From: Amos Jeffries Date: Sun, 26 Nov 2017 13:41:58 +0000 (+0000) Subject: Backwards compatibility for 3.5 external_acl_type formats (#52) X-Git-Tag: SQUID_4_0_22~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=617bdf2754e89e35d0ec54477d915c5cdf2a7675;p=thirdparty%2Fsquid.git Backwards compatibility for 3.5 external_acl_type formats (#52) * Fix missing Squid-3 external_acl_type format codes compatibility The %<{...} and %>{...} may produce header, or header-element type codes. * Fix incomplete compatibility for %EXT_TAG code * Add config test for old external_acl_type format codes --- diff --git a/src/external_acl.cc b/src/external_acl.cc index a7c791b98e..f1e8fca917 100644 --- a/src/external_acl.cc +++ b/src/external_acl.cc @@ -301,13 +301,31 @@ parse_externalAclHelper(external_acl ** list) (*fmt)->data.header.header = (*fmt)->data.string; } else #endif - { - // we can use the Format::Token::parse() method since it - // only pulls off one token. Since we already checked - // for '%' prefix above this is guaranteed to be a token. - const size_t len = (*fmt)->parse(token, "e); - assert(len == strlen(token)); - } + if (strncmp(token,"%<{", 3) == 0) { + SBuf tmp("%parse(tmp.c_str(), "e); + assert(parsedLen == tmp.length()); + assert((*fmt)->type == Format::LFT_REPLY_HEADER || + (*fmt)->type == Format::LFT_REPLY_HEADER_ELEM); + + } else if (strncmp(token,"%>{", 3) == 0) { + SBuf tmp("%>ha"); + tmp.append(token+2); + debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type format %>{...} is deprecated. Use " << tmp); + const size_t parsedLen = (*fmt)->parse(tmp.c_str(), "e); + assert(parsedLen == tmp.length()); + assert((*fmt)->type == Format::LFT_ADAPTED_REQUEST_HEADER || + (*fmt)->type == Format::LFT_ADAPTED_REQUEST_HEADER_ELEM); + + } else { + // we can use the Format::Token::parse() method since it + // only pulls off one token. Since we already checked + // for '%' prefix above this is guaranteed to be a token. + const size_t len = (*fmt)->parse(token, "e); + assert(len == strlen(token)); + } // process special token-specific actions (only if necessary) #if USE_AUTH diff --git a/src/format/Token.cc b/src/format/Token.cc index e0c69d3499..222a5a52ec 100644 --- a/src/format/Token.cc +++ b/src/format/Token.cc @@ -152,6 +152,7 @@ static TokenTableEntry TokenTableMisc[] = { TokenTableEntry("DATA", LFT_EXT_ACL_DATA), TokenTableEntry("DST", LFT_CLIENT_REQ_URLDOMAIN), TokenTableEntry("EXT_LOG", LFT_EXT_LOG), + TokenTableEntry("EXT_TAG", LFT_TAG), TokenTableEntry("EXT_USER", LFT_USER_EXTERNAL), TokenTableEntry("IDENT", LFT_USER_IDENT), TokenTableEntry("LOGIN", LFT_USER_LOGIN), diff --git a/test-suite/squidconf/external_acl_type b/test-suite/squidconf/external_acl_type new file mode 100644 index 0000000000..b35b5c5853 --- /dev/null +++ b/test-suite/squidconf/external_acl_type @@ -0,0 +1,46 @@ +## Copyright (C) 1996-2017 The Squid Software Foundation and contributors +## +## Squid software is distributed under GPLv2+ license and includes +## contributions from numerous individuals and organizations. +## Please see the COPYING and CONTRIBUTORS files for details. +## + +# Check Backward Compatibility with Squid-3 formats +external_acl_type foo \ + %LOGIN \ + %un \ + %EXT_USER \ + %EXT_LOG \ + %EXT_TAG \ + %IDENT \ + %SRC \ + %SRCPORT \ + %URI \ + %DST \ + %PROTO \ + %PORT \ + %PATH \ + %METHOD \ + %MYADDR \ + %MYPORT \ + %PATH \ + %>{Header} \ + %>{Hdr:member} \ + %>{Hdr:;member} \ + %>{Hdr:Xmember} \ + %<{Header} \ + %<{Hdr:member} \ + %<{Hdr:;member} \ + %<{Hdr:Xmember} \ + %ACL \ + %DATA \ + %% /bin/true + +# TODO: enable when these are no longer requiring OpenSSL +# %USER_CERT +# %USER_CERTCHAIN +# %USER_CERT_xx +# %USER_CA_CERT_xx +# %ssl::>sni +# %ssl::