From e5ffa2289b25319bcd3632856a2cb1ad562b82ca Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 22 Dec 2011 00:34:08 -0700
Subject: [PATCH] Bug 3370: external ACL sometimes skipping

Emit tag/user/log/message/pass details to the request in the case where
the external ACL entry has expired but within graceful revalidate period.

The result of this bug appears as incorrect matches later down the ACL
processing in any config relying on the external ACL output values.
Example; for bypassing auth login, or for filtering tagged traffic.
---
 src/external_acl.cc | 44 ++++++++++++++++++++++++--------------------
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/src/external_acl.cc b/src/external_acl.cc
index b0fa539e5a..66e40fb31c 100644
--- a/src/external_acl.cc
+++ b/src/external_acl.cc
@@ -747,6 +747,28 @@ ACLExternal::~ACLExternal()
     safe_free (class_);
 }
 
+static void
+copyResultsFromEntry(HttpRequest *req, external_acl_entry *entry)
+{
+    if (req) {
+#if USE_AUTH
+        if (entry->user.size())
+            req->extacl_user = entry->user;
+
+        if (entry->password.size())
+            req->extacl_passwd = entry->password;
+#endif
+        if (!req->tag.size())
+            req->tag = entry->tag;
+
+        if (entry->log.size())
+            req->extacl_log = entry->log;
+
+        if (entry->message.size())
+            req->extacl_message = entry->message;
+    }
+}
+
 static int
 aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch)
 {
@@ -834,25 +856,7 @@ aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch)
     external_acl_message = entry->message.termedBuf();
 
     debugs(82, 2, "aclMatchExternal: " << acl->def->name << " = " << result);
-
-    if (ch->request) {
-#if USE_AUTH
-        if (entry->user.size())
-            ch->request->extacl_user = entry->user;
-
-        if (entry->password.size())
-            ch->request->extacl_passwd = entry->password;
-#endif
-        if (!ch->request->tag.size())
-            ch->request->tag = entry->tag;
-
-        if (entry->log.size())
-            ch->request->extacl_log = entry->log;
-
-        if (entry->message.size())
-            ch->request->extacl_message = entry->message;
-    }
-
+    copyResultsFromEntry(ch->request, entry);
     return result;
 }
 
@@ -1479,7 +1483,7 @@ ACLExternal::ExternalAclLookup(ACLChecklist *checklist, ACLExternal * me, EAH *
 #if USE_AUTH
             debugs(82, 4, "externalAclLookup: user=" << entry->user);
 #endif
-
+            copyResultsFromEntry(ch->request, entry);
         }
 
         callback(callback_data, entry);
-- 
2.47.2