FilledChecklist.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#include "squid.h"
10#include "acl/FilledChecklist.h"
11#include "client_side.h"
12#include "comm/Connection.h"
13#include "comm/forward.h"
14#include "debug/Messages.h"
15#include "ExternalACLEntry.h"
16#include "http/Stream.h"
17#include "HttpReply.h"
18#include "HttpRequest.h"
19#include "SquidConfig.h"
20#if USE_AUTH
21#include "auth/AclProxyAuth.h"
22#include "auth/UserRequest.h"
23#endif
24
26
28 dst_rdns(nullptr),
29 request (nullptr),
30 reply (nullptr),
31#if USE_AUTH
32 auth_user_request (nullptr),
33#endif
34#if SQUID_SNMP
35 snmp_community(nullptr),
36#endif
37#if USE_OPENSSL
38 sslErrors(nullptr),
39#endif
40 requestErrorType(ERR_MAX),
41 conn_(nullptr),
42 fd_(-1),
43 destinationDomainChecked_(false),
44 sourceDomainChecked_(false)
45{
49 rfc931[0] = '\0';
50}
51
53{
55
56 safe_free(dst_rdns); // created by xstrdup().
57
59
61
63
64#if USE_OPENSSL
66#endif
67
68 debugs(28, 4, "ACLFilledChecklist destroyed " << this);
69}
70
71static void
72showDebugWarning(const char *msg)
73{
74 static uint16_t count = 0;
75 if (count > 10)
76 return;
77
78 ++count;
79 debugs(28, Important(58), "ERROR: ALE missing " << msg);
80}
81
82void
84{
85 // make sure the ALE fields used by Format::assemble to
86 // fill the old external_acl_type codes are set if any
87 // data on them exists in the Checklist
88
89 if (!al->cache.port && conn()) {
90 showDebugWarning("listening port");
91 al->cache.port = conn()->port;
92 }
93
94 if (request) {
95 if (!al->request) {
96 showDebugWarning("HttpRequest object");
97 // XXX: al->request should be original,
98 // but the request may be already adapted
101 }
102
103 if (!al->adapted_request) {
104 showDebugWarning("adapted HttpRequest object");
107 }
108
109 if (al->url.isEmpty()) {
110 showDebugWarning("URL");
111 // XXX: al->url should be the request URL from client,
112 // but request->url may be different (e.g.,redirected)
114 }
115 }
116
117 if (reply && !al->reply) {
118 showDebugWarning("HttpReply object");
119 al->reply = reply;
120 }
121
122#if USE_IDENT
123 if (*rfc931 && !al->cache.rfc931) {
124 showDebugWarning("IDENT");
126 }
127#endif
128}
129
130void
131ACLFilledChecklist::syncAle(HttpRequest *adaptedRequest, const char *logUri) const
132{
133 if (!al)
134 return;
135 if (adaptedRequest && !al->adapted_request) {
136 al->adapted_request = adaptedRequest;
138 }
139 if (logUri && al->url.isEmpty())
140 al->url = logUri;
141}
142
145{
146 return cbdataReferenceValid(conn_) ? conn_ : nullptr;
147}
148
149void
151{
152 if (conn_ == aConn)
153 return; // no new information
154
155 // no conn_ replacement/removal to reduce inconsistent fill concerns
156 assert(!conn_);
157 assert(aConn);
158
159 // To reduce inconsistent fill concerns, we should be the only ones calling
160 // fillConnectionLevelDetails(). Set conn_ first so that the filling method
161 // can detect (some) direct calls from others.
162 conn_ = cbdataReference(aConn);
163 aConn->fillConnectionLevelDetails(*this);
164}
165
166int
168{
169 const auto c = conn();
170 return (c && c->clientConnection) ? c->clientConnection->fd : fd_;
171}
172
173void
175{
176 const auto c = conn();
177 assert(!c || !c->clientConnection || c->clientConnection->fd == aDescriptor);
178 fd_ = aDescriptor;
179}
180
181bool
183{
185}
186
187void
189{
192}
193
194bool
196{
198}
199
200void
202{
205}
206
207/*
208 * There are two common ACLFilledChecklist lifecycles paths:
209 *
210 * A) Using aclCheckFast(): The caller creates an ACLFilledChecklist object
211 * on stack and calls aclCheckFast().
212 *
213 * B) Using aclNBCheck() and callbacks: The caller allocates an
214 * ACLFilledChecklist object (via operator new) and passes it to
215 * aclNBCheck(). Control eventually passes to ACLChecklist::checkCallback(),
216 * which will invoke the callback function as requested by the
217 * original caller of aclNBCheck(). This callback function must
218 * *not* delete the list. After the callback function returns,
219 * checkCallback() will delete the list (i.e., self).
