[thirdparty/squid.git] / src / cache_manager.cc


/*
 * $Id$
 *
 * DEBUG: section 16    Cache Manager Objects
 * AUTHOR: Duane Wessels
 *
 * SQUID Web Proxy Cache          http://www.squid-cache.org/
 * ----------------------------------------------------------
 *
 *  Squid is the result of efforts by numerous individuals from
 *  the Internet community; see the CONTRIBUTORS file for full
 *  details.   Many organizations have provided support for Squid's
 *  development; see the SPONSORS file for full details.  Squid is
 *  Copyrighted (C) 2001 by the Regents of the University of
 *  California; see the COPYRIGHT file for full details.  Squid
 *  incorporates software developed and/or copyrighted by other
 *  sources; see the CREDITS file for full details.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 */

#include "squid.h"
#include "base/TextException.h"
#include "CacheManager.h"
#include "comm/Connection.h"
#include "Debug.h"
#include "errorpage.h"
#include "fde.h"
#include "HttpReply.h"
#include "HttpRequest.h"
#include "mgr/ActionCreator.h"
#include "mgr/Action.h"
#include "mgr/ActionProfile.h"
#include "mgr/BasicActions.h"
#include "mgr/Command.h"
#include "mgr/Forwarder.h"
#include "mgr/FunAction.h"
#include "mgr/QueryParams.h"
#include "protos.h" /* rotate_logs() */
#include "SquidTime.h"
#include "Store.h"
#include "wordlist.h"
#include <algorithm>


/// \ingroup CacheManagerInternal
#define MGR_PASSWD_SZ 128

/// creates Action using supplied Action::Create method and command
class ClassActionCreator: public Mgr::ActionCreator
{
public:
    typedef Mgr::Action::Pointer Handler(const Mgr::Command::Pointer &cmd);

public:
    ClassActionCreator(Handler *aHandler): handler(aHandler) {}

    virtual Mgr::Action::Pointer create(const Mgr::Command::Pointer &cmd) const {
        return handler(cmd);
    }

private:
    Handler *handler;
};


/// Registers new profiles, ignoring attempts to register a duplicate
void
CacheManager::registerProfile(const Mgr::ActionProfile::Pointer &profile)
{
    Must(profile != NULL);
    if (std::find(menu_.begin(), menu_.end(), profile) == menu_.end()) {
        menu_.push_back(profile);
        debugs(16, 3, HERE << "registered profile: " << *profile);
    } else {
        debugs(16, 2, HERE << "skipped duplicate profile: " << *profile);
    }
}

/**
 \ingroup CacheManagerAPI
 * Registers a C-style action, which is implemented as a pointer to a function
 * taking as argument a pointer to a StoreEntry and returning void.
 * Implemented via CacheManagerActionLegacy.
 */
void
CacheManager::registerProfile(char const * action, char const * desc, OBJH * handler, int pw_req_flag, int atomic)
{
    debugs(16, 3, HERE << "registering legacy " << action);
    const Mgr::ActionProfile::Pointer profile = new Mgr::ActionProfile(action,
            desc, pw_req_flag, atomic, new Mgr::FunActionCreator(handler));
    registerProfile(profile);
}

/**
 * \ingroup CacheManagerAPI
 * Registers a C++-style action, via a pointer to a subclass of
 * a CacheManagerAction object, whose run() method will be invoked when
 * CacheManager identifies that the user has requested the action.
 */
void
CacheManager::registerProfile(char const * action, char const * desc,
                              ClassActionCreator::Handler *handler,
                              int pw_req_flag, int atomic)
{
    const Mgr::ActionProfile::Pointer profile = new Mgr::ActionProfile(action,
            desc, pw_req_flag, atomic, new ClassActionCreator(handler));
    registerProfile(profile);
}

/**
 \ingroup CacheManagerInternal
 * Locates an action in the actions registry ActionsList.
\retval NULL  if Action not found
\retval CacheManagerAction* if the action was found
 */
Mgr::ActionProfile::Pointer
CacheManager::findAction(char const * action) const
{
    Must(action != NULL);
    Menu::const_iterator a;

    debugs(16, 5, "CacheManager::findAction: looking for action " << action);
    for (a = menu_.begin(); a != menu_.end(); ++a) {
        if (0 == strcmp((*a)->name, action)) {
            debugs(16, 6, " found");
            return *a;
        }
    }

    debugs(16, 6, "Action not found.");
    return Mgr::ActionProfilePointer();
}

Mgr::Action::Pointer
CacheManager::createNamedAction(const char *actionName)
{
    Must(actionName);

    Mgr::Command::Pointer cmd = new Mgr::Command;
    cmd->profile = findAction(actionName);
    cmd->params.actionName = actionName;

    Must(cmd->profile != NULL);
    return cmd->profile->creator->create(cmd);
}

Mgr::Action::Pointer
CacheManager::createRequestedAction(const Mgr::ActionParams &params)
{
    Mgr::Command::Pointer cmd = new Mgr::Command;
    cmd->params = params;
    cmd->profile = findAction(params.actionName.termedBuf());
    Must(cmd->profile != NULL);
    return cmd->profile->creator->create(cmd);
}

/**
 \ingroup CacheManagerInternal
 * define whether the URL is a cache-manager URL and parse the action
 * requested by the user. Checks via CacheManager::ActionProtection() that the
 * item is accessible by the user.
 \retval CacheManager::cachemgrStateData state object for the following handling
 \retval NULL if the action can't be found or can't be accessed by the user
 */
Mgr::Command::Pointer
CacheManager::ParseUrl(const char *url)
{
    int t;
    LOCAL_ARRAY(char, host, MAX_URL);
    LOCAL_ARRAY(char, request, MAX_URL);
    LOCAL_ARRAY(char, password, MAX_URL);
    LOCAL_ARRAY(char, params, MAX_URL);
    host[0] = 0;
    request[0] = 0;
    password[0] = 0;
    params[0] = 0;
    int pos = -1;
    int len = strlen(url);
    Must(len > 0);
    t = sscanf(url, "cache_object://%[^/]/%[^@?]%n@%[^?]?%s", host, request, &pos, password, params);
    if (t < 3) {
        t = sscanf(url, "cache_object://%[^/]/%[^?]%n?%s", host, request, &pos, params);
    }
    if (t < 1) {
        t = sscanf(url, "http://%[^/]/squid-internal-mgr/%[^?]%n?%s", host, request, &pos, params);
    }
    if (t < 1) {
        t = sscanf(url, "https://%[^/]/squid-internal-mgr/%[^?]%n?%s", host, request, &pos, params);
    }
    if (t < 2)
        xstrncpy(request, "index", MAX_URL);

#if _SQUID_OS2_
    if (t == 2 && request[0] == '\0') {
        /*
         * emx's sscanf insists of returning 2 because it sets request
         * to null
         */
        xstrncpy(request, "index", MAX_URL);
    }
#endif

    debugs(16, 3, HERE << "MGR request: t=" << t << ", host='" << host << "', request='" << request << "', pos=" << pos <<
           ", password='" << password << "', params='" << params << "'");

    Mgr::ActionProfile::Pointer profile = findAction(request);
    if (!profile) {
        debugs(16, DBG_IMPORTANT, "CacheManager::ParseUrl: action '" << request << "' not found");
        return NULL;
    }

    const char *prot = ActionProtection(profile);
    if (!strcmp(prot, "disabled") || !strcmp(prot, "hidden")) {
        debugs(16, DBG_IMPORTANT, "CacheManager::ParseUrl: action '" << request << "' is " << prot);
        return NULL;
    }

    Mgr::Command::Pointer cmd = new Mgr::Command;
    if (!Mgr::QueryParams::Parse(params, cmd->params.queryParams))
        return NULL;
    cmd->profile = profile;
    cmd->params.httpUri = url;
    cmd->params.userName = String();
    cmd->params.password = password;
    cmd->params.actionName = request;
    return cmd;
}

/// \ingroup CacheManagerInternal
/*
 \ingroup CacheManagerInternal
 * Decodes the headers needed to perform user authentication and fills
 * the details into the cachemgrStateData argument
 */
void
CacheManager::ParseHeaders(const HttpRequest * request, Mgr::ActionParams &params)
{
    assert(request);

    params.httpMethod = request->method.id();
    params.httpFlags = request->flags;

#if HAVE_AUTH_MODULE_BASIC
    // TODO: use the authentication system decode to retrieve these details properly.

    /* base 64 _decoded_ user:passwd pair */
    const char *basic_cookie = request->header.getAuth(HDR_AUTHORIZATION, "Basic");

    if (!basic_cookie)
        return;

    const char *passwd_del;
    if (!(passwd_del = strchr(basic_cookie, ':'))) {
        debugs(16, DBG_IMPORTANT, "CacheManager::ParseHeaders: unknown basic_cookie format '" << basic_cookie << "'");
        return;
    }

    /* found user:password pair, reset old values */
    params.userName.limitInit(basic_cookie, passwd_del - basic_cookie);
    params.password = passwd_del + 1;

    /* warning: this prints decoded password which maybe not be what you want to do @?@ @?@ */
    debugs(16, 9, "CacheManager::ParseHeaders: got user: '" <<
           params.userName << "' passwd: '" << params.password << "'");
#endif
}

/**
 \ingroup CacheManagerInternal
 *
 \retval 0	if mgr->password is good or "none"
 \retval 1	if mgr->password is "disable"
 \retval !0	if mgr->password does not match configured password
 */
int
CacheManager::CheckPassword(const Mgr::Command &cmd)
{
    assert(cmd.profile != NULL);
    const char *action = cmd.profile->name;
    char *pwd = PasswdGet(Config.passwd_list, action);

    debugs(16, 4, "CacheManager::CheckPassword for action " << action);

    if (pwd == NULL)
        return cmd.profile->isPwReq;

    if (strcmp(pwd, "disable") == 0)
        return 1;

    if (strcmp(pwd, "none") == 0)
        return 0;

    if (!cmd.params.password.size())
        return 1;

    return cmd.params.password != pwd;
}

/**
 \ingroup CacheManagerAPI
 * Main entry point in the Cache Manager's activity. Gets called as part
 * of the forward chain if the right URL is detected there. Initiates
 * all needed internal work and renders the response.
 */
void
CacheManager::Start(const Comm::ConnectionPointer &client, HttpRequest * request, StoreEntry * entry)
{
    debugs(16, 3, "CacheManager::Start: '" << entry->url() << "'" );

    Mgr::Command::Pointer cmd = ParseUrl(entry->url());
    if (!cmd) {
        ErrorState *err = new ErrorState(ERR_INVALID_URL, HTTP_NOT_FOUND, request);
        err->url = xstrdup(entry->url());
        errorAppendEntry(entry, err);
        entry->expires = squid_curtime;
        return;
    }

    const char *actionName = cmd->profile->name;

    entry->expires = squid_curtime;

    debugs(16, 5, "CacheManager: " << client << " requesting '" << actionName << "'");

    /* get additional info from request headers */
    ParseHeaders(request, cmd->params);

    const char *userName = cmd->params.userName.size() ?
                           cmd->params.userName.termedBuf() : "unknown";

    /* Check password */

    if (CheckPassword(*cmd) != 0) {
        /* build error message */
        ErrorState errState(ERR_CACHE_MGR_ACCESS_DENIED, HTTP_UNAUTHORIZED, request);
        /* warn if user specified incorrect password */

        if (cmd->params.password.size()) {
            debugs(16, DBG_IMPORTANT, "CacheManager: " <<
                   userName << "@" <<
                   client << ": incorrect password for '" <<
                   actionName << "'" );
        } else {
            debugs(16, DBG_IMPORTANT, "CacheManager: " <<
                   userName << "@" <<
                   client << ": password needed for '" <<
                   actionName << "'" );
        }

        HttpReply *rep = errState.BuildHttpReply();

#if HAVE_AUTH_MODULE_BASIC
        /*
         * add Authenticate header using action name as a realm because
         * password depends on the action
         */
        rep->header.putAuth("Basic", actionName);
#endif
        // Allow cachemgr and other XHR scripts access to our version string
        if (request->header.has(HDR_ORIGIN)) {
            rep->header.putExt("Access-Control-Allow-Origin",request->header.getStr(HDR_ORIGIN));
#if HAVE_AUTH_MODULE_BASIC
            rep->header.putExt("Access-Control-Allow-Credentials","true");
#endif
            rep->header.putExt("Access-Control-Expose-Headers","Server");
        }

        /* store the reply */
        entry->replaceHttpReply(rep);

        entry->expires = squid_curtime;

        entry->complete();

        return;
    }

    if (request->header.has(HDR_ORIGIN)) {
        cmd->params.httpOrigin = request->header.getStr(HDR_ORIGIN);
    }

    debugs(16, 2, "CacheManager: " <<
           userName << "@" <<
           client << " requesting '" <<
           actionName << "'" );

    // special case: /squid-internal-mgr/ index page
    if (!strcmp(cmd->profile->name, "index")) {
        ErrorState err(MGR_INDEX, HTTP_OK, request);
        err.url = xstrdup(entry->url());
        HttpReply *rep = err.BuildHttpReply();
        if (strncmp(rep->body.content(),"Internal Error:", 15) == 0)
            rep->sline.status = HTTP_NOT_FOUND;
        // Allow cachemgr and other XHR scripts access to our version string
        if (request->header.has(HDR_ORIGIN)) {
            rep->header.putExt("Access-Control-Allow-Origin",request->header.getStr(HDR_ORIGIN));
#if HAVE_AUTH_MODULE_BASIC
            rep->header.putExt("Access-Control-Allow-Credentials","true");
#endif
            rep->header.putExt("Access-Control-Expose-Headers","Server");
        }
        entry->replaceHttpReply(rep);
        entry->complete();
        return;
    }

    if (UsingSmp() && IamWorkerProcess()) {
        // is client the right connection to pass here?
        AsyncJob::Start(new Mgr::Forwarder(client, cmd->params, request, entry));
        return;
    }

    Mgr::Action::Pointer action = cmd->profile->creator->create(cmd);
    Must(action != NULL);
    action->run(entry, true);
}

/*
 \ingroup CacheManagerInternal
 * Renders the protection level text for an action.
 * Also doubles as a check for the protection level.
 */
const char *
CacheManager::ActionProtection(const Mgr::ActionProfile::Pointer &profile)
{
    assert(profile != NULL);
    const char *pwd = PasswdGet(Config.passwd_list, profile->name);

    if (!pwd)
        return profile->isPwReq ? "hidden" : "public";

    if (!strcmp(pwd, "disable"))
        return "disabled";

    if (strcmp(pwd, "none") == 0)
        return "public";

    return "protected";
}

/*
 \ingroup CacheManagerInternal
 * gets from the global Config the password the user would need to supply
 * for the action she queried
 */
char *
CacheManager::PasswdGet(cachemgr_passwd * a, const char *action)
{
    wordlist *w;

    while (a != NULL) {
        for (w = a->actions; w != NULL; w = w->next) {
            if (0 == strcmp(w->key, action))
                return a->passwd;

            if (0 == strcmp(w->key, "all"))
                return a->passwd;
        }

        a = a->next;
    }

    return NULL;
}

CacheManager* CacheManager::instance=0;

/**
 \ingroup CacheManagerAPI
 * Singleton accessor method.
 */
CacheManager*
CacheManager::GetInstance()
{
    if (instance == 0) {
        debugs(16, 6, "CacheManager::GetInstance: starting cachemanager up");
        instance = new CacheManager;
        Mgr::RegisterBasics();
    }
    return instance;
}
Commit	Line	Data
22f3fd98	1
22f3fd98	2	/*
262a0e14	3	* $Id$
22f3fd98	4	*
	5	* DEBUG: section 16 Cache Manager Objects
	6	* AUTHOR: Duane Wessels
	7	*
2b6662ba	8	* SQUID Web Proxy Cache http://www.squid-cache.org/
e25c139f	9	* ----------------------------------------------------------
22f3fd98	10	*
2b6662ba	11	* Squid is the result of efforts by numerous individuals from
	12	* the Internet community; see the CONTRIBUTORS file for full
	13	* details. Many organizations have provided support for Squid's
	14	* development; see the SPONSORS file for full details. Squid is
	15	* Copyrighted (C) 2001 by the Regents of the University of
	16	* California; see the COPYRIGHT file for full details. Squid
	17	* incorporates software developed and/or copyrighted by other
	18	* sources; see the CREDITS file for full details.
22f3fd98	19	*
	20	* This program is free software; you can redistribute it and/or modify
	21	* it under the terms of the GNU General Public License as published by
	22	* the Free Software Foundation; either version 2 of the License, or
	23	* (at your option) any later version.
26ac0430	24	*
22f3fd98	25	* This program is distributed in the hope that it will be useful,
	26	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	27	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	28	* GNU General Public License for more details.
26ac0430	29	*
22f3fd98	30	* You should have received a copy of the GNU General Public License
22f3fd98	31	* along with this program; if not, write to the Free Software
cbdec147	32	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
e25c139f	33	*
22f3fd98	34	*/
22f3fd98	35
f7f3304a	36	#include "squid.h"
8822ebee	37	#include "base/TextException.h"
62ee09ca	38	#include "CacheManager.h"
5c336a3b	39	#include "comm/Connection.h"
8822ebee	40	#include "Debug.h"
aa839030	41	#include "errorpage.h"
8822ebee	42	#include "fde.h"
528b2c61	43	#include "HttpReply.h"
528b2c61	44	#include "HttpRequest.h"
8822ebee AR	45	#include "mgr/ActionCreator.h"
	46	#include "mgr/Action.h"
	47	#include "mgr/ActionProfile.h"
	48	#include "mgr/BasicActions.h"
	49	#include "mgr/Command.h"
	50	#include "mgr/Forwarder.h"
	51	#include "mgr/FunAction.h"
b8151fa1	52	#include "mgr/QueryParams.h"
8822ebee	53	#include "protos.h" /* rotate_logs() */
985c86bc	54	#include "SquidTime.h"
8822ebee	55	#include "Store.h"
d295d770	56	#include "wordlist.h"
8822ebee	57	#include <algorithm>
22f3fd98	58
74990ce1	59
63be0a78	60	/// \ingroup CacheManagerInternal
22f3fd98	61	#define MGR_PASSWD_SZ 128
22f3fd98	62
8822ebee AR	63	/// creates Action using supplied Action::Create method and command
