From: hno <> Date: Sat, 3 Apr 2004 22:00:12 +0000 (+0000) Subject: Bug #860: redirector_access does not handle slow acls such as dst or X-Git-Tag: SQUID_3_0_PRE4~1123 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=74eaf3e6e5f100dd135285a58229f9f541fc0358;p=thirdparty%2Fsquid.git Bug #860: redirector_access does not handle slow acls such as dst or external correctly redirector_access was a "fast" acl lookup and did not handle "slow" acls requiring external lookups such as dst or external correcly --- diff --git a/src/client_side_request.cc b/src/client_side_request.cc index 26f77ce12a..7aeb219026 100644 --- a/src/client_side_request.cc +++ b/src/client_side_request.cc @@ -1,6 +1,6 @@ /* - * $Id: client_side_request.cc,v 1.34 2003/09/06 12:47:34 robertc Exp $ + * $Id: client_side_request.cc,v 1.35 2004/04/03 15:00:12 hno Exp $ * * DEBUG: section 85 Client-side Request Routines * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c) @@ -112,6 +112,7 @@ static void clientAccessCheckDone(int, void *); static int clientCachable(clientHttpRequest * http); static int clientHierarchical(clientHttpRequest * http); static void clientInterpretRequestHeaders(clientHttpRequest * http); +static void clientRedirectStart(clientHttpRequest *http); static RH clientRedirectDone; extern "C" CSR clientGetMoreData; extern "C" CSS clientReplyStatus; @@ -393,7 +394,7 @@ clientAccessCheckDone(int answer, void *data) http->uri = xstrdup(urlCanonical(http->request)); assert(context->redirect_state == REDIRECT_NONE); context->redirect_state = REDIRECT_PENDING; - redirectStart(http, clientRedirectDone, context); + clientRedirectStart(http); } else { /* Send an error */ clientStreamNode *node = (clientStreamNode *)http->client_stream.tail->prev->data; @@ -443,6 +444,39 @@ clientAccessCheckDone(int answer, void *data) } } +static void +clientRedirectAccessCheckDone(int answer, void *data) +{ + clientHttpRequest *http = (clientHttpRequest *)data; + ClientRequestContext *context = (ClientRequestContext *)http; + + context->acl_checklist = NULL; + + if (answer == ACCESS_ALLOWED) + redirectStart(http, clientRedirectDone, data); + else + clientRedirectDone(context, NULL); +} + +static void +clientRedirectStart(clientHttpRequest *http) +{ + ClientRequestContext *context = (ClientRequestContext *)http; + debug(33, 5) ("clientRedirectStart: '%s'\n", http->uri); + + if (Config.Program.redirect == NULL) { + clientRedirectDone(http, NULL); + return; + } + + if (Config.accessList.redirector) { + context->acl_checklist = clientAclChecklistCreate(Config.accessList.redirector, http); + context->acl_checklist->nonBlockingCheck(clientRedirectAccessCheckDone, context); + } else { + redirectStart(http, clientRedirectDone, http); + } +} + static int clientCachable(clientHttpRequest * http) { diff --git a/src/redirect.cc b/src/redirect.cc index ff7167b186..b1d094b023 100644 --- a/src/redirect.cc +++ b/src/redirect.cc @@ -1,6 +1,6 @@ /* - * $Id: redirect.cc,v 1.103 2003/11/06 12:27:02 hno Exp $ + * $Id: redirect.cc,v 1.104 2004/04/03 15:00:12 hno Exp $ * * DEBUG: section 61 Redirector * AUTHOR: Duane Wessels @@ -114,33 +114,6 @@ redirectStart(clientHttpRequest * http, RH * handler, void *data) assert(handler); debug(61, 5) ("redirectStart: '%s'\n", http->uri); - if (Config.Program.redirect == NULL) { - handler(data, NULL); - return; - } - - if (Config.accessList.redirector) { - ACLChecklist ch; - - if (conn.getRaw() != NULL) { - ch.src_addr = conn->peer.sin_addr; - ch.my_addr = conn->me.sin_addr; - ch.my_port = ntohs(conn->me.sin_port); - } - - ch.request = requestLink(http->request); - ch.accessList = Config.accessList.redirector; - - if (!ch.fastCheck()) { - ch.accessList = NULL; - /* denied -- bypass redirector */ - handler(data, NULL); - return; - } - - ch.accessList = NULL; - } - if (Config.onoff.redirector_bypass && redirectors->stats.queue_size) { /* Skip redirector if there is one request queued */ n_bypassed++;