]>
Commit | Line | Data |
---|---|---|
22f3fd98 | 1 | /* |
b8ae064d | 2 | * Copyright (C) 1996-2023 The Squid Software Foundation and contributors |
e25c139f | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
22f3fd98 | 7 | */ |
8 | ||
bbc27441 AJ |
9 | /* DEBUG: section 16 Cache Manager Objects */ |
10 | ||
f7f3304a | 11 | #include "squid.h" |
7e6eabbc | 12 | #include "AccessLogEntry.h" |
8822ebee | 13 | #include "base/TextException.h" |
62ee09ca | 14 | #include "CacheManager.h" |
5c336a3b | 15 | #include "comm/Connection.h" |
675b8408 | 16 | #include "debug/Stream.h" |
26e65059 | 17 | #include "error/ExceptionErrorDetail.h" |
53521734 | 18 | #include "errorpage.h" |
8822ebee | 19 | #include "fde.h" |
92a5adb7 | 20 | #include "HttpHdrCc.h" |
528b2c61 | 21 | #include "HttpReply.h" |
22 | #include "HttpRequest.h" | |
8822ebee | 23 | #include "mgr/Action.h" |
602d9612 A |
24 | #include "mgr/ActionCreator.h" |
25 | #include "mgr/ActionPasswordList.h" | |
8822ebee AR |
26 | #include "mgr/ActionProfile.h" |
27 | #include "mgr/BasicActions.h" | |
28 | #include "mgr/Command.h" | |
29 | #include "mgr/Forwarder.h" | |
30 | #include "mgr/FunAction.h" | |
b8151fa1 | 31 | #include "mgr/QueryParams.h" |
26e65059 | 32 | #include "parser/Tokenizer.h" |
592b8687 | 33 | #include "protos.h" |
26e65059 | 34 | #include "sbuf/Stream.h" |
2582f64a | 35 | #include "sbuf/StringConvert.h" |
4d5904f7 | 36 | #include "SquidConfig.h" |
8822ebee | 37 | #include "Store.h" |
602d9612 | 38 | #include "tools.h" |
d295d770 | 39 | #include "wordlist.h" |
5bed43d6 | 40 | |
8822ebee | 41 | #include <algorithm> |
92a5adb7 | 42 | #include <memory> |
22f3fd98 | 43 | |
63be0a78 | 44 | /// \ingroup CacheManagerInternal |
22f3fd98 | 45 | #define MGR_PASSWD_SZ 128 |
46 | ||
8822ebee AR |
47 | void |
48 | CacheManager::registerProfile(const Mgr::ActionProfile::Pointer &profile) | |
62ee09ca | 49 | { |
aee3523a | 50 | Must(profile != nullptr); |
e3c2ea01 | 51 | if (!CacheManager::findAction(profile->name)) { |
8822ebee | 52 | menu_.push_back(profile); |
bf95c10a | 53 | debugs(16, 3, "registered profile: " << *profile); |
8822ebee | 54 | } else { |
bf95c10a | 55 | debugs(16, 2, "skipped duplicate profile: " << *profile); |
8822ebee | 56 | } |
62ee09ca | 57 | } |
22f3fd98 | 58 | |
d154d3ec FC |
59 | /** |
60 | \ingroup CacheManagerInternal | |
61 | * Locates an action in the actions registry ActionsList. | |
62 | \retval NULL if Action not found | |
63 | \retval CacheManagerAction* if the action was found | |
64 | */ | |
8822ebee AR |
65 | Mgr::ActionProfile::Pointer |
66 | CacheManager::findAction(char const * action) const | |
22f3fd98 | 67 | { |
aee3523a | 68 | Must(action != nullptr); |
8822ebee | 69 | Menu::const_iterator a; |
03c4599f K |
70 | |
71 | debugs(16, 5, "CacheManager::findAction: looking for action " << action); | |
8822ebee AR |
72 | for (a = menu_.begin(); a != menu_.end(); ++a) { |
73 | if (0 == strcmp((*a)->name, action)) { | |
03c4599f K |
74 | debugs(16, 6, " found"); |
75 | return *a; | |
76 | } | |
22f3fd98 | 77 | } |
62e76326 | 78 | |
03c4599f | 79 | debugs(16, 6, "Action not found."); |
8822ebee AR |
80 | return Mgr::ActionProfilePointer(); |
81 | } | |
82 | ||
83 | Mgr::Action::Pointer | |
84 | CacheManager::createNamedAction(const char *actionName) | |
85 | { | |
86 | Must(actionName); | |
87 | ||
88 | Mgr::Command::Pointer cmd = new Mgr::Command; | |
89 | cmd->profile = findAction(actionName); | |
90 | cmd->params.actionName = actionName; | |
91 | ||
aee3523a | 92 | Must(cmd->profile != nullptr); |
8822ebee AR |
93 | return cmd->profile->creator->create(cmd); |
94 | } | |
95 | ||
96 | Mgr::Action::Pointer | |
97 | CacheManager::createRequestedAction(const Mgr::ActionParams ¶ms) | |
98 | { | |
99 | Mgr::Command::Pointer cmd = new Mgr::Command; | |
100 | cmd->params = params; | |
101 | cmd->profile = findAction(params.actionName.termedBuf()); | |
aee3523a | 102 | Must(cmd->profile != nullptr); |
8822ebee | 103 | return cmd->profile->creator->create(cmd); |
22f3fd98 | 104 | } |
105 | ||
3c383cc3 AR |
106 | const SBuf & |
107 | CacheManager::WellKnownUrlPathPrefix() | |
108 | { | |
109 | static const SBuf prefix("/squid-internal-mgr/"); | |
110 | return prefix; | |
111 | } | |
112 | ||
832c08ab | 113 | /** |
7902bd5b EB |
114 | * Parses the action requested by the user and checks via |
115 | * CacheManager::ActionProtection() that the item is accessible by the user. | |
26e65059 AJ |
116 | * |
117 | * Syntax: | |
118 | * | |
7902bd5b | 119 | * [ scheme "://" authority ] '/squid-internal-mgr' path-absolute [ "?" query ] [ "#" fragment ] |
26e65059 | 120 | * |
7902bd5b | 121 | * see RFC 3986 for definitions of scheme, authority, path-absolute, query |
26e65059 AJ |
122 | * |
123 | * \returns Mgr::Command object with action to perform and parameters it might use | |
832c08ab | 124 | */ |
8822ebee | 125 | Mgr::Command::Pointer |
26e65059 | 126 | CacheManager::ParseUrl(const AnyP::Uri &uri) |
22f3fd98 | 127 | { |
26e65059 | 128 | Parser::Tokenizer tok(uri.path()); |
8822ebee | 129 | |
3c383cc3 | 130 | Assure(tok.skip(WellKnownUrlPathPrefix())); |
62e76326 | 131 | |
26e65059 AJ |
132 | Mgr::Command::Pointer cmd = new Mgr::Command(); |
133 | cmd->params.httpUri = SBufToString(uri.absolute()); | |
5366b99b | 134 | |
7902bd5b | 135 | static const auto fieldChars = CharacterSet("mgr-field", "?#").complement(); |
26e65059 AJ |
136 | |
137 | SBuf action; | |
138 | if (!tok.prefix(action, fieldChars)) { | |
7902bd5b EB |
139 | static const SBuf indexReport("index"); |
140 | action = indexReport; | |
22f3fd98 | 141 | } |
26e65059 AJ |
142 | cmd->params.actionName = SBufToString(action); |
143 | ||
144 | const auto profile = findAction(action.c_str()); | |
145 | if (!profile) | |
146 | throw TextException(ToSBuf("action '", action, "' not found"), Here()); | |
62e76326 | 147 | |
8822ebee | 148 | const char *prot = ActionProtection(profile); |
26e65059 AJ |
