From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 5 Mar 2010 07:10:40 +0000 (+1300)
Subject: Send HTTP1.1 compliant 417 responses
X-Git-Tag: SQUID_3_2_0_1~390
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=52b601ff794d2100913a6f810146b3bc676af9bb;p=thirdparty%2Fsquid.git

Send HTTP1.1 compliant 417 responses

Port of the 417 response handling and associated ignore_expect_100
from Squid 2.7.
---

diff --git a/doc/release-notes/release-3.1.sgml b/doc/release-notes/release-3.1.sgml
index 4466bc658a..d2fb8ad700 100644
--- a/doc/release-notes/release-3.1.sgml
+++ b/doc/release-notes/release-3.1.sgml
@@ -767,6 +767,10 @@ logformat icap_squid %ts.%03tu %6icap::tr %>a %icap::to/%03icap::Hs %icap::<size
 	count against this limit.
 	</verb>
 
+	<tag>ignore_expect_100</tag>
+	<p>Ported from 2.7. Requires --enable-http-violations
+	Prevents 417 errors being sent to broken HTTP/1.1 non-compliant clients.
+
 	<tag>include</tag>
 	<p>New option to import entire secondary configuration files into squid.conf.
 	<verb>
@@ -1589,9 +1593,6 @@ This section gives an account of those changes in three categories:
 	<p><em>http11</em> not yet ported from 2.7
 	<p><em>urlgroup=</em> not yet ported from 2.6
 
-	<tag>ignore_expect_100</tag>
-	<p>Not yet ported from 2.7
-
 	<tag>ignore_ims_on_miss</tag>
 	<p>Not yet ported from 2.7
 
diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml
index 508639a0ea..7dbe2dc11b 100644
--- a/doc/release-notes/release-3.2.sgml
+++ b/doc/release-notes/release-3.2.sgml
@@ -460,9 +460,6 @@ This section gives an account of those changes in three categories:
 	<p><em>http11</em> not yet ported from 2.7
 	<p><em>urlgroup=</em> not yet ported from 2.6
 
-	<tag>ignore_expect_100</tag>
-	<p>Not yet ported from 2.7
-
 	<tag>ignore_ims_on_miss</tag>
 	<p>Not yet ported from 2.7
 
diff --git a/errors/templates/ERR_INVALID_REQ b/errors/templates/ERR_INVALID_REQ
index de1de83e41..287876dd01 100644
--- a/errors/templates/ERR_INVALID_REQ
+++ b/errors/templates/ERR_INVALID_REQ
@@ -31,6 +31,7 @@ body
 <li><p>Request is too large.</p></li>
 <li><p>Content-Length missing for POST or PUT requests.</p></li>
 <li><p>Illegal character in hostname; underscores are not allowed.</p></li>
+<li><p>HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.</p></li>
 </ul>
 
 <p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc
index 3d14125fb8..fdfefb52fc 100644
--- a/src/HttpHeader.cc
+++ b/src/HttpHeader.cc
@@ -95,6 +95,7 @@ static const HttpHeaderFieldAttrs HeadersAttrs[] = {
     {"Date", HDR_DATE, ftDate_1123},
     {"ETag", HDR_ETAG, ftETag},
     {"Expires", HDR_EXPIRES, ftDate_1123},
+    {"Expect", HDR_EXPECT, ftStr},
     {"From", HDR_FROM, ftStr},
     {"Host", HDR_HOST, ftStr},
     {"If-Match", HDR_IF_MATCH, ftStr},	/* for now */
@@ -174,6 +175,7 @@ static http_hdr_type ListHeadersArr[] = {
     HDR_CONTENT_ENCODING,
     HDR_CONTENT_LANGUAGE,
     HDR_CONNECTION,
+    HDR_EXPECT,
     HDR_IF_MATCH, HDR_IF_NONE_MATCH,
     HDR_LINK, HDR_PRAGMA,
     HDR_PROXY_CONNECTION,
@@ -186,7 +188,7 @@ static http_hdr_type ListHeadersArr[] = {
     HDR_WWW_AUTHENTICATE,
     HDR_AUTHENTICATION_INFO,
     HDR_PROXY_AUTHENTICATION_INFO,
-    /* HDR_EXPECT, HDR_TE, HDR_TRAILER */
+    /* HDR_TE, HDR_TRAILER */
 #if X_ACCELERATOR_VARY
     HDR_X_ACCELERATOR_VARY,
 #endif
diff --git a/src/HttpHeader.h b/src/HttpHeader.h
index e04298895c..c9e3e9696b 100644
--- a/src/HttpHeader.h
+++ b/src/HttpHeader.h
@@ -76,6 +76,7 @@ typedef enum {
     HDR_DATE,
     HDR_ETAG,
     HDR_EXPIRES,
+    HDR_EXPECT,
     HDR_FROM,
     HDR_HOST,
     HDR_IF_MATCH,
diff --git a/src/cf.data.pre b/src/cf.data.pre
index b399474cd2..4b71076944 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -3973,6 +3973,21 @@ DOC_START
 	or response to be rejected.
 DOC_END
 
+NAME: ignore_expect_100
+COMMENT: on|off
+IFDEF: HTTP_VIOLATIONS
+TYPE: onoff
+LOC: Config.onoff.ignore_expect_100
+DEFAULT: off
+DOC_START
+	This option makes Squid ignore any Expect: 100-continue header present
+	in the request. RFC 2616 requires that Squid being unable to satisfy
+	the response expectation MUST return a 417 error.
+
+	Note: Enabling this is a HTTP protocol violation, but some clients may
+	not handle it well..
+DOC_END
+
 COMMENT_START
  TIMEOUTS
  -----------------------------------------------------------------------------
diff --git a/src/client_side.cc b/src/client_side.cc
index 47d5b50600..ab9d4e3fb4 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -2497,6 +2497,25 @@ clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *c
         goto finish;
     }
 
+    if (request->header.has(HDR_EXPECT)) {
+        int ignore = 0;
+        if (Config.onoff.ignore_expect_100) {
+            String expect = request->header.getList(HDR_EXPECT);
+            if (expect.caseCmp("100-continue") == 0)
+                ignore = 1;
+            expect.clean();
+        }
+        if (!ignore) {
+            clientStreamNode *node = context->getClientReplyContext();
+            clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
+            assert (repContext);
+            repContext->setReplyToError(ERR_INVALID_REQ, HTTP_EXPECTATION_FAILED, request->method, http->uri, conn->peer, request, NULL, NULL);
+            assert(context->http->out.offset == 0);
+            context->pullData();
+            goto finish;
+        }
+    }
+
     http->request = HTTPMSGLOCK(request);
     clientSetKeepaliveFlag(http);
 
diff --git a/src/structs.h b/src/structs.h
index 3cd5c5fef4..25c87fad81 100644
--- a/src/structs.h
+++ b/src/structs.h
@@ -403,6 +403,7 @@ struct SquidConfig {
 #if HTTP_VIOLATIONS
 
         int reload_into_ims;
+        int ignore_expect_100;
 #endif
 
         int offline;