src/acl/DestinationDomain.cc

   1 /*
   2  * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /* DEBUG: section 28    Access Control */
  10
  11 #include "squid.h"
  12 #include "acl/Checklist.h"
  13 #include "acl/DestinationDomain.h"
  14 #include "acl/DomainData.h"
  15 #include "acl/RegexData.h"
  16 #include "fqdncache.h"
  17 #include "HttpRequest.h"
  18
  19 DestinationDomainLookup DestinationDomainLookup::instance_;
  20
  21 DestinationDomainLookup *
  22 DestinationDomainLookup::Instance()
  23 {
  24     return &instance_;
  25 }
  26
  27 void
  28 DestinationDomainLookup::checkForAsync(ACLChecklist *cl) const
  29 {
  30     ACLFilledChecklist *checklist = Filled(cl);
  31     fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist);
  32 }
  33
  34 void
  35 DestinationDomainLookup::LookupDone(const char *, const Dns::LookupDetails &details, void *data)
  36 {
  37     ACLFilledChecklist *checklist = Filled((ACLChecklist*)data);
  38     checklist->markDestinationDomainChecked();
  39     checklist->request->recordLookup(details);
  40     checklist->resumeNonBlockingCheck(DestinationDomainLookup::Instance());
  41 }
  42
  43 /* ACLDestinationDomainStrategy */
  44
  45 const Acl::Options &
  46 ACLDestinationDomainStrategy::options()
  47 {
  48     static const Acl::BooleanOption LookupBanFlag;
  49     static const Acl::Options MyOptions = { { "-n", &LookupBanFlag } };
  50     LookupBanFlag.linkWith(&lookupBanned);
  51     return MyOptions;
  52 }
  53
  54 int
  55 ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
  56 {
  57     assert(checklist != NULL && checklist->request != NULL);
  58
  59     if (data->match(checklist->request->url.host())) {
  60         return 1;
  61     }
  62
  63     if (lookupBanned) {
  64         debugs(28, 3, "No-lookup DNS ACL '" << AclMatchedName << "' for " << checklist->request->url.host());
  65         return 0;
  66     }
  67
  68     /* numeric IPA? no, trust the above result. */
  69     if (!checklist->request->url.hostIsNumeric()) {
  70         return 0;
  71     }
  72
  73     /* do we already have the rDNS? match on it if we do. */
  74     if (checklist->dst_rdns) {
  75         debugs(28, 3, "'" << AclMatchedName << "' match with stored rDNS '" << checklist->dst_rdns << "' for " << checklist->request->url.host());
  76         return data->match(checklist->dst_rdns);
  77     }
  78
  79     /* raw IP without rDNS? look it up and wait for the result */
  80     if (!checklist->dst_addr.fromHost(checklist->request->url.host())) {
  81         /* not a valid IPA */
  82         checklist->dst_rdns = xstrdup("invalid");
  83         return 0;
  84     }
  85
  86     const char *fqdn = fqdncache_gethostbyaddr(checklist->dst_addr, FQDN_LOOKUP_IF_MISS);
  87
  88     if (fqdn) {
  89         checklist->dst_rdns = xstrdup(fqdn);
  90         return data->match(fqdn);
  91     } else if (!checklist->destinationDomainChecked()) {
  92         /* FIXME: Using AclMatchedName here is not OO correct. Should find a way to the current acl */
  93         debugs(28, 3, "Can't yet compare '" << AclMatchedName << "' ACL for " << checklist->request->url.host());
  94         if (checklist->goAsync(DestinationDomainLookup::Instance()))
  95             return -1;
  96         // else fall through to "none" match, hiding the lookup failure (XXX)
  97     }
  98
  99     return data->match("none");
 100 }
 101