FilledChecklist.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #include "squid.h"
10 #include "acl/FilledChecklist.h"
11 #include "client_side.h"
12 #include "comm/Connection.h"
13 #include "comm/forward.h"
14 #include "DebugMessages.h"
15 #include "ExternalACLEntry.h"
16 #include "http/Stream.h"
17 #include "HttpReply.h"
18 #include "HttpRequest.h"
19 #include "SquidConfig.h"
20 #if USE_AUTH
21 #include "auth/AclProxyAuth.h"
22 #include "auth/UserRequest.h"
23 #endif
24 
26 
28  dst_rdns(NULL),
29  request (NULL),
30  reply (NULL),
31 #if USE_AUTH
32  auth_user_request (NULL),
33 #endif
34 #if SQUID_SNMP
35  snmp_community(NULL),
36 #endif
37 #if USE_OPENSSL
38  sslErrors(NULL),
39 #endif
40  requestErrorType(ERR_MAX),
41  conn_(NULL),
42  fd_(-1),
43  destinationDomainChecked_(false),
44  sourceDomainChecked_(false)
45 {
46  my_addr.setEmpty();
49  rfc931[0] = '\0';
50 }
51 
53 {
55 
56  safe_free(dst_rdns); // created by xstrdup().
57 
59 
61 
63 
64 #if USE_OPENSSL
66 #endif
67 
68  debugs(28, 4, HERE << "ACLFilledChecklist destroyed " << this);
69 }
70 
71 static void
72 showDebugWarning(const char *msg)
73 {
74  static uint16_t count = 0;
75  if (count > 10)
76  return;
77 
78  ++count;
79  debugs(28, Important(58), "ALE missing " << msg);
80 }
81 
82 void
84 {
85  // make sure the ALE fields used by Format::assemble to
86  // fill the old external_acl_type codes are set if any
87  // data on them exists in the Checklist
88 
89  if (!al->cache.port && conn()) {
90  showDebugWarning("listening port");
91  al->cache.port = conn()->port;
92  }
93 
94  if (request) {
95  if (!al->request) {
96  showDebugWarning("HttpRequest object");
97  // XXX: al->request should be original,
98  // but the request may be already adapted
99  al->request = request;
101  }
102 
103  if (!al->adapted_request) {
104  showDebugWarning("adapted HttpRequest object");
107  }
108 
109  if (al->url.isEmpty()) {
110  showDebugWarning("URL");
111  // XXX: al->url should be the request URL from client,
112  // but request->url may be different (e.g.,redirected)
114  }
115  }
116 
117  if (reply && !al->reply) {
118  showDebugWarning("HttpReply object");
119  al->reply = reply;
120  }
121 
122 #if USE_IDENT
123  if (*rfc931 && !al->cache.rfc931) {
124  showDebugWarning("IDENT");
126  }
127 #endif
128 }
129 
130 void
131 ACLFilledChecklist::syncAle(HttpRequest *adaptedRequest, const char *logUri) const
132 {
133  if (!al)
134  return;
135  if (adaptedRequest && !al->adapted_request) {
136  al->adapted_request = adaptedRequest;
138  }
139  if (logUri && al->url.isEmpty())
140  al->url = logUri;
141 }
142 
145 {
146  return cbdataReferenceValid(conn_) ? conn_ : nullptr;
147 }
148 
149 void
151 {
152  if (conn_ == aConn)
153  return; // no new information
154 
155  // no conn_ replacement/removal to reduce inconsistent fill concerns
156  assert(!conn_);
157  assert(aConn);
158 
159  // To reduce inconsistent fill concerns, we should be the only ones calling
160  // fillConnectionLevelDetails(). Set conn_ first so that the filling method
161  // can detect (some) direct calls from others.
162  conn_ = cbdataReference(aConn);
163  aConn->fillConnectionLevelDetails(*this);
164 }
165 
166 int
168 {
169  const auto c = conn();
170  return (c && c->clientConnection) ? c->clientConnection->fd : fd_;
171 }
172 
173 void
174 ACLFilledChecklist::fd(int aDescriptor)
175 {
176  const auto c = conn();
177  assert(!c || !c->clientConnection || c->clientConnection->fd == aDescriptor);
178  fd_ = aDescriptor;
179 }
180 
181 bool
183 {
185 }
186 
187 void
189 {
192 }
193 
194 bool
196 {
197  return sourceDomainChecked_;
198 }
199 
200 void
202 {
204  sourceDomainChecked_ = true;
205 }
206 
207 /*
208  * There are two common ACLFilledChecklist lifecycles paths:
209  *
210  * A) Using aclCheckFast(): The caller creates an ACLFilledChecklist object
211  * on stack and calls aclCheckFast().
212  *
213  * B) Using aclNBCheck() and callbacks: The caller allocates an
214  * ACLFilledChecklist object (via operator new) and passes it to
215  * aclNBCheck(). Control eventually passes to ACLChecklist::checkCallback(),
216  * which will invoke the callback function as requested by the
217  * original caller of aclNBCheck(). This callback function must
218  * *not* delete the list. After the callback function returns,
219  * checkCallback() will delete the list (i.e., self).
220  */
221 ACLFilledChecklist::ACLFilledChecklist(const acl_access *A, HttpRequest *http_request, const char *ident):
222  dst_rdns(NULL),
223  request(NULL),
224  reply(NULL),
225 #if USE_AUTH
226  auth_user_request(NULL),
227 #endif
228 #if SQUID_SNMP
229  snmp_community(NULL),
230 #endif
231 #if USE_OPENSSL
232  sslErrors(NULL),
233 #endif
234  requestErrorType(ERR_MAX),
235  conn_(NULL),
236  fd_(-1),
237  destinationDomainChecked_(false),
238  sourceDomainChecked_(false)
239 {
240  my_addr.setEmpty();
241  src_addr.setEmpty();
242  dst_addr.setEmpty();
243  rfc931[0] = '\0';
244 
245  changeAcl(A);
246  setRequest(http_request);
247  setIdent(ident);
248 }
249 
251 {
252  assert(!request);
253  if (httpRequest) {
254  request = httpRequest;
256 #if FOLLOW_X_FORWARDED_FOR
259  else
260 #endif /* FOLLOW_X_FORWARDED_FOR */
263 
264  if (const auto cmgr = request->clientConnectionManager.get())
265  setConn(cmgr);
266  }
267 }
268 
269 void
271 {
272 #if USE_IDENT
273  assert(!rfc931[0]);
274  if (ident)
275  xstrncpy(rfc931, ident, USER_IDENT_SZ);
276 #else
277  (void)ident;
278 #endif
279 }
280 
#define USER_IDENT_SZ
Definition: defines.h:37
Cbc * get() const
a temporary valid raw Cbc pointer or NULL
Definition: CbcPointer.h:162
void fillConnectionLevelDetails(ACLFilledChecklist &) const
CBDATA_CLASS_INIT(ACLFilledChecklist)
Ip::Address dst_addr
Ip::Address src_addr
bool isEmpty() const
Definition: SBuf.h:424
HttpReplyPointer reply
static void showDebugWarning(const char *msg)
#define xstrdup
char * xstrncpy(char *dst, const char *src, size_t n)
Definition: xstring.cc:37
int cbdataReferenceValid(const void *p)
Definition: cbdata.cc:398
AccessLogEntry::Pointer al
info for the future access.log, and external ACL
bool destinationDomainChecked() const
void HTTPMSGUNLOCK(M *&a)
Definition: Message.h:150
#define cbdataReference(var)
Definition: cbdata.h:341
bool asyncInProgress() const
async call has been started and has not finished (or failed) yet
Definition: Checklist.h:151
void setIdent(const char *userIdentity)
configure rfc931 user identity for the first time
int acl_uses_indirect_client
Definition: SquidConfig.h:333
HttpRequest * request
ConnStateData * conn() const
The client connection manager.
bool finished() const
whether markFinished() was called
Definition: Checklist.h:149
#define NULL
Definition: types.h:166
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Debug.h:123
int fd() const
The client side fd. It uses conn() if available.
static uint32 A
Definition: md4.c:43
Ip::Address indirect_client_addr
Definition: HttpRequest.h:152
std::ostream & HERE(std::ostream &s)
Definition: Debug.h:152
#define safe_free(x)
Definition: xalloc.h:73
#define assert(EX)
Definition: assert.h:19
class AccessLogEntry::CacheDetails cache
virtual void syncAle(HttpRequest *adaptedRequest, const char *logUri) const
assigns uninitialized adapted_request and url ALE components
void HTTPMSGLOCK(Http::Message *a)
Definition: Message.h:161
#define cbdataReferenceDone(var)
Definition: cbdata.h:350
Ip::Address my_addr
Definition: HttpRequest.h:155
HttpRequest * request
char rfc931[USER_IDENT_SZ]
void setEmpty()
Fast reset of the stored content to what would be after default constructor.
Definition: Address.cc:184
@ ERR_MAX
Definition: forward.h:88
const Acl::Tree * changeAcl(const Acl::Tree *t)
Definition: Checklist.h:176
#define Important(id)
Definition: DebugMessages.h:91
HttpRequest * adapted_request
ConnStateData * conn_
const Security::CertErrors * sslErrors
SSL [certificate validation] errors, in undefined order.
void setConn(ConnStateData *)
set either conn
struct SquidConfig::@111 onoff
#define acl_access
Definition: forward.h:45
void setRequest(HttpRequest *)
configure client request-related fields for the first time
AnyP::PortCfgPointer port
int port
port of pinned connection
Definition: client_side.h:146
virtual void verifyAle() const
warns if there are uninitialized ALE components and fills them
void markDestinationDomainChecked()
#define false
Definition: GnuRegex.c:233
const SBuf & effectiveRequestUri() const
RFC 7230 section 5.5 - Effective Request URI.
Definition: HttpRequest.cc:752
Ip::Address client_addr
Definition: HttpRequest.h:149
struct _request * request(char *urlin)
Definition: tcp-banger2.c:291
bool sourceDomainChecked() const
CbcPointer< ConnStateData > clientConnectionManager
Definition: HttpRequest.h:232
class SquidConfig Config
Definition: SquidConfig.cc:12

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors