Uri.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /* DEBUG: section 23 URL Parsing */
10 
11 #include "squid.h"
12 #include "anyp/Uri.h"
13 #include "globals.h"
14 #include "HttpRequest.h"
15 #include "parser/Tokenizer.h"
16 #include "rfc1738.h"
17 #include "SquidConfig.h"
18 #include "SquidString.h"
19 
20 static const char valid_hostname_chars_u[] =
21  "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
22  "abcdefghijklmnopqrstuvwxyz"
23  "0123456789-._"
24  "[:]"
25  ;
26 static const char valid_hostname_chars[] =
27  "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
28  "abcdefghijklmnopqrstuvwxyz"
29  "0123456789-."
30  "[:]"
31  ;
32 
34 static const CharacterSet &
36 {
37  /*
38  * RFC 3986 section 3.2.1
39  *
40  * userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
41  * unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
42  * pct-encoded = "%" HEXDIG HEXDIG
43  * sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
44  */
45  static const auto userInfoValid = CharacterSet("userinfo", ":-._~%!$&'()*+,;=") +
48  return userInfoValid;
49 }
50 
54 SBuf
55 AnyP::Uri::Encode(const SBuf &buf, const CharacterSet &ignore)
56 {
57  if (buf.isEmpty())
58  return buf;
59 
60  Parser::Tokenizer tk(buf);
61  SBuf goodSection;
62  // optimization for the arguably common "no encoding necessary" case
63  if (tk.prefix(goodSection, ignore) && tk.atEnd())
64  return buf;
65 
66  SBuf output;
67  output.reserveSpace(buf.length() * 3); // worst case: encode all chars
68  output.append(goodSection); // may be empty
69 
70  while (!tk.atEnd()) {
71  // TODO: Add Tokenizer::parseOne(void).
72  const auto ch = tk.remaining()[0];
73  output.appendf("%%%02X", static_cast<unsigned int>(ch)); // TODO: Optimize using a table
74  (void)tk.skip(ch);
75 
76  if (tk.prefix(goodSection, ignore))
77  output.append(goodSection);
78  }
79 
80  return output;
81 }
82 
83 const SBuf &
85 {
86  static SBuf star("*");
87  return star;
88 }
89 
90 const SBuf &
92 {
93  static SBuf slash("/");
94  return slash;
95 }
96 
97 void
98 AnyP::Uri::host(const char *src)
99 {
100  hostAddr_.setEmpty();
101  hostAddr_ = src;
102  if (hostAddr_.isAnyAddr()) {
103  xstrncpy(host_, src, sizeof(host_));
104  hostIsNumeric_ = false;
105  } else {
106  hostAddr_.toHostStr(host_, sizeof(host_));
107  debugs(23, 3, "given IP: " << hostAddr_);
108  hostIsNumeric_ = 1;
109  }
110  touch();
111 }
112 
113 SBuf
115 {
116  static char ip[MAX_IPSTRLEN];
117  if (hostIsNumeric())
118  return SBuf(hostIP().toStr(ip, sizeof(ip)));
119  else
120  return SBuf(host());
121 }
122 
123 const SBuf &
125 {
126  // RFC 3986 section 3.3 says path can be empty (path-abempty).
127  // RFC 7230 sections 2.7.3, 5.3.1, 5.7.2 - says path cannot be empty, default to "/"
128  // at least when sending and using. We must still accept path-abempty as input.
129  if (path_.isEmpty() && (scheme_ == AnyP::PROTO_HTTP || scheme_ == AnyP::PROTO_HTTPS))
130  return SlashPath();
131 
132  return path_;
133 }
134 
135 void
137 {
138  debugs(23, 5, "urlInitialize: Initializing...");
139  /* this ensures that the number of protocol strings is the same as
140  * the enum slots allocated because the last enum is always 'MAX'.
141  */
142  assert(strcmp(AnyP::ProtocolType_str[AnyP::PROTO_MAX], "MAX") == 0);
143  /*
144  * These test that our matchDomainName() function works the
145  * way we expect it to.
