From: Amos Jeffries Date: Tue, 4 Jun 2013 06:58:07 +0000 (-0600) Subject: Fix incorrect external_acl_type codes X-Git-Tag: SQUID_3_3_6~12 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b9d312f1a203c23099e175183a747011013cf7ea;p=thirdparty%2Fsquid.git Fix incorrect external_acl_type codes Documentation describes %USER_CA_CERT_* codes for outputing the CA cert attributes. However the directive parser and internals were all referencing it as %CA_CERT_*. This updates the internals to match documentation, and adds an upgrade notice for any installations using the old token name. Also, Prepare external_acl_type format codes for libformat upgrade. Add upgrade warnings for the %> and %< header codes which will change radically in a future version when libformat is integrated. Also, while we are at it support the other logformat codes which map 1:1 but silently for now and only on parse. --- diff --git a/src/external_acl.cc b/src/external_acl.cc index 78ff33c2cd..4e8614f6c6 100644 --- a/src/external_acl.cc +++ b/src/external_acl.cc @@ -185,7 +185,7 @@ struct _external_acl_format { #if USE_SSL EXT_ACL_USER_CERT, - EXT_ACL_CA_CERT, + EXT_ACL_USER_CA_CERT, EXT_ACL_USER_CERT_RAW, EXT_ACL_USER_CERTCHAIN_RAW, #endif @@ -414,28 +414,31 @@ parse_externalAclHelper(external_acl ** list) if (strncmp(token, "%{", 2) == 0) { // deprecated. but assume the old configs all referred to request headers. - debugs(82, DBG_IMPORTANT, "WARNING: external_acl_type format %{...} is being replaced by %>{...} for : " << token); + debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type format %{...} is being replaced by %>ha{...} for : " << token); parse_header_token(format, (token+2), _external_acl_format::EXT_ACL_HEADER_REQUEST); } else if (strncmp(token, "%>{", 3) == 0) { + debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type format %>{...} is being replaced by %>ha{...} for : " << token); + parse_header_token(format, (token+3), _external_acl_format::EXT_ACL_HEADER_REQUEST); + } else if (strncmp(token, "%>ha{", 5) == 0) { parse_header_token(format, (token+3), _external_acl_format::EXT_ACL_HEADER_REQUEST); } else if (strncmp(token, "%<{", 3) == 0) { + debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type format %<{...} is being replaced by %type = _external_acl_format::EXT_ACL_LOGIN; a->require_auth = true; #endif } - #if USE_IDENT - else if (strcmp(token, "%IDENT") == 0) + else if (strcmp(token, "%IDENT") == 0 || strcmp(token, "%ui") == 0) format->type = _external_acl_format::EXT_ACL_IDENT; - #endif - - else if (strcmp(token, "%SRC") == 0) + else if (strcmp(token, "%SRC") == 0 || strcmp(token, "%>a") == 0) format->type = _external_acl_format::EXT_ACL_SRC; - else if (strcmp(token, "%SRCPORT") == 0) + else if (strcmp(token, "%SRCPORT") == 0 || strcmp(token, "%>p") == 0) format->type = _external_acl_format::EXT_ACL_SRCPORT; #if USE_SQUID_EUI else if (strcmp(token, "%SRCEUI48") == 0) @@ -443,11 +446,11 @@ parse_externalAclHelper(external_acl ** list) else if (strcmp(token, "%SRCEUI64") == 0) format->type = _external_acl_format::EXT_ACL_SRCEUI64; #endif - else if (strcmp(token, "%MYADDR") == 0) + else if (strcmp(token, "%MYADDR") == 0 || strcmp(token, "%la") == 0) format->type = _external_acl_format::EXT_ACL_MYADDR; - else if (strcmp(token, "%MYPORT") == 0) + else if (strcmp(token, "%MYPORT") == 0 || strcmp(token, "%lp") == 0) format->type = _external_acl_format::EXT_ACL_MYPORT; - else if (strcmp(token, "%URI") == 0) + else if (strcmp(token, "%URI") == 0 || strcmp(token, "%>ru") == 0) format->type = _external_acl_format::EXT_ACL_URI; else if (strcmp(token, "%DST") == 0) format->type = _external_acl_format::EXT_ACL_DST; @@ -455,11 +458,10 @@ parse_externalAclHelper(external_acl ** list) format->type = _external_acl_format::EXT_ACL_PROTO; else if (strcmp(token, "%PORT") == 0) format->type = _external_acl_format::EXT_ACL_PORT; - else if (strcmp(token, "%PATH") == 0) + else if (strcmp(token, "%PATH") == 0 || strcmp(token, "%>rp") == 0) format->type = _external_acl_format::EXT_ACL_PATH; - else if (strcmp(token, "%METHOD") == 0) + else if (strcmp(token, "%METHOD") == 0 || strcmp(token, "%>rm") == 0) format->type = _external_acl_format::EXT_ACL_METHOD; - #if USE_SSL else if (strcmp(token, "%USER_CERT") == 0) format->type = _external_acl_format::EXT_ACL_USER_CERT_RAW; @@ -468,8 +470,12 @@ parse_externalAclHelper(external_acl ** list) else if (strncmp(token, "%USER_CERT_", 11) == 0) { format->type = _external_acl_format::EXT_ACL_USER_CERT; format->header = xstrdup(token + 11); + } else if (strncmp(token, "%USER_CA_CERT_", 11) == 0) { + format->type = _external_acl_format::EXT_ACL_USER_CA_CERT; + format->header = xstrdup(token + 11); } else if (strncmp(token, "%CA_CERT_", 11) == 0) { - format->type = _external_acl_format::EXT_ACL_USER_CERT; + debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type %CA_CERT_* code is obsolete. Use %USER_CA_CERT_* instead"); + format->type = _external_acl_format::EXT_ACL_USER_CA_CERT; format->header = xstrdup(token + 11); } #endif @@ -612,7 +618,7 @@ dump_externalAclHelper(StoreEntry * sentry, const char *name, const external_acl DUMP_EXT_ACL_TYPE_FMT(USER_CERT_RAW, " %%USER_CERT_RAW"); DUMP_EXT_ACL_TYPE_FMT(USER_CERTCHAIN_RAW, " %%USER_CERTCHAIN_RAW"); DUMP_EXT_ACL_TYPE_FMT(USER_CERT, " %%USER_CERT_%s", format->header); - DUMP_EXT_ACL_TYPE_FMT(CA_CERT, " %%CA_CERT_%s", format->header); + DUMP_EXT_ACL_TYPE_FMT(USER_CA_CERT, " %%USER_CA_CERT_%s", format->header); #endif #if USE_AUTH DUMP_EXT_ACL_TYPE(EXT_USER); @@ -1127,7 +1133,7 @@ makeExternalAclKey(ACLFilledChecklist * ch, external_acl_data * acl_data) break; - case _external_acl_format::EXT_ACL_CA_CERT: + case _external_acl_format::EXT_ACL_USER_CA_CERT: if (ch->conn() != NULL && Comm::IsConnOpen(ch->conn()->clientConnection)) { SSL *ssl = fd_table[ch->conn()->clientConnection->fd].ssl;