X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=filters.c;h=44a884f538dca8af752482aa04dd9b2920d974c6;hp=d1262186ad9c9d524ffc1167473720bf1e632fba;hb=40632a90a4121008cd4f9f312df8569daa92370a;hpb=87a69fc505def6be1c8a4d24ae225c3623b5e861 diff --git a/filters.c b/filters.c index d1262186..44a884f5 100644 --- a/filters.c +++ b/filters.c @@ -1,4 +1,4 @@ -const char filters_rcs[] = "$Id: filters.c,v 1.1.1.1 2001/05/15 13:58:52 oes Exp $"; +const char filters_rcs[] = "$Id: filters.c,v 1.8 2001/05/26 17:13:28 jongfoster Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/filters.c,v $ @@ -7,9 +7,9 @@ const char filters_rcs[] = "$Id: filters.c,v 1.1.1.1 2001/05/15 13:58:52 oes Exp * Functions declared include: * `acl_addr', `add_stats', `block_acl', `block_imageurl', * `block_url', `url_permissions', `domaincmp', `dsplit', - * `filter_popups', `forward_url', + * `filter_popups', `forward_url', 'redirect_url', * `ij_untrusted_url', `intercept_url', `re_process_buffer', - * `show_proxy_args', and `trust_url' + * `show_proxy_args', 'ijb_send_banner', and `trust_url' * * Copyright : Written by and Copyright (C) 2001 the SourceForge * IJBSWA team. http://ijbswa.sourceforge.net @@ -38,6 +38,83 @@ const char filters_rcs[] = "$Id: filters.c,v 1.1.1.1 2001/05/15 13:58:52 oes Exp * * Revisions : * $Log: filters.c,v $ + * Revision 1.8 2001/05/26 17:13:28 jongfoster + * Filled in a function comment. + * + * Revision 1.7 2001/05/26 15:26:15 jongfoster + * ACL feature now provides more security by immediately dropping + * connections from untrusted hosts. + * + * Revision 1.6 2001/05/26 00:28:36 jongfoster + * Automatic reloading of config file. + * Removed obsolete SIGHUP support (Unix) and Reload menu option (Win32). + * Most of the global variables have been moved to a new + * struct configuration_spec, accessed through csp->config->globalname + * Most of the globals remaining are used by the Win32 GUI. + * + * Revision 1.5 2001/05/25 22:34:30 jongfoster + * Hard tabs->Spaces + * + * Revision 1.4 2001/05/22 18:46:04 oes + * + * - Enabled filtering banners by size rather than URL + * by adding patterns that replace all standard banner + * sizes with the "Junkbuster" gif to the re_filterfile + * + * - Enabled filtering WebBugs by providing a pattern + * which kills all 1x1 images + * + * - Added support for PCRE_UNGREEDY behaviour to pcrs, + * which is selected by the (nonstandard and therefore + * capital) letter 'U' in the option string. + * It causes the quantifiers to be ungreedy by default. + * Appending a ? turns back to greedy (!). + * + * - Added a new interceptor ijb-send-banner, which + * sends back the "Junkbuster" gif. Without imagelist or + * MSIE detection support, or if tinygif = 1, or the + * URL isn't recognized as an imageurl, a lame HTML + * explanation is sent instead. + * + * - Added new feature, which permits blocking remote + * script redirects and firing back a local redirect + * to the browser. + * The feature is conditionally compiled, i.e. it + * can be disabled with --disable-fast-redirects, + * plus it must be activated by a "fast-redirects" + * line in the config file, has its own log level + * and of course wants to be displayed by show-proxy-args + * Note: Boy, all the #ifdefs in 1001 locations and + * all the fumbling with configure.in and acconfig.h + * were *way* more work than the feature itself :-( + * + * - Because a generic redirect template was needed for + * this, tinygif = 3 now uses the same. + * + * - Moved GIFs, and other static HTTP response templates + * to project.h + * + * - Some minor fixes + * + * - Removed some >400 CRs again (Jon, you really worked + * a lot! ;-) + * + * Revision 1.3 2001/05/20 16:44:47 jongfoster + * Removing last hardcoded JunkBusters.com URLs. + * + * Revision 1.2 2001/05/20 01:21:20 jongfoster + * Version 2.9.4 checkin. + * - Merged popupfile and cookiefile, and added control over PCRS + * filtering, in new "permissionsfile". + * - Implemented LOG_LEVEL_FATAL, so that if there is a configuration + * file error you now get a message box (in the Win32 GUI) rather + * than the program exiting with no explanation. + * - Made killpopup use the PCRS MIME-type checking and HTTP-header + * skipping. + * - Removed tabs from "config" + * - Moved duplicated url parsing code in "loaders.c" to a new funcition. + * - Bumped up version number. + * * Revision 1.1.1.1 2001/05/15 13:58:52 oes * Initial import of version 2.9.3 source tree * @@ -110,8 +187,8 @@ static const char CBLOCK[] = "was blocked because it matches the following pattern " "in the blockfile: %s\n

