]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright (C) 1996-2018 The Squid Software Foundation and contributors | |
3 | * | |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
9 | /* DEBUG: section 28 Access Control */ | |
10 | ||
11 | #include "squid.h" | |
12 | #include "acl/Checklist.h" | |
13 | #include "acl/DestinationDomain.h" | |
14 | #include "acl/DomainData.h" | |
15 | #include "acl/RegexData.h" | |
16 | #include "fqdncache.h" | |
17 | #include "HttpRequest.h" | |
18 | ||
19 | DestinationDomainLookup DestinationDomainLookup::instance_; | |
20 | ||
21 | DestinationDomainLookup * | |
22 | DestinationDomainLookup::Instance() | |
23 | { | |
24 | return &instance_; | |
25 | } | |
26 | ||
27 | void | |
28 | DestinationDomainLookup::checkForAsync(ACLChecklist *cl) const | |
29 | { | |
30 | ACLFilledChecklist *checklist = Filled(cl); | |
31 | fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist); | |
32 | } | |
33 | ||
34 | void | |
35 | DestinationDomainLookup::LookupDone(const char *, const Dns::LookupDetails &details, void *data) | |
36 | { | |
37 | ACLFilledChecklist *checklist = Filled((ACLChecklist*)data); | |
38 | checklist->markDestinationDomainChecked(); | |
39 | checklist->request->recordLookup(details); | |
40 | checklist->resumeNonBlockingCheck(DestinationDomainLookup::Instance()); | |
41 | } | |
42 | ||
43 | /* ACLDestinationDomainStrategy */ | |
44 | ||
45 | const Acl::Options & | |
46 | ACLDestinationDomainStrategy::options() | |
47 | { | |
48 | static const Acl::BooleanOption LookupBanFlag; | |
49 | static const Acl::Options MyOptions = { { "-n", &LookupBanFlag } }; | |
50 | LookupBanFlag.linkWith(&lookupBanned); | |
51 | return MyOptions; | |
52 | } | |
53 | ||
54 | int | |
55 | ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist) | |
56 | { | |
57 | assert(checklist != NULL && checklist->request != NULL); | |
58 | ||
59 | if (data->match(checklist->request->url.host())) { | |
60 | return 1; | |
61 | } | |
62 | ||
63 | if (lookupBanned) { | |
64 | debugs(28, 3, "No-lookup DNS ACL '" << AclMatchedName << "' for " << checklist->request->url.host()); | |
65 | return 0; | |
66 | } | |
67 | ||
68 | /* numeric IPA? no, trust the above result. */ | |
69 | if (!checklist->request->url.hostIsNumeric()) { | |
70 | return 0; | |
71 | } | |
72 | ||
73 | /* do we already have the rDNS? match on it if we do. */ | |
74 | if (checklist->dst_rdns) { | |
75 | debugs(28, 3, "'" << AclMatchedName << "' match with stored rDNS '" << checklist->dst_rdns << "' for " << checklist->request->url.host()); | |
76 | return data->match(checklist->dst_rdns); | |
77 | } | |
78 | ||
79 | /* raw IP without rDNS? look it up and wait for the result */ | |
80 | if (!checklist->dst_addr.fromHost(checklist->request->url.host())) { | |
81 | /* not a valid IPA */ | |
82 | checklist->dst_rdns = xstrdup("invalid"); | |
83 | return 0; | |
84 | } | |
85 | ||
86 | const char *fqdn = fqdncache_gethostbyaddr(checklist->dst_addr, FQDN_LOOKUP_IF_MISS); | |
87 | ||
88 | if (fqdn) { | |
89 | checklist->dst_rdns = xstrdup(fqdn); | |
90 | return data->match(fqdn); | |
91 | } else if (!checklist->destinationDomainChecked()) { | |
92 | /* FIXME: Using AclMatchedName here is not OO correct. Should find a way to the current acl */ | |
93 | debugs(28, 3, "Can't yet compare '" << AclMatchedName << "' ACL for " << checklist->request->url.host()); | |
94 | if (checklist->goAsync(DestinationDomainLookup::Instance())) | |
95 | return -1; | |
96 | // else fall through to "none" match, hiding the lookup failure (XXX) | |
97 | } | |
98 | ||
99 | return data->match("none"); | |
100 | } | |
101 |