diff options
Diffstat (limited to 'config')
-rwxr-xr-x | config/squid3/34/squid.inc | 78 | ||||
-rw-r--r-- | config/squid3/34/squid.xml | 10 | ||||
-rw-r--r-- | config/squid3/34/squid_antivirus.inc | 170 | ||||
-rwxr-xr-x | config/squid3/34/squid_antivirus.xml | 4 | ||||
-rw-r--r-- | config/squid3/34/squid_antivirus_status.inc | 7 | ||||
-rw-r--r-- | config/squid3/34/squid_antivirus_status.widget.php | 176 | ||||
-rwxr-xr-x | config/squid3/34/squid_cache.xml | 15 | ||||
-rw-r--r-- | config/squid3/34/squid_js.inc | 3 | ||||
-rwxr-xr-x | config/squid3/34/squid_reverse.inc | 53 |
9 files changed, 404 insertions, 112 deletions
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index cbb24a04..07d1da26 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -324,10 +324,22 @@ function squid_install_cron($should_install) { } $cron_cmd = SQUID_BASE . "/sbin/squid -k rotate -f " . SQUID_CONFFILE; + /* + * This is here to prevent Squid from filling disk completely on misconfigured boxes. + * When 'Hard Disk Cache System' is set to null, the script silently returns, no need to check here. + * Otherwise, swapstate_check.php will only clear the disk cache on the following conditions: + * - if the swap.state file is taking up more than 75% of disk space, + * - or the drive is 90% full and swap.state is larger than 1GB. + */ + $swapstate_cmd = "/usr/local/pkg/swapstate_check.php"; if (($should_install) && (squid_enabled())) { + log_error("[squid] Adding cronjobs ..."); install_cron_job("{$cron_cmd}", $should_install, "0", "0", "*", "*", "*", "root"); + install_cron_job("{$swapstate_cmd}", $should_install, "15", "0", "*", "*", "*", "root"); } else { + log_error("[squid] Removing cronjobs ..."); install_cron_job("{$cron_cmd}", false); + install_cron_job("{$swapstate_cmd}", false); } } @@ -607,6 +619,7 @@ function squid_deinstall_command() { /* Migrate configuration from god knows which Squid package versions */ /* None of these ever existed with Squid 3.4 package and this cruft should be most likely just removed */ function squid_upgrade_config() { + global $config; /* migrate existing csv config fields */ if (is_array($config['installedpackages']['squidauth']['config'])) { $settingsauth = $config['installedpackages']['squidauth']['config'][0]; @@ -679,63 +692,11 @@ function squid_upgrade_config() { $config['installedpackages']['squidnac']['config'][0]['block_reply_mime_type'] = $settingsnac['block_reply_mime_type']; } - /* migrate reverse settings */ - if (is_array($config['installedpackages']['squidreverse'])) { - $old_reverse_settings = $config['installedpackages']['squidreverse']['config'][0]; - - // settings - if (!is_array($config['installedpackages']['squidreversegeneral'])) { - $config['installedpackages']['squidreversegeneral']['config'][0] = $old_reverse_settings; - unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_cache_peer']); - unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_uri']); - unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_acl']); - } - - // peers - if (!is_array($config['installedpackages']['squidreversepeer'])) { - foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_cache_peer'])) as $cache_peers) { - foreach (explode(";", $cache_peers) as $cache_peer) { - $config['installedpackages']['squidreversepeer']['config'][] = array( - 'description' => 'migrated', - 'enable' => 'on', - 'name' => $cache_peer[0], - 'port' => $cache_peer[1], - 'protocol' => $cache_peer[2] - ); - } - } - } - - // mappings - if (!is_array($config['installedpackages']['squidreverseuri'])) { - foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_acl'])) as $acls) { - foreach (explode(";", $acls) as $acl) { - array_push(${'peer_'.