/*
- * DEBUG: section 16 Cache Manager Objects
- * AUTHOR: Duane Wessels
- *
- * SQUID Web Proxy Cache http://www.squid-cache.org/
- * ----------------------------------------------------------
- *
- * Squid is the result of efforts by numerous individuals from
- * the Internet community; see the CONTRIBUTORS file for full
- * details. Many organizations have provided support for Squid's
- * development; see the SPONSORS file for full details. Squid is
- * Copyrighted (C) 2001 by the Regents of the University of
- * California; see the COPYRIGHT file for full details. Squid
- * incorporates software developed and/or copyrighted by other
- * sources; see the CREDITS file for full details.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
*
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
+/* DEBUG: section 16 Cache Manager Objects */
+
#include "squid.h"
+#include "AccessLogEntry.h"
#include "base/TextException.h"
#include "CacheManager.h"
#include "comm/Connection.h"
#include "Debug.h"
#include "errorpage.h"
+#include "error/ExceptionErrorDetail.h"
#include "fde.h"
#include "HttpReply.h"
#include "HttpRequest.h"
-#include "mgr/ActionCreator.h"
#include "mgr/Action.h"
+#include "mgr/ActionCreator.h"
+#include "mgr/ActionPasswordList.h"
#include "mgr/ActionProfile.h"
#include "mgr/BasicActions.h"
#include "mgr/Command.h"
#include "mgr/Forwarder.h"
#include "mgr/FunAction.h"
#include "mgr/QueryParams.h"
-#include "protos.h" /* rotate_logs() */
-#include "tools.h"
+#include "parser/Tokenizer.h"
+#include "protos.h"
+#include "sbuf/Stream.h"
+#include "sbuf/StringConvert.h"
#include "SquidConfig.h"
#include "SquidTime.h"
#include "Store.h"
+#include "tools.h"
#include "wordlist.h"
#include <algorithm>
CacheManager::registerProfile(const Mgr::ActionProfile::Pointer &profile)
{
Must(profile != NULL);
- if (std::find(menu_.begin(), menu_.end(), profile) == menu_.end()) {
+ if (!CacheManager::findAction(profile->name)) {
menu_.push_back(profile);
debugs(16, 3, HERE << "registered profile: " << *profile);
} else {
return cmd->profile->creator->create(cmd);
}
+static const CharacterSet &
+MgrFieldChars(const AnyP::ProtocolType &protocol)
+{
+ // Deprecated cache_object:// scheme used '@' to delimit passwords
+ if (protocol == AnyP::PROTO_CACHE_OBJECT) {
+ static const CharacterSet fieldChars = CharacterSet("cache-object-field", "@?#").complement();
+ return fieldChars;
+ }
+
+ static const CharacterSet actionChars = CharacterSet("mgr-field", "?#").complement();
+ return actionChars;
+}
+
/**
- \ingroup CacheManagerInternal
* define whether the URL is a cache-manager URL and parse the action
* requested by the user. Checks via CacheManager::ActionProtection() that the
* item is accessible by the user.
- \retval CacheManager::cachemgrStateData state object for the following handling
- \retval NULL if the action can't be found or can't be accessed by the user
+ *
+ * Syntax:
+ *
+ * scheme "://" authority [ '/squid-internal-mgr' ] path-absolute [ '@' unreserved ] '?' query-string
+ *
+ * see RFC 3986 for definitions of scheme, authority, path-absolute, query-string
+ *
+ * \returns Mgr::Command object with action to perform and parameters it might use
*/
Mgr::Command::Pointer
-CacheManager::ParseUrl(const char *url)
+CacheManager::ParseUrl(const AnyP::Uri &uri)
{
- int t;
- LOCAL_ARRAY(char, host, MAX_URL);
- LOCAL_ARRAY(char, request, MAX_URL);
- LOCAL_ARRAY(char, password, MAX_URL);
- LOCAL_ARRAY(char, params, MAX_URL);
- host[0] = 0;
- request[0] = 0;
- password[0] = 0;
- params[0] = 0;
- int pos = -1;
- int len = strlen(url);
- Must(len > 0);
- t = sscanf(url, "cache_object://%[^/]/%[^@?]%n@%[^?]?%s", host, request, &pos, password, params);
- if (t < 3) {
- t = sscanf(url, "cache_object://%[^/]/%[^?]%n?%s", host, request, &pos, params);
- }
- if (t < 1) {
- t = sscanf(url, "http://%[^/]/squid-internal-mgr/%[^?]%n?%s", host, request, &pos, params);
- }
- if (t < 1) {
- t = sscanf(url, "https://%[^/]/squid-internal-mgr/%[^?]%n?%s", host, request, &pos, params);
- }
- if (t < 2) {
- if (strncmp("cache_object://",url,15)==0)
- xstrncpy(request, "menu", MAX_URL);
- else
- xstrncpy(request, "index", MAX_URL);
- }
+ Parser::Tokenizer tok(uri.path());
-#if _SQUID_OS2_
- if (t == 2 && request[0] == '\0') {
- /*
- * emx's sscanf insists of returning 2 because it sets request
- * to null
- */
- if (strncmp("cache_object://",url,15)==0)
- xstrncpy(request, "menu", MAX_URL);
- else
- xstrncpy(request, "index", MAX_URL);
- }
-#endif
+ static const SBuf internalMagicPrefix("/squid-internal-mgr/");
+ if (!tok.skip(internalMagicPrefix) && !tok.skip('/'))
+ throw TextException("invalid URL path", Here());
+
+ Mgr::Command::Pointer cmd = new Mgr::Command();
+ cmd->params.httpUri = SBufToString(uri.absolute());
- debugs(16, 3, HERE << "MGR request: t=" << t << ", host='" << host << "', request='" << request << "', pos=" << pos <<
- ", password='" << password << "', params='" << params << "'");
+ const auto &fieldChars = MgrFieldChars(uri.getScheme());
- Mgr::ActionProfile::Pointer profile = findAction(request);
- if (!profile) {
- debugs(16, DBG_IMPORTANT, "CacheManager::ParseUrl: action '" << request << "' not found");
- return NULL;
+ SBuf action;
+ if (!tok.prefix(action, fieldChars)) {
+ if (uri.getScheme() == AnyP::PROTO_CACHE_OBJECT) {
+ static const SBuf menuReport("menu");
+ action = menuReport;
+ } else {
+ static const SBuf indexReport("index");
+ action = indexReport;
+ }
}
+ cmd->params.actionName = SBufToString(action);
+
+ const auto profile = findAction(action.c_str());
+ if (!profile)
+ throw TextException(ToSBuf("action '", action, "' not found"), Here());
const char *prot = ActionProtection(profile);
- if (!strcmp(prot, "disabled") || !strcmp(prot, "hidden")) {
- debugs(16, DBG_IMPORTANT, "CacheManager::ParseUrl: action '" << request << "' is " << prot);
- return NULL;
+ if (!strcmp(prot, "disabled") || !strcmp(prot, "hidden"))
+ throw TextException(ToSBuf("action '", action, "' is ", prot), Here());
+ cmd->profile = profile;
+
+ SBuf passwd;
+ if (uri.getScheme() == AnyP::PROTO_CACHE_OBJECT && tok.skip('@')) {
+ (void)tok.prefix(passwd, fieldChars);
+ cmd->params.password = SBufToString(passwd);
}
- Mgr::Command::Pointer cmd = new Mgr::Command;
- if (!Mgr::QueryParams::Parse(params, cmd->params.queryParams))
- return NULL;
- cmd->profile = profile;
- cmd->params.httpUri = url;
- cmd->params.userName = String();
- cmd->params.password = password;
- cmd->params.actionName = request;
+ // TODO: fix when AnyP::Uri::parse() separates path?query#fragment
+ SBuf params;
+ if (tok.skip('?')) {
+ params = tok.remaining();
+ Mgr::QueryParams::Parse(tok, cmd->params.queryParams);
+ }
+
+ if (!tok.skip('#') && !tok.atEnd())
+ throw TextException("invalid characters in URL", Here());
+ // else ignore #fragment (if any)
+
+ debugs(16, 3, "MGR request: host=" << uri.host() << ", action=" << action <<
+ ", password=" << passwd << ", params=" << params);
+
return cmd;
}
// TODO: use the authentication system decode to retrieve these details properly.
/* base 64 _decoded_ user:passwd pair */
- const char *basic_cookie = request->header.getAuth(HDR_AUTHORIZATION, "Basic");
+ const auto basic_cookie(request->header.getAuthToken(Http::HdrType::AUTHORIZATION, "Basic"));
- if (!basic_cookie)
+ if (basic_cookie.isEmpty())
return;
- const char *passwd_del;
- if (!(passwd_del = strchr(basic_cookie, ':'))) {
+ const auto colonPos = basic_cookie.find(':');
+ if (colonPos == SBuf::npos) {
debugs(16, DBG_IMPORTANT, "CacheManager::ParseHeaders: unknown basic_cookie format '" << basic_cookie << "'");
return;
}
/* found user:password pair, reset old values */
- params.userName.limitInit(basic_cookie, passwd_del - basic_cookie);
- params.password = passwd_del + 1;
+ params.userName = SBufToString(basic_cookie.substr(0, colonPos));
+ params.password = SBufToString(basic_cookie.substr(colonPos+1));
/* warning: this prints decoded password which maybe not be what you want to do @?@ @?@ */
debugs(16, 9, "CacheManager::ParseHeaders: got user: '" <<
/**
\ingroup CacheManagerInternal
*
- \retval 0 if mgr->password is good or "none"
- \retval 1 if mgr->password is "disable"
- \retval !0 if mgr->password does not match configured password
+ \retval 0 if mgr->password is good or "none"
+ \retval 1 if mgr->password is "disable"
+ \retval !0 if mgr->password does not match configured password
*/
int
CacheManager::CheckPassword(const Mgr::Command &cmd)
* all needed internal work and renders the response.
*/
void
-CacheManager::Start(const Comm::ConnectionPointer &client, HttpRequest * request, StoreEntry * entry)
+CacheManager::start(const Comm::ConnectionPointer &client, HttpRequest *request, StoreEntry *entry, const AccessLogEntry::Pointer &ale)
{
- debugs(16, 3, "CacheManager::Start: '" << entry->url() << "'" );
+ debugs(16, 3, "request-url= '" << request->url << "', entry-url='" << entry->url() << "'");
+
+ Mgr::Command::Pointer cmd;
+ try {
+ cmd = ParseUrl(request->url);
- Mgr::Command::Pointer cmd = ParseUrl(entry->url());
- if (!cmd) {
- ErrorState *err = new ErrorState(ERR_INVALID_URL, HTTP_NOT_FOUND, request);
+ } catch (...) {
+ debugs(16, 2, "request URL error: " << CurrentException);
+ const auto err = new ErrorState(ERR_INVALID_URL, Http::scNotFound, request, ale);
err->url = xstrdup(entry->url());
+ err->detailError(new ExceptionErrorDetail(Here().id()));
errorAppendEntry(entry, err);
entry->expires = squid_curtime;
return;
if (CheckPassword(*cmd) != 0) {
/* build error message */
- ErrorState errState(ERR_CACHE_MGR_ACCESS_DENIED, HTTP_UNAUTHORIZED, request);
+ ErrorState errState(ERR_CACHE_MGR_ACCESS_DENIED, Http::scUnauthorized, request, ale);
/* warn if user specified incorrect password */
if (cmd->params.password.size()) {
rep->header.putAuth("Basic", actionName);
#endif
// Allow cachemgr and other XHR scripts access to our version string
- if (request->header.has(HDR_ORIGIN)) {
- rep->header.putExt("Access-Control-Allow-Origin",request->header.getStr(HDR_ORIGIN));
+ if (request->header.has(Http::HdrType::ORIGIN)) {
+ rep->header.putExt("Access-Control-Allow-Origin",request->header.getStr(Http::HdrType::ORIGIN));
#if HAVE_AUTH_MODULE_BASIC
rep->header.putExt("Access-Control-Allow-Credentials","true");
#endif
return;
}
- if (request->header.has(HDR_ORIGIN)) {
- cmd->params.httpOrigin = request->header.getStr(HDR_ORIGIN);
+ if (request->header.has(Http::HdrType::ORIGIN)) {
+ cmd->params.httpOrigin = request->header.getStr(Http::HdrType::ORIGIN);
}
debugs(16, 2, "CacheManager: " <<
// special case: /squid-internal-mgr/ index page
if (!strcmp(cmd->profile->name, "index")) {
- ErrorState err(MGR_INDEX, HTTP_OK, request);
+ ErrorState err(MGR_INDEX, Http::scOkay, request, ale);
err.url = xstrdup(entry->url());
HttpReply *rep = err.BuildHttpReply();
if (strncmp(rep->body.content(),"Internal Error:", 15) == 0)
- rep->sline.status = HTTP_NOT_FOUND;
+ rep->sline.set(Http::ProtocolVersion(1,1), Http::scNotFound);
// Allow cachemgr and other XHR scripts access to our version string
- if (request->header.has(HDR_ORIGIN)) {
- rep->header.putExt("Access-Control-Allow-Origin",request->header.getStr(HDR_ORIGIN));
+ if (request->header.has(Http::HdrType::ORIGIN)) {
+ rep->header.putExt("Access-Control-Allow-Origin",request->header.getStr(Http::HdrType::ORIGIN));
#if HAVE_AUTH_MODULE_BASIC
rep->header.putExt("Access-Control-Allow-Credentials","true");
#endif
if (UsingSmp() && IamWorkerProcess()) {
// is client the right connection to pass here?
- AsyncJob::Start(new Mgr::Forwarder(client, cmd->params, request, entry));
+ AsyncJob::Start(new Mgr::Forwarder(client, cmd->params, request, entry, ale));
return;
}
}
/*
- \ingroup CacheManagerInternal
+ * \ingroup CacheManagerInternal
* gets from the global Config the password the user would need to supply
* for the action she queried
*/
char *
-CacheManager::PasswdGet(cachemgr_passwd * a, const char *action)
+CacheManager::PasswdGet(Mgr::ActionPasswordList * a, const char *action)
{
- wordlist *w;
-
- while (a != NULL) {
- for (w = a->actions; w != NULL; w = w->next) {
- if (0 == strcmp(w->key, action))
+ while (a) {
+ for (auto &w : a->actions) {
+ if (w.cmp(action) == 0)
return a->passwd;
- if (0 == strcmp(w->key, "all"))
+ static const SBuf allAction("all");
+ if (w == allAction)
return a->passwd;
}
return NULL;
}
-CacheManager* CacheManager::instance=0;
-
-/**
- \ingroup CacheManagerAPI
- * Singleton accessor method.
- */
CacheManager*
CacheManager::GetInstance()
{
- if (instance == 0) {
- debugs(16, 6, "CacheManager::GetInstance: starting cachemanager up");
+ static CacheManager *instance = nullptr;
+ if (!instance) {
+ debugs(16, 6, "starting cachemanager up");
instance = new CacheManager;
Mgr::RegisterBasics();
}