DestinationDomain.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /* DEBUG: section 28 Access Control */
10 
11 #include "squid.h"
12 #include "acl/DestinationDomain.h"
13 #include "acl/DomainData.h"
14 #include "acl/FilledChecklist.h"
15 #include "acl/RegexData.h"
16 #include "fqdncache.h"
17 #include "HttpRequest.h"
18 
19 static void LookupDone(const char *, const Dns::LookupDetails &, void *data);
20 
21 static void
22 StartLookup(ACLFilledChecklist &cl, const Acl::Node &)
23 {
24  fqdncache_nbgethostbyaddr(cl.dst_addr, LookupDone, &cl);
25 }
26 
27 static void
28 LookupDone(const char *, const Dns::LookupDetails &details, void *data)
29 {
30  ACLFilledChecklist *checklist = Filled((ACLChecklist*)data);
31  checklist->markDestinationDomainChecked();
32  checklist->request->recordLookup(details);
33  checklist->resumeNonBlockingCheck();
34 }
35 
36 /* Acl::DestinationDomainCheck */
37 
38 const Acl::Options &
39 Acl::DestinationDomainCheck::options()
40 {
41  static const Acl::BooleanOption LookupBanFlag("-n");
42  static const Acl::Options MyOptions = { &LookupBanFlag };
43  LookupBanFlag.linkWith(&lookupBanned);
44  return MyOptions;
45 }
46 
47 int
48 Acl::DestinationDomainCheck::match(ACLChecklist * const ch)
49 {
50  const auto checklist = Filled(ch);
51 
52  assert(checklist != nullptr && checklist->request != nullptr);
53 
54  if (data->match(checklist->request->url.host())) {
55  return 1;
56  }
57 
58  if (lookupBanned) {
59  debugs(28, 3, "No-lookup DNS ACL '" << name << "' for " << checklist->request->url.host());
60  return 0;
61  }
62 
63  /* numeric IPA? no, trust the above result. */
64  if (!checklist->request->url.hostIsNumeric()) {
65  return 0;
66  }
67 
68  /* do we already have the rDNS? match on it if we do. */
69  if (checklist->dst_rdns) {
70  debugs(28, 3, "'" << name << "' match with stored rDNS '" << checklist->dst_rdns << "' for " << checklist->request->url.host());
71  return data->match(checklist->dst_rdns);
72  }
73 
74  /* raw IP without rDNS? look it up and wait for the result */
75  if (!checklist->dst_addr.fromHost(checklist->request->url.host())) {
76  /* not a valid IPA */
77  checklist->dst_rdns = xstrdup("invalid");
78  return 0;
79  }
80 
81  const char *fqdn = fqdncache_gethostbyaddr(checklist->dst_addr, FQDN_LOOKUP_IF_MISS);
82 
83  if (fqdn) {
84  checklist->dst_rdns = xstrdup(fqdn);
85  return data->match(fqdn);
86  } else if (!checklist->destinationDomainChecked()) {
87  debugs(28, 3, "Can't yet compare '" << name << "' ACL for " << checklist->request->url.host());
88  if (checklist->goAsync(StartLookup, *this))
89  return -1;
90  // else fall through to "none" match, hiding the lookup failure (XXX)
91  }
92 
93  return data->match("none");
94 }
95 
FQDN_LOOKUP_IF_MISS
#define FQDN_LOOKUP_IF_MISS
Definition: defines.h:34
Acl::TypedOption
a type-specific Option (e.g., a boolean –toggle or -m=SBuf)
Definition: Options.h:129
ACLFilledChecklist::dst_addr
Ip::Address dst_addr
Definition: FilledChecklist.h:98
Acl::Options
std::vector< const Option * > Options
Definition: Options.h:217
xstrdup
#define xstrdup
Definition: negotiate_wrapper.cc:52
Acl::TypedOption::linkWith
void linkWith(Recipient *recipient) const
who to tell when this option is enabled
Definition: Options.h:137
fqdncache_gethostbyaddr
const char * fqdncache_gethostbyaddr(const Ip::Address &addr, int flags)
Definition: fqdncache.cc:481
Acl::DestinationDomainCheck::match
int match(ACLChecklist *) override
Matches the actual data in checklist against this Acl::Node.
Definition: DestinationDomain.cc:48
StartLookup
static void StartLookup(ACLFilledChecklist &cl, const Acl::Node &)
Definition: DestinationDomain.cc:22
HttpRequest::recordLookup
void recordLookup(const Dns::LookupDetails &detail)
Definition: HttpRequest.cc:579
Filled
ACLFilledChecklist * Filled(ACLChecklist *checklist)
convenience and safety wrapper for dynamic_cast<ACLFilledChecklist*>
Definition: FilledChecklist.h:146
Acl::DestinationDomainCheck::lookupBanned
Acl::BooleanOptionValue lookupBanned
Are DNS lookups allowed?
Definition: DestinationDomain.h:30
ACLFilledChecklist::request
HttpRequest::Pointer request
Definition: FilledChecklist.h:103
assert
#define assert(EX)
Definition: assert.h:17
Dns::LookupDetails
encapsulates DNS lookup results
Definition: LookupDetails.h:22
LookupDone
static void LookupDone(const char *, const Dns::LookupDetails &, void *data)
Definition: DestinationDomain.cc:28
fqdncache_nbgethostbyaddr
void fqdncache_nbgethostbyaddr(const Ip::Address &addr, FQDNH *handler, void *handlerData)
Definition: fqdncache.cc:414
Acl::Node
Definition: Node.h:25
ACLFilledChecklist::markDestinationDomainChecked
void markDestinationDomainChecked()
Definition: FilledChecklist.cc:167
debugs
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Stream.h:192
ACLChecklist::resumeNonBlockingCheck
void resumeNonBlockingCheck()
Definition: Checklist.cc:230
Acl::DestinationDomainCheck::options
const Acl::Options & options() override
Definition: DestinationDomain.cc:39

 

Introduction

Documentation

Support

Miscellaneous