]> git.ipfire.org Git - thirdparty/squid.git/blob - src/HttpRequest.cc
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add connections_encrypted ACL
[thirdparty/squid.git] / src / HttpRequest.cc
1 /*
2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9 /* DEBUG: section 73 HTTP Request */
10
11 #include "squid.h"
12 #include "AccessLogEntry.h"
13 #include "acl/AclSizeLimit.h"
14 #include "acl/FilledChecklist.h"
15 #include "client_side.h"
16 #include "dns/LookupDetails.h"
17 #include "err_detail_type.h"
18 #include "globals.h"
19 #include "gopher.h"
20 #include "http.h"
21 #include "http/one/RequestParser.h"
22 #include "HttpHdrCc.h"
23 #include "HttpHeaderRange.h"
24 #include "HttpRequest.h"
25 #include "log/Config.h"
26 #include "MemBuf.h"
27 #include "SquidConfig.h"
28 #include "Store.h"
29 #include "URL.h"
30
31 #if USE_AUTH
32 #include "auth/UserRequest.h"
33 #endif
34 #if ICAP_CLIENT
35 #include "adaptation/icap/icap_log.h"
36 #endif
37
38 HttpRequest::HttpRequest() :
39 HttpMsg(hoRequest)
40 {
41 init();
42 }
43
44 HttpRequest::HttpRequest(const HttpRequestMethod& aMethod, AnyP::ProtocolType aProtocol, const char *aUrlpath) :
45 HttpMsg(hoRequest)
46 {
47 static unsigned int id = 1;
48 debugs(93,7, HERE << "constructed, this=" << this << " id=" << ++id);
49 init();
50 initHTTP(aMethod, aProtocol, aUrlpath);
51 }
52
53 HttpRequest::~HttpRequest()
54 {
55 clean();
56 debugs(93,7, HERE << "destructed, this=" << this);
57 }
58
59 void
60 HttpRequest::initHTTP(const HttpRequestMethod& aMethod, AnyP::ProtocolType aProtocol, const char *aUrlpath)
61 {
62 method = aMethod;
63 url.setScheme(aProtocol);
64 url.path(aUrlpath);
65 }
66
67 void
68 HttpRequest::init()
69 {
70 method = Http::METHOD_NONE;
71 url.clear();
72 #if USE_AUTH
73 auth_user_request = NULL;
74 #endif
75 memset(&flags, '\0', sizeof(flags));
76 range = NULL;
77 ims = -1;
78 imslen = 0;
79 lastmod = -1;
80 client_addr.setEmpty();
81 my_addr.setEmpty();
82 body_pipe = NULL;
83 // hier
84 dnsWait = -1;
85 errType = ERR_NONE;
86 errDetail = ERR_DETAIL_NONE;
87 peer_login = NULL; // not allocated/deallocated by this class
88 peer_domain = NULL; // not allocated/deallocated by this class
89 peer_host = NULL;
90 vary_headers = NULL;
91 myportname = null_string;
92 tag = null_string;
93 #if USE_AUTH
94 extacl_user = null_string;
95 extacl_passwd = null_string;
96 #endif
97 extacl_log = null_string;
98 extacl_message = null_string;
99 pstate = psReadyToParseStartLine;
100 #if FOLLOW_X_FORWARDED_FOR
101 indirect_client_addr.setEmpty();
102 #endif /* FOLLOW_X_FORWARDED_FOR */
103 #if USE_ADAPTATION
104 adaptHistory_ = NULL;
105 #endif
106 #if ICAP_CLIENT
107 icapHistory_ = NULL;
108 #endif
109 rangeOffsetLimit = -2; //a value of -2 means not checked yet
110 forcedBodyContinuation = false;
111 }
112
113 void
114 HttpRequest::clean()
115 {
116 // we used to assert that the pipe is NULL, but now the request only
117 // points to a pipe that is owned and initiated by another object.
118 body_pipe = NULL;
119 #if USE_AUTH
120 auth_user_request = NULL;
121 #endif
122 safe_free(vary_headers);
123
124 url.clear();
125
126 header.clean();
127
128 if (cache_control) {
129 delete cache_control;
130 cache_control = NULL;
131 }
132
133 if (range) {
134 delete range;
135 range = NULL;
136 }
137
138 myportname.clean();
139
140 notes = NULL;
141
142 tag.clean();
143 #if USE_AUTH
144 extacl_user.clean();
145 extacl_passwd.clean();
146 #endif
147 extacl_log.clean();
148
149 extacl_message.clean();
150
151 etag.clean();
152
153 #if USE_ADAPTATION
154 adaptHistory_ = NULL;
155 #endif
156 #if ICAP_CLIENT
157 icapHistory_ = NULL;
158 #endif
159 }
160
161 void
162 HttpRequest::reset()
163 {
164 clean();
165 init();
166 }
167
168 HttpRequest *
169 HttpRequest::clone() const
170 {
171 HttpRequest *copy = new HttpRequest();
172 copy->method = method;
173 // TODO: move common cloning clone to Msg::copyTo() or copy ctor
174 copy->header.append(&header);
175 copy->hdrCacheInit();
176 copy->hdr_sz = hdr_sz;
177 copy->http_ver = http_ver;
178 copy->pstate = pstate; // TODO: should we assert a specific state here?
179 copy->body_pipe = body_pipe;
180
181 copy->url.setScheme(url.getScheme());
182 copy->url.userInfo(url.userInfo());
183 copy->url.host(url.host());
184 copy->url.port(url.port());
185 copy->url.path(url.path());
186
187 // range handled in hdrCacheInit()
188 copy->ims = ims;
189 copy->imslen = imslen;
190 copy->hier = hier; // Is it safe to copy? Should we?
191
192 copy->errType = errType;
193
194 // XXX: what to do with copy->peer_login?
195
196 copy->lastmod = lastmod;
197 copy->etag = etag;
198 copy->vary_headers = vary_headers ? xstrdup(vary_headers) : NULL;
199 // XXX: what to do with copy->peer_domain?
200
201 copy->tag = tag;
202 copy->extacl_log = extacl_log;
203 copy->extacl_message = extacl_message;
204
205 const bool inheritWorked = copy->inheritProperties(this);
206 assert(inheritWorked);
207
208 return copy;
209 }
210
211 bool
212 HttpRequest::inheritProperties(const HttpMsg *aMsg)
213 {
214 const HttpRequest* aReq = dynamic_cast<const HttpRequest*>(aMsg);
215 if (!aReq)
216 return false;
217
218 client_addr = aReq->client_addr;
219 #if FOLLOW_X_FORWARDED_FOR
220 indirect_client_addr = aReq->indirect_client_addr;
221 #endif
222 my_addr = aReq->my_addr;
223
224 dnsWait = aReq->dnsWait;
225
226 #if USE_ADAPTATION
227 adaptHistory_ = aReq->adaptHistory();
228 #endif
229 #if ICAP_CLIENT
230 icapHistory_ = aReq->icapHistory();
231 #endif
232
233 // This may be too conservative for the 204 No Content case
234 // may eventually need cloneNullAdaptationImmune() for that.
235 flags = aReq->flags.cloneAdaptationImmune();
236
237 errType = aReq->errType;
238 errDetail = aReq->errDetail;
239 #if USE_AUTH
240 auth_user_request = aReq->auth_user_request;
241 extacl_user = aReq->extacl_user;
242 extacl_passwd = aReq->extacl_passwd;
243 #endif
244
245 myportname = aReq->myportname;
246
247 forcedBodyContinuation = aReq->forcedBodyContinuation;
248
249 // main property is which connection the request was received on (if any)
250 clientConnectionManager = aReq->clientConnectionManager;
251
252 notes = aReq->notes;
253
254 sources = aReq->sources;
255 return true;
256 }
257
258 /**
259 * Checks the first line of an HTTP request is valid
260 * currently just checks the request method is present.
261 *
262 * NP: Other errors are left for detection later in the parse.
263 */
264 bool
265 HttpRequest::sanityCheckStartLine(const char *buf, const size_t hdr_len, Http::StatusCode *error)
266 {
267 // content is long enough to possibly hold a reply
268 // 2 being magic size of a 1-byte request method plus space delimiter
269 if (hdr_len < 2) {
270 // this is ony a real error if the headers apparently complete.
271 if (hdr_len > 0) {
272 debugs(58, 3, HERE << "Too large request header (" << hdr_len << " bytes)");
273 *error = Http::scInvalidHeader;
274 }
275 return false;
276 }
277
278 /* See if the request buffer starts with a non-whitespace HTTP request 'method'. */
279 HttpRequestMethod m;
280 m.HttpRequestMethodXXX(buf);
281 if (m == Http::METHOD_NONE) {
282 debugs(73, 3, "HttpRequest::sanityCheckStartLine: did not find HTTP request method");
283 *error = Http::scInvalidHeader;
284 return false;
285 }
286
287 return true;
288 }
289
290 bool
291 HttpRequest::parseFirstLine(const char *start, const char *end)
292 {
293 method.HttpRequestMethodXXX(start);
294
295 if (method == Http::METHOD_NONE)
296 return false;
297
298 // XXX: performance regression, strcspn() over the method bytes a second time.
299 // cheaper than allocate+copy+deallocate cycle to SBuf convert a piece of start.
300 const char *t = start + strcspn(start, w_space);
301
302 start = t + strspn(t, w_space); // skip w_space after method
303
304 const char *ver = findTrailingHTTPVersion(start, end);
305
306 if (ver) {
307 end = ver - 1;
308
309 while (xisspace(*end)) // find prev non-space
310 --end;
311
312 ++end; // back to space
313
314 if (2 != sscanf(ver + 5, "%d.%d", &http_ver.major, &http_ver.minor)) {
315 debugs(73, DBG_IMPORTANT, "parseRequestLine: Invalid HTTP identifier.");
316 return false;
317 }
318 } else {
319 http_ver.major = 0;
320 http_ver.minor = 9;
321 }
322
323 if (end < start) // missing URI
324 return false;
325
326 char save = *end;
327
328 * (char *) end = '\0'; // temp terminate URI, XXX dangerous?
329
330 HttpRequest *tmp = urlParse(method, (char *) start, this);
331
332 * (char *) end = save;
333
334 if (NULL == tmp)
335 return false;
336
337 return true;
338 }
339
340 /* swaps out request using httpRequestPack */
341 void
342 HttpRequest::swapOut(StoreEntry * e)
343 {
344 assert(e);
345 e->buffer();
346 pack(e);
347 e->flush();
348 }
349
350 /* packs request-line and headers, appends <crlf> terminator */
351 void
352 HttpRequest::pack(Packable * p)
353 {
354 assert(p);
355 /* pack request-line */
356 p->appendf(SQUIDSBUFPH " " SQUIDSBUFPH " HTTP/%d.%d\r\n",
357 SQUIDSBUFPRINT(method.image()), SQUIDSBUFPRINT(url.path()),
358 http_ver.major, http_ver.minor);
359 /* headers */
360 header.packInto(p);
361 /* trailer */
362 p->append("\r\n", 2);
363 }
364
365 /*
366 * A wrapper for debugObj()
367 */
368 void
369 httpRequestPack(void *obj, Packable *p)
370 {
371 HttpRequest *request = static_cast<HttpRequest*>(obj);
372 request->pack(p);
373 }
374
375 /* returns the length of request line + headers + crlf */
376 int
377 HttpRequest::prefixLen() const
378 {
379 return method.image().length() + 1 +
380 url.path().length() + 1 +
381 4 + 1 + 3 + 2 +
382 header.len + 2;
383 }
384
385 /* sync this routine when you update HttpRequest struct */
386 void
387 HttpRequest::hdrCacheInit()
388 {
389 HttpMsg::hdrCacheInit();
390
391 assert(!range);
392 range = header.getRange();
393 }
394
395 #if ICAP_CLIENT
396 Adaptation::Icap::History::Pointer
397 HttpRequest::icapHistory() const
398 {
399 if (!icapHistory_) {
400 if (Log::TheConfig.hasIcapToken || IcapLogfileStatus == LOG_ENABLE) {
401 icapHistory_ = new Adaptation::Icap::History();
402 debugs(93,4, HERE << "made " << icapHistory_ << " for " << this);
403 }
404 }
405
406 return icapHistory_;
407 }
408 #endif
409
410 #if USE_ADAPTATION
411 Adaptation::History::Pointer
412 HttpRequest::adaptHistory(bool createIfNone) const
413 {
414 if (!adaptHistory_ && createIfNone) {
415 adaptHistory_ = new Adaptation::History();
