From: wessels <>
Date: Fri, 14 Jan 2000 15:37:03 +0000 (+0000)
Subject: DW:
X-Git-Tag: SQUID_3_0_PRE1~2075
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=53cb32a9322972e8642949ec4051a2786b1effad;p=thirdparty%2Fsquid.git

DW:
 - Bug fix with Config.onoff.enable_purge flag.  The PURGE method is
   kind of dangerous.  It would be allowed by default for most access
   control configurations because its not mentioned specifically.
   Thus, we don't allow any PURGE requests unless the PURGE method
   is mentioned in the access list configuration.  Before the fix we
   set the enable flag, but it never got cleared upon a reconfigure.
   Also users complain that defining an ACL that is never used in
   an access list shouldn't trip this flag.  With the fix, the PURGE
   method must be referenced in the 'http_access' list, and we make
   sure to clear the flag on reconfigure.
---

diff --git a/src/acl.cc b/src/acl.cc
index d00e93464f..fa00c04923 100644
--- a/src/acl.cc
+++ b/src/acl.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.cc,v 1.210 2000/01/05 23:32:17 wessels Exp $
+ * $Id: acl.cc,v 1.211 2000/01/14 08:37:03 wessels Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -336,8 +336,6 @@ aclParseMethodList(void *curlist)
     while ((t = strtokFile())) {
 	q = memAllocate(MEM_INTLIST);
 	q->i = (int) urlParseMethod(t);
-	if (q->i == METHOD_PURGE)
-	    Config.onoff.enable_purge = 1;
 	*(Tail) = q;
 	Tail = &q->next;
     }
@@ -2209,7 +2207,26 @@ aclDumpGeneric(const acl * a)
     return NULL;
 }
 
-
+/*
+ * This function traverses all ACL elements referenced
+ * by an access list (presumably 'http_access').   If 
+ * it finds a PURGE method ACL, then it returns TRUE,
+ * otherwise FALSE.
+ */
+int
+aclPurgeMethodInUse(acl_access * a)
+{
+    acl_list *b;
+    for (; a; a = a->next) {
+	for (b = a->acl_list; b; b = b->next) {
+	    if (ACL_METHOD != b->acl->type)
+		continue;
+	    if (aclMatchInteger(b->acl->data, METHOD_PURGE))
+		return 1;
+	}
+    }
+    return 0;
+}
 
 
 #if USE_ARP_ACL
diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index 6f450c0020..f459e81697 100644
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: cache_cf.cc,v 1.335 1999/12/30 17:36:23 wessels Exp $
+ * $Id: cache_cf.cc,v 1.336 2000/01/14 08:37:04 wessels Exp $
  *
  * DEBUG: section 3     Configuration File Parsing
  * AUTHOR: Harvest Derived
@@ -352,6 +352,8 @@ configDoConfigure(void)
 	Config.Wais.peer->host = xstrdup(Config.Wais.relayHost);
 	Config.Wais.peer->http_port = Config.Wais.relayPort;
     }
+    if (aclPurgeMethodInUse(Config.accessList.http))
+	Config2.onoff.enable_purge = 1;
 }
 
 /* Parse a time specification from the config file.  Store the
diff --git a/src/client_side.cc b/src/client_side.cc
index 4e6a9e6198..e109dd54a0 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.cc,v 1.468 2000/01/05 23:32:19 wessels Exp $
+ * $Id: client_side.cc,v 1.469 2000/01/14 08:37:05 wessels Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -524,8 +524,8 @@ clientPurgeRequest(clientHttpRequest * http)
     StoreEntry *entry;
     ErrorState *err = NULL;
     HttpReply *r;
-    debug(33, 3) ("Config.onoff.enable_purge = %d\n", Config.onoff.enable_purge);
-    if (!Config.onoff.enable_purge) {
+    debug(33, 1) ("Config2.onoff.enable_purge = %d\n", Config2.onoff.enable_purge);
+    if (!Config2.onoff.enable_purge) {
 	http->log_type = LOG_TCP_DENIED;
 	err = errorCon(ERR_ACCESS_DENIED, HTTP_FORBIDDEN);
 	err->request = requestLink(http->request);
diff --git a/src/protos.h b/src/protos.h
index 3c3c6410a0..919544238d 100644
--- a/src/protos.h
+++ b/src/protos.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: protos.h,v 1.353 2000/01/11 05:00:29 wessels Exp $
+ * $Id: protos.h,v 1.354 2000/01/14 08:37:07 wessels Exp $
  *
  *
  * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -62,6 +62,7 @@ extern int aclMatchRegex(relist * data, const char *word);
 extern void aclParseRegexList(void *curlist);
 extern const char *aclTypeToStr(squid_acl);
 extern wordlist *aclDumpGeneric(const acl *);
+extern int aclPurgeMethodInUse(acl_access *);
 
 #if USE_ASYNC_IO
 extern int aio_cancel(aio_result_t *);
@@ -861,7 +862,7 @@ extern HttpReply *storeEntryReply(StoreEntry *);
 extern int storeTooManyDiskFilesOpen(void);
 extern void storeEntryReset(StoreEntry *);
 extern void storeHeapPositionUpdate(StoreEntry *);
-extern void storeSwapFileNumberSet(StoreEntry *e, sfileno filn);
+extern void storeSwapFileNumberSet(StoreEntry * e, sfileno filn);
 
 /* store_io.c */
 extern STOBJOPEN storeOpen;
diff --git a/src/structs.h b/src/structs.h
index e8adb642c1..7476688ccb 100644
--- a/src/structs.h
+++ b/src/structs.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.311 2000/01/11 05:32:58 wessels Exp $
+ * $Id: structs.h,v 1.312 2000/01/14 08:37:08 wessels Exp $
  *
  *
  * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -378,7 +378,6 @@ struct _SquidConfig {
     } Netdb;
     struct {
 	int log_udp;
-	int enable_purge;
 	int res_defnames;
 	int anonymizer;
 	int client_db;
@@ -492,6 +491,9 @@ struct _SquidConfig2 {
 	char *prefix;
 	int on;
     } Accel;
+    struct {
+	int enable_purge;
+    } onoff;
 };
 
 struct _close_handler {