diff options
author | Renato Botelho <renato@netgate.com> | 2015-09-30 07:23:55 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-09-30 07:23:55 -0300 |
commit | 614f420ec26939a0dec92997052a6bdebad52201 (patch) | |
tree | 36dc63b516e0b81b4f119711a19d191c759a00ea /config | |
parent | efa2187152b6b4e10df0166e4124f5e1d189c016 (diff) | |
parent | f7dbbd45e8f68d52cd46b1ae0d552d0bac66e3d5 (diff) | |
download | pfsense-packages-614f420ec26939a0dec92997052a6bdebad52201.tar.gz pfsense-packages-614f420ec26939a0dec92997052a6bdebad52201.tar.bz2 pfsense-packages-614f420ec26939a0dec92997052a6bdebad52201.zip |
Merge pull request #1083 from doktornotor/patch-2
Diffstat (limited to 'config')
-rwxr-xr-x | config/squid3/34/squid.inc | 213 | ||||
-rwxr-xr-x | config/squid3/34/squid_antivirus.xml | 16 | ||||
-rwxr-xr-x | config/squid3/34/squid_cache.xml | 14 | ||||
-rwxr-xr-x | config/squid3/34/squid_monitor.php | 6 | ||||
-rwxr-xr-x | config/squid3/34/squid_nac.xml | 2 | ||||
-rwxr-xr-x | config/squid3/34/squid_traffic.xml | 2 |
6 files changed, 162 insertions, 91 deletions
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index a7cb0490..7d2b08b7 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -123,24 +123,49 @@ function squid_check_clamav_user($user) { function squid_dash_z($cache_action = 'none') { global $config; - //Do nothing if there is no cache config - if (!is_array($config['installedpackages']['squidcache']['config'])) { - return; + // We need cache created on package install + if (is_array($config['installedpackages']['squidcache'])) { + $cachesettings = $config['installedpackages']['squidcache']['config'][0]; + } else { + $cachesettings = array(); + } + $cachedir = ($cachesettings['harddisk_cache_location'] ? $cachesettings['harddisk_cache_location'] : '/var/squid/cache'); + $numdirs = ($cachesettings['level1_subdirs'] ? $cachesettings['level1_subdirs'] : 16); + if (is_dir($cachedir)) { + $currentdirs = count(glob("{$cachedir}/*", GLOB_ONLYDIR)); + } else { + $currentdirs = 0; } - - $settings = $config['installedpackages']['squidcache']['config'][0]; // If the cache system is null, there is no need to initialize the (irrelevant) cache dir. - if ($settings['harddisk_cache_system'] == "null") { + if ($cachesettings['harddisk_cache_system'] == "null") { return; } + // Re-create the cachedir if clean is forced by cronjob/manually, or + // or if the cachedir changed, or level1_subdirs don't exist or the number of level1_subdirs changed + if ($cache_action == "clean" || ((!is_dir($cachedir)) || (!is_dir($cachedir . '/00'))) || ($numdirs !== $currentdirs)) { + // cannot nuke disk cache while Squid is running + squid_stop_monitor(); + if (is_service_running('squid')) { + stop_service("squid"); + } + if (is_dir($cachedir)) { + rename($cachedir, "{$cachedir}.old"); + mwexec_bg("/bin/rm -rf {$cachedir}.old"); + } + squid_create_cachedir(); + squid_restart_services(); + } +} - $cachedir = ($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); - - if ($cache_action == "clean" && file_exists($cachedir)) { - rename($cachedir, "{$cachedir}.old"); - mwexec_bg("/bin/rm -rf {$cachedir}.old"); +function squid_create_cachedir() { + global $config; + if (is_array($config['installedpackages']['squidcache'])) { + $cachesettings = $config['installedpackages']['squidcache']['config'][0]; + } else { + $cachesettings = array(); } + $cachedir = ($cachesettings['harddisk_cache_location'] ? $cachesettings['harddisk_cache_location'] : '/var/squid/cache'); if (!is_dir($cachedir)) { log_error("Creating Squid cache dir {$cachedir}"); @@ -151,11 +176,8 @@ function squid_dash_z($cache_action = 'none') { if (!is_dir($cachedir . '/00')) { log_error("Creating Squid cache subdirs in $cachedir"); - mwexec(SQUID_BASE. "/sbin/squid -k shutdown -f " . SQUID_CONFFILE); - sleep(5); - mwexec(SQUID_BASE. "/sbin/squid -k kill -f " . SQUID_CONFFILE); // Double check permissions here, should be safe to recurse cache dir if it's small here. - mwexec("/usr/sbin/chown -R " . SQUID_UID . ":" . SQUID_GID . " $cachedir"); + squid_chown_recursive($cachedir, SQUID_UID, SQUID_GID); mwexec(SQUID_BASE. "/sbin/squid -z -f " . SQUID_CONFFILE); } @@ -353,26 +375,73 @@ function squid_install_command() { function squid_deinstall_command() { global $config, $g; - $plswait_txt = "This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."; + /* remove cronjob */ squid_install_cron(false); + + update_status("Stopping services..."); + /* kill all running services */ + mwexec('/usr/local/etc/rc.d/sqp_monitor.sh stop'); + if (is_process_running("c-icap")) { + mwexec('/usr/local/etc/rc.d/c-icap stop'); + } + if (is_process_running("clamd")) { + mwexec('/usr/local/etc/rc.d/clamav-clamd stop'); + } + if (is_process_running("freshclam")) { + mwexec('/usr/local/etc/rc.d/clamav-freshclam stop'); + } + mwexec("/bin/ps awux | /usr/bin/grep \"squid\" | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); + mwexec("/bin/ps awux | /usr/bin/grep \"dnsserver\" | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); + mwexec("/bin/ps awux | /usr/bin/grep \"unlinkd\" | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); + /* delete rc scripts */ + unlink_if_exists('/usr/local/etc/rc.d/sqp_monitor.sh'); + unlink_if_exists('/usr/local/etc/rc.d/c-icap'); + unlink_if_exists('/usr/local/etc/rc.d/clamav-clamd'); + unlink_if_exists('/usr/local/etc/rc.d/clamav-freshclam'); + + /* clean up created directories */ + update_status("Removing cache and logs ... One moment please..."); + update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."); if (is_array($config['installedpackages']['squidcache'])) { - $settings = $config['installedpackages']['squidcache']['config'][0]; + $cachesettings = $config['installedpackages']['squidcache']['config'][0]; } else { - $settings = array(); + $cachesettings = array(); } - $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); - $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs'); - update_status("Removing cache ... One moment please..."); - update_output_window("$plswait_txt"); + $cachedir = ($cachesettings['harddisk_cache_location'] ? $cachesettings['harddisk_cache_location'] : '/var/squid/cache'); + if (is_array($config['installedpackages']['squid'])) { + $squidsettings = $config['installedpackages']['squid']['config'][0]; + } else { + $squidsettings = array(); + } + $logdir = ($squidsettings['log_dir'] ? $squidsettings['log_dir'] : '/var/squid/logs'); // XXX: Is it ok to remove cache and logs? It's going to happen every time package is updated - mwexec_bg("/bin/rm -rf {$cachedir}"); - mwexec("/bin/rm -rf {$logdir}"); + if (is_dir("{$cachedir}")) { + mwexec_bg("/bin/rm -rf {$cachedir}"); + } + if (is_dir("{$logdir}")) { + mwexec("/bin/rm -rf {$logdir}"); + } + $dirs = array("/var/run/c-icap", "/var/log/c-icap", "/var/log/clamav", "/var/run/clamav", "/var/db/clamav"); + foreach ($dirs as $dir) { + if (is_dir("{$dir}")) { + mwexec("/bin/rm -rf {$dir}"); + } + } + /* clean up created PBI symlinks */ update_status("Finishing package cleanup."); - mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); - unlink_if_exists('/usr/local/etc/rc.d/sqp_monitor.sh'); - mwexec("/bin/ps awux | /usr/bin/grep \"squid\" | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); - mwexec("/bin/ps awux | /usr/bin/grep \"dnsserver\" | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); - mwexec("/bin/ps awux | /usr/bin/grep \"unlinkd\" | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); + if (SQUID_LOCALBASE != '/usr/local') { + $ln_icap = array('bin/c-icap', 'bin/c-icap-client', 'c-icap-config', 'c-icap-libicapapi-config', 'c-icap-stretch', 'lib/c_icap', 'share/c_icap', 'etc/c-icap'); + foreach ($ln_icap as $ln) { + if (is_link("/usr/local/{$ln}")) { + unlink("/usr/local/{$ln}"); + } + } + if (is_link("/usr/local/lib/libicapapi.so.3")) { + unlink("/usr/local/lib/libicapapi.so.3"); + } + } + + update_status("Reloading filter..."); filter_configure(); } @@ -546,8 +615,6 @@ function squid_validate_cache($post, &$input_errors) { } } } - - squid_dash_z(); } function squid_validate_nac($post, &$input_errors) { @@ -959,6 +1026,7 @@ function squid_resync_general() { $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs'); if (!is_dir($logdir)) { + log_error("Creating Squid log dir $logdir"); safe_mkdir($logdir, 0755); squid_chown_recursive($logdir, SQUID_UID, SQUID_GID); } @@ -1951,7 +2019,39 @@ function squid_resync($via_rpc = "no") { chgrp(SQUID_LOCALBASE . "/libexec/squid/pinger", SQUID_GID); } - $log_dir = ""; + // check cache dir and create if necessary + squid_dash_z(); + + // restart Squid if enabled and reconfigure filter + squid_restart_services(); + filter_configure(); + conf_mount_ro(); +} + +function squid_stop_monitor() { + /* kill any running proxy alarm scripts */ + if (exec("/bin/ps auxw | /usr/bin/grep '[s]qpmon'")) { + log_error("Stopping any running proxy monitors"); + mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); + } + sleep(1); +} + +function squid_start_monitor() { + if (!exec("/bin/ps auxw | /usr/bin/grep '[s]qpmon'")) { + log_error("Starting a proxy monitor script"); + mwexec_bg("/usr/local/etc/rc.d/sqp_monitor.sh start"); + } + sleep(1); +} + +function squid_restart_services() { + global $config; + // reconfigure and (re)start service as needed if enabled, otherwise stop them + // do not (re)start squid services on boot + if (platform_booting()) { + return; + } $squid_enabled = false; if (is_array($config['installedpackages']['squid']['config'])) { // check if Squid is enabled @@ -1964,30 +2064,11 @@ function squid_resync($via_rpc = "no") { $squid_enabled = true; } } - // create log dir if required - if (is_array($config['installedpackages']['squid']['config'])) { - if ($config['installedpackages']['squid']['config'][0]['log_dir'] != "") { - $log_dir = $config['installedpackages']['squid']['config'][0]['log_dir'] . '/'; - } - } else { - $log_dir = "/var/squid/logs/"; - } - if (!is_dir($log_dir)) { - log_error("Creating Squid log dir $log_dir"); - safe_mkdir($log_dir, 0755); - squid_chown_recursive($log_dir, SQUID_UID, SQUID_GID); - } - - // check cache dir and create if necessary - squid_dash_z(); - // reconfigure and (re)start service as needed if enabled, otherwise stop them - // do not (re)start squid services on boot - if ((!isset($boot_process)) && ($squid_enabled)) { + if ($squid_enabled) { /* kill any running proxy alarm scripts */ - log_error("Stopping any running proxy monitors"); - mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); - sleep(1); + squid_stop_monitor(); + if (!is_service_running('squid')) { log_error("Starting Squid"); mwexec(SQUID_BASE . "/sbin/squid -f " . SQUID_CONFFILE); @@ -2002,19 +2083,16 @@ function squid_resync($via_rpc = "no") { } } /* restart proxy alarm scripts */ - log_error("Starting a proxy monitor script"); - mwexec_bg("/usr/local/etc/rc.d/sqp_monitor.sh start"); - } elseif (!$squid_enabled) { + squid_start_monitor(); + + } else { /* Squid is disabled - kill any running proxy alarm scripts and stop Squid services */ - log_error("Stopping any running proxy monitors"); - mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); - sleep(1); - log_error("Stopping Squid"); - stop_service("squid"); + squid_stop_monitor(); + if (is_service_running('squid')) { + log_error("Stopping Squid"); + stop_service("squid"); + } } - - filter_configure(); - conf_mount_ro(); } function squid_print_javascript_auth() { @@ -2369,6 +2447,9 @@ EOD; {$squid_base}/sbin/squid -k shutdown -f {$squid_conffile_var} # Just to be sure... sleep 5 +if [ -n "`/bin/ps auxw | /usr/bin/grep "[s]quid " | /usr/bin/awk '{print $2}'`" ]; then + {$squid_base}/sbin/squid -k kill -f {$squid_conffile_var} +fi if [ -x /usr/bin/ipcs ]; then # http://man.chinaunix.net/newsoft/squid/Squid_FAQ/FAQ-22.html#ss22.8 @@ -2389,6 +2470,8 @@ if [ -z "`ps auxw | /usr/bin/grep "[s]quid " | /usr/bin/awk '{print $2}'`" ]; th EOD; conf_mount_rw(); write_rcfile($rc); + // force delete the PBI initscript that keeps creeping back + unlink_if_exists("/usr/local/etc/rc.d/squid"); conf_mount_ro(); } diff --git a/config/squid3/34/squid_antivirus.xml b/config/squid3/34/squid_antivirus.xml index 8d74eb2a..2e85ab19 100755 --- a/config/squid3/34/squid_antivirus.xml +++ b/config/squid3/34/squid_antivirus.xml @@ -87,8 +87,7 @@ <text>Sync</text> <url>/pkg_edit.php?xml=squid_sync.xml</url> </tab> - </tabs> - <advanced_options>enabled</advanced_options> + </tabs> <fields> <field> <name>ClamAV Anti-Virus Integration Using C-ICAP</name> @@ -118,14 +117,17 @@ </options> </field> <field> + <name>Advanced Options</name> + <type>listtopic</type> + </field> + <field> <fielddescr>squidclamav.conf</fielddescr> <fieldname>squidclamav</fieldname> <description>squidclamav.conf file. Leave empty to load sample file. Edit only if you know what are you doing.</description> <type>textarea</type> <encoding>base64</encoding> - <cols>75</cols> + <cols>85</cols> <rows>15</rows> - <advancedfield/> </field> <field> <fielddescr>c-icap.conf</fielddescr> @@ -133,9 +135,8 @@ <description>c-icap.conf file. Leave empty to load sample file. Edit only if you know what are you doing.</description> <type>textarea</type> <encoding>base64</encoding> - <cols>75</cols> + <cols>85</cols> <rows>15</rows> - <advancedfield/> </field> <field> <fielddescr>c-icap.magic</fielddescr> @@ -143,9 +144,8 @@ <description>c-icap.conf file. Leave empty to load sample file. Edit only if you know what are you doing.</description> <type>textarea</type> <encoding>base64</encoding> - <cols>75</cols> + <cols>85</cols> <rows>15</rows> - <advancedfield/> </field> </fields> <custom_php_validation_command> diff --git a/config/squid3/34/squid_cache.xml b/config/squid3/34/squid_cache.xml index ff861897..a5e73f80 100755 --- a/config/squid3/34/squid_cache.xml +++ b/config/squid3/34/squid_cache.xml @@ -175,7 +175,7 @@ <fieldname>ext_cachemanager</fieldname> <description> <![CDATA[ - Enter the IPs for the external <a href="http://wiki.squid-cache.org/Features/CacheManager">Cache Managers</a> to be granted access to this proxy. + Enter the IPs for the external <a href="http://wiki.squid-cache.org/Features/CacheManager">Cache Managers</a> to be granted access to this proxy.<br/> <strong>Note: Separate entries by semi-colons (;)</strong> ]]> </description> @@ -403,22 +403,10 @@ <encoding>base64</encoding> </field> </fields> - <custom_php_command_before_form> - <![CDATA[ - if ($_POST['harddisk_cache_size'] != $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_size']) { - $needs_dash_z = true; - } - ]]> - </custom_php_command_before_form> <custom_php_validation_command> squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> - <![CDATA[ squid_resync(); - if ($needs_dash_z) { - squid_dash_z(); - } - ]]> </custom_php_resync_config_command> </packagegui> diff --git a/config/squid3/34/squid_monitor.php b/config/squid3/34/squid_monitor.php index ba87f998..80e15a64 100755 --- a/config/squid3/34/squid_monitor.php +++ b/config/squid3/34/squid_monitor.php @@ -120,9 +120,9 @@ include("head.inc"); <input name="strfilter" type="text" class="formfld search" id="strfilter" size="50" value="" /> <br/> <span class="vexpl"> - <?=gettext("Enter a grep like string/pattern to filterlog.");?><br/> - <?=gettext("eg. username, ip addr, url.");?><br/> - <?=gettext("Use <b>!</b> to invert the sense of matching, to select non-matching lines.");?> + <?=gettext("Enter a grep-like string/pattern to filter the log entries.");?><br/> + <?=gettext("E.g.: username, IP address, URL.");?><br/> + <?=gettext("Use <strong>!</strong> to invert the sense of matching (to select non-matching lines).");?> </span> </td> </tr> diff --git a/config/squid3/34/squid_nac.xml b/config/squid3/34/squid_nac.xml index fb7accc3..4a81ac91 100755 --- a/config/squid3/34/squid_nac.xml +++ b/config/squid3/34/squid_nac.xml @@ -171,7 +171,7 @@ <fieldname>block_user_agent</fieldname> <description> <![CDATA[ - Enter user agents that will be blocked for the users that are allowed to use the proxy. + Enter user agents that will be blocked for the users that are allowed to use the proxy.<br/> <strong>Note: Put each entry on a separate line.</strong> You also can use regular expressions. ]]> </description> diff --git a/config/squid3/34/squid_traffic.xml b/config/squid3/34/squid_traffic.xml index 135ef9ad..ac86770f 100755 --- a/config/squid3/34/squid_traffic.xml +++ b/config/squid3/34/squid_traffic.xml @@ -192,7 +192,6 @@ <type>listtopic</type> </field> <field> - <field> <type>info</type> <description> <![CDATA[ @@ -205,6 +204,7 @@ ]]> </description> </field> + <field> <fielddescr>Finish transfer if less than x KB remaining</fielddescr> <fieldname>quick_abort_min</fieldname> <description>If the transfer has less than x KB remaining, it will finish the retrieval.</description> |