]>
Commit | Line | Data |
---|---|---|
bbc27441 | 1 | /* |
5b74111a | 2 | * Copyright (C) 1996-2018 The Squid Software Foundation and contributors |
bbc27441 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
582c2af2 FC |
9 | #include "squid.h" |
10 | #include "acl/FilledChecklist.h" | |
351fe86d | 11 | #include "client_side.h" |
582c2af2 FC |
12 | #include "comm/Connection.h" |
13 | #include "comm/forward.h" | |
abdd93d0 | 14 | #include "ExternalACLEntry.h" |
d3dddfb5 | 15 | #include "http/Stream.h" |
582c2af2 FC |
16 | #include "HttpReply.h" |
17 | #include "HttpRequest.h" | |
4d5904f7 | 18 | #include "SquidConfig.h" |
2f1431ea | 19 | #if USE_AUTH |
351fe86d | 20 | #include "auth/AclProxyAuth.h" |
602d9612 | 21 | #include "auth/UserRequest.h" |
2f1431ea | 22 | #endif |
582c2af2 | 23 | |
351fe86d AR |
24 | CBDATA_CLASS_INIT(ACLFilledChecklist); |
25 | ||
351fe86d | 26 | ACLFilledChecklist::ACLFilledChecklist() : |
f53969cc SM |
27 | dst_rdns(NULL), |
28 | request (NULL), | |
29 | reply (NULL), | |
2f1431ea | 30 | #if USE_AUTH |
f53969cc | 31 | auth_user_request (NULL), |
2f1431ea | 32 | #endif |
351fe86d | 33 | #if SQUID_SNMP |
f53969cc | 34 | snmp_community(NULL), |
351fe86d | 35 | #endif |
cb4f4424 | 36 | #if USE_OPENSSL |
f53969cc | 37 | sslErrors(NULL), |
fa24d749 | 38 | #endif |
3248e962 | 39 | requestErrorType(ERR_MAX), |
f53969cc SM |
40 | conn_(NULL), |
41 | fd_(-1), | |
42 | destinationDomainChecked_(false), | |
43 | sourceDomainChecked_(false) | |
351fe86d | 44 | { |
4dd643d5 AJ |
45 | my_addr.setEmpty(); |
46 | src_addr.setEmpty(); | |
47 | dst_addr.setEmpty(); | |
351fe86d AR |
48 | rfc931[0] = '\0'; |
49 | } | |
50 | ||
351fe86d AR |
51 | ACLFilledChecklist::~ACLFilledChecklist() |
52 | { | |
53 | assert (!asyncInProgress()); | |
54 | ||
12ef783b AJ |
55 | safe_free(dst_rdns); // created by xstrdup(). |
56 | ||
351fe86d AR |
57 | HTTPMSGUNLOCK(request); |
58 | ||
59 | HTTPMSGUNLOCK(reply); | |
60 | ||
351fe86d AR |
61 | cbdataReferenceDone(conn_); |
62 | ||
cb4f4424 | 63 | #if USE_OPENSSL |
7a957a93 | 64 | cbdataReferenceDone(sslErrors); |
fa24d749 | 65 | #endif |
4fb72cb9 | 66 | |
351fe86d AR |
67 | debugs(28, 4, HERE << "ACLFilledChecklist destroyed " << this); |
68 | } | |
69 | ||
fbbea662 AJ |
70 | static void |
71 | showDebugWarning(const char *msg) | |
72 | { | |
73 | static uint16_t count = 0; | |
bdd92d83 | 74 | if (count > 10) |
fbbea662 AJ |
75 | return; |
76 | ||
77 | ++count; | |
78 | debugs(28, DBG_IMPORTANT, "ALE missing " << msg); | |
79 | } | |
80 | ||
81 | void | |
cb365059 | 82 | ACLFilledChecklist::verifyAle() const |
fbbea662 AJ |
83 | { |
84 | // make sure the ALE fields used by Format::assemble to | |
85 | // fill the old external_acl_type codes are set if any | |
86 | // data on them exists in the Checklist | |
87 | ||
88 | if (!al->cache.port && conn()) { | |
89 | showDebugWarning("listening port"); | |
90 | al->cache.port = conn()->port; | |
91 | } | |
92 | ||
93 | if (request) { | |
94 | if (!al->request) { | |
95 | showDebugWarning("HttpRequest object"); | |
cb365059 EB |
96 | // XXX: al->request should be original, |
97 | // but the request may be already adapted | |
fbbea662 AJ |
98 | al->request = request; |
99 | HTTPMSGLOCK(al->request); | |
100 | } | |
101 | ||
102 | if (!al->adapted_request) { | |
103 | showDebugWarning("adapted HttpRequest object"); | |
104 | al->adapted_request = request; | |
105 | HTTPMSGLOCK(al->adapted_request); | |
106 | } | |
107 | ||
f57ae909 | 108 | if (al->url.isEmpty()) { |
fbbea662 | 109 | showDebugWarning("URL"); |
cb365059 EB |
110 | // XXX: al->url should be the request URL from client, |
111 | // but request->url may be different (e.g.,redirected) | |
f57ae909 | 112 | al->url = request->url.absolute(); |
fbbea662 AJ |
113 | } |
114 | } | |
115 | ||
116 | if (reply && !al->reply) { | |
117 | showDebugWarning("HttpReply object"); | |
118 | al->reply = reply; | |
119 | HTTPMSGLOCK(al->reply); | |
120 | } | |
121 | ||
122 | #if USE_IDENT | |
c1ebba41 | 123 | if (*rfc931 && !al->cache.rfc931) { |
fbbea662 AJ |
124 | showDebugWarning("IDENT"); |
125 | al->cache.rfc931 = xstrdup(rfc931); | |
126 | } | |
127 | #endif | |
128 | } | |
129 | ||
cb365059 EB |
130 | void |
131 | ACLFilledChecklist::syncAle(HttpRequest *adaptedRequest, const char *logUri) const | |
132 | { | |
133 | if (!al) | |
134 | return; | |
135 | if (!al->adapted_request) { | |
136 | al->adapted_request = adaptedRequest; | |
137 | HTTPMSGLOCK(al->adapted_request); | |
138 | } | |
139 | if (al->url.isEmpty()) | |
140 | al->url = logUri; | |
141 | } | |
142 | ||
351fe86d AR |
143 | ConnStateData * |
144 | ACLFilledChecklist::conn() const | |
145 | { | |
6cf166fc | 146 | return cbdataReferenceValid(conn_) ? conn_ : nullptr; |
351fe86d AR |
147 | } |
148 | ||
149 | void | |
150 | ACLFilledChecklist::conn(ConnStateData *aConn) | |
151 | { | |
16a16ffe CT |
152 | if (conn() == aConn) |
153 | return; | |
351fe86d AR |
154 | assert (conn() == NULL); |
155 | conn_ = cbdataReference(aConn); | |
156 | } | |
157 | ||
158 | int | |
159 | ACLFilledChecklist::fd() const | |
160 | { | |
6cf166fc EB |
161 | const auto c = conn(); |
162 | return (c && c->clientConnection) ? c->clientConnection->fd : fd_; | |
351fe86d AR |
163 | } |
164 | ||
165 | void | |
166 | ACLFilledChecklist::fd(int aDescriptor) | |
167 | { | |
6cf166fc EB |
168 | const auto c = conn(); |
169 | assert(!c || !c->clientConnection || c->clientConnection->fd == aDescriptor); | |
351fe86d AR |
170 | fd_ = aDescriptor; |
171 | } | |
172 | ||
173 | bool | |
174 | ACLFilledChecklist::destinationDomainChecked() const | |
175 | { | |
176 | return destinationDomainChecked_; | |
177 | } | |
178 | ||
179 | void | |
180 | ACLFilledChecklist::markDestinationDomainChecked() | |
181 | { | |
182 | assert (!finished() && !destinationDomainChecked()); | |
183 | destinationDomainChecked_ = true; | |
184 | } | |
185 | ||
186 | bool | |
187 | ACLFilledChecklist::sourceDomainChecked() const | |
188 | { | |
189 | return sourceDomainChecked_; | |
190 | } | |
191 | ||
192 | void | |
193 | ACLFilledChecklist::markSourceDomainChecked() | |
194 | { | |
195 | assert (!finished() && !sourceDomainChecked()); | |
196 | sourceDomainChecked_ = true; | |
197 | } | |
198 | ||
199 | /* | |
200 | * There are two common ACLFilledChecklist lifecycles paths: | |
201 | * | |
202 | * A) Using aclCheckFast(): The caller creates an ACLFilledChecklist object | |
203 | * on stack and calls aclCheckFast(). | |
204 | * | |
205 | * B) Using aclNBCheck() and callbacks: The caller allocates an | |
206 | * ACLFilledChecklist object (via operator new) and passes it to | |
207 | * aclNBCheck(). Control eventually passes to ACLChecklist::checkCallback(), | |
208 | * which will invoke the callback function as requested by the | |
209 | * original caller of aclNBCheck(). This callback function must | |
210 | * *not* delete the list. After the callback function returns, | |
211 | * checkCallback() will delete the list (i.e., self). | |
212 | */ | |
f4462b38 | 213 | ACLFilledChecklist::ACLFilledChecklist(const acl_access *A, HttpRequest *http_request, const char *ident): |
f53969cc SM |
214 | dst_rdns(NULL), |
215 | request(NULL), | |
216 | reply(NULL), | |
cc8c4af2 | 217 | #if USE_AUTH |
f53969cc | 218 | auth_user_request(NULL), |
2f1431ea | 219 | #endif |
351fe86d | 220 | #if SQUID_SNMP |
f53969cc | 221 | snmp_community(NULL), |
351fe86d | 222 | #endif |
cb4f4424 | 223 | #if USE_OPENSSL |
f53969cc | 224 | sslErrors(NULL), |
fa24d749 | 225 | #endif |
cc8c4af2 | 226 | requestErrorType(ERR_MAX), |
f53969cc SM |
227 | conn_(NULL), |
228 | fd_(-1), | |
229 | destinationDomainChecked_(false), | |
230 | sourceDomainChecked_(false) | |
351fe86d | 231 | { |
4dd643d5 AJ |
232 | my_addr.setEmpty(); |
233 | src_addr.setEmpty(); | |
234 | dst_addr.setEmpty(); | |
351fe86d | 235 | rfc931[0] = '\0'; |
af6a12ee | 236 | |
3d29e126 | 237 | changeAcl(A); |
819be284 EB |
238 | setRequest(http_request); |
239 | setIdent(ident); | |
240 | } | |
351fe86d | 241 | |
819be284 EB |
242 | void ACLFilledChecklist::setRequest(HttpRequest *httpRequest) |
243 | { | |
244 | assert(!request); | |
245 | if (httpRequest) { | |
246 | request = httpRequest; | |
b248c2a3 | 247 | HTTPMSGLOCK(request); |
351fe86d AR |
248 | #if FOLLOW_X_FORWARDED_FOR |
249 | if (Config.onoff.acl_uses_indirect_client) | |
250 | src_addr = request->indirect_client_addr; | |
251 | else | |
252 | #endif /* FOLLOW_X_FORWARDED_FOR */ | |
253 | src_addr = request->client_addr; | |
254 | my_addr = request->my_addr; | |
16a16ffe CT |
255 | |
256 | if (request->clientConnectionManager.valid()) | |
76fae079 | 257 | conn(request->clientConnectionManager.get()); |
351fe86d | 258 | } |
819be284 | 259 | } |
351fe86d | 260 | |
819be284 EB |
261 | void |
262 | ACLFilledChecklist::setIdent(const char *ident) | |
263 | { | |
351fe86d | 264 | #if USE_IDENT |
819be284 | 265 | assert(!rfc931[0]); |
351fe86d AR |
266 | if (ident) |
267 | xstrncpy(rfc931, ident, USER_IDENT_SZ); | |
268 | #endif | |
269 | } | |
f53969cc | 270 |