$acl[0]}, $acl[1]); - } - } - foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_uri'])) as $uris) { - foreach (explode(";", $uris) as $uri) { - $peer_list = (is_array(${'peer_' . $uri[0]}) ? implode(",", ${'peer_' . $uri[0]}) : ""); - $config['installedpackages']['squidreverseuri']['config'][] = array( - 'description' => 'migrated', - 'enable' => 'on', - 'name' => $uri[0], - 'uri' => $uri[1], - 'vhost' => $uri[2], - 'peers' => $peer_list - ); - } - } - } - } + /* migrate reverse proxy settings */ + squid_reverse_upgrade_config(); /* unset broken antivirus settings */ - if (is_array($config['installedpackages']['squidantivirus'])) { - unset($config['installedpackages']['squidantivirus']['config'][0]['squidclamav']); - unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']); - unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']); - unset($config['installedpackages']['squidantivirus']['config'][0]['freshclam_conf']); - } + squid_antivirus_upgrade_config(); update_output_window("Writing configuration... One moment please..."); write_config(); @@ -861,6 +822,13 @@ function squid_validate_upstream($post, &$input_errors) { /* Proxy Server: Cache Management input validation */ function squid_validate_cache($post, &$input_errors) { + /* Manually clear hard disk cache */ + if ($post['clear_cache'] == 'Clear Disk Cache NOW') { + log_error("[squid] Clear disk cache forced via GUI. Clearing cache now..."); + squid_dash_z("clean"); + return; + } + $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml index ccaca843..f0289e6e 100644 --- a/config/squid3/34/squid.xml +++ b/config/squid3/34/squid.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squid</name> - <version>0.3.9</version> + <version>0.4.0</version> <title>Proxy Server: General Settings</title> <include_file>/usr/local/pkg/squid.inc</include_file> <menu> @@ -128,6 +128,10 @@ <item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/www/widgets/include</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus_status.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/squid3/34/squid_js.inc</item> </additional_files_needed> @@ -200,6 +204,10 @@ <!-- END XML files --> <!-- START additional PHP files --> <additional_files_needed> + <prefix>/usr/local/www/widgets/widgets</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus_status.widget.php</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/</prefix> <item>https://packages.pfsense.org/packages/config/squid3/34/squid_clwarn.php</item> </additional_files_needed> diff --git a/config/squid3/34/squid_antivirus.inc b/config/squid3/34/squid_antivirus.inc index 03b9e129..9a678fa9 100644 --- a/config/squid3/34/squid_antivirus.inc +++ b/config/squid3/34/squid_antivirus.inc @@ -37,16 +37,16 @@ require_once('config.inc'); */ /* clamav user account hadling (only needed for PBI/pfSense <2.3) */ -function squid_check_clamav_user($user) { +function squid_check_clamav_user() { if (SQUID_BASE == '/usr/local') { return; - } - - $_gc = exec("/usr/sbin/pw usershow {$user}", $sq_ex_output, $sq_ex_return); - $user_arg = ($sq_ex_return == 0 ? "mod" : "add"); - $_gc = exec("/usr/sbin/pw user{$user_arg} {$user} -G wheel -u 9595 -s /sbin/nologin", $sq_ex_output, $sq_ex_return); - if ($sq_ex_return != 0) { - log_error("[squid] Could not change clamav user settings. " . serialize($sq_ex_output)); + } else { + if (!exec("/usr/sbin/pw usershow clamav")) { + mwexec("/usr/sbin/pw useradd clamav -G wheel -u 9595 -s /sbin/nologin"); + } + if (!exec("/usr/sbin/pw groupshow wheel | /usr/bin/grep clamav")) { + mwexec("/usr/sbin/pw usermod clamav -G wheel"); + } } } @@ -61,7 +61,8 @@ function squid_check_antivirus_dirs() { ); foreach ($dirs as $dir_path => $dir_user) { safe_mkdir($dir_path, 0755); - squid_chown_recursive($dir_path, $dir_user, "wheel"); + chown($dir_path, $dir_user); + chgrp($dir_path, "wheel"); } } @@ -125,7 +126,16 @@ function squid_antivirus_install_command() { symlink(SQUID_LOCALBASE . "/lib/libicapapi.so.3.0.5", "/usr/local/lib/libicapapi.so.3"); } - // check dirs + // remove dirs with possibly broken file permissions after previous versions + $dirs = array("/var/run/c-icap", "/var/log/c-icap"); + foreach ($dirs as $dir) { + if (is_dir("{$dir}")) { + mwexec("/bin/rm -rf {$dir}"); + } + } + + // create required dirs and set up clamav user if needed + squid_check_clamav_user(); squid_check_antivirus_dirs(); // remove unwanted PBI rc scripts @@ -136,6 +146,7 @@ function squid_antivirus_install_command() { /* Run on Squid package uninstall */ function squid_antivirus_deinstall_command() { + global $config, $keep; /* kill all running services */ if (is_process_running("c-icap")) { mwexec('/bin/echo -n "stop" > /var/run/c-icap/c-icap.ctl'); @@ -183,6 +194,21 @@ function squid_antivirus_deinstall_command() { } } + /* clean up user/groups if needed */ + if (SQUID_BASE == '/usr/local') { + return; + } else { + if (exec("/usr/sbin/pw groupshow wheel | /usr/bin/grep clamav")) { + mwexec("/usr/sbin/pw groupmod wheel -d clamav"); + } + if (exec("/usr/sbin/pw usershow clamav")) { + mwexec("/usr/sbin/pw userdel clamav"); + } + if (exec("/usr/sbin/pw groupshow clamav")) { + mwexec("/usr/sbin/pw groupdel clamav"); + } + } + /* check if clamav/c_icap is enabled in rc.conf.local */ // XXX: This hasn't been used since 0.3.7; to be removed in future if (file_exists("/etc/rc.conf.local")) { @@ -196,6 +222,18 @@ function squid_antivirus_deinstall_command() { } } +/* Migrate configuration from old Squid package versions */ +function squid_antivirus_upgrade_config() { + global $config; + /* unset broken antivirus settings */ + if (is_array($config['installedpackages']['squidantivirus'])) { + unset($config['installedpackages']['squidantivirus']['config'][0]['squidclamav']); + unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']); + unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']); + unset($config['installedpackages']['squidantivirus']['config'][0]['freshclam_conf']); + } +} + /* * Antivirus features configuration * @@ -219,7 +257,7 @@ function squid_antivirus_deinstall_command() { /* Proxy Server: Antivirus configuration handler */ function squid_resync_antivirus() { - global $config; + global $config, $antivirus_config; if (is_array($config['installedpackages']['squidantivirus'])) { $antivirus_config = $config['installedpackages']['squidantivirus']['config'][0]; @@ -266,7 +304,7 @@ adaptation_access service_avi_resp allow all EOF; // check clamav user and dirs - squid_check_clamav_user('clamav'); + squid_check_clamav_user(); squid_check_antivirus_dirs(); if ($antivirus_config['enable_advanced'] == "enabled") { @@ -290,15 +328,20 @@ EOF; $cf = SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf"; if (file_exists("{$cf}.pfsense")) { $sample_file = file_get_contents("{$cf}.pfsense"); + $squidclamav_m[0] = "@#This file was automatically generated by pfSense@"; + $squidclamav_r[0] = "#This file was automatically generated by pfSense WebGUI configuration"; if ($antivirus_config['clamav_safebrowsing'] == "on") { - $squidclamav_m[0] = "@safebrowsing\s0@"; - $squidclamav_r[0] = "safebrowsing 1"; + $squidclamav_m[1] = "@safebrowsing\s0@"; + $squidclamav_r[1] = "safebrowsing 1"; } if ($antivirus_config['clamav_url'] != "") { - $squidclamav_m[1] = "@redirect http@"; - $squidclamav_r[1] = "{$antivirus_config['clamav_url']}"; + $squidclamav_m[2] = "@(redirect http.*)@"; + $squidclamav_r[2] = "redirect {$antivirus_config['clamav_url']}"; + } + /* Trying to overwrite squidclamav.conf via file_put_contents() may fail when Squid is running */ + if (!file_put_contents("{$cf}", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX)) { + log_error("[squid] Could not save generated {$cf} file!"); } - file_put_contents("{$cf}", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX); } else { log_error("[squid] Template not found; could not generate '{$cf}' file!"); } @@ -310,20 +353,17 @@ EOF; if (!preg_match("/squid_clamav/", $sample_file)) { $sample_file .