Neue Proxysteuerung.
authorms <ms@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Mon, 30 Apr 2007 21:20:20 +0000 (21:20 +0000)
committerms <ms@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Mon, 30 Apr 2007 21:20:20 +0000 (21:20 +0000)
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@510 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

config/rootfiles/common/initscripts
config/rootfiles/common/misc-progs
html/cgi-bin/proxy.cgi
src/initscripts/init.d/squid [new file with mode: 0644]
src/misc-progs/Makefile
src/misc-progs/restartsquid.c [deleted file]
src/misc-progs/squidctrl.c [new file with mode: 0644]

index fca5379..431c65b 100644 (file)
@@ -26,6 +26,7 @@ etc/rc.d/init.d/reboot
 etc/rc.d/init.d/red
 etc/rc.d/init.d/sendsignals
 etc/rc.d/init.d/setclock
+etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/swap
 etc/rc.d/init.d/sysctl
index c6b4673..6d2ed9e 100644 (file)
@@ -13,7 +13,6 @@ usr/local/bin/restartapplejuice
 usr/local/bin/restartdhcp
 usr/local/bin/restartntpd
 usr/local/bin/restartsnort
-usr/local/bin/restartsquid
 usr/local/bin/restartssh
 usr/local/bin/restartsyslogd
 usr/local/bin/restartwireless
@@ -24,5 +23,6 @@ usr/local/bin/setfilters
 usr/local/bin/setportfw
 usr/local/bin/setxtaccess
 usr/local/bin/smartctrl
+usr/local/bin/squidctrl
 usr/local/bin/timecheckctrl
 usr/local/bin/upnpctrl
index d7827c4..05a75c3 100644 (file)
@@ -581,27 +581,30 @@ ERROR:
                &writeconfig;
                &writepacfile;
 
+               system ('/usr/local/bin/squidctrl', 'disable');
                unlink "${General::swroot}/proxy/enable";
                unlink "${General::swroot}/proxy/transparent";
                unlink "${General::swroot}/proxy/enable_blue";
                unlink "${General::swroot}/proxy/transparent_blue";
 
                if ($proxysettings{'ENABLE'} eq 'on') {
-                       system ('/usr/bin/touch', "${General::swroot}/proxy/enable"); }
+                       system ('/usr/bin/touch', "${General::swroot}/proxy/enable");
+                       system ('/usr/local/bin/squidctrl', 'enable'); }
                if ($proxysettings{'TRANSPARENT'} eq 'on') {
                        system ('/usr/bin/touch', "${General::swroot}/proxy/transparent"); }
                if ($proxysettings{'ENABLE_BLUE'} eq 'on') {
-                       system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue"); }
+                       system ('/usr/bin/touch', "${General::swroot}/proxy/enable_blue");
+                       system ('/usr/local/bin/squidctrl', 'enable'); }
                if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') {
                        system ('/usr/bin/touch', "${General::swroot}/proxy/transparent_blue"); }
 
-               if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/restartsquid'); }
+               if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy save and restart'}) { system('/usr/local/bin/squidctrl restart >/dev/null 2>&1'); }
        }
 }
 
 if ($proxysettings{'ACTION'} eq $Lang::tr{'advproxy clear cache'})
 {
-       system('/usr/local/bin/restartsquid','-f');
+       system('/usr/local/bin/squidctrl flush >/dev/null 2>&1');
 }
 
 if (!$errormessage)
diff --git a/src/initscripts/init.d/squid b/src/initscripts/init.d/squid
new file mode 100644 (file)
index 0000000..a3c351c
--- /dev/null
@@ -0,0 +1,98 @@
+#!/bin/sh
+# Begin $rc_base/init.d/squid
+
+. /etc/sysconfig/rc
+. $rc_functions
+
+transparent() {
+               DEVICE=$1
+               
+               eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+               eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
+               
+               # If the proxy port is not set we set the default to 800.
+               if [ -z $PROXY_PORT ]; then
+                       PROXY_PORT=800
+               fi
+
+               LOCALIP=`cat /var/ipfire/red/local-ipaddress | tr -d \n`
+               if [ -z $LOCALIP ]; then
+                       boot_mesg "Couldn't read local-ipaddress" ${FAILURE}
+                       exit 1
+               fi
+
+               COUNT=1
+               FILE=/var/ipfire/vpn/config
+
+               while read LINE; do
+                       let COUNT=$COUNT+1
+                       CONN_TYPE=`echo "$LINE" | awk -F, '{ print $5 }'`
+                       if [ "$CONN_TYPE" != "net" ]; then
+                               continue
+                       fi  
+               iptables -t nat -A SQUID -i $1 -p tcp -d `echo "$LINE" | awk -F, '{ print $13 }'` --dport 80 -j RETURN
+               done < $FILE
+               
+               if [ "$RED_TYPE" == "STATIC" ]; then
+                       iptables -t nat -A SQUID -i $1 -p tcp -d $RED_NETADDRESS/$RED_NETMASK --dport 80 -j RETURN
+               fi
+               
+               iptables -t nat -A SQUID -i $1 -p tcp -d $LOCALIP --dport 80 -j RETURN
+               
+               iptables -t nat -A SQUID -i $1 -p tcp --dport 80 -j REDIRECT --to-port $PROXY_PORT
+}
+
+case "$1" in
+       start)
+               boot_mesg "Starting Squid Proxy Server..."
+               
+               if [ -e /var/ipfire/proxy/enable -o -e /var/ipfire/proxy/enable_blue ]; then
+                       loadproc /usr/sbin/squid -D -z >/dev/null 2>&1
+                       loadproc /usr/sbin/squid -D
+               fi
+
+               eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+
+               if [ -e /var/ipfire/proxy/transparent ]; then
+                       transparent $GREEN_DEV
+               fi
+               if [ -e /var/ipfire/proxy/transparent_blue ]; then
+                       transparent $BLUE_DEV
+               fi
+               ;;
+
+       stop)
+               boot_mesg "Stopping Squid Proxy Server..."
+               iptables -t nat -F SQUID
+               squid -k shutdown >/dev/null 2>&1
+               evaluate_retval
+               killproc /usr/sbin/squid >/dev/null
+               killproc /usr/bin/squidGuard >/dev/null
+               ;;
+
+       restart)
+               $0 stop
+               sleep 1
+               $0 start
+               ;;
+
+       status)
+               statusproc /usr/sbin/squid
+               statusproc /usr/lib/squid/unlinkd
+               ;;
+               
+       flush)
+               $0 stop
+               echo > /var/log/cache/swap.state
+               chown squid.squid /var/log/cache/swap.state
+               sleep 1
+               $0 start
+               ;;
+
+       *)
+               echo "Usage: $0 {start|stop|restart|status|flush}"
+               exit 1
+               ;;
+esac
+
+# End $rc_base/init.d/squid
index 0305003..3dd951e 100644 (file)
@@ -5,7 +5,7 @@ COMPILE=$(CC) $(CFLAGS)
 
 PROGS = iowrap
 SUID_PROGS = setdmzholes setportfw setfilters setxtaccess \
-       restartsquid restartssh ipfirereboot setaliases \
+       squidctrl restartssh ipfirereboot setaliases \
        ipsecctrl restartntpd restartdhcp restartsnort \
        restartapplejuice rebuildhosts \
        restartsyslogd logwatch openvpnctrl timecheckctrl \
@@ -88,8 +88,8 @@ restartdhcp: restartdhcp.c setuid.o ../install+setup/libsmooth/varval.o
 restartssh: restartssh.c setuid.o ../install+setup/libsmooth/varval.o
        $(COMPILE) -I../install+setup/libsmooth/ restartssh.c setuid.o ../install+setup/libsmooth/varval.o -o $@
 
-restartsquid: restartsquid.c setuid.o ../install+setup/libsmooth/varval.o
-       $(COMPILE) -I../install+setup/libsmooth/ restartsquid.c setuid.o ../install+setup/libsmooth/varval.o -o $@
+squidctrl: squidctrl.c setuid.o ../install+setup/libsmooth/varval.o
+       $(COMPILE) -I../install+setup/libsmooth/ squidctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
 
 restartsnort: restartsnort.c setuid.o ../install+setup/libsmooth/varval.o
        $(COMPILE) -I../install+setup/libsmooth/ restartsnort.c setuid.o ../install+setup/libsmooth/varval.o -o $@
diff --git a/src/misc-progs/restartsquid.c b/src/misc-progs/restartsquid.c
deleted file mode 100644 (file)
index 6218d1c..0000000
+++ /dev/null
@@ -1,449 +0,0 @@
-/* SmoothWall helper program - restartsquid
- *
- * This program is distributed under the terms of the GNU General Public
- * Licence.  See the file COPYING for details.
- *
- * (c) Lawrence Manning, 2001
- * Restarting squid with transparent proxying.
- *
- * 05/02/2004 - Roy Walker <rwalker@miracomnetwork.com>
- * Exclude red network from transparent proxy to allow browsing to alias IPs
- * Read in VPN settings and exclude each VPN network from transparent proxy
- * 
- * $Id: restartsquid.c,v 1.7.2.8 2005/04/22 18:44:37 rkerr Exp $
- * 
- */
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <pwd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include "libsmooth.h"
-#include "setuid.h"
-
-int main(int argc, char *argv[])
-{
-       int fd = -1;
-       int enable = 0;
-       int enablevpn = 0;
-       int transparent = 0;
-       int enable_blue = 0;
-       int transparent_blue = 0;
-       int running = 0;
-       struct stat st;
-       FILE *ipfile;
-       char localip[STRING_SIZE] = "";
-       struct keyvalue *net = NULL;
-       struct keyvalue *squid = NULL;
-       char buffer[STRING_SIZE];
-       char proxy_port[STRING_SIZE];
-       char s[STRING_SIZE];
-       char green_dev[STRING_SIZE] = "";
-       char blue_dev[STRING_SIZE] = "";
-       char red_netaddress[STRING_SIZE] = "";
-       char red_netmask[STRING_SIZE] = "";
-       char configtype[STRING_SIZE] = "";
-       char redtype[STRING_SIZE] = "";
-       char enableredvpn[STRING_SIZE] = "";
-       char enablebluevpn[STRING_SIZE] = "";
-
-       if (!(initsetuid()))
-               exit(1);
-
-       /* Kill running squid */
-       safe_system("/sbin/iptables -t nat -F SQUID");
-       safe_system("/usr/sbin/squid -k shutdown >/dev/null 2>/dev/null");
-       sleep(5);
-       safe_system("/bin/killall -9 squid squidGuard >/dev/null 2>/dev/null");
-       
-       /* See if proxy is enabled and / or transparent */
-       if ((fd = open(CONFIG_ROOT "/proxy/enable", O_RDONLY)) != -1)
-       {
-               close(fd);
-               enable = 1;
-       }
-       if ((fd = open(CONFIG_ROOT "/proxy/transparent", O_RDONLY)) != -1)
-       {
-               close(fd);
-               transparent = 1;
-       }
-       if ((fd = open(CONFIG_ROOT "/proxy/enable_blue", O_RDONLY)) != -1)
-       {
-               close(fd);
-               enable_blue = 1;
-       }
-       if ((fd = open(CONFIG_ROOT "/proxy/transparent_blue", O_RDONLY)) != -1)
-       {
-               close(fd);
-               transparent_blue = 1;
-       }
-
-       /* Read the network configuration */
-       net=initkeyvalues();
-       if (!readkeyvalues(net, CONFIG_ROOT "/ethernet/settings"))
-       {
-               fprintf(stderr, "Cannot read ethernet settings\n");
-               exit(1);
-       }
-       if (!findkey(net, "GREEN_DEV", green_dev))
-       {
-               fprintf(stderr, "Cannot read GREEN_DEV\n");
-               exit(1);
-       }
-       if (!VALID_DEVICE(green_dev))
-       {
-               fprintf(stderr, "Bad GREEN_DEV: %s\n", green_dev);
-               exit(1);
-       }
-       if (!findkey(net, "CONFIG_TYPE", configtype))
-       {
-               fprintf(stderr, "Cannot read CONFIG_TYPE\n");
-               exit(1);
-       }
-
-       findkey(net, "RED_TYPE", redtype);
-       findkey(net, "RED_NETADDRESS", red_netaddress);
-       findkey(net, "RED_NETMASK", red_netmask);
-       findkey(net, "BLUE_DEV", blue_dev);
-       freekeyvalues(net);
-
-       /* See if VPN software is enabled */
-       net=initkeyvalues();
-       if (!readkeyvalues(net, CONFIG_ROOT "/vpn/settings"))
-       {
-               fprintf(stderr, "Cannot read vpn settings\n");
-               exit(1);
-       }
-       findkey(net, "ENABLED", enableredvpn);
-       findkey(net, "ENABLED_BLUE", enablebluevpn);
-       freekeyvalues(net);
-       if (    (!strcmp(enableredvpn, "on") && VALID_IP(localip)) || 
-               (!strcmp(enablebluevpn, "on") && VALID_DEVICE(blue_dev)) ) {
-                       enablevpn = 1;
-       }
-
-       /* Retrieve the Squid pid file */
-       if ((fd = open("/var/run/squid.pid", O_RDONLY)) != -1)
-       {
-               close(fd);
-               running = 1;
-       }
-
-       /* Retrieve the RED ip address */
-       stat(CONFIG_ROOT "/red/local-ipaddress", &st);
-       if (S_ISREG(st.st_mode)) {
-               if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))
-               {
-                       fprintf(stderr, "Couldn't open ip file\n");
-                       exit(0); 
-               }
-               if (fgets(localip, STRING_SIZE, ipfile))
-               {
-                       if (localip[strlen(localip) - 1] == '\n')
-                               localip[strlen(localip) - 1] = '\0';
-               }
-               fclose(ipfile);
-               if (!VALID_IP(localip))
-               {
-                       fprintf(stderr, "Bad ip: %s\n", localip);
-                       exit(0);
-               }
-       }
-
-       /* See if we need to flush the cache */
-       if (argc >=2) {
-               if (strcmp(argv[1], "-f") == 0) {
-                       if (stat("/var/log/cache/swap.state", &st) == 0) {
-                               struct passwd *pw;
-                               if((pw = getpwnam("squid"))) {
-                                       endpwent(); /* probably paranoia, but just in case.. */
-                                       unpriv_system("/bin/echo > /var/log/cache/swap.state", pw->pw_uid, pw->pw_gid);
-                               } else { endpwent(); }
-                       }
-               }
-       }
-
-       if (enable || enable_blue)
-       {
-               safe_system("/usr/sbin/squid -D -z"); 
-               safe_system("/usr/sbin/squid -D");
-       }
-
-       /* Retrieve the proxy port */
-       if (transparent || transparent_blue) {
-               squid=initkeyvalues();
-
-               if (!readkeyvalues(squid, CONFIG_ROOT "/proxy/settings"))
-               {
-                       fprintf(stderr, "Cannot read proxy settings\n");
-                       exit(1);
-               }
-
-               if (!(findkey(squid, "PROXY_PORT", proxy_port)))
-               {
-                       strcpy (proxy_port, "800");
-               } else {
-                       if(strspn(proxy_port, NUMBERS) != strlen(proxy_port))
-                       {
-                               fprintf(stderr, "Invalid proxy port: %s, defaulting to 800\n", proxy_port);
-                               strcpy(proxy_port, "800");
-                       }
-               }
-               freekeyvalues(squid);
-       }
-
-       if (transparent && enable) {
-               int count;
-               char *result;
-               char *name;
-               char *type;
-               char *running;
-               char *vpn_network_mask;
-               char *vpn_netaddress;
-               char *vpn_netmask;
-               FILE *file = NULL;
-               char *conn_enabled;
-               
-               /* Darren Critchley - check to see if RED VPN is enabled before mucking with rules */
-               if (!strcmp(enableredvpn, "on")) {
-                       /* Read the /vpn/config file - no check to see if VPN is enabled */
-                       if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
-                               fprintf(stderr, "Couldn't open vpn config file");
-                               exit(1);
-                       }
-
-                               while (fgets(s, STRING_SIZE, file) != NULL) {
-                                       if (s[strlen(s) - 1] == '\n')
-                                               s[strlen(s) - 1] = '\0';
-                                       running = strdup (s);
-                                       result = strsep(&running, ",");
-                                       count = 0;
-                                       name = NULL;
-                                       type = NULL;
-                                       vpn_network_mask = NULL;
-                                       conn_enabled = NULL;
-                                       while (result) {
-                                               if (count == 1)
-                                                       conn_enabled = result;
-                                               if (count == 2)
-                                                       name = result;
-                                               if (count == 4)
-                                                       type = result;
-                                               if (count == 12 )
-                                                       vpn_network_mask = result;
-                                               count++;
-                                               result = strsep(&running, ",");
-                                       }
-       
-                                       if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {
-                                               fprintf(stderr, "Bad connection name: %s\n", name);
-                                               exit(1);
-                                       }
-       
-                                       if (! (strcmp(type, "net") == 0)) {
-                                               continue;
-                                       }
-       
-                                       /* Darren Critchley - new check to see if connection is enabled */
-                                       if (! (strcmp(conn_enabled, "on") == 0)) {
-                                               continue;
-                                       }
-       
-                                       result = strsep(&vpn_network_mask, "/");
-                                       count = 0;
-                                       vpn_netaddress = NULL;
-                                       vpn_netmask = NULL;
-                                       while (result) {
-                                               if (count == 0)
-                                                       vpn_netaddress = result;
-                                               if (count == 1)
-                                                       vpn_netmask = result;
-                                               count++;
-                                               result = strsep(&vpn_network_mask, "/");
-                                       }
-       
-                                       if (!VALID_IP(vpn_netaddress)) {
-                                               fprintf(stderr, "Bad network for vpn connection %s: %s\n", name, vpn_netaddress);
-                                               continue;
-                                       }
-       
-                                       if ((!VALID_IP(vpn_netmask)) && (!VALID_SHORT_MASK(vpn_netmask))) {
-                                               fprintf(stderr, "Bad mask for vpn connection %s: %s\n", name, vpn_netmask);
-                                               continue;
-                                       }
-       
-                                       memset(buffer, 0, STRING_SIZE);
-                                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", green_dev, vpn_netaddress, vpn_netmask) >= STRING_SIZE )
-                                       {
-                                               fprintf(stderr, "Command too long\n");
-                                               exit(1);
-                                       }
-                                       safe_system(buffer);
-                               }
-               }       
-               
-               memset(buffer, 0, STRING_SIZE);
-               if ( (  (strcmp(configtype, "2")==0) || (strcmp(configtype, "3")==0)  || 
-                       (strcmp(configtype, "6")==0) || (strcmp(configtype, "7")==0) ) &&
-                       (VALID_IP(red_netaddress)) && (VALID_IP(red_netmask)) && 
-                       (strcmp(redtype, "STATIC")==0) ) 
-               {
-                       memset(buffer, 0, STRING_SIZE);
-                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", green_dev, red_netaddress, red_netmask) >= STRING_SIZE )
-                       {
-                               fprintf(stderr, "Command too long\n");
-                               exit(1);
-                       }
-                       safe_system(buffer);
-               } else if (VALID_IP(localip)) {
-                       memset(buffer, 0, STRING_SIZE);
-                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN", green_dev, localip) >= STRING_SIZE )
-                       {
-                               fprintf(stderr, "Command too long\n");
-                               exit(1);
-                       }
-                       safe_system(buffer);
-               }
-
-               memset(buffer, 0, STRING_SIZE);
-               if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s", green_dev, proxy_port) >= STRING_SIZE )
-               {
-                       fprintf(stderr, "Command too long\n");
-                       exit(1);
-               }
-               safe_system(buffer);
-       }
-
-       if (transparent_blue && enable_blue) {
-               int count;
-               char *result;
-               char *name;
-               char *type;
-               char *running;
-               char *vpn_network_mask;
-               char *vpn_netaddress;
-               char *vpn_netmask;
-               char *conn_enabled;
-               FILE *file = NULL;
-
-               if (! VALID_DEVICE(blue_dev))
-               {
-                       fprintf(stderr, "Bad BLUE_DEV: %s\n", blue_dev);
-                       exit(1);
-               }
-
-               /* Darren Critchley - check to see if BLUE VPN is enabled before mucking with rules */
-               if (!strcmp(enablebluevpn, "on")) {
-                       /* Read the /vpn/config file - no check to see if VPN is enabled */
-                       if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
-                               fprintf(stderr, "Couldn't open vpn config file");
-                               exit(1);
-                               }
-                               while (fgets(s, STRING_SIZE, file) != NULL) {
-                                       if (s[strlen(s) - 1] == '\n')
-                                               s[strlen(s) - 1] = '\0';
-                                       running = strdup (s);
-                                       result = strsep(&running, ",");
-                                       count = 0;
-                                       name = NULL;
-                                       type = NULL;
-                                       vpn_network_mask = NULL;
-                                       conn_enabled = NULL;
-                                       while (result) {
-                                               if (count == 1)
-                                                       conn_enabled = result;
-                                               if (count == 2)
-                                                       name = result;
-                                               if (count == 4)
-                                                       type = result;
-                                               if (count == 12 )
-                                                       vpn_network_mask = result;
-                                               count++;
-                                               result = strsep(&running, ",");
-                                       }
-       
-                                       if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {
-                                               fprintf(stderr, "Bad connection name: %s\n", name);
-                                               exit(1);
-                                       }
-       
-                                       if (! (strcmp(type, "net") == 0)) {
-                                               continue;
-                                       }
-       
-                                       /* Darren Critchley - new check to see if connection is enabled */
-                                       if (! (strcmp(conn_enabled, "on") == 0)) {
-                                               continue;
-                                       }
-       
-                                       result = strsep(&vpn_network_mask, "/");
-                                       count = 0;
-                                       vpn_netaddress = NULL;
-                                       vpn_netmask = NULL;
-                                       while (result) {
-                                               if (count == 0)
-                                                       vpn_netaddress = result;
-                                               if (count == 1)
-                                                       vpn_netmask = result;
-                                               count++;
-                                               result = strsep(&vpn_network_mask, "/");
-                                       }
-       
-                                       if (!VALID_IP(vpn_netaddress)) {
-                                               fprintf(stderr, "Bad network for vpn connection %s: %s\n", name, vpn_netaddress);
-                                               continue;
-                                       }
-       
-                                       if ((!VALID_IP(vpn_netmask)) && (!VALID_SHORT_MASK(vpn_netmask))) {
-                                               fprintf(stderr, "Bad mask for vpn connection %s: %s\n", name, vpn_netmask);
-                                               continue;
-                                       }
-       
-                                       memset(buffer, 0, STRING_SIZE);
-                                       if (snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", blue_dev, vpn_netaddress, vpn_netmask) >= STRING_SIZE )
-                                       {
-                                               fprintf(stderr, "Command too long\n");
-                                               exit(1);
-                                       }
-                                       safe_system(buffer);
-                               }
-               }
-       
-               memset(buffer, 0, STRING_SIZE);
-               if ( (  (strcmp(configtype, "2")==0) || (strcmp(configtype, "3")==0)  ||
-                       (strcmp(configtype, "6")==0) || (strcmp(configtype, "7")==0) ) &&
-                       (VALID_IP(red_netaddress)) && (VALID_IP(red_netmask)) &&
-                       (strcmp(redtype, "STATIC")==0) )
-               {
-                       memset(buffer, 0, STRING_SIZE);
-                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s/%s --dport 80 -j RETURN", blue_dev, red_netaddress, red_netmask) >= STRING_SIZE )
-                       {
-                               fprintf(stderr, "Command too long\n");
-                               exit(1);
-                       }
-                       safe_system(buffer);
-               } else if (VALID_IP(localip)) {
-                       memset(buffer, 0, STRING_SIZE);
-                       if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN", blue_dev, localip) >= STRING_SIZE )
-                       {
-                               fprintf(stderr, "Command too long\n");
-                               exit(1);
-                       }
-                       safe_system(buffer);
-               }
-
-               memset(buffer, 0, STRING_SIZE);
-               if( snprintf(buffer, STRING_SIZE - 1, "/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s", blue_dev, proxy_port) >= STRING_SIZE )
-               {
-                       fprintf(stderr, "Command too long\n");
-                       exit(1);
-               }
-               safe_system(buffer);
-       }
-       
-       return 0;
-}
diff --git a/src/misc-progs/squidctrl.c b/src/misc-progs/squidctrl.c
new file mode 100644 (file)
index 0000000..e8d2f13
--- /dev/null
@@ -0,0 +1,45 @@
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence.  See the file COPYING for details.
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include "setuid.h"
+
+int main(int argc, char *argv[]) {
+
+       if (!(initsetuid()))
+               exit(1);
+
+       if (argc < 2) {
+               fprintf(stderr, "\nNo argument given.\n\nsquidctrl (start|stop|restart|flush)\n\n");
+               exit(1);
+       }
+
+       if (strcmp(argv[1], "start") == 0) {
+               safe_system("/etc/rc.d/init.d/squid start");
+       } else if (strcmp(argv[1], "stop") == 0) {
+               safe_system("/etc/rc.d/init.d/squid stop");
+       } else if (strcmp(argv[1], "restart") == 0) {
+               safe_system("/etc/rc.d/init.d/squid restart");
+       } else if (strcmp(argv[1], "flush") == 0) {
+               safe_system("/etc/rc.d/init.d/squid flush");
+       } else if (strcmp(argv[1], "enable") == 0) {
+               safe_system("ln -fs ../init.d/squid /etc/rc.d/rc3.d/S99squid >/dev/null 2>&1");
+               safe_system("ln -fs ../init.d/squid /etc/rc.d/rc{0,6}.d/K00squid >/dev/null 2>&1");
+       } else if (strcmp(argv[1], "disable") == 0) {
+               safe_system("rm -f /etc/rc.d/rc*.d/*squid >/dev/null 2>&1");
+       } else {
+               fprintf(stderr, "\nBad argument given.\n\nredctrl (start|stop|restart|flush)\n\n");
+               exit(1);
+       }
+
+       return 0;
+}