]> git.ipfire.org Git - thirdparty/squid.git/blob - src/HttpRequest.cc
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
NoNewGlobals for MapLabel (#1746)
[thirdparty/squid.git] / src / HttpRequest.cc
1 /*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9 /* DEBUG: section 73 HTTP Request */
10
11 #include "squid.h"
12 #include "AccessLogEntry.h"
13 #include "acl/AclSizeLimit.h"
14 #include "acl/FilledChecklist.h"
15 #include "CachePeer.h"
16 #include "client_side.h"
17 #include "client_side_request.h"
18 #include "dns/LookupDetails.h"
19 #include "Downloader.h"
20 #include "error/Detail.h"
21 #include "globals.h"
22 #include "http.h"
23 #include "http/ContentLengthInterpreter.h"
24 #include "http/one/RequestParser.h"
25 #include "http/Stream.h"
26 #include "HttpHdrCc.h"
27 #include "HttpHeaderRange.h"
28 #include "HttpRequest.h"
29 #include "log/Config.h"
30 #include "MemBuf.h"
31 #include "sbuf/StringConvert.h"
32 #include "SquidConfig.h"
33 #include "Store.h"
34
35 #if USE_AUTH
36 #include "auth/UserRequest.h"
37 #endif
38 #if ICAP_CLIENT
39 #include "adaptation/icap/icap_log.h"
40 #endif
41
42 HttpRequest::HttpRequest(const MasterXaction::Pointer &mx) :
43 Http::Message(hoRequest),
44 masterXaction(mx)
45 {
46 assert(mx);
47 init();
48 }
49
50 HttpRequest::HttpRequest(const HttpRequestMethod& aMethod, AnyP::ProtocolType aProtocol, const char *aSchemeImg, const char *aUrlpath, const MasterXaction::Pointer &mx) :
51 Http::Message(hoRequest),
52 masterXaction(mx)
53 {
54 assert(mx);
55 static unsigned int id = 1;
56 debugs(93,7, "constructed, this=" << this << " id=" << ++id);
57 init();
58 initHTTP(aMethod, aProtocol, aSchemeImg, aUrlpath);
59 }
60
61 HttpRequest::~HttpRequest()
62 {
63 clean();
64 debugs(93,7, "destructed, this=" << this);
65 }
66
67 void
68 HttpRequest::initHTTP(const HttpRequestMethod& aMethod, AnyP::ProtocolType aProtocol, const char *aSchemeImg, const char *aUrlpath)
69 {
70 method = aMethod;
71 url.setScheme(aProtocol, aSchemeImg);
72 url.path(aUrlpath);
73 }
74
75 void
76 HttpRequest::init()
77 {
78 method = Http::METHOD_NONE;
79 url.clear();
80 #if USE_AUTH
81 auth_user_request = nullptr;
82 #endif
83 flags = RequestFlags();
84 range = nullptr;
85 ims = -1;
86 imslen = 0;
87 lastmod = -1;
88 client_addr.setEmpty();
89 my_addr.setEmpty();
90 body_pipe = nullptr;
91 // hier
92 dnsWait = -1;
93 error.clear();
94 peer_login = nullptr; // not allocated/deallocated by this class
95 peer_domain = nullptr; // not allocated/deallocated by this class
96 peer_host = nullptr;
97 vary_headers = SBuf();
98 myportname = null_string;
99 tag = null_string;
100 #if USE_AUTH
101 extacl_user = null_string;
102 extacl_passwd = null_string;
103 #endif
104 extacl_log = null_string;
105 extacl_message = null_string;
106 pstate = Http::Message::psReadyToParseStartLine;
107 #if FOLLOW_X_FORWARDED_FOR
108 indirect_client_addr.setEmpty();
109 #endif /* FOLLOW_X_FORWARDED_FOR */
110 #if USE_ADAPTATION
111 adaptHistory_ = nullptr;
112 #endif
113 #if ICAP_CLIENT
114 icapHistory_ = nullptr;
115 #endif
116 rangeOffsetLimit = -2; //a value of -2 means not checked yet
117 forcedBodyContinuation = false;
118 }
119
120 void
121 HttpRequest::clean()
122 {
123 // we used to assert that the pipe is NULL, but now the request only
124 // points to a pipe that is owned and initiated by another object.
125 body_pipe = nullptr;
126 #if USE_AUTH
127 auth_user_request = nullptr;
128 #endif
129 vary_headers.clear();
130 url.clear();
131
132 header.clean();
133
134 if (cache_control) {
135 delete cache_control;
136 cache_control = nullptr;
137 }
138
139 if (range) {
140 delete range;
141 range = nullptr;
142 }
143
144 myportname.clean();
145
146 theNotes = nullptr;
147
148 tag.clean();
149 #if USE_AUTH
150 extacl_user.clean();
151 extacl_passwd.clean();
152 #endif
153 extacl_log.clean();
154
155 extacl_message.clean();
156
157 etag.clean();
158
159 #if USE_ADAPTATION
160 adaptHistory_ = nullptr;
161 #endif
162 #if ICAP_CLIENT
163 icapHistory_ = nullptr;
164 #endif
165 }
166
167 void
168 HttpRequest::reset()
169 {
170 clean();
171 init();
172 }
173
174 HttpRequest *
175 HttpRequest::clone() const
176 {
177 HttpRequest *copy = new HttpRequest(masterXaction);
178 copy->method = method;
179 // TODO: move common cloning clone to Msg::copyTo() or copy ctor
180 copy->header.append(&header);
181 copy->hdrCacheInit();
182 copy->hdr_sz = hdr_sz;
183 copy->http_ver = http_ver;
184 copy->pstate = pstate; // TODO: should we assert a specific state here?
185 copy->body_pipe = body_pipe;
186
187 copy->url = url;
188
189 // range handled in hdrCacheInit()
190 copy->ims = ims;
191 copy->imslen = imslen;
192 copy->hier = hier; // Is it safe to copy? Should we?
193
194 copy->error = error;
195
196 // XXX: what to do with copy->peer_login?
197
198 copy->lastmod = lastmod;
199 copy->etag = etag;
200 copy->vary_headers = vary_headers;
201 // XXX: what to do with copy->peer_domain?
202
203 copy->tag = tag;
204 copy->extacl_log = extacl_log;
205 copy->extacl_message = extacl_message;
206
207 const bool inheritWorked = copy->inheritProperties(this);
208 assert(inheritWorked);
209
210 return copy;
211 }
212
213 bool
214 HttpRequest::inheritProperties(const Http::Message *aMsg)
215 {
216 const HttpRequest* aReq = dynamic_cast<const HttpRequest*>(aMsg);
217 if (!aReq)
218 return false;
219
220 client_addr = aReq->client_addr;
221 #if FOLLOW_X_FORWARDED_FOR
222 indirect_client_addr = aReq->indirect_client_addr;
223 #endif
224 my_addr = aReq->my_addr;
225
226 dnsWait = aReq->dnsWait;
227
228 #if USE_ADAPTATION
229 adaptHistory_ = aReq->adaptHistory();
230 #endif
231 #if ICAP_CLIENT
232 icapHistory_ = aReq->icapHistory();
233 #endif
234
235 // This may be too conservative for the 204 No Content case
236 // may eventually need cloneNullAdaptationImmune() for that.
237 flags = aReq->flags.cloneAdaptationImmune();
238
239 error = aReq->error;
240 #if USE_AUTH
241 auth_user_request = aReq->auth_user_request;
242 extacl_user = aReq->extacl_user;
243 extacl_passwd = aReq->extacl_passwd;
244 #endif
245
246 myportname = aReq->myportname;
247
248 forcedBodyContinuation = aReq->forcedBodyContinuation;
249
250 // main property is which connection the request was received on (if any)
251 clientConnectionManager = aReq->clientConnectionManager;
252
253 downloader = aReq->downloader;
254
255 theNotes = aReq->theNotes;
256
257 sources = aReq->sources;
258 return true;
259 }
260
261 /**
262 * Checks the first line of an HTTP request is valid
263 * currently just checks the request method is present.
264 *
265 * NP: Other errors are left for detection later in the parse.
266 */
267 bool
268 HttpRequest::sanityCheckStartLine(const char *buf, const size_t hdr_len, Http::StatusCode *scode)
269 {
270 // content is long enough to possibly hold a reply
271 // 2 being magic size of a 1-byte request method plus space delimiter
272 if (hdr_len < 2) {
273 // this is only a real error if the headers apparently complete.
274 if (hdr_len > 0) {
275 debugs(58, 3, "Too large request header (" << hdr_len << " bytes)");
276 *scode = Http::scInvalidHeader;
277 }
278 return false;
279 }
280
281 /* See if the request buffer starts with a non-whitespace HTTP request 'method'. */
282 HttpRequestMethod m;
283 m.HttpRequestMethodXXX(buf);
284 if (m == Http::METHOD_NONE) {
285 debugs(73, 3, "HttpRequest::sanityCheckStartLine: did not find HTTP request method");
286 *scode = Http::scInvalidHeader;
287 return false;
288 }
289
290 return true;
291 }
292
293 bool
294 HttpRequest::parseFirstLine(const char *start, const char *end)
295 {
296 method.HttpRequestMethodXXX(start);
297
298 if (method == Http::METHOD_NONE)
299 return false;
300
301 // XXX: performance regression, strcspn() over the method bytes a second time.
302 // cheaper than allocate+copy+deallocate cycle to SBuf convert a piece of start.
303 const char *t = start + strcspn(start, w_space);
304
305 start = t + strspn(t, w_space); // skip w_space after method
306
307 const char *ver = findTrailingHTTPVersion(start, end);
308
309 if (ver) {
310 end = ver - 1;
311
312 while (xisspace(*end)) // find prev non-space
313 --end;
314
315 ++end; // back to space
316
317 if (2 != sscanf(ver + 5, "%d.%d", &http_ver.major, &http_ver.minor)) {
318 debugs(73, DBG_IMPORTANT, "ERROR: parseRequestLine: Invalid HTTP identifier.");
319 return false;
320 }
321 } else {
322 http_ver.major = 0;
323 http_ver.minor = 9;
324 }
325
326 if (end < start) // missing URI
327 return false;
328
329 return url.parse(method, SBuf(start, size_t(end-start)));
330 }
331
332 /* swaps out request using httpRequestPack */
333 void
334 HttpRequest::swapOut(StoreEntry * e)
335 {
336 assert(e);
337 e->buffer();
338 pack(e);
339 e->flush();
340 }
341
342 /* packs request-line and headers, appends <crlf> terminator */
343 void
344 HttpRequest::pack(Packable * p) const
345 {
346 assert(p);
347 /* pack request-line */
348 p->appendf(SQUIDSBUFPH " " SQUIDSBUFPH " HTTP/%d.%d\r\n",
349 SQUIDSBUFPRINT(method.image()), SQUIDSBUFPRINT(url.path()),
350 http_ver.major, http_ver.minor);
351 /* headers */
352 header.packInto(p);
353 /* trailer */
354 p->append("\r\n", 2);
355 }
356
357 /*
358 * A wrapper for debugObj()
359 */
360 void
361 httpRequestPack(void *obj, Packable *p)
362 {
363 HttpRequest *request = static_cast<HttpRequest*>(obj);
364 request->pack(p);
365 }
366
367 /* returns the length of request line + headers + crlf */
368 int
369 HttpRequest::prefixLen() const
370 {
371 return method.image().length() + 1 +
372 url.path().length() + 1 +
373 4 + 1 + 3 + 2 +
374 header.len + 2;
375 }
376
377 /* sync this routine when you update HttpRequest struct */
378 void
379 HttpRequest::hdrCacheInit()
380 {
381 Http::Message::hdrCacheInit();
382
383 assert(!range);
384 range = header.getRange();
385 }
386
387 #if ICAP_CLIENT
388 Adaptation::Icap::History::Pointer
389 HttpRequest::icapHistory() const
390 {
391 if (!icapHistory_) {
392 if (Log::TheConfig.hasIcapToken || IcapLogfileStatus == LOG_ENABLE) {
393 icapHistory_ = new Adaptation::Icap::History();
394 debugs(93,4, "made " << icapHistory_ << " for " << this);
395 }
396 }
397
398 return icapHistory_;
399 }
400 #endif
401
402 #if USE_ADAPTATION
403 Adaptation::History::Pointer
404 HttpRequest::adaptHistory(bool createIfNone) const
405 {
406 if (!adaptHistory_ && createIfNone) {
407 adaptHistory_ = new Adaptation::History();
408 debugs(93,4, "made " << adaptHistory_ << " for " << this);
409 }
410
411 return adaptHistory_;
412 }
413
414 Adaptation::History::Pointer
415 HttpRequest::adaptLogHistory() const
416 {
417 return HttpRequest::adaptHistory(Log::TheConfig.hasAdaptToken);
418 }
419
420 void
421 HttpRequest::adaptHistoryImport(const HttpRequest &them)
422 {
423 if (!adaptHistory_) {
424 adaptHistory_ = them.adaptHistory_; // may be nil
425 } else {
426 // check that histories did not diverge
427 Must(!them.adaptHistory_ || them.adaptHistory_ == adaptHistory_);
428 }
429 }
430
431 #endif
432
433 bool
434 HttpRequest::multipartRangeRequest() const
435 {
436 return (range && range->specs.size() > 1);
437 }
438
439 bool
440 HttpRequest::bodyNibbled() const
441 {
442 return body_pipe != nullptr && body_pipe->consumedSize() > 0;
443 }
444
445 void
446 HttpRequest::prepForPeering(const CachePeer &peer)
447 {
448 // XXX: Saving two pointers to memory controlled by an independent object.
449 peer_login = peer.login;
450 peer_domain = peer.domain;
451 flags.auth_no_keytab = peer.options.auth_no_keytab;
452 debugs(11, 4, this << " to " << peer);
453 }
454
455 void
456 HttpRequest::prepForDirect()
457 {
458 peer_login = nullptr;
459 peer_domain = nullptr;
460 flags.auth_no_keytab = false;
461 debugs(11, 4, this);
462 }
463
464 void
465 HttpRequest::clearError()
466 {
467 debugs(11, 7, "old: " << error);
468 error.clear();
469 }
470
471 void
472 HttpRequest::packFirstLineInto(Packable * p, bool full_uri) const
473 {
474 const SBuf tmp(full_uri ? effectiveRequestUri() : url.path());
475
476 // form HTTP request-line
477 p->appendf(SQUIDSBUFPH " " SQUIDSBUFPH " HTTP/%d.%d\r\n",
478 SQUIDSBUFPRINT(method.image()),
479 SQUIDSBUFPRINT(tmp),
480 http_ver.major, http_ver.minor);
481 }
482
483 /*
484 * Indicate whether or not we would expect an entity-body
485 * along with this request
486 */
487 bool
488 HttpRequest::expectingBody(const HttpRequestMethod &, int64_t &theSize) const
489 {
490 bool expectBody = false;
491
492 /*
493 * Note: Checks for message validity is in clientIsContentLengthValid().
494 * this just checks if a entity-body is expected based on HTTP message syntax
495 */
496 if (header.chunked()) {
497 expectBody = true;
498 theSize = -1;
499 } else if (content_length >= 0) {
500 expectBody = true;
501 theSize = content_length;
502 } else {
503 expectBody = false;
504 // theSize undefined
505 }
506
507 return expectBody;
508 }
509
510 /*
511 * Create a Request from a URL and METHOD.
512 *
513 * If the METHOD is CONNECT, then a host:port pair is looked for instead of a URL.
514 * If the request cannot be created cleanly, NULL is returned
515 */
516 HttpRequest *
517 HttpRequest::FromUrl(const SBuf &url, const MasterXaction::Pointer &mx, const HttpRequestMethod& method)
518 {
519 std::unique_ptr<HttpRequest> req(new HttpRequest(mx));
520 if (req->url.parse(method, url)) {
521 req->method = method;
522 return req.release();
523 }
524 return nullptr;
525 }
526
527 HttpRequest *
528 HttpRequest::FromUrlXXX(const char * url, const MasterXaction::Pointer &mx, const HttpRequestMethod& method)
529 {
530 return FromUrl(SBuf(url), mx, method);
531 }
532
533 /**
534 * Are responses to this request possible cacheable ?
535 * If false then no matter what the response must not be cached.
536 */
537 bool
538 HttpRequest::maybeCacheable()
539 {
540 // Intercepted request with Host: header which cannot be trusted.
541 // Because it failed verification, or someone bypassed the security tests
542 // we cannot cache the response for sharing between clients.
543 // TODO: update cache to store for particular clients only (going to same Host: and destination IP)
544 if (!flags.hostVerified && (flags.intercepted || flags.interceptTproxy))
545 return false;
546
547 switch (url.getScheme()) {
548 case AnyP::PROTO_HTTP:
549 case AnyP::PROTO_HTTPS:
550 if (!method.respMaybeCacheable())
551 return false;
552
553 // RFC 9111 section 5.2.1.5:
554 // "The no-store request directive indicates that a cache MUST NOT
555 // store any part of either this request or any response to it."
556 //
557 // NP: refresh_pattern ignore-no-store only applies to response messages
558 // this test is handling request message CC header.
559 if (!flags.ignoreCc && cache_control && cache_control->hasNoStore())
560 return false;
561 break;
562
563 //case AnyP::PROTO_FTP:
564 default:
565 break;
566 }
567
568 return true;
569 }
570
571 bool
572 HttpRequest::conditional() const
573 {
574 return flags.ims ||
575 header.has(Http::HdrType::IF_MATCH) ||
576 header.has(Http::HdrType::IF_NONE_MATCH);
577 }
578
579 void
580 HttpRequest::recordLookup(const Dns::LookupDetails &dns)
581 {
582 if (dns.wait >= 0) { // known delay
583 if (dnsWait >= 0) { // have recorded DNS wait before
584 debugs(78, 7, this << " " << dnsWait << " += " << dns);
585 dnsWait += dns.wait;
586 } else {
587 debugs(78, 7, this << " " << dns);
588 dnsWait = dns.wait;
589 }
590 }
591 }
592
593 int64_t
594 HttpRequest::getRangeOffsetLimit()
595 {
596 /* -2 is the starting value of rangeOffsetLimit.
597 * If it is -2, that means we haven't checked it yet.
598 * Otherwise, return the current value */
599 if (rangeOffsetLimit != -2)
600 return rangeOffsetLimit;
601
602 rangeOffsetLimit = 0; // default value for rangeOffsetLimit
603
604 ACLFilledChecklist ch(nullptr, this, nullptr);
605 ch.src_addr = client_addr;
606 ch.my_addr = my_addr;
607
608 for (AclSizeLimit *l = Config.rangeOffsetLimit; l; l = l -> next) {
609 /* if there is no ACL list or if the ACLs listed match use this limit value */
610 if (!l->aclList || ch.fastCheck(l->aclList).allowed()) {
611 rangeOffsetLimit = l->size; // may be -1
612 debugs(58, 4, rangeOffsetLimit);
613 break;
614 }
615 }
616
617 return rangeOffsetLimit;
618 }
619
620 void
621 HttpRequest::ignoreRange(const char *reason)
622 {
623 if (range) {
624 debugs(73, 3, static_cast<void*>(range) << " for " << reason);
625 delete range;
626 range = nullptr;
627 }
628 // Some callers also reset isRanged but it may not be safe for all callers:
629 // isRanged is used to determine whether a weak ETag comparison is allowed,
630 // and that check should not ignore the Range header if it was present.
631 // TODO: Some callers also delete HDR_RANGE, HDR_REQUEST_RANGE. Should we?
632 }
633
634 bool
635 HttpRequest::canHandle1xx() const
636 {
637 // old clients do not support 1xx unless they sent Expect: 100-continue
638 // (we reject all other Http::HdrType::EXPECT values so just check for Http::HdrType::EXPECT)
639 if (http_ver <= Http::ProtocolVersion(1,0) && !header.has(Http::HdrType::EXPECT))
640 return false;
641
642 // others must support 1xx control messages
643 return true;
644 }
645
646 Http::StatusCode
647 HttpRequest::checkEntityFraming() const
648 {
649 // RFC 7230 section 3.3.1:
650 // "
651 // A server that receives a request message with a transfer coding it
652 // does not understand SHOULD respond with 501 (Not Implemented).
653 // "
654 if (header.unsupportedTe())
655 return Http::scNotImplemented;
656
657 // RFC 7230 section 3.3.3 #3 paragraph 3:
658 // Transfer-Encoding overrides Content-Length
659 if (header.chunked())
660 return Http::scNone;
661
662 // RFC 7230 Section 3.3.3 #4:
663 // conflicting Content-Length(s) mean a message framing error
664 if (header.conflictingContentLength())
665 return Http::scBadRequest;
666
667 // HTTP/1.0 requirements differ from HTTP/1.1
668 if (http_ver <= Http::ProtocolVersion(1,0)) {
669 const auto m = method.id();
670
671 // RFC 1945 section 8.3:
672 // "
673 // A valid Content-Length is required on all HTTP/1.0 POST requests.
674 // "
675 // RFC 1945 Appendix D.1.1:
676 // "
677 // The fundamental difference between the POST and PUT requests is
678 // reflected in the different meaning of the Request-URI.
679 // "
680 if (m == Http::METHOD_POST || m == Http::METHOD_PUT)
681 return (content_length >= 0 ? Http::scNone : Http::scLengthRequired);
682
683 // RFC 1945 section 7.2:
684 // "
685 // An entity body is included with a request message only when the
686 // request method calls for one.
687 // "
688 // section 8.1-2: GET and HEAD do not define ('call for') an entity
689 if (m == Http::METHOD_GET || m == Http::METHOD_HEAD)
690 return (content_length < 0 ? Http::scNone : Http::scBadRequest);
691 // appendix D1.1.2-4: DELETE, LINK, UNLINK do not define ('call for') an entity
692 if (m == Http::METHOD_DELETE || m == Http::METHOD_LINK || m == Http::METHOD_UNLINK)
693 return (content_length < 0 ? Http::scNone : Http::scBadRequest);
694
695 // other methods are not defined in RFC 1945
696 // assume they support an (optional) entity
697 return Http::scNone;
698 }
699
700 // RFC 7230 section 3.3
701 // "
702 // The presence of a message body in a request is signaled by a
703 // Content-Length or Transfer-Encoding header field. Request message
704 // framing is independent of method semantics, even if the method does
705 // not define any use for a message body.
706 // "
707 return Http::scNone;
708 }
709
710 bool
711 HttpRequest::parseHeader(Http1::Parser &hp)
712 {
713 Http::ContentLengthInterpreter clen;
714 return Message::parseHeader(hp, clen);
715 }
716
717 bool
718 HttpRequest::parseHeader(const char *buffer, const size_t size)
719 {
720 Http::ContentLengthInterpreter clen;
721 return header.parse(buffer, size, clen);
722 }
723
724 ConnStateData *
725 HttpRequest::pinnedConnection()
726 {
727 if (clientConnectionManager.valid() && clientConnectionManager->pinning.pinned)
728 return clientConnectionManager.get();
729 return nullptr;
730 }
731
732 const SBuf
733 HttpRequest::storeId()
734 {
735 if (store_id.size() != 0) {
736 debugs(73, 3, "sent back store_id: " << store_id);
737 return StringToSBuf(store_id);
738 }
739 debugs(73, 3, "sent back effectiveRequestUrl: " << effectiveRequestUri());
740 return effectiveRequestUri();
741 }
742
743 const SBuf &
744 HttpRequest::effectiveRequestUri() const
745 {
746 if (method.id() == Http::METHOD_CONNECT || url.getScheme() == AnyP::PROTO_AUTHORITY_FORM)
747 return url.authority(true); // host:port
748 return url.absolute();
749 }
750
751 NotePairs::Pointer
752 HttpRequest::notes()
753 {
754 if (!theNotes)
755 theNotes = new NotePairs;
756 return theNotes;
757 }
758
759 void
760 UpdateRequestNotes(ConnStateData *csd, HttpRequest &request, NotePairs const &helperNotes)
761 {
762 // Tag client connection if the helper responded with clt_conn_tag=tag.
763 const char *cltTag = "clt_conn_tag";
764 if (const char *connTag = helperNotes.findFirst(cltTag)) {
765 if (csd) {
766 csd->notes()->remove(cltTag);
767 csd->notes()->add(cltTag, connTag);
768 }
769 }
770 request.notes()->replaceOrAdd(&helperNotes);
771 }
772
773 void
774 HttpRequest::manager(const CbcPointer<ConnStateData> &aMgr, const AccessLogEntryPointer &al)
775 {
776 clientConnectionManager = aMgr;
777
778 if (!clientConnectionManager.valid())
779 return;
780
781 AnyP::PortCfgPointer port = clientConnectionManager->port;
782 if (port) {
783 myportname = port->name;
784 flags.ignoreCc = port->ignore_cc;
785 }
786
787 if (auto clientConnection = clientConnectionManager->clientConnection) {
788 client_addr = clientConnection->remote; // XXX: remove request->client_addr member.
789 #if FOLLOW_X_FORWARDED_FOR
790 // indirect client gets stored here because it is an HTTP header result (from X-Forwarded-For:)
791 // not details about the TCP connection itself
792 indirect_client_addr = clientConnection->remote;
793 #endif /* FOLLOW_X_FORWARDED_FOR */
794 my_addr = clientConnection->local;
795
796 flags.intercepted = ((clientConnection->flags & COMM_INTERCEPTION) != 0);
797 flags.interceptTproxy = ((clientConnection->flags & COMM_TRANSPARENT) != 0 ) ;
798 const bool proxyProtocolPort = port ? port->flags.proxySurrogate : false;
799 if (flags.interceptTproxy && !proxyProtocolPort) {
800 if (Config.accessList.spoof_client_ip) {
801 ACLFilledChecklist *checklist = new ACLFilledChecklist(Config.accessList.spoof_client_ip, this, clientConnection->rfc931);
802 checklist->al = al;
803 checklist->syncAle(this, nullptr);
804 flags.spoofClientIp = checklist->fastCheck().allowed();
805 delete checklist;
806 } else
807 flags.spoofClientIp = true;
808 } else
809 flags.spoofClientIp = false;
810 }
811 }
812
813 char *
814 HttpRequest::canonicalCleanUrl() const
815 {
816 return urlCanonicalCleanWithoutRequest(effectiveRequestUri(), method, url.getScheme());
817 }
818
819 /// a helper for handling PortCfg cases of FindListeningPortAddress()
820 template <typename Filter>
821 static const Ip::Address *
822 FindGoodListeningPortAddressInPort(const AnyP::PortCfgPointer &port, const Filter isGood)
823 {
824 return (port && isGood(port->s)) ? &port->s : nullptr;
825 }
826
827 /// a helper for handling Connection cases of FindListeningPortAddress()
828 template <typename Filter>
829 static const Ip::Address *
830 FindGoodListeningPortAddressInConn(const Comm::ConnectionPointer &conn, const Filter isGood)
831 {
832 return (conn && isGood(conn->local)) ? &conn->local : nullptr;
833 }
834
835 template <typename Filter>
836 const Ip::Address *
837 FindGoodListeningPortAddress(const HttpRequest *callerRequest, const AccessLogEntry *ale, const Filter filter)
838 {
839 // Check all sources of usable listening port information, giving
840 // HttpRequest and masterXaction a preference over ALE.
841
842 const HttpRequest *request = callerRequest;
843 if (!request && ale)
844 request = ale->request;
845 if (!request)
846 return nullptr; // not enough information
847
848 auto ip = FindGoodListeningPortAddressInPort(request->masterXaction->squidPort, filter);
849 if (!ip && ale)
850 ip = FindGoodListeningPortAddressInPort(ale->cache.port, filter);
851
852 // XXX: also handle PROXY protocol here when we have a flag to identify such request
853 if (ip || request->flags.interceptTproxy || request->flags.intercepted)
854 return ip;
855
856 /* handle non-intercepted cases that were not handled above */
857 ip = FindGoodListeningPortAddressInConn(request->masterXaction->tcpClient, filter);
858 if (!ip && ale)
859 ip = FindGoodListeningPortAddressInConn(ale->tcpClient, filter);
860 return ip; // may still be nil
861 }
862
863 const Ip::Address *
864 FindListeningPortAddress(const HttpRequest *callerRequest, const AccessLogEntry *ale)
865 {
866 return FindGoodListeningPortAddress(callerRequest, ale, [](const Ip::Address &address) {
867 // FindListeningPortAddress() callers do not want INADDR_ANY addresses
868 return !address.isAnyAddr();
869 });
870 }
871
872 AnyP::Port
873 FindListeningPortNumber(const HttpRequest *callerRequest, const AccessLogEntry *ale)
874 {
875 const auto ip = FindGoodListeningPortAddress(callerRequest, ale, [](const Ip::Address &address) {
876 return address.port() > 0;
877 });
878
879 if (!ip)
880 return std::nullopt;
881
882 Assure(ip->port() > 0);
883 return ip->port();
884 }
Mirror of https://github.com/squid-cache/squid.git