aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordoktornotor <notordoktor@gmail.com>2015-12-05 11:13:26 +0100
committerdoktornotor <notordoktor@gmail.com>2015-12-05 11:13:26 +0100
commit43e12794e668759b3e8d07857ed8b9abc0904dba (patch)
treec86dec1d300b0c4aaad70a62f201290b9f7f3e39
parentc44f2a4a14977cfdeb921ae22cebddcb1d36a4d9 (diff)
downloadpfsense-packages-43e12794e668759b3e8d07857ed8b9abc0904dba.tar.gz
pfsense-packages-43e12794e668759b3e8d07857ed8b9abc0904dba.tar.bz2
pfsense-packages-43e12794e668759b3e8d07857ed8b9abc0904dba.zip
Remove the patch CP feature (Bug #5594)
This "feature" has been broken for almost a year without anyone noticing; see https://redmine.pfsense.org/issues/5594 for details. Remove this junk until a saner alternative is available. System Patches is the way to go until that happens if someone really requires that. On upgrade, an attempt to restore a backup will be attempted, and appropriate notice filed (and logged). There are also GUI instructions left in place of the original checkbox.
-rwxr-xr-xconfig/squid3/34/squid.inc50
1 files changed, 22 insertions, 28 deletions
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc
index 952d50d8..bf4fcf5d 100755
--- a/config/squid3/34/squid.inc
+++ b/config/squid3/34/squid.inc
@@ -617,7 +617,7 @@ function squid_deinstall_command() {
/* Migrate configuration from god knows which Squid package versions */
/* None of these ever existed with Squid 3.4 package and this cruft should be most likely just removed */
function squid_upgrade_config() {
- global $config;
+ global $config, $pfs_version;
/* migrate existing csv config fields */
if (is_array($config['installedpackages']['squidauth']['config'])) {
$settingsauth = $config['installedpackages']['squidauth']['config'][0];
@@ -694,6 +694,27 @@ function squid_upgrade_config() {
$config['installedpackages']['squidnac']['config'][0]['block_reply_mime_type'] = $settingsnac['block_reply_mime_type'];
}
+ /* XXX: broken Captive Portal patch (Bug #5594) */
+ if (isset($config['installedpackages']['squid']['config'][0]['patch_cp'])) {
+ if ($config['installedpackages']['squid']['config'][0]['patch_cp'] == "on") {
+ $cp_msg = "Patch Captive Portal feature was removed - see Bug #5594!";
+ /* Attempt to restore the backup, remove it after that and unset the config option to avoid running this again in future. */
+ $cp_file = '/etc/inc/captiveportal.inc';
+ $backup_file = '/root/' . $pfs_version . '.captiveportal.inc.backup';
+ if (file_exists($backup_file)) {
+ copy($backup_file, $cp_file);
+ $cp_msg .= "Found and restored a previous backup of {$cp_file}. Double-check its contents for sanity!";
+ unlink($backup_file);
+ } else {
+ $cp_msg .= "Failed to find a backup of {$cp_file}! Get a sane copy of the file from pfSense GitHub repository!";
+ }
+ file_notice("squid", $cp_msg, "Packages", "");
+ log_error("[squid] {$cp_msg}");
+ unset($cp_msg, $cp_file, $backup_file);
+ }
+ unset($config['installedpackages']['squid']['config'][0]['patch_cp']);
+ }
+
/* migrate reverse proxy settings */
squid_reverse_upgrade_config();
@@ -2001,33 +2022,6 @@ function squid_generate_rules($type) {
global $config, $pfs_version;
$squid_conf = $config['installedpackages']['squid']['config'][0];
- //check captive portal option
- $cp_file = '/etc/inc/captiveportal.inc';
- $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128);
- $cp_inc = file($cp_file);
- $new_cp_inc = "";
- $found_rule = 0;
- foreach ($cp_inc as $line) {
- $new_line = $line;
- //remove applied squid patch
- if (preg_match('/skipto 65314 ip/', $line)) {
- $found_rule++;
- $new_line = "";
- }
-
- if (preg_match('/255.255.255.255/', $line) && $squid_conf['patch_cp']) {
- $found_rule++;
- $new_line .= "\t" . '$cprules .= "add {$rulenum} skipto 65314 ip from any to {$ips} ' . $port . ' in\n";' . "\n";
- $new_line .= "\t" . '$cprules .= "add {$rulenum} skipto 65314 ip from {$ips} ' . $port . ' to any out\n";' . "\n";
- }
- $new_cp_inc .= $new_line;
- }
- if (!file_exists('/root/' . $pfs_version . '.captiveportal.inc.backup')) {
- copy($cp_file, '/root/' . $pfs_version . '.captiveportal.inc.backup');
- }
- if ($found_rule > 0) {
- file_put_contents($cp_file, $new_cp_inc, LOCK_EX);
- }
// do not install any firewall rules if Squid is disabled or used as reverse proxy only
if (!squid_enabled()) {