]> git.ipfire.org Git - thirdparty/squid.git/blob - src/client_side.h
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SourceFormat Enforcement
[thirdparty/squid.git] / src / client_side.h
1 /*
2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9 /* DEBUG: section 33 Client-side Routines */
10
11 #ifndef SQUID_CLIENTSIDE_H
12 #define SQUID_CLIENTSIDE_H
13
14 #include "clientStreamForward.h"
15 #include "comm.h"
16 #include "helper/forward.h"
17 #include "http/forward.h"
18 #include "HttpControlMsg.h"
19 #include "ipc/FdNotes.h"
20 #include "SBuf.h"
21 #if USE_AUTH
22 #include "auth/UserRequest.h"
23 #endif
24 #if USE_OPENSSL
25 #include "ssl/support.h"
26 #endif
27
28 class ConnStateData;
29 class ClientHttpRequest;
30 class clientStreamNode;
31 class ChunkedCodingParser;
32 namespace AnyP
33 {
34 class PortCfg;
35 } // namespace Anyp
36
37 /**
38 * Badly named.
39 * This is in fact the processing context for a single HTTP request.
40 *
41 * Managing what has been done, and what happens next to the data buffer
42 * holding what we hope is an HTTP request.
43 *
44 * Parsing is still a mess of global functions done in conjunction with the
45 * real socket controller which generated ClientHttpRequest.
46 * It also generates one of us and passes us control from there based on
47 * the results of the parse.
48 *
49 * After that all the request interpretation and adaptation is in our scope.
50 * Then finally the reply fetcher is created by this and we get the result
51 * back. Which we then have to manage writing of it to the ConnStateData.
52 *
53 * The socket level management is done by a ConnStateData which owns us.
54 * The scope of this objects control over a socket consists of the data
55 * buffer received from ConnStateData with an initially unknown length.
56 * When that length is known it sets the end bounary of our acces to the
57 * buffer.
58 *
59 * The individual processing actions are done by other Jobs which we
60 * kick off as needed.
61 *
62 * XXX: If an async call ends the ClientHttpRequest job, ClientSocketContext
63 * (and ConnStateData) may not know about it, leading to segfaults and
64 * assertions like areAllContextsForThisConnection(). This is difficult to fix
65 * because ClientHttpRequest lacks a good way to communicate its ongoing
66 * destruction back to the ClientSocketContext which pretends to "own" *http.
67 */
68 class ClientSocketContext : public RefCountable
69 {
70 CBDATA_CLASS(ClientSocketContext);
71
72 public:
73 typedef RefCount<ClientSocketContext> Pointer;
74 ClientSocketContext(const Comm::ConnectionPointer &aConn, ClientHttpRequest *aReq);
75 ~ClientSocketContext();
76 bool startOfOutput() const;
77 void writeComplete(const Comm::ConnectionPointer &conn, char *bufnotused, size_t size, Comm::Flag errflag);
78 void keepaliveNextRequest();
79
80 Comm::ConnectionPointer clientConnection; /// details about the client connection socket.
81 ClientHttpRequest *http; /* we pretend to own that job */
82 HttpReply *reply;
83 char reqbuf[HTTP_REQBUF_SZ];
84 Pointer next;
85
86 struct {
87
88 unsigned deferred:1; /* This is a pipelined request waiting for the current object to complete */
89
90 unsigned parsed_ok:1; /* Was this parsed correctly? */
91 } flags;
92 bool mayUseConnection() const {return mayUseConnection_;}
93
94 void mayUseConnection(bool aBool) {
95 mayUseConnection_ = aBool;
96 debugs(33,3, HERE << "This " << this << " marked " << aBool);
97 }
98
99 class DeferredParams
100 {
101
102 public:
103 clientStreamNode *node;
104 HttpReply *rep;
105 StoreIOBuffer queuedBuffer;
106 };
107
108 DeferredParams deferredparams;
109 int64_t writtenToSocket;
110 void pullData();
111 int64_t getNextRangeOffset() const;
112 bool canPackMoreRanges() const;
113 clientStream_status_t socketState();
114 void sendBody(HttpReply * rep, StoreIOBuffer bodyData);
115 void sendStartOfMessage(HttpReply * rep, StoreIOBuffer bodyData);
116 size_t lengthToSend(Range<int64_t> const &available);
117 void noteSentBodyBytes(size_t);
118 void buildRangeHeader(HttpReply * rep);
119 clientStreamNode * getTail() const;
120 clientStreamNode * getClientReplyContext() const;
121 ConnStateData *getConn() const;
122 void connIsFinished();
123 void removeFromConnectionList(ConnStateData * conn);
124 void deferRecipientForLater(clientStreamNode * node, HttpReply * rep, StoreIOBuffer receivedData);
125 bool multipartRangeRequest() const;
126 void registerWithConn();
127 void noteIoError(const int xerrno); ///< update state to reflect I/O error
128
129 /// starts writing 1xx control message to the client
130 void writeControlMsg(HttpControlMsg &msg);
131
132 protected:
133 static IOCB WroteControlMsg;
134 void wroteControlMsg(const Comm::ConnectionPointer &conn, char *bufnotused, size_t size, Comm::Flag errflag, int xerrno);
135
136 private:
137 void prepareReply(HttpReply * rep);
138 void packChunk(const StoreIOBuffer &bodyData, MemBuf &mb);
139 void packRange(StoreIOBuffer const &, MemBuf * mb);
140 void deRegisterWithConn();
141 void doClose();
142 void initiateClose(const char *reason);
143
144 AsyncCall::Pointer cbControlMsgSent; ///< notifies HttpControlMsg Source
145
146 bool mayUseConnection_; /* This request may use the connection. Don't read anymore requests for now */
147 bool connRegistered_;
148 };
149
150 class ConnectionDetail;
151 #if USE_OPENSSL
152 namespace Ssl
153 {
154 class ServerBump;
155 }
156 #endif
157 /**
158 * Manages a connection to a client.
159 *
160 * Multiple requests (up to pipeline_prefetch) can be pipelined. This object is responsible for managing
161 * which one is currently being fulfilled and what happens to the queue if the current one
162 * causes the client connection to be closed early.
163 *
164 * Act as a manager for the connection and passes data in buffer to the current parser.
165 * the parser has ambiguous scope at present due to being made from global functions
166 * I believe this object uses the parser to identify boundaries and kick off the
167 * actual HTTP request handling objects (ClientSocketContext, ClientHttpRequest, HttpRequest)
168 *
169 * If the above can be confirmed accurate we can call this object PipelineManager or similar
170 */
171 class ConnStateData : public BodyProducer, public HttpControlMsgSink
172 {
173
174 public:
175 explicit ConnStateData(const MasterXaction::Pointer &xact);
176 virtual ~ConnStateData();
177
178 void readSomeData();
179 bool areAllContextsForThisConnection() const;
180 void freeAllContexts();
181 void notifyAllContexts(const int xerrno); ///< tell everybody about the err
182 /// Traffic parsing
183 bool clientParseRequests();
184 void readNextRequest();
185 ClientSocketContext::Pointer getCurrentContext() const;
186 void addContextToQueue(ClientSocketContext * context);
187 int getConcurrentRequestCount() const;
188 bool isOpen() const;
189
190 // HttpControlMsgSink API
191 virtual void sendControlMsg(HttpControlMsg msg);
192
193 // Client TCP connection details from comm layer.
194 Comm::ConnectionPointer clientConnection;
195
196 /**
197 * The transfer protocol currently being spoken on this connection.
198 * HTTP/1 CONNECT and HTTP/2 SETTINGS offers the ability to change
199 * protocols on the fly.
200 */
201 AnyP::ProtocolVersion transferProtocol;
202
203 struct In {
204 In();
205 ~In();
206 bool maybeMakeSpaceAvailable();
207
208 ChunkedCodingParser *bodyParser; ///< parses chunked request body
209 SBuf buf;
210 } in;
211
212 /** number of body bytes we need to comm_read for the "current" request
213 *
214 * \retval 0 We do not need to read any [more] body bytes
215 * \retval negative May need more but do not know how many; could be zero!
216 * \retval positive Need to read exactly that many more body bytes
217 */
218 int64_t mayNeedToReadMoreBody() const;
219
220 #if USE_AUTH
221 /**
222 * Fetch the user details for connection based authentication
223 * NOTE: this is ONLY connection based because NTLM and Negotiate is against HTTP spec.
224 */
225 const Auth::UserRequest::Pointer &getAuth() const { return auth_; }
226
227 /**
228 * Set the user details for connection-based authentication to use from now until connection closure.
229 *
230 * Any change to existing credentials shows that something invalid has happened. Such as:
231 * - NTLM/Negotiate auth was violated by the per-request headers missing a revalidation token
232 * - NTLM/Negotiate auth was violated by the per-request headers being for another user
233 * - SSL-Bump CONNECT tunnel with persistent credentials has ended
234 */
235 void setAuth(const Auth::UserRequest::Pointer &aur, const char *cause);
236 #endif
237
238 /**
239 * used by the owner of the connection, opaque otherwise
240 * TODO: generalise the connection owner concept.
241 */
242 ClientSocketContext::Pointer currentobject;
243
244 Ip::Address log_addr;
245 int nrequests;
246
247 struct {
248 bool readMore; ///< needs comm_read (for this request or new requests)
249 bool swanSang; // XXX: temporary flag to check proper cleanup
250 } flags;
251 struct {
252 Comm::ConnectionPointer serverConnection; /* pinned server side connection */
253 char *host; /* host name of pinned connection */
254 int port; /* port of pinned connection */
255 bool pinned; /* this connection was pinned */
256 bool auth; /* pinned for www authentication */
257 bool reading; ///< we are monitoring for peer connection closure
258 bool zeroReply; ///< server closed w/o response (ERR_ZERO_SIZE_OBJECT)
259 CachePeer *peer; /* CachePeer the connection goes via */
260 AsyncCall::Pointer readHandler; ///< detects serverConnection closure
261 AsyncCall::Pointer closeHandler; /*The close handler for pinned server side connection*/
262 } pinning;
263
264 /// Squid listening port details where this connection arrived.
265 AnyP::PortCfgPointer port;
266
267 bool transparent() const;
268 bool reading() const;
269 void stopReading(); ///< cancels comm_read if it is scheduled
270
271 /// true if we stopped receiving the request
272 const char *stoppedReceiving() const { return stoppedReceiving_; }
273 /// true if we stopped sending the response
274 const char *stoppedSending() const { return stoppedSending_; }
275 /// note request receiving error and close as soon as we write the response
276 void stopReceiving(const char *error);
277 /// note response sending error and close as soon as we read the request
278 void stopSending(const char *error);
279
280 void expectNoForwarding(); ///< cleans up virgin request [body] forwarding state
281
282 /* BodyPipe API */
283 BodyPipe::Pointer expectRequestBody(int64_t size);
284 virtual void noteMoreBodySpaceAvailable(BodyPipe::Pointer) = 0;
285 virtual void noteBodyConsumerAborted(BodyPipe::Pointer) = 0;
286
287 bool handleReadData();
288 bool handleRequestBodyData();
289
290 /// Forward future client requests using the given server connection.
291 /// Optionally, monitor pinned server connection for remote-end closures.
292 void pinConnection(const Comm::ConnectionPointer &pinServerConn, HttpRequest *request, CachePeer *peer, bool auth, bool monitor = true);
293 /// Undo pinConnection() and, optionally, close the pinned connection.
294 void unpinConnection(const bool andClose);
295 /// Returns validated pinnned server connection (and stops its monitoring).
296 Comm::ConnectionPointer borrowPinnedConnection(HttpRequest *request, const CachePeer *aPeer);
297 /**
298 * Checks if there is pinning info if it is valid. It can close the server side connection
299 * if pinned info is not valid.
300 \param request if it is not NULL also checks if the pinning info refers to the request client side HttpRequest
301 \param CachePeer if it is not NULL also check if the CachePeer is the pinning CachePeer
302 \return The details of the server side connection (may be closed if failures were present).
303 */
304 const Comm::ConnectionPointer validatePinnedConnection(HttpRequest *request, const CachePeer *peer);
305 /**
306 * returts the pinned CachePeer if exists, NULL otherwise
307 */
308 CachePeer *pinnedPeer() const {return pinning.peer;}
309 bool pinnedAuth() const {return pinning.auth;}
310
311 /// called just before a FwdState-dispatched job starts using connection
312 virtual void notePeerConnection(Comm::ConnectionPointer) {}
313
314 // pining related comm callbacks
315 virtual void clientPinnedConnectionClosed(const CommCloseCbParams &io);
316
317 // comm callbacks
318 void clientReadRequest(const CommIoCbParams &io);
319 void clientReadFtpData(const CommIoCbParams &io);
320 void connStateClosed(const CommCloseCbParams &io);
321 void requestTimeout(const CommTimeoutCbParams &params);
322
323 // AsyncJob API
324 virtual void start();
325 virtual bool doneAll() const { return BodyProducer::doneAll() && false;}
326 virtual void swanSong();
327
328 /// Changes state so that we close the connection and quit after serving
329 /// the client-side-detected error response instead of getting stuck.
330 void quitAfterError(HttpRequest *request); // meant to be private
331
332 /// The caller assumes responsibility for connection closure detection.
333 void stopPinnedConnectionMonitoring();
334
335 #if USE_OPENSSL
336 /// the second part of old httpsAccept, waiting for future HttpsServer home
337 void postHttpsAccept();
338
339 /// Initializes and starts a peek-and-splice negotiation with the SSL client
340 void startPeekAndSplice();
341 /// Called when the initialization of peek-and-splice negotiation finidhed
342 void startPeekAndSpliceDone();
343 /// Called when a peek-and-splice step finished. For example after
344 /// server SSL certificates received and fake server SSL certificates
345 /// generated
346 void doPeekAndSpliceStep();
347 /// called by FwdState when it is done bumping the server
348 void httpsPeeked(Comm::ConnectionPointer serverConnection);
349
350 /// Start to create dynamic SSL_CTX for host or uses static port SSL context.
351 void getSslContextStart();
352 /**
353 * Done create dynamic ssl certificate.
354 *
355 * \param[in] isNew if generated certificate is new, so we need to add this certificate to storage.
356 */
357 void getSslContextDone(SSL_CTX * sslContext, bool isNew = false);
358 /// Callback function. It is called when squid receive message from ssl_crtd.
359 static void sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply);
360 /// Proccess response from ssl_crtd.
361 void sslCrtdHandleReply(const Helper::Reply &reply);
362
363 void switchToHttps(HttpRequest *request, Ssl::BumpMode bumpServerMode);
364 bool switchedToHttps() const { return switchedToHttps_; }
365 Ssl::ServerBump *serverBump() {return sslServerBump;}
366 inline void setServerBump(Ssl::ServerBump *srvBump) {
367 if (!sslServerBump)
368 sslServerBump = srvBump;
369 else
370 assert(sslServerBump == srvBump);
371 }
372 /// Fill the certAdaptParams with the required data for certificate adaptation
373 /// and create the key for storing/retrieve the certificate to/from the cache
374 void buildSslCertGenerationParams(Ssl::CertificateProperties &certProperties);
375 /// Called when the client sends the first request on a bumped connection.
376 /// Returns false if no [delayed] error should be written to the client.
377 /// Otherwise, writes the error to the client and returns true. Also checks
378 /// for SQUID_X509_V_ERR_DOMAIN_MISMATCH on bumped requests.
379 bool serveDelayedError(ClientSocketContext *context);
380
381 Ssl::BumpMode sslBumpMode; ///< ssl_bump decision (Ssl::bumpEnd if n/a).
382
383 #else
384 bool switchedToHttps() const { return false; }
385 #endif
386
387 /* clt_conn_tag=tag annotation access */
388 const SBuf &connectionTag() const { return connectionTag_; }
389 void connectionTag(const char *aTag) { connectionTag_ = aTag; }
390
391 /// handle a control message received by context from a peer and call back
392 virtual void writeControlMsgAndCall(ClientSocketContext *context, HttpReply *rep, AsyncCall::Pointer &call) = 0;
393
394 /// ClientStream calls this to supply response header (once) and data
395 /// for the current ClientSocketContext.
396 virtual void handleReply(HttpReply *header, StoreIOBuffer receivedData) = 0;
397
398 /// remove no longer needed leading bytes from the input buffer
399 void consumeInput(const size_t byteCount);
400
401 /* TODO: Make the methods below (at least) non-public when possible. */
402
403 /// stop parsing the request and create context for relaying error info
404 ClientSocketContext *abortRequestParsing(const char *const errUri);
405
406 protected:
407 void startDechunkingRequest();
408 void finishDechunkingRequest(bool withSuccess);
409 void abortChunkedRequestBody(const err_type error);
410 err_type handleChunkedRequestBody(size_t &putSize);
411
412 void startPinnedConnectionMonitoring();
413 void clientPinnedConnectionRead(const CommIoCbParams &io);
414
415 /// parse input buffer prefix into a single transfer protocol request
416 /// return NULL to request more header bytes (after checking any limits)
417 /// use abortRequestParsing() to handle parsing errors w/o creating request
418 virtual ClientSocketContext *parseOneRequest() = 0;
419
420 /// start processing a freshly parsed request
421 virtual void processParsedRequest(ClientSocketContext *context) = 0;
422
423 /// returning N allows a pipeline of 1+N requests (see pipeline_prefetch)
424 virtual int pipelinePrefetchMax() const;
425
426 /// timeout to use when waiting for the next request
427 virtual time_t idleTimeout() const = 0;
428
429 BodyPipe::Pointer bodyPipe; ///< set when we are reading request body
430
431 private:
432 int connFinishedWithConn(int size);
433 void clientAfterReadingRequests();
434 bool concurrentRequestQueueFilled() const;
435
436 void pinNewConnection(const Comm::ConnectionPointer &pinServer, HttpRequest *request, CachePeer *aPeer, bool auth);
437
438 /* PROXY protocol functionality */
439 bool proxyProtocolValidateClient();
440 bool parseProxyProtocolHeader();
441 bool parseProxy1p0();
442 bool parseProxy2p0();
443 bool proxyProtocolError(const char *reason);
444
445 /// whether PROXY protocol header is still expected
446 bool needProxyProtocolHeader_;
447
448 #if USE_AUTH
449 /// some user details that can be used to perform authentication on this connection
450 Auth::UserRequest::Pointer auth_;
451 #endif
452
453 /// the parser state for current HTTP/1.x input buffer processing
454 Http1::RequestParserPointer parser_;
455
456 #if USE_OPENSSL
457 bool switchedToHttps_;
458 /// The SSL server host name appears in CONNECT request or the server ip address for the intercepted requests
459 String sslConnectHostOrIp; ///< The SSL server host name as passed in the CONNECT request
460 String sslCommonName; ///< CN name for SSL certificate generation
461 String sslBumpCertKey; ///< Key to use to store/retrieve generated certificate
462
463 /// HTTPS server cert. fetching state for bump-ssl-server-first
464 Ssl::ServerBump *sslServerBump;
465 Ssl::CertSignAlgorithm signAlgorithm; ///< The signing algorithm to use
466 #endif
467
468 /// the reason why we no longer write the response or nil
469 const char *stoppedSending_;
470 /// the reason why we no longer read the request or nil
471 const char *stoppedReceiving_;
472
473 AsyncCall::Pointer reader; ///< set when we are reading
474
475 SBuf connectionTag_; ///< clt_conn_tag=Tag annotation for client connection
476 };
477
478 void setLogUri(ClientHttpRequest * http, char const *uri, bool cleanUrl = false);
479
480 const char *findTrailingHTTPVersion(const char *uriAndHTTPVersion, const char *end = NULL);
481
482 int varyEvaluateMatch(StoreEntry * entry, HttpRequest * req);
483
484 /// accept requests to a given port and inform subCall about them
485 void clientStartListeningOn(AnyP::PortCfgPointer &port, const RefCount< CommCbFunPtrCallT<CommAcceptCbPtrFun> > &subCall, const Ipc::FdNoteId noteId);
486
487 void clientOpenListenSockets(void);
488 void clientConnectionsClose(void);
489 void httpRequestFree(void *);
490
491 /// decide whether to expect multiple requests on the corresponding connection
492 void clientSetKeepaliveFlag(ClientHttpRequest *http);
493
494 /* misplaced declaratrions of Stream callbacks provided/used by client side */
495 SQUIDCEXTERN CSR clientGetMoreData;
496 SQUIDCEXTERN CSS clientReplyStatus;
497 SQUIDCEXTERN CSD clientReplyDetach;
498 CSCB clientSocketRecipient;
499 CSD clientSocketDetach;
500
501 /* TODO: Move to HttpServer. Warning: Move requires large code nonchanges! */
502 ClientSocketContext *parseHttpRequest(ConnStateData *, const Http1::RequestParserPointer &);
503 void clientProcessRequest(ConnStateData *, const Http1::RequestParserPointer &, ClientSocketContext *);
504 void clientPostHttpsAccept(ConnStateData *);
505
506 #endif /* SQUID_CLIENTSIDE_H */
507
Mirror of https://github.com/squid-cache/squid.git