From 1aab45a41e4f0bc3b493bac0cbd25a32bff129ac Mon Sep 17 00:00:00 2001
From: Marcello Coutinho <marcellocoutinho@gmail.com>
Date: Mon, 29 Dec 2014 23:37:56 -0200
Subject: squid3.4 - update compile args fix captive portal check_ip for 2.2
 fix ssl_bump with no authentication bump package version

---
 config/squid3/34/check_ip.php | 56 ++++++++++++++++++++++---------------------
 config/squid3/34/squid.inc    |  5 ++++
 pkg_config.10.xml             |  6 ++---
 3 files changed, 37 insertions(+), 30 deletions(-)

diff --git a/config/squid3/34/check_ip.php b/config/squid3/34/check_ip.php
index a3f07204..5865037b 100644
--- a/config/squid3/34/check_ip.php
+++ b/config/squid3/34/check_ip.php
@@ -3,7 +3,7 @@
 /* $Id$ */
 /*
 	check_ip.php
-	Copyright (C) 2013-2014 Marcello Coutinho
+	Copyright (C) 2013-2015 Marcello Coutinho
 	All rights reserved.
 
 	Redistribution and use in source and binary forms, with or without
@@ -27,6 +27,7 @@
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
 */
+require_once("config.inc");
 error_reporting(0);
 // stdin loop
 if (! defined(STDIN)) {
@@ -39,40 +40,24 @@ while( !feof(STDIN)){
         $line = trim(fgets(STDIN));
         // %SRC
 
-$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
 unset($cp_db);
-if ($pf_version > 2.0){
-	$dir="/var/db";
-	$files=scandir($dir);
-	foreach ($files as $file){
-		if (preg_match("/captive.*db/",$file)){
-			$dbhandle = sqlite_open("$dir/$file", 0666, $error);
-			if ($dbhandle){
-				$query = "select * from captiveportal";
-				$result = sqlite_array_query($dbhandle, $query, SQLITE_ASSOC);
-				if ($result){
-					foreach ($result as $rownum => $row){
-						$cp_db[$rownum]=implode(",",$row);
-						}
-					sqlite_close($dbhandle);
-					}
-				}
+$files=scandir($g['vardb_path']);
+foreach ($files as $file){
+	if (preg_match("/captive.*db/",$file)){
+		$result=squid_cp_read_db("{$g['vardb_path']}/{$file}");
+		foreach ($result as $rownum => $row){
+			$cp_db[$rownum]=implode(",",$row);
 			}
-        }
+		}
 	}
-else{
-       $filename="/var/db/captiveportal.db";
-       if (file_exists($filename))
-        	$cp_db=file($filename);
-}
 
         $usuario="";
-        // 1376630450,2,172.16.3.65,00:50:56:9c:00:c7,admin,e1779ea20d0a11c7,,,,
+        //1419045939,1419045939,2000,2000,192.168.10.11,192.168.10.11,08:00:27:5c:e1:ee,08:00:27:5c:e1:ee,marcello,marcello,605a1f46e2d64556,605a1f46e2d64556,,,,,,,,,,,first,first
         if (is_array($cp_db)){
 	        foreach ($cp_db as $cpl){
 	        	$fields=explode(",",$cpl);
-	        	if ($fields[2] != "" && $fields[2]==$line)
-	        		$usuario=$fields[4];
+	        	if ($fields[4] != "" && $fields[4]==$line)
+	        		$usuario=$fields[8];
 	        }
         }
         if ($usuario !="")
@@ -82,5 +67,22 @@ else{
         fwrite (STDOUT, "{$resposta}\n");
         unset($cp_db);
 }
+
+/* read captive portal DB into array */
+function squid_cp_read_db($file) {
+	$cpdb = array();
+	$DB = new SQLite3($file);
+	if ($DB) {
+		$response = $DB->query("SELECT * FROM captiveportal");
+		if ($response != FALSE) {
+			while ($row = $response->fetchArray())
+				$cpdb[] = $row;
+		}
+		$DB->close();
+	}
+
+	return $cpdb;
+}
+
 ?>
 
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc
index a2917515..0e5a173c 100755
--- a/config/squid3/34/squid.inc
+++ b/config/squid3/34/squid.inc
@@ -1698,6 +1698,11 @@ function squid_resync_auth() {
 			$conf .="http_access deny sglog\n";
 	}
 	if ($auth_method == 'none'  ) {
+		// SSL interception acl options part 2 without authentication
+		if ($settingsconfig['ssl_proxy'] == "on"){
+			$conf .= "always_direct allow all\n";
+			$conf .= "ssl_bump server-first all\n";
+			}
 		$conf .="# Setup allowed acls\n";
 		$allowed = array('allowed_subnets');
 		if ($settingsconfig['allow_interface'] == 'on') {
diff --git a/pkg_config.10.xml b/pkg_config.10.xml
index 700110c6..7673661f 100644
--- a/pkg_config.10.xml
+++ b/pkg_config.10.xml
@@ -904,11 +904,11 @@
 		<internal_name>squid</internal_name>
 		<descr><![CDATA[High performance web proxy cache.<br />
 			It combines squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.<br />
-			It includes an Exchange-Web-Access (OWA) Assistant.]]></descr>
+			It includes an Exchange-Web-Access (OWA) Assistant, ssl filtering and antivirus integration via i-cap]]></descr>
 		<pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink>
 		<website>http://www.squid-cache.org/</website>
 		<category>Network</category>
-		<version>3.4.10_2 pkg 0.2</version>
+		<version>3.4.10_2 pkg 0.2.1</version>
 		<status>beta</status>
 		<required_version>2.2</required_version>
 		<maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>
@@ -917,7 +917,7 @@
 			<port>www/squid</port>
 			<ports_after>www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss www/c-icap-modules</ports_after>
 		</build_pbi>
-		<build_options>c-icap_UNSET_FORCE=IPV6;squid_UNSET_FORCE=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES AUTH_SASL;squid_SET_FORCE=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options>
+		<build_options>squid_UNSET_FORCE=AUTH_SASL AUTH_SMB AUTH_SQL DEBUG  DNS_HELPER  ESI FS_ROCK TP_IPF NETTLE  STACKTRACES VIA_DB  DOCS EXAMPLES;squid_SET_FORCE=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS DELAY_POOLS ECAP FOLLOW_XFF FS_AUFS FS_DISKD HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SNMP SSL SSL_CRTD LAX_HTTP TP_IPFW TP_PF WCCP WCCPV2 CACHE_DIGESTS</build_options>
 		<config_file>https://packages.pfsense.org/packages/config/squid3/34/squid.xml</config_file>
 		<configurationfile>squid.xml</configurationfile>
 		<depends_on_package_pbi>squid-3.4.10_2-##ARCH##.pbi</depends_on_package_pbi>
-- 
cgit v1.2.3