]>
Commit | Line | Data |
---|---|---|
edce4d98 | 1 | |
2 | /* | |
262a0e14 | 3 | * $Id$ |
26ac0430 | 4 | * |
ae45c4de | 5 | * DEBUG: section 85 Client-side Request Routines |
6 | * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c) | |
26ac0430 | 7 | * |
edce4d98 | 8 | * SQUID Web Proxy Cache http://www.squid-cache.org/ |
9 | * ---------------------------------------------------------- | |
0a9297f6 | 10 | * |
11 | * Squid is the result of efforts by numerous individuals from | |
12 | * the Internet community; see the CONTRIBUTORS file for full | |
13 | * details. Many organizations have provided support for Squid's | |
14 | * development; see the SPONSORS file for full details. Squid is | |
15 | * Copyrighted (C) 2001 by the Regents of the University of | |
16 | * California; see the COPYRIGHT file for full details. Squid | |
17 | * incorporates software developed and/or copyrighted by other | |
18 | * sources; see the CREDITS file for full details. | |
19 | * | |
20 | * This program is free software; you can redistribute it and/or modify | |
21 | * it under the terms of the GNU General Public License as published by | |
22 | * the Free Software Foundation; either version 2 of the License, or | |
23 | * (at your option) any later version. | |
24 | * | |
25 | * This program is distributed in the hope that it will be useful, | |
26 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
27 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
28 | * GNU General Public License for more details. | |
29 | * | |
30 | * You should have received a copy of the GNU General Public License | |
31 | * along with this program; if not, write to the Free Software | |
32 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
33 | * | |
edce4d98 | 34 | */ |
35 | ||
36 | ||
69660be0 | 37 | /* |
38 | * General logic of request processing: | |
26ac0430 | 39 | * |
69660be0 | 40 | * We run a series of tests to determine if access will be permitted, and to do |
41 | * any redirection. Then we call into the result clientStream to retrieve data. | |
42 | * From that point on it's up to reply management. | |
edce4d98 | 43 | */ |
44 | ||
45 | #include "squid.h" | |
c0941a6a AR |
46 | #include "acl/FilledChecklist.h" |
47 | #include "acl/Gadgets.h" | |
a83c6ed6 | 48 | #if USE_ADAPTATION |
62c7f90e | 49 | #include "adaptation/AccessCheck.h" |
a22e6cd3 | 50 | #include "adaptation/Iterator.h" |
abd4b611 | 51 | #include "adaptation/Service.h" |
3ff65596 AR |
52 | #if ICAP_CLIENT |
53 | #include "adaptation/icap/History.h" | |
54 | #endif | |
de31d06f | 55 | #endif |
27bc2077 AJ |
56 | #include "auth/UserRequest.h" |
57 | #include "clientStream.h" | |
58 | #include "client_side.h" | |
59 | #include "client_side_reply.h" | |
60 | #include "client_side_request.h" | |
61 | #include "ClientRequestContext.h" | |
5c336a3b | 62 | #include "comm/Connection.h" |
27bc2077 AJ |
63 | #include "compat/inet_pton.h" |
64 | #include "fde.h" | |
65 | #include "HttpReply.h" | |
66 | #include "HttpRequest.h" | |
425de4c8 | 67 | #include "ip/QosConfig.h" |
27bc2077 AJ |
68 | #include "MemObject.h" |
69 | #include "ProtoPort.h" | |
70 | #include "Store.h" | |
71 | #include "SquidTime.h" | |
72 | #include "wordlist.h" | |
3ff65596 AR |
73 | |
74 | ||
edce4d98 | 75 | #if LINGERING_CLOSE |
76 | #define comm_close comm_lingering_close | |
77 | #endif | |
78 | ||
79 | static const char *const crlf = "\r\n"; | |
80 | ||
609c620a | 81 | #if FOLLOW_X_FORWARDED_FOR |
3d674977 AJ |
82 | static void |
83 | clientFollowXForwardedForCheck(int answer, void *data); | |
609c620a | 84 | #endif /* FOLLOW_X_FORWARDED_FOR */ |
3d674977 | 85 | |
8e2745f4 | 86 | CBDATA_CLASS_INIT(ClientRequestContext); |
87 | ||
88 | void * | |
89 | ClientRequestContext::operator new (size_t size) | |
90 | { | |
91 | assert (size == sizeof(ClientRequestContext)); | |
92 | CBDATA_INIT_TYPE(ClientRequestContext); | |
93 | ClientRequestContext *result = cbdataAlloc(ClientRequestContext); | |
aa625860 | 94 | return result; |
8e2745f4 | 95 | } |
62e76326 | 96 | |
8e2745f4 | 97 | void |
98 | ClientRequestContext::operator delete (void *address) | |
99 | { | |
100 | ClientRequestContext *t = static_cast<ClientRequestContext *>(address); | |
aa625860 | 101 | cbdataFree(t); |
8e2745f4 | 102 | } |
103 | ||
edce4d98 | 104 | /* Local functions */ |
edce4d98 | 105 | /* other */ |
de31d06f | 106 | static void clientAccessCheckDoneWrapper(int, void *); |
59a1efb2 | 107 | static int clientHierarchical(ClientHttpRequest * http); |
108 | static void clientInterpretRequestHeaders(ClientHttpRequest * http); | |
de31d06f | 109 | static RH clientRedirectDoneWrapper; |
110 | static PF checkNoCacheDoneWrapper; | |
e6ccf245 | 111 | extern "C" CSR clientGetMoreData; |
112 | extern "C" CSS clientReplyStatus; | |
113 | extern "C" CSD clientReplyDetach; | |
528b2c61 | 114 | static void checkFailureRatio(err_type, hier_code); |
edce4d98 | 115 | |
8e2745f4 | 116 | ClientRequestContext::~ClientRequestContext() |
117 | { | |
de31d06f | 118 | /* |
a546b04b | 119 | * Release our "lock" on our parent, ClientHttpRequest, if we |
120 | * still have one | |
de31d06f | 121 | */ |
a546b04b | 122 | |
123 | if (http) | |
124 | cbdataReferenceDone(http); | |
62e76326 | 125 | |
5f8252d2 | 126 | debugs(85,3, HERE << this << " ClientRequestContext destructed"); |
8e2745f4 | 127 | } |
128 | ||
4e2eb5c3 | 129 | ClientRequestContext::ClientRequestContext(ClientHttpRequest *anHttp) : http(cbdataReference(anHttp)), acl_checklist (NULL), redirect_state (REDIRECT_NONE) |
edce4d98 | 130 | { |
57abaac0 | 131 | http_access_done = false; |
132 | redirect_done = false; | |
133 | no_cache_done = false; | |
134 | interpreted_req_hdrs = false; | |
0b86805b | 135 | debugs(85,3, HERE << this << " ClientRequestContext constructed"); |
edce4d98 | 136 | } |
137 | ||
528b2c61 | 138 | CBDATA_CLASS_INIT(ClientHttpRequest); |
8e2745f4 | 139 | |
528b2c61 | 140 | void * |
141 | ClientHttpRequest::operator new (size_t size) | |
142 | { | |
143 | assert (size == sizeof (ClientHttpRequest)); | |
144 | CBDATA_INIT_TYPE(ClientHttpRequest); | |
145 | ClientHttpRequest *result = cbdataAlloc(ClientHttpRequest); | |
aa625860 | 146 | return result; |
528b2c61 | 147 | } |
148 | ||
62e76326 | 149 | void |
528b2c61 | 150 | ClientHttpRequest::operator delete (void *address) |
151 | { | |
aa625860 | 152 | ClientHttpRequest *t = static_cast<ClientHttpRequest *>(address); |
153 | cbdataFree(t); | |
528b2c61 | 154 | } |
155 | ||
26ac0430 | 156 | ClientHttpRequest::ClientHttpRequest(ConnStateData * aConn) : |
a83c6ed6 | 157 | #if USE_ADAPTATION |
26ac0430 | 158 | AsyncJob("ClientHttpRequest"), |
1cf238db | 159 | #endif |
26ac0430 | 160 | loggingEntry_(NULL) |
528b2c61 | 161 | { |
1cf238db | 162 | start_time = current_time; |
a0355e95 | 163 | setConn(aConn); |
be364179 | 164 | clientConnection = aConn->clientConn; |
a0355e95 | 165 | dlinkAdd(this, &active, &ClientActiveRequests); |
a83c6ed6 | 166 | #if USE_ADAPTATION |
b044675d | 167 | request_satisfaction_mode = false; |
168 | #endif | |
528b2c61 | 169 | } |
170 | ||
0655fa4d | 171 | /* |
172 | * returns true if client specified that the object must come from the cache | |
173 | * without contacting origin server | |
174 | */ | |
175 | bool | |
176 | ClientHttpRequest::onlyIfCached()const | |
177 | { | |
178 | assert(request); | |
179 | return request->cache_control && | |
180 | EBIT_TEST(request->cache_control->mask, CC_ONLY_IF_CACHED); | |
181 | } | |
182 | ||
528b2c61 | 183 | /* |
184 | * This function is designed to serve a fairly specific purpose. | |
185 | * Occasionally our vBNS-connected caches can talk to each other, but not | |
186 | * the rest of the world. Here we try to detect frequent failures which | |
187 | * make the cache unusable (e.g. DNS lookup and connect() failures). If | |
188 | * the failure:success ratio goes above 1.0 then we go into "hit only" | |
189 | * mode where we only return UDP_HIT or UDP_MISS_NOFETCH. Neighbors | |
190 | * will only fetch HITs from us if they are using the ICP protocol. We | |
191 | * stay in this mode for 5 minutes. | |
26ac0430 | 192 | * |
528b2c61 | 193 | * Duane W., Sept 16, 1996 |
194 | */ | |
195 | ||
196 | #define FAILURE_MODE_TIME 300 | |
