From: wessels <> Date: Sat, 27 Jul 1996 01:28:49 +0000 (+0000) Subject: Added support for SSL proxying to another host X-Git-Tag: SQUID_3_0_PRE1~5987 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=98ffb7e4e1251d36c807977da581e530e7b2de98;p=thirdparty%2Fsquid.git Added support for SSL proxying to another host --- diff --git a/src/cache_cf.cc b/src/cache_cf.cc index 21bfa8d0a6..c98be41b14 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -1,5 +1,5 @@ /* - * $Id: cache_cf.cc,v 1.65 1996/07/26 17:18:21 wessels Exp $ + * $Id: cache_cf.cc,v 1.66 1996/07/26 19:28:49 wessels Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -181,6 +181,8 @@ struct SquidConfig Config; #define DefaultUdpIncomingAddr INADDR_ANY #define DefaultUdpOutgoingAddr INADDR_NONE #define DefaultClientNetmask 0xFFFFFFFF; +#define DefaultSslProxyPort 0 +#define DefaultSslProxyHost (char *)NULL int httpd_accel_mode = 0; /* for fast access */ char *DefaultSwapDir = DEFAULT_SWAP_DIR; @@ -409,7 +411,6 @@ static void parseCacheHostLine() int weight = 1; int i; - /* Parse a cache_host line */ if (!(hostname = strtok(NULL, w_space))) self_destruct(); if (!(type = strtok(NULL, w_space))) @@ -963,6 +964,22 @@ static void parseAnnounceToLine() Config.Announce.file = xstrdup(token); } +static void parseSslProxyLine() +{ + char *token; + char *t; + token = strtok(NULL, w_space); + if (token == NULL) + self_destruct(); + safe_free(Config.sslProxy.host); + Config.sslProxy.port = 0; + if ((t = strchr(token, ':'))) { + *t++ = '\0'; + Config.sslProxy.port = atoi(t); + } + Config.sslProxy.host = xstrdup(token); +} + static void parseIntegerValue(iptr) int *iptr; { @@ -1009,87 +1026,67 @@ int parseConfigFile(file_name) if ((token = strtok(tmp_line, w_space)) == NULL) continue; - /* Parse a cache_host line */ if (!strcmp(token, "cache_host")) parseCacheHostLine(); - /* Parse a cache_host_domain line */ else if (!strcmp(token, "cache_host_domain")) parseHostDomainLine(); else if (!strcmp(token, "cache_host_acl")) parseHostAclLine(); - /* Parse a neighbor_timeout line */ else if (!strcmp(token, "neighbor_timeout")) parseIntegerValue(&Config.neighborTimeout); else if (!strcmp(token, "neighbour_timeout")) /* alternate spelling */ parseIntegerValue(&Config.neighborTimeout); - /* Parse a cache_dir line */ else if (!strcmp(token, "cache_dir")) parseDirLine(); - /* Parse a cache_log line */ else if (!strcmp(token, "cache_log")) parseLogLine(); - /* Parse a cache_access_log line */ else if (!strcmp(token, "cache_access_log")) parseAccessLogLine(); - /* Parse a cache_hierarchy_log line */ else if (!strcmp(token, "cache_hierarchy_log")) parseHierachyLogLine(); - /* Parse a cache_store_log line */ else if (!strcmp(token, "cache_store_log")) parseStoreLogLine(); - /* Parse a logfile_rotate line */ else if (!strcmp(token, "logfile_rotate")) parseIntegerValue(&Config.Log.rotateNumber); else if (!strcmp(token, "httpd_accel_with_proxy")) parseOnOff(&Config.Accel.withProxy); - /* Parse a httpd_accel line */ else if (!strcmp(token, "httpd_accel")) parseHttpdAccelLine(); - /* Parse a cache_effective_user line */ else if (!strcmp(token, "cache_effective_user")) parseEffectiveUserLine(); - /* Parse a cache_mem_high line */ else if (!strcmp(token, "cache_swap_high")) parseIntegerValue(&Config.Swap.highWaterMark); - /* Parse a cache_mem_low line */ else if (!strcmp(token, "cache_swap_low")) parseIntegerValue(&Config.Swap.highWaterMark); - /* Parse a cache_mem_high line */ else if (!strcmp(token, "cache_mem_high")) parseIntegerValue(&Config.Mem.highWaterMark); - /* Parse a cache_mem_low line */ else if (!strcmp(token, "cache_mem_low")) parseIntegerValue(&Config.Mem.lowWaterMark); - /* Parse a cache_hot_vm_factor line */ else if (!strcmp(token, "cache_hot_vm_factor")) parseHotVmFactorLine(); - /* Parse a cache_mem line */ - /* XXX: this must be AFTER cache_mem_low, etc. */ else if (!strcmp(token, "cache_mem")) parseMemLine(); - /* Parse a cache_swap line */ else if (!strcmp(token, "cache_swap")) parseSwapLine(); - /* Parse a cache_mgr line */ else if (!strcmp(token, "cache_mgr")) parseMgrLine(); @@ -1102,79 +1099,63 @@ int parseConfigFile(file_name) else if (!strcmp(token, "icp_access")) aclParseAccessLine(&ICPAccessList); - /* Parse a hierarchy_stoplist line */ else if (!strcmp(token, "hierarchy_stoplist")) parseHierarchyStoplistLine(); - /* Parse a gopher protocol line */ else if (!strcmp(token, "gopher")) parseGopherLine(); - /* Parse a http protocol line */ else if (!strcmp(token, "http")) parseHttpLine(); - /* Parse a ftp protocol line */ else if (!strcmp(token, "ftp")) parseFtpLine(); else if (!strcmp(token, "ttl_pattern")) parseTTLPattern(); - /* Parse a negative_ttl line */ else if (!strcmp(token, "negative_ttl")) parseNegativeLine(); - /* Parse a negative_dns_ttl line */ else if (!strcmp(token, "negative_dns_ttl")) parseNegativeDnsLine(); - /* Parse a positive_dns_ttl line */ else if (!strcmp(token, "positive_dns_ttl")) parsePositiveDnsLine(); - /* Parse a read_timeout line */ else if (!strcmp(token, "read_timeout")) parseReadTimeoutLine(); - /* Parse a clean_rate line */ else if (!strcmp(token, "clean_rate")) parseCleanRateLine(); - /* Parse a client_lifetime line */ else if (!strcmp(token, "client_lifetime")) parseLifetimeLine(); - /* Parse a client_lifetime line */ else if (!strcmp(token, "shutdown_lifetime")) parseIntegerValue(&Config.lifetimeShutdown); - /* Parse a request_size line */ else if (!strcmp(token, "request_size")) parseRequestSizeLine(); - /* Parse a connect_timeout line */ else if (!strcmp(token, "connect_timeout")) parseIntegerValue(&Config.connectTimeout); - /* Parse a cache_ftp_program line */ else if (!strcmp(token, "cache_ftp_program")) parseFtpProgramLine(); - /* Parse a cache_ftp_options line */ else if (!strcmp(token, "cache_ftp_options")) parseFtpOptionsLine(); - /* Parse a cache_dns_program line */ else if (!strcmp(token, "cache_dns_program")) parseDnsProgramLine(); - /* Parse a cache_dns_program line */ else if (!strcmp(token, "dns_children")) parseIntegerValue(&Config.dnsChildren); else if (!strcmp(token, "redirect_program")) parseRedirectProgramLine(); + else if (!strcmp(token, "redirect_children")) parseIntegerValue(&Config.redirectChildren); @@ -1202,7 +1183,6 @@ int parseConfigFile(file_name) else if (!strcmp(token, "firewall_ip")) parseIPLine(&Config.firewall_ip_list); - /* Parse a local_domain line */ else if (!strcmp(token, "local_domain")) parseLocalDomainLine(); @@ -1233,11 +1213,9 @@ int parseConfigFile(file_name) else if (!strcmp(token, "outbound_address")) parseAddressLine(&Config.Addrs.tcp_outgoing); - /* Parse a http_port line */ else if (!strcmp(token, "http_port") || !strcmp(token, "ascii_port")) parseHttpPortLine(); - /* Parse a icp_port line */ else if (!strcmp(token, "icp_port") || !strcmp(token, "udp_port")) parseIcpPortLine(); @@ -1268,7 +1246,9 @@ int parseConfigFile(file_name) else if (!strcmp(token, "announce_to")) parseAnnounceToLine(); - /* If unknown, treat as a comment line */ + else if (!strcmp(token, "ssl_proxy")) + parseSslProxyLine(); + else { debug(3, 0, "parseConfigFile: line %d unrecognized: '%s'\n", config_lineno, @@ -1380,6 +1360,7 @@ static void configFreeMemory() wordlistDestroy(&Config.local_domain_list); wordlistDestroy(&Config.inside_firewall_list); wordlistDestroy(&Config.dns_testname_list); + safe_free(Config.sslProxy.host); } @@ -1456,6 +1437,8 @@ static void configSetFactoryDefaults() Config.Addrs.udp_outgoing.s_addr = DefaultUdpOutgoingAddr; Config.Addrs.udp_incoming.s_addr = DefaultUdpIncomingAddr; Config.Addrs.client_netmask.s_addr = DefaultClientNetmask; + Config.sslProxy.port = DefaultSslProxyPort; + Config.sslProxy.host = safe_xstrdup(DefaultSslProxyHost); } static void configDoConfigure() diff --git a/src/neighbors.cc b/src/neighbors.cc index ee30971176..07d20bf48e 100644 --- a/src/neighbors.cc +++ b/src/neighbors.cc @@ -1,5 +1,5 @@ /* - * $Id: neighbors.cc,v 1.37 1996/07/26 16:58:46 wessels Exp $ + * $Id: neighbors.cc,v 1.38 1996/07/26 19:28:50 wessels Exp $ * * DEBUG: section 15 Neighbor Routines * AUTHOR: Harvest Derived @@ -107,6 +107,7 @@ static int edgeWouldBePinged _PARAMS((edge *, request_t *)); static void neighborRemove _PARAMS((edge *)); +static edge *whichEdge _PARAMS((icp_common_t *, struct sockaddr_in *)); static neighbors *friends = NULL; static struct neighbor_cf *Neighbor_cf = NULL; @@ -135,7 +136,7 @@ char *hier_strings[] = }; -edge *whichEdge(header, from) +static edge *whichEdge(header, from) icp_common_t *header; struct sockaddr_in *from; { @@ -937,3 +938,14 @@ void neighbors_rotate_log() } neighborsOpenLog(fname); } + +edge *neighborFindByName(name) + char *name; +{ + edge *e = NULL; + for (e = friends->edges_head; e; e = e->next) { + if (!strcasecmp(name, e->host)) + break; + } + return e; +} diff --git a/src/ssl.cc b/src/ssl.cc index 8c717ea4b0..fa9c6b058d 100644 --- a/src/ssl.cc +++ b/src/ssl.cc @@ -1,6 +1,6 @@ /* - * $Id: ssl.cc,v 1.9 1996/07/25 07:10:41 wessels Exp $ + * $Id: ssl.cc,v 1.10 1996/07/26 19:28:51 wessels Exp $ * * DEBUG: section 26 Secure Sockets Layer Proxy * AUTHOR: Duane Wessels @@ -33,6 +33,8 @@ typedef struct { char *url; + char *host; /* either request->host or proxy host */ + u_short port; request_t *request; char *mime_hdr; struct { @@ -54,6 +56,7 @@ static void sslReadClient _PARAMS((int fd, SslStateData * sslState)); static void sslWriteServer _PARAMS((int fd, SslStateData * sslState)); static void sslWriteClient _PARAMS((int fd, SslStateData * sslState)); static void sslConnected _PARAMS((int fd, SslStateData * sslState)); +static void sslProxyConnected _PARAMS((int fd, SslStateData * sslState)); static int sslConnect _PARAMS((int fd, struct hostent *, SslStateData *)); static void sslConnInProgress _PARAMS((int fd, SslStateData * sslState)); static void sslErrorComplete _PARAMS((int, char *, int, int, void *)); @@ -311,11 +314,10 @@ static void sslConnInProgress(fd, sslState) int fd; SslStateData *sslState; { - request_t *req = sslState->request; char *buf = NULL; debug(26, 5, "sslConnInProgress: FD %d sslState=%p\n", fd, sslState); - if (comm_connect(fd, req->host, req->port) != COMM_OK) { + if (comm_connect(fd, sslState->host, sslState->port) != COMM_OK) { debug(26, 5, "sslConnInProgress: FD %d: %s\n", fd, xstrerror()); switch (errno) { #if EINPROGRESS != EALREADY @@ -345,7 +347,10 @@ static void sslConnInProgress(fd, sslState) } } /* We are now fully connected */ - sslConnected(fd, sslState); + if (Config.sslProxy.host) + sslProxyConnected(fd, sslState); + else + sslConnected(fd, sslState); return; } @@ -357,8 +362,8 @@ static int sslConnect(fd, hp, sslState) request_t *request = sslState->request; int status; char *buf = NULL; - if (!ipcache_gethostbyname(request->host, 0)) { - debug(26, 4, "sslConnect: Unknown host: %s\n", request->host); + if (!ipcache_gethostbyname(sslState->host, 0)) { + debug(26, 4, "sslConnect: Unknown host: %s\n", sslState->host); buf = squid_error_url(sslState->url, request->method, ERR_DNS_FAIL, @@ -391,7 +396,7 @@ static int sslConnect(fd, hp, sslState) (PF) sslLifetimeExpire, (void *) sslState); /* Open connection. */ - if ((status = comm_connect(fd, request->host, request->port))) { + if ((status = comm_connect(fd, sslState->host, sslState->port))) { if (status != EINPROGRESS) { buf = squid_error_url(sslState->url, request->method, @@ -417,7 +422,10 @@ static int sslConnect(fd, hp, sslState) return COMM_OK; } } - sslConnected(sslState->server.fd, sslState); + if (Config.sslProxy.host) + sslProxyConnected(sslState->server.fd, sslState); + else + sslConnected(sslState->server.fd, sslState); return COMM_OK; } @@ -432,6 +440,7 @@ int sslStart(fd, url, request, mime_hdr, size_ptr) SslStateData *sslState = NULL; int sock; char *buf = NULL; + edge *e = NULL; debug(26, 3, "sslStart: '%s %s'\n", RequestMethodStr[request->method], url); @@ -465,15 +474,46 @@ int sslStart(fd, url, request, mime_hdr, size_ptr) sslState->server.fd = sock; sslState->server.buf = xmalloc(SQUID_TCP_SO_RCVBUF); sslState->client.buf = xmalloc(SQUID_TCP_SO_RCVBUF); + if ((sslState->host = Config.sslProxy.host)) { + if ((sslState->port = Config.sslProxy.port) == 0) { + if ((e = neighborFindByName(Config.sslProxy.host))) + sslState->port = e->http_port; + else + sslState->port = CACHE_HTTP_PORT; + } + } else { + sslState->host = request->host; + sslState->port = request->port; + } comm_add_close_handler(sslState->server.fd, (PF) sslStateFree, (void *) sslState); comm_add_close_handler(sslState->client.fd, (PF) sslClientClosed, (void *) sslState); - ipcache_nbgethostbyname(request->host, + ipcache_nbgethostbyname(sslState->host, sslState->server.fd, (IPH) sslConnect, sslState); return COMM_OK; } + +static void sslProxyConnected(fd, sslState) + int fd; + SslStateData *sslState; +{ + debug(26, 3, "sslProxyConnected: FD %d sslState=%p\n", fd, sslState); + sprintf(sslState->client.buf, "CONNECT %s HTTP/1.0\r\n\r\n", sslState->url); + debug(26, 3, "sslProxyConnected: Sending 'CONNECT %s HTTP/1.0'\n", sslState->url); + sslState->client.len = strlen(sslState->client.buf); + sslState->client.offset = 0; + comm_set_select_handler(sslState->server.fd, + COMM_SELECT_WRITE, + (PF) sslWriteServer, + (void *) sslState); + comm_set_fd_lifetime(fd, 86400); /* extend lifetime */ + comm_set_select_handler(sslState->server.fd, + COMM_SELECT_READ, + (PF) sslReadServer, + (void *) sslState); +} diff --git a/src/tunnel.cc b/src/tunnel.cc index d3d09a1039..8a6c6ad357 100644 --- a/src/tunnel.cc +++ b/src/tunnel.cc @@ -1,6 +1,6 @@ /* - * $Id: tunnel.cc,v 1.9 1996/07/25 07:10:41 wessels Exp $ + * $Id: tunnel.cc,v 1.10 1996/07/26 19:28:51 wessels Exp $ * * DEBUG: section 26 Secure Sockets Layer Proxy * AUTHOR: Duane Wessels @@ -33,6 +33,8 @@ typedef struct { char *url; + char *host; /* either request->host or proxy host */ + u_short port; request_t *request; char *mime_hdr; struct { @@ -54,6 +56,7 @@ static void sslReadClient _PARAMS((int fd, SslStateData * sslState)); static void sslWriteServer _PARAMS((int fd, SslStateData * sslState)); static void sslWriteClient _PARAMS((int fd, SslStateData * sslState)); static void sslConnected _PARAMS((int fd, SslStateData * sslState)); +static void sslProxyConnected _PARAMS((int fd, SslStateData * sslState)); static int sslConnect _PARAMS((int fd, struct hostent *, SslStateData *)); static void sslConnInProgress _PARAMS((int fd, SslStateData * sslState)); static void sslErrorComplete _PARAMS((int, char *, int, int, void *)); @@ -311,11 +314,10 @@ static void sslConnInProgress(fd, sslState) int fd; SslStateData *sslState; { - request_t *req = sslState->request; char *buf = NULL; debug(26, 5, "sslConnInProgress: FD %d sslState=%p\n", fd, sslState); - if (comm_connect(fd, req->host, req->port) != COMM_OK) { + if (comm_connect(fd, sslState->host, sslState->port) != COMM_OK) { debug(26, 5, "sslConnInProgress: FD %d: %s\n", fd, xstrerror()); switch (errno) { #if EINPROGRESS != EALREADY @@ -345,7 +347,10 @@ static void sslConnInProgress(fd, sslState) } } /* We are now fully connected */ - sslConnected(fd, sslState); + if (Config.sslProxy.host) + sslProxyConnected(fd, sslState); + else + sslConnected(fd, sslState); return; } @@ -357,8 +362,8 @@ static int sslConnect(fd, hp, sslState) request_t *request = sslState->request; int status; char *buf = NULL; - if (!ipcache_gethostbyname(request->host, 0)) { - debug(26, 4, "sslConnect: Unknown host: %s\n", request->host); + if (!ipcache_gethostbyname(sslState->host, 0)) { + debug(26, 4, "sslConnect: Unknown host: %s\n", sslState->host); buf = squid_error_url(sslState->url, request->method, ERR_DNS_FAIL, @@ -391,7 +396,7 @@ static int sslConnect(fd, hp, sslState) (PF) sslLifetimeExpire, (void *) sslState); /* Open connection. */ - if ((status = comm_connect(fd, request->host, request->port))) { + if ((status = comm_connect(fd, sslState->host, sslState->port))) { if (status != EINPROGRESS) { buf = squid_error_url(sslState->url, request->method, @@ -417,7 +422,10 @@ static int sslConnect(fd, hp, sslState) return COMM_OK; } } - sslConnected(sslState->server.fd, sslState); + if (Config.sslProxy.host) + sslProxyConnected(sslState->server.fd, sslState); + else + sslConnected(sslState->server.fd, sslState); return COMM_OK; } @@ -432,6 +440,7 @@ int sslStart(fd, url, request, mime_hdr, size_ptr) SslStateData *sslState = NULL; int sock; char *buf = NULL; + edge *e = NULL; debug(26, 3, "sslStart: '%s %s'\n", RequestMethodStr[request->method], url); @@ -465,15 +474,46 @@ int sslStart(fd, url, request, mime_hdr, size_ptr) sslState->server.fd = sock; sslState->server.buf = xmalloc(SQUID_TCP_SO_RCVBUF); sslState->client.buf = xmalloc(SQUID_TCP_SO_RCVBUF); + if ((sslState->host = Config.sslProxy.host)) { + if ((sslState->port = Config.sslProxy.port) == 0) { + if ((e = neighborFindByName(Config.sslProxy.host))) + sslState->port = e->http_port; + else + sslState->port = CACHE_HTTP_PORT; + } + } else { + sslState->host = request->host; + sslState->port = request->port; + } comm_add_close_handler(sslState->server.fd, (PF) sslStateFree, (void *) sslState); comm_add_close_handler(sslState->client.fd, (PF) sslClientClosed, (void *) sslState); - ipcache_nbgethostbyname(request->host, + ipcache_nbgethostbyname(sslState->host, sslState->server.fd, (IPH) sslConnect, sslState); return COMM_OK; } + +static void sslProxyConnected(fd, sslState) + int fd; + SslStateData *sslState; +{ + debug(26, 3, "sslProxyConnected: FD %d sslState=%p\n", fd, sslState); + sprintf(sslState->client.buf, "CONNECT %s HTTP/1.0\r\n\r\n", sslState->url); + debug(26, 3, "sslProxyConnected: Sending 'CONNECT %s HTTP/1.0'\n", sslState->url); + sslState->client.len = strlen(sslState->client.buf); + sslState->client.offset = 0; + comm_set_select_handler(sslState->server.fd, + COMM_SELECT_WRITE, + (PF) sslWriteServer, + (void *) sslState); + comm_set_fd_lifetime(fd, 86400); /* extend lifetime */ + comm_set_select_handler(sslState->server.fd, + COMM_SELECT_READ, + (PF) sslReadServer, + (void *) sslState); +}