]>
Commit | Line | Data |
---|---|---|
3841dd46 | 1 | /* |
bde978a6 | 2 | * Copyright (C) 1996-2015 The Squid Software Foundation and contributors |
3841dd46 | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
3841dd46 | 7 | */ |
8 | ||
bbc27441 AJ |
9 | /* DEBUG: section 28 Access Control */ |
10 | ||
582c2af2 | 11 | #include "squid.h" |
c0941a6a | 12 | #include "acl/Checklist.h" |
602d9612 | 13 | #include "acl/DestinationDomain.h" |
c0941a6a | 14 | #include "acl/DomainData.h" |
602d9612 | 15 | #include "acl/RegexData.h" |
95e6d864 | 16 | #include "fqdncache.h" |
a2ac85d9 | 17 | #include "HttpRequest.h" |
714e68b7 | 18 | #include "ipcache.h" |
3841dd46 | 19 | |
7660b45d | 20 | DestinationDomainLookup DestinationDomainLookup::instance_; |
62e76326 | 21 | |
7660b45d | 22 | DestinationDomainLookup * |
23 | DestinationDomainLookup::Instance() | |
3841dd46 | 24 | { |
7660b45d | 25 | return &instance_; |
3841dd46 | 26 | } |
27 | ||
7660b45d | 28 | void |
c0941a6a | 29 | DestinationDomainLookup::checkForAsync(ACLChecklist *cl) const |
3841dd46 | 30 | { |
af6a12ee | 31 | ACLFilledChecklist *checklist = Filled(cl); |
c52f2002 | 32 | fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist); |
3841dd46 | 33 | } |
34 | ||
35 | void | |
4a3b98d7 | 36 | DestinationDomainLookup::LookupDone(const char *, const Dns::LookupDetails &details, void *data) |
3841dd46 | 37 | { |
3ff65596 | 38 | ACLFilledChecklist *checklist = Filled((ACLChecklist*)data); |
3ff65596 AR |
39 | checklist->markDestinationDomainChecked(); |
40 | checklist->request->recordLookup(details); | |
6f58d7d7 | 41 | checklist->resumeNonBlockingCheck(DestinationDomainLookup::Instance()); |
3841dd46 | 42 | } |
43 | ||
44 | int | |
33810b1d | 45 | ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &flags) |
3841dd46 | 46 | { |
58efcdd0 | 47 | assert(checklist != NULL && checklist->request != NULL); |
48 | ||
12ef783b | 49 | if (data->match(checklist->request->GetHost())) { |
7660b45d | 50 | return 1; |
12ef783b AJ |
51 | } |
52 | ||
33810b1d CT |
53 | if (flags.isSet(ACL_F_NO_LOOKUP)) { |
54 | debugs(28, 3, "aclMatchAcl: No-lookup DNS ACL '" << AclMatchedName << "' for '" << checklist->request->GetHost() << "'"); | |
55 | return 0; | |
56 | } | |
57 | ||
12ef783b | 58 | /* numeric IPA? no, trust the above result. */ |
79c8a298 | 59 | if (checklist->request->GetHostIsNumeric() == 0) { |
12ef783b AJ |
60 | return 0; |
61 | } | |
62 | ||
63 | /* do we already have the rDNS? match on it if we do. */ | |
64 | if (checklist->dst_rdns) { | |
65 | debugs(28, 3, "aclMatchAcl: '" << AclMatchedName << "' match with stored rDNS '" << checklist->dst_rdns << "' for '" << checklist->request->GetHost() << "'"); | |
66 | return data->match(checklist->dst_rdns); | |
67 | } | |
7660b45d | 68 | |
12ef783b AJ |
69 | /* raw IP without rDNS? look it up and wait for the result */ |
70 | const ipcache_addrs *ia = ipcacheCheckNumeric(checklist->request->GetHost()); | |
71 | if (!ia) { | |
72 | /* not a valid IPA */ | |
73 | checklist->dst_rdns = xstrdup("invalid"); | |
7660b45d | 74 | return 0; |
12ef783b | 75 | } |
62e76326 | 76 | |
1958d180 | 77 | checklist->dst_addr = ia->in_addrs[0]; |
12ef783b | 78 | const char *fqdn = fqdncache_gethostbyaddr(checklist->dst_addr, FQDN_LOOKUP_IF_MISS); |
62e76326 | 79 | |
7660b45d | 80 | if (fqdn) { |
12ef783b | 81 | checklist->dst_rdns = xstrdup(fqdn); |
62e76326 | 82 | return data->match(fqdn); |
7660b45d | 83 | } else if (!checklist->destinationDomainChecked()) { |
84 | /* FIXME: Using AclMatchedName here is not OO correct. Should find a way to the current acl */ | |
cc192b50 | 85 | debugs(28, 3, "aclMatchAcl: Can't yet compare '" << AclMatchedName << "' ACL for '" << checklist->request->GetHost() << "'"); |
6f58d7d7 AR |
86 | if (checklist->goAsync(DestinationDomainLookup::Instance())) |
87 | return -1; | |
88 | // else fall through to "none" match, hiding the lookup failure (XXX) | |
3841dd46 | 89 | } |
62e76326 | 90 | |
3841dd46 | 91 | return data->match("none"); |
92 | } | |
93 | ||
7660b45d | 94 | ACLDestinationDomainStrategy * |
95 | ACLDestinationDomainStrategy::Instance() | |
3841dd46 | 96 | { |
7660b45d | 97 | return &Instance_; |
3841dd46 | 98 | } |
99 | ||
7660b45d | 100 | ACLDestinationDomainStrategy ACLDestinationDomainStrategy::Instance_; |
f53969cc | 101 |