[thirdparty/squid.git] / src / acl / DestinationDomain.cc

/*
 * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/* DEBUG: section 28    Access Control */

#include "squid.h"
#include "acl/Checklist.h"
#include "acl/DestinationDomain.h"
#include "acl/DomainData.h"
#include "acl/RegexData.h"
#include "fqdncache.h"
#include "HttpRequest.h"

DestinationDomainLookup DestinationDomainLookup::instance_;

DestinationDomainLookup *
DestinationDomainLookup::Instance()
{
    return &instance_;
}

void
DestinationDomainLookup::checkForAsync(ACLChecklist *cl) const
{
    ACLFilledChecklist *checklist = Filled(cl);
    fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist);
}

void
DestinationDomainLookup::LookupDone(const char *, const Dns::LookupDetails &details, void *data)
{
    ACLFilledChecklist *checklist = Filled((ACLChecklist*)data);
    checklist->markDestinationDomainChecked();
    checklist->request->recordLookup(details);
    checklist->resumeNonBlockingCheck(DestinationDomainLookup::Instance());
}

/* ACLDestinationDomainStrategy */

const Acl::Options &
ACLDestinationDomainStrategy::options()
{
    static const Acl::BooleanOption LookupBanFlag;
    static const Acl::Options MyOptions = { { "-n", &LookupBanFlag } };
    LookupBanFlag.linkWith(&lookupBanned);
    return MyOptions;
}

int
ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
    assert(checklist != NULL && checklist->request != NULL);

    if (data->match(checklist->request->url.host())) {
        return 1;
    }

    if (lookupBanned) {
        debugs(28, 3, "No-lookup DNS ACL '" << AclMatchedName << "' for " << checklist->request->url.host());
        return 0;
    }

    /* numeric IPA? no, trust the above result. */
    if (!checklist->request->url.hostIsNumeric()) {
        return 0;
    }

    /* do we already have the rDNS? match on it if we do. */
    if (checklist->dst_rdns) {
        debugs(28, 3, "'" << AclMatchedName << "' match with stored rDNS '" << checklist->dst_rdns << "' for " << checklist->request->url.host());
        return data->match(checklist->dst_rdns);
    }

    /* raw IP without rDNS? look it up and wait for the result */
    if (!checklist->dst_addr.fromHost(checklist->request->url.host())) {
        /* not a valid IPA */
        checklist->dst_rdns = xstrdup("invalid");
        return 0;
    }

    const char *fqdn = fqdncache_gethostbyaddr(checklist->dst_addr, FQDN_LOOKUP_IF_MISS);

    if (fqdn) {
        checklist->dst_rdns = xstrdup(fqdn);
        return data->match(fqdn);
    } else if (!checklist->destinationDomainChecked()) {
        /* FIXME: Using AclMatchedName here is not OO correct. Should find a way to the current acl */
        debugs(28, 3, "Can't yet compare '" << AclMatchedName << "' ACL for " << checklist->request->url.host());
        if (checklist->goAsync(DestinationDomainLookup::Instance()))
            return -1;
        // else fall through to "none" match, hiding the lookup failure (XXX)
    }

    return data->match("none");
}
Commit	Line	Data
3841dd46	1	/*
5b74111a	2	* Copyright (C) 1996-2018 The Squid Software Foundation and contributors
3841dd46	3	*
bbc27441 AJ	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
3841dd46	7	*/
3841dd46	8
bbc27441 AJ	9	/* DEBUG: section 28 Access Control */
bbc27441 AJ	10
582c2af2	11	#include "squid.h"
c0941a6a	12	#include "acl/Checklist.h"
602d9612	13	#include "acl/DestinationDomain.h"
c0941a6a	14	#include "acl/DomainData.h"
602d9612	15	#include "acl/RegexData.h"
95e6d864	16	#include "fqdncache.h"
a2ac85d9	17	#include "HttpRequest.h"
3841dd46	18
7660b45d	19	DestinationDomainLookup DestinationDomainLookup::instance_;
62e76326	20
7660b45d	21	DestinationDomainLookup *
7660b45d	22	DestinationDomainLookup::Instance()
3841dd46	23	{
7660b45d	24	return &instance_;
3841dd46	25	}
3841dd46	26
7660b45d	27	void
c0941a6a	28	DestinationDomainLookup::checkForAsync(ACLChecklist *cl) const
3841dd46	29	{
af6a12ee	30	ACLFilledChecklist *checklist = Filled(cl);
c52f2002	31	fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist);
3841dd46	32	}
	33
	34	void
4a3b98d7	35	DestinationDomainLookup::LookupDone(const char , const Dns::LookupDetails &details, void data)
3841dd46	36	{
3ff65596	37	ACLFilledChecklist checklist = Filled((ACLChecklist)data);
3ff65596 AR	38	checklist->markDestinationDomainChecked();
3ff65596 AR	39	checklist->request->recordLookup(details);
6f58d7d7	40	checklist->resumeNonBlockingCheck(DestinationDomainLookup::Instance());
3841dd46	41	}
3841dd46	42
4eac3407 CT	43	/* ACLDestinationDomainStrategy */
	44
	45	const Acl::Options &
	46	ACLDestinationDomainStrategy::options()
	47	{
	48	static const Acl::BooleanOption LookupBanFlag;
	49	static const Acl::Options MyOptions = { { "-n", &LookupBanFlag } };
	50	LookupBanFlag.linkWith(&lookupBanned);
	51	return MyOptions;
	52	}
	53
3841dd46	54	int
4eac3407	55	ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
3841dd46	56	{
58efcdd0	57	assert(checklist != NULL && checklist->request != NULL);
58efcdd0	58
5c51bffb	59	if (data->match(checklist->request->url.host())) {
7660b45d	60	return 1;
12ef783b AJ	61	}
12ef783b AJ	62
4eac3407	63	if (lookupBanned) {
5c51bffb	64	debugs(28, 3, "No-lookup DNS ACL '" << AclMatchedName << "' for " << checklist->request->url.host());
33810b1d CT	65	return 0;
	66	}
	67
12ef783b	68	/* numeric IPA? no, trust the above result. */
5c51bffb	69	if (!checklist->request->url.hostIsNumeric()) {
12ef783b AJ	70	return 0;
	71	}
	72
	73	/* do we already have the rDNS? match on it if we do. */
	74	if (checklist->dst_rdns) {
5c51bffb	75	debugs(28, 3, "'" << AclMatchedName << "' match with stored rDNS '" << checklist->dst_rdns << "' for " << checklist->request->url.host());
12ef783b AJ	76	return data->match(checklist->dst_rdns);
12ef783b AJ	77	}
7660b45d	78
12ef783b	79	/* raw IP without rDNS? look it up and wait for the result */
fd9c47d1	80	if (!checklist->dst_addr.fromHost(checklist->request->url.host())) {
12ef783b AJ	81	/* not a valid IPA */
12ef783b AJ	82	checklist->dst_rdns = xstrdup("invalid");
7660b45d	83	return 0;
12ef783b	84	}
62e76326	85
12ef783b	86	const char *fqdn = fqdncache_gethostbyaddr(checklist->dst_addr, FQDN_LOOKUP_IF_MISS);
62e76326	87
7660b45d	88	if (fqdn) {
12ef783b	89	checklist->dst_rdns = xstrdup(fqdn);
62e76326	90	return data->match(fqdn);
7660b45d	91	} else if (!checklist->destinationDomainChecked()) {
7660b45d	92	/* FIXME: Using AclMatchedName here is not OO correct. Should find a way to the current acl */
5c51bffb	93	debugs(28, 3, "Can't yet compare '" << AclMatchedName << "' ACL for " << checklist->request->url.host());
6f58d7d7 AR	94	if (checklist->goAsync(DestinationDomainLookup::Instance()))
	95	return -1;
	96	// else fall through to "none" match, hiding the lookup failure (XXX)
3841dd46	97	}
62e76326	98
3841dd46	99	return data->match("none");
	100	}
	101