diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/avahi/avahi.inc | 26 | ||||
-rw-r--r-- | config/avahi/avahi.xml | 8 | ||||
-rw-r--r-- | config/sarg/sarg.inc | 257 | ||||
-rw-r--r-- | config/sarg/sarg.xml | 5 | ||||
-rw-r--r-- | config/sarg/sarg_schedule.xml | 21 | ||||
-rwxr-xr-x | config/squid3/34/squid.inc | 50 | ||||
-rw-r--r-- | config/squid3/34/squid.xml | 11 |
7 files changed, 168 insertions, 210 deletions
diff --git a/config/avahi/avahi.inc b/config/avahi/avahi.inc index 04f3b343..cd7099cf 100644 --- a/config/avahi/avahi.inc +++ b/config/avahi/avahi.inc @@ -28,6 +28,11 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once('config.inc'); +require_once('interfaces.inc'); +require_once('service-utils.inc'); +require_once('util.inc'); + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pfs_version == "2.1" || $pfs_version == "2.2") { define('AVAHI_BASE', '/usr/pbi/avahi-' . php_uname("m")); @@ -63,8 +68,7 @@ function avahi_deinstall() { } function avahi_write_config() { - global $config, $avahi_config; - conf_mount_rw(); + global $config; // Pull some various values out of config.xml if (isset($config['installedpackages']['avahi']['config'][0])) { @@ -173,8 +177,16 @@ EOF; $fd = fopen(AVAHI_BASE . "/etc/avahi/avahi-daemon.conf", "w"); fwrite($fd, $avahiconfig); fclose($fd); +} + +function avahi_write_rcfile() { + global $config; + if (isset($config['installedpackages']['avahi']['config'][0])) { + $avahi_config = $config['installedpackages']['avahi']['config'][0]; + } else { + $avahi_config = array(); + } - /* Write out rc.d startup file */ $start = "/etc/rc.conf_mount_rw\n"; $start .= "if [ ! -d /proc/0 ]; then\n"; $start .= " /bin/mkdir -p /proc\n"; @@ -214,20 +226,26 @@ EOF; ) ); - conf_mount_ro(); } function avahi_sync() { global $config; + conf_mount_rw(); if (is_service_running("avahi")) { stop_service("avahi"); } avahi_write_config(); + // Is package enabled? if ($config['installedpackages']['avahi']['config'][0]['enable']) { + avahi_write_rcfile(); start_service("avahi"); + } else { + unlink_if_exists("/usr/local/etc/rc.d/avahi-daemon.sh"); } + + conf_mount_ro(); } function avahi_upgrade_config() { diff --git a/config/avahi/avahi.xml b/config/avahi/avahi.xml index a69c515d..9bdb9c7f 100644 --- a/config/avahi/avahi.xml +++ b/config/avahi/avahi.xml @@ -44,20 +44,18 @@ </copyright> <title>Services: Avahi</title> <name>avahi</name> - <version>1.10.1</version> - <savetext>Save</savetext> + <version>1.10.4</version> <include_file>/usr/local/pkg/avahi.inc</include_file> <menu> <name>Avahi</name> - <tooltiptext>Modify avahi settings.</tooltiptext> <section>Services</section> - <url>pkg_edit.php?xml=avahi.xml</url> + <url>/pkg_edit.php?xml=avahi.xml</url> </menu> <service> <name>avahi</name> <rcfile>avahi-daemon.sh</rcfile> <executable>avahi-daemon</executable> - <description>Avahi zeroconf/mDNS daemon</description> + <description>Avahi Zeroconf/mDNS Daemon</description> </service> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> diff --git a/config/sarg/sarg.inc b/config/sarg/sarg.inc index d67d11dc..22e70c95 100644 --- a/config/sarg/sarg.inc +++ b/config/sarg/sarg.inc @@ -77,32 +77,111 @@ function sarg_text_area_decode($text) { return preg_replace('/\r\n/', "\n", base64_decode($text)); } -function sarg_resync() { - global $config; - if (($_POST['Submit'] == 'Save') || !isset($_POST['Submit'])) { - sync_package_sarg(); +function sarg_check_dirs() { + // move old reports + if (is_dir("/usr/local/www/sarg-reports") && !is_dir("/usr/local/sarg-reports")) { + rename("/usr/local/www/sarg-reports", "/usr/local/sarg-reports"); } - if ($_POST['Submit'] == 'Force update now') { - run_sarg(); + + // check dirs + $dirs = array("/usr/local/sarg-reports", "/usr/local/www/sarg-images", "/usr/local/www/sarg-images/temp"); + foreach ($dirs as $dir) { + safe_mkdir($dir, 0755, true); + } + // PBI hack + if (SARG_DIR != "/usr/local") { + $pbidir = SARG_DIR . "/local/sarg-reports"; + if (is_dir($pbidir) && !is_link($pbidir)) { + rmdir_recursive($pbidir); + } + symlink("/usr/local/sarg-reports", "{$pbidir}"); + } + + // images + $simages = array("datetime.png", "graph.png", "sarg-squidguard-block.png", "sarg.png"); + $simgdir1 = "/usr/local/www/sarg-images"; + $simgdir2 = SARG_DIR . "/etc/sarg/images"; + foreach ($simages as $simage) { + if (!file_exists("{$simgdir1}/{$simage}")) { + copy("{$simgdir2}/{$simage}","{$simgdir1}/{$simage}"); + } } } -function log_rotate($log_file) { - global $config, $g; +function sarg_configure_cron() { + global $config; + // TODO: Redo this mess to use install_cron_job() instead + $new_cron = array(); + $cron_found = 0; + if (is_array($config['cron']['item'])) { + foreach($config['cron']['item'] as $cron) { + if (preg_match("/usr.local.www.sarg.php/", $cron["command"])) { + $cron_found++; + } else { + $new_cron['item'][] = $cron; + } + } + $cron_cmd="/usr/local/bin/php --no-header /usr/local/www/sarg.php"; + $sarg_schedule_id = 0; + if (is_array($config['installedpackages']['sargschedule']['config'])) { + foreach ($config['installedpackages']['sargschedule']['config'] as $sarg_schedule) { + if (preg_match('/(\d+)m/', $sarg_schedule['frequency'], $matches) && $sarg_schedule['enable']) { + $new_cron['item'][] = array("minute" => "*/" . $matches[1], + "hour" => "*", + "mday" => "*", + "month" => "*", + "wday" => "*", + "who" => "root", + "command" => $cron_cmd . " " . $sarg_schedule_id); + $config['cron'] = $new_cron; + $cron_found++; + } + if (preg_match('/(\d+)h/', $sarg_schedule['frequency'], $matches) && $sarg_schedule['enable']) { + $new_cron['item'][] = array("minute" => "0", + "hour" => "*/" . $matches[1], + "mday" => "*", + "month" => "*", + "wday" => "*", + "who" => "root", + "command" => $cron_cmd . " " . $sarg_schedule_id); + $config['cron'] = $new_cron; + $cron_found++; + } + if (preg_match('/(\d+)d/', $sarg_schedule['frequency'], $matches) && $sarg_schedule['enable']) { + $new_cron['item'][] = array("minute" => "0", + "hour" => "0", + "mday" => "*/" . $matches[1], + "month" => "*", + "wday" => "*", + "who" => "root", + "command"=> $cron_cmd . " " . $sarg_schedule_id); + $config['cron']=$new_cron; + $cron_found++; + } + $sarg_schedule_id++; + } + } - // remove .10 rotate log file - unlink_if_exists("{$log_file}.10"); - // rotate logs from 9 to 0 - $i = 9; - while ($i >= 0) { - if (file_exists("{$log_file}.{$i}")) { - rename("{$log_file}.{$i}", "{$log_file}" . ($i + 1)); + // update cron + if ($cron_found > 0) { + $config['cron'] = $new_cron; + write_config(); + configure_cron(); } - $i = $i - 1; } - // rotate current log - if (file_exists("$log_file")) { - rename("{$log_file}", "{$log_file}.0"); +} + +function sarg_package_install() { + sarg_check_dirs(); +} + +function sarg_resync() { + global $config; + if (($_POST['Submit'] == 'Save') || !isset($_POST['Submit'])) { + sync_package_sarg(); + } + if ($_POST['Submit'] == 'Force update now') { + run_sarg(); } } @@ -113,21 +192,19 @@ function run_sarg($id = -1) { $cmd = SARG_DIR . "/bin/sarg"; if ($id >= 0 && is_array($config['installedpackages']['sargschedule']['config'])) { $args = $config['installedpackages']['sargschedule']['config'][$id]['args']; - $action = $config['installedpackages']['sargschedule']['config'][$id]['action']; $gzip = $config['installedpackages']['sargschedule']['config'][$id]['gzip']; $find = $config['installedpackages']['sargschedule']['config'][$id]['find']; $gziplevel = $config['installedpackages']['sargschedule']['config'][$id]['gziplevel']; $daylimit = $config['installedpackages']['sargschedule']['config'][$id]['daylimit']; } else { $args = $_POST['args']; - $action = $_POST['action']; $gzip = $_POST['gzip']; $find = $_POST['find']; $gziplevel = $_POST['gziplevel']; $daylimit = ""; } $find = (preg_match("/(\d+)/", $find, $find_matches) ? $find_matches[1] : "60"); - log_error("Sarg: force refresh now with {$args} args, compress({$gzip}) and {$action} action after sarg finish."); + log_error("[sarg] Force refresh now with {$args} args, compress({$gzip})."); $gzip_script = "#!/bin/sh\n"; if ($gzip == "on") { // remove old file if exists @@ -155,39 +232,7 @@ EOF; // create a new file to speedup find search file_put_contents("/root/sarg_run_{$id}.sh", $gzip_script, LOCK_EX); mwexec("export LC_ALL=C && " . $cmd . " " . $args); - // check if there is a script to run after file save - if (is_array($config['installedpackages']['sarg'])) { - switch ($config['installedpackages']['sarg']['config'][0]['proxy_server']) { - case "squidguard": - if ($action == "both" || $action == "rotate") { - log_error('Executing squidguard log rotate after sarg.'); - log_rotate($sarg_proxy['squidguard_block_log']); - file_put_contents($sarg_proxy['squidguard_block_log'], "", LOCK_EX); - chown($sarg_proxy['squidguard_block_log'], 'proxy'); - chgrp($sarg_proxy['squidguard_block_log'], 'proxy'); - mwexec(SQUID_DIR . '/sbin/squid -k reconfigure'); - } - // leave this case without break to run squid rotate too. - case "squid": - if ($action == "both" || $action == "rotate") { - log_error('Executing squid log rotate after sarg.'); - mwexec(SQUID_DIR . '/sbin/squid -k rotate'); - } - if ($action == "both" || $action=="restart") { - if (file_exists($sarg_proxy['squid_rc'])) { - mwexec_bg($sarg_proxy['squid_rc'] . ' restart'); - } - } - break; - case "dansguardian": - if (preg_match('/\w+/', $action) && $action != "none") { - log_rotate($sarg_proxy['dansguardian_log']); - log_error('Restarting dansguardian after sarg and log rotate.'); - mwexec('/usr/bin/killall -HUP dansguardian'); - } - break; - } - } + // check compress option if ($gzip == "on") { mwexec_bg("/bin/sh /root/sarg_run_{$id}.sh"); @@ -257,8 +302,8 @@ function sync_package_sarg() { } break; } - if (!file_exists($access_log) && $access_log !="") { - $error = "Sarg config error: " . $sarg['proxy_server'] . " log file ($access_log) does not exists"; + if (!file_exists($access_log) && $access_log != "") { + $error = "[sarg] Config error: " . $sarg['proxy_server'] . " log file ($access_log) does not exists"; log_error($error); file_notice("Sarg", $error, "Sarg Settings", ""); } @@ -323,28 +368,8 @@ function sync_package_sarg() { $LDAPFilterSearch = (empty($sarguser['ldap_filter_search']) ? "" : "LDAPFilterSearch " . $sarguser['ldap_filter_search']); } - // move old reports - if (is_dir("/usr/local/www/sarg-reports") && !is_dir("/usr/local/sarg-reports")) { - rename("/usr/local/www/sarg-reports","/usr/local/sarg-reports"); - } - - // check dirs - $dirs = array("/usr/local/sarg-reports", "/usr/local/www/sarg-images", "/usr/local/www/sarg-images/temp"); - foreach ($dirs as $dir) { - if (!is_dir($dir)) { - mkdir($dir, 0755, true); - } - } - - // images - $simages = array("datetime.png", "graph.png", "sarg-squidguard-block.png", "sarg.png"); - $simgdir1 = "/usr/local/www/sarg-images"; - $simgdir2 = SARG_DIR . "/etc/sarg/images"; - foreach ($simages as $simage) { - if (!file_exists("{$simgdir1}/{$simage}")) { - copy("{$simgdir2}/{$simage}","{$simgdir1}/{$simage}"); - } - } + // check dirs and images + sarg_check_dirs(); // create sarg config files $sarg_dir = SARG_DIR; @@ -356,65 +381,7 @@ function sync_package_sarg() { file_put_contents(SARG_DIR . '/etc/sarg/exclude_users.conf', sarg_text_area_decode($sarguser['exclude_userlist']), LOCK_EX); // check cron_tab - // TODO: Redo this mess to use install_cron_job() instead - $new_cron = array(); - $cron_found = 0; - if (is_array($config['cron']['item'])) { - foreach($config['cron']['item'] as $cron) { - if (preg_match("/usr.local.www.sarg.php/", $cron["command"])) { - $cron_found++; - } else { - $new_cron['item'][] = $cron; - } - } - $cron_cmd="/usr/local/bin/php --no-header /usr/local/www/sarg.php"; - $sarg_schedule_id = 0; - if (is_array($config['installedpackages']['sargschedule']['config'])) { - foreach ($config['installedpackages']['sargschedule']['config'] as $sarg_schedule) { - if (preg_match('/(\d+)m/', $sarg_schedule['frequency'], $matches) && $sarg_schedule['enable']) { - $new_cron['item'][] = array("minute" => "*/" . $matches[1], - "hour" => "*", - "mday" => "*", - "month" => "*", - "wday" => "*", - "who" => "root", - "command" => $cron_cmd . " " . $sarg_schedule_id); - $config['cron'] = $new_cron; - $cron_found++; - } - if (preg_match('/(\d+)h/', $sarg_schedule['frequency'], $matches) && $sarg_schedule['enable']) { - $new_cron['item'][] = array("minute" => "0", - "hour" => "*/" . $matches[1], - "mday" => "*", - "month" => "*", - "wday" => "*", - "who" => "root", - "command" => $cron_cmd . " " . $sarg_schedule_id); - $config['cron'] = $new_cron; - $cron_found++; - } - if (preg_match('/(\d+)d/', $sarg_schedule['frequency'], $matches) && $sarg_schedule['enable']) { - $new_cron['item'][] = array("minute" => "0", - "hour" => "0", - "mday" => "*/" . $matches[1], - "month" => "*", - "wday" => "*", - "who" => "root", - "command"=> $cron_cmd . " " . $sarg_schedule_id); - $config['cron']=$new_cron; - $cron_found++; - } - $sarg_schedule_id++; - } - } - - // update cron - if ($cron_found > 0) { - $config['cron'] = $new_cron; - write_config(); - configure_cron(); - } - } + sarg_configure_cron(); // write config if any file from filesystem was loaded if ($update_conf > 0) { @@ -441,25 +408,23 @@ function sarg_validate_input($post, &$input_errors) { $input_errors[] = 'Please change it on Services -> Dansguardian -> Report and log -> Log file format'; } } else { - $input_errors[]='dansguardian package not detected'; + $input_errors[]='DansGuardian package is not installed'; } } # check squidguard - if (substr($key, 0, 10) == "proxy_server" && $value == "squidguard") { - if (!is_array($config['installedpackages']['squidguardgeneral'])) { - $input_errors[]='squidguard package not detected'; - } - } + if (substr($key, 0, 10) == "proxy_server" && $value == "squidguard") + if (!is_array($config['installedpackages']['squidguardgeneral'])) + $input_errors[]='SquidGuard package is not installed'; # check squid if (substr($key, 0, 5) == "proxy_server" && $value == "squid") { if (is_array($config['installedpackages']['squid'])) { if (!