]> git.ipfire.org Git - thirdparty/squid.git/commitdiff
Bug 1923 fix: Do not send hop-by-hop headers to the ICAP server.
authorrousskov <>
Wed, 23 Jan 2008 02:53:03 +0000 (02:53 +0000)
committerrousskov <>
Wed, 23 Jan 2008 02:53:03 +0000 (02:53 +0000)
Send Proxy-Authenticate&Proxy-Authorization in ICAP request headers.

src/HttpHeader.cc
src/HttpHeader.h
src/ICAP/ICAPModXact.cc
src/client_side_reply.cc

index 9e5b8867065c6d4aa4e226969a0bc2b75dae9f71..a0bab13f85c9af70625b62f1e9aa1f7a585dd209 100644 (file)
@@ -1,6 +1,6 @@
 
 /*
- * $Id: HttpHeader.cc,v 1.138 2007/11/26 13:09:55 hno Exp $
+ * $Id: HttpHeader.cc,v 1.139 2008/01/22 19:53:03 rousskov Exp $
  *
  * DEBUG: section 55    HTTP Header
  * AUTHOR: Alex Rousskov
@@ -236,6 +236,12 @@ static http_hdr_type RequestHeadersArr[] =
         HDR_USER_AGENT, HDR_X_FORWARDED_FOR, HDR_SURROGATE_CAPABILITY
     };
 
+static http_hdr_type HopByHopHeadersArr[] =
+    {
+        HDR_CONNECTION, HDR_KEEP_ALIVE, HDR_PROXY_AUTHENTICATE, HDR_PROXY_AUTHORIZATION,
+        HDR_TE, HDR_TRAILERS, HDR_TRANSFER_ENCODING, HDR_UPGRADE
+    };
+
 /* header accounting */
 static HttpHeaderStat HttpHeaderStats[] =
     {
@@ -1762,6 +1768,18 @@ HttpHeader::hasByNameListMember(const char *name, const char *member, const char
     return result;
 }
 
+void
+HttpHeader::removeHopByHopEntries()
+{
+    removeConnectionHeaderEntries();
+    
+    int count = countof(HopByHopHeadersArr);
+    
+    for (int i=0; i<count; i++)
+        delById(HopByHopHeadersArr[i]);    
+    
+}
+
 void
 HttpHeader::removeConnectionHeaderEntries()
 {
@@ -1788,7 +1806,5 @@ HttpHeader::removeConnectionHeaderEntries()
         }
         if (headers_deleted)
             refreshMask();
-
-        delById(HDR_CONNECTION);
     }
 }
index 2f67953654a6a0723c4468485cc886f49a27e65c..204434dd2b419e0fbb7a3eb6901772f22858964b 100644 (file)
@@ -1,6 +1,6 @@
 
 /*
- * $Id: HttpHeader.h,v 1.24 2007/11/26 13:09:55 hno Exp $
+ * $Id: HttpHeader.h,v 1.25 2008/01/22 19:53:03 rousskov Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -246,13 +246,16 @@ public:
     TimeOrTag getTimeOrTag(http_hdr_type id) const;
     int hasListMember(http_hdr_type id, const char *member, const char separator) const;
     int hasByNameListMember(const char *name, const char *member, const char separator) const;
-    void removeConnectionHeaderEntries();
+    void removeHopByHopEntries();
     /* protected, do not use these, use interface functions instead */
     Vector<HttpHeaderEntry *> entries;         /* parsed fields in raw format */
     HttpHeaderMask mask;       /* bit set <=> entry present */
     http_hdr_owner_type owner; /* request or reply */
     int len;                   /* length when packed, not counting terminating '\0' */
 
+protected:
+    void removeConnectionHeaderEntries();
+    
 private:
     HttpHeaderEntry *findLastEntry(http_hdr_type id) const;
     // Make it non-copyable. Our destructor is a bit nasty...
index 4aaf7f49551c73c8d4d64f7d1c0dddcc073c54ce..807505d42315c2719d1ec6c482c0da57120b9910 100644 (file)
@@ -1083,6 +1083,16 @@ void ICAPModXact::makeRequestHeaders(MemBuf &buf)
     if (!TheICAPConfig.reuse_connections)
         buf.Printf("Connection: close\r\n");
 
+    // we must forward "Proxy-Authenticate" and "Proxy-Authorization"
+    // as ICAP headers.
+    if (virgin.header->header.has(HDR_PROXY_AUTHENTICATE)) 
+        buf.Printf("Proxy-Authenticate: %s\r\n", 
+                virgin.header->header.getByName("Proxy-Authenticate").buf());    
+    
+    if (virgin.header->header.has(HDR_PROXY_AUTHORIZATION)) 
+        buf.Printf("Proxy-Authorization: %s\r\n", 
+                virgin.header->header.getByName("Proxy-Authorization").buf());
+
     buf.Printf("Encapsulated: ");
 
     MemBuf httpBuf;
@@ -1170,8 +1180,38 @@ void ICAPModXact::encapsulateHead(MemBuf &icapBuf, const char *section, MemBuf &
     // update ICAP header
     icapBuf.Printf("%s=%d, ", section, (int) httpBuf.contentSize());
 
-    // pack HTTP head
-    packHead(httpBuf, head);
+    // begin cloning
+    HttpMsg *headClone = NULL;
+    
+    if (const HttpRequest* old_request = dynamic_cast<const HttpRequest*>(head)) {
+        HttpRequest* new_request = new HttpRequest;
+        urlParse(old_request->method, old_request->canonical,new_request);
+        new_request->http_ver = old_request->http_ver;
+        inheritVirginProperties(*new_request, *old_request);
+        headClone = new_request;
+    } 
+    else if (const HttpReply *old_reply = dynamic_cast<const HttpReply*>(head)) {
+        HttpReply* new_reply = new HttpReply;
+        new_reply->sline = old_reply->sline;
+        headClone = new_reply;
+    }
+    
+    Must(headClone);
+    
+    HttpHeaderPos pos = HttpHeaderInitPos;
+    HttpHeaderEntry* p_head_entry = NULL;
+    while (NULL != (p_head_entry = head->header.getEntry(&pos)) )
+        headClone->header.addEntry(p_head_entry->clone());
+
+    // end cloning
+        
+    // remove all hop-by-hop headers from the clone
+    headClone->header.removeHopByHopEntries();
+
+    // pack polished HTTP header
+    packHead(httpBuf, headClone);
+
+    delete headClone;
 }
 
 void ICAPModXact::packHead(MemBuf &httpBuf, const HttpMsg *head)
index 13de32f3c1e75f4cbc5c99d3d2d209f15032a574..0ad99b60fdf455d13af15281ba54d80b131152f1 100644 (file)
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side_reply.cc,v 1.149 2008/01/22 16:45:45 rousskov Exp $
+ * $Id: client_side_reply.cc,v 1.150 2008/01/22 19:53:03 rousskov Exp $
  *
  * DEBUG: section 88    Client-side Reply Routines
  * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c)
@@ -1234,10 +1234,7 @@ clientReplyContext::buildReplyHeader()
     if (is_hit)
         hdr->delById(HDR_SET_COOKIE);
 
-    /*
-     * Be sure to obey the Connection header 
-     */
-    reply->header.removeConnectionHeaderEntries();
+    reply->header.removeHopByHopEntries();
 
     //    if (request->range)
     //      clientBuildRangeHeader(http, reply);