[MERGE] BUG 740: pass reply headers to external ACL helper

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 14 Sep 2008 02:30:02 +1200

Enhancement Bug 740: http://www.squid-cache.org/bugs/show_bug.cgi?id=740

Adds a small bit of token syntax to external_acl_type format.

+ %>{Header} HTTP request header
+ %>{Hdr:member}
+ HTTP request header list member
+ %>{Hdr:;member}
                            HTTP request header list member using ; as
                            list separator. ; can be any non-alphanumeric
                          character.

+ %<{Header} HTTP reply header
+ %<{Hdr:member}
+ HTTP reply header list member
+ %<{Hdr:;member}
+ HTTP reply header list member using ; as
+ list separator. ; can be any non-alphanumeric
+ character.

Basically the < and > are new following the existing meaning of their
direction in other tokens to match request/reply.

Old format of %{} is left as request header but with WARNING (1) level
noise at configure time indicating the new syntax.

Amos

# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3_at_treenet.co.nz-20080913135725-fsmuz8acmajjocv8
# target_branch: file:///src/squid/bzr/trunk/
# testament_sha1: daca682cf21e1601c03fa33b0003019998f648c6
# timestamp: 2008-09-14 01:57:59 +1200
# base_revision_id: squid3_at_treenet.co.nz-20080913134300-\
# ezdavyf8urtghjje
#
# Begin patch
=== modified file 'src/cf.data.pre'
--- src/cf.data.pre 2008-08-09 06:24:33 +0000
+++ src/cf.data.pre 2008-09-13 13:57:25 +0000
@@ -411,13 +411,23 @@
           %USER_CERTCHAIN SSL User certificate chain in PEM format
           %USER_CERT_xx SSL User certificate subject attribute xx
           %USER_CA_xx SSL User certificate issuer attribute xx
- %{Header} HTTP request header
- %{Hdr:member} HTTP request header list member
- %{Hdr:;member}
+
+ %>{Header} HTTP request header
+ %>{Hdr:member}
+ HTTP request header list member
+ %>{Hdr:;member}
                           HTTP request header list member using ; as
                           list separator. ; can be any non-alphanumeric
                         character.
 
+ %<{Header} HTTP reply header
+ %<{Hdr:member}
+ HTTP reply header list member
+ %<{Hdr:;member}
+ HTTP reply header list member using ; as
+ list separator. ; can be any non-alphanumeric
+ character.
+
         In addition to the above, any string specified in the referencing
         acl will also be included in the helper request line, after the
         specified formats (see the "acl external" directive)

=== modified file 'src/external_acl.cc'
--- src/external_acl.cc 2008-07-13 08:37:43 +0000
+++ src/external_acl.cc 2008-09-13 13:57:25 +0000
@@ -55,6 +55,7 @@
 #endif
 #include "client_side.h"
 #include "HttpRequest.h"
+#include "HttpReply.h"
 #include "authenticate.h"
 #include "helper.h"
 #include "MemBuf.h"
@@ -149,10 +150,17 @@
         EXT_ACL_PORT,
         EXT_ACL_PATH,
         EXT_ACL_METHOD,
- EXT_ACL_HEADER,
- EXT_ACL_HEADER_MEMBER,
- EXT_ACL_HEADER_ID,
- EXT_ACL_HEADER_ID_MEMBER,
+
+ EXT_ACL_HEADER_REQUEST,
+ EXT_ACL_HEADER_REQUEST_MEMBER,
+ EXT_ACL_HEADER_REQUEST_ID,
+ EXT_ACL_HEADER_REQUEST_ID_MEMBER,
+
+ EXT_ACL_HEADER_REPLY,
+ EXT_ACL_HEADER_REPLY_MEMBER,
+ EXT_ACL_HEADER_REPLY_ID,
+ EXT_ACL_HEADER_REPLY_ID_MEMBER,
+
 #if USE_SSL
         EXT_ACL_USER_CERT,
         EXT_ACL_CA_CERT,
@@ -208,6 +216,66 @@
         hashFreeMemory(p->cache);
 }
 
+/**
+ * Parse the External ACL format %<{.*} and %>{.*} token(s) to pass a specific
+ * request or reply header to external helper.
+ *
+ \param header - the token being parsed (without the identifying prefix)
+ \param type - format enum identifier for this element, pulled from identifying prefix
+ \param format - structure to contain all the info about this format element.
+ */
+void
+parse_header_token(external_acl_format *format, char *header, const _external_acl_format type)
+{
+ /* header format */
+ char *member, *end;
+
+ /** Cut away the closing brace */
+ end = strchr(header, '}');
+ if (end && strlen(end) == 1)
+ *end = '\0';
+ else
+ self_destruct();
+
+ member = strchr(header, ':');
+
+ if (member) {
+ /* Split in header and member */
+ *member++ = '\0';
+
+ if (!xisalnum(*member))
+ format->separator = *member++;
+ else
+ format->separator = ',';
+
+ format->member = xstrdup(member);
+
+ if(type == _external_acl_format::EXT_ACL_HEADER_REQUEST)
+ format->type = _external_acl_format::EXT_ACL_HEADER_REQUEST_MEMBER;
+ else
+ format->type = _external_acl_format::EXT_ACL_HEADER_REQUEST_MEMBER;
+ } else {
+ format->type = type;
+ }
+
+ format->header = xstrdup(header);
+ format->header_id = httpHeaderIdByNameDef(header, strlen(header));
+
+ if (format->header_id != -1) {
+ if (member) {
+ if(type == _external_acl_format::EXT_ACL_HEADER_REQUEST)
+ format->type = _external_acl_format::EXT_ACL_HEADER_REQUEST_ID_MEMBER;
+ else
+ format->type = _external_acl_format::EXT_ACL_HEADER_REPLY_ID_MEMBER;
+ } else {
+ if(type == _external_acl_format::EXT_ACL_HEADER_REQUEST)
+ format->type = _external_acl_format::EXT_ACL_HEADER_REQUEST_ID;
+ else
+ format->type = _external_acl_format::EXT_ACL_HEADER_REPLY_ID;
+ }
+ }
+}
+
 void
 parse_externalAclHelper(external_acl ** list)
 {
@@ -299,44 +367,15 @@
         format = cbdataAlloc(external_acl_format);
 
         if (strncmp(token, "%{", 2) == 0) {
- /* header format */
- char *header, *member, *end;
- header = token + 2;
- end = strchr(header, '}');
- /* cut away the closing brace */
-
- if (end && strlen(end) == 1)
- *end = '\0';
- else
- self_destruct();
-
- member = strchr(header, ':');
-
- if (member) {
- /* Split in header and member */
- *member++ = '\0';
-
- if (!xisalnum(*member))
- format->separator = *member++;
- else
- format->separator = ',';
-
- format->member = xstrdup(member);
-
- format->type = _external_acl_format::EXT_ACL_HEADER_MEMBER;
- } else {
- format->type = _external_acl_format::EXT_ACL_HEADER;
- }
-
- format->header = xstrdup(header);
- format->header_id = httpHeaderIdByNameDef(header, strlen(header));
-
- if (format->header_id != -1) {
- if (member)
- format->type = _external_acl_format::EXT_ACL_HEADER_ID_MEMBER;
- else
- format->type = _external_acl_format::EXT_ACL_HEADER_ID;
- }
+ // deprecated. but assume the old configs all referred to request headers.
+ debugs(82, DBG_IMPORTANT, "WARNING: external_acl_type format %{...} is being replaced by %>{...} for : " << token);
+ parse_header_token(format, (token+2), EXT_ACL_HEADER_REQUEST);
+
+ if (strncmp(token, "%>{", 3) == 0) {
+ parse_header_token(format, (token+3), EXT_ACL_HEADER_REQUEST);
+ if (strncmp(token, "%<{", 3) == 0) {
+ parse_header_token(format, (token+3), EXT_ACL_HEADER_REPLY);
+
         } else if (strcmp(token, "%LOGIN") == 0) {
             format->type = _external_acl_format::EXT_ACL_LOGIN;
             a->require_auth = true;
@@ -782,6 +821,7 @@
     wordlist *arg;
     external_acl_format *format;
     HttpRequest *request = ch->request;
+ HttpReply *reply = ch->reply;
     mb.reset();
 
     for (format = acl_data->def->format; format; format = format->next) {
@@ -850,25 +890,53 @@
             str = RequestMethodStr(request->method);
             break;
 
- case _external_acl_format::EXT_ACL_HEADER:
+ case _external_acl_format::EXT_ACL_HEADER_REQUEST:
             sb = request->header.getByName(format->header);
             str = sb.buf();
             break;
 
- case _external_acl_format::EXT_ACL_HEADER_ID:
+ case _external_acl_format::EXT_ACL_HEADER_REQUEST_ID:
             sb = request->header.getStrOrList(format->header_id);
             str = sb.buf();
             break;
 
- case _external_acl_format::EXT_ACL_HEADER_MEMBER:
+ case _external_acl_format::EXT_ACL_HEADER_REQUEST_MEMBER:
             sb = request->header.getByNameListMember(format->header, format->member, format->separator);
             str = sb.buf();
             break;
 
- case _external_acl_format::EXT_ACL_HEADER_ID_MEMBER:
+ case _external_acl_format::EXT_ACL_HEADER_REQUEST_ID_MEMBER:
             sb = request->header.getListMember(format->header_id, format->member, format->separator);
             str = sb.buf();
             break;
+
+ case _external_acl_format::EXT_ACL_HEADER_REPLY:
+ if(reply) {
+ sb = reply->header.getByName(format->header);
+ str = sb.buf();
+ }
+ break;
+
+ case _external_acl_format::EXT_ACL_HEADER_REPLY_ID:
+ if(reply) {
+ sb = reply->header.getStrOrList(format->header_id);
+ str = sb.buf();
+ }
+ break;
+
+ case _external_acl_format::EXT_ACL_HEADER_REPLY_MEMBER:
+ if(reply) {
+ sb = reply->header.getByNameListMember(format->header, format->member, format->separator);
+ str = sb.buf();
+ }
+ break;
+
+ case _external_acl_format::EXT_ACL_HEADER_REPLY_ID_MEMBER:
+ if(reply) {
+ sb = reply->header.getListMember(format->header_id, format->member, format->separator);
+ str = sb.buf();
+ }
+ break;
 #if USE_SSL
 
         case _external_acl_format::EXT_ACL_USER_CERT_RAW:

# Begin bundle
IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWXJacrQABPrfgGR0e////373
/uS////6YAmcfQ47V2joA5KUEhXQFmUSFhkhAmmQZQZPSZD0Bqaeo0yAaAADQ0ADU0aJpHgk0EGg
AeoAA0DQAAA0AOGhk00NMjQ0yMgyMjQyAxNGTQBkyMQwkRJpGpkaeoaap7Kn6ap+VPCT1NNP1IHi
mQ0G1DR6TT1A9Q4aGTTQ0yNDTIyDIyNDIDE0ZNAGTIxDCSIECZBommTTVPATagSPyAnqR6TT1GTZ
R6hp4UtAQVaq4EeMja9UL3e41srqzV5s7hqdOCUtcbOm5jMDy284P23YR3eOCdlrmBp3PVStm6m0
wtCpFG4g7oPJhDfkpc3uhgKMYUKEhIWbMsf7NbuzFOmV7cNE9EZCRTt10qWuqyqPAo8Xr/SWvJq5
QSEaQYALcSXGwQH9abBWF3JoMDtsVn/QpnV5qsfsXAwhWY1bdjmyk4HubhOtaThGJsbSk8Pagw2b
1lJ46RnaKRjJ2e8UUmdkVsmxmimiYiEUrSIMLv79d87c0Zhcc94URFIOVQv5+HiCdMnvrkocjbaY
yIiC6iu5bmaDQsMs4LVEzo1p1qfnV3QBHmzg4w5zVgnvOAxMN8UprytmZArlLBBq0zyigwsp1gmK
WYt0kIOT2IY8BIZBoqILAre6RedSwCEWxUuBsBqu0KscNlsGkGuIiEzcWeadtq1huhm1eFVpQr3V
UKAxCmCzZlW0EJN+ssDYtL8X06INVxAZ8gaOinQjj0zbFP7gwWKYCkokLKq9nMcmk/OLEMDyUxcA
UG5Ezwc1uk4FqiYAwQJgqok42MO1qsQtp57TCo71+W9EY7B1M6es4L1Shvsh5/DA4/EzPwIDHf1A
vYbLVtBkvOyRow3LygUCcBVS0jqOYQJA49VAxF0g2y8BDjIMeMviUCXY5J0yyG+ehGy/Iej2lAKM
3kcOrc4Gz/o46gPF0ySYgc1ZtOaa8DBj1ECMDI8CsgyRZyEATmCwafUeEfaZkE7XV0R2q6YS8fSX
556rbakixYJEj3nMmhkqa4fKmEMxwaJAWgbkSFAkKg+mxs3De9CEUogCBFMhbUiJMc2Dk6oUxMwF
RXGJIpeNaVhNRJqiLyf1qjEsso0i8yXki4qGXEWcYwKZGRAeuhBYExwGuhrnAqLWctQtBiSLCVZd
Wq2tjNGiIO2t8nFYTnao14RuhIqqJmtajKUPSWWU0tcTAjl9kC00nBSylZaRbPeOSAm/MaIRJ2z0
mhEZ4znCH11hM+pQ0GnMcREyFuTQTA8+WzYOV5mMAzkgxoTnLkL8tl8M8J3zd6ioJsVAHqssIkiU
CqEitleMNC86QGLSBWYGcwNZiucuiVj1MO6RsJnHXItJFDMGmczOUFYTLTP3+j0nqYfJ+3qt70B2
nQgL1myZ7CFvhZRXgV69DXUsZBzTMnHweRzww3CDhL7x/Jy7S91YvwZ3IkPX6lA00g+zItw5M8mW
IiH8wwoLz+tcfhCpyjPDvELAUOlCr+gJfAEuv516SoGZv9guWmOdvihK75CZwScVfyBKywFzAl5Q
VwJf4gLvVsbGxsIIhsbG1HhXhBLvR6w1M/rqkhU5umz/n+UhgSjp17AVYLXAbTx86sr3IrSOPI6E
rQSq/eAJYjICWT5iztfajcj6AlER9EBluBLwSNpiWEEpBLsgY2xj7NZMkQ4GMgJfikjwqEDpBtDW
DHkWI6H8n67pBMKVQUhdpo6/GXHcesscie73F2Sfv+7oSRYBL7XJAYHhiSRo/UCYakC/PAp6al1z
TFeWNDWzGps4BwZEZgO96ELKo1IYdRzfwwCXuHD8iDH5l5I38hqLVehE35fgH7B3Ukth7EBhiMSD
AY209YEOMzmJb3sG8npeou5d+Ovtw3m7FWkitsAMxIUhio33gVKlrhxzMh4oop4qKUKgSH2kEpdv
cdxurqV/GclSzZkgOH2LTsXtDTqOpEfFzOI3xA8r7SLqPTVCBdCMqiBOhyb/NcQ9+pjcby7YcuC+
Bss7TzNI0hmKItM6SNbIGMQsM8jKbSWa3Vc0cOIx4ERLub7MbTeW6Ozgc5Is1i9wyFmO5mBmS+Hy
sd9iFMwNi/dQLFkRHW0JuxhfDYxt6miBNsYxsYbXsdHPB0FVsEC5ozBigVKZ2g0ehC6AuQKBENyd
I8AIDNwvwE6E1IBSyZTYDRUIxnEE3CcgtNhb4zhkUGNfwO4xJERxaWTalz9DpmOyR2DH0ByFEBEw
Y2gY4FwuXbnS/iG9ROYpP5tPcaxuoXU6+8tE+VethcQ7HG7sGdg0hIoda53rI7klDQYmtuLvtDSJ
MlWvJSlZt5Uy3AzFyvkqJcHLNzfW5GaGw5uoaXH0UpRA3nNfmQdYfkm8PLoKyPiPQrFoAcDUfgQC
O8F929HRIsKlaHORSRAER66+AobDoG4l+FK1TqHso7JeOyMKAFsyju+JMC5CFRBDGgaJuXVWReRC
sRfqI8HsWvELFTwqCm+ctYAOhlF1akKD0tLhQLgVayRVNyh2NCcAcTrNAbFLF53mtontQtZ1BkQt
gGPnoCxyWYdbA+OVRFdCjuBY6ELeQXFfm6fTyElNWf+WKHN27kDx/epFa8wly5coNb+jAE8+XFRs
MMBn7TzSDIJMLlL1iEoJkgMo0oGCbFtBn61gDNbVDUNGAkGGVSBtkULy4RKgH7WDgDBwYMdrmllD
DrMxdvvJIQooE6gRvCJeKeZQHYoOnFFnz8XOmzaJ1DNMn6QyhuRaBU4yO/SEuYMyy5bUEDIF4Fvj
5cPWzMQDGZOAfTCxJsHVHAFxqGZSyMtcIovIOKVc0UKdEwGJoQ8KFCAzZoJVg0jIEU8YQpjBAsgV
XJwLtUCxRS1AxlRai5ElanDpYNSEwRYYrYLef3GX5zMm1K9YQLMDpoZ6w6EmEt/LUZmqHx9qur+P
ES8QGhB8y1bUHXoXrbVjsMpv/fs0FqPiwCxrNjBoy3wQR7h5f3Ue5bSIlgQvoyAXYleueMu+keXW
2eEQ23vIs7I83zhO1zuheb/F3JFOFCQclpytAA==
Received on Sat Sep 13 2008 - 14:30:12 MDT

This archive was generated by hypermail 2.2.0 : Mon Sep 22 2008 - 12:00:04 MDT