This is a WWW interface to the instrumentation interface\n"); printf("for the Squid object cache.
\n"); printf("\n");
printf("\n");
+ printf("\n");
print_trailer();
}
@@ -192,15 +247,34 @@ error_html(const char *msg)
print_trailer();
}
+/* returns http status extracted from status line or -1 on parsing failure */
+static int
+parse_status_line(const char *sline, const char **statusStr)
+{
+ const char *sp = strchr(sline, ' ');
+ if (statusStr)
+ *statusStr = NULL;
+ if (strncasecmp(sline, "HTTP/", 5) || !sp)
+ return -1;
+ while (isspace(*++sp));
+ if (!isdigit(*sp))
+ return -1;
+ if (statusStr)
+ *statusStr = sp;
+ return atoi(sp);
+}
+
static char *
-menu_url(cachemgr_request * req, char *action)
+menu_url(cachemgr_request * req, const char *action)
{
static char url[1024];
- snprintf(url, 1024, "%s?host=%s&port=%d&operation=%s",
+ snprintf(url, 1024, "%s?host=%s&port=%d&user_name=%s&operation=%s&auth=%s",
script_name,
req->hostname,
req->port,
- action);
+ safe_str(req->user_name),
+ action,
+ safe_str(req->pub_auth));
return url;
}
@@ -208,30 +282,55 @@ static const char *
munge_menu_line(const char *buf, cachemgr_request * req)
{
char *x;
- char *a;
- char *d;
+ const char *a;
+ const char *d;
+ const char *p;
+ char *a_url;
static char html[1024];
if (strlen(buf) < 1)
return buf;
if (*buf != ' ')
return buf;
x = xstrdup(buf);
- if ((a = strtok(x, w_space)) == NULL)
- return buf;
- if ((d = strtok(NULL, "")) == NULL)
- return buf;
- snprintf(html, 1024, "%s\n
\n");
- }
- while (fgets(buf, 1024, fp) != NULL) {
- if (1 == state)
+ if (parse_menu)
+ action = "menu";
+ /* read reply interpreting one line at a time depending on state */
+ while (istate < isEof) {
+ if (!fgets(buf, sizeof(buf), fp))
+ istate = istate == isForward ? isForwardEof : isEof;
+ switch (istate) {
+ case isStatusLine:
+ /* get HTTP status */
+ /* uncomment the following if you want to debug headers */
+ /* fputs("\r\n\r\n", stdout); */
+ status = parse_status_line(buf, &statusStr);
+ istate = status == 200 ? isHeaders : isForward;
+ /* if cache asks for authentication, we have to reset our info */
+ if (status == 401 || status == 407) {
+ reset_auth(req);
+ status = 403; /* Forbiden, see comments in case isForward: */
+ }
+ /* this is a way to pass HTTP status to the Web server */
+ if (statusStr)
+ printf("Status: %d %s", status, statusStr);
+ break;
+ case isHeaders:
+ /* forward header field */
+ if (!strcmp(buf, "\r\n")) { /* end of headers */
+ fputs("Content-Type: text/html\r\n", stdout); /* add our type */
+ istate = isBodyStart;
+ }
+ if (strncasecmp(buf, "Content-Type:", 13)) /* filter out their type */
+ fputs(buf, stdout);
+ break;
+ case isBodyStart:
+ printf("CacheMgr@%s: %s \n",
+ req->hostname, action);
+ if (parse_menu) {
+ printf("Cache Manager menu for %s:
",
+ menu_url(req, "authenticate"), req->hostname);
+ printf("%s\n
\n");
+ }
+ istate = isBody;
+ break;
+ case isBody:
+ /* interpret [and reformat] cache response */
if (parse_menu)
fputs(munge_menu_line(buf, req), stdout);
else
fputs(buf, stdout);
- if (0 == strcmp(buf, "\r\n"))
- state++;
+ break;
+ case isForward:
+ /* forward: no modifications allowed */
+ /*
+ * Note: we currently do not know any way to get browser.reply to
+ * 401 to .cgi because web server filters out all auth info. Thus we
+ * disable authentication headers for now.
+ */
+ if (!strncasecmp(buf, "WWW-Authenticate:", 17) || !strncasecmp(buf, "Proxy-Authenticate:", 19))
+ ; /* skip */
+ else
+ fputs(buf, stdout);
+ break;
+ case isEof:
+ /* print trailers */
+ if (parse_menu)
+ printf("\n");
+ else
+ printf("\n");
+ print_trailer();
+ istate = isSuccess;
+ break;
+ case isForwardEof:
+ /* indicate that we finished processing an "error" sequence */
+ istate = isError;
+ break;
+ default:
+ printf("%s: internal bug: invalid state reached: %d", script_name, istate);
+ istate = isError;
+ }
}
- if (parse_menu)
- printf("\n");
- else
- printf("\n");
- print_trailer();
+ /* printf("\n\n\n%s\n", req->headers ? req->headers : "no headers"); */ close(s); return 0; } @@ -274,9 +433,9 @@ process_request(cachemgr_request * req) static struct sockaddr_in S; int s; int l; - static char buf[1024]; + static char buf[2*1024]; if (req == NULL) { - noargs_html(CACHEMGR_HOSTNAME, CACHE_HTTP_PORT); + auth_html(CACHEMGR_HOSTNAME, CACHE_HTTP_PORT, ""); return 1; } if (req->hostname == NULL) { @@ -288,6 +447,10 @@ process_request(cachemgr_request * req) if (req->action == NULL) { req->action = xstrdup(""); } + if (!strcmp(req->action, "authenticate")) { + auth_html(req->hostname, req->port, req->user_name); + return 0; + } if ((s = socket(PF_INET, SOCK_STREAM, 0)) < 0) { snprintf(buf, 1024, "socket: %s\n", xstrerror()); error_html(buf); @@ -310,13 +473,16 @@ process_request(cachemgr_request * req) error_html(buf); return 1; } - l = snprintf(buf, 1024, + l = snprintf(buf, sizeof(buf), "GET cache_object://%s/%s HTTP/1.0\r\n" "Accept: */*\r\n" + "%s" /* Authentication info or nothing */ "\r\n", req->hostname, - req->action); + req->action, + make_auth_header(req)); write(s, buf, l); + debug(1) fprintf(stderr, "wrote request: '%s'\n", buf); return read_reply(s, req); } @@ -337,6 +503,44 @@ main(int argc, char *argv[]) return process_request(req); } +#if 0 /* left for parts if request headers will ever be processed */ +static char * +read_request_headers() +{ + extern char **environ; + const char **varp = (const char**) environ; + char *buf = NULL; + int size = 0; + if (!varp) + return NULL; + /* not efficient, but simple */ + /* first calc the size */ + for (; *varp; varp++) { + if (1 || !strncasecmp(*varp, "HTTP_", 5)) + size += strlen(*varp); + } + if (!size) + return NULL; + size++; /* paranoid */ + size += 1024; /* @?@?@?@ */ + /* allocate memory */ + buf = calloc(1, size); + /* parse and put headers */ + for (varp = (const char**) environ; *varp; varp++) { + sprintf(buf + strlen(buf), "%s\r\n", *varp); + if (0 && !strncasecmp(*varp, "HTTP_", 5)) { + const char *name = (*varp) + 5; + const char *value = strchr(name, '='); + if (value) { + strncat(buf, name, value-name); + sprintf(buf + strlen(buf), ": %s\r\n", value+1); + } + } + } + return buf; +} +#endif /* left for parts */ + static char * read_post_request(void) { @@ -383,19 +587,123 @@ read_request(void) if (strlen(buf) == 0) return NULL; req = xcalloc(1, sizeof(cachemgr_request)); + /* req->headers = read_request_headers(); */ for (s = strtok(buf, "&"); s != NULL; s = strtok(NULL, "&")) { t = xstrdup(s); if ((q = strchr(t, '=')) == NULL) continue; *q++ = '\0'; - if (0 == strcasecmp(t, "host")) + if (0 == strcasecmp(t, "host") && strlen(q)) req->hostname = xstrdup(q); - if (0 == strcasecmp(t, "port")) + else + if (0 == strcasecmp(t, "port") && strlen(q)) req->port = atoi(q); - if (0 == strcasecmp(t, "password")) + else + if (0 == strcasecmp(t, "user_name") && strlen(q)) + req->user_name = xstrdup(q); + else + if (0 == strcasecmp(t, "passwd") && strlen(q)) req->passwd = xstrdup(q); + else + if (0 == strcasecmp(t, "auth") && strlen(q)) + req->pub_auth = xstrdup(q), decode_pub_auth(req); + else if (0 == strcasecmp(t, "operation")) req->action = xstrdup(q); } + make_pub_auth(req); + debug(1) fprintf(stderr, "cmgr: got req: host: '%s' port: %d uname: '%s' passwd: '%s' auth: '%s' oper: '%s'\n", + safe_str(req->hostname), req->port, safe_str(req->user_name), safe_str(req->passwd), safe_str(req->pub_auth), safe_str(req->action)); return req; } + + +/* Routines to support authentication */ + +/* + * Encodes auth info into a "public" form. + * Currently no powerful encryption is used. + */ +static void +make_pub_auth(cachemgr_request *req) +{ + static char buf[1024]; + safe_free(req->pub_auth); + debug(3) fprintf(stderr, "cmgr: encoding for pub...\n"); + if (!req->passwd && !strlen(req->passwd)) + return; + /* host | time | user | passwd */ + snprintf(buf, sizeof(buf), "%s|%d|%s|%s", + req->hostname, + now, + req->user_name ? req->user_name : "", + req->passwd); + debug(3) fprintf(stderr, "cmgr: pre-encoded for pub: %s\n", buf); + debug(3) fprintf(stderr, "cmgr: encoded: '%s'\n", base64_encode(buf)); + req->pub_auth = xstrdup(base64_encode(buf)); +} + +static void +decode_pub_auth(cachemgr_request *req) +{ + char *buf; + const char *host_name; + const char *time_str; + const char *user_name; + const char *passwd; + + debug(2) fprintf(stderr, "cmgr: decoding pub: '%s'\n", safe_str(req->pub_auth)); + safe_free(req->passwd); + if (!req->pub_auth || strlen(req->pub_auth) < 4 + strlen(safe_str(req->hostname))) + return; + buf = xstrdup(base64_decode(req->pub_auth)); + debug(3) fprintf(stderr, "cmgr: length ok\n"); + /* parse ( a lot of memory leaks, but that is cachemgr style :) */ + if ((host_name = strtok(buf, "|")) == NULL) + return; + debug(3) fprintf(stderr, "cmgr: decoded host: '%s'\n", host_name); + if ((time_str = strtok(NULL, "|")) == NULL) + return; + debug(3) fprintf(stderr, "cmgr: decoded time: '%s' (now: %d)\n", time_str, (int)now); + if ((user_name = strtok(NULL, "|")) == NULL) + return; + debug(3) fprintf(stderr, "cmgr: decoded uname: '%s'\n", user_name); + if ((passwd = strtok(NULL, "|")) == NULL) + return; + debug(2) fprintf(stderr, "cmgr: decoded passwd: '%s'\n", passwd); + /* verify freshness and validity */ + if (atoi(time_str) + passwd_ttl < now) + return; + if (strcasecmp(host_name, req->hostname)) + return; + debug(1) fprintf(stderr, "cmgr: verified auth. info.\n"); + /* ok, accept */ + xfree(req->user_name); + req->user_name = xstrdup(user_name); + req->passwd = xstrdup(passwd); + xfree(buf); +} + +static void +reset_auth(cachemgr_request *req) +{ + safe_free(req->passwd); + safe_free(req->pub_auth); +} + +static const char * +make_auth_header(const cachemgr_request *req) +{ + static char buf[1024]; + const char *str64; + if (!req -> passwd) + return ""; + + snprintf(buf, sizeof(buf), "%s:%s", + req->user_name ? req->user_name : "", + req -> passwd); + + str64 = base64_encode(buf); + snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64); + return buf; +}