X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=jcc.c;h=82ab45384544767eaf07e632a74bb890d0bb9f3d;hb=5ee3e711d51e9fc40564f25fed2dccde2c76656c;hp=be8bd07b91a49bc35b85305c61701904c5467619;hpb=e93523ebf649541f78aadef40ceb8af72462d84d;p=privoxy.git

diff --git a/jcc.c b/jcc.c
index be8bd07b..82ab4538 100644
--- a/jcc.c
+++ b/jcc.c
@@ -1,4 +1,4 @@
-const char jcc_rcs[] = "$Id: jcc.c,v 1.161 2007/12/04 19:44:22 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.168 2008/03/02 12:25:25 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/jcc.c,v $
@@ -33,6 +33,34 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.161 2007/12/04 19:44:22 fabiankeil Exp $"
  *
  * Revisions   :
  *    $Log: jcc.c,v $
+ *    Revision 1.168  2008/03/02 12:25:25  fabiankeil
+ *    Also use shiny new connect_port_is_forbidden() in jcc.c.
+ *
+ *    Revision 1.167  2008/02/23 16:57:12  fabiankeil
+ *    Rename url_actions() to get_url_actions() and let it
+ *    use the standard parameter ordering.
+ *
+ *    Revision 1.166  2008/02/23 16:33:43  fabiankeil
+ *    Let forward_url() use the standard parameter ordering
+ *    and mark its second parameter immutable.
+ *
+ *    Revision 1.165  2008/02/02 19:36:56  fabiankeil
+ *    Remove the "Listening ... for local connections only" log message.
+ *    Whether or not remote connections are able to reach Privoxy is up
+ *    to the operating system.
+ *
+ *    Revision 1.164  2007/12/16 18:32:46  fabiankeil
+ *    Prevent the log messages for CONNECT requests to unacceptable
+ *    ports from printing the limit-connect argument as [null] if
+ *    limit-connect hasn't been explicitly enabled.
+ *
+ *    Revision 1.163  2007/12/13 01:47:11  david__schmidt
+ *    Make sure all console-mode apps get a usage() instance
+ *
+ *    Revision 1.162  2007/12/06 17:54:57  fabiankeil
+ *    Reword NO_SERVER_DATA_RESPONSE to make it harder
+ *    to misunderstand what the message is all about.
+ *
  *    Revision 1.161  2007/12/04 19:44:22  fabiankeil
  *    Unbreak trustfile which previously didn't work without
  *    FEATURE_TOGGLE. Fixes BR#1843585, reported by Lee.
@@ -1053,7 +1081,7 @@ static void build_request_line(struct client_state *csp, const struct forward_sp
 static jb_err change_request_destination(struct client_state *csp);
 static void chat(struct client_state *csp);
 static void serve(struct client_state *csp);
-#if defined(unix)
+#if !defined(_WIN32) || defined(_WIN_CONSOLE)
 static void usage(const char *myname);
 #endif
 static void initialize_mutexes(void);
@@ -1118,12 +1146,6 @@ static const char CHEADER[] =
    "Connection: close\r\n\r\n"
    "Invalid header received from client.\r\n";
 
-static const char CFORBIDDEN[] =
-   "HTTP/1.0 403 Connection not allowable\r\n"
-   "Proxy-Agent: Privoxy " VERSION "\r\n"
-   "X-Hint: If you read this message interactively, then you know why this happens ,-)\r\n"
-   "Connection: close\r\n\r\n";
-
 static const char FTP_RESPONSE[] =
    "HTTP/1.0 400 Invalid request received from client\r\n"
    "Content-Type: text/plain\r\n"
@@ -2078,7 +2100,7 @@ static void chat(struct client_state *csp)
    else
 #endif /* ndef FEATURE_TOGGLE */
    {
-      url_actions(http, csp);
+      get_url_actions(csp, http);
    }
 
    /* 
@@ -2123,7 +2145,8 @@ static void chat(struct client_state *csp)
    }
 
    /* decide how to route the HTTP request */
-   if (NULL == (fwd = forward_url(http, csp)))
+   fwd = forward_url(csp, http);
+   if (NULL == fwd)
    {
       log_error(LOG_LEVEL_FATAL, "gateway spec is NULL!?!?  This can't happen!");
       /* Never get here - LOG_LEVEL_FATAL causes program exit */
@@ -2166,50 +2189,17 @@ static void chat(struct client_state *csp)
     *
     */
 
-   /*
-    * Check if a CONNECT request is allowable:
-    * In the absence of a +limit-connect action, allow only port 443.
-    * If there is an action, allow whatever matches the specificaton.
-    */
-   if(http->ssl)
+   if (http->ssl && connect_port_is_forbidden(csp))
    {
-      if(  ( !(csp->action->flags & ACTION_LIMIT_CONNECT) && csp->http->port != 443)
-           || (csp->action->flags & ACTION_LIMIT_CONNECT
-              && !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT], csp->http->port)) )
-      {
-         if (csp->action->flags & ACTION_TREAT_FORBIDDEN_CONNECTS_LIKE_BLOCKS)
-         {
-            /*
-             * The response may confuse some clients,
-             * but makes unblocking easier.
-             *
-             * XXX: It seems to work with all major browsers,
-             * so we should consider returning a body by default someday ... 
-             */
-            log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
-               "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
-               csp->ip_addr_str, csp->action->string[ACTION_STRING_LIMIT_CONNECT],
-               csp->http->port);
-            csp->action->flags |= ACTION_BLOCK;
-            http->ssl = 0;
-         }
-         else
-         {
-            write_socket(csp->cfd, CFORBIDDEN, strlen(CFORBIDDEN));
-            log_error(LOG_LEVEL_INFO, "Request from %s denied. "
-               "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
-               csp->ip_addr_str, csp->action->string[ACTION_STRING_LIMIT_CONNECT],
-               csp->http->port);
-            assert(NULL != csp->http->ocmd);
-            log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 403 0", csp->ip_addr_str, csp->http->ocmd);
-
-            list_remove_all(csp->headers);
-            /*
-             * XXX: For consistency we might want to log a crunch message here.
-             */
-            return;
-         }
-      }
+      const char *acceptable_connect_ports =
+         csp->action->string[ACTION_STRING_LIMIT_CONNECT] ?
+         csp->action->string[ACTION_STRING_LIMIT_CONNECT] :
+         "443 (implied default)";
+      log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
+         "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
+         csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
+      csp->action->flags |= ACTION_BLOCK;
+      http->ssl = 0;
    }
 
    if (http->ssl == 0)
@@ -2836,7 +2826,7 @@ static int32 server_thread(void *data)
 #endif
 
 
-#if defined(unix)
+#if !defined(_WIN32) || defined(_WIN_CONSOLE)
 /*********************************************************************
  *
  * Function    :  usage
@@ -2865,7 +2855,7 @@ static void usage(const char *myname)
    exit(2);
 
 }
-#endif /* defined(unix) */
+#endif /* #if !defined(_WIN32) || defined(_WIN_CONSOLE) */
 
 
 /*********************************************************************
@@ -3394,16 +3384,7 @@ static jb_socket bind_port_helper(struct configuration_spec * config)
    int result;
    jb_socket bfd;
 
-   if ( (config->haddr != NULL)
-     && (config->haddr[0] == '1')
-     && (config->haddr[1] == '2')
-     && (config->haddr[2] == '7')
-     && (config->haddr[3] == '.') )
-   {
-      log_error(LOG_LEVEL_INFO, "Listening on port %d for local connections only",
-                config->hport);
-   }
-   else if (config->haddr == NULL)
+   if (config->haddr == NULL)
    {
       log_error(LOG_LEVEL_INFO, "Listening on port %d on all IP addresses",
                 config->hport);