[thirdparty/squid.git] / src / acl / DestinationDomain.cc

/*
 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/* DEBUG: section 28    Access Control */

#include "squid.h"
#include "acl/Checklist.h"
#include "acl/DestinationDomain.h"
#include "acl/DomainData.h"
#include "acl/RegexData.h"
#include "fqdncache.h"
#include "HttpRequest.h"
#include "ipcache.h"

DestinationDomainLookup DestinationDomainLookup::instance_;

DestinationDomainLookup *
DestinationDomainLookup::Instance()
{
    return &instance_;
}

void
DestinationDomainLookup::checkForAsync(ACLChecklist *cl) const
{
    ACLFilledChecklist *checklist = Filled(cl);
    fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist);
}

void
DestinationDomainLookup::LookupDone(const char *, const Dns::LookupDetails &details, void *data)
{
    ACLFilledChecklist *checklist = Filled((ACLChecklist*)data);
    checklist->markDestinationDomainChecked();
    checklist->request->recordLookup(details);
    checklist->resumeNonBlockingCheck(DestinationDomainLookup::Instance());
}

int
ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &flags)
{
    assert(checklist != NULL && checklist->request != NULL);

    if (data->match(checklist->request->url.host())) {
        return 1;
    }

    if (flags.isSet(ACL_F_NO_LOOKUP)) {
        debugs(28, 3, "No-lookup DNS ACL '" << AclMatchedName << "' for " << checklist->request->url.host());
        return 0;
    }

    /* numeric IPA? no, trust the above result. */
    if (!checklist->request->url.hostIsNumeric()) {
        return 0;
    }

    /* do we already have the rDNS? match on it if we do. */
    if (checklist->dst_rdns) {
        debugs(28, 3, "'" << AclMatchedName << "' match with stored rDNS '" << checklist->dst_rdns << "' for " << checklist->request->url.host());
        return data->match(checklist->dst_rdns);
    }

    /* raw IP without rDNS? look it up and wait for the result */
    const ipcache_addrs *ia = ipcacheCheckNumeric(checklist->request->url.host());
    if (!ia) {
        /* not a valid IPA */
        checklist->dst_rdns = xstrdup("invalid");
        return 0;
    }

    checklist->dst_addr = ia->in_addrs[0];
    const char *fqdn = fqdncache_gethostbyaddr(checklist->dst_addr, FQDN_LOOKUP_IF_MISS);

    if (fqdn) {
        checklist->dst_rdns = xstrdup(fqdn);
        return data->match(fqdn);
    } else if (!checklist->destinationDomainChecked()) {
        /* FIXME: Using AclMatchedName here is not OO correct. Should find a way to the current acl */
        debugs(28, 3, "Can't yet compare '" << AclMatchedName << "' ACL for " << checklist->request->url.host());
        if (checklist->goAsync(DestinationDomainLookup::Instance()))
            return -1;
        // else fall through to "none" match, hiding the lookup failure (XXX)
    }

    return data->match("none");
}

ACLDestinationDomainStrategy *
ACLDestinationDomainStrategy::Instance()
{
    return &Instance_;
}

ACLDestinationDomainStrategy ACLDestinationDomainStrategy::Instance_;
Commit	Line	Data
3841dd46	1	/*
4ac4a490	2	* Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3841dd46	3	*
bbc27441 AJ	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
3841dd46	7	*/
3841dd46	8
bbc27441 AJ	9	/* DEBUG: section 28 Access Control */
bbc27441 AJ	10
582c2af2	11	#include "squid.h"
c0941a6a	12	#include "acl/Checklist.h"
602d9612	13	#include "acl/DestinationDomain.h"
c0941a6a	14	#include "acl/DomainData.h"
602d9612	15	#include "acl/RegexData.h"
95e6d864	16	#include "fqdncache.h"
a2ac85d9	17	#include "HttpRequest.h"
714e68b7	18	#include "ipcache.h"
3841dd46	19
7660b45d	20	DestinationDomainLookup DestinationDomainLookup::instance_;
62e76326	21
7660b45d	22	DestinationDomainLookup *
7660b45d	23	DestinationDomainLookup::Instance()
3841dd46	24	{
7660b45d	25	return &instance_;
3841dd46	26	}
3841dd46	27
7660b45d	28	void
c0941a6a	29	DestinationDomainLookup::checkForAsync(ACLChecklist *cl) const
3841dd46	30	{
af6a12ee	31	ACLFilledChecklist *checklist = Filled(cl);
c52f2002	32	fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist);
3841dd46	33	}
	34
	35	void
4a3b98d7	36	DestinationDomainLookup::LookupDone(const char , const Dns::LookupDetails &details, void data)
3841dd46	37	{
3ff65596	38	ACLFilledChecklist checklist = Filled((ACLChecklist)data);
3ff65596 AR	39	checklist->markDestinationDomainChecked();
3ff65596 AR	40	checklist->request->recordLookup(details);
6f58d7d7	41	checklist->resumeNonBlockingCheck(DestinationDomainLookup::Instance());
3841dd46	42	}
	43
	44	int
33810b1d	45	ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &flags)
3841dd46	46	{
58efcdd0	47	assert(checklist != NULL && checklist->request != NULL);
58efcdd0	48
5c51bffb	49	if (data->match(checklist->request->url.host())) {
7660b45d	50	return 1;
12ef783b AJ	51	}
12ef783b AJ	52
33810b1d	53	if (flags.isSet(ACL_F_NO_LOOKUP)) {
5c51bffb	54	debugs(28, 3, "No-lookup DNS ACL '" << AclMatchedName << "' for " << checklist->request->url.host());
33810b1d CT	55	return 0;
	56	}
	57
12ef783b	58	/* numeric IPA? no, trust the above result. */
5c51bffb	59	if (!checklist->request->url.hostIsNumeric()) {
12ef783b AJ	60	return 0;
	61	}
	62
	63	/* do we already have the rDNS? match on it if we do. */
	64	if (checklist->dst_rdns) {
5c51bffb	65	debugs(28, 3, "'" << AclMatchedName << "' match with stored rDNS '" << checklist->dst_rdns << "' for " << checklist->request->url.host());
12ef783b AJ	66	return data->match(checklist->dst_rdns);
12ef783b AJ	67	}
7660b45d	68
12ef783b	69	/* raw IP without rDNS? look it up and wait for the result */
5c51bffb	70	const ipcache_addrs *ia = ipcacheCheckNumeric(checklist->request->url.host());
12ef783b AJ	71	if (!ia) {
	72	/* not a valid IPA */
	73	checklist->dst_rdns = xstrdup("invalid");
7660b45d	74	return 0;
12ef783b	75	}
62e76326	76
1958d180	77	checklist->dst_addr = ia->in_addrs[0];
12ef783b	78	const char *fqdn = fqdncache_gethostbyaddr(checklist->dst_addr, FQDN_LOOKUP_IF_MISS);
62e76326	79
7660b45d	80	if (fqdn) {
12ef783b	81	checklist->dst_rdns = xstrdup(fqdn);
62e76326	82	return data->match(fqdn);
7660b45d	83	} else if (!checklist->destinationDomainChecked()) {
7660b45d	84	/* FIXME: Using AclMatchedName here is not OO correct. Should find a way to the current acl */
5c51bffb	85	debugs(28, 3, "Can't yet compare '" << AclMatchedName << "' ACL for " << checklist->request->url.host());
6f58d7d7 AR	86	if (checklist->goAsync(DestinationDomainLookup::Instance()))
	87	return -1;
	88	// else fall through to "none" match, hiding the lookup failure (XXX)
3841dd46	89	}
62e76326	90
3841dd46	91	return data->match("none");
	92	}
	93
7660b45d	94	ACLDestinationDomainStrategy *
7660b45d	95	ACLDestinationDomainStrategy::Instance()
3841dd46	96	{
7660b45d	97	return &Instance_;
3841dd46	98	}
3841dd46	99
7660b45d	100	ACLDestinationDomainStrategy ACLDestinationDomainStrategy::Instance_;
f53969cc	101