416 debugs(93,4, HERE << "made " << adaptHistory_ << " for " << this);
417 }
418
419 return adaptHistory_;
420 }
421
422 Adaptation::History::Pointer
423 HttpRequest::adaptLogHistory() const
424 {
425 return HttpRequest::adaptHistory(Log::TheConfig.hasAdaptToken);
426 }
427
428 void
429 HttpRequest::adaptHistoryImport(const HttpRequest &them)
430 {
431 if (!adaptHistory_) {
432 adaptHistory_ = them.adaptHistory_; // may be nil
433 } else {
434 // check that histories did not diverge
435 Must(!them.adaptHistory_ || them.adaptHistory_ == adaptHistory_);
436 }
437 }
438
439 #endif
440
441 bool
442 HttpRequest::multipartRangeRequest() const
443 {
444 return (range && range->specs.size() > 1);
445 }
446
447 bool
448 HttpRequest::bodyNibbled() const
449 {
450 return body_pipe != NULL && body_pipe->consumedSize() > 0;
451 }
452
453 void
454 HttpRequest::detailError(err_type aType, int aDetail)
455 {
456 if (errType || errDetail)
457 debugs(11, 5, HERE << "old error details: " << errType << '/' << errDetail);
458 debugs(11, 5, HERE << "current error details: " << aType << '/' << aDetail);
459 // checking type and detail separately may cause inconsistency, but
460 // may result in more details available if they only become available later
461 if (!errType)
462 errType = aType;
463 if (!errDetail)
464 errDetail = aDetail;
465 }
466
467 void
468 HttpRequest::clearError()
469 {
470 debugs(11, 7, HERE << "old error details: " << errType << '/' << errDetail);
471 errType = ERR_NONE;
472 errDetail = ERR_DETAIL_NONE;
473 }
474
475 void
476 HttpRequest::packFirstLineInto(Packable * p, bool full_uri) const
477 {
478 const SBuf tmp(full_uri ? effectiveRequestUri() : url.path());
479
480 // form HTTP request-line
481 p->appendf(SQUIDSBUFPH " " SQUIDSBUFPH " HTTP/%d.%d\r\n",
482 SQUIDSBUFPRINT(method.image()),
483 SQUIDSBUFPRINT(tmp),
484 http_ver.major, http_ver.minor);
485 }
486
487 /*
488 * Indicate whether or not we would expect an entity-body
489 * along with this request
490 */
491 bool
492 HttpRequest::expectingBody(const HttpRequestMethod &, int64_t &theSize) const
493 {
494 bool expectBody = false;
495
496 /*
497 * Note: Checks for message validity is in clientIsContentLengthValid().
498 * this just checks if a entity-body is expected based on HTTP message syntax
499 */
500 if (header.chunked()) {
501 expectBody = true;
502 theSize = -1;
503 } else if (content_length >= 0) {
504 expectBody = true;
505 theSize = content_length;
506 } else {
507 expectBody = false;
508 // theSize undefined
509 }
510
511 return expectBody;
512 }
513
514 /*
515 * Create a Request from a URL and METHOD.
516 *
517 * If the METHOD is CONNECT, then a host:port pair is looked for instead of a URL.
518 * If the request cannot be created cleanly, NULL is returned
519 */
520 HttpRequest *
521 HttpRequest::CreateFromUrlAndMethod(char * url, const HttpRequestMethod& method)
522 {
523 return urlParse(method, url, NULL);
524 }
525
526 /*
527 * Create a Request from a URL.
528 *
529 * If the request cannot be created cleanly, NULL is returned
530 */
531 HttpRequest *
532 HttpRequest::CreateFromUrl(char * url)
533 {
534 return urlParse(Http::METHOD_GET, url, NULL);
535 }
536
537 /**
538 * Are responses to this request possible cacheable ?
539 * If false then no matter what the response must not be cached.
540 */
541 bool
542 HttpRequest::maybeCacheable()
543 {
544 // Intercepted request with Host: header which cannot be trusted.
545 // Because it failed verification, or someone bypassed the security tests
546 // we cannot cache the reponse for sharing between clients.
