[PATCH] Fix session helper "crashing too rapidly"

Sun, 18 Sep 2011 13:05:53 -0700 

Hi,

I have run into a problem using the session helper (ext_session_acl). In
its current format, the session helper expects 2 parameters as a
minimum. However, using the example at
http://wiki.squid-cache.org/ConfigExamples/Portal/Splash only one is
passed (the IP address).

The second parameter expected is referred to as the user_key in the
source code, which is then returned as a prefix in the reply. When
user_key is missing, ext_session_acl segfaults. When it *is* there, its
presence in the reply message breaks the protocol (according to
http://www.squid-cache.org/Doc/config/external_acl_type/ the reply
should begin with "OK" or "ERR").

The attached patch completely removes the user_key variable. It Works
For Me (TM), but I do not know the original intention for user_key. Is
it needed?

I would also like to see any STDERR messages from the helper logged to
cache.log (for example, if the database cannot be created). What is the
best way to achieve this? I couldn't work out a way to do it - they
appear to be "lost" at the moment.

Thanks,

Andy


This patch fixes the ability to use the session helper.

Without this patch, the helper expects an additional user_key parameter,
which is then returned in the reply. Both of these appear to break the
current protocol.

=== modified file 'helpers/external_acl/session/ext_session_acl.cc'
--- helpers/external_acl/session/ext_session_acl.cc	2010-07-29 14:23:35 +0000
+++ helpers/external_acl/session/ext_session_acl.cc	2011-09-18 17:01:29 +0000
@@ -150,8 +150,7 @@
 
     while (fgets(request, HELPER_INPUT_BUFFER, stdin)) {
         int action = 0;
-        const char *user_key = strtok(request, " \n");
-        const char *detail = strtok(NULL, "\n");
+        const char *detail = strtok(request, " \n");
         const char *lastdetail = strrchr(detail, ' ');
         size_t detail_len = strlen(detail);
         if (lastdetail) {
@@ -165,18 +164,18 @@
         }
         if (action == -1) {
             session_logout(detail, detail_len);
-            printf("%s OK message=\"Bye\"\n", user_key);
+            printf("OK message=\"Bye\"\n");
         } else if (action == 1) {
             session_login(detail, detail_len);
-            printf("%s OK message=\"Welcome\"\n", user_key);
+            printf("OK message=\"Welcome\"\n");
         } else if (session_active(detail, detail_len)) {
             session_login(detail, detail_len);
-            printf("%s OK\n", user_key);
+            printf("OK\n");
         } else if (default_action == 1) {
             session_login(detail, detail_len);
-            printf("%s ERR message=\"Welcome\"\n", user_key);
+            printf("ERR message=\"Welcome\"\n");
         } else {
-            printf("%s ERR message=\"No session available\"\n", user_key);
+            printf("ERR message=\"No session available\"\n");
         }
     }
     shutdown_db();

Reply via email to