FilledChecklist.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #include "squid.h"
10 #include "acl/FilledChecklist.h"
11 #include "client_side.h"
12 #include "comm/Connection.h"
13 #include "comm/forward.h"
14 #include "debug/Messages.h"
15 #include "ExternalACLEntry.h"
16 #include "http/Stream.h"
17 #include "HttpReply.h"
18 #include "HttpRequest.h"
19 #include "SquidConfig.h"
20 #if USE_AUTH
21 #include "auth/AclProxyAuth.h"
22 #include "auth/UserRequest.h"
23 #endif
24 
25 CBDATA_CLASS_INIT(ACLFilledChecklist);
26 
27 ACLFilledChecklist::ACLFilledChecklist() :
28  dst_rdns(nullptr),
29 #if USE_AUTH
30  auth_user_request (nullptr),
31 #endif
32 #if SQUID_SNMP
33  snmp_community(nullptr),
34 #endif
35  requestErrorType(ERR_MAX),
36  conn_(nullptr),
37  fd_(-1),
38  destinationDomainChecked_(false),
39  sourceDomainChecked_(false)
40 {
41  my_addr.setEmpty();
42  src_addr.setEmpty();
43  dst_addr.setEmpty();
44 }
45 
46 ACLFilledChecklist::~ACLFilledChecklist()
47 {
48  assert (!asyncInProgress());
49 
50  safe_free(dst_rdns); // created by xstrdup().
51 
52  cbdataReferenceDone(conn_);
53 
54  debugs(28, 4, "ACLFilledChecklist destroyed " << this);
55 }
56 
57 static void
58 showDebugWarning(const char *msg)
59 {
60  static uint16_t count = 0;
61  if (count > 10)
62  return;
63 
64  ++count;
65  debugs(28, Important(58), "ERROR: ALE missing " << msg);
66 }
67 
68 void
69 ACLFilledChecklist::verifyAle() const
70 {
71  // make sure the ALE fields used by Format::assemble to
72  // fill the old external_acl_type codes are set if any
73  // data on them exists in the Checklist
74 
75  if (!al->cache.port && conn()) {
76  showDebugWarning("listening port");
77  al->cache.port = conn()->port;
78  }
79 
80  if (request) {
81  if (!al->request) {
82  showDebugWarning("HttpRequest object");
83  // XXX: al->request should be original,
84  // but the request may be already adapted
85  al->request = request.getRaw();
86  HTTPMSGLOCK(al->request);
87  }
88 
89  if (!al->adapted_request) {
90  showDebugWarning("adapted HttpRequest object");
91  al->adapted_request = request.getRaw();
92  HTTPMSGLOCK(al->adapted_request);
93  }
94 
95  if (al->url.isEmpty()) {
96  showDebugWarning("URL");
97  // XXX: al->url should be the request URL from client,
98  // but request->url may be different (e.g.,redirected)
99  al->url = request->effectiveRequestUri();
100  }
101  }
102 
103  if (hasReply() && !al->reply) {
104  showDebugWarning("HttpReply object");
105  al->reply = reply_;
106  }
107 }
108 
109 void
110 ACLFilledChecklist::syncAle(HttpRequest *adaptedRequest, const char *logUri) const
111 {
112  if (!al)
113  return;
114  if (adaptedRequest && !al->adapted_request) {
115  al->adapted_request = adaptedRequest;
116  HTTPMSGLOCK(al->adapted_request);
117  }
118  if (logUri && al->url.isEmpty())
119  al->url = logUri;
120 }
121 
122 ConnStateData *
123 ACLFilledChecklist::conn() const
124 {
125  return cbdataReferenceValid(conn_) ? conn_ : nullptr;
126 }
127 
128 void
129 ACLFilledChecklist::setConn(ConnStateData *aConn)
130 {
131  if (conn_ == aConn)
132  return; // no new information
133 
134  // no conn_ replacement/removal to reduce inconsistent fill concerns
135  assert(!conn_);
136  assert(aConn);
137 
138  // To reduce inconsistent fill concerns, we should be the only ones calling
139  // fillConnectionLevelDetails(). Set conn_ first so that the filling method
140  // can detect (some) direct calls from others.
141  conn_ = cbdataReference(aConn);
142  aConn->fillConnectionLevelDetails(*this);
143 }
144 
145 int
146 ACLFilledChecklist::fd() const
147 {
148  const auto c = conn();
149  return (c && c->clientConnection) ? c->clientConnection->fd : fd_;
150 }
151 
152 void
153 ACLFilledChecklist::fd(int aDescriptor)
154 {
155  const auto c = conn();
156  assert(!c || !c->clientConnection || c->clientConnection->fd == aDescriptor);
157  fd_ = aDescriptor;
158 }
159 
160 bool
161 ACLFilledChecklist::destinationDomainChecked() const
162 {
163  return destinationDomainChecked_;