149 | if (!strcmp(prot, "disabled") || !strcmp(prot, "hidden")) |
150 | throw TextException(ToSBuf("action '", action, "' is ", prot), Here()); | |
151 | cmd->profile = profile; | |
152 | ||
26e65059 AJ |
153 | // TODO: fix when AnyP::Uri::parse() separates path?query#fragment |
154 | SBuf params; | |
155 | if (tok.skip('?')) { | |
156 | params = tok.remaining(); | |
157 | Mgr::QueryParams::Parse(tok, cmd->params.queryParams); | |
158 | } | |
159 | ||
160 | if (!tok.skip('#') && !tok.atEnd()) | |
161 | throw TextException("invalid characters in URL", Here()); | |
162 | // else ignore #fragment (if any) | |
163 | ||
7902bd5b | 164 | debugs(16, 3, "MGR request: host=" << uri.host() << ", action=" << action << ", params=" << params); |
26e65059 | 165 | |
8822ebee | 166 | return cmd; |
22f3fd98 | 167 | } |
168 | ||
63be0a78 | 169 | /// \ingroup CacheManagerInternal |
832c08ab FC |
170 | /* |
171 | \ingroup CacheManagerInternal | |
172 | * Decodes the headers needed to perform user authentication and fills | |
173 | * the details into the cachemgrStateData argument | |
174 | */ | |
c83f0bd5 | 175 | void |
8822ebee | 176 | CacheManager::ParseHeaders(const HttpRequest * request, Mgr::ActionParams ¶ms) |
63259c34 | 177 | { |
8822ebee AR |
178 | assert(request); |
179 | ||
180 | params.httpMethod = request->method.id(); | |
181 | params.httpFlags = request->flags; | |
182 | ||
9da6b594 AJ |
183 | #if HAVE_AUTH_MODULE_BASIC |
184 | // TODO: use the authentication system decode to retrieve these details properly. | |
185 | ||
186 | /* base 64 _decoded_ user:passwd pair */ | |
2582f64a | 187 | const auto basic_cookie(request->header.getAuthToken(Http::HdrType::AUTHORIZATION, "Basic")); |
62e76326 | 188 | |
2582f64a | 189 | if (basic_cookie.isEmpty()) |
62e76326 | 190 | return; |
191 | ||
2582f64a AJ |
192 | const auto colonPos = basic_cookie.find(':'); |
193 | if (colonPos == SBuf::npos) { | |
d816f28d | 194 | debugs(16, DBG_IMPORTANT, "ERROR: CacheManager::ParseHeaders: unknown basic_cookie format '" << basic_cookie << "'"); |
62e76326 | 195 | return; |
63259c34 | 196 | } |
62e76326 | 197 | |
63259c34 | 198 | /* found user:password pair, reset old values */ |
2582f64a AJ |
199 | params.userName = SBufToString(basic_cookie.substr(0, colonPos)); |
200 | params.password = SBufToString(basic_cookie.substr(colonPos+1)); | |
62e76326 | 201 | |
9da6b594 | 202 | /* warning: this prints decoded password which maybe not be what you want to do @?@ @?@ */ |
8822ebee | 203 | debugs(16, 9, "CacheManager::ParseHeaders: got user: '" << |
d9fc6862 | 204 | params.userName << "' passwd: '" << params.password << "'"); |
9da6b594 | 205 | #endif |
63259c34 | 206 | } |
207 | ||
63be0a78 | 208 | /** |
209 | \ingroup CacheManagerInternal | |
210 | * | |
f53969cc SM |
211 | \retval 0 if mgr->password is good or "none" |
212 | \retval 1 if mgr->password is "disable" | |
213 | \retval !0 if mgr->password does not match configured password | |
22f3fd98 | 214 | */ |
c83f0bd5 | 215 | int |
