1
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php b/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php
|
2
|
index 592270b81fdee5cd74cf37d858db20e40c50d926..ebb66f0b075a6875c42bf89ee9fb63bb8926c838 100644
|
3
|
--- a/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php
|
4
|
+++ b/www/pfSense-pkg-squid/files/usr/local/bin/check_ip.php
|
5
|
@@ -24,7 +24,6 @@
|
6
|
require_once("config.inc");
|
7
|
require_once("globals.inc");
|
8
|
error_reporting(0);
|
9
|
-global $config, $g;
|
10
|
// stdin loop
|
11
|
if (!defined(STDIN)) {
|
12
|
define("STDIN", fopen("php://stdin", "r"));
|
13
|
@@ -36,20 +35,18 @@ while (!feof(STDIN)) {
|
14
|
$check_ip = preg_replace('/[^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}]/', '', fgets(STDIN));
|
15
|
$status = '';
|
16
|
|
17
|
- if (is_array($config['captiveportal'])) {
|
18
|
- foreach ($config['captiveportal'] as $cpzone => $cp) {
|
19
|
- if (isset($cp['enable'])) {
|
20
|
- $db = "{$g['vardb_path']}/captiveportal{$cpzone}.db";
|
21
|
- $status = squid_check_ip($db, $check_ip);
|
22
|
- if ($status) {
|
23
|
- break;
|
24
|
- } elseif (is_array($cp['allowedip'])) {
|
25
|
- foreach ($cp['allowedip'] as $ipent) {
|
26
|
- if (ip_in_subnet($check_ip, "{$ipent['ip']}/{$ipent['sn']}") &&
|
27
|
- (($ipent['dir'] == 'from') || ($ipent['dir'] == 'both'))) {
|
28
|
- $status = $check_ip;
|
29
|
- break 2;
|
30
|
- }
|
31
|
+ foreach (config_get_path('captiveportal', []) as $cpzone => $cp) {
|
32
|
+ if (isset($cp['enable'])) {
|
33
|
+ $db = g_get('vardb_path') . "/captiveportal{$cpzone}.db";
|
34
|
+ $status = squid_check_ip($db, $check_ip);
|
35
|
+ if ($status) {
|
36
|
+ break;
|
37
|
+ } elseif (is_array($cp['allowedip'])) {
|
38
|
+ foreach ($cp['allowedip'] as $ipent) {
|
39
|
+ if (ip_in_subnet($check_ip, "{$ipent['ip']}/{$ipent['sn']}") &&
|
40
|
+ (($ipent['dir'] == 'from') || ($ipent['dir'] == 'both'))) {
|
41
|
+ $status = $check_ip;
|
42
|
+ break 2;
|
43
|
}
|
44
|
}
|
45
|
}
|
46
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc
|
47
|
index 6122e22caa1b7934720ee1f3b9c267e99d6a528b..48f66a5fc9f520c5748c2b3c1dd67f9aaa903756 100644
|
48
|
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc
|
49
|
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc
|
50
|
@@ -1192,7 +1192,7 @@ function squid_validate_auth($post, &$input_errors) {
|
51
|
|
52
|
/* Proxy Server: General Settings configuration handler */
|
53
|
function squid_resync_general() {
|
54
|
- global $g, $valid_acls;
|
55
|
+ global $valid_acls;
|
56
|
|
57
|
if (is_array(config_get_path('installedpackages/squid'))) {
|
58
|
$settings = config_get_path('installedpackages/squid/config/0');
|
59
|
@@ -1402,7 +1402,7 @@ function squid_resync_general() {
|
60
|
}
|
61
|
$icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 0);
|
62
|
$dns_v4_first = ($settings['dns_v4_first'] == "on" ? "on" : "off");
|
63
|
- $piddir = "{$g['varrun_path']}/squid";
|
64
|
+ $piddir = g_get('varrun_path') . '/squid';
|
65
|
$pidfile = "{$piddir}/squid.pid";
|
66
|
if (!is_dir($piddir)) {
|
67
|
safe_mkdir($piddir, 0755);
|
68
|
@@ -2522,8 +2522,6 @@ if (!function_exists('pf_version')) {
|
69
|
|
70
|
/* Perform the actual XMLRPC sync */
|
71
|
function squid_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) {
|
72
|
- global $g;
|
73
|
-
|
74
|
if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") {
|
75
|
log_error("[squid] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
|
76
|
return;
|
77
|
@@ -2584,7 +2582,7 @@ function squid_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $passwor
|
78
|
$msg = new XML_RPC_Message($method, $params);
|
79
|
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
|
80
|
$cli->setCredentials($username, $password);
|
81
|
- if ($g['debug']) {
|
82
|
+ if (g_get('debug')) {
|
83
|
$cli->setDebug(1);
|
84
|
}
|
85
|
/* Send our XMLRPC message and timeout after defined sync timeout value*/
|
86
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_antivirus.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_antivirus.inc
|
87
|
index d749049ef683c10eddda3f8e72d76c59f5d16b63..6033030932903c04afe1ea1aa843004b88ad73b9 100644
|
88
|
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_antivirus.inc
|
89
|
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_antivirus.inc
|
90
|
@@ -28,13 +28,13 @@ require_once('util.inc');
|
91
|
/* This file is currently only being included in squid.inc and not used separately */
|
92
|
// require_once('squid.inc');
|
93
|
|
94
|
-global $clamav_uid, $clamav_gid, $config;
|
95
|
+global $clamav_uid, $clamav_gid;
|
96
|
$clamav_uid = "clamav";
|
97
|
$clamav_gid = "clamav";
|
98
|
|
99
|
/* If /var is in RAM, the AV database will not be persistent there and space is
|
100
|
limited, so relocate it. */
|
101
|
-if (isset($config['system']['use_mfs_tmpvar'])) {
|
102
|
+if (config_path_enabled('system', 'use_mfs_tmpvar')) {
|
103
|
define('CLAMAV_DBDIR', '/usr/local/share/clamav-db/');
|
104
|
} else {
|
105
|
define('CLAMAV_DBDIR', '/var/db/clamav/');
|
106
|
@@ -62,19 +62,13 @@ function squid_check_antivirus_dirs() {
|
107
|
|
108
|
/* Antivirus definitions updates via cron */
|
109
|
function squid_install_freshclam_cron($should_install) {
|
110
|
- global $config;
|
111
|
-
|
112
|
if (platform_booting()) {
|
113
|
return;
|
114
|
}
|
115
|
|
116
|
$freshclam_cmd = (SQUID_BASE . "/bin/freshclam --config-file=" . SQUID_BASE . "/etc/freshclam.conf");
|
117
|
if (($should_install) && (squid_enabled())) {
|
118
|
- if (is_array($config['installedpackages']['squidantivirus'])) {
|
119
|
- $antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];
|
120
|
- } else {
|
121
|
- $antivirus_config = array();
|
122
|
- }
|
123
|
+ $antivirus_config = config_get_path('installedpackages/squidantivirus/config/0', []);
|
124
|
if ($antivirus_config['clamav_update'] != "") {
|
125
|
log_error("[squid] Adding freshclam cronjob.");
|
126
|
// Randomize minutes to mitigate mirrors overload issues
|
127
|
@@ -134,17 +128,13 @@ function squid_antivirus_install_command() {
|
128
|
|
129
|
/* Run on Squid package uninstall */
|
130
|
function squid_antivirus_deinstall_command() {
|
131
|
- global $config, $keep;
|
132
|
+ global $keep;
|
133
|
/* Stop all running services, remove rc scripts and cronjobs */
|
134
|
squid_stop_antivirus();
|
135
|
mwexec("/bin/ps awux | /usr/bin/grep '[f]reshclam' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill");
|
136
|
|
137
|
/* clean up created directories if 'Keep Settings/Data' is disabled */
|
138
|
- if (is_array($config['installedpackages']['squid'])) {
|
139
|
- $squidsettings = $config['installedpackages']['squid']['config'][0];
|
140
|
- } else {
|
141
|
- $squidsettings = array();
|
142
|
- }
|
143
|
+ $squidsettings = config_get_path('installedpackages/squid/config/0', []);
|
144
|
$keep = ($squidsettings['keep_squid_data'] ? true : false);
|
145
|
|
146
|
if (!$keep) {
|
147
|
@@ -159,14 +149,11 @@ function squid_antivirus_deinstall_command() {
|
148
|
|
149
|
/* Migrate configuration from old Squid package versions */
|
150
|
function squid_antivirus_upgrade_config() {
|
151
|
- global $config;
|
152
|
/* unset broken antivirus settings */
|
153
|
- if (is_array($config['installedpackages']['squidantivirus'])) {
|
154
|
- unset($config['installedpackages']['squidantivirus']['config'][0]['squidclamav']);
|
155
|
- unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']);
|
156
|
- unset($config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']);
|
157
|
- unset($config['installedpackages']['squidantivirus']['config'][0]['freshclam_conf']);
|
158
|
- }
|
159
|
+ config_del_path('installedpackages/squidantivirus/config/0/squidclamav');
|
160
|
+ config_del_path('installedpackages/squidantivirus/config/0/icap_conf');
|
161
|
+ config_del_path('installedpackages/squidantivirus/config/0/icap_magic');
|
162
|
+ config_del_path('installedpackages/squidantivirus/config/0/freshclam_conf');
|
163
|
}
|
164
|
|
165
|
/*
|
166
|
@@ -192,19 +179,15 @@ function squid_antivirus_upgrade_config() {
|
167
|
|
168
|
/* Proxy Server: Antivirus configuration handler */
|
169
|
function squid_resync_antivirus() {
|
170
|
- global $config, $antivirus_config;
|
171
|
+ global $antivirus_config;
|
172
|
+ $conf_path = 'installedpackages/squidantivirus/config/0';
|
173
|
|
174
|
$interserver_dbs = array('interserver256.hdb', 'interservertopline.db', 'shell.ldb', 'whitelist.fp');
|
175
|
$securiteinfo_dbs = array('securiteinfo.hdb', 'securiteinfo.ign2', 'javascript.ndb', 'spam_marketing.ndb',
|
176
|
'securiteinfohtml.hdb', 'securiteinfoascii.hdb', 'securiteinfoandroid.hdb', 'securiteinfoold.hdb',
|
177
|
'securiteinfopdf.hdb');
|
178
|
$securiteinfo_prem_dbs = array('securiteinfo.mdb', 'securiteinfo0hour.hdb');
|
179
|
-
|
180
|
- if (is_array($config['installedpackages']['squidantivirus'])) {
|
181
|
- $antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];
|
182
|
- } else {
|
183
|
- $antivirus_config = array();
|
184
|
- }
|
185
|
+ $antivirus_config = config_get_path($conf_path, []);
|
186
|
|
187
|
// squid.conf antivirus integration
|
188
|
if (squid_enabled() && ($antivirus_config['enable'] == "on")) {
|
189
|
@@ -258,7 +241,7 @@ EOF;
|
190
|
}
|
191
|
}
|
192
|
// Create configuration files
|
193
|
- squid_antivirus_put_raw_config($config['installedpackages']['squidantivirus']['config'][0]);
|
194
|
+ squid_antivirus_put_raw_config(config_get_path($conf_path));
|
195
|
} else {
|
196
|
// unset raw configuration options
|
197
|
squid_antivirus_toggle_raw_config(false);
|
198
|
@@ -564,12 +547,8 @@ EOF;
|
199
|
|
200
|
/* Patch paths and settings in configuration files template for pfSense-specific values on install */
|
201
|
function squid_antivirus_install_config_files() {
|
202
|
- global $config, $clamav_uid, $clamav_gid;
|
203
|
- if (is_array($config['installedpackages']['squid'])) {
|
204
|
- $squidsettings = $config['installedpackages']['squid']['config'][0];
|
205
|
- } else {
|
206
|
- $squidsettings = array();
|
207
|
- }
|
208
|
+ global $clamav_uid, $clamav_gid;
|
209
|
+
|
210
|
// squidclamav.conf
|
211
|
// make a backup of default squidclamav.conf.sample first
|
212
|
$cf = SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf";
|
213
|
@@ -585,12 +564,10 @@ function squid_antivirus_install_config_files() {
|
214
|
$squidclamav_m[1] = "@/var/run/clamav/clamd.ctl@";
|
215
|
$squidclamav_r[1] = "/var/run/clamav/clamd.sock";
|
216
|
$squidclamav_m[2] = "@http\://proxy.domain.dom/cgi-bin/clwarn.cgi@";
|
217
|
- $port = $config['system']['webgui']['port'];
|
218
|
- if ($port == "") {
|
219
|
- $squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}/squid_clwarn.php";
|
220
|
- } else {
|
221
|
- $squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}:{$port}/squid_clwarn.php";
|
222
|
- }
|
223
|
+ $port = config_get_path('system/webgui/port');
|
224
|
+ $squidclamav_r[2] = config_get_path('system/webgui/protocol') . '://' .
|
225
|
+ config_get_path('system/hostname') . '.' . config_get_path('system/domain') .
|
226
|
+ (empty($port) ? '' : ":{$port}") . '/squid_clwarn.php';
|
227
|
$squidclamav_m[3] = "@dnslookup\s1@";
|
228
|
$squidclamav_r[3] = "dnslookup 0";
|
229
|
// This should match StreamMaxLength in clamd.conf
|
230
|
@@ -700,7 +677,6 @@ function squid_antivirus_install_config_files() {
|
231
|
|
232
|
/* Get the raw pfSense template files for manual configuration and serialize them to config.xml */
|
233
|
function squid_antivirus_get_raw_config() {
|
234
|
- global $config;
|
235
|
$loaded = false;
|
236
|
$rawfiles = array("squidclamav.conf", "c-icap.conf", "c-icap.magic", "freshclam.conf", "clamd.conf");
|
237
|
|
238
|
@@ -733,10 +709,11 @@ function squid_antivirus_get_raw_config() {
|
239
|
}
|
240
|
// get the config from the files if not set (yet) in config.xml
|
241
|
if ($confopt) {
|
242
|
+ $conf_path = 'installedpackages/squidantivirus/config/0';
|
243
|
$conffile = SQUID_LOCALBASE . "/etc" . "{$confdir}" . "/{$rawfile}.pfsense";
|
244
|
if (file_exists($conffile)) {
|
245
|
- if ($config['installedpackages']['squidantivirus']['config'][0][$confopt] == "") {
|
246
|
- $config['installedpackages']['squidantivirus']['config'][0][$confopt] = base64_encode(str_replace("\r", "", file_get_contents("{$conffile}")));
|
247
|
+ if (empty(config_get_path($conf_path . "/{$confopt}"))) {
|
248
|
+ config_set_path($conf_path . "/{$confopt}", base64_encode(str_replace("\r", "", file_get_contents("{$conffile}"))));
|
249
|
log_error("[squid] Successfully loaded '{$conffile}' configuration file");
|
250
|
$loaded = true;
|
251
|
}
|
252
|
@@ -744,7 +721,7 @@ function squid_antivirus_get_raw_config() {
|
253
|
} else {
|
254
|
squid_antivirus_install_config_files();
|
255
|
if (file_exists($conffile)) {
|
256
|
- $config['installedpackages']['squidantivirus']['config'][0][$confopt] = base64_encode(str_replace("\r", "", file_get_contents("{$conffile}")));
|
257
|
+ config_set_path($conf_path . "/{$confopt}", base64_encode(str_replace("\r", "", file_get_contents("{$conffile}"))));
|
258
|
log_error("[squid] Successfully loaded '{$conffile}' configuration file");
|
259
|
$loaded = true;
|
260
|
} else {
|
261
|