	64	class ClassActionCreator: public Mgr::ActionCreator
	65	{
	66	public:
	67	typedef Mgr::Action::Pointer Handler(const Mgr::Command::Pointer &cmd);
c83f0bd5	68
8822ebee AR	69	public:
	70	ClassActionCreator(Handler *aHandler): handler(aHandler) {}
	71
d9fc6862	72	virtual Mgr::Action::Pointer create(const Mgr::Command::Pointer &cmd) const {
8822ebee AR	73	return handler(cmd);
	74	}
	75
	76	private:
	77	Handler *handler;
	78	};
	79
	80
	81	/// Registers new profiles, ignoring attempts to register a duplicate
	82	void
	83	CacheManager::registerProfile(const Mgr::ActionProfile::Pointer &profile)
62ee09ca	84	{
8822ebee	85	Must(profile != NULL);
ef890f9d	86	if (std::find(menu_.begin(), menu_.end(), profile) == menu_.end()) {
8822ebee AR	87	menu_.push_back(profile);
	88	debugs(16, 3, HERE << "registered profile: " << *profile);
	89	} else {
	90	debugs(16, 2, HERE << "skipped duplicate profile: " << *profile);
	91	}
62ee09ca	92	}
22f3fd98	93
50847dca AJ	94	/**
	95	\ingroup CacheManagerAPI
	96	* Registers a C-style action, which is implemented as a pointer to a function
	97	* taking as argument a pointer to a StoreEntry and returning void.
	98	* Implemented via CacheManagerActionLegacy.
	99	*/
22f3fd98	100	void
8822ebee	101	CacheManager::registerProfile(char const * action, char const * desc, OBJH * handler, int pw_req_flag, int atomic)
22f3fd98	102	{
8822ebee AR	103	debugs(16, 3, HERE << "registering legacy " << action);
8822ebee AR	104	const Mgr::ActionProfile::Pointer profile = new Mgr::ActionProfile(action,
d9fc6862	105	desc, pw_req_flag, atomic, new Mgr::FunActionCreator(handler));
8822ebee	106	registerProfile(profile);
1d8395bd	107	}
62e76326	108
d154d3ec	109	/**
e0d28505	110	* \ingroup CacheManagerAPI
a750e510	111	* Registers a C++-style action, via a pointer to a subclass of
d154d3ec FC	112	* a CacheManagerAction object, whose run() method will be invoked when
	113	* CacheManager identifies that the user has requested the action.
	114	*/
1d8395bd	115	void
8822ebee	116	CacheManager::registerProfile(char const * action, char const * desc,
d9fc6862 A	117	ClassActionCreator::Handler *handler,
d9fc6862 A	118	int pw_req_flag, int atomic)
1d8395bd	119	{
8822ebee	120	const Mgr::ActionProfile::Pointer profile = new Mgr::ActionProfile(action,
d9fc6862	121	desc, pw_req_flag, atomic, new ClassActionCreator(handler));
8822ebee	122	registerProfile(profile);
62ee09ca	123	}
62ee09ca	124
d154d3ec FC	125	/**
	126	\ingroup CacheManagerInternal
	127	* Locates an action in the actions registry ActionsList.
	128	\retval NULL if Action not found
	129	\retval CacheManagerAction* if the action was found
	130	*/
8822ebee AR	131	Mgr::ActionProfile::Pointer
8822ebee AR	132	CacheManager::findAction(char const * action) const
22f3fd98	133	{
8822ebee AR	134	Must(action != NULL);
8822ebee AR	135	Menu::const_iterator a;
03c4599f K	136
03c4599f K	137	debugs(16, 5, "CacheManager::findAction: looking for action " << action);
8822ebee AR	138	for (a = menu_.begin(); a != menu_.end(); ++a) {
8822ebee AR	139	if (0 == strcmp((*a)->name, action)) {
03c4599f K	140	debugs(16, 6, " found");
	141	return *a;
	142	}
22f3fd98	143	}
62e76326	144
03c4599f	145	debugs(16, 6, "Action not found.");
8822ebee AR	146	return Mgr::ActionProfilePointer();
	147	}
	148
	149	Mgr::Action::Pointer
	150	CacheManager::createNamedAction(const char *actionName)
	151	{
	152	Must(actionName);
	153
	154	Mgr::Command::Pointer cmd = new Mgr::Command;
	155	cmd->profile = findAction(actionName);
	156	cmd->params.actionName = actionName;
	157
	158	Must(cmd->profile != NULL);
	159	return cmd->profile->creator->create(cmd);
	160	}
	161
	162	Mgr::Action::Pointer
	163	CacheManager::createRequestedAction(const Mgr::ActionParams &params)
	164	{
	165	Mgr::Command::Pointer cmd = new Mgr::Command;
	166	cmd->params = params;
	167	cmd->profile = findAction(params.actionName.termedBuf());
	168	Must(cmd->profile != NULL);
	169	return cmd->profile->creator->create(cmd);
22f3fd98	170	}
22f3fd98	171
832c08ab FC	172	/**
	173	\ingroup CacheManagerInternal
	174	* define whether the URL is a cache-manager URL and parse the action
	175	* requested by the user. Checks via CacheManager::ActionProtection() that the
	176	* item is accessible by the user.
	177	\retval CacheManager::cachemgrStateData state object for the following handling
	178	\retval NULL if the action can't be found or can't be accessed by the user
	179	*/
8822ebee	180	Mgr::Command::Pointer
c83f0bd5	181	CacheManager::ParseUrl(const char *url)
22f3fd98	182	{
	183	int t;
	184	LOCAL_ARRAY(char, host, MAX_URL);
	185	LOCAL_ARRAY(char, request, MAX_URL);
	186	LOCAL_ARRAY(char, password, MAX_URL);
b8151fa1 CT	187	LOCAL_ARRAY(char, params, MAX_URL);
	188	host[0] = 0;
	189	request[0] = 0;
	190	password[0] = 0;
	191	params[0] = 0;
	192	int pos = -1;
	193	int len = strlen(url);
	194	Must(len > 0);
	195	t = sscanf(url, "cache_object://%[^/]/%[^@?]%n@%[^?]?%s", host, request, &pos, password, params);
5366b99b AJ	196	if (t < 3) {
	197	t = sscanf(url, "cache_object://%[^/]/%[^?]%n?%s", host, request, &pos, params);
	198	}
e37bd29b AJ	199	if (t < 1) {
	200	t = sscanf(url, "http://%[^/]/squid-internal-mgr/%[^?]%n?%s", host, request, &pos, params);
	201	}
	202	if (t < 1) {
	203	t = sscanf(url, "https://%[^/]/squid-internal-mgr/%[^?]%n?%s", host, request, &pos, params);
	204	}
8822ebee	205	if (t < 2)
b073fc4b	206	xstrncpy(request, "index", MAX_URL);
8822ebee	207
1191b93b	208	#if _SQUID_OS2_
8822ebee	209	if (t == 2 && request[0] == '\0') {
62e76326	210	/*
	211	* emx's sscanf insists of returning 2 because it sets request
	212	* to null
	213	*/
b073fc4b	214	xstrncpy(request, "index", MAX_URL);
8822ebee	215	}
cd377065	216	#endif
62e76326	217
5366b99b AJ	218	debugs(16, 3, HERE << "MGR request: t=" << t << ", host='" << host << "', request='" << request << "', pos=" << pos <<
	219	", password='" << password << "', params='" << params << "'");
	220
8822ebee AR	221	Mgr::ActionProfile::Pointer profile = findAction(request);
8822ebee AR	222	if (!profile) {
3e1da049	223	debugs(16, DBG_IMPORTANT, "CacheManager::ParseUrl: action '" << request << "' not found");
62e76326	224	return NULL;
22f3fd98	225	}
62e76326	226
8822ebee AR	227	const char *prot = ActionProtection(profile);
	228	if (!strcmp(prot, "disabled") \|\| !strcmp(prot, "hidden")) {
	229	debugs(16, DBG_IMPORTANT, "CacheManager::ParseUrl: action '" << request << "' is " << prot);
	230	return NULL;
	231	}
62e76326	232
8822ebee	233	Mgr::Command::Pointer cmd = new Mgr::Command;
b8151fa1 CT	234	if (!Mgr::QueryParams::Parse(params, cmd->params.queryParams))
b8151fa1 CT	235	return NULL;
8822ebee AR	236	cmd->profile = profile;
	237	cmd->params.httpUri = url;
	238	cmd->params.userName = String();
b8151fa1	239	cmd->params.password = password;
8822ebee AR	240	cmd->params.actionName = request;
8822ebee AR	241	return cmd;
22f3fd98	242	}
22f3fd98	243
63be0a78	244	/// \ingroup CacheManagerInternal
832c08ab FC	245	/*
	246	\ingroup CacheManagerInternal
	247	* Decodes the headers needed to perform user authentication and fills
	248	* the details into the cachemgrStateData argument
	249	*/
c83f0bd5	250	void
8822ebee	251	CacheManager::ParseHeaders(const HttpRequest * request, Mgr::ActionParams &params)
63259c34	252	{
8822ebee AR	253	assert(request);
	254
	255	params.httpMethod = request->method.id();
	256	params.httpFlags = request->flags;
	257
9da6b594 AJ	258	#if HAVE_AUTH_MODULE_BASIC
	259	// TODO: use the authentication system decode to retrieve these details properly.
	260
	261	/* base 64 _decoded_ user:passwd pair */
	262	const char *basic_cookie = request->header.getAuth(HDR_AUTHORIZATION, "Basic");
62e76326	263
99edd1c3	264	if (!basic_cookie)
62e76326	265	return;
62e76326	266
9da6b594	267	const char *passwd_del;
63259c34	268	if (!(passwd_del = strchr(basic_cookie, ':'))) {
3e1da049	269	debugs(16, DBG_IMPORTANT, "CacheManager::ParseHeaders: unknown basic_cookie format '" << basic_cookie << "'");
62e76326	270	return;
63259c34	271	}
62e76326	272
63259c34	273	/* found user:password pair, reset old values */
8822ebee AR	274	params.userName.limitInit(basic_cookie, passwd_del - basic_cookie);
8822ebee AR	275	params.password = passwd_del + 1;
62e76326	276
9da6b594	277	/* warning: this prints decoded password which maybe not be what you want to do @?@ @?@ */
8822ebee	278	debugs(16, 9, "CacheManager::ParseHeaders: got user: '" <<
d9fc6862	279	params.userName << "' passwd: '" << params.password << "'");
9da6b594	280	#endif
63259c34	281	}
63259c34	282
63be0a78	283	/**
	284	\ingroup CacheManagerInternal
	285	*
	286	\retval 0 if mgr->password is good or "none"
	287	\retval 1 if mgr->password is "disable"
	288	\retval !0 if mgr->password does not match configured password
22f3fd98	289	*/
c83f0bd5	290	int
8822ebee	291	CacheManager::CheckPassword(const Mgr::Command &cmd)
22f3fd98	292	{
8822ebee AR	293	assert(cmd.profile != NULL);
	294	const char *action = cmd.profile->name;
	295	char *pwd = PasswdGet(Config.passwd_list, action);
03c4599f	296
8822ebee	297	debugs(16, 4, "CacheManager::CheckPassword for action " << action);
62e76326	298
22f3fd98	299	if (pwd == NULL)
8822ebee	300	return cmd.profile->isPwReq;
62e76326	301
22f3fd98	302	if (strcmp(pwd, "disable") == 0)
62e76326	303	return 1;
62e76326	304
22f3fd98	305	if (strcmp(pwd, "none") == 0)
62e76326	306	return 0;
62e76326	307
8822ebee	308	if (!cmd.params.password.size())
62e76326	309	return 1;
62e76326	310
8822ebee	311	return cmd.params.password != pwd;
22f3fd98	312	}
22f3fd98	313
832c08ab FC	314	/**
	315	\ingroup CacheManagerAPI
	316	* Main entry point in the Cache Manager's activity. Gets called as part
	317	* of the forward chain if the right URL is detected there. Initiates
	318	* all needed internal work and renders the response.
	319	*/
22f3fd98	320	void
5c336a3b	321	CacheManager::Start(const Comm::ConnectionPointer &client, HttpRequest * request, StoreEntry * entry)
22f3fd98	322	{
832c08ab	323	debugs(16, 3, "CacheManager::Start: '" << entry->url() << "'" );
62e76326	324
8822ebee AR	325	Mgr::Command::Pointer cmd = ParseUrl(entry->url());
8822ebee AR	326	if (!cmd) {
913524f0	327	ErrorState *err = new ErrorState(ERR_INVALID_URL, HTTP_NOT_FOUND, request);
3900307b	328	err->url = xstrdup(entry->url());
62e76326	329	errorAppendEntry(entry, err);
	330	entry->expires = squid_curtime;
	331	return;
22f3fd98	332	}
62e76326	333
8822ebee	334	const char *actionName = cmd->profile->name;
34266cde	335
22f3fd98	336	entry->expires = squid_curtime;
34266cde	337
a750e510	338	debugs(16, 5, "CacheManager: " << client << " requesting '" << actionName << "'");
34266cde	339
63259c34	340	/* get additional info from request headers */
8822ebee AR	341	ParseHeaders(request, cmd->params);
	342
	343	const char *userName = cmd->params.userName.size() ?
d9fc6862	344	cmd->params.userName.termedBuf() : "unknown";
34266cde	345
22f3fd98	346	/* Check password */
62e76326	347
8822ebee	348	if (CheckPassword(*cmd) != 0) {
62e76326	349	/* build error message */
913524f0	350	ErrorState errState(ERR_CACHE_MGR_ACCESS_DENIED, HTTP_UNAUTHORIZED, request);
62e76326	351	/* warn if user specified incorrect password */
62e76326	352
8822ebee	353	if (cmd->params.password.size()) {
26ac0430	354	debugs(16, DBG_IMPORTANT, "CacheManager: " <<
8822ebee	355	userName << "@" <<
5c336a3b	356	client << ": incorrect password for '" <<
8822ebee AR	357	actionName << "'" );
8822ebee AR	358	} else {
26ac0430	359	debugs(16, DBG_IMPORTANT, "CacheManager: " <<
8822ebee	360	userName << "@" <<
5c336a3b	361	client << ": password needed for '" <<
8822ebee AR	362	actionName << "'" );
8822ebee AR	363	}
62e76326	364
913524f0	365	HttpReply *rep = errState.BuildHttpReply();
62e76326	366
9da6b594	367	#if HAVE_AUTH_MODULE_BASIC
62e76326	368	/*
8822ebee AR	369	* add Authenticate header using action name as a realm because
8822ebee AR	370	* password depends on the action
62e76326	371	*/
8822ebee	372	rep->header.putAuth("Basic", actionName);
9da6b594	373	#endif
3865965d AJ	374	// Allow cachemgr and other XHR scripts access to our version string
	375	if (request->header.has(HDR_ORIGIN)) {
	376	rep->header.putExt("Access-Control-Allow-Origin",request->header.getStr(HDR_ORIGIN));
	377	#if HAVE_AUTH_MODULE_BASIC
	378	rep->header.putExt("Access-Control-Allow-Credentials","true");
	379	#endif
	380	rep->header.putExt("Access-Control-Expose-Headers","Server");
	381	}
62e76326	382
62e76326	383	/* store the reply */
db237875	384	entry->replaceHttpReply(rep);
62e76326	385
	386	entry->expires = squid_curtime;
	387
	388	entry->complete();
	389
62e76326	390	return;
22f3fd98	391	}
62e76326	392
3865965d AJ	393	if (request->header.has(HDR_ORIGIN)) {
	394	cmd->params.httpOrigin = request->header.getStr(HDR_ORIGIN);
	395	}
	396
0be039f4	397	debugs(16, 2, "CacheManager: " <<
8822ebee	398	userName << "@" <<
5c336a3b	399	client << " requesting '" <<
8822ebee	400	actionName << "'" );
62e76326	401
b073fc4b AJ	402	// special case: /squid-internal-mgr/ index page
	403	if (!strcmp(cmd->profile->name, "index")) {
	404	ErrorState err(MGR_INDEX, HTTP_OK, request);
	405	err.url = xstrdup(entry->url());
	406	HttpReply *rep = err.BuildHttpReply();
	407	if (strncmp(rep->body.content(),"Internal Error:", 15) == 0)
	408	rep->sline.status = HTTP_NOT_FOUND;
	409	// Allow cachemgr and other XHR scripts access to our version string
	410	if (request->header.has(HDR_ORIGIN)) {
	411	rep->header.putExt("Access-Control-Allow-Origin",request->header.getStr(HDR_ORIGIN));
	412	#if HAVE_AUTH_MODULE_BASIC
	413	rep->header.putExt("Access-Control-Allow-Credentials","true");
	414	#endif
	415	rep->header.putExt("Access-Control-Expose-Headers","Server");
	416	}
	417	entry->replaceHttpReply(rep);
	418	entry->complete();
	419	return;
	420	}
	421
8822ebee	422	if (UsingSmp() && IamWorkerProcess()) {
1b76e6c1	423	// is client the right connection to pass here?
25b481e6	424	AsyncJob::Start(new Mgr::Forwarder(client, cmd->params, request, entry));
8822ebee	425	return;
cb69b4c7	426	}
62e76326	427
8822ebee AR	428	Mgr::Action::Pointer action = cmd->profile->creator->create(cmd);
	429	Must(action != NULL);
	430	action->run(entry, true);
22f3fd98	431	}
22f3fd98	432
832c08ab FC	433	/*
	434	\ingroup CacheManagerInternal
	435	* Renders the protection level text for an action.
	436	* Also doubles as a check for the protection level.
832c08ab	437	*/
c83f0bd5	438	const char *
8822ebee	439	CacheManager::ActionProtection(const Mgr::ActionProfile::Pointer &profile)
7395afb8	440	{
8822ebee AR	441	assert(profile != NULL);
8822ebee AR	442	const char *pwd = PasswdGet(Config.passwd_list, profile->name);
62e76326	443
7395afb8	444	if (!pwd)
8822ebee	445	return profile->isPwReq ? "hidden" : "public";
62e76326	446
7395afb8	447	if (!strcmp(pwd, "disable"))
62e76326	448	return "disabled";
62e76326	449
7395afb8	450	if (strcmp(pwd, "none") == 0)
62e76326	451	return "public";
62e76326	452
7395afb8	453	return "protected";
	454	}
	455
832c08ab FC	456	/*
	457	\ingroup CacheManagerInternal
	458	* gets from the global Config the password the user would need to supply
	459	* for the action she queried
	460	*/
c83f0bd5 K	461	char *
c83f0bd5 K	462	CacheManager::PasswdGet(cachemgr_passwd * a, const char *action)
22f3fd98	463	{
22f3fd98	464	wordlist *w;
62e76326	465
22f3fd98	466	while (a != NULL) {
62e76326	467	for (w = a->actions; w != NULL; w = w->next) {
	468	if (0 == strcmp(w->key, action))
	469	return a->passwd;
	470
	471	if (0 == strcmp(w->key, "all"))
	472	return a->passwd;
	473	}
	474
	475	a = a->next;
22f3fd98	476	}
62e76326	477
22f3fd98	478	return NULL;
22f3fd98	479	}
c83f0bd5 K	480
	481	CacheManager* CacheManager::instance=0;
	482
832c08ab FC	483	/**
	484	\ingroup CacheManagerAPI
	485	* Singleton accessor method.
	486	*/
c83f0bd5	487	CacheManager*
26ac0430 AJ	488	CacheManager::GetInstance()
	489	{
	490	if (instance == 0) {
	491	debugs(16, 6, "CacheManager::GetInstance: starting cachemanager up");
	492	instance = new CacheManager;
8822ebee	493	Mgr::RegisterBasics();
26ac0430 AJ	494	}
26ac0430 AJ	495	return instance;
c83f0bd5	496	}