[thirdparty/squid.git] / src / acl / FilledChecklist.cc

#include "squid-old.h"
#include "HttpRequest.h"
#include "HttpReply.h"
#include "client_side.h"
#if USE_AUTH
#include "auth/UserRequest.h"
#include "auth/AclProxyAuth.h"
#endif
#include "acl/FilledChecklist.h"
#include "comm/Connection.h"
#include "comm/forward.h"

CBDATA_CLASS_INIT(ACLFilledChecklist);

void
ACLFilledChecklist::checkCallback(allow_t answer)
{
    debugs(28, 5, HERE << this << " answer=" << answer);

#if USE_AUTH
    /* During reconfigure, we can end up not finishing call
     * sequences into the auth code */

    if (auth_user_request != NULL) {
        /* the filled_checklist lock */
        auth_user_request = NULL;
        // It might have been connection based
        // In the case of sslBump we need to preserve authentication info
        // XXX: need to re-evaluate this. ACL tests should not be playing with
        // XXX: wider scoped TCP connection state, even if the helper lookup is stuck.
        if (conn() && !conn()->switchedToHttps()) {
            conn()->auth_user_request = NULL;
        }
    }
#endif

    ACLChecklist::checkCallback(answer); // may delete us
}


void *
ACLFilledChecklist::operator new (size_t size)
{
    assert (size == sizeof(ACLFilledChecklist));
    CBDATA_INIT_TYPE(ACLFilledChecklist);
    ACLFilledChecklist *result = cbdataAlloc(ACLFilledChecklist);
    return result;
}

void
ACLFilledChecklist::operator delete (void *address)
{
    ACLFilledChecklist *t = static_cast<ACLFilledChecklist *>(address);
    cbdataFree(t);
}


ACLFilledChecklist::ACLFilledChecklist() :
        dst_peer(NULL),
        dst_rdns(NULL),
        request (NULL),
        reply (NULL),
#if USE_AUTH
        auth_user_request (NULL),
#endif
#if SQUID_SNMP
        snmp_community(NULL),
#endif
#if USE_SSL
        ssl_error(0),
#endif
        extacl_entry (NULL),
        conn_(NULL),
        fd_(-1),
        destinationDomainChecked_(false),
        sourceDomainChecked_(false)
{
    my_addr.SetEmpty();
    src_addr.SetEmpty();
    dst_addr.SetEmpty();
    rfc931[0] = '\0';
}


ACLFilledChecklist::~ACLFilledChecklist()
{
    assert (!asyncInProgress());

    safe_free(dst_rdns); // created by xstrdup().

    if (extacl_entry)
        cbdataReferenceDone(extacl_entry);

    HTTPMSGUNLOCK(request);

    HTTPMSGUNLOCK(reply);

    cbdataReferenceDone(conn_);

    debugs(28, 4, HERE << "ACLFilledChecklist destroyed " << this);
}


ConnStateData *
ACLFilledChecklist::conn() const
{
    return  conn_;
}

void
ACLFilledChecklist::conn(ConnStateData *aConn)
{
    assert (conn() == NULL);
    conn_ = cbdataReference(aConn);
}

int
ACLFilledChecklist::fd() const
{
    return (conn_ != NULL && conn_->clientConnection != NULL) ? conn_->clientConnection->fd : fd_;
}

void
ACLFilledChecklist::fd(int aDescriptor)
{
    assert(!conn() || conn()->clientConnection == NULL || conn()->clientConnection->fd == aDescriptor);
    fd_ = aDescriptor;
}

bool
ACLFilledChecklist::destinationDomainChecked() const
{
    return destinationDomainChecked_;
}

void
ACLFilledChecklist::markDestinationDomainChecked()
{
    assert (!finished() && !destinationDomainChecked());
    destinationDomainChecked_ = true;
}

bool
ACLFilledChecklist::sourceDomainChecked() const
{
    return sourceDomainChecked_;
}

void
ACLFilledChecklist::markSourceDomainChecked()
{
    assert (!finished() && !sourceDomainChecked());
    sourceDomainChecked_ = true;
}

/*
 * There are two common ACLFilledChecklist lifecycles paths:
 *
 * A) Using aclCheckFast(): The caller creates an ACLFilledChecklist object
 *    on stack and calls aclCheckFast().
 *
 * B) Using aclNBCheck() and callbacks: The caller allocates an
 *    ACLFilledChecklist object (via operator new) and passes it to
 *    aclNBCheck(). Control eventually passes to ACLChecklist::checkCallback(),
 *    which will invoke the callback function as requested by the
 *    original caller of aclNBCheck().  This callback function must
 *    *not* delete the list.  After the callback function returns,
 *    checkCallback() will delete the list (i.e., self).
 */
ACLFilledChecklist::ACLFilledChecklist(const acl_access *A, HttpRequest *http_request, const char *ident):
        dst_peer(NULL),
        dst_rdns(NULL),
        request(NULL),
        reply(NULL),
#if USE_AUTh
        auth_user_request(NULL),
#endif
#if SQUID_SNMP
        snmp_community(NULL),
#endif
#if USE_SSL
        ssl_error(0),
#endif
        extacl_entry (NULL),
        conn_(NULL),
        fd_(-1),
        destinationDomainChecked_(false),
        sourceDomainChecked_(false)
{
    my_addr.SetEmpty();
    src_addr.SetEmpty();
    dst_addr.SetEmpty();
    rfc931[0] = '\0';

    // cbdataReferenceDone() is in either fastCheck() or the destructor
    if (A)
        accessList = cbdataReference(A);

    if (http_request != NULL) {
        request = HTTPMSGLOCK(http_request);
#if FOLLOW_X_FORWARDED_FOR
        if (Config.onoff.acl_uses_indirect_client)
            src_addr = request->indirect_client_addr;
        else
#endif /* FOLLOW_X_FORWARDED_FOR */
            src_addr = request->client_addr;
        my_addr = request->my_addr;
    }

#if USE_IDENT
    if (ident)
        xstrncpy(rfc931, ident, USER_IDENT_SZ);
#endif
}
Commit	Line	Data
f7f3304a	1	#include "squid-old.h"
351fe86d AR	2	#include "HttpRequest.h"
	3	#include "HttpReply.h"
	4	#include "client_side.h"
2f1431ea	5	#if USE_AUTH
351fe86d AR	6	#include "auth/UserRequest.h"
351fe86d AR	7	#include "auth/AclProxyAuth.h"
2f1431ea	8	#endif
351fe86d	9	#include "acl/FilledChecklist.h"
5c336a3b AJ	10	#include "comm/Connection.h"
5c336a3b AJ	11	#include "comm/forward.h"
351fe86d AR	12
	13	CBDATA_CLASS_INIT(ACLFilledChecklist);
	14
351fe86d AR	15	void
	16	ACLFilledChecklist::checkCallback(allow_t answer)
	17	{
a1ce83aa	18	debugs(28, 5, HERE << this << " answer=" << answer);
351fe86d	19
2f1431ea	20	#if USE_AUTH
351fe86d AR	21	/* During reconfigure, we can end up not finishing call
	22	* sequences into the auth code */
	23
a33a428a	24	if (auth_user_request != NULL) {
351fe86d	25	/* the filled_checklist lock */
a33a428a	26	auth_user_request = NULL;
21512911 CT	27	// It might have been connection based
21512911 CT	28	// In the case of sslBump we need to preserve authentication info
c7baff40 AJ	29	// XXX: need to re-evaluate this. ACL tests should not be playing with
c7baff40 AJ	30	// XXX: wider scoped TCP connection state, even if the helper lookup is stuck.
21512911	31	if (conn() && !conn()->switchedToHttps()) {
a33a428a	32	conn()->auth_user_request = NULL;
a33a428a	33	}
351fe86d	34	}
2f1431ea	35	#endif
351fe86d	36
af6a12ee	37	ACLChecklist::checkCallback(answer); // may delete us
351fe86d AR	38	}
	39
	40
	41	void *
	42	ACLFilledChecklist::operator new (size_t size)
	43	{
	44	assert (size == sizeof(ACLFilledChecklist));
	45	CBDATA_INIT_TYPE(ACLFilledChecklist);
	46	ACLFilledChecklist *result = cbdataAlloc(ACLFilledChecklist);
	47	return result;
	48	}
	49
	50	void
	51	ACLFilledChecklist::operator delete (void *address)
	52	{
	53	ACLFilledChecklist t = static_cast<ACLFilledChecklist >(address);
	54	cbdataFree(t);
	55	}
	56
	57
	58	ACLFilledChecklist::ACLFilledChecklist() :
	59	dst_peer(NULL),
12ef783b	60	dst_rdns(NULL),
351fe86d AR	61	request (NULL),
351fe86d AR	62	reply (NULL),
2f1431ea	63	#if USE_AUTH
351fe86d	64	auth_user_request (NULL),
2f1431ea	65	#endif
351fe86d AR	66	#if SQUID_SNMP
	67	snmp_community(NULL),
	68	#endif
	69	#if USE_SSL
	70	ssl_error(0),
	71	#endif
	72	extacl_entry (NULL),
	73	conn_(NULL),
	74	fd_(-1),
	75	destinationDomainChecked_(false),
	76	sourceDomainChecked_(false)
	77	{
	78	my_addr.SetEmpty();
	79	src_addr.SetEmpty();
	80	dst_addr.SetEmpty();
	81	rfc931[0] = '\0';
	82	}
	83
	84
	85	ACLFilledChecklist::~ACLFilledChecklist()
	86	{
	87	assert (!asyncInProgress());
	88
12ef783b AJ	89	safe_free(dst_rdns); // created by xstrdup().
12ef783b AJ	90
351fe86d AR	91	if (extacl_entry)
	92	cbdataReferenceDone(extacl_entry);
	93
	94	HTTPMSGUNLOCK(request);
	95
	96	HTTPMSGUNLOCK(reply);
	97
351fe86d AR	98	cbdataReferenceDone(conn_);
	99
	100	debugs(28, 4, HERE << "ACLFilledChecklist destroyed " << this);
	101	}
	102
	103
	104	ConnStateData *
	105	ACLFilledChecklist::conn() const
	106	{
	107	return conn_;
	108	}
	109
	110	void
	111	ACLFilledChecklist::conn(ConnStateData *aConn)
	112	{
	113	assert (conn() == NULL);
	114	conn_ = cbdataReference(aConn);
	115	}
	116
	117	int
	118	ACLFilledChecklist::fd() const
	119	{
73c36fd9	120	return (conn_ != NULL && conn_->clientConnection != NULL) ? conn_->clientConnection->fd : fd_;
351fe86d AR	121	}
	122
	123	void
	124	ACLFilledChecklist::fd(int aDescriptor)
	125	{
73c36fd9	126	assert(!conn() \|\| conn()->clientConnection == NULL \|\| conn()->clientConnection->fd == aDescriptor);
351fe86d AR	127	fd_ = aDescriptor;
	128	}
	129
	130	bool
	131	ACLFilledChecklist::destinationDomainChecked() const
	132	{
	133	return destinationDomainChecked_;
	134	}
	135
	136	void
	137	ACLFilledChecklist::markDestinationDomainChecked()
	138	{
	139	assert (!finished() && !destinationDomainChecked());
	140	destinationDomainChecked_ = true;
	141	}
	142
	143	bool
	144	ACLFilledChecklist::sourceDomainChecked() const
	145	{
	146	return sourceDomainChecked_;
	147	}
	148
	149	void
	150	ACLFilledChecklist::markSourceDomainChecked()
	151	{
	152	assert (!finished() && !sourceDomainChecked());
	153	sourceDomainChecked_ = true;
	154	}
	155
	156	/*
	157	* There are two common ACLFilledChecklist lifecycles paths:
	158	*
	159	* A) Using aclCheckFast(): The caller creates an ACLFilledChecklist object
	160	* on stack and calls aclCheckFast().
	161	*
	162	* B) Using aclNBCheck() and callbacks: The caller allocates an
	163	* ACLFilledChecklist object (via operator new) and passes it to
	164	* aclNBCheck(). Control eventually passes to ACLChecklist::checkCallback(),
	165	* which will invoke the callback function as requested by the
	166	* original caller of aclNBCheck(). This callback function must
	167	* not delete the list. After the callback function returns,
	168	* checkCallback() will delete the list (i.e., self).
	169	*/
f4462b38	170	ACLFilledChecklist::ACLFilledChecklist(const acl_access A, HttpRequest http_request, const char *ident):
af6a12ee	171	dst_peer(NULL),
12ef783b	172	dst_rdns(NULL),
af6a12ee AJ	173	request(NULL),
af6a12ee AJ	174	reply(NULL),
2f1431ea	175	#if USE_AUTh
af6a12ee	176	auth_user_request(NULL),
2f1431ea	177	#endif
351fe86d	178	#if SQUID_SNMP
af6a12ee	179	snmp_community(NULL),
351fe86d AR	180	#endif
351fe86d AR	181	#if USE_SSL
af6a12ee	182	ssl_error(0),
351fe86d	183	#endif
af6a12ee AJ	184	extacl_entry (NULL),
	185	conn_(NULL),
	186	fd_(-1),
	187	destinationDomainChecked_(false),
	188	sourceDomainChecked_(false)
351fe86d AR	189	{
	190	my_addr.SetEmpty();
	191	src_addr.SetEmpty();
	192	dst_addr.SetEmpty();
	193	rfc931[0] = '\0';
af6a12ee	194
351fe86d AR	195	// cbdataReferenceDone() is in either fastCheck() or the destructor
	196	if (A)
	197	accessList = cbdataReference(A);
	198
f4462b38 CT	199	if (http_request != NULL) {
f4462b38 CT	200	request = HTTPMSGLOCK(http_request);
351fe86d AR	201	#if FOLLOW_X_FORWARDED_FOR
	202	if (Config.onoff.acl_uses_indirect_client)
	203	src_addr = request->indirect_client_addr;
	204	else
	205	#endif /* FOLLOW_X_FORWARDED_FOR */
	206	src_addr = request->client_addr;
	207	my_addr = request->my_addr;
	208	}
	209
	210	#if USE_IDENT
	211	if (ident)
	212	xstrncpy(rfc931, ident, USER_IDENT_SZ);
	213	#endif
	214	}
	215