$config['installedpackages']['squid']['log_enabled']) { - $input_errors[] = 'Squid logging not enabled'; + $input_errors[]='Squid logging is not enabled'; } } else { - $input_errors[] = 'Squid package not installed'; + $input_errors[]='Squid package is not installed'; } } diff --git a/config/sarg/sarg.xml b/config/sarg/sarg.xml index 00da6470..cc5c1118 100644 --- a/config/sarg/sarg.xml +++ b/config/sarg/sarg.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>sarg</name> - <version>0.6.5</version> + <version>0.6.6</version> <title>Status: Sarg Settings</title> <include_file>/usr/local/pkg/sarg.inc</include_file> <menu> @@ -391,6 +391,9 @@ <encoding>base64</encoding> </field> </fields> + <custom_php_install_command> + sarg_package_install(); + </custom_php_install_command> <custom_php_validation_command> sarg_validate_input($_POST, $input_errors); </custom_php_validation_command> diff --git a/config/sarg/sarg_schedule.xml b/config/sarg/sarg_schedule.xml index 7bc02d10..5bd4e8fa 100644 --- a/config/sarg/sarg_schedule.xml +++ b/config/sarg/sarg_schedule.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>sargschedule</name> - <version>0.6.5</version> + <version>0.6.6</version> <title>Status: Sarg Schedules</title> <include_file>/usr/local/pkg/sarg.inc</include_file> <tabs> @@ -94,10 +94,6 @@ <fieldname>gzip</fieldname> </columnitem> <columnitem> - <fielddescr>Post Action</fielddescr> - <fieldname>action</fieldname> - </columnitem> - <columnitem> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> </columnitem> @@ -106,7 +102,6 @@ <fields> <field> <type>listtopic</type> - <fieldname>temp</fieldname> <name>Schedule Options</name> </field> <field> @@ -154,21 +149,7 @@ <required/> </field> <field> - <fielddescr>Action After Sarg</fielddescr> - <fieldname>action</fieldname> - <description>Choose an action to run after Sarg finishes.</description> - <type>select</type> - <options> - <option><name>None (default)</name><value>none</value></option> - <option><name>Rotate logs</name><value>rotate</value></option> - <option><name>Restart proxy daemon</name><value>restart</value></option> - <option><name>Rotate log and restart proxy daemon</name><value>both</value></option> - </options> - <default_value>none</default_value> - </field> - <field> <type>listtopic</type> - <fieldname>temp</fieldname> <name>Compress Options</name> </field> <field> diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index 952d50d8..bf4fcf5d 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -617,7 +617,7 @@ function squid_deinstall_command() { /* Migrate configuration from god knows which Squid package versions */ /* None of these ever existed with Squid 3.4 package and this cruft should be most likely just removed */ function squid_upgrade_config() { - global $config; + global $config, $pfs_version; /* migrate existing csv config fields */ if (is_array($config['installedpackages']['squidauth']['config'])) { $settingsauth = $config['installedpackages']['squidauth']['config'][0]; @@ -694,6 +694,27 @@ function squid_upgrade_config() { $config['installedpackages']['squidnac']['config'][0]['block_reply_mime_type'] = $settingsnac['block_reply_mime_type']; } + /* XXX: broken Captive Portal patch (Bug #5594) */ + if (isset($config['installedpackages']['squid']['config'][0]['patch_cp'])) { + if ($config['installedpackages']['squid']['config'][0]['patch_cp'] == "on") { + $cp_msg = "Patch Captive Portal feature was removed - see Bug #5594!"; + /* Attempt to restore the backup, remove it after that and unset the config option to avoid running this again in future. */ + $cp_file = '/etc/inc/captiveportal.inc'; + $backup_file = '/root/' . $pfs_version . '.captiveportal.inc.backup'; + if (file_exists($backup_file)) { + copy($backup_file, $cp_file); + $cp_msg .= "Found and restored a previous backup of {$cp_file}. Double-check its contents for sanity!"; + unlink($backup_file); + } else { + $cp_msg .= "Failed to find a backup of {$cp_file}! Get a sane copy of the file from pfSense GitHub repository!"; + } + file_notice("squid", $cp_msg, "Packages", ""); + log_error("[squid] {$cp_msg}"); + unset($cp_msg, $cp_file, $backup_file); + } + unset($config['installedpackages']['squid']['config'][0]['patch_cp']); + } + /* migrate reverse proxy settings */ squid_reverse_upgrade_config(); @@ -2001,33 +2022,6 @@ function squid_generate_rules($type) { global $config, $pfs_version; $squid_conf = $config['installedpackages']['squid']['config'][0]; - //check captive portal option - $cp_file = '/etc/inc/captiveportal.inc'; - $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); - $cp_inc = file($cp_file); - $new_cp_inc = ""; - $found_rule = 0; - foreach ($cp_inc as $line) { - $new_line = $line; - //remove applied squid patch - if (preg_match('/skipto 65314 ip/', $line)) { - $found_rule++; - $new_line = ""; - } - - if (preg_match('/255.255.255.255/', $line) && $squid_conf['patch_cp']) { - $found_rule++; - $new_line .= "\t" . '$cprules .= "add {$rulenum} skipto 65314 ip from any to {$ips} ' . $port . ' in\n";' . "\n"; - $new_line .= "\t" . '$cprules .= "add {$rulenum} skipto 65314 ip from {$ips} ' . $port . ' to any out\n";' . "\n"; - } - $new_cp_inc .= $new_line; - } - if (!file_exists('/root/' . $pfs_version . '.captiveportal.inc.backup')) { - copy($cp_file, '/root/' . $pfs_version . '.captiveportal.inc.backup'); - } - if ($found_rule > 0) { - file_put_contents($cp_file, $new_cp_inc, LOCK_EX); - } // do not install any firewall rules if Squid is disabled or used as reverse proxy only if (!squid_enabled()) { diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml index 82fe44b8..3538a5fe 100644 --- a/config/squid3/34/squid.xml +++ b/config/squid3/34/squid.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squid</name> - <version>0.4.5</version> + <version>0.4.7</version> <title>Proxy Server: General Settings</title> <include_file>/usr/local/pkg/squid.inc</include_file> <menu> @@ -324,15 +324,14 @@ </field> <field> <fielddescr>Patch Captive Portal</fielddescr> - <fieldname>patch_cp</fieldname> <description> <![CDATA[ - Enable this option to force Captive Portal to non transparent proxy users.<br/> - <strong>Note:</strong> You may need to reapply Captive Portal settings after changing this option.<br/> - <strong><span class="errmsg">Warning:</span> This alters /etc/inc/captiveportal.inc file! USE WITH CAUTION!</strong> (A backup is made available under /root directory.) + <strong><span class="errmsg">This feature was removed</span></strong> - see <a href="https://redmine.pfsense.org/issues/5594">Bug #5594</a> for details!<br/> + If you were using this feature, double-check '/etc/inc/captiveportal.inc' content for sanity.<br/> + Get a <a href="https://github.com/pfsense/pfsense/blob/RELENG_2_2/etc/inc/captiveportal.inc">sane copy of the file from pfSense GitHub repository</a> if needed. ]]> </description> - <type>checkbox</type> + <type>info</type> </field> <field> <fielddescr>Resolve DNS IPv4 First</fielddescr> |