197 | ||
198 | static void | |
199 | checkFailureRatio(err_type etype, hier_code hcode) | |
200 | { | |
201 | static double magic_factor = 100.0; | |
202 | double n_good; | |
203 | double n_bad; | |
62e76326 | 204 | |
528b2c61 | 205 | if (hcode == HIER_NONE) |
62e76326 | 206 | return; |
207 | ||
528b2c61 | 208 | n_good = magic_factor / (1.0 + request_failure_ratio); |
62e76326 | 209 | |
528b2c61 | 210 | n_bad = magic_factor - n_good; |
62e76326 | 211 | |
528b2c61 | 212 | switch (etype) { |
62e76326 | 213 | |
528b2c61 | 214 | case ERR_DNS_FAIL: |
62e76326 | 215 | |
528b2c61 | 216 | case ERR_CONNECT_FAIL: |
3712be3f | 217 | case ERR_SECURE_CONNECT_FAIL: |
62e76326 | 218 | |
528b2c61 | 219 | case ERR_READ_ERROR: |
62e76326 | 220 | n_bad++; |
221 | break; | |
222 | ||
528b2c61 | 223 | default: |
62e76326 | 224 | n_good++; |
528b2c61 | 225 | } |
62e76326 | 226 | |
528b2c61 | 227 | request_failure_ratio = n_bad / n_good; |
62e76326 | 228 | |
528b2c61 | 229 | if (hit_only_mode_until > squid_curtime) |
62e76326 | 230 | return; |
231 | ||
528b2c61 | 232 | if (request_failure_ratio < 1.0) |
62e76326 | 233 | return; |
234 | ||
bf8fe701 | 235 | debugs(33, 0, "Failure Ratio at "<< std::setw(4)<< |
236 | std::setprecision(3) << request_failure_ratio); | |
62e76326 | 237 | |
bf8fe701 | 238 | debugs(33, 0, "Going into hit-only-mode for " << |
239 | FAILURE_MODE_TIME / 60 << " minutes..."); | |
62e76326 | 240 | |
528b2c61 | 241 | hit_only_mode_until = squid_curtime + FAILURE_MODE_TIME; |
62e76326 | 242 | |
528b2c61 | 243 | request_failure_ratio = 0.8; /* reset to something less than 1.0 */ |
244 | } | |
245 | ||
246 | ClientHttpRequest::~ClientHttpRequest() | |
247 | { | |
bf8fe701 | 248 | debugs(33, 3, "httpRequestFree: " << uri); |
72bdee4c | 249 | PROF_start(httpRequestFree); |
62e76326 | 250 | |
5f8252d2 | 251 | // Even though freeResources() below may destroy the request, |
252 | // we no longer set request->body_pipe to NULL here | |
253 | // because we did not initiate that pipe (ConnStateData did) | |
62e76326 | 254 | |
528b2c61 | 255 | /* the ICP check here was erroneous |
26ac0430 | 256 | * - StoreEntry::releaseRequest was always called if entry was valid |
528b2c61 | 257 | */ |
258 | assert(logType < LOG_TYPE_MAX); | |
9ce7856a | 259 | |
528b2c61 | 260 | logRequest(); |
9ce7856a | 261 | |
0976f8db | 262 | loggingEntry(NULL); |
263 | ||
528b2c61 | 264 | if (request) |
62e76326 | 265 | checkFailureRatio(request->errType, al.hier.code); |
266 | ||
528b2c61 | 267 | freeResources(); |
62e76326 | 268 | |
a83c6ed6 AR |
269 | #if USE_ADAPTATION |
270 | announceInitiatorAbort(virginHeadSource); | |
9d4d7c5e | 271 | |
a83c6ed6 AR |
272 | if (adaptedBodySource != NULL) |
273 | stopConsumingFrom(adaptedBodySource); | |
de31d06f | 274 | #endif |
9ce7856a | 275 | |
de31d06f | 276 | if (calloutContext) |
277 | delete calloutContext; | |
278 | ||
be364179 AJ |
279 | clientConnection = NULL; |
280 | ||
26ac0430 AJ |
281 | if (conn_) |
282 | cbdataReferenceDone(conn_); | |
1cf238db | 283 | |
528b2c61 | 284 | /* moving to the next connection is handled by the context free */ |
285 | dlinkDelete(&active, &ClientActiveRequests); | |
9ce7856a | 286 | |
72bdee4c | 287 | PROF_stop(httpRequestFree); |
528b2c61 | 288 | } |
62e76326 | 289 | |
11992b6f AJ |
290 | /** |
291 | * Create a request and kick it off | |
292 | * | |
293 | * \retval 0 success | |
294 | * \retval -1 failure | |
295 | * | |
69660be0 | 296 | * TODO: Pass in the buffers to be used in the inital Read request, as they are |
297 | * determined by the user | |
edce4d98 | 298 | */ |
11992b6f | 299 | int |
60745f24 | 300 | clientBeginRequest(const HttpRequestMethod& method, char const *url, CSCB * streamcallback, |
0655fa4d | 301 | CSD * streamdetach, ClientStreamData streamdata, HttpHeader const *header, |
62e76326 | 302 | char *tailbuf, size_t taillen) |
edce4d98 | 303 | { |
304 | size_t url_sz; | |
a0355e95 | 305 | ClientHttpRequest *http = new ClientHttpRequest(NULL); |
190154cf | 306 | HttpRequest *request; |
528b2c61 | 307 | StoreIOBuffer tempBuffer; |
1cf238db | 308 | http->start_time = current_time; |
edce4d98 | 309 | /* this is only used to adjust the connection offset in client_side.c */ |
310 | http->req_sz = 0; | |
c8be6d7b | 311 | tempBuffer.length = taillen; |
312 | tempBuffer.data = tailbuf; | |
edce4d98 | 313 | /* client stream setup */ |
314 | clientStreamInit(&http->client_stream, clientGetMoreData, clientReplyDetach, | |
0655fa4d | 315 | clientReplyStatus, new clientReplyContext(http), streamcallback, |
62e76326 | 316 | streamdetach, streamdata, tempBuffer); |
edce4d98 | 317 | /* make it visible in the 'current acctive requests list' */ |
edce4d98 | 318 | /* Set flags */ |
a46d2c0e | 319 | /* internal requests only makes sense in an |
320 | * accelerator today. TODO: accept flags ? */ | |
321 | http->flags.accel = 1; | |
edce4d98 | 322 | /* allow size for url rewriting */ |
323 | url_sz = strlen(url) + Config.appendDomainLen + 5; | |
e6ccf245 | 324 | http->uri = (char *)xcalloc(url_sz, 1); |
edce4d98 | 325 | strcpy(http->uri, url); |
326 | ||
c21ad0f5 | 327 | if ((request = HttpRequest::CreateFromUrlAndMethod(http->uri, method)) == NULL) { |
bf8fe701 | 328 | debugs(85, 5, "Invalid URL: " << http->uri); |
62e76326 | 329 | return -1; |
edce4d98 | 330 | } |
62e76326 | 331 | |
69660be0 | 332 | /* |
11992b6f | 333 | * now update the headers in request with our supplied headers. urlParse |
69660be0 | 334 | * should return a blank header set, but we use Update to be sure of |
335 | * correctness. | |
edce4d98 | 336 | */ |
337 | if (header) | |
a9925b40 | 338 | request->header.update(header, NULL); |
62e76326 | 339 | |
edce4d98 | 340 | http->log_uri = xstrdup(urlCanonicalClean(request)); |
62e76326 | 341 | |
edce4d98 | 342 | /* http struct now ready */ |
343 | ||
69660be0 | 344 | /* |
345 | * build new header list *? TODO | |
edce4d98 | 346 | */ |
347 | request->flags.accelerated = http->flags.accel; | |
62e76326 | 348 | |
a46d2c0e | 349 | request->flags.internalclient = 1; |
350 | ||
351 | /* this is an internally created | |
352 | * request, not subject to acceleration | |
353 | * target overrides */ | |
69660be0 | 354 | /* |
355 | * FIXME? Do we want to detect and handle internal requests of internal | |
356 | * objects ? | |
357 | */ | |
edce4d98 | 358 | |
359 | /* Internally created requests cannot have bodies today */ | |
360 | request->content_length = 0; | |
62e76326 | 361 | |
cc192b50 | 362 | request->client_addr.SetNoAddr(); |
62e76326 | 363 | |
3d674977 AJ |
364 | #if FOLLOW_X_FORWARDED_FOR |
365 | request->indirect_client_addr.SetNoAddr(); | |
366 | #endif /* FOLLOW_X_FORWARDED_FOR */ | |
26ac0430 | 367 | |
cc192b50 | 368 | request->my_addr.SetNoAddr(); /* undefined for internal requests */ |
62e76326 | 369 | |
cc192b50 | 370 | request->my_addr.SetPort(0); |
62e76326 | 371 | |
3872be7c AJ |
372 | /* Our version is HTTP/1.1 */ |
373 | HttpVersion http_ver(1,1); | |
edce4d98 | 374 | request->http_ver = http_ver; |
62e76326 | 375 | |
6dd9f4bd | 376 | http->request = HTTPMSGLOCK(request); |
edce4d98 | 377 | |
378 | /* optional - skip the access check ? */ | |
de31d06f | 379 | http->calloutContext = new ClientRequestContext(http); |
380 | ||
57abaac0 | 381 | http->calloutContext->http_access_done = false; |
de31d06f | 382 | |
57abaac0 | 383 | http->calloutContext->redirect_done = true; |
de31d06f | 384 | |
57abaac0 | 385 | http->calloutContext->no_cache_done = true; |
de31d06f | 386 | |
387 | http->doCallouts(); | |
62e76326 | 388 | |
edce4d98 | 389 | return 0; |
390 | } | |
391 | ||
de31d06f | 392 | bool |
393 | ClientRequestContext::httpStateIsValid() | |
394 | { | |
395 | ClientHttpRequest *http_ = http; | |
396 | ||
397 | if (cbdataReferenceValid(http_)) | |
398 | return true; | |
399 | ||
400 | http = NULL; | |
401 | ||
402 | cbdataReferenceDone(http_); | |
403 | ||
404 | return false; | |
405 | } | |
406 | ||
3d674977 AJ |
407 | #if FOLLOW_X_FORWARDED_FOR |
408 | /** | |
a9044668 | 409 | * clientFollowXForwardedForCheck() checks the content of X-Forwarded-For: |
3d674977 AJ |
410 | * against the followXFF ACL, or cleans up and passes control to |
411 | * clientAccessCheck(). | |
d096ace1 AJ |
412 | * |
