]>
Commit | Line | Data |
---|---|---|
3841dd46 | 1 | /* |
5b74111a | 2 | * Copyright (C) 1996-2018 The Squid Software Foundation and contributors |
3841dd46 | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
3841dd46 | 7 | */ |
8 | ||
bbc27441 AJ |
9 | /* DEBUG: section 28 Access Control */ |
10 | ||
582c2af2 | 11 | #include "squid.h" |
c0941a6a | 12 | #include "acl/Checklist.h" |
602d9612 | 13 | #include "acl/DestinationDomain.h" |
c0941a6a | 14 | #include "acl/DomainData.h" |
602d9612 | 15 | #include "acl/RegexData.h" |
95e6d864 | 16 | #include "fqdncache.h" |
a2ac85d9 | 17 | #include "HttpRequest.h" |
3841dd46 | 18 | |
7660b45d | 19 | DestinationDomainLookup DestinationDomainLookup::instance_; |
62e76326 | 20 | |
7660b45d | 21 | DestinationDomainLookup * |
22 | DestinationDomainLookup::Instance() | |
3841dd46 | 23 | { |
7660b45d | 24 | return &instance_; |
3841dd46 | 25 | } |
26 | ||
7660b45d | 27 | void |
c0941a6a | 28 | DestinationDomainLookup::checkForAsync(ACLChecklist *cl) const |
3841dd46 | 29 | { |
af6a12ee | 30 | ACLFilledChecklist *checklist = Filled(cl); |
c52f2002 | 31 | fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist); |
3841dd46 | 32 | } |
33 | ||
34 | void | |
4a3b98d7 | 35 | DestinationDomainLookup::LookupDone(const char *, const Dns::LookupDetails &details, void *data) |
3841dd46 | 36 | { |
3ff65596 | 37 | ACLFilledChecklist *checklist = Filled((ACLChecklist*)data); |
3ff65596 AR |
38 | checklist->markDestinationDomainChecked(); |
39 | checklist->request->recordLookup(details); | |
6f58d7d7 | 40 | checklist->resumeNonBlockingCheck(DestinationDomainLookup::Instance()); |
3841dd46 | 41 | } |
42 | ||
4eac3407 CT |
43 | /* ACLDestinationDomainStrategy */ |
44 | ||
45 | const Acl::Options & | |
46 | ACLDestinationDomainStrategy::options() | |
47 | { | |
48 | static const Acl::BooleanOption LookupBanFlag; | |
49 | static const Acl::Options MyOptions = { { "-n", &LookupBanFlag } }; | |
50 | LookupBanFlag.linkWith(&lookupBanned); | |
51 | return MyOptions; | |
52 | } | |
53 | ||
3841dd46 | 54 | int |
4eac3407 | 55 | ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist) |
3841dd46 | 56 | { |
58efcdd0 | 57 | assert(checklist != NULL && checklist->request != NULL); |
58 | ||
5c51bffb | 59 | if (data->match(checklist->request->url.host())) { |
7660b45d | 60 | return 1; |
12ef783b AJ |
61 | } |
62 | ||
4eac3407 | 63 | if (lookupBanned) { |
5c51bffb | 64 | debugs(28, 3, "No-lookup DNS ACL '" << AclMatchedName << "' for " << checklist->request->url.host()); |
33810b1d CT |
65 | return 0; |
66 | } | |
67 | ||
12ef783b | 68 | /* numeric IPA? no, trust the above result. */ |
5c51bffb | 69 | if (!checklist->request->url.hostIsNumeric()) { |
12ef783b AJ |
70 | return 0; |
71 | } | |
72 | ||
73 | /* do we already have the rDNS? match on it if we do. */ | |
74 | if (checklist->dst_rdns) { | |
5c51bffb | 75 | debugs(28, 3, "'" << AclMatchedName << "' match with stored rDNS '" << checklist->dst_rdns << "' for " << checklist->request->url.host()); |
12ef783b AJ |
76 | return data->match(checklist->dst_rdns); |
77 | } | |
7660b45d | 78 | |
12ef783b | 79 | /* raw IP without rDNS? look it up and wait for the result */ |
fd9c47d1 | 80 | if (!checklist->dst_addr.fromHost(checklist->request->url.host())) { |
12ef783b AJ |
81 | /* not a valid IPA */ |
82 | checklist->dst_rdns = xstrdup("invalid"); | |
7660b45d | 83 | return 0; |
12ef783b | 84 | } |
62e76326 | 85 | |
12ef783b | 86 | const char *fqdn = fqdncache_gethostbyaddr(checklist->dst_addr, FQDN_LOOKUP_IF_MISS); |
62e76326 | 87 | |
7660b45d | 88 | if (fqdn) { |
12ef783b | 89 | checklist->dst_rdns = xstrdup(fqdn); |
62e76326 | 90 | return data->match(fqdn); |
7660b45d | 91 | } else if (!checklist->destinationDomainChecked()) { |
92 | /* FIXME: Using AclMatchedName here is not OO correct. Should find a way to the current acl */ | |
5c51bffb | 93 | debugs(28, 3, "Can't yet compare '" << AclMatchedName << "' ACL for " << checklist->request->url.host()); |
6f58d7d7 AR |
94 | if (checklist->goAsync(DestinationDomainLookup::Instance())) |
95 | return -1; | |
96 | // else fall through to "none" match, hiding the lookup failure (XXX) | |
3841dd46 | 97 | } |
62e76326 | 98 | |
3841dd46 | 99 | return data->match("none"); |
100 | } | |
101 |