diff options
74 files changed, 3372 insertions, 3094 deletions
diff --git a/.travis.yml b/.travis.yml index c38a1d2..47c3b8d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,15 +4,15 @@ sudo: true before_install: - sudo apt-get update -qq -- sudo apt-get install --assume-yes asciidoc valgrind +- sudo apt-get install --assume-yes valgrind script: - ./autogen.sh - ./configure - make - make test +- make clean - ./configure --enable-debug --enable-transparent --enable-reverse - make - make test - make valgrind-test -- make distcheck @@ -55,6 +55,9 @@ Enable support for proxying connections through another proxy server. - `--enable-transparent`: Allow Tinyproxy to be used as a transparent proxy daemon. +Unlike other work modes, transparent proxying doesn't require explicit +configuration and works automatically when traffic is redirected to +the proxy using the appropriate firewall rules. - `--enable-reverse`: Enable reverse proxying. @@ -1 +1 @@ -1.10.0 +1.11.0-rc1 diff --git a/configure.ac b/configure.ac index 1e71e35..00f7f0e 100644 --- a/configure.ac +++ b/configure.ac @@ -9,6 +9,11 @@ AC_INIT([Tinyproxy], [tinyproxy_version], [https://tinyproxy.github.io/], [tinyproxy]) +tpv=tinyproxy_version +if test "x$tpv" = "x" ; then +AC_MSG_ERROR([got empty result from version script!]) +fi + AC_CANONICAL_TARGET AM_INIT_AUTOMAKE([dist-bzip2 dist-xz]) AC_CONFIG_HEADERS(config.h) @@ -19,15 +24,6 @@ m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) dnl Temporarily defined here until we get tinyproxy-version.h AC_DEFINE(TINYPROXY_VERSION, "tinyproxy_version", [Tinyproxy version number]) -# The symbol TINYPROXY_UNSTABLE is defined above for substitution in -# Makefiles and conditionally defined here as a preprocessor symbol -# and automake conditional. -if test "x$TINYPROXY_UNSTABLE" = "xyes"; then - AC_DEFINE(TINYPROXY_UNSTABLE, 1, - [Define to 1 if this is an unstable version of Tinyproxy]) -fi -AM_CONDITIONAL(TINYPROXY_UNSTABLE, test "x$TINYPROXY_UNSTABLE" = "xyes") - dnl Check if we're compiling on a weird platform :) AC_USE_SYSTEM_EXTENSIONS @@ -105,6 +101,15 @@ if test x"$transparent_enabled" = x"yes"; then AC_DEFINE(TRANSPARENT_PROXY) fi +dnl Let user decide whether he wants support for manpages +dnl Which require either pod2man or a tarball release +AH_TEMPLATE([MANPAGE_SUPPORT], + [Build manpages with pod2man if they are missing from the distribution.]) +TP_ARG_ENABLE(manpage_support, + [Enable support for building manpages (default is YES)], + yes) +AM_CONDITIONAL(HAVE_MANPAGE_INTEREST, test x"$manpage_support_enabled" = x"yes") + # This is required to build test programs below AC_PROG_CC @@ -136,14 +141,11 @@ AC_HEADER_STDC AC_HEADER_TIME AC_HEADER_SYS_WAIT AC_CHECK_HEADERS([sys/ioctl.h alloca.h memory.h malloc.h sysexits.h \ - values.h]) + values.h poll.h]) dnl Checks for libary functions AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK -AC_FUNC_MALLOC -AC_FUNC_REALLOC -AC_CHECK_FUNCS([inet_ntoa strdup]) AC_CHECK_FUNCS([strlcpy strlcat setgroups]) dnl Enable extra warnings @@ -153,9 +155,15 @@ if test -n "${MAINTAINER_MODE_FALSE}"; then DESIRED_FLAGS="-Werror $DESIRED_FLAGS" fi +all_desired_work=false +AS_COMPILER_FLAG([$DESIRED_FLAGS], [all_desired_work=true]) +if $all_desired_work ; then + CFLAGS="$CFLAGS $DESIRED_FLAGS" +else for flag in $DESIRED_FLAGS; do AS_COMPILER_FLAG([$flag], [CFLAGS="$CFLAGS $flag"]) done +fi dnl Disable debugging if it's not specified if test x"$debug_enabled" != x"yes" ; then @@ -182,28 +190,28 @@ AC_SUBST(CPPFLAGS) AC_SUBST(LIBS) AC_SUBST(ADDITIONAL_OBJECTS) -# Check for xml tools -AC_PATH_PROG(XSLTPROC, xsltproc, no) -AM_CONDITIONAL(HAVE_XSLTPROC, test "x$XSLTPROC" != "xno") - -# Check for asciidoc -AC_PATH_PROG(A2X, a2x, no) -AM_CONDITIONAL(HAVE_A2X, test "x$A2X" != "xno") - -# checking xmllint -AC_PATH_PROG(XMLLINT, xmllint, no) -if test "x$XMLLINT" != "xno"; then - AS_ECHO_N("testing xmllint... ") - echo "TEST" > conftest.txt - if $A2X -f docbook conftest.txt 2>/dev/null; then - AS_ECHO("ok") - else - AS_ECHO("failed") - XMLLINT="no" - fi - rm -f conftest.txt conftest.xml +if test x"$manpage_support_enabled" = x"yes"; then +AC_PATH_PROG(POD2MAN, pod2man, no) + +if test "x$POD2MAN" = "xno" && \ + ! test -e docs/man5/tinyproxy.conf.5 -a -e docs/man8/tinyproxy.8 ; then +AC_MSG_ERROR([ + manpage generation requested, but neither pod2man + nor pre-generated manpages found. + Use --disable-manpage-support if you want to compile anyway.]) +fi +fi #manpage_support_enabled + +AM_CONDITIONAL(HAVE_POD2MAN, test "x$POD2MAN" != "x" -a "x$POD2MAN" != "xno") + +AC_PATH_PROG(GPERF, gperf, no) +AM_CONDITIONAL(HAVE_GPERF, test "x$GPERF" != "x" -a "x$GPERF" != "xno") +AH_TEMPLATE([HAVE_GPERF], + [Whether you have gperf installed for faster config parsing.]) + +if test "x$GPERF" != "x" -a "x$GPERF" != "xno" ; then + AC_DEFINE(HAVE_GPERF) fi -AM_CONDITIONAL(HAVE_XMLLINT, test "x$XMLLINT" != "xno") AC_CONFIG_FILES([ Makefile @@ -225,12 +233,12 @@ scripts/Makefile AC_OUTPUT # the manpages are shipped in the release tarball and we don't want them to -# get regenerated if a2x is not available. the intermediate files from +# get regenerated if pod2man is not available. the intermediate files from # AC_CONFIG_FILES are created with config.status, which is created at configure # runtime, so we need to touch them after config.status terminated to prevent # make from rebuild them. -if test "x$A2X" = "xno"; then +if test "x$POD2MAN" = "xno" ; then touch docs/man5/tinyproxy.conf.txt touch docs/man8/tinyproxy.txt if test -e docs/man5/tinyproxy.conf.5 ; then diff --git a/docs/Makefile.am b/docs/Makefile.am index 5065255..e2ba221 100644 --- a/docs/Makefile.am +++ b/docs/Makefile.am @@ -4,6 +4,5 @@ SUBDIRS = \ EXTRA_DIST = \ http-error-codes.txt \ - http-rfcs.txt \ - filter-howto.txt + http-rfcs.txt diff --git a/docs/filter-howto.txt b/docs/filter-howto.txt deleted file mode 100644 index 3acd813..0000000 --- a/docs/filter-howto.txt +++ /dev/null @@ -1,52 +0,0 @@ -Using tinyproxy with Your Home/Small Business Network - -Written: Patrick L. McGillan -Edited: Robert James Kaes (2002-06-04) ------------------------------------------------------ - -Being as this will be the most common usage and there were no clear -basic instructions for this scenario, I thought I would write up what -I did for my home system. - -First the layout of the network. A cable modem is connected through a -Linksys Router to a small hub. The computers hanging off the hub and -have a clear shot to the Internet. - -So, the connection from the Internet to the hub looks like this: - - Internet->Cable TV Line->Cable Modem->Linksys Router->Hub/Switch - -Restricting Internet web access on some of those computers (connected -to the hub) is what using tinyproxy is all about. Using the web -interface to the Linksys router, turn off all Internet access to those -computers that shouldn't have direct access to the Internet. This is -done by clicking on the advanced tab and entering the IP number in the -filter range. Now those computers have to go through a proxy, for -their access, as they have no direct access. - -On one of the Linux computers which still has Internet access (I use -an old 486) load up tinyproxy. Now have the users configure their -Internet Explorer/Netscape Navigator programs to use the proxy on the -tinyproxy computer box, along with the port number declared in the -tinyproxy configuration file. By default, there is no blocking of web -sites with this program, so I created a file, called "filter", to -start blocking some sites. - -Example "filter" file entries: - -bannerads.zwire.com -ad.doubleclick.net -ads.fortunecity.com - -This filter file usually goes into the same folder, as your -configuration file. Be sure and uncomment the 'Filter' line in your -configuration file and make sure it points at your newly created -filter file. - ------------------------------------------------------------------------- - -Copyright (c) 2002 Patrick L. McGillan <pmcgillan@dwx.com> - -This document is released under the same copyright license as -tinyproxy. You should have found a COPYING file in the top level -directory of this distribution which contains the current license.
\ No newline at end of file diff --git a/docs/man5/Makefile.am b/docs/man5/Makefile.am index 247b7ef..31b8ddf 100644 --- a/docs/man5/Makefile.am +++ b/docs/man5/Makefile.am @@ -1,25 +1,25 @@ +if HAVE_MANPAGE_INTEREST MAN5_FILES = \ tinyproxy.conf.txt - -if HAVE_XMLLINT -A2X_ARGS = -d manpage -f manpage -else -A2X_ARGS = -d manpage -f manpage -L endif +M_SECTION=5 +M_NAME=TINYPROXY.CONF + man_MANS = \ $(MAN5_FILES:.txt=.5) .txt.5: -if HAVE_A2X - $(AM_V_GEN) $(A2X) $(A2X_ARGS) $< +if HAVE_POD2MAN + $(AM_V_GEN) $(POD2MAN) --center="Tinyproxy manual" \ + --section=$(M_SECTION) --name=$(M_NAME) --release="Version @VERSION@" \ + $< > $@ else - @echo "*** a2x (asciidoc) is required to regenerate $(@) ***"; exit 1; + @echo "*** pod2man is required to regenerate $(@) ***"; exit 1; endif -CLEANFILES = \ - $(MAN5_FILES:.txt=.5) \ - $(MAN5_FILES:.txt=.xml) +MAINTAINERCLEANFILES = \ + $(MAN5_FILES:.txt=.5) EXTRA_DIST = \ $(MAN5_FILES:.txt=.5) diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in index b3b94ec..0629a9a 100644 --- a/docs/man5/tinyproxy.conf.txt.in +++ b/docs/man5/tinyproxy.conf.txt.in @@ -1,24 +1,20 @@ -TINYPROXY.CONF(5) -================= -:man source: Version @VERSION@ -:man manual: Tinyproxy manual +=pod -NAME ----- +=encoding utf8 + +=head1 NAME tinyproxy.conf - Tinyproxy HTTP proxy daemon configuration file -SYNOPSIS --------- +=head1 SYNOPSIS -*tinyproxy.conf* +B<tinyproxy.conf> -DESCRIPTION ------------ +=head1 DESCRIPTION -`tinyproxy(8)` reads its configuration file, typically stored in +L<tinyproxy(8)> reads its configuration file, typically stored in `/etc/tinyproxy/tinyproxy.conf` (or passed to Tinyproxy with -c on the command line). This manpage describes the syntax and contents of the configuration file. @@ -31,341 +27,371 @@ contain spaces. The possible keywords and their descriptions are as follows: -*User*:: +=over 4 + +=item B<User> + +The user which the Tinyproxy process should run as, after the +initial port-binding has been done as the `root` user. Either the +user name or the UID may be specified. + +=item B<Group> + +The group which the Tinyproxy process should run as, after the +initial port-binding has been done as the `root` user. Either the +group name or the GID may be specified. + +=item B<Port> + +The port which the Tinyproxy service will listen on. If the port is +less than 1024, you will need to start the Tinyproxy process as the +`root` user. + +=item B<Listen> + +By default, Tinyproxy listens for connections on all available +interfaces (i.e. it listens on the wildcard address `0.0.0.0`). +With this configuration parameter, Tinyproxy can be told to listen +only on one specific address. + +=item B<Bind> + +This allows you to specify which address Tinyproxy will bind +to for outgoing connections to web servers or upstream proxies. +This parameter may be specified multiple times, then Tinyproxy +will try all the specified addresses in order. + +=item B<BindSame> + +If this boolean parameter is set to `yes`, then Tinyproxy will +bind the outgoing connection to the IP address of the incoming +connection that triggered the outgoing request. + +=item B<Timeout> + +The maximum number of seconds of inactivity a connection is +allowed to have before it is closed by Tinyproxy. + +=item B<ErrorFile> + +This parameter controls which HTML file Tinyproxy returns when a +given HTTP error occurs. It takes two arguments, the error number +and the location of the HTML error file. + +=item B<DefaultErrorFile> + +This parameter controls the HTML template file returned when an +error occurs for which no specific error file has been set. + +=item B<StatHost> + +This configures the host name or IP address that is treated +as the `stat host`: Whenever a request for this host is received, +Tinyproxy will return an internal statistics page instead of +forwarding the request to that host. The template for this +page can be configured with the `StatFile` configuration option. +The default value of `StatHost` is `@TINYPROXY_STATHOST@`. + +=item B<StatFile> + +This configures the HTML file that Tinyproxy sends when +a request for the stathost is received. If this parameter is +not set, Tinyproxy returns a hard-coded basic statistics page. +See the STATHOST section in the L<tinyproxy(8)> manual page +for details. + +Note that the StatFile and the error files configured with ErrorFile +and DefaultErrorFile are template files that can contain a few +template variables that Tinyproxy expands prior to delivery. +Examples are "{cause}" for an abbreviated error description and +"{detail}" for a detailed error message. The L<tinyproxy(8)> +manual page contains a description of all template variables. + +=item B<LogFile> + +This controls the location of the file to which Tinyproxy +writes its debug output. Alternatively, Tinyproxy can log +to syslog -- see the Syslog option. + +=item B<Syslog> - The user which the Tinyproxy process should run as, after the - initial port-binding has been done as the `root` user. Either the - user name or the UID may be specified. +When set to `On`, this option tells Tinyproxy to write its +debug messages to syslog instead of to a log file configured +with `LogFile`. These two options are mutually exclusive. -*Group*:: +=item B<LogLevel> - The group which the Tinyproxy process should run as, after the - initial port-binding has been done as the `root` user. Either the - group name or the GID may be specified. +Sets the log level. Messages from the set level and above are +logged. For example, if the LogLevel was set to Warning, then all +log messages from Warning to Critical would be output, but Notice +and below would be suppressed. Allowed values are: -*Port*:: +=over 4 - The port which the Tinyproxy service will listen on. If the port is - less than 1024, you will need to start the Tinyproxy process as the - `root` user. +=item * Critical (least verbose) -*Listen*:: +=item * Error - By default, Tinyproxy listens for connections on all available - interfaces (i.e. it listens on the wildcard address `0.0.0.0`). - With this configuration parameter, Tinyproxy can be told to listen - only on one specific address. +=item * Warning -*Bind*:: +=item * Notice - This allows you to specify which address Tinyproxy will bind - to for outgoing connections to web servers or upstream proxies. +=item * Connect (log connections without Info's noise) -*BindSame*:: +=item * Info (most verbose) - If this boolean parameter is set to `yes`, then Tinyproxy will - bind the outgoing connection to the IP address of the incoming - connection that triggered the outgoing request. +=back -*Timeout*:: +=item B<PidFile> - The maximum number of seconds of inactivity a connection is - allowed to have before it is closed by Tinyproxy. +This option controls the location of the file where the main +Tinyproxy process stores its process ID for signaling purposes. -*ErrorFile*:: +=item B<XTinyproxy> - This parameter controls which HTML file Tinyproxy returns when a - given HTTP error occurs. It takes two arguments, the error number - and the location of the HTML error file. +Setting this option to `Yes` tells Tinyproxy to add a header +`X-Tinyproxy` containing the client's IP address to the request. -*DefaultErrorFile*:: +=item B<Upstream> - This parameter controls the HTML template file returned when an - error occurs for which no specific error file has been set. +This option allows you to set up a set of rules for deciding +whether an upstream proxy server is to be used, based on the +host or domain of the site being accessed. The rules are stored +in the order encountered in the configuration file and the +LAST matching rule wins. The following forms for specifying upstream +rules exist: -*StatHost*:: +=over 4 - This configures the host name or IP address that is treated - as the `stat host`: Whenever a request for this host is received, - Tinyproxy will return an internal statistics page instead of - forwarding the request to that host. The template for this - page can be configured with the `StatFile` configuration option. - The default value of `StatHost` is `@TINYPROXY_STATHOST@`. +=item * I<upstream type host:port> turns proxy upstream support on generally. -*StatFile*:: +=item * I<upstream type user:pass@host:port> +does the same, but uses the supplied credentials for authentication. - This configures the HTML file that Tinyproxy sends when - a request for the stathost is received. If this parameter is - not set, Tinyproxy returns a hard-coded basic statistics page. - See the STATHOST section in the `tinyproxy(8)` manual page - for details. - + - Note that the StatFile and the error files configured with ErrorFile - and DefaultErrorFile are template files that can contain a few - template variables that Tinyproxy expands prior to delivery. - Examples are "\{cause}" for an abbreviated error description and - "\{detail}" for a detailed error message. The `tinyproxy(8)` - manual page contains a description of all template variables. +=item * I<upstream type host:port "site_spec"> +turns on the upstream proxy for the sites matching `site_spec`. -*LogFile*:: +`type` can be one of `http`, `socks4`, `socks5`, `none`. - This controls the location of the file to which Tinyproxy - writes its debug output. Alternatively, Tinyproxy can log - to syslog -- see the Syslog option. +=item * I<upstream none "site_spec"> +turns off upstream support for sites matching `site_spec`, that means the +connection is done directly. -*Syslog*:: +=back - When set to `On`, this option tells Tinyproxy to write its - debug messages to syslog instead of to a log file configured - with `LogFile`. These two options are mutually exclusive. +The site can be specified in various forms as a hostname, domain +name or as an IP range: -*LogLevel*:: +=over 4 - Sets the log level. Messages from the set level and above are - logged. For example, if the LogLevel was set to Warning, then all - log messages from Warning to Critical would be output, but Notice - and below would be suppressed. Allowed values are: +=item * I<name> matches host exactly - * Critical (least verbose) - * Error - * Warning - * Notice - * Connect (log connections without Info's noise) - * Info (most verbose) +=item * I<.name> matches any host in domain "name" -*PidFile*:: +=item * I<.> matches any host with no domain (in 'empty' domain) - This option controls the location of the file where the main - Tinyproxy process stores its process ID for signaling purposes. +=item * I<IP/bits> matches network/mask -*XTinyproxy*:: +=item * I<IP/mask> matches network/mask - Setting this option to `Yes` tells Tinyproxy to add a header - `X-Tinyproxy` containing the client's IP address to the request. +=back -*Upstream*:: +Note that the upstream directive can also be used to null-route +a specific target domain/host, e.g.: +`upstream http 0.0.0.0:0 ".adserver.com"` - This option allows you to set up a set of rules for deciding - whether an upstream proxy server is to be used, based on the - host or domain of the site being accessed. The rules are stored - in the order encountered in the configuration file and the - LAST matching rule wins. The following forms for specifying upstream - rules exist: +=item B<MaxClients> - * 'upstream type host:port' turns proxy upstream support on generally. +Tinyproxy creates one thread for each connected client. +This options specifies the absolute highest number processes that +will be created. With other words, only MaxClients clients can be +connected to Tinyproxy simultaneously. - * 'upstream type user:pass@host:port' does the same, but uses the - supplied credentials for authentication. +=item B<Allow> - * 'upstream type host:port "site_spec"' turns on the upstream proxy - for the sites matching `site_spec`. +=item B<Deny> - `type` can be one of `http`, `socks4`, `socks5`, `none`. +The `Allow` and `Deny` options provide a means to customize +which clients are allowed to access Tinyproxy. `Allow` and `Deny` +lines can be specified multiple times to build the access control +list for Tinyproxy. The order in the config file is important. +If there are no `Allow` or `Deny` lines, then all clients are +allowed. Otherwise, the default action is to deny access. +The argument to `Allow` or `Deny` can be a single IP address +of a client host, like `127.0.0.1`, an IP address range, like +`192.168.0.1/24` or a string that will be matched against the +end of the client host name, i.e, this can be a full host name +like `host.example.com` or a domain name like `.example.com` or +even a top level domain name like `.com`. +Note that by adding a rule using a host or domain name, a costly name +lookup has to be done for every new connection, which could slow down +the service considerably. - * 'upstream none "site_spec"' turns off upstream support for sites - matching `site_spec`. +=item B<BasicAuth> - The site can be specified in various forms as a hostname, domain - name or as an IP range: +Configure HTTP "Basic Authentication" username and password +for accessing the proxy. If there are any entries specified, +access is only granted for authenticated users. - * 'name' matches host exactly - * '.name' matches any host in domain "name" - * '.' matches any host with no domain (in 'empty' domain) - * 'IP/bits' matches network/mask - * 'IP/mask' matches network/mask + BasicAuth user password -*MaxClients*:: +=item B<AddHeader> - Tinyproxy creates one child process for each connected client. - This options specifies the absolute highest number processes that - will be created. With other words, only MaxClients clients can be - connected to Tinyproxy simultaneously. +Configure one or more HTTP request headers to be added to outgoing +HTTP requests that Tinyproxy makes. Note that this option will not +work for HTTPS traffic, as Tinyproxy has no control over what +headers are exchanged. -*MinSpareServers*:: -*MaxSpareServers*:: + AddHeader "X-My-Header" "Powered by Tinyproxy" - Tinyproxy always keeps a certain number of idle child processes - so that it can handle new incoming client requests quickly. - `MinSpareServer` and `MaxSpareServers` control the lower and upper - limits for the number of spare processes. I.e. when the number of - spare servers drops below `MinSpareServers` then Tinyproxy will - start forking new spare processes in the background and when the - number of spare processes exceeds `MaxSpareServers` then Tinyproxy - will kill off extra processes. - -*StartServers*:: - - The number of servers to start initially. This should usually be - set to a value between MinSpareServers and MaxSpareServers. - -*MaxRequestsPerChild*:: - - This limits the number of connections that a child process - will handle before it is killed. The default value is `0` - which disables this feature. This option is meant as an - emergency measure in the case of problems with memory leakage. - In that case, setting `MaxRequestsPerChild` to a value of e.g. - 1000, or 10000 can be useful. +=item B<ViaProxyName> -*Allow*:: -*Deny*:: +RFC 2616 requires proxies to add a `Via` header to the HTTP +requests, but using the real host name can be a security +concern. If the `ViaProxyname` option is present, then its +string value will be used as the host name in the Via header. +Otherwise, the server's host name will be used. - The `Allow` and `Deny` options provide a means to customize - which clients are allowed to access Tinyproxy. `Allow` and `Deny` - lines can be specified multiple times to build the access control - list for Tinyproxy. The order in the config file is important. - If there are no `Allow` or `Deny` lines, then all clients are - allowed. Otherwise, the default action is to deny access. - The argument to `Allow` or `Deny` can be a single IP address - of a client host, like `127.0.0.1`, an IP address range, like - `192.168.0.1/24` or a string that will be matched against the - end of the client host name, i.e, this can be a full host name - like `host.example.com` or a domain name like `.example.com` or - even a top level domain name like `.com`. - -*AddHeader*:: - - Configure one or more HTTP request headers to be added to outgoing - HTTP requests that Tinyproxy makes. Note that this option will not - work for HTTPS traffic, as Tinyproxy has no control over what - headers are exchanged. - + ----- -AddHeader "X-My-Header" "Powered by Tinyproxy" ----- - -*ViaProxyName*:: - - RFC 2616 requires proxies to add a `Via` header to the HTTP - requests, but using the real host name can be a security - concern. If the `ViaProxyname` option is present, then its - string value will be used as the host name in the Via header. - Otherwise, the server's host name will be used. - -*DisableViaHeader*:: - - When this is set to yes, Tinyproxy does NOT add the `Via` header - to the requests. This virtually puts Tinyproxy into stealth mode. - Note that RFC 2616 requires proxies to set the `Via` header, so by - enabling this option, you break compliance. - Don't disable the `Via` header unless you know what you are doing... - -*Filter*:: +=item B<DisableViaHeader> - Tinyproxy supports filtering of web sites based on URLs or - domains. This option specifies the location of the file - containing the filter rules, one rule per line. - -*FilterURLs*:: - - If this boolean option is set to `Yes` or `On`, filtering is - performed for URLs rather than for domains. The default is to - filter based on domains. - -*FilterExtended*:: - - If this boolean option is set to `Yes`, then extended POSIX - regular expressions are used for matching the filter rules. - The default is to use basic POSIX regular expressions. - -*FilterCaseSensitive*:: - - If this boolean option is set to `Yes`, then the filter rules - are matched in a case sensitive manner. The default is to - match case-insensitively. - -*FilterDefaultDeny*:: - - The default filtering policy is to allow everything that is - not matched by a filtering rule. Setting `FilterDefaultDeny` - to `Yes` changes the policy do deny everything but the domains - or URLs matched by the filtering rules. - -*Anonymous*:: - - If an `Anonymous` keyword is present, then anonymous proxying - is enabled. The headers listed with `Anonymous` are allowed - through, while all others are denied. If no Anonymous keyword - is present, then all headers are allowed through. You must - include quotes around the headers. - + - Most sites require cookies to be enabled for them to work correctly, so - you will need to allow cookies through if you access those sites. - + - Example: - + ----- -Anonymous "Host" -Anonymous "Authorization" -Anonymous "Cookie" ----- - -*ConnectPort*:: - - This option can be used to specify the ports allowed for the - CONNECT method. If no `ConnectPort` line is found, then all - ports are allowed. To disable CONNECT altogether, include a - single ConnectPort line with a value of `0`. - -*ReversePath*:: - - Configure one or more ReversePath directives to enable reverse proxy - support. With reverse proxying it's possible to make a number of - sites appear as if they were part of a single site. - + - If you uncomment the following two directives and run Tinyproxy - on your own computer at port 8888, you can access example.com, - using http://localhost:8888/example/. - + ----- -ReversePath "/example/" "http://www.example.com/" ----- +When this is set to yes, Tinyproxy does NOT add the `Via` header +to the requests. This virtually puts Tinyproxy into stealth mode. +Note that RFC 2616 requires proxies to set the `Via` header, so by +enabling this option, you break compliance. +Don't disable the `Via` header unless you know what you are doing... -*ReverseOnly*:: +=item B<Filter> - When using Tinyproxy as a reverse proxy, it is STRONGLY - recommended that the normal proxy is turned off by setting - this boolean option to `Yes`. - -*ReverseMagic*:: +Tinyproxy supports filtering of web sites based on URLs or +domains. This option specifies the location of the file +containing the filter rules, one rule per line. - Setting this option to `Yes`, makes Tinyproxy use a cookie to - track reverse proxy mappings. If you need to reverse proxy - sites which have absolute links you must use this option. +Rules are specified as POSIX basic regular expressions (BRE), unless +FilterExtended is activated. +Comment lines start with a `#` character. -*ReverseBaseURL*:: +Example filter file contents: - The URL that is used to access this reverse proxy. The URL is - used to rewrite HTTP redirects so that they won't escape the - proxy. If you have a chain of reverse proxies, you'll need to - put the outermost URL here (the address which the end user - types into his/her browser). If this option is not set then - no rewriting of redirects occurs. + # filter exactly cnn.com + ^cnn\.com$ + + # filter all subdomains of cnn.com, but not cnn.com itself + .*\.cnn.com$ + + # filter any domain that has cnn.com in it, like xcnn.comfy.org + cnn\.com + + # filter any domain that ends in cnn.com + cnn\.com$ + + # filter any domain that starts with adserver + ^adserver +=item B<FilterURLs> -BUGS ----- +If this boolean option is set to `Yes` or `On`, filtering is +performed for URLs rather than for domains. The default is to +filter based on domains. + +=item B<FilterExtended> + +If this boolean option is set to `Yes`, then extended POSIX +regular expressions are used for matching the filter rules. +The default is to use basic POSIX regular expressions. + +=item B<FilterCaseSensitive> + +If this boolean option is set to `Yes`, then the filter rules +are matched in a case sensitive manner. The default is to +match case-insensitively. + +=item B<FilterDefaultDeny> + +The default filtering policy is to allow everything that is +not matched by a filtering rule. Setting `FilterDefaultDeny` +to `Yes` changes the policy do deny everything but the domains +or URLs matched by the filtering rules. + +=item B<Anonymous> + +If an `Anonymous` keyword is present, then anonymous proxying +is enabled. The headers listed with `Anonymous` are allowed +through, while all others are denied. If no Anonymous keyword +is present, then all headers are allowed through. You must +include quotes around the headers. + +Most sites require cookies to be enabled for them to work correctly, so +you will need to allow cookies through if you access those sites. + +Example: + + Anonymous "Host" + Anonymous "Authorization" + Anonymous "Cookie" + +=item B<ConnectPort> + +This option can be used to specify the ports allowed for the +CONNECT method. If no `ConnectPort` line is found, then all +ports are allowed. To disable CONNECT altogether, include a +single ConnectPort line with a value of `0`. + +=item B<ReversePath> + +Configure one or more ReversePath directives to enable reverse proxy +support. With reverse proxying it's possible to make a number of +sites appear as if they were part of a single site. + +If you uncomment the following two directives and run Tinyproxy +on your own computer at port 8888, you can access example.com, +using http://localhost:8888/example/. + + ReversePath "/example/" "http://www.example.com/" + +=item B<ReverseOnly> + +When using Tinyproxy as a reverse proxy, it is STRONGLY +recommended that the normal proxy is turned off by setting +this boolean option to `Yes`. + +=item B<ReverseMagic> + +Setting this option to `Yes`, makes Tinyproxy use a cookie to +track reverse proxy mappings. If you need to reverse proxy +sites which have absolute links you must use this option. + +=item B<ReverseBaseURL> + +The URL that is used to access this reverse proxy. The URL is +used to rewrite HTTP redirects so that they won't escape the +proxy. If you have a chain of reverse proxies, you'll need to +put the outermost URL here (the address which the end user +types into his/her browser). If this option is not set then +no rewriting of redirects occurs. + +=back + +=head1 BUGS To report bugs in Tinyproxy, please visit -<https://tinyproxy.github.io/[https://tinyproxy.github.io/]>. +L<https://tinyproxy.github.io/>. + +=head1 SEE ALSO -SEE ALSO --------- -tinyproxy(8) +L<tinyproxy(8)> -AUTHOR ------- +=head1 AUTHOR This manpage was written by the Tinyproxy project team. -COPYRIGHT ---------- +=head1 COPYRIGHT -Copyright (c) 1998-2018 the Tinyproxy authors. +Copyright (c) 1998-2020 the Tinyproxy authors. This program is distributed under the terms of the GNU General Public License version 2 or above. See the COPYING file for additional information. + diff --git a/docs/man8/Makefile.am b/docs/man8/Makefile.am index 1bd0ffa..d2d7e19 100644 --- a/docs/man8/Makefile.am +++ b/docs/man8/Makefile.am @@ -1,25 +1,25 @@ -MAN8_FILES = \ +if HAVE_MANPAGE_INTEREST +MAN8_FILES = \ tinyproxy.txt - -if HAVE_XMLLINT -A2X_ARGS = -d manpage -f manpage -else -A2X_ARGS = -d manpage -f manpage -L endif +M_SECTION=8 +M_NAME=TINYPROXY + man_MANS = \ $(MAN8_FILES:.txt=.8) .txt.8: -if HAVE_A2X - $(AM_V_GEN) $(A2X) $(A2X_ARGS) $< +if HAVE_POD2MAN + $(AM_V_GEN) $(POD2MAN) --center="Tinyproxy manual" \ + --section=$(M_SECTION) --name=$(M_NAME) --release="Version @VERSION@" \ + $< > $@ else - @echo "*** a2x (asciidoc) is required to regenerate $(@) ***"; exit 1; + @echo "*** pod2man is required to regenerate $(@) ***"; exit 1; endif -CLEANFILES = \ - $(MAN8_FILES:.txt=.8) \ - $(MAN8_FILES:.txt=.xml) +MAINTAINERCLEANFILES = \ + $(MAN8_FILES:.txt=.8) -EXTRA_DIST= \ +EXTRA_DIST = \ $(MAN8_FILES:.txt=.8) diff --git a/docs/man8/tinyproxy.txt.in b/docs/man8/tinyproxy.txt.in index 54da867..7fa420f 100644 --- a/docs/man8/tinyproxy.txt.in +++ b/docs/man8/tinyproxy.txt.in @@ -1,24 +1,20 @@ -TINYPROXY(8) -============ -:man source: Version @VERSION@ -:man manual: Tinyproxy manual +=pod -NAME ----- +=encoding utf8 + +=head1 NAME tinyproxy - A light-weight HTTP proxy daemon -SYNOPSIS --------- +=head1 SYNOPSIS -*tinyproxy* [-vdch] +B<tinyproxy> [-vdch] -DESCRIPTION ------------ +=head1 DESCRIPTION -*tinyproxy* is a light-weight HTTP proxy daemon designed to consume a +B<tinyproxy> is a light-weight HTTP proxy daemon designed to consume a minimum amount of system resources. It listens on a given TCP port and handles HTTP proxy requests. Designed from the ground up to be fast and yet small, it is an ideal solution for use cases such as embedded @@ -26,46 +22,66 @@ deployments where a full featured HTTP proxy is required, but the system resources for a larger proxy are unavailable. -OPTIONS -------- +=head1 OPTIONS + +B<tinyproxy> accepts the following options: + +=over 4 + +=item B<-c <config-file>> -*tinyproxy* accepts the following options: +Use an alternate configuration file. -*-c <config-file>*:: - Use an alternate configuration file. +=item B<-d> -*-d*:: - Don't daemonize and stay in the foreground. Useful for debugging purposes. +Don't daemonize and stay in the foreground. Useful for debugging purposes. -*-h*:: - Display a short help screen of command line arguments and exit. +=item B<-h> -*-v*:: - Display version information and exit. +Display a short help screen of command line arguments and exit. +=item B<-v> -SIGNALS -------- +Display version information and exit. + +=back + +=head1 SIGNALS In addition to command-line options, there are also several signals that -can be sent to *tinyproxy* while it is running to generate debugging +can be sent to B<tinyproxy> while it is running to generate debugging information and to force certain events. -*SIGHUP*:: - Force Tinyproxy to do a garbage collection on the current - connections linked list. This is usually done automatically after a - certain number of connections have been handled. +=over 4 + +=item B<SIGHUP> +Force Tinyproxy to do a garbage collection on the current +connections linked list. This is usually done automatically after a +certain number of connections have been handled. +(Daemon mode only) -TEMPLATE FILES --------------- +=item B<SIGUSR1> + +Force reload of config file and filter list. +This is handy to update the configuration if Tinyproxy is running +in foreground without dropping active connections. + +=back + +=head1 TEMPLATE FILES There are two occasions when Tinyproxy delivers HTML pages to the client on it's own right: -. When an error occurred, a corresponding error page is returned. -. When a request for the stathost is made, a page summarizing the - connection statistics is returned. (See STATHOST below.) +=over 4 + +=item * When an error occurred, a corresponding error page is returned. + +=item * When a request for the stathost is made, a page summarizing the +connection statistics is returned. (See STATHOST below.) + +=back The layout of both error pages and the statistics page can be controlled via configurable HTML template files that are plain @@ -73,46 +89,60 @@ HTML files that additionally understand a few template variables. -TEMPLATE VARIABLES ------------------- +=head1 TEMPLATE VARIABLES There are several standard HTML variables that are available in every template file: -*request*:: - The full HTTP request line. +=over 4 -*cause*:: - The abbreviated cause of the error condition. +=item B<request> -*clientip*:: - The IP address of the client making the request. +The full HTTP request line. -*clienthost*:: - The hostname of the client making the request. +=item B<cause> -*version*:: - The version of Tinyproxy. +The abbreviated cause of the error condition. -*package*:: - The package name. Presently, resolves to 'tinyproxy'. +=item B<clientip> -*date*:: - The current date/time in HTTP format. +The IP address of the client making the request. + +=item B<clienthost> + +The hostname of the client making the request. + +=item B<version> + +The version of Tinyproxy. + +=item B<package> + +The package name. Presently, resolves to 'tinyproxy'. + +=item B<date> + +The current date/time in HTTP format. + +=back In addition, almost all templates support: -*detail*:: - A detailed, plain English explanation of the error and possible - causes. +=over 4 + +=item B<detail> + +A detailed, plain English explanation of the error and possible +causes. + +=back When Tinyproxy finds a variable name enclosed in braces, e.g. -"\{request}", then this is replaced by the value of the corresponding +"{request}", then this is replaced by the value of the corresponding variable before delivery of the page. -STATHOST --------- +=head1 STATHOST Tinyproxy returns a HTML page with connection statistics when it receives a HTTP request for a certain host -- the stathost. The @@ -124,33 +154,29 @@ The stat file template can be changed at runtime through the configuration variable `StatFile`. -FILES ------ +=head1 FILES `/etc/tinyproxy/tinyproxy.conf`, `/var/run/tinyproxy/tinyproxy.pid`, `/var/log/tinyproxy/tinyproxy.log` -BUGS ----- +=head1 BUGS To report bugs in Tinyproxy, please visit -<https://tinyproxy.github.io/[https://tinyproxy.github.io/]>. +L<https://tinyproxy.github.io/>. + +=head1 SEE ALSO -SEE ALSO --------- -tinyproxy.conf(5) +L<tinyproxy.conf(5)> -AUTHOR ------- +=head1 AUTHOR This manpage was written by the Tinyproxy project team. -COPYRIGHT ---------- +=head1 COPYRIGHT -Copyright (c) 1998-2018 the Tinyproxy authors. +Copyright (c) 1998-2020 the Tinyproxy authors. This program is distributed under the terms of the GNU General Public License version 2 or above. See the COPYING file for additional diff --git a/docs/web/Makefile b/docs/web/Makefile new file mode 100644 index 0000000..9b7c1ff --- /dev/null +++ b/docs/web/Makefile @@ -0,0 +1,15 @@ +# test webpage with `python -m SimpleHTTPServer` + +all: index.html + +tp.html.conf: ../man5/tinyproxy.conf.txt + pod2html --noindex < $^ | awk -f podhtml-filter.awk > $@ + +index.html: tp.html.head tp.html.conf tp.html.foot + cat $^ > $@ + +clean: + rm tp.html.conf index.html *.tmp + +.PHONY: all clean + diff --git a/docs/web/podhtml-filter.awk b/docs/web/podhtml-filter.awk new file mode 100644 index 0000000..4ea7892 --- /dev/null +++ b/docs/web/podhtml-filter.awk @@ -0,0 +1,5 @@ +BEGIN {i=0} +/<\/{0,1}h1/ {if(!i)i=1; gsub("h1", "h4", $0);} +#/<\/body>/ {i=0;} +/BUGS/ {i=-1} +{if(i==1) print;} diff --git a/docs/web/stylesheets/stylesheet.css b/docs/web/stylesheets/stylesheet.css new file mode 100644 index 0000000..eac0014 --- /dev/null +++ b/docs/web/stylesheets/stylesheet.css @@ -0,0 +1,426 @@ +/******************************************************************************* +Slate Theme for GitHub Pages +by Jason Costello, @jsncostello +*******************************************************************************/ + +@import url(github-light.css); + +/******************************************************************************* +MeyerWeb Reset +*******************************************************************************/ + +html, body, div, span, applet, object, iframe, +h1, h2, h3, h4, h5, h6, p, blockquote, pre, +a, abbr, acronym, address, big, cite, code, +del, dfn, em, img, ins, kbd, q, s, samp, +small, strike, strong, sub, sup, tt, var, +b, u, i, center, +dl, dt, dd, ol, ul, li, +fieldset, form, label, legend, +table, caption, tbody, tfoot, thead, tr, th, td, +article, aside, canvas, details, embed, +figure, figcaption, footer, header, hgroup, +menu, nav, output, ruby, section, summary, +time, mark, audio, video { + margin: 0; + padding: 0; + border: 0; + font: inherit; + vertical-align: baseline; +} + +/* HTML5 display-role reset for older browsers */ +article, aside, details, figcaption, figure, +footer, header, hgroup, menu, nav, section { + display: block; +} + +ol, ul { + list-style: none; +} + +table { + border-collapse: collapse; + border-spacing: 0; +} + +/******************************************************************************* +Theme Styles +*******************************************************************************/ + +body { + box-sizing: border-box; + color:#373737; + background: #212121; + font-size: 16px; + font-family: 'Myriad Pro', Calibri, Helvetica, Arial, sans-serif; + line-height: 1.5; + -webkit-font-smoothing: antialiased; +} + +h1, h2, h3, h4, h5, h6 { + margin: 10px 0; + font-weight: 700; + color:#222222; + font-family: 'Lucida Grande', 'Calibri', Helvetica, Arial, sans-serif; + letter-spacing: -1px; +} + +h1 { + font-size: 36px; + font-weight: 700; +} + +h2 { + padding-bottom: 10px; + font-size: 32px; + background: url('../images/bg_hr.png') repeat-x bottom; +} + +h3 { + font-size: 24px; +} + +h4 { + font-size: 21px; +} + +h5 { + font-size: 18px; +} + +h6 { + font-size: 16px; +} + +p { + margin: 10px 0 15px 0; +} + +footer p { + color: #f2f2f2; +} + +a { + text-decoration: none; + color: #007edf; + text-shadow: none; + + transition: color 0.5s ease; + transition: text-shadow 0.5s ease; + -webkit-transition: color 0.5s ease; + -webkit-transition: text-shadow 0.5s ease; + -moz-transition: color 0.5s ease; + -moz-transition: text-shadow 0.5s ease; + -o-transition: color 0.5s ease; + -o-transition: text-shadow 0.5s ease; + -ms-transition: color 0.5s ease; + -ms-transition: text-shadow 0.5s ease; +} + +a:hover, a:focus {text-decoration: underline;} + +footer a { + color: #F2F2F2; + text-decoration: underline; +} + +em { + font-style: italic; +} + +strong { + font-weight: bold; +} + +img { + position: relative; + margin: 0 auto; + max-width: 739px; + padding: 5px; + margin: 10px 0 10px 0; + border: 1px solid #ebebeb; + + box-shadow: 0 0 5px #ebebeb; + -webkit-box-shadow: 0 0 5px #ebebeb; + -moz-box-shadow: 0 0 5px #ebebeb; + -o-box-shadow: 0 0 5px #ebebeb; + -ms-box-shadow: 0 0 5px #ebebeb; +} + +p img { + display: inline; + margin: 0; + padding: 0; + vertical-align: middle; + text-align: center; + border: none; +} + +pre, code { + width: 100%; + color: #222; + background-color: #fff; + + font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; + font-size: 14px; + + border-radius: 2px; + -moz-border-radius: 2px; + -webkit-border-radius: 2px; +} + +pre { + width: 100%; + padding: 10px; + margin-bottom: 20px; + box-shadow: 0 0 10px rgba(0,0,0,.1); + overflow: auto; +} + +code { + padding: 3px; + margin: 0 3px; + box-shadow: 0 0 10px rgba(0,0,0,.1); +} + +pre code { + display: block; + box-shadow: none; +} + +blockquote { + color: #666; + margin-bottom: 20px; + padding: 0 0 0 20px; + border-left: 3px solid #bbb; +} + + +ul, ol, dl { + margin-bottom: 15px +} + +ul { + list-style-position: inside; + list-style: disc; + padding-left: 20px; +} + +ol { + list-style-position: inside; + list-style: decimal; + padding-left: 20px; +} + +dl dt { + font-weight: bold; +} + +dl dd { + padding-left: 20px; +/* font-style: italic; */ +} + +dl p { + padding-left: 20px; +/* font-style: italic; */ +} + +hr { + height: 1px; + margin-bottom: 5px; + border: none; + background: url('../images/bg_hr.png') repeat-x center; +} + +table { + border: 1px solid #373737; + margin-bottom: 20px; + text-align: left; + } + +th { + font-family: 'Lucida Grande', 'Helvetica Neue', Helvetica, Arial, sans-serif; + padding: 10px; + background: #373737; + color: #fff; + } + +td { + padding: 10px; + border: 1px solid #373737; + } + +form { + background: #f2f2f2; + padding: 20px; +} + +/******************************************************************************* +Full-Width Styles +*******************************************************************************/ + +.outer { + width: 100%; +} + +.inner { + position: relative; + max-width: 640px; + padding: 20px 10px; + margin: 0 auto; +} + +#forkme_banner { + display: block; + position: absolute; + top:0; + right: 10px; + z-index: 10; + padding: 10px 50px 10px 10px; + color: #fff; + background: url('../images/blacktocat.png') #0090ff no-repeat 95% 50%; + font-weight: 700; + box-shadow: 0 0 10px rgba(0,0,0,.5); + border-bottom-left-radius: 2px; + border-bottom-right-radius: 2px; +} + +#header_wrap { + background: #212121; + background: -moz-linear-gradient(top, #373737, #212121); + background: -webkit-linear-gradient(top, #373737, #212121); + background: -ms-linear-gradient(top, #373737, #212121); + background: -o-linear-gradient(top, #373737, #212121); + background: linear-gradient(top, #373737, #212121); +} + +#header_wrap .inner { + padding: 50px 10px 30px 10px; +} + +#project_title { + margin: 0; + color: #fff; + font-size: 42px; + font-weight: 700; + text-shadow: #111 0px 0px 10px; +} + +#project_tagline { + color: #fff; + font-size: 24px; + font-weight: 300; + background: none; + text-shadow: #111 0px 0px 10px; +} + +#downloads { + position: absolute; + width: 210px; + z-index: 10; + bottom: -40px; + right: 0; + height: 70px; + background: url('../images/icon_download.png') no-repeat 0% 90%; +} + +.zip_download_link { + display: block; + float: right; + width: 90px; + height:70px; + text-indent: -5000px; + overflow: hidden; + background: url(../images/sprite_download.png) no-repeat bottom left; +} + +.tar_download_link { + display: block; + float: right; + width: 90px; + height:70px; + text-indent: -5000px; + overflow: hidden; + background: url(../images/sprite_download.png) no-repeat bottom right; + margin-left: 10px; +} + +.zip_download_link:hover { + background: url(../images/sprite_download.png) no-repeat top left; +} + +.tar_download_link:hover { + background: url(../images/sprite_download.png) no-repeat top right; +} + +#main_content_wrap { + background: #f2f2f2; + border-top: 1px solid #111; + border-bottom: 1px solid #111; +} + +#main_content { + padding-top: 40px; +} + +#footer_wrap { + background: #212121; +} + + + +/******************************************************************************* +Small Device Styles +*******************************************************************************/ + +@media screen and (max-width: 480px) { + body { + font-size:14px; + } + + #downloads { + display: none; + } + + .inner { + min-width: 320px; + max-width: 480px; + } + + #project_title { + font-size: 32px; + } + + h1 { + font-size: 28px; + } + + h2 { + font-size: 24px; + } + + h3 { + font-size: 21px; + } + + h4 { + font-size: 18px; + } + + h5 { + font-size: 14px; + } + + h6 { + font-size: 12px; + } + + code, pre { + min-width: 320px; + max-width: 480px; + font-size: 11px; + } + +} diff --git a/docs/web/tp.html.foot b/docs/web/tp.html.foot new file mode 100644 index 0000000..d080bac --- /dev/null +++ b/docs/web/tp.html.foot @@ -0,0 +1,21 @@ +<h2> +<a id="support" class="anchor" href="#support" aria-hidden="true"><span class="octicon octicon-link"></span></a>Support</h2> + +<ul> +<li>Feel free to report a new bug or suggest features via github issues.</li> +<li>Tinyproxy developers hang out in #tinyproxy on irc.freenode.net.</li> +</ul> + </section> + </div> + + <!-- FOOTER --> + <div id="footer_wrap" class="outer"> + <footer class="inner"> + <p>Published with <a href="https://pages.github.com">GitHub Pages</a></p> + </footer> + </div> + + + + </body> +</html> diff --git a/docs/web/tp.html.head b/docs/web/tp.html.head new file mode 100644 index 0000000..6ce2b0b --- /dev/null +++ b/docs/web/tp.html.head @@ -0,0 +1,82 @@ +<!DOCTYPE html> +<html> + + <head> + <meta charset='utf-8'> + <meta http-equiv="X-UA-Compatible" content="chrome=1"> + <meta name="description" content="Tinyproxy : lightweight http(s) proxy daemon"> + + <link rel="stylesheet" type="text/css" media="screen" href="stylesheets/stylesheet.css"> + + <title>Tinyproxy</title> + </head> + + <body> + + <!-- HEADER --> + <div id="header_wrap" class="outer"> + <header class="inner"> + <a id="forkme_banner" href="https://github.com/tinyproxy">View on GitHub</a> + + <h1 id="project_title">Tinyproxy</h1> + <h2 id="project_tagline">lightweight http(s) proxy daemon</h2> + + </header> + </div> + + <!-- MAIN CONTENT --> + <div id="main_content_wrap" class="outer"> + <section id="main_content" class="inner"> + <h1> +<a id="tinyproxy" class="anchor" href="#tinyproxy" aria-hidden="true"><span class="octicon octicon-link"></span></a>Tinyproxy</h1> + +<p>Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems. Designed from the ground up to be fast and yet small, it is an ideal solution for use cases such as embedded deployments where a full featured HTTP proxy is required, but the system resources for a larger proxy are unavailable.</p> + +<p>Tinyproxy is distributed using the GNU GPL license (version 2 or above).</p> + +<h2> +<a id="features" class="anchor" href="#features" aria-hidden="true"><span class="octicon octicon-link"></span></a>Features</h2> + +<p>Tinyproxy has a <strong>small footprint</strong> and requires very little in the way of system resources. The memory footprint tends to be around 2 MB with glibc, and the CPU load increases linearly with the number of simultaneous connections (depending on the speed of the connection). Thus, Tinyproxy can be run on an older machine, or on a network appliance such as a Linux-based broadband router, without any noticeable impact on performance.</p> + +<p>Tinyproxy requires only a <strong>minimal POSIX environment</strong> to build and operate. It can use additional libraries to add functionality though.</p> + +<p>Tinyproxy allows forwarding of <strong>HTTPS connections</strong> without modifying traffic in any way through the <code>CONNECT</code> method (see the <code>ConnectPort</code> directive).</p> + +<p>Tinyproxy supports being configured as a <strong>transparent proxy</strong>, so that a proxy can be used without requiring any client-side configuration. You can also use it as a <strong>reverse proxy</strong> front-end to your websites.</p> + +<p>Using the <code>AddHeader</code> directive, you can <strong>add/insert HTTP headers</strong> to outgoing traffic.</p> + +<p>If you're looking to build a custom web proxy, Tinyproxy is <strong>easy to modify</strong> to your custom needs. The source is straightforward, adhering to the KISS principle. As such, it can be used as a foundation for anything you may need a web proxy to do.</p> + +<p>Tinyproxy has <strong>privacy features</strong> which can let you configure which HTTP headers should be allowed through, and which should be blocked. This allows you to restrict both what data comes to your web browser from the HTTP server (e.g., cookies), and to restrict what data is allowed through from your web browser to the HTTP server (e.g., version information).</p> + +<p>Using the <strong>remote monitoring</strong> facility, you can access proxy statistics from afar, letting you know exactly how busy the proxy is.</p> + +<p>You can configure Tinyproxy to <strong>control access</strong> by only allowing requests from a certain subnet, or from a certain interface, thus ensuring that random, unauthorized people will not be using your proxy.</p> + +<p>With a bit of configuration (specifically, making Tinyproxy created files owned by a non-root user and running it on a port greater than 1024), Tinyproxy can be made to run without any special privileges, thus minimizing the chance of system compromise. Furthermore, it was designed with an eye towards preventing buffer overflows. The simplicity of the code ensures it remains easy to spot such bugs.</p> + +<h2> +<a id="downloads" class="anchor" href="#downloads" aria-hidden="true"><span class="octicon octicon-link"></span></a>Downloads</h2> + +<ul> +<li>On Red Hat Enterprise Linux, or its derivatives such as CentOS, install Tinyproxy from the EPEL repository by running yum install tinyproxy.</li> +<li>On Fedora, install Tinyproxy by running yum install tinyproxy.</li> +<li>On Debian and derived distributions, run apt-get install tinyproxy to install Tinyproxy.</li> +<li>For openSUSE run: zypper in tinyproxy</li> +<li>Arch users can install the Tinyproxy package from the community repository. Run pacman -S tinyproxy to install it.</li> +<li>FreeBSD, OpenBSD or NetBSD users can use the pkg_add utility to install the tinyproxy package.</li> +<li>Mac OS X users can check MacPorts to see if the Tinyproxy port there is recent enough.</li> +</ul> + +<p>If you feel that the Tinyproxy binary package in your operating system is not recent, please contact the package maintainer for that particular operating system. If this fails, you can always compile the latest stable version from source code.</p> + +<p>We distribute Tinyproxy in source code form, and it has to be compiled in order to be used on your system. Please see the INSTALL file in the source code tree for build instructions. The current stable version of Tinyproxy is available on the <a href="https://github.com/tinyproxy/tinyproxy/releases">releases page</a>. The Tinyproxy NEWS file contains the release notes. You can verify the tarball using its PGP signature. You can also browse the older releases of Tinyproxy.</p> + +<p>We use Git as the version control system for the Tinyproxy source code repository. To get a copy of the Tinyproxy repository, use the command:</p> + +<p>git clone <a href="https://github.com/tinyproxy/tinyproxy.git">https://github.com/tinyproxy/tinyproxy.git</a></p> + +<h2> +<a id="documentation" class="anchor" href="#documentation" aria-hidden="true"><span class="octicon octicon-link"></span></a>Documentation</h2> diff --git a/etc/tinyproxy.conf.in b/etc/tinyproxy.conf.in index 54024cb..5a170c2 100644 --- a/etc/tinyproxy.conf.in +++ b/etc/tinyproxy.conf.in @@ -43,6 +43,13 @@ Port 8888 #BindSame yes # +# BindIPv4Mapped: If enabled, tinyproxy will bind the outgoing IPv6 +# connection to the IPv4 address of the incoming connection using +# the mapping. +# +#BindIPv4Mapped 2001:0db8::ffff:0:0 + +# # Timeout: The maximum number of seconds of inactivity a connection is # allowed to have before it is closed by tinyproxy. # @@ -190,30 +197,6 @@ LogLevel Info MaxClients 100 # -# MinSpareServers/MaxSpareServers: These settings set the upper and -# lower limit for the number of spare servers which should be available. -# -# If the number of spare servers falls below MinSpareServers then new -# server processes will be spawned. If the number of servers exceeds -# MaxSpareServers then the extras will be killed off. -# -MinSpareServers 5 -MaxSpareServers 20 - -# -# StartServers: The number of servers to start initially. -# -StartServers 10 - -# -# MaxRequestsPerChild: The number of connections a thread will handle -# before it is killed. In practise this should be set to 0, which -# disables thread reaping. If you do notice problems with memory -# leakage, then set this to something like 10000. -# -MaxRequestsPerChild 0 - -# # Allow: Customization of authorization controls. If there are any # access control keywords then the default action is to DENY. Otherwise, # the default action is ALLOW. @@ -222,6 +205,7 @@ MaxRequestsPerChild 0 # tested against the controls based on order. # Allow 127.0.0.1 +Allow ::1 # BasicAuth: HTTP "Basic Authentication" for accessing the proxy. # If there are any entries specified, access is only granted for authenticated diff --git a/scripts/version.sh b/scripts/version.sh index 9a965dc..03fb3aa 100755 --- a/scripts/version.sh +++ b/scripts/version.sh @@ -5,8 +5,12 @@ GIT_DIR="${SCRIPT_DIR}/../.git" if test -d "${GIT_DIR}" ; then if type git >/dev/null 2>&1 ; then - git describe --match '[0-9]*.[0-9]*.[0-9]*' 2>/dev/null \ - | sed -e 's/-/-git-/' + gitstr=$(git describe --match '[0-9]*.[0-9]*.*' 2>/dev/null) + if test "x$?" != x0 ; then + sed 's/$/-git/' < VERSION + else + printf "%s\n" "$gitstr" | sed -e 's/-g/-git-/' + fi else sed 's/$/-git/' < VERSION fi diff --git a/src/Makefile.am b/src/Makefile.am index af2f621..6d806e0 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -29,10 +29,10 @@ tinyproxy_SOURCES = \ buffer.c buffer.h \ child.c child.h \ common.h \ + conf-tokens.c conf-tokens.h \ conf.c conf.h \ conns.c conns.h \ daemon.c daemon.h \ - hashmap.c hashmap.h \ heap.c heap.h \ html-error.c html-error.h \ http-message.c http-message.h \ @@ -44,14 +44,27 @@ tinyproxy_SOURCES = \ text.c text.h \ main.c main.h \ utils.c utils.h \ - vector.c vector.h \ upstream.c upstream.h \ basicauth.c basicauth.h \ base64.c base64.h \ + sblist.c sblist.h \ + hsearch.c hsearch.h \ + orderedmap.c orderedmap.h \ + loop.c loop.h \ + mypoll.c mypoll.h \ connect-ports.c connect-ports.h EXTRA_tinyproxy_SOURCES = filter.c filter.h \ reverse-proxy.c reverse-proxy.h \ transparent-proxy.c transparent-proxy.h tinyproxy_DEPENDENCIES = @ADDITIONAL_OBJECTS@ -tinyproxy_LDADD = @ADDITIONAL_OBJECTS@ +tinyproxy_LDADD = @ADDITIONAL_OBJECTS@ -lpthread + +if HAVE_GPERF +conf-tokens.c: conf-tokens-gperf.inc +conf-tokens-gperf.inc: conf-tokens.gperf + $(GPERF) $< > $@ +endif + +EXTRA_DIST = conf-tokens.gperf + @@ -28,7 +28,7 @@ #include "log.h" #include "network.h" #include "sock.h" -#include "vector.h" +#include "sblist.h" #include <limits.h> @@ -111,10 +111,10 @@ fill_netmask_array (char *bitmask_string, int v6, /** * If the access list has not been set up, create it. */ -static int init_access_list(vector_t *access_list) +static int init_access_list(acl_list_t *access_list) { if (!*access_list) { - *access_list = vector_create (); + *access_list = sblist_new(sizeof(struct acl_s), 16); if (!*access_list) { log_message (LOG_ERR, "Unable to allocate memory for access list"); @@ -135,18 +135,15 @@ static int init_access_list(vector_t *access_list) * 0 otherwise. */ int -insert_acl (char *location, acl_access_t access_type, vector_t *access_list) +insert_acl (char *location, acl_access_t access_type, acl_list_t *access_list) { struct acl_s acl; - int ret; - char *p, ip_dst[IPV6_LEN]; + char *mask, ip_dst[IPV6_LEN]; assert (location != NULL); - ret = init_access_list(access_list); - if (ret != 0) { + if (init_access_list(access_list) != 0) return -1; - } /* * Start populating the access control structure. @@ -154,35 +151,19 @@ insert_acl (char *location, acl_access_t access_type, vector_t *access_list) memset (&acl, 0, sizeof (struct acl_s)); acl.access = access_type; + if ((mask = strrchr(location, '/'))) + *(mask++) = 0; + /* * Check for a valid IP address (the simplest case) first. */ if (full_inet_pton (location, ip_dst) > 0) { acl.type = ACL_NUMERIC; memcpy (acl.address.ip.network, ip_dst, IPV6_LEN); - memset (acl.address.ip.mask, 0xff, IPV6_LEN); - } else { - int i; - - /* - * At this point we're either a hostname or an - * IP address with a slash. - */ - p = strchr (location, '/'); - if (p != NULL) { + if(!mask) memset (acl.address.ip.mask, 0xff, IPV6_LEN); + else { char dst[sizeof(struct in6_addr)]; - int v6; - - /* - * We have a slash, so it's intended to be an - * IP address with mask - */ - *p = '\0'; - if (full_inet_pton (location, ip_dst) <= 0) - return -1; - - acl.type = ACL_NUMERIC; - + int v6, i; /* Check if the IP address before the netmask is * an IPv6 address */ if (inet_pton(AF_INET6, location, dst) > 0) @@ -191,24 +172,33 @@ insert_acl (char *location, acl_access_t access_type, vector_t *access_list) v6 = 0; if (fill_netmask_array - (p + 1, v6, &(acl.address.ip.mask[0]), IPV6_LEN) + (mask, v6, &(acl.address.ip.mask[0]), IPV6_LEN) < 0) - return -1; + goto err; for (i = 0; i < IPV6_LEN; i++) acl.address.ip.network[i] = ip_dst[i] & acl.address.ip.mask[i]; - } else { - /* In all likelihood a string */ - acl.type = ACL_STRING; - acl.address.string = safestrdup (location); - if (!acl.address.string) - return -1; } + } else { + /* either bogus IP or hostname */ + /* bogus ipv6 ? */ + if (mask || strchr (location, ':')) + goto err; + + /* In all likelihood a string */ + acl.type = ACL_STRING; + acl.address.string = safestrdup (location); + if (!acl.address.string) + goto err; } - ret = vector_append (*access_list, &acl, sizeof (struct acl_s)); - return ret; + if(!sblist_add(*access_list, &acl)) return -1; + return 0; +err:; + /* restore mask for proper error message */ + if(mask) *(--mask) = '/'; + return -1; } /* @@ -221,8 +211,8 @@ insert_acl (char *location, acl_access_t access_type, vector_t *access_list) * -1 if no tests match, so skip */ static int -acl_string_processing (struct acl_s *acl, - const char *ip_address, const char *string_address) +acl_string_processing (struct acl_s *acl, const char *ip_address, + union sockaddr_union *addr, char *string_addr) { int match; struct addrinfo hints, *res, *ressave; @@ -231,7 +221,6 @@ acl_string_processing (struct acl_s *acl, assert (acl && acl->type == ACL_STRING); assert (ip_address && strlen (ip_address) > 0); - assert (string_address && strlen (string_address) > 0); /* * If the first character of the ACL string is a period, we need to @@ -267,7 +256,15 @@ acl_string_processing (struct acl_s *acl, } STRING_TEST: - test_length = strlen (string_address); + if(string_addr[0] == 0) { + /* only do costly hostname resolution when it is absolutely needed, + and only once */ + if(getnameinfo ((void *) addr, sizeof (*addr), + string_addr, HOSTNAME_LENGTH, NULL, 0, 0) != 0) + return -1; + } + + test_length = strlen (string_addr); match_length = strlen (acl->address.string); /* @@ -278,7 +275,7 @@ STRING_TEST: return -1; if (strcasecmp - (string_address + (test_length - match_length), + (string_addr + (test_length - match_length), acl->address.string) == 0) { if (acl->access == ACL_DENY) return 0; @@ -298,16 +295,12 @@ STRING_TEST: * 0 IP address is denied * -1 neither allowed nor denied. */ -static int check_numeric_acl (const struct acl_s *acl, const char *ip) +static int check_numeric_acl (const struct acl_s *acl, uint8_t addr[IPV6_LEN]) { - uint8_t addr[IPV6_LEN], x, y; + uint8_t x, y; int i; assert (acl && acl->type == ACL_NUMERIC); - assert (ip && strlen (ip) > 0); - - if (full_inet_pton (ip, &addr) <= 0) - return -1; for (i = 0; i != IPV6_LEN; ++i) { x = addr[i] & acl->address.ip.mask[i]; @@ -329,14 +322,18 @@ static int check_numeric_acl (const struct acl_s *acl, const char *ip) * 1 if allowed * 0 if denied */ -int check_acl (const char *ip, const char *host, vector_t access_list) +int check_acl (const char *ip, union sockaddr_union *addr, acl_list_t access_list) { struct acl_s *acl; - int perm = 0; + int perm = 0, is_numeric_addr; size_t i; + char string_addr[HOSTNAME_LENGTH]; + uint8_t numeric_addr[IPV6_LEN]; assert (ip != NULL); - assert (host != NULL); + assert (addr != NULL); + + string_addr[0] = 0; /* * If there is no access list allow everything. @@ -344,17 +341,22 @@ int check_acl (const char *ip, const char *host, vector_t access_list) if (!access_list) return 1; - for (i = 0; i != (size_t) vector_length (access_list); ++i) { - acl = (struct acl_s *) vector_getentry (access_list, i, NULL); + is_numeric_addr = (full_inet_pton (ip, &numeric_addr) > 0); + + for (i = 0; i < sblist_getsize (access_list); ++i) { + acl = sblist_get (access_list, i); switch (acl->type) { case ACL_STRING: - perm = acl_string_processing (acl, ip, host); + perm = acl_string_processing (acl, ip, addr, string_addr); break; case ACL_NUMERIC: if (ip[0] == '\0') continue; - perm = check_numeric_acl (acl, ip); + + perm = is_numeric_addr + ? check_numeric_acl (acl, numeric_addr) + : -1; break; } @@ -371,12 +373,12 @@ int check_acl (const char *ip, const char *host, vector_t access_list) /* * Deny all connections by default. */ - log_message (LOG_NOTICE, "Unauthorized connection from \"%s\" [%s].", - host, ip); + log_message (LOG_NOTICE, "Unauthorized connection from \"%s\".", + ip); return 0; } -void flush_access_list (vector_t access_list) +void flush_access_list (acl_list_t access_list) { struct acl_s *acl; size_t i; @@ -390,12 +392,12 @@ void flush_access_list (vector_t access_list) * before we can free the acl entries themselves. * A hierarchical memory system would be great... */ - for (i = 0; i != (size_t) vector_length (access_list); ++i) { - acl = (struct acl_s *) vector_getentry (access_list, i, NULL); + for (i = 0; i < sblist_getsize (access_list); ++i) { + acl = sblist_get (access_list, i); if (acl->type == ACL_STRING) { safefree (acl->address.string); } } - vector_delete (access_list); + sblist_free (access_list); } @@ -21,14 +21,16 @@ #ifndef TINYPROXY_ACL_H #define TINYPROXY_ACL_H -#include "vector.h" +#include "sblist.h" +#include "sock.h" typedef enum { ACL_ALLOW, ACL_DENY } acl_access_t; +typedef sblist* acl_list_t; extern int insert_acl (char *location, acl_access_t access_type, - vector_t *access_list); -extern int check_acl (const char *ip_address, const char *string_address, - vector_t access_list); -extern void flush_access_list (vector_t access_list); + acl_list_t *access_list); +extern int check_acl (const char *ip_address, union sockaddr_union *addr, + acl_list_t access_list); +extern void flush_access_list (acl_list_t access_list); #endif diff --git a/src/anonymous.c b/src/anonymous.c index 3049acf..91e490c 100644 --- a/src/anonymous.c +++ b/src/anonymous.c @@ -23,26 +23,26 @@ #include "main.h" #include "anonymous.h" -#include "hashmap.h" +#include "hsearch.h" #include "heap.h" #include "log.h" #include "conf.h" -short int is_anonymous_enabled (void) +short int is_anonymous_enabled (struct config_s *conf) { - return (config.anonymous_map != NULL) ? 1 : 0; + return (conf->anonymous_map != NULL) ? 1 : 0; } /* * Search for the header. This function returns a positive value greater than * zero if the string was found, zero if it wasn't and negative upon error. */ -int anonymous_search (const char *s) +int anonymous_search (struct config_s *conf, const char *s) { assert (s != NULL); - assert (config.anonymous_map != NULL); + assert (conf->anonymous_map != NULL); - return hashmap_search (config.anonymous_map, s); + return !!htab_find (conf->anonymous_map, s); } /* @@ -51,23 +51,21 @@ int anonymous_search (const char *s) * Return -1 if there is an error, otherwise a 0 is returned if the insert was * successful. */ -int anonymous_insert (const char *s) +int anonymous_insert (struct config_s *conf, char *s) { - char data = 1; - assert (s != NULL); - if (!config.anonymous_map) { - config.anonymous_map = hashmap_create (32); - if (!config.anonymous_map) + if (!conf->anonymous_map) { + conf->anonymous_map = htab_create (32); + if (!conf->anonymous_map) return -1; } - if (hashmap_search (config.anonymous_map, s) > 0) { - /* The key was already found, so return a positive number. */ + if (htab_find (conf->anonymous_map, s)) { + /* The key was already found. */ return 0; } /* Insert the new key */ - return hashmap_insert (config.anonymous_map, s, &data, sizeof (data)); + return htab_insert (conf->anonymous_map, s, HTV_N(1)) ? 0 : -1; } diff --git a/src/anonymous.h b/src/anonymous.h index 0ca980e..78ce771 100644 --- a/src/anonymous.h +++ b/src/anonymous.h @@ -21,8 +21,8 @@ #ifndef _TINYPROXY_ANONYMOUS_H_ #define _TINYPROXY_ANONYMOUS_H_ -extern short int is_anonymous_enabled (void); -extern int anonymous_search (const char *s); -extern int anonymous_insert (const char *s); +extern short int is_anonymous_enabled (struct config_s *conf); +extern int anonymous_search (struct config_s *conf, const char *s); +extern int anonymous_insert (struct config_s *conf, char *s); #endif diff --git a/src/basicauth.c b/src/basicauth.c index d6c2420..ed0553b 100644 --- a/src/basicauth.c +++ b/src/basicauth.c @@ -48,10 +48,10 @@ ssize_t basicauth_string(const char *user, const char *pass, /* * Add entry to the basicauth list */ -void basicauth_add (vector_t authlist, +void basicauth_add (sblist *authlist, const char *user, const char *pass) { - char b[BASE64ENC_BYTES((256+2)-1) + 1]; + char b[BASE64ENC_BYTES((256+2)-1) + 1], *s; ssize_t ret; ret = basicauth_string(user, pass, b, sizeof b); @@ -65,7 +65,8 @@ void basicauth_add (vector_t authlist, return; } - if (vector_append(authlist, b, ret + 1) == -ENOMEM) { + if (!(s = safestrdup(b)) || !sblist_add(authlist, &s)) { + safefree(s); log_message (LOG_ERR, "Unable to allocate memory in basicauth_add()"); return; @@ -80,18 +81,16 @@ void basicauth_add (vector_t authlist, * is in the basicauth list. * return 1 on success, 0 on failure. */ -int basicauth_check (vector_t authlist, const char *authstring) +int basicauth_check (sblist *authlist, const char *authstring) { - ssize_t vl, i; - size_t el; - const char* entry; + size_t i; + char** entry; - vl = vector_length (authlist); - if (vl == -EINVAL) return 0; + if (!authlist) return 0; - for (i = 0; i < vl; i++) { - entry = vector_getentry (authlist, i, &el); - if (strcmp (authstring, entry) == 0) + for (i = 0; i < sblist_getsize(authlist); i++) { + entry = sblist_get (authlist, i); + if (entry && strcmp (authstring, *entry) == 0) return 1; } return 0; diff --git a/src/basicauth.h b/src/basicauth.h index 61dc5c3..ef25b66 100644 --- a/src/basicauth.h +++ b/src/basicauth.h @@ -22,14 +22,14 @@ #define TINYPROXY_BASICAUTH_H #include <stddef.h> -#include "vector.h" +#include "sblist.h" extern ssize_t basicauth_string(const char *user, const char *pass, char *buf, size_t bufsize); -extern void basicauth_add (vector_t authlist, +extern void basicauth_add (sblist *authlist, const char *user, const char *pass); -extern int basicauth_check (vector_t authlist, const char *authstring); +extern int basicauth_check (sblist *authlist, const char *authstring); #endif diff --git a/src/child.c b/src/child.c index effb2ae..985357d 100644 --- a/src/child.c +++ b/src/child.c @@ -31,247 +31,137 @@ #include "sock.h" #include "utils.h" #include "conf.h" +#include "sblist.h" +#include "loop.h" +#include "conns.h" +#include "mypoll.h" +#include <pthread.h> -static vector_t listen_fds; +static sblist* listen_fds; -/* - * Stores the internal data needed for each child (connection) - */ -enum child_status_t { T_EMPTY, T_WAITING, T_CONNECTED }; -struct child_s { - pid_t tid; - unsigned int connects; - enum child_status_t status; +struct client { + union sockaddr_union addr; }; -/* - * A pointer to an array of children. A certain number of children are - * created when the program is started. - */ -static struct child_s *child_ptr; - -static struct child_config_s { - unsigned int maxclients, maxrequestsperchild; - unsigned int maxspareservers, minspareservers, startservers; -} child_config; - -static unsigned int *servers_waiting; /* servers waiting for a connection */ - -/* - * Lock/Unlock the "servers_waiting" variable so that two children cannot - * modify it at the same time. - */ -#define SERVER_COUNT_LOCK() _child_lock_wait() -#define SERVER_COUNT_UNLOCK() _child_lock_release() - -/* START OF LOCKING SECTION */ - -/* - * These variables are required for the locking mechanism. Also included - * are the "private" functions for locking/unlocking. - */ -static struct flock lock_it, unlock_it; -static int lock_fd = -1; - -static void _child_lock_init (void) -{ - char lock_file[] = "/tmp/tinyproxy.servers.lock.XXXXXX"; - - /* Only allow u+rw bits. This may be required for some versions - * of glibc so that mkstemp() doesn't make us vulnerable. - */ - umask (0177); - - lock_fd = mkstemp (lock_file); - unlink (lock_file); - - lock_it.l_type = F_WRLCK; - lock_it.l_whence = SEEK_SET; - lock_it.l_start = 0; - lock_it.l_len = 0; - - unlock_it.l_type = F_UNLCK; - unlock_it.l_whence = SEEK_SET; - unlock_it.l_start = 0; - unlock_it.l_len = 0; -} - -static void _child_lock_wait (void) -{ - int rc; - - while ((rc = fcntl (lock_fd, F_SETLKW, &lock_it)) < 0) { - if (errno == EINTR) - continue; - else - return; - } -} +struct child { + pthread_t thread; + struct client client; + struct conn_s conn; + volatile int done; +}; -static void _child_lock_release (void) +static void* child_thread(void* data) { - if (fcntl (lock_fd, F_SETLKW, &unlock_it) < 0) - return; + struct child *c = data; + handle_connection (&c->conn, &c->client.addr); + c->done = 1; + return NULL; } -/* END OF LOCKING SECTION */ - -#define SERVER_INC() do { \ - SERVER_COUNT_LOCK(); \ - ++(*servers_waiting); \ - DEBUG2("INC: servers_waiting: %d", *servers_waiting); \ - SERVER_COUNT_UNLOCK(); \ -} while (0) - -#define SERVER_DEC() do { \ - SERVER_COUNT_LOCK(); \ - assert(*servers_waiting > 0); \ - --(*servers_waiting); \ - DEBUG2("DEC: servers_waiting: %d", *servers_waiting); \ - SERVER_COUNT_UNLOCK(); \ -} while (0) - -/* - * Set the configuration values for the various child related settings. - */ -short int child_configure (child_config_t type, unsigned int val) -{ - switch (type) { - case CHILD_MAXCLIENTS: - child_config.maxclients = val; - break; - case CHILD_MAXSPARESERVERS: - child_config.maxspareservers = val; - break; - case CHILD_MINSPARESERVERS: - child_config.minspareservers = val; - break; - case CHILD_STARTSERVERS: - child_config.startservers = val; - break; - case CHILD_MAXREQUESTSPERCHILD: - child_config.maxrequestsperchild = val; - break; - default: - DEBUG2 ("Invalid type (%d)", type); - return -1; - } - - return 0; -} +static sblist *childs; -/** - * child signal handler for sighup - */ -static void child_sighup_handler (int sig) +static void collect_threads(void) { - if (sig == SIGHUP) { - /* - * Ignore the return value of reload_config for now. - * This should actually be handled somehow... - */ - reload_config (); - -#ifdef FILTER_ENABLE - filter_reload (); -#endif /* FILTER_ENABLE */ - } + size_t i; + for (i = 0; i < sblist_getsize(childs); ) { + struct child *c = *((struct child**)sblist_get(childs, i)); + if (c->done) { + pthread_join(c->thread, 0); + sblist_delete(childs, i); + safefree(c); + } else i++; + } } /* - * This is the main (per child) loop. + * This is the main loop accepting new connections. */ -static void child_main (struct child_s *ptr) +void child_main_loop (void) { int connfd; - struct sockaddr *cliaddr; - socklen_t clilen; - fd_set rfds; - int maxfd = 0; + union sockaddr_union cliaddr_storage; + struct sockaddr *cliaddr = (void*) &cliaddr_storage; + socklen_t clilen = sizeof(cliaddr_storage); + int nfds = sblist_getsize(listen_fds); + pollfd_struct *fds = safecalloc(nfds, sizeof *fds); ssize_t i; - int ret; + int ret, listenfd, was_full = 0; + pthread_attr_t *attrp, attr; + struct child *child; - cliaddr = (struct sockaddr *) - safemalloc (sizeof(struct sockaddr_storage)); - if (!cliaddr) { - log_message (LOG_CRIT, - "Could not allocate memory for child address."); - exit (0); - } + childs = sblist_new(sizeof (struct child*), config->maxclients); - ptr->connects = 0; - srand(time(NULL)); + for (i = 0; i < nfds; i++) { + int *fd = sblist_get(listen_fds, i); + fds[i].fd = *fd; + fds[i].events |= MYPOLL_READ; + } /* * We have to wait for connections on multiple fds, - * so use select. + * so use select/poll/whatever. */ + while (!config->quit) { - FD_ZERO(&rfds); - - for (i = 0; i < vector_length(listen_fds); i++) { - int *fd = (int *) vector_getentry(listen_fds, i, NULL); + collect_threads(); - ret = socket_nonblocking(*fd); - if (ret != 0) { - log_message(LOG_ERR, "Failed to set the listening " - "socket %d to non-blocking: %s", - fd, strerror(errno)); - exit(1); + if (sblist_getsize(childs) >= config->maxclients) { + if (!was_full) + log_message (LOG_WARNING, + "Maximum number of connections reached. " + "Refusing new connections."); + was_full = 1; + usleep(16); + continue; } - FD_SET(*fd, &rfds); - maxfd = max(maxfd, *fd); - } + was_full = 0; + listenfd = -1; - while (!config.quit) { - int listenfd = -1; + /* Handle log rotation if it was requested */ + if (received_sighup) { - ptr->status = T_WAITING; + reload_config (1); - clilen = sizeof(struct sockaddr_storage); +#ifdef FILTER_ENABLE + filter_reload (); +#endif /* FILTER_ENABLE */ + + received_sighup = FALSE; + } + + ret = mypoll(fds, nfds, -1); - ret = select(maxfd + 1, &rfds, NULL, NULL, NULL); if (ret == -1) { if (errno == EINTR) { continue; } - log_message (LOG_ERR, "error calling select: %s", + log_message (LOG_ERR, "error calling " SELECT_OR_POLL ": %s", strerror(errno)); - exit(1); + continue; } else if (ret == 0) { - log_message (LOG_WARNING, "Strange: select returned 0 " + log_message (LOG_WARNING, "Strange: " SELECT_OR_POLL " returned 0 " "but we did not specify a timeout..."); continue; } - for (i = 0; i < vector_length(listen_fds); i++) { - int *fd = (int *) vector_getentry(listen_fds, i, NULL); - - if (FD_ISSET(*fd, &rfds)) { + for (i = 0; i < nfds; i++) { + if (fds[i].revents & MYPOLL_READ) { /* * only accept the connection on the first * fd that we find readable. - fair? */ - listenfd = *fd; + listenfd = fds[i].fd; break; } } if (listenfd == -1) { log_message(LOG_WARNING, "Strange: None of our listen " - "fds was readable after select"); + "fds was readable after " SELECT_OR_POLL); continue; } - ret = socket_blocking(listenfd); - if (ret != 0) { - log_message(LOG_ERR, "Failed to set listening " - "socket %d to blocking for accept: %s", - listenfd, strerror(errno)); - exit(1); - } - /* * We have a socket that is readable. * Continue handling this connection. @@ -279,21 +169,6 @@ static void child_main (struct child_s *ptr) connfd = accept (listenfd, cliaddr, &clilen); -#ifndef NDEBUG - /* - * Enable the TINYPROXY_DEBUG environment variable if you - * want to use the GDB debugger. - */ - if (getenv ("TINYPROXY_DEBUG")) { - /* Pause for 10 seconds to allow us to connect debugger */ - fprintf (stderr, - "Process has accepted connection: %ld\n", - (long int) ptr->tid); - sleep (10); - fprintf (stderr, "Continuing process: %ld\n", - (long int) ptr->tid); - } -#endif /* * Make sure no error occurred... @@ -305,225 +180,41 @@ static void child_main (struct child_s *ptr) continue; } - ptr->status = T_CONNECTED; - - SERVER_DEC (); - - handle_connection (connfd); - ptr->connects++; - - if (child_config.maxrequestsperchild != 0) { - DEBUG2 ("%u connections so far...", ptr->connects); - - if (ptr->connects == child_config.maxrequestsperchild) { - log_message (LOG_NOTICE, - "Child has reached MaxRequestsPerChild (%u). " - "Killing child.", ptr->connects); - break; - } - } - - SERVER_COUNT_LOCK (); - if (*servers_waiting > child_config.maxspareservers) { - /* - * There are too many spare children, kill ourself - * off. - */ - log_message (LOG_NOTICE, - "Waiting servers (%d) exceeds MaxSpareServers (%d). " - "Killing child.", - *servers_waiting, - child_config.maxspareservers); - SERVER_COUNT_UNLOCK (); - - break; - } else { - SERVER_COUNT_UNLOCK (); + child = safecalloc(1, sizeof(struct child)); + if (!child) { +oom: + close(connfd); + log_message (LOG_CRIT, + "Could not allocate memory for child."); + usleep(16); /* prevent 100% CPU usage in OOM situation */ + continue; } - SERVER_INC (); - } - - ptr->status = T_EMPTY; - - safefree (cliaddr); - exit (0); -} - -/* - * Fork a child "child" (or in our case a process) and then start up the - * child_main() function. - */ -static pid_t child_make (struct child_s *ptr) -{ - pid_t pid; - - if ((pid = fork ()) > 0) - return pid; /* parent */ - - /* - * Reset the SIGNALS so that the child can be reaped. - */ - set_signal_handler (SIGCHLD, SIG_DFL); - set_signal_handler (SIGTERM, SIG_DFL); - set_signal_handler (SIGHUP, child_sighup_handler); - - child_main (ptr); /* never returns */ - return -1; -} - -/* - * Create a pool of children to handle incoming connections - */ -short int child_pool_create (void) -{ - unsigned int i; - - /* - * Make sure the number of MaxClients is not zero, since this - * variable determines the size of the array created for children - * later on. - */ - if (child_config.maxclients == 0) { - log_message (LOG_ERR, - "child_pool_create: \"MaxClients\" must be " - "greater than zero."); - return -1; - } - if (child_config.startservers == 0) { - log_message (LOG_ERR, - "child_pool_create: \"StartServers\" must be " - "greater than zero."); - return -1; - } - - child_ptr = - (struct child_s *) calloc_shared_memory (child_config.maxclients, - sizeof (struct child_s)); - if (!child_ptr) { - log_message (LOG_ERR, - "Could not allocate memory for children."); - return -1; - } - - servers_waiting = - (unsigned int *) malloc_shared_memory (sizeof (unsigned int)); - if (servers_waiting == MAP_FAILED) { - log_message (LOG_ERR, - "Could not allocate memory for child counting."); - return -1; - } - *servers_waiting = 0; - - /* - * Create a "locking" file for use around the servers_waiting - * variable. - */ - _child_lock_init (); - - if (child_config.startservers > child_config.maxclients) { - log_message (LOG_WARNING, - "Can not start more than \"MaxClients\" servers. " - "Starting %u servers instead.", - child_config.maxclients); - child_config.startservers = child_config.maxclients; - } - - for (i = 0; i != child_config.maxclients; i++) { - child_ptr[i].status = T_EMPTY; - child_ptr[i].connects = 0; - } - - for (i = 0; i != child_config.startservers; i++) { - DEBUG2 ("Trying to create child %d of %d", i + 1, - child_config.startservers); - child_ptr[i].status = T_WAITING; - child_ptr[i].tid = child_make (&child_ptr[i]); + child->done = 0; - if (child_ptr[i].tid < 0) { - log_message (LOG_WARNING, - "Could not create child number %d of %d", - i, child_config.startservers); - return -1; - } else { - log_message (LOG_INFO, - "Creating child number %d of %d ...", - i + 1, child_config.startservers); - - SERVER_INC (); + if (!sblist_add(childs, &child)) { + free(child); + goto oom; } - } - log_message (LOG_INFO, "Finished creating all children."); + conn_struct_init(&child->conn); + child->conn.client_fd = connfd; - return 0; -} + memcpy(&child->client.addr, &cliaddr_storage, sizeof(cliaddr_storage)); -/* - * Keep the proper number of servers running. This is the birth of the - * servers. It monitors this at least once a second. - */ -void child_main_loop (void) -{ - unsigned int i; - - while (1) { - if (config.quit) - return; - - /* If there are not enough spare servers, create more */ - SERVER_COUNT_LOCK (); - if (*servers_waiting < child_config.minspareservers) { - log_message (LOG_NOTICE, - "Waiting servers (%d) is less than MinSpareServers (%d). " - "Creating new child.", - *servers_waiting, - child_config.minspareservers); - - SERVER_COUNT_UNLOCK (); - - for (i = 0; i != child_config.maxclients; i++) { - if (child_ptr[i].status == T_EMPTY) { - child_ptr[i].status = T_WAITING; - child_ptr[i].tid = - child_make (&child_ptr[i]); - if (child_ptr[i].tid < 0) { - log_message (LOG_NOTICE, - "Could not create child"); - - child_ptr[i].status = T_EMPTY; - break; - } - - SERVER_INC (); - - break; - } - } - } else { - SERVER_COUNT_UNLOCK (); + attrp = 0; + if (pthread_attr_init(&attr) == 0) { + attrp = &attr; + pthread_attr_setstacksize(attrp, 256*1024); } - sleep (5); - - /* Handle log rotation if it was requested */ - if (received_sighup) { - /* - * Ignore the return value of reload_config for now. - * This should actually be handled somehow... - */ - reload_config (); - -#ifdef FILTER_ENABLE - filter_reload (); -#endif /* FILTER_ENABLE */ - - /* propagate filter reload to all children */ - child_kill_children (SIGHUP); - - received_sighup = FALSE; - } + if (pthread_create(&child->thread, attrp, child_thread, child) != 0) { + sblist_delete(childs, sblist_getsize(childs) -1); + free(child); + goto oom; + } } + safefree(fds); } /* @@ -531,27 +222,48 @@ void child_main_loop (void) */ void child_kill_children (int sig) { - unsigned int i; - - for (i = 0; i != child_config.maxclients; i++) { - if (child_ptr[i].status != T_EMPTY) - kill (child_ptr[i].tid, sig); - } + size_t i, tries = 0; + + if (sig != SIGTERM) return; + log_message (LOG_INFO, + "trying to bring down %zu threads...", + sblist_getsize(childs) + ); + + +again: + for (i = 0; i < sblist_getsize(childs); i++) { + struct child *c = *((struct child**)sblist_get(childs, i)); + if (!c->done) pthread_kill(c->thread, SIGCHLD); + } + usleep(8192); + collect_threads(); + if (sblist_getsize(childs) != 0) + if(tries++ < 8) goto again; + if (sblist_getsize(childs) != 0) + log_message (LOG_CRIT, + "child_kill_children: %zu threads still alive!", + sblist_getsize(childs) + ); } +void child_free_children(void) { + sblist_free(childs); + childs = 0; +} /** * Listen on the various configured interfaces */ -int child_listening_sockets(vector_t listen_addrs, uint16_t port) +int child_listening_sockets(sblist *listen_addrs, uint16_t port) { int ret; - ssize_t i; + size_t i; assert (port > 0); if (listen_fds == NULL) { - listen_fds = vector_create(); + listen_fds = sblist_new(sizeof(int), 16); if (listen_fds == NULL) { log_message (LOG_ERR, "Could not create the list " "of listening fds"); @@ -559,8 +271,7 @@ int child_listening_sockets(vector_t listen_addrs, uint16_t port) } } - if ((listen_addrs == NULL) || - (vector_length(listen_addrs) == 0)) + if (!listen_addrs || !sblist_getsize(listen_addrs)) { /* * no Listen directive: @@ -570,17 +281,17 @@ int child_listening_sockets(vector_t listen_addrs, uint16_t port) return ret; } - for (i = 0; i < vector_length(listen_addrs); i++) { - const char *addr; + for (i = 0; i < sblist_getsize(listen_addrs); i++) { + char **addr; - addr = (char *)vector_getentry(listen_addrs, i, NULL); - if (addr == NULL) { + addr = sblist_get(listen_addrs, i); + if (!addr || !*addr) { log_message(LOG_WARNING, "got NULL from listen_addrs - skipping"); continue; } - ret = listen_sock(addr, port, listen_fds); + ret = listen_sock(*addr, port, listen_fds); if (ret != 0) { return ret; } @@ -591,14 +302,14 @@ int child_listening_sockets(vector_t listen_addrs, uint16_t port) void child_close_sock (void) { - ssize_t i; + size_t i; - for (i = 0; i < vector_length(listen_fds); i++) { - int *fd = (int *) vector_getentry(listen_fds, i, NULL); + for (i = 0; i < sblist_getsize(listen_fds); i++) { + int *fd = sblist_get(listen_fds, i); close (*fd); } - vector_delete(listen_fds); + sblist_free(listen_fds); listen_fds = NULL; } diff --git a/src/child.h b/src/child.h index 70f52b7..ffcd9d0 100644 --- a/src/child.h +++ b/src/child.h @@ -21,7 +21,7 @@ #ifndef TINYPROXY_CHILD_H #define TINYPROXY_CHILD_H -#include "vector.h" +#include "sblist.h" typedef enum { CHILD_MAXCLIENTS, @@ -32,10 +32,11 @@ typedef enum { } child_config_t; extern short int child_pool_create (void); -extern int child_listening_sockets (vector_t listen_addrs, uint16_t port); +extern int child_listening_sockets (sblist *listen_addrs, uint16_t port); extern void child_close_sock (void); extern void child_main_loop (void); extern void child_kill_children (int sig); +extern void child_free_children(void); extern short int child_configure (child_config_t type, unsigned int val); diff --git a/src/common.h b/src/common.h index 47a1ed1..563ee6f 100644 --- a/src/common.h +++ b/src/common.h @@ -68,7 +68,6 @@ # include <arpa/inet.h> # include <grp.h> # include <pwd.h> -# include <regex.h> /* rest - some oddball headers */ #ifdef HAVE_VALUES_H diff --git a/src/conf-tokens.c b/src/conf-tokens.c new file mode 100644 index 0000000..edfcedf --- /dev/null +++ b/src/conf-tokens.c @@ -0,0 +1,72 @@ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include <string.h> +#include <stdlib.h> +#include "conf-tokens.h" + +#ifdef HAVE_GPERF +#include "conf-tokens-gperf.inc" +#else + +#include <strings.h> + +const struct config_directive_entry * +config_directive_find (register const char *str, register size_t len) +{ + size_t i; + static const struct config_directive_entry wordlist[] = + { + {"",CD_NIL}, {"",CD_NIL}, + {"allow", CD_allow}, + {"stathost", CD_stathost}, + {"listen", CD_listen}, + {"timeout", CD_timeout}, + {"statfile", CD_statfile}, + {"pidfile", CD_pidfile}, + {"bindsame", CD_bindsame}, + {"reversebaseurl", CD_reversebaseurl}, + {"viaproxyname", CD_viaproxyname}, + {"upstream", CD_upstream}, + {"anonymous", CD_anonymous}, + {"group", CD_group}, + {"defaulterrorfile", CD_defaulterrorfile}, + {"startservers", CD_startservers}, + {"filtercasesensitive", CD_filtercasesensitive}, + {"filterurls", CD_filterurls}, + {"filter", CD_filter}, + {"reversemagic", CD_reversemagic}, + {"errorfile", CD_errorfile}, + {"minspareservers", CD_minspareservers}, + {"user", CD_user}, + {"disableviaheader", CD_disableviaheader}, + {"deny", CD_deny}, + {"xtinyproxy", CD_xtinyproxy}, + {"reversepath", CD_reversepath}, + {"bind", CD_bind}, + {"maxclients", CD_maxclients}, + {"reverseonly", CD_reverseonly}, + {"port", CD_port}, + {"maxspareservers", CD_maxspareservers}, + {"syslog", CD_syslog}, + {"filterdefaultdeny", CD_filterdefaultdeny}, + {"loglevel", CD_loglevel}, + {"filterextended", CD_filterextended}, + {"connectport", CD_connectport}, + {"logfile", CD_logfile}, + {"basicauth", CD_basicauth}, + {"addheader", CD_addheader}, + {"maxrequestsperchild", CD_maxrequestsperchild}, + {"bindipv4mapped", CD_bindipv4mapped}, + {"bindipv6mapped", CD_bindipv6mapped}, + }; + + for(i=0;i<sizeof(wordlist)/sizeof(wordlist[0]);++i) { + if(!strcasecmp(str, wordlist[i].name)) + return &wordlist[i]; + } + return 0; +} + +#endif diff --git a/src/conf-tokens.gperf b/src/conf-tokens.gperf new file mode 100644 index 0000000..ef93245 --- /dev/null +++ b/src/conf-tokens.gperf @@ -0,0 +1,61 @@ +%{ +#include <string.h> +#include <stdlib.h> +#include "conf-tokens.h" +%} + +struct config_directive_entry { const char* name; enum config_directive value; }; + +%struct-type +%define slot-name name +%define initializer-suffix ,CD_NIL +%define lookup-function-name config_directive_find +%ignore-case +%7bit +%compare-lengths +%readonly-tables +%define constants-prefix CDS_ +%omit-struct-type + +%% +logfile, CD_logfile +pidfile, CD_pidfile +anonymous, CD_anonymous +viaproxyname, CD_viaproxyname +defaulterrorfile, CD_defaulterrorfile +statfile, CD_statfile +stathost, CD_stathost +xtinyproxy, CD_xtinyproxy +syslog, CD_syslog +bindsame, CD_bindsame +disableviaheader, CD_disableviaheader +port, CD_port +maxclients, CD_maxclients +maxspareservers, CD_maxspareservers +minspareservers, CD_minspareservers +startservers, CD_startservers +maxrequestsperchild, CD_maxrequestsperchild +timeout, CD_timeout +connectport, CD_connectport +user, CD_user +group, CD_group +listen, CD_listen +allow, CD_allow +deny, CD_deny +bind, CD_bind +basicauth, CD_basicauth +errorfile, CD_errorfile +addheader, CD_addheader +filter, CD_filter +filterurls, CD_filterurls +filterextended, CD_filterextended +filterdefaultdeny, CD_filterdefaultdeny +filtercasesensitive, CD_filtercasesensitive +reversebaseurl, CD_reversebaseurl +reverseonly, CD_reverseonly +reversemagic, CD_reversemagic +reversepath, CD_reversepath +upstream, CD_upstream +loglevel, CD_loglevel +%% + diff --git a/src/conf-tokens.h b/src/conf-tokens.h new file mode 100644 index 0000000..e99f0de --- /dev/null +++ b/src/conf-tokens.h @@ -0,0 +1,55 @@ +#ifndef CONF_TOKENS_H +#define CONF_TOKENS_H + +enum config_directive { +CD_NIL = 0, +CD_logfile, +CD_pidfile, +CD_anonymous, +CD_viaproxyname, +CD_defaulterrorfile, +CD_statfile, +CD_stathost, +CD_xtinyproxy, +CD_syslog, +CD_bindsame, +CD_disableviaheader, +CD_port, +CD_maxclients, +CD_maxspareservers, +CD_minspareservers, +CD_startservers, +CD_maxrequestsperchild, +CD_timeout, +CD_connectport, +CD_user, +CD_group, +CD_listen, +CD_allow, +CD_deny, +CD_bind, +CD_basicauth, +CD_errorfile, +CD_addheader, +CD_filter, +CD_filterurls, +CD_filterextended, +CD_filterdefaultdeny, +CD_filtercasesensitive, +CD_reversebaseurl, +CD_reverseonly, +CD_reversemagic, +CD_reversepath, +CD_upstream, +CD_loglevel, +CD_bindipv4mapped, +CD_bindipv6mapped, +}; + +struct config_directive_entry { const char* name; enum config_directive value; }; + +const struct config_directive_entry * +config_directive_find (register const char *str, register size_t len); + +#endif + @@ -23,11 +23,12 @@ * add new directives to. Who knows if I'm right though. */ +#include "common.h" +#include <regex.h> #include "conf.h" #include "acl.h" #include "anonymous.h" -#include "child.h" #include "filter.h" #include "heap.h" #include "html-error.h" @@ -37,6 +38,7 @@ #include "upstream.h" #include "connect-ports.h" #include "basicauth.h" +#include "conf-tokens.h" /* * The configuration directives are defined in the structure below. Each @@ -47,50 +49,42 @@ * can (and likely should) be used when building the regex for the * given directive. */ -#define WS "[[:space:]]+" +#define DIGIT "[0-9]" +#define SPACE "[ \t]" +#define WS SPACE "+" #define STR "\"([^\"]+)\"" #define BOOL "(yes|on|no|off)" -#define INT "((0x)?[[:digit:]]+)" +#define INT "(()" DIGIT "+)" #define ALNUM "([-a-z0-9._]+)" +#define USERNAME "([^:]*)" +#define PASSWORD "([^@]*)" #define IP "((([0-9]{1,3})\\.){3}[0-9]{1,3})" -#define IPMASK "(" IP "(/[[:digit:]]+)?)" +#define IPMASK "(" IP "(/" DIGIT "+)?)" #define IPV6 "(" \ - "(([0-9a-f]{1,4}:){1,1}(:[0-9a-f]{1,4}){1,6})|" \ - "(([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5})|" \ - "(([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4})|" \ - "(([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3})|" \ - "(([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2})|" \ - "(([0-9a-f]{1,4}:){1,6}(:[0-9a-f]{1,4}){1,1})|" \ - "((([0-9a-f]{1,4}:){1,7}|:):)|" \ - "(:(:[0-9a-f]{1,4}){1,7})|" \ - "([0-9a-f]{1,4}(:[0-9a-f]{1,4}){1,7})|" \ - "(((([0-9a-f]{1,4}:){6})(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}))|" \ - "((([0-9a-f]{1,4}:){5}[0-9a-f]{1,4}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}))|" \ - "(([0-9a-f]{1,4}:){5}:[0-9a-f]{1,4}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})|" \ - "(([0-9a-f]{1,4}:){1,1}(:[0-9a-f]{1,4}){1,4}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})|" \ - "(([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,3}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})|" \ - "(([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,2}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})|" \ - "(([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,1}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})|" \ - "((([0-9a-f]{1,4}:){1,5}|:):(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})|" \ - "(:(:[0-9a-f]{1,4}){1,5}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})" \ + "(([0-9a-f:]{2,39}))|" \ + "(([0-9a-f:]{0,29}:" IP "))" \ ")" -#define IPV6MASK "(" IPV6 "(/[[:digit:]]+)?)" -#define BEGIN "^[[:space:]]*" -#define END "[[:space:]]*$" +#define IPV6MASK "(" IPV6 "(/" DIGIT "+)?)" +#define BEGIN "^" SPACE "*" +#define END SPACE "*$" /* * Limit the maximum number of substring matches to a reasonably high * number. Given the usual structure of the configuration file, sixteen * substring matches should be plenty. */ -#define RE_MAX_MATCHES 16 +#define RE_MAX_MATCHES 24 + +#define CP_WARN(FMT, ...) \ + log_message (LOG_WARNING, "line %lu: " FMT, lineno, __VA_ARGS__) /* * All configuration handling functions are REQUIRED to be defined * with the same function template as below. */ -typedef int (*CONFFILE_HANDLER) (struct config_s *, const char *, regmatch_t[]); +typedef int (*CONFFILE_HANDLER) (struct config_s *, const char *, + unsigned long, regmatch_t[]); /* * Define the pattern used by any directive handling function. The @@ -105,21 +99,26 @@ typedef int (*CONFFILE_HANDLER) (struct config_s *, const char *, regmatch_t[]); */ #define HANDLE_FUNC(func) \ int func(struct config_s* conf, const char* line, \ - regmatch_t match[]) + unsigned long lineno, regmatch_t match[]) /* * List all the handling functions. These are defined later, but they need * to be in-scope before the big structure below. */ -static HANDLE_FUNC (handle_nop) +static HANDLE_FUNC (handle_disabled_feature) { - return 0; -} /* do nothing function */ + fprintf (stderr, "ERROR: accessing feature that was disabled at compiletime on line %lu\n", + lineno); + + return -1; +} static HANDLE_FUNC (handle_allow); static HANDLE_FUNC (handle_basicauth); static HANDLE_FUNC (handle_anonymous); static HANDLE_FUNC (handle_bind); +static HANDLE_FUNC (handle_bindipv4mapped); +static HANDLE_FUNC (handle_bindipv6mapped); static HANDLE_FUNC (handle_bindsame); static HANDLE_FUNC (handle_connectport); static HANDLE_FUNC (handle_defaulterrorfile); @@ -138,9 +137,7 @@ static HANDLE_FUNC (handle_listen); static HANDLE_FUNC (handle_logfile); static HANDLE_FUNC (handle_loglevel); static HANDLE_FUNC (handle_maxclients); -static HANDLE_FUNC (handle_maxrequestsperchild); -static HANDLE_FUNC (handle_maxspareservers); -static HANDLE_FUNC (handle_minspareservers); +static HANDLE_FUNC (handle_obsolete); static HANDLE_FUNC (handle_pidfile); static HANDLE_FUNC (handle_port); #ifdef REVERSE_SUPPORT @@ -149,7 +146,6 @@ static HANDLE_FUNC (handle_reversemagic); static HANDLE_FUNC (handle_reverseonly); static HANDLE_FUNC (handle_reversepath); #endif -static HANDLE_FUNC (handle_startservers); static HANDLE_FUNC (handle_statfile); static HANDLE_FUNC (handle_stathost); static HANDLE_FUNC (handle_syslog); @@ -162,7 +158,6 @@ static HANDLE_FUNC (handle_xtinyproxy); #ifdef UPSTREAM_SUPPORT static HANDLE_FUNC (handle_upstream); -static HANDLE_FUNC (handle_upstream_no); #endif static void config_free_regex (void); @@ -178,7 +173,7 @@ static void config_free_regex (void); * do not follow the pattern above. This macro is for convenience * only. */ -#define STDCONF(d, re, func) { BEGIN "(" d ")" WS re END, func, NULL } +#define STDCONF(d, re, func) [CD_ ## d] = { BEGIN "()" WS re END, func, NULL } /* * Holds the regular expression used to match the configuration directive, @@ -191,110 +186,118 @@ struct { CONFFILE_HANDLER handler; regex_t *cre; } directives[] = { - /* comments */ - { - BEGIN "#", handle_nop, NULL - }, - /* blank lines */ - { - "^[[:space:]]+$", handle_nop, NULL - }, /* string arguments */ - STDCONF ("logfile", STR, handle_logfile), - STDCONF ("pidfile", STR, handle_pidfile), - STDCONF ("anonymous", STR, handle_anonymous), - STDCONF ("viaproxyname", STR, handle_viaproxyname), - STDCONF ("defaulterrorfile", STR, handle_defaulterrorfile), - STDCONF ("statfile", STR, handle_statfile), - STDCONF ("stathost", STR, handle_stathost), - STDCONF ("xtinyproxy", BOOL, handle_xtinyproxy), + STDCONF (logfile, STR, handle_logfile), + STDCONF (pidfile, STR, handle_pidfile), + STDCONF (anonymous, STR, handle_anonymous), + STDCONF (viaproxyname, STR, handle_viaproxyname), + STDCONF (defaulterrorfile, STR, handle_defaulterrorfile), + STDCONF (statfile, STR, handle_statfile), + STDCONF (stathost, STR, handle_stathost), + STDCONF (xtinyproxy, BOOL, handle_xtinyproxy), /* boolean arguments */ - STDCONF ("syslog", BOOL, handle_syslog), - STDCONF ("bindsame", BOOL, handle_bindsame), - STDCONF ("disableviaheader", BOOL, handle_disableviaheader), + STDCONF (syslog, BOOL, handle_syslog), + STDCONF (bindsame, BOOL, handle_bindsame), + STDCONF (disableviaheader, BOOL, handle_disableviaheader), /* integer arguments */ - STDCONF ("port", INT, handle_port), - STDCONF ("maxclients", INT, handle_maxclients), - STDCONF ("maxspareservers", INT, handle_maxspareservers), - STDCONF ("minspareservers", INT, handle_minspareservers), - STDCONF ("startservers", INT, handle_startservers), - STDCONF ("maxrequestsperchild", INT, handle_maxrequestsperchild), - STDCONF ("timeout", INT, handle_timeout), - STDCONF ("connectport", INT, handle_connectport), + STDCONF (port, INT, handle_port), + STDCONF (maxclients, INT, handle_maxclients), + STDCONF (maxspareservers, INT, handle_obsolete), + STDCONF (minspareservers, INT, handle_obsolete), + STDCONF (startservers, INT, handle_obsolete), + STDCONF (maxrequestsperchild, INT, handle_obsolete), + STDCONF (timeout, INT, handle_timeout), + STDCONF (connectport, INT, handle_connectport), /* alphanumeric arguments */ - STDCONF ("user", ALNUM, handle_user), - STDCONF ("group", ALNUM, handle_group), + STDCONF (user, ALNUM, handle_user), + STDCONF (group, ALNUM, handle_group), /* ip arguments */ - STDCONF ("listen", "(" IP "|" IPV6 ")", handle_listen), - STDCONF ("allow", "(" "(" IPMASK "|" IPV6MASK ")" "|" ALNUM ")", + STDCONF (listen, "(" IP "|" IPV6 ")", handle_listen), + STDCONF (allow, "(" "(" IPMASK "|" IPV6MASK ")" "|" ALNUM ")", handle_allow), - STDCONF ("deny", "(" "(" IPMASK "|" IPV6MASK ")" "|" ALNUM ")", + STDCONF (deny, "(" "(" IPMASK "|" IPV6MASK ")" "|" ALNUM ")", handle_deny), - STDCONF ("bind", "(" IP "|" IPV6 ")", handle_bind), + STDCONF (bind, "(" IP "|" IPV6 ")", handle_bind), + STDCONF (bindipv4mapped, "(" IPV6 ")", handle_bindipv4mapped), + STDCONF (bindipv6mapped, "(" IP ")", handle_bindipv6mapped), /* other */ - STDCONF ("basicauth", ALNUM WS ALNUM, handle_basicauth), - STDCONF ("errorfile", INT WS STR, handle_errorfile), - STDCONF ("addheader", STR WS STR, handle_addheader), + STDCONF (basicauth, ALNUM WS ALNUM, handle_basicauth), + STDCONF (errorfile, INT WS STR, handle_errorfile), + STDCONF (addheader, STR WS STR, handle_addheader), #ifdef FILTER_ENABLE /* filtering */ - STDCONF ("filter", STR, handle_filter), - STDCONF ("filterurls", BOOL, handle_filterurls), - STDCONF ("filterextended", BOOL, handle_filterextended), - STDCONF ("filterdefaultdeny", BOOL, handle_filterdefaultdeny), - STDCONF ("filtercasesensitive", BOOL, handle_filtercasesensitive), + STDCONF (filter, STR, handle_filter), + STDCONF (filterurls, BOOL, handle_filterurls), + STDCONF (filterextended, BOOL, handle_filterextended), + STDCONF (filterdefaultdeny, BOOL, handle_filterdefaultdeny), + STDCONF (filtercasesensitive, BOOL, handle_filtercasesensitive), #endif #ifdef REVERSE_SUPPORT /* Reverse proxy arguments */ - STDCONF ("reversebaseurl", STR, handle_reversebaseurl), - STDCONF ("reverseonly", BOOL, handle_reverseonly), - STDCONF ("reversemagic", BOOL, handle_reversemagic), - STDCONF ("reversepath", STR "(" WS STR ")?", handle_reversepath), + STDCONF (reversebaseurl, STR, handle_reversebaseurl), + STDCONF (reverseonly, BOOL, handle_reverseonly), + STDCONF (reversemagic, BOOL, handle_reversemagic), + STDCONF (reversepath, STR "(" WS STR ")?", handle_reversepath), #endif #ifdef UPSTREAM_SUPPORT - { - BEGIN "(upstream)" WS "(none)" WS STR END, handle_upstream_no, NULL - }, - { - BEGIN "(upstream)" WS "(http|socks4|socks5)" WS - "(" ALNUM /*username*/ ":" ALNUM /*password*/ "@" ")?" - "(" IP "|" ALNUM ")" - ":" INT "(" WS STR ")?" - END, handle_upstream, NULL - }, + STDCONF (upstream, + "(" "(none)" WS STR ")|" \ + "(" "(http|socks4|socks5)" WS \ + "(" USERNAME /*username*/ ":" PASSWORD /*password*/ "@" ")?" + "(" IP "|" ALNUM ")" + ":" INT "(" WS STR ")?" ")", handle_upstream), #endif /* loglevel */ - STDCONF ("loglevel", "(critical|error|warning|notice|connect|info)", + STDCONF (loglevel, "(critical|error|warning|notice|connect|info)", handle_loglevel) }; const unsigned int ndirectives = sizeof (directives) / sizeof (directives[0]); static void -free_added_headers (vector_t add_headers) +free_added_headers (sblist* add_headers) { - ssize_t i; + size_t i; + + if (!add_headers) return; - for (i = 0; i < vector_length (add_headers); i++) { - http_header_t *header = (http_header_t *) - vector_getentry (add_headers, i, NULL); + for (i = 0; i < sblist_getsize (add_headers); i++) { + http_header_t *header = sblist_get (add_headers, i); safefree (header->name); safefree (header->value); } - vector_delete (add_headers); + sblist_free (add_headers); } -static void free_config (struct config_s *conf) +static void stringlist_free(sblist *sl) { + size_t i; + char **s; + if(sl) { + for(i = 0; i < sblist_getsize(sl); i++) { + s = sblist_get(sl, i); + if(s) safefree(*s); + } + sblist_free(sl); + } +} + +void free_config (struct config_s *conf) { - safefree (conf->config_file); + char *k; + htab_value *v; + size_t it; safefree (conf->logf_name); safefree (conf->stathost); safefree (conf->user); safefree (conf->group); - vector_delete(conf->listen_addrs); - vector_delete(conf->basicauth_list); + safefree (conf->bind_ipv4mapped); + safefree (conf->bind_ipv6mapped); + stringlist_free(conf->basicauth_list); + stringlist_free(conf->listen_addrs); + stringlist_free(conf->bind_addrs); #ifdef FILTER_ENABLE safefree (conf->filter); #endif /* FILTER_ENABLE */ @@ -306,34 +309,50 @@ static void free_config (struct config_s *conf) free_upstream_list (conf->upstream_list); #endif /* UPSTREAM_SUPPORT */ safefree (conf->pidpath); - safefree (conf->bind_address); safefree (conf->via_proxy_name); - hashmap_delete (conf->errorpages); + if (conf->errorpages) { + it = 0; + while((it = htab_next(conf->errorpages, it, &k, &v))) { + safefree(k); + safefree(v->p); + } + htab_destroy (conf->errorpages); + } free_added_headers (conf->add_headers); safefree (conf->errorpage_undef); safefree (conf->statpage); flush_access_list (conf->access_list); free_connect_ports_list (conf->connect_ports); - hashmap_delete (conf->anonymous_map); + if (conf->anonymous_map) { + it = 0; + while((it = htab_next(conf->anonymous_map, it, &k, &v))) + safefree(k); + htab_destroy (conf->anonymous_map); + } memset (conf, 0, sizeof(*conf)); } /* + * Initializes Config parser. Currently this means: * Compiles the regular expressions used by the configuration file. This * routine MUST be called before trying to parse the configuration file. * * Returns 0 on success; negative upon failure. */ int -config_compile_regex (void) +config_init (void) { unsigned int i, r; for (i = 0; i != ndirectives; ++i) { - assert (directives[i].handler); assert (!directives[i].cre); + if (!directives[i].handler) { + directives[i].handler = handle_disabled_feature; + continue; + } + directives[i].cre = (regex_t *) safemalloc (sizeof (regex_t)); if (!directives[i].cre) return -1; @@ -376,20 +395,18 @@ config_free_regex (void) * Returns 0 if a match was found and successfully processed; otherwise, * a negative number is returned. */ -static int check_match (struct config_s *conf, const char *line) +static int check_match (struct config_s *conf, const char *line, + unsigned long lineno, enum config_directive cd) { regmatch_t match[RE_MAX_MATCHES]; - unsigned int i; + unsigned int i = cd; - assert (ndirectives > 0); - - for (i = 0; i != ndirectives; ++i) { - assert (directives[i].cre); - if (!regexec - (directives[i].cre, line, RE_MAX_MATCHES, match, 0)) - return (*directives[i].handler) (conf, line, match); - } + if (!directives[i].cre) + return (*directives[i].handler) (conf, line, lineno, match); + if (!regexec + (directives[i].cre, line, RE_MAX_MATCHES, match, 0)) + return (*directives[i].handler) (conf, line, lineno, match); return -1; } @@ -398,15 +415,25 @@ static int check_match (struct config_s *conf, const char *line) */ static int config_parse (struct config_s *conf, FILE * f) { - char buffer[1024]; /* 1KB lines should be plenty */ + char buffer[LINE_MAX], *p, *q, c; + const struct config_directive_entry *e; unsigned long lineno = 1; - while (fgets (buffer, sizeof (buffer), f)) { - if (check_match (conf, buffer)) { - printf ("Syntax error on line %ld\n", lineno); + for (;fgets (buffer, sizeof (buffer), f);++lineno) { + if(buffer[0] == '#') continue; + p = buffer; + while(isspace(*p))p++; + if(!