From dc1af3cf5bfffb368e2f47b6543f7654d2c8df54 Mon Sep 17 00:00:00 2001 From: hno <> Date: Sun, 15 Aug 2004 03:15:15 +0000 Subject: [PATCH] The external_acl helper protocol breaks down if there for whatever reason is newines embedded in the data. This patch changes the external acl helper protocol to use URL encoding with an optional configuration parameter to switch back to the "shell style" quoting used in Squid-2.5. In addition the "shell style" quoting format is extended to support newlines by the traditional \n and \r codes. --- src/cf.data.pre | 15 +++++++++------ src/external_acl.cc | 43 +++++++++++++++++++++++++++++++++++++------ src/tools.cc | 44 ++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 86 insertions(+), 16 deletions(-) diff --git a/src/cf.data.pre b/src/cf.data.pre index cde1a7b085..1287d5b148 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.353 2004/08/04 16:22:39 wessels Exp $ +# $Id: cf.data.pre,v 1.354 2004/08/14 21:15:15 hno Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -1918,6 +1918,7 @@ DOC_START grace=n Percentage remaining of TTL where a refresh of a cached entry should be initiated without needing to wait for a new reply. (default 0 for no grace period) + protocol=2.5 Compatibility mode for Squid-2.5 external acl helpers FORMAT specifications @@ -1948,7 +1949,8 @@ DOC_START The helper receives lines per the above format specification, and returns lines starting with OK or ERR indicating the validity of the request and optionally followed by additional keywords with - more details. + more details. To protect from odd characters the data is URL + escaped. General result syntax: @@ -1965,10 +1967,11 @@ DOC_START log= String to be logged in access.log. Available as %ea in logformat specifications - Keyword values need to be enclosed in quotes if they may - contain whitespace, or the whitespace escaped using \. Any - quotes or \ characters within the keyword value must be \ - escaped. + Keyword values need to be URL escaped if they may contain + contain whitespace or quotes. + + In Squid-2.5 compatibility mode quoting using " and \ is used + instead of URL escaping. DOC_END COMMENT_START diff --git a/src/external_acl.cc b/src/external_acl.cc index 4b95a30d7c..25ce731955 100644 --- a/src/external_acl.cc +++ b/src/external_acl.cc @@ -1,6 +1,6 @@ /* - * $Id: external_acl.cc,v 1.55 2003/11/19 17:18:35 hno Exp $ + * $Id: external_acl.cc,v 1.56 2004/08/14 21:15:16 hno Exp $ * * DEBUG: section 82 External ACL * AUTHOR: Henrik Nordstrom, MARA Systems AB @@ -114,6 +114,14 @@ public: dlink_list queue; int require_auth; + + enum + { + QUOTE_METHOD_SHELL = 1, + QUOTE_METHOD_URL + } + + quote; }; struct _external_acl_format @@ -215,6 +223,8 @@ parse_externalAclHelper(external_acl ** list) token = strtok(NULL, w_space); + a->quote = external_acl::QUOTE_METHOD_URL; + /* Parse options */ while (token) { if (strncmp(token, "ttl=", 4) == 0) { @@ -229,6 +239,14 @@ parse_externalAclHelper(external_acl ** list) a->cache_size = atoi(token + 6); } else if (strncmp(token, "grace=", 6) == 0) { a->grace = atoi(token + 6); + } else if (strcmp(token, "protocol=2.5") == 0) { + a->quote = external_acl::QUOTE_METHOD_SHELL; + } else if (strcmp(token, "protocol=3.0") == 0) { + a->quote = external_acl::QUOTE_METHOD_URL; + } else if (strcmp(token, "quote=url") == 0) { + a->quote = external_acl::QUOTE_METHOD_URL; + } else if (strcmp(token, "quote=shell") == 0) { + a->quote = external_acl::QUOTE_METHOD_SHELL; } else { break; } @@ -405,9 +423,9 @@ dump_externalAclHelper(StoreEntry * sentry, const char *name, const external_acl storeAppendPrintf(sentry, " %%{%s:%s}", format->header, format->member); break; #define DUMP_EXT_ACL_TYPE(a) \ - case _external_acl_format::EXT_ACL_##a: \ - storeAppendPrintf(sentry, " %%%s", #a); \ - break + case _external_acl_format::EXT_ACL_##a: \ + storeAppendPrintf(sentry, " %%%s", #a); \ + break DUMP_EXT_ACL_TYPE(LOGIN); #if USE_IDENT @@ -811,7 +829,12 @@ makeExternalAclKey(ACLChecklist * ch, external_acl_data * acl_data) if (!first) memBufAppend(&mb, " ", 1); - strwordquote(&mb, str); + if (acl_data->def->quote == external_acl::QUOTE_METHOD_URL) { + const char *quoted = rfc1738_escape(str); + memBufAppend(&mb, quoted, strlen(quoted)); + } else { + strwordquote(&mb, str); + } sb.clean(); @@ -822,7 +845,12 @@ makeExternalAclKey(ACLChecklist * ch, external_acl_data * acl_data) if (!first) memBufAppend(&mb, " ", 1); - strwordquote(&mb, arg->key); + if (acl_data->def->quote == external_acl::QUOTE_METHOD_URL) { + const char *quoted = rfc1738_escape(arg->key); + memBufAppend(&mb, quoted, strlen(quoted)); + } else { + strwordquote(&mb, arg->key); + } first = 0; } @@ -963,6 +991,9 @@ externalAclHandleReply(void *data, char *reply) if (value) { *value++ = '\0'; /* terminate the token, and move up to the value */ + if (state->def->quote == external_acl::QUOTE_METHOD_URL) + rfc1738_unescape(value); + if (strcmp(token, "user") == 0) entryData.user = value; else if (strcmp(token, "message") == 0) diff --git a/src/tools.cc b/src/tools.cc index 037ff43e22..2d5d622162 100644 --- a/src/tools.cc +++ b/src/tools.cc @@ -1,6 +1,6 @@ /* - * $Id: tools.cc,v 1.240 2003/09/29 10:24:02 robertc Exp $ + * $Id: tools.cc,v 1.241 2004/08/14 21:15:16 hno Exp $ * * DEBUG: section 21 Misc Functions * AUTHOR: Harvest Derived @@ -1292,7 +1292,27 @@ strwordtok(char *buf, char **t) case '\\': p++; - *d++ = ch = *p; + + switch (*p) { + + case 'n': + ch = '\n'; + + break; + + case 'r': + ch = '\r'; + + break; + + default: + ch = *p; + + break; + + } + + *d++ = ch; if (ch) p++; @@ -1339,14 +1359,30 @@ strwordquote(MemBuf * mb, const char *str) } while (*str) { - int l = strcspn(str, "\"\\"); + int l = strcspn(str, "\"\\\n\r"); memBufAppend(mb, str, l); str += l; - while (*str == '"' || *str == '\\') { + switch(*str) { + + case '\n': + memBufAppend(mb, "\\n", 2); + str++; + break; + + case '\r': + memBufAppend(mb, "\\r", 2); + str++; + break; + + case '\0': + break; + + default: memBufAppend(mb, "\\", 1); memBufAppend(mb, str, 1); str++; + break; } } -- 2.47.2