From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 22 Dec 2011 04:49:24 +0000 (+1300)
Subject: Bug 3370: external ACL sometimes skipping
X-Git-Tag: BumpSslServerFirst.take05~12^2~107
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1abe0161fb3dc2dab870b9252db09a81af315e3e;p=thirdparty%2Fsquid.git

Bug 3370: external ACL sometimes skipping

Emit tag/user/log/message/pass details to the request in the case where
the external ACL entry has expired but within graceful revalidate period.

The result of this bug appears as incorrect matches later down the ACL
processing in any config relying on the external ACL output values.
Example; for bypassing auth login, or for filtering tagged traffic.
---

diff --git a/src/external_acl.cc b/src/external_acl.cc
index ab32b818fd..3d3d9bb2a4 100644
--- a/src/external_acl.cc
+++ b/src/external_acl.cc
@@ -747,6 +747,28 @@ ACLExternal::~ACLExternal()
     safe_free (class_);
 }
 
+static void
+copyResultsFromEntry(HttpRequest *req, external_acl_entry *entry)
+{
+    if (req) {
+#if USE_AUTH
+        if (entry->user.size())
+            req->extacl_user = entry->user;
+
+        if (entry->password.size())
+            req->extacl_passwd = entry->password;
+#endif
+        if (!req->tag.size())
+            req->tag = entry->tag;
+
+        if (entry->log.size())
+            req->extacl_log = entry->log;
+
+        if (entry->message.size())
+            req->extacl_message = entry->message;
+    }
+}
+
 static allow_t
 aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch)
 {
@@ -831,25 +853,7 @@ aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch)
     external_acl_message = entry->message.termedBuf();
 
     debugs(82, 2, HERE << acl->def->name << " = " << entry->result);
-
-    if (ch->request) {
-#if USE_AUTH
-        if (entry->user.size())
-            ch->request->extacl_user = entry->user;
-
-        if (entry->password.size())
-            ch->request->extacl_passwd = entry->password;
-#endif
-        if (!ch->request->tag.size())
-            ch->request->tag = entry->tag;
-
-        if (entry->log.size())
-            ch->request->extacl_log = entry->log;
-
-        if (entry->message.size())
-            ch->request->extacl_message = entry->message;
-    }
-
+    copyResultsFromEntry(ch->request, entry);
     return entry->result;
 }
 
@@ -1493,7 +1497,7 @@ ACLExternal::ExternalAclLookup(ACLChecklist *checklist, ACLExternal * me, EAH *
 #if USE_AUTH
             debugs(82, 4, "externalAclLookup: user=" << entry->user);
 #endif
-
+            copyResultsFromEntry(ch->request, entry);
         }
 
         callback(callback_data, entry);