= "\nService squid_clamav squidclamav.so\n"; } - // XXX: Bug #4615 - if (is_array($config['installedpackages']['squid'])) { - $squidsettings = $config['installedpackages']['squid']['config'][0]; - } else { - $squidsettings = array(); + /* XXX: Bug #4615 + * Do NOT move the C-ICAP log anywhere, ever! It breaks C-ICAP in completely inexplicable ways, + * such as Error: [No Error] or 500 response codes. + */ + $cicap_m[0] = "@#This file was automatically generated by pfSense@"; + $cicap_r[0] = "#This file was automatically generated by pfSense WebGUI configuration"; + $cicap_m[1] = "@DebugLevel\s1@"; + $cicap_r[1] = "DebugLevel 0"; + if (!file_put_contents("{$cf}", preg_replace($cicap_m, $cicap_r, $sample_file), LOCK_EX)) { + log_error("[squid] Could not save generated {$cf} file!"); } - $logdir = ($squidsettings['log_dir'] ? $squidsettings['log_dir'] : '/var/squid/logs'); - $cicap_m[0] = "@DebugLevel\s1@"; - $cicap_r[0] = "DebugLevel 0"; - $cicap_m[1] = "@AccessLog /var/squid/logs/c-icap-access.log@"; - $cicap_r[1] = "AccessLog {$logdir}/c-icap-access.log"; - $cicap_m[2] = "@ServerLog /var/squid/logs/c-icap-server.log@"; - $cicap_r[2] = "ServerLog {$logdir}/c-icap-server.log"; - file_put_contents("{$cf}", preg_replace($cicap_m, $cicap_r, $sample_file), LOCK_EX); } else { log_error("[squid] Template not found; could not generate '{$cf}' file!"); } @@ -332,15 +372,19 @@ EOF; // just make a copy of pfSense template, nothing configurable via GUI options here $cf = SQUID_LOCALBASE . "/etc/c-icap/c-icap.magic"; if (file_exists("{$cf}.pfsense")) { - copy("{$cf}.pfsense", "{$cf}"); + if (!copy("{$cf}.pfsense", "{$cf}")) { + log_error("[squid] Could not save {$cf} file!"); + } } else { - log_error("[squid] Template not found; could not generate '{$cf}' file!"); + log_error("[squid] Template not found; could not save '{$cf}' file!"); } // freshclam.conf $cf = SQUID_LOCALBASE . "/etc/freshclam.conf"; if (file_exists("{$cf}.pfsense")) { $sample_file = file_get_contents("{$cf}.pfsense"); + $freshclam_m[0] = "@#This file was automatically generated by pfSense@"; + $freshclam_r[0] = "#This file was automatically generated by pfSense WebGUI configuration"; $clamav_mirrors = ""; if ($antivirus_config['clamav_dbregion'] != "") { $clamav_mirrors .= "DatabaseMirror db.{$antivirus_config['clamav_dbregion']}.clamav.net\n"; @@ -351,23 +395,29 @@ EOF; } } if ($clamav_mirrors != "") { - $freshclam_m[0] = "@#DatabaseMirror db.XY.clamav.net@"; - $freshclam_r[0] = "{$clamav_mirrors}"; + $freshclam_m[1] = "@#DatabaseMirror db.XY.clamav.net@"; + $freshclam_r[1] = "{$clamav_mirrors}"; } if ($antivirus_config['clamav_safebrowsing'] == "on") { - $freshclam_m[1] = "@#SafeBrowsing yes@"; - $freshclam_r[1] = "SafeBrowsing yes"; + $freshclam_m[2] = "@#SafeBrowsing yes@"; + $freshclam_r[2] = "SafeBrowsing yes"; + } + if (!file_put_contents("{$cf}", preg_replace($freshclam_m, $freshclam_r, $sample_file), LOCK_EX)) { + log_error("[squid] Could not save generated {$cf} file!"); } - file_put_contents("{$cf}", preg_replace($freshclam_m, $freshclam_r, $sample_file), LOCK_EX); } else { log_error("[squid] Template not found; could not generate '{$cf}' file!"); } // clamd.conf - // just make a copy of pfSense template, nothing configurable via GUI options here $cf = SQUID_LOCALBASE . "/etc/clamd.conf"; if (file_exists("{$cf}.pfsense")) { - copy("{$cf}.pfsense", "{$cf}"); + $sample_file = file_get_contents("{$cf}.pfsense"); + $clamd_m[0] = "@#This file was automatically generated by pfSense@"; + $clamd_r[0] = "#This file was automatically generated by pfSense WebGUI configuration"; + if (!file_put_contents("{$cf}", preg_replace($clamd_m, $clamd_r, $sample_file), LOCK_EX)) { + log_error("[squid] Could not save generated {$cf} file!"); + } } else { log_error("[squid] Template not found; could not generate '{$cf}' file!"); } @@ -406,8 +456,15 @@ function