2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 28 Access Control */
12 #include "acl/Checklist.h"
13 #include "acl/DestinationDomain.h"
14 #include "acl/DomainData.h"
15 #include "acl/RegexData.h"
16 #include "fqdncache.h"
17 #include "HttpRequest.h"
20 DestinationDomainLookup
DestinationDomainLookup::instance_
;
22 DestinationDomainLookup
*
23 DestinationDomainLookup::Instance()
29 DestinationDomainLookup::checkForAsync(ACLChecklist
*cl
) const
31 ACLFilledChecklist
*checklist
= Filled(cl
);
32 fqdncache_nbgethostbyaddr(checklist
->dst_addr
, LookupDone
, checklist
);
36 DestinationDomainLookup::LookupDone(const char *, const Dns::LookupDetails
&details
, void *data
)
38 ACLFilledChecklist
*checklist
= Filled((ACLChecklist
*)data
);
39 checklist
->markDestinationDomainChecked();
40 checklist
->request
->recordLookup(details
);
41 checklist
->resumeNonBlockingCheck(DestinationDomainLookup::Instance());
45 ACLDestinationDomainStrategy::match (ACLData
<MatchType
> * &data
, ACLFilledChecklist
*checklist
, ACLFlags
&flags
)
47 assert(checklist
!= NULL
&& checklist
->request
!= NULL
);
49 if (data
->match(checklist
->request
->GetHost())) {
53 if (flags
.isSet(ACL_F_NO_LOOKUP
)) {
54 debugs(28, 3, "aclMatchAcl: No-lookup DNS ACL '" << AclMatchedName
<< "' for '" << checklist
->request
->GetHost() << "'");
58 /* numeric IPA? no, trust the above result. */
59 if (checklist
->request
->GetHostIsNumeric() == 0) {
63 /* do we already have the rDNS? match on it if we do. */
64 if (checklist
->dst_rdns
) {
65 debugs(28, 3, "aclMatchAcl: '" << AclMatchedName
<< "' match with stored rDNS '" << checklist
->dst_rdns
<< "' for '" << checklist
->request
->GetHost() << "'");
66 return data
->match(checklist
->dst_rdns
);
69 /* raw IP without rDNS? look it up and wait for the result */
70 const ipcache_addrs
*ia
= ipcacheCheckNumeric(checklist
->request
->GetHost());
73 checklist
->dst_rdns
= xstrdup("invalid");
77 checklist
->dst_addr
= ia
->in_addrs
[0];
78 const char *fqdn
= fqdncache_gethostbyaddr(checklist
->dst_addr
, FQDN_LOOKUP_IF_MISS
);
81 checklist
->dst_rdns
= xstrdup(fqdn
);
82 return data
->match(fqdn
);
83 } else if (!checklist
->destinationDomainChecked()) {
84 /* FIXME: Using AclMatchedName here is not OO correct. Should find a way to the current acl */
85 debugs(28, 3, "aclMatchAcl: Can't yet compare '" << AclMatchedName
<< "' ACL for '" << checklist
->request
->GetHost() << "'");
86 if (checklist
->goAsync(DestinationDomainLookup::Instance()))
88 // else fall through to "none" match, hiding the lookup failure (XXX)
91 return data
->match("none");
94 ACLDestinationDomainStrategy
*
95 ACLDestinationDomainStrategy::Instance()
100 ACLDestinationDomainStrategy
ACLDestinationDomainStrategy::Instance_
;