From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Wed, 4 Feb 2009 20:21:36 +0000 (+0100)
Subject: external_acl_type %<{ and %USER_CERT_ / %CA_CERT_ parsing brokenness
X-Git-Tag: SQUID_3_2_0_1~1215
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c68c9682717c2f839936032d286512fb11706f95;p=thirdparty%2Fsquid.git

external_acl_type %<{ and %USER_CERT_ / %CA_CERT_ parsing brokenness

The parsing of external_acl_type formats was sligtly broken, destroying
%<{ (request header) if SSL was enabled and never able to parse %USER_CERT_
or %CA_CERT_..

Also clarified request/reply header syntax slightly
---

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 134b5ba064..702545ccdb 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -412,17 +412,17 @@ DOC_START
 	  %USER_CERT_xx	SSL User certificate subject attribute xx
 	  %USER_CA_xx	SSL User certificate issuer attribute xx
 
-	  %>{Header}	HTTP request header
+	  %>{Header}	HTTP request header "Header"
 	  %>{Hdr:member}
-	  		HTTP request header list member
+	  		HTTP request header "Hdr" list member "member"
 	  %>{Hdr:;member}
 	  		HTTP request header list member using ; as
 	  		list separator. ; can be any non-alphanumeric
 			character.
 
-	  %<{Header}	HTTP reply header
+	  %<{Header}	HTTP reply header "Header"
 	  %<{Hdr:member}
-	  		HTTP reply header list member
+	  		HTTP reply header "Hdr" list member "member"
 	  %<{Hdr:;member}
 	  		HTTP reply header list member using ; as
 	  		list separator. ; can be any non-alphanumeric
diff --git a/src/external_acl.cc b/src/external_acl.cc
index 1585ba65f4..6fd8bba979 100644
--- a/src/external_acl.cc
+++ b/src/external_acl.cc
@@ -365,14 +365,10 @@ parse_externalAclHelper(external_acl ** list)
             // deprecated. but assume the old configs all referred to request headers.
             debugs(82, DBG_IMPORTANT, "WARNING: external_acl_type format %{...} is being replaced by %>{...} for : " << token);
             parse_header_token(format, (token+2), _external_acl_format::EXT_ACL_HEADER_REQUEST);
-        }
-
-        if (strncmp(token, "%>{", 3) == 0) {
+        } else if (strncmp(token, "%>{", 3) == 0) {
             parse_header_token(format, (token+3), _external_acl_format::EXT_ACL_HEADER_REQUEST);
-        }
-        if (strncmp(token, "%<{", 3) == 0) {
+        } else if (strncmp(token, "%<{", 3) == 0) {
             parse_header_token(format, (token+3), _external_acl_format::EXT_ACL_HEADER_REPLY);
-
         } else if (strcmp(token, "%LOGIN") == 0) {
             format->type = _external_acl_format::EXT_ACL_LOGIN;
             a->require_auth = true;
@@ -411,10 +407,10 @@ parse_externalAclHelper(external_acl ** list)
             format->type = _external_acl_format::EXT_ACL_USER_CERT_RAW;
         else if (strcmp(token, "%USER_CERTCHAIN") == 0)
             format->type = _external_acl_format::EXT_ACL_USER_CERTCHAIN_RAW;
-        else if (strncmp(token, "%USER_CERT_", 11)) {
+        else if (strncmp(token, "%USER_CERT_", 11) == 0) {
             format->type = _external_acl_format::EXT_ACL_USER_CERT;
             format->header = xstrdup(token + 11);
-        } else if (strncmp(token, "%CA_CERT_", 11)) {
+        } else if (strncmp(token, "%CA_CERT_", 11) == 0) {
             format->type = _external_acl_format::EXT_ACL_USER_CERT;
             format->header = xstrdup(token + 11);
         }