8822ebee | 216 | CacheManager::CheckPassword(const Mgr::Command &cmd) |
22f3fd98 | 217 | { |
aee3523a | 218 | assert(cmd.profile != nullptr); |
8822ebee AR |
219 | const char *action = cmd.profile->name; |
220 | char *pwd = PasswdGet(Config.passwd_list, action); | |
03c4599f | 221 | |
8822ebee | 222 | debugs(16, 4, "CacheManager::CheckPassword for action " << action); |
62e76326 | 223 | |
aee3523a | 224 | if (pwd == nullptr) |
8822ebee | 225 | return cmd.profile->isPwReq; |
62e76326 | 226 | |
22f3fd98 | 227 | if (strcmp(pwd, "disable") == 0) |
62e76326 | 228 | return 1; |
229 | ||
22f3fd98 | 230 | if (strcmp(pwd, "none") == 0) |
62e76326 | 231 | return 0; |
232 | ||
8822ebee | 233 | if (!cmd.params.password.size()) |
62e76326 | 234 | return 1; |
235 | ||
8822ebee | 236 | return cmd.params.password != pwd; |
22f3fd98 | 237 | } |
238 | ||
832c08ab FC |
239 | /** |
240 | \ingroup CacheManagerAPI | |
241 | * Main entry point in the Cache Manager's activity. Gets called as part | |
242 | * of the forward chain if the right URL is detected there. Initiates | |
243 | * all needed internal work and renders the response. | |
244 | */ | |
22f3fd98 | 245 | void |
7e6eabbc | 246 | CacheManager::start(const Comm::ConnectionPointer &client, HttpRequest *request, StoreEntry *entry, const AccessLogEntry::Pointer &ale) |
22f3fd98 | 247 | { |
26e65059 | 248 | debugs(16, 3, "request-url= '" << request->url << "', entry-url='" << entry->url() << "'"); |
62e76326 | 249 | |
26e65059 AJ |
250 | Mgr::Command::Pointer cmd; |
251 | try { | |
252 | cmd = ParseUrl(request->url); | |
253 | ||
254 | } catch (...) { | |
255 | debugs(16, 2, "request URL error: " << CurrentException); | |
7e6eabbc | 256 | const auto err = new ErrorState(ERR_INVALID_URL, Http::scNotFound, request, ale); |
3900307b | 257 | err->url = xstrdup(entry->url()); |
26e65059 | 258 | err->detailError(new ExceptionErrorDetail(Here().id())); |
62e76326 | 259 | errorAppendEntry(entry, err); |
62e76326 | 260 | return; |
22f3fd98 | 261 | } |
62e76326 | 262 | |
8822ebee | 263 | const char *actionName = cmd->profile->name; |
34266cde | 264 | |
22f3fd98 | 265 | entry->expires = squid_curtime; |
34266cde | 266 | |
a750e510 | 267 | debugs(16, 5, "CacheManager: " << client << " requesting '" << actionName << "'"); |
34266cde | 268 | |
63259c34 | 269 | /* get additional info from request headers */ |
8822ebee AR |
270 | ParseHeaders(request, cmd->params); |
271 | ||
272 | const char *userName = cmd->params.userName.size() ? | |
d9fc6862 | 273 | cmd->params.userName.termedBuf() : "unknown"; |
34266cde | 274 | |
22f3fd98 | 275 | /* Check password */ |
62e76326 | 276 | |
8822ebee | 277 | if (CheckPassword(*cmd) != 0) { |
62e76326 | 278 | /* build error message */ |
7e6eabbc | 279 | ErrorState errState(ERR_CACHE_MGR_ACCESS_DENIED, Http::scUnauthorized, request, ale); |
62e76326 | 280 | /* warn if user specified incorrect password */ |
281 | ||
8822ebee | 282 | if (cmd->params.password.size()) { |
26ac0430 | 283 | debugs(16, DBG_IMPORTANT, "CacheManager: " << |
8822ebee | 284 | userName << "@" << |
5c336a3b | 285 | client << ": incorrect password for '" << |
8822ebee AR |
286 | actionName << "'" ); |
287 | } else { | |
26ac0430 | 288 | debugs(16, DBG_IMPORTANT, "CacheManager: " << |
8822ebee | 289 | userName << "@" << |
5c336a3b | 290 | client << ": password needed for '" << |
8822ebee AR |
291 | actionName << "'" ); |
292 | } | |
62e76326 | 293 | |
913524f0 | 294 | HttpReply *rep = errState.BuildHttpReply(); |
62e76326 | 295 | |
9da6b594 | 296 | #if HAVE_AUTH_MODULE_BASIC |
62e76326 | 297 | /* |
8822ebee AR |
298 | * add Authenticate header using action name as a realm because |
299 | * password depends on the action | |
62e76326 | 300 | */ |
8822ebee | 301 | rep->header.putAuth("Basic", actionName); |
9da6b594 | 302 | #endif |
92a5adb7 AR |
303 | |
304 | const auto originOrNil = request->header.getStr(Http::HdrType::ORIGIN); | |
305 | PutCommonResponseHeaders(*rep, originOrNil); | |
62e76326 | 306 | |
307 | /* store the reply */ | |
db237875 | 308 | entry->replaceHttpReply(rep); |
62e76326 | 309 | |
310 | entry->expires = squid_curtime; | |
311 | ||
312 | entry->complete(); | |
313 | ||
62e76326 | 314 | return; |
22f3fd98 | 315 | } |
62e76326 | 316 | |
789217a2 FC |
317 | if (request->header.has(Http::HdrType::ORIGIN)) { |
318 | cmd->params.httpOrigin = request->header.getStr(Http::HdrType::ORIGIN); | |
3865965d AJ |
319 | } |
320 | ||
0be039f4 | 321 | debugs(16, 2, "CacheManager: " << |
8822ebee | 322 | userName << "@" << |
5c336a3b | 323 | client << " requesting '" << |
8822ebee | 324 | actionName << "'" ); |
62e76326 | 325 | |
3c383cc3 | 326 | // special case: an index page |
b073fc4b | 327 | if (!strcmp(cmd->profile->name, "index")) { |
7e6eabbc | 328 | ErrorState err(MGR_INDEX, Http::scOkay, request, ale); |
b073fc4b AJ |
329 | err.url = xstrdup(entry->url()); |
330 | HttpReply *rep = err.BuildHttpReply(); | |
331 | if (strncmp(rep->body.content(),"Internal Error:", 15) == 0) | |
9b769c67 | 332 | rep->sline.set(Http::ProtocolVersion(1,1), Http::scNotFound); |
92a5adb7 AR |
333 | |
334 | const auto originOrNil = request->header.getStr(Http::HdrType::ORIGIN); | |
335 | PutCommonResponseHeaders(*rep, originOrNil); | |
336 | ||
b073fc4b AJ |
337 | entry->replaceHttpReply(rep); |
338 | entry->complete(); | |
339 | return; | |
340 | } | |
341 | ||
8822ebee | 342 | if (UsingSmp() && IamWorkerProcess()) { |
1b76e6c1 | 343 | // is client the right connection to pass here? |
7e6eabbc | 344 | AsyncJob::Start(new Mgr::Forwarder(client, cmd->params, request, entry, ale)); |
8822ebee | 345 | return; |
cb69b4c7 | 346 | } |
62e76326 | 347 | |
8822ebee | 348 | Mgr::Action::Pointer action = cmd->profile->creator->create(cmd); |
aee3523a | 349 | Must(action != nullptr); |
8822ebee | 350 | action->run(entry, true); |
22f3fd98 | 351 | } |
352 | ||
832c08ab FC |
353 | /* |
354 | \ingroup CacheManagerInternal | |
355 | * Renders the protection level text for an action. | |
356 | * Also doubles as a check for the protection level. | |
832c08ab | 357 | */ |
c83f0bd5 | 358 | const char * |
8822ebee | 359 | CacheManager::ActionProtection(const Mgr::ActionProfile::Pointer &profile) |
7395afb8 | 360 | { |
aee3523a | 361 | assert(profile != nullptr); |
8822ebee | 362 | const char *pwd = PasswdGet(Config.passwd_list, profile->name); |
62e76326 | 363 | |
7395afb8 | 364 | if (!pwd) |
8822ebee | 365 | return profile->isPwReq ? "hidden" : "public"; |
62e76326 | 366 | |
7395afb8 | 367 | if (!strcmp(pwd, "disable")) |
62e76326 | 368 | return "disabled"; |
369 | ||
7395afb8 | 370 | if (strcmp(pwd, "none") == 0) |
62e76326 | 371 | return "public"; |
372 | ||
7395afb8 | 373 | return "protected"; |
374 | } | |
375 | ||
832c08ab | 376 | /* |
ee82937c | 377 | * \ingroup CacheManagerInternal |
832c08ab FC |
378 | * gets from the global Config the password the user would need to supply |
379 | * for the action she queried | |
380 | */ | |
c83f0bd5 | 381 | char * |
613924ee | 382 | CacheManager::PasswdGet(Mgr::ActionPasswordList * a, const char *action) |
22f3fd98 | 383 | { |
a5f27c62 AJ |
384 | while (a) { |
385 | for (auto &w : a->actions) { | |
386 | if (w.cmp(action) == 0) | |
62e76326 | 387 | return a->passwd; |
388 | ||
a5f27c62 AJ |
389 | static const SBuf allAction("all"); |
390 | if (w == allAction) | |
62e76326 | 391 | return a->passwd; |
392 | } | |
393 | ||
394 | a = a->next; | |
22f3fd98 | 395 | } |
62e76326 | 396 | |
aee3523a | 397 | return nullptr; |
22f3fd98 | 398 | } |
c83f0bd5 | 399 | |
92a5adb7 AR |
400 | void |
401 | CacheManager::PutCommonResponseHeaders(HttpReply &response, const char *httpOrigin) | |
402 | { | |
403 | // Allow cachemgr and other XHR scripts access to our version string | |
404 | if (httpOrigin) { | |
405 | response.header.putExt("Access-Control-Allow-Origin", httpOrigin); | |
406 | #if HAVE_AUTH_MODULE_BASIC | |
407 | response.header.putExt("Access-Control-Allow-Credentials", "true"); | |
408 | #endif | |
409 | response.header.putExt("Access-Control-Expose-Headers", "Server"); | |
410 | } | |
411 | ||
182faab8 | 412 | HttpHdrCc cc; |
92a5adb7 AR |
413 | // this is honored by more caches but allows pointless revalidation; |
414 | // revalidation will always fail because we do not support it (yet?) | |
182faab8 | 415 | cc.noCache(String()); |
92a5adb7 | 416 | // this is honored by fewer caches but prohibits pointless revalidation |
182faab8 AR |
417 | cc.noStore(true); |
418 | response.putCc(cc); | |
92a5adb7 AR |
419 | } |
420 | ||
c83f0bd5 | 421 | CacheManager* |
26ac0430 AJ |
422 | CacheManager::GetInstance() |
423 | { | |
f0ffd7c3 | 424 | static CacheManager *instance = nullptr; |
7658a296 AJ |
425 | if (!instance) { |
426 | debugs(16, 6, "starting cachemanager up"); | |
26ac0430 | 427 | instance = new CacheManager; |
8822ebee | 428 | Mgr::RegisterBasics(); |
26ac0430 AJ |
429 | } |
430 | return instance; | |
c83f0bd5 | 431 | } |
53521734 | 432 |