Separate header access rules for Squid 3.0

diff --git a/squid/CHANGELOG b/squid/CHANGELOG
index 88d87f4..66a8157 100644 (file)
--- a/squid/CHANGELOG
+++ b/squid/CHANGELOG
@@ -25,3 +25,4 @@ The httpd_accel family of directives are no longer shown when using Squid versio
 Directives that refer to ACLs like http_access are no longer re-positioned in the configuration file unless necessary.
 ---- Changes since 1.400 ----
 Use the cache directive instead of no_cache for Squid 2.6.
+Allow request and reply headers access control rules to be configured separately in Squid 3.0.

diff --git a/squid/edit_headeracc.cgi b/squid/edit_headeracc.cgi
index 1f32ffb..c76e80c 100755 (executable)
--- a/squid/edit_headeracc.cgi
+++ b/squid/edit_headeracc.cgi
@@ -7,11 +7,13 @@ $access{'headeracc'} || &error($text{'header_ecannot'});
 $conf = &get_config();
 
 if (!defined($in{'index'})) {
-       &ui_print_header(undef, $text{'header_create'}, "",
+       &ui_print_header(undef, $text{'header_create_'.$in{'type'}} ||
+                               $text{'header_create'}, "",
                undef, 0, 0, 0, &restart_button());
        }
 else {
-       &ui_print_header(undef, $text{'header_edit'}, "",
+       &ui_print_header(undef, $text{'header_edit_'.$in{'type'}} ||
+                               $text{'header_edit'}, "",
                undef, 0, 0, 0, &restart_button());
        @v = @{$conf->[$in{'index'}]->{'values'}};
        }
@@ -20,6 +22,7 @@ print "<form action=save_headeracc.cgi>\n";
 if (@v) {
        print "<input type=hidden name=index value='$in{'index'}'>\n";
        }
+print &ui_hidden("type", $in{'type'});
 print "<table border>\n";
 print "<tr $tb> <td><b>$text{'header_header'}</b></td> </tr>\n";
 print "<tr $cb> <td><table>\n";

diff --git a/squid/images/list_refresh.gif b/squid/images/list_refresh.gif
index 111646d..cc7d154 100644 (file)
Binary files a/squid/images/list_refresh.gif and b/squid/images/list_refresh.gif differ

diff --git a/squid/init_cache.cgi b/squid/init_cache.cgi
index a9e3038..751f6e4 100755 (executable)
--- a/squid/init_cache.cgi
+++ b/squid/init_cache.cgi
@@ -13,6 +13,7 @@ $conf = &get_config();
 if (!$in{'nouser'}) {
        $in{'user'} || &error($text{'icache_ymcautrsa'});
        @uinfo = getpwnam($in{'user'});
+       scalar(@uinfo) || &error($text{'icache_euser'});
        @ginfo = getgrgid($uinfo[3]);
        if ($squid_version < 2) {
                $dir = { 'name' => 'cache_effective_user',

diff --git a/squid/lang/en b/squid/lang/en
index a5f5afb..6ff2223 100644 (file)
--- a/squid/lang/en
+++ b/squid/lang/en
@@ -551,6 +551,7 @@ saicp_ftsir=Failed to save ICP restriction
 icache_ecannot=You are not allowed to initialize the cache
 icache_ftic=Failed to initialize cache
 icache_ymcautrsa=You must choose a user to run Squid as
+icache_euser=User to run Squid as does not exist
 icache_itscwtc=Initializing the Squid cache with the command <tt>$1</tt> ..
 icache_return=squid index
 icache_title=Initialize Cache
@@ -883,12 +884,18 @@ header_act=Action
 header_acls=For ACLs
 header_add=Add a new header access control rule.
 header_create=Create Header Access Rule
+header_create_request_header_access=Create Request Header Access Rule
+header_create_reply_header_access=Create Reply Header Access Rule
 header_edit=Edit Header Access Rule
+header_edit_request_header_access=Edit Request Header Access Rule
+header_edit_reply_header_access=Edit Reply Header Access Rule
 header_header=HTTP header access control rule details
 header_return=header access control rule list
 header_ecannot=You are not allowed to edit header access control rules
 header_err=Failed to save header access control rule
 header_ename=Missing or invalid header name
+header_request_header_access=Request Headers
+header_reply_header_access=Reply Headers
 
 refresh_title=Refresh Rules
 refresh_none=No refresh rules have been defined yet.

diff --git a/squid/list_headeracc.cgi b/squid/list_headeracc.cgi
index a68607b..661b0ea 100755 (executable)
--- a/squid/list_headeracc.cgi
+++ b/squid/list_headeracc.cgi
@@ -7,43 +7,47 @@ $access{'headeracc'} || &error($text{'header_ecannot'});
 &ui_print_header(undef, $text{'header_title'}, "", "list_headeracc", 0, 0, 0, &restart_button());
 $conf = &get_config();
 
-@headeracc = &find_config("header_access", $conf);
-if (@headeracc) {
-       print "<a href='edit_headeracc.cgi?new=1'>$text{'header_add'}</a>\n";
-       print "<table border>\n";
-       print "<tr $tb> <td><b>$text{'header_name'}</b></td> ",
-             "<td><b>$text{'header_act'}</b></td> ",
-             "<td><b>$text{'header_acls'}</b></td> ",
-             "<td width=10%><b>$text{'eacl_move'}</b></td> </tr>\n";
-       $hc = 0;
-       foreach $h (@headeracc) {
-               @v = @{$h->{'values'}};
-               print "<tr $cb>\n";
-               print "<td><a href='edit_headeracc.cgi?index=$h->{'index'}'>",
-                     "$v[0]</a></td>\n";
-               print "<td>",$v[1] eq 'allow' ?  $text{'eacl_allow'} :
-                               $text{'eacl_deny'},"</td>\n";
-               print "<td>",join(" ", @v[2..$#v]),"</td>\n";
-               print "<td>\n";
-               if ($hc != @headeracc-1) {
-                       print "<a href=\"move_headeracc.cgi?$hc+1\">",
-                             "<img src=images/down.gif border=0></a>";
-                       }
-               else { print "<img src=images/gap.gif>"; }
-               if ($hc != 0) {
-                       print "<a href=\"move_headeracc.cgi?$hc+-1\">",
-                             "<img src=images/up.gif border=0></a>";
+# Work out what header access directives we support
+@types = $squid_version >= 3.0 ?
+       ("request_header_access", "reply_header_access") : ("header_access");
+
+# Show a table for each
+foreach $t (@types) {
+       @headeracc = &find_config($t, $conf);
+       @links = ( "<a href='edit_headeracc.cgi?new=1&type=$t'>".
+                  "$text{'header_add'}</a>" );
+       print &ui_subheading($text{'header_'.$t}),"<p>\n"
+               if ($t ne "header_access");
+       if (@headeracc) {
+               print &ui_links_row(\@links);
+               print &ui_columns_start([ $text{'header_name'},
+                                         $text{'header_act'},
+                                         $text{'header_acls'},
+                                         $text{'eacl_move'} ]);
+               $hc = 0;
+               foreach $h (@headeracc) {
+                       @v = @{$h->{'values'}};
+                       @cols = ( );
+                       push(@cols, "<a href='edit_headeracc.cgi?type=$t&".
+                                   "index=$h->{'index'}'>$v[0]</a>");
+                       push(@cols, $v[1] eq 'allow' ? $text{'eacl_allow'}
+                                                    : $text{'eacl_deny'});
+                       push(@cols, join(" ", @v[2..$#v]));
+                       push(@cols, &ui_up_down_arrows(
+                               "move_headeracc.cgi?$hc+-1+$t",
+                               "move_headeracc.cgi?$hc+1+$t",
+                               $hc != 0, $hc != @headeracc-1));
+                       print &ui_columns_row(\@cols);
+                       $hc++;
                        }
-               print "</td></tr>\n";
-               print "</tr>\n";
-               $hc++;
+               print &ui_columns_end();
                }
-       print "</table>\n";
-       }
-else {
-       print "<p>$text{'header_none'}<p>\n";
+       else {
+               print "$text{'header_none'}<p>\n";
+               }
+       print &ui_links_row(\@links);
+       print "<hr>" if ($t ne $types[$#types]);
        }
-print "<a href='edit_headeracc.cgi?new=1'>$text{'header_add'}</a><br>\n";
 
 &ui_print_footer("", $text{'index_return'});
 

diff --git a/squid/move_headeracc.cgi b/squid/move_headeracc.cgi
index 9ba6ca9..09b7acd 100755 (executable)
--- a/squid/move_headeracc.cgi
+++ b/squid/move_headeracc.cgi
@@ -6,14 +6,14 @@ require './squid-lib.pl';
 $access{'headeracc'} || &error($text{'header_ecannot'});
 &lock_file($config{'squid_conf'});
 $conf = &get_config();
-($pos, $move) = @ARGV;
+($pos, $move, $type) = @ARGV;
 
-@headeracc = &find_config("header_access", $conf);
+@headeracc = &find_config($type, $conf);
 $newpos = $pos + $move;
 $oldv = $headeracc[$pos]->{'values'};
 $headeracc[$pos]->{'values'} = $headeracc[$newpos]->{'values'};
 $headeracc[$newpos]->{'values'} = $oldv;
-&save_directive($conf, "header_access", \@headeracc);
+&save_directive($conf, $type, \@headeracc);
 &flush_file_lines();
 &unlock_file($config{'squid_conf'});
 &webmin_log("move", "headeracc");

diff --git a/squid/save_headeracc.cgi b/squid/save_headeracc.cgi
index 4d21d19..72179cd 100755 (executable)
--- a/squid/save_headeracc.cgi
+++ b/squid/save_headeracc.cgi
@@ -8,7 +8,7 @@ $access{'headeracc'} || &error($text{'headeracc_ecannot'});
 $conf = &get_config();
 &error_setup($text{'headeracc_err'});
 
-@headeracc = &find_config("header_access", $conf);
+@headeracc = &find_config($in{'type'}, $conf);
 if (defined($in{'index'})) {
        $h = $conf->[$in{'index'}];
        }
@@ -22,11 +22,11 @@ else {
        @vals = ( $in{'name'}, $in{'action'} );
        foreach $y (split(/\0/, $in{'yes'})) { push(@vals, $y); }
        foreach $n (split(/\0/, $in{'no'})) { push(@vals, "!$n"); }
-       $newh = { 'name' => 'header_access', 'values' => \@vals };
+       $newh = { 'name' => $in{'type'}, 'values' => \@vals };
        if ($h) { splice(@headeracc, &indexof($h, @headeracc), 1, $newh); }
        else { push(@headeracc, $newh); }
        }
-&save_directive($conf, "header_access", \@headeracc);
+&save_directive($conf, $in{'type'}, \@headeracc);
 &flush_file_lines();
 &unlock_file($config{'squid_conf'});
 &webmin_log($in{'delete'} ? 'delete' : $h ? 'modify' : 'create',