diff options
| author | doktornotor <notordoktor@gmail.com> | 2015-10-01 03:30:38 +0200 |
|---|---|---|
| committer | doktornotor <notordoktor@gmail.com> | 2015-10-01 03:30:38 +0200 |
| commit | c55c010882627f6dd4680cc1eebfcecf5298919c (patch) | |
| tree | 73262c429736f6309e9d22569ddda6cc17a12e4a /config | |
| parent | d690ca09df4ad19280b622e7854d108e896230dd (diff) | |
| download | pfsense-packages-c55c010882627f6dd4680cc1eebfcecf5298919c.tar.gz pfsense-packages-c55c010882627f6dd4680cc1eebfcecf5298919c.tar.bz2 pfsense-packages-c55c010882627f6dd4680cc1eebfcecf5298919c.zip | |
Fix C-ICAP
Diffstat (limited to 'config')
| -rwxr-xr-x | config/squid3/34/squid.inc | 72 |
1 files changed, 50 insertions, 22 deletions
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index 713d3758..db5f1b0c 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -369,6 +369,7 @@ function squid_install_command() { chgrp(SQUID_LOCALBASE . "/libexec/squid/pinger", SQUID_GID); } + // create squid rcfile squid_write_rcfile(); // XXX: Is it really necessary? mode is set to 0755 in squid.xml @@ -376,11 +377,15 @@ function squid_install_command() { @chmod("/usr/local/pkg/swapstate_check.php", 0755); } + // create squid monitor rcfile write_rcfile(array( "file" => "sqp_monitor.sh", "start" => "/usr/local/pkg/sqpmon.sh &", "stop" => "/bin/ps awux | /usr/bin/grep \"sqpmon\" | /usr/bin/grep -v \"grep\" | /usr/bin/grep -v \"php\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill") ); + + // create c-icap rcfile + squid_write_cicap_rcfile(); // make a backup of default c-icap config file on install; also see squid_resync_antivirus() function below if (!file_exists(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.default")) { @@ -410,7 +415,9 @@ function squid_deinstall_command() { update_status("Stopping services..."); /* kill all running services */ mwexec('/usr/local/etc/rc.d/sqp_monitor.sh stop'); - mwexec("/bin/ps awux | /usr/bin/grep '[c]-icap' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); + if (is_process_running("c-icap")) { + mwexec('/bin/echo -n "stop" > /var/run/c-icap/c-icap.ctl'); + } mwexec("/bin/ps awux | /usr/bin/grep '[c]lamd' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); mwexec("/bin/ps awux | /usr/bin/grep '[f]reshclam' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); mwexec("/bin/ps awux | /usr/bin/grep '[s]quid' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); @@ -419,6 +426,7 @@ function squid_deinstall_command() { /* delete rc scripts */ unlink_if_exists('/usr/local/etc/rc.d/sqp_monitor.sh'); unlink_if_exists('/usr/local/etc/rc.d/c-icap'); + unlink_if_exists("/usr/local/etc/rc.d/c-icap.sh"); unlink_if_exists('/usr/local/etc/rc.d/clamav-clamd'); unlink_if_exists('/usr/local/etc/rc.d/clamav-freshclam'); @@ -458,6 +466,7 @@ function squid_deinstall_command() { mwexec("/bin/rm -rf {$dir}"); } } + /* clean up created PBI symlinks */ update_status("Finishing package cleanup."); if (SQUID_LOCALBASE != '/usr/local') { @@ -472,6 +481,17 @@ function squid_deinstall_command() { } } + /* check if clamav/c_icap is enabled in rc.conf.local */ + if (file_exists("/etc/rc.conf.local")) { + update_status("Removing antivirus services from /etc/rc.conf.local..."); + $sample_file = file_get_contents("/etc/rc.conf.local"); + $rcconf_local_m[0] = "@c_icap_enable(.*)\n@"; + $rcconf_local_m[1] = "@clamav_clamd_enable(.*)\n@"; + $rcconf_local_r[0] = ""; + $rcconf_local_r[1] = ""; + file_put_contents("/etc/rc.conf.local", preg_replace($rcconf_local_m, $rcconf_local_r, $sample_file), LOCK_EX); + } + update_status("Reloading filter..."); filter_configure(); } @@ -1535,12 +1555,12 @@ adaptation_access service_avi_resp allow all EOF; - // check if clamav/c_icap is enabled in rc.conf.local + // check if clamav is enabled in rc.conf.local // XXX: This whole thing sucks and should be redone to install/enable services in pfSense way if (file_exists("/etc/rc.conf.local")) { $rc_old_file = file("/etc/rc.conf.local"); foreach ($rc_old_file as $rc_line) { - if (preg_match("/^(c_icap_enable|clamav_clamd_enable)/", $rc_line, $matches)) { + if (preg_match("/^clamav_clamd_enable/", $rc_line, $matches)) { $rc_file .= $matches[1] . '="YES"' . "\n"; ${$matches[1]} = "ok"; } else { @@ -1548,9 +1568,6 @@ EOF; } } } - if (!isset($c_icap_enable)) { - $rc_file .= 'c_icap_enable="YES"' . "\n"; - } if (!isset($clamav_clamd_enable)) { $rc_file .= 'clamav_clamd_enable="YES"' . "\n"; } @@ -1698,20 +1715,14 @@ EOF; // check antivirus daemons // check icap + $c_icap_rcfile = "/usr/local/etc/rc.d/c-icap.sh"; + if (!file_exists($c_icap_rcfile)) { + squid_write_cicap_rcfile(); + } if (is_process_running("c-icap")) { mwexec_bg('/bin/echo -n "reconfigure" > /var/run/c-icap/c-icap.ctl'); } else { - // check c-icap user on startup file - $c_icap_rcfile = "/usr/local/etc/rc.d/c-icap"; - if (file_exists($c_icap_rcfile)) { - $sample_file = file_get_contents($c_icap_rcfile); - $cicapm[0] = "@c_icap_user=.*}@"; - $cicapr[0] = 'c_icap_user="clamav"}'; - $cicapm[1] = "@/usr/local@"; - $cicapr[1] = SQUID_LOCALBASE; - file_put_contents($c_icap_rcfile, preg_replace($cicapm, $cicapr, $sample_file), LOCK_EX); - } - mwexec_bg("/usr/local/etc/rc.d/c-icap start"); + mwexec_bg("{$c_icap_rcfile} start"); } // check clamav/freshclam $rc_files = array("clamav-freshclam", "clamav-clamd"); @@ -1744,21 +1755,19 @@ EOF; } if (is_process_running("c-icap")) { log_error("Stopping C-ICAP..."); - mwexec_bg("/usr/local/etc/rc.d/c-icap stop"); + mwexec_bg("/usr/local/etc/rc.d/c-icap.sh stop"); } // freshclam cronjob log_error("Removing freshclam cronjob..."); squid_install_freshclam_cron(false); - // check if clamav/c_icap is enabled in rc.conf.local + // check if clamav is enabled in rc.conf.local // XXX: This whole thing sucks and should be redone to install/enable services in pfSense way if (file_exists("/etc/rc.conf.local")) { log_error("Removing antivirus services from /etc/rc.conf.local..."); $sample_file = file_get_contents("/etc/rc.conf.local"); - $rcconf_local_m[0] = "@c_icap_enable(.*)\n@"; - $rcconf_local_m[1] = "@clamav_clamd_enable(.*)\n@"; + $rcconf_local_m[0] = "@clamav_clamd_enable(.*)\n@"; $rcconf_local_r[0] = ""; - $rcconf_local_r[1] = ""; file_put_contents("/etc/rc.conf.local", preg_replace($rcconf_local_m, $rcconf_local_r, $sample_file), LOCK_EX); } } @@ -2633,6 +2642,25 @@ EOD; conf_mount_ro(); } +function squid_write_cicap_rcfile() { + $c_icap_rcfile = "c-icap.sh"; + $cicap_libdir = SQUID_LOCALBASE . "/lib"; + $cicap_bin = SQUID_LOCALBASE . "/bin/c-icap"; + $cicap_conf = SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf"; + $cicap_start_cmd = "LD_LIBRARY_PATH={$cicap_libdir} {$cicap_bin} -f {$cicap_conf}"; + $cicap_stop_cmd = '/bin/echo -n "stop" > /var/run/c-icap/c-icap.ctl'; + conf_mount_rw(); + write_rcfile(array( + "file" => "{$c_icap_rcfile}", + "start" => "{$cicap_start_cmd}", + "stop" => "{$cicap_stop_cmd}" + ) + ); + // force delete the PBI initscript that keeps creeping back + unlink_if_exists("/usr/local/etc/rc.d/c-icap"); + conf_mount_ro(); +} + /* Uses XMLRPC to synchronize the changes to a remote node */ function squid_sync_on_changes() { global $config, $g; |