DestinationDomain.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /* DEBUG: section 28 Access Control */
10 
11 #include "squid.h"
12 #include "acl/Checklist.h"
13 #include "acl/DestinationDomain.h"
14 #include "acl/DomainData.h"
15 #include "acl/RegexData.h"
16 #include "fqdncache.h"
17 #include "HttpRequest.h"
18 
20 
23 {
24  return &instance_;
25 }
26 
27 void
29 {
30  ACLFilledChecklist *checklist = Filled(cl);
31  fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist);
32 }
33 
34 void
35 DestinationDomainLookup::LookupDone(const char *, const Dns::LookupDetails &details, void *data)
36 {
37  ACLFilledChecklist *checklist = Filled((ACLChecklist*)data);
38  checklist->markDestinationDomainChecked();
39  checklist->request->recordLookup(details);
41 }
42 
43 /* ACLDestinationDomainStrategy */
44 
45 const Acl::Options &
47 {
48  static const Acl::BooleanOption LookupBanFlag;
49  static const Acl::Options MyOptions = { { "-n", &LookupBanFlag } };
50  LookupBanFlag.linkWith(&lookupBanned);
51  return MyOptions;
52 }
53 
54 int
56 {
57  assert(checklist != NULL && checklist->request != NULL);
58 
59  if (data->match(checklist->request->url.host())) {
60  return 1;
61  }
62 
63  if (lookupBanned) {
64  debugs(28, 3, "No-lookup DNS ACL '" << AclMatchedName << "' for " << checklist->request->url.host());
65  return 0;
66  }
67 
68  /* numeric IPA? no, trust the above result. */
69  if (!checklist->request->url.hostIsNumeric()) {
70  return 0;
71  }
72 
73  /* do we already have the rDNS? match on it if we do. */
74  if (checklist->dst_rdns) {
75  debugs(28, 3, "'" << AclMatchedName << "' match with stored rDNS '" << checklist->dst_rdns << "' for " << checklist->request->url.host());
76  return data->match(checklist->dst_rdns);
77  }
78 
79  /* raw IP without rDNS? look it up and wait for the result */
80  if (!checklist->dst_addr.fromHost(checklist->request->url.host())) {
81  /* not a valid IPA */
82  checklist->dst_rdns = xstrdup("invalid");
83  return 0;
84  }
85 
86  const char *fqdn = fqdncache_gethostbyaddr(checklist->dst_addr, FQDN_LOOKUP_IF_MISS);
87 
88  if (fqdn) {
89  checklist->dst_rdns = xstrdup(fqdn);
90  return data->match(fqdn);
91  } else if (!checklist->destinationDomainChecked()) {
92  /* FIXME: Using AclMatchedName here is not OO correct. Should find a way to the current acl */
93  debugs(28, 3, "Can't yet compare '" << AclMatchedName << "' ACL for " << checklist->request->url.host());
95  return -1;
96  // else fall through to "none" match, hiding the lookup failure (XXX)
97  }
98 
99  return data->match("none");
100 }
101 
void recordLookup(const Dns::LookupDetails &detail)
Definition: HttpRequest.cc:587
#define assert(EX)
Definition: assert.h:17
virtual bool match(M)=0
int hostIsNumeric(void) const
Definition: URL.h:71
Ip::Address dst_addr
ACLFilledChecklist * Filled(ACLChecklist *checklist)
convenience and safety wrapper for dynamic_cast<ACLFilledChecklist*>
void fqdncache_nbgethostbyaddr(const Ip::Address &addr, FQDNH *handler, void *handlerData)
Definition: fqdncache.cc:415
#define xstrdup
encapsulates DNS lookup results
Definition: LookupDetails.h:20
static DestinationDomainLookup instance_
void host(const char *src)
Definition: url.cc:47
bool destinationDomainChecked() const
void const char HLPCB void * data
Definition: stub_helper.cc:16
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Debug.h:123
bool goAsync(AsyncState *)
Definition: Checklist.cc:115
#define FQDN_LOOKUP_IF_MISS
Definition: defines.h:48
const char * AclMatchedName
Definition: Acl.cc:30
URL url
the request URI
Definition: HttpRequest.h:103
void linkWith(Recipient *recipient) const
who to tell when this option is enabled
Definition: Options.h:90
const char * fqdncache_gethostbyaddr(const Ip::Address &addr, int flags)
Definition: fqdncache.cc:482
virtual void checkForAsync(ACLChecklist *) const
HttpRequest * request
void resumeNonBlockingCheck(AsyncState *state)
Definition: Checklist.cc:262
bool fromHost(const char *hostWithoutPort)
Definition: Address.cc:916
static void LookupDone(const char *, const Dns::LookupDetails &, void *)
std::map< OptionName, const Option *, OptionNameCmp > Options
name:option map
Definition: Options.h:159
Acl::BooleanOptionValue lookupBanned
Are DNS lookups allowed?
a type-specific Option (e.g., a boolean –toggle or -m=SBuf)
Definition: Options.h:83
void markDestinationDomainChecked()
virtual int match(ACLData< MatchType > *&, ACLFilledChecklist *)
virtual const Acl::Options & options()
#define NULL
Definition: types.h:166
static DestinationDomainLookup * Instance()

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors