav squidclamav.so\n";
}
- // XXX: Bug #4615
- if (is_array($config['installedpackages']['squid'])) {
- $squidsettings = $config['installedpackages']['squid']['config'][0];
- } else {
- $squidsettings = array();
+ /* XXX: Bug #4615
+ * Do NOT move the C-ICAP log anywhere, ever! It breaks C-ICAP in completely inexplicable ways,
+ * such as Error: [No Error] or 500 response codes.
+ */
+ $cicap_m[0] = "@#This file was automatically generated by pfSense@";
+ $cicap_r[0] = "#This file was automatically generated by pfSense WebGUI configuration";
+ $cicap_m[1] = "@DebugLevel\s1@";
+ $cicap_r[1] = "DebugLevel 0";
+ if (!file_put_contents("{$cf}", preg_replace($cicap_m, $cicap_r, $sample_file), LOCK_EX)) {
+ log_error("[squid] Could not save generated {$cf} file!");
}
- $logdir = ($squidsettings['log_dir'] ? $squidsettings['log_dir'] : '/var/squid/logs');
- $cicap_m[0] = "@DebugLevel\s1@";
- $cicap_r[0] = "DebugLevel 0";
- $cicap_m[1] = "@AccessLog /var/squid/logs/c-icap-access.log@";
- $cicap_r[1] = "AccessLog {$logdir}/c-icap-access.log";
- $cicap_m[2] = "@ServerLog /var/squid/logs/c-icap-server.log@";
- $cicap_r[2] = "ServerLog {$logdir}/c-icap-server.log";
- file_put_contents("{$cf}", preg_replace($cicap_m, $cicap_r, $sample_file), LOCK_EX);
} else {
log_error("[squid] Template not found; could not generate '{$cf}' file!");
}
@@ -332,15 +372,19 @@ EOF;
// just make a copy of pfSense template, nothing configurable via GUI options here
$cf = SQUID_LOCALBASE . "/etc/c-icap/c-icap.magic";
if (file_exists("{$cf}.pfsense")) {
- copy("{$cf}.pfsense", "{$cf}");
+ if (!copy("{$cf}.pfsense", "{$cf}")) {
+ log_error("[squid] Could not save {$cf} file!");
+ }
} else {
- log_error("[squid] Template not found; could not generate '{$cf}' file!");
+ log_error("[squid] Template not found; could not save '{$cf}' file!");
}
// freshclam.conf
$cf = SQUID_LOCALBASE . "/etc/freshclam.conf";
if (file_exists("{$cf}.pfsense")) {
$sample_file = file_get_contents("{$cf}.pfsense");
+ $freshclam_m[0] = "@#This file was automatically generated by pfSense@";
+ $freshclam_r[0] = "#This file was automatically generated by pfSense WebGUI configuration";
$clamav_mirrors = "";
if ($antivirus_config['clamav_dbregion'] != "") {
$clamav_mirrors .= "DatabaseMirror db.{$antivirus_config['clamav_dbregion']}.clamav.net\n";
@@ -351,23 +395,29 @@ EOF;
}
}
if ($clamav_mirrors != "") {
- $freshclam_m[0] = "@#DatabaseMirror db.XY.clamav.net@";
- $freshclam_r[0] = "{$clamav_mirrors}";
+ $freshclam_m[1] = "@#DatabaseMirror db.XY.clamav.net@";
+ $freshclam_r[1] = "{$clamav_mirrors}";
}
if ($antivirus_config['clamav_safebrowsing'] == "on") {
- $freshclam_m[1] = "@#SafeBrowsing yes@";
- $freshclam_r[1] = "SafeBrowsing yes";
+ $freshclam_m[2] = "@#SafeBrowsing yes@";
+ $freshclam_r[2] = "SafeBrowsing yes";
+ }
+ if (!file_put_contents("{$cf}", preg_replace($freshclam_m, $freshclam_r, $sample_file), LOCK_EX)) {
+ log_error("[squid] Could not save generated {$cf} file!");
}
- file_put_contents("{$cf}", preg_replace($freshclam_m, $freshclam_r, $sample_file), LOCK_EX);
} else {
log_error("[squid] Template not found; could not generate '{$cf}' file!");
}
// clamd.conf
- // just make a copy of pfSense template, nothing configurable via GUI options here
$cf = SQUID_LOCALBASE . "/etc/clamd.conf";
if (file_exists("{$cf}.pfsense")) {
- copy("{$cf}.pfsense", "{$cf}");
+ $sample_file = file_get_contents("{$cf}.pfsense");
+ $clamd_m[0] = "@#This file was automatically generated by pfSense@";
+ $clamd_r[0] = "#This file was automatically generated by pfSense WebGUI configuration";
+ if (!file_put_contents("{$cf}", preg_replace($clamd_m, $clamd_r, $sample_file), LOCK_EX)) {
+ log_error("[squid] Could not save generated {$cf} file!");
+ }
} else {
log_error("[squid] Template not found; could not generate '{$cf}' file!");
}
@@ -406,8 +456,15 @@ function squid_antivirus_install_config_files() {
$squidclamav_m[1] = "@/var/run/clamav/clamd.ctl@";
$squidclamav_r[1] = "/var/run/clamav/clamd.sock";
$squidclamav_m[2] = "@http\://proxy.domain.dom/cgi-bin/clwarn.cgi@";
- $squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}/squid_clwarn.php";
- file_put_contents("{$cf}.pfsense", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX);
+ $port = $config['system']['webgui']['port'];
+ if ($port == "") {
+ $squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}/squid_clwarn.php";
+ } else {
+ $squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}:{$port}/squid_clwarn.php";
+ }
+ if (!file_put_contents("{$cf}.pfsense", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX)) {
+ log_error("[squid] Could not save patched '{$cf}.pfsense' template file!");
+ }
} else {
log_error("[squid] Could not patch '{$cf}' template file!");
}
@@ -425,13 +482,15 @@ function squid_antivirus_install_config_files() {
}
$cicap_m[0] = "@# This file contains the default settings for c-icap@";
$cicap_r[0] = "#This file was automatically generated by pfSense";
+ /* XXX: Bug #4615
+ * Do NOT move the C-ICAP log anywhere, ever! It breaks C-ICAP in completely inexplicable ways,
+ * such as Error: [No Error] or 500 response codes.
+ */
$cicap_m[1] = "@DebugLevel\s1@";
$cicap_r[1] = "DebugLevel 0";
- $cicap_m[2] = "@AccessLog /var/log/c-icap/access.log@";
- $cicap_r[2] = "AccessLog /var/squid/logs/c-icap-access.log";
- $cicap_m[3] = "@ServerLog /var/log/c-icap/server.log@";
- $cicap_r[3] = "ServerLog /var/squid/logs/c-icap-server.log";
- file_put_contents("{$cf}.pfsense", preg_replace($cicap_m, $cicap_r, $sample_file), LOCK_EX);
+ if (!file_put_contents("{$cf}.pfsense", preg_replace($cicap_m, $cicap_r, $sample_file), LOCK_EX)) {
+ log_error("[squid] Could not save patched '{$cf}.pfsense' template file!");
+ }
} else {
log_error("[squid] Could not patch '{$cf}' template file!");
}
@@ -460,7 +519,9 @@ function squid_antivirus_install_config_files() {
$clamd_r[1] = "";
$clamd_m[2] = "@#Example@";
$clamd_r[2] = "";
- file_put_contents("{$cf}.pfsense", preg_replace($clamd_m, $clamd_r, $sample_file), LOCK_EX);
+ if (!file_put_contents("{$cf}.pfsense", preg_replace($clamd_m, $clamd_r, $sample_file), LOCK_EX)) {
+ log_error("[squid] Could not save patched '{$cf}.pfsense' template file!");
+ }
} else {
log_error("[squid] Could not patch '{$cf}' template file!");
}
@@ -479,7 +540,9 @@ function squid_antivirus_install_config_files() {
$freshclam_r[1] = "";
$freshclam_m[2] = "@#Example@";
$freshclam_r[2] = "";
- file_put_contents("{$cf}.pfsense", preg_replace($freshclam_m, $freshclam_r, $sample_file), LOCK_EX);
+ if (!file_put_contents("{$cf}.pfsense", preg_replace($freshclam_m, $freshclam_r, $sample_file), LOCK_EX)) {
+ log_error("[squid] Could not save patched '{$cf}.pfsense' template file!");
+ }
} else {
log_error("[squid] - could not patch '{$cf}' template file!");
}
@@ -552,7 +615,7 @@ function squid_antivirus_toggle_raw_config($state) {
global $config;
if ($state) {
// manual configuration enabled
- $opts = array("clamav_url", "clamav_safebrowsing", "clamav_update", "clamav_dbregion", "clamav_dbservers");
+ $opts = array("clamav_url", "clamav_safebrowsing", "clamav_dbregion", "clamav_dbservers");
foreach ($opts as $opt) {
if (isset($config['installedpackages']['squidantivirus']['config'][0][$opt])) {
unset($config['installedpackages']['squidantivirus']['config'][0][$opt]);
@@ -614,8 +677,11 @@ function squid_antivirus_put_raw_config($rawfiles) {
/* Helper function for squid_antivirus_put_raw_config() */
function squid_antivirus_write_conffile($dir, $file, $text) {
if ($file && $text) {
- file_put_contents(SQUID_LOCALBASE . "/etc" . "{$dir}" . "/{$file}", preg_replace("/\r\n/", "\n", base64_decode($text)), LOCK_EX);
- log_error("[squid] Saved '{$file}' configuration file.");
+ if (!file_put_contents(SQUID_LOCALBASE . "/etc" . "{$dir}" . "/{$file}", preg_replace("/\r\n/", "\n", base64_decode($text)), LOCK_EX)) {
+ log_error("[squid] Could not save '{$file}' configuration file.");
+ } else {
+ log_error("[squid] Saved '{$file}' configuration file.");
+ }
}
}
@@ -692,9 +758,11 @@ function squid_restart_antivirus() {
// Check clamav database
if (count(glob("/var/db/clamav/*d")) == 0) {
log_error("[squid] Missing /var/db/clamav/*.cvd or *.cld files. Running freshclam in background.");
+ log_error("[squid] Do NOT attempt to start ClamAV service until AV definitions are downloaded. Check /var/log/clamav/freshclam.log for progress information.");
squid_update_clamav();
} elseif ($antivirus_config['clamav_safebrowsing'] == "on" && !is_file("/var/db/clamav/safebrowsing.cvd")) {
log_error("[squid] Google Safe Browsing is enabled but missing safebrowsing.cvd definitions. Running freshclam in background.");
+ log_error("[squid] ClamAV will be automatically notified about the new definitions when finished. No manual action necessary.");
squid_update_clamav();
} elseif ($antivirus_config['clamav_safebrowsing'] != "on" && is_file("/var/db/clamav/safebrowsing.cvd")) {
log_error("[squid] Google Safe Browsing is disabled. Removing safebrowsing.cvd definitions.");
diff --git a/config/squid3/34/squid_antivirus.xml b/config/squid3/34/squid_antivirus.xml
index 8bcb1652..44820257 100755
--- a/config/squid3/34/squid_antivirus.xml
+++ b/config/squid3/34/squid_antivirus.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>squidantivirus</name>
- <version>0.3.9.2</version>
+ <version>0.4.0</version>
<title>Proxy server: Antivirus</title>
<include_file>/usr/local/pkg/squid.inc</include_file>
<tabs>
@@ -289,7 +289,7 @@
<![CDATA[
squid_print_antivirus_advanced_config2();
if ($_POST['enable_advanced'] == "enabled") {
- $opts = array("clamav_url", "clamav_safebrowsing", "clamav_update", "clamav_dbregion", "clamav_dbservers");
+ $opts = array("clamav_url", "clamav_safebrowsing", "clamav_dbregion", "clamav_dbservers");
foreach ($opts as $opt) {
if (isset($_POST[$opt])) {
unset($_POST[$opt]);
diff --git a/config/squid3/34/squid_antivirus_status.inc b/config/squid3/34/squid_antivirus_status.inc
new file mode 100644
index 00000000..c384df73
--- /dev/null
+++ b/config/squid3/34/squid_antivirus_status.inc
@@ -0,0 +1,7 @@
+<?php
+
+//set variable for custom title
+$squid_antivirus_status_title = "Squid Antivirus Status";
+$squid_antivirus_status_title_link = "squid_monitor.php";
+
+?>
diff --git a/config/squid3/34/squid_antivirus_status.widget.php b/config/squid3/34/squid_antivirus_status.widget.php
new file mode 100644
index 00000000..41c8c2fd
--- /dev/null
+++ b/config/squid3/34/squid_antivirus_status.widget.php
@@ -0,0 +1,176 @@
+<?php
+/*
+ squid_antivirus_status.widget.php
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2010 Serg Dvoriancev <dv_serg@mail.ru>
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+require_once("guiconfig.inc");
+require_once("pfsense-utils.inc");
+require_once("functions.inc");
+require_once("pkg-utils.inc");
+if (file_exists("/usr/local/pkg/squid.inc")) {
+ require_once("/usr/local/pkg/squid.inc");
+} else {
+ echo "No squid.inc found. You must have Squid3 package installed to use this widget.";
+}
+
+define('PATH_CLAMDB', '/var/db/clamav');
+define('PATH_SQUID', SQUID_BASE . '/bin/squid');
+define('PATH_AVLOG', '/var/log/c-icap/virus.log');
+global $clamd_path, $cicap_cfg_path, $img;
+$clamd_path = SQUID_BASE . "/bin/clamd";
+$cicap_cfg_path = SQUID_LOCALBASE . "/bin/c-icap-config";
+$img = array();
+$img['up'] = "<img src ='data:image/gif;base64,R0lGODlhCwALAIABACPcMP///yH+FUNyZWF0ZWQgd2l0aCBUaGUgR0lNUAAh+QQBCgABACwAAAAACwALAAACFYwNpwi50eKK9NA722Puyf15GjgaBQA7' title='Service running' alt='' />";
+$img['down'] = "<img src ='data:image/gif;base64,R0lGODlhCwALAIABANwjI////yH+FUNyZWF0ZWQgd2l0aCBUaGUgR0lNUAAh+QQBCgABACwAAAAACwALAAACFowDeYvKlsCD7sXZ5Iq89kpdFshoRwEAOw==' title='Service not running' alt='' />";
+
+function squid_avdb_info($filename) {
+ $stl = "style='padding-top: 0px; padding-bottom: 0px; padding-left: 4px; padding-right: 4px; border-left: 1px solid #999999;'";
+ $r = '';
+ $path = PATH_CLAMDB . "/{$filename}";
+ if (file_exists($path)) {
+ $handle = '';
+ if ($handle = fopen($path, "r")) {
+ $s = fread($handle, 1024);
+ $s = explode(':', $s);
+ # datetime
+ $dt = explode(" ", $s[1]);
+ $s[1] = strftime("%Y.%m.%d", strtotime("{$dt[0]} {$dt[1]} {$dt[2]}"));
+ if ($s[0] == 'ClamAV-VDB') {
+ $r .= "<tr class='listr'><td>{$filename}</td><td {$stl}>{$s[1]}</td><td {$stl}>{$s[2]}</td><td $stl>{$s[7]}</td></tr>";
+ }
+ fclose($handle);
+ }
+ return $r;
+ }
+}
+
+function squid_antivirus_bases_info() {
+ $db = '<table width="100%" border="0" cellspacing="0" cellpadding="1"><tbody>';
+ $db .= '<tr class="vncellt" ><td>Database</td><td>Date</td><td>Version</td><td>Builder</td></tr>';
+ $db .= squid_avdb_info("daily.cvd");
+ $db .= squid_avdb_info("bytecode.cvd");
+ $db .= squid_avdb_info("main.cvd");
+ $db .= squid_avdb_info("safebrowsing.cvd");
+ $db .= '</tbody></table>';
+ return $db;
+}
+
+function squid_clamav_version() {
+ global $clamd_path, $cicap_cfg_path, $img;
+ if (is_executable($clamd_path)) {
+ $s = (is_service_running("clamd") ? $img['up'] : $img['down']);
+ $version = preg_split("@/@", shell_exec("{$clamd_path} -V"));
+ $s .= "&nbsp;&nbsp;{$version[0]}";
+ } else {
+ $s .= "&nbsp;&nbsp;ClamAV: N/A";
+ }
+ if (is_executable($cicap_cfg_path)) {
+ $s .= "&nbsp;&nbsp;";
+ $s .= (is_service_running("c-icap") ? $img['up'] : $img['down']);
+ $s .= "&nbsp;&nbsp;C-ICAP " . shell_exec("{$cicap_cfg_path} --version");
+ } else {
+ $s .= "&nbsp;&nbsp;C-ICAP: N/A";
+ }
+ if (file_exists("/usr/local/www/squid_clwarn.php")) {
+ preg_match("@(VERSION.*).(\d{1}).(\d{2})@", file_get_contents("/usr/local/www/squid_clwarn.php"), $squidclamav_version);
+ $s .= "+&nbsp;&nbsp;SquidClamav " . str_replace("'", "", strstr($squidclamav_version[0], "'"));
+ } else {
+ $s .= "+&nbsp;&nbsp;SquidClamav: N/A";
+ }
+ return $s;
+}
+
+function squid_avupdate_status() {
+ global $clamd_path;
+ $s = "N/A";
+ if (is_executable($clamd_path)) {
+ $lastupd = preg_split("@/@", shell_exec("{$clamd_path} -V"));
+ $s = $lastupd[2];
+ }
+ return $s;
+}
+
+function squid_antivirus_statistics() {
+ $s = "Unknown (no log exists)";
+ if (file_exists(PATH_AVLOG)) {
+ $log = file_get_contents(PATH_AVLOG);
+ $count = substr_count(strtolower($log), "virus found");
+ $s = "Found {$count} virus(es) total.";
+ }
+ return $s;
+}
+
+?>
+
+<table width="100%" border="0" cellspacing="0" cellpadding="0">
+ <tbody>
+ <tr>
+ <td class="vncellt">Squid Version</td>
+ <td class="listr" width="75%">
+ <?php
+ $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+ $updown = (is_service_running("squid") ? $img['up'] : $img['down']);
+ $squid_path = PATH_SQUID;
+ if ($pfs_version == "2.2") {
+ if (is_executable($squid_path)) {
+ preg_match("@(\d{1}).(\d{1}).(\d{2})@", shell_exec("{$squid_path} -v"), $squid_version);
+ $version = $squid_version[0];
+ }
+ $version .= "&nbsp; (pkg v{$config['installedpackages']['package'][get_pkg_id("squid3")]['version']})";
+ } else {
+ pkg_exec("query '%v' squid", $version, $err);
+ }
+ echo "{$updown}&nbsp;&nbsp;${version}";
+ ?>
+ </td>
+ </tr>
+ <tr>
+ <td class="vncellt">Antivirus Scanner</td>
+ <td class="listr" width="75%">
+ <?php echo squid_clamav_version(); ?>
+ </td>
+ </tr>
+ <tr>
+ <td class="vncellt">Antivirus Bases</td>
+ <td class="listr" width="75%">
+ <?php echo squid_antivirus_bases_info(); ?>
+ </td>
+ </tr>
+ <tr>
+ <td class="vncellt">Last Update</td>
+ <td class="listr" width="75%">
+ <?php echo squid_avupdate_status(); ?>
+ </td>
+ </tr>
+ <tr>
+ <td class="vncellt">Statistics</td>
+ <td class="listr" width="75%">
+ <?php echo squid_antivirus_statistics(); ?>
+ </td>
+ </tr>
+ </tbody>
+</table>
diff --git a/config/squid3/34/squid_cache.xml b/config/squid3/34/squid_cache.xml
index ef477bb4..47471df9 100755
--- a/config/squid3/34/squid_cache.xml
+++ b/config/squid3/34/squid_cache.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>squidcache</name>
- <version>0.3.9.2</version>
+ <version>0.4.0</version>
<title>Proxy Server: Cache management</title>
<include_file>/usr/local/pkg/squid.inc</include_file>
<tabs>
@@ -217,6 +217,19 @@
</options>
</field>
<field>
+ <fielddescr>Clear Disk Cache NOW</fielddescr>
+ <description>
+ <![CDATA[
+ Hard Disk Cache is automatically managed by swapstate_check.php script which is scheduled to run daily via cron.<br/>
+ The script will only clear the disk cache on the following conditions:<br/>
+ - if the swap.state file is taking up more than 75% of disk space;<br/>
+ - or the drive is 90% full and swap.state is larger than 1GB.<br/><br/>
+ If you wish to clear cache <strong>immediately,</strong> press the <input name='clear_cache' id='clear_cache' type='submit' value='Clear Disk Cache NOW' /> button.
+ ]]>
+ </description>
+ <type>info</type>
+ </field>
+ <field>
<fielddescr>Level 1 Directories</fielddescr>
<fieldname>level1_subdirs</fieldname>
<description>
diff --git a/config/squid3/34/squid_js.inc b/config/squid3/34/squid_js.inc
index 781b6710..e1eb2e4e 100644
--- a/config/squid3/34/squid_js.inc
+++ b/config/squid3/34/squid_js.inc
@@ -236,8 +236,7 @@ function on_antivirus_advanced_config_changed() {
document.iform['clamav_url'].disabled = 1;
document.iform['clamav_safebrowsing'].disabled = 1;
document.getElementById('clamav_safebrowsing').checked = 0;
- document.iform['clamav_update'].disabled = 1;
- document.getElementById("clamav_update").value = '';
+ document.iform['clamav_update'].disabled = 0;
document.iform['clamav_dbregion'].disabled = 1;
document.getElementById("clamav_dbregion").value = '';
document.iform['clamav_dbservers'].disabled = 1;
diff --git a/config/squid3/34/squid_reverse.inc b/config/squid3/34/squid_reverse.inc
index d69d6a01..9693b21f 100755
--- a/config/squid3/34/squid_reverse.inc
+++ b/config/squid3/34/squid_reverse.inc
@@ -263,6 +263,59 @@ function squid_resync_reverse() {
return $conf;
}
+/* Migrate reverse proxy configuration from old Squid package versions */
+function squid_reverse_upgrade_config() {
+ global $config;
+ if (is_array($config['installedpackages']['squidreverse'])) {
+ $old_reverse_settings = $config['installedpackages']['squidreverse']['config'][0];
+
+ // settings
+ if (!is_array($config['installedpackages']['squidreversegeneral'])) {
+ $config['installedpackages']['squidreversegeneral']['config'][0] = $old_reverse_settings;
+ unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_cache_peer']);
+ unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_uri']);
+ unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_acl']);
+ }
+
+ // peers
+ if (!is_array($config['installedpackages']['squidreversepeer'])) {
+ foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_cache_peer'])) as $cache_peers) {
+ foreach (explode(";", $cache_peers) as $cache_peer) {
+ $config['installedpackages']['squidreversepeer']['config'][] = array(
+ 'description' => 'migrated',
+ 'enable' => 'on',
+ 'name' => $cache_peer[0],
+ 'port' => $cache_peer[1],
+ 'protocol' => $cache_peer[2]
+ );
+ }
+ }
+ }
+
+ // mappings
+ if (!is_array($config['installedpackages']['squidreverseuri'])) {
+ foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_acl'])) as $acls) {
+ foreach (explode(";", $acls) as $acl) {
+ array_push(${'peer_'.$acl[0]}, $acl[1]);
+ }
+ }
+ foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_uri'])) as $uris) {
+ foreach (explode(";", $uris) as $uri) {
+ $peer_list = (is_array(${'peer_' . $uri[0]}) ? implode(",", ${'peer_' . $uri[0]}) : "");
+ $config['installedpackages']['squidreverseuri']['config'][] = array(
+ 'description' => 'migrated',
+ 'enable' => 'on',
+ 'name' => $uri[0],
+ 'uri' => $uri[1],
+ 'vhost' => $uri[2],
+ 'peers' => $peer_list
+ );
+ }
+ }
+ }
+ }
+}
+
/* Reverse Proxy Server input validation */
function squid_validate_reverse($post, &$input_errors) {
global $config;
diff --git a/pkg_config.10.xml b/pkg_config.10.xml
index 0263b71d..8bd6434a 100644
--- a/pkg_config.10.xml
+++ b/pkg_config.10.xml
@@ -1052,7 +1052,7 @@
<pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>0.3.9.2</version>
+ <version>0.4.0</version>
<status>beta</status>
<required_version>2.2</required_version>
<maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>