413 | * The trust model here is a little ambiguous. So to clarify the logic: | |
414 | * - we may always use the direct client address as the client IP. | |
a9044668 | 415 | * - these trust tests merey tell whether we trust given IP enough to believe the |
d096ace1 AJ |
416 | * IP string which it appended to the X-Forwarded-For: header. |
417 | * - if at any point we don't trust what an IP adds we stop looking. | |
418 | * - at that point the current contents of indirect_client_addr are the value set | |
419 | * by the last previously trusted IP. | |
420 | * ++ indirect_client_addr contains the remote direct client from the trusted peers viewpoint. | |
3d674977 | 421 | */ |
3d674977 AJ |
422 | static void |
423 | clientFollowXForwardedForCheck(int answer, void *data) | |
424 | { | |
425 | ClientRequestContext *calloutContext = (ClientRequestContext *) data; | |
3d674977 AJ |
426 | |
427 | if (!calloutContext->httpStateIsValid()) | |
428 | return; | |
429 | ||
d096ace1 AJ |
430 | ClientHttpRequest *http = calloutContext->http; |
431 | HttpRequest *request = http->request; | |
432 | ||
3d674977 AJ |
433 | /* |
434 | * answer should be be ACCESS_ALLOWED or ACCESS_DENIED if we are | |
435 | * called as a result of ACL checks, or -1 if we are called when | |
436 | * there's nothing left to do. | |
437 | */ | |
438 | if (answer == ACCESS_ALLOWED && | |
26ac0430 | 439 | request->x_forwarded_for_iterator.size () != 0) { |
d096ace1 | 440 | |
3d674977 | 441 | /* |
d096ace1 AJ |
442 | * Remove the last comma-delimited element from the |
443 | * x_forwarded_for_iterator and use it to repeat the cycle. | |
444 | */ | |
3d674977 AJ |
445 | const char *p; |
446 | const char *asciiaddr; | |
447 | int l; | |
b7ac5457 | 448 | Ip::Address addr; |
bb790702 | 449 | p = request->x_forwarded_for_iterator.termedBuf(); |
3d674977 AJ |
450 | l = request->x_forwarded_for_iterator.size(); |
451 | ||
452 | /* | |
453 | * XXX x_forwarded_for_iterator should really be a list of | |
454 | * IP addresses, but it's a String instead. We have to | |
455 | * walk backwards through the String, biting off the last | |
456 | * comma-delimited part each time. As long as the data is in | |
457 | * a String, we should probably implement and use a variant of | |
458 | * strListGetItem() that walks backwards instead of forwards | |
459 | * through a comma-separated list. But we don't even do that; | |
460 | * we just do the work in-line here. | |
461 | */ | |
462 | /* skip trailing space and commas */ | |
463 | while (l > 0 && (p[l-1] == ',' || xisspace(p[l-1]))) | |
464 | l--; | |
465 | request->x_forwarded_for_iterator.cut(l); | |
466 | /* look for start of last item in list */ | |
467 | while (l > 0 && ! (p[l-1] == ',' || xisspace(p[l-1]))) | |
468 | l--; | |
469 | asciiaddr = p+l; | |
fafd0efa | 470 | if ((addr = asciiaddr)) { |
3d674977 AJ |
471 | request->indirect_client_addr = addr; |
472 | request->x_forwarded_for_iterator.cut(l); | |
d096ace1 AJ |
473 | calloutContext->acl_checklist = clientAclChecklistCreate(Config.accessList.followXFF, http); |
474 | if (!Config.onoff.acl_uses_indirect_client) { | |
475 | /* override the default src_addr tested if we have to go deeper than one level into XFF */ | |
476 | Filled(calloutContext->acl_checklist)->src_addr = request->indirect_client_addr; | |
3d674977 | 477 | } |
d096ace1 | 478 | calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data); |
3d674977 AJ |
479 | return; |
480 | } | |
481 | } /*if (answer == ACCESS_ALLOWED && | |
482 | request->x_forwarded_for_iterator.size () != 0)*/ | |
483 | ||
484 | /* clean up, and pass control to clientAccessCheck */ | |
26ac0430 | 485 | if (Config.onoff.log_uses_indirect_client) { |
3d674977 AJ |
486 | /* |
487 | * Ensure that the access log shows the indirect client | |
488 | * instead of the direct client. | |
489 | */ | |
490 | ConnStateData *conn = http->getConn(); | |
491 | conn->log_addr = request->indirect_client_addr; | |
492 | } | |
493 | request->x_forwarded_for_iterator.clean(); | |
494 | request->flags.done_follow_x_forwarded_for = 1; | |
495 | ||
d096ace1 AJ |
496 | if (answer != ACCESS_ALLOWED && answer != ACCESS_DENIED) { |
497 | debugs(28, DBG_CRITICAL, "ERROR: Processing X-Forwarded-For. Stopping at IP address: " << request->indirect_client_addr ); | |
493d3865 AJ |
498 | } |
499 | ||
500 | /* process actual access ACL as normal. */ | |
501 | calloutContext->clientAccessCheck(); | |
3d674977 AJ |
502 | } |
503 | #endif /* FOLLOW_X_FORWARDED_FOR */ | |
504 | ||
edce4d98 | 505 | /* This is the entry point for external users of the client_side routines */ |
506 | void | |
de31d06f | 507 | ClientRequestContext::clientAccessCheck() |
edce4d98 | 508 | { |
3d674977 AJ |
509 | #if FOLLOW_X_FORWARDED_FOR |
510 | if (!http->request->flags.done_follow_x_forwarded_for && | |
26ac0430 AJ |
511 | Config.accessList.followXFF && |
512 | http->request->header.has(HDR_X_FORWARDED_FOR)) { | |
d096ace1 AJ |
513 | |
514 | /* we always trust the direct client address for actual use */ | |
515 | http->request->indirect_client_addr = http->request->client_addr; | |
fafd0efa | 516 | http->request->indirect_client_addr.SetPort(0); |
d096ace1 AJ |
517 | |
518 | /* setup the XFF iterator for processing */ | |
519 | http->request->x_forwarded_for_iterator = http->request->header.getList(HDR_X_FORWARDED_FOR); | |
520 | ||
521 | /* begin by checking to see if we trust direct client enough to walk XFF */ | |
522 | acl_checklist = clientAclChecklistCreate(Config.accessList.followXFF, http); | |
523 | acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, this); | |
3d674977 AJ |
524 | return; |
525 | } | |
526 | #endif /* FOLLOW_X_FORWARDED_FOR */ | |
493d3865 | 527 | |
b50e327b AJ |
528 | if (Config.accessList.http) { |
529 | acl_checklist = clientAclChecklistCreate(Config.accessList.http, http); | |
530 | acl_checklist->nonBlockingCheck(clientAccessCheckDoneWrapper, this); | |
531 | } else { | |
532 | debugs(0, DBG_CRITICAL, "No http_access configuration found. This will block ALL traffic"); | |
533 | clientAccessCheckDone(ACCESS_DENIED); | |
534 | } | |
edce4d98 | 535 | } |
536 | ||
533493da AJ |
537 | /** |
538 | * Identical in operation to clientAccessCheck() but performed later using different configured ACL list. | |
539 | * The default here is to allow all. Since the earlier http_access should do a default deny all. | |
540 | * This check is just for a last-minute denial based on adapted request headers. | |
541 | */ | |
542 | void | |
543 | ClientRequestContext::clientAccessCheck2() | |
544 | { | |
545 | if (Config.accessList.adapted_http) { | |
546 | acl_checklist = clientAclChecklistCreate(Config.accessList.adapted_http, http); | |
547 | acl_checklist->nonBlockingCheck(clientAccessCheckDoneWrapper, this); | |
548 | } else { | |
327e2131 | 549 | debugs(85, 2, HERE << "No adapted_http_access configuration. default: ALLOW"); |
533493da AJ |
550 | clientAccessCheckDone(ACCESS_ALLOWED); |
551 | } | |
552 | } | |
553 | ||
edce4d98 | 554 | void |
de31d06f | 555 | clientAccessCheckDoneWrapper(int answer, void *data) |
edce4d98 | 556 | { |
de31d06f | 557 | ClientRequestContext *calloutContext = (ClientRequestContext *) data; |
fbade053 | 558 | |
de31d06f | 559 | if (!calloutContext->httpStateIsValid()) |
62e76326 | 560 | return; |
62e76326 | 561 | |
de31d06f | 562 | calloutContext->clientAccessCheckDone(answer); |
563 | } | |
564 | ||
565 | void | |
566 | ClientRequestContext::clientAccessCheckDone(int answer) | |
567 | { | |
568 | acl_checklist = NULL; | |
edce4d98 | 569 | err_type page_id; |
570 | http_status status; | |
26ac0430 AJ |
571 | debugs(85, 2, "The request " << |
572 | RequestMethodStr(http->request->method) << " " << | |
573 | http->uri << " is " << | |
574 | (answer == ACCESS_ALLOWED ? "ALLOWED" : "DENIED") << | |
575 | ", because it matched '" << | |
576 | (AclMatchedName ? AclMatchedName : "NO ACL's") << "'" ); | |
f5691f9c | 577 | char const *proxy_auth_msg = "<null>"; |
578 | ||
94a396a3 | 579 | if (http->getConn() != NULL && http->getConn()->auth_user_request != NULL) |
f5691f9c | 580 | proxy_auth_msg = http->getConn()->auth_user_request->denyMessage("<null>"); |
581 | else if (http->request->auth_user_request != NULL) | |
