X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=filters.c;h=44a884f538dca8af752482aa04dd9b2920d974c6;hp=cab956f748182b0ee0c2e8d95d8b9f81b44f0a84;hb=ffc1ab733579543abf77003e7d4b1a373d81c7a3;hpb=43da0ce639b1cf540198b2f63e790d9127725343 diff --git a/filters.c b/filters.c index cab956f7..44a884f5 100644 --- a/filters.c +++ b/filters.c @@ -1,4 +1,4 @@ -const char filters_rcs[] = "$Id: filters.c,v 1.5 2001/05/25 22:34:30 jongfoster Exp $"; +const char filters_rcs[] = "$Id: filters.c,v 1.8 2001/05/26 17:13:28 jongfoster Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/filters.c,v $ @@ -38,6 +38,20 @@ const char filters_rcs[] = "$Id: filters.c,v 1.5 2001/05/25 22:34:30 jongfoster * * Revisions : * $Log: filters.c,v $ + * Revision 1.8 2001/05/26 17:13:28 jongfoster + * Filled in a function comment. + * + * Revision 1.7 2001/05/26 15:26:15 jongfoster + * ACL feature now provides more security by immediately dropping + * connections from untrusted hosts. + * + * Revision 1.6 2001/05/26 00:28:36 jongfoster + * Automatic reloading of config file. + * Removed obsolete SIGHUP support (Unix) and Reload menu option (Win32). + * Most of the global variables have been moved to a new + * struct configuration_spec, accessed through csp->config->globalname + * Most of the globals remaining are used by the Win32 GUI. + * * Revision 1.5 2001/05/25 22:34:30 jongfoster * Hard tabs->Spaces * @@ -214,21 +228,23 @@ static const char CTRUST[] = * Decide yes or no based on ACL file. * * Parameters : - * 1 : src = Address the browser/user agent is requesting. - * 2 : dst = The proxy or gateway address this is going to. - * 3 : csp = Current client state (buffers, headers, etc...) + * 1 : dst = The proxy or gateway address this is going to. + * Or NULL to check all possible targets. + * 2 : csp = Current client state (buffers, headers, etc...) + * Also includes the client IP address. * * Returns : 0 = FALSE (don't block) and 1 = TRUE (do block) * *********************************************************************/ -int block_acl(struct access_control_addr *src, struct access_control_addr *dst, struct client_state *csp) +int block_acl(struct access_control_addr *dst, + struct client_state *csp) { struct file_list *fl; struct access_control_list *a, *acl; - struct access_control_addr s[1], d[1]; /* if not using an access control list, then permit the connection */ - if (((fl = csp->alist) == NULL) || ((acl = fl->f) == NULL)) + if (((fl = csp->alist) == NULL) || + ((acl = (struct access_control_list *) fl->f) == NULL)) { return(0); } @@ -236,28 +252,27 @@ int block_acl(struct access_control_addr *src, struct access_control_addr *dst, /* search the list */ for (a = acl->next ; a ; a = a->next) { - *s = *src; - *d = *dst; - - s->addr &= a->src->mask; - d->addr &= a->dst->mask; - - if ((s->addr == a->src->addr) - && (d->addr == a->dst->addr) - && ((s->port == a->src->port) - || (s->port == 0) - || (a->src->port == 0)) - && ((d->port == a->dst->port) - || (d->port == 0) - || (a->dst->port == 0))) + if ((csp->ip_addr_long & a->src->mask) == a->src->addr) { - if (a->action == ACL_PERMIT) + if (dst == NULL) { - return(0); + /* Just want to check if they have any access */ + if (a->action == ACL_PERMIT) + { + return(0); + } } - else + else if ( ((dst->addr & a->dst->mask) == a->dst->addr) + && ((dst->port == a->dst->port) || (a->dst->port == 0))) { - return(1); + if (a->action == ACL_PERMIT) + { + return(0); + } + else + { + return(1); + } } } } @@ -271,11 +286,11 @@ int block_acl(struct access_control_addr *src, struct access_control_addr *dst, * * Function : acl_addr * - * Description : Called from `load_aclfile'. FIXME: I can't say more. + * Description : Called from `load_aclfile' to parse an ACL address. * * Parameters : - * 1 : aspec = (what?) - * 2 : aca = (what?) + * 1 : aspec = String specifying ACL address. + * 2 : aca = struct access_control_addr to fill in. * * Returns : 0 => Ok, everything else is an error. * @@ -538,18 +553,17 @@ int block_imageurl_using_imagelist(struct http_request *http, struct client_stat * Function : re_process_buffer * * Description : Apply all jobs from the joblist (aka. Perl regexp's) to - * the text buffer that's been accumulated in csp->iob->buf. - * Then, write the modified buffer out to the client - * (Maybe this should happen from jcc.c via flush_socket - * for better readability). + * the text buffer that's been accumulated in csp->iob->buf + * and set csp->content_length to the modified size. * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * - * Returns : N/A + * Returns : a pointer to the (newly allocated) modified buffer. + * * *********************************************************************/ -void re_process_buffer(struct client_state *csp) +char *re_process_buffer(struct client_state *csp) { int hits=0; int size = csp->iob->eod - csp->iob->cur; @@ -587,15 +601,11 @@ void re_process_buffer(struct client_state *csp) log_error(LOG_LEVEL_RE_FILTER, " produced %d hits (new size %d).", hits, size); - if (write_socket(csp->cfd, old, size) != size) - { - log_error(LOG_LEVEL_ERROR, "write to client failed."); - } + csp->content_length = size; /* fwiw, reset the iob */ IOB_RESET(csp); - freez(new); - return; + return(new); } #endif /* def PCRS */