src/acl/FilledChecklist.cc

   1 /*
   2  * Copyright (C) 1996-2019 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #include "squid.h"
  10 #include "acl/FilledChecklist.h"
  11 #include "client_side.h"
  12 #include "comm/Connection.h"
  13 #include "comm/forward.h"
  14 #include "ExternalACLEntry.h"
  15 #include "http/Stream.h"
  16 #include "HttpReply.h"
  17 #include "HttpRequest.h"
  18 #include "SquidConfig.h"
  19 #if USE_AUTH
  20 #include "auth/AclProxyAuth.h"
  21 #include "auth/UserRequest.h"
  22 #endif
  23
  24 CBDATA_CLASS_INIT(ACLFilledChecklist);
  25
  26 ACLFilledChecklist::ACLFilledChecklist() :
  27     dst_rdns(NULL),
  28     request (NULL),
  29     reply (NULL),
  30 #if USE_AUTH
  31     auth_user_request (NULL),
  32 #endif
  33 #if SQUID_SNMP
  34     snmp_community(NULL),
  35 #endif
  36 #if USE_OPENSSL
  37     sslErrors(NULL),
  38 #endif
  39     requestErrorType(ERR_MAX),
  40     conn_(NULL),
  41     fd_(-1),
  42     destinationDomainChecked_(false),
  43     sourceDomainChecked_(false)
  44 {
  45     my_addr.setEmpty();
  46     src_addr.setEmpty();
  47     dst_addr.setEmpty();
  48     rfc931[0] = '\0';
  49 }
  50
  51 ACLFilledChecklist::~ACLFilledChecklist()
  52 {
  53     assert (!asyncInProgress());
  54
  55     safe_free(dst_rdns); // created by xstrdup().
  56
  57     HTTPMSGUNLOCK(request);
  58
  59     HTTPMSGUNLOCK(reply);
  60
  61     cbdataReferenceDone(conn_);
  62
  63 #if USE_OPENSSL
  64     cbdataReferenceDone(sslErrors);
  65 #endif
  66
  67     debugs(28, 4, HERE << "ACLFilledChecklist destroyed " << this);
  68 }
  69
  70 static void
  71 showDebugWarning(const char *msg)
  72 {
  73     static uint16_t count = 0;
  74     if (count > 10)
  75         return;
  76
  77     ++count;
  78     debugs(28, DBG_IMPORTANT, "ALE missing " << msg);
  79 }
  80
  81 void
  82 ACLFilledChecklist::verifyAle() const
  83 {
  84     // make sure the ALE fields used by Format::assemble to
  85     // fill the old external_acl_type codes are set if any
  86     // data on them exists in the Checklist
  87
  88     if (!al->cache.port && conn()) {
  89         showDebugWarning("listening port");
  90         al->cache.port = conn()->port;
  91     }
  92
  93     if (request) {
  94         if (!al->request) {
  95             showDebugWarning("HttpRequest object");
  96             // XXX: al->request should be original,
  97             // but the request may be already adapted
  98             al->request = request;
  99             HTTPMSGLOCK(al->request);
 100         }
 101
 102         if (!al->adapted_request) {
 103             showDebugWarning("adapted HttpRequest object");
 104             al->adapted_request = request;
 105             HTTPMSGLOCK(al->adapted_request);
 106         }
 107
 108         if (al->url.isEmpty()) {
 109             showDebugWarning("URL");
 110             // XXX: al->url should be the request URL from client,
 111             // but request->url may be different (e.g.,redirected)
 112             al->url = request->effectiveRequestUri();
 113         }
 114     }
 115
 116     if (reply && !al->reply) {
 117         showDebugWarning("HttpReply object");
 118         al->reply = reply;
 119     }
 120
 121 #if USE_IDENT
 122     if (*rfc931 && !al->cache.rfc931) {
 123         showDebugWarning("IDENT");
 124         al->cache.rfc931 = xstrdup(rfc931);
 125     }
 126 #endif
 127 }
 128
 129 void
 130 ACLFilledChecklist::syncAle(HttpRequest *adaptedRequest, const char *logUri) const
 131 {
 132     if (!al)
 133         return;
 134     if (adaptedRequest && !al->adapted_request) {
 135         al->adapted_request = adaptedRequest;
 136         HTTPMSGLOCK(al->adapted_request);
 137     }
 138     if (logUri && al->url.isEmpty())
 139         al->url = logUri;
 140 }
 141
 142 ConnStateData *
 143 ACLFilledChecklist::conn() const
 144 {
 145     return cbdataReferenceValid(conn_) ? conn_ : nullptr;
 146 }
 147
 148 void
 149 ACLFilledChecklist::conn(ConnStateData *aConn)
 150 {
 151     if (conn() == aConn)
 152         return;
 153     assert (conn() == NULL);
 154     conn_ = cbdataReference(aConn);
 155 }
 156
 157 int
 158 ACLFilledChecklist::fd() const
 159 {
 160     const auto c = conn();
 161     return (c && c->clientConnection) ? c->clientConnection->fd : fd_;
 162 }
 163
 164 void
 165 ACLFilledChecklist::fd(int aDescriptor)
 166 {
 167     const auto c = conn();
 168     assert(!c || !c->clientConnection || c->clientConnection->fd == aDescriptor);
 169     fd_ = aDescriptor;
 170 }
 171
 172 bool
 173 ACLFilledChecklist::destinationDomainChecked() const
 174 {
 175     return destinationDomainChecked_;
 176 }
 177
 178 void
 179 ACLFilledChecklist::markDestinationDomainChecked()
 180 {
 181     assert (!finished() && !destinationDomainChecked());
 182     destinationDomainChecked_ = true;
 183 }
 184
 185 bool
 186 ACLFilledChecklist::sourceDomainChecked() const
 187 {
 188     return sourceDomainChecked_;
 189 }
 190
 191 void
 192 ACLFilledChecklist::markSourceDomainChecked()
 193 {
 194     assert (!finished() && !sourceDomainChecked());
 195     sourceDomainChecked_ = true;
 196 }
 197
 198 /*
 199  * There are two common ACLFilledChecklist lifecycles paths:
 200  *
 201  * A) Using aclCheckFast(): The caller creates an ACLFilledChecklist object
 202  *    on stack and calls aclCheckFast().
 203  *
 204  * B) Using aclNBCheck() and callbacks: The caller allocates an
 205  *    ACLFilledChecklist object (via operator new) and passes it to
 206  *    aclNBCheck(). Control eventually passes to ACLChecklist::checkCallback(),
 207  *    which will invoke the callback function as requested by the
 208  *    original caller of aclNBCheck().  This callback function must
 209  *    *not* delete the list.  After the callback function returns,
 210  *    checkCallback() will delete the list (i.e., self).
 211  */
 212 ACLFilledChecklist::ACLFilledChecklist(const acl_access *A, HttpRequest *http_request, const char *ident):
 213     dst_rdns(NULL),
 214     request(NULL),
 215     reply(NULL),
 216 #if USE_AUTH
 217     auth_user_request(NULL),
 218 #endif
 219 #if SQUID_SNMP
 220     snmp_community(NULL),
 221 #endif
 222 #if USE_OPENSSL
 223     sslErrors(NULL),
 224 #endif
 225     requestErrorType(ERR_MAX),
 226     conn_(NULL),
 227     fd_(-1),
 228     destinationDomainChecked_(false),
 229     sourceDomainChecked_(false)
 230 {
 231     my_addr.setEmpty();
 232     src_addr.setEmpty();
 233     dst_addr.setEmpty();
 234     rfc931[0] = '\0';
 235
 236     changeAcl(A);
 237     setRequest(http_request);
 238     setIdent(ident);
 239 }
 240
 241 void ACLFilledChecklist::setRequest(HttpRequest *httpRequest)
 242 {
 243     assert(!request);
 244     if (httpRequest) {
 245         request = httpRequest;
 246         HTTPMSGLOCK(request);
 247 #if FOLLOW_X_FORWARDED_FOR
 248         if (Config.onoff.acl_uses_indirect_client)
 249             src_addr = request->indirect_client_addr;
 250         else
 251 #endif /* FOLLOW_X_FORWARDED_FOR */
 252             src_addr = request->client_addr;
 253         my_addr = request->my_addr;
 254
 255         if (request->clientConnectionManager.valid())
 256             conn(request->clientConnectionManager.get());
 257     }
 258 }
 259
 260 void
 261 ACLFilledChecklist::setIdent(const char *ident)
 262 {
 263 #if USE_IDENT
 264     assert(!rfc931[0]);
 265     if (ident)
 266         xstrncpy(rfc931, ident, USER_IDENT_SZ);
 267 #endif
 268 }
 269