]> git.ipfire.org Git - thirdparty/squid.git/blob - src/cache_manager.cc
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
NoNewGlobals for MapLabel (#1746)
[thirdparty/squid.git] / src / cache_manager.cc
1 /*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9 /* DEBUG: section 16 Cache Manager Objects */
10
11 #include "squid.h"
12 #include "AccessLogEntry.h"
13 #include "base/TextException.h"
14 #include "CacheManager.h"
15 #include "comm/Connection.h"
16 #include "debug/Stream.h"
17 #include "error/ExceptionErrorDetail.h"
18 #include "errorpage.h"
19 #include "fde.h"
20 #include "HttpHdrCc.h"
21 #include "HttpReply.h"
22 #include "HttpRequest.h"
23 #include "mgr/Action.h"
24 #include "mgr/ActionCreator.h"
25 #include "mgr/ActionPasswordList.h"
26 #include "mgr/ActionProfile.h"
27 #include "mgr/BasicActions.h"
28 #include "mgr/Command.h"
29 #include "mgr/Forwarder.h"
30 #include "mgr/FunAction.h"
31 #include "mgr/QueryParams.h"
32 #include "parser/Tokenizer.h"
33 #include "protos.h"
34 #include "sbuf/Stream.h"
35 #include "sbuf/StringConvert.h"
36 #include "SquidConfig.h"
37 #include "Store.h"
38 #include "tools.h"
39 #include "wordlist.h"
40
41 #include <algorithm>
42 #include <memory>
43
44 /// \ingroup CacheManagerInternal
45 #define MGR_PASSWD_SZ 128
46
47 /// creates Action using supplied Action::Create method and command
48 class ClassActionCreator: public Mgr::ActionCreator
49 {
50 public:
51 typedef Mgr::Action::Pointer Handler(const Mgr::Command::Pointer &cmd);
52
53 public:
54 ClassActionCreator(Handler *aHandler): handler(aHandler) {}
55
56 Mgr::Action::Pointer create(const Mgr::Command::Pointer &cmd) const override {
57 return handler(cmd);
58 }
59
60 private:
61 Handler *handler;
62 };
63
64 /// Registers new profiles, ignoring attempts to register a duplicate
65 void
66 CacheManager::registerProfile(const Mgr::ActionProfile::Pointer &profile)
67 {
68 Must(profile != nullptr);
69 if (!CacheManager::findAction(profile->name)) {
70 menu_.push_back(profile);
71 debugs(16, 3, "registered profile: " << *profile);
72 } else {
73 debugs(16, 2, "skipped duplicate profile: " << *profile);
74 }
75 }
76
77 /**
78 \ingroup CacheManagerAPI
79 * Registers a C-style action, which is implemented as a pointer to a function
80 * taking as argument a pointer to a StoreEntry and returning void.
81 * Implemented via CacheManagerActionLegacy.
82 */
83 void
84 CacheManager::registerProfile(char const * action, char const * desc, OBJH * handler, int pw_req_flag, int atomic)
85 {
86 debugs(16, 3, "registering legacy " << action);
87 const Mgr::ActionProfile::Pointer profile = new Mgr::ActionProfile(action,
88 desc, pw_req_flag, atomic, new Mgr::FunActionCreator(handler));
89 registerProfile(profile);
90 }
91
92 /**
93 * \ingroup CacheManagerAPI
94 * Registers a C++-style action, via a pointer to a subclass of
95 * a CacheManagerAction object, whose run() method will be invoked when
96 * CacheManager identifies that the user has requested the action.
97 */
98 void
99 CacheManager::registerProfile(char const * action, char const * desc,
100 ClassActionCreator::Handler *handler,
101 int pw_req_flag, int atomic)
102 {
103 const Mgr::ActionProfile::Pointer profile = new Mgr::ActionProfile(action,
104 desc, pw_req_flag, atomic, new ClassActionCreator(handler));
105 registerProfile(profile);
106 }
107
108 /**
109 \ingroup CacheManagerInternal
110 * Locates an action in the actions registry ActionsList.
111 \retval NULL if Action not found
112 \retval CacheManagerAction* if the action was found
113 */
114 Mgr::ActionProfile::Pointer
115 CacheManager::findAction(char const * action) const
116 {
117 Must(action != nullptr);
118 Menu::const_iterator a;
119
120 debugs(16, 5, "CacheManager::findAction: looking for action " << action);
121 for (a = menu_.begin(); a != menu_.end(); ++a) {
122 if (0 == strcmp((*a)->name, action)) {
123 debugs(16, 6, " found");
124 return *a;
125 }
126 }
127
128 debugs(16, 6, "Action not found.");
129 return Mgr::ActionProfilePointer();
130 }
131
132 Mgr::Action::Pointer
133 CacheManager::createNamedAction(const char *actionName)
134 {
135 Must(actionName);
136
137 Mgr::Command::Pointer cmd = new Mgr::Command;
138 cmd->profile = findAction(actionName);
139 cmd->params.actionName = actionName;
140
141 Must(cmd->profile != nullptr);
142 return cmd->profile->creator->create(cmd);
143 }
144
145 Mgr::Action::Pointer
146 CacheManager::createRequestedAction(const Mgr::ActionParams &params)
147 {
148 Mgr::Command::Pointer cmd = new Mgr::Command;
149 cmd->params = params;
150 cmd->profile = findAction(params.actionName.termedBuf());
151 Must(cmd->profile != nullptr);
152 return cmd->profile->creator->create(cmd);
153 }
154
155 const SBuf &
156 CacheManager::WellKnownUrlPathPrefix()
157 {
158 static const SBuf prefix("/squid-internal-mgr/");
159 return prefix;
160 }
161
162 /**
163 * Parses the action requested by the user and checks via
164 * CacheManager::ActionProtection() that the item is accessible by the user.
165 *
166 * Syntax:
167 *
168 * [ scheme "://" authority ] '/squid-internal-mgr' path-absolute [ "?" query ] [ "#" fragment ]
169 *
170 * see RFC 3986 for definitions of scheme, authority, path-absolute, query
171 *
172 * \returns Mgr::Command object with action to perform and parameters it might use
173 */
174 Mgr::Command::Pointer
175 CacheManager::ParseUrl(const AnyP::Uri &uri)
176 {
177 Parser::Tokenizer tok(uri.path());
178
179 Assure(tok.skip(WellKnownUrlPathPrefix()));
180
181 Mgr::Command::Pointer cmd = new Mgr::Command();
182 cmd->params.httpUri = SBufToString(uri.absolute());
183
184 static const auto fieldChars = CharacterSet("mgr-field", "?#").complement();
185
186 SBuf action;
187 if (!tok.prefix(action, fieldChars)) {
188 static const SBuf indexReport("index");
189 action = indexReport;
190 }
191 cmd->params.actionName = SBufToString(action);
192
193 const auto profile = findAction(action.c_str());
194 if (!profile)
195 throw TextException(ToSBuf("action '", action, "' not found"), Here());
196
197 const char *prot = ActionProtection(profile);
198 if (!strcmp(prot, "disabled") || !strcmp(prot, "hidden"))
199 throw TextException(ToSBuf("action '", action, "' is ", prot), Here());
200 cmd->profile = profile;
201
202 // TODO: fix when AnyP::Uri::parse() separates path?query#fragment
203 SBuf params;
204 if (tok.skip('?')) {
205 params = tok.remaining();
206 Mgr::QueryParams::Parse(tok, cmd->params.queryParams);
207 }
208
209 if (!tok.skip('#') && !tok.atEnd())
210 throw TextException("invalid characters in URL", Here());
211 // else ignore #fragment (if any)
212
213 debugs(16, 3, "MGR request: host=" << uri.host() << ", action=" << action << ", params=" << params);
214
215 return cmd;
216 }
217
218 /// \ingroup CacheManagerInternal
219 /*
220 \ingroup CacheManagerInternal
221 * Decodes the headers needed to perform user authentication and fills
222 * the details into the cachemgrStateData argument
223 */
224 void
225 CacheManager::ParseHeaders(const HttpRequest * request, Mgr::ActionParams &params)
226 {
227 assert(request);
228
229 params.httpMethod = request->method.id();
230 params.httpFlags = request->flags;
231
232 #if HAVE_AUTH_MODULE_BASIC
233 // TODO: use the authentication system decode to retrieve these details properly.
234
235 /* base 64 _decoded_ user:passwd pair */
236 const auto basic_cookie(request->header.getAuthToken(Http::HdrType::AUTHORIZATION, "Basic"));
237
238 if (basic_cookie.isEmpty())
239 return;
240
241 const auto colonPos = basic_cookie.find(':');
242 if (colonPos == SBuf::npos) {
243 debugs(16, DBG_IMPORTANT, "ERROR: CacheManager::ParseHeaders: unknown basic_cookie format '" << basic_cookie << "'");
244 return;
245 }
246
247 /* found user:password pair, reset old values */
248 params.userName = SBufToString(basic_cookie.substr(0, colonPos));
249 params.password = SBufToString(basic_cookie.substr(colonPos+1));
250
251 /* warning: this prints decoded password which maybe not be what you want to do @?@ @?@ */
252 debugs(16, 9, "CacheManager::ParseHeaders: got user: '" <<
253 params.userName << "' passwd: '" << params.password << "'");
254 #endif
255 }
256
257 /**
258 \ingroup CacheManagerInternal
259 *
260 \retval 0 if mgr->password is good or "none"
261 \retval 1 if mgr->password is "disable"
262 \retval !0 if mgr->password does not match configured password
263 */
264 int
265 CacheManager::CheckPassword(const Mgr::Command &cmd)
266 {
267 assert(cmd.profile != nullptr);
268 const char *action = cmd.profile->name;
269 char *pwd = PasswdGet(Config.passwd_list, action);
270
271 debugs(16, 4, "CacheManager::CheckPassword for action " << action);
272
273 if (pwd == nullptr)
274 return cmd.profile->isPwReq;
275
276 if (strcmp(pwd, "disable") == 0)
277 return 1;
278
279 if (strcmp(pwd, "none") == 0)
280 return 0;
281
282 if (!cmd.params.password.size())
283 return 1;
284
285 return cmd.params.password != pwd;
286 }
287
288 /**
289 \ingroup CacheManagerAPI
290 * Main entry point in the Cache Manager's activity. Gets called as part
291 * of the forward chain if the right URL is detected there. Initiates
292 * all needed internal work and renders the response.
293 */
294 void
295 CacheManager::start(const Comm::ConnectionPointer &client, HttpRequest *request, StoreEntry *entry, const AccessLogEntry::Pointer &ale)
296 {
297 debugs(16, 3, "request-url= '" << request->url << "', entry-url='" << entry->url() << "'");
298
299 Mgr::Command::Pointer cmd;
300 try {
301 cmd = ParseUrl(request->url);
302
303 } catch (...) {
304 debugs(16, 2, "request URL error: " << CurrentException);
305 const auto err = new ErrorState(ERR_INVALID_URL, Http::scNotFound, request, ale);
306 err->url = xstrdup(entry->url());
307 err->detailError(new ExceptionErrorDetail(Here().id()));
308 errorAppendEntry(entry, err);
309 return;
310 }
311
312 const char *actionName = cmd->profile->name;
313
314 entry->expires = squid_curtime;
315
316 debugs(16, 5, "CacheManager: " << client << " requesting '" << actionName << "'");
317
318 /* get additional info from request headers */
319 ParseHeaders(request, cmd->params);
320
321 const char *userName = cmd->params.userName.size() ?
322 cmd->params.userName.termedBuf() : "unknown";
323
324 /* Check password */
325
326 if (CheckPassword(*cmd) != 0) {
327 /* build error message */
328 ErrorState errState(ERR_CACHE_MGR_ACCESS_DENIED, Http::scUnauthorized, request, ale);
329 /* warn if user specified incorrect password */
330
331 if (cmd->params.password.size()) {
332 debugs(16, DBG_IMPORTANT, "CacheManager: " <<
333 userName << "@" <<
334 client << ": incorrect password for '" <<
335 actionName << "'" );
336 } else {
337 debugs(16, DBG_IMPORTANT, "CacheManager: " <<
338 userName << "@" <<
339 client << ": password needed for '" <<
340 actionName << "'" );
341 }
342
343 HttpReply *rep = errState.BuildHttpReply();
344
345 #if HAVE_AUTH_MODULE_BASIC
346 /*
347 * add Authenticate header using action name as a realm because
348 * password depends on the action
349 */
350 rep->header.putAuth("Basic", actionName);
351 #endif
352
353 const auto originOrNil = request->header.getStr(Http::HdrType::ORIGIN);
354 PutCommonResponseHeaders(*rep, originOrNil);
355
356 /* store the reply */
357 entry->replaceHttpReply(rep);
358
359 entry->expires = squid_curtime;
360
361 entry->complete();
362
363 return;
364 }
365
366 if (request->header.has(Http::HdrType::ORIGIN)) {
367 cmd->params.httpOrigin = request->header.getStr(Http::HdrType::ORIGIN);
368 }
369
370 debugs(16, 2, "CacheManager: " <<
371 userName << "@" <<
372 client << " requesting '" <<
373 actionName << "'" );
374
375 // special case: an index page
376 if (!strcmp(cmd->profile->name, "index")) {
377 ErrorState err(MGR_INDEX, Http::scOkay, request, ale);
378 err.url = xstrdup(entry->url());
379 HttpReply *rep = err.BuildHttpReply();
380 if (strncmp(rep->body.content(),"Internal Error:", 15) == 0)
381 rep->sline.set(Http::ProtocolVersion(1,1), Http::scNotFound);
382
383 const auto originOrNil = request->header.getStr(Http::HdrType::ORIGIN);
384 PutCommonResponseHeaders(*rep, originOrNil);
385
386 entry->replaceHttpReply(rep);
387 entry->complete();
388 return;
389 }
390
391 if (UsingSmp() && IamWorkerProcess()) {
392 // is client the right connection to pass here?
393 AsyncJob::Start(new Mgr::Forwarder(client, cmd->params, request, entry, ale));
394 return;
395 }
396
397 Mgr::Action::Pointer action = cmd->profile->creator->create(cmd);
398 Must(action != nullptr);
399 action->run(entry, true);
400 }
401
402 /*
403 \ingroup CacheManagerInternal
404 * Renders the protection level text for an action.
405 * Also doubles as a check for the protection level.
406 */
407 const char *
408 CacheManager::ActionProtection(const Mgr::ActionProfile::Pointer &profile)
409 {
410 assert(profile != nullptr);
411 const char *pwd = PasswdGet(Config.passwd_list, profile->name);
412
413 if (!pwd)
414 return profile->isPwReq ? "hidden" : "public";
415
416 if (!strcmp(pwd, "disable"))
417 return "disabled";
418
419 if (strcmp(pwd, "none") == 0)
420 return "public";
421
422 return "protected";
423 }
424
425 /*
426 * \ingroup CacheManagerInternal
427 * gets from the global Config the password the user would need to supply
428 * for the action she queried
429 */
430 char *
431 CacheManager::PasswdGet(Mgr::ActionPasswordList * a, const char *action)
432 {
433 while (a) {
434 for (auto &w : a->actions) {
435 if (w.cmp(action) == 0)
436 return a->passwd;
437
438 static const SBuf allAction("all");
439 if (w == allAction)
440 return a->passwd;
441 }
442
443 a = a->next;
444 }
445
446 return nullptr;
447 }
448
449 void
450 CacheManager::PutCommonResponseHeaders(HttpReply &response, const char *httpOrigin)
451 {
452 // Allow cachemgr and other XHR scripts access to our version string
453 if (httpOrigin) {
454 response.header.putExt("Access-Control-Allow-Origin", httpOrigin);
455 #if HAVE_AUTH_MODULE_BASIC
456 response.header.putExt("Access-Control-Allow-Credentials", "true");
457 #endif
458 response.header.putExt("Access-Control-Expose-Headers", "Server");
459 }
460
461 HttpHdrCc cc;
462 // this is honored by more caches but allows pointless revalidation;
463 // revalidation will always fail because we do not support it (yet?)
464 cc.noCache(String());
465 // this is honored by fewer caches but prohibits pointless revalidation
466 cc.noStore(true);
467 response.putCc(cc);
468 }
469
470 CacheManager*
471 CacheManager::GetInstance()
472 {
473 static CacheManager *instance = nullptr;
474 if (!instance) {
475 debugs(16, 6, "starting cachemanager up");
476 instance = new CacheManager;
477 Mgr::RegisterBasics();
478 }
479 return instance;
480 }
481
Mirror of https://github.com/squid-cache/squid.git