220 */
221ACLFilledChecklist::ACLFilledChecklist(const acl_access *A, HttpRequest *http_request, const char *ident):
222 dst_rdns(nullptr),
223 request(nullptr),
224 reply(nullptr),
225#if USE_AUTH
226 auth_user_request(nullptr),
227#endif
228#if SQUID_SNMP
229 snmp_community(nullptr),
230#endif
231#if USE_OPENSSL
232 sslErrors(nullptr),
233#endif
234 requestErrorType(ERR_MAX),
235 conn_(nullptr),
236 fd_(-1),
237 destinationDomainChecked_(false),
238 sourceDomainChecked_(false)
239{
243 rfc931[0] = '\0';
244
245 changeAcl(A);
246 setRequest(http_request);
247 setIdent(ident);
248}
249
251{
252 assert(!request);
253 if (httpRequest) {
254 request = httpRequest;
256#if FOLLOW_X_FORWARDED_FOR
259 else
260#endif /* FOLLOW_X_FORWARDED_FOR */
263
264 if (const auto cmgr = request->clientConnectionManager.get())
265 setConn(cmgr);
266 }
267}
268
269void
271{
272#if USE_IDENT
273 assert(!rfc931[0]);
274 if (ident)
276#else
277 (void)ident;
278#endif
279}
280
static void showDebugWarning(const char *msg)
CBDATA_CLASS_INIT(ACLFilledChecklist)
#define false
Definition: GnuRegex.c:240
class SquidConfig Config
Definition: SquidConfig.cc:12
#define acl_access
Definition: forward.h:45
#define assert(EX)
Definition: assert.h:19
int cbdataReferenceValid(const void *p)
Definition: cbdata.cc:398
#define cbdataReferenceDone(var)
Definition: cbdata.h:350
#define cbdataReference(var)
Definition: cbdata.h:341
const Acl::Tree * changeAcl(const Acl::Tree *t)
Definition: Checklist.h:176
bool finished() const
whether markFinished() was called
Definition: Checklist.h:149
bool asyncInProgress() const
async call has been started and has not finished (or failed) yet
Definition: Checklist.h:151
bool destinationDomainChecked() const
void setIdent(const char *userIdentity)
configure rfc931 user identity for the first time
ConnStateData * conn_
HttpRequest * request
virtual void syncAle(HttpRequest *adaptedRequest, const char *logUri) const
assigns uninitialized adapted_request and url ALE components
ConnStateData * conn() const
The client connection manager.
const Security::CertErrors * sslErrors
Ip::Address dst_addr
void setRequest(HttpRequest *)
configure client request-related fields for the first time
void setConn(ConnStateData *)
set either conn
int fd() const
The client side fd. It uses conn() if available.
char rfc931[USER_IDENT_SZ]
Ip::Address src_addr
void markDestinationDomainChecked()
bool sourceDomainChecked() const
AccessLogEntry::Pointer al
info for the future access.log, and external ACL
virtual void verifyAle() const
warns if there are uninitialized ALE components and fills them
AnyP::PortCfgPointer port
HttpReplyPointer reply
class AccessLogEntry::CacheDetails cache
HttpRequest * adapted_request
HttpRequest * request
Cbc * get() const
a temporary valid raw Cbc pointer or NULL
Definition: CbcPointer.h:162
int port
port of pinned connection
Definition: client_side.h:146
void fillConnectionLevelDetails(ACLFilledChecklist &) const
CbcPointer< ConnStateData > clientConnectionManager
Definition: HttpRequest.h:232
Ip::Address indirect_client_addr
Definition: HttpRequest.h:152
Ip::Address my_addr
Definition: HttpRequest.h:155
Ip::Address client_addr
Definition: HttpRequest.h:149
const SBuf & effectiveRequestUri() const
RFC 7230 section 5.5 - Effective Request URI.
Definition: HttpRequest.cc:747
void setEmpty()
Fast reset of the stored content to what would be after default constructor.
Definition: Address.cc:184
bool isEmpty() const
Definition: SBuf.h:431
int acl_uses_indirect_client
Definition: SquidConfig.h:324
struct SquidConfig::@111 onoff
#define Important(id)
Definition: Messages.h:91
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Stream.h:196
#define USER_IDENT_SZ
Definition: defines.h:37
@ ERR_MAX
Definition: forward.h:88
void HTTPMSGUNLOCK(M *&a)
Definition: Message.h:149
void HTTPMSGLOCK(Http::Message *a)
Definition: Message.h:160
static uint32 A
Definition: md4.c:43
#define xstrdup
struct _request * request(char *urlin)
Definition: tcp-banger2.c:291
#define safe_free(x)
Definition: xalloc.h:73
char * xstrncpy(char *dst, const char *src, size_t n)
Definition: xstring.cc:37

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors