]>
Commit | Line | Data |
---|---|---|
f7f3304a | 1 | #include "squid-old.h" |
351fe86d AR |
2 | #include "HttpRequest.h" |
3 | #include "HttpReply.h" | |
4 | #include "client_side.h" | |
2f1431ea | 5 | #if USE_AUTH |
351fe86d AR |
6 | #include "auth/UserRequest.h" |
7 | #include "auth/AclProxyAuth.h" | |
2f1431ea | 8 | #endif |
351fe86d | 9 | #include "acl/FilledChecklist.h" |
5c336a3b AJ |
10 | #include "comm/Connection.h" |
11 | #include "comm/forward.h" | |
351fe86d AR |
12 | |
13 | CBDATA_CLASS_INIT(ACLFilledChecklist); | |
14 | ||
351fe86d AR |
15 | void |
16 | ACLFilledChecklist::checkCallback(allow_t answer) | |
17 | { | |
a1ce83aa | 18 | debugs(28, 5, HERE << this << " answer=" << answer); |
351fe86d | 19 | |
2f1431ea | 20 | #if USE_AUTH |
351fe86d AR |
21 | /* During reconfigure, we can end up not finishing call |
22 | * sequences into the auth code */ | |
23 | ||
a33a428a | 24 | if (auth_user_request != NULL) { |
351fe86d | 25 | /* the filled_checklist lock */ |
a33a428a | 26 | auth_user_request = NULL; |
21512911 CT |
27 | // It might have been connection based |
28 | // In the case of sslBump we need to preserve authentication info | |
c7baff40 AJ |
29 | // XXX: need to re-evaluate this. ACL tests should not be playing with |
30 | // XXX: wider scoped TCP connection state, even if the helper lookup is stuck. | |
21512911 | 31 | if (conn() && !conn()->switchedToHttps()) { |
a33a428a | 32 | conn()->auth_user_request = NULL; |
a33a428a | 33 | } |
351fe86d | 34 | } |
2f1431ea | 35 | #endif |
351fe86d | 36 | |
af6a12ee | 37 | ACLChecklist::checkCallback(answer); // may delete us |
351fe86d AR |
38 | } |
39 | ||
40 | ||
41 | void * | |
42 | ACLFilledChecklist::operator new (size_t size) | |
43 | { | |
44 | assert (size == sizeof(ACLFilledChecklist)); | |
45 | CBDATA_INIT_TYPE(ACLFilledChecklist); | |
46 | ACLFilledChecklist *result = cbdataAlloc(ACLFilledChecklist); | |
47 | return result; | |
48 | } | |
49 | ||
50 | void | |
51 | ACLFilledChecklist::operator delete (void *address) | |
52 | { | |
53 | ACLFilledChecklist *t = static_cast<ACLFilledChecklist *>(address); | |
54 | cbdataFree(t); | |
55 | } | |
56 | ||
57 | ||
58 | ACLFilledChecklist::ACLFilledChecklist() : | |
59 | dst_peer(NULL), | |
12ef783b | 60 | dst_rdns(NULL), |
351fe86d AR |
61 | request (NULL), |
62 | reply (NULL), | |
2f1431ea | 63 | #if USE_AUTH |
351fe86d | 64 | auth_user_request (NULL), |
2f1431ea | 65 | #endif |
351fe86d AR |
66 | #if SQUID_SNMP |
67 | snmp_community(NULL), | |
68 | #endif | |
69 | #if USE_SSL | |
70 | ssl_error(0), | |
71 | #endif | |
72 | extacl_entry (NULL), | |
73 | conn_(NULL), | |
74 | fd_(-1), | |
75 | destinationDomainChecked_(false), | |
76 | sourceDomainChecked_(false) | |
77 | { | |
78 | my_addr.SetEmpty(); | |
79 | src_addr.SetEmpty(); | |
80 | dst_addr.SetEmpty(); | |
81 | rfc931[0] = '\0'; | |
82 | } | |
83 | ||
84 | ||
85 | ACLFilledChecklist::~ACLFilledChecklist() | |
86 | { | |
87 | assert (!asyncInProgress()); | |
88 | ||
12ef783b AJ |
89 | safe_free(dst_rdns); // created by xstrdup(). |
90 | ||
351fe86d AR |
91 | if (extacl_entry) |
92 | cbdataReferenceDone(extacl_entry); | |
93 | ||
94 | HTTPMSGUNLOCK(request); | |
95 | ||
96 | HTTPMSGUNLOCK(reply); | |
97 | ||
351fe86d AR |
98 | cbdataReferenceDone(conn_); |
99 | ||
100 | debugs(28, 4, HERE << "ACLFilledChecklist destroyed " << this); | |
101 | } | |
102 | ||
103 | ||
104 | ConnStateData * | |
105 | ACLFilledChecklist::conn() const | |
106 | { | |
107 | return conn_; | |
108 | } | |
109 | ||
110 | void | |
111 | ACLFilledChecklist::conn(ConnStateData *aConn) | |
112 | { | |
113 | assert (conn() == NULL); | |
114 | conn_ = cbdataReference(aConn); | |
115 | } | |
116 | ||
117 | int | |
118 | ACLFilledChecklist::fd() const | |
119 | { | |
73c36fd9 | 120 | return (conn_ != NULL && conn_->clientConnection != NULL) ? conn_->clientConnection->fd : fd_; |
351fe86d AR |
121 | } |
122 | ||
123 | void | |
124 | ACLFilledChecklist::fd(int aDescriptor) | |
125 | { | |
73c36fd9 | 126 | assert(!conn() || conn()->clientConnection == NULL || conn()->clientConnection->fd == aDescriptor); |
351fe86d AR |
127 | fd_ = aDescriptor; |
128 | } | |
129 | ||
130 | bool | |
131 | ACLFilledChecklist::destinationDomainChecked() const | |
132 | { | |
133 | return destinationDomainChecked_; | |
134 | } | |
135 | ||
136 | void | |
137 | ACLFilledChecklist::markDestinationDomainChecked() | |
138 | { | |
139 | assert (!finished() && !destinationDomainChecked()); | |
140 | destinationDomainChecked_ = true; | |
141 | } | |
142 | ||
143 | bool | |
144 | ACLFilledChecklist::sourceDomainChecked() const | |
145 | { | |
146 | return sourceDomainChecked_; | |
147 | } | |
148 | ||
149 | void | |
150 | ACLFilledChecklist::markSourceDomainChecked() | |
151 | { | |
152 | assert (!finished() && !sourceDomainChecked()); | |
153 | sourceDomainChecked_ = true; | |
154 | } | |
155 | ||
156 | /* | |
157 | * There are two common ACLFilledChecklist lifecycles paths: | |
158 | * | |
159 | * A) Using aclCheckFast(): The caller creates an ACLFilledChecklist object | |
160 | * on stack and calls aclCheckFast(). | |
161 | * | |
162 | * B) Using aclNBCheck() and callbacks: The caller allocates an | |
163 | * ACLFilledChecklist object (via operator new) and passes it to | |
164 | * aclNBCheck(). Control eventually passes to ACLChecklist::checkCallback(), | |
165 | * which will invoke the callback function as requested by the | |
166 | * original caller of aclNBCheck(). This callback function must | |
167 | * *not* delete the list. After the callback function returns, | |
168 | * checkCallback() will delete the list (i.e., self). | |
169 | */ | |
f4462b38 | 170 | ACLFilledChecklist::ACLFilledChecklist(const acl_access *A, HttpRequest *http_request, const char *ident): |
af6a12ee | 171 | dst_peer(NULL), |
12ef783b | 172 | dst_rdns(NULL), |
af6a12ee AJ |
173 | request(NULL), |
174 | reply(NULL), | |
2f1431ea | 175 | #if USE_AUTh |
af6a12ee | 176 | auth_user_request(NULL), |
2f1431ea | 177 | #endif |
351fe86d | 178 | #if SQUID_SNMP |
af6a12ee | 179 | snmp_community(NULL), |
351fe86d AR |
180 | #endif |
181 | #if USE_SSL | |
af6a12ee | 182 | ssl_error(0), |
351fe86d | 183 | #endif |
af6a12ee AJ |
184 | extacl_entry (NULL), |
185 | conn_(NULL), | |
186 | fd_(-1), | |
187 | destinationDomainChecked_(false), | |
188 | sourceDomainChecked_(false) | |
351fe86d AR |
189 | { |
190 | my_addr.SetEmpty(); | |
191 | src_addr.SetEmpty(); | |
192 | dst_addr.SetEmpty(); | |
193 | rfc931[0] = '\0'; | |
af6a12ee | 194 | |
351fe86d AR |
195 | // cbdataReferenceDone() is in either fastCheck() or the destructor |
196 | if (A) | |
197 | accessList = cbdataReference(A); | |
198 | ||
f4462b38 CT |
199 | if (http_request != NULL) { |
200 | request = HTTPMSGLOCK(http_request); | |
351fe86d AR |
201 | #if FOLLOW_X_FORWARDED_FOR |
202 | if (Config.onoff.acl_uses_indirect_client) | |
203 | src_addr = request->indirect_client_addr; | |
204 | else | |
205 | #endif /* FOLLOW_X_FORWARDED_FOR */ | |
206 | src_addr = request->client_addr; | |
207 | my_addr = request->my_addr; | |
208 | } | |
209 | ||
210 | #if USE_IDENT | |
211 | if (ident) | |
212 | xstrncpy(rfc931, ident, USER_IDENT_SZ); | |
213 | #endif | |
214 | } | |
215 |