@@ -761,13 +738,13 @@ function squid_antivirus_get_raw_config() {
|
262
|
|
263
|
/* Toggle the raw config state */
|
264
|
function squid_antivirus_toggle_raw_config($state) {
|
265
|
- global $config;
|
266
|
+ $conf_path = 'installedpackages/squidantivirus/config/0';
|
267
|
if ($state) {
|
268
|
// manual configuration enabled
|
269
|
$opts = array("clamav_url", "clamav_dbregion", "clamav_dbservers");
|
270
|
foreach ($opts as $opt) {
|
271
|
- if (isset($config['installedpackages']['squidantivirus']['config'][0][$opt])) {
|
272
|
- unset($config['installedpackages']['squidantivirus']['config'][0][$opt]);
|
273
|
+ if (config_path_enabled($conf_path, $opt)) {
|
274
|
+ config_del_path($conf_path . "/{$opt}");
|
275
|
log_error("[squid] Loaded '{$opt}' raw configuration file...");
|
276
|
}
|
277
|
}
|
278
|
@@ -777,12 +754,12 @@ function squid_antivirus_toggle_raw_config($state) {
|
279
|
// manual configuration disabled
|
280
|
$opts = array("raw_squidclamav_conf", "raw_cicap_conf", "raw_cicap_magic", "raw_freshclam_conf", "raw_clamd_conf");
|
281
|
foreach ($opts as $opt) {
|
282
|
- if (isset($config['installedpackages']['squidantivirus']['config'][0][$opt])) {
|
283
|
- unset($config['installedpackages']['squidantivirus']['config'][0][$opt]);
|
284
|
+ if (config_path_enabled($conf_path, $opt)) {
|
285
|
+ config_del_path($conf_path . "/{$opt}");
|
286
|
log_error("[squid] Unloaded '{$opt}' raw configuration.");
|
287
|
}
|
288
|
}
|
289
|
- $config['installedpackages']['squidantivirus']['config'][0]['enable_advanced'] = "disabled";
|
290
|
+ config_set_path($conf_path . '/enable_advanced', 'disabled');
|
291
|
}
|
292
|
}
|
293
|
|
294
|
@@ -899,12 +876,7 @@ EOF;
|
295
|
|
296
|
/* (Re)start antivirus services if AV features are enabled */
|
297
|
function squid_restart_antivirus() {
|
298
|
- global $config;
|
299
|
- if (is_array($config['installedpackages']['squidantivirus'])) {
|
300
|
- $antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];
|
301
|
- } else {
|
302
|
- $antivirus_config = array();
|
303
|
- }
|
304
|
+ $antivirus_config = config_get_path('installedpackages/squidantivirus/config/0', []);
|
305
|
|
306
|
// reconfigure and (re)start service as needed if enabled, otherwise stop them
|
307
|
// do not (re)start antivirus services on boot
|
308
|
@@ -1011,13 +983,6 @@ function squid_stop_antivirus() {
|
309
|
/* Proxy server: Antivirus input validation */
|
310
|
/* Also handles manual AV updates and switching 'Manual Configuration' on/off */
|
311
|
function squid_validate_antivirus($post, &$input_errors) {
|
312
|
- global $config;
|
313
|
- if (is_array($config['installedpackages']['squidantivirus'])) {
|
314
|
- $antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];
|
315
|
- } else {
|
316
|
- $antivirus_config = array();
|
317
|
- }
|
318
|
-
|
319
|
/* Manual ClamAV database update */
|
320
|
if ($post['update_av'] == 'Update AV') {
|
321
|
squid_update_clamav();
|
322
|
@@ -1026,7 +991,7 @@ function squid_validate_antivirus($post, &$input_errors) {
|
323
|
|
324
|
/* Load the raw config files if manual configuration is enabled */
|
325
|
if ($post['load_advanced'] == 'Load Advanced') {
|
326
|
- $config['installedpackages']['squidantivirus']['config'][0]['enable_advanced'] = "enabled";
|
327
|
+ config_set_path('installedpackages/squidantivirus/config/0/enable_advanced', 'enabled');
|
328
|
squid_antivirus_toggle_raw_config(true);
|
329
|
return;
|
330
|
}
|
331
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_auth.xml b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_auth.xml
|
332
|
index 3c60a8cd68b870d1ed9d7690479087845f2c84c2..4c08cfe1111c09c6c557558b148a7de9758e80d1 100644
|
333
|
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_auth.xml
|
334
|
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_auth.xml
|
335
|
@@ -281,8 +281,8 @@
|
336
|
</custom_php_before_form_command>
|
337
|
<custom_php_after_head_command>
|
338
|
<![CDATA[
|
339
|
- $transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on');
|
340
|
- if ($transparent_proxy and preg_match("/(local|ldap|radius|ntlm)/", $config['installedpackages']['squidauth']['config'][0]['auth_method'])) {
|
341
|
+ $transparent_proxy = (config_get_path('installedpackages/squid/config/0/transparent_proxy') == 'on');
|
342
|
+ if ($transparent_proxy and preg_match("/(local|ldap|radius|ntlm)/", config_get_path('installedpackages/squidauth/config/0/auth_method'))) {