164 }
165 
166 void
167 ACLFilledChecklist::markDestinationDomainChecked()
168 {
169  assert (!finished() && !destinationDomainChecked());
170  destinationDomainChecked_ = true;
171 }
172 
173 bool
174 ACLFilledChecklist::sourceDomainChecked() const
175 {
176  return sourceDomainChecked_;
177 }
178 
179 void
180 ACLFilledChecklist::markSourceDomainChecked()
181 {
182  assert (!finished() && !sourceDomainChecked());
183  sourceDomainChecked_ = true;
184 }
185 
186 /*
187  * There are two common ACLFilledChecklist lifecycles paths:
188  *
189  * "Fast" (always synchronous or "blocking"): The user constructs an
190  * ACLFilledChecklist object on stack, configures it as needed, and calls one
191  * or both of its fastCheck() methods.
192  *
193  * "Slow" (usually asynchronous or "non-blocking"): The user allocates an
194  * ACLFilledChecklist object on heap (via Make()), configures it as needed,
195  * and passes it to NonBlockingCheck() while specifying the callback function
196  * to call with check results. NonBlockingCheck() calls the callback function
197  * (if the corresponding cbdata is still valid), either immediately/directly
198  * (XXX) or eventually/asynchronously. After this callback obligations are
199  * fulfilled, checkCallback() deletes the checklist object (i.e. "this").
200  */
201 ACLFilledChecklist::ACLFilledChecklist(const acl_access *A, HttpRequest *http_request):
202  dst_rdns(nullptr),
203 #if USE_AUTH
204  auth_user_request(nullptr),
205 #endif
206 #if SQUID_SNMP
207  snmp_community(nullptr),
208 #endif
209  requestErrorType(ERR_MAX),
210  conn_(nullptr),
211  fd_(-1),
212  destinationDomainChecked_(false),
213  sourceDomainChecked_(false)
214 {
215  my_addr.setEmpty();
216  src_addr.setEmpty();
217  dst_addr.setEmpty();
218 
219  changeAcl(A);
220  setRequest(http_request);
221 }
222 
223 void ACLFilledChecklist::setRequest(HttpRequest *httpRequest)
224 {
225  assert(!request);
226  if (httpRequest) {
227  request = httpRequest;
228 #if FOLLOW_X_FORWARDED_FOR
229  if (Config.onoff.acl_uses_indirect_client)
230  src_addr = request->indirect_client_addr;
231  else
232 #endif /* FOLLOW_X_FORWARDED_FOR */
233  src_addr = request->client_addr;
234  my_addr = request->my_addr;
235 
236  if (const auto cmgr = request->clientConnectionManager.get())
237  setConn(cmgr);
238  }
239 }
240 
241 void
242 ACLFilledChecklist::updateAle(const AccessLogEntry::Pointer &a)
243 {
244  if (!a)
245  return;
246 
247  al = a; // could have been set already (to a different value)
248  if (!request)
249  setRequest(a->request);
250  updateReply(a->reply);
251 }
252 
253 void
254 ACLFilledChecklist::updateReply(const HttpReply::Pointer &r)
255 {
256  if (r)
257  reply_ = r; // may already be set, including to r
258 }
259 
CbcPointer::get
Cbc * get() const
a temporary valid raw Cbc pointer or NULL
Definition: CbcPointer.h:159
ConnStateData::fillConnectionLevelDetails
void fillConnectionLevelDetails(ACLFilledChecklist &) const
Definition: client_side.cc:3499
CBDATA_CLASS_INIT
CBDATA_CLASS_INIT(ACLFilledChecklist)
ACLFilledChecklist::dst_addr
Ip::Address dst_addr
Definition: FilledChecklist.h:98
client_side.h
ACLFilledChecklist::src_addr
Ip::Address src_addr
Definition: FilledChecklist.h:97
SBuf::isEmpty
bool isEmpty() const
Definition: SBuf.h:435
AccessLogEntry::reply
HttpReplyPointer reply
Definition: AccessLogEntry.h:191
showDebugWarning
static void showDebugWarning(const char *msg)
Definition: FilledChecklist.cc:58
SquidConfig::onoff
struct SquidConfig::@97 onoff
RefCount::getRaw
C * getRaw() const
Definition: RefCount.h:89
cbdataReferenceValid
int cbdataReferenceValid(const void *p)
Definition: cbdata.cc:270
ACLFilledChecklist::al
AccessLogEntry::Pointer al
info for the future access.log, and external ACL
Definition: FilledChecklist.h:124
ACLFilledChecklist::destinationDomainChecked
bool destinationDomainChecked() const
Definition: FilledChecklist.cc:161
cbdataReference
#define cbdataReference(var)
Definition: cbdata.h:348
ACLChecklist::asyncInProgress
bool asyncInProgress() const
async call has been started and has not finished (or failed) yet
Definition: Checklist.h:101
ACLFilledChecklist::syncAle
void syncAle(HttpRequest *adaptedRequest, const char *logUri) const override
assigns uninitialized adapted_request and url ALE components
Definition: FilledChecklist.cc:110
ACLFilledChecklist::updateReply
void updateReply(const HttpReply::Pointer &)
Definition: FilledChecklist.cc:254
SquidConfig::acl_uses_indirect_client
int acl_uses_indirect_client
Definition: SquidConfig.h:326
AccessLogEntry::request
HttpRequest * request
Definition: AccessLogEntry.h:192
ACLFilledChecklist::conn
ConnStateData * conn() const
The client connection manager.
Definition: FilledChecklist.cc:123
ACLFilledChecklist::reply_
HttpReply::Pointer reply_
response added by updateReply() or nil
Definition: FilledChecklist.h:134
ACLChecklist::finished
bool finished() const
whether markFinished() was called
Definition: Checklist.h:99
ACLFilledChecklist::fd
int fd() const
The client side fd. It uses conn() if available.
Definition: FilledChecklist.cc:146
ACLFilledChecklist::verifyAle
void verifyAle() const override
warns if there are uninitialized ALE components and fills them
Definition: FilledChecklist.cc:69
A
static uint32 A
Definition: md4.c:43
HttpRequest::indirect_client_addr
Ip::Address indirect_client_addr
Definition: HttpRequest.h:152
ACLFilledChecklist::request
HttpRequest::Pointer request
Definition: FilledChecklist.h:103
safe_free
#define safe_free(x)
Definition: xalloc.h:73
assert
#define assert(EX)
Definition: assert.h:17
AccessLogEntry::cache
class AccessLogEntry::CacheDetails cache
ACLChecklist::changeAcl
void changeAcl(const acl_access *)
change the current ACL list
Definition: Checklist.cc:187
HTTPMSGLOCK
void HTTPMSGLOCK(Http::Message *a)
Definition: Message.h:161
cbdataReferenceDone
#define cbdataReferenceDone(var)
Definition: cbdata.h:357
HttpRequest::my_addr
Ip::Address my_addr
Definition: HttpRequest.h:155
Ip::Address::setEmpty
void setEmpty()
Fast reset of the stored content to what would be after default constructor.
Definition: Address.cc:204
ERR_MAX
@ ERR_MAX
Definition: forward.h:88
ACLFilledChecklist::hasReply
bool hasReply() const override
Definition: FilledChecklist.h:91
AccessLogEntry::adapted_request
HttpRequest * adapted_request
Definition: AccessLogEntry.h:193
ACLFilledChecklist::conn_
ConnStateData * conn_
hack: client-to-Squid connection manager (if any)
Definition: FilledChecklist.h:131
ACLFilledChecklist::setConn
void setConn(ConnStateData *)
set either conn
Definition: FilledChecklist.cc:129
ACLFilledChecklist::setRequest
void setRequest(HttpRequest *)
configure client request-related fields for the first time
Definition: FilledChecklist.cc:223
ACLFilledChecklist::~ACLFilledChecklist
~ACLFilledChecklist() override
Definition: FilledChecklist.cc:46
AccessLogEntry::CacheDetails::port
AnyP::PortCfgPointer port
Definition: AccessLogEntry.h:162
Important
#define Important(id)
Definition: Messages.h:93
ConnStateData::port
AnyP::Port port
destination port of the request that caused serverConnection
Definition: client_side.h:145
ACLFilledChecklist::markDestinationDomainChecked
void markDestinationDomainChecked()
Definition: FilledChecklist.cc:167
HttpRequest::effectiveRequestUri
const SBuf & effectiveRequestUri() const
RFC 7230 section 5.5 - Effective Request URI.
Definition: HttpRequest.cc:744
HttpRequest::client_addr
Ip::Address client_addr
Definition: HttpRequest.h:149
debugs
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Stream.h:192
ACLFilledChecklist::updateAle
void updateAle(const AccessLogEntry::Pointer &)
Definition: FilledChecklist.cc:242
ACLFilledChecklist::sourceDomainChecked
bool sourceDomainChecked() const
Definition: FilledChecklist.cc:174
HttpRequest::clientConnectionManager
CbcPointer< ConnStateData > clientConnectionManager
Definition: HttpRequest.h:232
Config
class SquidConfig Config
Definition: SquidConfig.cc:12

 

Introduction

Documentation

Support

Miscellaneous