Separate header access rules for Squid 3.0

squid/CHANGELOG

@@ -25,3 +25,4 @@ The httpd_accel family of directives are no longer shown when using Squid versio
 Directives that refer to ACLs like http_access are no longer re-positioned in the configuration file unless necessary.
 ---- Changes since 1.400 ----
 Use the cache directive instead of no_cache for Squid 2.6.
+Allow request and reply headers access control rules to be configured separately in Squid 3.0.

squid/edit_headeracc.cgi

@@ -7,11 +7,13 @@ $access{'headeracc'} || &error($text{'header_ecannot'});
 $conf = &get_config();
 
 if (!defined($in{'index'})) {
-	&ui_print_header(undef, $text{'header_create'}, "",
+	&ui_print_header(undef, $text{'header_create_'.$in{'type'}} ||
+				$text{'header_create'}, "",
 		undef, 0, 0, 0, &restart_button());
 	}
 else {
-	&ui_print_header(undef, $text{'header_edit'}, "",
+	&ui_print_header(undef, $text{'header_edit_'.$in{'type'}} ||
+				$text{'header_edit'}, "",
 		undef, 0, 0, 0, &restart_button());
 	@v = @{$conf->[$in{'index'}]->{'values'}};
 	}
@@ -20,6 +22,7 @@ print "<form action=save_headeracc.cgi>\n";
 if (@v) {
 	print "<input type=hidden name=index value='$in{'index'}'>\n";
 	}
+print &ui_hidden("type", $in{'type'});
 print "<table border>\n";
 print "<tr $tb> <td><b>$text{'header_header'}</b></td> </tr>\n";
 print "<tr $cb> <td><table>\n";

squid/init_cache.cgi

@@ -13,6 +13,7 @@ $conf = &get_config();
 if (!$in{'nouser'}) {
 	$in{'user'} || &error($text{'icache_ymcautrsa'});
 	@uinfo = getpwnam($in{'user'});
+	scalar(@uinfo) || &error($text{'icache_euser'});
 	@ginfo = getgrgid($uinfo[3]);
 	if ($squid_version < 2) {
 		$dir = { 'name' => 'cache_effective_user',

squid/lang/en

@@ -551,6 +551,7 @@ saicp_ftsir=Failed to save ICP restriction
 icache_ecannot=You are not allowed to initialize the cache
 icache_ftic=Failed to initialize cache
 icache_ymcautrsa=You must choose a user to run Squid as
+icache_euser=User to run Squid as does not exist
 icache_itscwtc=Initializing the Squid cache with the command <tt>$1</tt> ..
 icache_return=squid index
 icache_title=Initialize Cache
@@ -883,12 +884,18 @@ header_act=Action
 header_acls=For ACLs
 header_add=Add a new header access control rule.
 header_create=Create Header Access Rule
+header_create_request_header_access=Create Request Header Access Rule
+header_create_reply_header_access=Create Reply Header Access Rule
 header_edit=Edit Header Access Rule
+header_edit_request_header_access=Edit Request Header Access Rule
+header_edit_reply_header_access=Edit Reply Header Access Rule
 header_header=HTTP header access control rule details
 header_return=header access control rule list
 header_ecannot=You are not allowed to edit header access control rules
 header_err=Failed to save header access control rule
 header_ename=Missing or invalid header name
+header_request_header_access=Request Headers
+header_reply_header_access=Reply Headers
 
 refresh_title=Refresh Rules
 refresh_none=No refresh rules have been defined yet.

squid/list_headeracc.cgi

@@ -7,43 +7,47 @@ $access{'headeracc'} || &error($text{'header_ecannot'});
 &ui_print_header(undef, $text{'header_title'}, "", "list_headeracc", 0, 0, 0, &restart_button());
 $conf = &get_config();
 
-@headeracc = &find_config("header_access", $conf);
-if (@headeracc) {
-	print "<a href='edit_headeracc.cgi?new=1'>$text{'header_add'}</a>\n";
-	print "<table border>\n";
-	print "<tr $tb> <td><b>$text{'header_name'}</b></td> ",
-	      "<td><b>$text{'header_act'}</b></td> ",
-	      "<td><b>$text{'header_acls'}</b></td> ",
-	      "<td width=10%><b>$text{'eacl_move'}</b></td> </tr>\n";
-	$hc = 0;
-	foreach $h (@headeracc) {
-		@v = @{$h->{'values'}};
-		print "<tr $cb>\n";
-		print "<td><a href='edit_headeracc.cgi?index=$h->{'index'}'>",
-		      "$v[0]</a></td>\n";
-		print "<td>",$v[1] eq 'allow' ?  $text{'eacl_allow'} :
-				$text{'eacl_deny'},"</td>\n";
-		print "<td>",join(" ", @v[2..$#v]),"</td>\n";
-		print "<td>\n";
-		if ($hc != @headeracc-1) {
-			print "<a href=\"move_headeracc.cgi?$hc+1\">",
-			      "<img src=images/down.gif border=0></a>";
+# Work out what header access directives we support
+@types = $squid_version >= 3.0 ?
+	("request_header_access", "reply_header_access") : ("header_access");
+
+# Show a table for each
+foreach $t (@types) {
+	@headeracc = &find_config($t, $conf);
+	@links = ( "<a href='edit_headeracc.cgi?new=1&type=$t'>".
+		   "$text{'header_add'}</a>" );
+	print &ui_subheading($text{'header_'.$t}),"<p>\n"
+		if ($t ne "header_access");
+	if (@headeracc) {
+		print &ui_links_row(\@links);
+		print &ui_columns_start([ $text{'header_name'},
+					  $text{'header_act'},
+					  $text{'header_acls'},
+					  $text{'eacl_move'} ]);
+		$hc = 0;
+		foreach $h (@headeracc) {
+			@v = @{$h->{'values'}};
+			@cols = ( );
+			push(@cols, "<a href='edit_headeracc.cgi?type=$t&".
+				    "index=$h->{'index'}'>$v[0]</a>");
+			push(@cols, $v[1] eq 'allow' ? $text{'eacl_allow'}
+						     : $text{'eacl_deny'});
+			push(@cols, join(" ", @v[2..$#v]));
+			push(@cols, &ui_up_down_arrows(
+				"move_headeracc.cgi?$hc+-1+$t",
+				"move_headeracc.cgi?$hc+1+$t",
+				$hc != 0, $hc != @headeracc-1));
+			print &ui_columns_row(\@cols);
+			$hc++;
 			}
-		else { print "<img src=images/gap.gif>"; }
-		if ($hc != 0) {
-			print "<a href=\"move_headeracc.cgi?$hc+-1\">",
-			      "<img src=images/up.gif border=0></a>";
-			}
-		print "</td></tr>\n";
-		print "</tr>\n";
-		$hc++;
+		print &ui_columns_end();
 		}
-	print "</table>\n";
+	else {
+		print "$text{'header_none'}<p>\n";
+		}
+	print &ui_links_row(\@links);
+	print "<hr>" if ($t ne $types[$#types]);
 	}
-else {
-	print "<p>$text{'header_none'}<p>\n";
-	}
-print "<a href='edit_headeracc.cgi?new=1'>$text{'header_add'}</a><br>\n";
 
 &ui_print_footer("", $text{'index_return'});
 

squid/move_headeracc.cgi

@@ -6,14 +6,14 @@ require './squid-lib.pl';
 $access{'headeracc'} || &error($text{'header_ecannot'});
 &lock_file($config{'squid_conf'});
 $conf = &get_config();
-($pos, $move) = @ARGV;
+($pos, $move, $type) = @ARGV;
 
-@headeracc = &find_config("header_access", $conf);
+@headeracc = &find_config($type, $conf);
 $newpos = $pos + $move;
 $oldv = $headeracc[$pos]->{'values'};
 $headeracc[$pos]->{'values'} = $headeracc[$newpos]->{'values'};
 $headeracc[$newpos]->{'values'} = $oldv;
-&save_directive($conf, "header_access", \@headeracc);
+&save_directive($conf, $type, \@headeracc);
 &flush_file_lines();
 &unlock_file($config{'squid_conf'});
 &webmin_log("move", "headeracc");

squid/save_headeracc.cgi

@@ -8,7 +8,7 @@ $access{'headeracc'} || &error($text{'headeracc_ecannot'});
 $conf = &get_config();
 &error_setup($text{'headeracc_err'});
 
-@headeracc = &find_config("header_access", $conf);
+@headeracc = &find_config($in{'type'}, $conf);
 if (defined($in{'index'})) {
 	$h = $conf->[$in{'index'}];
 	}
@@ -22,11 +22,11 @@ else {
 	@vals = ( $in{'name'}, $in{'action'} );
 	foreach $y (split(/\0/, $in{'yes'})) { push(@vals, $y); }
 	foreach $n (split(/\0/, $in{'no'})) { push(@vals, "!$n"); }
-	$newh = { 'name' => 'header_access', 'values' => \@vals };
+	$newh = { 'name' => $in{'type'}, 'values' => \@vals };
 	if ($h) { splice(@headeracc, &indexof($h, @headeracc), 1, $newh); }
 	else { push(@headeracc, $newh); }
 	}
-&save_directive($conf, "header_access", \@headeracc);
+&save_directive($conf, $in{'type'}, \@headeracc);
 &flush_file_lines();
 &unlock_file($config{'squid_conf'});
 &webmin_log($in{'delete'} ? 'delete' : $h ? 'modify' : 'create',