From 43e12794e668759b3e8d07857ed8b9abc0904dba Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Sat, 5 Dec 2015 11:13:26 +0100
Subject: Remove the patch CP feature (Bug #5594)

This "feature" has been broken for almost a year without anyone noticing; see https://redmine.pfsense.org/issues/5594 for details. Remove this junk until a saner alternative is available. System Patches is the way to go until that happens if someone really requires that.

On upgrade, an attempt to restore a backup will be attempted, and appropriate notice filed (and logged). There are also GUI instructions left in place of the original checkbox.
---
 config/squid3/34/squid.inc | 50 ++++++++++++++++++++--------------------------
 1 file changed, 22 insertions(+), 28 deletions(-)

(limited to 'config')

diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc
index 952d50d8..bf4fcf5d 100755
--- a/config/squid3/34/squid.inc
+++ b/config/squid3/34/squid.inc
@@ -617,7 +617,7 @@ function squid_deinstall_command() {
 /* Migrate configuration from god knows which Squid package versions */
 /* None of these ever existed with Squid 3.4 package and this cruft should be most likely just removed */
 function squid_upgrade_config() {
-	global $config;
+	global $config, $pfs_version;
 	/* migrate existing csv config fields */
 	if (is_array($config['installedpackages']['squidauth']['config'])) {
 		$settingsauth = $config['installedpackages']['squidauth']['config'][0];
@@ -694,6 +694,27 @@ function squid_upgrade_config() {
 		$config['installedpackages']['squidnac']['config'][0]['block_reply_mime_type'] = $settingsnac['block_reply_mime_type'];
 	}
 
+	/* XXX: broken Captive Portal patch (Bug #5594) */
+	if (isset($config['installedpackages']['squid']['config'][0]['patch_cp'])) {
+		if ($config['installedpackages']['squid']['config'][0]['patch_cp'] == "on") {
+			$cp_msg = "Patch Captive Portal feature was removed - see Bug #5594!";
+			/* Attempt to restore the backup, remove it after that and unset the config option to avoid running this again in future. */
+			$cp_file = '/etc/inc/captiveportal.inc';
+			$backup_file = '/root/' . $pfs_version . '.captiveportal.inc.backup';
+			if (file_exists($backup_file)) {
+				copy($backup_file, $cp_file);
+				$cp_msg .= "Found and restored a previous backup of {$cp_file}. Double-check its contents for sanity!";
+				unlink($backup_file);
+			} else {
+				$cp_msg .= "Failed to find a backup of {$cp_file}! Get a sane copy of the file from pfSense GitHub repository!";
+			}
+			file_notice("squid", $cp_msg, "Packages", "");
+			log_error("[squid] {$cp_msg}");
+			unset($cp_msg, $cp_file, $backup_file);
+		}
+		unset($config['installedpackages']['squid']['config'][0]['patch_cp']);
+	}
+
 	/* migrate reverse proxy settings */
 	squid_reverse_upgrade_config();
 	
@@ -2001,33 +2022,6 @@ function squid_generate_rules($type) {
 	global $config, $pfs_version;
 
 	$squid_conf = $config['installedpackages']['squid']['config'][0];
-	//check captive portal option
-	$cp_file = '/etc/inc/captiveportal.inc';
-	$port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128);
-	$cp_inc = file($cp_file);
-	$new_cp_inc = "";
-	$found_rule = 0;
-	foreach ($cp_inc as $line) {
-		$new_line = $line;
-		//remove applied squid patch
-		if (preg_match('/skipto 65314 ip/', $line)) {
-			$found_rule++;
-			$new_line = "";
-		}
-
-		if (preg_match('/255.255.255.255/', $line) && $squid_conf['patch_cp']) {
-			$found_rule++;
-			$new_line .= "\t" . '$cprules .= "add {$rulenum} skipto 65314 ip from any to {$ips} ' . $port . ' in\n";' . "\n";
-			$new_line .= "\t" . '$cprules .= "add {$rulenum} skipto 65314 ip from {$ips} ' . $port . ' to any out\n";' . "\n";
-		}
-		$new_cp_inc .= $new_line;
-	}
-	if (!file_exists('/root/' . $pfs_version . '.captiveportal.inc.backup')) {
-		copy($cp_file, '/root/' . $pfs_version . '.captiveportal.inc.backup');
-	}
-	if ($found_rule > 0) {
-		file_put_contents($cp_file, $new_cp_inc, LOCK_EX);
-	}
 
 	// do not install any firewall rules if Squid is disabled or used as reverse proxy only
 	if (!squid_enabled()) {
-- 
cgit v1.2.3


From c92e2365a7fd955800e8a38fb36f4e9458dac24d Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Sat, 5 Dec 2015 11:16:33 +0100
Subject: Remove the patch CP feature (Bug #5594)

GUI instructions left in place of the original checkbox.
---
 config/squid3/34/squid.xml | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'config')

diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml
index 82fe44b8..3538a5fe 100644
--- a/config/squid3/34/squid.xml
+++ b/config/squid3/34/squid.xml
@@ -42,7 +42,7 @@
 	]]>
 	</copyright>
 	<name>squid</name>
-	<version>0.4.5</version>
+	<version>0.4.7</version>
 	<title>Proxy Server: General Settings</title>
 	<include_file>/usr/local/pkg/squid.inc</include_file>
 	<menu>
@@ -324,15 +324,14 @@
 		</field>
 		<field>
 			<fielddescr>Patch Captive Portal</fielddescr>
-			<fieldname>patch_cp</fieldname>
 			<description>
 				<![CDATA[
-				Enable this option to force Captive Portal to non transparent proxy users.<br/>
-				<strong>Note:</strong> You may need to reapply Captive Portal settings after changing this option.<br/>
-				<strong><span class="errmsg">Warning:</span> This alters /etc/inc/captiveportal.inc file! USE WITH CAUTION!</strong> (A backup is made available under /root directory.)
+				<strong><span class="errmsg">This feature was removed</span></strong> - see <a href="https://redmine.pfsense.org/issues/5594">Bug #5594</a> for details!<br/>
+				If you were using this feature, double-check '/etc/inc/captiveportal.inc' content for sanity.<br/>
+				Get a <a href="https://github.com/pfsense/pfsense/blob/RELENG_2_2/etc/inc/captiveportal.inc">sane copy of the file from pfSense GitHub repository</a> if needed.
 				]]>
 			</description>
-			<type>checkbox</type>
+			<type>info</type>
 		</field>
 		<field>
 			<fielddescr>Resolve DNS IPv4 First</fielddescr>
-- 
cgit v1.2.3