146  */
147  assert(0 == matchDomainName("foo.com", "foo.com"));
148  assert(0 == matchDomainName(".foo.com", "foo.com"));
149  assert(0 == matchDomainName("foo.com", ".foo.com"));
150  assert(0 == matchDomainName(".foo.com", ".foo.com"));
151  assert(0 == matchDomainName("x.foo.com", ".foo.com"));
152  assert(0 == matchDomainName("y.x.foo.com", ".foo.com"));
153  assert(0 != matchDomainName("x.foo.com", "foo.com"));
154  assert(0 != matchDomainName("foo.com", "x.foo.com"));
155  assert(0 != matchDomainName("bar.com", "foo.com"));
156  assert(0 != matchDomainName(".bar.com", "foo.com"));
157  assert(0 != matchDomainName(".bar.com", ".foo.com"));
158  assert(0 != matchDomainName("bar.com", ".foo.com"));
159  assert(0 < matchDomainName("zzz.com", "foo.com"));
160  assert(0 > matchDomainName("aaa.com", "foo.com"));
161  assert(0 == matchDomainName("FOO.com", "foo.COM"));
162  assert(0 < matchDomainName("bfoo.com", "afoo.com"));
163  assert(0 > matchDomainName("afoo.com", "bfoo.com"));
164  assert(0 < matchDomainName("x-foo.com", ".foo.com"));
165 
166  assert(0 == matchDomainName(".foo.com", ".foo.com", mdnRejectSubsubDomains));
167  assert(0 == matchDomainName("x.foo.com", ".foo.com", mdnRejectSubsubDomains));
168  assert(0 != matchDomainName("y.x.foo.com", ".foo.com", mdnRejectSubsubDomains));
169  assert(0 != matchDomainName(".x.foo.com", ".foo.com", mdnRejectSubsubDomains));
170 
171  assert(0 == matchDomainName("*.foo.com", "x.foo.com", mdnHonorWildcards));
172  assert(0 == matchDomainName("*.foo.com", ".x.foo.com", mdnHonorWildcards));
173  assert(0 == matchDomainName("*.foo.com", ".foo.com", mdnHonorWildcards));
174  assert(0 != matchDomainName("*.foo.com", "foo.com", mdnHonorWildcards));
175 
176  /* more cases? */
177 }
178 
186 static AnyP::UriScheme
188 {
189  /*
190  * RFC 3986 section 3.1 paragraph 2:
191  *
192  * Scheme names consist of a sequence of characters beginning with a
193  * letter and followed by any combination of letters, digits, plus
194  * ("+"), period ("."), or hyphen ("-").
195  *
196  * The underscore ("_") required to match "cache_object://" squid
197  * special URI scheme.
198  */
199  static const auto schemeChars =
200 #if USE_HTTP_VIOLATIONS
201  CharacterSet("special", "_") +
202 #endif
204 
205  SBuf str;
206  if (tok.prefix(str, schemeChars, 16) && tok.skip(':') && CharacterSet::ALPHA[str.at(0)]) {
207  const auto protocol = AnyP::UriScheme::FindProtocolType(str);
208  if (protocol == AnyP::PROTO_UNKNOWN)
209  return AnyP::UriScheme(protocol, str.c_str());
210  return AnyP::UriScheme(protocol, nullptr);
211  }
212 
213  throw TextException("invalid URI scheme", Here());
214 }
215 
223 bool
224 urlAppendDomain(char *host)
225 {
226  /* For IPv4 addresses check for a dot */
227  /* For IPv6 addresses also check for a colon */
228  if (Config.appendDomain && !strchr(host, '.') && !strchr(host, ':')) {
229  const uint64_t dlen = strlen(host);
230  const uint64_t want = dlen + Config.appendDomainLen;
231  if (want > SQUIDHOSTNAMELEN - 1) {
232  debugs(23, 2, "URL domain too large (" << dlen << " bytes)");
233  return false;
234  }
235  strncat(host, Config.appendDomain, SQUIDHOSTNAMELEN - dlen - 1);
236  }
237  return true;
238 }
239 
240 /*
241  * Parse a URI/URL.
242  *
243  * It is assumed that the URL is complete -
244  * ie, the end of the string is the end of the URL. Don't pass a partial
245  * URL here as this routine doesn't have any way of knowing whether
246  * it is partial or not (ie, it handles the case of no trailing slash as
247  * being "end of host with implied path of /".
248  *
249  * method is used to switch parsers. If method is Http::METHOD_CONNECT,
250  * then rather than a URL a hostname:port is looked for.
251  */
252 bool
253 AnyP::Uri::parse(const HttpRequestMethod& method, const SBuf &rawUrl)
254 {
255  try {
256 
257  LOCAL_ARRAY(char, login, MAX_URL);
258  LOCAL_ARRAY(char, foundHost, MAX_URL);
259  LOCAL_ARRAY(char, urlpath, MAX_URL);
260  char *t = NULL;
261  char *q = NULL;
262  int foundPort;
263  int l;
264  int i;
265  const char *src;
266  char *dst;
267  foundHost[0] = urlpath[0] = login[0] = '\0';
268 
269  if ((l = rawUrl.length()) + Config.appendDomainLen > (MAX_URL - 1)) {
270  debugs(23, DBG_IMPORTANT, MYNAME << "URL too large (" << l << " bytes)");
271  return false;
272  }
273 
274  if ((method == Http::METHOD_OPTIONS || method == Http::METHOD_TRACE) &&
275  Asterisk().cmp(rawUrl) == 0) {
276  // XXX: these methods might also occur in HTTPS traffic. Handle this better.
277  setScheme(AnyP::PROTO_HTTP, nullptr);
278  port(getScheme().defaultPort());
279  path(Asterisk());
280  return true;
281  }
282 
283  Parser::Tokenizer tok(rawUrl);
284  AnyP::UriScheme scheme;
285 
286  if (method == Http::METHOD_CONNECT) {
287  /*
288  * RFC 7230 section 5.3.3: authority-form = authority
289  * "excluding any userinfo and its "@" delimiter"
290  *
291  * RFC 3986 section 3.2: authority = [ userinfo "@" ] host [ ":" port ]
292  *
293  * As an HTTP(S) proxy we assume HTTPS (443) if no port provided.
