Rewrote squid to remove dependence on tags in config file. Removed ntlm settings, which will have to be implemented in winbindd acf. No support yet for advanced config.

git-svn-id: svn://svn.alpinelinux.org/acf/squid/trunk@1475 ab2d0c66-481e-0410-8bed-d214d4d58bed

1 files changed, 253 insertions, 702 deletions

diff --git a/squid-model.lua b/squid-model.lua
index 101a279..9eeb11d 100644
--- a/squid-model.lua
+++ b/squid-model.lua
@@ -1,58 +1,37 @@
 -- acf model for squid
--- Copyright(c) 2007 A. Brodmann - Licensed under terms of GPL2
 module (..., package.seeall)
 
 -- Load libraries
 require("modelfunctions")
+require("validator")
 require("format")
+require("parser")
 
 -- Set variables
 local squidconf = "/etc/squid/squid.conf"
-local squidtempl = "/etc/squid/squid.conf.template"
+local squiddigestusers = "/etc/squid/users.list"
 local processname = "squid"
 local packagename = "squid"
 
---- the tokenizer functions - must be dislocated into a library later
-tokenizer = {}
+local config, configcontent
 
-tokenizer.new = function( str, delim )
-	local token = {}
-	token.value = str;
-	token.delim = delim;
-	token.pos   = 1
-	return token
-end
-               
-tokenizer.pos = function( value, substr, pos )
-	local retval = pos
-	local done = false
-	while not done and retval <= #value do
-		if string.sub( value, retval, retval ) == substr then
-			done = true
-		else
-			retval = retval + 1
+local validate_config = function(newconfig)
+	local success = true
+	success = modelfunctions.validatemulti(newconfig.value.authmethod)
+	for i,val in ipairs(newconfig.value.httpports.value) do
+		local before, after = string.match(val, "^([^:]+):([^:]+)$")
+		if not (before and after) then
+			after = val
 		end
+		if not validator.is_port(after) then
+			newconfig.value.httpports.errtxt = "Invalid port"
+			success = false
+			break
+		end				
 	end
-	return retval
-end
-                                                                  
-tokenizer.next = function( token )
-	if token.pos > #token.value then
-		return token, nil
-	end
-	
-	local strpos = tokenizer.pos( token.value, token.delim, token.pos )
-	retval = string.sub(token.value, token.pos, strpos-1)
-	if retval == token.delim then
-		retval = ""
-		token.pos = token.pos + 1
-	else
-		token.pos = strpos + 1
-	end
- 
-	return token, retval
+
+	return success, newconfig
 end
----
 
 getstatus = function()
 	return modelfunctions.getstatus(processname, packagename, "Squid status")
@@ -62,101 +41,81 @@ startstop_service = function(action)
 	return modelfunctions.startstop_service(processname, action)
 end
 
-get_winbind_version = function()
+get_configfile = function()
+	return modelfunctions.getfiledetails(squidconf)
+end
 
-	local retval = ""
-	
-	local ptr = io.popen( "/usr/sbin/winbindd -V" )
-	if ptr ~= nil then
-		retval = ptr:read( "*l" )
-		ptr:close()
-	else
-		retval = "Error - can't retrieve winbindd version"
-	end
-	
-	return retval
+update_configfile = function( filedetails )
+	filedetails.value.filename.value = squidconf
+	return modelfunctions.setfiledetails(filedetails)
 end
 
-get_status_winbindd = function()
+read_digest_userlist = function()
+	local retval = modelfunctions.getfiledetails(squiddigestusers)
+	retval.value.filecontent.descr = "List of username:password entries"
 
-	local retval = "Disabled"
+	-- check to see if the file is being used
+	configcontent = configcontent or fs.read_file(squidconf)
+	config = config or parser.parseconfigfile(configcontent)
 
-	local ptr = io.popen( "/bin/pidof winbindd" )
-	local pid = ptr:read( "*a" )
-	ptr:close()
-	if pid ~= nil then
-		if #pid > 1 then
-			retval = "Enabled"
+	retval.value.status = cfe({ errtxt="Digest authentication not enabled", label="User list status" })
+	for i,line in ipairs(config) do
+		if line[1] == "auth_param" and line[2] == "digest" and line[3] == "program" then
+			if line[5] == squiddigestusers then
+				retval.value.status.value = "User list in use"
+				retval.value.status.errtxt = nil
+			else
+				retval.value.status.errtxt = "Digest authentication not using this user list"
+			end
 		end
 	end
 	
 	return retval
 end
 
-service_control_winbindd = function( control )
-
-	local retval = ""
-	
-	local ptr = io.popen( "/etc/init.d/winbindd " .. control, "r" )
-	if ptr ~= nil then
-		local retmsg = ptr:read( "*a" )
-		ptr:close()
-		if retmsg ~= nil then
-			retval = retmsg
-		else
-			retval = "service_control(): Failed to read output from initscript!\n"
-		end
-	else
-		retval = "service_control(): Failed to start/stop/restart service!\n"
-	end
-
-	return retval
+update_digest_userlist = function( userlistdetails )
+	userlistdetails.value.filename.value = squiddigestusers
+	return modelfunctions.updatefiledetails(userlistdetails)
 end
 
-get_winbindd_config = function()
-
-	local error = ""
-	local config = { domain = { value="", type="text", label="domain" },
-	                 dcnetbiosname = { value="", type="text", label="DC NetBIOS name" },
-	                 dcipaddress = { value="", type="text", label="DC IP Address" },
-	                 interface = { value="", type="text", label="interfaces" },
-	                 loglevel = { value="", type="text", label="0" },
-	                 account = { value="", type="text", label="account" },
-	                 password = { value="", type="text", label="password" }
-	               }
-	               
-	local ptr = io.open( "/etc/samba/smb.conf" )
-	if ptr ~= nil then
-		ptr:close()
-	else
-		
+enable_digest_userlist = function()
+	configcontent = configcontent or fs.read_file(squidconf)
+
+	local newline = "auth_param digest program /usr/sbin/digest_pw_auth "..squiddigestusers
+	local lastauth, authline
+	local lines = {}
+	-- first loop to comment out / uncomment existing lines
+	local linenum = 0
+	for line in string.gmatch(configcontent, "([^\n]*)\n?") do
+		linenum = linenum + 1
+		if not authline and not string.match(line, "^[%s#]*$") then
+			local first, second, third = string.match(line, "([^%s#]+)%s+(%S+)%s+(%S+)")
+			if first == "auth_param" then
+				lastauth = linenum
+				if second == "digest" and third == "program" then
+					authline = linenum
+					line = string.gsub(line, "^[%s#]+", "")
+					local fifth = string.match(line, "^%S+%s+%S+%s+%S+%s+%S+%s+(%S+)")
+					line = string.gsub(line, fifth, squiddigestusers)
+				end
+			end
+		end
+		lines[#lines+1] = line
 	end
-	
-	return config
-end
-
-get_configfile = function()
-	return modelfunctions.getfiledetails(squidconf)
-end
-
-get_digest_userlist = function()
-
-	local retval = ""
-	
-	local ptr = io.open( "/etc/squid/users.list" )
-	if ptr ~= nil then
-		local retcfg = ptr:read( "*a" )
-		ptr:close()
-		if retcfg == nil then
-			retval = "\n\n   Error: Failed to read user/password list!\n\n"
+	if not authline then
+		if not lastauth then
+			lines[#lines+1] = newline
 		else
-			retval = retcfg
+			table.insert(lines, lastauth+1, newline)
 		end
 	end
-	
-	return retval
+	fs.write_file(squidconf, string.gsub(table.concat(lines, "\n"), "\n+$", ""))
+	config = nil
+	configcontent = nil
+	return cfe({ value="Successfully enabled user list", label="Enable disgest user list result" })
 end
 
+--[[
 get_saccess = function()
 
 	local config = {}
@@ -203,631 +162,223 @@ get_file_contents = function( name )
 	
 	return retval
 end
-
-update_configfile = function( filedetails )
-	filedetails.value.filename.value = squidconf
-	return modelfunctions.setfiledetails(filedetails)
-end
-
-update_digest_userlist = function( config )
-
-	local retval = "Successfully updated user list!"
-	
-	local ptr = io.open( "/etc/squid/users.list", "wb+" )
-	if ptr ~= nil then
-		ptr:write( format.dostounix( config ) )
-		ptr:close()
-	else
-		retval = "Update Digest User List: Error, failed to open /etc/squid/users.list!\n"
-	end
-end
-
-get_conf_tag = function( tag, gat )
-
-	local retval = ""
-	local error = ""
-	local found = false
-	local done = false
-	
-	local fptr = io.open( squidconf, "r" )
-	if fptr == nil then
-		return "", "Failed to open squid config file!"
-	end
-	
-	while not found and not done do
-		local line = fptr:read( "*l" )
-		if line == nil then
-			done = true
-		else 
-			if string.sub( line, 1, 22 ) == tag then
-				found = true
+--]]
+
+read_config = function()
+	local retval = {
+		httpports = { type="list", value={}, label="HTTP Ports", descr="List of port, IP:port, or hostname:port entries that Squid will listen on" },
+		accesslog = { type="boolean", value=false, label="Log Access" },
+		diskcache = { type="boolean", value=false, label="Disk Cache" },
+		authmethod = { type="multi", value={}, label="Authentication Methods", option={"negotiate", "ntlm", "digest", "basic"} },
+	}
+
+	configcontent = configcontent or fs.read_file(squidconf)
+	config = config or parser.parseconfigfile(configcontent)
+
+	if config then
+		for i,line in ipairs(config) do
+			if line[1] == "http_port" then
+				table.insert(retval.httpports.value, line[2])
+			elseif line[1] == "access_log" then
+				retval.accesslog.value = (line[2] ~= "none")
+			elseif line[1] == "cache_dir" then
+				retval.diskcache.value = (line[2] ~= "null")
+			elseif line[1] == "auth_param" and line[3] == "program" then
+				table.insert(retval.authmethod.value, line[2])
 			end
 		end
 	end
-	
-	if done then
-		fptr:close()
-		return "", "TAG not found in squid config!"
-	end
-	
-	found = false
-	done = false
-	
-	while not found and not done do
-		local line = fptr:read( "*l" )
-		if line == nil then
-			done = true
-		elseif string.sub( line, 1, 22 ) == gat then
-			found = true
-		else
-			retval = retval .. "\n" .. line
-		end
-	end
-	
-	if done then
-		fptr:close()
-		return "", "End TAG (GAT) not found in squid config! '" .. gat .. "'"
-	end
-	
-	fptr:close()
-	
-	return retval, error
-end
 
-get_basic_config = function()
-
-	local error = ""
-	local config = { proxyip = { value="empty", type="text", label="Proxy IP" },
-	                 proxyport = { value="", type="text", label="Proxy Port" },
-	                 filterip = { value="", type="text", label="Filter IP" },
-	                 filterport = { value="", type="text", label="Filter Port" },
-	                 filterregex = { value="", type="text", label="FilterRegex" },
-	                 safeports = { value="", type="text", label="Safe_ports" },
-	                 sslports = { value="", type="text", label="SSL_ports" },
-	                 accesslog = { value="", type="select", label="Access Logs", option={ "yes", "no" } },
-	                 diskcache = { value="", type="select", label="Disk Cache Parameters", option={ "yes", "no" } },
-	                 authmethod = { value="", type="text", label="Authentication Method" }
-	               }
-	               
-	local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0001", "### ACF-SQUID-GAT-0001" )
-	if #error > 0 then
-		return config, error
-	end
+	return cfe({ type="group", value=retval, label="Squid Config" })
+end
 
-	local cfg1tok = ""
-	local cfg2tok = ""
-	local cfg3tok = ""
-
-	--- get proxyip, proxyport
-	cfg1tok = tokenizer.new( cfg1, "\n" )
-	local done = false
-	while not done do
-		local str1 = ""
-		cfg1tok, str1 = tokenizer.next( cfg1tok )
-		if str1 == nil then
-			return nil, "Corrupt squid.conf! Missing 'http_port' statement!"
-		else
-			if string.sub( str1, 1, 10 ) == "http_port " then
-				local str2 = ""
-				local ipport = ""
-				local ip = ""
-				local port = ""
-				cfg2tok = tokenizer.new( str1, " " )
-				cfg2tok, ipport = tokenizer.next( cfg2tok )
-				cfg2tok, ipport = tokenizer.next( cfg2tok )
-				if ipport == nil then
-					return config, "Corrupt squid.conf! Missing parameter #1 for 'http_port' statement!"
-				end
-				cfg3tok = tokenizer.new( ipport, ":" )
-				cfg3tok, ip = tokenizer.next( cfg3tok )
-				cfg3tok, port = tokenizer.next( cfg3tok )
-				if port == nil then
-					port = ip
-					ip = ""
-				end
-				
-				config.proxyip.value = ip
-				config.proxyport.value = port
-				done = true
-			end
-		end
-	end
-	cfg1tok = nil
-	cfg2tok = nil
-	cfg3tok = nil
-	
-	--- get filterip, filterport
-	local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0007", "### ACF-SQUID-GAT-0007" )
-	if #error > 0 then
-		return config, error
-	end
-	
-	cfg1tok = tokenizer.new( cfg1, "\n" )
-	done = false
-	while not done do
-		local str1 = ""
-		cfg1tok, str1 = tokenizer.next( cfg1tok )
-		if str1 == nil then
-			return nil, "Corrupt squid.conf! Missing 'cache_peer' statement!"
-		else
-			if string.sub( str1, 1, 11 ) == "cache_peer " then
-				local str2 = ""
-				local tmp = ""
-				local ip = ""
-				local port = ""
-				cfg2tok = tokenizer.new( str1, " " )
-				cfg2tok, tmp = tokenizer.next( cfg2tok )
-				cfg2tok, ip = tokenizer.next( cfg2tok )
-				cfg2tok, tmp = tokenizer.next( cfg2tok )
-				cfg2tok, port = tokenizer.next( cfg2tok )
-				if ip == nil or port == nil then
-					return config, "Corrupt squid.conf! Missing parameters #2 and/or #4 for 'cache_peer' statement!"
+update_config = function(newconfig)
+	local success, newconfig = validate_config(newconfig)
+	if success then
+		configcontent = configcontent or fs.read_file(squidconf)
+
+		local lastport, lastlog, lastcache, lastauth
+		local didports = {}
+		local didlog, didcache
+		local didauths = {}
+		local reverseports = {} for i,port in ipairs(newconfig.value.httpports.value) do reverseports[port] = i end
+		local reverseauths = {} for i,auth in ipairs(newconfig.value.authmethod.value) do reverseauths[auth] = i end
+
+		local lines = {}
+		-- first loop to comment out / uncomment existing lines
+		local linenum = 0
+		for line in string.gmatch(configcontent, "([^\n]*)\n?") do
+			linenum = linenum + 1
+			if not string.match(line, "^[%s#]*$") then
+				local first, second = string.match(line, "([^%s#]+)%s+(%S+)")
+				if first == "http_port" then
+					lastport = linenum
+					line = string.gsub(line, "^[%s#]+", "")
+					if not reverseports[second] then
+						line = "# "..line
+					else
+						didports[second] = true
+					end
+				elseif first == "access_log" then
+					lastlog = linenum
+					line = string.gsub(line, "^[%s#]+", "")
+					if (newconfig.value.accesslog.value and second == "none")
+					or (not newconfig.value.accesslog.value and second ~= "none") then
+						line = "# "..line
+					else
+						didlog = true
+					end
+				elseif first == "cache_dir" then
+					lastcache = linenum
+					line = string.gsub(line, "^[%s#]+", "")
+					if (newconfig.value.diskcache.value and second == "null")
+					or (not newconfig.value.diskcache.value and second ~= "null") then
+						line = "# "..line
+					else
+						didcache = true
+					end
+				elseif first == "auth_param" and string.match(line, "[^%s#]+%s+%S+%s+(%S+)") == "program" then
+					lastauth = linenum
+					line = string.gsub(line, "^[%s#]+", "")
+					if not reverseauths[second] then
+						line = "# "..line
+					else
+						didauths[second] = true
+					end
 				end
-				config.filterip.value = ip
-				config.filterport.value = port
-				done = true
 			end
+			lines[#lines+1] = line
 		end
-	end
-	cfg1tok = nil
-	cfg2tok = nil
-	cfg3tok = nil
-	
-	--- get diskcache
-	local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0002", "### ACF-SQUID-GAT-0002" )
-	if #error > 0 then
-		return config, error
-	end
-	
-	cfg1tok = tokenizer.new( cfg1, "\n" )
-	done = false
-	while not done do
-		local str1 = ""
-		cfg1tok, str1 = tokenizer.next( cfg1tok )
-		if str1 == nil then
-			return nil, "Corrupt squid.conf! Missing 'cache_dir' statement!"
-		else
-			if string.sub( str1, 1, 15 ) == "cache_dir diskd" then
-				config.diskcache.value = "yes"
-				done = true
-			elseif string.sub( str1, 1, 14 ) == "cache_dir null" then
-				config.diskcache.value = "no"
-				done = true
-			end
-		
-		end
-	end
-	cfg1tok = nil
-	
-	--- get cache_access log
-	local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0003", "### ACF-SQUID-GAT-0003" )
-	if #error > 0 then
-		return config, error
-	end
-	
-	cfg1tok = tokenizer.new( cfg1, "\n" )
-	done = false
-	local str1 = ""
-	while str1 ~= nil do
-		cfg1tok, str1 = tokenizer.next( cfg1tok )
-		if str1 ~= nil then
-			if string.sub( str1, 1, 16 ) == "cache_access_log" then
-				config.accesslog.value = "yes"
-			elseif string.sub( str1, 1, 17 ) == "#cache_access_log" or
-					string.sub( str1, 1, 18 ) == "# cache_access_log" then
-				config.accesslog.value = "no"
-			end
-		end
-	end
-	if config.accesslog.value == "" then
-		return nil, "Corrupt squid.conf! Missing 'cache_access_log' statement!"
-	end
-	cfg1tok = nil
-	
-	--- authentication method
-	local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0004", "### ACF-SQUID-GAT-0004" )
-	if #error > 0 then
-		return config, error
-	end
-	
-	cfg1tok = tokenizer.new( cfg1, "\n" )
-	local done = false
-	local auth = ""
-	while not done do
-		local str1 = ""
-		cfg1tok, str1 = tokenizer.next( cfg1tok )
-		if str1 == nil then
-			done = true
-		else
-			if string.sub( str1, 1, 18 ) == "auth_param digest " then
-				if string.match( auth, "D" ) == nil then
-					auth = auth .. "D"
-				end
-			elseif string.sub( str1, 1, 16 ) == "auth_param ntlm " then
-				if string.match( auth, "N" ) == nil then
-					auth = auth .. "N"
-				end
-			elseif string.sub( str1, 1, 17 ) == "auth_param basic " then
-				if string.match( auth, "B" ) == nil then
-					auth = auth .. "B"
+
+		-- We've gone through the file, now check to see if everything is done
+		local tobedone = {}
+		local line
+		for i,port in ipairs(newconfig.value.httpports.value) do
+			if not didports[port] then
+				line = "http_port "..port
+				if lastport then
+					table.insert(tobedone, {linenum=lastport+1, line=line})
+				else
+					table.insert(lines, line)
 				end
 			end
 		end
-	end
-	config.authmethod.value = auth
-	cfg1tok = nil
-	
-	--- get filterregex
-	local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0005", "### ACF-SQUID-GAT-0005" )
-	if #error > 0 then
-		return config, error
-	end
-	
-	cfg1tok = tokenizer.new( cfg1, "\n" )
-	done = false
-	while not done do
-		local str1 = ""
-		cfg1tok, str1 = tokenizer.next( cfg1tok )
-		if str1 == nil then
-			return nil, "Corrupt squid.conf! Missing 'acl ContentFilter urlpath_regex -i' statement!"
-		else
-			if string.sub( str1, 1, 35 ) == "acl ContentFilter urlpath_regex -i " then
-				config.filterregex.value = string.sub( str1, 36 )
-				done = true
-			end
-		end
-	end
-	cfg1tok = nil
-	cfg2tok = nil
-	cfg3tok = nil
-	
-	--- get SSL_ports, Safe_ports
-	local done1 = false
-	local done2 = false
-	cfg1tok = tokenizer.new( cfg1, "\n" )
-	while not done1 or not done2 do
-		local str1 = ""
-		cfg1tok, str1 = tokenizer.next( cfg1tok )
-		if str1 == nil then
-			return nil, "Corrupt squid.conf! Missing 'acl SSL_ports/Safe_ports' statement!"
-		else
-			if string.sub( str1, 1, 19 ) == "acl SSL_ports port " then
-				config.sslports.value = string.sub( str1, 20 )
-				done1 = true
-			elseif string.sub( str1, 1, 20 ) == "acl Safe_ports port " then
-				config.safeports.value = string.sub( str1, 21 )
-				done2 = true	
+		if not didlog then
+			if newconfig.value.accesslog.value then
+				line = "access_log /var/log/squid/access.log"
+			else
+				line = "access_log none"
 			end
-		end
-	end
-	cfg1tok = nil
-	
-	return config, error
-end
-
-config_preblock_copy = function( fromfile, tofile, tag )
-
-	local done = false
-	local line = ""
-	while not done do
-		line = fromfile:read( "*l" )
-		tofile:write( line .. "\n" )
-		if string.sub( line, 1, #tag ) == tag then
-			done = true
-		end
-	end
-end
-
-config_postblock_copy = function( fromfile, tofile )
-
-	local done = false
-	local line = ""
-	while not done do
-		line = fromfile:read( "*l" )
-		if line ~= nil then
-			tofile:write( line .. "\n" )
-		else
-			done = true
-		end
-	end
-end
-
-update_basic_config = function( config )
-
-	local error = ""
-	
-	--- put proxyip, proxyport
-	local tmpfilename = os.tmpname()
-	local tmpfile = io.open( tmpfilename, "w+" )
-	local cfgfile = io.open( squidconf, "r" )
-	local done = false
-	
-	config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0001" )
-	
-	local don2 = false
-	while not done do
-		line = cfgfile:read( "*l" )
-		if string.sub( line, 1, 22 ) == "### ACF-SQUID-GAT-0001" then
-			done = true
-		end
-		if don2 then
-			tmpfile:write( line .. "\n" )
-		else
-			if string.sub( line, 1, 10 ) == "http_port " then
-				don2 = true
-				tmpfile:write( "http_port " .. config.proxyip.value .. ":" .. config.proxyport.value .. "\n" )
+			if lastlog then
+				table.insert(tobedone, {linenum=lastlog+1, line=line})
 			else
-				tmpfile:write( line .. "\n" )
+				table.insert(lines, line)
 			end
 		end
-	end
-
-	config_postblock_copy( cfgfile, tmpfile )
-	
-	tmpfile:close()
-	cfgfile:close()
-	os.rename( tmpfilename, squidconf )
-	
-	
-	--- put filterip, filterport
-	tmpfilename = os.tmpname()
-	tmpfile = io.open( tmpfilename, "w+" )
-	cfgfile = io.open( squidconf, "r" )
-	done = false
-
-	config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0007" )
-
-	local don2 = false
-	while not done do
-		line = cfgfile:read( "*l" )
-		if string.sub( line, 1, 22 ) == "### ACF-SQUID-GAT-0007" then
-			done = true
-		end
-		if don2 then
-			tmpfile:write( line .. "\n" )
-		else
-			if string.sub( line, 1, 11 ) == "cache_peer " then
-				don2 = true
-				local lap = 1
-				local cfg2tok = tokenizer.new( line, " " )
-				local tmpval = ""
-				local newstr = ""
-				local tmparr = {}
-				cfg2tok, tmpval = tokenizer.next( cfg2tok )
-				while tmpval ~= nil do
-					tmparr[lap] = tmpval
-					if lap == 2 then
-						newstr = newstr .. config.filterip.value .. " "
-					elseif lap == 4 then
-						newstr = newstr .. config.filterport.value .. " "
-					else 
-						newstr = newstr .. tmpval .. " "
-					end
-					lap = lap + 1
-					cfg2tok, tmpval = tokenizer.next( cfg2tok )
-				end
-			
-				tmpfile:write( newstr .. "\n" )
+		if not didcache then
+			if newconfig.value.diskcache.value then
+				line = "cache_dir diskd /var/cache/squid 400 16 256"
 			else
-				tmpfile:write( line .. "\n" )
+				line = "cache_dir null"
 			end
-		end
-	end
-	
-	config_postblock_copy( cfgfile, tmpfile )
-	
-	tmpfile:close()
-	cfgfile:close()
-	os.rename( tmpfilename, squidconf )
-	
-	
-	--- disk cache parameters
-	tmpfilename = os.tmpname()
-	tmpfile = io.open( tmpfilename, "w+" )
-	cfgfile = io.open( squidconf, "r" )
-	done = false
-	
-	config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0002" )
-	
-	while not done do
-		line = cfgfile:read( "*l" )
-		if string.sub( line, 1, 7 ) == "### ACF" then
-			done = true
-			tmpfile:write( line .. "\n" )
-		else 
-			if config.diskcache.value == "yes" then
-				if string.sub( line, 1, 16 ) == "#cache_dir diskd" then
-					tmpfile:write( string.sub( line, 2 ) .. "\n" )
-				elseif string.sub( line, 1, 14 ) == "cache_dir null" then
-					tmpfile:write( "#" .. line .. "\n" )
-				else
-					tmpfile:write( line .. "\n" )
-				end
+			if lastcache then
+				table.insert(tobedone, {linenum=lastcache+1, line=line})
 			else
-				if string.sub( line, 1, 15 ) == "cache_dir diskd" then
-					tmpfile:write( "#" .. line .. "\n" )
-				elseif string.sub( line, 1, 15 ) == "#cache_dir null" then
-					tmpfile:write( string.sub( line, 2 ) .. "\n" )
-				else
-					tmpfile:write( line .. "\n" )
-				end
+				table.insert(lines, line)
 			end
 		end
-	end
-	
-	config_postblock_copy( cfgfile, tmpfile )
-	
-	tmpfile:close()
-	cfgfile:close()
-	os.rename( tmpfilename, squidconf )
-	
-	
-	--- cache access log parameters
-	tmpfilename = os.tmpname()
-	tmpfile = io.open( tmpfilename, "w+" )
-	cfgfile = io.open( squidconf, "r" )
-	done = false
-	
-	config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0003" )
-	
-	while not done do
-		line = cfgfile:read( "*l" )
-		if string.sub( line, 1, 7 ) == "### ACF" then
-			done = true
-			tmpfile:write( line .. "\n" )
-		else 
-			if config.accesslog.value == "yes" then
-				if string.sub( line, 1, 17 ) == "#cache_access_log" then
-					tmpfile:write( string.sub( line, 2 ) .. "\n" )
-				elseif string.sub( line, 1, 18 ) == "# cache_access_log" then
-					tmpfile:write( string.sub( line, 3 ) .. "\n" )
-				else
-					tmpfile:write( line .. "\n" )
+		for i,auth in ipairs(newconfig.value.authmethod.value) do
+			if not didauths[auth] then
+				line = "auth_param "..auth.." program "
+				-- These entries have not been tested and probably don't work
+				if auth == "basic" then line = line .. "/usr/libexec/ncsa_auth /usr/etc/passwd"
+				elseif auth == "digest" then line = line .. "/usr/sbin/digest_pw_auth /etc/squid/users.list"
+				elseif auth == "ntlm" then line = line .. "/usr/sbin/wb_ntlmauth"
+				elseif auth == "negotiate" then line = line .. "/usr/sbin/ntlm_auth --helper-protocol=gss-spnego"
 				end
-			else
-				if string.sub( line, 1, 16 ) == "cache_access_log" then
-					tmpfile:write( "#" .. line .. "\n" )
+				if lastauth then
+					table.insert(tobedone, {linenum=lastauth+1, line=line})
 				else
-					tmpfile:write( line .. "\n" )
+					table.insert(lines, line)
 				end
 			end
-			
 		end
-	end
-	
-	config_postblock_copy( cfgfile, tmpfile )
-	
-	tmpfile:close()
-	cfgfile:close()
-	os.rename( tmpfilename, squidconf )
-	
-	
-	--- cache access log parameters
-	tmpfilename = os.tmpname()
-	tmpfile = io.open( tmpfilename, "w+" )
-	cfgfile = io.open( squidconf, "r" )
-	done = false
-	
-	config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0005" )
-	
-	while not done do
-		line = cfgfile:read( "*l" )
-		if string.sub( line, 1, 7 ) == "### ACF" then
-			done = true
-			tmpfile:write( line .. "\n" )
-		else 
-			if string.sub( line, 1, 18 ) == "acl SSL_ports port" then
-				tmpfile:write( "acl SSL_ports port " .. config.sslports.value .. "\n" )
-			elseif string.sub( line, 1, 19 ) == "acl Safe_ports port" then
-				tmpfile:write( "acl Safe_ports port " .. config.safeports.value .. "\n" )
-			elseif string.sub( line, 1, 34 ) == "acl ContentFilter urlpath_regex -i" then
-				tmpfile:write( "acl ContentFilter urlpath_regex -i " .. config.filterregex.value .. "\n" )
-			else
-				tmpfile:write( line .. "\n" )
+		if #tobedone > 0 then
+			table.sort(tobedone, function(a,b) return (a.linenum > b.linenum) end)
+			for i,entry in ipairs(tobedone) do
+				table.insert(lines, entry.linenum, entry.line)
 			end
 		end
-	end
-	
-	config_postblock_copy( cfgfile, tmpfile )
-	
-	tmpfile:close()
-	cfgfile:close()
-	os.rename( tmpfilename, squidconf )
-	
-		
-	return error
-end
 
-upd_authmethod = function( method )
+		-- finally, write the file
+		fs.write_file(squidconf, string.gsub(table.concat(lines, "\n"), "\n+$", ""))
+		config = nil
+		configcontent = nil
+	else
+		newconfig.errtxt = "Failed to set config"
+	end
 
-	local tmpfilename = os.tmpname()
-	local tmpfile = io.open( tmpfilename, "w+" )
-	local cfgfile = io.open( squidconf, "r" )
-	local error = ""
-	local line = ""
-	local done = false
-	
-	config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0004" )
-	
-	while not done do
-		line = cfgfile:read( "*l" )
-		if string.sub( line, 1, 7 ) == "### ACF" then
-			done = true
-			tmpfile:write( line .. "\n" )
-		else
-			if string.sub( line, 1, 17 ) == "auth_param digest" then
-				if string.find( method, "D" ) ~= nil then
-					tmpfile:write( line .. "\n" )
-				else
-					tmpfile:write( "#" .. line .. "\n" )
-				end
-			elseif string.sub( line, 1, 18 ) == "#auth_param digest" then
-				if string.find( method, "D" ) ~= nil then
-					tmpfile:write( string.sub( line, 2 ) .. "\n" )
-				else
-					tmpfile:write( line .. "\n" )
-				end
-			elseif string.sub( line, 1, 15 ) == "auth_param ntlm" then
-				if string.find( method, "N" ) ~= nil then
-					tmpfile:write( line .. "\n" )
-				else
-					tmpfile:write( "#" .. line .. "\n" )
-				end
-			elseif string.sub( line, 1, 16 ) == "#auth_param ntlm" then
-				if string.find( method, "N" ) ~= nil then
-					tmpfile:write( string.sub( line, 2 ) .. "\n" )
-				else
-					tmpfile:write( line .. "\n" )
-				end
-			else
-				tmpfile:write( line .. "\n" )
-			end
+	return newconfig
+end
+--[[
+read_acls = function()
+	local acls = cfe({ type="structure", value={}, label="Squid Access Lists" })
+	configcontent = configcontent or fs.read_file(squidconf)
+	config = config or parser.parseconfigfile(configcontent)
+	for i,line in ipairs(config) do
+		if line[1] == "acl" then
+			table.insert(acls.value, {line=line.line, linenum=line.linenum})
 		end
 	end
-	
-	config_postblock_copy( cfgfile, tmpfile )
-	
-	tmpfile:close()
-	cfgfile:close()
-	os.rename( tmpfilename, squidconf )
 
-	return error
+	return acls
 end
 
-dependancy_ok = function()
-
-	local retval = false
-	local cfgfile = io.open( squidconf )
-	local line = ""
-	
-	if cfgfile ~= nil then
-		line = cfgfile:read( "*l" )
-		if line ~= nil then
-			if string.sub( line, 1, 19 ) == "### ACF-SQUID-MAGIC" then
-				retval = true
-			end
-		end
-	end
-	
-	return retval
+read_acl = function(linenum)
+	local line = cfe({ label="Squid Access List" })
+	local linecfe = cfe({ value=linenum, label="Line number" })
+	configcontent = configcontent or fs.read_file(squidconf)
+	line.value = parser.getline(configcontent, linenum) or ""
+	return cfe({ type="group", value={line=line, linenum=linecfe}, label="Squid Access List" })
 end
 
-create_cfg_from_template = function()
+update_acl = function(acl)
+--	local success, acl = validate_acl(acl)
+	configcontent = configcontent or fs.read_file(squidconf)
+	configcontent = parser.replaceline(configcontent, acl.value.linenum.value, acl.value.line.value)
+	fs.write_file(squidconf, string.gsub(configcontent, "\n+$", ""))
+	config = nil
+	configcontent = nil
+	return acl
+end
 
-	local from = io.open( squidtempl )
-	local to = io.open( squidconf, "wb+" )
-	local line = ""
-	
-	while line ~= nil do
-		line = from:read( "*l" )
-		if line ~= nil then
-			to:write( line .. "\n" )
+create_acl = function(acl)
+--	local success, acl = validate_acl(acl)
+	configcontent = configcontent or fs.read_file(squidconf)
+	config = config or parser.parseconfigfile(configcontent)
+	local linenum = -1
+	for i=#config,1,-1 do
+		if config[i][1] == "acl" then
+			linenum = config[i].linenum
+			configcontent = parser.insertline(configcontent, linenum, acl.value.line.value)
+			break
 		end
 	end
-	
-	from:close()
-	to:close()
-	
-	return
+	if linenum == -1 then
+		configcontent = string.gsub(configcontent, "\n?$", "\n") .. acl.value.line.value
+	end
+	fs.write_file(squidconf, string.gsub(configcontent, "\n+$", ""))
+	config = nil
+	configcontent = nil
+	return acl
 end
 
+delete_acl = function(linenum)
+	configcontent = configcontent or fs.read_file(squidconf)
+	configcontent = parser.replaceline(configcontent, linenum)
+	fs.write_file(squidconf, string.gsub(configcontent, "\n+$", ""))
+	config = nil
+	configcontent = nil
+	return acl
+end
+--]]