1 const char filters_rcs[] = "$Id: filters.c,v 1.8 2001/05/26 17:13:28 jongfoster Exp $";
2 /*********************************************************************
4 * File : $Source: /cvsroot/ijbswa/current/filters.c,v $
6 * Purpose : Declares functions to parse/crunch headers and pages.
7 * Functions declared include:
8 * `acl_addr', `add_stats', `block_acl', `block_imageurl',
9 * `block_url', `url_permissions', `domaincmp', `dsplit',
10 * `filter_popups', `forward_url', 'redirect_url',
11 * `ij_untrusted_url', `intercept_url', `re_process_buffer',
12 * `show_proxy_args', 'ijb_send_banner', and `trust_url'
14 * Copyright : Written by and Copyright (C) 2001 the SourceForge
15 * IJBSWA team. http://ijbswa.sourceforge.net
17 * Based on the Internet Junkbuster originally written
18 * by and Copyright (C) 1997 Anonymous Coders and
19 * Junkbusters Corporation. http://www.junkbusters.com
21 * This program is free software; you can redistribute it
22 * and/or modify it under the terms of the GNU General
23 * Public License as published by the Free Software
24 * Foundation; either version 2 of the License, or (at
25 * your option) any later version.
27 * This program is distributed in the hope that it will
28 * be useful, but WITHOUT ANY WARRANTY; without even the
29 * implied warranty of MERCHANTABILITY or FITNESS FOR A
30 * PARTICULAR PURPOSE. See the GNU General Public
31 * License for more details.
33 * The GNU General Public License should be included with
34 * this file. If not, you can view it at
35 * http://www.gnu.org/copyleft/gpl.html
36 * or write to the Free Software Foundation, Inc., 59
37 * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
41 * Revision 1.8 2001/05/26 17:13:28 jongfoster
42 * Filled in a function comment.
44 * Revision 1.7 2001/05/26 15:26:15 jongfoster
45 * ACL feature now provides more security by immediately dropping
46 * connections from untrusted hosts.
48 * Revision 1.6 2001/05/26 00:28:36 jongfoster
49 * Automatic reloading of config file.
50 * Removed obsolete SIGHUP support (Unix) and Reload menu option (Win32).
51 * Most of the global variables have been moved to a new
52 * struct configuration_spec, accessed through csp->config->globalname
53 * Most of the globals remaining are used by the Win32 GUI.
55 * Revision 1.5 2001/05/25 22:34:30 jongfoster
58 * Revision 1.4 2001/05/22 18:46:04 oes
60 * - Enabled filtering banners by size rather than URL
61 * by adding patterns that replace all standard banner
62 * sizes with the "Junkbuster" gif to the re_filterfile
64 * - Enabled filtering WebBugs by providing a pattern
65 * which kills all 1x1 images
67 * - Added support for PCRE_UNGREEDY behaviour to pcrs,
68 * which is selected by the (nonstandard and therefore
69 * capital) letter 'U' in the option string.
70 * It causes the quantifiers to be ungreedy by default.
71 * Appending a ? turns back to greedy (!).
73 * - Added a new interceptor ijb-send-banner, which
74 * sends back the "Junkbuster" gif. Without imagelist or
75 * MSIE detection support, or if tinygif = 1, or the
76 * URL isn't recognized as an imageurl, a lame HTML
77 * explanation is sent instead.
79 * - Added new feature, which permits blocking remote
80 * script redirects and firing back a local redirect
82 * The feature is conditionally compiled, i.e. it
83 * can be disabled with --disable-fast-redirects,
84 * plus it must be activated by a "fast-redirects"
85 * line in the config file, has its own log level
86 * and of course wants to be displayed by show-proxy-args
87 * Note: Boy, all the #ifdefs in 1001 locations and
88 * all the fumbling with configure.in and acconfig.h
89 * were *way* more work than the feature itself :-(
91 * - Because a generic redirect template was needed for
92 * this, tinygif = 3 now uses the same.
94 * - Moved GIFs, and other static HTTP response templates
99 * - Removed some >400 CRs again (Jon, you really worked
102 * Revision 1.3 2001/05/20 16:44:47 jongfoster
103 * Removing last hardcoded JunkBusters.com URLs.
105 * Revision 1.2 2001/05/20 01:21:20 jongfoster
106 * Version 2.9.4 checkin.
107 * - Merged popupfile and cookiefile, and added control over PCRS
108 * filtering, in new "permissionsfile".
109 * - Implemented LOG_LEVEL_FATAL, so that if there is a configuration
110 * file error you now get a message box (in the Win32 GUI) rather
111 * than the program exiting with no explanation.
112 * - Made killpopup use the PCRS MIME-type checking and HTTP-header
114 * - Removed tabs from "config"
115 * - Moved duplicated url parsing code in "loaders.c" to a new funcition.
116 * - Bumped up version number.
118 * Revision 1.1.1.1 2001/05/15 13:58:52 oes
119 * Initial import of version 2.9.3 source tree
122 *********************************************************************/
128 #include <sys/types.h>
135 #include <netinet/in.h>
137 #include <winsock2.h>
144 #include "showargs.h"
148 #include "jbsockets.h"
150 #include "jbsockets.h"
156 const char filters_h_rcs[] = FILTERS_H_VERSION;
158 /* Fix a problem with Solaris. There should be no effect on other
160 * Solaris's isspace() is a macro which uses it's argument directly
161 * as an array index. Therefore we need to make sure that high-bit
162 * characters generate +ve values, and ideally we also want to make
163 * the argument match the declared parameter type of "int".
165 #define ijb_isdigit(__X) isdigit((int)(unsigned char)(__X))
168 static const char CBLOCK[] =
170 "HTTP/1.0 403 Request for blocked URL\n"
171 #else /* ifndef AMIGA */
172 "HTTP/1.0 202 Request for blocked URL\n"
173 #endif /* ndef AMIGA */
175 "Last-Modified: Thu Jul 31, 1997 07:42:22 pm GMT\n"
176 "Expires: Thu Jul 31, 1997 07:42:22 pm GMT\n"
177 "Content-Type: text/html\n\n"
180 "<title>Internet Junkbuster: Request for blocked URL</title>\n"
186 "<p align=center>Your request for <b>%s%s</b><br>\n"
187 "was blocked because it matches the following pattern "
188 "in the blockfile: <b>%s</b>\n</p>"
190 "<p align=center><a href=\"http://%s" FORCE_PREFIX
191 "%s\">Go there anyway.</a></p>"
192 #endif /* def FORCE_LOAD */
197 static const char CTRUST[] =
199 "HTTP/1.0 403 Request for untrusted URL\n"
200 #else /* ifndef AMIGA */
201 "HTTP/1.0 202 Request for untrusted URL\n"
202 #endif /* ndef AMIGA */
204 "Last-Modified: Thu Jul 31, 1997 07:42:22 pm GMT\n"
205 "Expires: Thu Jul 31, 1997 07:42:22 pm GMT\n"
206 "Content-Type: text/html\n\n"
209 "<title>Internet Junkbuster: Request for untrusted URL</title>\n"
213 "<a href=http://internet.junkbuster.com/ij-untrusted-url?%s+%s+%s>"
219 #endif /* def TRUST_FILES */
223 /*********************************************************************
225 * Function : block_acl
227 * Description : Block this request?
228 * Decide yes or no based on ACL file.
231 * 1 : dst = The proxy or gateway address this is going to.
232 * Or NULL to check all possible targets.
233 * 2 : csp = Current client state (buffers, headers, etc...)
234 * Also includes the client IP address.
236 * Returns : 0 = FALSE (don't block) and 1 = TRUE (do block)
238 *********************************************************************/
239 int block_acl(struct access_control_addr *dst,
240 struct client_state *csp)
242 struct file_list *fl;
243 struct access_control_list *a, *acl;
245 /* if not using an access control list, then permit the connection */
246 if (((fl = csp->alist) == NULL) ||
247 ((acl = (struct access_control_list *) fl->f) == NULL))
252 /* search the list */
253 for (a = acl->next ; a ; a = a->next)
255 if ((csp->ip_addr_long & a->src->mask) == a->src->addr)
259 /* Just want to check if they have any access */
260 if (a->action == ACL_PERMIT)
265 else if ( ((dst->addr & a->dst->mask) == a->dst->addr)
266 && ((dst->port == a->dst->port) || (a->dst->port == 0)))
268 if (a->action == ACL_PERMIT)
285 /*********************************************************************
287 * Function : acl_addr
289 * Description : Called from `load_aclfile' to parse an ACL address.
292 * 1 : aspec = String specifying ACL address.
293 * 2 : aca = struct access_control_addr to fill in.
295 * Returns : 0 => Ok, everything else is an error.
297 *********************************************************************/
298 int acl_addr(char *aspec, struct access_control_addr *aca)
300 int i, masklength, port;
306 if ((p = strchr(aspec, '/')))
310 if (ijb_isdigit(*p) == 0)
314 masklength = atoi(p);
317 if ((masklength < 0) || (masklength > 32))
322 if ((p = strchr(aspec, ':')))
326 if (ijb_isdigit(*p) == 0)
335 aca->addr = ntohl(resolve_hostname_to_ip(aspec));
339 log_error(LOG_LEVEL_ERROR, "can't resolve address for %s", aspec);
343 /* build the netmask */
345 for (i=1; i <= masklength ; i++)
347 aca->mask |= (1 << (32 - i));
350 /* now mask off the host portion of the ip address
351 * (i.e. save on the network portion of the address).
353 aca->addr = aca->addr & aca->mask;
358 #endif /* def ACL_FILES */
361 /*********************************************************************
363 * Function : block_url
365 * Description : Called from `chat'. Check to see if we need to block this.
368 * 1 : http = http_request request to "check" for blocked
369 * 2 : csp = Current client state (buffers, headers, etc...)
371 * Returns : NULL => unblocked, else string to HTML block description.
373 *********************************************************************/
374 char *block_url(struct http_request *http, struct client_state *csp)
376 struct file_list *fl;
377 struct block_spec *b;
378 struct url_spec url[1];
382 if (((fl = csp->blist) == NULL) || ((b = fl->f) == NULL))
387 *url = dsplit(http->host);
389 /* if splitting the domain fails, punt */
390 if (url->dbuf == NULL) return(NULL);
392 for (b = b->next; b ; b = b->next)
394 if ((b->url->port == 0) || (b->url->port == http->port))
396 if ((b->url->domain[0] == '\0') || (domaincmp(b->url, url) == 0))
398 if ((b->url->path == NULL) ||
400 (regexec(b->url->preg, http->path, 0, NULL, 0) == 0)
402 (strncmp(b->url->path, http->path, b->url->pathlen) == 0)
409 if (b->reject == 0) return(NULL);
412 n += strlen(http->hostport);
413 n += strlen(http->path);
414 n += strlen(b->url->spec);
416 n += strlen(http->hostport);
417 n += strlen(http->path);
418 #endif /* def FORCE_LOAD */
420 p = (char *)malloc(n);
423 sprintf(p, CBLOCK, http->hostport, http->path, b->url->spec, http->hostport, http->path);
425 sprintf(p, CBLOCK, http->hostport, http->path, b->url->spec);
426 #endif /* def FORCE_LOAD */
440 #if defined(DETECT_MSIE_IMAGES) || defined(USE_IMAGE_LIST)
441 /*********************************************************************
443 * Function : block_imageurl
445 * Description : Given a URL which is blocked, decide whether to
446 * send the "blocked" image or HTML.
449 * 1 : http = URL to check.
450 * 2 : csp = Current client state (buffers, headers, etc...)
452 * Returns : True (nonzero) if URL is in image list, false (0)
455 *********************************************************************/
456 int block_imageurl(struct http_request *http, struct client_state *csp)
458 #ifdef DETECT_MSIE_IMAGES
459 if ((csp->accept_types
460 & (ACCEPT_TYPE_IS_MSIE|ACCEPT_TYPE_MSIE_IMAGE|ACCEPT_TYPE_MSIE_HTML))
461 == (ACCEPT_TYPE_IS_MSIE|ACCEPT_TYPE_MSIE_IMAGE))
465 else if ((csp->accept_types
466 & (ACCEPT_TYPE_IS_MSIE|ACCEPT_TYPE_MSIE_IMAGE|ACCEPT_TYPE_MSIE_HTML))
467 == (ACCEPT_TYPE_IS_MSIE|ACCEPT_TYPE_MSIE_HTML))
473 #if defined(USE_IMAGE_LIST)
474 return block_imageurl_using_imagelist(http, csp);
476 /* Don't know - assume HTML */
480 #endif /* defined(DETECT_MSIE_IMAGES) || defined(USE_IMAGE_LIST) */
483 #ifdef USE_IMAGE_LIST
484 /*********************************************************************
486 * Function : block_imageurl
488 * Description : Test if a URL is in the imagelist.
491 * 1 : http = URL to check.
492 * 2 : csp = Current client state (buffers, headers, etc...)
494 * Returns : True (nonzero) if URL is in image list, false (0)
497 *********************************************************************/
498 int block_imageurl_using_imagelist(struct http_request *http, struct client_state *csp)
500 struct file_list *fl;
501 struct block_spec *b;
502 struct url_spec url[1];
504 if (((fl = csp->ilist) == NULL) || ((b = fl->f) == NULL))
509 *url = dsplit(http->host);
511 /* if splitting the domain fails, punt */
512 if (url->dbuf == NULL) return(0);
514 for (b = b->next; b ; b = b->next)
517 if ((b->url->port == 0) || (b->url->port == http->port))
519 /* port matches, check domain */
520 if ((b->url->domain[0] == '\0') || (domaincmp(b->url, url) == 0))
522 /* domain matches, check path */
523 if ((b->url->path == NULL) ||
525 (regexec(b->url->preg, http->path, 0, NULL, 0) == 0)
527 (strncmp(b->url->path, http->path, b->url->pathlen) == 0)
535 if (b->reject == 0) return(0);
547 #endif /* def USE_IMAGE_LIST */
551 /*********************************************************************
553 * Function : re_process_buffer
555 * Description : Apply all jobs from the joblist (aka. Perl regexp's) to
556 * the text buffer that's been accumulated in csp->iob->buf
557 * and set csp->content_length to the modified size.
560 * 1 : csp = Current client state (buffers, headers, etc...)
562 * Returns : a pointer to the (newly allocated) modified buffer.
565 *********************************************************************/
566 char *re_process_buffer(struct client_state *csp)
569 int size = csp->iob->eod - csp->iob->cur;
570 char *old=csp->iob->cur, *new = NULL;
571 pcrs_job *job, *joblist;
573 struct file_list *fl;
574 struct re_filterfile_spec *b;
576 /* Sanity first ;-) */
582 if ( ( NULL == (fl = csp->rlist) ) || ( NULL == (b = fl->f) ) )
584 log_error(LOG_LEVEL_ERROR, "Unable to get current state of regexp filtering.");
588 joblist = b->joblist;
591 log_error(LOG_LEVEL_RE_FILTER, "re_filtering %s%s (size %d) ...",
592 csp->http->hostport, csp->http->path, size);
594 /* Apply all jobs from the joblist */
595 for (job = joblist; NULL != job; job = job->next)
597 hits += pcrs_exec_substitution(job, old, size, &new, &size);
598 if (old != csp->iob->cur) free(old);
602 log_error(LOG_LEVEL_RE_FILTER, " produced %d hits (new size %d).", hits, size);
604 csp->content_length = size;
606 /* fwiw, reset the iob */
611 #endif /* def PCRS */
615 /*********************************************************************
617 * Function : trust_url
619 * Description : Should we "trust" this URL? See "trustfile" line in config.
622 * 1 : http = http_request request for requested URL
623 * 2 : csp = Current client state (buffers, headers, etc...)
625 * Returns : NULL => trusted, else string to HTML "untrusted" description.
627 *********************************************************************/
628 char *trust_url(struct http_request *http, struct client_state *csp)
630 struct file_list *fl;
631 struct block_spec *b;
632 struct url_spec url[1], **tl, *t;
634 char *hostport, *path, *refer;
635 struct http_request rhttp[1];
638 if (((fl = csp->tlist) == NULL) || ((b = fl->f) == NULL))
643 *url = dsplit(http->host);
645 /* if splitting the domain fails, punt */
646 if (url->dbuf == NULL) return(NULL);
648 memset(rhttp, '\0', sizeof(*rhttp));
650 for (b = b->next; b ; b = b->next)
652 if ((b->url->port == 0) || (b->url->port == http->port))
654 if ((b->url->domain[0] == '\0') || (domaincmp(b->url, url) == 0))
656 if ((b->url->path == NULL) ||
658 (regexec(b->url->preg, http->path, 0, NULL, 0) == 0)
660 (strncmp(b->url->path, http->path, b->url->pathlen) == 0)
667 if (b->reject == 0) return(NULL);
669 hostport = url_encode(http->hostport);
670 path = url_encode(http->path);
674 refer = url_encode(csp->referrer);
678 refer = url_encode("undefined");
682 n += strlen(hostport);
686 p = (char *)malloc(n);
688 sprintf(p, CTRUST, hostport, path, refer);
703 if ((csp->referrer == NULL)|| (strlen(csp->referrer) <= 9))
705 /* no referrer was supplied */
706 goto trust_url_not_trusted;
709 /* forge a URL from the referrer so we can use
710 * convert_url() to parse it into its components.
714 p = strsav(p, "GET ");
715 p = strsav(p, csp->referrer + 9); /* skip over "Referer: " */
716 p = strsav(p, " HTTP/1.0");
718 parse_http_request(p, rhttp, csp);
720 if (rhttp->cmd == NULL)
723 goto trust_url_not_trusted;
728 *url = dsplit(rhttp->host);
730 /* if splitting the domain fails, punt */
731 if (url->dbuf == NULL) goto trust_url_not_trusted;
733 for (tl = csp->config->trust_list; (t = *tl) ; tl++)
735 if ((t->port == 0) || (t->port == rhttp->port))
737 if ((t->domain[0] == '\0') || domaincmp(t, url) == 0)
739 if ((t->path == NULL) ||
741 (regexec(t->preg, rhttp->path, 0, NULL, 0) == 0)
743 (strncmp(t->path, rhttp->path, t->pathlen) == 0)
747 /* if the URL's referrer is from a trusted referrer, then
748 * add the target spec to the trustfile as an unblocked
749 * domain and return NULL (which means it's OK).
757 if ((fp = fopen(csp->config->trustfile, "a")))
762 h = strsav(h, http->hostport);
768 /* since this path points into a user's home space
769 * be sure to include this spec in the trustfile.
771 if ((p = strchr(p, '/')))
774 h = strsav(h, http->path);
779 free_http_request(rhttp);
781 fprintf(fp, "%s\n", h);
791 trust_url_not_trusted:
792 free_http_request(rhttp);
794 hostport = url_encode(http->hostport);
795 path = url_encode(http->path);
799 refer = url_encode(csp->referrer);
803 refer = url_encode("undefined");
807 n += strlen(hostport);
811 p = (char *)malloc(n);
812 sprintf(p, CTRUST, hostport, path, refer);
821 #endif /* def TRUST_FILES */
824 /*********************************************************************
826 * Function : intercept_url
828 * Description : checks the URL `basename' against a list of URLs to
829 * snarf. If it matches, it calls the associated function
830 * which returns an HTML page to send back to the client.
831 * Right now, we snarf:
832 * "show-proxy-args", and
833 * "ij-untrusted-url" (optional w/TRUST_FILES)
836 * 1 : http = http_request request, check `basename's of blocklist
837 * 2 : csp = Current client state (buffers, headers, etc...)
839 * Returns : NULL for no recognized URLs, or an HTML description page.
841 *********************************************************************/
842 char *intercept_url(struct http_request *http, struct client_state *csp)
845 const struct interceptors *v;
847 basename = strrchr(http->path, '/');
849 if (basename == NULL) return(NULL);
851 basename ++; /* first char past the last slash */
855 for (v = intercept_patterns; v->str; v++)
857 if (strncmp(basename, v->str, v->len) == 0)
859 return((v->interceptor)(http, csp));
868 #ifdef FAST_REDIRECTS
869 /*********************************************************************
871 * Function : redirect_url
873 * Description : Checks for redirection URLs and returns a HTTP redirect
874 * to the destination URL.
877 * 1 : http = http_request request, check `basename's of blocklist
878 * 2 : csp = Current client state (buffers, headers, etc...)
880 * Returns : NULL if URL was clean, HTTP redirect otherwise.
882 *********************************************************************/
883 char *redirect_url(struct http_request *http, struct client_state *csp)
887 p = q = csp->http->path;
888 log_error(LOG_LEVEL_REDIRECTS, "checking path: %s", p);
890 /* find the last URL encoded in the request */
891 while (p = strstr(p, "http://"))
896 /* if there was any, generate and return a HTTP redirect */
897 if (q != csp->http->path)
899 log_error(LOG_LEVEL_REDIRECTS, "redirecting to: %s", q);
901 p = (char *)malloc(strlen(HTTP_REDIRECT_TEMPLATE) + strlen(q));
902 sprintf(p, HTTP_REDIRECT_TEMPLATE, q);
911 #endif /* def FAST_REDIRECTS */
913 /*********************************************************************
915 * Function : url_permissions
917 * Description : Gets the permissions for this URL.
920 * 1 : http = http_request request for blocked URLs
921 * 2 : csp = Current client state (buffers, headers, etc...)
923 * Returns : permissions bitmask specifiying what this URL can do.
924 * If not on list, will be default_permissions.
926 *********************************************************************/
927 int url_permissions(struct http_request *http, struct client_state *csp)
929 struct file_list *fl;
930 struct permissions_spec *b;
931 struct url_spec url[1];
933 if (((fl = csp->permissions_list) == NULL) || ((b = fl->f) == NULL))
935 return(csp->config->default_permissions);
938 *url = dsplit(http->host);
940 /* if splitting the domain fails, punt */
941 if (url->dbuf == NULL)
943 return(csp->config->default_permissions);
946 for (b = b->next; NULL != b; b = b->next)
948 if ((b->url->port == 0) || (b->url->port == http->port))
950 if ((b->url->domain[0] == '\0') || (domaincmp(b->url, url) == 0))
952 if ((b->url->path == NULL) ||
954 (regexec(b->url->preg, http->path, 0, NULL, 0) == 0)
956 (strncmp(b->url->path, http->path, b->url->pathlen) == 0)
962 return(b->permissions);
970 return(csp->config->default_permissions);
975 /*********************************************************************
977 * Function : forward_url
979 * Description : Should we forward this to another proxy?
982 * 1 : http = http_request request for current URL
983 * 2 : csp = Current client state (buffers, headers, etc...)
985 * Returns : Return gw_default for no forward match,
986 * else a gateway pointer to a specific forwarding proxy.
988 *********************************************************************/
989 const struct gateway *forward_url(struct http_request *http, struct client_state *csp)
991 struct file_list *fl;
992 struct forward_spec *b;
993 struct url_spec url[1];
995 if (((fl = csp->flist) == NULL) || ((b = fl->f) == NULL))
1000 *url = dsplit(http->host);
1002 /* if splitting the domain fails, punt */
1003 if (url->dbuf == NULL) return(gw_default);
1005 for (b = b->next; b ; b = b->next)
1007 if ((b->url->port == 0) || (b->url->port == http->port))
1009 if ((b->url->domain[0] == '\0') || (domaincmp(b->url, url) == 0))
1011 if ((b->url->path == NULL) ||
1013 (regexec(b->url->preg, http->path, 0, NULL, 0) == 0)
1015 (strncmp(b->url->path, http->path, b->url->pathlen) == 0)
1034 /*********************************************************************
1038 * Description : Takes a domain and returns a pointer to a url_spec
1039 * structure populated with dbuf, dcnt and dvec. The
1040 * other fields in the structure that is returned are zero.
1043 * 1 : domain = a URL address
1045 * Returns : url_spec structure populated with dbuf, dcnt and dvec.
1047 *********************************************************************/
1048 struct url_spec dsplit(char *domain)
1050 struct url_spec ret[1];
1055 memset(ret, '\0', sizeof(*ret));
1057 if ((p = strrchr(domain, '.')))
1065 ret->dbuf = strdup(domain);
1067 /* map to lower case */
1068 for (p = ret->dbuf; *p ; p++) *p = tolower(*p);
1070 /* split the domain name into components */
1071 ret->dcnt = ssplit(ret->dbuf, ".", v, SZ(v), 1, 1);
1075 memset(ret, '\0', sizeof(ret));
1079 /* save a copy of the pointers in dvec */
1080 size = ret->dcnt * sizeof(*ret->dvec);
1082 if ((ret->dvec = (char **)malloc(size)))
1084 memcpy(ret->dvec, v, size);
1092 /*********************************************************************
1094 * Function : domaincmp
1096 * Description : Compare domain names.
1097 * domaincmp("a.b.c" , "a.b.c") => 0 (MATCH)
1098 * domaincmp("a*.b.c", "a.b.c") => 0 (MATCH)
1099 * domaincmp("b.c" , "a.b.c") => 0 (MATCH)
1100 * domaincmp("" , "a.b.c") => 0 (MATCH)
1103 * 1 : pattern = a domain that may contain a '*' as a wildcard.
1104 * 2 : fqdn = domain name against which the patterns are compared.
1106 * Returns : 0 => domains are equivalent, else no match.
1108 *********************************************************************/
1109 int domaincmp(struct url_spec *pattern, struct url_spec *fqdn)
1111 char **pv, **fv; /* vectors */
1112 int pn, fn; /* counters */
1113 char *p, *f; /* chars */
1121 while ((pn > 0) && (fn > 0))
1126 while (*p && *f && (*p == tolower(*f)))
1131 if ((*p != tolower(*f)) && (*p != '*')) return(1);
1134 if (pn > 0) return(1);
1141 /* intercept functions */
1143 /*********************************************************************
1145 * Function : show_proxy_args
1147 * Description : This "crunch"es "http:/any.thing/show-proxy-args" and
1148 * returns a web page describing the current status of IJB.
1151 * 1 : http = ignored
1152 * 2 : csp = Current client state (buffers, headers, etc...)
1154 * Returns : A string that contains the current status of IJB.
1156 *********************************************************************/
1157 char *show_proxy_args(struct http_request *http, struct client_state *csp)
1161 #ifdef SPLIT_PROXY_ARGS
1165 const char * filename = NULL;
1166 const char * file_description = NULL;
1167 char * query_string = strrchr(http->path, '?');
1168 char which_file = '\0';
1171 if (query_string != NULL)
1173 /* first char past the last '?' (maybe '\0')*/
1174 which_file = query_string[1];
1181 filename = csp->blist->filename;
1182 file_description = "Block List";
1186 if (csp->permissions_list)
1188 filename = csp->permissions_list->filename;
1189 file_description = "Permissions List";
1195 filename = csp->flist->filename;
1196 file_description = "Forward List";
1204 filename = csp->alist->filename;
1205 file_description = "Access Control List";
1208 #endif /* def ACL_FILES */
1210 #ifdef USE_IMAGE_LIST
1214 filename = csp->ilist->filename;
1215 file_description = "Image List";
1218 #endif /* def USE_IMAGE_LIST */
1224 filename = csp->rlist->filename;
1225 file_description = "RE Filter List";
1228 #endif /* def PCRS */
1234 filename = csp->tlist->filename;
1235 file_description = "Trust List";
1238 #endif /* def TRUST_FILES */
1243 /* Display specified file */
1244 /* FIXME: Add HTTP headers so this isn't cached */
1247 "Server: IJ/" VERSION "\n"
1248 "Content-type: text/html\n"
1249 "Pragma: no-cache\n"
1250 "Last-Modified: Thu Jul 31, 1997 07:42:22 pm GMT\n"
1251 "Expires: Thu Jul 31, 1997 07:42:22 pm GMT\n"
1256 "<title>Internet Junkbuster Proxy Status - ");
1257 s = strsav(s, file_description);
1261 "<body bgcolor=\"#f8f8f0\" link=\"#000078\" alink=\"#ff0022\" vlink=\"#787878\">\n"
1263 "<h1>" BANNER "\n");
1264 s = strsav(s, file_description);
1267 "<p><a href=\"show-proxy-args\">Back to proxy status</a></p>\n"
1269 s = strsav(s, file_description);
1272 "Contents of file "<code>");
1273 p = html_encode(filename);
1277 "</code>":<br>\n"
1281 if ((fp = fopen(filename, "r")) == NULL)
1283 s = strsav(s, "</pre><h1>ERROR OPENING FILE!</h1><pre>");
1287 while (fgets(buf, sizeof(buf), fp))
1289 p = html_encode(buf);
1294 s = strsav(s, "<br>");
1303 "<p><a href=\"show-proxy-args\">Back to proxy status</a></p>\n"
1305 "<small><small><p>\n"
1306 "The " BANNER " Proxy - \n"
1307 "<a href=\"" HOME_PAGE_URL "\">" HOME_PAGE_URL "</a>\n"
1309 "</body></html>\n");
1312 #endif /* def SPLIT_PROXY_ARGS */
1314 s = strsav(s, csp->config->proxy_args->header);
1315 s = strsav(s, csp->config->proxy_args->invocation);
1318 #endif /* def STATISTICS */
1319 s = strsav(s, csp->config->proxy_args->gateways);
1321 #ifdef SPLIT_PROXY_ARGS
1323 "<h2>The following files are in use:</h2>\n"
1324 "<p>(Click a filename to view it)</p>\n"
1329 s = strsav(s, "<li>Block List: <a href=\"show-proxy-args?block\"><code>");
1330 s = strsav(s, csp->blist->filename);
1331 s = strsav(s, "</code></a></li>\n");
1334 if (csp->permissions_list)
1336 s = strsav(s, "<li>Permissions List: <a href=\"show-proxy-args?permit\"><code>");
1337 s = strsav(s, csp->permissions_list->filename);
1338 s = strsav(s, "</code></a></li>\n");
1343 s = strsav(s, "<li>Forward List: <a href=\"show-proxy-args?forward\"><code>");
1344 s = strsav(s, csp->flist->filename);
1345 s = strsav(s, "</code></a></li>\n");
1351 s = strsav(s, "<li>Access Control List: <a href=\"show-proxy-args?acl\"><code>");
1352 s = strsav(s, csp->alist->filename);
1353 s = strsav(s, "</code></a></li>\n");
1355 #endif /* def ACL_FILES */
1357 #ifdef USE_IMAGE_LIST
1360 s = strsav(s, "<li>Image List: <a href=\"show-proxy-args?image\"><code>");
1361 s = strsav(s, csp->ilist->filename);
1362 s = strsav(s, "</code></a></li>\n");
1364 #endif /* def USE_IMAGE_LIST */
1369 s = strsav(s, "<li>RE Filter List: <a href=\"show-proxy-args?re\"><code>");
1370 s = strsav(s, csp->rlist->filename);
1371 s = strsav(s, "</code></a></li>\n");
1373 #endif /* def PCRS */
1378 s = strsav(s, "<li>Trust List: <a href=\"show-proxy-args?trust\"><code>");
1379 s = strsav(s, csp->tlist->filename);
1380 s = strsav(s, "</code></a></li>\n");
1382 #endif /* def TRUST_FILES */
1384 s = strsav(s, "</ul>");
1386 #else /* ifndef SPLIT_PROXY_ARGS */
1389 s = strsav(s, csp->blist->proxy_args);
1394 s = strsav(s, csp->clist->proxy_args);
1399 s = strsav(s, csp->flist->proxy_args);
1405 s = strsav(s, csp->alist->proxy_args);
1407 #endif /* def ACL_FILES */
1409 #ifdef USE_IMAGE_LIST
1412 s = strsav(s, csp->ilist->proxy_args);
1414 #endif /* def USE_IMAGE_LIST */
1419 s = strsav(s, csp->rlist->proxy_args);
1421 #endif /* def PCRS */
1426 s = strsav(s, csp->tlist->proxy_args);
1428 #endif /* def TRUST_FILES */
1430 #endif /* ndef SPLIT_PROXY_ARGS */
1432 s = strsav(s, csp->config->proxy_args->trailer);
1439 /*********************************************************************
1441 * Function : ijb_send_banner
1443 * Description : This "crunch"es "http:/any.thing/ijb-send-banner and
1444 * thus triggers sending the image in jcc.c:chat.
1445 * For the unlikely case, that the imagefile/MSIE
1446 * mechanism is not used, or tinygif = 0, a page
1447 * describing the reson of the interception is generated.
1450 * 1 : http = http_request request for crunched URL
1451 * 2 : csp = Current client state (buffers, headers, etc...)
1453 * Returns : A string that contains why this was intercepted.
1455 *********************************************************************/
1456 char *ijb_send_banner(struct http_request *http, struct client_state *csp)
1458 return(strdup(CNOBANNER));
1462 /*********************************************************************
1464 * Function : ij_untrusted_url
1466 * Description : This "crunch"es "http:/any.thing/ij-untrusted-url" and
1467 * returns a web page describing why it was untrusted.
1470 * 1 : http = http_request request for crunched URL
1471 * 2 : csp = Current client state (buffers, headers, etc...)
1473 * Returns : A string that contains why this was untrusted.
1475 *********************************************************************/
1476 char *ij_untrusted_url(struct http_request *http, struct client_state *csp)
1479 char *hostport, *path, *refer, *p, *v[9];
1481 struct url_spec **tl, *t;
1484 static const char format[] =
1485 "HTTP/1.0 200 OK\r\n"
1486 "Pragma: no-cache\n"
1487 "Last-Modified: Thu Jul 31, 1997 07:42:22 pm GMT\n"
1488 "Expires: Thu Jul 31, 1997 07:42:22 pm GMT\n"
1489 "Content-Type: text/html\n\n"
1492 "<title>Internet Junkbuster: Request for untrusted URL</title>\n"
1498 "The " BANNER " Proxy "
1499 "<A href=\"" HOME_PAGE_URL "\">"
1500 "(" HOME_PAGE_URL ") </A>"
1501 "intercepted the request for %s%s\n"
1502 "because the URL is not trusted.\n"
1505 if ((n = ssplit(http->path, "?+", v, SZ(v), 0, 0)) == 4)
1507 hostport = url_decode(v[1]);
1508 path = url_decode(v[2]);
1509 refer = url_decode(v[3]);
1513 hostport = strdup("undefined_host");
1514 path = strdup("/undefined_path");
1515 refer = strdup("undefined");
1519 n += strlen(hostport);
1522 if ((p = (char *)malloc(n)))
1524 sprintf(p, format, hostport, path);
1527 strsav(p, "The referrer in this request was <strong>");
1529 strsav(p, "</strong><br>\n");
1535 p = strsav(p, "<h3>The following referrers are trusted</h3>\n");
1537 for (tl = csp->config->trust_list; (t = *tl) ; tl++)
1539 sprintf(buf, "%s<br>\n", t->spec);
1543 if (csp->config->trust_info->next)
1549 "You can learn more about what this means "
1550 "and what you may be able to do about it by "
1551 "reading the following documents:<br>\n"
1557 for (l = csp->config->trust_info->next; l ; l = l->next)
1560 "<li> <a href=%s>%s</a><br>\n",
1565 p = strsav(p, "</ol>\n");
1568 p = strsav(p, "</body>\n" "</html>\n");
1573 #endif /* def TRUST_FILES */
1577 /*********************************************************************
1579 * Function : add_stats
1581 * Description : Statistics function of JB. Called by `show_proxy_args'.
1584 * 1 : s = string that holds the proxy args description page
1586 * Returns : A pointer to the descriptive status web page.
1588 *********************************************************************/
1589 char *add_stats(char *s)
1592 * Output details of the number of requests rejected and
1593 * accepted. This is switchable in the junkbuster config.
1594 * Does nothing if this option is not enabled.
1597 float perc_rej; /* Percentage of http requests rejected */
1599 int local_urls_read = urls_read;
1600 int local_urls_rejected = urls_rejected;
1603 * Need to alter the stats not to include the fetch of this
1606 * Can't do following thread safely! doh!
1609 * urls_rejected--; * This will be incremented subsequently *
1612 s = strsav(s,"<h2>Statistics for this " BANNER ":</h2>\n");
1614 if (local_urls_read == 0)
1617 s = strsav(s,"No activity so far!\n");
1623 perc_rej = (float)local_urls_rejected * 100.0F /
1624 (float)local_urls_read;
1627 "%d requests received, %d filtered "
1630 local_urls_rejected, perc_rej);
1632 s = strsav(s,out_str);
1637 #endif /* def STATISTICS */