*
*/
-#include "squid.h"
+#include "squid-old.h"
#include "acl/Acl.h"
#include "acl/Gadgets.h"
#if USE_SSL
static void parseBytesOptionValue(size_t * bptr, const char *units, char const * value);
#endif
-#if !USE_DNSSERVERS
+#if !USE_DNSHELPER
static void parseBytesLineSigned(ssize_t * bptr, const char *units);
#endif
static size_t parseBytesUnits(const char *unit);
#endif /* CURRENTLY_UNUSED */
#endif /* USE_WCCPv2 */
-static void parse_http_port_list(http_port_list **);
+static void parsePortList(http_port_list **, const char *protocol);
+#define parse_http_port_list(l) parsePortList((l),"http")
static void dump_http_port_list(StoreEntry *, const char *, const http_port_list *);
static void free_http_port_list(http_port_list **);
#if USE_SSL
-static void parse_https_port_list(https_port_list **);
-static void dump_https_port_list(StoreEntry *, const char *, const https_port_list *);
-static void free_https_port_list(https_port_list **);
+#define parse_https_port_list(l) parsePortList((l),"https")
+#define dump_https_port_list(e,n,l) dump_http_port_list((e),(n),(l))
+#define free_https_port_list(l) free_http_port_list((l))
+#define check_null_https_port_list(l) check_null_http_port_list((l))
static void parse_sslproxy_cert_sign(sslproxy_cert_sign **cert_sign);
static void dump_sslproxy_cert_sign(StoreEntry *entry, const char *name, sslproxy_cert_sign *cert_sign);
static void free_sslproxy_cert_sign(sslproxy_cert_sign **cert_sign);
static void parse_sslproxy_cert_adapt(sslproxy_cert_adapt **cert_adapt);
static void dump_sslproxy_cert_adapt(StoreEntry *entry, const char *name, sslproxy_cert_adapt *cert_adapt);
static void free_sslproxy_cert_adapt(sslproxy_cert_adapt **cert_adapt);
-#if 0
-static int check_null_https_port_list(const https_port_list *);
-#endif
#endif /* USE_SSL */
static void parse_b_size_t(size_t * var);
else
visible_appname_string = (char const *)APP_FULLNAME;
-#if USE_DNSSERVERS
-
+#if USE_DNSHELPER
if (Config.dnsChildren.n_max < 1)
- fatal("No dnsservers allocated");
-
+ fatal("No DNS helpers allocated");
#endif
if (Config.Program.redirect) {
}
requirePathnameExists("MIME Config Table", Config.mimeTablePathname);
-#if USE_DNSSERVERS
-
+#if USE_DNSHELPER
requirePathnameExists("cache_dns_program", Config.Program.dnsserver);
#endif
#if USE_UNLINKD
if (!s->cert)
continue;
- debugs(3, 1, "Initializing http_port " << s->http.s << " SSL context");
+ debugs(3, 1, "Initializing http_port " << s->s << " SSL context");
s->staticSslContext.reset(
sslCreateServerContext(s->cert, s->key,
Ssl::readCertChainAndPrivateKeyFromFiles(s->signingCert, s->signPkey, s->certsToChain, s->cert, s->key);
if (!s->signPkey)
- debugs(3, DBG_IMPORTANT, "No SSL private key configured for http_port " << s->http.s);
+ debugs(3, DBG_IMPORTANT, "No SSL private key configured for http_port " << s->s);
Ssl::generateUntrustedCert(s->untrustedSigningCert, s->untrustedSignPkey,
s->signingCert, s->signPkey);
{
- https_port_list *s;
+ http_port_list *s;
- for (s = Config.Sockaddr.https; s != NULL; s = (https_port_list *) s->http.next) {
- debugs(3, 1, "Initializing https_port " << s->http.s << " SSL context");
+ for (s = Config.Sockaddr.https; s != NULL; s = s->next) {
+ debugs(3, 1, "Initializing https_port " << s->s << " SSL context");
s->staticSslContext.reset(
sslCreateServerContext(s->cert, s->key,
if (s->cert && s->sslBump) {
Ssl::readCertChainAndPrivateKeyFromFiles(s->signingCert, s->signPkey, s->certsToChain, s->cert, s->key);
if (!s->signPkey)
- debugs(3, DBG_IMPORTANT, "No SSL private key configured for https_port " << s->http.s);
+ debugs(3, DBG_IMPORTANT, "No SSL private key configured for https_port " << s->s);
Ssl::generateUntrustedCert(s->untrustedSigningCert, s->untrustedSignPkey,
s->signingCert, s->signPkey);
self_destruct();
}
-#if !USE_DNSSERVERS
+#if !USE_DNSHELPER
static void
parseBytesLineSigned(ssize_t * bptr, const char *units)
{
*var = 0;
}
-#if !USE_DNSSERVERS
+#if !USE_DNSHELPER
static void
dump_time_msec(StoreEntry * entry, const char *name, time_msec_t var)
{
storeAppendPrintf(entry, "%s %d %s\n", name, (int) var, B_BYTES_STR);
}
-#if !USE_DNSSERVERS
+#if !USE_DNSHELPER
static void
dump_b_ssize_t(StoreEntry * entry, const char *name, ssize_t var)
{
parseBytesLine(var, B_BYTES_STR);
}
-#if !USE_DNSSERVERS
+#if !USE_DNSHELPER
static void
parse_b_ssize_t(ssize_t * var)
{
*var = 0;
}
-#if !USE_DNSSERVERS
+#if !USE_DNSHELPER
static void
free_ssize_t(ssize_t * var)
{
CBDATA_CLASS_INIT(http_port_list);
static void
-parse_http_port_specification(http_port_list * s, char *token)
+parsePortSpecification(http_port_list * s, char *token)
{
char *host = NULL;
unsigned short port = 0;
host = token + 1;
t = strchr(host, ']');
if (!t) {
- debugs(3, 0, "http(s)_port: missing ']' on IPv6 address: " << token);
+ debugs(3, DBG_CRITICAL, s->protocol << "_port: missing ']' on IPv6 address: " << token);
self_destruct();
}
*t++ = '\0';
if (*t != ':') {
- debugs(3, 0, "http(s)_port: missing Port in: " << token);
+ debugs(3, DBG_CRITICAL, s->protocol << "_port: missing Port in: " << token);
self_destruct();
}
if (!Ip::EnableIpv6) {
- debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: IPv6 is not available.");
+ debugs(3, DBG_CRITICAL, "FATAL: " << s->protocol << "_port: IPv6 is not available.");
self_destruct();
}
port = xatos(t + 1);
} else if ((port = strtol(token, &junk, 10)), !*junk) {
/* port */
- debugs(3, 3, "http(s)_port: found Listen on Port: " << port);
+ debugs(3, 3, s->protocol << "_port: found Listen on Port: " << port);
} else {
- debugs(3, 0, "http(s)_port: missing Port: " << token);
+ debugs(3, DBG_CRITICAL, s->protocol << "_port: missing Port: " << token);
self_destruct();
}
- if (port == 0) {
- debugs(3, 0, "http(s)_port: Port cannot be 0: " << token);
+ if (port == 0 && host != NULL) {
+ debugs(3, DBG_CRITICAL, s->protocol << "_port: Port cannot be 0: " << token);
self_destruct();
}
s->s.SetPort(port);
if (!Ip::EnableIpv6)
s->s.SetIPv4();
- debugs(3, 3, "http(s)_port: found Listen on wildcard address: *:" << s->s.GetPort() );
+ debugs(3, 3, s->protocol << "_port: found Listen on wildcard address: *:" << s->s.GetPort() );
} else if ( (s->s = host) ) { /* check/parse numeric IPA */
s->s.SetPort(port);
if (!Ip::EnableIpv6)
s->s.SetIPv4();
- debugs(3, 3, "http(s)_port: Listen on Host/IP: " << host << " --> " << s->s);
+ debugs(3, 3, s->protocol << "_port: Listen on Host/IP: " << host << " --> " << s->s);
} else if ( s->s.GetHostByName(host) ) { /* check/parse for FQDN */
/* dont use ipcache */
s->defaultsite = xstrdup(host);
s->s.SetPort(port);
if (!Ip::EnableIpv6)
s->s.SetIPv4();
- debugs(3, 3, "http(s)_port: found Listen as Host " << s->defaultsite << " on IP: " << s->s);
+ debugs(3, 3, s->protocol << "_port: found Listen as Host " << s->defaultsite << " on IP: " << s->s);
} else {
- debugs(3, 0, "http(s)_port: failed to resolve Host/IP: " << host);
+ debugs(3, DBG_CRITICAL, s->protocol << "_port: failed to resolve Host/IP: " << host);
self_destruct();
}
}
}
}
-static http_port_list *
-create_http_port(char *portspec)
-{
- http_port_list *s = new http_port_list("http");
- parse_http_port_specification(s, portspec);
- return s;
-}
-
void
add_http_port(char *portspec)
{
- http_port_list *s = create_http_port(portspec);
+ http_port_list *s = new http_port_list("http");
+ parsePortSpecification(s, portspec);
// we may need to merge better of the above returns a list with clones
assert(s->next == NULL);
s->next = Config.Sockaddr.http;
}
static void
-parse_http_port_list(http_port_list ** head)
+parsePortList(http_port_list ** head, const char *protocol)
{
char *token = strtok(NULL, w_space);
return;
}
- http_port_list *s = create_http_port(token);
+ http_port_list *s = new http_port_list(protocol);
+ parsePortSpecification(s, token);
/* parse options ... */
while ((token = strtok(NULL, w_space))) {
parse_http_port_option(s, token);
}
+#if USE_SSL
+ if (strcasecmp(protocol, "https") == 0) {
+ /* ssl-bump on https_port configuration requires either tproxy or intercepted, and vice versa */
+ const bool hijacked = s->spoof_client_ip || s->intercepted;
+ if (s->sslBump && !hijacked) {
+ debugs(3, DBG_CRITICAL, "FATAL: ssl-bump on https_port requires tproxy/intercepted which is missing.");
+ self_destruct();
+ }
+ if (hijacked && !s->sslBump) {
+ debugs(3, DBG_CRITICAL, "FATAL: tproxy/intercepted on https_port requires ssl-bump which is missing.");
+ self_destruct();
+ }
+ }
+#endif
+
if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && s->s.IsAnyAddr()) {
// clone the port options from *s to *(s->next)
s->next = clone_http_port_list(s);
s->next->s.SetIPv4();
- debugs(3, 3, "http(s)_port: clone wildcard address for split-stack: " << s->s << " and " << s->next->s);
+ debugs(3, 3, protocol << "_port: clone wildcard address for split-stack: " << s->s << " and " << s->next->s);
}
while (*head)
}
}
-#if USE_SSL
-
-// TODO: merge better with parse_http_port_list
-static void
-parse_https_port_list(https_port_list ** head)
-{
- char *token;
- https_port_list *s;
-
- token = strtok(NULL, w_space);
-
- if (!token)
- self_destruct();
-
- s = new https_port_list;
- parse_http_port_specification(&s->http, token);
-
- /* parse options ... */
- while ((token = strtok(NULL, w_space))) {
- parse_http_port_option(s, token);
- }
-
- /* ssl-bump requires either tproxy or intercepted, and vice versa */
- const bool hijacked = s->spoof_client_ip || s->intercepted;
- if (s->sslBump && !hijacked) {
- debugs(3, DBG_CRITICAL, "FATAL: ssl-bump on https_port requires tproxy/intercepted which is missing.");
- self_destruct();
- }
- if (hijacked && !s->sslBump) {
- debugs(3, DBG_CRITICAL, "FATAL: tproxy/intercepted on https_port requires ssl-bump which is missing.");
- self_destruct();
- }
-
- while (*head) {
- http_port_list ** headTmp = &(*head)->http.next;
- head = (https_port_list **)headTmp;
- }
-
- *head = s;
-}
-
-static void
-dump_https_port_list(StoreEntry * e, const char *n, const https_port_list * s)
-{
- dump_http_port_list(e, n, s);
-}
-
-static void
-free_https_port_list(https_port_list ** head)
-{
- free_http_port_list((http_port_list**)head);
-}
-
-#if 0
-static int
-check_null_https_port_list(const https_port_list * s)
-{
- return NULL == s;
-}
-
-#endif
-
-#endif /* USE_SSL */
-
void
configFreeMemory(void)
{
projects / thirdparty / squid.git / blobdiff