582 | proxy_auth_msg = http->request->auth_user_request->denyMessage("<null>"); | |
62e76326 | 583 | |
de31d06f | 584 | if (answer != ACCESS_ALLOWED) { |
62e76326 | 585 | /* Send an error */ |
9ce7856a | 586 | int require_auth = (answer == ACCESS_REQ_PROXY_AUTH || aclIsProxyAuth(AclMatchedName)); |
bf8fe701 | 587 | debugs(85, 5, "Access Denied: " << http->uri); |
588 | debugs(85, 5, "AclMatchedName = " << (AclMatchedName ? AclMatchedName : "<null>")); | |
9ce7856a | 589 | |
590 | if (require_auth) | |
bf8fe701 | 591 | debugs(33, 5, "Proxy Auth Message = " << (proxy_auth_msg ? proxy_auth_msg : "<null>")); |
9ce7856a | 592 | |
62e76326 | 593 | /* |
594 | * NOTE: get page_id here, based on AclMatchedName because if | |
595 | * USE_DELAY_POOLS is enabled, then AclMatchedName gets clobbered in | |
596 | * the clientCreateStoreEntry() call just below. Pedro Ribeiro | |
597 | * <pribeiro@isel.pt> | |
598 | */ | |
9ce7856a | 599 | page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName, answer != ACCESS_REQ_PROXY_AUTH); |
600 | ||
62e76326 | 601 | http->logType = LOG_TCP_DENIED; |
602 | ||
9ce7856a | 603 | if (require_auth) { |
62e76326 | 604 | if (!http->flags.accel) { |
605 | /* Proxy authorisation needed */ | |
606 | status = HTTP_PROXY_AUTHENTICATION_REQUIRED; | |
607 | } else { | |
608 | /* WWW authorisation needed */ | |
609 | status = HTTP_UNAUTHORIZED; | |
610 | } | |
611 | ||
612 | if (page_id == ERR_NONE) | |
613 | page_id = ERR_CACHE_ACCESS_DENIED; | |
614 | } else { | |
615 | status = HTTP_FORBIDDEN; | |
616 | ||
617 | if (page_id == ERR_NONE) | |
618 | page_id = ERR_ACCESS_DENIED; | |
619 | } | |
620 | ||
de31d06f | 621 | clientStreamNode *node = (clientStreamNode *)http->client_stream.tail->prev->data; |
0655fa4d | 622 | clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw()); |
623 | assert (repContext); | |
b7ac5457 | 624 | Ip::Address tmpnoaddr; |
26ac0430 | 625 | tmpnoaddr.SetNoAddr(); |
0655fa4d | 626 | repContext->setReplyToError(page_id, status, |
627 | http->request->method, NULL, | |
be364179 | 628 | http->getConn() != NULL ? http->getConn()->clientConn->remote : tmpnoaddr, |
cc192b50 | 629 | http->request, |
630 | NULL, | |
a33a428a | 631 | http->getConn() != NULL && http->getConn()->auth_user_request != NULL ? |
cc192b50 | 632 | http->getConn()->auth_user_request : http->request->auth_user_request); |
633 | ||
62e76326 | 634 | node = (clientStreamNode *)http->client_stream.tail->data; |
635 | clientStreamRead(node, http, node->readBuffer); | |
a546b04b | 636 | return; |
edce4d98 | 637 | } |
de31d06f | 638 | |
639 | /* ACCESS_ALLOWED continues here ... */ | |
640 | safe_free(http->uri); | |
641 | ||
642 | http->uri = xstrdup(urlCanonical(http->request)); | |
643 | ||
644 | http->doCallouts(); | |
645 | } | |
646 | ||
a83c6ed6 | 647 | #if USE_ADAPTATION |
de31d06f | 648 | static void |
a22e6cd3 | 649 | adaptationAclCheckDoneWrapper(Adaptation::ServiceGroupPointer g, void *data) |
de31d06f | 650 | { |
651 | ClientRequestContext *calloutContext = (ClientRequestContext *)data; | |
652 | ||
653 | if (!calloutContext->httpStateIsValid()) | |
654 | return; | |
655 | ||
a22e6cd3 | 656 | calloutContext->adaptationAclCheckDone(g); |
de31d06f | 657 | } |
658 | ||
659 | void | |
a22e6cd3 | 660 | ClientRequestContext::adaptationAclCheckDone(Adaptation::ServiceGroupPointer g) |
de31d06f | 661 | { |
a83c6ed6 | 662 | debugs(93,3,HERE << this << " adaptationAclCheckDone called"); |
6ec67de9 | 663 | assert(http); |
664 | ||
e1381638 | 665 | #if ICAP_CLIENT |
3ff65596 | 666 | Adaptation::Icap::History::Pointer ih = http->request->icapHistory(); |
e1381638 AJ |
667 | if (ih != NULL) { |
668 | if (http->getConn() != NULL) { | |
3ff65596 | 669 | ih->rfc931 = http->getConn()->rfc931; |
e1381638 | 670 | #if USE_SSL |
5c336a3b AJ |
671 | assert(http->getConn()->clientConn != NULL); |
672 | ih->ssluser = sslGetUserEmail(fd_table[http->getConn()->clientConn->fd].ssl); | |
e1381638 | 673 | #endif |
3ff65596 AR |
674 | } |
675 | ih->log_uri = http->log_uri; | |
676 | ih->req_sz = http->req_sz; | |
677 | } | |
678 | #endif | |
679 | ||
a22e6cd3 AR |
680 | if (!g) { |
681 | debugs(85,3, HERE << "no adaptation needed"); | |
5f8252d2 | 682 | http->doCallouts(); |
683 | return; | |
684 | } | |
de31d06f | 685 | |
a22e6cd3 | 686 | http->startAdaptation(g); |
edce4d98 | 687 | } |
688 | ||
de31d06f | 689 | #endif |
690 | ||
14cc8559 | 691 | static void |
692 | clientRedirectAccessCheckDone(int answer, void *data) | |
693 | { | |
694 | ClientRequestContext *context = (ClientRequestContext *)data; | |
59a1efb2 | 695 | ClientHttpRequest *http = context->http; |
14cc8559 | 696 | context->acl_checklist = NULL; |
697 | ||
698 | if (answer == ACCESS_ALLOWED) | |
de31d06f | 699 | redirectStart(http, clientRedirectDoneWrapper, context); |
14cc8559 | 700 | else |
de31d06f | 701 | context->clientRedirectDone(NULL); |
14cc8559 | 702 | } |
703 | ||
de31d06f | 704 | void |
705 | ClientRequestContext::clientRedirectStart() | |
14cc8559 | 706 | { |
bf8fe701 | 707 | debugs(33, 5, "clientRedirectStart: '" << http->uri << "'"); |
14cc8559 | 708 | |
14cc8559 | 709 | if (Config.accessList.redirector) { |
de31d06f | 710 | acl_checklist = clientAclChecklistCreate(Config.accessList.redirector, http); |
711 | acl_checklist->nonBlockingCheck(clientRedirectAccessCheckDone, this); | |
14cc8559 | 712 | } else |
de31d06f | 713 | redirectStart(http, clientRedirectDoneWrapper, this); |
14cc8559 | 714 | } |
715 | ||
edce4d98 | 716 | static int |
59a1efb2 | 717 | clientHierarchical(ClientHttpRequest * http) |
edce4d98 | 718 | { |
719 | const char *url = http->uri; | |
190154cf | 720 | HttpRequest *request = http->request; |
60745f24 | 721 | HttpRequestMethod method = request->method; |
edce4d98 | 722 | const wordlist *p = NULL; |
723 | ||
69660be0 | 724 | /* |
725 | * IMS needs a private key, so we can use the hierarchy for IMS only if our | |
726 | * neighbors support private keys | |
727 | */ | |
62e76326 | 728 | |
edce4d98 | 729 | if (request->flags.ims && !neighbors_do_private_keys) |
62e76326 | 730 | return 0; |
731 | ||
69660be0 | 732 | /* |
733 | * This is incorrect: authenticating requests can be sent via a hierarchy | |
06b97e72 | 734 | * (they can even be cached if the correct headers are set on the reply) |
edce4d98 | 735 | */ |
736 | if (request->flags.auth) | |
62e76326 | 737 | return 0; |
738 | ||
edce4d98 | 739 | if (method == METHOD_TRACE) |
62e76326 | 740 | return 1; |
741 | ||
edce4d98 | 742 | if (method != METHOD_GET) |
62e76326 | 743 | return 0; |
744 | ||
edce4d98 | 745 | /* scan hierarchy_stoplist */ |
746 | for (p = Config.hierarchy_stoplist; p; p = p->next) | |
62e76326 | 747 | if (strstr(url, p->key)) |
748 | return 0; | |
749 | ||
edce4d98 | 750 | if (request->flags.loopdetect) |
62e76326 | 751 | return 0; |
752 | ||
edce4d98 | 753 | if (request->protocol == PROTO_HTTP) |
62e76326 | 754 | return httpCachable(method); |
755 | ||
edce4d98 | 756 | if (request->protocol == PROTO_GOPHER) |
62e76326 | 757 | return gopherCachable(request); |
758 | ||
edce4d98 | 759 | if (request->protocol == PROTO_CACHEOBJ) |
62e76326 | 760 | return 0; |
761 | ||
edce4d98 | 762 | return 1; |
763 | } | |
764 | ||
765 | ||
46a1f562 HN |
766 | static void |
767 | clientCheckPinning(ClientHttpRequest * http) | |
768 | { | |
769 | HttpRequest *request = http->request; | |
770 | HttpHeader *req_hdr = &request->header; | |
771 | ConnStateData *http_conn = http->getConn(); | |
772 | ||
773 | /* Internal requests such as those from ESI includes may be without | |
774 | * a client connection | |
775 | */ | |
776 | if (!http_conn) | |
f54f527e | 777 | return; |
46a1f562 HN |
778 | |
779 | request->flags.connection_auth_disabled = http_conn->port->connection_auth_disabled; | |
780 | if (!request->flags.connection_auth_disabled) { | |
781 | if (http_conn->pinning.fd != -1) { | |
782 | if (http_conn->pinning.auth) { | |
783 | request->flags.connection_auth = 1; | |
784 | request->flags.auth = 1; | |
785 | } else { | |
786 | request->flags.connection_proxy_auth = 1; | |
787 | } | |
788 | request->setPinnedConnection(http_conn); | |
789 | } | |
790 | } | |
791 | ||
