From: amosjeffries <> Date: Wed, 27 Feb 2008 12:59:29 +0000 (+0000) Subject: Author: rousskov X-Git-Tag: SQUID_3_0_STABLE2~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2fcdc12cc170e2a1d72e363ce06141da3b80e997;p=thirdparty%2Fsquid.git Author: rousskov Bug 1923 fix: Do not send hop-by-hop headers to the ICAP server. - Send Proxy-Authenticate and Proxy-Authorization in ICAP request headers. - removeConnectionHeaderEntries() is removeHopByHopEntries() now. --- diff --git a/src/ESIInclude.cc b/src/ESIInclude.cc index 7e6bb5c529..95b09bca3d 100644 --- a/src/ESIInclude.cc +++ b/src/ESIInclude.cc @@ -1,6 +1,6 @@ /* - * $Id: ESIInclude.cc,v 1.14.2.1 2008/02/10 10:43:09 serassio Exp $ + * $Id: ESIInclude.cc,v 1.14.2.2 2008/02/27 05:59:29 amosjeffries Exp $ * * DEBUG: section 86 ESI processing * AUTHOR: Robert Collins @@ -320,7 +320,7 @@ void ESIInclude::prepareRequestHeaders(HttpHeader &tempheaders, ESIVarState *vars) { tempheaders.update (&vars->header(), NULL); - tempheaders.removeConnectionHeaderEntries(); + tempheaders.removeHopByHopEntries(); } diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc index 9e5b886706..a836df8de5 100644 --- a/src/HttpHeader.cc +++ b/src/HttpHeader.cc @@ -1,6 +1,6 @@ /* - * $Id: HttpHeader.cc,v 1.138 2007/11/26 13:09:55 hno Exp $ + * $Id: HttpHeader.cc,v 1.138.2.1 2008/02/27 05:59:29 amosjeffries Exp $ * * DEBUG: section 55 HTTP Header * AUTHOR: Alex Rousskov @@ -236,6 +236,12 @@ static http_hdr_type RequestHeadersArr[] = HDR_USER_AGENT, HDR_X_FORWARDED_FOR, HDR_SURROGATE_CAPABILITY }; +static http_hdr_type HopByHopHeadersArr[] = + { + HDR_CONNECTION, HDR_KEEP_ALIVE, HDR_PROXY_AUTHENTICATE, HDR_PROXY_AUTHORIZATION, + HDR_TE, HDR_TRAILERS, HDR_TRANSFER_ENCODING, HDR_UPGRADE + }; + /* header accounting */ static HttpHeaderStat HttpHeaderStats[] = { @@ -1762,6 +1768,18 @@ HttpHeader::hasByNameListMember(const char *name, const char *member, const char return result; } +void +HttpHeader::removeHopByHopEntries() +{ + removeConnectionHeaderEntries(); + + int count = countof(HopByHopHeadersArr); + + for (int i=0; i entries; /* parsed fields in raw format */ HttpHeaderMask mask; /* bit set <=> entry present */ http_hdr_owner_type owner; /* request or reply */ int len; /* length when packed, not counting terminating '\0' */ +protected: + void removeConnectionHeaderEntries(); + private: HttpHeaderEntry *findLastEntry(http_hdr_type id) const; // Make it non-copyable. Our destructor is a bit nasty... diff --git a/src/ICAP/ICAPModXact.cc b/src/ICAP/ICAPModXact.cc index 90622d11eb..b06cecb8de 100644 --- a/src/ICAP/ICAPModXact.cc +++ b/src/ICAP/ICAPModXact.cc @@ -1085,6 +1085,16 @@ void ICAPModXact::makeRequestHeaders(MemBuf &buf) if (!TheICAPConfig.reuse_connections) buf.Printf("Connection: close\r\n"); + // we must forward "Proxy-Authenticate" and "Proxy-Authorization" + // as ICAP headers. + if (virgin.header->header.has(HDR_PROXY_AUTHENTICATE)) + buf.Printf("Proxy-Authenticate: %s\r\n", + virgin.header->header.getByName("Proxy-Authenticate").buf()); + + if (virgin.header->header.has(HDR_PROXY_AUTHORIZATION)) + buf.Printf("Proxy-Authorization: %s\r\n", + virgin.header->header.getByName("Proxy-Authorization").buf()); + buf.Printf("Encapsulated: "); MemBuf httpBuf; @@ -1173,8 +1183,38 @@ void ICAPModXact::encapsulateHead(MemBuf &icapBuf, const char *section, MemBuf & // update ICAP header icapBuf.Printf("%s=%d, ", section, (int) httpBuf.contentSize()); - // pack HTTP head - packHead(httpBuf, head); + // begin cloning + HttpMsg *headClone = NULL; + + if (const HttpRequest* old_request = dynamic_cast(head)) { + HttpRequest* new_request = new HttpRequest; + urlParse(old_request->method, old_request->canonical,new_request); + new_request->http_ver = old_request->http_ver; + inheritVirginProperties(*new_request, *old_request); + headClone = new_request; + } + else if (const HttpReply *old_reply = dynamic_cast(head)) { + HttpReply* new_reply = new HttpReply; + new_reply->sline = old_reply->sline; + headClone = new_reply; + } + + Must(headClone); + + HttpHeaderPos pos = HttpHeaderInitPos; + HttpHeaderEntry* p_head_entry = NULL; + while (NULL != (p_head_entry = head->header.getEntry(&pos)) ) + headClone->header.addEntry(p_head_entry->clone()); + + // end cloning + + // remove all hop-by-hop headers from the clone + headClone->header.removeHopByHopEntries(); + + // pack polished HTTP header + packHead(httpBuf, headClone); + + delete headClone; } void ICAPModXact::packHead(MemBuf &httpBuf, const HttpMsg *head) diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc index fd1d115483..4f2f417f0e 100644 --- a/src/client_side_reply.cc +++ b/src/client_side_reply.cc @@ -1,6 +1,6 @@ /* - * $Id: client_side_reply.cc,v 1.144.2.3 2008/02/26 00:05:47 amosjeffries Exp $ + * $Id: client_side_reply.cc,v 1.144.2.4 2008/02/27 05:59:29 amosjeffries Exp $ * * DEBUG: section 88 Client-side Reply Routines * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c) @@ -1214,10 +1214,7 @@ clientReplyContext::buildReplyHeader() if (is_hit) hdr->delById(HDR_SET_COOKIE); - /* - * Be sure to obey the Connection header - */ - reply->header.removeConnectionHeaderEntries(); + reply->header.removeHopByHopEntries(); // if (request->range) // clientBuildRangeHeader(http, reply);