294  */
295  foundPort = 443;
296 
297  // XXX: use tokenizer
298  auto B = tok.buf();
299  const char *url = B.c_str();
300 
301  if (sscanf(url, "[%[^]]]:%d", foundHost, &foundPort) < 1)
302  if (sscanf(url, "%[^:]:%d", foundHost, &foundPort) < 1)
303  return false;
304 
305  } else {
306 
307  scheme = uriParseScheme(tok);
308 
309  if (scheme == AnyP::PROTO_NONE)
310  return false; // invalid scheme
311 
312  if (scheme == AnyP::PROTO_URN) {
313  parseUrn(tok); // throws on any error
314  return true;
315  }
316 
317  // URLs then have "//"
318  static const SBuf doubleSlash("//");
319  if (!tok.skip(doubleSlash))
320  return false;
321 
322  auto B = tok.remaining();
323  const char *url = B.c_str();
324 
325  /* Parse the URL: */
326  src = url;
327  i = 0;
328 
329  /* Then everything until first /; that's host (and port; which we'll look for here later) */
330  // bug 1881: If we don't get a "/" then we imply it was there
331  // bug 3074: We could just be given a "?" or "#". These also imply "/"
332  // bug 3233: whitespace is also a hostname delimiter.
333  for (dst = foundHost; i < l && *src != '/' && *src != '?' && *src != '#' && *src != '\0' && !xisspace(*src); ++i, ++src, ++dst) {
334  *dst = *src;
335  }
336 
337  /*
338  * We can't check for "i >= l" here because we could be at the end of the line
339  * and have a perfectly valid URL w/ no trailing '/'. In this case we assume we've
340  * been -given- a valid URL and the path is just '/'.
341  */
342  if (i > l)
343  return false;
344  *dst = '\0';
345 
346  // We are looking at path-abempty.
347  if (*src != '/') {
348  // path-empty, including the end of the `src` c-string cases
349  urlpath[0] = '/';
350  dst = &urlpath[1];
351  } else {
352  dst = urlpath;
353  }
354  /* Then everything from / (inclusive) until \r\n or \0 - that's urlpath */
355  for (; i < l && *src != '\r' && *src != '\n' && *src != '\0'; ++i, ++src, ++dst) {
356  *dst = *src;
357  }
358 
359  /* We -could- be at the end of the buffer here */
360  if (i > l)
361  return false;
362  *dst = '\0';
363 
364  foundPort = scheme.defaultPort(); // may be reset later
365 
366  /* Is there any login information? (we should eventually parse it above) */
367  t = strrchr(foundHost, '@');
368  if (t != NULL) {
369  strncpy((char *) login, (char *) foundHost, sizeof(login)-1);
370  login[sizeof(login)-1] = '\0';
371  t = strrchr(login, '@');
372  *t = 0;
373  strncpy((char *) foundHost, t + 1, sizeof(foundHost)-1);
374  foundHost[sizeof(foundHost)-1] = '\0';
375  // Bug 4498: URL-unescape the login info after extraction
376  rfc1738_unescape(login);
377  }
378 
379  /* Is there any host information? (we should eventually parse it above) */
380  if (*foundHost == '[') {
381  /* strip any IPA brackets. valid under IPv6. */
382  dst = foundHost;
383  /* only for IPv6 sadly, pre-IPv6/URL code can't handle the clean result properly anyway. */
384  src = foundHost;
385  ++src;
386  l = strlen(foundHost);
387  i = 1;
388  for (; i < l && *src != ']' && *src != '\0'; ++i, ++src, ++dst) {
389  *dst = *src;
390  }
391 
392  /* we moved in-place, so truncate the actual hostname found */
393  *dst = '\0';
394  ++dst;
395 
396  /* skip ahead to either start of port, or original EOS */
397  while (*dst != '\0' && *dst != ':')
398  ++dst;
399  t = dst;
400  } else {
401  t = strrchr(foundHost, ':');
402 
403  if (t != strchr(foundHost,':') ) {
404  /* RFC 2732 states IPv6 "SHOULD" be bracketed. allowing for times when its not. */
405  /* RFC 3986 'update' simply modifies this to an "is" with no emphasis at all! */
406  /* therefore we MUST accept the case where they are not bracketed at all. */
407  t = NULL;
408  }
409  }
410 
411  // Bug 3183 sanity check: If scheme is present, host must be too.
412  if (scheme != AnyP::PROTO_NONE && foundHost[0] == '\0') {
413  debugs(23, DBG_IMPORTANT, "SECURITY ALERT: Missing hostname in URL '" << url << "'. see access.log for details.");
414  return false;
415  }
416 
417  if (t && *t == ':') {
418  *t = '\0';
419  ++t;
420  foundPort = atoi(t);
421  }
422  }
423 
424  for (t = foundHost; *t; ++t)
425  *t = xtolower(*t);
426 
427  if (stringHasWhitespace(foundHost)) {
429  t = q = foundHost;
430  while (*t) {
431  if (!xisspace(*t)) {
432  *q = *t;
433  ++q;
434  }
435  ++t;
436  }
437  *q = '\0';
438  }
439  }
440 
441  debugs(23, 3, "Split URL '" << rawUrl << "' into proto='" << scheme.image() << "', host='" << foundHost << "', port='" << foundPort << "', path='" << urlpath << "'");
442 
444  strspn(foundHost, Config.onoff.allow_underscore ? valid_hostname_chars_u : valid_hostname_chars) != strlen(foundHost)) {
445  debugs(23, DBG_IMPORTANT, MYNAME << "Illegal character in hostname '" << foundHost << "'");
446  return false;
447  }
448 
449  if (!urlAppendDomain(foundHost))
450  return false;
451 
452  /* remove trailing dots from hostnames */
453  while ((l = strlen(foundHost)) > 0 && foundHost[--l] == '.')
454  foundHost[l] = '\0';
455 
456  /* reject duplicate or leading dots */
457  if (strstr(foundHost, "..") || *foundHost == '.') {
458  debugs(23, DBG_IMPORTANT, MYNAME << "Illegal hostname '" << foundHost << "'");
459  return false;
460  }
461 
462  if (foundPort < 1 || foundPort > 65535) {
463  debugs(23, 3, "Invalid port '" << foundPort << "'");
464  return false;
465  }
466 
467  if (stringHasWhitespace(urlpath)) {
468  debugs(23, 2, "URI has whitespace: {" << rawUrl << "}");
469 
470  switch (Config.uri_whitespace) {
471 
472  case URI_WHITESPACE_DENY:
473  return false;
474 
476  break;
477 
479  t = rfc1738_escape_unescaped(urlpath);
480  xstrncpy(urlpath, t, MAX_URL);
481  break;
482 
483  case URI_WHITESPACE_CHOP:
484  *(urlpath + strcspn(urlpath, w_space)) = '\0';
485  break;
486 
488  default:
489  t = q = urlpath;
490  while (*t) {
491  if (!xisspace(*t)) {
492  *q = *t;
493  ++q;
494  }
495  ++t;
496  }
497  *q = '\0';
498  }
499  }
500 
501  setScheme(scheme);
502  path(urlpath);
503  host(foundHost);
504  userInfo(SBuf(login));
505  port(foundPort);
506  return true;
507 
508  } catch (...) {
509  debugs(23, 2, "error: " << CurrentException << " " << Raw("rawUrl", rawUrl.rawContent(), rawUrl.length()));
510  return false;
511  }
512 }
513 
528 void
530 {
531  static const auto nidChars = CharacterSet("NID","-") + CharacterSet::ALPHA + CharacterSet::DIGIT;
532  static const auto alphanum = (CharacterSet::ALPHA + CharacterSet::DIGIT).rename("alphanum");
533  SBuf nid;
534  if (!tok.prefix(nid, nidChars, 32))
535  throw TextException("NID not found", Here());
536 
537  if (!tok.skip(':'))
538  throw TextException("NID too long or missing ':' delimiter", Here());
539 
540  if (nid.length() < 2)
541  throw TextException("NID too short", Here());
542 
543  if (!alphanum[*nid.begin()])
544  throw TextException("NID prefix is not alphanumeric", Here());
545 
546  if (!alphanum[*nid.rbegin()])
547  throw TextException("NID suffix is not alphanumeric", Here());
548 
549  setScheme(AnyP::PROTO_URN, nullptr);
550  host(nid.c_str());
551  // TODO validate path characters
552  path(tok.remaining());
553  debugs(23, 3, "Split URI into proto=urn, nid=" << nid << ", " << Raw("path",path().rawContent(),path().length()));
554 }
555 
556 void
558 {
559  absolute_.clear();
560  authorityHttp_.clear();
561  authorityWithPort_.clear();
562 }
563 
564 SBuf &
565 AnyP::Uri::authority(bool requirePort) const
566 {
567  if (authorityHttp_.isEmpty()) {
568 
569  // both formats contain Host/IP
570  authorityWithPort_.append(host());
571  authorityHttp_ = authorityWithPort_;
572 
573  // authorityForm_ only has :port if it is non-default
574  authorityWithPort_.appendf(":%u",port());
575  if (port() != getScheme().defaultPort())
576  authorityHttp_ = authorityWithPort_;
577  }
578 
579  return requirePort ? authorityWithPort_ : authorityHttp_;
580 }
581 
582 SBuf &
584 {
585  if (absolute_.isEmpty()) {
586  // TODO: most URL will be much shorter, avoid allocating this much
587  absolute_.reserveCapacity(MAX_URL);
588 
589  absolute_.append(getScheme().image());
590  absolute_.append(":",1);
591  if (getScheme() != AnyP::PROTO_URN) {
592  absolute_.append("//", 2);
593  const bool allowUserInfo = getScheme() == AnyP::PROTO_FTP ||
594  getScheme() == AnyP::PROTO_UNKNOWN;
595 
596  if (allowUserInfo && !userInfo().isEmpty()) {
597  static const CharacterSet uiChars = CharacterSet(UserInfoChars())
598  .remove('%')
599  .rename("userinfo-reserved");
600  absolute_.append(Encode(userInfo(), uiChars));
601  absolute_.append("@", 1);
602  }
603  absolute_.append(authority());
604  } else {
605  absolute_.append(host());
606  absolute_.append(":", 1);
607  }
608  absolute_.append(path()); // TODO: Encode each URI subcomponent in path_ as needed.
609  }
610 
611  return absolute_;
612 }
613 
614 /* XXX: Performance: This is an *almost* duplicate of HttpRequest::effectiveRequestUri(). But elides the query-string.
615  * After copying it on in the first place! Would be less code to merge the two with a flag parameter.
616  * and never copy the query-string part in the first place
617  */
618 char *
620 {
621  LOCAL_ARRAY(char, buf, MAX_URL);
622 
623  snprintf(buf, sizeof(buf), SQUIDSBUFPH, SQUIDSBUFPRINT(url));
624  buf[sizeof(buf)-1] = '\0';
625 
626  // URN, CONNECT method, and non-stripped URIs can go straight out
627  if (Config.onoff.strip_query_terms && !(method == Http::METHOD_CONNECT || scheme == AnyP::PROTO_URN)) {
628  // strip anything AFTER a question-mark
629  // leaving the '?' in place
630  if (auto t = strchr(buf, '?')) {
631  *(++t) = '\0';
632  }
633  }
634 
635  if (stringHasCntl(buf))
637 
638  return buf;
639 }
640 
647 const char *
649 {
650  LOCAL_ARRAY(char, buf, MAX_URL);
651 
652  // method CONNECT and port HTTPS
653  if (request->method == Http::METHOD_CONNECT && request->url.port() == 443) {
654  snprintf(buf, MAX_URL, "https://%s/*", request->url.host());
655  return buf;
656  }
657 
658  // else do the normal complete canonical thing.
659  return request->canonicalCleanUrl();
660 }
661 
674 bool
675 urlIsRelative(const char *url)
676 {
677  if (!url)
678  return false; // no URL
679 
680  /*
681  * RFC 3986 section 5.2.3
682  *
683  * path = path-abempty ; begins with "/" or is empty
684  * / path-absolute ; begins with "/" but not "//"
685  * / path-noscheme ; begins with a non-colon segment
686  * / path-rootless ; begins with a segment
687  * / path-empty ; zero characters
688  */
689 
690  if (*url == '\0')
691  return true; // path-empty
692 
693  if (*url == '/') {
694  // RFC 3986 section 5.2.3
695  // path-absolute ; begins with "/" but not "//"
696  if (url[1] == '/')
697  return true; // network-path reference, aka. 'scheme-relative URI'
698  else
699  return true; // path-absolute, aka 'absolute-path reference'
700  }
701 
702  for (const auto *p = url; *p != '\0' && *p != '/' && *p != '?' && *p != '#'; ++p) {
703  if (*p == ':')
704  return false; // colon is forbidden in first segment
705  }
706 
707  return true; // path-noscheme, path-abempty, path-rootless
708 }
709 
710 void
711 AnyP::Uri::addRelativePath(const char *relUrl)
712 {
713  // URN cannot be merged
714  if (getScheme() == AnyP::PROTO_URN)
715  return;
716 
717  // TODO: Handle . and .. segment normalization
718 
719  const auto lastSlashPos = path_.rfind('/');
720  // TODO: To optimize and simplify, add and use SBuf::replace().
721  const auto relUrlLength = strlen(relUrl);
722  if (lastSlashPos == SBuf::npos) {
723  // start replacing the whole path
724  path_.reserveCapacity(1 + relUrlLength);
725  path_.assign("/", 1);
726  } else {
727  // start replacing just the last segment
728  path_.reserveCapacity(lastSlashPos + 1 + relUrlLength);
729  path_.chop(0, lastSlashPos+1);
730  }
731  path_.append(relUrl, relUrlLength);
732 }
733 
734 int
735 matchDomainName(const char *h, const char *d, MatchDomainNameFlags flags)
736 {
737  int dl;
738  int hl;
739 
740  const bool hostIncludesSubdomains = (*h == '.');
741  while ('.' == *h)
742  ++h;
743 
744  hl = strlen(h);
745 
746  if (hl == 0)
747  return -1;
748 
749  dl = strlen(d);
750 
751  /*
752  * Start at the ends of the two strings and work towards the
753  * beginning.
754  */
755  while (xtolower(h[--hl]) == xtolower(d[--dl])) {
756  if (hl == 0 && dl == 0) {
757  /*
758  * We made it all the way to the beginning of both
759  * strings without finding any difference.
760  */
761  return 0;
762  }
763 
764  if (0 == hl) {
765  /*
766  * The host string is shorter than the domain string.
767  * There is only one case when this can be a match.
768  * If the domain is just one character longer, and if
769  * that character is a leading '.' then we call it a
770  * match.
771  */
772 
773  if (1 == dl && '.' == d[0])
774  return 0;
775  else
776  return -1;
777  }
778 
779  if (0 == dl) {
780  /*
781  * The domain string is shorter than the host string.
782  * This is a match only if the first domain character
783  * is a leading '.'.
784  */
785 
786  if ('.' == d[0]) {
787  if (flags & mdnRejectSubsubDomains) {
788  // Check for sub-sub domain and reject
789  while(--hl >= 0 && h[hl] != '.');
790  if (hl < 0) {
791  // No sub-sub domain found, but reject if there is a
792  // leading dot in given host string (which is removed
793  // before the check is started).
794  return hostIncludesSubdomains ? 1 : 0;
795  } else
796  return 1; // sub-sub domain, reject
797  } else
798  return 0;
799  } else
800  return 1;
801  }
802  }
803 
804  /*
805  * We found different characters in the same position (from the end).
806  */
807 
808  // If the h has a form of "*.foo.com" and d has a form of "x.foo.com"
809  // then the h[hl] points to '*', h[hl+1] to '.' and d[dl] to 'x'
810  // The following checks are safe, the "h[hl + 1]" in the worst case is '\0'.
811  if ((flags & mdnHonorWildcards) && h[hl] == '*' && h[hl + 1] == '.')
812  return 0;
813 
814  /*
815  * If one of those character is '.' then its special. In order
816  * for splay tree sorting to work properly, "x-foo.com" must
817  * be greater than ".foo.com" even though '-' is less than '.'.
818  */
819  if ('.' == d[dl])
820  return 1;
821 
822  if ('.' == h[hl])
823  return -1;
824 
825  return (xtolower(h[hl]) - xtolower(d[dl]));
826 }
827 
828 /*
829  * return true if we can serve requests for this method.
830  */
831 bool
833 {
834  /* protocol "independent" methods
835  *
836  * actually these methods are specific to HTTP:
837  * they are methods we receive on our HTTP port,
838  * and if we had a FTP listener would not be relevant
839  * there.
840  *
841  * So, we should delegate them to HTTP. The problem is that we
842  * do not have a default protocol from the client side of HTTP.
843  */
844 
845  if (r->method == Http::METHOD_CONNECT)
846  return true;
847 
848  // we support OPTIONS and TRACE directed at us (with a 501 reply, for now)
849  // we also support forwarding OPTIONS and TRACE, except for the *-URI ones
852 
853  if (r->method == Http::METHOD_PURGE)
854  return true;
855 
856  /* does method match the protocol? */
857  switch (r->url.getScheme()) {
858 
859  case AnyP::PROTO_URN:
860  case AnyP::PROTO_HTTP:
862  return true;
863 
864  case AnyP::PROTO_FTP:
865  if (r->method == Http::METHOD_PUT ||
866  r->method == Http::METHOD_GET ||
867  r->method == Http::METHOD_HEAD )
868  return true;
869  return false;
870 
871  case AnyP::PROTO_GOPHER:
872  case AnyP::PROTO_WAIS:
873  case AnyP::PROTO_WHOIS:
874  if (r->method == Http::METHOD_GET ||
876  return true;
877  return false;
878 
879  case AnyP::PROTO_HTTPS:
880 #if USE_OPENSSL || USE_GNUTLS
881  return true;
882 #else
883  /*
884  * Squid can't originate an SSL connection, so it should
885  * never receive an "https:" URL. It should always be
886  * CONNECT instead.
887  */
888  return false;
889 #endif
890 
891  default:
892  return false;
893  }
894 
895  /* notreached */
896  return false;
897 }
898 
900  scheme_(aScheme),
901  hostIsNumeric_(false),
902  port_(0)
903 {
904  *host_=0;
905 }
906 
907 // TODO: fix code duplication with AnyP::Uri::parse()
908 char *
909 AnyP::Uri::cleanup(const char *uri)
910 {
911  char *cleanedUri = nullptr;
912  switch (Config.uri_whitespace) {
913  case URI_WHITESPACE_ALLOW: {
915  cleanedUri = xstrndup(rfc1738_do_escape(uri, flags), MAX_URL);
916  break;
917  }
918 
921  break;
922 
923  case URI_WHITESPACE_CHOP: {
924  const auto pos = strcspn(uri, w_space);
925  char *choppedUri = nullptr;
926  if (pos < strlen(uri))
927  choppedUri = xstrndup(uri, pos + 1);
928  cleanedUri = xstrndup(rfc1738_do_escape(choppedUri ? choppedUri : uri,
930  cleanedUri[pos] = '\0';
931  xfree(choppedUri);
932  break;
933  }
934 
935  case URI_WHITESPACE_DENY:
937  default: {
938  // TODO: avoid duplication with urlParse()
939  const char *t;
940  char *tmp_uri = static_cast<char*>(xmalloc(strlen(uri) + 1));
941  char *q = tmp_uri;
942  t = uri;
943  while (*t) {
944  if (!xisspace(*t)) {
945  *q = *t;
946  ++q;
947  }
948  ++t;
949  }
950  *q = '\0';
951  cleanedUri = xstrndup(rfc1738_escape_unescaped(tmp_uri), MAX_URL);
952  xfree(tmp_uri);
953  break;
954  }
955  }
956 
957  assert(cleanedUri);
958  return cleanedUri;
959 }
960 
static char * cleanup(const char *uri)
Definition: Uri.cc:909
#define URI_WHITESPACE_ENCODE
Definition: defines.h:135
char method[16]
Definition: tcp-banger2.c:115
#define MYNAME
Definition: Debug.h:165
bool prefix(SBuf &returnedToken, const CharacterSet &tokenChars, SBuf::size_type limit=SBuf::npos)
Definition: Tokenizer.cc:81
#define Here()
source code location of the caller
Definition: Here.h:15
static const char valid_hostname_chars_u[]
Definition: Uri.cc:20
@ METHOD_HEAD
Definition: MethodType.h:28
AnyP::Uri url
the request URI
Definition: HttpRequest.h:115
#define xmalloc
int stringHasCntl(const char *)
Definition: String.cc:387
#define URI_WHITESPACE_STRIP
Definition: defines.h:133
const_reverse_iterator rbegin() const
Definition: SBuf.h:584
#define URI_WHITESPACE_CHOP
Definition: defines.h:136
static AnyP::ProtocolType FindProtocolType(const SBuf &)
Definition: UriScheme.cc:52
char host_[SQUIDHOSTNAMELEN]
string representation of the URI authority name or IP
Definition: Uri.h:174
#define LOCAL_ARRAY(type, name, size)
Definition: squid.h:75
HttpHeader header
Definition: Message.h:75
int check_hostnames
Definition: SquidConfig.h:323
@ mdnHonorWildcards
Definition: Uri.h:225
bool urlCheckRequest(const HttpRequest *r)
Definition: Uri.cc:832
bool isEmpty() const
Definition: SBuf.h:424
void reserveSpace(size_type minSpace)
Definition: SBuf.h:433
@ PROTO_NONE
Definition: ProtocolType.h:24
SBuf hostOrIp() const
Definition: Uri.cc:114
bool parse(const HttpRequestMethod &, const SBuf &url)
Definition: Uri.cc:253
const char * ProtocolType_str[]
Definition: SBuf.h:87
bool atEnd() const
whether the end of the buffer has been reached
Definition: Tokenizer.h:41
bool skip(const SBuf &tokenToSkip)
Definition: Tokenizer.cc:179
char * xstrncpy(char *dst, const char *src, size_t n)
Definition: xstring.cc:37
int matchDomainName(const char *h, const char *d, MatchDomainNameFlags flags)
Definition: Uri.cc:735
#define xtolower(x)
Definition: xis.h:19
#define DBG_IMPORTANT
Definition: Debug.h:41
#define w_space
static int port
Definition: ldap_backend.cc:69
@ PROTO_UNKNOWN
Definition: ProtocolType.h:43
static const CharacterSet ALPHA
Definition: CharacterSet.h:76
AnyP::UriScheme const & getScheme() const
Definition: Uri.h:67
@ METHOD_OPTIONS
Definition: MethodType.h:31
#define MAX_IPSTRLEN
Length of buffer that needs to be allocated to old a null-terminated IP-string.
Definition: forward.h:25
@ PROTO_URN
Definition: ProtocolType.h:37
Definition: Debug.h:184
#define MAX_URL
Definition: defines.h:78
const SBuf & remaining() const
the remaining unprocessed section of buffer
Definition: Tokenizer.h:44
static const CharacterSet & UserInfoChars()
Characters which are valid within a URI userinfo section.
Definition: Uri.cc:35
#define URI_WHITESPACE_DENY
Definition: defines.h:137
int strip_query_terms
Definition: SquidConfig.h:307
#define NULL
Definition: types.h:166
const char * rawContent() const
Definition: SBuf.cc:509
@ PROTO_MAX
Definition: ProtocolType.h:44
void rfc1738_unescape(char *url)
Definition: rfc1738.c:146
#define SQUIDSBUFPRINT(s)
Definition: SBuf.h:32
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Debug.h:123
char at(size_type pos) const
Definition: SBuf.h:242
MatchDomainNameFlags
Definition: Uri.h:223
@ METHOD_CONNECT
Definition: MethodType.h:29
const_iterator begin() const
Definition: SBuf.h:576
int64_t getInt64(Http::HdrType id) const
Definition: HttpHeader.cc:1177
void parseUrn(Parser::Tokenizer &)
Definition: Uri.cc:529
#define assert(EX)
Definition: assert.h:19
SBuf image() const
Definition: UriScheme.h:50
@ METHOD_PUT
Definition: MethodType.h:27
std::ostream & CurrentException(std::ostream &os)
prints active (i.e., thrown but not yet handled) exception
@ METHOD_TRACE
Definition: MethodType.h:30
@ PROTO_GOPHER
Definition: ProtocolType.h:30
static const CharacterSet DIGIT
Definition: CharacterSet.h:84
const char * c_str()
Definition: SBuf.cc:516
SBuf & authority(bool requirePort=false) const
Definition: Uri.cc:565
size_type length() const
Returns the number of bytes stored in SBuf.
Definition: SBuf.h:408
char * xstrndup(const char *s, size_t n)
Definition: xstring.cc:56
SBuf & append(const SBuf &S)
Definition: SBuf.cc:185
#define xfree
void addRelativePath(const char *relUrl)
Definition: Uri.cc:711
CharacterSet & rename(const char *label)
change name; handy in const declarations that use operators
Definition: CharacterSet.h:61
int allow_underscore
Definition: SquidConfig.h:324
static const size_type npos
Definition: SBuf.h:92
static const char valid_hostname_chars[]
Definition: Uri.cc:26
@ METHOD_PURGE
Definition: MethodType.h:92
const char * urlCanonicalFakeHttps(const HttpRequest *request)
Definition: Uri.cc:648
CharacterSet & remove(const unsigned char c)
remove a given character from the character set
Definition: CharacterSet.cc:54
@ PROTO_CACHE_OBJECT
Definition: ProtocolType.h:32
bool urlAppendDomain(char *host)
apply append_domain config to the given hostname
Definition: Uri.cc:224
#define rfc1738_escape_unescaped(x)
Definition: rfc1738.h:59
static const SBuf & SlashPath()
the static '/' default URL-path
Definition: Uri.cc:91
void urlInitialize(void)
Definition: Uri.cc:136
SBuf & absolute() const
Definition: Uri.cc:583
@ PROTO_WHOIS
Definition: ProtocolType.h:38
@ PROTO_HTTPS
Definition: ProtocolType.h:27
HttpRequestMethod method
Definition: HttpRequest.h:114
void path(const char *p)
Definition: Uri.h:99
@ PROTO_FTP
Definition: ProtocolType.h:26
@ PROTO_HTTP
Definition: ProtocolType.h:25
void reserveCapacity(size_type minCapacity)
Definition: SBuf.cc:105
Definition: parse.c:160
struct SquidConfig::@111 onoff
@ mdnRejectSubsubDomains
Definition: Uri.h:226
unsigned short defaultPort() const
Definition: UriScheme.cc:71
an std::runtime_error with thrower location info
Definition: TextException.h:20
@ PROTO_WAIS
Definition: ProtocolType.h:31
char * url
Definition: tcp-banger2.c:114
Uri()
Definition: Uri.h:35
#define RFC1738_ESCAPE_UNESCAPED
Definition: rfc1738.h:25
bool urlIsRelative(const char *url)
Definition: Uri.cc:675
char * rfc1738_do_escape(const char *url, int flags)
Definition: rfc1738.c:56
SBuf & appendf(const char *fmt,...)
Definition: SBuf.cc:229
void touch()
clear the cached URI display forms
Definition: Uri.cc:557
char * urlCanonicalCleanWithoutRequest(const SBuf &url, const HttpRequestMethod &method, const AnyP::UriScheme &scheme)
Definition: Uri.cc:619
optimized set of C chars, with quick membership test and merge support
Definition: CharacterSet.h:18
#define xisspace(x)
Definition: xis.h:17
#define RFC1738_ESCAPE_NOSPACE
Definition: rfc1738.h:22
char * appendDomain
Definition: SquidConfig.h:220
static uint32 B
Definition: md4.c:43
size_t appendDomainLen
Definition: SquidConfig.h:221
const SBuf & path() const
Definition: Uri.cc:124
@ METHOD_GET
Definition: MethodType.h:25
int stringHasWhitespace(const char *)
Definition: String.cc:380
const char * host(void) const
Definition: Uri.h:85
#define false
Definition: GnuRegex.c:233
static const SBuf & Asterisk()
the static '*' pseudo-URI
Definition: Uri.cc:84
int uri_whitespace
Definition: SquidConfig.h:464
struct _request * request(char *urlin)
Definition: tcp-banger2.c:291
static SBuf Encode(const SBuf &, const CharacterSet &expected)
Definition: Uri.cc:55
#define SQUIDHOSTNAMELEN
Definition: rfc2181.h:30
#define SQUIDSBUFPH
Definition: SBuf.h:31
class SquidConfig Config
Definition: SquidConfig.cc:12
static AnyP::UriScheme uriParseScheme(Parser::Tokenizer &tok)
Definition: Uri.cc:187
#define URI_WHITESPACE_ALLOW
Definition: defines.h:134

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors