Bug #860: redirector_access does not handle slow acls such as dst or

external correctly

redirector_access was a "fast" acl lookup and did not handle "slow" acls
requiring external lookups such as dst or external correcly

diff --git a/src/client_side_request.cc b/src/client_side_request.cc
index 26f77ce12a7762c333285628ccc997665e55201d..7aeb21902650c5975295d9ff4ad1c3d6ce1a903b 100644 (file)
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side_request.cc,v 1.34 2003/09/06 12:47:34 robertc Exp $
+ * $Id: client_side_request.cc,v 1.35 2004/04/03 15:00:12 hno Exp $
  * 
  * DEBUG: section 85    Client-side Request Routines
  * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c)
@@ -112,6 +112,7 @@ static void clientAccessCheckDone(int, void *);
 static int clientCachable(clientHttpRequest * http);
 static int clientHierarchical(clientHttpRequest * http);
 static void clientInterpretRequestHeaders(clientHttpRequest * http);
+static void clientRedirectStart(clientHttpRequest *http);
 static RH clientRedirectDone;
 extern "C" CSR clientGetMoreData;
 extern "C" CSS clientReplyStatus;
@@ -393,7 +394,7 @@ clientAccessCheckDone(int answer, void *data)
         http->uri = xstrdup(urlCanonical(http->request));
         assert(context->redirect_state == REDIRECT_NONE);
         context->redirect_state = REDIRECT_PENDING;
-        redirectStart(http, clientRedirectDone, context);
+        clientRedirectStart(http);
     } else {
         /* Send an error */
         clientStreamNode *node = (clientStreamNode *)http->client_stream.tail->prev->data;
@@ -443,6 +444,39 @@ clientAccessCheckDone(int answer, void *data)
     }
 }
 
+static void
+clientRedirectAccessCheckDone(int answer, void *data)
+{
+    clientHttpRequest *http = (clientHttpRequest *)data;
+    ClientRequestContext *context  = (ClientRequestContext *)http;
+
+    context->acl_checklist = NULL;
+
+    if (answer == ACCESS_ALLOWED)
+        redirectStart(http, clientRedirectDone, data);
+    else
+        clientRedirectDone(context, NULL);
+}
+
+static void
+clientRedirectStart(clientHttpRequest *http)
+{
+    ClientRequestContext *context  = (ClientRequestContext *)http;
+    debug(33, 5) ("clientRedirectStart: '%s'\n", http->uri);
+
+    if (Config.Program.redirect == NULL) {
+        clientRedirectDone(http, NULL);
+        return;
+    }
+
+    if (Config.accessList.redirector) {
+        context->acl_checklist = clientAclChecklistCreate(Config.accessList.redirector, http);
+        context->acl_checklist->nonBlockingCheck(clientRedirectAccessCheckDone, context);
+    } else {
+        redirectStart(http, clientRedirectDone, http);
+    }
+}
+
 static int
 clientCachable(clientHttpRequest * http)
 {

diff --git a/src/redirect.cc b/src/redirect.cc
index ff7167b18648a5d4716540269b12f05fe8644d15..b1d094b023276f27abb17c0388dd1ccaaa9694cb 100644 (file)
--- a/src/redirect.cc
+++ b/src/redirect.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: redirect.cc,v 1.103 2003/11/06 12:27:02 hno Exp $
+ * $Id: redirect.cc,v 1.104 2004/04/03 15:00:12 hno Exp $
  *
  * DEBUG: section 61    Redirector
  * AUTHOR: Duane Wessels
@@ -114,33 +114,6 @@ redirectStart(clientHttpRequest * http, RH * handler, void *data)
     assert(handler);
     debug(61, 5) ("redirectStart: '%s'\n", http->uri);
 
-    if (Config.Program.redirect == NULL) {
-        handler(data, NULL);
-        return;
-    }
-
-    if (Config.accessList.redirector) {
-        ACLChecklist ch;
-
-        if (conn.getRaw() != NULL) {
-            ch.src_addr = conn->peer.sin_addr;
-            ch.my_addr = conn->me.sin_addr;
-            ch.my_port = ntohs(conn->me.sin_port);
-        }
-
-        ch.request = requestLink(http->request);
-        ch.accessList = Config.accessList.redirector;
-
-        if (!ch.fastCheck()) {
-            ch.accessList = NULL;
-            /* denied -- bypass redirector */
-            handler(data, NULL);
-            return;
-        }
-
-        ch.accessList = NULL;
-    }
-
     if (Config.onoff.redirector_bypass && redirectors->stats.queue_size) {
         /* Skip redirector if there is one request queued */
         n_bypassed++;