initial commit of file from CVS for e-smith-proxy on Wed 12 Jul 09:06:18 BST 2023

This commit is contained in:
Brian Read 2023-07-12 09:06:18 +01:00
parent 1041715762
commit a376640216
68 changed files with 1794 additions and 2 deletions

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
*.rpm
*.log
*spec-20*
*.tar.xz

21
Makefile Normal file
View File

@ -0,0 +1,21 @@
# Makefile for source rpm: e-smith-proxy
# $Id: Makefile,v 1.1 2016/02/05 21:48:49 stephdl Exp $
NAME := e-smith-proxy
SPECFILE = $(firstword $(wildcard *.spec))
define find-makefile-common
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef
MAKEFILE_COMMON := $(shell $(find-makefile-common))
ifeq ($(MAKEFILE_COMMON),)
# attept a checkout
define checkout-makefile-common
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
endef
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
endif
include $(MAKEFILE_COMMON)

View File

@ -1,3 +1,17 @@
# e-smith-proxy
# <img src="https://www.koozali.org/images/koozali/Logo/Png/Koozali_logo_2016.png" width="25%" vertical="auto" style="vertical-align:bottom"> e-smith-proxy
SMEServer Koozali developed git repo for e-smith-proxy smeserver
SMEServer Koozali developed git repo for e-smith-proxy smeserver
## Wiki
<br />https://wiki.koozali.org/
## Bugzilla
Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-proxy&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
## Description
<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
*Once it has been checked, then this comment will be deleted*
<br />
The e-smith-Proxy software is a powerful Linux-based server that provides a secure and reliable platform for hosting web sites. It is designed to be highly customizable and can be used to host a variety of services, from web sites to email and file sharing. It is an excellent choice for businesses and organizations that need a reliable, secure and powerful server hosting solution. It is easy to set up and manage, and can be used for a wide range of purposes. With its robust security and scalability capabilities, e-smith-Proxy is a great option for hosting web sites.

340
additional/COPYING Normal file
View File

@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) 19yy <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) 19yy name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

1
contriborbase Normal file
View File

@ -0,0 +1 @@
sme10

60
createlinks Normal file
View File

@ -0,0 +1,60 @@
#! /usr/bin/perl -w
use esmith::Build::CreateLinks qw(:all);
my $event;
foreach $event (qw(
console-save
bootstrap-console-save
network-create
network-delete
proxy-update
e-smith-proxy-update
))
{
templates2events("/etc/httpd/conf/proxy/proxy.pac", $event);
templates2events("/etc/squid/squid.conf", $event);
}
foreach $event (qw(
network-create
network-delete
console-save
proxy-update
e-smith-proxy-update
))
{
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/squid");
}
foreach $event (qw(
proxy-update
e-smith-proxy-update
))
{
templates2events("/etc/rc.d/init.d/masq", "$event");
templates2events("/etc/crontab", "$event");
templates2events("/etc/dhcpd.conf", "$event");
safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/masq");
}
# Symlink for the cgi.
panel_link("proxy", "manager");
#--------------------------------------------------
# specific actions for e-smith-proxy-update event
#--------------------------------------------------
$event = "e-smith-proxy-update";
templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
templates2events("/usr/lib/systemd/system/squid.service.d/50koozali.conf", $event);
event_link("systemd-reload", $event, "89");
foreach $event (qw(
post-install
post-upgrade
))
{
templates2events("/usr/lib/systemd/system/squid.service.d/50koozali.conf", $event);
}

775
e-smith-proxy.spec Normal file
View File

@ -0,0 +1,775 @@
# $Id: e-smith-proxy.spec,v 1.13 2023/02/06 05:06:15 jpp Exp $
Summary: e-smith server and gateway - proxy module
%define name e-smith-proxy
Name: %{name}
%define version 5.6.0
%define release 13
Version: %{version}
Release: %{release}%{?dist}
License: GPL
Group: Networking/Daemons
Source: %{name}-%{version}.tar.xz
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
BuildArchitectures: noarch
Requires: e-smith-base
Requires: squid
Requires: e-smith-lib >= 1.15.1-19
Requires: iptables
Requires: e-smith-formmagick >= 1.4.0-9
Requires: e-smith-apache >= 2.6.0-19
Requires: e-smith-email >= 5.2.0-5
BuildRequires: e-smith-devtools
Obsoletes: e-smith-transproxy
AutoReqProv: no
%description
e-smith server and gateway software - proxy module.
%changelog
* Wed Jul 12 2023 cvs2git.sh aka Brian Read <brianr@koozali.org> 5.6.0-13.sme
- Roll up patches and move to git repo [SME: 12338]
* Wed Jul 12 2023 BogusDateBot
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
by assuming the date is correct and changing the weekday.
* Mon Feb 06 2023 Jean-Philippe Pialasse <tests@pialasse.com> 5.6.0-12.sme
- fix issues where pid file is not removed [SME: 11454]
* Sun Apr 17 2022 Jean-Philippe Pialasse <tests@pialasse.com> 5.6.0-11.sme
- use httpd 2.4 access control syntax [SME: 11944]
* Thu Oct 21 2021 Jean-Philippe Pialasse <tests@pialasse.com> 5.6.0-10.sme
- fix squid starting before network [SME: 11713]
also dropin file not expanded on install fixed
* Tue Mar 16 2021 Jean-Philippe Pialasse <tests@pialasse.com> 5.6.0-9.sme
- cleanup in /etc/rc.d and /var/service/squid [SME: 9692]
* Thu Dec 10 2020 Michel Begue <mab974@gmail.com> 2.6.0-8.sme
- fix actions for e-smith-proxy-update event [SME: 11116]
- add intercept for squid [SME: 9419]
* Mon Nov 30 2020 Michel Begue <mab974@gmail.com> 2.6.0-7.sme
- move squid service to systemd [SME: 11116]
- add e-smith-proxy-update event [SME: 11151]
- fix bogus dates here
* Wed Apr 12 2017 Jean-Philipe Pialasse <tests@pialasse.com> 5.6.0-6.sme
- fix disabling smtp proxy via SM doesn't work [SME: 9639]
* Mon Apr 10 2017 Jean-Philipe Pialasse <tests@pialasse.com> 5.6.0-5.sme
- redirect squid syslog messages to /var/log/squid/squid.log [SME: 79]
* Thu Jan 5 2017 Daniel Berteaud <daniel@firewall-services.com> 5.6.0-4.sme
- Allow custom file descriptor limit, and set default to 4096 [SME: 9912]
* Thu May 12 2016 Daniel Berteaud <daniel@firewall-services.com> 5.6.0-3.sme
- Rebuild for [SME: 9393]
* Thu Mar 31 2016 Jean-Philipe Pialasse <tests@pialasse.com> 5.6.0-2.sme
- remove deprecated acl manager proto cache_object [SME: 9410]
* Fri Feb 05 2016 stephane de Labrusse <stephdl@de-labrusse.fr> 5.6.0-1.sme
- Initial release to sme10
* Tue Apr 14 2015 Daniel Berteaud <daniel@firewall-services.com> 5.4.0-4.sme
- Prevent forwarding loop when talking directly to squid port [SME: 8907]
* Thu Jan 30 2014 chris burnat <devlist@burnat.com> 5.4.0-3.sme
- Modify template to allow Squid proxy https access to ports other than 443,563 using db command [sme:8161]
- Codes by John Bennett
* Mon Feb 18 2013 Daniel Berteaud <daniel@firewall-services.com> 5.4.0-2.sme
- Adjust squid config syntax [SME: 7250]
* Wed Feb 13 2013 Shad L. Lords <slords@mail.com> 5.4.0-1.sme
- Roll new stream for sme9
- Perl modules moved to /usr/share/perl5/vendor_perl [SME: 7223]
* Fri Sep 23 2011 Jonathan Martens <smeserver-contribs@snetram.nl> 5.2.0-5.sme
- Fix SMTP proxy wording in server-manager [SME: 6178]
* Sat Sep 25 2010 Shad L. Lords <slords@mail.com> 5.2.0-4.sme
- Fix missed enabled->transparent mapping [SME: 5574]
* Sat Sep 25 2010 Shad L. Lords <slords@mail.com> 5.2.0-3.sme
- Change enabled to transparent for mail proxy [SME: 5574]
* Thu Mar 25 2010 Federico Simoncelli <federico.simoncelli@gmail.com> 5.2.0-2.sme
- New option to block outgoing SMTP connections [SME: 5574]
* Tue Oct 7 2008 Shad L. Lords <slords@mail.com> 5.2.0-1.sme
- Roll new stream to separate sme7/sme8 trees [SME: 4633]
* Fri Aug 15 2008 Shad L. Lords <slords@mail.com> 4.14.0-15
- Fix obsolete use of esmith::db class in template fragment in sme8. [SME: 4509]
* Fri Aug 15 2008 Charlie Brady <charlie_brady@mitel.com> 4.14.0-14
- Fix obsolete use of esmith::db class in template fragment. [SME: 4509]
* Fri Feb 22 2008 Gavin Weight <gweight@gmail.com> 4.14.0-13
- Change Wpad URL to match system domain. [SME: 3512]
* Wed Feb 13 2008 Stephen Noble <support@dungog.net> 4.14.0-12
- Remove <base> tags now in general [SME: 3918]
* Sun Feb 10 2008 Stephen Noble <support@dungog.net> 4.14.0-11
- Remove duplicate <base> entries [SME: 3893]
* Thu Dec 27 2007 Stephen Noble <support@dungog.net> 4.14.0-10
- wording in panel re proxy in serveronly mode [SME: 3514]
* Thu Dec 20 2007 Shad L. Lords <slords@mail.com> 4.14.0-9
- Update squid directives for sme8 [SME: 2518]
* Fri Nov 02 2007 Gavin Weight <gweight@gmail.com> 4.14.0-8
- Add Wpad funtion to dhcpd.conf. [SME: 3512]
* Wed Aug 29 2007 Charlie Brady <charlie_brady@mitel.com> 4.14.0-7
- Bind only to local interface and loopback interface. [SME: 2658]
* Sun Apr 29 2007 Shad L. Lords <slords@mail.com>
- Clean up spec so package can be built by koji/plague
* Fri Apr 06 2007 Shad L. Lords <slords@mail.com> 4.14.0-6
- Fix owner/perms on squid.conf file [SME: 2719]
* Thu Feb 15 2007 Charlie Brady <charlie_brady@mitel.com> 4.14.0-5
- Specify the port to which squid should bind. [SME: 2476]
* Thu Jan 25 2007 Shad L. Lords <slords@mail.com> 4.14.0-4
- Expand crontab template on proxy-update [SME: 2195]
* Sat Jan 13 2007 Shad L. Lords <slords@mail.com> 4.14.0-3
- Make squid clean cache [SME: 2195]
* Thu Dec 07 2006 Shad L. Lords <slords@mail.com>
- Update to new release naming. No functional changes.
- Make Packager generic
* Wed Mar 15 2006 Charlie Brady <charlie_brady@mitel.com> 4.14.0-1
- Roll stable stream version. [SME: 1016]
* Mon Mar 13 2006 Gordon Rowell <gordonr@gormand.com.au> 4.13.2-06
- Expand proxy.pac and squid.conf in proxy-update event [SME: 212]
* Wed Nov 30 2005 Gordon Rowell <gordonr@gormand.com.au> 4.13.2-05
- Bump release number only
* Wed Nov 23 2005 Charlie Brady <charlieb@e-smith.com>
- [4.13.2-04]
- Return 'return "DIRECT";' by default if squid is disabled [SF: 1310447]
* Sat Nov 5 2005 Gordon Rowell <gordonr@e-smith.com>
- [4.13.2-03]
- Return "DIRECT" by default if squid is disabled [SF: 1310447]
* Mon Oct 17 2005 Charlie Brady <charlieb@e-smith.com>
- [4.13.2-02]
- Allow squid to create a real pid file, so that "squid -k rotate"
works. PID file needs to be created in a directory owned by 'squid'
user - I've chosen /var/log/squid. [SF: 1327724]
* Fri Oct 14 2005 Gordon Rowell <gordonr@e-smith.com>
- [4.13.2-01]
- Remove L10Ns from base packages [SF: 1309520]
* Fri Oct 14 2005 Gordon Rowell <gordonr@e-smith.com>
- [4.13.1-01]
- New dev stream before relocating L10Ns
* Fri Sep 30 2005 Gordon Rowell <gordonr@e-smith.com>
- [4.13.0-40]
- Added Italian L10N - Thanks Filippo Carletti [SF: 1309266]
* Tue Sep 27 2005 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-39]
- Fix squid run script so that initialization output is also
sent to the logger. [SF: 1200402]
* Mon Sep 26 2005 Gordon Rowell <gordonr@e-smith.com>
- [4.13.0-38]
- Added German L10N - Thanks Dietmar Berteld [SF: 1293325]
* Mon Aug 29 2005 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-37]
- Remove dependency on e-smith-hosts.
* Tue Aug 2 2005 Shad Lords <slords@email.com>
- [4.13.0-36]
- Add TCPPort and access for firewall definitions [SF: 1246986]
- Add squid{TCPProxyPort} for transparent redirects [SF: 1246986]
* Mon Jul 18 2005 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-35]
- Add French translation of panel (Merci, Didier RAMBEAU). [SF: 1234928]
* Mon Jul 18 2005 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-34]
- Update to current db access APIs, in readiness for move of dbs to private
directory. [SF: 1216546 (Shad)]
* Thu Jul 14 2005 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-33]
- Change smtpfront-qmail{Proxy} -> smtpd{Proxy}. [Gordon Rowell, SF: 1212323]
* Thu Jul 14 2005 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-32]
- Disable DNS tests on startup, like the standard RH config. [SF: 1234007]
* Tue Jul 5 2005 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-31]
- Add extension_methods spec to squid.conf, to allow subversion
passthrough - see http://subversion.tigris.org/faq.html#proxy.
[SF: 1231333]
* Thu Jun 9 2005 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-30]
- Reword the initial section of the proxy panel to remove reference
to 6040 product. [Gordon SF:1201757]
- Remove -s flag in run script, to avoid sending debug messages
from squid via syslog. [SF: 1200402]
* Tue Mar 8 2005 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-29]
- Replace all restart-* and most reload-* actions with calls to 'adjust-services'.
Update e-smith-lib version dependency. [MN00065576]
- Use generic_template_expand action where possible, in place
of specific actions. Update e-smith-lib dependency. [MN00064130]
* Tue Jan 18 2005 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-28]
- Use /dev/null as pid_filename. Squid documentation lies - "none"
doesn't work. [charlieb MN00062550]
* Wed Dec 29 2004 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-27]
- Use e-smith-service for rc7.d symlink, so that "status" is respected.
[charlieb MN00061795]
* Wed Dec 29 2004 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-26]
- Better fix for logging problem. Log run script errors to /var/log/squid.run,
and let squid own and manage /var/log/squid. Remove migration fragment
which does chown/chmod. [charlieb MN00057027]
- Don't try to create a pid file - we don't have permission anyway
[charlieb MN00062550]
* Thu Nov 11 2004 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-25]
- Have multilog run as user squid, logging to /var/log/squid
(provided by squid package). [charlieb MN00057027]
* Tue Sep 28 2004 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-24]
- Remove duplicate local network in ACL. [charlieb MN00050804]
* Fri Sep 3 2004 Charlie Brady <charlieb@e-smith.com>
- [4.13.0-23]
- Clean BuildRequires. [charlieb MN00043055]
* Wed Jul 7 2004 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-22]
- Added initialization of the cache to the run script. [msoulier MN00037758]
* Thu Jun 10 2004 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-21]
- Forgot to export the change_settings function. [msoulier MN00037755]
- Made the smtp proxy toggle display conditionally on the existence of the
e-smith-email rpm. [msoulier MN00037755]
- Made proxy-restart smarter, so it stops calling stop when the service is
down. [msoulier MN00037755]
* Thu Jun 10 2004 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-20]
- Added the initial version of the code, including a proxy-update event.
[msoulier MN00037755]
* Thu Jun 10 2004 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-19]
- Moved perl -> perl5, typo in directory path. [msoulier MN00037755]
* Thu Jun 10 2004 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-18]
- Added stub for new web panel. [msoulier MN00037755]
* Tue Jun 8 2004 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-17]
- Forward port of squid disable in serveronly mode. [msoulier MN00037260]
* Tue May 4 2004 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-16]
- Fixed bad var reference. [msoulier dpar-27884]
* Thu Jan 22 2004 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-15]
- Moved proxy-start/stop from e-smith-ntp to this package. [msoulier 10929]
* Fri Dec 19 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-14]
- Fixed a migration fragment that was mangling the log permissions.
[msoulier 6449]
* Fri Dec 19 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-13]
- Specified full path to logfile, as relative path did not work as expected.
[msoulier 6449]
* Fri Dec 19 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-12]
- Changing permissions on /var/log/squid to permit smelog to use the directory
beneath. [msoulier 6449]
* Fri Dec 19 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-11]
- Explicitly creating /var/log/squid/run with correct permissions.
[msoulier 6449]
* Wed Dec 17 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-10]
- Added migration for supervise change. [msoulier 6449]
* Wed Dec 17 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-09]
- Changed ownership of /var/log/squid. [msoulier 6449]
* Mon Dec 15 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-08]
- Added multilog back, logging to /var/log/squid/run. [msoulier 6449]
* Thu Dec 11 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-07]
- Removed multilog, as it does not apply here. [msoulier 6449]
* Thu Dec 11 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-06]
- Changed log owner to smelog. [msoulier 6449]
* Wed Dec 10 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-05]
- Changed owner of squid process and log directory to user squid.
[msoulier 6449]
* Wed Dec 10 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-04]
- Fixed bug in genfilelist options. [msoulier 6449]
* Wed Dec 10 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-03]
- Fixed bug in createlinks. [msoulier 6449]
* Wed Dec 10 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-02]
- Supervising squid. [msoulier 6449]
* Wed Dec 10 2003 Michael Soulier <msoulier@e-smith.com>
- [4.13.0-01]
- rolling to dev stream - 4.13.0
* Tue Sep 9 2003 Gordon Rowell <gordonr@e-smith.com>
- [4.12.0-02]
- Disable safe_ports ACL by default. Create squid{SafePorts}
default ports list and squid{EnforceSafePorts} default to no [gordonr 9488]
* Thu Jun 26 2003 Charlie Brady <charlieb@e-smith.com>
- [4.12.0-01]
- Changing version to stable stream number - 4.12.0
* Fri May 30 2003 Michael Soulier <msoulier@e-smith.com>
- [4.11.0-09]
- Removed dangling symlink to e-smith-proxy. [msoulier 8808]
* Tue Apr 29 2003 Tony Clayton <apc@e-smith.com>
- [4.11.0-08]
- Add default db fragments for squid [tonyc 8537]
- Remove dead proxy-startup action [tonyc 8537]
* Thu Apr 10 2003 Gordon Rowell <gordonr@e-smith.com>
- [4.11.0-07]
- Move defaults fragment to right location [gordonr 6911]
* Tue Apr 8 2003 Gordon Rowell <gordonr@e-smith.com>
- [4.11.0-06]
- Added port 119 (nntp) to Safe_ports, corrected high ports range [gordonr 4430]
* Mon Apr 7 2003 Gordon Rowell <gordonr@e-smith.com>
- [4.11.0-05]
- Set default for $squid{TransparentPort} and use in proxy.pac [gordonr 6911]
* Mon Apr 7 2003 Gordon Rowell <gordonr@e-smith.com>
- [4.11.0-04]
- Added port 81 to acl Safe_ports [gordonr 4430]
- Sorted Safe_ports to make it easier to read [gordonr 4430]
* Tue Mar 18 2003 Lijie Deng <lijied@e-smith.com>
- [4.11.0-03]
- Deleted ./etc/squid/squid.conf/template-begin [lijied 3295]
* Mon Feb 24 2003 Michael Soulier <msoulier@e-smith.com>
- [4.11.0-02]
- Removed use of LocalDomainPrefix. [msoulier 4812]
* Mon Feb 24 2003 Michael Soulier <msoulier@e-smith.com>
- [4.11.0-01]
- dev stream to 4.11.0
* Mon Feb 24 2003 Michael Soulier <msoulier@e-smith.com>
- [4.10.0-03]
- Backed-out changes in 4.10.0-02, as this should be in a dev stream.
[msoulier 4812]
* Mon Feb 24 2003 Michael Soulier <msoulier@e-smith.com>
- [4.10.0-02]
- Removed use of LocalDomainPrefix. [msoulier 4812]
* Fri Oct 11 2002 Charlie Brady <charlieb@e-smith.com>
- [4.10.0-01]
- Roll to maintained version number to 4.10.0
* Fri Oct 11 2002 Charlie Brady <charlieb@e-smith.com>
- [4.10.0-01]
- Roll to maintained version number to 4.10.0
* Wed Oct 2 2002 Michael Soulier <msoulier@e-smith.com>
- [4.9.7-02]
- Removing redundant iptables rule in PREROUTING chain which forwarded
- any local network http traffic to the squid proxy, when the previous
- rule already forwarded _all_ traffic there. [msoulier 5029]
* Thu Sep 12 2002 Charlie Brady <charlieb@e-smith.com>
- [4.9.7-01]
- Move proxy.pac file to /etc/httpd/conf/proxy/proxy.pac, and add
two URL aliases to it (/wpad.dat and /proxy.pac). Add appropriate
access rules. [charlieb 4838]
* Wed Sep 11 2002 Charlie Brady <charlieb@e-smith.com>
- [4.9.6-02]
- Dynamically adjust transparent proxy rules in "adjust" section of masq
script. [charlieb 4501]
* Thu Aug 22 2002 Charlie Brady <charlieb@e-smith.com>
- [4.9.6-01]
- Remove 45DenySquid template fragment - it's no longer needed since we
are using connection tracking. [charlieb 4499]
* Wed Aug 21 2002 Charlie Brady <charlieb@e-smith.com>
- [4.9.5-01]
- Fix error in squid conf template if LocalDomainPrefix is defined.
[charlieb 4686]
* Tue Aug 20 2002 Charlie Brady <charlieb@e-smith.com>
- [4.9.4-01]
- Add rc7.d symlink and don't set deprecated ORDER property [charlieb 4458]
* Tue Jul 30 2002 Charlie Brady <charlieb@e-smith.com>
- [4.9.3-01]
- Add additional rules in nat table to protect local HTTP accesses from
being forced through transparent proxy. [charlieb 1268]
* Wed Jul 17 2002 Charlie Brady <charlieb@e-smith.com>
- [4.9.2-01]
- Get syntax correct for iptables form of REDIRECT target, for
transparent proxy. [charlieb 1268]
* Wed Jul 17 2002 Charlie Brady <charlieb@e-smith.com>
- [4.9.1-01]
- Change masq script fragments to use iptables. [charlieb 1268]
* Wed Jun 5 2002 Charlie Brady <charlieb@e-smith.com>
- [4.9.0-01]
- Changing version to development stream number - 4.9.0
* Fri May 31 2002 Charlie Brady <charlieb@e-smith.com>
- [4.8.0-01]
- Changing version to maintained stream number to 4.8.0
* Wed May 29 2002 Charlie Brady <charlieb@e-smith.com>
- [4.7.12-01]
- Update proxy.pac to check host with isPlainHostName before doing DNS lookups.
Go direct for any plain host names. This shouldn't be necessary, but IE
is not going direct from WinXP with current setup. Remove redundent
else clauses while we are at it. [charlieb 3715]
* Wed May 29 2002 Charlie Brady <charlieb@e-smith.com>
- [4.7.11-01]
- Add append_domain directive in squid.conf, so that squid can resolve
unqualified names. (Why doesn't it use what's in resolv.conf?)
[charlieb 3715]
* Thu May 23 2002 Gordon Rowell <gordonr@e-smith.com>
- [4.7.10-01]
- RPM rebuild forced by cvsroot2rpm
* Fri May 17 2002 Tony Clayton <apc@e-smith.com>
- [4.7.9-01]
- Added 'use esmith::util' to 20ACL10localhost squid.conf fragment [tonyc 3253]
* Fri Apr 19 2002 Gordon Rowell <gordonr@e-smith.com>
- [4.7.8-01]
- And really cleaning old directory this time [gordonr 3073]
* Fri Apr 19 2002 Gordon Rowell <gordonr@e-smith.com>
- [4.7.7-01]
- Cleaned directory structure of bad pathname [gordonr 3073]
* Fri Apr 19 2002 Gordon Rowell <gordonr@e-smith.com>
- [4.7.6-01]
- Moved start of function to template-begin in case comments are
a problem for some clients [gordonr 3073]
* Fri Apr 19 2002 Gordon Rowell <gordonr@e-smith.com>
- [4.7.5-01]
- Added braces to templates to evaluate ConfigDB entries [gordonr 3073]
* Fri Apr 19 2002 Gordon Rowell <gordonr@e-smith.com>
- [4.7.4-01]
- Added dependency on e-smith-hosts
* Fri Apr 19 2002 Gordon Rowell <gordonr@e-smith.com>
- [4.7.3-01]
- Thanks to Damien Curtain for the wpad.dat details [gordonr 3073]
* Fri Apr 19 2002 Gordon Rowell <gordonr@e-smith.com>
- [4.7.2-01]
- Rewrote proxy-conf using ConfigDB [gordonr 3073]
- Added support wpad.dat and proxy/pac files [gordonr 3073]
* Fri Apr 19 2002 Gordon Rowell <gordonr@e-smith.com>
- [4.7.1-01]
- Initial CVS import
* Fri Apr 19 2002 Gordon Rowell <gordonr@e-smith.com>
- [4.7.0-01]
- rollRPM: Rolled version number to 4.7.0-01. Includes patches up to 4.6.0-06.
* Fri Feb 01 2002 Charlie Brady <charlieb@e-smith.com>
- [4.6.0-06]
- Disable transparent proxy rule if squid is disabled.
* Tue Jan 15 2002 Charlie Brady <charlieb@e-smith.com>
- [4.6.0-05]
- Rationalise distribution of actions to events (#2507)
- Add proxy-restart to console-save event
- Remove proxy-startup from console-save and bootstrap-console-save events
- Remove proxy-conf from post-upgrade event
- Move mkdir to create bootstrap-console-save event directory into prep
section (from %build), so that it gets included in the tarball by the
next rollRPM.
* Mon Jan 14 2002 Charlie Brady <charlieb@e-smith.com>
- [4.6.0-04]
- Fix missing newline in previous never-direct fix.
* Mon Jan 14 2002 Charlie Brady <charlieb@e-smith.com>
- [4.6.0-03]
- Add never_direct statements to parent cache case, as always_direct on
its own is not enough.
* Thu Jan 03 2002 Charlie Brady <charlieb@e-smith.com>
- [4.6.0-02]
- Fix runtime lookup of external IP in masq script fragment.
- Use always_direct deny statement to force squid to use an external cache
if a parent cache is specified.
* Tue Dec 11 2001 Jason Miller <jay@e-smith.com>
- [4.6.0-01]
- rollRPM: Rolled version number to 4.6.0-01. Includes patches up to 4.5.0-03.
* Wed Nov 07 2001 Charlie Brady <charlieb@e-smith.com>
- [4.5.0-03]
- Change the default setting for transparent to "yes".
* Wed Nov 07 2001 Charlie Brady <charlieb@e-smith.com>
- [4.5.0-02]
- Add transparent proxy feature, which is disabled by default. To enable,
set Transparent property of "squid" service to "yes".
* Wed Nov 7 2001 Charlie Brady <charlieb@e-smith.com>
- [4.5.0-01]
- Rolled version number to 4.5.0-01. Includes patches upto 4.4.0-07.
* Wed Nov 07 2001 Tony Clayton <tonyc@e-smith.com>
- [4.4.0-07]
- rebranding to Mitel Networks
* Mon Oct 22 2001 Charlie Brady <charlieb@e-smith.com>
- [4.4.0-06]
- Translate shell createlinks to perl createlinks
- Add bootstrap-console-save symlinks via changes to createlinks script
* Wed Aug 29 2001 Charlie Brady <charlieb@e-smith.com>
- [4.4.0-05]
- Add template fragment to set ftp_user used for password in anonymous ftp
- Add template fragment to set cache administrator email address in messages.
* Fri Aug 17 2001 gordonr
- [4.4.0-04]
- Autorebuild by rebuildRPM
* Wed Aug 15 2001 Charlie Brady <charlieb@e-smith.com>
- [4.4.0-03]
- Add template fragements to make sure that webdav protocols are not requested
via an upstream cache.
- Re-add template-begin, as the default template-begin is not yet inserted.
* Mon Aug 13 2001 Charlie Brady <charlieb@e-smith.com>
- [4.4.0-02]
- Break template-begin for squid.conf into fragments.
- Change acl name of localhost into localsrc, and change all
references to it.
- Add acl of localdst for all local destinations. In future we should point
client browsers directly at local web servers.
* Wed Aug 8 2001 Charlie Brady <charlieb@e-smith.com>
- [4.4.0-01]
- Rolled version number to 4.4.0-01. Includes patches upto 4.3.0-03.
* Fri Jul 6 2001 Peter Samuel <peters@e-smith.com>
- [4.3.0-03]
- Changed license to GPL
* Tue May 29 2001 Tony Clayton <tonyc@e-smith.com>
- [4.3.0-02]
- untie %conf hash in before calling serviceControl in proxy-startup
* Mon Apr 30 2001 Charlie Brady <charlieb@e-smith.com>
- [4.3.0-01]
- Rolled version number to 4.3.0-01. Includes patches upto 4.2.0-04.
* Sun Mar 25 2001 Gordon Rowell <gordonr@e-smith.com>
- [4.2.0-04]
- Removed dependency on e-smith-packetfilter. There is a filter fragment
which will will be useless without it, but it's not really a dependency
* Sat Mar 03 2001 Charlie Brady <charlieb@e-smith.com>
- [4.2.0-03]
- Add packet filter fragment to deny and log any connection attempt on
the external interface. This filter fragment is only active if squid
is enabled.
- Add requires e-smith-packetfilter spec.
* Thu Feb 8 2001 Adrian Chung <adrianc@e-smith.com>
- [4.2.0-02]
- Rolling release number for GPG signing.
* Thu Jan 25 2001 Peter Samuel <peters@e-smith.com>
- [4.2.0-01]
- Rolled version number to 4.2.0-01
Includes patches upto 4.1.0-2
* Thu Dec 28 2000 Gordon Rowell <gordonr@e-smith.com>
- [4.1.0-2]
- Added manager port (980) to Safe_ports
* Wed Dec 06 2000 Peter Samuel <peters@e-smith.com>
- [4.1.0-1]
- Rolled version to 4.1.0-1. Includes patches up to 4.0.7-3
* Mon Oct 30 2000 Charlie Brady <charlieb@e-smith.com>
- Fix typo in proxy-startup which prevented squid from starting
* Mon Oct 30 2000 Charlie Brady <charlieb@e-smith.com>
- This is e-smith-proxy-4.0.7-2.
- Merge services database back into configuration db.
* Thu Oct 26 2000 Peter Samuel <peters@e-smith.com>
- Rolled version to 4.0.7. Includes patches up to 4.0.6-13
* Fri Oct 06 2000 Charlie Brady <charlieb@e-smith.com>
- Fix perl errors in proxy-conf
* Fri Oct 06 2000 Charlie Brady <charlieb@e-smith.com>
- Make sure that "squid" is enabled in the services database
- Remove %post section.
- Fixed some script errors in other action scripts.
* Thu Oct 05 2000 Adrian Chung <adrian.chung@e-smith.com>
- Changed restart action to use serviceControl
- Removed post-install event conditional.
- Changed %post set to setdefault.
* Wed Oct 04 2000 Paul Nesbit <pkn@e-smith.com>
- expand templates only if enabled in services database.
- added /sbin/e-smith/db services set proxy enabled to %post
* Tue Oct 03 2000 Charlie Brady <charlieb@e-smith.com>
- Update services database when enabling/disabling service startup
* Mon Sep 25 2000 Paul Nesbit <pkn@e-smith.com>
- updated contact, support and URL info
* Fri Aug 25 2000 Charlie Brady <charlieb@e-smith.com>
- Added build dependency on e-smith-devtools, and dependency on
e-smith-lib. Generate file list with genfilelist.
* Thu Aug 24 2000 Gordon Rowell <gordonr@e-smith.com>
- Rewrote proxy-startup to user serviceControl()
* Wed Jul 12 2000 Joseph Morrison <jdm@e-smith.net>
- Use -1 argument to split command to handle null final values in
configuration records
* Sat Jun 17 2000 Charlie Brady <charlieb@e-smith.net>
- Do not mark templates as config files.
* Mon Jun 12 2000 Charlie Brady <charlieb@e-smith.net>
- Use list form of backgroundCommand.
* Thu May 18 2000 Charlie Brady <charlieb@e-smith.net>
- fold long lines in spec file
- Use & substitution in sed line
* Sun May 14 2000 Charlie Brady <charlieb@e-smith.net>
- Removed transproxy patch
- Make squid.conf template a directory
* Thu May 11 2000 Charlie Brady <charlieb@e-smith.net>
- Some small fixes in conf startup script
- Add dependency on squid
* Fri Apr 21 2000 Charlie Brady <charlieb@e-smith.net>
- Add a missing script template
* Thu Apr 20 2000 Charlie Brady <charlieb@e-smith.net>
- Add transparent proxy feature. Change architecture to "noarch"
- Make templates %config files.
%prep
%setup
rm -rf root/var/service/squid/
mkdir -p root/usr/lib/systemd/system/squid.service.d
rm -rf root/var/log/squid.run
%build
perl createlinks
%install
rm -rf $RPM_BUILD_ROOT
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
rm -f %{name}-%{version}-%{release}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
> %{name}-%{version}-%{release}-filelist
# --dir '/var/service/squid' 'attr(1755,root,root)' \
# --file '/var/service/squid/down' 'attr(0644,root,root)' \
# --file '/var/service/squid/run' 'attr(0755,root,root)' \
# --dir '/var/service/squid/supervise' 'attr(0700,root,root)' \
# --dir '/var/service/squid/log' 'attr(1755,root,root)' \
# --file '/var/service/squid/log/run' 'attr(0755,root,root)' \
# --dir '/var/service/squid/log/supervise' 'attr(0700,root,root)' \
# --dir '/var/log/squid.run' 'attr(0750,smelog,root)' \
echo "%doc COPYING" >> %{name}-%{version}-%{release}-filelist
%clean
rm -rf $RPM_BUILD_ROOT
%post
if [ -d /var/service/squid ]; then
rm -rf /var/service/squid
fi
%files -f %{name}-%{version}-%{release}-filelist
%defattr(-,root,root)

View File

@ -0,0 +1 @@
21,70,80,81,119,210,443,563,980,1024-65535

View File

@ -0,0 +1 @@
3128

View File

@ -0,0 +1 @@
80:3128

View File

@ -0,0 +1 @@
3128

View File

@ -0,0 +1 @@
private

View File

@ -0,0 +1 @@
enabled

View File

@ -0,0 +1 @@
service

View File

@ -0,0 +1,76 @@
<!-- vim: ft=xml ts=4 sw=4 et ai:
-->
<lexicon lang="en-us">
<entry>
<base>Proxy settings</base>
<trans>Proxy settings</trans>
</entry>
<entry>
<base>FIRST_PAGE_DESCRIPTION</base>
<trans>
This page allows configuration of the server's
proxy settings.
The server includes a transparent proxy and cache for
HTTP traffic. This is enabled by default, but not enforced
if the server is in &quot;serveronly&quot; mode.
If this server is acting as an e-mail server, connections
from local network clients to external SMTP servers
will default to being redirected to the local e-mail server.
</trans>
</entry>
<entry>
<base>HTTP_PROXY_STATUS_DESCRIPTION</base>
<trans>
The server's HTTP proxy works to reduce overall uplink usage by
caching recently-visited pages. It is transparent to web browsers
using this server as their gateway. Enable or disable this proxy
with the following toggle.
</trans>
</entry>
<entry>
<base>HTTP_PROXY_STATUS_LABEL</base>
<trans>HTTP proxy status</trans>
</entry>
<entry>
<base>SMTP_PROXY_STATUS_DESCRIPTION</base>
<trans>
The server's transparent SMTP proxy works to reduce virus traffic
from infected client hosts by forcing all outgoing SMTP traffic
through this server if set to "enabled".
If you wish to use an alternate SMTP server, and this server is
your gateway to it, set this proxy to "disabled". Setting the
proxy to "blocked" prevents all SMTP traffic to other servers,
this is the default. The proxy only intercepts/blocks normal smtp
(port 25) traffic.
</trans>
</entry>
<entry>
<base>SMTP_PROXY_STATUS_LABEL</base>
<trans>SMTP proxy status</trans>
</entry>
<entry>
<base>ERR_PROXY_UPDATE_FAILED</base>
<trans>
ERROR: The proxy-update event returned an error.
</trans>
</entry>
<entry>
<base>ERR_NO_SQUID_REC</base>
<trans>
ERROR: There is no squid record in the configuration database.
</trans>
</entry>
<entry>
<base>SUCCESS</base>
<trans>
The new proxy settings were applied successfully.
</trans>
</entry>
<entry>
<base>BLOCKED</base>
<trans>Blocked</trans>
</entry>
</lexicon>

View File

@ -0,0 +1,3 @@
PERMS=0640
UID="root"
GID="squid"

View File

@ -0,0 +1,20 @@
{
return "# squid is disabled\n" unless $squid{status} eq 'enabled';
my $freq = $squid{Rotate} || 'daily';
my $min = int(rand(60));
my $hour = int(rand(5));
my $dow = substr(localtime,0,3);
if ($freq eq 'hourly') {
return "$min * * * * root squid -k rotate\n";
} elsif ($freq eq 'weekly') {
return "$min $hour * * $dow root squid -k rotate\n";
} elsif ($freq eq 'monthly') {
return "$min $hour 15 * * root squid -k rotate\n";
} elsif ($freq eq 'disabled') {
return "# squid rotate disabled\n";
} else {
return "$min $hour * * * root squid -k rotate\n"
}
}

View File

@ -0,0 +1,2 @@
option wpad-url code 252 = text;

View File

@ -0,0 +1,15 @@
{
my $transproxy = $squid{Transparent} || "yes";
my $status = $squid{status} || "disabled";
if ($transproxy eq "yes" && $status eq "enabled")
{
$OUT .= " option wpad-url \"http://wpad.$DomainName/wpad.dat\";";
}
else
{
$OUT .= '# wpad-url disabled';
}
}

View File

@ -0,0 +1,9 @@
{
foreach my $file (qw(wpad.dat proxy.pac))
{
$OUT .= "Alias /$file /etc/httpd/conf/proxy/proxy.pac\n";
$OUT .= "<Location /$file>\n";
$OUT .= " Require ip $localAccess\n";
$OUT .= "</Location>\n";
}
}

View File

@ -0,0 +1,2 @@
if (isPlainHostName(host))
return "DIRECT";

View File

@ -0,0 +1,2 @@
if (isInNet(host, "{ $LocalIP }", "{ $LocalNetmask }"))
return "DIRECT";

View File

@ -0,0 +1,2 @@
if (isInNet(host, "127.0.0.1", "255.255.255.255"))
return "DIRECT";

View File

@ -0,0 +1,9 @@
{
my $enabled = $squid{status} || 'disabled';
my $port = $squid{TransparentPort} || 3128;
my $target = ($enabled eq 'enabled') ?
"PROXY proxy.$DomainName:$port" :
"DIRECT";
$OUT = ' return "' . $target . '";';
}

View File

@ -0,0 +1,2 @@
function FindProxyForURL(url, host)
\{

View File

@ -0,0 +1,38 @@
{
$OUT = '';
# Create new chain to manage TransProxy stuff
# Note: We send all traffic destined to port 80, regardless of
# where it's from, since the filter table will worry about source.
$OUT .= " /sbin/iptables --table nat --new-chain TransProxy\n";
$OUT .= " /sbin/iptables --table nat --append PREROUTING\\\n";
$OUT .= "\t-p tcp --dport 80 -j TransProxy\n";
# Accept any accesses to the local IPs directly
$OUT .= " /sbin/iptables --table nat --append TransProxy \\\n";
$OUT .= "\t--destination 127.0.0.1 --jump ACCEPT\n";
$OUT .= " /sbin/iptables --table nat --append TransProxy \\\n";
$OUT .= "\t--destination $LocalIP --jump ACCEPT\n";
if (defined $ExternalIP) {
# Accept any accesses to the ExternalIP directly
$OUT .= " /sbin/iptables --table nat --append TransProxy \\\n";
$OUT .= "\t--destination \$OUTERNET --jump ACCEPT\n";
}
my $transproxy = $squid{Transparent} || "yes";
my $status = $squid{status} || "disabled";
if ($transproxy eq "yes" && $status eq "enabled") {
##my $proxyport = $squid{TransparentPort} || "3128";
my $proxyport = $squid{InterceptPort} || "8080";
# Otherwise, divert port 80 traffic through our proxy
$OUT .= " /sbin/iptables --table nat --append TransProxy\\\n";
$OUT .= "\t-p TCP -j DNAT --to $LocalIP:$proxyport\n";
} else {
# Or just let it go unhindered
$OUT .= " /sbin/iptables --table nat --append TransProxy\\\n";
$OUT .= "\t--jump ACCEPT\n";
}
}

View File

@ -0,0 +1,32 @@
{
# Update any rules which may have changed, meaning
# - $ExternalIP
# - enabled/disabled
# - Transproxy port (unlikely)
my $rule = 3;
if (defined $ExternalIP)
{
# Accept any accesses to the ExternalIP directly
$OUT .= " /sbin/iptables --table nat \\\n";
$OUT .= "\t--replace TransProxy $rule\\\n";
$OUT .= "\t--destination \$OUTERNET --jump ACCEPT\n";
$rule++;
}
my $transproxy = $squid{Transparent} || "yes";
my $status = $squid{status} || "disabled";
if ($transproxy eq "yes" && $status eq "enabled")
{
##my $proxyport = $squid{TransparentPort} || "3128";
my $proxyport = $squid{InterceptPort} || "8080";
# Otherwise, divert port 80 traffic through our proxy
$OUT .= " /sbin/iptables --table nat --replace TransProxy $rule\\\n";
$OUT .= "\t-p TCP -j DNAT --to $LocalIP:$proxyport\n";
}
else
{
# Or just let it go unhindered
$OUT .= " /sbin/iptables --table nat --replace TransProxy $rule\\\n";
$OUT .= "\t--jump ACCEPT\n";
}
}

View File

@ -0,0 +1,2 @@
if $programname == 'squid' then /var/log/squid/squid.log
& stop

View File

@ -0,0 +1,13 @@
{
my $transproxy = $squid{Transparent} || "yes";
if ($transproxy eq 'yes') {
$OUT .= "http_port $LocalIP:" . ($squid{TCPPort} || '3128') . "\n";
$OUT .= "http_port 127.0.0.1:" . ($squid{TCPPort} || '3128') . "\n";
$OUT .= "http_port $LocalIP:" . ($squid{InterceptPort} || '8080') . " intercept\n";
$OUT .= "http_port 127.0.0.1:" . ($squid{InterceptPort} || '8080') . " intercept\n";
} else {
$OUT .= "http_port $LocalIP:" . ($squid{TCPPort} || '3128') . "\n";
$OUT .= "http_port 127.0.0.1:" . ($squid{TCPPort} || '3128') . "\n";
}
}

View File

@ -0,0 +1,4 @@
{
$OUT .= "udp_incoming_address $LocalIP\n";
$OUT .= "udp_outgoing_address 0.0.0.0";
}

View File

@ -0,0 +1,10 @@
{
$OUT = "";
if (defined $SquidParent && $SquidParent)
{
$OUT .= "cache_peer $SquidParent parent ";
$OUT .= $SquidParentPort || "3128";
$OUT .= " 7 no-query default";
}
}

View File

@ -0,0 +1,24 @@
{
use esmith::NetworksDB;
use Net::IPv4Addr;
my $ndb = esmith::NetworksDB->open_ro();
my $localAccess = '';
foreach ($ndb->local_access_spec()){
# If there's a / in the network string
# then convert to CIDR notation
if (m!/!) {
my ($ip,$bits) = Net::IPv4Addr::ipv4_parse($_);
$localAccess .= "$ip/$bits ";
}
else {
$localAccess .= "$_ ";
}
}
$OUT .= "acl localsrc src $localAccess\n";
$OUT .= "acl localdst dst $localAccess\n";
$OUT .= "acl selfdst dst 127.0.0.1 $LocalIP\n";
$OUT .= "acl selfport port " . ($squid{TCPPort} || '3128');
}

View File

@ -0,0 +1,6 @@
{
my @ports = split(",", ($squid{SSLPorts} || "") );
return "acl SSL_ports port 443 563 @ports";
}

View File

@ -0,0 +1,5 @@
{
my @ports = split(",", ($squid{SafePorts} || "80") );
return "acl Safe_ports port @ports";
}

View File

@ -0,0 +1 @@
acl CONNECT method CONNECT

View File

@ -0,0 +1 @@
acl webdav method PROPFIND TRACE PURGE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK

View File

@ -0,0 +1,3 @@
{
$OUT = "pid_filename /run/squid/squid.pid";
}

View File

@ -0,0 +1 @@
access_log /var/log/squid/access.log squid

View File

@ -0,0 +1 @@
logfile_rotate 0

View File

@ -0,0 +1,3 @@
append_domain {
$OUT = ".$DomainName";
}

View File

@ -0,0 +1 @@
cache_mgr { "admin\@$DomainName" }

View File

@ -0,0 +1 @@
ftp_user { "nobody\@$DomainName" }

View File

@ -0,0 +1,2 @@
http_access allow manager localsrc
http_access deny manager

View File

@ -0,0 +1,5 @@
{
return "" unless ( ($squid{EnforceSafePorts} || "no") eq "yes");
return "http_access deny !Safe_ports";
}

View File

@ -0,0 +1 @@
http_access deny CONNECT !SSL_ports

View File

@ -0,0 +1 @@
http_access deny selfdst selfport

View File

@ -0,0 +1 @@
http_access allow localsrc

View File

@ -0,0 +1 @@
http_access deny all

View File

@ -0,0 +1 @@
icp_access allow all

View File

@ -0,0 +1 @@
miss_access allow all

View File

@ -0,0 +1,11 @@
{
# TAG: store_avg_object_size (kbytes)
# Average object size, used to estimate number of objects your
# cache can hold. See doc/Release-Notes-1.1.txt. The default is
# 13 KB.
#
# Note: At e-smith, some of our customers have had average object sizes
# as low as 3.5 KB, so we set the limit to 3 KB to be safe.
# - JMorrison, January 5, 2000
# }
store_avg_object_size 3 KB

View File

@ -0,0 +1 @@
always_direct allow webdav

View File

@ -0,0 +1,13 @@
{
if (defined $SquidParent && $SquidParent)
{
$OUT .= "always_direct allow localdst\n";
$OUT .= "always_direct deny all\n";
$OUT .= "never_direct deny localdst\n";
$OUT .= "never_direct allow all";
}
else
{
$OUT .= "always_direct allow all";
}
}

View File

@ -0,0 +1 @@
max_filedesc { ($squid{'MaxFileDesc'} || '4096') }

View File

@ -0,0 +1,10 @@
# default squid options
SQUID_OPTS=""
# Time to wait for Squid to shut down when asked. Should not be necessary
# most of the time.
SQUID_SHUTDOWN_TIMEOUT=100
# default squid conf file
SQUID_CONF="/etc/squid/squid.conf"

View File

@ -0,0 +1,4 @@
# specific squid options
SQUID_OPTS="-s"

View File

@ -0,0 +1,4 @@
[Unit]
After=network-online.target

View File

@ -0,0 +1,12 @@
[Service]
{
# Is there a Files limit in the configuration database
$OUT .= "LimitNOFILE=";
$OUT .= $squid{MaxFileDesc} || 4096;
$OUT .= "\n";
}
PIDFile=/run/squid/squid.pid
# squid option -s ---->> $SQUID_OPTS
ExecStartPre=/sbin/e-smith/service-status squid
User=root
Group=root

View File

@ -0,0 +1,2 @@
[Install]
WantedBy=sme-server.target

View File

@ -0,0 +1,62 @@
#!/usr/bin/perl -wT
# vim: ts=4 sw=4 et ft=xml ai:
#----------------------------------------------------------------------
# heading : Security
# description : Proxy settings
# navigation : 5000 5500
#----------------------------------------------------------------------
#----------------------------------------------------------------------
# copyright (C) 1999-2003 Mitel Networks Corporation
#----------------------------------------------------------------------
use strict;
use CGI;
use esmith::FormMagick::Panel::proxy;
eval {
my $q = CGI->new();
my $f = esmith::FormMagick::Panel::proxy->new();
$f->display();
};
if ($@)
{
print<<EOF;
<html>
<head><title>Fatal error caught</title></head>
<body bgcolor=\"#ffffff\">
<h3>Fatal error caught</h3>
<pre>
$@
</pre>
</body>
</html>
EOF
}
__DATA__
<form title="Proxy settings" header="/etc/e-smith/web/common/head.tmpl"
footer="/etc/e-smith/web/common/foot.tmpl">
<page
name="First"
post-event="change_settings()"
pre-event="print_status_message()">
<description>FIRST_PAGE_DESCRIPTION</description>
<field
id="http_proxy_status"
value="get_http_proxy_status()"
type="select"
options="'enabled' => 'ENABLED','disabled' => 'DISABLED'">
<description>HTTP_PROXY_STATUS_DESCRIPTION</description>
<label>HTTP_PROXY_STATUS_LABEL</label>
</field>
<subroutine src="show_smtp_proxy_status()" />
<subroutine src="print_button('SAVE')" />
</page>
</form>

0
root/etc/httpd/conf/proxy/.gitignore vendored Normal file
View File

View File

View File

@ -0,0 +1,147 @@
#----------------------------------------------------------------------
# $Id: proxy.pm,v 1.3 2004/06/10 21:46:50 msoulier Exp $
#----------------------------------------------------------------------
# copyright (C) 2002 Mitel Networks Corporation
#----------------------------------------------------------------------
package esmith::FormMagick::Panel::proxy;
use strict;
use esmith::ConfigDB;
use esmith::FormMagick;
use constant SIGEVENT => '/sbin/e-smith/signal-event';
use constant TRUE => 1;
use constant FALSE => 0;
our @ISA = qw(esmith::FormMagick Exporter);
our $VERSION = sprintf '%d.%03d', q$Revision: 1.3 $ =~ /: (\d+).(\d+)/;
our @EXPORT = qw(
get_http_proxy_status get_smtp_proxy_status change_settings
show_smtp_proxy_status
);
=head1 NAME
=head1 SYNOPSIS
=head1 DESCRIPTION
=head1 FUNCTIONS
=cut
=head2 new
This is the class constructor.
=cut
sub new
{
my $class = ref($_[0]) || $_[0];
my $self = $class->SUPER::new();
$self->{calling_package} = (caller)[0];
# Lets not make this a global for a change. Globals bad. OO programming
# good.
my $db = esmith::ConfigDB->open
or die "Failed to open configuration db!\n";
$self->{db} = $db;
return $self;
}
=head2 get_http_proxy_status
This method returns the current status of squid.
=cut
sub get_http_proxy_status
{
my $self = shift;
return $self->{db}->get_prop('squid', 'status');
}
=head2 get_smtp_proxy_status
This method returns the current status of the smtp proxy.
=cut
sub get_smtp_proxy_status
{
my $self = shift;
return $self->{db}->get_prop('qpsmtpd', 'Proxy');
}
=head2 change_settings
This method takes the form submission and processes it.
=cut
sub change_settings
{
my $self = shift;
my $q = $self->{cgi};
my $http_proxy_status = $q->param('http_proxy_status') || 'disabled';
my $smtp_proxy_status = $q->param('smtp_proxy_status') || 'disabled';
my $squid = $self->{db}->get('squid')
or return $self->error('ERR_NO_SQUID_REC');
# smtpd is allowed to not exist, as the relevant packages may not be
# installed.
my $smtpd = $self->{db}->get('qpsmtpd') || undef;
$squid->set_prop('status', $http_proxy_status);
$smtpd->set_prop('Proxy', $smtp_proxy_status) if $smtpd;
system(SIGEVENT, "proxy-update") == 0
or return $self->error('ERR_PROXY_UPDATE_FAILED');
return $self->success();
}
=head2 show_smtp_proxy_status
This function conditionally displays the smtp proxy widgets, if the
e-smith-email rpm is installed.
=cut
sub show_smtp_proxy_status
{
my $self = shift;
my $q = $self->{cgi};
my @smtp_proxy_settings = qw(transparent disabled blocked);
my $default = $self->get_smtp_proxy_status();
my %labels = (
transparent => $self->localise('ENABLED'),
disabled => $self->localise('DISABLED'),
blocked => $self->localise('BLOCKED'),
);
if (system('/bin/rpm -q e-smith-email > /dev/null') == 0)
{
# e-smith-email is installed. Show it.
print $q->Tr(
$q->td({-colspan => 2},
$q->p($self->localise('SMTP_PROXY_STATUS_DESCRIPTION'))));
print $q->Tr(
$q->td({-class => 'sme-noborders-label'},
$self->localise('SMTP_PROXY_STATUS_LABEL')),
$q->td({-class => 'sme-noborders-content'},
$q->popup_menu({-name => 'smtp_proxy_status',
-values => \@smtp_proxy_settings,
-default => $default,
-labels => \%labels})));
}
return undef;
}
1;

0
root/var/log/.gitignore vendored Normal file
View File

0
root/var/service/.gitignore vendored Normal file
View File