From 43e12794e668759b3e8d07857ed8b9abc0904dba Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sat, 5 Dec 2015 11:13:26 +0100 Subject: Remove the patch CP feature (Bug #5594) This "feature" has been broken for almost a year without anyone noticing; see https://redmine.pfsense.org/issues/5594 for details. Remove this junk until a saner alternative is available. System Patches is the way to go until that happens if someone really requires that. On upgrade, an attempt to restore a backup will be attempted, and appropriate notice filed (and logged). There are also GUI instructions left in place of the original checkbox. --- config/squid3/34/squid.inc | 50 ++++++++++++++++++++-------------------------- 1 file changed, 22 insertions(+), 28 deletions(-) (limited to 'config') diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index 952d50d8..bf4fcf5d 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -617,7 +617,7 @@ function squid_deinstall_command() { /* Migrate configuration from god knows which Squid package versions */ /* None of these ever existed with Squid 3.4 package and this cruft should be most likely just removed */ function squid_upgrade_config() { - global $config; + global $config, $pfs_version; /* migrate existing csv config fields */ if (is_array($config['installedpackages']['squidauth']['config'])) { $settingsauth = $config['installedpackages']['squidauth']['config'][0]; @@ -694,6 +694,27 @@ function squid_upgrade_config() { $config['installedpackages']['squidnac']['config'][0]['block_reply_mime_type'] = $settingsnac['block_reply_mime_type']; } + /* XXX: broken Captive Portal patch (Bug #5594) */ + if (isset($config['installedpackages']['squid']['config'][0]['patch_cp'])) { + if ($config['installedpackages']['squid']['config'][0]['patch_cp'] == "on") { + $cp_msg = "Patch Captive Portal feature was removed - see Bug #5594!"; + /* Attempt to restore the backup, remove it after that and unset the config option to avoid running this again in future. */ + $cp_file = '/etc/inc/captiveportal.inc'; + $backup_file = '/root/' . $pfs_version . '.captiveportal.inc.backup'; + if (file_exists($backup_file)) { + copy($backup_file, $cp_file); + $cp_msg .= "Found and restored a previous backup of {$cp_file}. Double-check its contents for sanity!"; + unlink($backup_file); + } else { + $cp_msg .= "Failed to find a backup of {$cp_file}! Get a sane copy of the file from pfSense GitHub repository!"; + } + file_notice("squid", $cp_msg, "Packages", ""); + log_error("[squid] {$cp_msg}"); + unset($cp_msg, $cp_file, $backup_file); + } + unset($config['installedpackages']['squid']['config'][0]['patch_cp']); + } + /* migrate reverse proxy settings */ squid_reverse_upgrade_config(); @@ -2001,33 +2022,6 @@ function squid_generate_rules($type) { global $config, $pfs_version; $squid_conf = $config['installedpackages']['squid']['config'][0]; - //check captive portal option - $cp_file = '/etc/inc/captiveportal.inc'; - $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); - $cp_inc = file($cp_file); - $new_cp_inc = ""; - $found_rule = 0; - foreach ($cp_inc as $line) { - $new_line = $line; - //remove applied squid patch - if (preg_match('/skipto 65314 ip/', $line)) { - $found_rule++; - $new_line = ""; - } - - if (preg_match('/255.255.255.255/', $line) && $squid_conf['patch_cp']) { - $found_rule++; - $new_line .= "\t" . '$cprules .= "add {$rulenum} skipto 65314 ip from any to {$ips} ' . $port . ' in\n";' . "\n"; - $new_line .= "\t" . '$cprules .= "add {$rulenum} skipto 65314 ip from {$ips} ' . $port . ' to any out\n";' . "\n"; - } - $new_cp_inc .= $new_line; - } - if (!file_exists('/root/' . $pfs_version . '.captiveportal.inc.backup')) { - copy($cp_file, '/root/' . $pfs_version . '.captiveportal.inc.backup'); - } - if ($found_rule > 0) { - file_put_contents($cp_file, $new_cp_inc, LOCK_EX); - } // do not install any firewall rules if Squid is disabled or used as reverse proxy only if (!squid_enabled()) { -- cgit v1.2.3 From c92e2365a7fd955800e8a38fb36f4e9458dac24d Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sat, 5 Dec 2015 11:16:33 +0100 Subject: Remove the patch CP feature (Bug #5594) GUI instructions left in place of the original checkbox. --- config/squid3/34/squid.xml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'config') diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml index 82fe44b8..3538a5fe 100644 --- a/config/squid3/34/squid.xml +++ b/config/squid3/34/squid.xml @@ -42,7 +42,7 @@ ]]> squid - 0.4.5 + 0.4.7 Proxy Server: General Settings /usr/local/pkg/squid.inc @@ -324,15 +324,14 @@ Patch Captive Portal - patch_cp - Note: You may need to reapply Captive Portal settings after changing this option.
- Warning: This alters /etc/inc/captiveportal.inc file! USE WITH CAUTION! (A backup is made available under /root directory.) + This feature was removed - see Bug #5594 for details!
+ If you were using this feature, double-check '/etc/inc/captiveportal.inc' content for sanity.
+ Get a sane copy of the file from pfSense GitHub repository if needed. ]]>
- checkbox + info
Resolve DNS IPv4 First -- cgit v1.2.3