Allow RemoteProxyUsers in c-icap (#295)

* Allow RemoteProxyUsers in c-icap

* Check empty OPNsense.proxy.forward.icap.UsernameHeader

* Use c-icap with local squid.

* Models version increment.

www/c-icap/src/opnsense/mvc/app/controllers/OPNsense/CICAP/forms/general.xml

@@ -83,4 +83,10 @@
         <type>checkbox</type>
         <help>This will enable logging of access log.</help>
     </field>
+    <field>
+        <id>general.localSquid</id>
+        <label>Use c-icap with local squid</label>
+        <type>checkbox</type>
+        <help>This will allow to take settings user name from local squid</help>
+    </field>
 </form>

www/c-icap/src/opnsense/mvc/app/models/OPNsense/CICAP/General.xml

@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/cicap/general</mount>
     <description>c-icap configuration</description>
-    <version>1.0.0</version>
+    <version>1.0.1</version>
     <items>
         <enabled type="BooleanField">
             <default>0</default>
@@ -62,5 +62,9 @@
             <default>1</default>
             <Required>Y</Required>
         </enable_accesslog>
+        <localSquid type="BooleanField">
+            <default>1</default>
+            <Required>Y</Required>
+        </localSquid>
     </items>
 </model>

www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/c-icap.conf

@@ -41,6 +41,29 @@ ServerName {{ OPNsense.cicap.general.servername }}
 {% else %}
 ServerName {{ system.hostname }}
 {% endif %}
+{% if helpers.exists('OPNsense.cicap.general.localSquid') and OPNsense.cicap.general.localSquid == '1' %}
+{%      if helpers.exists('OPNsense.proxy.forward.icap.SendUsername') and OPNsense.proxy.forward.icap.SendUsername == '1' %}
+RemoteProxyUsers on
+acl AUTH auth *
+icap_access allow AUTH 127.0.0.1
+{%      else %}
+RemoteProxyUsers off
+{%      endif %}
+{%      if helpers.exists('OPNsense.proxy.forward.icap.EncodeUsername') and OPNsense.proxy.forward.icap.EncodeUsername == '1' %}
+RemoteProxyUserHeaderEncoded on
+{%      else %}
+RemoteProxyUserHeaderEncoded off
+{%      endif %}
+{%      if helpers.exists('OPNsense.proxy.forward.icap.UsernameHeader') and OPNsense.proxy.forward.icap.UsernameHeader != '' %}
+RemoteProxyUserHeader {{OPNsense.proxy.forward.icap.UsernameHeader}}
+{%      endif %}
+{% else %}
+RemoteProxyUsers on
+acl AUTH auth *
+icap_access allow AUTH 127.0.0.1
+RemoteProxyUserHeaderEncoded on
+RemoteProxyUserHeader X-Authenticated-User
+{% endif %}
 TmpDir /var/tmp
 MaxMemObject 131072
 DebugLevel 1
@@ -51,9 +74,6 @@ ServicesDir /usr/local/lib/c_icap
 TemplateDir /usr/local/share/c_icap/templates/
 TemplateDefaultLanguage en
 LoadMagicFile /usr/local/etc/c-icap/c-icap.magic
-RemoteProxyUsers off
-RemoteProxyUserHeader X-Authenticated-User
-RemoteProxyUserHeaderEncoded on
 ServerLog /var/log/c-icap/server.log
 {% if helpers.exists('OPNsense.cicap.general.enable_accesslog') and OPNsense.cicap.general.enable_accesslog == '1' %}
 AccessLog /var/log/c-icap/access.log