squid_antivirus_install_config_files() { $squidclamav_m[1] = "@/var/run/clamav/clamd.ctl@"; $squidclamav_r[1] = "/var/run/clamav/clamd.sock"; $squidclamav_m[2] = "@http\://proxy.domain.dom/cgi-bin/clwarn.cgi@"; - $squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}/squid_clwarn.php"; - file_put_contents("{$cf}.pfsense", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX); + $port = $config['system']['webgui']['port']; + if ($port == "") { + $squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}/squid_clwarn.php"; + } else { + $squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}:{$port}/squid_clwarn.php"; + } + if (!file_put_contents("{$cf}.pfsense", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX)) { + log_error("[squid] Could not save patched '{$cf}.pfsense' template file!"); + } } else { log_error("[squid] Could not patch '{$cf}' template file!"); } @@ -425,13 +482,15 @@ function squid_antivirus_install_config_files() { } $cicap_m[0] = "@# This file contains the default settings for c-icap@"; $cicap_r[0] = "#This file was automatically generated by pfSense"; + /* XXX: Bug #4615 + * Do NOT move the C-ICAP log anywhere, ever! It breaks C-ICAP in completely inexplicable ways, + * such as Error: [No Error] or 500 response codes. + */ $cicap_m[1] = "@DebugLevel\s1@"; $cicap_r[1] = "DebugLevel 0"; - $cicap_m[2] = "@AccessLog /var/log/c-icap/access.log@"; - $cicap_r[2] = "AccessLog /var/squid/logs/c-icap-access.log"; - $cicap_m[3] = "@ServerLog /var/log/c-icap/server.log@"; - $cicap_r[3] = "ServerLog /var/squid/logs/c-icap-server.log"; - file_put_contents("{$cf}.pfsense", preg_replace($cicap_m, $cicap_r, $sample_file), LOCK_EX); + if (!file_put_contents("{$cf}.pfsense", preg_replace($cicap_m, $cicap_r, $sample_file), LOCK_EX)) { + log_error("[squid] Could not save patched '{$cf}.pfsense' template file!"); + } } else { log_error("[squid] Could not patch '{$cf}' template file!"); } @@ -460,7 +519,9 @@ function squid_antivirus_install_config_files() { $clamd_r[1] = ""; $clamd_m[2] = "@#Example@"; $clamd_r[2] = ""; - file_put_contents("{$cf}.pfsense", preg_replace($clamd_m, $clamd_r, $sample_file), LOCK_EX); + if (!file_put_contents("{$cf}.pfsense", preg_replace($clamd_m, $clamd_r, $sample_file), LOCK_EX)) { + log_error("[squid] Could not save patched '{$cf}.pfsense' template file!"); + } } else { log_error("[squid] Could not patch '{$cf}' template file!"); } @@ -479,7 +540,9 @@ function squid_antivirus_install_config_files() { $freshclam_r[1] = ""; $freshclam_m[2] = "@#Example@"; $freshclam_r[2] = ""; - file_put_contents("{$cf}.pfsense", preg_replace($freshclam_m, $freshclam_r, $sample_file), LOCK_EX); + if (!file_put_contents("{$cf}.pfsense", preg_replace($freshclam_m, $freshclam_r, $sample_file), LOCK_EX)) { + log_error("[squid] Could not save patched '{$cf}.pfsense' template file!"); + } } else { log_error("[squid] - could not patch '{$cf}' template file!"); } @@ -552,7 +615,7 @@ function squid_antivirus_toggle_raw_config($state) { global $config; if ($state) { // manual configuration enabled - $opts = array("clamav_url", "clamav_safebrowsing", "clamav_update", "clamav_dbregion", "clamav_dbservers"); + $opts = array("clamav_url", "clamav_safebrowsing", "clamav_dbregion", "clamav_dbservers"); foreach ($opts as $opt) { if (isset($config['installedpackages']['squidantivirus']['config'][0][$opt])) { unset($config['installedpackages']['squidantivirus']['config'][0][$opt]); @@ -614,8 +677,11 @@ function squid_antivirus_put_raw_config($rawfiles) { /* Helper function for squid_antivirus_put_raw_config() */ function squid_antivirus_write_conffile($dir, $file, $text) { if ($file && $text) { - file_put_contents(SQUID_LOCALBASE . "/etc" . "{$dir}" . "/{$file}", preg_replace("/\r\n/", "\n", base64_decode($text)), LOCK_EX); - log_error("[squid] Saved '{$file}' configuration file."); + if (!file_put_contents(SQUID_LOCALBASE . "/etc" . "{$dir}" . "/{$file}", preg_replace("/\r\n/", "\n", base64_decode($text)), LOCK_EX)) { + log_error("[squid] Could