" #ifdef FORCE_LOAD - "

Go there anyway.

" + "

Go there anyway.

" #endif /* def FORCE_LOAD */ "\n" "\n"; @@ -151,21 +228,23 @@ static const char CTRUST[] = * Decide yes or no based on ACL file. * * Parameters : - * 1 : src = Address the browser/user agent is requesting. - * 2 : dst = The proxy or gateway address this is going to. - * 3 : csp = Current client state (buffers, headers, etc...) + * 1 : dst = The proxy or gateway address this is going to. + * Or NULL to check all possible targets. + * 2 : csp = Current client state (buffers, headers, etc...) + * Also includes the client IP address. * * Returns : 0 = FALSE (don't block) and 1 = TRUE (do block) * *********************************************************************/ -int block_acl(struct access_control_addr *src, struct access_control_addr *dst, struct client_state *csp) +int block_acl(struct access_control_addr *dst, + struct client_state *csp) { struct file_list *fl; struct access_control_list *a, *acl; - struct access_control_addr s[1], d[1]; /* if not using an access control list, then permit the connection */ - if (((fl = csp->alist) == NULL) || ((acl = fl->f) == NULL)) + if (((fl = csp->alist) == NULL) || + ((acl = (struct access_control_list *) fl->f) == NULL)) { return(0); } @@ -173,28 +252,27 @@ int block_acl(struct access_control_addr *src, struct access_control_addr *dst, /* search the list */ for (a = acl->next ; a ; a = a->next) { - *s = *src; - *d = *dst; - - s->addr &= a->src->mask; - d->addr &= a->dst->mask; - - if ((s->addr == a->src->addr) - && (d->addr == a->dst->addr) - && ((s->port == a->src->port) - || (s->port == 0) - || (a->src->port == 0)) - && ((d->port == a->dst->port) - || (d->port == 0) - || (a->dst->port == 0))) + if ((csp->ip_addr_long & a->src->mask) == a->src->addr) { - if (a->action == ACL_PERMIT) + if (dst == NULL) { - return(0); + /* Just want to check if they have any access */ + if (a->action == ACL_PERMIT) + { + return(0); + } } - else + else if ( ((dst->addr & a->dst->mask) == a->dst->addr) + && ((dst->port == a->dst->port) || (a->dst->port == 0))) { - return(1); + if (a->action == ACL_PERMIT) + { + return(0); + } + else + { + return(1); + } } } } @@ -208,11 +286,11 @@ int block_acl(struct access_control_addr *src, struct access_control_addr *dst, * * Function : acl_addr * - * Description : Called from `load_aclfile'. FIXME: I can't say more. + * Description : Called from `load_aclfile' to parse an ACL address. * * Parameters : - * 1 : aspec = (what?) - * 2 : aca = (what?) + * 1 : aspec = String specifying ACL address. + * 2 : aca = struct access_control_addr to fill in. * * Returns : 0 => Ok, everything else is an error. * @@ -475,18 +553,17 @@ int block_imageurl_using_imagelist(struct http_request *http, struct client_stat * Function : re_process_buffer * * Description : Apply all jobs from the joblist (aka. Perl regexp's) to - * the text buffer that's been accumulated in csp->iob->buf. - * Then, write the modified buffer out to the client - * (Maybe this should happen from jcc.c via flush_socket - * for better readability). + * the text buffer that's been accumulated in csp->iob->buf + * and set csp->content_length to the modified size. * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * - * Returns : N/A + * Returns : a pointer to the (newly allocated) modified buffer. + * * *********************************************************************/ -void re_process_buffer(struct client_state *csp) +char *re_process_buffer(struct client_state *csp) { int hits=0; int size = csp->iob->eod - csp->iob->cur; @@ -497,9 +574,9 @@ void re_process_buffer(struct client_state *csp) struct re_filterfile_spec *b; /* Sanity