-const char jcc_rcs[] = "$Id: jcc.c,v 1.18 2001/06/03 19:12:16 oes Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.23 2001/07/02 02:28:25 iwanttokeepanon Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/jcc.c,v $
*
* Revisions :
* $Log: jcc.c,v $
+ * Revision 1.23 2001/07/02 02:28:25 iwanttokeepanon
+ * Added "#ifdef ACL_FILES" conditional compilation to line 1291 to exclude
+ * the `block_acl' call. This prevents a compilation error when the user
+ * does not wish to use the "ACL" feature.
+ *
+ * Revision 1.22 2001/06/29 21:45:41 oes
+ * Indentation, CRLF->LF, Tab-> Space
+ *
+ * Revision 1.21 2001/06/29 13:29:36 oes
+ * - Cleaned up, improved comments
+ * - Unified all possible interceptors (CGI,
+ * block, trust, fast_redirect) in one
+ * place, with one (CGI) answer generation
+ * mechansim. Much clearer now.
+ * - Removed the GIF image generation, which
+ * is now done in filters.c:block_url()
+ * - Made error conditions like domain lookup
+ * failiure or (various) problems while talking
+ * to the server use cgi.c:error_response()
+ * instead of generating HTML/HTTP in chat() (yuck!)
+ * - Removed logentry from cancelled commit
+ *
+ * Revision 1.20 2001/06/09 10:55:28 jongfoster
+ * Changing BUFSIZ ==> BUFFER_SIZE
+ *
+ * Revision 1.19 2001/06/07 23:12:52 jongfoster
+ * Replacing function pointer in struct gateway with a directly
+ * called function forwarded_connect().
+ * Replacing struct gateway with struct forward_spec
+ *
* Revision 1.18 2001/06/03 19:12:16 oes
* introduced new cgi handling
*
- * Revision 1.18 2001/06/03 11:03:48 oes
- * Makefile/in
- *
- * introduced cgi.c
- *
- * actions.c:
- *
- * adapted to new enlist_unique arg format
- *
- * conf loadcfg.c
- *
- * introduced confdir option
- *
- * filters.c filtrers.h
- *
- * extracted-CGI relevant stuff
- *
- * jbsockets.c
- *
- * filled comment
- *
- * jcc.c
- *
- * support for new cgi mechansim
- *
- * list.c list.h
- *
- * functions for new list type: "map"
- * extended enlist_unique
- *
- * miscutil.c .h
- * introduced bindup()
- *
- * parsers.c parsers.h
- *
- * deleted const struct interceptors
- *
- * pcrs.c
- * added FIXME
- *
- * project.h
- *
- * added struct map
- * added struct http_response
- * changes struct interceptors to struct cgi_dispatcher
- * moved HTML stuff to cgi.h
- *
- * re_filterfile:
- *
- * changed
- *
- * showargs.c
- * NO TIME LEFT
- *
* Revision 1.17 2001/06/01 20:07:23 jongfoster
* Now uses action +image-blocker{} rather than config->tinygif
*
#define IS_ENABLED_AND IS_TOGGLED_ON_AND IS_NOT_FORCED_AND
- char buf[BUFSIZ], *hdr, *p, *req;
+ char buf[BUFFER_SIZE];
+ char *hdr, *p, *req;
char *err = NULL;
- char *eno;
fd_set rfds;
int n, maxfd, server_body;
int ms_iis5_hack = 0;
int block_popups; /* bool, 1==will block popups */
int block_popups_now = 0; /* bool, 1==currently blocking popups */
#endif /* def KILLPOPUPS */
-#ifdef PCRS
- int pcrs_filter; /* bool, 1==will filter through pcrs */
- int filtering = 0; /* bool, 1==currently filtering through pcrs */
-#endif /* def PCRS */
+
+ int pcrs_filter; /* bool, 1==will filter through pcrs */
+ int gif_deanimate; /* bool, 1==will deanimate gifs */
+
+ /* Function that does the content filtering for the current request */
+ char *(*content_filter)() = NULL;
+
+ /* Skeleton for HTTP response, if we should intercept the request */
struct http_response *rsp;
http = csp->http;
#ifdef KILLPOPUPS
block_popups = ((csp->action->flags & ACTION_NO_POPUPS) != 0);
#endif /* def KILLPOPUPS */
-#ifdef PCRS
+
pcrs_filter = (csp->rlist != NULL) && /* There are expressions to be used */
((csp->action->flags & ACTION_FILTER) != 0);
-#endif /* def PCRS */
+ gif_deanimate = ((csp->action->flags & ACTION_DEANIMATE) != 0);
/* grab the rest of the client's headers */
freez(p);
}
- /* filter it as required */
+ /* We have a request. */
hdr = sed(client_patterns, add_client_headers, csp);
-
destroy_list(csp->headers);
- /* Check the request against all rules, unless
- * we're toggled off or in force mode.
+ /*
+ * Now, check to see if we need to intercept it, i.e.
+ * If
*/
- if (NULL != (rsp = cgi_dispatch(csp)))
- {
- if(0 != (n = make_http_response(rsp)))
- {
- if ((write_socket(csp->cfd, rsp->head, n) != n)
- || (write_socket(csp->cfd, rsp->body, rsp->content_length) != rsp->content_length))
- {
- log_error(LOG_LEVEL_ERROR, "write to: %s failed: %E", http->host);
- }
- }
+ if (
+ /* a CGI call was detected and answered */
+ (NULL != (rsp = dispatch_cgi(csp)))
+ /* or we are enabled and... */
+ || (IS_ENABLED_AND (
-#ifdef STATISTICS
- csp->rejected = 1;
-#endif /* def STATISTICS */
+ /* ..the request was blocked */
+ ( NULL != (rsp = block_url(csp)))
- free_http_response(rsp);
- freez(hdr);
- return;
- }
+ /* ..or untrusted */
+#ifdef TRUST_FILES
+ || ( NULL != (rsp = trust_url(csp)))
+#endif
+ /* ..or a fast redirect kicked in */
#ifdef FAST_REDIRECTS
- else if (IS_ENABLED_AND
- ((csp->action->flags & ACTION_FAST_REDIRECTS) != 0) &&
- (p = redirect_url(http, csp)))
- {
- /* This must be blocked as HTML */
-#ifdef STATISTICS
- csp->rejected = 1;
-#endif /* def STATISTICS */
-
- log_error(LOG_LEVEL_GPC, "%s%s crunch!", http->hostport, http->path);
-
- log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 200 3",
- csp->ip_addr_str, http->cmd);
-
- /* Send HTML redirection result */
- write_socket(csp->cfd, p, strlen(p));
-
- freez(p);
- freez(hdr);
- return;
- }
+ || (((csp->action->flags & ACTION_FAST_REDIRECTS) != 0) &&
+ (NULL != (rsp = redirect_url(csp))))
#endif /* def FAST_REDIRECTS */
-
- else if (IS_ENABLED_AND (
-#ifdef TRUST_FILES
- (p = trust_url(http, csp)) ||
-#endif /* def TRUST_FILES */
- (p = block_url(http, csp)) ))
+ ))
+ )
{
- /* Block as HTML or image */
+ /* Write the answer to the client */
+ if ((write_socket(csp->cfd, rsp->head, rsp->head_length) != rsp->head_length)
+ || (write_socket(csp->cfd, rsp->body, rsp->content_length) != rsp->content_length))
+ {
+ log_error(LOG_LEVEL_ERROR, "write to: %s failed: %E", http->host);
+ }
+
#ifdef STATISTICS
+ /* Count as a rejected request */
csp->rejected = 1;
#endif /* def STATISTICS */
+ /* Log (FIXME: All intercept reasons apprear as "crunch" with Status 200) */
log_error(LOG_LEVEL_GPC, "%s%s crunch!", http->hostport, http->path);
+ log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 200 3", csp->ip_addr_str, http->cmd);
- log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 200 1",
- csp->ip_addr_str, http->cmd);
-
-#ifdef IMAGE_BLOCKING
- /* Block as image? */
- if ( ((csp->action->flags & ACTION_IMAGE_BLOCKER) != 0)
- && block_imageurl(http, csp) )
- {
- /* Send "blocked" image */
- const char * blocker = csp->action->string[ACTION_STRING_IMAGE_BLOCKER];
-
- log_error(LOG_LEVEL_GPC, "%s%s image crunch! --> %s",
- http->hostport, http->path, (blocker ? blocker : "logo"));
-
- if ((blocker == NULL) || (0 == strcmpic(blocker, "logo")))
- {
- write_socket(csp->cfd, JBGIF, sizeof(JBGIF)-1);
- }
- else if (0 == strcmpic(blocker, "blank"))
- {
- write_socket(csp->cfd, BLANKGIF, sizeof(BLANKGIF)-1);
- }
- else
- {
- freez(p);
- p = (char *)malloc(sizeof(HTTP_REDIRECT_TEMPLATE) + strlen(blocker));
- sprintf(p, HTTP_REDIRECT_TEMPLATE, blocker);
- write_socket(csp->cfd, p, strlen(p));
- }
- }
- else
-#endif /* def IMAGE_BLOCKING */
- /* Block as HTML */
- {
- /* Send HTML "blocked" message */
- write_socket(csp->cfd, p, strlen(p));
- }
-
- freez(p);
+ /* Clean up and return */
+ free_http_response(rsp);
freez(hdr);
return;
}
if (errno == EINVAL)
{
- err = zalloc(strlen(CNXDOM) + strlen(http->host));
- sprintf(err, CNXDOM, http->host);
+ rsp = error_response(csp, "no-such-domain", errno);
log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 404 0",
csp->ip_addr_str, http->cmd);
}
else
{
- eno = safe_strerror(errno);
- err = zalloc(strlen(CFAIL) + strlen(http->hostport) + strlen(eno));
- sprintf(err, CFAIL, http->hostport, eno);
+ rsp = error_response(csp, "connect-failed", errno);
log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 503 0",
csp->ip_addr_str, http->cmd);
}
- write_socket(csp->cfd, err, strlen(err));
+ /* Write the answer to the client */
+ if(rsp)
+ {
+ if ((write_socket(csp->cfd, rsp->head, rsp->head_length) != rsp->head_length)
+ || (write_socket(csp->cfd, rsp->body, rsp->content_length) != rsp->content_length))
+ {
+ log_error(LOG_LEVEL_ERROR, "write to: %s failed: %E", http->host);
+ }
+ }
- freez(err);
+ free_http_response(rsp);
freez(hdr);
return;
}
log_error(LOG_LEVEL_CONNECT, "write header to: %s failed: %E",
http->hostport);
- eno = safe_strerror(errno);
- err = zalloc(strlen(CFAIL) + strlen(http->hostport) + strlen(eno));
- sprintf(err, CFAIL, http->hostport, eno);
- write_socket(csp->cfd, err, strlen(err));
-
log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 503 0",
csp->ip_addr_str, http->cmd);
- freez(err);
+ rsp = error_response(csp, "connect-failed", errno);
+
+ if(rsp)
+ {
+ if ((write_socket(csp->cfd, rsp->head, n) != n)
+ || (write_socket(csp->cfd, rsp->body, rsp->content_length) != rsp->content_length))
+ {
+ log_error(LOG_LEVEL_ERROR, "write to: %s failed: %E", http->host);
+ }
+ }
+
+ free_http_response(rsp);
freez(hdr);
return;
}
/*
* The server wants to talk. It could be the header or the body.
* If `hdr' is null, then it's the header otherwise it's the body.
- * FIXME: Does `hdr' really mean `host'?
+ * FIXME: Does `hdr' really mean `host'? No.
*/
{
log_error(LOG_LEVEL_ERROR, "read from: %s failed: %E", http->host);
- eno = safe_strerror(errno);
- sprintf(buf, CFAIL, http->hostport, eno);
- freez(eno);
-
log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 503 0",
csp->ip_addr_str, http->cmd);
- write_socket(csp->cfd, buf, strlen(buf));
+ rsp = error_response(csp, "connect-failed", errno);
+
+ if(rsp)
+ {
+ if ((write_socket(csp->cfd, rsp->head, rsp->head_length) != rsp->head_length)
+ || (write_socket(csp->cfd, rsp->body, rsp->content_length) != rsp->content_length))
+ {
+ log_error(LOG_LEVEL_ERROR, "write to: %s failed: %E", http->host);
+ }
+ }
+
+ free_http_response(rsp);
return;
}
*/
if (n == 0)
{
- /* This hack must only be enforced for headers. */
+
if (server_body || http->ssl)
{
-#ifdef PCRS
- if (filtering)
+ /*
+ * If we have been buffering up the document,
+ * now is the time to apply content modification
+ * and send the result to the client.
+ */
+ if (content_filter)
{
- p = re_process_buffer(csp);
+ /*
+ * If the content filter fails, use the original
+ * buffer and length.
+ * (see p != NULL ? p : csp->iob->cur below)
+ */
+ if (NULL == (p = (*content_filter)(csp)))
+ {
+ csp->content_length = csp->iob->eod - csp->iob->cur;
+ }
+
hdr = sed(server_patterns, add_server_headers, csp);
n = strlen(hdr);
+
if ((write_socket(csp->cfd, hdr, n) != n)
- || (write_socket(csp->cfd, p, csp->content_length) != csp->content_length))
+ || (write_socket(csp->cfd, p != NULL ? p : csp->iob->cur, csp->content_length) != csp->content_length))
{
log_error(LOG_LEVEL_CONNECT, "write modified content to client failed: %E");
return;
}
- freez(hdr);
- freez(p);
+
+ freez(hdr);
+ freez(p);
}
-#endif /* def PCRS */
+
break; /* "game over, man" */
}
- /* Let's pretend the server just sent us a blank line. */
+ /*
+ * This is NOT the body, so
+ * Let's pretend the server just sent us a blank line.
+ */
n = sprintf(buf, "\r\n");
/*
if (server_body || http->ssl)
{
-#ifdef PCRS
- if (filtering)
+
+ if (content_filter)
{
add_to_iob(csp, buf, n); /* Buffer the body for filtering */
}
+
else
-#endif /* def PCRS */
{
/* just write */
if (write_socket(csp->cfd, buf, n) != n)
#ifdef KILLPOPUPS
/* Start blocking popups if appropriate. */
- if (csp->is_text && /* It's a text / * MIME-Type */
- !http->ssl && /* We talk plaintext */
- block_popups) /* Policy allows */
+ if ((csp->content_type & CT_TEXT) && /* It's a text / * MIME-Type */
+ !http->ssl && /* We talk plaintext */
+ block_popups) /* Policy allows */
{
block_popups_now = 1;
}
#endif /* def KILLPOPUPS */
-#ifdef PCRS
- /* Start re_filtering this if appropriate. */
+ /* Buffer and pcrs filter this if appropriate. */
- if (csp->is_text && /* It's a text / * MIME-Type */
- !http->ssl && /* We talk plaintext */
- pcrs_filter) /* Policy allows */
+ if ((csp->content_type & CT_TEXT) && /* It's a text / * MIME-Type */
+ !http->ssl && /* We talk plaintext */
+ pcrs_filter) /* Policy allows */
{
- filtering = 1;
+ content_filter = pcrs_filter_response;
}
-/* This next line is a little ugly, but it simplifies the if statement below. */
-/* Basically if using PCRS, we want the OR condition to require "!filtering" */
-#define NOT_FILTERING_AND !filtering &&
+ /* Buffer and gif_deanimate this if appropriate. */
-#else /* not def PCRS */
-
-#define NOT_FILTERING_AND
+ if ((csp->content_type & CT_GIF) && /* It's a image/gif MIME-Type */
+ !http->ssl && /* We talk plaintext */
+ gif_deanimate) /* Policy allows */
+ {
+ content_filter = gif_deanimate_response;
+ }
-#endif /* def PCRS */
- if (NOT_FILTERING_AND ((write_socket(csp->cfd, hdr, n) != n)
+ /*
+ * Only write if we're not buffering for content modification
+ */
+ if (!content_filter && ((write_socket(csp->cfd, hdr, n) != n)
|| (n = flush_socket(csp->cfd, csp) < 0)))
{
log_error(LOG_LEVEL_CONNECT, "write header to client failed: %E");
return;
}
- NOT_FILTERING_AND (byte_count += n);
+ !content_filter && (byte_count += n);
/* we're finished with the server's header */
#ifdef __BEOS__
-
/*********************************************************************
*
* Function : server_thread
return 0;
}
-
#endif
/* Never get here - LOG_LEVEL_FATAL causes program exit */
}
+#ifdef ACL_FILES
if (block_acl(NULL,csp))
{
log_error(LOG_LEVEL_CONNECT, "Connection dropped due to ACL");
freez(csp);
continue;
}
+#endif /* def ACL_FILES */
/* add it to the list of clients */
csp->next = clients->next;
if (child_id < 0) /* failed */
{
- char buf[BUFSIZ];
+ char buf[BUFFER_SIZE];
log_error(LOG_LEVEL_ERROR, "can't fork: %E");