diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e594810 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +*.rpm +*.log +*spec-20* +*.tar.xz diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..3374dfb --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +# Makefile for source rpm: e-smith-proxy +# $Id: Makefile,v 1.1 2016/02/05 21:48:49 stephdl Exp $ +NAME := e-smith-proxy +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) diff --git a/README.md b/README.md index a595e99..e7fa68e 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,17 @@ -# e-smith-proxy +# e-smith-proxy -SMEServer Koozali developed git repo for e-smith-proxy smeserver \ No newline at end of file +SMEServer Koozali developed git repo for e-smith-proxy smeserver + +## Wiki +
https://wiki.koozali.org/ + +## Bugzilla +Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-proxy&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED) + +## Description + +
*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.* +*Once it has been checked, then this comment will be deleted* +
+ +The e-smith-Proxy software is a powerful Linux-based server that provides a secure and reliable platform for hosting web sites. It is designed to be highly customizable and can be used to host a variety of services, from web sites to email and file sharing. It is an excellent choice for businesses and organizations that need a reliable, secure and powerful server hosting solution. It is easy to set up and manage, and can be used for a wide range of purposes. With its robust security and scalability capabilities, e-smith-Proxy is a great option for hosting web sites. diff --git a/additional/COPYING b/additional/COPYING new file mode 100644 index 0000000..eeb586b --- /dev/null +++ b/additional/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/contriborbase b/contriborbase new file mode 100644 index 0000000..ef36a67 --- /dev/null +++ b/contriborbase @@ -0,0 +1 @@ +sme10 diff --git a/createlinks b/createlinks new file mode 100644 index 0000000..edf60ee --- /dev/null +++ b/createlinks @@ -0,0 +1,60 @@ +#! /usr/bin/perl -w + +use esmith::Build::CreateLinks qw(:all); + +my $event; +foreach $event (qw( + console-save + bootstrap-console-save + network-create + network-delete + proxy-update + e-smith-proxy-update +)) +{ + templates2events("/etc/httpd/conf/proxy/proxy.pac", $event); + templates2events("/etc/squid/squid.conf", $event); +} + +foreach $event (qw( + network-create + network-delete + console-save + proxy-update + e-smith-proxy-update +)) +{ + safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/squid"); +} + +foreach $event (qw( + proxy-update + e-smith-proxy-update +)) +{ + templates2events("/etc/rc.d/init.d/masq", "$event"); + templates2events("/etc/crontab", "$event"); + templates2events("/etc/dhcpd.conf", "$event"); + safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/masq"); +} + +# Symlink for the cgi. +panel_link("proxy", "manager"); + +#-------------------------------------------------- +# specific actions for e-smith-proxy-update event +#-------------------------------------------------- +$event = "e-smith-proxy-update"; + +templates2events("/etc/systemd/system-preset/49-koozali.preset", $event); +templates2events("/usr/lib/systemd/system/squid.service.d/50koozali.conf", $event); +event_link("systemd-reload", $event, "89"); + +foreach $event (qw( + post-install + post-upgrade +)) +{ + templates2events("/usr/lib/systemd/system/squid.service.d/50koozali.conf", $event); +} + diff --git a/e-smith-proxy.spec b/e-smith-proxy.spec new file mode 100644 index 0000000..80a8695 --- /dev/null +++ b/e-smith-proxy.spec @@ -0,0 +1,775 @@ +# $Id: e-smith-proxy.spec,v 1.13 2023/02/06 05:06:15 jpp Exp $ + +Summary: e-smith server and gateway - proxy module +%define name e-smith-proxy +Name: %{name} +%define version 5.6.0 +%define release 13 +Version: %{version} +Release: %{release}%{?dist} +License: GPL +Group: Networking/Daemons +Source: %{name}-%{version}.tar.xz + +BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot +BuildArchitectures: noarch +Requires: e-smith-base +Requires: squid +Requires: e-smith-lib >= 1.15.1-19 +Requires: iptables +Requires: e-smith-formmagick >= 1.4.0-9 +Requires: e-smith-apache >= 2.6.0-19 +Requires: e-smith-email >= 5.2.0-5 +BuildRequires: e-smith-devtools +Obsoletes: e-smith-transproxy +AutoReqProv: no + +%description +e-smith server and gateway software - proxy module. + +%changelog +* Wed Jul 12 2023 cvs2git.sh aka Brian Read 5.6.0-13.sme +- Roll up patches and move to git repo [SME: 12338] + +* Wed Jul 12 2023 BogusDateBot +- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, + by assuming the date is correct and changing the weekday. + +* Mon Feb 06 2023 Jean-Philippe Pialasse 5.6.0-12.sme +- fix issues where pid file is not removed [SME: 11454] + +* Sun Apr 17 2022 Jean-Philippe Pialasse 5.6.0-11.sme +- use httpd 2.4 access control syntax [SME: 11944] + +* Thu Oct 21 2021 Jean-Philippe Pialasse 5.6.0-10.sme +- fix squid starting before network [SME: 11713] + also dropin file not expanded on install fixed + +* Tue Mar 16 2021 Jean-Philippe Pialasse 5.6.0-9.sme +- cleanup in /etc/rc.d and /var/service/squid [SME: 9692] + +* Thu Dec 10 2020 Michel Begue 2.6.0-8.sme +- fix actions for e-smith-proxy-update event [SME: 11116] +- add intercept for squid [SME: 9419] + +* Mon Nov 30 2020 Michel Begue 2.6.0-7.sme +- move squid service to systemd [SME: 11116] +- add e-smith-proxy-update event [SME: 11151] +- fix bogus dates here + +* Wed Apr 12 2017 Jean-Philipe Pialasse 5.6.0-6.sme +- fix disabling smtp proxy via SM doesn't work [SME: 9639] + +* Mon Apr 10 2017 Jean-Philipe Pialasse 5.6.0-5.sme +- redirect squid syslog messages to /var/log/squid/squid.log [SME: 79] + +* Thu Jan 5 2017 Daniel Berteaud 5.6.0-4.sme +- Allow custom file descriptor limit, and set default to 4096 [SME: 9912] + +* Thu May 12 2016 Daniel Berteaud 5.6.0-3.sme +- Rebuild for [SME: 9393] + +* Thu Mar 31 2016 Jean-Philipe Pialasse 5.6.0-2.sme +- remove deprecated acl manager proto cache_object [SME: 9410] + +* Fri Feb 05 2016 stephane de Labrusse 5.6.0-1.sme +- Initial release to sme10 + +* Tue Apr 14 2015 Daniel Berteaud 5.4.0-4.sme +- Prevent forwarding loop when talking directly to squid port [SME: 8907] + +* Thu Jan 30 2014 chris burnat 5.4.0-3.sme +- Modify template to allow Squid proxy https access to ports other than 443,563 using db command [sme:8161] +- Codes by John Bennett + +* Mon Feb 18 2013 Daniel Berteaud 5.4.0-2.sme +- Adjust squid config syntax [SME: 7250] + +* Wed Feb 13 2013 Shad L. Lords 5.4.0-1.sme +- Roll new stream for sme9 +- Perl modules moved to /usr/share/perl5/vendor_perl [SME: 7223] + +* Fri Sep 23 2011 Jonathan Martens 5.2.0-5.sme +- Fix SMTP proxy wording in server-manager [SME: 6178] + +* Sat Sep 25 2010 Shad L. Lords 5.2.0-4.sme +- Fix missed enabled->transparent mapping [SME: 5574] + +* Sat Sep 25 2010 Shad L. Lords 5.2.0-3.sme +- Change enabled to transparent for mail proxy [SME: 5574] + +* Thu Mar 25 2010 Federico Simoncelli 5.2.0-2.sme +- New option to block outgoing SMTP connections [SME: 5574] + +* Tue Oct 7 2008 Shad L. Lords 5.2.0-1.sme +- Roll new stream to separate sme7/sme8 trees [SME: 4633] + +* Fri Aug 15 2008 Shad L. Lords 4.14.0-15 +- Fix obsolete use of esmith::db class in template fragment in sme8. [SME: 4509] + +* Fri Aug 15 2008 Charlie Brady 4.14.0-14 +- Fix obsolete use of esmith::db class in template fragment. [SME: 4509] + +* Fri Feb 22 2008 Gavin Weight 4.14.0-13 +- Change Wpad URL to match system domain. [SME: 3512] + +* Wed Feb 13 2008 Stephen Noble 4.14.0-12 +- Remove tags now in general [SME: 3918] + +* Sun Feb 10 2008 Stephen Noble 4.14.0-11 +- Remove duplicate entries [SME: 3893] + +* Thu Dec 27 2007 Stephen Noble 4.14.0-10 +- wording in panel re proxy in serveronly mode [SME: 3514] + +* Thu Dec 20 2007 Shad L. Lords 4.14.0-9 +- Update squid directives for sme8 [SME: 2518] + +* Fri Nov 02 2007 Gavin Weight 4.14.0-8 +- Add Wpad funtion to dhcpd.conf. [SME: 3512] + +* Wed Aug 29 2007 Charlie Brady 4.14.0-7 +- Bind only to local interface and loopback interface. [SME: 2658] + +* Sun Apr 29 2007 Shad L. Lords +- Clean up spec so package can be built by koji/plague + +* Fri Apr 06 2007 Shad L. Lords 4.14.0-6 +- Fix owner/perms on squid.conf file [SME: 2719] + +* Thu Feb 15 2007 Charlie Brady 4.14.0-5 +- Specify the port to which squid should bind. [SME: 2476] + +* Thu Jan 25 2007 Shad L. Lords 4.14.0-4 +- Expand crontab template on proxy-update [SME: 2195] + +* Sat Jan 13 2007 Shad L. Lords 4.14.0-3 +- Make squid clean cache [SME: 2195] + +* Thu Dec 07 2006 Shad L. Lords +- Update to new release naming. No functional changes. +- Make Packager generic + +* Wed Mar 15 2006 Charlie Brady 4.14.0-1 +- Roll stable stream version. [SME: 1016] + +* Mon Mar 13 2006 Gordon Rowell 4.13.2-06 +- Expand proxy.pac and squid.conf in proxy-update event [SME: 212] + +* Wed Nov 30 2005 Gordon Rowell 4.13.2-05 +- Bump release number only + +* Wed Nov 23 2005 Charlie Brady +- [4.13.2-04] +- Return 'return "DIRECT";' by default if squid is disabled [SF: 1310447] + +* Sat Nov 5 2005 Gordon Rowell +- [4.13.2-03] +- Return "DIRECT" by default if squid is disabled [SF: 1310447] + +* Mon Oct 17 2005 Charlie Brady +- [4.13.2-02] +- Allow squid to create a real pid file, so that "squid -k rotate" + works. PID file needs to be created in a directory owned by 'squid' + user - I've chosen /var/log/squid. [SF: 1327724] + +* Fri Oct 14 2005 Gordon Rowell +- [4.13.2-01] +- Remove L10Ns from base packages [SF: 1309520] + +* Fri Oct 14 2005 Gordon Rowell +- [4.13.1-01] +- New dev stream before relocating L10Ns + +* Fri Sep 30 2005 Gordon Rowell +- [4.13.0-40] +- Added Italian L10N - Thanks Filippo Carletti [SF: 1309266] + +* Tue Sep 27 2005 Charlie Brady +- [4.13.0-39] +- Fix squid run script so that initialization output is also + sent to the logger. [SF: 1200402] + +* Mon Sep 26 2005 Gordon Rowell +- [4.13.0-38] +- Added German L10N - Thanks Dietmar Berteld [SF: 1293325] + +* Mon Aug 29 2005 Charlie Brady +- [4.13.0-37] +- Remove dependency on e-smith-hosts. + +* Tue Aug 2 2005 Shad Lords +- [4.13.0-36] +- Add TCPPort and access for firewall definitions [SF: 1246986] +- Add squid{TCPProxyPort} for transparent redirects [SF: 1246986] + +* Mon Jul 18 2005 Charlie Brady +- [4.13.0-35] +- Add French translation of panel (Merci, Didier RAMBEAU). [SF: 1234928] + +* Mon Jul 18 2005 Charlie Brady +- [4.13.0-34] +- Update to current db access APIs, in readiness for move of dbs to private + directory. [SF: 1216546 (Shad)] + +* Thu Jul 14 2005 Charlie Brady +- [4.13.0-33] +- Change smtpfront-qmail{Proxy} -> smtpd{Proxy}. [Gordon Rowell, SF: 1212323] + +* Thu Jul 14 2005 Charlie Brady +- [4.13.0-32] +- Disable DNS tests on startup, like the standard RH config. [SF: 1234007] + +* Tue Jul 5 2005 Charlie Brady +- [4.13.0-31] +- Add extension_methods spec to squid.conf, to allow subversion + passthrough - see http://subversion.tigris.org/faq.html#proxy. + [SF: 1231333] + +* Thu Jun 9 2005 Charlie Brady +- [4.13.0-30] +- Reword the initial section of the proxy panel to remove reference + to 6040 product. [Gordon SF:1201757] +- Remove -s flag in run script, to avoid sending debug messages + from squid via syslog. [SF: 1200402] + +* Tue Mar 8 2005 Charlie Brady +- [4.13.0-29] +- Replace all restart-* and most reload-* actions with calls to 'adjust-services'. + Update e-smith-lib version dependency. [MN00065576] +- Use generic_template_expand action where possible, in place + of specific actions. Update e-smith-lib dependency. [MN00064130] + +* Tue Jan 18 2005 Charlie Brady +- [4.13.0-28] +- Use /dev/null as pid_filename. Squid documentation lies - "none" + doesn't work. [charlieb MN00062550] + +* Wed Dec 29 2004 Charlie Brady +- [4.13.0-27] +- Use e-smith-service for rc7.d symlink, so that "status" is respected. + [charlieb MN00061795] + +* Wed Dec 29 2004 Charlie Brady +- [4.13.0-26] +- Better fix for logging problem. Log run script errors to /var/log/squid.run, + and let squid own and manage /var/log/squid. Remove migration fragment + which does chown/chmod. [charlieb MN00057027] +- Don't try to create a pid file - we don't have permission anyway + [charlieb MN00062550] + +* Thu Nov 11 2004 Charlie Brady +- [4.13.0-25] +- Have multilog run as user squid, logging to /var/log/squid + (provided by squid package). [charlieb MN00057027] + +* Tue Sep 28 2004 Charlie Brady +- [4.13.0-24] +- Remove duplicate local network in ACL. [charlieb MN00050804] + +* Fri Sep 3 2004 Charlie Brady +- [4.13.0-23] +- Clean BuildRequires. [charlieb MN00043055] + +* Wed Jul 7 2004 Michael Soulier +- [4.13.0-22] +- Added initialization of the cache to the run script. [msoulier MN00037758] + +* Thu Jun 10 2004 Michael Soulier +- [4.13.0-21] +- Forgot to export the change_settings function. [msoulier MN00037755] +- Made the smtp proxy toggle display conditionally on the existence of the + e-smith-email rpm. [msoulier MN00037755] +- Made proxy-restart smarter, so it stops calling stop when the service is + down. [msoulier MN00037755] + +* Thu Jun 10 2004 Michael Soulier +- [4.13.0-20] +- Added the initial version of the code, including a proxy-update event. + [msoulier MN00037755] + +* Thu Jun 10 2004 Michael Soulier +- [4.13.0-19] +- Moved perl -> perl5, typo in directory path. [msoulier MN00037755] + +* Thu Jun 10 2004 Michael Soulier +- [4.13.0-18] +- Added stub for new web panel. [msoulier MN00037755] + +* Tue Jun 8 2004 Michael Soulier +- [4.13.0-17] +- Forward port of squid disable in serveronly mode. [msoulier MN00037260] + +* Tue May 4 2004 Michael Soulier +- [4.13.0-16] +- Fixed bad var reference. [msoulier dpar-27884] + +* Thu Jan 22 2004 Michael Soulier +- [4.13.0-15] +- Moved proxy-start/stop from e-smith-ntp to this package. [msoulier 10929] + +* Fri Dec 19 2003 Michael Soulier +- [4.13.0-14] +- Fixed a migration fragment that was mangling the log permissions. + [msoulier 6449] + +* Fri Dec 19 2003 Michael Soulier +- [4.13.0-13] +- Specified full path to logfile, as relative path did not work as expected. + [msoulier 6449] + +* Fri Dec 19 2003 Michael Soulier +- [4.13.0-12] +- Changing permissions on /var/log/squid to permit smelog to use the directory + beneath. [msoulier 6449] + +* Fri Dec 19 2003 Michael Soulier +- [4.13.0-11] +- Explicitly creating /var/log/squid/run with correct permissions. + [msoulier 6449] + +* Wed Dec 17 2003 Michael Soulier +- [4.13.0-10] +- Added migration for supervise change. [msoulier 6449] + +* Wed Dec 17 2003 Michael Soulier +- [4.13.0-09] +- Changed ownership of /var/log/squid. [msoulier 6449] + +* Mon Dec 15 2003 Michael Soulier +- [4.13.0-08] +- Added multilog back, logging to /var/log/squid/run. [msoulier 6449] + +* Thu Dec 11 2003 Michael Soulier +- [4.13.0-07] +- Removed multilog, as it does not apply here. [msoulier 6449] + +* Thu Dec 11 2003 Michael Soulier +- [4.13.0-06] +- Changed log owner to smelog. [msoulier 6449] + +* Wed Dec 10 2003 Michael Soulier +- [4.13.0-05] +- Changed owner of squid process and log directory to user squid. + [msoulier 6449] + +* Wed Dec 10 2003 Michael Soulier +- [4.13.0-04] +- Fixed bug in genfilelist options. [msoulier 6449] + +* Wed Dec 10 2003 Michael Soulier +- [4.13.0-03] +- Fixed bug in createlinks. [msoulier 6449] + +* Wed Dec 10 2003 Michael Soulier +- [4.13.0-02] +- Supervising squid. [msoulier 6449] + +* Wed Dec 10 2003 Michael Soulier +- [4.13.0-01] +- rolling to dev stream - 4.13.0 + +* Tue Sep 9 2003 Gordon Rowell +- [4.12.0-02] +- Disable safe_ports ACL by default. Create squid{SafePorts} + default ports list and squid{EnforceSafePorts} default to no [gordonr 9488] + +* Thu Jun 26 2003 Charlie Brady +- [4.12.0-01] +- Changing version to stable stream number - 4.12.0 + +* Fri May 30 2003 Michael Soulier +- [4.11.0-09] +- Removed dangling symlink to e-smith-proxy. [msoulier 8808] + +* Tue Apr 29 2003 Tony Clayton +- [4.11.0-08] +- Add default db fragments for squid [tonyc 8537] +- Remove dead proxy-startup action [tonyc 8537] + +* Thu Apr 10 2003 Gordon Rowell +- [4.11.0-07] +- Move defaults fragment to right location [gordonr 6911] + +* Tue Apr 8 2003 Gordon Rowell +- [4.11.0-06] +- Added port 119 (nntp) to Safe_ports, corrected high ports range [gordonr 4430] + +* Mon Apr 7 2003 Gordon Rowell +- [4.11.0-05] +- Set default for $squid{TransparentPort} and use in proxy.pac [gordonr 6911] + +* Mon Apr 7 2003 Gordon Rowell +- [4.11.0-04] +- Added port 81 to acl Safe_ports [gordonr 4430] +- Sorted Safe_ports to make it easier to read [gordonr 4430] + +* Tue Mar 18 2003 Lijie Deng +- [4.11.0-03] +- Deleted ./etc/squid/squid.conf/template-begin [lijied 3295] + +* Mon Feb 24 2003 Michael Soulier +- [4.11.0-02] +- Removed use of LocalDomainPrefix. [msoulier 4812] + +* Mon Feb 24 2003 Michael Soulier +- [4.11.0-01] +- dev stream to 4.11.0 + +* Mon Feb 24 2003 Michael Soulier +- [4.10.0-03] +- Backed-out changes in 4.10.0-02, as this should be in a dev stream. + [msoulier 4812] + +* Mon Feb 24 2003 Michael Soulier +- [4.10.0-02] +- Removed use of LocalDomainPrefix. [msoulier 4812] + +* Fri Oct 11 2002 Charlie Brady +- [4.10.0-01] +- Roll to maintained version number to 4.10.0 + +* Fri Oct 11 2002 Charlie Brady +- [4.10.0-01] +- Roll to maintained version number to 4.10.0 + +* Wed Oct 2 2002 Michael Soulier +- [4.9.7-02] +- Removing redundant iptables rule in PREROUTING chain which forwarded +- any local network http traffic to the squid proxy, when the previous +- rule already forwarded _all_ traffic there. [msoulier 5029] + +* Thu Sep 12 2002 Charlie Brady +- [4.9.7-01] +- Move proxy.pac file to /etc/httpd/conf/proxy/proxy.pac, and add + two URL aliases to it (/wpad.dat and /proxy.pac). Add appropriate + access rules. [charlieb 4838] + +* Wed Sep 11 2002 Charlie Brady +- [4.9.6-02] +- Dynamically adjust transparent proxy rules in "adjust" section of masq + script. [charlieb 4501] + +* Thu Aug 22 2002 Charlie Brady +- [4.9.6-01] +- Remove 45DenySquid template fragment - it's no longer needed since we + are using connection tracking. [charlieb 4499] + +* Wed Aug 21 2002 Charlie Brady +- [4.9.5-01] +- Fix error in squid conf template if LocalDomainPrefix is defined. + [charlieb 4686] + +* Tue Aug 20 2002 Charlie Brady +- [4.9.4-01] +- Add rc7.d symlink and don't set deprecated ORDER property [charlieb 4458] + +* Tue Jul 30 2002 Charlie Brady +- [4.9.3-01] +- Add additional rules in nat table to protect local HTTP accesses from + being forced through transparent proxy. [charlieb 1268] + +* Wed Jul 17 2002 Charlie Brady +- [4.9.2-01] +- Get syntax correct for iptables form of REDIRECT target, for + transparent proxy. [charlieb 1268] + +* Wed Jul 17 2002 Charlie Brady +- [4.9.1-01] +- Change masq script fragments to use iptables. [charlieb 1268] + +* Wed Jun 5 2002 Charlie Brady +- [4.9.0-01] +- Changing version to development stream number - 4.9.0 + +* Fri May 31 2002 Charlie Brady +- [4.8.0-01] +- Changing version to maintained stream number to 4.8.0 + +* Wed May 29 2002 Charlie Brady +- [4.7.12-01] +- Update proxy.pac to check host with isPlainHostName before doing DNS lookups. + Go direct for any plain host names. This shouldn't be necessary, but IE + is not going direct from WinXP with current setup. Remove redundent + else clauses while we are at it. [charlieb 3715] + +* Wed May 29 2002 Charlie Brady +- [4.7.11-01] +- Add append_domain directive in squid.conf, so that squid can resolve + unqualified names. (Why doesn't it use what's in resolv.conf?) + [charlieb 3715] + +* Thu May 23 2002 Gordon Rowell +- [4.7.10-01] +- RPM rebuild forced by cvsroot2rpm + +* Fri May 17 2002 Tony Clayton +- [4.7.9-01] +- Added 'use esmith::util' to 20ACL10localhost squid.conf fragment [tonyc 3253] + +* Fri Apr 19 2002 Gordon Rowell +- [4.7.8-01] +- And really cleaning old directory this time [gordonr 3073] + +* Fri Apr 19 2002 Gordon Rowell +- [4.7.7-01] +- Cleaned directory structure of bad pathname [gordonr 3073] + +* Fri Apr 19 2002 Gordon Rowell +- [4.7.6-01] +- Moved start of function to template-begin in case comments are + a problem for some clients [gordonr 3073] + +* Fri Apr 19 2002 Gordon Rowell +- [4.7.5-01] +- Added braces to templates to evaluate ConfigDB entries [gordonr 3073] + +* Fri Apr 19 2002 Gordon Rowell +- [4.7.4-01] +- Added dependency on e-smith-hosts + +* Fri Apr 19 2002 Gordon Rowell +- [4.7.3-01] +- Thanks to Damien Curtain for the wpad.dat details [gordonr 3073] + +* Fri Apr 19 2002 Gordon Rowell +- [4.7.2-01] +- Rewrote proxy-conf using ConfigDB [gordonr 3073] +- Added support wpad.dat and proxy/pac files [gordonr 3073] + +* Fri Apr 19 2002 Gordon Rowell +- [4.7.1-01] +- Initial CVS import + +* Fri Apr 19 2002 Gordon Rowell +- [4.7.0-01] +- rollRPM: Rolled version number to 4.7.0-01. Includes patches up to 4.6.0-06. + +* Fri Feb 01 2002 Charlie Brady +- [4.6.0-06] +- Disable transparent proxy rule if squid is disabled. + +* Tue Jan 15 2002 Charlie Brady +- [4.6.0-05] +- Rationalise distribution of actions to events (#2507) + - Add proxy-restart to console-save event + - Remove proxy-startup from console-save and bootstrap-console-save events + - Remove proxy-conf from post-upgrade event +- Move mkdir to create bootstrap-console-save event directory into prep + section (from %build), so that it gets included in the tarball by the + next rollRPM. + +* Mon Jan 14 2002 Charlie Brady +- [4.6.0-04] +- Fix missing newline in previous never-direct fix. + +* Mon Jan 14 2002 Charlie Brady +- [4.6.0-03] +- Add never_direct statements to parent cache case, as always_direct on + its own is not enough. + +* Thu Jan 03 2002 Charlie Brady +- [4.6.0-02] +- Fix runtime lookup of external IP in masq script fragment. +- Use always_direct deny statement to force squid to use an external cache + if a parent cache is specified. + +* Tue Dec 11 2001 Jason Miller +- [4.6.0-01] +- rollRPM: Rolled version number to 4.6.0-01. Includes patches up to 4.5.0-03. + +* Wed Nov 07 2001 Charlie Brady +- [4.5.0-03] +- Change the default setting for transparent to "yes". + +* Wed Nov 07 2001 Charlie Brady +- [4.5.0-02] +- Add transparent proxy feature, which is disabled by default. To enable, + set Transparent property of "squid" service to "yes". + +* Wed Nov 7 2001 Charlie Brady +- [4.5.0-01] +- Rolled version number to 4.5.0-01. Includes patches upto 4.4.0-07. + +* Wed Nov 07 2001 Tony Clayton +- [4.4.0-07] +- rebranding to Mitel Networks + +* Mon Oct 22 2001 Charlie Brady +- [4.4.0-06] +- Translate shell createlinks to perl createlinks +- Add bootstrap-console-save symlinks via changes to createlinks script + +* Wed Aug 29 2001 Charlie Brady +- [4.4.0-05] +- Add template fragment to set ftp_user used for password in anonymous ftp +- Add template fragment to set cache administrator email address in messages. + +* Fri Aug 17 2001 gordonr +- [4.4.0-04] +- Autorebuild by rebuildRPM + +* Wed Aug 15 2001 Charlie Brady +- [4.4.0-03] +- Add template fragements to make sure that webdav protocols are not requested + via an upstream cache. +- Re-add template-begin, as the default template-begin is not yet inserted. + +* Mon Aug 13 2001 Charlie Brady +- [4.4.0-02] +- Break template-begin for squid.conf into fragments. +- Change acl name of localhost into localsrc, and change all + references to it. +- Add acl of localdst for all local destinations. In future we should point + client browsers directly at local web servers. + +* Wed Aug 8 2001 Charlie Brady +- [4.4.0-01] +- Rolled version number to 4.4.0-01. Includes patches upto 4.3.0-03. + +* Fri Jul 6 2001 Peter Samuel +- [4.3.0-03] +- Changed license to GPL + +* Tue May 29 2001 Tony Clayton +- [4.3.0-02] +- untie %conf hash in before calling serviceControl in proxy-startup + +* Mon Apr 30 2001 Charlie Brady +- [4.3.0-01] +- Rolled version number to 4.3.0-01. Includes patches upto 4.2.0-04. + +* Sun Mar 25 2001 Gordon Rowell +- [4.2.0-04] +- Removed dependency on e-smith-packetfilter. There is a filter fragment + which will will be useless without it, but it's not really a dependency + +* Sat Mar 03 2001 Charlie Brady +- [4.2.0-03] +- Add packet filter fragment to deny and log any connection attempt on + the external interface. This filter fragment is only active if squid + is enabled. +- Add requires e-smith-packetfilter spec. + +* Thu Feb 8 2001 Adrian Chung +- [4.2.0-02] +- Rolling release number for GPG signing. + +* Thu Jan 25 2001 Peter Samuel +- [4.2.0-01] +- Rolled version number to 4.2.0-01 + Includes patches upto 4.1.0-2 + +* Thu Dec 28 2000 Gordon Rowell +- [4.1.0-2] +- Added manager port (980) to Safe_ports + +* Wed Dec 06 2000 Peter Samuel +- [4.1.0-1] +- Rolled version to 4.1.0-1. Includes patches up to 4.0.7-3 + +* Mon Oct 30 2000 Charlie Brady +- Fix typo in proxy-startup which prevented squid from starting + +* Mon Oct 30 2000 Charlie Brady +- This is e-smith-proxy-4.0.7-2. +- Merge services database back into configuration db. + +* Thu Oct 26 2000 Peter Samuel +- Rolled version to 4.0.7. Includes patches up to 4.0.6-13 + +* Fri Oct 06 2000 Charlie Brady +- Fix perl errors in proxy-conf + +* Fri Oct 06 2000 Charlie Brady +- Make sure that "squid" is enabled in the services database +- Remove %post section. +- Fixed some script errors in other action scripts. + +* Thu Oct 05 2000 Adrian Chung +- Changed restart action to use serviceControl +- Removed post-install event conditional. +- Changed %post set to setdefault. + +* Wed Oct 04 2000 Paul Nesbit +- expand templates only if enabled in services database. +- added /sbin/e-smith/db services set proxy enabled to %post + +* Tue Oct 03 2000 Charlie Brady +- Update services database when enabling/disabling service startup + +* Mon Sep 25 2000 Paul Nesbit +- updated contact, support and URL info + +* Fri Aug 25 2000 Charlie Brady +- Added build dependency on e-smith-devtools, and dependency on + e-smith-lib. Generate file list with genfilelist. + +* Thu Aug 24 2000 Gordon Rowell +- Rewrote proxy-startup to user serviceControl() + +* Wed Jul 12 2000 Joseph Morrison +- Use -1 argument to split command to handle null final values in + configuration records + +* Sat Jun 17 2000 Charlie Brady +- Do not mark templates as config files. + +* Mon Jun 12 2000 Charlie Brady +- Use list form of backgroundCommand. + +* Thu May 18 2000 Charlie Brady +- fold long lines in spec file +- Use & substitution in sed line + +* Sun May 14 2000 Charlie Brady +- Removed transproxy patch +- Make squid.conf template a directory + +* Thu May 11 2000 Charlie Brady +- Some small fixes in conf startup script +- Add dependency on squid + +* Fri Apr 21 2000 Charlie Brady +- Add a missing script template + +* Thu Apr 20 2000 Charlie Brady +- Add transparent proxy feature. Change architecture to "noarch" +- Make templates %config files. + +%prep +%setup + +rm -rf root/var/service/squid/ +mkdir -p root/usr/lib/systemd/system/squid.service.d +rm -rf root/var/log/squid.run + +%build +perl createlinks + +%install +rm -rf $RPM_BUILD_ROOT +(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) +rm -f %{name}-%{version}-%{release}-filelist +/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ + > %{name}-%{version}-%{release}-filelist +# --dir '/var/service/squid' 'attr(1755,root,root)' \ +# --file '/var/service/squid/down' 'attr(0644,root,root)' \ +# --file '/var/service/squid/run' 'attr(0755,root,root)' \ +# --dir '/var/service/squid/supervise' 'attr(0700,root,root)' \ +# --dir '/var/service/squid/log' 'attr(1755,root,root)' \ +# --file '/var/service/squid/log/run' 'attr(0755,root,root)' \ +# --dir '/var/service/squid/log/supervise' 'attr(0700,root,root)' \ +# --dir '/var/log/squid.run' 'attr(0750,smelog,root)' \ +echo "%doc COPYING" >> %{name}-%{version}-%{release}-filelist + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +if [ -d /var/service/squid ]; then + rm -rf /var/service/squid +fi + +%files -f %{name}-%{version}-%{release}-filelist +%defattr(-,root,root) diff --git a/root/etc/e-smith/db/configuration/defaults/squid/EnforceSafePorts b/root/etc/e-smith/db/configuration/defaults/squid/EnforceSafePorts new file mode 100644 index 0000000..7ecb56e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/squid/EnforceSafePorts @@ -0,0 +1 @@ +no diff --git a/root/etc/e-smith/db/configuration/defaults/squid/SafePorts b/root/etc/e-smith/db/configuration/defaults/squid/SafePorts new file mode 100644 index 0000000..78aac1f --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/squid/SafePorts @@ -0,0 +1 @@ +21,70,80,81,119,210,443,563,980,1024-65535 diff --git a/root/etc/e-smith/db/configuration/defaults/squid/TCPPort b/root/etc/e-smith/db/configuration/defaults/squid/TCPPort new file mode 100644 index 0000000..7a7d1ab --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/squid/TCPPort @@ -0,0 +1 @@ +3128 diff --git a/root/etc/e-smith/db/configuration/defaults/squid/TCPProxyPort b/root/etc/e-smith/db/configuration/defaults/squid/TCPProxyPort new file mode 100644 index 0000000..820ed49 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/squid/TCPProxyPort @@ -0,0 +1 @@ +80:3128 diff --git a/root/etc/e-smith/db/configuration/defaults/squid/TransparentPort b/root/etc/e-smith/db/configuration/defaults/squid/TransparentPort new file mode 100644 index 0000000..7a7d1ab --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/squid/TransparentPort @@ -0,0 +1 @@ +3128 diff --git a/root/etc/e-smith/db/configuration/defaults/squid/access b/root/etc/e-smith/db/configuration/defaults/squid/access new file mode 100644 index 0000000..3e18ebf --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/squid/access @@ -0,0 +1 @@ +private diff --git a/root/etc/e-smith/db/configuration/defaults/squid/status b/root/etc/e-smith/db/configuration/defaults/squid/status new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/squid/status @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/squid/type b/root/etc/e-smith/db/configuration/defaults/squid/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/squid/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/events/bootstrap-console-save/.gitignore b/root/etc/e-smith/events/bootstrap-console-save/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/proxy b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/proxy new file mode 100644 index 0000000..46870c4 --- /dev/null +++ b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/proxy @@ -0,0 +1,76 @@ + + + + Proxy settings + Proxy settings + + + FIRST_PAGE_DESCRIPTION + + This page allows configuration of the server's + proxy settings. + + The server includes a transparent proxy and cache for + HTTP traffic. This is enabled by default, but not enforced + if the server is in "serveronly" mode. + + If this server is acting as an e-mail server, connections + from local network clients to external SMTP servers + will default to being redirected to the local e-mail server. + + + + HTTP_PROXY_STATUS_DESCRIPTION + + The server's HTTP proxy works to reduce overall uplink usage by + caching recently-visited pages. It is transparent to web browsers + using this server as their gateway. Enable or disable this proxy + with the following toggle. + + + + HTTP_PROXY_STATUS_LABEL + HTTP proxy status + + + SMTP_PROXY_STATUS_DESCRIPTION + + The server's transparent SMTP proxy works to reduce virus traffic + from infected client hosts by forcing all outgoing SMTP traffic + through this server if set to "enabled". + + If you wish to use an alternate SMTP server, and this server is + your gateway to it, set this proxy to "disabled". Setting the + proxy to "blocked" prevents all SMTP traffic to other servers, + this is the default. The proxy only intercepts/blocks normal smtp + (port 25) traffic. + + + + SMTP_PROXY_STATUS_LABEL + SMTP proxy status + + + ERR_PROXY_UPDATE_FAILED + + ERROR: The proxy-update event returned an error. + + + + ERR_NO_SQUID_REC + + ERROR: There is no squid record in the configuration database. + + + + SUCCESS + + The new proxy settings were applied successfully. + + + + BLOCKED + Blocked + + diff --git a/root/etc/e-smith/templates.metadata/etc/squid/squid.conf b/root/etc/e-smith/templates.metadata/etc/squid/squid.conf new file mode 100644 index 0000000..65bd5c9 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/squid/squid.conf @@ -0,0 +1,3 @@ +PERMS=0640 +UID="root" +GID="squid" diff --git a/root/etc/e-smith/templates/etc/crontab/squid b/root/etc/e-smith/templates/etc/crontab/squid new file mode 100644 index 0000000..9fe43a6 --- /dev/null +++ b/root/etc/e-smith/templates/etc/crontab/squid @@ -0,0 +1,20 @@ +{ + return "# squid is disabled\n" unless $squid{status} eq 'enabled'; + + my $freq = $squid{Rotate} || 'daily'; + my $min = int(rand(60)); + my $hour = int(rand(5)); + my $dow = substr(localtime,0,3); + + if ($freq eq 'hourly') { + return "$min * * * * root squid -k rotate\n"; + } elsif ($freq eq 'weekly') { + return "$min $hour * * $dow root squid -k rotate\n"; + } elsif ($freq eq 'monthly') { + return "$min $hour 15 * * root squid -k rotate\n"; + } elsif ($freq eq 'disabled') { + return "# squid rotate disabled\n"; + } else { + return "$min $hour * * * root squid -k rotate\n" + } +} diff --git a/root/etc/e-smith/templates/etc/dhcpd.conf/11wpad b/root/etc/e-smith/templates/etc/dhcpd.conf/11wpad new file mode 100644 index 0000000..bdea45a --- /dev/null +++ b/root/etc/e-smith/templates/etc/dhcpd.conf/11wpad @@ -0,0 +1,2 @@ +option wpad-url code 252 = text; + diff --git a/root/etc/e-smith/templates/etc/dhcpd.conf/26wpad b/root/etc/e-smith/templates/etc/dhcpd.conf/26wpad new file mode 100644 index 0000000..8b97dbb --- /dev/null +++ b/root/etc/e-smith/templates/etc/dhcpd.conf/26wpad @@ -0,0 +1,15 @@ +{ + my $transproxy = $squid{Transparent} || "yes"; + my $status = $squid{status} || "disabled"; + if ($transproxy eq "yes" && $status eq "enabled") + + { + + $OUT .= " option wpad-url \"http://wpad.$DomainName/wpad.dat\";"; +} + else + { + $OUT .= '# wpad-url disabled'; + } +} + diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/96ProxyConf b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/96ProxyConf new file mode 100644 index 0000000..39b8ce5 --- /dev/null +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/96ProxyConf @@ -0,0 +1,9 @@ +{ + foreach my $file (qw(wpad.dat proxy.pac)) + { + $OUT .= "Alias /$file /etc/httpd/conf/proxy/proxy.pac\n"; + $OUT .= "\n"; + $OUT .= " Require ip $localAccess\n"; + $OUT .= "\n"; + } +} diff --git a/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/05directLocalhostname b/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/05directLocalhostname new file mode 100644 index 0000000..dc13fc5 --- /dev/null +++ b/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/05directLocalhostname @@ -0,0 +1,2 @@ + if (isPlainHostName(host)) + return "DIRECT"; diff --git a/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/10directLocalNetwork b/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/10directLocalNetwork new file mode 100644 index 0000000..84e0c0e --- /dev/null +++ b/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/10directLocalNetwork @@ -0,0 +1,2 @@ + if (isInNet(host, "{ $LocalIP }", "{ $LocalNetmask }")) + return "DIRECT"; diff --git a/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/10directLocalhost b/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/10directLocalhost new file mode 100644 index 0000000..21da428 --- /dev/null +++ b/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/10directLocalhost @@ -0,0 +1,2 @@ + if (isInNet(host, "127.0.0.1", "255.255.255.255")) + return "DIRECT"; diff --git a/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/90proxyDefault b/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/90proxyDefault new file mode 100644 index 0000000..b2c6c1f --- /dev/null +++ b/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/90proxyDefault @@ -0,0 +1,9 @@ +{ + my $enabled = $squid{status} || 'disabled'; + my $port = $squid{TransparentPort} || 3128; + my $target = ($enabled eq 'enabled') ? + "PROXY proxy.$DomainName:$port" : + "DIRECT"; + + $OUT = ' return "' . $target . '";'; +} diff --git a/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/99endFunction b/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/99endFunction new file mode 100644 index 0000000..dbea7aa --- /dev/null +++ b/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/99endFunction @@ -0,0 +1 @@ +\} diff --git a/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/template-begin b/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/template-begin new file mode 100644 index 0000000..6534003 --- /dev/null +++ b/root/etc/e-smith/templates/etc/httpd/conf/proxy/proxy.pac/template-begin @@ -0,0 +1,2 @@ +function FindProxyForURL(url, host) +\{ diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/35transproxy b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/35transproxy new file mode 100644 index 0000000..8d81fc9 --- /dev/null +++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/35transproxy @@ -0,0 +1,38 @@ +{ + $OUT = ''; + + # Create new chain to manage TransProxy stuff + # Note: We send all traffic destined to port 80, regardless of + # where it's from, since the filter table will worry about source. + $OUT .= " /sbin/iptables --table nat --new-chain TransProxy\n"; + $OUT .= " /sbin/iptables --table nat --append PREROUTING\\\n"; + $OUT .= "\t-p tcp --dport 80 -j TransProxy\n"; + + # Accept any accesses to the local IPs directly + + $OUT .= " /sbin/iptables --table nat --append TransProxy \\\n"; + $OUT .= "\t--destination 127.0.0.1 --jump ACCEPT\n"; + $OUT .= " /sbin/iptables --table nat --append TransProxy \\\n"; + $OUT .= "\t--destination $LocalIP --jump ACCEPT\n"; + + if (defined $ExternalIP) { + # Accept any accesses to the ExternalIP directly + $OUT .= " /sbin/iptables --table nat --append TransProxy \\\n"; + $OUT .= "\t--destination \$OUTERNET --jump ACCEPT\n"; + } + + my $transproxy = $squid{Transparent} || "yes"; + my $status = $squid{status} || "disabled"; + if ($transproxy eq "yes" && $status eq "enabled") { + ##my $proxyport = $squid{TransparentPort} || "3128"; + my $proxyport = $squid{InterceptPort} || "8080"; + + # Otherwise, divert port 80 traffic through our proxy + $OUT .= " /sbin/iptables --table nat --append TransProxy\\\n"; + $OUT .= "\t-p TCP -j DNAT --to $LocalIP:$proxyport\n"; + } else { + # Or just let it go unhindered + $OUT .= " /sbin/iptables --table nat --append TransProxy\\\n"; + $OUT .= "\t--jump ACCEPT\n"; + } +} diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustTransProxy b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustTransProxy new file mode 100644 index 0000000..d9eae4d --- /dev/null +++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustTransProxy @@ -0,0 +1,32 @@ +{ + # Update any rules which may have changed, meaning + # - $ExternalIP + # - enabled/disabled + # - Transproxy port (unlikely) + my $rule = 3; + if (defined $ExternalIP) + { + # Accept any accesses to the ExternalIP directly + $OUT .= " /sbin/iptables --table nat \\\n"; + $OUT .= "\t--replace TransProxy $rule\\\n"; + $OUT .= "\t--destination \$OUTERNET --jump ACCEPT\n"; + $rule++; + } + my $transproxy = $squid{Transparent} || "yes"; + my $status = $squid{status} || "disabled"; + if ($transproxy eq "yes" && $status eq "enabled") + { + ##my $proxyport = $squid{TransparentPort} || "3128"; + my $proxyport = $squid{InterceptPort} || "8080"; + + # Otherwise, divert port 80 traffic through our proxy + $OUT .= " /sbin/iptables --table nat --replace TransProxy $rule\\\n"; + $OUT .= "\t-p TCP -j DNAT --to $LocalIP:$proxyport\n"; + } + else + { + # Or just let it go unhindered + $OUT .= " /sbin/iptables --table nat --replace TransProxy $rule\\\n"; + $OUT .= "\t--jump ACCEPT\n"; + } +} diff --git a/root/etc/e-smith/templates/etc/rsyslog.conf/46squid b/root/etc/e-smith/templates/etc/rsyslog.conf/46squid new file mode 100644 index 0000000..9cbd570 --- /dev/null +++ b/root/etc/e-smith/templates/etc/rsyslog.conf/46squid @@ -0,0 +1,2 @@ +if $programname == 'squid' then /var/log/squid/squid.log +& stop diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/10HTTPPort b/root/etc/e-smith/templates/etc/squid/squid.conf/10HTTPPort new file mode 100644 index 0000000..8eba75a --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/10HTTPPort @@ -0,0 +1,13 @@ +{ + my $transproxy = $squid{Transparent} || "yes"; + + if ($transproxy eq 'yes') { + $OUT .= "http_port $LocalIP:" . ($squid{TCPPort} || '3128') . "\n"; + $OUT .= "http_port 127.0.0.1:" . ($squid{TCPPort} || '3128') . "\n"; + $OUT .= "http_port $LocalIP:" . ($squid{InterceptPort} || '8080') . " intercept\n"; + $OUT .= "http_port 127.0.0.1:" . ($squid{InterceptPort} || '8080') . " intercept\n"; + } else { + $OUT .= "http_port $LocalIP:" . ($squid{TCPPort} || '3128') . "\n"; + $OUT .= "http_port 127.0.0.1:" . ($squid{TCPPort} || '3128') . "\n"; + } +} diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/10ICPAddresses b/root/etc/e-smith/templates/etc/squid/squid.conf/10ICPAddresses new file mode 100644 index 0000000..d4d5777 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/10ICPAddresses @@ -0,0 +1,4 @@ +{ + $OUT .= "udp_incoming_address $LocalIP\n"; + $OUT .= "udp_outgoing_address 0.0.0.0"; +} diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/10ParentCache b/root/etc/e-smith/templates/etc/squid/squid.conf/10ParentCache new file mode 100644 index 0000000..34d0415 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/10ParentCache @@ -0,0 +1,10 @@ +{ + $OUT = ""; + + if (defined $SquidParent && $SquidParent) + { + $OUT .= "cache_peer $SquidParent parent "; + $OUT .= $SquidParentPort || "3128"; + $OUT .= " 7 no-query default"; + } +} diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL10localhost b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL10localhost new file mode 100644 index 0000000..099f578 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL10localhost @@ -0,0 +1,24 @@ +{ + use esmith::NetworksDB; + use Net::IPv4Addr; + + my $ndb = esmith::NetworksDB->open_ro(); + + my $localAccess = ''; + foreach ($ndb->local_access_spec()){ + # If there's a / in the network string + # then convert to CIDR notation + if (m!/!) { + my ($ip,$bits) = Net::IPv4Addr::ipv4_parse($_); + $localAccess .= "$ip/$bits "; + } + else { + $localAccess .= "$_ "; + } + } + + $OUT .= "acl localsrc src $localAccess\n"; + $OUT .= "acl localdst dst $localAccess\n"; + $OUT .= "acl selfdst dst 127.0.0.1 $LocalIP\n"; + $OUT .= "acl selfport port " . ($squid{TCPPort} || '3128'); +} diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports new file mode 100644 index 0000000..013f52e --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL15SSL_ports @@ -0,0 +1,6 @@ + +{ + my @ports = split(",", ($squid{SSLPorts} || "") ); + + return "acl SSL_ports port 443 563 @ports"; +} diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL15Safe_ports b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL15Safe_ports new file mode 100644 index 0000000..9c85528 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL15Safe_ports @@ -0,0 +1,5 @@ +{ + my @ports = split(",", ($squid{SafePorts} || "80") ); + + return "acl Safe_ports port @ports"; +} diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL20CONNECT b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL20CONNECT new file mode 100644 index 0000000..f528527 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL20CONNECT @@ -0,0 +1 @@ +acl CONNECT method CONNECT diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL30webdav b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL30webdav new file mode 100644 index 0000000..b127ee5 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL30webdav @@ -0,0 +1 @@ +acl webdav method PROPFIND TRACE PURGE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/20PidFilename b/root/etc/e-smith/templates/etc/squid/squid.conf/20PidFilename new file mode 100644 index 0000000..1f505f9 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/20PidFilename @@ -0,0 +1,3 @@ +{ + $OUT = "pid_filename /run/squid/squid.pid"; +} diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/24Logfile b/root/etc/e-smith/templates/etc/squid/squid.conf/24Logfile new file mode 100644 index 0000000..a8d1d04 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/24Logfile @@ -0,0 +1 @@ +access_log /var/log/squid/access.log squid diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/25LogfileRotate b/root/etc/e-smith/templates/etc/squid/squid.conf/25LogfileRotate new file mode 100644 index 0000000..169c06e --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/25LogfileRotate @@ -0,0 +1 @@ +logfile_rotate 0 diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/30append_domain b/root/etc/e-smith/templates/etc/squid/squid.conf/30append_domain new file mode 100644 index 0000000..6b33361 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/30append_domain @@ -0,0 +1,3 @@ +append_domain { + $OUT = ".$DomainName"; +} diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/30cache_mgr b/root/etc/e-smith/templates/etc/squid/squid.conf/30cache_mgr new file mode 100644 index 0000000..2efb4a2 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/30cache_mgr @@ -0,0 +1 @@ +cache_mgr { "admin\@$DomainName" } diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/30ftp_user b/root/etc/e-smith/templates/etc/squid/squid.conf/30ftp_user new file mode 100644 index 0000000..3ed00f9 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/30ftp_user @@ -0,0 +1 @@ +ftp_user { "nobody\@$DomainName" } diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access00manager b/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access00manager new file mode 100644 index 0000000..bb8d3a1 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access00manager @@ -0,0 +1,2 @@ +http_access allow manager localsrc +http_access deny manager diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access10notSafe_ports b/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access10notSafe_ports new file mode 100644 index 0000000..edadde1 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access10notSafe_ports @@ -0,0 +1,5 @@ +{ + return "" unless ( ($squid{EnforceSafePorts} || "no") eq "yes"); + + return "http_access deny !Safe_ports"; +} diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access20denyCONNECTunlessSSL b/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access20denyCONNECTunlessSSL new file mode 100644 index 0000000..08ec745 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access20denyCONNECTunlessSSL @@ -0,0 +1 @@ +http_access deny CONNECT !SSL_ports diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access40denySelf b/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access40denySelf new file mode 100644 index 0000000..467f0c3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access40denySelf @@ -0,0 +1 @@ +http_access deny selfdst selfport diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access75AllowLocal b/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access75AllowLocal new file mode 100644 index 0000000..262e674 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access75AllowLocal @@ -0,0 +1 @@ +http_access allow localsrc diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access99denyall b/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access99denyall new file mode 100644 index 0000000..d9a1ff0 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access99denyall @@ -0,0 +1 @@ +http_access deny all diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/50icp_access50AllowAll b/root/etc/e-smith/templates/etc/squid/squid.conf/50icp_access50AllowAll new file mode 100644 index 0000000..8eebfb3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/50icp_access50AllowAll @@ -0,0 +1 @@ +icp_access allow all diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/60miss_access50AllowAll b/root/etc/e-smith/templates/etc/squid/squid.conf/60miss_access50AllowAll new file mode 100644 index 0000000..5028850 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/60miss_access50AllowAll @@ -0,0 +1 @@ +miss_access allow all diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/70StoreAvgObjectSize b/root/etc/e-smith/templates/etc/squid/squid.conf/70StoreAvgObjectSize new file mode 100644 index 0000000..ad28b5e --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/70StoreAvgObjectSize @@ -0,0 +1,11 @@ +{ +# TAG: store_avg_object_size (kbytes) +# Average object size, used to estimate number of objects your +# cache can hold. See doc/Release-Notes-1.1.txt. The default is +# 13 KB. +# +# Note: At e-smith, some of our customers have had average object sizes +# as low as 3.5 KB, so we set the limit to 3 KB to be safe. +# - JMorrison, January 5, 2000 +# } +store_avg_object_size 3 KB diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/80always_direct50webdav b/root/etc/e-smith/templates/etc/squid/squid.conf/80always_direct50webdav new file mode 100644 index 0000000..a0e3930 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/80always_direct50webdav @@ -0,0 +1 @@ +always_direct allow webdav diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/80always_direct80default b/root/etc/e-smith/templates/etc/squid/squid.conf/80always_direct80default new file mode 100644 index 0000000..72ed6b3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/80always_direct80default @@ -0,0 +1,13 @@ +{ + if (defined $SquidParent && $SquidParent) + { + $OUT .= "always_direct allow localdst\n"; + $OUT .= "always_direct deny all\n"; + $OUT .= "never_direct deny localdst\n"; + $OUT .= "never_direct allow all"; + } + else + { + $OUT .= "always_direct allow all"; + } +} diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/96filedescriptor b/root/etc/e-smith/templates/etc/squid/squid.conf/96filedescriptor new file mode 100644 index 0000000..7b02b96 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/96filedescriptor @@ -0,0 +1 @@ +max_filedesc { ($squid{'MaxFileDesc'} || '4096') } diff --git a/root/etc/e-smith/templates/etc/sysconfig/squid/10ALL_ORIG b/root/etc/e-smith/templates/etc/sysconfig/squid/10ALL_ORIG new file mode 100644 index 0000000..37c6921 --- /dev/null +++ b/root/etc/e-smith/templates/etc/sysconfig/squid/10ALL_ORIG @@ -0,0 +1,10 @@ +# default squid options +SQUID_OPTS="" + +# Time to wait for Squid to shut down when asked. Should not be necessary +# most of the time. +SQUID_SHUTDOWN_TIMEOUT=100 + +# default squid conf file +SQUID_CONF="/etc/squid/squid.conf" + diff --git a/root/etc/e-smith/templates/etc/sysconfig/squid/20OPTS b/root/etc/e-smith/templates/etc/sysconfig/squid/20OPTS new file mode 100644 index 0000000..97b4920 --- /dev/null +++ b/root/etc/e-smith/templates/etc/sysconfig/squid/20OPTS @@ -0,0 +1,4 @@ +# specific squid options +SQUID_OPTS="-s" + + diff --git a/root/etc/e-smith/templates/usr/lib/systemd/system/squid.service.d/50koozali.conf/20unit b/root/etc/e-smith/templates/usr/lib/systemd/system/squid.service.d/50koozali.conf/20unit new file mode 100644 index 0000000..75a9044 --- /dev/null +++ b/root/etc/e-smith/templates/usr/lib/systemd/system/squid.service.d/50koozali.conf/20unit @@ -0,0 +1,4 @@ + +[Unit] +After=network-online.target + diff --git a/root/etc/e-smith/templates/usr/lib/systemd/system/squid.service.d/50koozali.conf/40service b/root/etc/e-smith/templates/usr/lib/systemd/system/squid.service.d/50koozali.conf/40service new file mode 100644 index 0000000..12f3179 --- /dev/null +++ b/root/etc/e-smith/templates/usr/lib/systemd/system/squid.service.d/50koozali.conf/40service @@ -0,0 +1,12 @@ +[Service] +{ +# Is there a Files limit in the configuration database +$OUT .= "LimitNOFILE="; +$OUT .= $squid{MaxFileDesc} || 4096; +$OUT .= "\n"; +} +PIDFile=/run/squid/squid.pid +# squid option -s ---->> $SQUID_OPTS +ExecStartPre=/sbin/e-smith/service-status squid +User=root +Group=root diff --git a/root/etc/e-smith/templates/usr/lib/systemd/system/squid.service.d/50koozali.conf/80install b/root/etc/e-smith/templates/usr/lib/systemd/system/squid.service.d/50koozali.conf/80install new file mode 100644 index 0000000..aa4f147 --- /dev/null +++ b/root/etc/e-smith/templates/usr/lib/systemd/system/squid.service.d/50koozali.conf/80install @@ -0,0 +1,2 @@ +[Install] +WantedBy=sme-server.target diff --git a/root/etc/e-smith/web/functions/proxy b/root/etc/e-smith/web/functions/proxy new file mode 100644 index 0000000..65b2d54 --- /dev/null +++ b/root/etc/e-smith/web/functions/proxy @@ -0,0 +1,62 @@ +#!/usr/bin/perl -wT +# vim: ts=4 sw=4 et ft=xml ai: + +#---------------------------------------------------------------------- +# heading : Security +# description : Proxy settings +# navigation : 5000 5500 +#---------------------------------------------------------------------- +#---------------------------------------------------------------------- +# copyright (C) 1999-2003 Mitel Networks Corporation +#---------------------------------------------------------------------- + +use strict; +use CGI; +use esmith::FormMagick::Panel::proxy; + +eval { + my $q = CGI->new(); + my $f = esmith::FormMagick::Panel::proxy->new(); + + $f->display(); +}; +if ($@) +{ + print< +Fatal error caught + +

Fatal error caught

+
+$@
+
+ + +EOF +} + +__DATA__ +
+ + + + FIRST_PAGE_DESCRIPTION + + + HTTP_PROXY_STATUS_DESCRIPTION + + + + + + + +
diff --git a/root/etc/httpd/conf/proxy/.gitignore b/root/etc/httpd/conf/proxy/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/usr/lib/systemd/system/squid.service.d/.gitignore b/root/usr/lib/systemd/system/squid.service.d/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/proxy.pm b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/proxy.pm new file mode 100644 index 0000000..44db57d --- /dev/null +++ b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/proxy.pm @@ -0,0 +1,147 @@ +#---------------------------------------------------------------------- +# $Id: proxy.pm,v 1.3 2004/06/10 21:46:50 msoulier Exp $ +#---------------------------------------------------------------------- +# copyright (C) 2002 Mitel Networks Corporation +#---------------------------------------------------------------------- + +package esmith::FormMagick::Panel::proxy; + +use strict; +use esmith::ConfigDB; +use esmith::FormMagick; + +use constant SIGEVENT => '/sbin/e-smith/signal-event'; +use constant TRUE => 1; +use constant FALSE => 0; + +our @ISA = qw(esmith::FormMagick Exporter); +our $VERSION = sprintf '%d.%03d', q$Revision: 1.3 $ =~ /: (\d+).(\d+)/; +our @EXPORT = qw( + get_http_proxy_status get_smtp_proxy_status change_settings + show_smtp_proxy_status + ); + +=head1 NAME + +=head1 SYNOPSIS + +=head1 DESCRIPTION + +=head1 FUNCTIONS + +=cut + +=head2 new + +This is the class constructor. + +=cut + +sub new +{ + my $class = ref($_[0]) || $_[0]; + my $self = $class->SUPER::new(); + $self->{calling_package} = (caller)[0]; + + # Lets not make this a global for a change. Globals bad. OO programming + # good. + my $db = esmith::ConfigDB->open + or die "Failed to open configuration db!\n"; + + $self->{db} = $db; + + return $self; +} + +=head2 get_http_proxy_status + +This method returns the current status of squid. + +=cut + +sub get_http_proxy_status +{ + my $self = shift; + return $self->{db}->get_prop('squid', 'status'); +} + +=head2 get_smtp_proxy_status + +This method returns the current status of the smtp proxy. + +=cut + +sub get_smtp_proxy_status +{ + my $self = shift; + return $self->{db}->get_prop('qpsmtpd', 'Proxy'); +} + +=head2 change_settings + +This method takes the form submission and processes it. + +=cut + +sub change_settings +{ + my $self = shift; + my $q = $self->{cgi}; + + my $http_proxy_status = $q->param('http_proxy_status') || 'disabled'; + my $smtp_proxy_status = $q->param('smtp_proxy_status') || 'disabled'; + + my $squid = $self->{db}->get('squid') + or return $self->error('ERR_NO_SQUID_REC'); + # smtpd is allowed to not exist, as the relevant packages may not be + # installed. + my $smtpd = $self->{db}->get('qpsmtpd') || undef; + + $squid->set_prop('status', $http_proxy_status); + $smtpd->set_prop('Proxy', $smtp_proxy_status) if $smtpd; + + system(SIGEVENT, "proxy-update") == 0 + or return $self->error('ERR_PROXY_UPDATE_FAILED'); + + return $self->success(); +} + +=head2 show_smtp_proxy_status + +This function conditionally displays the smtp proxy widgets, if the +e-smith-email rpm is installed. + +=cut + +sub show_smtp_proxy_status +{ + my $self = shift; + my $q = $self->{cgi}; + my @smtp_proxy_settings = qw(transparent disabled blocked); + my $default = $self->get_smtp_proxy_status(); + my %labels = ( + transparent => $self->localise('ENABLED'), + disabled => $self->localise('DISABLED'), + blocked => $self->localise('BLOCKED'), + ); + + if (system('/bin/rpm -q e-smith-email > /dev/null') == 0) + { + # e-smith-email is installed. Show it. + print $q->Tr( + $q->td({-colspan => 2}, + $q->p($self->localise('SMTP_PROXY_STATUS_DESCRIPTION')))); + print $q->Tr( + $q->td({-class => 'sme-noborders-label'}, + $self->localise('SMTP_PROXY_STATUS_LABEL')), + $q->td({-class => 'sme-noborders-content'}, + $q->popup_menu({-name => 'smtp_proxy_status', + -values => \@smtp_proxy_settings, + -default => $default, + -labels => \%labels}))); + + } + return undef; +} + +1; diff --git a/root/var/log/.gitignore b/root/var/log/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/var/service/.gitignore b/root/var/service/.gitignore new file mode 100644 index 0000000..e69de29