792 | /* check if connection auth is used, and flag as candidate for pinning | |
793 | * in such case. | |
794 | * Note: we may need to set flags.connection_auth even if the connection | |
795 | * is already pinned if it was pinned earlier due to proxy auth | |
796 | */ | |
797 | if (!request->flags.connection_auth) { | |
798 | if (req_hdr->has(HDR_AUTHORIZATION) || req_hdr->has(HDR_PROXY_AUTHORIZATION)) { | |
799 | HttpHeaderPos pos = HttpHeaderInitPos; | |
800 | HttpHeaderEntry *e; | |
801 | int may_pin = 0; | |
802 | while ((e = req_hdr->getEntry(&pos))) { | |
803 | if (e->id == HDR_AUTHORIZATION || e->id == HDR_PROXY_AUTHORIZATION) { | |
804 | const char *value = e->value.rawBuf(); | |
805 | if (strncasecmp(value, "NTLM ", 5) == 0 | |
806 | || | |
807 | strncasecmp(value, "Negotiate ", 10) == 0 | |
808 | || | |
809 | strncasecmp(value, "Kerberos ", 9) == 0) { | |
810 | if (e->id == HDR_AUTHORIZATION) { | |
811 | request->flags.connection_auth = 1; | |
812 | may_pin = 1; | |
813 | } else { | |
814 | request->flags.connection_proxy_auth = 1; | |
815 | may_pin = 1; | |
816 | } | |
817 | } | |
818 | } | |
819 | } | |
820 | if (may_pin && !request->pinnedConnection()) { | |
821 | request->setPinnedConnection(http->getConn()); | |
822 | } | |
823 | } | |
824 | } | |
825 | } | |
826 | ||
edce4d98 | 827 | static void |
59a1efb2 | 828 | clientInterpretRequestHeaders(ClientHttpRequest * http) |
edce4d98 | 829 | { |
190154cf | 830 | HttpRequest *request = http->request; |
0ef77270 | 831 | HttpHeader *req_hdr = &request->header; |
edce4d98 | 832 | int no_cache = 0; |
edce4d98 | 833 | const char *str; |
62e76326 | 834 | |
edce4d98 | 835 | request->imslen = -1; |
a9925b40 | 836 | request->ims = req_hdr->getTime(HDR_IF_MODIFIED_SINCE); |
62e76326 | 837 | |
edce4d98 | 838 | if (request->ims > 0) |
62e76326 | 839 | request->flags.ims = 1; |
840 | ||
432bc83c HN |
841 | if (!request->flags.ignore_cc) { |
842 | if (req_hdr->has(HDR_PRAGMA)) { | |
843 | String s = req_hdr->getList(HDR_PRAGMA); | |
62e76326 | 844 | |
432bc83c HN |
845 | if (strListIsMember(&s, "no-cache", ',')) |
846 | no_cache++; | |
30abd221 | 847 | |
432bc83c HN |
848 | s.clean(); |
849 | } | |
62e76326 | 850 | |
432bc83c HN |
851 | if (request->cache_control) |
852 | if (EBIT_TEST(request->cache_control->mask, CC_NO_CACHE)) | |
853 | no_cache++; | |
62e76326 | 854 | |
432bc83c HN |
855 | /* |
856 | * Work around for supporting the Reload button in IE browsers when Squid | |
857 | * is used as an accelerator or transparent proxy, by turning accelerated | |
858 | * IMS request to no-cache requests. Now knows about IE 5.5 fix (is | |
859 | * actually only fixed in SP1, but we can't tell whether we are talking to | |
860 | * SP1 or not so all 5.5 versions are treated 'normally'). | |
861 | */ | |
862 | if (Config.onoff.ie_refresh) { | |
863 | if (http->flags.accel && request->flags.ims) { | |
864 | if ((str = req_hdr->getStr(HDR_USER_AGENT))) { | |
865 | if (strstr(str, "MSIE 5.01") != NULL) | |
866 | no_cache++; | |
867 | else if (strstr(str, "MSIE 5.0") != NULL) | |
868 | no_cache++; | |
869 | else if (strstr(str, "MSIE 4.") != NULL) | |
870 | no_cache++; | |
871 | else if (strstr(str, "MSIE 3.") != NULL) | |
872 | no_cache++; | |
873 | } | |
62e76326 | 874 | } |
875 | } | |
edce4d98 | 876 | } |
914b89a2 | 877 | |
878 | if (request->method == METHOD_OTHER) { | |
26ac0430 | 879 | no_cache++; |
60745f24 | 880 | } |
62e76326 | 881 | |
edce4d98 | 882 | if (no_cache) { |
626096be | 883 | #if USE_HTTP_VIOLATIONS |
62e76326 | 884 | |
885 | if (Config.onoff.reload_into_ims) | |
886 | request->flags.nocache_hack = 1; | |
887 | else if (refresh_nocache_hack) | |
888 | request->flags.nocache_hack = 1; | |
889 | else | |
edce4d98 | 890 | #endif |
62e76326 | 891 | |
892 | request->flags.nocache = 1; | |
edce4d98 | 893 | } |
62e76326 | 894 | |
0ef77270 | 895 | /* ignore range header in non-GETs or non-HEADs */ |
896 | if (request->method == METHOD_GET || request->method == METHOD_HEAD) { | |
56713d9a AR |
897 | // XXX: initialize if we got here without HttpRequest::parseHeader() |
898 | if (!request->range) | |
899 | request->range = req_hdr->getRange(); | |
62e76326 | 900 | |
901 | if (request->range) { | |
902 | request->flags.range = 1; | |
903 | clientStreamNode *node = (clientStreamNode *)http->client_stream.tail->data; | |
904 | /* XXX: This is suboptimal. We should give the stream the range set, | |
905 | * and thereby let the top of the stream set the offset when the | |
26ac0430 | 906 | * size becomes known. As it is, we will end up requesting from 0 |
62e76326 | 907 | * for evey -X range specification. |
908 | * RBC - this may be somewhat wrong. We should probably set the range | |
909 | * iter up at this point. | |
910 | */ | |
911 | node->readBuffer.offset = request->range->lowestOffset(0); | |
912 | http->range_iter.pos = request->range->begin(); | |
913 | http->range_iter.valid = true; | |
914 | } | |
edce4d98 | 915 | } |
62e76326 | 916 | |
0ef77270 | 917 | /* Only HEAD and GET requests permit a Range or Request-Range header. |
918 | * If these headers appear on any other type of request, delete them now. | |
919 | */ | |
920 | else { | |
921 | req_hdr->delById(HDR_RANGE); | |
922 | req_hdr->delById(HDR_REQUEST_RANGE); | |
56713d9a | 923 | delete request->range; |
0ef77270 | 924 | request->range = NULL; |
925 | } | |
926 | ||
a9925b40 | 927 | if (req_hdr->has(HDR_AUTHORIZATION)) |
62e76326 | 928 | request->flags.auth = 1; |
929 | ||
46a1f562 | 930 | clientCheckPinning(http); |
d67acb4e | 931 | |
edce4d98 | 932 | if (request->login[0] != '\0') |
62e76326 | 933 | request->flags.auth = 1; |
934 | ||
a9925b40 | 935 | if (req_hdr->has(HDR_VIA)) { |
30abd221 | 936 | String s = req_hdr->getList(HDR_VIA); |
62e76326 | 937 | /* |
938 | * ThisCache cannot be a member of Via header, "1.0 ThisCache" can. | |
939 | * Note ThisCache2 has a space prepended to the hostname so we don't | |
940 | * accidentally match super-domains. | |
941 | */ | |
942 | ||
943 | if (strListIsSubstr(&s, ThisCache2, ',')) { | |
944 | debugObj(33, 1, "WARNING: Forwarding loop detected for:\n", | |
945 | request, (ObjPackMethod) & httpRequestPack); | |
946 | request->flags.loopdetect = 1; | |
947 | } | |
948 | ||
21f6708d | 949 | #if USE_FORW_VIA_DB |
bb790702 | 950 | fvdbCountVia(s.termedBuf()); |
62e76326 | 951 | |
edce4d98 | 952 | #endif |
62e76326 | 953 | |
30abd221 | 954 | s.clean(); |
edce4d98 | 955 | } |
62e76326 | 956 | |
26ac0430 AJ |
957 | /** |
958 | \todo --enable-useragent-log and --enable-referer-log. We should | |
959 | probably drop those two as the custom log formats accomplish pretty much the same thing.. | |
960 | */ | |
edce4d98 | 961 | #if USE_USERAGENT_LOG |
a9925b40 | 962 | if ((str = req_hdr->getStr(HDR_USER_AGENT))) |
b4306cba | 963 | logUserAgent(fqdnFromAddr(http->getConn()->log_addr), str); |
62e76326 | 964 | |
edce4d98 | 965 | #endif |
966 | #if USE_REFERER_LOG | |
62e76326 | 967 | |
a9925b40 | 968 | if ((str = req_hdr->getStr(HDR_REFERER))) |
b4306cba | 969 | logReferer(fqdnFromAddr(http->getConn()->log_addr), str, http->log_uri); |
62e76326 | 970 | |
edce4d98 | 971 | #endif |
21f6708d | 972 | #if USE_FORW_VIA_DB |
62e76326 | 973 | |
a9925b40 | 974 | if (req_hdr->has(HDR_X_FORWARDED_FOR)) { |
30abd221 | 975 | String s = req_hdr->getList(HDR_X_FORWARDED_FOR); |
bb790702 | 976 | fvdbCountForw(s.termedBuf()); |
30abd221 | 977 | s.clean(); |
edce4d98 | 978 | } |
62e76326 | 979 | |
edce4d98 | 980 | #endif |
62e76326 | 981 | |
610ee341 | 982 | request->flags.cachable = http->request->cacheable(); |
62e76326 | 983 | |
edce4d98 | 984 | if (clientHierarchical(http)) |
62e76326 | 985 | request->flags.hierarchical = 1; |
986 | ||
bf8fe701 | 987 | debugs(85, 5, "clientInterpretRequestHeaders: REQ_NOCACHE = " << |
988 | (request->flags.nocache ? "SET" : "NOT SET")); | |
989 | debugs(85, 5, "clientInterpretRequestHeaders: REQ_CACHABLE = " << | |
990 | (request->flags.cachable ? "SET" : "NOT SET")); | |
991 | debugs(85, 5, "clientInterpretRequestHeaders: REQ_HIERARCHICAL = " << | |
992 | (request->flags.hierarchical ? "SET" : "NOT SET")); | |
62e76326 | 993 | |
edce4d98 | 994 | } |
995 | ||
996 | void | |
de31d06f | 997 | clientRedirectDoneWrapper(void *data, char *result) |
edce4d98 | 998 | { |
de31d06f | 999 | ClientRequestContext *calloutContext = (ClientRequestContext *)data; |
db02222f | 1000 | |
de31d06f | 1001 | if (!calloutContext->httpStateIsValid()) |
62e76326 | 1002 | return; |
62e76326 | 1003 | |
de31d06f | 1004 | calloutContext->clientRedirectDone(result); |
1005 | } | |
1006 | ||
1007 | void | |
1008 | ClientRequestContext::clientRedirectDone(char *result) | |
1009 | { | |
190154cf | 1010 | HttpRequest *new_request = NULL; |
1011 | HttpRequest *old_request = http->request; | |
bf8fe701 | 1012 | debugs(85, 5, "clientRedirectDone: '" << http->uri << "' result=" << (result ? result : "NULL")); |
de31d06f | 1013 | assert(redirect_state == REDIRECT_PENDING); |
1014 | redirect_state = REDIRECT_DONE; | |
62e76326 | 1015 | |
edce4d98 | 1016 | if (result) { |
62e76326 | 1017 | http_status status = (http_status) atoi(result); |
1018 | ||
1019 | if (status == HTTP_MOVED_PERMANENTLY | |
1020 | || status == HTTP_MOVED_TEMPORARILY | |
1021 | || status == HTTP_SEE_OTHER | |
1022 | || status == HTTP_TEMPORARY_REDIRECT) { | |
1023 | char *t = result; | |
1024 | ||
1025 | if ((t = strchr(result, ':')) != NULL) { | |
1026 | http->redirect.status = status; | |
1027 | http->redirect.location = xstrdup(t + 1); | |
e5b677f0 | 1028 | // TODO: validate the URL produced here is RFC 2616 compliant absolute URI |
62e76326 | 1029 | } else { |
e5b677f0 AJ |
1030 | if (old_request->http_ver < HttpVersion(1,1)) |
1031 | debugs(85, DBG_CRITICAL, "ERROR: URL-rewrite produces invalid 302 redirect Location: " << result); | |
1032 | else | |
1033 | debugs(85, DBG_CRITICAL, "ERROR: URL-rewrite produces invalid 303 redirect Location: " << result); | |
62e76326 | 1034 | } |
e5b677f0 AJ |
1035 | } else if (strcmp(result, http->uri)) { |
1036 | if (!(new_request = HttpRequest::CreateFromUrlAndMethod(result, old_request->method))) | |
1037 | debugs(85, DBG_CRITICAL, "ERROR: URL-rewrite produces invalid request: " << | |
1038 | old_request->method << " " << result << " HTTP/1.1"); | |
74b48915 | 1039 | } |
edce4d98 | 1040 | } |
62e76326 | 1041 | |
edce4d98 | 1042 | if (new_request) { |
62e76326 | 1043 | safe_free(http->uri); |
1044 | http->uri = xstrdup(urlCanonical(new_request)); | |
1045 | new_request->http_ver = old_request->http_ver; | |
a9925b40 | 1046 | new_request->header.append(&old_request->header); |
62e76326 | 1047 | new_request->client_addr = old_request->client_addr; |
3d674977 AJ |
1048 | #if FOLLOW_X_FORWARDED_FOR |
1049 | new_request->indirect_client_addr = old_request->indirect_client_addr; | |
1050 | #endif /* FOLLOW_X_FORWARDED_FOR */ | |
62e76326 | 1051 | new_request->my_addr = old_request->my_addr; |
62e76326 | 1052 | new_request->flags = old_request->flags; |
3c1f01bc | 1053 | new_request->flags.redirected = 1; |
a33a428a | 1054 | new_request->auth_user_request = old_request->auth_user_request; |
62e76326 | 1055 | |
5f8252d2 | 1056 | if (old_request->body_pipe != NULL) { |
1057 | new_request->body_pipe = old_request->body_pipe; | |
1058 | old_request->body_pipe = NULL; | |
1059 | debugs(0,0,HERE << "redirecting body_pipe " << new_request->body_pipe << " from request " << old_request << " to " << new_request); | |
62e76326 | 1060 | } |
1061 | ||
1062 | new_request->content_length = old_request->content_length; | |
abb929f0 | 1063 | new_request->extacl_user = old_request->extacl_user; |
1064 | new_request->extacl_passwd = old_request->extacl_passwd; | |
62e76326 | 1065 | new_request->flags.proxy_keepalive = old_request->flags.proxy_keepalive; |
6dd9f4bd | 1066 | HTTPMSGUNLOCK(old_request); |
1067 | http->request = HTTPMSGLOCK(new_request); | |
edce4d98 | 1068 | } |
62e76326 | 1069 | |
edce4d98 | 1070 | /* FIXME PIPELINE: This is innacurate during pipelining */ |
62e76326 | 1071 | |
5c336a3b AJ |
1072 | if (http->getConn() != NULL && Comm::IsConnOpen(http->getConn()->clientConn)) |
1073 | fd_note(http->getConn()->clientConn->fd, http->uri); | |
62e76326 | 1074 | |
c8be6d7b | 1075 | assert(http->uri); |
62e76326 | 1076 | |
de31d06f | 1077 | http->doCallouts(); |
edce4d98 | 1078 | } |
1079 | ||
b50e327b AJ |
1080 | /** Test cache allow/deny configuration |
1081 | * Sets flags.cachable=1 if caching is not denied. | |
1082 | */ | |
edce4d98 | 1083 | void |
8e2745f4 | 1084 | ClientRequestContext::checkNoCache() |
edce4d98 | 1085 | { |
b50e327b AJ |
1086 | if (Config.accessList.noCache) { |
1087 | acl_checklist = clientAclChecklistCreate(Config.accessList.noCache, http); | |
1088 | acl_checklist->nonBlockingCheck(checkNoCacheDoneWrapper, this); | |
1089 | } else { | |
1090 | /* unless otherwise specified, we try to cache. */ | |
1091 | checkNoCacheDone(1); | |
1092 | } | |
edce4d98 | 1093 | } |
1094 | ||
de31d06f | 1095 | static void |
1096 | checkNoCacheDoneWrapper(int answer, void *data) | |
edce4d98 | 1097 | { |
de31d06f | 1098 | ClientRequestContext *calloutContext = (ClientRequestContext *) data; |
e4a67a80 | 1099 | |
de31d06f | 1100 | if (!calloutContext->httpStateIsValid()) |
1101 | return; | |
1102 | ||
1103 | calloutContext->checkNoCacheDone(answer); | |
8e2745f4 | 1104 | } |
4fb35c3c | 1105 | |
8e2745f4 | 1106 | void |
1107 | ClientRequestContext::checkNoCacheDone(int answer) | |
62e76326 | 1108 | { |
8e2745f4 | 1109 | acl_checklist = NULL; |
de31d06f | 1110 | http->request->flags.cachable = answer; |
1111 | http->doCallouts(); | |
edce4d98 | 1112 | } |
1113 | ||
69660be0 | 1114 | /* |
1115 | * Identify requests that do not go through the store and client side stream | |
1116 | * and forward them to the appropriate location. All other requests, request | |
1117 | * them. | |
edce4d98 | 1118 | */ |
1119 | void | |
8e2745f4 | 1120 | ClientHttpRequest::processRequest() |
edce4d98 | 1121 | { |
60745f24 | 1122 | debugs(85, 4, "clientProcessRequest: " << RequestMethodStr(request->method) << " '" << uri << "'"); |
62e76326 | 1123 | |
3712be3f | 1124 | #if USE_SSL |
1125 | if (request->method == METHOD_CONNECT && sslBumpNeeded()) { | |
1126 | sslBumpStart(); | |
1127 | return; | |
1128 | } | |
1129 | #endif | |
1130 | ||
2baf58c3 | 1131 | if (request->method == METHOD_CONNECT && !redirect.status) { |
62e76326 | 1132 | logType = LOG_TCP_MISS; |
f84dd7eb | 1133 | getConn()->stopReading(); // tunnels read for themselves |
11007d4b | 1134 | tunnelStart(this, &out.size, &al.http.code); |
62e76326 | 1135 | return; |
edce4d98 | 1136 | } |
62e76326 | 1137 | |
8e2745f4 | 1138 | httpStart(); |
1139 | } | |
1140 | ||
1141 | void | |
1142 | ClientHttpRequest::httpStart() | |
1143 | { | |
559da936 | 1144 | PROF_start(httpStart); |
8e2745f4 | 1145 | logType = LOG_TAG_NONE; |
bf8fe701 | 1146 | debugs(85, 4, "ClientHttpRequest::httpStart: " << log_tags[logType] << " for '" << uri << "'"); |
1147 | ||
edce4d98 | 1148 | /* no one should have touched this */ |
8e2745f4 | 1149 | assert(out.offset == 0); |
edce4d98 | 1150 | /* Use the Stream Luke */ |
8e2745f4 | 1151 | clientStreamNode *node = (clientStreamNode *)client_stream.tail->data; |
1152 | clientStreamRead(node, this, node->readBuffer); | |
559da936 | 1153 | PROF_stop(httpStart); |
edce4d98 | 1154 | } |
0655fa4d | 1155 | |
3712be3f | 1156 | #if USE_SSL |
1157 | ||
1158 | // determines whether we should bump the CONNECT request | |
1159 | bool | |
26ac0430 AJ |
1160 | ClientHttpRequest::sslBumpNeeded() const |
1161 | { | |
3712be3f | 1162 | if (!getConn()->port->sslBump || !Config.accessList.ssl_bump) |
1163 | return false; | |
1164 | ||
1165 | debugs(85, 5, HERE << "SslBump possible, checking ACL"); | |
1166 | ||
c0941a6a | 1167 | ACLFilledChecklist check(Config.accessList.ssl_bump, request, NULL); |
3712be3f | 1168 | check.src_addr = request->client_addr; |
26ac0430 | 1169 | check.my_addr = request->my_addr; |
26ac0430 | 1170 | return check.fastCheck() == 1; |
3712be3f | 1171 | } |
1172 | ||
1173 | // called when comm_write has completed | |
1174 | static void | |
e0d28505 | 1175 | SslBumpEstablish(const Comm::ConnectionPointer &, char *, size_t, comm_err_t errflag, int, void *data) |
3712be3f | 1176 | { |
1177 | ClientHttpRequest *r = static_cast<ClientHttpRequest*>(data); | |
1178 | debugs(85, 5, HERE << "responded to CONNECT: " << r << " ? " << errflag); | |
1179 | ||
1180 | assert(r && cbdataReferenceValid(r)); | |
1181 | r->sslBumpEstablish(errflag); | |
1182 | } | |
1183 | ||
1184 | void | |
1185 | ClientHttpRequest::sslBumpEstablish(comm_err_t errflag) | |
1186 | { | |
1187 | // Bail out quickly on COMM_ERR_CLOSING - close handlers will tidy up | |
1188 | if (errflag == COMM_ERR_CLOSING) | |
1189 | return; | |
1190 | ||
1191 | if (errflag) { | |
1192 | getConn()->startClosing("CONNECT response failure in SslBump"); | |
1193 | return; | |
1194 | } | |
1195 | ||
1196 | getConn()->switchToHttps(); | |
1197 | } | |
1198 | ||
1199 | void | |
1200 | ClientHttpRequest::sslBumpStart() | |
1201 | { | |
5c336a3b | 1202 | debugs(85, 5, HERE << "Confirming CONNECT tunnel on FD " << getConn()->clientConn); |
3712be3f | 1203 | // send an HTTP 200 response to kick client SSL negotiation |
5c336a3b | 1204 | debugs(33, 7, HERE << "Confirming CONNECT tunnel on FD " << getConn()->clientConn); |
3712be3f | 1205 | |
1206 | // TODO: Unify with tunnel.cc and add a Server(?) header | |
e0d28505 AJ |
1207 | static const char *const conn_established = "HTTP/1.0 200 Connection established\r\n\r\n"; |
1208 | comm_write(getConn()->clientConn, conn_established, strlen(conn_established), &SslBumpEstablish, this, NULL); | |
3712be3f | 1209 | } |
1210 | ||
1211 | #endif | |
1212 | ||
0655fa4d | 1213 | bool |
1214 | ClientHttpRequest::gotEnough() const | |
1215 | { | |
86a2f789 | 1216 | /** TODO: should be querying the stream. */ |
7173d5b0 | 1217 | int64_t contentLength = |
06a5ae20 | 1218 | memObject()->getReply()->bodySize(request->method); |
0655fa4d | 1219 | assert(contentLength >= 0); |
1220 | ||
1221 | if (out.offset < contentLength) | |
1222 | return false; | |
1223 | ||
1224 | return true; | |
1225 | } | |
1226 | ||
86a2f789 | 1227 | void |
1228 | ClientHttpRequest::storeEntry(StoreEntry *newEntry) | |
1229 | { | |
1230 | entry_ = newEntry; | |
1231 | } | |
1232 | ||
0976f8db | 1233 | void |
1234 | ClientHttpRequest::loggingEntry(StoreEntry *newEntry) | |
1235 | { | |
1236 | if (loggingEntry_) | |
97b5e68f | 1237 | loggingEntry_->unlock(); |
0976f8db | 1238 | |
1239 | loggingEntry_ = newEntry; | |
1240 | ||
1241 | if (loggingEntry_) | |
3d0ac046 | 1242 | loggingEntry_->lock(); |
0976f8db | 1243 | } |
86a2f789 | 1244 | |
de31d06f | 1245 | /* |
1246 | * doCallouts() - This function controls the order of "callout" | |
1247 | * executions, including non-blocking access control checks, the | |
1248 | * redirector, and ICAP. Previously, these callouts were chained | |
1249 | * together such that "clientAccessCheckDone()" would call | |
1250 | * "clientRedirectStart()" and so on. | |
1251 | * | |
1252 | * The ClientRequestContext (aka calloutContext) class holds certain | |
1253 | * state data for the callout/callback operations. Previously | |
1254 | * ClientHttpRequest would sort of hand off control to ClientRequestContext | |
1255 | * for a short time. ClientRequestContext would then delete itself | |
1256 | * and pass control back to ClientHttpRequest when all callouts | |
1257 | * were finished. | |
1258 | * | |
1259 | * This caused some problems for ICAP because we want to make the | |
1260 | * ICAP callout after checking ACLs, but before checking the no_cache | |
1261 | * list. We can't stuff the ICAP state into the ClientRequestContext | |
1262 | * class because we still need the ICAP state after ClientRequestContext | |
1263 | * goes away. | |
1264 | * | |
1265 | * Note that ClientRequestContext is created before the first call | |
1266 | * to doCallouts(). | |
1267 | * | |
1268 | * If one of the callouts notices that ClientHttpRequest is no | |
1269 | * longer valid, it should call cbdataReferenceDone() so that | |
1270 | * ClientHttpRequest's reference count goes to zero and it will get | |
1271 | * deleted. ClientHttpRequest will then delete ClientRequestContext. | |
1272 | * | |
1273 | * Note that we set the _done flags here before actually starting | |
1274 | * the callout. This is strictly for convenience. | |
1275 | */ | |
1276 | ||
425de4c8 AJ |
1277 | extern tos_t aclMapTOS (acl_tos * head, ACLChecklist * ch); |
1278 | extern nfmark_t aclMapNfmark (acl_nfmark * head, ACLChecklist * ch); | |
057f5854 | 1279 | |
de31d06f | 1280 | void |
1281 | ClientHttpRequest::doCallouts() | |
1282 | { | |
1283 | assert(calloutContext); | |
1284 | ||
6fca33e0 CT |
1285 | /*Save the original request for logging purposes*/ |
1286 | if (!calloutContext->http->al.request) | |
105d1937 | 1287 | calloutContext->http->al.request = HTTPMSGLOCK(request); |
6fca33e0 | 1288 | |
de31d06f | 1289 | if (!calloutContext->http_access_done) { |
3712be3f | 1290 | debugs(83, 3, HERE << "Doing calloutContext->clientAccessCheck()"); |
57abaac0 | 1291 | calloutContext->http_access_done = true; |
de31d06f | 1292 | calloutContext->clientAccessCheck(); |
1293 | return; | |
1294 | } | |
1295 | ||
a83c6ed6 | 1296 | #if USE_ADAPTATION |
abd4b611 | 1297 | if (!calloutContext->adaptation_acl_check_done) { |
a83c6ed6 | 1298 | calloutContext->adaptation_acl_check_done = true; |
abd4b611 | 1299 | if (Adaptation::AccessCheck::Start( |
26ac0430 AJ |
1300 | Adaptation::methodReqmod, Adaptation::pointPreCache, |
1301 | request, NULL, adaptationAclCheckDoneWrapper, calloutContext)) | |
abd4b611 | 1302 | return; // will call callback |
de31d06f | 1303 | } |
de31d06f | 1304 | #endif |
1305 | ||
1306 | if (!calloutContext->redirect_done) { | |
57abaac0 | 1307 | calloutContext->redirect_done = true; |
de31d06f | 1308 | assert(calloutContext->redirect_state == REDIRECT_NONE); |
1309 | ||
1310 | if (Config.Program.redirect) { | |
3712be3f | 1311 | debugs(83, 3, HERE << "Doing calloutContext->clientRedirectStart()"); |
de31d06f | 1312 | calloutContext->redirect_state = REDIRECT_PENDING; |
1313 | calloutContext->clientRedirectStart(); | |
1314 | return; | |
1315 | } | |
1316 | } | |
1317 | ||
533493da AJ |
1318 | if (!calloutContext->adapted_http_access_done) { |
1319 | debugs(83, 3, HERE << "Doing calloutContext->clientAccessCheck2()"); | |
1320 | calloutContext->adapted_http_access_done = true; | |
1321 | calloutContext->clientAccessCheck2(); | |
1322 | return; | |
1323 | } | |
1324 | ||
57abaac0 | 1325 | if (!calloutContext->interpreted_req_hdrs) { |
3712be3f | 1326 | debugs(83, 3, HERE << "Doing clientInterpretRequestHeaders()"); |
57abaac0 | 1327 | calloutContext->interpreted_req_hdrs = 1; |
1328 | clientInterpretRequestHeaders(this); | |
1329 | } | |
1330 | ||
de31d06f | 1331 | if (!calloutContext->no_cache_done) { |
57abaac0 | 1332 | calloutContext->no_cache_done = true; |
de31d06f | 1333 | |
1334 | if (Config.accessList.noCache && request->flags.cachable) { | |
3712be3f | 1335 | debugs(83, 3, HERE << "Doing calloutContext->checkNoCache()"); |
de31d06f | 1336 | calloutContext->checkNoCache(); |
1337 | return; | |
1338 | } | |
1339 | } | |
1340 | ||
425de4c8 AJ |
1341 | if (!calloutContext->tosToClientDone) { |
1342 | calloutContext->tosToClientDone = true; | |
5c336a3b | 1343 | if (getConn() != NULL && Comm::IsConnOpen(getConn()->clientConn)) { |
c0941a6a | 1344 | ACLFilledChecklist ch(NULL, request, NULL); |
057f5854 | 1345 | ch.src_addr = request->client_addr; |
1346 | ch.my_addr = request->my_addr; | |
425de4c8 | 1347 | tos_t tos = aclMapTOS(Ip::Qos::TheConfig.tosToClient, &ch); |
3712be3f | 1348 | if (tos) |
b5523edc | 1349 | Ip::Qos::setSockTos(getConn()->clientConn, tos); |
425de4c8 AJ |
1350 | } |
1351 | } | |
1352 | ||
1353 | if (!calloutContext->nfmarkToClientDone) { | |
1354 | calloutContext->nfmarkToClientDone = true; | |
9c8a6c3b | 1355 | if (getConn() != NULL && Comm::IsConnOpen(getConn()->clientConn)) { |
425de4c8 AJ |
1356 | ACLFilledChecklist ch(NULL, request, NULL); |
1357 | ch.src_addr = request->client_addr; | |
1358 | ch.my_addr = request->my_addr; | |
1359 | nfmark_t mark = aclMapNfmark(Ip::Qos::TheConfig.nfmarkToClient, &ch); | |
1360 | if (mark) | |
b5523edc | 1361 | Ip::Qos::setSockNfmark(getConn()->clientConn, mark); |
3712be3f | 1362 | } |
057f5854 | 1363 | } |
1364 | ||
de31d06f | 1365 | cbdataReferenceDone(calloutContext->http); |
1366 | delete calloutContext; | |
1367 | calloutContext = NULL; | |
de31d06f | 1368 | #if HEADERS_LOG |
1369 | ||
1370 | headersLog(0, 1, request->method, request); | |
1371 | #endif | |
1372 | ||
58d7150d | 1373 | debugs(83, 3, HERE << "calling processRequest()"); |
de31d06f | 1374 | processRequest(); |
3ff65596 AR |
1375 | |
1376 | #if ICAP_CLIENT | |
1377 | Adaptation::Icap::History::Pointer ih = request->icapHistory(); | |
1378 | if (ih != NULL) | |
1379 | ih->logType = logType; | |
1380 | #endif | |
de31d06f | 1381 | } |
1382 | ||
32d002cb | 1383 | #if !_USE_INLINE_ |
86a2f789 | 1384 | #include "client_side_request.cci" |
1385 | #endif | |
de31d06f | 1386 | |
a83c6ed6 | 1387 | #if USE_ADAPTATION |
a22e6cd3 AR |
1388 | /// Initiate an asynchronous adaptation transaction which will call us back. |
1389 | void | |
1390 | ClientHttpRequest::startAdaptation(const Adaptation::ServiceGroupPointer &g) | |
3b299123 | 1391 | { |
a22e6cd3 | 1392 | debugs(85, 3, HERE << "adaptation needed for " << this); |
a83c6ed6 AR |
1393 | assert(!virginHeadSource); |
1394 | assert(!adaptedBodySource); | |
a22e6cd3 | 1395 | virginHeadSource = initiateAdaptation( |
4cb2536f | 1396 | new Adaptation::Iterator(request, NULL, g)); |
a83c6ed6 | 1397 | |
e1381638 | 1398 | // we could try to guess whether we can bypass this adaptation |
a22e6cd3 | 1399 | // initiation failure, but it should not really happen |
4299f876 | 1400 | Must(initiated(virginHeadSource)); |
de31d06f | 1401 | } |
1402 | ||
1403 | void | |
a83c6ed6 | 1404 | ClientHttpRequest::noteAdaptationAnswer(HttpMsg *msg) |
de31d06f | 1405 | { |
de31d06f | 1406 | assert(cbdataReferenceValid(this)); // indicates bug |
5f8252d2 | 1407 | assert(msg); |
1408 | ||
b044675d | 1409 | if (HttpRequest *new_req = dynamic_cast<HttpRequest*>(msg)) { |
200ac359 | 1410 | /* |
5f8252d2 | 1411 | * Replace the old request with the new request. |
200ac359 | 1412 | */ |
6dd9f4bd | 1413 | HTTPMSGUNLOCK(request); |
1414 | request = HTTPMSGLOCK(new_req); | |
200ac359 | 1415 | /* |
1416 | * Store the new URI for logging | |
1417 | */ | |
1418 | xfree(uri); | |
1419 | uri = xstrdup(urlCanonical(request)); | |
1420 | setLogUri(this, urlCanonicalClean(request)); | |
914b89a2 | 1421 | assert(request->method.id()); |
b044675d | 1422 | } else if (HttpReply *new_rep = dynamic_cast<HttpReply*>(msg)) { |
1423 | debugs(85,3,HERE << "REQMOD reply is HTTP reply"); | |
1424 | ||
5f8252d2 | 1425 | // subscribe to receive reply body |
1426 | if (new_rep->body_pipe != NULL) { | |
a83c6ed6 | 1427 | adaptedBodySource = new_rep->body_pipe; |
d222a56c HN |
1428 | int consumer_ok = adaptedBodySource->setConsumerIfNotLate(this); |
1429 | assert(consumer_ok); | |
5f8252d2 | 1430 | } |
1431 | ||
b044675d | 1432 | clientStreamNode *node = (clientStreamNode *)client_stream.tail->prev->data; |
1433 | clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw()); | |
1434 | repContext->createStoreEntry(request->method, request->flags); | |
1435 | ||
1436 | EBIT_CLR(storeEntry()->flags, ENTRY_FWD_HDR_WAIT); | |
1437 | request_satisfaction_mode = true; | |
1438 | request_satisfaction_offset = 0; | |
1439 | storeEntry()->replaceHttpReply(new_rep); | |
97ae5196 | 1440 | storeEntry()->timestampsSet(); |
cb4c4288 | 1441 | |
a83c6ed6 | 1442 | if (!adaptedBodySource) // no body |
cb4c4288 | 1443 | storeEntry()->complete(); |
b044675d | 1444 | clientGetMoreData(node, this); |
200ac359 | 1445 | } |
de31d06f | 1446 | |
5f8252d2 | 1447 | // we are done with getting headers (but may be receiving body) |
a83c6ed6 | 1448 | clearAdaptation(virginHeadSource); |
5f8252d2 | 1449 | |
b044675d | 1450 | if (!request_satisfaction_mode) |
1451 | doCallouts(); | |
de31d06f | 1452 | } |
1453 | ||
1454 | void | |
a83c6ed6 | 1455 | ClientHttpRequest::noteAdaptationQueryAbort(bool final) |
de31d06f | 1456 | { |
a83c6ed6 AR |
1457 | clearAdaptation(virginHeadSource); |
1458 | assert(!adaptedBodySource); | |
1459 | handleAdaptationFailure(!final); | |
de31d06f | 1460 | } |
1461 | ||
1462 | void | |
1cf238db | 1463 | ClientHttpRequest::noteMoreBodyDataAvailable(BodyPipe::Pointer) |
de31d06f | 1464 | { |
5f8252d2 | 1465 | assert(request_satisfaction_mode); |
a83c6ed6 | 1466 | assert(adaptedBodySource != NULL); |
5f8252d2 | 1467 | |
4ce0e99b | 1468 | if (const size_t contentSize = adaptedBodySource->buf().contentSize()) { |
a83c6ed6 | 1469 | BodyPipeCheckout bpc(*adaptedBodySource); |
4ce0e99b | 1470 | const StoreIOBuffer ioBuf(&bpc.buf, request_satisfaction_offset); |
5f8252d2 | 1471 | storeEntry()->write(ioBuf); |
1472 | // assume can write everything | |
1473 | request_satisfaction_offset += contentSize; | |
4ce0e99b | 1474 | bpc.buf.consume(contentSize); |
5f8252d2 | 1475 | bpc.checkIn(); |
1476 | } | |
1477 | ||
a83c6ed6 | 1478 | if (adaptedBodySource->exhausted()) |
5f8252d2 | 1479 | endRequestSatisfaction(); |
1480 | // else wait for more body data | |
de31d06f | 1481 | } |
1482 | ||
1483 | void | |
1cf238db | 1484 | ClientHttpRequest::noteBodyProductionEnded(BodyPipe::Pointer) |
de31d06f | 1485 | { |
a83c6ed6 AR |
1486 | assert(!virginHeadSource); |
1487 | if (adaptedBodySource != NULL) { // did not end request satisfaction yet | |
26ac0430 | 1488 | // We do not expect more because noteMoreBodyDataAvailable always |
5f8252d2 | 1489 | // consumes everything. We do not even have a mechanism to consume |
1490 | // leftovers after noteMoreBodyDataAvailable notifications seize. | |
a83c6ed6 | 1491 | assert(adaptedBodySource->exhausted()); |
5f8252d2 | 1492 | endRequestSatisfaction(); |
1493 | } | |
1494 | } | |
3b299123 | 1495 | |
5f8252d2 | 1496 | void |
26ac0430 AJ |
1497 | ClientHttpRequest::endRequestSatisfaction() |
1498 | { | |
5f8252d2 | 1499 | debugs(85,4, HERE << this << " ends request satisfaction"); |
1500 | assert(request_satisfaction_mode); | |
a83c6ed6 | 1501 | stopConsumingFrom(adaptedBodySource); |
3b299123 | 1502 | |
5f8252d2 | 1503 | // TODO: anything else needed to end store entry formation correctly? |
1504 | storeEntry()->complete(); | |
1505 | } | |
de31d06f | 1506 | |
5f8252d2 | 1507 | void |
1cf238db | 1508 | ClientHttpRequest::noteBodyProducerAborted(BodyPipe::Pointer) |
5f8252d2 | 1509 | { |
a83c6ed6 AR |
1510 | assert(!virginHeadSource); |
1511 | stopConsumingFrom(adaptedBodySource); | |
1512 | handleAdaptationFailure(); | |
5f8252d2 | 1513 | } |
3b299123 | 1514 | |
5f8252d2 | 1515 | void |
a83c6ed6 | 1516 | ClientHttpRequest::handleAdaptationFailure(bool bypassable) |
5f8252d2 | 1517 | { |
a83c6ed6 | 1518 | debugs(85,3, HERE << "handleAdaptationFailure(" << bypassable << ")"); |
3b299123 | 1519 | |
5f8252d2 | 1520 | const bool usedStore = storeEntry() && !storeEntry()->isEmpty(); |
1521 | const bool usedPipe = request->body_pipe != NULL && | |
26ac0430 | 1522 | request->body_pipe->consumedSize() > 0; |
3b299123 | 1523 | |
9d4d7c5e | 1524 | if (bypassable && !usedStore && !usedPipe) { |
1525 | debugs(85,3, HERE << "ICAP REQMOD callout failed, bypassing: " << calloutContext); | |
5f8252d2 | 1526 | if (calloutContext) |
1527 | doCallouts(); | |
1528 | return; | |
1529 | } | |
3b299123 | 1530 | |
5f8252d2 | 1531 | debugs(85,3, HERE << "ICAP REQMOD callout failed, responding with error"); |
3b299123 | 1532 | |
5f8252d2 | 1533 | clientStreamNode *node = (clientStreamNode *)client_stream.tail->prev->data; |
1534 | clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw()); | |
1535 | assert(repContext); | |
de31d06f | 1536 | |
26ac0430 | 1537 | // The original author of the code also wanted to pass an errno to |
5f8252d2 | 1538 | // setReplyToError, but it seems unlikely that the errno reflects the |
1539 | // true cause of the error at this point, so I did not pass it. | |
b7ac5457 | 1540 | Ip::Address noAddr; |
b70ba605 | 1541 | noAddr.SetNoAddr(); |
1cf238db | 1542 | ConnStateData * c = getConn(); |
5f8252d2 | 1543 | repContext->setReplyToError(ERR_ICAP_FAILURE, HTTP_INTERNAL_SERVER_ERROR, |
26ac0430 | 1544 | request->method, NULL, |
be364179 | 1545 | (c != NULL ? c->clientConn->remote : noAddr), request, NULL, |
a33a428a | 1546 | (c != NULL && c->auth_user_request != NULL ? |
26ac0430 | 1547 | c->auth_user_request : request->auth_user_request)); |
de31d06f | 1548 | |
5f8252d2 | 1549 | node = (clientStreamNode *)client_stream.tail->data; |
1550 | clientStreamRead(node, this, node->readBuffer); | |
de31d06f | 1551 | } |
1552 | ||
1553 | #endif |