aboutsummaryrefslogtreecommitdiffstats
path: root/packages
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2006-01-25 03:29:49 +0000
committerScott Ullrich <sullrich@pfsense.org>2006-01-25 03:29:49 +0000
commitb95f641ed9819669a47ac05bb6954f870770e769 (patch)
tree6eb3b6893daaa0a3fc3bd4accd1199856314b49d /packages
parent2afdaf2b9264262fe8638b5ac509500d2727e86a (diff)
downloadpfsense-packages-b95f641ed9819669a47ac05bb6954f870770e769.tar.gz
pfsense-packages-b95f641ed9819669a47ac05bb6954f870770e769.tar.bz2
pfsense-packages-b95f641ed9819669a47ac05bb6954f870770e769.zip
Move all code to squid_ng.inc
Diffstat (limited to 'packages')
-rw-r--r--packages/squid_ng.inc217
-rw-r--r--packages/squid_ng.xml218
2 files changed, 224 insertions, 211 deletions
diff --git a/packages/squid_ng.inc b/packages/squid_ng.inc
index 02e152d0..91f39776 100644
--- a/packages/squid_ng.inc
+++ b/packages/squid_ng.inc
@@ -790,6 +790,223 @@ function global_write_squid_config()
touch($squidconfig);
} /* end function write_squid_config */
+function custom_php_install_command() {
+ /* write initial static config for transparent proxy */
+ write_static_squid_config();
+
+ touch("/tmp/custom_php_install_command");
+
+ /* make sure this all exists, see:
+ * http://forum.pfsense.org/index.php?topic=23.msg2391#msg2391
+ */
+ update_output_window("Setting up Squid environment...");
+ mwexec("mkdir -p /var/squid");
+ mwexec("chown squid:squid /var/squid");
+ mwexec("mkdir -p /var/squid/logs");
+ mwexec("chown squid:squid /var/squid/logs");
+ mwexec("mkdir -p /var/squid/cache");
+ mwexec("chown squid:squid /var/squid/cache");
+ mwexec("mkdir -p /usr/local/etc/squid/advanced");
+ mwexec("chown squid:squid /usr/local/etc/squid/advanced");
+ mwexec("mkdir -p /usr/local/etc/squid/advanced/acls");
+ mwexec("chown squid:squid /usr/local/etc/squid/advanced/acls");
+ mwexec("touch /usr/local/etc/squid/advanced/acls/src_subnets.acl");
+ mwexec("chown squid:squid /usr/local/etc/squid/advanced/acls/src_subnets.acl");
+ mwexec("touch /usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl");
+ mwexec("chown squid:squid /usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl");
+ mwexec("cp /usr/local/etc/squid/mime.conf.default /usr/local/etc/squid/mime.conf");
+
+ update_output_window("Creating Proxy Server initialization scripts...");
+ $start = <<<EOD
+touch /tmp/ro_root_mount
+/usr/local/sbin/squid -D
+touch /tmp/filter_dirty
+EOD;
+ $stop = "/usr/local/sbin/squid -k shutdown";
+ write_rcfile(array(
+ "file" => "squid.sh",
+ "start" => $start,
+ "stop" => $stop
+ )
+ );
+
+ mwexec("chmod 755 /usr/local/etc/rc.d/squid.sh");
+
+ /* create log directory hierarchies if they don't exist */
+ update_output_window("Creating required directory hierarchies...");
+
+ if (!file_exists("/var/squid/logs")) {
+ mwexec("mkdir -p /var/squid/logs");
+ }
+ mwexec("/usr/sbin/chown squid:squid /var/squid/logs");
+
+
+ if (!file_exists("/var/squid/cache")) {
+ mwexec("mkdir -p /var/squid/cache");
+ }
+ mwexec("/usr/sbin/chown squid:squid /var/squid/cache");
+
+ if (!file_exists("/usr/local/etc/squid/advanced/acls")) {
+ mwexec("mkdir -p /usr/local/etc/squid/advanced/acls");
+ }
+ mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/acls");
+
+ if (!file_exists("/usr/local/etc/squid/advanced/ncsa")) {
+ mwexec("mkdir -p /usr/local/etc/squid/advanced/ncsa");
+ }
+ mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/ncsa");
+
+ if (!file_exists("/usr/local/etc/squid/advanced/ntlm")) {
+ mwexec("mkdir -p /usr/local/etc/squid/advanced/ntlm");
+ }
+ mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/ntlm");
+
+ if (!file_exists("/usr/local/etc/squid/advanced/radius")) {
+ mwexec("mkdir -p /usr/local/etc/squid/advanced/radius");
+ }
+ mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/radius");
+
+ /* EmanuelG: update pf group ownership settings to enhance squid performance and correct issue relating */
+ /* to error message: parseHttpRequest: PF open failed: (13) Permission denied */
+ mwexec("chgrp squid /dev/pf");
+ mwexec("chmod g+rw /dev/pf");
+
+ $devfs_file = fopen("/etc/devfs.conf", "a");
+ fwrite($devfs_file, "\n# Allow squid to query the packet filter bymaking is group-accessable. ");
+ fwrite($devfs_file, "own pf root:squid");
+ fwrite($devfs_file, "perm pf 0640");
+ fclose($devfs_file);
+
+ update_output_window("Initializing Cache... This may take a moment...");
+ mwexec("/usr/local/sbin/squid -z");
+
+ update_output_window("Starting Proxy Server...");
+ start_service("squid");
+}
+
+function custom_php_deinstall_command() {
+ update_output_window("Stopping proxy service...");
+ stop_service("squid");
+ sleep(1);
+ /* brute force any remaining squid processes out */
+ mwexec("/usr/bin/killall squid");
+ mwexec("/usr/bin/killall pinger");
+ update_output_window("Recursively removing directories hierarchies...");
+ update_output_window("If existant, log files in /var/squid/logs will remain...");
+ mwexec("rm -rf /usr/local/squid");
+ mwexec("rm -rf /var/squid/cache");
+ mwexec("rm -rf /usr/local/etc/squid");
+ update_output_window("Removing configuration files...");
+ unlink_if_exists("/usr/local/etc/rc.d/squid.sh");
+ unlink_if_exists("/usr/local/etc/squid");
+ unlink_if_exists("/usr/local/libexec/squid");
+ filter_configure();
+}
+
+function write_static_squid_config() {
+ touch("/tmp/write_static_squid_config");
+ global $config;
+ $lancfg = $config['interfaces']['lan'];
+ $lanif = $lancfg['if'];
+ $lanip = $lancfg['ipaddr'];
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
+
+ $fout = fopen("/usr/local/etc/squid/squid.conf","w");
+ fwrite($fout, "#\n");
+ fwrite($fout, "# This file was automatically generated by the pfSense package manager.\n");
+ fwrite($fout, "# This default policy enables transparent proxy with no local disk logging.\n");
+ fwrite($fout, "#\n");
+ fwrite($fout, "shutdown_lifetime 5 seconds\n");
+ fwrite($fout, "icp_port 0\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n");
+ fwrite($fout, "no_cache deny QUERY\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "pid_filename /var/run/squid.pid\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "cache_mem 8 MB\n");
+ fwrite($fout, "cache_dir diskd /var/squid/cache 500 16 256\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "error_directory /usr/local/etc/squid/errors/English\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "memory_replacement_policy heap GDSF\n");
+ fwrite($fout, "cache_replacement_policy heap GDSF\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "cache_access_log /dev/null\n");
+ fwrite($fout, "cache_log /dev/null\n");
+ fwrite($fout, "cache_store_log none\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "log_mime_hdrs off\n");
+ fwrite($fout, "emulate_httpd_log on\n");
+ fwrite($fout, "forwarded_for off\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
+ fwrite($fout, "acl SSL_ports port 443 563 873 # https, snews, rsync\n");
+ fwrite($fout, "acl Safe_ports port 80 # http\n");
+ fwrite($fout, "acl Safe_ports port 21 # ftp\n");
+ fwrite($fout, "acl Safe_ports port 443 563 873 # https, snews, rsync\n");
+ fwrite($fout, "acl Safe_ports port 70 # gopher\n");
+ fwrite($fout, "acl Safe_ports port 210 # wais\n");
+ fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n");
+ fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n");
+ fwrite($fout, "acl Safe_ports port 488 # gss-http\n");
+ fwrite($fout, "acl Safe_ports port 591 # filemaker\n");
+ fwrite($fout, "acl Safe_ports port 777 # multiling http\n");
+ fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "acl CONNECT method CONNECT\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#access to squid; local machine; no restrictions\n");
+ fwrite($fout, "http_access allow localnet\n");
+ fwrite($fout, "http_access allow localhost\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Deny non web services\n");
+ fwrite($fout, "http_access deny !Safe_ports\n");
+ fwrite($fout, "http_access deny CONNECT !SSL_ports\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "#Set custom configured ACLs\n");
+ fwrite($fout, "http_access deny all\n");
+ fwrite($fout, "visible_hostname pfSense\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "cache_effective_user squid\n");
+ fwrite($fout, "cache_effective_group squid\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "maximum_object_size 4096 KB\n");
+ fwrite($fout, "minimum_object_size 0 KB\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "request_body_max_size 0 KB\n");
+ fwrite($fout, "reply_body_max_size 0 allow all\n");
+ fwrite($fout, "\n");
+
+ fwrite($fout, "httpd_accel_host virtual\n");
+ fwrite($fout, "httpd_accel_port 80\n");
+ fwrite($fout, "httpd_accel_with_proxy on\n");
+ fwrite($fout, "httpd_accel_uses_host_header on\n");
+
+ fclose($fout);
+}
+
function mod_htpasswd() {
global $config;
conf_mount_rw();
diff --git a/packages/squid_ng.xml b/packages/squid_ng.xml
index 394cb1b7..adad1855 100644
--- a/packages/squid_ng.xml
+++ b/packages/squid_ng.xml
@@ -189,227 +189,23 @@
<option><name>Turkish</name><value>Turkish</value></option>
</options>
</field>
-
</fields>
<custom_php_global_functions>
- function write_static_squid_config() {
- touch("/tmp/write_static_squid_config");
- global $config;
- $lancfg = $config['interfaces']['lan'];
- $lanif = $lancfg['if'];
- $lanip = $lancfg['ipaddr'];
- $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
- $lansn = $lancfg['subnet'];
-
- $fout = fopen("/usr/local/etc/squid/squid.conf","w");
- fwrite($fout, "#\n");
- fwrite($fout, "# This file was automatically generated by the pfSense package manager.\n");
- fwrite($fout, "# This default policy enables transparent proxy with no local disk logging.\n");
- fwrite($fout, "#\n");
- fwrite($fout, "shutdown_lifetime 5 seconds\n");
- fwrite($fout, "icp_port 0\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n");
- fwrite($fout, "no_cache deny QUERY\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "pid_filename /var/run/squid.pid\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "cache_mem 8 MB\n");
- fwrite($fout, "cache_dir diskd /var/squid/cache 500 16 256\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "error_directory /usr/local/etc/squid/errors/English\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "memory_replacement_policy heap GDSF\n");
- fwrite($fout, "cache_replacement_policy heap GDSF\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "cache_access_log /dev/null\n");
- fwrite($fout, "cache_log /dev/null\n");
- fwrite($fout, "cache_store_log none\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "log_mime_hdrs off\n");
- fwrite($fout, "emulate_httpd_log on\n");
- fwrite($fout, "forwarded_for off\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
- fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
- fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
- fwrite($fout, "acl SSL_ports port 443 563 873 # https, snews, rsync\n");
- fwrite($fout, "acl Safe_ports port 80 # http\n");
- fwrite($fout, "acl Safe_ports port 21 # ftp\n");
- fwrite($fout, "acl Safe_ports port 443 563 873 # https, snews, rsync\n");
- fwrite($fout, "acl Safe_ports port 70 # gopher\n");
- fwrite($fout, "acl Safe_ports port 210 # wais\n");
- fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n");
- fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n");
- fwrite($fout, "acl Safe_ports port 488 # gss-http\n");
- fwrite($fout, "acl Safe_ports port 591 # filemaker\n");
- fwrite($fout, "acl Safe_ports port 777 # multiling http\n");
- fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "acl CONNECT method CONNECT\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#access to squid; local machine; no restrictions\n");
- fwrite($fout, "http_access allow localnet\n");
- fwrite($fout, "http_access allow localhost\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#Deny non web services\n");
- fwrite($fout, "http_access deny !Safe_ports\n");
- fwrite($fout, "http_access deny CONNECT !SSL_ports\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "#Set custom configured ACLs\n");
- fwrite($fout, "http_access deny all\n");
- fwrite($fout, "visible_hostname pfSense\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "cache_effective_user squid\n");
- fwrite($fout, "cache_effective_group squid\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "maximum_object_size 4096 KB\n");
- fwrite($fout, "minimum_object_size 0 KB\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "request_body_max_size 0 KB\n");
- fwrite($fout, "reply_body_max_size 0 allow all\n");
- fwrite($fout, "\n");
-
- fwrite($fout, "httpd_accel_host virtual\n");
- fwrite($fout, "httpd_accel_port 80\n");
- fwrite($fout, "httpd_accel_with_proxy on\n");
- fwrite($fout, "httpd_accel_uses_host_header on\n");
-
- fclose($fout);
- }
- </custom_php_global_functions>
- <custom_add_php_command_late>
require_once("/usr/local/pkg/squid_ng.inc");
+ stop_service("squid");
+ </custom_php_global_functions>
+ <custom_add_php_command_late>
global_write_squid_config();
mwexec("/usr/local/sbin/squid -k reconfigure");
</custom_add_php_command_late>
<custom_php_install_command>
- /* write initial static config for transparent proxy */
- write_static_squid_config();
-
- touch("/tmp/custom_php_install_command");
-
- /* make sure this all exists, see:
- * http://forum.pfsense.org/index.php?topic=23.msg2391#msg2391
- */
- update_output_window("Setting up Squid environment...");
- mwexec("mkdir -p /var/squid");
- mwexec("chown squid:squid /var/squid");
- mwexec("mkdir -p /var/squid/logs");
- mwexec("chown squid:squid /var/squid/logs");
- mwexec("mkdir -p /var/squid/cache");
- mwexec("chown squid:squid /var/squid/cache");
- mwexec("mkdir -p /usr/local/etc/squid/advanced");
- mwexec("chown squid:squid /usr/local/etc/squid/advanced");
- mwexec("mkdir -p /usr/local/etc/squid/advanced/acls");
- mwexec("chown squid:squid /usr/local/etc/squid/advanced/acls");
- mwexec("touch /usr/local/etc/squid/advanced/acls/src_subnets.acl");
- mwexec("chown squid:squid /usr/local/etc/squid/advanced/acls/src_subnets.acl");
- mwexec("touch /usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl");
- mwexec("chown squid:squid /usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl");
- mwexec("cp /usr/local/etc/squid/mime.conf.default /usr/local/etc/squid/mime.conf");
-
- update_output_window("Creating Proxy Server initialization scripts...");
- $start = &lt;&lt;&lt;EOD
-touch /tmp/ro_root_mount
-/usr/local/sbin/squid -D
-touch /tmp/filter_dirty
-EOD;
- $stop = "/usr/local/sbin/squid -k shutdown";
- write_rcfile(array(
- "file" => "squid.sh",
- "start" => $start,
- "stop" => $stop
- )
- );
-
- mwexec("chmod 755 /usr/local/etc/rc.d/squid.sh");
-
- /* create log directory hierarchies if they don't exist */
- update_output_window("Creating required directory hierarchies...");
-
- if (!file_exists("/var/squid/logs")) {
- mwexec("mkdir -p /var/squid/logs");
- }
- mwexec("/usr/sbin/chown squid:squid /var/squid/logs");
-
-
- if (!file_exists("/var/squid/cache")) {
- mwexec("mkdir -p /var/squid/cache");
- }
- mwexec("/usr/sbin/chown squid:squid /var/squid/cache");
-
- if (!file_exists("/usr/local/etc/squid/advanced/acls")) {
- mwexec("mkdir -p /usr/local/etc/squid/advanced/acls");
- }
- mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/acls");
-
- if (!file_exists("/usr/local/etc/squid/advanced/ncsa")) {
- mwexec("mkdir -p /usr/local/etc/squid/advanced/ncsa");
- }
- mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/ncsa");
-
- if (!file_exists("/usr/local/etc/squid/advanced/ntlm")) {
- mwexec("mkdir -p /usr/local/etc/squid/advanced/ntlm");
- }
- mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/ntlm");
-
- if (!file_exists("/usr/local/etc/squid/advanced/radius")) {
- mwexec("mkdir -p /usr/local/etc/squid/advanced/radius");
- }
- mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/radius");
-
- /* EmanuelG: update pf group ownership settings to enhance squid performance and correct issue relating */
- /* to error message: parseHttpRequest: PF open failed: (13) Permission denied */
- mwexec("chgrp squid /dev/pf");
- mwexec("chmod g+rw /dev/pf");
-
- $devfs_file = fopen("/etc/devfs.conf", "a");
- fwrite($devfs_file, "\n# Allow squid to query the packet filter bymaking is group-accessable. ");
- fwrite($devfs_file, "own pf root:squid");
- fwrite($devfs_file, "perm pf 0640");
- fclose($devfs_file);
-
- update_output_window("Initializing Cache... This may take a moment...");
- mwexec("/usr/local/sbin/squid -z");
-
- update_output_window("Starting Proxy Server...");
+ custom_php_install_command();
+ write_static_squid_config();
+ mwexec("/usr/local/sbin/squid -k reconfigure");
start_service("squid");
</custom_php_install_command>
<custom_php_deinstall_command>
- update_output_window("Stopping proxy service...");
+ custom_php_deinstall_command();
stop_service("squid");
- sleep(1);
- /* brute force any remaining squid processes out */
- mwexec("/usr/bin/killall squid");
- mwexec("/usr/bin/killall pinger");
- update_output_window("Recursively removing directories hierarchies...");
- update_output_window("If existant, log files in /var/squid/logs will remain...");
- mwexec("rm -rf /usr/local/squid");
- mwexec("rm -rf /var/squid/cache");
- mwexec("rm -rf /usr/local/etc/squid");
- update_output_window("Removing configuration files...");
- unlink_if_exists("/usr/local/etc/rc.d/squid.sh");
- unlink_if_exists("/usr/local/etc/squid");
- unlink_if_exists("/usr/local/libexec/squid");
- filter_configure();
</custom_php_deinstall_command>
</packagegui>