not save '{$file}' configuration file."); + } else { + log_error("[squid] Saved '{$file}' configuration file."); + } } } @@ -692,9 +758,11 @@ function squid_restart_antivirus() { // Check clamav database if (count(glob("/var/db/clamav/*d")) == 0) { log_error("[squid] Missing /var/db/clamav/*.cvd or *.cld files. Running freshclam in background."); + log_error("[squid] Do NOT attempt to start ClamAV service until AV definitions are downloaded. Check /var/log/clamav/freshclam.log for progress information."); squid_update_clamav(); } elseif ($antivirus_config['clamav_safebrowsing'] == "on" && !is_file("/var/db/clamav/safebrowsing.cvd")) { log_error("[squid] Google Safe Browsing is enabled but missing safebrowsing.cvd definitions. Running freshclam in background."); + log_error("[squid] ClamAV will be automatically notified about the new definitions when finished. No manual action necessary."); squid_update_clamav(); } elseif ($antivirus_config['clamav_safebrowsing'] != "on" && is_file("/var/db/clamav/safebrowsing.cvd")) { log_error("[squid] Google Safe Browsing is disabled. Removing safebrowsing.cvd definitions."); diff --git a/config/squid3/34/squid_antivirus.xml b/config/squid3/34/squid_antivirus.xml index 8bcb1652..44820257 100755 --- a/config/squid3/34/squid_antivirus.xml +++ b/config/squid3/34/squid_antivirus.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squidantivirus</name> - <version>0.3.9.2</version> + <version>0.4.0</version> <title>Proxy server: Antivirus</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> @@ -289,7 +289,7 @@ <![CDATA[ squid_print_antivirus_advanced_config2(); if ($_POST['enable_advanced'] == "enabled") { - $opts = array("clamav_url", "clamav_safebrowsing", "clamav_update", "clamav_dbregion", "clamav_dbservers"); + $opts = array("clamav_url", "clamav_safebrowsing", "clamav_dbregion", "clamav_dbservers"); foreach ($opts as $opt) { if (isset($_POST[$opt])) { unset($_POST[$opt]); diff --git a/config/squid3/34/squid_antivirus_status.inc b/config/squid3/34/squid_antivirus_status.inc new file mode 100644 index 00000000..c384df73 --- /dev/null +++ b/config/squid3/34/squid_antivirus_status.inc @@ -0,0 +1,7 @@ +<?php + +//set variable for custom title +$squid_antivirus_status_title = "Squid Antivirus Status"; +$squid_antivirus_status_title_link = "squid_monitor.php"; + +?> diff --git a/config/squid3/34/squid_antivirus_status.widget.php b/config/squid3/34/squid_antivirus_status.widget.php new file mode 100644 index 00000000..41c8c2fd --- /dev/null +++ b/config/squid3/34/squid_antivirus_status.widget.php @@ -0,0 +1,176 @@ +<?php +/* + squid_antivirus_status.widget.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Serg Dvoriancev <dv_serg@mail.ru> + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once("guiconfig.inc"); +require_once("pfsense-utils.inc"); +require_once("functions.inc"); +require_once("pkg-utils.inc"); +if (file_exists("/usr/local/pkg/squid.inc")) { + require_once("/usr/local/pkg/squid.inc"); +} else { + echo "No squid.inc found. You must have Squid3 package installed to use this widget."; +} + +define('PATH_CLAMDB', '/var/db/clamav'); +define('PATH_SQUID', SQUID_BASE . '/bin/squid'); +define('PATH_AVLOG', '/var/log/c-icap/virus.log'); +global $clamd_path, $cicap_cfg_path, $img; +$clamd_path = SQUID_BASE . "/bin/clamd"; +$cicap_cfg_path = SQUID_LOCALBASE . "/bin/c-icap-config"; +$img = array(); +$img['up'] = "<img src ='data:image/gif;base64,R0lGODlhCwALAIABACPcMP///yH+FUNyZWF0ZWQgd2l0aCBUaGUgR0lNUAAh+QQBCgABACwAAAAACwALAAACFYwNpwi50eKK9NA722Puyf15GjgaBQA7' title='Service running' alt='' />"; +$img['down'] = "<img src ='data:image/gif;base64,R0lGODlhCwALAIABANwjI////yH+FUNyZWF0ZWQgd2l0aCBUaGUgR0lNUAAh+QQBCgABACwAAAAACwALAAACFowDeYvKlsCD7sXZ5Iq89kpdFshoRwEAOw==' title='Service not running' alt='' />"; + +function squid_avdb_info($filename) { + $stl = "style='padding-top: 0px; padding-bottom: 0px; padding-left: 4px; padding-right: 4px; border-left: 1px solid #999999;'"; + $r = ''; + $path = PATH_CLAMDB . "/{$filename}"; + if (file_exists($path)) { + $handle = ''; + if ($handle = fopen($path, "r")) { + $s = fread($handle, 1024); + $s = explode(':', $s); + # datetime + $dt = explode(" ", $s[1]); + $s[1] = strftime("%Y.%m.%d", strtotime("{$dt[0]} {$dt[1]} {$dt[2]}")); + if ($s[0] == 'ClamAV-VDB') { + $r .= "<tr class='listr'><td>{$filename}</td><td {$stl}>{$s[1]}</td><td {$stl}>{$s[2]}</td><td $stl>{$s[7]}</td></tr>"; + } + fclose($handle); + } + return $r; + } +} + +function squid_antivirus_bases_info() { + $db = '<table width="100%" border="0" cellspacing="0" cellpadding="1"><tbody>'; + $db .= '<tr class="vncellt" ><td>Database</td><td>Date</td><td>Version</td><td>Builder</td></tr>'; + $db .= squid_avdb_info("daily.cvd"); + $db .= squid_avdb_info("bytecode.cvd"); + $db .= squid_avdb_info("main.cvd"); + $db .= squid_avdb_info("safebrowsing.cvd"); + $db .= '</tbody></table>'; + return $db; +} + +function squid_clamav_version() { + global $clamd_path, $cicap_cfg_path, $img; + if (is_executable($clamd_path)) { + $s = (is_service_running("clamd") ? $img['up'] : $img['down']); + $version = preg_split("@/@", shell_exec("{$clamd_path} -V")); + $s .= " {$version[0]}"; + } else { + $s .= " ClamAV: N/A"; + } + if (is_executable($cicap_cfg_path)) { + $s .= " "; + $s .= (is_service_running("c-icap") ? $img['up'] : $img['down']); + $s .= " C-ICAP " . shell_exec("{$cicap_cfg_path} --version"); + } else { + $s .= " C-ICAP: N/A"; + } + if (file_exists("/usr/local/www/squid_clwarn.php")) { + preg_match("@(VERSION.*).(\d{1}).(\d{2})@", file_get_contents("/usr/local/www/squid_clwarn.php"), $squidclamav_version); + $s .= "+ SquidClamav " . str_replace("'", "", strstr($squidclamav_version[0], "'")); + } else { + $s .= "+ SquidClamav: N/A"; + } + return $s; +} + +function squid_avupdate_status() { + global $clamd_path; + $s = "N/A"; + if (is_executable($clamd_path)) { + $lastupd = preg_split("@/@", shell_exec("{$clamd_path} -V")); + $s = $lastupd[2]; + } + return $s; +} + +function squid_antivirus_statistics() { + $s = "Unknown (no log exists)"; + if (file_exists(PATH_AVLOG)) { + $log = file_get_contents(PATH_AVLOG); + $count = substr_count(strtolower($log), "virus found"); + $s = "Found {$count} virus(es) total."; + } + return $s; +} + +?> + +<table width="100%" border="0" cellspacing="0" cellpadding="0"> + <tbody> + <tr> + <td class="vncellt">Squid Version</td> + <td class="listr" width="75%"> + <?php + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + $updown = (is_service_running("squid") ? $img['up'] : $img['down']); + $squid_path = PATH_SQUID; + if ($pfs_version == "2.2") { + if (is_executable($squid_path)) { + preg_match("@(\d{1}).(\d{1}).(\d{2})@", shell_exec("{$squid_path} -v"), $squid_version); + $version = $squid_version[0]; + } + $version .= " (pkg v{$config['installedpackages']['package'][get_pkg_id("squid3")]['version']})"; + } else { + pkg_exec("query '%v' squid", $version, $err); + } + echo "{$updown} ${version}"; + ?> + </td> + </tr> + <tr> + <td class="vncellt">Antivirus Scanner</td> + <td class="listr" width="75%"> + <?php echo squid_clamav_version(); ?> + </td> + </tr> + <tr> + <td class="vncellt">Antivirus Bases</td> + <td class="listr" width="75%"> + <?php echo squid_antivirus_bases_info(); ?> + </td> + </tr> + <tr> + <td class="vncellt">Last Update</td> + <td class="listr" width="75%"> + <?php echo squid_avupdate_status(); ?> + </td> + </tr> + <tr> + <td class="vncellt">Statistics</td> + <td class="listr" width="75%"> + <?php echo squid_antivirus_statistics(); ?> + </td> + </tr> + </tbody> +</table> diff --git a/config/squid3/34/squid_cache.xml b/config/squid3/34/squid_cache.xml index ef477bb4..47471df9 100755 --- a/config/squid3/34/squid_cache.xml +++ b/config/squid3/34/squid_cache.