]>
Commit | Line | Data |
---|---|---|
bbc27441 AJ |
1 | /* |
2 | * Copyright (C) 1996-2014 The Squid Software Foundation and contributors | |
3 | * | |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
582c2af2 FC |
9 | #include "squid.h" |
10 | #include "acl/FilledChecklist.h" | |
351fe86d | 11 | #include "client_side.h" |
582c2af2 FC |
12 | #include "comm/Connection.h" |
13 | #include "comm/forward.h" | |
abdd93d0 | 14 | #include "ExternalACLEntry.h" |
582c2af2 FC |
15 | #include "HttpReply.h" |
16 | #include "HttpRequest.h" | |
4d5904f7 | 17 | #include "SquidConfig.h" |
2f1431ea | 18 | #if USE_AUTH |
351fe86d | 19 | #include "auth/AclProxyAuth.h" |
602d9612 | 20 | #include "auth/UserRequest.h" |
2f1431ea | 21 | #endif |
582c2af2 | 22 | |
351fe86d AR |
23 | CBDATA_CLASS_INIT(ACLFilledChecklist); |
24 | ||
351fe86d AR |
25 | ACLFilledChecklist::ACLFilledChecklist() : |
26 | dst_peer(NULL), | |
12ef783b | 27 | dst_rdns(NULL), |
351fe86d AR |
28 | request (NULL), |
29 | reply (NULL), | |
2f1431ea | 30 | #if USE_AUTH |
351fe86d | 31 | auth_user_request (NULL), |
2f1431ea | 32 | #endif |
351fe86d AR |
33 | #if SQUID_SNMP |
34 | snmp_community(NULL), | |
351fe86d | 35 | #endif |
cb4f4424 | 36 | #if USE_OPENSSL |
7a957a93 | 37 | sslErrors(NULL), |
fa24d749 | 38 | #endif |
351fe86d AR |
39 | conn_(NULL), |
40 | fd_(-1), | |
41 | destinationDomainChecked_(false), | |
42 | sourceDomainChecked_(false) | |
43 | { | |
4dd643d5 AJ |
44 | my_addr.setEmpty(); |
45 | src_addr.setEmpty(); | |
46 | dst_addr.setEmpty(); | |
351fe86d AR |
47 | rfc931[0] = '\0'; |
48 | } | |
49 | ||
351fe86d AR |
50 | ACLFilledChecklist::~ACLFilledChecklist() |
51 | { | |
52 | assert (!asyncInProgress()); | |
53 | ||
12ef783b AJ |
54 | safe_free(dst_rdns); // created by xstrdup(). |
55 | ||
351fe86d AR |
56 | HTTPMSGUNLOCK(request); |
57 | ||
58 | HTTPMSGUNLOCK(reply); | |
59 | ||
351fe86d AR |
60 | cbdataReferenceDone(conn_); |
61 | ||
cb4f4424 | 62 | #if USE_OPENSSL |
7a957a93 | 63 | cbdataReferenceDone(sslErrors); |
fa24d749 | 64 | #endif |
4fb72cb9 | 65 | |
351fe86d AR |
66 | debugs(28, 4, HERE << "ACLFilledChecklist destroyed " << this); |
67 | } | |
68 | ||
351fe86d AR |
69 | ConnStateData * |
70 | ACLFilledChecklist::conn() const | |
71 | { | |
72 | return conn_; | |
73 | } | |
74 | ||
75 | void | |
76 | ACLFilledChecklist::conn(ConnStateData *aConn) | |
77 | { | |
16a16ffe CT |
78 | if (conn() == aConn) |
79 | return; | |
351fe86d AR |
80 | assert (conn() == NULL); |
81 | conn_ = cbdataReference(aConn); | |
82 | } | |
83 | ||
84 | int | |
85 | ACLFilledChecklist::fd() const | |
86 | { | |
73c36fd9 | 87 | return (conn_ != NULL && conn_->clientConnection != NULL) ? conn_->clientConnection->fd : fd_; |
351fe86d AR |
88 | } |
89 | ||
90 | void | |
91 | ACLFilledChecklist::fd(int aDescriptor) | |
92 | { | |
73c36fd9 | 93 | assert(!conn() || conn()->clientConnection == NULL || conn()->clientConnection->fd == aDescriptor); |
351fe86d AR |
94 | fd_ = aDescriptor; |
95 | } | |
96 | ||
97 | bool | |
98 | ACLFilledChecklist::destinationDomainChecked() const | |
99 | { | |
100 | return destinationDomainChecked_; | |
101 | } | |
102 | ||
103 | void | |
104 | ACLFilledChecklist::markDestinationDomainChecked() | |
105 | { | |
106 | assert (!finished() && !destinationDomainChecked()); | |
107 | destinationDomainChecked_ = true; | |
108 | } | |
109 | ||
110 | bool | |
111 | ACLFilledChecklist::sourceDomainChecked() const | |
112 | { | |
113 | return sourceDomainChecked_; | |
114 | } | |
115 | ||
116 | void | |
117 | ACLFilledChecklist::markSourceDomainChecked() | |
118 | { | |
119 | assert (!finished() && !sourceDomainChecked()); | |
120 | sourceDomainChecked_ = true; | |
121 | } | |
122 | ||
123 | /* | |
124 | * There are two common ACLFilledChecklist lifecycles paths: | |
125 | * | |
126 | * A) Using aclCheckFast(): The caller creates an ACLFilledChecklist object | |
127 | * on stack and calls aclCheckFast(). | |
128 | * | |
129 | * B) Using aclNBCheck() and callbacks: The caller allocates an | |
130 | * ACLFilledChecklist object (via operator new) and passes it to | |
131 | * aclNBCheck(). Control eventually passes to ACLChecklist::checkCallback(), | |
132 | * which will invoke the callback function as requested by the | |
133 | * original caller of aclNBCheck(). This callback function must | |
134 | * *not* delete the list. After the callback function returns, | |
135 | * checkCallback() will delete the list (i.e., self). | |
136 | */ | |
f4462b38 | 137 | ACLFilledChecklist::ACLFilledChecklist(const acl_access *A, HttpRequest *http_request, const char *ident): |
af6a12ee | 138 | dst_peer(NULL), |
12ef783b | 139 | dst_rdns(NULL), |
af6a12ee AJ |
140 | request(NULL), |
141 | reply(NULL), | |
2f1431ea | 142 | #if USE_AUTh |
af6a12ee | 143 | auth_user_request(NULL), |
2f1431ea | 144 | #endif |
351fe86d | 145 | #if SQUID_SNMP |
af6a12ee | 146 | snmp_community(NULL), |
351fe86d | 147 | #endif |
cb4f4424 | 148 | #if USE_OPENSSL |
7a957a93 | 149 | sslErrors(NULL), |
fa24d749 | 150 | #endif |
af6a12ee AJ |
151 | conn_(NULL), |
152 | fd_(-1), | |
153 | destinationDomainChecked_(false), | |
154 | sourceDomainChecked_(false) | |
351fe86d | 155 | { |
4dd643d5 AJ |
156 | my_addr.setEmpty(); |
157 | src_addr.setEmpty(); | |
158 | dst_addr.setEmpty(); | |
351fe86d | 159 | rfc931[0] = '\0'; |
af6a12ee | 160 | |
351fe86d AR |
161 | // cbdataReferenceDone() is in either fastCheck() or the destructor |
162 | if (A) | |
163 | accessList = cbdataReference(A); | |
164 | ||
f4462b38 | 165 | if (http_request != NULL) { |
b248c2a3 AJ |
166 | request = http_request; |
167 | HTTPMSGLOCK(request); | |
351fe86d AR |
168 | #if FOLLOW_X_FORWARDED_FOR |
169 | if (Config.onoff.acl_uses_indirect_client) | |
170 | src_addr = request->indirect_client_addr; | |
171 | else | |
172 | #endif /* FOLLOW_X_FORWARDED_FOR */ | |
173 | src_addr = request->client_addr; | |
174 | my_addr = request->my_addr; | |
16a16ffe CT |
175 | |
176 | if (request->clientConnectionManager.valid()) | |
76fae079 | 177 | conn(request->clientConnectionManager.get()); |
351fe86d AR |
178 | } |
179 | ||
180 | #if USE_IDENT | |
181 | if (ident) | |
182 | xstrncpy(rfc931, ident, USER_IDENT_SZ); | |
183 | #endif | |
184 | } |