547 // TODO: update cache to store for particular clients only (going to same Host: and destination IP)
548 if (!flags.hostVerified && (flags.intercepted || flags.interceptTproxy))
549 return false;
550
551 switch (url.getScheme()) {
552 case AnyP::PROTO_HTTP:
553 case AnyP::PROTO_HTTPS:
554 if (!method.respMaybeCacheable())
555 return false;
556
557 // XXX: this would seem the correct place to detect request cache-controls
558 // no-store, private and related which block cacheability
559 break;
560
561 case AnyP::PROTO_GOPHER:
562 if (!gopherCachable(this))
563 return false;
564 break;
565
566 case AnyP::PROTO_CACHE_OBJECT:
567 return false;
568
569 //case AnyP::PROTO_FTP:
570 default:
571 break;
572 }
573
574 return true;
575 }
576
577 bool
578 HttpRequest::conditional() const
579 {
580 return flags.ims ||
581 header.has(Http::HdrType::IF_MATCH) ||
582 header.has(Http::HdrType::IF_NONE_MATCH);
583 }
584
585 void
586 HttpRequest::recordLookup(const Dns::LookupDetails &dns)
587 {
588 if (dns.wait >= 0) { // known delay
589 if (dnsWait >= 0) // have recorded DNS wait before
590 dnsWait += dns.wait;
591 else
592 dnsWait = dns.wait;
593 }
594 }
595
596 int64_t
597 HttpRequest::getRangeOffsetLimit()
598 {
599 /* -2 is the starting value of rangeOffsetLimit.
600 * If it is -2, that means we haven't checked it yet.
601 * Otherwise, return the current value */
602 if (rangeOffsetLimit != -2)
603 return rangeOffsetLimit;
604
605 rangeOffsetLimit = 0; // default value for rangeOffsetLimit
606
607 ACLFilledChecklist ch(NULL, this, NULL);
608 ch.src_addr = client_addr;
609 ch.my_addr = my_addr;
610
611 for (AclSizeLimit *l = Config.rangeOffsetLimit; l; l = l -> next) {
612 /* if there is no ACL list or if the ACLs listed match use this limit value */
613 if (!l->aclList || ch.fastCheck(l->aclList) == ACCESS_ALLOWED) {
614 debugs(58, 4, HERE << "rangeOffsetLimit=" << rangeOffsetLimit);
615 rangeOffsetLimit = l->size; // may be -1
616 break;
617 }
618 }
619
620 return rangeOffsetLimit;
621 }
622
623 void
624 HttpRequest::ignoreRange(const char *reason)
625 {
626 if (range) {
627 debugs(73, 3, static_cast<void*>(range) << " for " << reason);
628 delete range;
629 range = NULL;
630 }
631 // Some callers also reset isRanged but it may not be safe for all callers:
632 // isRanged is used to determine whether a weak ETag comparison is allowed,
633 // and that check should not ignore the Range header if it was present.
634 // TODO: Some callers also delete HDR_RANGE, HDR_REQUEST_RANGE. Should we?
635 }
636
637 bool
638 HttpRequest::canHandle1xx() const
639 {
640 // old clients do not support 1xx unless they sent Expect: 100-continue
641 // (we reject all other Http::HdrType::EXPECT values so just check for Http::HdrType::EXPECT)
642 if (http_ver <= Http::ProtocolVersion(1,0) && !header.has(Http::HdrType::EXPECT))
643 return false;
644
645 // others must support 1xx control messages
646 return true;
647 }
648
649 ConnStateData *
650 HttpRequest::pinnedConnection()
651 {
652 if (clientConnectionManager.valid() && clientConnectionManager->pinning.pinned)
653 return clientConnectionManager.get();
654 return NULL;
655 }
656
657 const SBuf
658 HttpRequest::storeId()
659 {
660 if (store_id.size() != 0) {
661 debugs(73, 3, "sent back store_id: " << store_id);
662 return SBuf(store_id);
663 }
664 debugs(73, 3, "sent back effectiveRequestUrl: " << effectiveRequestUri());
665 return effectiveRequestUri();
666 }
667
668 const SBuf &
669 HttpRequest::effectiveRequestUri() const
670 {
671 if (method.id() == Http::METHOD_CONNECT)
672 return url.authority(true); // host:port
673 return url.absolute();
674 }
675
Mirror of https://github.com/squid-cache/squid.git