From: Eduard Bagdasaryan <eduard.bagdasaryan@measurement-factory.com>
Date: Sat, 21 Sep 2019 12:46:03 +0000 (+0000)
Subject: Supply ALE to request_header_access/reply_header_access (#477)
X-Git-Tag: SQUID_5_0_1~39
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=82a9ea6c00dbecc529fc901136869ded97e5b73c;p=thirdparty%2Fsquid.git

Supply ALE to request_header_access/reply_header_access (#477)

Commit cb36505 already covered many (but not all) similar cases.

Also supply HttpReply to cache_peer_access. Lack of reply
caused "ACL is used in context without an HTTP response" bug.
---

diff --git a/src/HttpHeaderTools.cc b/src/HttpHeaderTools.cc
index f2cded7add..b4f1ab111b 100644
--- a/src/HttpHeaderTools.cc
+++ b/src/HttpHeaderTools.cc
@@ -273,7 +273,7 @@ httpHeaderQuoteString(const char *raw)
  * \retval 1    Header has no access controls to test
  */
 static int
-httpHdrMangle(HttpHeaderEntry * e, HttpRequest * request, HeaderManglers *hms)
+httpHdrMangle(HttpHeaderEntry * e, HttpRequest * request, HeaderManglers *hms, const AccessLogEntryPointer &al)
 {
     int retval;
 
@@ -289,6 +289,12 @@ httpHdrMangle(HttpHeaderEntry * e, HttpRequest * request, HeaderManglers *hms)
 
     ACLFilledChecklist checklist(hm->access_list, request, NULL);
 
+    checklist.al = al;
+    if (al && al->reply) {
+        checklist.reply = al->reply.getRaw();
+        HTTPMSGLOCK(checklist.reply);
+    }
+
     if (checklist.fastCheck().allowed()) {
         /* aclCheckFast returns true for allow. */
         debugs(66, 7, "checklist for mangler is positive. Mangle");
@@ -335,7 +341,7 @@ httpHdrMangleList(HttpHeader *l, HttpRequest *request, const AccessLogEntryPoint
     if (hms) {
         int headers_deleted = 0;
         while ((e = l->getEntry(&p))) {
-            if (0 == httpHdrMangle(e, request, hms))
+            if (httpHdrMangle(e, request, hms, al) == 0)
                 l->delAt(p, headers_deleted);
         }
 
diff --git a/src/neighbors.cc b/src/neighbors.cc
index b5684cda02..9259b082e6 100644
--- a/src/neighbors.cc
+++ b/src/neighbors.cc
@@ -168,6 +168,10 @@ peerAllowedToUse(const CachePeer * p, PeerSelector * ps)
 
     ACLFilledChecklist checklist(p->access, request, NULL);
     checklist.al = ps->al;
+    if (ps->al && ps->al->reply) {
+        checklist.reply = ps->al->reply.getRaw();
+        HTTPMSGLOCK(checklist.reply);
+    }
     checklist.syncAle(request, nullptr);
     return checklist.fastCheck().allowed();
 }