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squidcache</name> - <version>0.3.9.2</version> + <version>0.4.0</version> <title>Proxy Server: Cache management</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> @@ -217,6 +217,19 @@ </options> </field> <field> + <fielddescr>Clear Disk Cache NOW</fielddescr> + <description> + <![CDATA[ + Hard Disk Cache is automatically managed by swapstate_check.php script which is scheduled to run daily via cron.<br/> + The script will only clear the disk cache on the following conditions:<br/> + - if the swap.state file is taking up more than 75% of disk space;<br/> + - or the drive is 90% full and swap.state is larger than 1GB.<br/><br/> + If you wish to clear cache <strong>immediately,</strong> press the <input name='clear_cache' id='clear_cache' type='submit' value='Clear Disk Cache NOW' /> button. + ]]> + </description> + <type>info</type> + </field> + <field> <fielddescr>Level 1 Directories</fielddescr> <fieldname>level1_subdirs</fieldname> <description> diff --git a/config/squid3/34/squid_js.inc b/config/squid3/34/squid_js.inc index 781b6710..e1eb2e4e 100644 --- a/config/squid3/34/squid_js.inc +++ b/config/squid3/34/squid_js.inc @@ -236,8 +236,7 @@ function on_antivirus_advanced_config_changed() { document.iform['clamav_url'].disabled = 1; document.iform['clamav_safebrowsing'].disabled = 1; document.getElementById('clamav_safebrowsing').checked = 0; - document.iform['clamav_update'].disabled = 1; - document.getElementById("clamav_update").value = ''; + document.iform['clamav_update'].disabled = 0; document.iform['clamav_dbregion'].disabled = 1; document.getElementById("clamav_dbregion").value = ''; document.iform['clamav_dbservers'].disabled = 1; diff --git a/config/squid3/34/squid_reverse.inc b/config/squid3/34/squid_reverse.inc index d69d6a01..9693b21f 100755 --- a/config/squid3/34/squid_reverse.inc +++ b/config/squid3/34/squid_reverse.inc @@ -263,6 +263,59 @@ function squid_resync_reverse() { return $conf; } +/* Migrate reverse proxy configuration from old Squid package versions */ +function squid_reverse_upgrade_config() { + global $config; + if (is_array($config['installedpackages']['squidreverse'])) { + $old_reverse_settings = $config['installedpackages']['squidreverse']['config'][0]; + + // settings + if (!is_array($config['installedpackages']['squidreversegeneral'])) { + $config['installedpackages']['squidreversegeneral']['config'][0] = $old_reverse_settings; + unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_cache_peer']); + unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_uri']); + unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_acl']); + } + + // peers + if (!is_array($config['installedpackages']['squidreversepeer'])) { + foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_cache_peer'])) as $cache_peers) { + foreach (explode(";", $cache_peers) as $cache_peer) { + $config['installedpackages']['squidreversepeer']['config'][] = array( + 'description' => 'migrated', + 'enable' => 'on', + 'name' => $cache_peer[0], + 'port' => $cache_peer[1], + 'protocol' => $cache_peer[2] + ); + } + } + } + + // mappings + if (!is_array($config['installedpackages']['squidreverseuri'])) { + foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_acl'])) as $acls) { + foreach (explode(";", $acls) as $acl) { + array_push(${'peer_'.$acl[0]}, $acl[1]); + } + } + foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_uri'])) as $uris) { + foreach (explode(";", $uris) as $uri) { + $peer_list = (is_array(${'peer_' . $uri[0]}) ? implode(",", ${'peer_' . $uri[0]}) : ""); + $config['installedpackages']['squidreverseuri']['config'][] = array( + 'description' => 'migrated', + 'enable' => 'on', + 'name' => $uri[0], + 'uri' => $uri[1], + 'vhost' => $uri[2], + 'peers' => $peer_list + ); + } + } + } + } +} + /* Reverse Proxy Server input validation */ function squid_validate_reverse($post, &$input_errors) { global $config; |