*p) continue; + q = p; + while(!isspace(*q))q++; + c = *q; + *q = 0; + e = config_directive_find(p, strlen(p)); + *q = c; + if (!e || e->value == CD_NIL || check_match (conf, q, lineno, e->value)) { + fprintf (stderr, "ERROR: Syntax error on line %lu\n", lineno); return 1; } - ++lineno; } return 0; } @@ -442,121 +469,30 @@ done: return ret; } -static void initialize_with_defaults (struct config_s *conf, - struct config_s *defaults) +static void initialize_config_defaults (struct config_s *conf) { - if (defaults->logf_name) { - conf->logf_name = safestrdup (defaults->logf_name); - } - - if (defaults->config_file) { - conf->config_file = safestrdup (defaults->config_file); - } - - conf->syslog = defaults->syslog; - conf->port = defaults->port; - - if (defaults->stathost) { - conf->stathost = safestrdup (defaults->stathost); - } - - conf->godaemon = defaults->godaemon; - conf->quit = defaults->quit; - - if (defaults->user) { - conf->user = safestrdup (defaults->user); - } - - if (defaults->group) { - conf->group = safestrdup (defaults->group); - } - - if (defaults->listen_addrs) { - ssize_t i; - - conf->listen_addrs = vector_create(); - for (i=0; i < vector_length(defaults->listen_addrs); i++) { - char *addr; - size_t size; - addr = (char *)vector_getentry(defaults->listen_addrs, - i, &size); - vector_append(conf->listen_addrs, addr, size); - } - - } - -#ifdef FILTER_ENABLE - if (defaults->filter) { - conf->filter = safestrdup (defaults->filter); - } - - conf->filter_url = defaults->filter_url; - conf->filter_extended = defaults->filter_extended; - conf->filter_casesensitive = defaults->filter_casesensitive; -#endif /* FILTER_ENABLE */ - -#ifdef XTINYPROXY_ENABLE - conf->add_xtinyproxy = defaults->add_xtinyproxy; -#endif - -#ifdef REVERSE_SUPPORT - /* struct reversepath *reversepath_list; */ - conf->reverseonly = defaults->reverseonly; - conf->reversemagic = defaults->reversemagic; - - if (defaults->reversebaseurl) { - conf->reversebaseurl = safestrdup (defaults->reversebaseurl); - } -#endif - -#ifdef UPSTREAM_SUPPORT - /* struct upstream *upstream_list; */ -#endif /* UPSTREAM_SUPPORT */ - - if (defaults->pidpath) { - conf->pidpath = safestrdup (defaults->pidpath); - } - - conf->idletimeout = defaults->idletimeout; - - if (defaults->bind_address) { - conf->bind_address = safestrdup (defaults->bind_address); - } - - conf->bindsame = defaults->bindsame; - - if (defaults->via_proxy_name) { - conf->via_proxy_name = safestrdup (defaults->via_proxy_name); - } - - conf->disable_viaheader = defaults->disable_viaheader; - - if (defaults->errorpage_undef) { - conf->errorpage_undef = safestrdup (defaults->errorpage_undef); - } - - if (defaults->statpage) { - conf->statpage = safestrdup (defaults->statpage); - } + memset (conf, 0, sizeof(*conf)); - /* vector_t access_list; */ - /* vector_t connect_ports; */ - /* hashmap_t anonymous_map; */ + /* + * Make sure the HTML error pages array is NULL to begin with. + * (FIXME: Should have a better API for all this) + */ + conf->errorpages = NULL; + conf->stathost = safestrdup (TINYPROXY_STATHOST); + conf->idletimeout = MAX_IDLE_TIME; + conf->logf_name = NULL; + conf->pidpath = NULL; + conf->maxclients = 100; } /** * Load the configuration. */ -int reload_config_file (const char *config_fname, struct config_s *conf, - struct config_s *defaults) +int reload_config_file (const char *config_fname, struct config_s *conf) { int ret; - log_message (LOG_INFO, "Reloading config file"); - - free_config (conf); - - initialize_with_defaults (conf, defaults); + initialize_config_defaults (conf); ret = load_config_file (config_fname, conf); if (ret != 0) { @@ -712,8 +648,12 @@ static HANDLE_FUNC (handle_anonymous) if (!arg) return -1; - anonymous_insert (arg); - safefree (arg); + if(anonymous_insert (conf, arg) < 0) { + CP_WARN ("anonymous_insert() failed: '%s'", arg); + safefree(arg); + return -1; + } + return 0; } @@ -803,34 +743,14 @@ static HANDLE_FUNC (handle_port) static HANDLE_FUNC (handle_maxclients) { - child_configure (CHILD_MAXCLIENTS, get_long_arg (line, &match[2])); - return 0; -} - -static HANDLE_FUNC (handle_maxspareservers) -{ - child_configure (CHILD_MAXSPARESERVERS, - get_long_arg (line, &match[2])); - return 0; -} - -static HANDLE_FUNC (handle_minspareservers) -{ - child_configure (CHILD_MINSPARESERVERS, - get_long_arg (line, &match[2])); + set_int_arg (&conf->maxclients, line, &match[2]); return 0; } -static HANDLE_FUNC (handle_startservers) +static HANDLE_FUNC (handle_obsolete) { - child_configure (CHILD_STARTSERVERS, get_long_arg (line, &match[2])); - return 0; -} - -static HANDLE_FUNC (handle_maxrequestsperchild) -{ - child_configure (CHILD_MAXREQUESTSPERCHILD, - get_long_arg (line, &match[2])); + fprintf (stderr, "WARNING: obsolete config item on line %lu\n", + lineno); return 0; } @@ -856,11 +776,16 @@ static HANDLE_FUNC (handle_group) return set_string_arg (&conf->group, line, &match[2]); } +static void warn_invalid_address(char *arg, unsigned long lineno) { + CP_WARN ("Invalid address %s", arg); +} + static HANDLE_FUNC (handle_allow) { char *arg = get_string_arg (line, &match[2]); - insert_acl (arg, ACL_ALLOW, &conf->access_list); + if(insert_acl (arg, ACL_ALLOW, &conf->access_list) < 0) + warn_invalid_address (arg, lineno); safefree (arg); return 0; } @@ -869,19 +794,35 @@ static HANDLE_FUNC (handle_deny) { char *arg = get_string_arg (line, &match[2]); - insert_acl (arg, ACL_DENY, &conf->access_list); + if(insert_acl (arg, ACL_DENY, &conf->access_list) < 0) + warn_invalid_address (arg, lineno); safefree (arg); return 0; } static HANDLE_FUNC (handle_bind) { - int r = set_string_arg (&conf->bind_address, line, &match[2]); + char *arg = get_string_arg (line, &match[2]); + + if (arg == NULL) { + return -1; + } + + if (conf->bind_addrs == NULL) { + conf->bind_addrs = sblist_new(sizeof(char*), 16); + if (conf->bind_addrs == NULL) { + CP_WARN ("Could not create a list " + "of bind addresses.", ""); + safefree(arg); + return -1; + } + } + + sblist_add (conf->bind_addrs, &arg); - if (r) - return r; log_message (LOG_INFO, - "Outgoing connections bound to IP %s", conf->bind_address); + "Added bind address [%s] for outgoing connections.", arg); + return 0; } @@ -894,23 +835,32 @@ static HANDLE_FUNC (handle_listen) } if (conf->listen_addrs == NULL) { - conf->listen_addrs = vector_create(); + conf->listen_addrs = sblist_new(sizeof(char*), 16); if (conf->listen_addrs == NULL) { - log_message(LOG_WARNING, "Could not create a list " - "of listen addresses."); + CP_WARN ("Could not create a list " + "of listen addresses.", ""); safefree(arg); return -1; } } - vector_append (conf->listen_addrs, arg, strlen(arg) + 1); + sblist_add (conf->listen_addrs, &arg); log_message(LOG_INFO, "Added address [%s] to listen addresses.", arg); - safefree (arg); return 0; } +static HANDLE_FUNC (handle_bindipv4mapped) +{ + return set_string_arg(&conf->bind_ipv4mapped, line, &match[2]); +} + +static HANDLE_FUNC (handle_bindipv6mapped) +{ + return set_string_arg(&conf->bind_ipv6mapped, line, &match[2]); +} + static HANDLE_FUNC (handle_errorfile) { /* @@ -923,8 +873,10 @@ static HANDLE_FUNC (handle_errorfile) unsigned long int err = get_long_arg (line, &match[2]); char *page = get_string_arg (line, &match[4]); - add_new_errorpage (page, err); - safefree (page); + if(add_new_errorpage (conf, page, err) < 0) { + CP_WARN ("add_new_errorpage() failed: '%s'", page); + safefree (page); + } return 0; } @@ -932,19 +884,16 @@ static HANDLE_FUNC (handle_addheader) { char *name = get_string_arg (line, &match[2]); char *value = get_string_arg (line, &match[3]); - http_header_t *header; + http_header_t header; if (!conf->add_headers) { - conf->add_headers = vector_create (); + conf->add_headers = sblist_new (sizeof(http_header_t), 16); } - header = (http_header_t *) safemalloc (sizeof (http_header_t)); - header->name = name; - header->value = value; - - vector_prepend (conf->add_headers, header, sizeof *header); + header.name = name; + header.value = value; - safefree (header); + sblist_add (conf->add_headers, &header); /* Don't free name or value here, as they are referenced in the * struct inserted into the vector. */ @@ -1001,7 +950,7 @@ static HANDLE_FUNC (handle_basicauth) return -1; } if (!conf->basicauth_list) { - conf->basicauth_list = vector_create (); + conf->basicauth_list = sblist_new (sizeof(char*), 16); } basicauth_add (conf->basicauth_list, user, pass); @@ -1105,9 +1054,26 @@ static enum proxy_type pt_from_string(const char *s) static HANDLE_FUNC (handle_upstream) { char *ip; - int port, mi = 2; + int port, mi; char *domain = 0, *user = 0, *pass = 0, *tmp; enum proxy_type pt; + enum upstream_build_error ube; + + if (match[3].rm_so != -1) { + tmp = get_string_arg (line, &match[3]); + if(!strcmp(tmp, "none")) { + safefree(tmp); + if (match[4].rm_so == -1) return -1; + domain = get_string_arg (line, &match[4]); + if (!domain) + return -1; + ube = upstream_add (NULL, 0, domain, 0, 0, PT_NONE, &conf->upstream_list); + safefree (domain); + goto check_err; + } + } + + mi = 6; tmp = get_string_arg (line, &match[mi]); pt = pt_from_string(tmp); @@ -1133,27 +1099,17 @@ static HANDLE_FUNC (handle_upstream) if (match[mi].rm_so != -1) domain = get_string_arg (line, &match[mi]); - upstream_add (ip, port, domain, user, pass, pt, &conf->upstream_list); + ube = upstream_add (ip, port, domain, user, pass, pt, &conf->upstream_list); safefree (user); safefree (pass); safefree (domain); safefree (ip); +check_err:; + if(ube != UBE_SUCCESS) + CP_WARN("%s", upstream_build_error_string(ube)); return 0; } -static HANDLE_FUNC (handle_upstream_no) -{ - char *domain; - - domain = get_string_arg (line, &match[3]); - if (!domain) - return -1; - - upstream_add (NULL, 0, domain, 0, 0, PT_NONE, &conf->upstream_list); - safefree (domain); - - return 0; -} #endif @@ -22,8 +22,9 @@ #ifndef TINYPROXY_CONF_H #define TINYPROXY_CONF_H -#include "hashmap.h" -#include "vector.h" +#include "hsearch.h" +#include "sblist.h" +#include "acl.h" /* * Stores a HTTP header created using the AddHeader directive. @@ -37,17 +38,16 @@ typedef struct { * Hold all the configuration time information. */ struct config_s { - vector_t basicauth_list; + sblist *basicauth_list; char *logf_name; - char *config_file; unsigned int syslog; /* boolean */ unsigned int port; char *stathost; - unsigned int godaemon; /* boolean */ unsigned int quit; /* boolean */ + unsigned int maxclients; char *user; char *group; - vector_t listen_addrs; + sblist *listen_addrs; #ifdef FILTER_ENABLE char *filter; unsigned int filter_url; /* boolean */ @@ -68,8 +68,10 @@ struct config_s { #endif /* UPSTREAM_SUPPORT */ char *pidpath; unsigned int idletimeout; - char *bind_address; + sblist *bind_addrs; unsigned int bindsame; + char *bind_ipv4mapped; + char *bind_ipv6mapped; /* * The configured name to use in the HTTP "Via" header field. @@ -81,7 +83,7 @@ struct config_s { /* * Error page support. Map error numbers to file paths. */ - hashmap_t errorpages; + struct htab *errorpages; /* * Error page to be displayed if appropriate page cannot be located @@ -94,28 +96,28 @@ struct config_s { */ char *statpage; - vector_t access_list; + acl_list_t access_list; /* * Store the list of port allowed by CONNECT. */ - vector_t connect_ports; + sblist *connect_ports; /* * Map of headers which should be let through when the * anonymous feature is turned on. */ - hashmap_t anonymous_map; + struct htab *anonymous_map; /* * Extra headers to be added to outgoing HTTP requests. */ - vector_t add_headers; + sblist* add_headers; }; -extern int reload_config_file (const char *config_fname, struct config_s *conf, - struct config_s *defaults); +extern int reload_config_file (const char *config_fname, struct config_s *conf); -int config_compile_regex (void); +int config_init (void); +void free_config (struct config_s *conf); #endif diff --git a/src/connect-ports.c b/src/connect-ports.c index 41b4e3d..6070e92 100644 --- a/src/connect-ports.c +++ b/src/connect-ports.c @@ -25,10 +25,10 @@ * Now, this routine adds a "port" to the list. It also creates the list if * it hasn't already by done. */ -void add_connect_port_allowed (int port, vector_t *connect_ports) +void add_connect_port_allowed (int port, sblist **connect_ports) { if (!*connect_ports) { - *connect_ports = vector_create (); + *connect_ports = sblist_new (sizeof(int), 16); if (!*connect_ports) { log_message (LOG_WARNING, "Could not create a list of allowed CONNECT ports"); @@ -38,7 +38,7 @@ void add_connect_port_allowed (int port, vector_t *connect_ports) log_message (LOG_INFO, "Adding Port [%d] to the list allowed by CONNECT", port); - vector_append (*connect_ports, &port, sizeof (port)); + sblist_add (*connect_ports, &port); } /* @@ -47,7 +47,7 @@ void add_connect_port_allowed (int port, vector_t *connect_ports) * Returns: 1 if allowed * 0 if denied */ -int check_allowed_connect_ports (int port, vector_t connect_ports) +int check_allowed_connect_ports (int port, sblist *connect_ports) { size_t i; int *data; @@ -59,8 +59,8 @@ int check_allowed_connect_ports (int port, vector_t connect_ports) if (!connect_ports) return 1; - for (i = 0; i != (size_t) vector_length (connect_ports); ++i) { - data = (int *) vector_getentry (connect_ports, i, NULL); + for (i = 0; i < sblist_getsize (connect_ports); ++i) { + data = sblist_get (connect_ports, i); if (data && *data == port) return 1; } @@ -71,7 +71,7 @@ int check_allowed_connect_ports (int port, vector_t connect_ports) /** * Free a connect_ports list. */ -void free_connect_ports_list (vector_t connect_ports) +void free_connect_ports_list (sblist *connect_ports) { - vector_delete (connect_ports); + sblist_free (connect_ports); } diff --git a/src/connect-ports.h b/src/connect-ports.h index 4b3aaf7..38f511c 100644 --- a/src/connect-ports.h +++ b/src/connect-ports.h @@ -22,10 +22,10 @@ #define _TINYPROXY_CONNECT_PORTS_H_ #include "common.h" -#include "vector.h" +#include "sblist.h" -extern void add_connect_port_allowed (int port, vector_t *connect_ports); -int check_allowed_connect_ports (int port, vector_t connect_ports); -void free_connect_ports_list (vector_t connect_ports); +extern void add_connect_port_allowed (int port, sblist **connect_ports); +int check_allowed_connect_ports (int port, sblist *connect_ports); +void free_connect_ports_list (sblist *connect_ports); #endif /* _TINYPROXY_CONNECT_PORTS_ */ diff --git a/src/conns.c b/src/conns.c index 3859d69..ca8f24e 100644 --- a/src/conns.c +++ b/src/conns.c @@ -30,14 +30,21 @@ #include "log.h" #include "stats.h" -struct conn_s *initialize_conn (int client_fd, const char *ipaddr, - const char *string_addr, - const char *sock_ipaddr) +void conn_struct_init(struct conn_s *connptr) { + connptr->error_number = -1; + connptr->client_fd = -1; + connptr->server_fd = -1; + /* There is _no_ content length initially */ + connptr->content_length.server = connptr->content_length.client = -1; +} + +int conn_init_contents (struct conn_s *connptr, const char *ipaddr, + const char *sock_ipaddr, + const char *sock_ipaddr_alt) { - struct conn_s *connptr; struct buffer_s *cbuffer, *sbuffer; - assert (client_fd >= 0); + assert (connptr->client_fd >= 0); /* * Allocate the memory for all the internal components @@ -48,16 +55,6 @@ struct conn_s *initialize_conn (int client_fd, const char *ipaddr, if (!cbuffer || !sbuffer) goto error_exit; - /* - * Allocate the space for the conn_s structure itself. - */ - connptr = (struct conn_s *) safemalloc (sizeof (struct conn_s)); - if (!connptr) - goto error_exit; - - connptr->client_fd = client_fd; - connptr->server_fd = -1; - connptr->cbuffer = cbuffer; connptr->sbuffer = sbuffer; @@ -78,18 +75,13 @@ struct conn_s *initialize_conn (int client_fd, const char *ipaddr, connptr->server_ip_addr = (sock_ipaddr ? safestrdup (sock_ipaddr) : NULL); + connptr->server_ip_addr_alt = (sock_ipaddr_alt ? + safestrdup (sock_ipaddr_alt) : NULL); connptr->client_ip_addr = safestrdup (ipaddr); - connptr->client_string_addr = safestrdup (string_addr); - - connptr->upstream_proxy = NULL; update_stats (STAT_OPEN); -#ifdef REVERSE_SUPPORT - connptr->reversepath = NULL; -#endif - - return connptr; + return 1; error_exit: /* @@ -100,10 +92,10 @@ error_exit: if (sbuffer) delete_buffer (sbuffer); - return NULL; + return 0; } -void destroy_conn (struct conn_s *connptr) +void conn_destroy_contents (struct conn_s *connptr) { assert (connptr != NULL); @@ -111,10 +103,12 @@ void destroy_conn (struct conn_s *connptr) if (close (connptr->client_fd) < 0) log_message (LOG_INFO, "Client (%d) close message: %s", connptr->client_fd, strerror (errno)); + connptr->client_fd = -1; if (connptr->server_fd != -1) if (close (connptr->server_fd) < 0) log_message (LOG_INFO, "Server (%d) close message: %s", connptr->server_fd, strerror (errno)); + connptr->server_fd = -1; if (connptr->cbuffer) delete_buffer (connptr->cbuffer); @@ -124,8 +118,16 @@ void destroy_conn (struct conn_s *connptr) if (connptr->request_line) safefree (connptr->request_line); - if (connptr->error_variables) - hashmap_delete (connptr->error_variables); + if (connptr->error_variables) { + char *k; + htab_value *v; + size_t it = 0; + while((it = htab_next(connptr->error_variables, it, &k, &v))) { + safefree(v->p); + safefree(k); + } + htab_destroy (connptr->error_variables); + } if (connptr->error_string) safefree (connptr->error_string); @@ -134,15 +136,11 @@ void destroy_conn (struct conn_s *connptr) safefree (connptr->server_ip_addr); if (connptr->client_ip_addr) safefree (connptr->client_ip_addr); - if (connptr->client_string_addr) - safefree (connptr->client_string_addr); #ifdef REVERSE_SUPPORT if (connptr->reversepath) safefree (connptr->reversepath); #endif - safefree (connptr); - update_stats (STAT_CLOSE); } diff --git a/src/conns.h b/src/conns.h index 322ead1..7e1919c 100644 --- a/src/conns.h +++ b/src/conns.h @@ -22,7 +22,7 @@ #define TINYPROXY_CONNS_H #include "main.h" -#include "hashmap.h" +#include "hsearch.h" enum connect_method_e { CM_FALSE = 0, @@ -52,7 +52,7 @@ struct conn_s { * This structure stores key -> value mappings for substitution * in the error HTML files. */ - hashmap_t error_variables; + struct htab *error_variables; int error_number; char *error_string; @@ -69,10 +69,14 @@ struct conn_s { char *server_ip_addr; /* - * Store the client's IP and hostname information + * Store the server's alternative IP (for BindIPv4/6Mapped) + */ + char *server_ip_addr_alt; + + /* + * Store the client's IP information */ char *client_ip_addr; - char *client_string_addr; /* * Store the incoming request's HTTP protocol. @@ -95,12 +99,14 @@ struct conn_s { struct upstream *upstream_proxy; }; -/* - * Functions for the creation and destruction of a connection structure. - */ -extern struct conn_s *initialize_conn (int client_fd, const char *ipaddr, - const char *string_addr, - const char *sock_ipaddr); -extern void destroy_conn (struct conn_s *connptr); +/* expects pointer to zero-initialized struct, set up struct + with default values for initial use */ +extern void conn_struct_init(struct conn_s *connptr); + +/* second stage initializiation, sets up buffers and connection details */ +extern int conn_init_contents (struct conn_s *connptr, const char *ipaddr, + const char *sock_ipaddr, + const char *sock_ipaddr_alt); +extern void conn_destroy_contents (struct conn_s *connptr); #endif diff --git a/src/filter.c b/src/filter.c index 3164191..d70cb59 100644 --- a/src/filter.c +++ b/src/filter.c @@ -24,23 +24,23 @@ #include "main.h" +#include <regex.h> #include "filter.h" #include "heap.h" #include "log.h" #include "reqs.h" #include "conf.h" +#include "sblist.h" #define FILTER_BUFFER_LEN (512) static int err; struct filter_list { - struct filter_list *next; - char *pat; - regex_t *cpat; + regex_t cpatb; }; -static struct filter_list *fl = NULL; +static sblist *fl = NULL; static int already_init = 0; static filter_policy_t default_policy = FILTER_DEFAULT_ALLOW; @@ -50,34 +50,38 @@ static filter_policy_t default_policy = FILTER_DEFAULT_ALLOW; void filter_init (void) { FILE *fd; - struct filter_list *p; + struct filter_list fe; char buf[FILTER_BUFFER_LEN]; - char *s; - int cflags; + char *s, *start; + int cflags, lineno = 0; if (fl || already_init) { return; } - fd = fopen (config.filter, "r"); + fd = fopen (config->filter, "r"); if (!fd) { return; } - p = NULL; - cflags = REG_NEWLINE | REG_NOSUB; - if (config.filter_extended) + if (config->filter_extended) cflags |= REG_EXTENDED; - if (!config.filter_casesensitive) + if (!config->filter_casesensitive) cflags |= REG_ICASE; while (fgets (buf, FILTER_BUFFER_LEN, fd)) { + ++lineno; + /* skip leading whitespace */ + s = buf; + while (*s && isspace ((unsigned char) *s)) + s++; + start = s; + /* * Remove any trailing white space and * comments. */ - s = buf; while (*s) { if (isspace ((unsigned char) *s)) break; @@ -93,34 +97,28 @@ void filter_init (void) ++s; } *s = '\0'; - - /* skip leading whitespace */ - s = buf; - while (*s && isspace ((unsigned char) *s)) - s++; + s = start; /* skip blank lines and comments */ if (*s == '\0') continue; - if (!p) /* head of list */ - fl = p = - (struct filter_list *) - safecalloc (1, sizeof (struct filter_list)); - else { /* next entry */ - p->next = - (struct filter_list *) - safecalloc (1, sizeof (struct filter_list)); - p = p->next; - } + if (!fl) fl = sblist_new(sizeof(struct filter_list), + 4096/sizeof(struct filter_list)); - p->pat = safestrdup (s); - p->cpat = (regex_t *) safemalloc (sizeof (regex_t)); - err = regcomp (p->cpat, p->pat, cflags); + err = regcomp (&fe.cpatb, s, cflags); if (err != 0) { + if (err == REG_ESPACE) goto oom; + fprintf (stderr, + "Bad regex in %s: line %d - %s\n", + config->filter, lineno, s); + exit (EX_DATAERR); + } + if (!sblist_add(fl, &fe)) { + oom:; fprintf (stderr, - "Bad regex in %s: %s\n", - config.filter, p->pat); + "out of memory parsing filter file %s: line %d\n", + config->filter, lineno); exit (EX_DATAERR); } } @@ -136,15 +134,16 @@ void filter_init (void) /* unlink the list */ void filter_destroy (void) { - struct filter_list *p, *q; + struct filter_list *p; + size_t i; if (already_init) { - for (p = q = fl; p; p = q) { - regfree (p->cpat); - safefree (p->cpat); - safefree (p->pat); - q = p->next; - safefree (p); + if (fl) { + for (i = 0; i < sblist_getsize(fl); ++i) { + p = sblist_get(fl, i); + regfree (&p->cpatb); + } + sblist_free(fl); } fl = NULL; already_init = 0; @@ -156,7 +155,7 @@ void filter_destroy (void) */ void filter_reload (void) { - if (config.filter) { + if (config->filter) { log_message (LOG_NOTICE, "Re-reading filter file."); filter_destroy (); filter_init (); @@ -164,45 +163,19 @@ void filter_reload (void) } /* Return 0 to allow, non-zero to block */ -int filter_domain (const char *host) -{ - struct filter_list *p; - int result; - - if (!fl || !already_init) - goto COMMON_EXIT; - - for (p = fl; p; p = p->next) { - result = - regexec (p->cpat, host, (size_t) 0, (regmatch_t *) 0, 0); - - if (result == 0) { - if (default_policy == FILTER_DEFAULT_ALLOW) - return 1; - else - return 0; - } - } - -COMMON_EXIT: - if (default_policy == FILTER_DEFAULT_ALLOW) - return 0; - else - return 1; -} - -/* returns 0 to allow, non-zero to block */ -int filter_url (const char *url) +int filter_run (const char *str) { struct filter_list *p; + size_t i; int result; if (!fl || !already_init) goto COMMON_EXIT; - for (p = fl; p; p = p->next) { + for (i = 0; i < sblist_getsize(fl); ++i) { + p = sblist_get(fl, i); result = - regexec (p->cpat, url, (size_t) 0, (regmatch_t *) 0, 0); + regexec (&p->cpatb, str, (size_t) 0, (regmatch_t *) 0, 0); if (result == 0) { if (default_policy == FILTER_DEFAULT_ALLOW) diff --git a/src/filter.h b/src/filter.h index 8c6f270..8a7575b 100644 --- a/src/filter.h +++ b/src/filter.h @@ -29,8 +29,7 @@ typedef enum { extern void filter_init (void); extern void filter_destroy (void); extern void filter_reload (void); -extern int filter_domain (const char *host); -extern int filter_url (const char *url); +extern int filter_run (const char *str); extern void filter_set_default_policy (filter_policy_t policy); diff --git a/src/hashmap.c b/src/hashmap.c deleted file mode 100644 index 7793d08..0000000 --- a/src/hashmap.c +++ /dev/null @@ -1,516 +0,0 @@ -/* tinyproxy - A fast light-weight HTTP proxy - * Copyright (C) 2002 Robert James Kaes <rjkaes@users.sourceforge.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -/* A hashmap implementation. The keys are case-insensitive NULL terminated - * strings, and the data is arbitrary lumps of data. Copies of both the - * key and the data in the hashmap itself, so you must free the original - * key and data to avoid a memory leak. The hashmap returns a pointer - * to the data when a key is searched for, so take care in modifying the - * data as it's modifying the data stored in the hashmap. (In other words, - * don't try to free the data, or realloc the memory. :) - */ - -#include "main.h" - -#include "hashmap.h" -#include "heap.h" - -/* - * These structures are the storage for the hashmap. Entries are stored in - * struct hashentry_s (the key, data, and length), and all the "buckets" are - * grouped together in hashmap_s. The hashmap_s.size member is for - * internal use. It stores the number of buckets the hashmap was created - * with. - */ -struct hashentry_s { - char *key; - void *data; - size_t len; - - struct hashentry_s *prev, *next; -}; - -struct hashbucket_s { - struct hashentry_s *head, *tail; -}; - -struct hashmap_s { - uint32_t seed; - unsigned int size; - hashmap_iter end_iterator; - - struct hashbucket_s *buckets; -}; - -/* - * A NULL terminated string is passed to this function and a "hash" value - * is produced within the range of [0 .. size) (In other words, 0 to one - * less than size.) - * The contents of the key are converted to lowercase, so this function - * is not case-sensitive. - * - * This is Dan Bernstein's hash function as described, for example, here: - * http://www.cse.yorku.ca/~oz/hash.html - * - * If any of the arguments are invalid a negative number is returned. - */ -static int hashfunc (const char *key, unsigned int size, uint32_t seed) -{ - uint32_t hash; - - if (key == NULL) - return -EINVAL; - if (size == 0) - return -ERANGE; - - for (hash = seed; *key != '\0'; key++) { - hash = ((hash << 5) + hash) ^ tolower (*key); - } - - /* Keep the hash within the table limits */ - return hash % size; -} - -/* - * Create a hashmap with the requested number of buckets. If "nbuckets" is - * not greater than zero a NULL is returned; otherwise, a _token_ to the - * hashmap is returned. - * - * NULLs are also returned if memory could not be allocated for hashmap. - */ -hashmap_t hashmap_create (unsigned int nbuckets) -{ - struct hashmap_s *ptr; - - if (nbuckets == 0) - return NULL; - - ptr = (struct hashmap_s *) safecalloc (1, sizeof (struct hashmap_s)); - if (!ptr) - return NULL; - - ptr->seed = (uint32_t)rand(); - ptr->size = nbuckets; - ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets, - sizeof (struct - hashbucket_s)); - if (!ptr->buckets) { - safefree (ptr); - return NULL; - } - - /* This points to "one" past the end of the hashmap. */ - ptr->end_iterator = 0; - - return ptr; -} - -/* - * Follow the chain of hashentries and delete them (including the data and - * the key.) - * - * Returns: 0 if the function completed successfully - * negative number is returned if "entry" was NULL - */ -static int delete_hashbucket (struct hashbucket_s *bucket) -{ - struct hashentry_s *nextptr; - struct hashentry_s *ptr; - - if (bucket == NULL || bucket->head == NULL) - return -EINVAL; - - ptr = bucket->head; - while (ptr) { - nextptr = ptr->next; - - safefree (ptr->key); - safefree (ptr->data); - safefree (ptr); - - ptr = nextptr; - } - - return 0; -} - -/* - * Deletes a hashmap. All the key/data pairs are also deleted. - * - * Returns: 0 on success - * negative if a NULL "map" was supplied - */ -int hashmap_delete (hashmap_t map) -{ - unsigned int i; - - if (map == NULL) - return -EINVAL; - - for (i = 0; i != map->size; i++) { - if (map->buckets[i].head != NULL) { - delete_hashbucket (&map->buckets[i]); - } - } - - safefree (map->buckets); - safefree (map); - - return 0; -} - -/* - * Inserts a NULL terminated string (as the key), plus any arbitrary "data" - * of "len" bytes. Both the key and the data are copied, so the original - * key/data must be freed to avoid a memory leak. - * The "data" must be non-NULL and "len" must be greater than zero. You - * cannot insert NULL data in association with the key. - * - * Returns: 0 on success - * negative number if there are errors - */ -int -hashmap_insert (hashmap_t map, const char *key, const void *data, size_t len) -{ - struct hashentry_s *ptr; - int hash; - char *key_copy; - void *data_copy; - - assert (map != NULL); - assert (key != NULL); - assert (data != NULL); - assert (len > 0); - - if (map == NULL || key == NULL) - return -EINVAL; - if (!data || len < 1) - return -ERANGE; - - hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - - /* - * First make copies of the key and data in case there is a memory - * problem later. - */ - key_copy = safestrdup (key); - if (!key_copy) - return -ENOMEM; - - data_copy = safemalloc (len); - if (!data_copy) { - safefree (key_copy); - return -ENOMEM; - } - memcpy (data_copy, data, len); - - ptr = (struct hashentry_s *) safemalloc (sizeof (struct hashentry_s)); - if (!ptr) { - safefree (key_copy); - safefree (data_copy); - return -ENOMEM; - } - - ptr->key = key_copy; - ptr->data = data_copy; - ptr->len = len; - - /* - * Now add the entry to the end of the bucket chain. - */ - ptr->next = NULL; - ptr->prev = map->buckets[hash].tail; - if (map->buckets[hash].tail) - map->buckets[hash].tail->next = ptr; - - map->buckets[hash].tail = ptr; - if (!map->buckets[hash].head) - map->buckets[hash].head = ptr; - - map->end_iterator++; - return 0; -} - -/* - * Get an iterator to the first entry. - * - * Returns: an negative value upon error. - */ -hashmap_iter hashmap_first (hashmap_t map) -{ - assert (map != NULL); - - if (!map) - return -EINVAL; - - if (map->end_iterator == 0) - return -1; - else - return 0; -} - -/* - * Checks to see if the iterator is pointing at the "end" of the entries. - * - * Returns: 1 if it is the end - * 0 otherwise - */ -int hashmap_is_end (hashmap_t map, hashmap_iter iter) -{ - assert (map != NULL); - assert (iter >= 0); - - if (!map || iter < 0) - return -EINVAL; - - if (iter == map->end_iterator) - return 1; - else - return 0; -} - -/* - * Return a "pointer" to the first instance of the particular key. It can - * be tested against hashmap_is_end() to see if the key was not found. - * - * Returns: negative upon an error - * an "iterator" pointing at the first key - * an "end-iterator" if the key wasn't found - */ -hashmap_iter hashmap_find (hashmap_t map, const char *key) -{ - unsigned int i; - hashmap_iter iter = 0; - struct hashentry_s *ptr; - - assert (map != NULL); - assert (key != NULL); - - if (!map || !key) - return -EINVAL; - - /* - * Loop through all the keys and look for the first occurrence - * of a particular key. - */ - for (i = 0; i != map->size; i++) { - ptr = map->buckets[i].head; - - while (ptr) { - if (strcasecmp (ptr->key, key) == 0) { - /* Found it, so return the current count */ - return iter; - } - - iter++; - ptr = ptr->next; - } - } - - return iter; -} - -/* - * Retrieve the data associated with a particular iterator. - * - * Returns: the length of the data block upon success - * negative upon error - */ -ssize_t -hashmap_return_entry (hashmap_t map, hashmap_iter iter, char **key, void **data) -{ - unsigned int i; - struct hashentry_s *ptr; - hashmap_iter count = 0; - - assert (map != NULL); - assert (iter >= 0); - assert (iter != map->end_iterator); - assert (key != NULL); - assert (data != NULL); - - if (!map || iter < 0 || !key || !data) - return -EINVAL; - - for (i = 0; i != map->size; i++) { - ptr = map->buckets[i].head; - while (ptr) { - if (count == iter) { - /* This is the data so return it */ - *key = ptr->key; - *data = ptr->data; - return ptr->len; - } - - ptr = ptr->next; - count++; - } - } - - return -EFAULT; -} - -/* - * Searches for _any_ occurrences of "key" within the hashmap. - * - * Returns: negative upon an error - * zero if no key is found - * count found - */ -ssize_t hashmap_search (hashmap_t map, const char *key) -{ - int hash; - struct hashentry_s *ptr; - ssize_t count = 0; - - if (map == NULL || key == NULL) - return -EINVAL; - - hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - - ptr = map->buckets[hash].head; - - /* All right, there is an entry here, now see if it's the one we want */ - while (ptr) { - if (strcasecmp (ptr->key, key) == 0) - ++count; - - /* This entry didn't contain the key; move to the next one */ - ptr = ptr->next; - } - - return count; -} - -/* - * Get the first entry (assuming there is more than one) for a particular - * key. The data MUST be non-NULL. - * - * Returns: negative upon error - * zero if no entry is found - * length of data for the entry - */ -ssize_t hashmap_entry_by_key (hashmap_t map, const char *key, void **data) -{ - int hash; - struct hashentry_s *ptr; - - if (!map || !key || !data) - return -EINVAL; - - hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - - ptr = map->buckets[hash].head; - - while (ptr) { - if (strcasecmp (ptr->key, key) == 0) { - *data = ptr->data; - return ptr->len; - } - - ptr = ptr->next; - } - - return 0; -} - -/* - * Go through the hashmap and remove the particular key. - * NOTE: This will invalidate any iterators which have been created. - * - * Remove: negative upon error - * 0 if the key was not found - * positive count of entries deleted - */ -ssize_t hashmap_remove (hashmap_t map, const char *key) -{ - int hash; - struct hashentry_s *ptr, *next; - short int deleted = 0; - - if (map == NULL || key == NULL) - return -EINVAL; - - hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - - ptr = map->buckets[hash].head; - while (ptr) { - if (strcasecmp (ptr->key, key) == 0) { - /* - * Found the data, now need to remove everything - * and update the hashmap. - */ - next = ptr->next; - - if (ptr->prev) - ptr->prev->next = ptr->next; - if (ptr->next) - ptr->next->prev = ptr->prev; - - if (map->buckets[hash].head == ptr) - map->buckets[hash].head = ptr->next; - if (map->buckets[hash].tail == ptr) - map->buckets[hash].tail = ptr->prev; - - safefree (ptr->key); - safefree (ptr->data); - safefree (ptr); - - ++deleted; - --map->end_iterator; - - ptr = next; - continue; - } - - /* This entry didn't contain the key; move to the next one */ - ptr = ptr->next; - } - - /* The key was not found, so return 0 */ - return deleted; -} - -/* - * Look up the value for a variable. - */ -char *lookup_variable (hashmap_t map, const char *varname) -{ - hashmap_iter result_iter; - char *key; - char *data; - - result_iter = hashmap_find (map, varname); - - if (hashmap_is_end (map, result_iter)) - return (NULL); - - if (hashmap_return_entry (map, result_iter, - &key, (void **) &data) < 0) - return (NULL); - - return (data); -} diff --git a/src/hashmap.h b/src/hashmap.h deleted file mode 100644 index 9206737..0000000 --- a/src/hashmap.h +++ /dev/null @@ -1,125 +0,0 @@ -/* tinyproxy - A fast light-weight HTTP proxy - * Copyright (C) 2002 Robert James Kaes <rjkaes@users.sourceforge.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -/* See 'hashmap.c' for detailed information. */ - -#ifndef _HASHMAP_H -#define _HASHMAP_H - -#include "common.h" - -/* - * We're using a typedef here to "hide" the implementation details of the - * hash map. Sure, it's a pointer, but the struct is hidden in the C file. - * So, just use the hashmap_t like it's a cookie. :) - */ -typedef struct hashmap_s *hashmap_t; -typedef int hashmap_iter; - -/* - * hashmap_create() takes one argument, which is the number of buckets to - * use internally. hashmap_delete() is self explanatory. - */ -extern hashmap_t hashmap_create (unsigned int nbuckets); -extern int hashmap_delete (hashmap_t map); - -/* - * When the you insert a key/data pair into the hashmap it will the key - * and data are duplicated, so you must free your copy if it was created - * on the heap. The key must be a NULL terminated string. "data" must be - * non-NULL and length must be greater than zero. - * - * Returns: negative on error - * 0 upon successful insert - */ -extern int hashmap_insert (hashmap_t map, const char *key, - const void *data, size_t len); - -/* - * Get an iterator to the first entry. - * - * Returns: an negative value upon error. - */ -extern hashmap_iter hashmap_first (hashmap_t map); - -/* - * Checks to see if the iterator is pointing at the "end" of the entries. - * - * Returns: 1 if it is the end - * 0 otherwise - */ -extern int hashmap_is_end (hashmap_t map, hashmap_iter iter); - -/* - * Return a "pointer" to the first instance of the particular key. It can - * be tested against hashmap_is_end() to see if the key was not found. - * - * Returns: negative upon an error - * an "iterator" pointing at the first key - * an "end-iterator" if the key wasn't found - */ -extern hashmap_iter hashmap_find (hashmap_t map, const char *key); - -/* - * Retrieve the key/data associated with a particular iterator. - * NOTE: These are pointers to the actual data, so don't mess around with them - * too much. - * - * Returns: the length of the data block upon success - * negative upon error - */ -extern ssize_t hashmap_return_entry (hashmap_t map, hashmap_iter iter, - char **key, void **data); - -/* - * Get the first entry (assuming there is more than one) for a particular - * key. The data MUST be non-NULL. - * - * Returns: negative upon error - * zero if no entry is found - * length of data for the entry - */ -extern ssize_t hashmap_entry_by_key (hashmap_t map, const char *key, - void **data); - -/* - * Searches for _any_ occurrances of "key" within the hashmap and returns the - * number of matching entries. - * - * Returns: negative upon an error - * zero if no key is found - * count found (positive value) - */ -extern ssize_t hashmap_search (hashmap_t map, const char *key); - -/* - * Go through the hashmap and remove the particular key. - * NOTE: This will invalidate any iterators which have been created. - * - * Remove: negative upon error - * 0 if the key was not found - * positive count of entries deleted - */ -extern ssize_t hashmap_remove (hashmap_t map, const char *key); - -/* - * Look up the value for a variable. - */ -extern char *lookup_variable (hashmap_t map, const char *varname); - -#endif /* _HASHMAP_H */ @@ -97,61 +97,3 @@ char *debugging_strdup (const char *s, const char *file, unsigned long line) #endif /* !NDEBUG */ -/* - * Allocate a block of memory in the "shared" memory region. - * - * FIXME: This uses the most basic (and slowest) means of creating a - * shared memory location. It requires the use of a temporary file. We might - * want to look into something like MM (Shared Memory Library) for a better - * solution. - */ -void *malloc_shared_memory (size_t size) -{ - int fd; - void *ptr; - char buffer[32]; - - static const char *shared_file = "/tmp/tinyproxy.shared.XXXXXX"; - - assert (size > 0); - - strlcpy (buffer, shared_file, sizeof (buffer)); - - /* Only allow u+rw bits. This may be required for some versions - * of glibc so that mkstemp() doesn't make us vulnerable. - */ - umask (0177); - - if ((fd = mkstemp (buffer)) == -1) - return MAP_FAILED; - unlink (buffer); - - if (ftruncate (fd, size) == -1) - return MAP_FAILED; - ptr = mmap (NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); - - return ptr; -} - -/* - * Allocate a block of memory from the "shared" region an initialize it to - * zero. - */ -void *calloc_shared_memory (size_t nmemb, size_t size) -{ - void *ptr; - long length; - - assert (nmemb > 0); - assert (size > 0); - - length = nmemb * size; - - ptr = malloc_shared_memory (length); - if (ptr == MAP_FAILED) - return ptr; - - memset (ptr, 0, length); - - return ptr; -} @@ -52,10 +52,4 @@ extern char *debugging_strdup (const char *s, const char *file, #endif -/* - * Allocate memory from the "shared" region of memory. - */ -extern void *malloc_shared_memory (size_t size); -extern void *calloc_shared_memory (size_t nmemb, size_t size); - #endif diff --git a/src/hsearch.c b/src/hsearch.c new file mode 100644 index 0000000..0cc4aca --- /dev/null +++ b/src/hsearch.c @@ -0,0 +1,201 @@ +/* +musl license, hsearch.c originally written by Szabolcs Nagy + +Copyright © 2005-2020 Rich Felker, et al. + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +*/ + +#include <stdlib.h> +#include <string.h> +#include "hsearch.h" + +/* +open addressing hash table with 2^n table size +quadratic probing is used in case of hash collision +tab indices and hash are size_t +after resize fails with ENOMEM the state of tab is still usable +*/ + +typedef struct htab_entry { + char *key; + htab_value data; +} htab_entry; + +struct elem { + htab_entry item; + size_t hash; +}; + +struct htab { + struct elem *elems; + size_t mask; + size_t used; + size_t seed; +}; + +#define MINSIZE 8 +#define MAXSIZE ((size_t)-1/2 + 1) + +#define CASE_INSENSITIVE +#ifdef CASE_INSENSITIVE +#include <ctype.h> +#include <strings.h> +#define LOWER_OR_NOT(X) tolower(X) +#define STRCMP(X, Y) strcasecmp(X, Y) +#else +#define LOWER_OR_NOT(X) X +#define STRCMP(X, Y) strcmp(X, Y) +#endif + +static size_t keyhash(const char *k, size_t seed) +{ + const unsigned char *p = (const void *)k; + size_t h = seed; + + while (*p) + h = 31*h + LOWER_OR_NOT(*p++); + return h; +} + +static int resize(struct htab *htab, size_t nel) +{ + size_t newsize; + size_t i, j; + struct elem *e, *newe; + struct elem *oldtab = htab->elems; + struct elem *oldend = htab->elems + htab->mask + 1; + + if (nel > MAXSIZE) + nel = MAXSIZE; + for (newsize = MINSIZE; newsize < nel; newsize *= 2); + htab->elems = calloc(newsize, sizeof *htab->elems); + if (!htab->elems) { + htab->elems = oldtab; + return 0; + } + htab->mask = newsize - 1; + if (!oldtab) + return 1; + for (e = oldtab; e < oldend; e++) + if (e->item.key) { + for (i=e->hash,j=1; ; i+=j++) { + newe = htab->elems + (i & htab->mask); + if (!newe->item.key) + break; + } + *newe = *e; + } + free(oldtab); + return 1; +} + +static struct elem *lookup(struct htab *htab, const char *key, size_t hash) +{ + size_t i, j; + struct elem *e; + + for (i=hash,j=1; ; i+=j++) { + e = htab->elems + (i & htab->mask); + if (!e->item.key || + (e->hash==hash && STRCMP(e->item.key, key)==0)) + break; + } + return e; +} + +struct htab *htab_create(size_t nel) +{ + struct htab *r = calloc(1, sizeof *r); + if(r && !resize(r, nel)) { + free(r); + r = 0; + } + r->seed = rand(); + return r; +} + +void htab_destroy(struct htab *htab) +{ + free(htab->elems); + free(htab); +} + +static htab_entry *htab_find_item(struct htab *htab, const char* key) +{ + size_t hash = keyhash(key, htab->seed); + struct elem *e = lookup(htab, key, hash); + + if (e->item.key) { + return &e->item; + } + return 0; +} + +htab_value* htab_find(struct htab *htab, const char* key) +{ + htab_entry *i = htab_find_item(htab, key); + if(i) return &i->data; + return 0; +} + +int htab_delete(struct htab *htab, const char* key) +{ + htab_entry *i = htab_find_item(htab, key); + if(!i) return 0; + i->key = 0; + return 1; +} + +int htab_insert(struct htab *htab, char* key, htab_value value) +{ + size_t hash = keyhash(key, htab->seed); + struct elem *e = lookup(htab, key, hash); + if(e->item.key) { + /* it's not allowed to overwrite existing data */ + return 0; + } + + e->item.key = key; + e->item.data = value; + e->hash = hash; + if (++htab->used > htab->mask - htab->mask/4) { + if (!resize(htab, 2*htab->used)) { + htab->used--; + e->item.key = 0; + return 0; + } + } + return 1; +} + +size_t htab_next(struct htab *htab, size_t iterator, char** key, htab_value **v) +{ + size_t i; + for(i=iterator;i<htab->mask+1;++i) { + struct elem *e = htab->elems + i; + if(e->item.key) { + *key = e->item.key; + *v = &e->item.data; + return i+1; + } + } + return 0; +} diff --git a/src/hsearch.h b/src/hsearch.h new file mode 100644 index 0000000..ec81cc3 --- /dev/null +++ b/src/hsearch.h @@ -0,0 +1,21 @@ +#ifndef HSEARCH_H +#define HSEARCH_H + +#include <stdlib.h> + +typedef union htab_value { + void *p; + size_t n; +} htab_value; + +#define HTV_N(N) (htab_value) {.n = N} +#define HTV_P(P) (htab_value) {.p = P} + +struct htab * htab_create(size_t); +void htab_destroy(struct htab *); +htab_value* htab_find(struct htab *, const char* key); +int htab_insert(struct htab *, char*, htab_value); +int htab_delete(struct htab *htab, const char* key); +size_t htab_next(struct htab *, size_t iterator, char** key, htab_value **v); + +#endif diff --git a/src/html-error.c b/src/html-error.c index 625a586..fcb0b94 100644 --- a/src/html-error.c +++ b/src/html-error.c @@ -20,9 +20,9 @@ * HTML error pages with variable substitution. */ +#include "common.h" #include "main.h" -#include "common.h" #include "buffer.h" #include "conns.h" #include "heap.h" @@ -31,25 +31,33 @@ #include "utils.h" #include "conf.h" +#include <regex.h> + /* * Add an error number -> filename mapping to the errorpages list. */ #define ERRORNUM_BUFSIZE 8 /* this is more than required */ #define ERRPAGES_BUCKETCOUNT 16 -int add_new_errorpage (char *filepath, unsigned int errornum) +int add_new_errorpage (struct config_s *conf, char *filepath, + unsigned int errornum) { - char errornbuf[ERRORNUM_BUFSIZE]; + char errornbuf[ERRORNUM_BUFSIZE], *k; - config.errorpages = hashmap_create (ERRPAGES_BUCKETCOUNT); - if (!config.errorpages) + if (!conf->errorpages) + conf->errorpages = htab_create (ERRPAGES_BUCKETCOUNT); + if (!conf->errorpages) return (-1); snprintf (errornbuf, ERRORNUM_BUFSIZE, "%u", errornum); - if (hashmap_insert (config.errorpages, errornbuf, - filepath, strlen (filepath) + 1) < 0) + k = safestrdup(errornbuf); + if (!k) return -1; + + if (!htab_insert (conf->errorpages, k, HTV_P(filepath))) { + safefree(k); return (-1); + } return (0); } @@ -59,28 +67,51 @@ int add_new_errorpage (char *filepath, unsigned int errornum) */ static char *get_html_file (unsigned int errornum) { - hashmap_iter result_iter; char errornbuf[ERRORNUM_BUFSIZE]; - char *key; - char *val; + htab_value *hv; assert (errornum >= 100 && errornum < 1000); - if (!config.errorpages) - return (config.errorpage_undef); + if (!config->errorpages) + return (config->errorpage_undef); snprintf (errornbuf, ERRORNUM_BUFSIZE, "%u", errornum); - result_iter = hashmap_find (config.errorpages, errornbuf); - - if (hashmap_is_end (config.errorpages, result_iter)) - return (config.errorpage_undef); + hv = htab_find (config->errorpages, errornbuf); + if (!hv) return (config->errorpage_undef); + return hv->p; +} - if (hashmap_return_entry (config.errorpages, result_iter, - &key, (void **) &val) < 0) - return (config.errorpage_undef); +static char *lookup_variable (struct htab *map, const char *varname) { + htab_value *v; + v = htab_find(map, varname); + return v ? v->p : 0; +} - return (val); +static void varsubst_sendline(struct conn_s *connptr, regex_t *re, char *p) { + int fd = connptr->client_fd; + while(*p) { + regmatch_t match; + char varname[32+1], *varval; + size_t l; + int st = regexec(re, p, 1, &match, 0); + if(st == 0) { + if(match.rm_so > 0) safe_write(fd, p, match.rm_so); + l = match.rm_eo - match.rm_so; + assert(l>2 && l-2 < sizeof(varname)); + p += match.rm_so; + memcpy(varname, p+1, l-2); + varname[l-2] = 0; + varval = lookup_variable(connptr->error_variables, varname); + if(varval) write_message(fd, "%s", varval); + else if(varval && !*varval) write_message(fd, "(unknown)"); + else safe_write(fd, p, l); + p += l; + } else { + write_message(fd, "%s", p); + break; + } + } } /* @@ -89,90 +120,42 @@ static char *get_html_file (unsigned int errornum) int send_html_file (FILE *infile, struct conn_s *connptr) { - char *inbuf; - char *varstart = NULL; - char *p; - const char *varval; - int in_variable = 0; - int r = 0; - - inbuf = (char *) safemalloc (4096); - - while (fgets (inbuf, 4096, infile) != NULL) { - for (p = inbuf; *p; p++) { - switch (*p) { - case '}': - if (in_variable) { - *p = '\0'; - varval = (const char *) - lookup_variable (connptr->error_variables, - varstart); - if (!varval) - varval = "(unknown)"; - r = write_message (connptr->client_fd, - "%s", varval); - in_variable = 0; - } else { - r = write_message (connptr->client_fd, - "%c", *p); - } - - break; - - case '{': - /* a {{ will print a single {. If we are NOT - * already in a { variable, then proceed with - * setup. If we ARE already in a { variable, - * this code will fallthrough to the code that - * just dumps a character to the client fd. - */ - if (!in_variable) { - varstart = p + 1; - in_variable++; - } else - in_variable = 0; - - /* FALL THROUGH */ - default: - if (!in_variable) { - r = write_message (connptr->client_fd, - "%c", *p); - } - } - - if (r) - break; - } - - if (r) - break; + regex_t re; + char *inbuf = safemalloc (4096); + (void) regcomp(&re, "{[a-z]\\{1,32\\}}", 0); - in_variable = 0; + while (fgets (inbuf, 4096, infile)) { + varsubst_sendline(connptr, &re, inbuf); } + regfree (&re); safefree (inbuf); - - return r; + return 1; } int send_http_headers (struct conn_s *connptr, int code, const char *message) { const char headers[] = - "HTTP/1.0 %d %s\r\n" + "HTTP/1.%u %d %s\r\n" "Server: %s/%s\r\n" "Content-Type: text/html\r\n" "%s" "Connection: close\r\n" "\r\n"; - const char auth_str[] = + const char p_auth_str[] = "Proxy-Authenticate: Basic realm=\"" PACKAGE_NAME "\"\r\n"; + const char w_auth_str[] = + "WWW-Authenticate: Basic realm=\"" + PACKAGE_NAME "\"\r\n"; + /* according to rfc7235, the 407 error must be accompanied by a Proxy-Authenticate header field. */ - const char *add = code == 407 ? auth_str : ""; + const char *add = code == 407 ? p_auth_str : (code == 401 ? w_auth_str : ""); return (write_message (connptr->client_fd, headers, + connptr->protocol.major != 1 ? 0 : connptr->protocol.minor, code, message, PACKAGE, VERSION, add)); } @@ -225,14 +208,25 @@ int send_http_error_message (struct conn_s *connptr) int add_error_variable (struct conn_s *connptr, const char *key, const char *val) { + char *k, *v; + if (!connptr->error_variables) if (! (connptr->error_variables = - hashmap_create (ERRVAR_BUCKETCOUNT))) + htab_create (ERRVAR_BUCKETCOUNT))) return (-1); - return hashmap_insert (connptr->error_variables, key, val, - strlen (val) + 1); + k = safestrdup(key); + v = safestrdup(val); + + if (!v || !k) goto oom; + + if(htab_insert (connptr->error_variables, k, HTV_P(v))) + return 1; +oom:; + safefree(k); + safefree(v); + return -1; } #define ADD_VAR_RET(x, y) \ @@ -251,6 +245,7 @@ int add_standard_vars (struct conn_s *connptr) char errnobuf[16]; char timebuf[30]; time_t global_time; + struct tm tm_buf; snprintf (errnobuf, sizeof errnobuf, "%d", connptr->error_number); ADD_VAR_RET ("errno", errnobuf); @@ -258,7 +253,6 @@ int add_standard_vars (struct conn_s *connptr) ADD_VAR_RET ("cause", connptr->error_string); ADD_VAR_RET ("request", connptr->request_line); ADD_VAR_RET ("clientip", connptr->client_ip_addr); - ADD_VAR_RET ("clienthost", connptr->client_string_addr); /* The following value parts are all non-NULL and will * trigger warnings in ADD_VAR_RET(), so we use @@ -267,7 +261,7 @@ int add_standard_vars (struct conn_s *connptr) global_time = time (NULL); strftime (timebuf, sizeof (timebuf), "%a, %d %b %Y %H:%M:%S GMT", - gmtime (&global_time)); + gmtime_r (&global_time, &tm_buf)); add_error_variable (connptr, "date", timebuf); add_error_variable (connptr, "website", diff --git a/src/html-error.h b/src/html-error.h index 03cec98..c133cef 100644 --- a/src/html-error.h +++ b/src/html-error.h @@ -23,8 +23,9 @@ /* Forward declaration */ struct conn_s; +struct config_s; -extern int add_new_errorpage (char *filepath, unsigned int errornum); +extern int add_new_errorpage (struct config_s *, char *filepath, unsigned int errornum); extern int send_http_error_message (struct conn_s *connptr); extern int indicate_http_error (struct conn_s *connptr, int number, const char *message, ...); diff --git a/src/http-message.c b/src/http-message.c index 8b94f19..4ff37ae 100644 --- a/src/http-message.c +++ b/src/http-message.c @@ -232,6 +232,7 @@ int http_message_send (http_message_t msg, int fd) char timebuf[30]; time_t global_time; unsigned int i; + struct tm tm_buf; assert (is_http_message_valid (msg)); @@ -254,11 +255,11 @@ int http_message_send (http_message_t msg, int fd) /* Output the date */ global_time = time (NULL); strftime (timebuf, sizeof (timebuf), "%a, %d %b %Y %H:%M:%S GMT", - gmtime (&global_time)); + gmtime_r (&global_time, &tm_buf)); write_message (fd, "Date: %s\r\n", timebuf); /* Output the content-length */ - write_message (fd, "Content-length: %u\r\n", msg->body.length); + write_message (fd, "Content-length: %lu\r\n", (unsigned long) msg->body.length); /* Write the separator between the headers and body */ safe_write (fd, "\r\n", 2); @@ -27,8 +27,9 @@ #include "heap.h" #include "log.h" #include "utils.h" -#include "vector.h" +#include "sblist.h" #include "conf.h" +#include <pthread.h> static const char *syslog_level[] = { NULL, @@ -45,6 +46,8 @@ static const char *syslog_level[] = { #define TIME_LENGTH 16 #define STRING_LENGTH 800 +static pthread_mutex_t log_mutex = PTHREAD_MUTEX_INITIALIZER; + /* * Global file descriptor for the log file */ @@ -61,7 +64,7 @@ static int log_level = LOG_INFO; * The key is the actual messages (already filled in full), and the value * is the log level. */ -static vector_t log_message_storage; +static sblist *log_message_storage; static unsigned int logging_initialized = FALSE; /* boolean */ @@ -71,10 +74,7 @@ static unsigned int logging_initialized = FALSE; /* boolean */ int open_log_file (const char *log_file_name) { if (log_file_name == NULL) { - if(config.godaemon == FALSE) - log_file_fd = fileno(stdout); - else - log_file_fd = -1; + log_file_fd = fileno(stdout); } else { log_file_fd = create_file_safely (log_file_name, FALSE); } @@ -108,7 +108,8 @@ void set_log_level (int level) void log_message (int level, const char *fmt, ...) { va_list args; - time_t nowtime; + struct timespec nowtime; + struct tm tm_buf; char time_string[TIME_LENGTH]; char str[STRING_LENGTH]; @@ -129,7 +130,7 @@ void log_message (int level, const char *fmt, ...) return; #endif - if (config.syslog && level == LOG_CONN) + if (config && config->syslog && level == LOG_CONN) level = LOG_INFO; va_start (args, fmt); @@ -142,7 +143,7 @@ void log_message (int level, const char *fmt, ...) char *entry_buffer; if (!log_message_storage) { - log_message_storage = vector_create (); + log_message_storage = sblist_new (sizeof(char*), 64); if (!log_message_storage) goto out; } @@ -154,33 +155,34 @@ void log_message (int level, const char *fmt, ...) goto out; sprintf (entry_buffer, "%d %s", level, str); - vector_append (log_message_storage, entry_buffer, - strlen (entry_buffer) + 1); - - safefree (entry_buffer); + if(!sblist_add (log_message_storage, &entry_buffer)) + safefree (entry_buffer); goto out; } - if(!config.syslog && log_file_fd == -1) + if(!config->syslog && log_file_fd == -1) goto out; - if (config.syslog) { + if (config->syslog) { + pthread_mutex_lock(&log_mutex); #ifdef HAVE_VSYSLOG_H vsyslog (level, fmt, args); #else vsnprintf (str, STRING_LENGTH, fmt, args); syslog (level, "%s", str); #endif + pthread_mutex_unlock(&log_mutex); } else { char *p; - nowtime = time (NULL); + clock_gettime(CLOCK_REALTIME, &nowtime); /* Format is month day hour:minute:second (24 time) */ strftime (time_string, TIME_LENGTH, "%b %d %H:%M:%S", - localtime (&nowtime)); + localtime_r (&nowtime.tv_sec, &tm_buf)); - snprintf (str, STRING_LENGTH, "%-9s %s [%ld]: ", + snprintf (str, STRING_LENGTH, "%-9s %s.%03lu [%ld]: ", syslog_level[level], time_string, + (unsigned long) nowtime.tv_nsec/1000000ul, (long int) getpid ()); /* @@ -196,18 +198,24 @@ void log_message (int level, const char *fmt, ...) assert (log_file_fd >= 0); + pthread_mutex_lock(&log_mutex); ret = write (log_file_fd, str, strlen (str)); + pthread_mutex_unlock(&log_mutex); + if (ret == -1) { - config.syslog = TRUE; + config->syslog = TRUE; log_message(LOG_CRIT, "ERROR: Could not write to log " "file %s: %s.", - config.logf_name, strerror(errno)); + config->logf_name, strerror(errno)); log_message(LOG_CRIT, "Falling back to syslog logging"); } + pthread_mutex_lock(&log_mutex); fsync (log_file_fd); + pthread_mutex_unlock(&log_mutex); + } out: @@ -219,7 +227,7 @@ out: */ static void send_stored_logs (void) { - char *string; + char **string; char *ptr; int level; size_t i; @@ -229,12 +237,12 @@ static void send_stored_logs (void) log_message(LOG_DEBUG, "sending stored logs"); - for (i = 0; (ssize_t) i != vector_length (log_message_storage); ++i) { - string = - (char *) vector_getentry (log_message_storage, i, NULL); + for (i = 0; i < sblist_getsize (log_message_storage); ++i) { + string = sblist_get (log_message_storage, i); + if (!string || !*string) continue; - ptr = strchr (string, ' ') + 1; - level = atoi (string); + ptr = strchr (*string, ' ') + 1; + level = atoi (*string); #ifdef NDEBUG if (log_level == LOG_CONN && level == LOG_INFO) @@ -247,9 +255,10 @@ static void send_stored_logs (void) #endif log_message (level, "%s", ptr); + safefree(*string); } - vector_delete (log_message_storage); + sblist_free (log_message_storage); log_message_storage = NULL; log_message(LOG_DEBUG, "done sending stored logs"); @@ -264,27 +273,24 @@ static void send_stored_logs (void) */ int setup_logging (void) { - if (!config.syslog) { - if (open_log_file (config.logf_name) < 0) { + if (!config->syslog) { + if (open_log_file (config->logf_name) < 0) { /* * If opening the log file fails, we try * to fall back to syslog logging... */ - config.syslog = TRUE; + config->syslog = TRUE; log_message (LOG_CRIT, "ERROR: Could not create log " "file %s: %s.", - config.logf_name, strerror (errno)); + config->logf_name, strerror (errno)); log_message (LOG_CRIT, "Falling back to syslog logging."); } } - if (config.syslog) { - if (config.godaemon == TRUE) - openlog ("tinyproxy", LOG_PID, LOG_DAEMON); - else - openlog ("tinyproxy", LOG_PID, LOG_USER); + if (config->syslog) { + openlog ("tinyproxy", LOG_PID, LOG_USER); } logging_initialized = TRUE; @@ -302,7 +308,7 @@ void shutdown_logging (void) return; } - if (config.syslog) { + if (config->syslog) { closelog (); } else { close_log_file (); diff --git a/src/loop.c b/src/loop.c new file mode 100644 index 0000000..d696760 --- /dev/null +++ b/src/loop.c @@ -0,0 +1,81 @@ +#include <pthread.h> +#include <time.h> +#include "loop.h" +#include "conf.h" +#include "main.h" +#include "sblist.h" +#include "sock.h" + +struct loop_record { + union sockaddr_union addr; + time_t tstamp; +}; + +static sblist *loop_records; +static pthread_mutex_t loop_records_lock = PTHREAD_MUTEX_INITIALIZER; + +void loop_records_init(void) { + loop_records = sblist_new(sizeof (struct loop_record), 32); +} + +void loop_records_destroy(void) { + sblist_free(loop_records); + loop_records = 0; +} + +#if 0 +static void su_to_str(union sockaddr_union *addr, char *buf) { + int af = addr->v4.sin_family; + unsigned port = ntohs(af == AF_INET ? addr->v4.sin_port : addr->v6.sin6_port); + char portb[32]; + sprintf(portb, ":%u", port); + getpeer_information (addr, buf, 256); + strcat(buf, portb); +} +#endif + +void loop_records_add(union sockaddr_union *addr) { + time_t now =time(0); + struct loop_record rec; + pthread_mutex_lock(&loop_records_lock); + rec.tstamp = now; + rec.addr = *addr; + sblist_add(loop_records, &rec); + pthread_mutex_unlock(&loop_records_lock); +} + +#define TIMEOUT_SECS 15 + +int connection_loops (union sockaddr_union *addr) { + int ret = 0, af, our_af = addr->v4.sin_family; + void *ipdata, *our_ipdata = our_af == AF_INET ? (void*)&addr->v4.sin_addr.s_addr : (void*)&addr->v6.sin6_addr.s6_addr; + size_t i, cmp_len = our_af == AF_INET ? sizeof(addr->v4.sin_addr.s_addr) : sizeof(addr->v6.sin6_addr.s6_addr); + unsigned port, our_port = ntohs(our_af == AF_INET ? addr->v4.sin_port : addr->v6.sin6_port); + time_t now = time(0); + + pthread_mutex_lock(&loop_records_lock); + for (i = 0; i < sblist_getsize(loop_records); ) { + struct loop_record *rec = sblist_get(loop_records, i); + + if (rec->tstamp + TIMEOUT_SECS < now) { + sblist_delete(loop_records, i); + continue; + } + + if (!ret) { + af = rec->addr.v4.sin_family; + if (af != our_af) goto next; + port = ntohs(af == AF_INET ? rec->addr.v4.sin_port : rec->addr.v6.sin6_port); + if (port != our_port) goto next; + ipdata = af == AF_INET ? (void*)&rec->addr.v4.sin_addr.s_addr : (void*)&rec->addr.v6.sin6_addr.s6_addr; + if (!memcmp(ipdata, our_ipdata, cmp_len)) { + ret = 1; + } + } +next: + i++; + } + pthread_mutex_unlock(&loop_records_lock); + return ret; +} + diff --git a/src/loop.h b/src/loop.h new file mode 100644 index 0000000..27a26c7 --- /dev/null +++ b/src/loop.h @@ -0,0 +1,12 @@ +#ifndef LOOP_H +#define LOOP_H + +#include "sock.h" + +void loop_records_init(void); +void loop_records_destroy(void); +void loop_records_add(union sockaddr_union *addr); +int connection_loops (union sockaddr_union *addr); + +#endif + @@ -38,6 +38,7 @@ #include "heap.h" #include "filter.h" #include "child.h" +#include "loop.h" #include "log.h" #include "reqs.h" #include "sock.h" @@ -47,10 +48,18 @@ /* * Global Structures */ -struct config_s config; -struct config_s config_defaults; +struct config_s *config; +static struct config_s configs[2]; +static const char* config_file; unsigned int received_sighup = FALSE; /* boolean */ +static struct config_s* +get_next_config(void) +{ + if (config == &configs[0]) return &configs[1]; + return &configs[0]; +} + /* * Handle a signal */ @@ -61,12 +70,14 @@ takesig (int sig) int status; switch (sig) { + case SIGUSR1: case SIGHUP: received_sighup = TRUE; break; + case SIGINT: case SIGTERM: - config.quit = TRUE; + config->quit = TRUE; break; case SIGCHLD: @@ -162,52 +173,6 @@ get_id (char *str) } /** - * process_cmdline: - * @argc: argc as passed to main() - * @argv: argv as passed to main() - * - * This function parses command line arguments. - **/ -static void -process_cmdline (int argc, char **argv, struct config_s *conf) -{ - int opt; - - while ((opt = getopt (argc, argv, "c:vdh")) != EOF) { - switch (opt) { - case 'v': - display_version (); - exit (EX_OK); - - case 'd': - conf->godaemon = FALSE; - break; - - case 'c': - if (conf->config_file != NULL) { - safefree (conf->config_file); - } - conf->config_file = safestrdup (optarg); - if (!conf->config_file) { - fprintf (stderr, - "%s: Could not allocate memory.\n", - argv[0]); - exit (EX_SOFTWARE); - } - break; - - case 'h': - display_usage (); - exit (EX_OK); - - default: - display_usage (); - exit (EX_USAGE); - } - } -} - -/** * change_user: * @program: The name of the program. Pass argv[0] here. * @@ -218,16 +183,16 @@ process_cmdline (int argc, char **argv, struct config_s *conf) static void change_user (const char *program) { - if (config.group && strlen (config.group) > 0) { - int gid = get_id (config.group); + if (config->group && strlen (config->group) > 0) { + int gid = get_id (config->group); if (gid < 0) { - struct group *thisgroup = getgrnam (config.group); + struct group *thisgroup = getgrnam (config->group); if (!thisgroup) { fprintf (stderr, "%s: Unable to find group \"%s\".\n", - program, config.group); + program, config->group); exit (EX_NOUSER); } @@ -237,7 +202,7 @@ change_user (const char *program) if (setgid (gid) < 0) { fprintf (stderr, "%s: Unable to change to group \"%s\".\n", - program, config.group); + program, config->group); exit (EX_NOPERM); } @@ -252,19 +217,19 @@ change_user (const char *program) #endif log_message (LOG_INFO, "Now running as group \"%s\".", - config.group); + config->group); } - if (config.user && strlen (config.user) > 0) { - int uid = get_id (config.user); + if (config->user && strlen (config->user) > 0) { + int uid = get_id (config->user); if (uid < 0) { - struct passwd *thisuser = getpwnam (config.user); + struct passwd *thisuser = getpwnam (config->user); if (!thisuser) { fprintf (stderr, "%s: Unable to find user \"%s\".\n", - program, config.user); + program, config->user); exit (EX_NOUSER); } @@ -274,78 +239,99 @@ change_user (const char *program) if (setuid (uid) < 0) { fprintf (stderr, "%s: Unable to change to user \"%s\".\n", - program, config.user); + program, config->user); exit (EX_NOPERM); } log_message (LOG_INFO, "Now running as user \"%s\".", - config.user); + config->user); } } -static void initialize_config_defaults (struct config_s *conf) -{ - memset (conf, 0, sizeof(*conf)); - - conf->config_file = safestrdup (SYSCONFDIR "/tinyproxy.conf"); - if (!conf->config_file) { - fprintf (stderr, PACKAGE ": Could not allocate memory.\n"); - exit (EX_SOFTWARE); - } - conf->godaemon = TRUE; - /* - * Make sure the HTML error pages array is NULL to begin with. - * (FIXME: Should have a better API for all this) - */ - conf->errorpages = NULL; - conf->stathost = safestrdup (TINYPROXY_STATHOST); - conf->idletimeout = MAX_IDLE_TIME; - conf->logf_name = NULL; - conf->pidpath = NULL; -} - /** * convenience wrapper around reload_config_file * that also re-initializes logging. */ -int reload_config (void) +int reload_config (int reload_logging) { int ret; + struct config_s *c_next = get_next_config(); - shutdown_logging (); + log_message (LOG_NOTICE, "Reloading config file"); + + if (reload_logging) shutdown_logging (); + + ret = reload_config_file (config_file, c_next); - ret = reload_config_file (config_defaults.config_file, &config, - &config_defaults); if (ret != 0) { goto done; } - ret = setup_logging (); + if(config) free_config (config); + config = c_next; + + if (reload_logging) ret = setup_logging (); + log_message (LOG_NOTICE, "Reloading config file finished"); done: return ret; } +static void setup_sig(int sig, signal_func *sigh, + const char* signame, const char* argv0) { + if (set_signal_handler (sig, sigh) == SIG_ERR) { + fprintf (stderr, "%s: Could not set the \"%s\" signal.\n", + argv0, signame); + exit (EX_OSERR); + } +} + int main (int argc, char **argv) { + int opt, daemonized = TRUE; + + srand(time(NULL)); /* for hashmap seeds */ + /* Only allow u+rw bits. This may be required for some versions * of glibc so that mkstemp() doesn't make us vulnerable. */ umask (0177); - log_message (LOG_INFO, "Initializing " PACKAGE " ..."); + log_message (LOG_NOTICE, "Initializing " PACKAGE " ..."); - if (config_compile_regex()) { + if (config_init()) { + fprintf(stderr, "ERROR: config_init() failed\n"); exit (EX_SOFTWARE); } - initialize_config_defaults (&config_defaults); - process_cmdline (argc, argv, &config_defaults); + config_file = SYSCONFDIR "/tinyproxy.conf"; + + while ((opt = getopt (argc, argv, "c:vdh")) != EOF) { + switch (opt) { + case 'v': + display_version (); + exit (EX_OK); + + case 'd': + daemonized = FALSE; + break; + + case 'c': + config_file = optarg; + break; + + case 'h': + display_usage (); + exit (EX_OK); - if (reload_config_file (config_defaults.config_file, - &config, - &config_defaults)) { + default: + display_usage (); + exit (EX_USAGE); + } + } + + if (reload_config(0)) { exit (EX_SOFTWARE); } @@ -355,40 +341,36 @@ main (int argc, char **argv) * in the list of allowed headers, since it is required in a * HTTP/1.0 request. Also add the Content-Type header since it * goes hand in hand with Content-Length. */ - if (is_anonymous_enabled ()) { - anonymous_insert ("Content-Length"); - anonymous_insert ("Content-Type"); + if (is_anonymous_enabled (config)) { + anonymous_insert (config, safestrdup("Content-Length")); + anonymous_insert (config, safestrdup("Content-Type")); } - if (config.godaemon == TRUE) { - if (!config.syslog && config.logf_name == NULL) + if (daemonized == TRUE) { + if (!config->syslog && config->logf_name == NULL) fprintf(stderr, "WARNING: logging deactivated " "(can't log to stdout when daemonized)\n"); makedaemon (); } - if (set_signal_handler (SIGPIPE, SIG_IGN) == SIG_ERR) { - fprintf (stderr, "%s: Could not set the \"SIGPIPE\" signal.\n", - argv[0]); - exit (EX_OSERR); - } + setup_sig(SIGPIPE, SIG_IGN, "SIGPIPE", argv[0]); #ifdef FILTER_ENABLE - if (config.filter) + if (config->filter) filter_init (); #endif /* FILTER_ENABLE */ /* Start listening on the selected port. */ - if (child_listening_sockets(config.listen_addrs, config.port) < 0) { + if (child_listening_sockets(config->listen_addrs, config->port) < 0) { fprintf (stderr, "%s: Could not create listening sockets.\n", argv[0]); exit (EX_OSERR); } /* Create pid file before we drop privileges */ - if (config.pidpath) { - if (pidfile_create (config.pidpath) < 0) { + if (config->pidpath) { + if (pidfile_create (config->pidpath) < 0) { fprintf (stderr, "%s: Could not create PID file.\n", argv[0]); exit (EX_OSERR); @@ -399,7 +381,7 @@ main (int argc, char **argv) if (geteuid () == 0) change_user (argv[0]); else - log_message (LOG_WARNING, + log_message (LOG_INFO, "Not running as root, so not changing UID/GID."); /* Create log file after we drop privileges */ @@ -407,56 +389,44 @@ main (int argc, char **argv) exit (EX_SOFTWARE); } - if (child_pool_create () < 0) { - fprintf (stderr, - "%s: Could not create the pool of children.\n", - argv[0]); - exit (EX_SOFTWARE); - } - /* These signals are only for the parent process. */ log_message (LOG_INFO, "Setting the various signals."); - if (set_signal_handler (SIGCHLD, takesig) == SIG_ERR) { - fprintf (stderr, "%s: Could not set the \"SIGCHLD\" signal.\n", - argv[0]); - exit (EX_OSERR); - } + setup_sig (SIGCHLD, takesig, "SIGCHLD", argv[0]); + setup_sig (SIGTERM, takesig, "SIGTERM", argv[0]); + setup_sig (SIGINT, takesig, "SIGINT", argv[0]); + if (daemonized) setup_sig (SIGHUP, takesig, "SIGHUP", argv[0]); + setup_sig (SIGUSR1, takesig, "SIGUSR1", argv[0]); - if (set_signal_handler (SIGTERM, takesig) == SIG_ERR) { - fprintf (stderr, "%s: Could not set the \"SIGTERM\" signal.\n", - argv[0]); - exit (EX_OSERR); - } - - if (set_signal_handler (SIGHUP, takesig) == SIG_ERR) { - fprintf (stderr, "%s: Could not set the \"SIGHUP\" signal.\n", - argv[0]); - exit (EX_OSERR); - } + loop_records_init(); /* Start the main loop */ log_message (LOG_INFO, "Starting main loop. Accepting connections."); child_main_loop (); - log_message (LOG_INFO, "Shutting down."); + log_message (LOG_NOTICE, "Shutting down."); child_kill_children (SIGTERM); child_close_sock (); + child_free_children(); + + loop_records_destroy(); /* Remove the PID file */ - if (config.pidpath != NULL && unlink (config.pidpath) < 0) { + if (config->pidpath != NULL && unlink (config->pidpath) < 0) { log_message (LOG_WARNING, "Could not remove PID file \"%s\": %s.", - config.pidpath, strerror (errno)); + config->pidpath, strerror (errno)); } #ifdef FILTER_ENABLE - if (config.filter) + if (config->filter) filter_destroy (); #endif /* FILTER_ENABLE */ + free_config (config); + shutdown_logging (); return EXIT_SUCCESS; @@ -29,9 +29,9 @@ #define MAX_IDLE_TIME (60 * 10) /* 10 minutes of no activity */ /* Global Structures used in the program */ -extern struct config_s config; +extern struct config_s *config; extern unsigned int received_sighup; /* boolean */ -extern int reload_config (void); +extern int reload_config (int reload_logging); #endif /* __MAIN_H__ */ diff --git a/src/mypoll.c b/src/mypoll.c new file mode 100644 index 0000000..495e2c3 --- /dev/null +++ b/src/mypoll.c @@ -0,0 +1,48 @@ +#include "mypoll.h" + +#ifdef HAVE_POLL_H +int mypoll(pollfd_struct* fds, int nfds, int timeout) { + int i, ret; + for(i=0; i<nfds; ++i) if(!fds[i].events) fds[i].fd=~fds[i].fd; + ret = poll(fds, nfds, timeout <= 0 ? timeout : timeout*1000); + for(i=0; i<nfds; ++i) if(!fds[i].events) fds[i].fd=~fds[i].fd; + return ret; +} +#else +int mypoll(pollfd_struct* fds, int nfds, int timeout) { + fd_set rset, wset, *r=0, *w=0; + int i, ret, maxfd=-1; + struct timeval tv = {0}, *t = 0; + + for(i=0; i<nfds; ++i) { + if(fds[i].events & MYPOLL_READ) r = &rset; + if(fds[i].events & MYPOLL_WRITE) w = &wset; + if(r && w) break; + } + if(r) FD_ZERO(r); + if(w) FD_ZERO(w); + for(i=0; i<nfds; ++i) { + if(fds[i].fd > maxfd) maxfd = fds[i].fd; + if(fds[i].events & MYPOLL_READ) FD_SET(fds[i].fd, r); + if(fds[i].events & MYPOLL_WRITE) FD_SET(fds[i].fd, w); + } + + if(timeout >= 0) t = &tv; + if(timeout > 0) tv.tv_sec = timeout; + + ret = select(maxfd+1, r, w, 0, t); + + switch(ret) { + case -1: + case 0: + return ret; + } + + for(i=0; i<nfds; ++i) { + fds[i].revents = 0; + if(r && FD_ISSET(fds[i].fd, r)) fds[i].revents |= MYPOLL_READ; + if(w && FD_ISSET(fds[i].fd, w)) fds[i].revents |= MYPOLL_WRITE; + } + return ret; +} +#endif diff --git a/src/mypoll.h b/src/mypoll.h new file mode 100644 index 0000000..8736015 --- /dev/null +++ b/src/mypoll.h @@ -0,0 +1,31 @@ +#ifndef MYPOLL_H +#define MYPOLL_H + +#include "config.h" + +#ifdef HAVE_POLL_H +#define SELECT_OR_POLL "poll" + +#include <poll.h> +typedef struct pollfd pollfd_struct; + +#define MYPOLL_READ POLLIN +#define MYPOLL_WRITE POLLOUT + +#else + +#define SELECT_OR_POLL "select" +#include <sys/select.h> +typedef struct mypollfd { + int fd; + short events; + short revents; +} pollfd_struct; + +#define MYPOLL_READ (1<<1) +#define MYPOLL_WRITE (1<<2) +#endif + +int mypoll(pollfd_struct* fds, int nfds, int timeout); + +#endif diff --git a/src/orderedmap.c b/src/orderedmap.c new file mode 100644 index 0000000..4902be0 --- /dev/null +++ b/src/orderedmap.c @@ -0,0 +1,110 @@ +#ifdef HAVE_CONFIG_H +# include <config.h> +#else +# define _ALL_SOURCE +# define _GNU_SOURCE +#endif +#include <string.h> +#include "sblist.h" +#include "orderedmap.h" + +static void orderedmap_destroy_contents(struct orderedmap *o) { + char **p, *q; + size_t i; + htab_value *v; + if(!o) return; + if(o->values) { + while(sblist_getsize(o->values)) { + p = sblist_get(o->values, 0); + if(p) free(*p); + sblist_delete(o->values, 0); + } + sblist_free(o->values); + } + if(o->map) { + i = 0; + while((i = htab_next(o->map, i, &q, &v))) + free(q); + htab_destroy(o->map); + } +} + +struct orderedmap *orderedmap_create(size_t nbuckets) { + struct orderedmap o = {0}, *new; + o.values = sblist_new(sizeof(void*), 32); + if(!o.values) goto oom; + o.map = htab_create(nbuckets); + if(!o.map) goto oom; + new = malloc(sizeof o); + if(!new) goto oom; + memcpy(new, &o, sizeof o); + return new; + oom:; + orderedmap_destroy_contents(&o); + return 0; +} + +void* orderedmap_destroy(struct orderedmap *o) { + orderedmap_destroy_contents(o); + free(o); + return 0; +} + +int orderedmap_append(struct orderedmap *o, const char *key, char *value) { + size_t index; + char *nk, *nv; + nk = nv = 0; + nk = strdup(key); + nv = strdup(value); + if(!nk || !nv) goto oom; + index = sblist_getsize(o->values); + if(!sblist_add(o->values, &nv)) goto oom; + if(!htab_insert(o->map, nk, HTV_N(index))) { + sblist_delete(o->values, index); + goto oom; + } + return 1; +oom:; + free(nk); + free(nv); + return 0; +} + +char* orderedmap_find(struct orderedmap *o, const char *key) { + char **p; + htab_value *v = htab_find(o->map, key); + if(!v) return 0; + p = sblist_get(o->values, v->n); + return p?*p:0; +} + +int orderedmap_remove(struct orderedmap *o, const char *key) { + size_t i; + char *lk; + htab_value *lv, *v = htab_find(o->map, key); + if(!v) return 0; + htab_delete(o->map, key); + sblist_delete(o->values, v->n); + i = 0; + while((i = htab_next(o->map, i, &lk, &lv))) { + if(lv->n > v->n) lv->n--; + } + return 1; +} + +size_t orderedmap_next(struct orderedmap *o, size_t iter, char** key, char** value) { + size_t h_iter; + htab_value* hval; + char **p; + if(iter < sblist_getsize(o->values)) { + h_iter = 0; + while((h_iter = htab_next(o->map, h_iter, key, &hval))) { + if(hval->n == iter) { + p = sblist_get(o->values, iter); + *value = p?*p:0; + return iter+1; + } + } + } + return 0; +} diff --git a/src/orderedmap.h b/src/orderedmap.h new file mode 100644 index 0000000..e3f4b0e --- /dev/null +++ b/src/orderedmap.h @@ -0,0 +1,20 @@ +#ifndef ORDEREDMAP_H +#define ORDEREDMAP_H + +#include <stdlib.h> +#include "sblist.h" +#include "hsearch.h" + +typedef struct orderedmap { + sblist* values; + struct htab *map; +} *orderedmap; + +struct orderedmap *orderedmap_create(size_t nbuckets); +void* orderedmap_destroy(struct orderedmap *o); +int orderedmap_append(struct orderedmap *o, const char *key, char *value ); +char* orderedmap_find(struct orderedmap *o, const char *key); +int orderedmap_remove(struct orderedmap *o, const char *key); +size_t orderedmap_next(struct orderedmap *o, size_t iter, char** key, char** value); + +#endif @@ -32,7 +32,8 @@ #include "buffer.h" #include "conns.h" #include "filter.h" -#include "hashmap.h" +#include "hsearch.h" +#include "orderedmap.h" #include "heap.h" #include "html-error.h" #include "log.h" @@ -42,13 +43,15 @@ #include "stats.h" #include "text.h" #include "utils.h" -#include "vector.h" +#include "sblist.h" #include "reverse-proxy.h" #include "transparent-proxy.h" #include "upstream.h" #include "connect-ports.h" #include "conf.h" #include "basicauth.h" +#include "loop.h" +#include "mypoll.h" /* * Maximum length of a HTTP line @@ -60,8 +63,8 @@ * enabled. */ #ifdef UPSTREAM_SUPPORT -# define UPSTREAM_CONFIGURED() (config.upstream_list != NULL) -# define UPSTREAM_HOST(host) upstream_get(host, config.upstream_list) +# define UPSTREAM_CONFIGURED() (config->upstream_list != NULL) +# define UPSTREAM_HOST(host) upstream_get(host, config->upstream_list) # define UPSTREAM_IS_HTTP(conn) (conn->upstream_proxy != NULL && conn->upstream_proxy->type == PT_HTTP) #else # define UPSTREAM_CONFIGURED() (0) @@ -271,28 +274,34 @@ establish_http_connection (struct conn_s *connptr, struct request_s *request) /* host is an IPv6 address literal, so surround it with * [] */ return write_message (connptr->server_fd, - "%s %s HTTP/1.0\r\n" + "%s %s HTTP/1.%u\r\n" "Host: [%s]%s\r\n" "Connection: close\r\n", request->method, request->path, + connptr->protocol.major != 1 ? 0 : + connptr->protocol.minor, request->host, portbuff); } else if (connptr->upstream_proxy && connptr->upstream_proxy->type == PT_HTTP && connptr->upstream_proxy->ua.authstr) { return write_message (connptr->server_fd, - "%s %s HTTP/1.0\r\n" + "%s %s HTTP/1.%u\r\n" "Host: %s%s\r\n" "Connection: close\r\n" "Proxy-Authorization: Basic %s\r\n", request->method, request->path, + connptr->protocol.major != 1 ? 0 : + connptr->protocol.minor, request->host, portbuff, connptr->upstream_proxy->ua.authstr); } else { return write_message (connptr->server_fd, - "%s %s HTTP/1.0\r\n" + "%s %s HTTP/1.%u\r\n" "Host: %s%s\r\n" "Connection: close\r\n", request->method, request->path, + connptr->protocol.major != 1 ? 0 : + connptr->protocol.minor, request->host, portbuff); } } @@ -320,7 +329,7 @@ static int send_ssl_response (struct conn_s *connptr) * build a new request line. Finally connect to the remote server. */ static struct request_s *process_request (struct conn_s *connptr, - hashmap_t hashofheaders) + orderedmap hashofheaders) { char *url; struct request_s *request; @@ -378,7 +387,7 @@ BAD_REQUEST_ERROR: } #ifdef REVERSE_SUPPORT - if (config.reversepath_list != NULL) { + if (config->reversepath_list != NULL) { /* * Rewrite the URL based on the reverse path. After calling * reverse_rewrite_url "url" can be freed since we either @@ -392,7 +401,7 @@ BAD_REQUEST_ERROR: if (reverse_url != NULL) { safefree (url); url = reverse_url; - } else if (config.reverseonly) { + } else if (config->reverseonly) { log_message (LOG_ERR, "Bad request, no mapping for '%s' found", url); @@ -425,7 +434,7 @@ BAD_REQUEST_ERROR: /* Verify that the port in the CONNECT method is allowed */ if (!check_allowed_connect_ports (request->port, - config.connect_ports)) + config->connect_ports)) { indicate_http_error (connptr, 403, "Access violation", "detail", @@ -442,7 +451,7 @@ BAD_REQUEST_ERROR: } else { #ifdef TRANSPARENT_PROXY if (!do_transparent_proxy - (connptr, hashofheaders, request, &config, &url)) { + (connptr, hashofheaders, request, config, &url)) { goto fail; } #else @@ -460,16 +469,16 @@ BAD_REQUEST_ERROR: /* * Filter restricted domains/urls */ - if (config.filter) { - if (config.filter_url) - ret = filter_url (url); + if (config->filter) { + if (config->filter_url) + ret = filter_run (url); else - ret = filter_domain (request->host); + ret = filter_run (request->host); if (ret) { update_stats (STAT_DENIED); - if (config.filter_url) + if (config->filter_url) log_message (LOG_NOTICE, "Proxying refused on filtered url \"%s\"", url); @@ -491,7 +500,7 @@ BAD_REQUEST_ERROR: /* * Check to see if they're requesting the stat host */ - if (config.stathost && strcmp (config.stathost, request->host) == 0) { + if (config->stathost && strcmp (config->stathost, request->host) == 0) { log_message (LOG_NOTICE, "Request for the stathost."); connptr->show_stats = TRUE; goto fail; @@ -601,7 +610,7 @@ static int add_xtinyproxy_header (struct conn_s *connptr) * can be retrieved and manipulated later. */ static int -add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len) +add_header_to_connection (orderedmap hashofheaders, char *header, size_t len) { char *sep; @@ -610,7 +619,7 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len) sep = strchr (header, ':'); if (!sep) - return -1; + return 0; /* just skip invalid header, do not give error */ /* Blank out colons, spaces, and tabs. */ while (*sep == ':' || *sep == ' ' || *sep == '\t') @@ -619,7 +628,7 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len) /* Calculate the new length of just the data */ len -= sep - header - 1; - return hashmap_insert (hashofheaders, header, sep, len); + return orderedmap_append (hashofheaders, header, sep); } /* @@ -733,7 +742,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders, char** lines, size_ * Extract the headers to remove. These headers were listed in the Connection * and Proxy-Connection headers. */ -static int remove_connection_headers (hashmap_t hashofheaders) +static int remove_connection_headers (orderedmap hashofheaders) { static const char *headers[] = { "connection", @@ -747,12 +756,13 @@ static int remove_connection_headers (hashmap_t hashofheaders) for (i = 0; i != (sizeof (headers) / sizeof (char *)); ++i) { /* Look for the connection header. If it's not found, return. */ - len = - hashmap_entry_by_key (hashofheaders, headers[i], - (void **) &data); - if (len <= 0) + data = orderedmap_find(hashofheaders, headers[i]); + + if (!data) return 0; + len = strlen(data); + /* * Go through the data line and replace any special characters * with a NULL. @@ -767,7 +777,7 @@ static int remove_connection_headers (hashmap_t hashofheaders) */ ptr = data; while (ptr < data + len) { - hashmap_remove (hashofheaders, ptr); + orderedmap_remove (hashofheaders, ptr); /* Advance ptr to the next token */ ptr += strlen (ptr) + 1; @@ -776,7 +786,7 @@ static int remove_connection_headers (hashmap_t hashofheaders) } /* Now remove the connection header it self. */ - hashmap_remove (hashofheaders, headers[i]); + orderedmap_remove (hashofheaders, headers[i]); } return 0; @@ -786,16 +796,14 @@ static int remove_connection_headers (hashmap_t hashofheaders) * If there is a Content-Length header, then return the value; otherwise, return * a negative number. */ -static long get_content_length (hashmap_t hashofheaders) +static long get_content_length (orderedmap hashofheaders) { - ssize_t len; char *data; long content_length = -1; - len = - hashmap_entry_by_key (hashofheaders, "content-length", - (void **) &data); - if (len > 0) + data = orderedmap_find (hashofheaders, "content-length"); + + if (data) content_length = atol (data); return content_length; @@ -809,21 +817,20 @@ static long get_content_length (hashmap_t hashofheaders) * purposes. */ static int -write_via_header (int fd, hashmap_t hashofheaders, +write_via_header (int fd, orderedmap hashofheaders, unsigned int major, unsigned int minor) { - ssize_t len; char hostname[512]; char *data; int ret; - if (config.disable_viaheader) { + if (config->disable_viaheader) { ret = 0; goto done; } - if (config.via_proxy_name) { - strlcpy (hostname, config.via_proxy_name, sizeof (hostname)); + if (config->via_proxy_name) { + strlcpy (hostname, config->via_proxy_name, sizeof (hostname)); } else if (gethostname (hostname, sizeof (hostname)) < 0) { strlcpy (hostname, "unknown", 512); } @@ -832,14 +839,14 @@ write_via_header (int fd, hashmap_t hashofheaders, * See if there is a "Via" header. If so, again we need to do a bit * of processing. */ - len = hashmap_entry_by_key (hashofheaders, "via", (void **) &data); - if (len > 0) { + data = orderedmap_find (hashofheaders, "via"); + if (data) { ret = write_message (fd, "Via: %s, %hu.