first ;-) */ - if (size <= 0) - { - return; + if (size <= 0) + { + return; } if ( ( NULL == (fl = csp->rlist) ) || ( NULL == (b = fl->f) ) ) @@ -524,15 +601,11 @@ void re_process_buffer(struct client_state *csp) log_error(LOG_LEVEL_RE_FILTER, " produced %d hits (new size %d).", hits, size); - if (write_socket(csp->cfd, old, size) != size) - { - log_error(LOG_LEVEL_ERROR, "write to client failed."); - } + csp->content_length = size; /* fwiw, reset the iob */ IOB_RESET(csp); - freez(new); - return; + return(new); } #endif /* def PCRS */ @@ -657,7 +730,7 @@ char *trust_url(struct http_request *http, struct client_state *csp) /* if splitting the domain fails, punt */ if (url->dbuf == NULL) goto trust_url_not_trusted; - for (tl = trust_list; (t = *tl) ; tl++) + for (tl = csp->config->trust_list; (t = *tl) ; tl++) { if ((t->port == 0) || (t->port == rhttp->port)) { @@ -681,7 +754,7 @@ char *trust_url(struct http_request *http, struct client_state *csp) freez(url->dbuf); freez(url->dvec); - if ((fp = fopen(trustfile, "a"))) + if ((fp = fopen(csp->config->trustfile, "a"))) { h = NULL; @@ -792,6 +865,50 @@ char *intercept_url(struct http_request *http, struct client_state *csp) } +#ifdef FAST_REDIRECTS +/********************************************************************* + * + * Function : redirect_url + * + * Description : Checks for redirection URLs and returns a HTTP redirect + * to the destination URL. + * + * Parameters : + * 1 : http = http_request request, check `basename's of blocklist + * 2 : csp = Current client state (buffers, headers, etc...) + * + * Returns : NULL if URL was clean, HTTP redirect otherwise. + * + *********************************************************************/ +char *redirect_url(struct http_request *http, struct client_state *csp) +{ + char *p, *q; + + p = q = csp->http->path; + log_error(LOG_LEVEL_REDIRECTS, "checking path: %s", p); + + /* find the last URL encoded in the request */ + while (p = strstr(p, "http://")) + { + q = p++; + } + + /* if there was any, generate and return a HTTP redirect */ + if (q != csp->http->path) + { + log_error(LOG_LEVEL_REDIRECTS, "redirecting to: %s", q); + + p = (char *)malloc(strlen(HTTP_REDIRECT_TEMPLATE) + strlen(q)); + sprintf(p, HTTP_REDIRECT_TEMPLATE, q); + return(p); + } + else + { + return(NULL); + } + +} +#endif /* def FAST_REDIRECTS */ /********************************************************************* * @@ -803,7 +920,7 @@ char *intercept_url(struct http_request *http, struct client_state *csp) * 1 : http = http_request request for blocked URLs * 2 : csp = Current client state (buffers, headers, etc...) * - * Returns : permissions bitmask specifiying what this URL can do. + * Returns : permissions bitmask specifiying what this URL can do. * If not on list, will be default_permissions. * *********************************************************************/ @@ -815,15 +932,15 @@ int url_permissions(struct http_request *http, struct client_state *csp) if (((fl = csp->permissions_list) == NULL) || ((b = fl->f) == NULL)) { - return(default_permissions); + return(csp->config->default_permissions); } *url = dsplit(http->host); /* if splitting the domain fails, punt */ - if (url->dbuf == NULL) - { - return(default_permissions); + if (url->dbuf == NULL) + { + return(csp->config->default_permissions); } for (b = b->next; NULL != b; b = b->next) @@ -850,7 +967,7 @@ int url_permissions(struct http_request *http, struct client_state *csp) freez(url->dbuf); freez(url->dvec); - return(default_permissions); + return(csp->config->default_permissions); } @@ -1186,28 +1303,20 @@ char *show_proxy_args(struct http_request *http, struct client_state *csp) "

Back to proxy status

\n" "
\n" "

\n" - "Code and documentation of the " BANNER " Proxy" - "TM\n" - "\n" "Copyright© 1997 Junkbusters Corporation\n" - "TM
\n" - "Copying and distribution permitted under the" - "\n" - "GNU " - "General Public License.\n" - "" - "

webmaster@junkbusters.com
" - "" + "The " BANNER " Proxy - \n" + "" HOME_PAGE_URL "\n" + "" "\n"); return(s); } #endif /* def SPLIT_PROXY_ARGS */ - s = strsav(s, proxy_args->header); - s = strsav(s, proxy_args->invocation); + s = strsav(s, csp->config->proxy_args->header); + s = strsav(s, csp->config->proxy_args->invocation); #ifdef STATISTICS s = add_stats(s); #endif /* def STATISTICS */ - s = strsav(s, proxy_args->gateways); + s = strsav(s, csp->config->proxy_args->gateways); #ifdef SPLIT_PROXY_ARGS s = strsav(s, @@ -1253,7 +1362,7 @@ char *show_proxy_args(struct http_request *http, struct client_state *csp) s = strsav(s, "\n"); } #endif /* def USE_IMAGE_LIST */ - + #ifdef PCRS if (csp->rlist) { @@ -1320,13 +1429,35 @@ char *show_proxy_args(struct http_request *http, struct client_state *csp) #endif /* ndef SPLIT_PROXY_ARGS */ - s = strsav(s, proxy_args->trailer); + s = strsav(s, csp->config->proxy_args->trailer); return(s); } +/********************************************************************* + * + * Function : ijb_send_banner + * + * Description : This "crunch"es "http:/any.thing/ijb-send-banner and + * thus triggers sending the image in jcc.c:chat. + * For the unlikely case, that the imagefile/MSIE + * mechanism is not used, or tinygif = 0, a page + * describing the reson of the interception is generated. + * + * Parameters : + * 1 : http = http_request request for crunched URL + * 2 : csp = Current client state (buffers, headers, etc...) + * + * Returns : A string that contains why this was intercepted. + * + *********************************************************************/ +char *ijb_send_banner(struct http_request *http, struct client_state *csp) +{ + return(strdup(CNOBANNER)); +} + #ifdef TRUST_FILES /********************************************************************* * @@ -1403,13 +1534,13 @@ char *ij_untrusted_url(struct http_request *http, struct client_state *csp) p = strsav(p, "

The following referrers are trusted

\n"); - for (tl = trust_list; (t = *tl) ; tl++) + for (tl = csp->config->trust_list; (t = *tl) ; tl++) { sprintf(buf, "%s
\n", t->spec); p = strsav(p, buf); } - if (trust_info->next) + if (csp->config->trust_info->next) { struct list *l; @@ -1423,7 +1554,7 @@ char *ij_untrusted_url(struct http_request *http, struct client_state *csp) p = strsav(p, buf); - for (l = trust_info->next; l ; l = l->next) + for (l = csp->config->trust_info->next; l ; l = l->next) { sprintf(buf, "
  • %s
    \n", @@ -1472,11 +1603,11 @@ char *add_stats(char *s) * Need to alter the stats not to include the fetch of this * page. * - * Can't do following thread safely! doh! - * + * Can't do following thread safely! doh! + * * urls_read--; * urls_rejected--; * This will be incremented subsequently * - */ + */ s = strsav(s,"

    Statistics for this " BANNER ":

    \n");