client_side.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /* DEBUG: section 33 Client-side Routines */
10 
11 #ifndef SQUID_CLIENTSIDE_H
12 #define SQUID_CLIENTSIDE_H
13 
14 #include "base/RunnersRegistry.h"
15 #include "clientStreamForward.h"
16 #include "comm.h"
17 #include "helper/forward.h"
18 #include "http/forward.h"
19 #include "HttpControlMsg.h"
20 #include "ipc/FdNotes.h"
21 #include "sbuf/SBuf.h"
22 #include "servers/Server.h"
23 #if USE_AUTH
24 #include "auth/UserRequest.h"
25 #endif
26 #if USE_OPENSSL
27 #include "security/Handshake.h"
28 #include "ssl/support.h"
29 #endif
30 #if USE_DELAY_POOLS
31 #include "MessageBucket.h"
32 #endif
33 
34 #include <iosfwd>
35 
36 class ClientHttpRequest;
37 class HttpHdrRangeSpec;
38 
41 
42 #if USE_OPENSSL
43 namespace Ssl
44 {
45 class ServerBump;
46 }
47 #endif
48 
74 {
75 
76 public:
77  explicit ConnStateData(const MasterXactionPointer &xact);
78  virtual ~ConnStateData();
79 
80  /* ::Server API */
81  virtual void receivedFirstByte();
82  virtual bool handleReadData();
83  virtual void afterClientRead();
84  virtual void afterClientWrite(size_t);
85 
86  /* HttpControlMsgSink API */
87  virtual void sendControlMsg(HttpControlMsg);
88  virtual void doneWithControlMsg();
89 
91  bool clientParseRequests();
92  void readNextRequest();
93 
95  void kick();
96 
97  bool isOpen() const;
98 
100 
107  int64_t mayNeedToReadMoreBody() const;
108 
109 #if USE_AUTH
110 
114  const Auth::UserRequest::Pointer &getAuth() const { return auth_; }
115 
124  void setAuth(const Auth::UserRequest::Pointer &aur, const char *cause);
125 #endif
126 
128 
129  struct {
130  bool readMore;
131  bool swanSang; // XXX: temporary flag to check proper cleanup
132  } flags;
133  struct {
134  Comm::ConnectionPointer serverConnection; /* pinned server side connection */
135  char *host; /* host name of pinned connection */
136  int port; /* port of pinned connection */
137  bool pinned; /* this connection was pinned */
138  bool auth; /* pinned for www authentication */
139  bool reading;
140  bool zeroReply;
141  CachePeer *peer; /* CachePeer the connection goes via */
143  AsyncCall::Pointer closeHandler; /*The close handler for pinned server side connection*/
144  } pinning;
145 
146  bool transparent() const;
147 
149  const char *stoppedReceiving() const { return stoppedReceiving_; }
151  const char *stoppedSending() const { return stoppedSending_; }
153  void stopReceiving(const char *error);
155  void stopSending(const char *error);
156 
157  void expectNoForwarding();
158 
159  /* BodyPipe API */
160  BodyPipe::Pointer expectRequestBody(int64_t size);
161  virtual void noteMoreBodySpaceAvailable(BodyPipe::Pointer) = 0;
162  virtual void noteBodyConsumerAborted(BodyPipe::Pointer) = 0;
163 
164  bool handleRequestBodyData();
165 
168  {
169  public:
170  PinnedIdleContext(const Comm::ConnectionPointer &conn, const HttpRequest::Pointer &req): connection(conn), request(req) {}
171 
174  };
175 
177  void notePinnedConnectionBecameIdle(PinnedIdleContext pic);
180  void pinBusyConnection(const Comm::ConnectionPointer &pinServerConn, const HttpRequest::Pointer &request);
182  void unpinConnection(const bool andClose);
192  const Comm::ConnectionPointer validatePinnedConnection(HttpRequest *request, const CachePeer *peer);
196  CachePeer *pinnedPeer() const {return pinning.peer;}
197  bool pinnedAuth() const {return pinning.auth;}
198 
201 
202  // pining related comm callbacks
203  virtual void clientPinnedConnectionClosed(const CommCloseCbParams &io);
204 
205  // comm callbacks
206  void clientReadFtpData(const CommIoCbParams &io);
207  void connStateClosed(const CommCloseCbParams &io);
208  void requestTimeout(const CommTimeoutCbParams &params);
209 
210  // AsyncJob API
211  virtual void start();
212  virtual bool doneAll() const { return BodyProducer::doneAll() && false;}
213  virtual void swanSong();
214 
217  void quitAfterError(HttpRequest *request); // meant to be private
218 
220  void stopPinnedConnectionMonitoring();
221 
223  void postHttpsAccept();
224 
225 #if USE_OPENSSL
226  void startPeekAndSplice();
228 
232  void doPeekAndSpliceStep();
234  void httpsPeeked(PinnedIdleContext pic);
235 
237  bool splice();
238 
240  void getSslContextStart();
241 
243  void getSslContextDone(Security::ContextPointer &);
244 
246  static void sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply);
248  void sslCrtdHandleReply(const Helper::Reply &reply);
249 
250  void switchToHttps(HttpRequest *request, Ssl::BumpMode bumpServerMode);
251  void parseTlsHandshake();
252  bool switchedToHttps() const { return switchedToHttps_; }
253  Ssl::ServerBump *serverBump() {return sslServerBump;}
254  inline void setServerBump(Ssl::ServerBump *srvBump) {
255  if (!sslServerBump)
256  sslServerBump = srvBump;
257  else
258  assert(sslServerBump == srvBump);
259  }
260  const SBuf &sslCommonName() const {return sslCommonName_;}
261  void resetSslCommonName(const char *name) {sslCommonName_ = name;}
262  const SBuf &tlsClientSni() const { return tlsClientSni_; }
265  void buildSslCertGenerationParams(Ssl::CertificateProperties &certProperties);
270  bool serveDelayedError(Http::Stream *);
271 
273 
277 #else
278  bool switchedToHttps() const { return false; }
279 #endif
280  char *prepareTlsSwitchingURL(const Http1::RequestParserPointer &hp);
281 
283  virtual bool writeControlMsgAndCall(HttpReply *rep, AsyncCall::Pointer &call) = 0;
284 
287  virtual void handleReply(HttpReply *header, StoreIOBuffer receivedData) = 0;
288 
290  void consumeInput(const size_t byteCount);
291 
292  /* TODO: Make the methods below (at least) non-public when possible. */
293 
295  Http::Stream *abortRequestParsing(const char *const errUri);
296 
299  bool fakeAConnectRequest(const char *reason, const SBuf &payload);
300 
302  bool initiateTunneledRequest(HttpRequest::Pointer const &cause, Http::MethodType const method, const char *reason, const SBuf &payload);
303 
305  bool mayTunnelUnsupportedProto();
306 
308  ClientHttpRequest *buildFakeRequest(Http::MethodType const method, SBuf &useHost, unsigned short usePort, const SBuf &payload);
309 
313 
314  /* Registered Runner API */
315  virtual void startShutdown();
316  virtual void endingShutdown();
317 
320  NotePairs::Pointer notes();
321  bool hasNotes() const { return bool(theNotes) && !theNotes->empty(); }
322 
323 protected:
324  void startDechunkingRequest();
325  void finishDechunkingRequest(bool withSuccess);
326  void abortChunkedRequestBody(const err_type error);
327  err_type handleChunkedRequestBody();
328 
329  void startPinnedConnectionMonitoring();
330  void clientPinnedConnectionRead(const CommIoCbParams &io);
331 #if USE_OPENSSL
332  bool handleIdleClientPinnedTlsRead();
336 #endif
337 
341  virtual Http::Stream *parseOneRequest() = 0;
342 
344  virtual void processParsedRequest(Http::StreamPointer &) = 0;
345 
347  virtual int pipelinePrefetchMax() const;
348 
350  virtual time_t idleTimeout() const = 0;
351 
354  void whenClientIpKnown();
355 
357 
358 private:
359  /* ::Server API */
360  virtual bool connFinishedWithConn(int size);
361  virtual void checkLogging();
362 
363  void clientAfterReadingRequests();
364  bool concurrentRequestQueueFilled() const;
365 
366  void pinConnection(const Comm::ConnectionPointer &pinServerConn, const HttpRequest &request);
367 
368  /* PROXY protocol functionality */
369  bool proxyProtocolValidateClient();
370  bool parseProxyProtocolHeader();
371  bool parseProxy1p0();
372  bool parseProxy2p0();
373  bool proxyProtocolError(const char *reason);
374 
375 #if USE_OPENSSL
376  Security::ContextPointer getTlsContextFromCache(const SBuf &cacheKey, const Ssl::CertificateProperties &certProperties);
378 
381  void storeTlsContextToCache(const SBuf &cacheKey, Security::ContextPointer &ctx);
382 #endif
383 
386 
387 #if USE_AUTH
390 #endif
391 
394 
395 #if USE_OPENSSL
398 
401  unsigned short tlsConnectPort;
403 
407 
411 #endif
412 
414  const char *stoppedSending_;
416  const char *stoppedReceiving_;
421 };
422 
423 const char *findTrailingHTTPVersion(const char *uriAndHTTPVersion, const char *end = NULL);
424 
425 int varyEvaluateMatch(StoreEntry * entry, HttpRequest * req);
426 
429 
430 void clientOpenListenSockets(void);
431 void clientConnectionsClose(void);
432 void httpRequestFree(void *);
433 
436 
438 void clientPackRangeHdr(const HttpReplyPointer &, const HttpHdrRangeSpec *, String boundary, MemBuf *);
439 
441 void clientPackTermBound(String boundary, MemBuf *);
442 
443 /* misplaced declaratrions of Stream callbacks provided/used by client side */
449 
450 /* TODO: Move to HttpServer. Warning: Move requires large code nonchanges! */
454 
455 std::ostream &operator <<(std::ostream &os, const ConnStateData::PinnedIdleContext &pic);
456 
457 #endif /* SQUID_CLIENTSIDE_H */
458 
virtual bool doneAll() const
whether positive goal has been reached
Definition: client_side.h:212
void clientPostHttpsAccept(ConnStateData *)
CachePeer * peer
Definition: client_side.h:141
Ssl::ServerBump * serverBump()
Definition: client_side.h:253
NotePairs::Pointer theNotes
Definition: client_side.h:420
#define assert(EX)
Definition: assert.h:17
bool isOpen(const int fd)
Definition: comm.cc:86
const char * stoppedReceiving() const
true if we stopped receiving the request
Definition: client_side.h:149
Incremental TLS/SSL Handshake parser.
Definition: Handshake.h:56
AsyncCall::Pointer readHandler
detects serverConnection closure
Definition: client_side.h:142
Definition: Server.h:28
HttpRequest::Pointer request
to-server request that initiated serverConnection
Definition: client_side.h:173
bool needProxyProtocolHeader_
whether PROXY protocol header is still expected
Definition: client_side.h:385
void resetSslCommonName(const char *name)
Definition: client_side.h:261
Definition: SBuf.h:86
CachePeer * pinnedPeer() const
Definition: client_side.h:196
SQUIDCEXTERN CSD clientReplyDetach
Definition: client_side.h:446
bool reading
we are monitoring for peer connection closure
Definition: client_side.h:139
Ssl::ServerBump * sslServerBump
HTTPS server cert. fetching state for bump-ssl-server-first.
Definition: client_side.h:409
#define SQUIDCEXTERN
Definition: squid.h:26
struct _request * request(char *urlin)
Definition: tcp-banger2.c:291
void error(char *format,...)
SBuf sslBumpCertKey
Key to use to store/retrieve generated certificate.
Definition: client_side.h:406
SBuf preservedClientData
Definition: client_side.h:312
String sslConnectHostOrIp
The SSL server host name appears in CONNECT request or the server ip address for the intercepted requ...
Definition: client_side.h:400
bool pinnedAuth() const
Definition: client_side.h:197
int varyEvaluateMatch(StoreEntry *entry, HttpRequest *req)
int conn
the current server connection FD
Definition: Transport.cc:26
Ssl::CertSignAlgorithm signAlgorithm
The signing algorithm to use.
Definition: client_side.h:410
Ip::Address log_addr
Definition: client_side.h:127
Comm::ConnectionPointer serverConnection
Definition: client_side.h:134
bool readMore
needs comm_read (for this request or new requests)
Definition: client_side.h:130
void clientStartListeningOn(AnyP::PortCfgPointer &port, const RefCount< CommCbFunPtrCallT< CommAcceptCbPtrFun > > &subCall, const Ipc::FdNoteId noteId)
accept requests to a given port and inform subCall about them
PinnedIdleContext(const Comm::ConnectionPointer &conn, const HttpRequest::Pointer &req)
Definition: client_side.h:170
FdNoteId
We cannot send char* FD notes to other processes. Pass int IDs and convert.
Definition: FdNotes.h:20
const char * findTrailingHTTPVersion(const char *uriAndHTTPVersion, const char *end=NULL)
parameters for the async notePinnedConnectionBecameIdle() call
Definition: client_side.h:167
const char * stoppedSending() const
true if we stopped sending the response
Definition: client_side.h:151
const char * stoppedReceiving_
the reason why we no longer read the request or nil
Definition: client_side.h:416
void const char HLPCB void * data
Definition: stub_helper.cc:16
void clientConnectionsClose(void)
static Comm::ConnectionPointer borrowPinnedConnection(HttpRequest *request, Comm::ConnectionPointer &serverDestination)
Definition: tunnel.cc:1208
Http1::TeChunkedParser * bodyParser
parses HTTP/1.1 chunked request body
Definition: client_side.h:99
void clientOpenListenSockets(void)
enum Http::_method_t MethodType
void CSCB(clientStreamNode *, ClientHttpRequest *, HttpReply *, StoreIOBuffer)
client stream read callback
CertSignAlgorithm
Definition: gadgets.h:150
SQUIDCEXTERN CSR clientGetMoreData
Definition: client_side.h:444
AsyncCall::Pointer closeHandler
Definition: client_side.h:143
bundles HTTP 1xx reply and the "successfully forwarded" callback
Http::Stream * parseHttpRequest(ConnStateData *, const Http1::RequestParserPointer &)
std::shared_ptr< SSL_CTX > ContextPointer
Definition: Context.h:29
void clientPackRangeHdr(const HttpReplyPointer &, const HttpHdrRangeSpec *, String boundary, MemBuf *)
append a "part" HTTP header (as in a multi-part/range reply) to the buffer
Definition: client_side.cc:698
bool zeroReply
server closed w/o response (ERR_ZERO_SIZE_OBJECT)
Definition: client_side.h:140
static int port
Definition: ldap_backend.cc:69
sends a single control message, notifying the Sink
bool switchedToHttps() const
Definition: client_side.h:252
Security::HandshakeParser tlsParser
Definition: client_side.h:276
unsigned short tlsConnectPort
The TLS server port number as passed in the CONNECT request.
Definition: client_side.h:401
A RegisteredRunner with lifetime determined by forces outside the Registry.
void clientProcessRequest(ConnStateData *, const Http1::RequestParserPointer &, Http::Stream *)
void setServerBump(Ssl::ServerBump *srvBump)
Definition: client_side.h:254
virtual void notePeerConnection(Comm::ConnectionPointer)
called just before a FwdState-dispatched job starts using connection
Definition: client_side.h:200
SBuf sslCommonName_
CN name for SSL certificate generation.
Definition: client_side.h:402
Definition: Xaction.cc:47
const char * stoppedSending_
the reason why we no longer write the response or nil
Definition: client_side.h:414
std::ostream & operator<<(std::ostream &os, const ConnStateData::PinnedIdleContext &pic)
virtual bool doneAll() const
whether positive goal has been reached
Definition: AsyncJob.cc:96
SQUIDCEXTERN CSS clientReplyStatus
Definition: client_side.h:445
CSCB clientSocketRecipient
Definition: client_side.h:447
Http1::RequestParserPointer parser_
the parser state for current HTTP/1.x input buffer processing
Definition: client_side.h:393
bool hasNotes() const
Definition: client_side.h:321
size_t HttpReply *STUB StoreEntry const KeyScope scope const HttpRequestMethod & method
Definition: stub_store.cc:122
void clientPackTermBound(String boundary, MemBuf *)
put terminating boundary for multiparts to the buffer
Definition: client_side.cc:691
Definition: MemBuf.h:23
BodyPipe::Pointer bodyPipe
set when we are reading request body
Definition: client_side.h:356
clientStream_status_t CSS(clientStreamNode *, ClientHttpRequest *)
CSD clientSocketDetach
Definition: client_side.h:448
Ssl::BumpMode sslBumpMode
ssl_bump decision (Ssl::bumpEnd if n/a).
Definition: client_side.h:272
Comm::ConnectionPointer connection
to-server connection to be pinned
Definition: client_side.h:172
BumpMode
Definition: support.h:135
RefCount< MasterXaction > MasterXactionPointer
Definition: client_side.h:39
SBuf tlsClientSni_
TLS client delivered SNI value. Empty string if none has been received.
Definition: client_side.h:405
bool parsingTlsHandshake
whether we are getting/parsing TLS Hello bytes
Definition: client_side.h:397
void CSD(clientStreamNode *, ClientHttpRequest *)
client stream detach
void CSR(clientStreamNode *, ClientHttpRequest *)
client stream read
const Auth::UserRequest::Pointer & getAuth() const
Definition: client_side.h:114
#define NULL
Definition: types.h:166
const SBuf & tlsClientSni() const
Definition: client_side.h:262
void httpRequestFree(void *)
Definition: client_side.cc:485
int size
Definition: ModDevPoll.cc:77
const SBuf & sslCommonName() const
Definition: client_side.h:260
bool switchedToHttps_
Definition: client_side.h:396
err_type
Definition: err_type.h:12
void clientSetKeepaliveFlag(ClientHttpRequest *http)
decide whether to expect multiple requests on the corresponding connection
Definition: client_side.cc:638

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors