summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--system/c-icap/README21
-rw-r--r--system/c-icap/c-icap.SlackBuild112
-rw-r--r--system/c-icap/c-icap.conf864
-rw-r--r--system/c-icap/c-icap.info10
-rw-r--r--system/c-icap/doinst.sh26
-rw-r--r--system/c-icap/rc.c-icap38
-rw-r--r--system/c-icap/slack-desc19
7 files changed, 1090 insertions, 0 deletions
diff --git a/system/c-icap/README b/system/c-icap/README
new file mode 100644
index 0000000000..fd0615699f
--- /dev/null
+++ b/system/c-icap/README
@@ -0,0 +1,21 @@
+c-icap is an implementation of an ICAP server. It can be used with HTTP
+proxies that support the ICAP protocol to implement content adaptation
+and filtering services.
+
+In order to start c-icap at boot and stop it properly at shutdown,
+make sure rc.c-icap is executable and add the following lines to
+the following files:
+
+ /etc/rc.d/rc.local
+ ==================
+ # Startup c-icap
+ if [ -x /etc/rc.d/rc.c-icap ]; then
+ /etc/rc.d/rc.c-icap start
+ fi
+
+ /etc/rc.d/rc.local_shutdown
+ ===========================
+ # Stop c-icap
+ if [ -x /etc/rc.d/rc.c-icap ]; then
+ /etc/rc.d/rc.c-icap stop
+ fi
diff --git a/system/c-icap/c-icap.SlackBuild b/system/c-icap/c-icap.SlackBuild
new file mode 100644
index 0000000000..c5b0505b2c
--- /dev/null
+++ b/system/c-icap/c-icap.SlackBuild
@@ -0,0 +1,112 @@
+#!/bin/sh
+
+# Slackware build script for c-icap
+
+# Copyright 2017 Jeremy HOCDE
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=c-icap
+SRCNAM=c_icap
+VERSION=${VERSION:-0.5.2}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i586 ;;
+ arm*) ARCH=arm ;;
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $SRCNAM-$VERSION
+tar xvf $CWD/$SRCNAM-$VERSION.tar.gz
+cd $SRCNAM-$VERSION
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+ -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --mandir=/usr/man \
+ --docdir=/usr/doc/$PRGNAM-$VERSION \
+ --build=$ARCH-slackware-linux
+
+make
+make install DESTDIR=$PKG
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+
+mkdir -p $PKG/var/{log,run}/c-icap
+
+mkdir -p $PKG/etc/rc.d
+cat $CWD/rc.c-icap > $PKG/etc/rc.d/rc.c-icap.new
+cat $CWD/c-icap.conf > $PKG/etc/c-icap.conf.new
+rm $PKG/etc/c-icap.conf
+chmod 644 $PKG/etc/c-icap.*
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a \
+ INSTALL README RECONF docs/ \
+ $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/system/c-icap/c-icap.conf b/system/c-icap/c-icap.conf
new file mode 100644
index 0000000000..392c598aa7
--- /dev/null
+++ b/system/c-icap/c-icap.conf
@@ -0,0 +1,864 @@
+#
+# This file contains the default settings for c-icap
+#
+#
+
+
+# TAG: PidFile
+# Format: PidFile pid_file
+# Description:
+# The file to store the pid of the main process of the c-icap server.
+# Default:
+# PidFile /var/run/c-icap/c-icap.pid
+PidFile /var/run/c-icap/c-icap.pid
+
+# TAG: CommandsSocket
+# Format: CommandsSocket socket_file
+# Description:
+# The path of file to use as control socket for c-icap
+# Default:
+# CommandsSocket /var/run/c-icap/c-icap.ctl
+CommandsSocket /var/run/c-icap/c-icap.ctl
+
+# TAG: Timeout
+# Format: Timeout seconds
+# Description:
+# The time in seconds after which a connection without activity
+# can be cancelled.
+# Default:
+# Timeout 300
+Timeout 300
+
+# TAG: MaxKeepAliveRequests
+# Format: MaxKeepAliveRequests number
+# Description:
+# The maximum number of requests can be served by one connection
+# Set it to -1 for no limit
+# Default:
+# MaxKeepAliveRequests 100
+MaxKeepAliveRequests 100
+
+# TAG: KeepAliveTimeout
+# Format: KeepAliveTimeout seconds
+# Description:
+# The maximum time in seconds waiting for a new requests before a
+# connection will be closed.
+# If the value is set to -1, there is no timeout.
+# Default:
+# KeepAliveTimeout 600
+KeepAliveTimeout 600
+
+# TAG: StartServers
+# Format: StartServers number
+# Description:
+# The initial number of server processes. Each server process
+# generates a number of threads, which serve the requests.
+# Default:
+# StartServers 3
+StartServers 3
+
+# TAG: MaxServers
+# Format: MaxServers number
+# Description:
+# The maximum allowed number of server processes.
+# Default:
+# MaxServers 10
+MaxServers 10
+
+# TAG: MinSpareThreads
+# Format: MinSpareThreads number
+# Description:
+# If the number of the available threads is less than number,
+# the c-icap server starts a new child.
+# Default:
+# MinSpareThreads 10
+MinSpareThreads 10
+
+# TAG: MaxSpareThreads
+# Format: MaxSpareThreads number
+# Description:
+# If the number of the available threads is more than number then
+# the c-icap server kills a child.
+# Default:
+# MaxSpareThreads 20
+MaxSpareThreads 20
+
+# TAG: ThreadsPerChild
+# Format: ThreadsPerChild number
+# Description:
+# The number of threads per child process.
+# Default:
+# ThreadsPerChild 10
+ThreadsPerChild 10
+
+# TAG: MaxRequestsPerChild
+# Format: MaxRequestsPerChild number
+# Description:
+# The maximum number of requests that a child process can serve.
+# After this number has been reached, process dies. The goal of this
+# parameter is to minimize the risk of memory leaks and increase the
+# stability of c-icap. It can be disabled by setting its value to 0.
+# Default:
+# MaxRequestsPerChild 0
+MaxRequestsPerChild 0
+
+# TAG: InterProcessSharedMemScheme
+# Format: InterProcessSharedMemScheme posix | mmap | sysv
+# Description:
+# The interprocess shared mem scheme to use. Available schemes:
+# posix Use posix shared memory (shm_open interface)
+# mmap Use anonymous mmaped files as shared memory
+# sysv use the sysv ipc shared memory
+# Default:
+# InterProcessSharedMemScheme posix
+
+# TAG: InterProcessLockingScheme
+# Format: InterProcessSharedMemScheme file | sysv | posix
+# Description:
+# The interprocess locking scheme to use. Available schemes:
+# file Use lock file
+# sysv Use the sysv ipc semaphores
+# posix Use posix semaphores: Use it with caution you may experienced
+# locking problems if one or more processes crashed.
+# Default:
+# InterProcessLockingScheme file
+
+# TAG: Port
+# Format: Port [address:]port
+# Description:
+# The port number that the c-icap server uses to listen to requests.
+# Default:
+# None
+Port 1344
+
+# TAG: TlsPort
+# Format: TlsPort [address:]port [tls-method=method] [cert=path_to_pem_cert] [key=path_to_pem_key] [client_ca=path_to_pem_file] [ciphers=ciph1:ciph2...] [tls_options=[!]Opt1|[!]Opt2|...]
+# Description:
+# The port number that the c-icap server uses to listen for TLS/SSL
+# requests. Options:
+# tls-method
+# Set the SSL method to use. Available methods are:
+# SSLv23 TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2
+# cert
+# Set the certificate to use by the icap server. The certificate
+# should be in pem format.
+# key
+# The key of the configured certificate in pem format. If none
+# set then the c-icap searches for the key inside cert file.
+# client_ca
+# File containing all CA that we accept client certs from. If it
+# is set then c-icap enables client certificates verification.
+# cafile
+# PEM file containing CA certificates to use when verifying client
+# certificates. If not configured the root.pem file will be used.
+# capath
+# Directory containing additional CA certificates to use when
+# verifying client certificates.
+# ciphers
+# Collon separated lists of the ciphers to accept. Please check
+# openSSL manual for supported ciphers.
+# tls-options
+# Sets various options:
+# SSL_OP_NO_SSLv2 disable the use of SSLv2
+# SSL_OP_NO_SSLv3 disable the use of SSLv3
+# SSL_OP_NO_TLSv1 disable the use of TLSv1
+# SSL_OP_NO_TLSv1_2 disable the use of TLSv1.2
+# SSL_OP_NO_TLSv1_1 disable the use of TLSv1.1
+# SSL_OP_NO_TICKET disable the use of RFC5077 session tickets
+# SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+# When performing renegotiation as a server, always start a
+# new session.
+# SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+# Allow legacy insecure renegotiation between OpenSSL and
+# unpatched clients or servers.
+#
+# For more options please see the SSL_set_options documentation.
+#
+# By default the SSL_OP_ALL flag is set which enables all of the
+# important bug workarrounds. To reset this flag use the
+# "!SSL_OP_ALL" as first flag:
+# tls-options=!SSL_OP_ALL:SSL_OP_NO_TICKET
+#
+# Default:
+# None
+
+# TAG: TlsPassphrase
+# Format: TlsPassphrase /path/to/script
+# Description:
+# Path to the script to run to get the passphrases of TLS certificates
+# keys. The c-icap will pass as arguments the IP address and port number
+# to the script.
+# Default:
+# No value
+# Example:
+# TlsPassphrase /use/local/c-icap/scripts/cert-passphrase.sh
+
+# TAG: User
+# Format: User username
+# Description:
+# The user owning c-icap's processes. By default, the owner is the
+# user who runs the program.
+# Default:
+# No value
+# Example:
+# User wwwrun
+
+# TAG: Group
+# Format: Group groupname
+# Description:
+# The group of users owning c-icap's processes, which, by default
+# is the group of the current user.
+# Default:
+# No value
+# Example:
+# Group nogroup
+
+# TAG: ServerAdmin
+# Format: ServerAdmin admin_mail
+# Description:
+# The Administrator of this server. Used when displaying information
+# about this server (logs, info service, etc)
+# Default:
+# No value
+ServerAdmin admin@localhost
+
+# TAG: ServerName
+# Format: ServerName aServerName
+# Description:
+# A name for this server. Used when displaying information about this
+# server (logs, info service, etc)
+# Default:
+# No value
+ServerName localhost
+
+# TAG: TmpDir
+# Format: TmpDir dir
+# Description:
+# dir is the location of temporary files.
+# Default:
+# TmpDir /var/tmp
+TmpDir /var/tmp
+
+# TAG: MaxMemObject
+# Format: MaxMemObject bytes
+# Description:
+# The maximum memory size in bytes taken by an object which
+# is processed by c-icap . If the size of an object's body is
+# larger than the maximum size a temporary file is used.
+# Default:
+# MaxMemObject 131072
+MaxMemObject 131072
+
+# TAG: DebugLevel
+# Format: DebugLevel level
+# Description:
+# The level of debugging information to be logged.
+# The acceptable range of levels is between 0 and 10.
+# Default:
+# DebugLevel 1
+DebugLevel 1
+
+# TAG: Pipelining
+# Format: Pipelining on|off
+# Description:
+# Enable or disable ICAP requests pipelining
+# Default:
+# Pipelining on
+Pipelining on
+
+# TAG: SupportBuggyClients
+# FORMAT: SupportBuggyClients on|off
+# Description:
+# Try to handle requests from buggy clients, for example ICAP requests
+# missing "\r\n" sequences
+# Default:
+# SupportBuggyClients off
+SupportBuggyClients off
+
+# TAG: Allow204As200okZeroEncaps
+# Format: Allow204As200okZeroEncaps
+# Description:
+# When used the c-icap instead of allow 204 return "200 OK" responses
+# with zero encapsulated entities.
+# Default:
+# No set
+
+# TAG: FakeAllow204
+# Format: FakeAllow204 on|off
+# Description:
+# Support 204 responses from services preview handler to the clients
+# which does not support preview. Requires early responses support
+# from clients.
+# If disabled the c-icap will return 500 response in these cases
+# Default:
+# FakeAllow204 on
+
+# TAG: ModulesDir
+# Format: ModulesDir dir
+# Description:
+# The location of modules
+# Default:
+# ModulesDir /usr/lib64/c_icap
+ModulesDir /usr/lib64/c_icap
+
+# TAG: ServicesDir
+# Format: ServicesDir dir
+# Description:
+# The location of services
+# Default:
+# ServicesDir /usr/lib64/c_icap
+ServicesDir /usr/lib64/c_icap
+
+# TAG: TemplateDir
+# Format: TemplateDir dir
+# Description:
+# The location of the text templates used by c-icap and its services,
+# categorized by language and services/modules
+# Default:
+# No value
+# Example:
+TemplateDir /usr/share/c_icap/templates/
+
+# TAG: TemplateDefaultLanguage
+# Format: TemplateDefaultLanguage lang
+# Description:
+# Sets the default language to use for text templates
+# Default:
+# TemplateDefaultLanguage en
+TemplateDefaultLanguage en
+
+#TemplateReloadTime 360
+#TemplateCacheSize 20
+#TemplateMemBufSize 8192
+
+# TAG: LoadMagicFile
+# Format: LoadMagicFile path
+# Description:
+# Load a c-icap magic file. A magic file contains various
+# data type definitions. Look inside default c-icap.magic file
+# for more informations.
+# It can be used more than once to use multiple magic files.
+# Default:
+# LoadMagicFile /etc/c-icap.magic
+LoadMagicFile /etc/c-icap.magic
+
+# TAG: RemoteProxyUsers
+# Format: RemoteProxyUsers onoff
+# Description:
+# Set it to on if you want to use username provided by the proxy server.
+# This is the recomended way to use users in c-icap.
+# If the RemoteProxyUsers is off and c-icap configured to use users or
+# groups the internal authentication mechanism will be used.
+# Default:
+# RemoteProxyUsers off
+RemoteProxyUsers off
+
+# TAG: RemoteProxyUserHeader
+# Format: RemoteProxyUserHeader Header
+# Description:
+# Used to specify the icap header used by the proxy server to send
+# the authenticated client username to c-icap server
+# Default:
+# RemoteProxyUserHeader X-Authenticated-User
+RemoteProxyUserHeader X-Authenticated-User
+
+# TAG: RemoteProxyUserHeaderEncoded
+# Format: RemoteProxyUserHeaderEncoded onoff
+# Description:
+# Set it to off if the RemoteProxyUserHeader is not base64 encoded
+# Default:
+# RemoteProxyUserHeaderEncoded on
+RemoteProxyUserHeaderEncoded on
+
+# TAG: AuthMethod
+# Format: AuthMethod Method Authenticator
+# Description:
+# Used to define the internal authentication mechanism to use. This
+# feature is not well tested and may cause problems. It is better to use
+# RemoteProxyUser configuration.
+# Method is the authentication method to use (basic, digest, etc).
+# Currently only basic authentication method is implemented as build in
+# module
+# Authenticator currently can only be "basic_simple_db"
+# It can be considered as a user/password store and can be
+# implemented as external module. The basic_simple_db is implemented as
+# build it module
+# Default:
+# No set
+# Example:
+# AuthMethod basic basic_simple_db
+
+# TAG: basic.Realm
+# Format: basic.Realm ARealm
+# Description:
+# Specify the basic method realm
+# Default:
+# basic.Realm "Basic authentication"
+# Example:
+# basic.Realm "c-icap server authentication"
+
+# TAG: basic_simple_db.UsersDB
+# Format: basic_simple_db.UsersDB LookupTable
+# Description:
+# Specify the lookup table where the usernames/passwords pairs
+# are stored. The paswords must be unencrypted
+# For more information about c-icap lookup tables read c-icap server
+# manual page
+# Default:
+# No value
+# Example:
+# basic_simple_db.UsersDB hash:/usr/local/c-icap/etc/c-icap-users.txt
+
+# TAG: GroupSourceByGroup
+# Format: GroupSourceByGroup LookupTable
+# Description:
+# Defines a lookup table where the groups of users are stored indexed
+# by group. It can be used more than once.
+# For more information about c-icap lookup tables read c-icap server
+# manual page
+# Default:
+# No set
+# Example:
+# GroupSourceByGroup hash:/usr/local/c-icap/etc/c-icap-groups.txt
+
+# TAG: GroupSourceByUser
+# Format: GroupSourceByUser LookupTable
+# Description:
+# Defines a lookup table where the groups of users are stored indexed
+# by user. It can be used more than once.
+# For more information about c-icap lookup tables read c-icap server
+# manual page
+# Default:
+# No set
+# Example:
+# GroupSourceByUser hash:/usr/local/c-icap/etc/c-icap-user-groups.txt
+
+# TAG: acl
+# Format: acl name type[{param}] value1 [value2] [...]
+# Description:
+# Supported acl types are:
+# acl aclname service service1 ...
+# The servicename
+# acl aclname type OPTIONS|RESPMOD|REQMOD ...
+# The icap method
+# acl aclname port port1 ...
+# The icap server port
+# acl aclname src ip1/netmask1 ...
+# The client ip address
+# acl aclname srvip ip1/netmask1 ...
+# The c-icap server ip address
+# acl aclname icap_header{HeaderName} value1 ...
+# Matches the icap header HeaderName with value1 ...
+# The values are in regex form: /avalue/flags
+# acl aclname icap_resp_header{HeaderName} value1 ...
+# The icap response header
+# The values are in regex form: /avalue/flags
+# acl aclname http_req_header{HeaderName} value1 ...
+# The http request header
+# The values are in regex form: /avalue/flags
+# acl aclname http_resp_header{HeaderName} value1 ...
+# The http response header
+# The values are in regex form: /avalue/flags
+# acl aclname data_type type1 ...
+# The data type as recognized by the internal data type
+# recognizer. The types are defined in c-icap.magic file
+# acl aclname auth username|* ...
+# The authenticated users. Using * instead of username means
+# all users.
+# acl aclname group group1 ...
+# if the user of request belongs to given groups
+# acl content_length{>|<|=} value1 ...
+# The content length of body data if the related information
+# included in http headers.
+# The parameter can take the value <, > or = to specify that
+# the acl will match if content length is less, greater or
+# equal to acl values.
+# acl time value1 ....
+# It checks agains current time. The values format is:
+# [DAY[,DAY,[..]]][/][HH:MM-HH:MM]
+# The DAY can be one of the following:
+# S - Sunday
+# M - Monday
+# T - Tuesday
+# W - Wednesday
+# H - Thursday
+# F - Friday
+# A - Saturday
+# acl http_client_ip ip1[/netmask1] ...
+# The HTTP client ip address, if it is available.
+# acl http_req_line value1 ...
+# The first line of HTTP request
+# The values are in regex form: /avalue/flags
+# acl http_resp_line value1 ...
+# The first line of HTTP response
+# The values are in regex form: /avalue/flags
+# acl http_req_url value1 ...
+# The HTTP request url without GET request arguments
+# The values are in regex form: /avalue/flags
+# acl http_req_method value1 ...
+# The HTTP request method
+
+# Default:
+# None set
+# Examples:
+# acl OPTIONS type OPTIONS
+# acl RESPMOD type RESPMOD
+# acl REQMOD type REQMOD
+# acl ALLREQUESTS type OPTIONS RESPMOD REQMOD
+# acl XHEAD icap_header{X-Test} /value/
+# acl ECHO service echo
+# acl localnet src 192.168.1.0/255.255.255.0
+# acl localhost src 127.0.0.1/255.255.255.255
+# acl all src 0.0.0.0/0.0.0.0
+# acl BigObjects content_length{>} 5000000
+# acl WorkingHours time M,T,W,H,F/8:00-18:00
+# acl FreeHour time Sunday,Saturday/8:00-23:59 M,T,W,H,F/18:01-23:59 M,T,W,H,F/0:00-7.59
+
+# TAG: icap_access
+# Format: icap_access allow|deny [!]acl1 ...
+# Description:
+# Allowing or denying ICAP access based on defined access lists
+# Default:
+# None set
+# Example:
+# icap_access deny XHEAD
+# #Allow OPTIONS method for all:
+# icap_access allow localnet OPTIONS
+# #Require authentication for all users from local network:
+# icap_access allow AUTH localnet
+# icap_access deny all
+
+# TAG: client_access
+# Format: client_access allow|deny acl1 [acl2] [...]
+# Description:
+# Allowing or denying connections on c-icap based on
+# defined access lists. Only the acl types src, srvip and port
+# can be used.
+# Default:
+# None set
+# Example:
+# client_access allow all
+
+# TAG: LogFormat
+# Format: LogFormat Name Format
+# Description:
+# Name is a name for this log format.
+# Format is a string with embedded % format codes. % format codes
+# has the following form:
+# % [-] [width] [{argument}] formatcode
+# if - is specified then the output is left aligned
+# if width specified then the field is exactly width size
+# some formatcodes support arguments given as {argument}
+#
+# Format codes:
+# %a: Remote IP-Address
+# %la: Local IP Address
+# %lp: Local port
+# %>a: Http Client IP Address. Only supported if the proxy
+# client supports the "X-Client-IP" header
+# %<A: Http Server IP Address. Only supported if the proxy
+# client supports the "X-Server-IP" header
+# %ts: Seconds since epoch
+# %tl: Local time. Supports optional strftime format argument
+# %tg: GMT time. Supports optional strftime format argument
+# %>ho: Modified Http request header. Supports header name
+# as argument. If no argument given the first line returned
+# %huo: Modified Http request url
+# %<ho: Modified Http reply header. Supports header name
+# as argument. If no argument given the first line returned
+# %iu: Icap request url
+# %im: Icap method
+# %is: Icap status code
+# %>ih: Icap request header. Supports header name
+# as argument. If no argument given the first line returned
+# %<ih: Icap response header. Supports header name
+# as argument. If no argument given the first line returned
+# %Ih: Http bytes received
+# %Oh: Http bytes sent
+# %Ib: Http body bytes received
+# %Ob: Http body bytes sent
+# %I: Bytes received
+# %O: Bytes sent
+# %bph: The first 5 bytes of the body preview data. Non
+# printable characters printed in hex form.
+# Supports the number of bytes to output as argument.
+# %un: Username
+# %Sl: Service log string
+# %Sa: Attribute value set by service. The attribute name must
+# given as argument.
+# Default:
+# None set
+# Example:
+# LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph"
+
+# TAG: ServerLog
+# Format: ServerLog LogFile
+# Description:
+# the file used by the build-in logger file_logger to
+# store debugging information, errors and other
+# information about the c-icap server.
+# Default:
+# ServerLog /usr/var/log/server.log
+ServerLog /var/log/c-icap/server.log
+
+# TAG: AccessLog
+# Format: AccessLog LogFile [LogFormat] [[!]acl1] [[!]acl2] [...]
+# Description:
+# LogFile is a file where to log access information.
+# LogFormat is the log format to use. If ommited c-icap uses:
+# "%tl, %la %a %im %iu %is"
+# Also acls can be used to select certain requests to be logged.
+# This directive can be used more than once to specify more than
+# one access log files
+# Default:
+# AccessLog /usr/var/log/access.log
+# Example:
+# AccessLog /usr/var/log/access.log MyFormat all
+AccessLog /var/log/c-icap/access.log
+
+# TAG: Logger
+# Format: Logger LoggerName
+# Description:
+# Specify wich logger to use. By default uses the build in "file_logger" which
+# uses files for access and server logging.
+# Default:
+# Logger file_logger
+# Example:
+# Logger sys_logger
+
+# TAG: Module
+# Format: Module Type ModuleFile [forceUnload=off]
+# Description:
+# Load an external module/plugin to c-icap.
+# ModuleFile is the filename of the module. If no full path given then
+# the c-icap uses the path defined by the ModulesDir configuration
+# parameter.
+# Type is the type of the external module and can be one of the following:
+# "logger" for modules implement a logger
+# "common" for general purpose modules
+# forceUnload=off
+# Forces c-icap to not unload services/modules loaded as external
+# dynamic libraries on shutdown or reconfigure.
+# This option may required when the services/modules are using
+# c++, or they are linked with c++ libraries.
+# Default:
+#
+# Example:
+# Module logger sys_logger.so
+
+# TAG: Service
+# Format: Service aName ServiceFile [forceUnload=off]
+# Description:
+# It loads the service ServiceFile. The argument aName used
+# as alias name for the service
+# forceUnload=off
+# Forces c-icap to not unload services/modules loaded as external
+# dynamic libraries on shutdown or reconfigure.
+# This option may required when the services/modules are using
+# c++, or they are linked with c++ libraries.
+
+# Default:
+#
+# Example:
+# Service echo_service srv_echo.so
+
+
+# TAG: ServiceAlias
+# Format: ServiceAlias AliasName ServiceName[?param1=value1&param2=value2...]
+# Description:
+# Used to define an alias name for a service.
+# Default:
+#
+# Example:
+# ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple
+
+
+
+#
+# TAG: General configuration parameters for all services
+# Description:
+# PreviewSize: The preview data size to advertise to the icap client
+# MaxConnections: The client should not use more than MaxConnections
+# for this service.
+# TransferPreview: The list of file extensions, seperated by commas,
+# for which the client should send preview data.
+# TransferIgnore: The list of file extensions that should not be sent
+# to the icap server
+# TransferComplete: The list of file extensions that should be sent
+# in their entirety, without preview, to the icap server
+# OptionsTTL: The options ttl for the service. The "sec[s]", "min" or
+# "hour[s]" can be used to secify that the time is in seconds
+# minutes or hours respectively. If no time-units given
+# seconds are assumed.
+# Allow206 on|off: Enable/disable advertise of 206 responses.
+#
+# Example:
+# echo.PreviewSize 512
+# echo.TransferIgnore gif, jpeg
+# echo.OptionsTTL 3 min
+
+
+######################################################
+# External modules comming with core c-icap server
+#
+# Module: echo
+# Description:
+# Simple test service
+# Example:
+# Service echo srv_echo.so
+Service echo srv_echo.so
+
+# Module: sys_logger
+# Description:
+# Add support for logging access and server events to syslog server
+# Use "Module" configuration parameter to load this module and "Logger"
+# to make it default logger for the c-icap.
+# Example:
+# Module logger sys_logger.so
+# Logger sys_logger
+
+
+# TAG: sys_logger.Prefix
+# Format: sys_logger.Prefix string
+# Description:
+# string is be presented in every syslog message.
+# Default:
+# sys_logger.Prefix "C-ICAP:"
+
+# TAG: sys_logger.Facility
+# Format: sys_logger.Facility daemon|user|local1|local2|local3|local4|local5|local6|local7
+# Description:
+# specifies the facility type of syslog.
+# Default:
+# sys_logger.Facility daemon
+
+# TAG: sys_logger.access_priority
+# Format: sys_logger.access_priority alert|crit|debug|emerg|err|info|notice|warning
+# Description:
+# determines the importance of the access log message
+# Default:
+# sys_logger.access_priority info
+
+# TAG: sys_logger.server_priority
+# Format: sys_logger.server_priority alert|crit|debug|emerg|err|info|notice|warning
+# Description:
+# determines the importance of the server log message
+# Default:
+# sys_logger.server_priority crit
+
+# TAG: sys_logger.LogFormat
+# Format: sys_logger.LogFormat LOGFORMAT
+# Description:
+# The log format to use. If no log format defined then
+# the following will be used:
+# "%la %a %im %iu %is"
+# Default:
+# None set
+# Example:
+# Logformat BasicFormat "%la %a %im %iu %is"
+# sys_logger.LogFormat BasicFormat
+
+# TAG: sys_logger.access
+# Format: sys_logger.access [!]acl1 ...
+# Description:
+# Allow selecting ICAP requests to be logged using acls.
+# By default all requests will be logged.
+# Default:
+# None set
+# Example:
+# sys_logger.access all
+
+# End module: sys_logger
+
+# Module: bdb_tables
+# Description:
+# Add support for Berkeley DB based lookup tables. The format for
+# bdb path of the lookup table is:
+# bdb:/path/to/bdb[{param1=val, ...}]
+# bdb table parameters can be one or more of the followings:
+# cache-size=Size[K|M]
+# The cache size to use. Default is the berkeleyDB default value.
+# cache-num=num
+# The number of caches to create. The cache will be split across
+# num separate regions, where the region size is equal to the
+# initial cache size divided by ncache.
+# Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables
+# Example:
+# Module common bdb_tables.so
+
+# End module: bdb_tables
+
+# Module: dnsbl_tables
+# Description:
+# Add support for dns lookup tables. Can be used to access
+# dns block lists. The dnsbl lookup table path definition is:
+# dnsbl:domainname[{param1=val, ...}]
+# dnsbl table parameters can be one or more of the followings:
+# cache=no|cache_type
+# The cache type to use or 'no' for no cache.
+# cache-size=Size[K|M]
+# The cache size in RAM
+# cache-ttl=ttl
+# The cache ttl to use
+#
+# For example the lookup table for accessing the black.uribl.com
+# dns black list is:
+# dnsbl:black.uribl.com
+# Example:
+# Module common dnsbl_tables.so
+
+# End module: dnsbl_tables
+
+# Module: ldap_module
+# Description:
+# Add LDAP support to c-icap. The user can use LDAP based lookup tables
+# using the following lookup table paths:
+# ldap://[username:password@]ldapserver?base?attr1,attr2?filter[{[param=value, ...]}]
+# ldaps://...
+# ldapi://...
+# The filter can contain the "%s" formating code which will be replaced by
+# the search key.
+# ldap table parameters can be one or more of the followings:
+# name=aName
+# A unique name to use for this table
+# cache=no|cache_type
+# The cache type to use or no for no cache.
+# cache-size=Size[K|M]
+# The cache size in RAM
+# cache-ttl=ttl
+# The cache ttl to use
+# cache-item-size=ItemSize[K|M]
+# The maximum item size
+#
+# Examples of supported ldap urls:
+# ldap://ldap.chtsanti.net?o=chtsanti?cn,uid?uid=%s{cache=memcached}
+# ldap://cn=Directory Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))
+#
+# WARNING: is not enough tested it may contain bugs!
+# Example:
+# Module common ldap_module.so
+
+# End module: ldap_module
+
+# Module: memcached
+# Description:
+# Add support for memcached c-icap cache.
+# Example:
+# Module common memcached.so
+
+# TAG: memcached.servers
+# Format: memcached.servers hostname1 hostname2 ...
+# Description:
+# Set the memcached servers to use
+# Default:
+# memcached.servers 127.0.0.1
+
+# TAG: memcached.use_md5_keys
+# Format: memcached.use_md5_keys on|off
+# Description:
+# Whether to use or not md5 hash as key when the key exceeds the
+# MEMCACHED_MAX_KEY (normaly 251 bytes)
+# Default:
+# memcached.use_md5_keys on
+
+# End module: memcached
diff --git a/system/c-icap/c-icap.info b/system/c-icap/c-icap.info
new file mode 100644
index 0000000000..5aa44e0115
--- /dev/null
+++ b/system/c-icap/c-icap.info
@@ -0,0 +1,10 @@
+PRGNAM="c-icap"
+VERSION="0.5.2"
+HOMEPAGE="http://c-icap.sourceforge.net/"
+DOWNLOAD="https://downloads.sourceforge.net/project/c-icap/c-icap/0.5.x/c_icap-0.5.2.tar.gz"
+MD5SUM="c0ad392336eb401d1630174cc67c0f71"
+DOWNLOAD_x86_64="https://downloads.sourceforge.net/project/c-icap/c-icap/0.5.x/c_icap-0.5.2.tar.gz"
+MD5SUM_x86_64="c0ad392336eb401d1630174cc67c0f71"
+REQUIRES=""
+MAINTAINER="Jeremy HOCDE"
+EMAIL="jeremyhocde@gmail.com"
diff --git a/system/c-icap/doinst.sh b/system/c-icap/doinst.sh
new file mode 100644
index 0000000000..b0a57882fe
--- /dev/null
+++ b/system/c-icap/doinst.sh
@@ -0,0 +1,26 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ if [ -e $OLD ]; then
+ cp -a $OLD ${NEW}.incoming
+ cat $NEW > ${NEW}.incoming
+ mv ${NEW}.incoming $NEW
+ fi
+ config $NEW
+}
+
+preserve_perms etc/rc.d/rc.c-icap.new
+config etc/c-icap.conf.new
diff --git a/system/c-icap/rc.c-icap b/system/c-icap/rc.c-icap
new file mode 100644
index 0000000000..6dc06609ba
--- /dev/null
+++ b/system/c-icap/rc.c-icap
@@ -0,0 +1,38 @@
+#!/bin/sh
+# Start/stop/restart c-icap.
+
+# Start c-icap:
+icap_start() {
+ CMDLINE="/usr/bin/c-icap"
+ echo -n "Starting c-icap daemon: $CMDLINE"
+ $CMDLINE -f /etc/c-icap.conf
+ echo
+}
+
+# Stop c-icap:
+icap_stop() {
+ echo -n "Stopping c-icap daemon..."
+ for i in $(pgrep -f c-icap); do kill -15 $i; done
+ echo
+}
+
+# Restart c-icap:
+icap_restart() {
+ icap_stop
+ sleep 1
+ icap_start
+}
+
+case "$1" in
+'start')
+ icap_start
+ ;;
+'stop')
+ icap_stop
+ ;;
+'restart')
+ icap_restart
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
diff --git a/system/c-icap/slack-desc b/system/c-icap/slack-desc
new file mode 100644
index 0000000000..97ccddccf6
--- /dev/null
+++ b/system/c-icap/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+ |-----handy-ruler------------------------------------------------------|
+c-icap: c-icap (ICAP server)
+c-icap:
+c-icap: c-icap is an implementation of an ICAP server. It can be used with
+c-icap: HTTP proxies that support the ICAP protocol to implement content
+c-icap: adaptation and filtering services.
+c-icap:
+c-icap: http://c-icap.sourceforge.net/
+c-icap:
+c-icap:
+c-icap:
+c-icap: