/*
- * $Id$
+ * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
*
- * DEBUG: section 28 Access Control
- * AUTHOR: Duane Wessels
- *
- * SQUID Web Proxy Cache http://www.squid-cache.org/
- * ----------------------------------------------------------
- *
- * Squid is the result of efforts by numerous individuals from
- * the Internet community; see the CONTRIBUTORS file for full
- * details. Many organizations have provided support for Squid's
- * development; see the SPONSORS file for full details. Squid is
- * Copyrighted (C) 2001 by the Regents of the University of
- * California; see the COPYRIGHT file for full details. Squid
- * incorporates software developed and/or copyrighted by other
- * sources; see the CREDITS file for full details.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
- *
- *
- * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
+/* DEBUG: section 28 Access Control */
+
#include "squid.h"
-#include "acl/DestinationDomain.h"
#include "acl/Checklist.h"
-#include "acl/RegexData.h"
+#include "acl/DestinationDomain.h"
#include "acl/DomainData.h"
+#include "acl/RegexData.h"
+#include "fqdncache.h"
#include "HttpRequest.h"
DestinationDomainLookup DestinationDomainLookup::instance_;
void
DestinationDomainLookup::checkForAsync(ACLChecklist *cl) const
{
- ACLFilledChecklist *checklist = Filled(cl);
- checklist->asyncInProgress(true);
+ ACLFilledChecklist *checklist = Filled(cl);
fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist);
}
void
-DestinationDomainLookup::LookupDone(const char *fqdn, void *data)
+DestinationDomainLookup::LookupDone(const char *, const Dns::LookupDetails &details, void *data)
{
- ACLChecklist *checklist = (ACLChecklist *)data;
- assert (checklist->asyncState() == DestinationDomainLookup::Instance());
-
- checklist->asyncInProgress(false);
- checklist->changeState (ACLChecklist::NullState::Instance());
- Filled(checklist)->markDestinationDomainChecked();
- checklist->check();
+ ACLFilledChecklist *checklist = Filled((ACLChecklist*)data);
+ checklist->markDestinationDomainChecked();
+ checklist->request->recordLookup(details);
+ checklist->resumeNonBlockingCheck(DestinationDomainLookup::Instance());
}
+/* ACLDestinationDomainStrategy */
+
+const Acl::Options &
+ACLDestinationDomainStrategy::options()
+{
+ static const Acl::BooleanOption LookupBanFlag;
+ static const Acl::Options MyOptions = { { "-n", &LookupBanFlag } };
+ LookupBanFlag.linkWith(&lookupBanned);
+ return MyOptions;
+}
int
ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
assert(checklist != NULL && checklist->request != NULL);
- const ipcache_addrs *ia = NULL;
- const char *fqdn = NULL;
-
- if (data->match(checklist->request->GetHost()))
+ if (data->match(checklist->request->url.host())) {
return 1;
+ }
+
+ if (lookupBanned) {
+ debugs(28, 3, "No-lookup DNS ACL '" << AclMatchedName << "' for " << checklist->request->url.host());
+ return 0;
+ }
- /* numeric IPA? */
- if ((ia = ipcacheCheckNumeric(checklist->request->GetHost())) == NULL)
+ /* numeric IPA? no, trust the above result. */
+ if (!checklist->request->url.hostIsNumeric()) {
return 0;
+ }
- checklist->dst_addr = ia->in_addrs[0];
- fqdn = fqdncache_gethostbyaddr(checklist->dst_addr, FQDN_LOOKUP_IF_MISS);
+ /* do we already have the rDNS? match on it if we do. */
+ if (checklist->dst_rdns) {
+ debugs(28, 3, "'" << AclMatchedName << "' match with stored rDNS '" << checklist->dst_rdns << "' for " << checklist->request->url.host());
+ return data->match(checklist->dst_rdns);
+ }
+
+ /* raw IP without rDNS? look it up and wait for the result */
+ if (!checklist->dst_addr.fromHost(checklist->request->url.host())) {
+ /* not a valid IPA */
+ checklist->dst_rdns = xstrdup("invalid");
+ return 0;
+ }
+
+ const char *fqdn = fqdncache_gethostbyaddr(checklist->dst_addr, FQDN_LOOKUP_IF_MISS);
if (fqdn) {
+ checklist->dst_rdns = xstrdup(fqdn);
return data->match(fqdn);
} else if (!checklist->destinationDomainChecked()) {
- /* FIXME: Using AclMatchedName here is not OO correct. Should find a way to the current acl */
- debugs(28, 3, "aclMatchAcl: Can't yet compare '" << AclMatchedName << "' ACL for '" << checklist->request->GetHost() << "'");
- checklist->changeState(DestinationDomainLookup::Instance());
- return 0;
+ // TODO: Using AclMatchedName here is not OO correct. Should find a way to the current acl
+ debugs(28, 3, "Can't yet compare '" << AclMatchedName << "' ACL for " << checklist->request->url.host());
+ if (checklist->goAsync(DestinationDomainLookup::Instance()))
+ return -1;
+ // else fall through to "none" match, hiding the lookup failure (XXX)
}
return data->match("none");
}
-ACLDestinationDomainStrategy *
-ACLDestinationDomainStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLDestinationDomainStrategy ACLDestinationDomainStrategy::Instance_;
projects / thirdparty / squid.git / blobdiff