diff options
Diffstat (limited to 'config/squid')
| -rw-r--r-- | config/squid/proxy_monitor.sh | 72 | ||||
| -rw-r--r-- | config/squid/sqpmon.sh | 75 | ||||
| -rw-r--r-- | config/squid/squid.inc | 69 | ||||
| -rw-r--r-- | config/squid/squid.xml | 8 |
4 files changed, 120 insertions, 104 deletions
diff --git a/config/squid/proxy_monitor.sh b/config/squid/proxy_monitor.sh index fa5a87bb..e69de29b 100644 --- a/config/squid/proxy_monitor.sh +++ b/config/squid/proxy_monitor.sh @@ -1,72 +0,0 @@ -#!/bin/sh -# $Id$ */ -# -# proxy_monitor.sh -# Copyright (C) 2006 Scott Ullrich -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -set -e - -LOOP_SLEEP=55 - -if [ -f /var/run/squid_alarm ]; then - rm /var/run/squid_alarm -fi - -# Sleep 5 seconds on startup not to mangle with existing boot scripts. -sleep 5 - -# Squid monitor 1.2 -while [ /bin/true ]; do - if [ ! -f /var/run/squid_alarm ]; then - NUM_PROCS=`ps auxw | grep "[s]quid -D"|awk '{print $2}'| wc -l | awk '{ print $1 }'` - if [ $NUM_PROCS -lt 1 ]; then - # squid is down - echo "Squid has exited. Reconfiguring filter." | \ - logger -p daemon.info -i -t Squid_Alarm - echo "Attempting restart..." | logger -p daemon.info -i -t Squid_Alarm - /usr/local/etc/rc.d/squid.sh start - sleep 3 - echo "Reconfiguring filter..." | logger -p daemon.info -i -t Squid_Alarm - /etc/rc.filter_configure - touch /var/run/squid_alarm - fi - fi - NUM_PROCS=`ps auxw | grep "[s]quid -D"|awk '{print $2}'| wc -l | awk '{ print $1 }'` - if [ $NUM_PROCS -gt 0 ]; then - if [ -f /var/run/squid_alarm ]; then - echo "Squid has resumed. Reconfiguring filter." | \ - logger -p daemon.info -i -t Squid_Alarm - /etc/rc.filter_configure - rm /var/run/squid_alarm - fi - fi - sleep $LOOP_SLEEP -done - -if [ -f /var/run/squid_alarm ]; then - rm /var/run/squid_alarm -fi - diff --git a/config/squid/sqpmon.sh b/config/squid/sqpmon.sh new file mode 100644 index 00000000..6053e8ef --- /dev/null +++ b/config/squid/sqpmon.sh @@ -0,0 +1,75 @@ +#!/bin/sh +# $Id$ */ +# +# sqpmon.sh +# Copyright (C) 2006 Scott Ullrich +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +if [ `pgrep -f "sqpmon.sh"|wc -l` -ge 1 ]; then + exit 0 +fi + +set -e + +LOOP_SLEEP=55 + +if [ -f /var/run/squid_alarm ]; then + rm /var/run/squid_alarm +fi + +# Sleep 5 seconds on startup not to mangle with existing boot scripts. +sleep 5 + +# Squid monitor 1.2 +while [ /bin/true ]; do + if [ ! -f /var/run/squid_alarm ]; then + NUM_PROCS=`ps auxw | grep "[s]quid -D"|awk '{print $2}'| wc -l | awk '{ print $1 }'` + if [ $NUM_PROCS -lt 1 ]; then + # squid is down + echo "Squid has exited. Reconfiguring filter." | \ + logger -p daemon.info -i -t Squid_Alarm + echo "Attempting restart..." | logger -p daemon.info -i -t Squid_Alarm + /usr/local/etc/rc.d/squid.sh start + sleep 3 + echo "Reconfiguring filter..." | logger -p daemon.info -i -t Squid_Alarm + /etc/rc.filter_configure + touch /var/run/squid_alarm + fi + fi + NUM_PROCS=`ps auxw | grep "[s]quid -D"|awk '{print $2}'| wc -l | awk '{ print $1 }'` + if [ $NUM_PROCS -gt 0 ]; then + if [ -f /var/run/squid_alarm ]; then + echo "Squid has resumed. Reconfiguring filter." | \ + logger -p daemon.info -i -t Squid_Alarm + /etc/rc.filter_configure + rm /var/run/squid_alarm + fi + fi + sleep $LOOP_SLEEP +done + +if [ -f /var/run/squid_alarm ]; then + rm /var/run/squid_alarm +fi diff --git a/config/squid/squid.inc b/config/squid/squid.inc index ba0943f7..54e87c1a 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -39,7 +39,14 @@ require_once('service-utils.inc'); if(!function_exists("filter_configure")) require_once("filter.inc"); -define('SQUID_CONFBASE', '/usr/local/etc/squid'); +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version > 2.0) + define('SQUID_LOCALBASE', '/usr/pbi/squid-' . php_uname("m")); +else + define('SQUID_LOCALBASE','/usr/local'); + + +define('SQUID_CONFBASE',SQUID_LOCALBASE . '/etc/squid'); define('SQUID_BASE', '/var/squid/'); define('SQUID_ACLDIR', '/var/squid/acl'); define('SQUID_PASSWD', '/var/etc/squid.passwd'); @@ -94,12 +101,12 @@ function squid_dash_z() { if(!is_dir($cachedir.'/00/')) { log_error("Creating squid cache subdirs in $cachedir"); - mwexec("/usr/local/sbin/squid -k shutdown"); + mwexec(SQUID_LOCALBASE . "/sbin/squid -k shutdown"); sleep(5); - mwexec("/usr/local/sbin/squid -k kill"); + mwexec(SQUID_LOCALBASE . "/sbin/squid -k kill"); // Double check permissions here, should be safe to recurse cache dir if it's small here. mwexec("/usr/sbin/chown -R proxy:proxy $cachedir"); - mwexec("/usr/local/sbin/squid -z"); + mwexec(SQUID_LOCALBASE . "/sbin/squid -z"); } if(file_exists("/var/squid/cache/swap.state")) { @@ -204,14 +211,18 @@ function squid_install_command() { update_status("Creating squid cache pools... One moment please..."); squid_dash_z(); /* make sure pinger is executable */ - if(file_exists("/usr/local/libexec/squid/pinger")) - exec("/bin/chmod a+x /usr/local/libexec/squid/pinger"); - if(file_exists("/usr/local/etc/rc.d/squid")) - exec("/bin/rm /usr/local/etc/rc.d/squid"); + if(file_exists(SQUID_LOCALBASE . "/libexec/squid/pinger")) + exec("/bin/chmod a+x " . SQUID_LOCALBASE . "/libexec/squid/pinger"); + if(file_exists(SQUID_LOCALBASE . "/etc/rc.d/squid")) + exec("/bin/rm " . SQUID_LOCALBASE . "/etc/rc.d/squid"); squid_write_rcfile(); - exec("chmod a+rx /usr/local/libexec/squid/dnsserver"); + exec("chmod a+rx " . SQUID_LOCALBASE . "/libexec/squid/dnsserver"); if(file_exists("/usr/local/pkg/swapstate_check.php")) exec("/bin/chmod a+x /usr/local/pkg/swapstate_check.php"); + write_rcfile(array( + "file" => "sqp_monitor.sh", + "start" => "/usr/local/pkg/sqpmon.sh &", + "stop" => "ps awux | grep \"sqpmon\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill")); foreach (array( SQUID_CONFBASE, SQUID_ACLDIR, @@ -223,7 +234,7 @@ function squid_install_command() { /* kill any running proxy alarm scripts */ update_status("Checking for running processes... One moment please..."); log_error("Stopping any running proxy monitors"); - mwexec("ps awux | grep \"proxy_monitor\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill"); + mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); sleep(1); if (!file_exists(SQUID_CONFBASE . '/mime.conf') && file_exists(SQUID_CONFBASE . '/mime.conf.default')) @@ -235,16 +246,16 @@ function squid_install_command() { if (!is_service_running('squid')) { update_status("Starting... One moment please..."); log_error("Starting Squid"); - mwexec_bg("/usr/local/sbin/squid -D"); + mwexec_bg(SQUID_LOCALBASE . "/sbin/squid -D"); } else { update_status("Reloading Squid for configuration sync... One moment please..."); log_error("Reloading Squid for configuration sync"); - mwexec("/usr/local/sbin/squid -k reconfigure"); + mwexec(SQUID_LOCALBASE . "/sbin/squid -k reconfigure"); } /* restart proxy alarm scripts */ log_error("Starting a proxy monitor script"); - mwexec_bg("/usr/local/etc/rc.d/proxy_monitor.sh"); + mwexec_bg("/usr/local/etc/rc.d/sqp_monitor.sh start"); update_status("Reconfiguring filter... One moment please..."); filter_configure(); @@ -262,8 +273,8 @@ function squid_deinstall_command() { mwexec('rm -rf $cachedir/swap.state'); mwexec('rm -rf $logdir'); update_status("Finishing package cleanup."); - mwexec('rm -f /usr/local/etc/rc.d/proxy_monitor.sh'); - mwexec("ps awux | grep \"proxy_monitor\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill"); + mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); + mwexec('rm -f /usr/local/etc/rc.d/sqp_monitor.sh'); mwexec("ps awux | grep \"squid\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill"); mwexec("ps awux | grep \"dnsserver\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill"); mwexec("ps awux | grep \"unlinkd\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill"); @@ -567,7 +578,7 @@ function squid_install_cron($should_install) { $cron_item['month'] = "*"; $cron_item['wday'] = "*"; $cron_item['who'] = "root"; - $cron_item['command'] = "/bin/rm {$cachedir}/swap.state; /usr/local/sbin/squid -k rotate"; + $cron_item['command'] = "/bin/rm {$cachedir}/swap.state; " . SQUID_LOCALBASE . "/sbin/squid -k rotate"; $config['cron']['item'][] = $cron_item; $need_write = true; } @@ -1042,19 +1053,19 @@ function squid_resync_auth() { $prompt = ($settings['auth_prompt'] ? $settings['auth_prompt'] : 'Please enter your credentials to access the proxy'); switch ($auth_method) { case 'local': - $conf .= 'auth_param basic program /usr/local/libexec/squid/ncsa_auth ' . SQUID_PASSWD . "\n"; + $conf .= 'auth_param basic program ' . SQUID_LOCALBASE . '/libexec/squid/ncsa_auth ' . SQUID_PASSWD . "\n"; break; case 'ldap': $port = (isset($settings['auth_server_port']) ? ":{$settings['auth_server_port']}" : ''); $password = (isset($settings['ldap_pass']) ? "-w {$settings['ldap_pass']}" : ''); - $conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n"; + $conf .= "auth_param basic program " . SQUID_LOCALBASE . "/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n"; break; case 'radius': $port = (isset($settings['auth_server_port']) ? "-p {$settings['auth_server_port']}" : ''); - $conf .= "auth_param basic program /usr/local/libexec/squid/squid_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n"; + $conf .= "auth_param basic program " . SQUID_LOCALBASE . "/libexec/squid/squid_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n"; break; case 'msnt': - $conf .= "auth_param basic program /usr/local/libexec/squid/msnt_auth\n"; + $conf .= "auth_param basic program " . SQUID_LOCALBASE . "/libexec/squid/msnt_auth\n"; squid_resync_msnt(); break; } @@ -1134,8 +1145,8 @@ function squid_resync() { squid_write_rcfile(); /* make sure pinger is executable */ - if(file_exists("/usr/local/libexec/squid/pinger")) - exec("chmod a+x /usr/local/libexec/squid/pinger"); + if(file_exists(SQUID_LOCALBASE . "/libexec/squid/pinger")) + exec("chmod a+x " . SQUID_LOCALBASE . "/libexec/squid/pinger"); foreach (array( SQUID_CONFBASE, SQUID_ACLDIR, @@ -1158,10 +1169,10 @@ function squid_resync() { if (!is_service_running('squid')) { log_error("Starting Squid"); - mwexec("/usr/local/sbin/squid -D"); + mwexec(SQUID_LOCALBASE . "/sbin/squid -D"); } else { log_error("Reloading Squid for configuration sync"); - mwexec("/usr/local/sbin/squid -k reconfigure"); + mwexec(SQUID_LOCALBASE . "/sbin/squid -k reconfigure"); } // Sleep for a couple seconds to give squid a chance to fire up fully. @@ -1437,15 +1448,16 @@ function squid_generate_rules($type) { function squid_write_rcfile() { $rc = array(); + $SQUID_LOCALBASE = SQUID_LOCALBASE; $rc['file'] = 'squid.sh'; $rc['start'] = <<<EOD if [ -z "`ps auxw | grep "[s]quid -D"|awk '{print $2}'`" ];then - /usr/local/sbin/squid -D + {$SQUID_LOCALBASE}/sbin/squid -D fi EOD; $rc['stop'] = <<<EOD -/usr/local/sbin/squid -k shutdown +{$SQUID_LOCALBASE}/sbin/squid -k shutdown # Just to be sure... sleep 5 killall -9 squid 2>/dev/null @@ -1454,13 +1466,14 @@ killall pinger 2>/dev/null EOD; $rc['restart'] = <<<EOD if [ -z "`ps auxw | grep "[s]quid -D"|awk '{print $2}'`" ];then - /usr/local/sbin/squid -D + {$SQUID_LOCALBASE}/sbin/squid -D else - /usr/local/sbin/squid -k reconfigure + {$SQUID_LOCALBASE}/sbin/squid -k reconfigure fi EOD; conf_mount_rw(); write_rcfile($rc); + conf_mount_ro(); } ?> diff --git a/config/squid/squid.xml b/config/squid/squid.xml index 6ad2c450..88ce234a 100644 --- a/config/squid/squid.xml +++ b/config/squid/squid.xml @@ -7,7 +7,7 @@ /* $Id$ */ /* ========================================================================== */ /* - authng.xml + squid.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2007 to whom it may belong All rights reserved. @@ -134,9 +134,9 @@ <item>http://www.pfsense.org/packages/config/squid/squid_users.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/etc/rc.d/</prefix> + <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/squid/proxy_monitor.sh</item> + <item>http://www.pfsense.org/packages/config/squid/sqpmon.sh</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> @@ -344,4 +344,4 @@ exec("/bin/rm -f /usr/local/etc/rc.d/squid*"); </custom_php_deinstall_command> <filter_rules_needed>squid_generate_rules</filter_rules_needed> -</packagegui>
\ No newline at end of file +</packagegui> |