The external_acl helper protocol breaks down if there for whatever reason

is newines embedded in the data.

This patch changes the external acl helper protocol to use URL encoding
with an optional configuration parameter to switch back to the "shell style"
quoting used in Squid-2.5.

In addition the "shell style" quoting format is extended to support newlines
by the traditional \n and \r codes.

diff --git a/src/cf.data.pre b/src/cf.data.pre
index cde1a7b0851c1cb2cd26592b6fa9154b1d05dc77..1287d5b148dc5f60ad686d1b6bcf6786dece54ea 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.353 2004/08/04 16:22:39 wessels Exp $
+# $Id: cf.data.pre,v 1.354 2004/08/14 21:15:15 hno Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -1918,6 +1918,7 @@ DOC_START
          grace=n       Percentage remaining of TTL where a refresh of a
                        cached entry should be initiated without needing to
                        wait for a new reply. (default 0 for no grace period)
+         protocol=2.5  Compatibility mode for Squid-2.5 external acl helpers
 
        FORMAT specifications
 
@@ -1948,7 +1949,8 @@ DOC_START
        The helper receives lines per the above format specification,
        and returns lines starting with OK or ERR indicating the validity
        of the request and optionally followed by additional keywords with
-       more details.
+       more details. To protect from odd characters the data is URL
+       escaped.
 
        General result syntax:
 
@@ -1965,10 +1967,11 @@ DOC_START
          log=          String to be logged in access.log. Available as
                        %ea in logformat specifications
 
-       Keyword values need to be enclosed in quotes if they may
-       contain whitespace, or the whitespace escaped using \. Any
-       quotes or \ characters within the keyword value must be \
-       escaped.
+       Keyword values need to be URL escaped if they may contain
+       contain whitespace or quotes.
+
+       In Squid-2.5 compatibility mode quoting using " and \ is used
+       instead of URL escaping.
 DOC_END
 
 COMMENT_START

diff --git a/src/external_acl.cc b/src/external_acl.cc
index 4b95a30d7c3a7a7a45bb224ca945777b29dc5037..25ce73195550a95d2793fdc23a1910f1fb4c997b 100644 (file)
--- a/src/external_acl.cc
+++ b/src/external_acl.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: external_acl.cc,v 1.55 2003/11/19 17:18:35 hno Exp $
+ * $Id: external_acl.cc,v 1.56 2004/08/14 21:15:16 hno Exp $
  *
  * DEBUG: section 82    External ACL
  * AUTHOR: Henrik Nordstrom, MARA Systems AB
@@ -114,6 +114,14 @@ public:
     dlink_list queue;
 
     int require_auth;
+
+    enum
+    {
+        QUOTE_METHOD_SHELL = 1,
+        QUOTE_METHOD_URL
+    }
+
+    quote;
 };
 
 struct _external_acl_format
@@ -215,6 +223,8 @@ parse_externalAclHelper(external_acl ** list)
 
     token = strtok(NULL, w_space);
 
+    a->quote = external_acl::QUOTE_METHOD_URL;
+
     /* Parse options */
     while (token) {
         if (strncmp(token, "ttl=", 4) == 0) {
@@ -229,6 +239,14 @@ parse_externalAclHelper(external_acl ** list)
             a->cache_size = atoi(token + 6);
         } else if (strncmp(token, "grace=", 6) == 0) {
             a->grace = atoi(token + 6);
+        } else if (strcmp(token, "protocol=2.5") == 0) {
+            a->quote = external_acl::QUOTE_METHOD_SHELL;
+        } else if (strcmp(token, "protocol=3.0") == 0) {
+            a->quote = external_acl::QUOTE_METHOD_URL;
+        } else if (strcmp(token, "quote=url") == 0) {
+            a->quote = external_acl::QUOTE_METHOD_URL;
+        } else if (strcmp(token, "quote=shell") == 0) {
+            a->quote = external_acl::QUOTE_METHOD_SHELL;
         } else {
             break;
         }
@@ -405,9 +423,9 @@ dump_externalAclHelper(StoreEntry * sentry, const char *name, const external_acl
                 storeAppendPrintf(sentry, " %%{%s:%s}", format->header, format->member);
                 break;
 #define DUMP_EXT_ACL_TYPE(a) \
-           case _external_acl_format::EXT_ACL_##a: \
-               storeAppendPrintf(sentry, " %%%s", #a); \
-               break
+            case _external_acl_format::EXT_ACL_##a: \
+                storeAppendPrintf(sentry, " %%%s", #a); \
+                break
 
                 DUMP_EXT_ACL_TYPE(LOGIN);
 #if USE_IDENT
@@ -811,7 +829,12 @@ makeExternalAclKey(ACLChecklist * ch, external_acl_data * acl_data)
         if (!first)
             memBufAppend(&mb, " ", 1);
 
-        strwordquote(&mb, str);
+        if (acl_data->def->quote == external_acl::QUOTE_METHOD_URL) {
+            const char *quoted = rfc1738_escape(str);
+            memBufAppend(&mb, quoted, strlen(quoted));
+        } else {
+            strwordquote(&mb, str);
+        }
 
         sb.clean();
 
@@ -822,7 +845,12 @@ makeExternalAclKey(ACLChecklist * ch, external_acl_data * acl_data)
         if (!first)
             memBufAppend(&mb, " ", 1);
 
-        strwordquote(&mb, arg->key);
+        if (acl_data->def->quote == external_acl::QUOTE_METHOD_URL) {
+            const char *quoted = rfc1738_escape(arg->key);
+            memBufAppend(&mb, quoted, strlen(quoted));
+        } else {
+            strwordquote(&mb, arg->key);
+        }
 
         first = 0;
     }
@@ -963,6 +991,9 @@ externalAclHandleReply(void *data, char *reply)
             if (value) {
                 *value++ = '\0';       /* terminate the token, and move up to the value */
 
+                if (state->def->quote == external_acl::QUOTE_METHOD_URL)
+                    rfc1738_unescape(value);
+
                 if (strcmp(token, "user") == 0)
                     entryData.user = value;
                 else if (strcmp(token, "message") == 0)

diff --git a/src/tools.cc b/src/tools.cc
index 037ff43e2253f48614bd0a5f024acd24422ac8a8..2d5d622162dcf8b829edcb2ef1378632c2208793 100644 (file)
--- a/src/tools.cc
+++ b/src/tools.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: tools.cc,v 1.240 2003/09/29 10:24:02 robertc Exp $
+ * $Id: tools.cc,v 1.241 2004/08/14 21:15:16 hno Exp $
  *
  * DEBUG: section 21    Misc Functions
  * AUTHOR: Harvest Derived
@@ -1292,7 +1292,27 @@ strwordtok(char *buf, char **t)
 
         case '\\':
             p++;
-            *d++ = ch = *p;
+
+            switch (*p) {
+
+            case 'n':
+                ch = '\n';
+
+                break;
+
+            case 'r':
+                ch = '\r';
+
+                break;
+
+            default:
+                ch = *p;
+
+                break;
+
+            }
+
+            *d++ = ch;
 
             if (ch)
                 p++;
@@ -1339,14 +1359,30 @@ strwordquote(MemBuf * mb, const char *str)
     }
 
     while (*str) {
-        int l = strcspn(str, "\"\\");
+        int l = strcspn(str, "\"\\\n\r");
         memBufAppend(mb, str, l);
         str += l;
 
-        while (*str == '"' || *str == '\\') {
+        switch(*str) {
+
+        case '\n':
+            memBufAppend(mb, "\\n", 2);
+            str++;
+            break;
+
+        case '\r':
+            memBufAppend(mb, "\\r", 2);
+            str++;
+            break;
+
+        case '\0':
+            break;
+
+        default:
             memBufAppend(mb, "\\", 1);
             memBufAppend(mb, str, 1);
             str++;
+            break;
         }
     }