squid : Optimising Web Delivery

Go to the documentation of this file.

 /*
  * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
  *
  * Squid software is distributed under GPLv2+ license and includes
  * contributions from numerous individuals and organizations.
  * Please see the COPYING and CONTRIBUTORS files for details.
  */
  
 /* DEBUG: section 84    Helper process maintenance */
  
 #include "squid.h"
 #include "ConfigParser.h"
 #include "debug/Messages.h"
 #include "debug/Stream.h"
 #include "helper.h"
 #include "helper/Reply.h"
 #include "rfc1738.h"
 #include "SquidString.h"
  
 #include <algorithm>
  
 Helper::Reply::Reply() :
     result(Helper::Unknown)
 {
 }
  
 bool
 Helper::Reply::accumulate(const char *buf, size_t len)
 {
     if (other_.isNull())
         other_.init(4*1024, 1*1024*1024);
  
     if (other_.potentialSpaceSize() < static_cast<mb_size_t>(len))
         return false; // no space left
  
     other_.append(buf, len);
     return true;
 }
  
 void
 Helper::Reply::finalize()
 {
     debugs(84, 3, "Parsing helper buffer");
     // check we have something to parse
     if (!other_.hasContent()) {
         // empty line response was the old URL-rewriter interface ERR response.
         result = Helper::Error;
         // for now ensure that legacy handlers are not presented with NULL strings.
         debugs(84, 3, "Zero length reply");
         return;
     }
  
     char *p = other_.content();
     size_t len = other_.contentSize();
     bool sawNA = false;
  
     // optimization: do not consider parsing result code if the response is short.
     // URL-rewriter may return relative URLs or empty response for a large portion
     // of its replies.
     if (len >= 2) {
         debugs(84, 3, "Buff length is larger than 2");
         // some helper formats (digest auth, URL-rewriter) just send a data string
         // we must also check for the ' ' character after the response token (if anything)
         if (!strncmp(p,"OK",2) && (len == 2 || p[2] == ' ')) {
             debugs(84, 3, "helper Result = OK");
             result = Helper::Okay;
             p+=2;
         } else if (!strncmp(p,"ERR",3) && (len == 3 || p[3] == ' ')) {
             debugs(84, 3, "helper Result = ERR");
             result = Helper::Error;
             p+=3;
         } else if (!strncmp(p,"BH",2) && (len == 2 || p[2] == ' ')) {
             debugs(84, 3, "helper Result = BH");
             result = Helper::BrokenHelper;
             p+=2;
         } else if (!strncmp(p,"TT ",3)) {
             // NTLM challenge token
             result = Helper::TT;
             p+=3;
             // followed by an auth token
             char *w1 = strwordtok(nullptr, &p);
             if (w1 != nullptr) {
                 const char *authToken = w1;
                 notes.add("token",authToken);
             } else {
                 // token field is mandatory on this response code
                 result = Helper::BrokenHelper;
                 notes.add("message","Missing 'token' data");
             }
  
         } else if (!strncmp(p,"AF ",3)) {
             // NTLM/Negotiate OK response
             result = Helper::Okay;
             p+=3;
             // followed by:
             //  an optional auth token and user field
             // or, an optional username field
             char *w1 = strwordtok(nullptr, &p);
             char *w2 = strwordtok(nullptr, &p);
             if (w2 != nullptr) {
                 // Negotiate "token user"
                 const char *authToken = w1;
                 notes.add("token",authToken);
  
                 const char *user = w2;
                 notes.add("user",user);
  
             } else if (w1 != nullptr) {
                 // NTLM "user"
                 const char *user = w1;
                 notes.add("user",user);
             }
         } else if (!strncmp(p,"NA ",3)) {
             // NTLM fail-closed ERR response
             result = Helper::Error;
             p+=3;
             sawNA=true;
         }
  
         for (; xisspace(*p); ++p); // skip whitespace
     }
  
     other_.consume(p - other_.content());
     other_.consumeWhitespacePrefix();
  
     // Hack for backward-compatibility: Do not parse for kv-pairs on NA response
     if (!sawNA)
         parseResponseKeys();
  
     // Hack for backward-compatibility: BH and NA used to be a text message...
     if (other_.hasContent() && (sawNA || result == Helper::BrokenHelper)) {
         notes.add("message", other_.content());
         other_.clean();
     }
 }
  
 static bool
 isKeyNameChar(char c)
 {
     if (c >= 'a' && c <= 'z')
         return true;
  
     if (c >= 'A' && c <= 'Z')
         return true;
  
     if (c >= '0' && c <= '9')
         return true;
  
     if (c == '-' || c == '_')
         return true;
  
     // prevent other characters matching the key=value
     return false;
 }
  
 void
 Helper::Reply::CheckReceivedKey(const SBuf &key, const SBuf &value)
 {
     // Squid recognizes these keys (by name) in some helper responses
     static const std::vector<SBuf> recognized = {
         SBuf("clt_conn_tag"),
         SBuf("group"),
         SBuf("ha1"),
         SBuf("log"),
         SBuf("message"),
         SBuf("nonce"),
         SBuf("password"),
         SBuf("rewrite-url"),
         SBuf("status"),
         SBuf("store-id"),
         SBuf("tag"),
         SBuf("token"),
         SBuf("url"),
         SBuf("user")
     };
  
     // TODO: Merge with Notes::ReservedKeys(). That list has an entry that Squid
     // sources do _not_ recognize today ("ttl"), and it is missing some
     // recognized entries ("clt_conn_tag", "nonce", store-id", and "token").
  
     if (key.isEmpty()) {
         debugs(84, DBG_IMPORTANT, "WARNING: Deprecated from-helper annotation without a name: " <<
                key << '=' << value <<
                Debug::Extra << "advice: Name or remove this annotation");
         // TODO: Skip/ignore these annotations.
         return;
     }
  
     // We do not check custom keys for repetitions because Squid supports them:
     // The "note" ACL checks all of them and %note prints all of them.
     if (*key.rbegin() == '_')
         return; // a custom key
  
     // To simplify, we allow all recognized keys, even though some of them are
     // only expected from certain helpers or even only in certain reply types.
     // To simplify and optimize, we do not check recognized keys for repetitions
     // because _some_ of them (e.g., "message") do support repetitions.
     if (std::find(recognized.begin(), recognized.end(), key) != recognized.end())
         return; // a Squid-recognized key
  
     debugs(84, Important(69), "WARNING: Unsupported or unexpected from-helper annotation with a name reserved for Squid use: " <<
            key << '=' << value <<
            Debug::Extra << "advice: If this is a custom annotation, rename it to add a trailing underscore: " <<
            key << '_');
 }
  
 void
 Helper::Reply::parseResponseKeys()
 {
     // parse a "key=value" pair off the 'other()' buffer.
     while (other_.hasContent()) {
         char *p = other_.content();
         const char *key = p;
         while (*p && isKeyNameChar(*p)) ++p;
         if (*p != '=')
             return; // done. Not a key.
  
         // whitespace between key and value is prohibited.
         // workaround strwordtok() which skips whitespace prefix.
         if (xisspace(*(p+1)))
             return; // done. Not a key.
  
         *p = '\0';
         ++p;
  
         // the value may be a quoted string or a token
         const bool urlDecode = (*p != '"'); // check before moving p.
         char *v = strwordtok(nullptr, &p);
         if (v != nullptr && urlDecode && (p-v) > 2) // 1-octet %-escaped requires 3 bytes
             rfc1738_unescape(v);
  
         // TODO: Convert the above code to use Tokenizer and SBuf
         const SBuf parsedKey(key);
         const SBuf parsedValue(v); // allow empty values (!v or !*v)
         CheckReceivedKey(parsedKey, parsedValue);
         notes.add(parsedKey, parsedValue);
  
         other_.consume(p - other_.content());
         other_.consumeWhitespacePrefix();
     }
 }
  
 const MemBuf &
 Helper::Reply::emptyBuf() const
 {
     static MemBuf empty;
     if (empty.isNull())
         empty.init(1, 1);
     return empty;
 }
  
 std::ostream &
 Helper::operator <<(std::ostream &os, const Reply &r)
 {
     os << "{result=";
     switch (r.result) {
     case Okay:
         os << "OK";
         break;
     case Error:
         os << "ERR";
         break;
     case BrokenHelper:
         os << "BH";
         break;
     case TT:
         os << "TT";
         break;
     case TimedOut:
         os << "Timeout";
         break;
     case Unknown:
         os << "Unknown";
         break;
     }
  
     // dump the helper key=pair "notes" list
     if (!r.notes.empty()) {
         os << ", notes={";
         // This simple format matches what most helpers use and is sufficient
         // for debugging nearly any helper response, but the result differs from
         // raw helper responses when the helper quotes values or escapes special
         // characters. See also: Helper::Reply::parseResponseKeys().
         r.notes.print(os, "=", " ");
         os << "}";
     }
  
     MemBuf const &o = r.other();
     if (o.hasContent())
         os << ", other: \"" << o.content() << '\"';
  
     os << '}';
  
     return os;
 }
  