From: Amos Jeffries Date: Fri, 3 Nov 2017 05:38:40 +0000 (+1300) Subject: Bug 4679: User names not sent to url_rewrite_program (#78) X-Git-Tag: M-staged-PR71~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e3bf07f56ff949f596b3060ba55f20ba6edf170e;p=thirdparty%2Fsquid.git Bug 4679: User names not sent to url_rewrite_program (#78) Add accessors to AccessLogEntry for retrieving IDENT and External ACL user labels in a consistent way. Use these accessors for all log and logformat outputs. NP: does not hide/remove the original cache.* members due to direct use remaining in some code locations that cannot yet be avoided. --- diff --git a/src/AccessLogEntry.cc b/src/AccessLogEntry.cc index b642a9953c..d5176e3881 100644 --- a/src/AccessLogEntry.cc +++ b/src/AccessLogEntry.cc @@ -70,6 +70,30 @@ AccessLogEntry::syncNotes(HttpRequest *req) assert(notes == req->notes()); } +const char * +AccessLogEntry::getClientIdent() const +{ + if (tcpClient) + return tcpClient->rfc931; + + if (cache.rfc931 && *cache.rfc931) + return cache.rfc931; + + return nullptr; +} + +const char * +AccessLogEntry::getExtUser() const +{ + if (request && request->extacl_user.size()) + return request->extacl_user.termedBuf(); + + if (cache.extuser && *cache.extuser) + return cache.extuser; + + return nullptr; +} + AccessLogEntry::~AccessLogEntry() { safe_free(headers.request); diff --git a/src/AccessLogEntry.h b/src/AccessLogEntry.h index 616f02ef59..72dffd85d7 100644 --- a/src/AccessLogEntry.h +++ b/src/AccessLogEntry.h @@ -49,6 +49,12 @@ public: /// including indirect forwarded-for IP if configured to log that void getLogClientIp(char *buf, size_t bufsz) const; + /// Fetch the client IDENT string, or nil if none is available. + const char *getClientIdent() const; + + /// Fetch the external ACL provided 'user=' string, or nil if none is available. + const char *getExtUser() const; + /// Fetch the transaction method string (ICP opcode, HTCP opcode or HTTP method) SBuf getLogMethod() const; diff --git a/src/client_side.cc b/src/client_side.cc index 0e7c25a917..02257c0521 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -416,9 +416,6 @@ ClientHttpRequest::logRequest() if (request) prepareLogWithRequestDetails(request, al); - if (getConn() != NULL && getConn()->clientConnection != NULL && getConn()->clientConnection->rfc931[0]) - al->cache.rfc931 = getConn()->clientConnection->rfc931; - #if USE_OPENSSL && 0 /* This is broken. Fails if the connection has been closed. Needs diff --git a/src/format/Format.cc b/src/format/Format.cc index 7e262fdc9f..1f5edb145a 100644 --- a/src/format/Format.cc +++ b/src/format/Format.cc @@ -873,13 +873,13 @@ Format::Format::assemble(MemBuf &mb, const AccessLogEntry::Pointer &al, int logS out = t; } if (!out) - out = strOrNull(al->cache.extuser); + out = strOrNull(al->getExtUser()); #if USE_OPENSSL if (!out) out = strOrNull(al->cache.ssluser); #endif if (!out) - out = strOrNull(al->cache.rfc931); + out = strOrNull(al->getClientIdent()); break; case LFT_USER_LOGIN: @@ -890,17 +890,11 @@ Format::Format::assemble(MemBuf &mb, const AccessLogEntry::Pointer &al, int logS break; case LFT_USER_IDENT: - out = strOrNull(al->cache.rfc931); + out = strOrNull(al->getClientIdent()); break; case LFT_USER_EXTERNAL: - if (al->request && al->request->extacl_user.size()) { - if (const char *t = al->request->extacl_user.termedBuf()) - out = t; - } - - if (!out) - out = strOrNull(al->cache.extuser); + out = strOrNull(al->getExtUser()); break; /* case LFT_USER_REALM: */ diff --git a/src/log/FormatHttpdCombined.cc b/src/log/FormatHttpdCombined.cc index c4aad78518..cff3a1e596 100644 --- a/src/log/FormatHttpdCombined.cc +++ b/src/log/FormatHttpdCombined.cc @@ -22,7 +22,7 @@ void Log::Format::HttpdCombined(const AccessLogEntry::Pointer &al, Logfile * logfile) { - const char *user_ident = ::Format::QuoteUrlEncodeUsername(al->cache.rfc931); + const char *user_ident = ::Format::QuoteUrlEncodeUsername(al->getClientIdent()); const char *user_auth = NULL; const char *referer = NULL; const char *agent = NULL; diff --git a/src/log/FormatHttpdCommon.cc b/src/log/FormatHttpdCommon.cc index 2b66772f46..c69502817b 100644 --- a/src/log/FormatHttpdCommon.cc +++ b/src/log/FormatHttpdCommon.cc @@ -27,7 +27,7 @@ Log::Format::HttpdCommon(const AccessLogEntry::Pointer &al, Logfile * logfile) if (al->request && al->request->auth_user_request != NULL) user_auth = ::Format::QuoteUrlEncodeUsername(al->request->auth_user_request->username()); #endif - const char *user_ident = ::Format::QuoteUrlEncodeUsername(al->cache.rfc931); + const char *user_ident = ::Format::QuoteUrlEncodeUsername(al->getClientIdent()); char clientip[MAX_IPSTRLEN]; al->getLogClientIp(clientip, MAX_IPSTRLEN); diff --git a/src/log/FormatSquidIcap.cc b/src/log/FormatSquidIcap.cc index 3fd3fcf71e..dab7ae95e3 100644 --- a/src/log/FormatSquidIcap.cc +++ b/src/log/FormatSquidIcap.cc @@ -43,7 +43,7 @@ Log::Format::SquidIcap(const AccessLogEntry::Pointer &al, Logfile * logfile) #endif if (!user) - user = ::Format::QuoteUrlEncodeUsername(al->cache.extuser); + user = ::Format::QuoteUrlEncodeUsername(al->getExtUser()); #if USE_OPENSSL if (!user) @@ -51,7 +51,7 @@ Log::Format::SquidIcap(const AccessLogEntry::Pointer &al, Logfile * logfile) #endif if (!user) - user = ::Format::QuoteUrlEncodeUsername(al->cache.rfc931); + user = ::Format::QuoteUrlEncodeUsername(al->getClientIdent()); if (user && !*user) safe_free(user); diff --git a/src/log/FormatSquidNative.cc b/src/log/FormatSquidNative.cc index c4e2896c94..141398f9b2 100644 --- a/src/log/FormatSquidNative.cc +++ b/src/log/FormatSquidNative.cc @@ -32,7 +32,7 @@ Log::Format::SquidNative(const AccessLogEntry::Pointer &al, Logfile * logfile) #endif if (!user) - user = ::Format::QuoteUrlEncodeUsername(al->cache.extuser); + user = ::Format::QuoteUrlEncodeUsername(al->getExtUser()); #if USE_OPENSSL if (!user) @@ -40,7 +40,7 @@ Log::Format::SquidNative(const AccessLogEntry::Pointer &al, Logfile * logfile) #endif if (!user) - user = ::Format::QuoteUrlEncodeUsername(al->cache.rfc931); + user = ::Format::QuoteUrlEncodeUsername(al->getClientIdent()); if (user && !*user) safe_free(user);