X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fproxy.cgi;h=3139e51729091548bc3f1040b1e6bf980131d339;hb=ea72700a3b5f53680b218e9261593806bdc5f7d4;hp=1c9bb8724af3f1ef77add867317c03035f9ef0f7;hpb=36ba4ebe992fd023f9c86efd8a8d66fa0aa751ad;p=ipfire-2.x.git diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 1c9bb8724a..3139e51729 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -89,7 +89,6 @@ my $errormessage=''; my $acldir = "${General::swroot}/proxy/advanced/acls"; my $ncsadir = "${General::swroot}/proxy/advanced/ncsa"; -my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm"; my $raddir = "${General::swroot}/proxy/advanced/radius"; my $identdir = "${General::swroot}/proxy/advanced/ident"; my $credir = "${General::swroot}/proxy/advanced/cre"; @@ -137,7 +136,6 @@ my $urlfilterversion = 'n/a'; unless (-d "$acldir") { mkdir("$acldir"); } unless (-d "$ncsadir") { mkdir("$ncsadir"); } -unless (-d "$ntlmdir") { mkdir("$ntlmdir"); } unless (-d "$raddir") { mkdir("$raddir"); } unless (-d "$identdir") { mkdir("$identdir"); } unless (-d "$credir") { mkdir("$credir"); } @@ -287,7 +285,6 @@ $proxysettings{'IDENT_USER_ACL'} = 'positive'; $proxysettings{'ENABLE_FILTER'} = 'off'; $proxysettings{'ENABLE_UPDXLRATOR'} = 'off'; $proxysettings{'ENABLE_CLAMAV'} = 'off'; -$proxysettings{'CHILDREN'} = '10'; $ncsa_buttontext = $Lang::tr{'advproxy NCSA create user'}; @@ -359,7 +356,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} $errormessage = $Lang::tr{'advproxy errmsg cache'}." ".$proxysettings{'CACHE_MEM'}." > ".$proxysettings{'CACHE_SIZE'}; goto ERROR; } - + if (!(&General::validport($proxysettings{'PROXY_PORT'}))) { $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'}; @@ -401,8 +398,7 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} $errormessage = $Lang::tr{'proxy errmsg filedescriptors'}; goto ERROR; } - if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/) || - ($proxysettings{'CACHE_MEM'} < 1)) + if (!($proxysettings{'CACHE_MEM'} =~ /^\d+/)) { $errormessage = $Lang::tr{'advproxy errmsg mem cache size'}; goto ERROR; @@ -437,11 +433,6 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} { $errormessage = $Lang::tr{'invalid maximum incoming size'}; goto ERROR; - } - if (!($proxysettings{'CHILDREN'} =~ /^\d+$/) || ($proxysettings{'CHILDREN'} < 1)) - { - $errormessage = $Lang::tr{'advproxy invalid num of children'}; - goto ERROR; } if ($proxysettings{'ENABLE_BROWSER_CHECK'} eq 'on') { @@ -553,33 +544,6 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} } } } - if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') - { - if ($proxysettings{'NTLM_DOMAIN'} eq '') - { - $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'}; - goto ERROR; - } - if ($proxysettings{'NTLM_PDC'} eq '') - { - $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'}; - goto ERROR; - } - if (!&General::validhostname($proxysettings{'NTLM_PDC'})) - { - $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'}; - goto ERROR; - } - if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'}))) - { - $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'}; - goto ERROR; - } - - $proxysettings{'NTLM_DOMAIN'} = lc($proxysettings{'NTLM_DOMAIN'}); - $proxysettings{'NTLM_PDC'} = lc($proxysettings{'NTLM_PDC'}); - $proxysettings{'NTLM_BDC'} = lc($proxysettings{'NTLM_BDC'}); - } if ($proxysettings{'AUTH_METHOD'} eq 'radius') { if (!&General::validip($proxysettings{'RADIUS_SERVER'})) @@ -695,7 +659,7 @@ ERROR: system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); } if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); } - if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); } + if ($proxysettings{'ACTION'} eq $Lang::tr{'proxy reconfigure'}) { system('/usr/local/bin/squidctrl reconfigure >/dev/null 2>&1'); } } } @@ -864,7 +828,6 @@ $checked{'AUTH_METHOD'}{'none'} = ''; $checked{'AUTH_METHOD'}{'ncsa'} = ''; $checked{'AUTH_METHOD'}{'ident'} = ''; $checked{'AUTH_METHOD'}{'ldap'} = ''; -$checked{'AUTH_METHOD'}{'ntlm'} = ''; $checked{'AUTH_METHOD'}{'ntlm-auth'} = ''; $checked{'AUTH_METHOD'}{'radius'} = ''; $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'"; @@ -1035,12 +998,8 @@ print <
- - END ; -my $count = `ip n| wc -l`; -if ( $count < 1 ){$count = 1;} if ( -e "/usr/bin/squidclamav" ) { print ""; } else { print ""; } -print ""; -print ""; print < @@ -1118,7 +1075,7 @@ print <$Lang::tr{'advproxy cache management'} - + @@ -1532,7 +1489,7 @@ END ; foreach (@throttle_limits) { - print "\t\n"; + print "\t\n"; } print <$_ kBit/s\n"; + print "\t\n"; } print <$_ kBit/s\n"; + print "\t\n"; } print <$_ kBit/s\n"; + print "\t\n"; } print <$Lang::tr{'advproxy AUTH method ncsa'} - END if ($HAVE_NTLM_AUTH) { @@ -1927,80 +1883,6 @@ if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print < -
$Lang::tr{'advproxy redirector children'}
$Lang::tr{'processes'}: *".$Lang::tr{'advproxy squidclamav'}."
"; if ( ! -e "/var/run/clamav/clamd.pid" ){ @@ -1049,18 +1008,16 @@ if ( -e "/usr/bin/squidclamav" ) { } else { print $Lang::tr{'advproxy enabled'}."
"; - print "+ ".int(( $count**(1/3)) * 8);} +} print "		".$Lang::tr{'advproxy url filter'}."
"; +print "		".$Lang::tr{'advproxy url filter'}."
"; print $Lang::tr{'advproxy enabled'}."
"; -print "+ ".int(($count**(1/3)) * 6); print "		".$Lang::tr{'advproxy update accelerator'}."
"; +print "		".$Lang::tr{'advproxy update accelerator'}."
"; print $Lang::tr{'advproxy enabled'}."
"; -print "+ ".int(($count**(1/3)) * 5); print "
$Lang::tr{'proxy cachemgr'}:$Lang::tr{'proxy cachemgr'}: $Lang::tr{'advproxy admin mail'}: $Lang::tr{'advproxy AUTH method ident'} $Lang::tr{'advproxy AUTH method ldap'}$Lang::tr{'advproxy AUTH method ntlm'}
- - - - - - - - - - - -
$Lang::tr{'advproxy NTLM domain settings'}
$Lang::tr{'advproxy NTLM domain'}:$Lang::tr{'advproxy NTLM PDC hostname'}:$Lang::tr{'advproxy NTLM BDC hostname'}:
-
- - - - - - - - - -
$Lang::tr{'advproxy NTLM auth mode'}
$Lang::tr{'advproxy NTLM use integrated auth'}: 
-
- - - - - - - - - - - - - - - - - - - - - - -
$Lang::tr{'advproxy NTLM user based access restrictions'}
$Lang::tr{'advproxy enabled'}:  
- $Lang::tr{'advproxy NTLM use positive access list'}: - $Lang::tr{'advproxy NTLM use negative access list'}:
$Lang::tr{'advproxy NTLM authorized users'}$Lang::tr{'advproxy NTLM unauthorized users'}
-END -; } - # =================================================================== # NTLM-AUTH settings # =================================================================== @@ -2212,19 +2094,6 @@ print < - - - - - - - -END -; } - if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) { print < @@ -2514,18 +2383,6 @@ sub read_acls while () { $proxysettings{'MIME_TYPES'} .= $_ }; close(FILE); } - if (-e "$ntlmdir/msntauth.allowusers") { - open(FILE,"$ntlmdir/msntauth.allowusers"); - delete $proxysettings{'NTLM_ALLOW_USERS'}; - while () { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ }; - close(FILE); - } - if (-e "$ntlmdir/msntauth.denyusers") { - open(FILE,"$ntlmdir/msntauth.denyusers"); - delete $proxysettings{'NTLM_DENY_USERS'}; - while () { $proxysettings{'NTLM_DENY_USERS'} .= $_ }; - close(FILE); - } if (-e "$raddir/radauth.allowusers") { open(FILE,"$raddir/radauth.allowusers"); delete $proxysettings{'RADIUS_ALLOW_USERS'}; @@ -2965,16 +2822,6 @@ sub write_acls print FILE $proxysettings{'MIME_TYPES'}; close(FILE); - open(FILE, ">$ntlmdir/msntauth.allowusers"); - flock(FILE, 2); - print FILE $proxysettings{'NTLM_ALLOW_USERS'}; - close(FILE); - - open(FILE, ">$ntlmdir/msntauth.denyusers"); - flock(FILE, 2); - print FILE $proxysettings{'NTLM_DENY_USERS'}; - close(FILE); - open(FILE, ">$raddir/radauth.allowusers"); flock(FILE, 2); print FILE $proxysettings{'RADIUS_ALLOW_USERS'}; @@ -3077,8 +2924,6 @@ END print FILE "\n"; print FILE < 0) + if (($proxysettings{'CACHE_SIZE'} > 0) || ($proxysettings{'CACHE_MEM'} > 0)) { print FILE "\n"; @@ -3206,7 +3051,7 @@ END if ($proxysettings{'OFFLINE_MODE'} eq 'on') { print FILE "offline_mode on\n\n"; } if ($proxysettings{'CACHE_DIGESTS'} eq 'on') { print FILE "digest_generation on\n\n"; } else { print FILE "digest_generation off\n\n"; } - + if ((!($proxysettings{'MEM_POLICY'} eq 'LRU')) || (!($proxysettings{'CACHE_POLICY'} eq 'LRU'))) { if (!($proxysettings{'MEM_POLICY'} eq 'LRU')) @@ -3271,7 +3116,12 @@ cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DI END ; } else { - print FILE "cache deny all\n\n"; + if ($proxysettings{'CACHE_MEM'} > 0) { + # always 2% of CACHE_MEM defined as max object size + print FILE "maximum_object_size_in_memory " . int($proxysettings{'CACHE_MEM'} * 1024 * 0.02) . " KB\n\n"; + } else { + print FILE "cache deny all\n\n"; + } } print FILE <$ntlmdir/msntauth.conf"); - flock(MSNTCONF,2); - print MSNTCONF "server $proxysettings{'NTLM_PDC'}"; - if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; } - print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n"; - if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') - { - if ($proxysettings{'NTLM_USER_ACL'} eq 'positive') - { - print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n"; - } else { - print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n"; - } - } - close(MSNTCONF); - } - } - if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') { print FILE "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"; @@ -3426,7 +3243,7 @@ END my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'}; $ntlm_auth_group =~ s/\\/\+/; - print FILE " --require-membership-of=\"$ntlm_auth_group\""; + print FILE " --require-membership-of=$ntlm_auth_group"; } print FILE "\n"; @@ -3439,7 +3256,7 @@ END my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'}; $ntlm_auth_group =~ s/\\/\+/; - print FILE " --require-membership-of=\"$ntlm_auth_group\""; + print FILE " --require-membership-of=$ntlm_auth_group"; } print FILE "\n"; print FILE "auth_param basic children 10\n"; @@ -3461,17 +3278,6 @@ END print FILE "\n"; print FILE "acl for_inetusers proxy_auth REQUIRED\n"; - if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')) - { - if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) - { - print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n"; - } - if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative')) - { - print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n"; - } - } if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')) { if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive')) @@ -3830,24 +3636,10 @@ END { if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; } } - if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius')) + if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius')) { print FILE " for_inetusers"; } - if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')) - { - if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') - { - if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers")) - { - print FILE " for_acl_users"; - } - if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers")) - { - print FILE " !for_acl_users"; - } - } else { print FILE " for_inetusers"; } - } if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')) { if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') @@ -3875,24 +3667,10 @@ END { if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; } } - if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius')) + if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius')) { print FILE " for_inetusers"; } - if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')) - { - if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') - { - if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers")) - { - print FILE " for_acl_users"; - } - if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers")) - { - print FILE " !for_acl_users"; - } - } else { print FILE " for_inetusers"; } - } if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')) { if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') @@ -3918,14 +3696,6 @@ END } if ( - ( - ($proxysettings{'AUTH_METHOD'} eq 'ntlm') && - ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && - ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && - ($proxysettings{'NTLM_USER_ACL'} eq 'negative') && - (!-z "$ntlmdir/msntauth.denyusers") - ) - || ( ($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && @@ -3960,14 +3730,6 @@ END print FILE "http_access allow IPFire_networks"; if ( - ( - ($proxysettings{'AUTH_METHOD'} eq 'ntlm') && - ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && - ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && - ($proxysettings{'NTLM_USER_ACL'} eq 'positive') && - (!-z "$ntlmdir/msntauth.allowusers") - ) - || ( ($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && @@ -4093,7 +3855,10 @@ END if (($proxysettings{'ENABLE_FILTER'} eq 'on') || ($proxysettings{'ENABLE_UPDXLRATOR'} eq 'on') || ($proxysettings{'ENABLE_CLAMAV'} eq 'on')) { print FILE "url_rewrite_program /usr/sbin/redirect_wrapper\n"; - print FILE "url_rewrite_children $proxysettings{'CHILDREN'}\n\n"; + print FILE "url_rewrite_children ", &General::number_cpu_cores(); + print FILE " startup=", &General::number_cpu_cores(); + print FILE " idle=", &General::number_cpu_cores(); + print FILE " queue-size=", &General::number_cpu_cores() * 32, "\n\n"; } # Include file with user defined settings.