|
343
|
$input_errors[] = "Authentication cannot be enabled while transparent proxy mode is enabled";
|
344
|
}
|
345
|
squid_print_javascript_auth();
|
346
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_cache.xml b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_cache.xml
|
347
|
index 1dcfe7e38e04bcfc4d4c07544413ec88fc193534..efb8e59078f8aa42a6607936c96535f90c648f81 100644
|
348
|
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_cache.xml
|
349
|
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_cache.xml
|
350
|
@@ -418,8 +418,8 @@
|
351
|
<![CDATA[
|
352
|
global $oldcachedir;
|
353
|
// do not leave orphaned cachedirs if harddisk_cache_location changed
|
354
|
- if ($_POST['harddisk_cache_location'] != $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_location']) {
|
355
|
- $oldcachedir = $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_location'];
|
356
|
+ if ($_POST['harddisk_cache_location'] != config_get_path('installedpackages/squidcache/config/0/harddisk_cache_location')) {
|
357
|
+ $oldcachedir = config_get_path('installedpackages/squidcache/config/0/harddisk_cache_location');
|
358
|
if ($oldcachedir != "") {
|
359
|
$cachedir_changed = true;
|
360
|
}
|
361
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_js.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_js.inc
|
362
|
index 8e4d749c333e2bd5e9e72ce0cf4e925d47cce6d1..12d90ad7e27dd3bdfe00cde4fdf2571e17294fe2 100644
|
363
|
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_js.inc
|
364
|
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_js.inc
|
365
|
@@ -29,17 +29,8 @@ require_once('config.inc');
|
366
|
* depending on selected 'Authentication Method' value
|
367
|
*/
|
368
|
function squid_print_javascript_auth() {
|
369
|
- global $config;
|
370
|
- if (is_array($config['installedpackages']['squid'])) {
|
371
|
- $squidsettings = $config['installedpackages']['squid']['config'][0];
|
372
|
- } else {
|
373
|
- $squidsettings = array();
|
374
|
- }
|
375
|
- if (is_array($config['installedpackages']['squidauth']['config'])) {
|
376
|
- $settingsauth = $config['installedpackages']['squidauth']['config'][0];
|
377
|
- } else {
|
378
|
- $settingsauth = array();
|
379
|
- }
|
380
|
+ $squidsettings = config_get_path('installedpackages/squid/config/0', []);
|
381
|
+ $settingsauth = config_get_path('installedpackages/squidauth/config/0', []);
|
382
|
$transparent_proxy = ($squidsettings['transparent_proxy'] == 'on');
|
383
|
$auth_method = $settingsauth['auth_method'];
|
384
|
|
385
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse.inc
|
386
|
index 27cce8c68a7dfb92020a030ea3bf3163109cf891..be32cedac6d67d7fa824fdaf3fca26c8091bb528 100644
|
387
|
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse.inc
|
388
|
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse.inc
|
389
|
@@ -30,29 +30,11 @@ require_once('util.inc');
|
390
|
|
391
|
/* Reverse Proxy Server configuration handler */
|
392
|
function squid_resync_reverse() {
|
393
|
- global $config;
|
394
|
-
|
395
|
// config file
|
396
|
- if (is_array($config['installedpackages']['squidreversegeneral'])) {
|
397
|
- $settings = $config['installedpackages']['squidreversegeneral']['config'][0];
|
398
|
- } else {
|
399
|
- $settings = array();
|
400
|
- }
|
401
|
- if (is_array($config['installedpackages']['squidreversepeer'])) {
|
402
|
- $reverse_peers = $config['installedpackages']['squidreversepeer']['config'];
|
403
|
- } else {
|
404
|
- $reverse_peers = array();
|
405
|
- }
|
406
|
- if (is_array($config['installedpackages']['squidreverseuri'])) {
|
407
|
- $reverse_maps = $config['installedpackages']['squidreverseuri']['config'];
|
408
|
- } else {
|
409
|
- $reverse_maps = array();
|
410
|
- }
|
411
|
- if (is_array($config['installedpackages']['squidreverseredir'])) {
|
412
|
- $reverse_redir = $config['installedpackages']['squidreverseredir']['config'];
|
413
|
- } else {
|
414
|
- $reverse_redir = array();
|
415
|
- }
|
416
|
+ $settings = config_get_path('installedpackages/squidreversegeneral/config/0', []);
|
417
|
+ $reverse_peers = config_get_path('installedpackages/squidreversepeer/config', []);
|
418
|
+ $reverse_maps = config_get_path('installedpackages/squidreverseuri/config', []);
|
419
|
+ $reverse_redir = config_get_path('installedpackages/squidreverseredir/config', []);
|
420
|
|
421
|
$conf = "# Reverse Proxy settings\n";
|
422
|
|
423
|
@@ -387,13 +369,7 @@ function squid_resync_reverse() {
|
424
|
|
425
|
/* Refresh Client Certificate Revocation List */
|
426
|
function squid_refresh_crl() {
|
427
|
- global $config;
|
428
|
-
|
429
|
- if (is_array($config['installedpackages']['squidreversegeneral'])) {
|
430
|
- $settings = $config['installedpackages']['squidreversegeneral']['config'][0];
|
431
|
- } else {
|
432
|
- $settings = array();
|
433
|
- }
|
434
|
+ $settings = config_get_path('installedpackages/squidreversegeneral/config/0', []);
|
435
|
|
436
|
if (isset($settings['reverse_check_clientca']) && $settings['reverse_check_clientca'] == "on" && isset($settings['reverse_ssl_clientcrl']) && $settings['reverse_ssl_clientcrl'] != 'none') {
|
437
|
$crl = lookup_crl($settings['reverse_ssl_clientcrl']);
|
438
|
@@ -408,18 +384,14 @@ function squid_refresh_crl() {
|
439
|
|
440
|
/* Check whether Squid reverse proxy is enabled */
|
441
|
function squid_reverse_enabled() {
|
442
|
- global $config, $reverse_proxy_enabled;
|
443
|
+ global $reverse_proxy_enabled;
|
444
|
$reverse_proxy_enabled = false;
|
445
|
+ $conf_path = 'installedpackages/squidreversegeneral/config/0';
|
446
|
|
447
|
- if (is_array($config['installedpackages']['squidreversegeneral']['config'])) {
|
448
|
- // check whether HTTP or HTTPS reverse proxy is enabled ...
|
449
|
- if ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_http'] == "on" ||
|
450
|
- $config['installedpackages']['squidreversegeneral']['config'][0]['reverse_https'] == "on") {
|
451
|
- // ... and has at least one reverse interface configured
|
452
|
- if (!empty($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_interface'])) {
|
453
|
- $reverse_proxy_enabled = true;
|
454
|
- }
|
455
|
- }
|
456
|
+ // check whether HTTP or HTTPS reverse proxy is enabled and has at least one reverse interface configured
|
457
|
+ if ((config_get_path($conf_path . '/reverse_http') == 'on' || config_get_path($conf_path . '/reverse_https') == 'on') &&
|
458
|
+ !empty(config_get_path($conf_path . '/reverse_interface'))) {
|
459
|
+ $reverse_proxy_enabled = true;
|
460
|
}
|
461
|
|
462
|
return $reverse_proxy_enabled;
|
463
|
@@ -427,37 +399,40 @@ function squid_reverse_enabled() {
|
464
|
|
465
|
/* Migrate reverse proxy configuration from old Squid package versions */
|
466
|
function squid_reverse_upgrade_config() {
|
467
|
- global $config;
|
468
|
- if (is_array($config['installedpackages']['squidreverse'])) {
|
469
|
- $old_reverse_settings = $config['installedpackages']['squidreverse']['config'][0];
|
470
|
-
|
471
|
+ $conf_path_settings = 'installedpackages/squidreversegeneral/config/0';
|
472
|
+ $conf_path_reverse_peers = 'installedpackages/squidreversepeer/config';
|
473
|
+ $conf_path_reverse_maps = 'installedpackages/squidreverseuri/config';
|
474
|
+ $reverse_peers = config_get_path($conf_path_reverse_peers, []);
|
475
|
+ $reverse_maps = config_get_path($conf_path_reverse_maps, []);
|
476
|
+ $old_reverse_settings = config_get_path('installedpackages/squidreverse/config/0');
|
477
|
+
|
478
|
+ if (is_array(config_get_path('installedpackages/squidreverse'))) {
|
479
|
// settings
|
480
|
- if (!is_array($config['installedpackages']['squidreversegeneral'])) {
|
481
|
- init_config_arr(array('installedpackages', 'squidreversegeneral', 'config'));
|
482
|
- $config['installedpackages']['squidreversegeneral']['config'][0] = $old_reverse_settings;
|
483
|
- unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_cache_peer']);
|
484
|
- unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_uri']);
|
485
|
- unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_acl']);
|
486
|
+ if (!is_array(config_get_path('installedpackages/squidreversegeneral'))) {
|
487
|
+ config_set_path($conf_path_settings, $old_reverse_settings);
|
488
|
+ config_del_path($conf_path_settings . '/reverse_cache_peer');
|
489
|
+ config_del_path($conf_path_settings . '/reverse_uri');
|
490
|
+ config_del_path($conf_path_settings . '/reverse_acl');
|
491
|
}
|
492
|
|
493
|
// peers
|
494
|
- if (!is_array($config['installedpackages']['squidreversepeer'])) {
|
495
|
+ if (!is_array(config_get_path('installedpackages/squidreversepeer'))) {
|
496
|
foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_cache_peer'])) as $cache_peers) {
|
497
|
foreach (explode(";", $cache_peers) as $cache_peer) {
|
498
|
- init_config_arr(array('installedpackages', 'squidreversepeer', 'config'));
|
499
|
- $config['installedpackages']['squidreversepeer']['config'][] = array(
|
500
|
+ $reverse_peers[] = array(
|
501
|
'description' => 'migrated',
|
502
|
'enable' => 'on',
|
503
|
'name' => $cache_peer[0],
|
504
|
'port' => $cache_peer[1],
|
505
|
'protocol' => $cache_peer[2]
|
506
|
);
|
507
|
+ config_set_path($conf_path_reverse_peers, $reverse_peers);
|
508
|
}
|
509
|
}
|
510
|
}
|
511
|
|
512
|
// mappings
|
513
|
- if (!is_array($config['installedpackages']['squidreverseuri'])) {
|
514
|
+ if (!is_array(config_get_path('installedpackages/squidreverseuri'))) {
|
515
|
foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_acl'])) as $acls) {
|
516
|
foreach (explode(";", $acls) as $acl) {
|
517
|
array_push(${'peer_'.$acl[0]}, $acl[1]);
|
518
|
@@ -466,8 +441,7 @@ function squid_reverse_upgrade_config() {
|
519
|
foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_uri'])) as $uris) {
|
520
|
foreach (explode(";", $uris) as $uri) {
|
521
|
$peer_list = (is_array(${'peer_' . $uri[0]}) ? implode(",", ${'peer_' . $uri[0]}) : "");
|
522
|
- init_config_arr(array('installedpackages', 'squidreverseuri', 'config'));
|
523
|
- $config['installedpackages']['squidreverseuri']['config'][] = array(
|
524
|
+ $reverse_maps[] = array(
|
525
|
'description' => 'migrated',
|
526
|
'enable' => 'on',
|
527
|
'name' => $uri[0],
|
528
|
@@ -475,6 +449,7 @@ function squid_reverse_upgrade_config() {
|
529
|
'vhost' => $uri[2],
|
530
|
'peers' => $peer_list
|
531
|
);
|
532
|
+ config_set_path($conf_path_reverse_maps, $reverse_maps);
|
533
|
}
|
534
|
}
|
535
|
}
|
536
|
@@ -483,8 +458,6 @@ function squid_reverse_upgrade_config() {
|
537
|
|
538
|
/* Reverse Proxy Server input validation */
|
539
|
function squid_validate_reverse($post, &$input_errors) {
|
540
|
- global $config;
|
541
|
-
|
542
|
/* Manually refresh client CRL */
|
543
|
if ($post['refresh_crl'] == 'Refresh CRL') {
|
544
|
log_error("[squid] Client Certificate Revocation List refresh forced via GUI. Refreshing now...");
|
545
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_general.xml b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_general.xml
|
546
|
index 33b9c160de005db09ab0f6034710090a0654cc18..4bfa0a90a97027bcecdffb4f793b63ba1aec4b1d 100644
|
547
|
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_general.xml
|
548
|
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_general.xml
|
549
|
@@ -277,7 +277,7 @@
|
550
|
]]>
|
551
|
</description>
|
552
|
<type>select_source</type>
|
553
|
- <source><![CDATA[$config['crl']]]></source>
|
554
|
+ <source><![CDATA[config_get_path('crl')]]></source>
|
555
|
<source_name>descr</source_name>
|
556
|
<source_value>refid</source_value>
|
557
|
<show_disable_value>none</show_disable_value>
|
558
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_uri.xml b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_uri.xml
|
559
|
index 7cec1c10ad7a29d691471aa628be9a867589d794..c00a7c76b35513515604a735dd4cdfaa957afade 100644
|
560
|
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_uri.xml
|
561
|
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid_reverse_uri.xml
|
562
|
@@ -115,7 +115,7 @@
|
563
|
]]>
|
564
|
</description>
|
565
|
<type>select_source</type>
|
566
|
- <source>$config['installedpackages']['squidreversepeer']['config']</source>
|
567
|
+ <source>config_get_path('installedpackages/squidreversepeer/config')</source>
|
568
|
<source_name>name</source_name>
|
569
|
<source_value>name</source_value>
|
570
|
<multiple/>
|
571
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/swapstate_check.php b/www/pfSense-pkg-squid/files/usr/local/pkg/swapstate_check.php
|
572
|
index 65ddfb9215823b48c7ea2bd378a26134003da914..cf5e4402c76e045be7e452daf5ef85221ec95e09 100644
|
573
|
--- a/www/pfSense-pkg-squid/files/usr/local/pkg/swapstate_check.php
|
574
|
+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/swapstate_check.php
|
575
|
@@ -22,9 +22,8 @@
|
576
|
require_once('config.inc');
|
577
|
require_once('util.inc');
|
578
|
require_once('squid.inc');
|
579
|
-global $config;
|
580
|
|
581
|
-$settings = $config['installedpackages']['squidcache']['config'][0];
|
582
|
+$settings = config_get_path('installedpackages/squidcache/config/0');
|
583
|
// Only check the cache if Squid is actually caching.
|
584
|
// If there is no cache then quietly do nothing.
|
585
|
// If cache dir is located outside of /var/squid hierarchy, log some instructions.
|
586
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php b/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php
|
587
|
index 8f8b3bef08bbed6fda3ac5960a35b55cd6438745..4e156065349d22bf1b58d5dafaae9125586c6ed3 100644
|
588
|
--- a/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php
|
589
|
+++ b/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php
|
590
|
@@ -29,10 +29,11 @@ if ($_POST) {
|
591
|
// Actions
|
592
|
$filter = preg_replace('/(@|!|>|<)/', "", htmlspecialchars($_POST['strfilter']));
|
593
|
$program = strtolower($_POST['program']);
|
594
|
+ $conf_path = 'installedpackages/squid/config/0/log_dir';
|
595
|
switch ($program) {
|
596
|
case 'squid':
|
597
|
// Define log file
|
598
|
- $log = $config['installedpackages']['squid']['config'][0]['log_dir'].'/access.log';
|
599
|
+ $log = config_get_path($conf_path) . '/access.log';
|
600
|
// Show table headers
|
601
|
show_tds(array("Date", "IP", "Status", "Address", "User", "Destination"));
|
602
|
// Fetch lines
|
603
|
@@ -67,7 +68,7 @@ if ($_POST) {
|
604
|
break;
|
605
|
case 'squid_cache';
|
606
|
// Define log file
|
607
|
- $log = $config['installedpackages']['squid']['config'][0]['log_dir'].'/cache.log';
|
608
|
+ $log = config_get_path($conf_path) . '/cache.log';
|
609
|
// Show table headers
|
610
|
show_tds(array("Date-Time", "Message"));
|
611
|
// Fetch lines
|
612
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/www/status_squid.php b/www/pfSense-pkg-squid/files/usr/local/www/status_squid.php
|
613
|
index cbd2436ff4e8bd72aa30e0cf540c0e0a7683fa76..2cfb4b8e70cd41948b77ae955acd2e56f2b3aa91 100644
|
614
|
--- a/www/pfSense-pkg-squid/files/usr/local/www/status_squid.php
|
615
|
+++ b/www/pfSense-pkg-squid/files/usr/local/www/status_squid.php
|
616
|
@@ -51,11 +51,9 @@ if ($_REQUEST["menu"] == "reverse") {
|
617
|
display_top_tabs($tab_array);
|
618
|
|
619
|
function squid_status() {
|
620
|
- global $config;
|
621
|
-
|
622
|
if (is_service_running('squid')) {
|
623
|
init_config_arr(array('installedpackages', 'squidcache','config'));
|
624
|
- $proxy_ifaces = explode(",", $config['installedpackages']['squid']['config'][0]['active_interface']);
|
625
|
+ $proxy_ifaces = explode(",", config_get_path('installedpackages/squid/config/0/active_interface', ''));
|
626
|
foreach ($proxy_ifaces as $iface) {
|
627
|
if (get_interface_ip($iface)) {
|
628
|
$ip = get_interface_ip($iface);
|
629
|
diff --git a/www/pfSense-pkg-squid/files/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php b/www/pfSense-pkg-squid/files/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php
|
630
|
index ce65e1f03e1a3c1d4e1fed9f660efb9876eadc7c..a070dd73c32fddd585b84cd01bc426a24638e76d 100644
|
631
|
--- a/www/pfSense-pkg-squid/files/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php
|
632
|
+++ b/www/pfSense-pkg-squid/files/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php
|
633
|
@@ -31,7 +31,7 @@ if (file_exists("/usr/local/pkg/squid.inc")) {
|
634
|
echo "No squid.inc found. You must have Squid package installed to use this widget.";
|
635
|
}
|
636
|
|
637
|
-if (isset($config['system']['use_mfs_tmpvar'])) {
|
638
|
+if (config_path_enabled('system', 'use_mfs_tmpvar')) {
|
639
|
define('PATH_CLAMDB', '/usr/local/share/clamav-db/');
|
640
|
} else {
|
641
|
define('PATH_CLAMDB', '/var/db/clamav/');
|
642
|
@@ -44,7 +44,7 @@ $img = array();
|
643
|
$img['up'] = '<i class="fa fa-level-up text-success" title="Service running"></i>';
|
644
|
$img['down'] = '<i class="fa fa-level-down text-danger" title="Service not running"></i>';
|
645
|
// Update once per minute by default, instead of every 10 seconds
|
646
|
-$widgetperiod = isset($config['widgets']['period']) ? $config['widgets']['period'] * 1000 * 6 : 60000;
|
647
|
+$widgetperiod = config_path_enabled('widgets', 'period') ? config_get_path('widgets/period') * 1000 * 6 : 60000;
|
648
|
|
649
|
function squid_avdb_info($filename) {
|
650
|
$stl = "style='padding-top: 0px; padding-bottom: 0px; padding-left: 4px; padding-right: 4px; border-left: 1px solid #999999;'";
|