diff options
author | Ted Trask <ttrask01@yahoo.com> | 2008-09-18 12:29:20 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2008-09-18 12:29:20 +0000 |
commit | 28fb85a4404b102e9660c306c2c71e0633c03ddb (patch) | |
tree | f36f93b7c620fc290b54e76e862c1015750b79f3 /squid-model.lua | |
parent | 77b5c04c6b5c6aa966c558fc6e63cd2283205dc9 (diff) | |
download | acf-squid-28fb85a4404b102e9660c306c2c71e0633c03ddb.tar.bz2 acf-squid-28fb85a4404b102e9660c306c2c71e0633c03ddb.tar.xz |
Rewrote squid to remove dependence on tags in config file. Removed ntlm settings, which will have to be implemented in winbindd acf. No support yet for advanced config.
git-svn-id: svn://svn.alpinelinux.org/acf/squid/trunk@1475 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'squid-model.lua')
-rw-r--r-- | squid-model.lua | 955 |
1 files changed, 253 insertions, 702 deletions
diff --git a/squid-model.lua b/squid-model.lua index 101a279..9eeb11d 100644 --- a/squid-model.lua +++ b/squid-model.lua @@ -1,58 +1,37 @@ -- acf model for squid --- Copyright(c) 2007 A. Brodmann - Licensed under terms of GPL2 module (..., package.seeall) -- Load libraries require("modelfunctions") +require("validator") require("format") +require("parser") -- Set variables local squidconf = "/etc/squid/squid.conf" -local squidtempl = "/etc/squid/squid.conf.template" +local squiddigestusers = "/etc/squid/users.list" local processname = "squid" local packagename = "squid" ---- the tokenizer functions - must be dislocated into a library later -tokenizer = {} +local config, configcontent -tokenizer.new = function( str, delim ) - local token = {} - token.value = str; - token.delim = delim; - token.pos = 1 - return token -end - -tokenizer.pos = function( value, substr, pos ) - local retval = pos - local done = false - while not done and retval <= #value do - if string.sub( value, retval, retval ) == substr then - done = true - else - retval = retval + 1 +local validate_config = function(newconfig) + local success = true + success = modelfunctions.validatemulti(newconfig.value.authmethod) + for i,val in ipairs(newconfig.value.httpports.value) do + local before, after = string.match(val, "^([^:]+):([^:]+)$") + if not (before and after) then + after = val end + if not validator.is_port(after) then + newconfig.value.httpports.errtxt = "Invalid port" + success = false + break + end end - return retval -end - -tokenizer.next = function( token ) - if token.pos > #token.value then - return token, nil - end - - local strpos = tokenizer.pos( token.value, token.delim, token.pos ) - retval = string.sub(token.value, token.pos, strpos-1) - if retval == token.delim then - retval = "" - token.pos = token.pos + 1 - else - token.pos = strpos + 1 - end - - return token, retval + + return success, newconfig end ---- getstatus = function() return modelfunctions.getstatus(processname, packagename, "Squid status") @@ -62,101 +41,81 @@ startstop_service = function(action) return modelfunctions.startstop_service(processname, action) end -get_winbind_version = function() +get_configfile = function() + return modelfunctions.getfiledetails(squidconf) +end - local retval = "" - - local ptr = io.popen( "/usr/sbin/winbindd -V" ) - if ptr ~= nil then - retval = ptr:read( "*l" ) - ptr:close() - else - retval = "Error - can't retrieve winbindd version" - end - - return retval +update_configfile = function( filedetails ) + filedetails.value.filename.value = squidconf + return modelfunctions.setfiledetails(filedetails) end -get_status_winbindd = function() +read_digest_userlist = function() + local retval = modelfunctions.getfiledetails(squiddigestusers) + retval.value.filecontent.descr = "List of username:password entries" - local retval = "Disabled" + -- check to see if the file is being used + configcontent = configcontent or fs.read_file(squidconf) + config = config or parser.parseconfigfile(configcontent) - local ptr = io.popen( "/bin/pidof winbindd" ) - local pid = ptr:read( "*a" ) - ptr:close() - if pid ~= nil then - if #pid > 1 then - retval = "Enabled" + retval.value.status = cfe({ errtxt="Digest authentication not enabled", label="User list status" }) + for i,line in ipairs(config) do + if line[1] == "auth_param" and line[2] == "digest" and line[3] == "program" then + if line[5] == squiddigestusers then + retval.value.status.value = "User list in use" + retval.value.status.errtxt = nil + else + retval.value.status.errtxt = "Digest authentication not using this user list" + end end end return retval end -service_control_winbindd = function( control ) - - local retval = "" - - local ptr = io.popen( "/etc/init.d/winbindd " .. control, "r" ) - if ptr ~= nil then - local retmsg = ptr:read( "*a" ) - ptr:close() - if retmsg ~= nil then - retval = retmsg - else - retval = "service_control(): Failed to read output from initscript!\n" - end - else - retval = "service_control(): Failed to start/stop/restart service!\n" - end - - return retval +update_digest_userlist = function( userlistdetails ) + userlistdetails.value.filename.value = squiddigestusers + return modelfunctions.updatefiledetails(userlistdetails) end -get_winbindd_config = function() - - local error = "" - local config = { domain = { value="", type="text", label="domain" }, - dcnetbiosname = { value="", type="text", label="DC NetBIOS name" }, - dcipaddress = { value="", type="text", label="DC IP Address" }, - interface = { value="", type="text", label="interfaces" }, - loglevel = { value="", type="text", label="0" }, - account = { value="", type="text", label="account" }, - password = { value="", type="text", label="password" } - } - - local ptr = io.open( "/etc/samba/smb.conf" ) - if ptr ~= nil then - ptr:close() - else - +enable_digest_userlist = function() + configcontent = configcontent or fs.read_file(squidconf) + + local newline = "auth_param digest program /usr/sbin/digest_pw_auth "..squiddigestusers + local lastauth, authline + local lines = {} + -- first loop to comment out / uncomment existing lines + local linenum = 0 + for line in string.gmatch(configcontent, "([^\n]*)\n?") do + linenum = linenum + 1 + if not authline and not string.match(line, "^[%s#]*$") then + local first, second, third = string.match(line, "([^%s#]+)%s+(%S+)%s+(%S+)") + if first == "auth_param" then + lastauth = linenum + if second == "digest" and third == "program" then + authline = linenum + line = string.gsub(line, "^[%s#]+", "") + local fifth = string.match(line, "^%S+%s+%S+%s+%S+%s+%S+%s+(%S+)") + line = string.gsub(line, fifth, squiddigestusers) + end + end + end + lines[#lines+1] = line end - - return config -end - -get_configfile = function() - return modelfunctions.getfiledetails(squidconf) -end - -get_digest_userlist = function() - - local retval = "" - - local ptr = io.open( "/etc/squid/users.list" ) - if ptr ~= nil then - local retcfg = ptr:read( "*a" ) - ptr:close() - if retcfg == nil then - retval = "\n\n Error: Failed to read user/password list!\n\n" + if not authline then + if not lastauth then + lines[#lines+1] = newline else - retval = retcfg + table.insert(lines, lastauth+1, newline) end end - - return retval + fs.write_file(squidconf, string.gsub(table.concat(lines, "\n"), "\n+$", "")) + config = nil + configcontent = nil + return cfe({ value="Successfully enabled user list", label="Enable disgest user list result" }) end +--[[ get_saccess = function() local config = {} @@ -203,631 +162,223 @@ get_file_contents = function( name ) return retval end - -update_configfile = function( filedetails ) - filedetails.value.filename.value = squidconf - return modelfunctions.setfiledetails(filedetails) -end - -update_digest_userlist = function( config ) - - local retval = "Successfully updated user list!" - - local ptr = io.open( "/etc/squid/users.list", "wb+" ) - if ptr ~= nil then - ptr:write( format.dostounix( config ) ) - ptr:close() - else - retval = "Update Digest User List: Error, failed to open /etc/squid/users.list!\n" - end -end - -get_conf_tag = function( tag, gat ) - - local retval = "" - local error = "" - local found = false - local done = false - - local fptr = io.open( squidconf, "r" ) - if fptr == nil then - return "", "Failed to open squid config file!" - end - - while not found and not done do - local line = fptr:read( "*l" ) - if line == nil then - done = true - else - if string.sub( line, 1, 22 ) == tag then - found = true +--]] + +read_config = function() + local retval = { + httpports = { type="list", value={}, label="HTTP Ports", descr="List of port, IP:port, or hostname:port entries that Squid will listen on" }, + accesslog = { type="boolean", value=false, label="Log Access" }, + diskcache = { type="boolean", value=false, label="Disk Cache" }, + authmethod = { type="multi", value={}, label="Authentication Methods", option={"negotiate", "ntlm", "digest", "basic"} }, + } + + configcontent = configcontent or fs.read_file(squidconf) + config = config or parser.parseconfigfile(configcontent) + + if config then + for i,line in ipairs(config) do + if line[1] == "http_port" then + table.insert(retval.httpports.value, line[2]) + elseif line[1] == "access_log" then + retval.accesslog.value = (line[2] ~= "none") + elseif line[1] == "cache_dir" then + retval.diskcache.value = (line[2] ~= "null") + elseif line[1] == "auth_param" and line[3] == "program" then + table.insert(retval.authmethod.value, line[2]) end end end - - if done then - fptr:close() - return "", "TAG not found in squid config!" - end - - found = false - done = false - - while not found and not done do - local line = fptr:read( "*l" ) - if line == nil then - done = true - elseif string.sub( line, 1, 22 ) == gat then - found = true - else - retval = retval .. "\n" .. line - end - end - - if done then - fptr:close() - return "", "End TAG (GAT) not found in squid config! '" .. gat .. "'" - end - - fptr:close() - - return retval, error -end -get_basic_config = function() - - local error = "" - local config = { proxyip = { value="empty", type="text", label="Proxy IP" }, - proxyport = { value="", type="text", label="Proxy Port" }, - filterip = { value="", type="text", label="Filter IP" }, - filterport = { value="", type="text", label="Filter Port" }, - filterregex = { value="", type="text", label="FilterRegex" }, - safeports = { value="", type="text", label="Safe_ports" }, - sslports = { value="", type="text", label="SSL_ports" }, - accesslog = { value="", type="select", label="Access Logs", option={ "yes", "no" } }, - diskcache = { value="", type="select", label="Disk Cache Parameters", option={ "yes", "no" } }, - authmethod = { value="", type="text", label="Authentication Method" } - } - - local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0001", "### ACF-SQUID-GAT-0001" ) - if #error > 0 then - return config, error - end + return cfe({ type="group", value=retval, label="Squid Config" }) +end - local cfg1tok = "" - local cfg2tok = "" - local cfg3tok = "" - - --- get proxyip, proxyport - cfg1tok = tokenizer.new( cfg1, "\n" ) - local done = false - while not done do - local str1 = "" - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 == nil then - return nil, "Corrupt squid.conf! Missing 'http_port' statement!" - else - if string.sub( str1, 1, 10 ) == "http_port " then - local str2 = "" - local ipport = "" - local ip = "" - local port = "" - cfg2tok = tokenizer.new( str1, " " ) - cfg2tok, ipport = tokenizer.next( cfg2tok ) - cfg2tok, ipport = tokenizer.next( cfg2tok ) - if ipport == nil then - return config, "Corrupt squid.conf! Missing parameter #1 for 'http_port' statement!" - end - cfg3tok = tokenizer.new( ipport, ":" ) - cfg3tok, ip = tokenizer.next( cfg3tok ) - cfg3tok, port = tokenizer.next( cfg3tok ) - if port == nil then - port = ip - ip = "" - end - - config.proxyip.value = ip - config.proxyport.value = port - done = true - end - end - end - cfg1tok = nil - cfg2tok = nil - cfg3tok = nil - - --- get filterip, filterport - local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0007", "### ACF-SQUID-GAT-0007" ) - if #error > 0 then - return config, error - end - - cfg1tok = tokenizer.new( cfg1, "\n" ) - done = false - while not done do - local str1 = "" - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 == nil then - return nil, "Corrupt squid.conf! Missing 'cache_peer' statement!" - else - if string.sub( str1, 1, 11 ) == "cache_peer " then - local str2 = "" - local tmp = "" - local ip = "" - local port = "" - cfg2tok = tokenizer.new( str1, " " ) - cfg2tok, tmp = tokenizer.next( cfg2tok ) - cfg2tok, ip = tokenizer.next( cfg2tok ) - cfg2tok, tmp = tokenizer.next( cfg2tok ) - cfg2tok, port = tokenizer.next( cfg2tok ) - if ip == nil or port == nil then - return config, "Corrupt squid.conf! Missing parameters #2 and/or #4 for 'cache_peer' statement!" +update_config = function(newconfig) + local success, newconfig = validate_config(newconfig) + if success then + configcontent = configcontent or fs.read_file(squidconf) + + local lastport, lastlog, lastcache, lastauth + local didports = {} + local didlog, didcache + local didauths = {} + local reverseports = {} for i,port in ipairs(newconfig.value.httpports.value) do reverseports[port] = i end + local reverseauths = {} for i,auth in ipairs(newconfig.value.authmethod.value) do reverseauths[auth] = i end + + local lines = {} + -- first loop to comment out / uncomment existing lines + local linenum = 0 + for line in string.gmatch(configcontent, "([^\n]*)\n?") do + linenum = linenum + 1 + if not string.match(line, "^[%s#]*$") then + local first, second = string.match(line, "([^%s#]+)%s+(%S+)") + if first == "http_port" then + lastport = linenum + line = string.gsub(line, "^[%s#]+", "") + if not reverseports[second] then + line = "# "..line + else + didports[second] = true + end + elseif first == "access_log" then + lastlog = linenum + line = string.gsub(line, "^[%s#]+", "") + if (newconfig.value.accesslog.value and second == "none") + or (not newconfig.value.accesslog.value and second ~= "none") then + line = "# "..line + else + didlog = true + end + elseif first == "cache_dir" then + lastcache = linenum + line = string.gsub(line, "^[%s#]+", "") + if (newconfig.value.diskcache.value and second == "null") + or (not newconfig.value.diskcache.value and second ~= "null") then + line = "# "..line + else + didcache = true + end + elseif first == "auth_param" and string.match(line, "[^%s#]+%s+%S+%s+(%S+)") == "program" then + lastauth = linenum + line = string.gsub(line, "^[%s#]+", "") + if not reverseauths[second] then + line = "# "..line + else + didauths[second] = true + end end - config.filterip.value = ip - config.filterport.value = port - done = true end + lines[#lines+1] = line end - end - cfg1tok = nil - cfg2tok = nil - cfg3tok = nil - - --- get diskcache - local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0002", "### ACF-SQUID-GAT-0002" ) - if #error > 0 then - return config, error - end - - cfg1tok = tokenizer.new( cfg1, "\n" ) - done = false - while not done do - local str1 = "" - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 == nil then - return nil, "Corrupt squid.conf! Missing 'cache_dir' statement!" - else - if string.sub( str1, 1, 15 ) == "cache_dir diskd" then - config.diskcache.value = "yes" - done = true - elseif string.sub( str1, 1, 14 ) == "cache_dir null" then - config.diskcache.value = "no" - done = true - end - - end - end - cfg1tok = nil - - --- get cache_access log - local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0003", "### ACF-SQUID-GAT-0003" ) - if #error > 0 then - return config, error - end - - cfg1tok = tokenizer.new( cfg1, "\n" ) - done = false - local str1 = "" - while str1 ~= nil do - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 ~= nil then - if string.sub( str1, 1, 16 ) == "cache_access_log" then - config.accesslog.value = "yes" - elseif string.sub( str1, 1, 17 ) == "#cache_access_log" or - string.sub( str1, 1, 18 ) == "# cache_access_log" then - config.accesslog.value = "no" - end - end - end - if config.accesslog.value == "" then - return nil, "Corrupt squid.conf! Missing 'cache_access_log' statement!" - end - cfg1tok = nil - - --- authentication method - local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0004", "### ACF-SQUID-GAT-0004" ) - if #error > 0 then - return config, error - end - - cfg1tok = tokenizer.new( cfg1, "\n" ) - local done = false - local auth = "" - while not done do - local str1 = "" - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 == nil then - done = true - else - if string.sub( str1, 1, 18 ) == "auth_param digest " then - if string.match( auth, "D" ) == nil then - auth = auth .. "D" - end - elseif string.sub( str1, 1, 16 ) == "auth_param ntlm " then - if string.match( auth, "N" ) == nil then - auth = auth .. "N" - end - elseif string.sub( str1, 1, 17 ) == "auth_param basic " then - if string.match( auth, "B" ) == nil then - auth = auth .. "B" + + -- We've gone through the file, now check to see if everything is done + local tobedone = {} + local line + for i,port in ipairs(newconfig.value.httpports.value) do + if not didports[port] then + line = "http_port "..port + if lastport then + table.insert(tobedone, {linenum=lastport+1, line=line}) + else + table.insert(lines, line) end end end - end - config.authmethod.value = auth - cfg1tok = nil - - --- get filterregex - local cfg1, error = get_conf_tag( "### ACF-SQUID-TAG-0005", "### ACF-SQUID-GAT-0005" ) - if #error > 0 then - return config, error - end - - cfg1tok = tokenizer.new( cfg1, "\n" ) - done = false - while not done do - local str1 = "" - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 == nil then - return nil, "Corrupt squid.conf! Missing 'acl ContentFilter urlpath_regex -i' statement!" - else - if string.sub( str1, 1, 35 ) == "acl ContentFilter urlpath_regex -i " then - config.filterregex.value = string.sub( str1, 36 ) - done = true - end - end - end - cfg1tok = nil - cfg2tok = nil - cfg3tok = nil - - --- get SSL_ports, Safe_ports - local done1 = false - local done2 = false - cfg1tok = tokenizer.new( cfg1, "\n" ) - while not done1 or not done2 do - local str1 = "" - cfg1tok, str1 = tokenizer.next( cfg1tok ) - if str1 == nil then - return nil, "Corrupt squid.conf! Missing 'acl SSL_ports/Safe_ports' statement!" - else - if string.sub( str1, 1, 19 ) == "acl SSL_ports port " then - config.sslports.value = string.sub( str1, 20 ) - done1 = true - elseif string.sub( str1, 1, 20 ) == "acl Safe_ports port " then - config.safeports.value = string.sub( str1, 21 ) - done2 = true + if not didlog then + if newconfig.value.accesslog.value then + line = "access_log /var/log/squid/access.log" + else + line = "access_log none" end - end - end - cfg1tok = nil - - return config, error -end - -config_preblock_copy = function( fromfile, tofile, tag ) - - local done = false - local line = "" - while not done do - line = fromfile:read( "*l" ) - tofile:write( line .. "\n" ) - if string.sub( line, 1, #tag ) == tag then - done = true - end - end -end - -config_postblock_copy = function( fromfile, tofile ) - - local done = false - local line = "" - while not done do - line = fromfile:read( "*l" ) - if line ~= nil then - tofile:write( line .. "\n" ) - else - done = true - end - end -end - -update_basic_config = function( config ) - - local error = "" - - --- put proxyip, proxyport - local tmpfilename = os.tmpname() - local tmpfile = io.open( tmpfilename, "w+" ) - local cfgfile = io.open( squidconf, "r" ) - local done = false - - config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0001" ) - - local don2 = false - while not done do - line = cfgfile:read( "*l" ) - if string.sub( line, 1, 22 ) == "### ACF-SQUID-GAT-0001" then - done = true - end - if don2 then - tmpfile:write( line .. "\n" ) - else - if string.sub( line, 1, 10 ) == "http_port " then - don2 = true - tmpfile:write( "http_port " .. config.proxyip.value .. ":" .. config.proxyport.value .. "\n" ) + if lastlog then + table.insert(tobedone, {linenum=lastlog+1, line=line}) else - tmpfile:write( line .. "\n" ) + table.insert(lines, line) end end - end - - config_postblock_copy( cfgfile, tmpfile ) - - tmpfile:close() - cfgfile:close() - os.rename( tmpfilename, squidconf ) - - - --- put filterip, filterport - tmpfilename = os.tmpname() - tmpfile = io.open( tmpfilename, "w+" ) - cfgfile = io.open( squidconf, "r" ) - done = false - - config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0007" ) - - local don2 = false - while not done do - line = cfgfile:read( "*l" ) - if string.sub( line, 1, 22 ) == "### ACF-SQUID-GAT-0007" then - done = true - end - if don2 then - tmpfile:write( line .. "\n" ) - else - if string.sub( line, 1, 11 ) == "cache_peer " then - don2 = true - local lap = 1 - local cfg2tok = tokenizer.new( line, " " ) - local tmpval = "" - local newstr = "" - local tmparr = {} - cfg2tok, tmpval = tokenizer.next( cfg2tok ) - while tmpval ~= nil do - tmparr[lap] = tmpval - if lap == 2 then - newstr = newstr .. config.filterip.value .. " " - elseif lap == 4 then - newstr = newstr .. config.filterport.value .. " " - else - newstr = newstr .. tmpval .. " " - end - lap = lap + 1 - cfg2tok, tmpval = tokenizer.next( cfg2tok ) - end - - tmpfile:write( newstr .. "\n" ) + if not didcache then + if newconfig.value.diskcache.value then + line = "cache_dir diskd /var/cache/squid 400 16 256" else - tmpfile:write( line .. "\n" ) + line = "cache_dir null" end - end - end - - config_postblock_copy( cfgfile, tmpfile ) - - tmpfile:close() - cfgfile:close() - os.rename( tmpfilename, squidconf ) - - - --- disk cache parameters - tmpfilename = os.tmpname() - tmpfile = io.open( tmpfilename, "w+" ) - cfgfile = io.open( squidconf, "r" ) - done = false - - config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0002" ) - - while not done do - line = cfgfile:read( "*l" ) - if string.sub( line, 1, 7 ) == "### ACF" then - done = true - tmpfile:write( line .. "\n" ) - else - if config.diskcache.value == "yes" then - if string.sub( line, 1, 16 ) == "#cache_dir diskd" then - tmpfile:write( string.sub( line, 2 ) .. "\n" ) - elseif string.sub( line, 1, 14 ) == "cache_dir null" then - tmpfile:write( "#" .. line .. "\n" ) - else - tmpfile:write( line .. "\n" ) - end + if lastcache then + table.insert(tobedone, {linenum=lastcache+1, line=line}) else - if string.sub( line, 1, 15 ) == "cache_dir diskd" then - tmpfile:write( "#" .. line .. "\n" ) - elseif string.sub( line, 1, 15 ) == "#cache_dir null" then - tmpfile:write( string.sub( line, 2 ) .. "\n" ) - else - tmpfile:write( line .. "\n" ) - end + table.insert(lines, line) end end - end - - config_postblock_copy( cfgfile, tmpfile ) - - tmpfile:close() - cfgfile:close() - os.rename( tmpfilename, squidconf ) - - - --- cache access log parameters - tmpfilename = os.tmpname() - tmpfile = io.open( tmpfilename, "w+" ) - cfgfile = io.open( squidconf, "r" ) - done = false - - config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0003" ) - - while not done do - line = cfgfile:read( "*l" ) - if string.sub( line, 1, 7 ) == "### ACF" then - done = true - tmpfile:write( line .. "\n" ) - else - if config.accesslog.value == "yes" then - if string.sub( line, 1, 17 ) == "#cache_access_log" then - tmpfile:write( string.sub( line, 2 ) .. "\n" ) - elseif string.sub( line, 1, 18 ) == "# cache_access_log" then - tmpfile:write( string.sub( line, 3 ) .. "\n" ) - else - tmpfile:write( line .. "\n" ) + for i,auth in ipairs(newconfig.value.authmethod.value) do + if not didauths[auth] then + line = "auth_param "..auth.." program " + -- These entries have not been tested and probably don't work + if auth == "basic" then line = line .. "/usr/libexec/ncsa_auth /usr/etc/passwd" + elseif auth == "digest" then line = line .. "/usr/sbin/digest_pw_auth /etc/squid/users.list" + elseif auth == "ntlm" then line = line .. "/usr/sbin/wb_ntlmauth" + elseif auth == "negotiate" then line = line .. "/usr/sbin/ntlm_auth --helper-protocol=gss-spnego" end - else - if string.sub( line, 1, 16 ) == "cache_access_log" then - tmpfile:write( "#" .. line .. "\n" ) + if lastauth then + table.insert(tobedone, {linenum=lastauth+1, line=line}) else - tmpfile:write( line .. "\n" ) + table.insert(lines, line) end end - end - end - - config_postblock_copy( cfgfile, tmpfile ) - - tmpfile:close() - cfgfile:close() - os.rename( tmpfilename, squidconf ) - - - --- cache access log parameters - tmpfilename = os.tmpname() - tmpfile = io.open( tmpfilename, "w+" ) - cfgfile = io.open( squidconf, "r" ) - done = false - - config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0005" ) - - while not done do - line = cfgfile:read( "*l" ) - if string.sub( line, 1, 7 ) == "### ACF" then - done = true - tmpfile:write( line .. "\n" ) - else - if string.sub( line, 1, 18 ) == "acl SSL_ports port" then - tmpfile:write( "acl SSL_ports port " .. config.sslports.value .. "\n" ) - elseif string.sub( line, 1, 19 ) == "acl Safe_ports port" then - tmpfile:write( "acl Safe_ports port " .. config.safeports.value .. "\n" ) - elseif string.sub( line, 1, 34 ) == "acl ContentFilter urlpath_regex -i" then - tmpfile:write( "acl ContentFilter urlpath_regex -i " .. config.filterregex.value .. "\n" ) - else - tmpfile:write( line .. "\n" ) + if #tobedone > 0 then + table.sort(tobedone, function(a,b) return (a.linenum > b.linenum) end) + for i,entry in ipairs(tobedone) do + table.insert(lines, entry.linenum, entry.line) end end - end - - config_postblock_copy( cfgfile, tmpfile ) - - tmpfile:close() - cfgfile:close() - os.rename( tmpfilename, squidconf ) - - - return error -end -upd_authmethod = function( method ) + -- finally, write the file + fs.write_file(squidconf, string.gsub(table.concat(lines, "\n"), "\n+$", "")) + config = nil + configcontent = nil + else + newconfig.errtxt = "Failed to set config" + end - local tmpfilename = os.tmpname() - local tmpfile = io.open( tmpfilename, "w+" ) - local cfgfile = io.open( squidconf, "r" ) - local error = "" - local line = "" - local done = false - - config_preblock_copy( cfgfile, tmpfile, "### ACF-SQUID-TAG-0004" ) - - while not done do - line = cfgfile:read( "*l" ) - if string.sub( line, 1, 7 ) == "### ACF" then - done = true - tmpfile:write( line .. "\n" ) - else - if string.sub( line, 1, 17 ) == "auth_param digest" then - if string.find( method, "D" ) ~= nil then - tmpfile:write( line .. "\n" ) - else - tmpfile:write( "#" .. line .. "\n" ) - end - elseif string.sub( line, 1, 18 ) == "#auth_param digest" then - if string.find( method, "D" ) ~= nil then - tmpfile:write( string.sub( line, 2 ) .. "\n" ) - else - tmpfile:write( line .. "\n" ) - end - elseif string.sub( line, 1, 15 ) == "auth_param ntlm" then - if string.find( method, "N" ) ~= nil then - tmpfile:write( line .. "\n" ) - else - tmpfile:write( "#" .. line .. "\n" ) - end - elseif string.sub( line, 1, 16 ) == "#auth_param ntlm" then - if string.find( method, "N" ) ~= nil then - tmpfile:write( string.sub( line, 2 ) .. "\n" ) - else - tmpfile:write( line .. "\n" ) - end - else - tmpfile:write( line .. "\n" ) - end + return newconfig +end +--[[ +read_acls = function() + local acls = cfe({ type="structure", value={}, label="Squid Access Lists" }) + configcontent = configcontent or fs.read_file(squidconf) + config = config or parser.parseconfigfile(configcontent) + for i,line in ipairs(config) do + if line[1] == "acl" then + table.insert(acls.value, {line=line.line, linenum=line.linenum}) end end - - config_postblock_copy( cfgfile, tmpfile ) - - tmpfile:close() - cfgfile:close() - os.rename( tmpfilename, squidconf ) - return error + return acls end -dependancy_ok = function() - - local retval = false - local cfgfile = io.open( squidconf ) - local line = "" - - if cfgfile ~= nil then - line = cfgfile:read( "*l" ) - if line ~= nil then - if string.sub( line, 1, 19 ) == "### ACF-SQUID-MAGIC" then - retval = true - end - end - end - - return retval +read_acl = function(linenum) + local line = cfe({ label="Squid Access List" }) + local linecfe = cfe({ value=linenum, label="Line number" }) + configcontent = configcontent or fs.read_file(squidconf) + line.value = parser.getline(configcontent, linenum) or "" + return cfe({ type="group", value={line=line, linenum=linecfe}, label="Squid Access List" }) end -create_cfg_from_template = function() +update_acl = function(acl) +-- local success, acl = validate_acl(acl) + configcontent = configcontent or fs.read_file(squidconf) + configcontent = parser.replaceline(configcontent, acl.value.linenum.value, acl.value.line.value) + fs.write_file(squidconf, string.gsub(configcontent, "\n+$", "")) + config = nil + configcontent = nil + return acl +end - local from = io.open( squidtempl ) - local to = io.open( squidconf, "wb+" ) - local line = "" - - while line ~= nil do - line = from:read( "*l" ) - if line ~= nil then - to:write( line .. "\n" ) +create_acl = function(acl) +-- local success, acl = validate_acl(acl) + configcontent = configcontent or fs.read_file(squidconf) + config = config or parser.parseconfigfile(configcontent) + local linenum = -1 + for i=#config,1,-1 do + if config[i][1] == "acl" then + linenum = config[i].linenum + configcontent = parser.insertline(configcontent, linenum, acl.value.line.value) + break end end - - from:close() - to:close() - - return + if linenum == -1 then + configcontent = string.gsub(configcontent, "\n?$", "\n") .. acl.value.line.value + end + fs.write_file(squidconf, string.gsub(configcontent, "\n+$", "")) + config = nil + configcontent = nil + return acl end +delete_acl = function(linenum) + configcontent = configcontent or fs.read_file(squidconf) + configcontent = parser.replaceline(configcontent, linenum) + fs.write_file(squidconf, string.gsub(configcontent, "\n+$", "")) + config = nil + configcontent = nil + return acl +end +--]] |