2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 04 Error Generation */
12 #include "AccessLogEntry.h"
14 #include "clients/forward.h"
15 #include "comm/Connection.h"
16 #include "comm/Write.h"
17 #include "error/Detail.h"
18 #include "error/SysErrorDetail.h"
19 #include "errorpage.h"
21 #include "format/Format.h"
23 #include "html_quote.h"
24 #include "HttpHeaderTools.h"
25 #include "HttpReply.h"
26 #include "HttpRequest.h"
28 #include "MemObject.h"
30 #include "sbuf/Stream.h"
31 #include "SquidConfig.h"
36 #include "auth/UserRequest.h"
39 #include "ssl/ErrorDetailManager.h"
43 \defgroup ErrorPageInternal Error Page Internals
46 \section ErrorPagesAbstract Abstract:
47 * These routines are used to generate error messages to be
48 * sent to clients. The error type is used to select between
49 * the various message formats. (formats are stored in the
50 * Config.errorDirectory)
53 #if !defined(DEFAULT_SQUID_ERROR_DIR)
54 /** Where to look for errors if config path fails.
55 \note Please use ./configure --datadir=/path instead of patching
57 #define DEFAULT_SQUID_ERROR_DIR DEFAULT_SQUID_DATA_DIR"/errors"
60 /// \ingroup ErrorPageInternal
61 CBDATA_CLASS_INIT(ErrorState
);
63 const SBuf
ErrorState::LogformatMagic("@Squid{");
67 /// an error page created from admin-configurable metadata (e.g. deny_info)
68 class ErrorDynamicPageInfo
{
70 ErrorDynamicPageInfo(const int anId
, const char *aName
, const SBuf
&aCfgLocation
);
71 ~ErrorDynamicPageInfo() { xfree(page_name
); }
73 /// error_text[] index for response body (unused in redirection responses)
76 /// Primary deny_info parameter:
77 /// * May start with an HTTP status code.
78 /// * Either a well-known error page name, a filename, or a redirect URL.
81 /// admin-configured HTTP Location header value for redirection responses
84 /// admin-configured name for the error page template (custom or standard)
87 /// deny_info directive position in squid.conf (for reporting)
90 // XXX: Misnamed. Not just for redirects.
91 /// admin-configured HTTP status code
92 Http::StatusCode page_redirect
;
95 // no copying of any kind
96 ErrorDynamicPageInfo(ErrorDynamicPageInfo
&&) = delete;
101 /// state and parameters shared by several ErrorState::compile*() methods
105 SBuf output
; ///< compilation result
106 const char *input
= nullptr; ///< template bytes that need to be compiled
107 bool building_deny_info_url
= false; ///< whether we compile deny_info URI
108 bool allowRecursion
= false; ///< whether top-level compile() calls are OK
111 /// pretty-prints error page/deny_info building error
112 class BuildErrorPrinter
115 BuildErrorPrinter(const SBuf
&anInputLocation
, int aPage
, const char *aMsg
, const char *aNear
): inputLocation(anInputLocation
), page_id(aPage
), msg(aMsg
), near(aNear
) {}
117 /// reports error details (for admin-visible exceptions and debugging)
118 std::ostream
&print(std::ostream
&) const;
120 /// print() helper to report where the error was found
121 std::ostream
&printLocation(std::ostream
&os
) const;
123 /* saved constructor parameters */
124 const SBuf
&inputLocation
;
130 static inline std::ostream
&
131 operator <<(std::ostream
&os
, const BuildErrorPrinter
&context
)
133 return context
.print(os
);
136 static const char *IsDenyInfoUri(const int page_id
);
138 static void ImportStaticErrorText(const int page_id
, const char *text
, const SBuf
&inputLocation
);
139 static void ValidateStaticError(const int page_id
, const SBuf
&inputLocation
);
141 } // namespace ErrorPage
143 /* local constant and vars */
145 /// an error page (or a part of an error page) with hard-coded template text
146 class HardCodedError
{
148 err_type type
; ///< identifies the error (or a special error template part)
149 const char *text
; ///< a string literal containing the error template
152 /// error messages that cannot be configured/customized externally
153 static const std::array
<HardCodedError
, 7> HardCodedErrors
= {
159 "<div id=\"footer\">\n"
160 "Generated %T by %h (%s)\n"
170 "unexpected client disconnect"
173 ERR_SECURE_ACCEPT_FAIL
,
177 ERR_REQUEST_START_TIMEOUT
,
178 "request start timedout"
181 ERR_REQUEST_PARSE_TIMEOUT
,
182 "request parse timedout"
186 "relay server response"
191 /// \ingroup ErrorPageInternal
192 static std::vector
<ErrorDynamicPageInfo
*> ErrorDynamicPages
;
194 /* local prototypes */
196 /// \ingroup ErrorPageInternal
197 static char **error_text
= nullptr;
199 /// \ingroup ErrorPageInternal
200 static int error_page_count
= 0;
202 /// \ingroup ErrorPageInternal
203 static MemBuf error_stylesheet
;
205 static const char *errorFindHardText(err_type type
);
206 static IOCB errorSendComplete
;
208 /// \ingroup ErrorPageInternal
209 /// manages an error page template
210 class ErrorPageFile
: public TemplateFile
213 ErrorPageFile(const char *name
, const err_type code
) : TemplateFile(name
, code
) {}
215 /// The template text data read from disk
216 const char *text() { return template_
.c_str(); }
219 virtual void setDefault() override
{
220 template_
= "Internal Error: Missing Template ";
221 template_
.append(templateName
.termedBuf());
225 /// \ingroup ErrorPageInternal
227 operator++ (err_type
&anErr
)
229 int tmp
= (int)anErr
;
230 anErr
= (err_type
)(++tmp
);
234 /// \ingroup ErrorPageInternal
236 operator -(err_type
const &anErr
, err_type
const &anErr2
)
238 return (int)anErr
- (int)anErr2
;
241 /// \return deny_info URL if the given page is a deny_info page with a URL
242 /// \return nullptr otherwise
244 ErrorPage::IsDenyInfoUri(const int page_id
)
246 if (ERR_MAX
<= page_id
&& page_id
< error_page_count
)
247 return ErrorDynamicPages
.at(page_id
- ERR_MAX
)->uri
; // may be nil
252 errorInitialize(void)
254 using ErrorPage::ImportStaticErrorText
;
258 error_page_count
= ERR_MAX
+ ErrorDynamicPages
.size();
259 error_text
= static_cast<char **>(xcalloc(error_page_count
, sizeof(char *)));
261 for (i
= ERR_NONE
, ++i
; i
< error_page_count
; ++i
) {
262 safe_free(error_text
[i
]);
264 if ((text
= errorFindHardText(i
))) {
266 * Index any hard-coded error text into defaults.
268 static const SBuf
builtIn("built-in");
269 ImportStaticErrorText(i
, text
, builtIn
);
271 } else if (i
< ERR_MAX
) {
273 * Index precompiled fixed template files from one of two sources:
274 * (a) default language translation directory (error_default_language)
275 * (b) admin specified custom directory (error_directory)
277 ErrorPageFile
errTmpl(err_type_str
[i
], i
);
278 errTmpl
.loadDefault();
279 ImportStaticErrorText(i
, errTmpl
.text(), errTmpl
.filename
);
282 * Index any unknown file names used by deny_info.
284 ErrorDynamicPageInfo
*info
= ErrorDynamicPages
.at(i
- ERR_MAX
);
285 assert(info
&& info
->id
== i
&& info
->page_name
);
287 if (info
->filename
) {
288 /** But only if they are not redirection URL. */
289 ErrorPageFile
errTmpl(info
->filename
, ERR_MAX
);
290 errTmpl
.loadDefault();
291 ImportStaticErrorText(i
, errTmpl
.text(), errTmpl
.filename
);
294 ErrorPage::ValidateStaticError(i
, info
->cfgLocation
);
299 error_stylesheet
.reset();
301 // look for and load stylesheet into global MemBuf for it.
302 if (Config
.errorStylesheet
) {
303 ErrorPageFile
tmpl("StylesSheet", ERR_MAX
);
304 tmpl
.loadFromFile(Config
.errorStylesheet
);
305 error_stylesheet
.appendf("%s",tmpl
.text());
309 Ssl::errorDetailInitialize();
319 for (i
= ERR_NONE
+ 1; i
< error_page_count
; ++i
)
320 safe_free(error_text
[i
]);
322 safe_free(error_text
);
325 while (!ErrorDynamicPages
.empty()) {
326 delete ErrorDynamicPages
.back();
327 ErrorDynamicPages
.pop_back();
330 error_page_count
= 0;
333 Ssl::errorDetailClean();
337 /// \ingroup ErrorPageInternal
339 errorFindHardText(err_type type
)
341 for (const auto &m
: HardCodedErrors
) {
348 TemplateFile::TemplateFile(const char *name
, const err_type code
): silent(false), wasLoaded(false), templateName(name
), templateCode(code
)
354 TemplateFile::loadDefault()
356 if (loaded()) // already loaded?
359 /** test error_directory configured location */
360 if (Config
.errorDirectory
) {
361 char path
[MAXPATHLEN
];
362 snprintf(path
, sizeof(path
), "%s/%s", Config
.errorDirectory
, templateName
.termedBuf());
367 /** test error_default_language location */
368 if (!loaded() && Config
.errorDefaultLanguage
) {
369 if (!tryLoadTemplate(Config
.errorDefaultLanguage
)) {
370 debugs(1, (templateCode
< TCP_RESET
? DBG_CRITICAL
: 3), "ERROR: Unable to load default error language files. Reset to backups.");
375 /* test default location if failed (templates == English translation base templates) */
377 tryLoadTemplate("templates");
380 /* giving up if failed */
382 debugs(1, (templateCode
< TCP_RESET
? DBG_CRITICAL
: 3), "WARNING: failed to find or read error text file " << templateName
);
390 TemplateFile::tryLoadTemplate(const char *lang
)
394 char path
[MAXPATHLEN
];
395 /* TODO: prep the directory path string to prevent snprintf ... */
396 snprintf(path
, sizeof(path
), "%s/%s/%s",
397 DEFAULT_SQUID_ERROR_DIR
, lang
, templateName
.termedBuf());
398 path
[MAXPATHLEN
-1] = '\0';
400 if (loadFromFile(path
))
404 if ( strlen(lang
) == 2) {
405 /* TODO glob the error directory for sub-dirs matching: <tag> '-*' */
406 /* use first result. */
407 debugs(4,2, "wildcard fallback errors not coded yet.");
415 TemplateFile::loadFromFile(const char *path
)
421 if (loaded()) // already loaded?
424 fd
= file_open(path
, O_RDONLY
| O_TEXT
);
427 /* with dynamic locale negotiation we may see some failures before a success. */
428 if (!silent
&& templateCode
< TCP_RESET
) {
430 debugs(4, DBG_CRITICAL
, "ERROR: loading file '" << path
<< "': " << xstrerr(xerrno
));
437 while ((len
= FD_READ_METHOD(fd
, buf
, sizeof(buf
))) > 0) {
438 template_
.append(buf
, len
);
444 debugs(4, DBG_CRITICAL
, MYNAME
<< "ERROR: failed to fully read: '" << path
<< "': " << xstrerr(xerrno
));
451 filename
= SBuf(path
);
454 debugs(4, DBG_CRITICAL
, "ERROR: parsing error in template file: " << path
);
463 bool strHdrAcptLangGetItem(const String
&hdr
, char *lang
, int langLen
, size_t &pos
)
465 while (pos
< hdr
.size()) {
467 /* skip any initial whitespace. */
468 while (pos
< hdr
.size() && xisspace(hdr
[pos
]))
472 * Header value format:
473 * - sequence of whitespace delimited tags
474 * - each tag may suffix with ';'.* which we can ignore.
475 * - IFF a tag contains only two characters we can wildcard ANY translations matching: <it> '-'? .*
476 * with preference given to an exact match.
478 bool invalid_byte
= false;
480 while (pos
< hdr
.size() && hdr
[pos
] != ';' && hdr
[pos
] != ',' && !xisspace(hdr
[pos
]) && dt
< (lang
+ (langLen
-1)) ) {
482 #if USE_HTTP_VIOLATIONS
483 // if accepting violations we may as well accept some broken browsers
484 // which may send us the right code, wrong ISO formatting.
489 *dt
= xtolower(hdr
[pos
]);
490 // valid codes only contain A-Z, hyphen (-) and *
491 if (*dt
!= '-' && *dt
!= '*' && (*dt
< 'a' || *dt
> 'z') )
494 ++dt
; // move to next destination byte.
498 *dt
= '\0'; // nul-terminated the filename content string before system use.
500 // if we terminated the tag on garbage or ';' we need to skip to the next ',' or end of header.
501 while (pos
< hdr
.size() && hdr
[pos
] != ',')
504 if (pos
< hdr
.size() && hdr
[pos
] == ',')
507 debugs(4, 9, "STATE: lang=" << lang
<< ", pos=" << pos
<< ", buf='" << ((pos
< hdr
.size()) ? hdr
.substr(pos
,hdr
.size()) : "") << "'");
509 /* if we found anything we might use, try it. */
510 if (*lang
!= '\0' && !invalid_byte
)
517 TemplateFile::loadFor(const HttpRequest
*request
)
522 if (loaded()) // already loaded?
525 if (!request
|| !request
->header
.getList(Http::HdrType::ACCEPT_LANGUAGE
, &hdr
))
529 size_t pos
= 0; // current parsing position in header string
531 debugs(4, 6, "Testing Header: '" << hdr
<< "'");
533 while ( strHdrAcptLangGetItem(hdr
, lang
, 256, pos
) ) {
535 /* wildcard uses the configured default language */
536 if (lang
[0] == '*' && lang
[1] == '\0') {
537 debugs(4, 6, "Found language '" << lang
<< "'. Using configured default.");
541 debugs(4, 6, "Found language '" << lang
<< "', testing for available template");
543 if (tryLoadTemplate(lang
)) {
544 /* store the language we found for the Content-Language reply header */
547 } else if (Config
.errorLogMissingLanguages
) {
548 debugs(4, DBG_IMPORTANT
, "WARNING: Error Pages Missing Language: " << lang
);
558 ErrorDynamicPageInfo::ErrorDynamicPageInfo(const int anId
, const char *aName
, const SBuf
&aCfgLocation
):
560 page_name(xstrdup(aName
)),
563 cfgLocation(aCfgLocation
),
564 page_redirect(static_cast<Http::StatusCode
>(atoi(page_name
)))
566 const char *filenameOrUri
= nullptr;
567 if (xisdigit(*page_name
)) {
568 if (const char *statusCodeEnd
= strchr(page_name
, ':'))
569 filenameOrUri
= statusCodeEnd
+ 1;
571 assert(!page_redirect
);
572 filenameOrUri
= page_name
;
575 // Guessed uri, filename, or both values may be nil or malformed.
576 // They are validated later.
577 if (!page_redirect
) {
578 if (filenameOrUri
&& strchr(filenameOrUri
, ':')) // looks like a URL
581 filename
= filenameOrUri
;
583 else if (page_redirect
/100 == 3) {
584 // redirects imply a URL
587 // non-redirects imply an error page name
588 filename
= filenameOrUri
;
591 const auto info
= this; // source code change reduction hack
592 // TODO: Move and refactor to avoid self_destruct()s in reconfigure.
594 /* WARNING on redirection status:
595 * 2xx are permitted, but not documented officially.
596 * - might be useful for serving static files (PAC etc) in special cases
597 * 3xx require a URL suitable for Location: header.
598 * - the current design does not allow for a Location: URI as well as a local file template
599 * although this possibility is explicitly permitted in the specs.
600 * 4xx-5xx require a local file template.
601 * - sending Location: on these codes with no body is invalid by the specs.
602 * - current result is Squid crashing or XSS problems as dynamic deny_info load random disk files.
603 * - a future redesign of the file loading may result in loading remote objects sent inline as local body.
605 if (info
->page_redirect
== Http::scNone
)
606 ; // special case okay.
607 else if (info
->page_redirect
< 200 || info
->page_redirect
> 599) {
609 debugs(0, DBG_CRITICAL
, "FATAL: status " << info
->page_redirect
<< " is not valid on '" << page_name
<< "'");
611 } else if ( /* >= 200 && */ info
->page_redirect
< 300 && strchr(&(page_name
[4]), ':')) {
612 // 2xx require a local template file
613 debugs(0, DBG_CRITICAL
, "FATAL: status " << info
->page_redirect
<< " requires a template on '" << page_name
<< "'");
615 } else if (info
->page_redirect
>= 300 && info
->page_redirect
<= 399 && !strchr(&(page_name
[4]), ':')) {
616 // 3xx require an absolute URL
617 debugs(0, DBG_CRITICAL
, "FATAL: status " << info
->page_redirect
<< " requires a URL on '" << page_name
<< "'");
619 } else if (info
->page_redirect
>= 400 /* && <= 599 */ && strchr(&(page_name
[4]), ':')) {
620 // 4xx/5xx require a local template file
621 debugs(0, DBG_CRITICAL
, "FATAL: status " << info
->page_redirect
<< " requires a template on '" << page_name
<< "'");
627 /// \ingroup ErrorPageInternal
629 errorPageId(const char *page_name
)
631 for (int i
= 0; i
< ERR_MAX
; ++i
) {
632 if (strcmp(err_type_str
[i
], page_name
) == 0)
636 for (size_t j
= 0; j
< ErrorDynamicPages
.size(); ++j
) {
637 if (strcmp(ErrorDynamicPages
[j
]->page_name
, page_name
) == 0)
645 errorReservePageId(const char *page_name
, const SBuf
&cfgLocation
)
647 int id
= errorPageId(page_name
);
649 if (id
== ERR_NONE
) {
650 id
= ERR_MAX
+ ErrorDynamicPages
.size();
651 const auto info
= new ErrorDynamicPageInfo(id
, page_name
, cfgLocation
);
652 ErrorDynamicPages
.push_back(info
);
658 /// \ingroup ErrorPageInternal
660 errorPageName(int pageId
)
662 if (pageId
>= ERR_NONE
&& pageId
< ERR_MAX
) /* common case */
663 return err_type_str
[pageId
];
665 if (pageId
>= ERR_MAX
&& pageId
- ERR_MAX
< (ssize_t
)ErrorDynamicPages
.size())
666 return ErrorDynamicPages
[pageId
- ERR_MAX
]->page_name
;
668 return "ERR_UNKNOWN"; /* should not happen */
672 ErrorState::NewForwarding(err_type type
, HttpRequestPointer
&request
, const AccessLogEntry::Pointer
&ale
)
674 const Http::StatusCode status
= (request
&& request
->flags
.needValidation
) ?
675 Http::scGatewayTimeout
: Http::scServiceUnavailable
;
676 return new ErrorState(type
, status
, request
.getRaw(), ale
);
679 ErrorState::ErrorState(err_type t
) :
686 ErrorState::ErrorState(err_type t
, Http::StatusCode status
, HttpRequest
* req
, const AccessLogEntry::Pointer
&anAle
) :
689 if (page_id
>= ERR_MAX
&& ErrorDynamicPages
[page_id
- ERR_MAX
]->page_redirect
!= Http::scNone
)
690 httpStatus
= ErrorDynamicPages
[page_id
- ERR_MAX
]->page_redirect
;
696 src_addr
= req
->client_addr
;
702 ErrorState::ErrorState(HttpRequest
* req
, HttpReply
*errorReply
) :
703 ErrorState(ERR_RELAY_REMOTE
)
706 response_
= errorReply
;
707 httpStatus
= errorReply
->sline
.status();
711 src_addr
= req
->client_addr
;
716 errorAppendEntry(StoreEntry
* entry
, ErrorState
* err
)
718 assert(entry
->mem_obj
!= nullptr);
719 assert (entry
->isEmpty());
720 debugs(4, 4, "storing " << err
<< " in " << *entry
);
722 if (entry
->store_status
!= STORE_PENDING
) {
723 debugs(4, 2, "Skipping error page due to store_status: " << entry
->store_status
);
725 * If the entry is not STORE_PENDING, then no clients
726 * care about it, and we don't need to generate an
729 assert(EBIT_TEST(entry
->flags
, ENTRY_ABORTED
));
730 assert(entry
->mem_obj
->nclients
== 0);
735 if (err
->page_id
== TCP_RESET
) {
737 debugs(4, 2, "RSTing this reply");
738 err
->request
->flags
.resetTcp
= true;
742 entry
->storeErrorResponse(err
->BuildHttpReply());
747 errorSend(const Comm::ConnectionPointer
&conn
, ErrorState
* err
)
749 debugs(4, 3, conn
<< ", err=" << err
);
750 assert(Comm::IsConnOpen(conn
));
752 HttpReplyPointer
rep(err
->BuildHttpReply());
754 MemBuf
*mb
= rep
->pack();
755 AsyncCall::Pointer call
= commCbCall(78, 5, "errorSendComplete",
756 CommIoCbPtrFun(&errorSendComplete
, err
));
757 Comm::Write(conn
, mb
, call
);
762 \ingroup ErrorPageAPI
764 * Called by commHandleWrite() after data has been written
765 * to the client socket.
767 \note If there is a callback, the callback is responsible for
768 * closing the FD, otherwise we do it ourselves.
771 errorSendComplete(const Comm::ConnectionPointer
&conn
, char *, size_t size
, Comm::Flag errflag
, int, void *data
)
773 ErrorState
*err
= static_cast<ErrorState
*>(data
);
774 debugs(4, 3, conn
<< ", size=" << size
);
776 if (errflag
!= Comm::ERR_CLOSING
) {
778 debugs(4, 3, "errorSendComplete: callback");
779 err
->callback(conn
->fd
, err
->callback_data
, size
);
781 debugs(4, 3, "errorSendComplete: comm_close");
789 ErrorState::~ErrorState()
791 safe_free(redirect_url
);
793 safe_free(request_hdrs
);
794 wordlistDestroy(&ftp
.server_msg
);
795 safe_free(ftp
.request
);
796 safe_free(ftp
.reply
);
799 if (err_language
!= Config
.errorDefaultLanguage
)
801 safe_free(err_language
);
805 ErrorState::Dump(MemBuf
* mb
)
808 char ntoabuf
[MAX_IPSTRLEN
];
811 /* email subject line */
812 str
.appendf("CacheErrorInfo - %s", errorPageName(type
));
813 mb
->appendf("?subject=%s", rfc1738_escape_part(str
.buf
));
816 str
.appendf("CacheHost: %s\r\n", getMyHostname());
818 str
.appendf("ErrPage: %s\r\n", errorPageName(type
));
821 str
.appendf("Err: (%d) %s\r\n", xerrno
, strerror(xerrno
));
823 str
.append("Err: [none]\r\n", 13);
826 if (auth_user_request
.getRaw() && auth_user_request
->denyMessage())
827 str
.appendf("Auth ErrMsg: %s\r\n", auth_user_request
->denyMessage());
829 if (dnsError
.size() > 0)
830 str
.appendf("DNS ErrMsg: %s\r\n", dnsError
.termedBuf());
833 str
.appendf("TimeStamp: %s\r\n\r\n", Time::FormatRfc1123(squid_curtime
));
836 str
.appendf("ClientIP: %s\r\n", src_addr
.toStr(ntoabuf
,MAX_IPSTRLEN
));
838 if (request
&& request
->hier
.host
[0] != '\0') {
839 str
.appendf("ServerIP: %s\r\n", request
->hier
.host
);
842 str
.append("\r\n", 2);
844 str
.append("HTTP Request:\r\n", 15);
846 str
.appendf(SQUIDSBUFPH
" " SQUIDSBUFPH
" %s/%d.%d\n",
847 SQUIDSBUFPRINT(request
->method
.image()),
848 SQUIDSBUFPRINT(request
->url
.path()),
849 AnyP::ProtocolType_str
[request
->http_ver
.protocol
],
850 request
->http_ver
.major
, request
->http_ver
.minor
);
851 request
->header
.packInto(&str
);
854 str
.append("\r\n", 2);
858 str
.appendf("FTP Request: %s\r\n", ftp
.request
);
859 str
.appendf("FTP Reply: %s\r\n", (ftp
.reply
? ftp
.reply
:"[none]"));
860 str
.append("FTP Msg: ", 9);
861 wordlistCat(ftp
.server_msg
, &str
);
862 str
.append("\r\n", 2);
865 str
.append("\r\n", 2);
866 mb
->appendf("&body=%s", rfc1738_escape_part(str
.buf
));
871 /// \ingroup ErrorPageInternal
872 #define CVT_BUF_SZ 512
875 ErrorState::compileLogformatCode(Build
&build
)
877 assert(LogformatMagic
.cmp(build
.input
, LogformatMagic
.length()) == 0);
880 const auto logformat
= build
.input
+ LogformatMagic
.length();
882 // Logformat supports undocumented "external" encoding specifications
883 // like [%>h] or "%<a". To preserve the possibility of extending
884 // @Squid{} syntax to non-logformat sequences, we require logformat
885 // sequences to start with '%'. This restriction does not limit
886 // logformat quoting abilities. TODO: Deprecate "external" encoding?
887 if (*logformat
!= '%')
888 throw TexcHere("logformat expressions that do not start with % are not supported");
890 static MemBuf result
;
892 const auto logformatLen
= Format::AssembleOne(logformat
, result
, ale
);
893 assert(logformatLen
> 0);
894 const auto closure
= logformat
+ logformatLen
;
896 throw TexcHere("Missing closing brace (})");
897 build
.output
.append(result
.content(), result
.contentSize());
898 build
.input
= closure
+ 1;
901 noteBuildError("Bad @Squid{logformat} sequence", build
.input
);
904 // we cannot recover reliably so stop interpreting the rest of input
905 const auto remainingSize
= strlen(build
.input
);
906 build
.output
.append(build
.input
, remainingSize
);
907 build
.input
+= remainingSize
;
911 ErrorState::compileLegacyCode(Build
&build
)
914 const char *p
= nullptr; /* takes priority over mb if set */
916 int no_urlescape
= 0; /* if true then item is NOT to be further URL-encoded */
917 char ntoabuf
[MAX_IPSTRLEN
];
921 const auto &building_deny_info_url
= build
.building_deny_info_url
; // a change reduction hack
923 const auto letter
= build
.input
[1];
929 if (request
&& request
->auth_user_request
)
930 p
= request
->auth_user_request
->username();
937 // TODO: When/if we get ALE here, pass it as well
938 if (const auto addr
= FindListeningPortAddress(request
.getRaw(), nullptr))
939 mb
.appendf("%s", addr
->toStr(ntoabuf
, MAX_IPSTRLEN
));
945 mb
.appendf("%u", getMyPort());
949 if (building_deny_info_url
) break;
951 const SBuf
&tmp
= Ftp::UrlWith2f(request
.getRaw());
952 mb
.append(tmp
.rawContent(), tmp
.length());
958 if (building_deny_info_url
) break;
959 p
= errorPageName(type
);
963 if (!build
.allowRecursion
)
964 p
= "%D"; // if recursion is not allowed, do not convert
966 auto rawDetail
= detail
->verbose(request
);
967 // XXX: Performance regression. c_str() reallocates
968 const auto compiledDetail
= compileBody(rawDetail
.c_str(), false);
969 mb
.append(compiledDetail
.rawContent(), compiledDetail
.length());
972 if (!mb
.contentSize())
973 mb
.append("[No Error Detail]", 17);
977 mb
.appendf("%d", xerrno
);
982 mb
.appendf("(%d) %s", xerrno
, strerror(xerrno
));
984 mb
.append("[No Error]", 10);
988 if (building_deny_info_url
) break;
989 /* FTP REQUEST LINE */
997 if (building_deny_info_url
) break;
1006 if (building_deny_info_url
) break;
1007 /* FTP SERVER RESPONSE */
1009 mb
.append(ftp
.listing
->content(), ftp
.listing
->contentSize());
1011 } else if (ftp
.server_msg
) {
1012 wordlistCat(ftp
.server_msg
, &mb
);
1017 mb
.appendf("%s", getMyHostname());
1022 if (request
->hier
.host
[0] != '\0') // if non-empty string.
1023 p
= request
->hier
.host
;
1025 p
= request
->url
.host();
1026 } else if (!building_deny_info_url
)
1027 p
= "[unknown host]";
1031 mb
.appendf("%s", src_addr
.toStr(ntoabuf
,MAX_IPSTRLEN
));
1035 if (request
&& request
->hier
.tcpServer
)
1036 p
= request
->hier
.tcpServer
->remote
.toStr(ntoabuf
,MAX_IPSTRLEN
);
1037 else if (!building_deny_info_url
)
1042 if (building_deny_info_url
) break;
1043 mb
.append(error_stylesheet
.content(), error_stylesheet
.contentSize());
1048 if (building_deny_info_url
) break;
1049 if (Config
.errHtmlText
) {
1050 mb
.appendf("%s", Config
.errHtmlText
);
1053 p
= "[not available]";
1057 if (building_deny_info_url
) break;
1059 if (auth_user_request
.getRaw())
1060 p
= auth_user_request
->denyMessage("[not available]");
1062 p
= "[not available]";
1070 const SBuf
&m
= request
->method
.image();
1071 mb
.append(m
.rawContent(), m
.length());
1072 } else if (!building_deny_info_url
)
1073 p
= "[unknown method]";
1077 if (!building_deny_info_url
)
1081 p
= request
? request
->extacl_message
.termedBuf() : external_acl_message
;
1082 if (!p
&& !building_deny_info_url
)
1083 p
= "[not available]";
1088 mb
.appendf("%u", request
->url
.port());
1089 } else if (!building_deny_info_url
) {
1090 p
= "[unknown port]";
1096 const SBuf
&m
= request
->url
.getScheme().image();
1097 mb
.append(m
.rawContent(), m
.length());
1098 } else if (!building_deny_info_url
) {
1099 p
= "[unknown protocol]";
1104 if (building_deny_info_url
) {
1105 if (request
!= nullptr) {
1106 const SBuf
&tmp
= request
->url
.path();
1107 mb
.append(tmp
.rawContent(), tmp
.length());
1114 mb
.appendf(SQUIDSBUFPH
" " SQUIDSBUFPH
" %s/%d.%d\n",
1115 SQUIDSBUFPRINT(request
->method
.image()),
1116 SQUIDSBUFPRINT(request
->url
.path()),
1117 AnyP::ProtocolType_str
[request
->http_ver
.protocol
],
1118 request
->http_ver
.major
, request
->http_ver
.minor
);
1119 request
->header
.packInto(&mb
, true); //hide authorization data
1120 } else if (request_hdrs
) {
1128 /* for backward compat we make %s show the full URL. Drop this in some future release. */
1129 if (building_deny_info_url
) {
1131 const SBuf
&tmp
= request
->effectiveRequestUri();
1132 mb
.append(tmp
.rawContent(), tmp
.length());
1135 debugs(0, DBG_CRITICAL
, "WARNING: deny_info now accepts coded tags. Use %u to get the full URL instead of %s");
1137 p
= visible_appname_string
;
1141 if (building_deny_info_url
) {
1142 p
= visible_appname_string
;
1145 /* signature may contain %-escapes, recursion */
1146 if (page_id
!= ERR_SQUID_SIGNATURE
) {
1147 const int saved_id
= page_id
;
1148 page_id
= ERR_SQUID_SIGNATURE
;
1149 const auto signature
= buildBody();
1150 mb
.append(signature
.rawContent(), signature
.length());
1154 /* wow, somebody put %S into ERR_SIGNATURE, stop recursion */
1160 mb
.appendf("%s", Time::FormatHttpd(squid_curtime
));
1164 mb
.appendf("%s", Time::FormatRfc1123(squid_curtime
));
1168 /* Using the fake-https version of absolute-URI so error pages see https:// */
1169 /* even when the url-path cannot be shown as more than '*' */
1171 p
= urlCanonicalFakeHttps(request
.getRaw());
1174 else if (!building_deny_info_url
)
1180 const SBuf
&tmp
= request
->effectiveRequestUri();
1181 mb
.append(tmp
.rawContent(), tmp
.length());
1184 else if (!building_deny_info_url
)
1189 if (Config
.adminEmail
)
1190 mb
.appendf("%s", Config
.adminEmail
);
1191 else if (!building_deny_info_url
)
1196 if (building_deny_info_url
) break;
1197 if (Config
.adminEmail
&& Config
.onoff
.emailErrData
)
1204 const auto brief
= detail
->brief();
1205 mb
.append(brief
.rawContent(), brief
.length());
1206 } else if (!building_deny_info_url
) {
1207 p
= "[Unknown Error Code]";
1212 if (building_deny_info_url
) break;
1213 if (dnsError
.size() > 0)
1214 p
= dnsError
.termedBuf();
1215 else if (ftp
.cwd_msg
)
1222 if (building_deny_info_url
) break;
1234 if (building_deny_info_url
)
1235 bypassBuildErrorXXX("Unsupported deny_info %code", build
.input
);
1236 else if (letter
!= ';')
1237 bypassBuildErrorXXX("Unsupported error page %code", build
.input
);
1238 // else too many "font-size: 100%;" template errors to report
1240 mb
.append(build
.input
, 2);
1246 p
= mb
.buf
; /* do not use mb after this assignment! */
1250 debugs(4, 3, "%" << letter
<< " --> '" << p
<< "'" );
1255 if (building_deny_info_url
&& !no_urlescape
)
1256 p
= rfc1738_escape_part(p
);
1258 // TODO: Optimize by replacing mb with direct build.output usage.
1259 build
.output
.append(p
, strlen(p
));
1264 ErrorState::validate()
1266 if (const auto urlTemplate
= ErrorPage::IsDenyInfoUri(page_id
)) {
1267 (void)compile(urlTemplate
, true, true);
1269 assert(page_id
> ERR_NONE
);
1270 assert(page_id
< error_page_count
);
1271 (void)compileBody(error_text
[page_id
], true);
1276 ErrorState::BuildHttpReply()
1279 return response_
.getRaw();
1281 HttpReply
*rep
= new HttpReply
;
1282 const char *name
= errorPageName(page_id
);
1283 /* no LMT for error pages; error pages expire immediately */
1285 if (const auto urlTemplate
= ErrorPage::IsDenyInfoUri(page_id
)) {
1287 Http::StatusCode status
= Http::scFound
;
1288 // Use configured 3xx reply status if set.
1290 status
= httpStatus
;
1292 // Use 307 for HTTP/1.1 non-GET/HEAD requests.
1293 if (request
&& request
->method
!= Http::METHOD_GET
&& request
->method
!= Http::METHOD_HEAD
&& request
->http_ver
>= Http::ProtocolVersion(1,1))
1294 status
= Http::scTemporaryRedirect
;
1297 rep
->setHeaders(status
, nullptr, "text/html;charset=utf-8", 0, 0, -1);
1300 auto location
= compile(urlTemplate
, true, true);
1301 rep
->header
.putStr(Http::HdrType::LOCATION
, location
.c_str());
1304 httpHeaderPutStrf(&rep
->header
, Http::HdrType::X_SQUID_ERROR
, "%d %s", httpStatus
, "Access Denied");
1306 const auto body
= buildBody();
1307 rep
->setHeaders(httpStatus
, nullptr, "text/html;charset=utf-8", body
.length(), 0, -1);
1309 * include some information for downstream caches. Implicit
1310 * replaceable content. This isn't quite sufficient. xerrno is not
1311 * necessarily meaningful to another system, so we really should
1312 * expand it. Additionally, we should identify ourselves. Someone
1313 * might want to know. Someone _will_ want to know OTOH, the first
1314 * X-CACHE-MISS entry should tell us who.
1316 httpHeaderPutStrf(&rep
->header
, Http::HdrType::X_SQUID_ERROR
, "%s %d", name
, xerrno
);
1320 * If error page auto-negotiate is enabled in any way, send the Vary.
1321 * RFC 2616 section 13.6 and 14.44 says MAY and SHOULD do this.
1322 * We have even better reasons though:
1323 * see http://wiki.squid-cache.org/KnowledgeBase/VaryNotCaching
1325 if (!Config
.errorDirectory
) {
1326 /* We 'negotiated' this ONLY from the Accept-Language. */
1327 static const SBuf
acceptLanguage("Accept-Language");
1328 rep
->header
.updateOrAddStr(Http::HdrType::VARY
, acceptLanguage
);
1331 /* add the Content-Language header according to RFC section 14.12 */
1333 rep
->header
.putStr(Http::HdrType::CONTENT_LANGUAGE
, err_language
);
1335 #endif /* USE_ERROR_LOCALES */
1337 /* default templates are in English */
1338 /* language is known unless error_directory override used */
1339 if (!Config
.errorDirectory
)
1340 rep
->header
.putStr(Http::HdrType::CONTENT_LANGUAGE
, "en");
1343 rep
->body
.set(body
);
1346 // Make sure error codes get back to the client side for logging and
1350 request
->detailError(type
, detail
);
1352 request
->detailError(type
, SysErrorDetail::NewIfAny(xerrno
));
1359 ErrorState::buildBody()
1361 assert(page_id
> ERR_NONE
&& page_id
< error_page_count
);
1364 /** error_directory option in squid.conf overrides translations.
1365 * Custom errors are always found either in error_directory or the templates directory.
1366 * Otherwise locate the Accept-Language header
1368 if (!Config
.errorDirectory
&& page_id
< ERR_MAX
) {
1369 if (err_language
&& err_language
!= Config
.errorDefaultLanguage
)
1370 safe_free(err_language
);
1372 ErrorPageFile
localeTmpl(err_type_str
[page_id
], static_cast<err_type
>(page_id
));
1373 if (localeTmpl
.loadFor(request
.getRaw())) {
1374 inputLocation
= localeTmpl
.filename
;
1375 assert(localeTmpl
.language());
1376 err_language
= xstrdup(localeTmpl
.language());
1377 return compileBody(localeTmpl
.text(), true);
1380 #endif /* USE_ERR_LOCALES */
1383 * If client-specific error templates are not enabled or available.
1384 * fall back to the old style squid.conf settings.
1387 if (!Config
.errorDirectory
)
1388 err_language
= Config
.errorDefaultLanguage
;
1390 debugs(4, 2, "No existing error page language negotiated for " << this << ". Using default error file.");
1391 return compileBody(error_text
[page_id
], true);
1395 ErrorState::compileBody(const char *input
, bool allowRecursion
)
1397 return compile(input
, false, allowRecursion
);
1401 ErrorState::compile(const char *input
, bool building_deny_info_url
, bool allowRecursion
)
1406 build
.building_deny_info_url
= building_deny_info_url
;
1407 build
.allowRecursion
= allowRecursion
;
1408 build
.input
= input
;
1410 auto blockStart
= build
.input
;
1411 while (const auto letter
= *build
.input
) {
1412 if (letter
== '%') {
1413 build
.output
.append(blockStart
, build
.input
- blockStart
);
1414 compileLegacyCode(build
);
1415 blockStart
= build
.input
;
1417 else if (letter
== '@' && LogformatMagic
.cmp(build
.input
, LogformatMagic
.length()) == 0) {
1418 build
.output
.append(blockStart
, build
.input
- blockStart
);
1419 compileLogformatCode(build
);
1420 blockStart
= build
.input
;
1425 build
.output
.append(blockStart
, build
.input
- blockStart
);
1426 return build
.output
;
1429 /// react to a compile() error
1430 /// \param msg description of what went wrong
1431 /// \param near approximate start of the problematic input
1432 /// \param forceBypass whether detection of this error was introduced late,
1433 /// after old configurations containing this error could have been
1434 /// successfully validated and deployed (i.e. the admin may not be
1435 /// able to fix this newly detected but old problem quickly)
1437 ErrorState::noteBuildError_(const char *msg
, const char *near
, const bool forceBypass
)
1439 using ErrorPage::BuildErrorPrinter
;
1440 const auto runtime
= !starting_up
;
1441 if (runtime
|| forceBypass
) {
1442 // swallow this problem because the admin may not be (and/or the page
1443 // building code is not) ready to handle throwing consequences
1445 static unsigned int seenErrors
= 0;
1448 const auto debugLevel
=
1449 (seenErrors
> 100) ? DBG_DATA
:
1450 (starting_up
|| reconfiguring
) ? DBG_CRITICAL
:
1451 3; // most other errors have been reported as configuration errors
1453 // Error fatality depends on the error context: Reconfiguration errors
1454 // are, like startup ones, DBG_CRITICAL but will never become FATAL.
1455 if (starting_up
&& seenErrors
<= 10)
1456 debugs(4, debugLevel
, "WARNING: The following configuration error will be fatal in future Squid versions");
1458 debugs(4, debugLevel
, "ERROR: " << BuildErrorPrinter(inputLocation
, page_id
, msg
, near
));
1460 throw TexcHere(ToSBuf(BuildErrorPrinter(inputLocation
, page_id
, msg
, near
)));
1464 /* ErrorPage::BuildErrorPrinter */
1467 ErrorPage::BuildErrorPrinter::printLocation(std::ostream
&os
) const {
1468 if (!inputLocation
.isEmpty())
1469 return os
<< inputLocation
;
1471 if (page_id
< ERR_NONE
|| page_id
>= error_page_count
)
1472 return os
<< "[error page " << page_id
<< "]"; // should not happen
1474 if (page_id
< ERR_MAX
)
1475 return os
<< err_type_str
[page_id
];
1477 return os
<< "deny_info " << ErrorDynamicPages
.at(page_id
- ERR_MAX
)->page_name
;
1481 ErrorPage::BuildErrorPrinter::print(std::ostream
&os
) const {
1482 printLocation(os
) << ": " << msg
<< " near ";
1484 // TODO: Add support for prefix printing to Raw
1485 const size_t maxContextLength
= 15; // plus "..."
1486 if (strlen(near
) > maxContextLength
) {
1487 os
.write(near
, maxContextLength
);
1493 // XXX: We should not be converting (inner) exception to text if we are
1494 // going to throw again. See "add arbitrary (re)thrower-supplied details"
1495 // TODO in TextException.h for a long-term in-catcher solution.
1496 if (std::current_exception())
1497 os
<< "\n additional info: " << CurrentException
;
1502 /// add error page template to the global index
1504 ErrorPage::ImportStaticErrorText(const int page_id
, const char *text
, const SBuf
&inputLocation
)
1506 assert(!error_text
[page_id
]);
1507 error_text
[page_id
] = xstrdup(text
);
1508 ValidateStaticError(page_id
, inputLocation
);
1511 /// validate static error page
1513 ErrorPage::ValidateStaticError(const int page_id
, const SBuf
&inputLocation
)
1515 // Supplying nil ALE pointer limits validation to logformat %code
1516 // recognition by Format::Token::parse(). This is probably desirable
1517 // because actual %code assembly is slow and should not affect validation
1518 // when our ALE cannot have any real data (this code is not associated
1519 // with any real transaction).
1520 ErrorState
anErr(err_type(page_id
), Http::scNone
, nullptr, nullptr);
1521 anErr
.inputLocation
= inputLocation
;
1526 operator <<(std::ostream
&os
, const ErrorState
*err
)
1529 os
<< errorPageName(err
->page_id
);