diff options
author | doktornotor <notordoktor@gmail.com> | 2015-10-06 05:12:33 +0200 |
---|---|---|
committer | doktornotor <notordoktor@gmail.com> | 2015-10-06 05:12:33 +0200 |
commit | b52dc8a8896e6b268611959f5c79dcfb85c0ec84 (patch) | |
tree | 087fceef1febea4a06052ef380a6e77572615f7f | |
parent | 091a673be366bd9baf4f35872e8445ef7a569431 (diff) | |
download | pfsense-packages-b52dc8a8896e6b268611959f5c79dcfb85c0ec84.tar.gz pfsense-packages-b52dc8a8896e6b268611959f5c79dcfb85c0ec84.tar.bz2 pfsense-packages-b52dc8a8896e6b268611959f5c79dcfb85c0ec84.zip |
squid.inc - more cleanups and small bugfixes
- Completely split antivirus install/uninstall to squid_antivirus.inc
- Move the config migration cruft to separate squid_upgrade_config() function
- Some cachedr creation fixes
-rwxr-xr-x | config/squid3/34/squid.inc | 351 |
1 files changed, 165 insertions, 186 deletions
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index 1179889c..bb1e46ec 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -218,7 +218,13 @@ function squid_check_ca_hashes() { function squid_dash_z($cache_action = 'none') { global $config; - // We need cache created on package install + // We need cache configured after initial package install + if (!is_array($config['installedpackages']['squidcache']['config'])) { + log_error("Squid - 'Local Cache' not configured, disk cache will be disabled."); + log_error("Squid - Please, configure and save 'Local Cache' settings before enabling Squid proxy."); + return; + } + if (is_array($config['installedpackages']['squidcache'])) { $cachesettings = $config['installedpackages']['squidcache']['config'][0]; } else { @@ -294,9 +300,9 @@ function squid_create_cachedir() { if (!is_dir($cachedir . '/00')) { log_error("Creating Squid cache subdirs in $cachedir"); + mwexec(SQUID_BASE. "/sbin/squid -z -f " . SQUID_CONFFILE); // Double check permissions here, should be safe to recurse cache dir if it's small here. squid_chown_recursive($cachedir, SQUID_UID, SQUID_GID); - mwexec(SQUID_BASE. "/sbin/squid -z -f " . SQUID_CONFFILE); } if (file_exists("/var/squid/cache/swap.state")) { @@ -453,139 +459,17 @@ function squid_install_command() { update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."); update_output_window("Checking if there is configuration to migrate... One moment please..."); - /* migrate existing csv config fields */ - if (is_array($config['installedpackages']['squidauth']['config'])) { - $settingsauth = $config['installedpackages']['squidauth']['config'][0]; - } - if (is_array($config['installedpackages']['squidcache']['config'])) { - $settingscache = $config['installedpackages']['squidcache']['config'][0]; - } - if (is_array($config['installedpackages']['squidnac']['config'])) { - $settingsnac = $config['installedpackages']['squidnac']['config'][0]; - } - if (is_array($config['installedpackages']['squid']['config'])) { - $settingsgen = $config['installedpackages']['squid']['config'][0]; - } - if (SQUID_BASE != '/usr/local' && file_exists('/usr/local/bin/check_ip.php') && !file_exists(SQUID_BASE . '/bin/check_ip.php')) { - symlink("/usr/local/bin/check_ip.php", SQUID_BASE . "/bin/check_ip.php"); + /* Set storage system for nanobsd */ + if (!is_array($config['installedpackages']['squidcache'])) { + $config['installedpackages']['squidcache'] = array(); } - - /* Set storage system */ if ($g['platform'] == "nanobsd") { $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_system'] = 'null'; } - /* migrate auth settings */ - if (!empty($settingsauth['no_auth_hosts']) && strstr($settingsauth['no_auth_hosts'], ",")) { - $settingsauth['no_auth_hosts'] = base64_encode(implode("\n", explode(",", $settingsauth['no_auth_hosts']))); - $config['installedpackages']['squidauth']['config'][0]['no_auth_hosts'] = $settingsauth['no_auth_hosts']; - } - - /* migrate cache settings */ - if (!empty($settingscache['donotcache']) && strstr($settingscache['donotcache'], ",")) { - $settingscache['donotcache'] = base64_encode(implode("\n", explode(",", $settingscache['donotcache']))); - $config['installedpackages']['squidcache']['config'][0]['donotcache'] = $settingscache['donotcache']; - } - - /* migrate nac settings */ - if (!empty($settingsnac['allowed_subnets']) && strstr($settingsnac['allowed_subnets'], ",")) { - $settingsnac['allowed_subnets'] = base64_encode(implode("\n", explode(",", $settingsnac['allowed_subnets']))); - $config['installedpackages']['squidnac']['config'][0]['allowed_subnets'] = $settingsnac['allowed_subnets']; - } - - if (!empty($settingsnac['banned_hosts']) && strstr($settingsnac['banned_hosts'], ",")) { - $settingsnac['banned_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_hosts']))); - $config['installedpackages']['squidnac']['config'][0]['banned_hosts'] = $settingsnac['banned_hosts']; - } - - if (!empty($settingsnac['banned_macs']) && strstr($settingsnac['banned_macs'], ",")) { - $settingsnac['banned_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_macs']))); - $config['installedpackages']['squidnac']['config'][0]['banned_macs'] = $settingsnac['banned_macs']; - } - - if (!empty($settingsnac['unrestricted_hosts']) && strstr($settingsnac['unrestricted_hosts'], ",")) { - $settingsnac['unrestricted_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_hosts']))); - $config['installedpackages']['squidnac']['config'][0]['unrestricted_hosts'] = $settingsnac['unrestricted_hosts']; - } - - if (!empty($settingsnac['unrestricted_macs']) && strstr($settingsnac['unrestricted_macs'], ",")) { - $settingsnac['unrestricted_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_macs']))); - $config['installedpackages']['squidnac']['config'][0]['unrestricted_macs'] = $settingsnac['unrestricted_macs']; - } - - if (!empty($settingsnac['whitelist']) && strstr($settingsnac['whitelist'], ",")) { - $settingsnac['whitelist'] = base64_encode(implode("\n", explode(",", $settingsnac['whitelist']))); - $config['installedpackages']['squidnac']['config'][0]['whitelist'] = $settingsnac['whitelist']; - } - - if (!empty($settingsnac['blacklist']) && strstr($settingsnac['blacklist'], ",")) { - $settingsnac['blacklist'] = base64_encode(implode("\n", explode(",", $settingsnac['blacklist']))); - $config['installedpackages']['squidnac']['config'][0]['blacklist'] = $settingsnac['blacklist']; - } - - if (!empty($settingsnac['block_user_agent']) && strstr($settingsnac['block_user_agent'], ",")) { - $settingsnac['block_user_agent'] = base64_encode(implode("\n", explode(",", $settingsnac['block_user_agent']))); - $config['installedpackages']['squidnac']['config'][0]['block_user_agent'] = $settingsnac['block_user_agent']; - } - - if (!empty($settingsnac['block_reply_mime_type']) && strstr($settingsnac['block_reply_mime_type'], ",")) { - $settingsnac['block_reply_mime_type'] = base64_encode(implode("\n", explode(",", $settingsnac['block_reply_mime_type']))); - $config['installedpackages']['squidnac']['config'][0]['block_reply_mime_type'] = $settingsnac['block_reply_mime_type']; - } - - /* migrate reverse settings */ - if (is_array($config['installedpackages']['squidreverse'])) { - $old_reverse_settings = $config['installedpackages']['squidreverse']['config'][0]; - - // settings - if (!is_array($config['installedpackages']['squidreversegeneral'])) { - $config['installedpackages']['squidreversegeneral']['config'][0] = $old_reverse_settings; - unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_cache_peer']); - unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_uri']); - unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_acl']); - } - - // peers - if (!is_array($config['installedpackages']['squidreversepeer'])) { - foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_cache_peer'])) as $cache_peers) { - foreach (explode(";", $cache_peers) as $cache_peer) { - $config['installedpackages']['squidreversepeer']['config'][] = array( - 'description' => 'migrated', - 'enable' => 'on', - 'name' => $cache_peer[0], - 'port' => $cache_peer[1], - 'protocol' => $cache_peer[2] - ); - } - } - } - - // mappings - if (!is_array($config['installedpackages']['squidreverseuri'])) { - foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_acl'])) as $acls) { - foreach (explode(";", $acls) as $acl) { - array_push(${'peer_'.$acl[0]}, $acl[1]); - } - } - foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_uri'])) as $uris) { - foreach (explode(";", $uris) as $uri) { - $peer_list = (is_array(${'peer_' . $uri[0]}) ? implode(",", ${'peer_' . $uri[0]}) : ""); - $config['installedpackages']['squidreverseuri']['config'][] = array( - 'description' => 'migrated', - 'enable' => 'on', - 'name' => $uri[0], - 'uri' => $uri[1], - 'vhost' => $uri[2], - 'peers' => $peer_list - ); - } - } - } - } - - update_output_window("Writing configuration... One moment please..."); - write_config(); + // migrate configuration from old versions + squid_upgrade_config(); /* make sure pinger is executable and suid root */ // XXX: Bug #5114 @@ -593,14 +477,14 @@ function squid_install_command() { chgrp(SQUID_LOCALBASE . "/libexec/squid/pinger", SQUID_GID); } + // another PBI hack + if (SQUID_BASE != '/usr/local' && file_exists('/usr/local/bin/check_ip.php') && !file_exists(SQUID_BASE . '/bin/check_ip.php')) { + symlink("/usr/local/bin/check_ip.php", SQUID_BASE . "/bin/check_ip.php"); + } + // create squid rcfile squid_write_rcfile(); - // XXX: Is it really necessary? mode is set to 0755 in squid.xml - if (file_exists("/usr/local/pkg/swapstate_check.php")) { - @chmod("/usr/local/pkg/swapstate_check.php", 0755); - } - // create squid monitor rcfile write_rcfile(array( "file" => "sqp_monitor.sh", @@ -608,18 +492,8 @@ function squid_install_command() { "stop" => "/bin/ps awux | /usr/bin/grep \"sqpmon\" | /usr/bin/grep -v \"grep\" | /usr/bin/grep -v \"php\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill") ); - // create c-icap rcfile - squid_write_cicap_rcfile(); - - // make a backup of default c-icap config file on install; also see squid_resync_antivirus() function below - if (!file_exists(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.default")) { - if (file_exists(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.sample")) { - copy(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.sample", SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.default"); - } - } - - // create clamd rcfile - squid_write_clamd_rcfile(); + // antivirus intergration + squid_antivirus_install_command(); foreach (array(SQUID_CONFBASE, SQUID_ACLDIR, SQUID_SSL_DB) as $dir) { safe_mkdir($dir, 0755); @@ -630,11 +504,8 @@ function squid_install_command() { copy(SQUID_CONFBASE . '/mime.conf.default', SQUID_CONFBASE . '/mime.conf'); } - // remove unwanted PBI rcfiles + // remove unwanted PBI rc script unlink_if_exists("/usr/local/etc/rc.d/squid"); - unlink_if_exists("/usr/local/etc/rc.d/c-icap"); - unlink_if_exists("/usr/local/etc/rc.d/clamav-clamd"); - unlink_if_exists("/usr/local/etc/rc.d/clamav-freshclam"); } @@ -643,24 +514,16 @@ function squid_deinstall_command() { /* remove cronjobs */ squid_install_cron(false); - squid_install_freshclam_cron(false); /* kill all running services */ update_output_window("Stopping and removing services..."); mwexec('/usr/local/etc/rc.d/sqp_monitor.sh stop'); - if (is_process_running("c-icap")) { - mwexec('/bin/echo -n "stop" > /var/run/c-icap/c-icap.ctl'); - } - mwexec("/bin/ps awux | /usr/bin/grep '[c]lamd' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); - mwexec("/bin/ps awux | /usr/bin/grep '[f]reshclam' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); mwexec("/bin/ps awux | /usr/bin/grep '[s]quid' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); mwexec("/bin/ps awux | /usr/bin/grep '[d]nsserver' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); mwexec("/bin/ps awux | /usr/bin/grep '[u]nlinkd' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); + /* delete rc scripts */ unlink_if_exists('/usr/local/etc/rc.d/sqp_monitor.sh'); - unlink_if_exists('/usr/local/etc/rc.d/squid.sh'); - unlink_if_exists("/usr/local/etc/rc.d/c-icap.sh"); - unlink_if_exists('/usr/local/etc/rc.d/clamd.sh'); /* clean up created directories if 'Keep Settings/Data' is disabled */ if (is_array($config['installedpackages']['squidcache'])) { @@ -694,8 +557,8 @@ function squid_deinstall_command() { log_error("Will NOT delete Squid log dir '{$logdir}' since it is not located under /var/squid. Delete manually if required."); } } - - $dirs = array("/var/run/c-icap", "/var/log/c-icap", "/var/log/clamav", "/var/run/clamav", "/var/db/clamav", "/var/run/squid", "/var/squid"); + update_output_window("Removing remaining Squid directories ... One moment please..."); + $dirs = array("/var/run/squid", "/var/squid"); foreach ($dirs as $dir) { if (is_dir("{$dir}")) { mwexec("/bin/rm -rf {$dir}"); @@ -703,30 +566,8 @@ function squid_deinstall_command() { } } - /* clean up created PBI symlinks */ - update_output_window("Finishing package cleanup."); - if (SQUID_LOCALBASE != '/usr/local') { - $ln_icap = array('bin/c-icap', 'bin/c-icap-client', 'c-icap-config', 'c-icap-libicapapi-config', 'c-icap-stretch', 'lib/c_icap', 'share/c_icap', 'etc/c-icap'); - foreach ($ln_icap as $ln) { - if (is_link("/usr/local/{$ln}")) { - unlink("/usr/local/{$ln}"); - } - } - if (is_link("/usr/local/lib/libicapapi.so.3")) { - unlink("/usr/local/lib/libicapapi.so.3"); - } - } - - /* check if clamav/c_icap is enabled in rc.conf.local */ - if (file_exists("/etc/rc.conf.local")) { - update_output_window("Removing antivirus services from /etc/rc.conf.local..."); - $sample_file = file_get_contents("/etc/rc.conf.local"); - $rcconf_local_m[0] = "@c_icap_enable(.*)\n@"; - $rcconf_local_m[1] = "@clamav_clamd_enable(.*)\n@"; - $rcconf_local_r[0] = ""; - $rcconf_local_r[1] = ""; - file_put_contents("/etc/rc.conf.local", preg_replace($rcconf_local_m, $rcconf_local_r, $sample_file), LOCK_EX); - } + // remove antivirus integration features + squid_antivirus_deinstall_command(); update_output_window("Reloading filter..."); filter_configure(); @@ -777,6 +618,136 @@ function squid_deinstall_command() { update_output_window("Squid3 has been uninstalled."); } +/* Migrate configuration from god knows which Squid package versions */ +/* None of these ever existed with Squid 3.4 package and this cruft should be most likely just removed */ +function squid_upgrade_config() { + /* migrate existing csv config fields */ + if (is_array($config['installedpackages']['squidauth']['config'])) { + $settingsauth = $config['installedpackages']['squidauth']['config'][0]; + } + if (is_array($config['installedpackages']['squidcache']['config'])) { + $settingscache = $config['installedpackages']['squidcache']['config'][0]; + } + if (is_array($config['installedpackages']['squidnac']['config'])) { + $settingsnac = $config['installedpackages']['squidnac']['config'][0]; + } + if (is_array($config['installedpackages']['squid']['config'])) { + $settingsgen = $config['installedpackages']['squid']['config'][0]; + } + + /* migrate auth settings */ + if (!empty($settingsauth['no_auth_hosts']) && strstr($settingsauth['no_auth_hosts'], ",")) { + $settingsauth['no_auth_hosts'] = base64_encode(implode("\n", explode(",", $settingsauth['no_auth_hosts']))); + $config['installedpackages']['squidauth']['config'][0]['no_auth_hosts'] = $settingsauth['no_auth_hosts']; + } + + /* migrate cache settings */ + if (!empty($settingscache['donotcache']) && strstr($settingscache['donotcache'], ",")) { + $settingscache['donotcache'] = base64_encode(implode("\n", explode(",", $settingscache['donotcache']))); + $config['installedpackages']['squidcache']['config'][0]['donotcache'] = $settingscache['donotcache']; + } + + /* migrate nac settings */ + if (!empty($settingsnac['allowed_subnets']) && strstr($settingsnac['allowed_subnets'], ",")) { + $settingsnac['allowed_subnets'] = base64_encode(implode("\n", explode(",", $settingsnac['allowed_subnets']))); + $config['installedpackages']['squidnac']['config'][0]['allowed_subnets'] = $settingsnac['allowed_subnets']; + } + + if (!empty($settingsnac['banned_hosts']) && strstr($settingsnac['banned_hosts'], ",")) { + $settingsnac['banned_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_hosts']))); + $config['installedpackages']['squidnac']['config'][0]['banned_hosts'] = $settingsnac['banned_hosts']; + } + + if (!empty($settingsnac['banned_macs']) && strstr($settingsnac['banned_macs'], ",")) { + $settingsnac['banned_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_macs']))); + $config['installedpackages']['squidnac']['config'][0]['banned_macs'] = $settingsnac['banned_macs']; + } + + if (!empty($settingsnac['unrestricted_hosts']) && strstr($settingsnac['unrestricted_hosts'], ",")) { + $settingsnac['unrestricted_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_hosts']))); + $config['installedpackages']['squidnac']['config'][0]['unrestricted_hosts'] = $settingsnac['unrestricted_hosts']; + } + + if (!empty($settingsnac['unrestricted_macs']) && strstr($settingsnac['unrestricted_macs'], ",")) { + $settingsnac['unrestricted_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_macs']))); + $config['installedpackages']['squidnac']['config'][0]['unrestricted_macs'] = $settingsnac['unrestricted_macs']; + } + + if (!empty($settingsnac['whitelist']) && strstr($settingsnac['whitelist'], ",")) { + $settingsnac['whitelist'] = base64_encode(implode("\n", explode(",", $settingsnac['whitelist']))); + $config['installedpackages']['squidnac']['config'][0]['whitelist'] = $settingsnac['whitelist']; + } + + if (!empty($settingsnac['blacklist']) && strstr($settingsnac['blacklist'], ",")) { + $settingsnac['blacklist'] = base64_encode(implode("\n", explode(",", $settingsnac['blacklist']))); + $config['installedpackages']['squidnac']['config'][0]['blacklist'] = $settingsnac['blacklist']; + } + + if (!empty($settingsnac['block_user_agent']) && strstr($settingsnac['block_user_agent'], ",")) { + $settingsnac['block_user_agent'] = base64_encode(implode("\n", explode(",", $settingsnac['block_user_agent']))); + $config['installedpackages']['squidnac']['config'][0]['block_user_agent'] = $settingsnac['block_user_agent']; + } + + if (!empty($settingsnac['block_reply_mime_type']) && strstr($settingsnac['block_reply_mime_type'], ",")) { + $settingsnac['block_reply_mime_type'] = base64_encode(implode("\n", explode(",", $settingsnac['block_reply_mime_type']))); + $config['installedpackages']['squidnac']['config'][0]['block_reply_mime_type'] = $settingsnac['block_reply_mime_type']; + } + + /* migrate reverse settings */ + if (is_array($config['installedpackages']['squidreverse'])) { + $old_reverse_settings = $config['installedpackages']['squidreverse']['config'][0]; + + // settings + if (!is_array($config['installedpackages']['squidreversegeneral'])) { + $config['installedpackages']['squidreversegeneral']['config'][0] = $old_reverse_settings; + unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_cache_peer']); + unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_uri']); + unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_acl']); + } + + // peers + if (!is_array($config['installedpackages']['squidreversepeer'])) { + foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_cache_peer'])) as $cache_peers) { + foreach (explode(";", $cache_peers) as $cache_peer) { + $config['installedpackages']['squidreversepeer']['config'][] = array( + 'description' => 'migrated', + 'enable' => 'on', + 'name' => $cache_peer[0], + 'port' => $cache_peer[1], + 'protocol' => $cache_peer[2] + ); + } + } + } + + // mappings + if (!is_array($config['installedpackages']['squidreverseuri'])) { + foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_acl'])) as $acls) { + foreach (explode(";", $acls) as $acl) { + array_push(${'peer_'.$acl[0]}, $acl[1]); + } + } + foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_uri'])) as $uris) { + foreach (explode(";", $uris) as $uri) { + $peer_list = (is_array(${'peer_' . $uri[0]}) ? implode(",", ${'peer_' . $uri[0]}) : ""); + $config['installedpackages']['squidreverseuri']['config'][] = array( + 'description' => 'migrated', + 'enable' => 'on', + 'name' => $uri[0], + 'uri' => $uri[1], + 'vhost' => $uri[2], + 'peers' => $peer_list + ); + } + } + } + } + + update_output_window("Writing configuration... One moment please..."); + write_config(); +} + + /* * Squid input validation */ @@ -791,6 +762,11 @@ function squid_validate_general($post, &$input_errors) { $settings = array(); } + // force users to configure cache + if (!is_array($config['installedpackages']['squidcache']['config'])) { + $input_errors[] = 'Please, configure and save \'Local Cache\' settings first.'; + } + $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); $port = $post['proxy_port'] ? $post['proxy_port'] : $port; @@ -1333,8 +1309,11 @@ function squid_resync_cache() { $offline_mode = ($settings['enable_offline'] == 'on' ? 'on' : 'off'); $conf = ''; if (!isset($settings['harddisk_cache_system'])) { - if ($g['platform'] == "nanobsd" || !is_array ($config['installedpackages']['squidcache']['config'])) { + if ($g['platform'] == "nanobsd") { $disk_cache_system = 'null'; + } elseif (!is_array($config['installedpackages']['squidcache']['config'])) { + log_error("Squid - 'Local Cache' not configured, disk cache will be disabled."); + log_error("Squid - Please, configure and save 'Local Cache' settings before enabling Squid proxy."); } else { $disk_cache_system = 'ufs'; } |