%hu %s (%s/%s)\r\n", data, major, minor, hostname, PACKAGE, VERSION); - hashmap_remove (hashofheaders, "via"); + orderedmap_remove (hashofheaders, "via"); } else { ret = write_message (fd, "Via: %hu.%hu %s (%s/%s)\r\n", @@ -853,7 +860,7 @@ done: /* * Number of buckets to use internally in the hashmap. */ -#define HEADER_BUCKETS 256 +#define HEADER_BUCKETS 32 /* * Here we loop through all the headers the client is sending. If we @@ -862,7 +869,7 @@ done: * - rjkaes */ static int -process_client_headers (struct conn_s *connptr, hashmap_t hashofheaders) +process_client_headers (struct conn_s *connptr, orderedmap hashofheaders) { static const char *skipheaders[] = { "host", @@ -873,7 +880,7 @@ process_client_headers (struct conn_s *connptr, hashmap_t hashofheaders) "upgrade" }; int i; - hashmap_iter iter; + size_t iter; int ret = 0; char *data, *header; @@ -906,7 +913,7 @@ process_client_headers (struct conn_s *connptr, hashmap_t hashofheaders) * Delete the headers listed in the skipheaders list */ for (i = 0; i != (sizeof (skipheaders) / sizeof (char *)); i++) { - hashmap_remove (hashofheaders, skipheaders[i]); + orderedmap_remove (hashofheaders, skipheaders[i]); } /* Send, or add the Via header */ @@ -926,32 +933,27 @@ process_client_headers (struct conn_s *connptr, hashmap_t hashofheaders) /* * Output all the remaining headers to the remote machine. */ - iter = hashmap_first (hashofheaders); - if (iter >= 0) { - for (; !hashmap_is_end (hashofheaders, iter); ++iter) { - hashmap_return_entry (hashofheaders, - iter, &data, (void **) &header); - - if (!is_anonymous_enabled () - || anonymous_search (data) > 0) { - ret = - write_message (connptr->server_fd, - "%s: %s\r\n", data, header); - if (ret < 0) { - indicate_http_error (connptr, 503, - "Could not send data to remote server", - "detail", - "A network error occurred while " - "trying to write data to the " - "remote web server.", - NULL); - goto PULL_CLIENT_DATA; - } + iter = 0; + while((iter = orderedmap_next(hashofheaders, iter, &data, &header))) { + if (!is_anonymous_enabled (config) + || anonymous_search (config, data) > 0) { + ret = + write_message (connptr->server_fd, + "%s: %s\r\n", data, header); + if (ret < 0) { + indicate_http_error (connptr, 503, + "Could not send data to remote server", + "detail", + "A network error occurred while " + "trying to write data to the " + "remote web server.", + NULL); + goto PULL_CLIENT_DATA; } } } #if defined(XTINYPROXY_ENABLE) - if (config.add_xtinyproxy) + if (config->add_xtinyproxy) add_xtinyproxy_header (connptr); #endif @@ -986,15 +988,15 @@ static int process_server_headers (struct conn_s *connptr) char *response_line; - hashmap_t hashofheaders; - hashmap_iter iter; + orderedmap hashofheaders; + size_t iter; char *data, *header; ssize_t len; int i; int ret; #ifdef REVERSE_SUPPORT - struct reversepath *reverse = config.reversepath_list; + struct reversepath *reverse = config->reversepath_list; #endif /* Get the response line from the remote server. */ @@ -1016,7 +1018,7 @@ retry: goto retry; } - hashofheaders = hashmap_create (HEADER_BUCKETS); + hashofheaders = orderedmap_create (HEADER_BUCKETS); if (!hashofheaders) { safefree (response_line); return -1; @@ -1028,7 +1030,7 @@ retry: if (get_all_headers (connptr->server_fd, hashofheaders, NULL, NULL) < 0) { log_message (LOG_WARNING, "Could not retrieve all the headers from the remote server."); - hashmap_delete (hashofheaders); + orderedmap_destroy (hashofheaders); safefree (response_line); indicate_http_error (connptr, 503, @@ -1047,7 +1049,7 @@ retry: * Instead we'll free all the memory and return. */ if (connptr->protocol.major < 1) { - hashmap_delete (hashofheaders); + orderedmap_destroy (hashofheaders); safefree (response_line); return 0; } @@ -1074,7 +1076,7 @@ retry: * Delete the headers listed in the skipheaders list */ for (i = 0; i != (sizeof (skipheaders) / sizeof (char *)); i++) { - hashmap_remove (hashofheaders, skipheaders[i]); + orderedmap_remove (hashofheaders, skipheaders[i]); } /* Send, or add the Via header */ @@ -1086,7 +1088,7 @@ retry: #ifdef REVERSE_SUPPORT /* Write tracking cookie for the magical reverse proxy path hack */ - if (config.reversemagic && connptr->reversepath) { + if (config->reversemagic && connptr->reversepath) { ret = write_message (connptr->client_fd, "Set-Cookie: " REVERSE_COOKIE "=%s; path=/\r\n", connptr->reversepath); @@ -1095,9 +1097,8 @@ retry: } /* Rewrite the HTTP redirect if needed */ - if (config.reversebaseurl && - hashmap_entry_by_key (hashofheaders, "location", - (void **) &header) > 0) { + if (config->reversebaseurl && + (header = orderedmap_find (hashofheaders, "location"))) { /* Look for a matching entry in the reversepath list */ while (reverse) { @@ -1113,16 +1114,16 @@ retry: ret = write_message (connptr->client_fd, "Location: %s%s%s\r\n", - config.reversebaseurl, + config->reversebaseurl, (reverse->path + 1), (header + len)); if (ret < 0) goto ERROR_EXIT; log_message (LOG_INFO, "Rewriting HTTP redirect: %s -> %s%s%s", - header, config.reversebaseurl, + header, config->reversebaseurl, (reverse->path + 1), (header + len)); - hashmap_remove (hashofheaders, "location"); + orderedmap_remove (hashofheaders, "location"); } } #endif @@ -1130,19 +1131,15 @@ retry: /* * All right, output all the remaining headers to the client. */ - iter = hashmap_first (hashofheaders); - if (iter >= 0) { - for (; !hashmap_is_end (hashofheaders, iter); ++iter) { - hashmap_return_entry (hashofheaders, - iter, &data, (void **) &header); - - ret = write_message (connptr->client_fd, - "%s: %s\r\n", data, header); - if (ret < 0) - goto ERROR_EXIT; - } + iter = 0; + while ((iter = orderedmap_next(hashofheaders, iter, &data, &header))) { + + ret = write_message (connptr->client_fd, + "%s: %s\r\n", data, header); + if (ret < 0) + goto ERROR_EXIT; } - hashmap_delete (hashofheaders); + orderedmap_destroy (hashofheaders); /* Write the final blank line to signify the end of the headers */ if (safe_write (connptr->client_fd, "\r\n", 2) < 0) @@ -1151,7 +1148,7 @@ retry: return 0; ERROR_EXIT: - hashmap_delete (hashofheaders); + orderedmap_destroy (hashofheaders); return -1; } @@ -1165,74 +1162,39 @@ ERROR_EXIT: */ static void relay_connection (struct conn_s *connptr) { - fd_set rset, wset; - struct timeval tv; - time_t last_access; int ret; - double tdiff; - int maxfd = max (connptr->client_fd, connptr->server_fd) + 1; ssize_t bytes_received; - ret = socket_nonblocking (connptr->client_fd); - if (ret != 0) { - log_message(LOG_ERR, "Failed to set the client socket " - "to non-blocking: %s", strerror(errno)); - return; - } - - ret = socket_nonblocking (connptr->server_fd); - if (ret != 0) { - log_message(LOG_ERR, "Failed to set the server socket " - "to non-blocking: %s", strerror(errno)); - return; - } - - last_access = time (NULL); - for (;;) { - FD_ZERO (&rset); - FD_ZERO (&wset); - - tv.tv_sec = - config.idletimeout - difftime (time (NULL), last_access); - tv.tv_usec = 0; + pollfd_struct fds[2] = {0}; + fds[0].fd = connptr->client_fd; + fds[1].fd = connptr->server_fd; if (buffer_size (connptr->sbuffer) > 0) - FD_SET (connptr->client_fd, &wset); + fds[0].events |= MYPOLL_WRITE; if (buffer_size (connptr->cbuffer) > 0) - FD_SET (connptr->server_fd, &wset); + fds[1].events |= MYPOLL_WRITE; if (buffer_size (connptr->sbuffer) < MAXBUFFSIZE) - FD_SET (connptr->server_fd, &rset); + fds[1].events |= MYPOLL_READ; if (buffer_size (connptr->cbuffer) < MAXBUFFSIZE) - FD_SET (connptr->client_fd, &rset); + fds[0].events |= MYPOLL_READ; - ret = select (maxfd, &rset, &wset, NULL, &tv); + ret = mypoll(fds, 2, config->idletimeout); if (ret == 0) { - tdiff = difftime (time (NULL), last_access); - if (tdiff > config.idletimeout) { - log_message (LOG_INFO, - "Idle Timeout (after select) as %g > %u.", - tdiff, config.idletimeout); + log_message (LOG_INFO, + "Idle Timeout (after " SELECT_OR_POLL ")"); return; - } else { - continue; - } } else if (ret < 0) { log_message (LOG_ERR, - "relay_connection: select() error \"%s\". " + "relay_connection: " SELECT_OR_POLL "() error \"%s\". " "Closing connection (client_fd:%d, server_fd:%d)", strerror (errno), connptr->client_fd, connptr->server_fd); return; - } else { - /* - * All right, something was actually selected so mark it. - */ - last_access = time (NULL); } - if (FD_ISSET (connptr->server_fd, &rset)) { + if (fds[1].revents & MYPOLL_READ) { bytes_received = read_buffer (connptr->server_fd, connptr->sbuffer); if (bytes_received < 0) @@ -1242,32 +1204,20 @@ static void relay_connection (struct conn_s *connptr) if (connptr->content_length.server == 0) break; } - if (FD_ISSET (connptr->client_fd, &rset) + if ((fds[0].revents & MYPOLL_READ) && read_buffer (connptr->client_fd, connptr->cbuffer) < 0) { break; } - if (FD_ISSET (connptr->server_fd, &wset) + if ((fds[1].revents & MYPOLL_WRITE) && write_buffer (connptr->server_fd, connptr->cbuffer) < 0) { break; } - if (FD_ISSET (connptr->client_fd, &wset) + if ((fds[0].revents & MYPOLL_WRITE) && write_buffer (connptr->client_fd, connptr->sbuffer) < 0) { break; } } - /* - * Here the server has closed the connection... write the - * remainder to the client and then exit. - */ - ret = socket_blocking (connptr->client_fd); - if (ret != 0) { - log_message(LOG_ERR, - "Failed to set client socket to blocking: %s", - strerror(errno)); - return; - } - while (buffer_size (connptr->sbuffer) > 0) { if (write_buffer (connptr->client_fd, connptr->sbuffer) < 0) break; @@ -1438,7 +1388,7 @@ connect_to_upstream (struct conn_s *connptr, struct request_s *request) connptr->server_fd = opensock (cur_upstream->host, cur_upstream->port, - connptr->server_ip_addr); + connptr->server_ip_addr, NULL); if (connptr->server_fd < 0) { log_message (LOG_WARNING, @@ -1494,26 +1444,27 @@ connect_to_upstream (struct conn_s *connptr, struct request_s *request) #endif } +/* this function "drains" remaining bytes in the read pipe from + the client. it's usually only called on error before displaying + an error code/page. */ static int get_request_entity(struct conn_s *connptr) { int ret; - fd_set rset; - struct timeval tv; + pollfd_struct fds[1] = {0}; - FD_ZERO (&rset); - FD_SET (connptr->client_fd, &rset); - tv.tv_sec = 0; - tv.tv_usec = 0; - ret = select (connptr->client_fd + 1, &rset, NULL, NULL, &tv); + fds[0].fd = connptr->client_fd; + fds[0].events |= MYPOLL_READ; + + ret = mypoll(fds, 1, config->idletimeout); if (ret == -1) { log_message (LOG_ERR, - "Error calling select on client fd %d: %s", + "Error calling " SELECT_OR_POLL " on client fd %d: %s", connptr->client_fd, strerror(errno)); } else if (ret == 0) { log_message (LOG_INFO, "no entity"); - } else if (ret == 1 && FD_ISSET (connptr->client_fd, &rset)) { + } else if (ret == 1 && (fds[0].revents & MYPOLL_READ)) { ssize_t nread; nread = read_buffer (connptr->client_fd, connptr->cbuffer); if (nread < 0) { @@ -1523,12 +1474,12 @@ get_request_entity(struct conn_s *connptr) ret = -1; } else { log_message (LOG_INFO, - "Read request entity of %d bytes", - nread); + "Read request entity of %ld bytes", + (long) nread); ret = 0; } } else { - log_message (LOG_ERR, "strange situation after select: " + log_message (LOG_ERR, "strange situation after " SELECT_OR_POLL ": " "ret = %d, but client_fd (%d) is not readable...", ret, connptr->client_fd); ret = -1; @@ -1537,6 +1488,31 @@ get_request_entity(struct conn_s *connptr) return ret; } +static void handle_connection_failure(struct conn_s *connptr, int got_headers) +{ + /* + * First, get the body if there is one. + * If we don't read all there is from the socket first, + * it is still marked for reading and we won't be able + * to send our data properly. + */ + if (!got_headers && get_request_entity (connptr) < 0) { + log_message (LOG_WARNING, + "Could not retrieve request entity"); + indicate_http_error (connptr, 400, "Bad Request", + "detail", + "Could not retrieve the request entity " + "the client.", NULL); + update_stats (STAT_BADCONN); + } + + if (connptr->error_variables) { + send_http_error_message (connptr); + } else if (connptr->show_stats) { + showstats (connptr); + } +} + /* * This is the main drive for each connection. As you can tell, for the @@ -1547,44 +1523,83 @@ get_request_entity(struct conn_s *connptr) * tinyproxy code, which was confusing, redundant. Hail progress. * - rjkaes */ -void handle_connection (int fd) +void handle_connection (struct conn_s *connptr, union sockaddr_union* addr) { - ssize_t i; - struct conn_s *connptr; + +#define HC_FAIL() \ + do {handle_connection_failure(connptr, got_headers); goto done;} \ + while(0) + + int got_headers = 0, fd = connptr->client_fd; + size_t i; struct request_s *request = NULL; - hashmap_t hashofheaders = NULL; + struct timeval tv; + orderedmap hashofheaders = NULL; char sock_ipaddr[IP_LENGTH]; + char sock_ipaddr_alt[IP_LENGTH]=""; char peer_ipaddr[IP_LENGTH]; char peer_string[HOSTNAME_LENGTH]; char *lines = NULL; size_t lines_len = 0; - getpeer_information (fd, peer_ipaddr, peer_string); + getpeer_information (addr, peer_ipaddr, sizeof(peer_ipaddr)); - if (config.bindsame) + if (config->bindsame) getsock_ip (fd, sock_ipaddr); - log_message (LOG_CONN, config.bindsame ? - "Connect (file descriptor %d): %s [%s] at [%s]" : - "Connect (file descriptor %d): %s [%s]", - fd, peer_string, peer_ipaddr, sock_ipaddr); + switch (SOCKADDR_UNION_AF(addr)) { + case AF_INET: + if (config->bind_ipv4mapped) + getmapped_ipv6 (config->bind_ipv4mapped, sock_ipaddr, sock_ipaddr_alt); + break; + case AF_INET6: + if (config->bind_ipv6mapped) + getmapped_ipv4 (config->bind_ipv6mapped, sock_ipaddr, sock_ipaddr_alt); + break; + } + + log_message (LOG_CONN, config->bindsame ? + "Connect (file descriptor %d): %s at [%s]" : + "Connect (file descriptor %d): %s", + fd, peer_ipaddr, sock_ipaddr); - connptr = initialize_conn (fd, peer_ipaddr, peer_string, - config.bindsame ? sock_ipaddr : NULL); - if (!connptr) { + if(!conn_init_contents (connptr, peer_ipaddr, + config->bindsame ? sock_ipaddr : NULL, + sock_ipaddr_alt[0] ? sock_ipaddr_alt : NULL)) { close (fd); return; } - if (check_acl (peer_ipaddr, peer_string, config.access_list) <= 0) { + tv.tv_usec = 0; + tv.tv_sec = config->idletimeout; + setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, (void*) &tv, sizeof(tv)); + tv.tv_usec = 0; + tv.tv_sec = config->idletimeout; + setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (void*) &tv, sizeof(tv)); + + if (connection_loops (addr)) { + log_message (LOG_CONN, + "Prevented endless loop (file descriptor %d): %s", + fd, peer_ipaddr); + + indicate_http_error(connptr, 400, "Bad Request", + "detail", + "You tried to connect to the " + "machine the proxy is running on", + NULL); + HC_FAIL(); + } + + + if (check_acl (peer_ipaddr, addr, config->access_list) <= 0) { update_stats (STAT_DENIED); indicate_http_error (connptr, 403, "Access denied", "detail", "The administrator of this proxy has not configured " "it to service requests from your host.", NULL); - goto fail; + HC_FAIL(); } if (read_request_line (connptr, &lines, &lines_len) < 0) { @@ -1593,13 +1608,13 @@ void handle_connection (int fd) "detail", "Server timeout waiting for the HTTP request " "from the client.", NULL); - goto fail; + HC_FAIL(); } /* * The "hashofheaders" store the client's headers. */ - hashofheaders = hashmap_create (HEADER_BUCKETS); + hashofheaders = orderedmap_create (HEADER_BUCKETS); if (hashofheaders == NULL) { update_stats (STAT_BADCONN); indicate_http_error (connptr, 503, "Internal error", @@ -1607,7 +1622,7 @@ void handle_connection (int fd) "An internal server error occurred while processing " "your request. Please contact the administrator.", NULL); - goto fail; + HC_FAIL(); } /* @@ -1621,52 +1636,59 @@ void handle_connection (int fd) "Could not retrieve all the headers from " "the client.", NULL); update_stats (STAT_BADCONN); - goto fail; + HC_FAIL(); } + got_headers = 1; - if (config.basicauth_list != NULL) { - ssize_t len; + if (config->basicauth_list != NULL) { char *authstring; - int failure = 1; - len = hashmap_entry_by_key (hashofheaders, "proxy-authorization", - (void **) &authstring); + int failure = 1, stathost_connect = 0; + authstring = orderedmap_find (hashofheaders, "proxy-authorization"); + + if (!authstring && config->stathost) { + authstring = orderedmap_find (hashofheaders, "host"); + if (authstring && !strncmp(authstring, config->stathost, strlen(config->stathost))) { + authstring = orderedmap_find (hashofheaders, "authorization"); + stathost_connect = 1; + } else authstring = 0; + } - if (len == 0) { + if (!authstring) { + if (stathost_connect) goto e401; update_stats (STAT_DENIED); indicate_http_error (connptr, 407, "Proxy Authentication Required", "detail", "This proxy requires authentication.", NULL); - goto fail; + HC_FAIL(); } if ( /* currently only "basic" auth supported */ (strncmp(authstring, "Basic ", 6) == 0 || strncmp(authstring, "basic ", 6) == 0) && - basicauth_check (config.basicauth_list, authstring + 6) == 1) + basicauth_check (config->basicauth_list, authstring + 6) == 1) failure = 0; if(failure) { +e401: update_stats (STAT_DENIED); indicate_http_error (connptr, 401, "Unauthorized", "detail", "The administrator of this proxy has not configured " "it to service requests from you.", NULL); - goto fail; + HC_FAIL(); } - hashmap_remove (hashofheaders, "proxy-authorization"); + orderedmap_remove (hashofheaders, "proxy-authorization"); } /* * Add any user-specified headers (AddHeader directive) to the * outgoing HTTP request. */ - for (i = 0; i < vector_length (config.add_headers); i++) { - http_header_t *header = (http_header_t *) - vector_getentry (config.add_headers, i, NULL); + if (config->add_headers) + for (i = 0; i < sblist_getsize (config->add_headers); i++) { + http_header_t *header = sblist_get (config->add_headers, i); - hashmap_insert (hashofheaders, - header->name, - header->value, strlen (header->value) + 1); + orderedmap_append (hashofheaders, header->name, header->value); } request = process_request (connptr, hashofheaders); @@ -1674,24 +1696,25 @@ void handle_connection (int fd) if (!connptr->show_stats) { update_stats (STAT_BADCONN); } - goto fail; + HC_FAIL(); } connptr->upstream_proxy = UPSTREAM_HOST (request->host); if (connptr->upstream_proxy != NULL) { if (connect_to_upstream (connptr, request) < 0) { - goto fail; + HC_FAIL(); } } else { connptr->server_fd = opensock (request->host, request->port, - connptr->server_ip_addr); + connptr->server_ip_addr, + connptr->server_ip_addr_alt); if (connptr->server_fd < 0) { indicate_http_error (connptr, 500, "Unable to connect", "detail", PACKAGE_NAME " " "was unable to connect to the remote web server.", "error", strerror (errno), NULL); - goto fail; + HC_FAIL(); } log_message (LOG_CONN, @@ -1710,13 +1733,25 @@ void handle_connection (int fd) if (process_client_headers (connptr, hashofheaders) < 0) { update_stats (STAT_BADCONN); - goto fail; + log_message (LOG_INFO, + "process_client_headers failed: %s. host \"%s\" using " + "file descriptor %d.", strerror(errno), + request->host, + connptr->server_fd); + + HC_FAIL(); } if (!connptr->connect_method || UPSTREAM_IS_HTTP(connptr)) { if (process_server_headers (connptr) < 0) { update_stats (STAT_BADCONN); - goto fail; + log_message (LOG_INFO, + "process_server_headers failed: %s. host \"%s\" using " + "file descriptor %d.", strerror(errno), + request->host, + connptr->server_fd); + + HC_FAIL(); } } else if (connptr->connect_method == CM_UPGRADE) { /* NOP */ ; @@ -1726,7 +1761,7 @@ void handle_connection (int fd) "handle_connection: Could not send SSL greeting " "to client."); update_stats (STAT_BADCONN); - goto fail; + HC_FAIL(); } } @@ -1737,35 +1772,11 @@ void handle_connection (int fd) "and remote client (fd:%d)", connptr->client_fd, connptr->server_fd); - goto done; - -fail: - /* - * First, get the body if there is one. - * If we don't read all there is from the socket first, - * it is still marked for reading and we won't be able - * to send our data properly. - */ - if (get_request_entity (connptr) < 0) { - log_message (LOG_WARNING, - "Could not retrieve request entity"); - indicate_http_error (connptr, 400, "Bad Request", - "detail", - "Could not retrieve the request entity " - "the client.", NULL); - update_stats (STAT_BADCONN); - } - - if (connptr->error_variables) { - send_http_error_message (connptr); - } else if (connptr->show_stats) { - showstats (connptr); - } - done: safefree(lines); free_request_struct (request); - hashmap_delete (hashofheaders); - destroy_conn (connptr); + orderedmap_destroy (hashofheaders); + conn_destroy_contents (connptr); return; +#undef HC_FAIL } @@ -23,6 +23,8 @@ #define _TINYPROXY_REQS_H_ #include "common.h" +#include "sock.h" +#include "conns.h" /* * Port constants for HTTP (80) and SSL (443) @@ -43,6 +45,6 @@ struct request_s { char *path; }; -extern void handle_connection (int fd); +extern void handle_connection (struct conn_s *, union sockaddr_union* addr); #endif diff --git a/src/reverse-proxy.c b/src/reverse-proxy.c index 0264787..af58d56 100644 --- a/src/reverse-proxy.c +++ b/src/reverse-proxy.c @@ -111,7 +111,7 @@ void free_reversepath_list (struct reversepath *reverse) /* * Rewrite the URL for reverse proxying. */ -char *reverse_rewrite_url (struct conn_s *connptr, hashmap_t hashofheaders, +char *reverse_rewrite_url (struct conn_s *connptr, orderedmap hashofheaders, char *url) { char *rewrite_url = NULL; @@ -122,24 +122,23 @@ char *reverse_rewrite_url (struct conn_s *connptr, hashmap_t hashofheaders, /* Reverse requests always start with a slash */ if (*url == '/') { /* First try locating the reverse mapping by request url */ - reverse = reversepath_get (url, config.reversepath_list); + reverse = reversepath_get (url, config->reversepath_list); if (reverse) { rewrite_url = (char *) safemalloc (strlen (url) + strlen (reverse->url) + 1); strcpy (rewrite_url, reverse->url); strcat (rewrite_url, url + strlen (reverse->path)); - } else if (config.reversemagic - && hashmap_entry_by_key (hashofheaders, - "cookie", - (void **) &cookie) > 0) { + } else if (config->reversemagic + && (cookie = orderedmap_find (hashofheaders, + "cookie"))) { /* No match - try the magical tracking cookie next */ if ((cookieval = strstr (cookie, REVERSE_COOKIE "=")) && (reverse = reversepath_get (cookieval + strlen (REVERSE_COOKIE) + 1, - config.reversepath_list))) + config->reversepath_list))) { rewrite_url = (char *) safemalloc @@ -163,7 +162,7 @@ char *reverse_rewrite_url (struct conn_s *connptr, hashmap_t hashofheaders, log_message (LOG_CONN, "Rewriting URL: %s -> %s", url, rewrite_url); /* Store reverse path so that the magical tracking cookie can be set */ - if (config.reversemagic && reverse) + if (config->reversemagic && reverse) connptr->reversepath = safestrdup (reverse->path); return rewrite_url; diff --git a/src/reverse-proxy.h b/src/reverse-proxy.h index 64b4acd..a2d6619 100644 --- a/src/reverse-proxy.h +++ b/src/reverse-proxy.h @@ -22,6 +22,7 @@ #define TINYPROXY_REVERSE_PROXY_H #include "conns.h" +#include "orderedmap.h" struct reversepath { struct reversepath *next; @@ -37,6 +38,6 @@ extern struct reversepath *reversepath_get (char *url, struct reversepath *reverse); void free_reversepath_list (struct reversepath *reverse); extern char *reverse_rewrite_url (struct conn_s *connptr, - hashmap_t hashofheaders, char *url); + orderedmap hashofheaders, char *url); #endif diff --git a/src/sblist.c b/src/sblist.c new file mode 100644 index 0000000..4ddc4aa --- /dev/null +++ b/src/sblist.c @@ -0,0 +1,80 @@ +#undef _POSIX_C_SOURCE +#define _POSIX_C_SOURCE 200809L +#include "sblist.h" +#include <limits.h> +#include <stdlib.h> +#include <string.h> +#define MY_PAGE_SIZE 4096 + +sblist* sblist_new(size_t itemsize, size_t blockitems) { + sblist* ret = (sblist*) malloc(sizeof(sblist)); + sblist_init(ret, itemsize, blockitems); + return ret; +} + +static void sblist_clear(sblist* l) { + l->items = NULL; + l->capa = 0; + l->count = 0; +} + +void sblist_init(sblist* l, size_t itemsize, size_t blockitems) { + if(l) { + l->blockitems = blockitems ? blockitems : MY_PAGE_SIZE / itemsize; + l->itemsize = itemsize; + sblist_clear(l); + } +} + +void sblist_free_items(sblist* l) { + if(l) { + if(l->items) free(l->items); + sblist_clear(l); + } +} + +void sblist_free(sblist* l) { + if(l) { + sblist_free_items(l); + free(l); + } +} + +char* sblist_item_from_index(sblist* l, size_t idx) { + return l->items + (idx * l->itemsize); +} + +void* sblist_get(sblist* l, size_t item) { + if(item < l->count) return (void*) sblist_item_from_index(l, item); + return NULL; +} + +int sblist_set(sblist* l, void* item, size_t pos) { + if(pos >= l->count) return 0; + memcpy(sblist_item_from_index(l, pos), item, l->itemsize); + return 1; +} + +int sblist_grow_if_needed(sblist* l) { + char* temp; + if(l->count == l->capa) { + temp = realloc(l->items, (l->capa + l->blockitems) * l->itemsize); + if(!temp) return 0; + l->capa += l->blockitems; + l->items = temp; + } + return 1; +} + +int sblist_add(sblist* l, void* item) { + if(!sblist_grow_if_needed(l)) return 0; + l->count++; + return sblist_set(l, item, l->count - 1); +} + +void sblist_delete(sblist* l, size_t item) { + if (l->count && item < l->count) { + memmove(sblist_item_from_index(l, item), sblist_item_from_index(l, item + 1), (sblist_getsize(l) - (item + 1)) * l->itemsize); + l->count--; + } +} diff --git a/src/sblist.h b/src/sblist.h new file mode 100644 index 0000000..02c33d7 --- /dev/null +++ b/src/sblist.h @@ -0,0 +1,92 @@ +#ifndef SBLIST_H +#define SBLIST_H + +/* this file is part of libulz, as of commit 8ab361a27743aaf025323ee43b8b8876dc054fdd + modified for direct inclusion in tinyproxy, and for this purpose released under + the license of tinyproxy. */ + + +#ifdef __cplusplus +extern "C" { +#endif + +#include <stddef.h> +/* + * simple buffer list. + * + * this thing here is basically a generic dynamic array + * will realloc after every blockitems inserts + * can store items of any size. + * + * so think of it as a by-value list, as opposed to a typical by-ref list. + * you typically use it by having some struct on the stack, and pass a pointer + * to sblist_add, which will copy the contents into its internal memory. + * + */ + +typedef struct { + size_t itemsize; + size_t blockitems; + size_t count; + size_t capa; + char* items; +} sblist; + +#define sblist_getsize(X) ((X)->count) +#define sblist_get_count(X) ((X)->count) +#define sblist_empty(X) ((X)->count == 0) + +/* for dynamic style */ +sblist* sblist_new(size_t itemsize, size_t blockitems); +void sblist_free(sblist* l); + +/*for static style*/ +void sblist_init(sblist* l, size_t itemsize, size_t blockitems); +void sblist_free_items(sblist* l); + +/* accessors */ +void* sblist_get(sblist* l, size_t item); +/* returns 1 on success, 0 on OOM */ +int sblist_add(sblist* l, void* item); +int sblist_set(sblist* l, void* item, size_t pos); +void sblist_delete(sblist* l, size_t item); +char* sblist_item_from_index(sblist* l, size_t idx); +int sblist_grow_if_needed(sblist* l); +int sblist_insert(sblist* l, void* item, size_t pos); +/* same as sblist_add, but returns list index of new item, or -1 */ +size_t sblist_addi(sblist* l, void* item); +void sblist_sort(sblist *l, int (*compar)(const void *, const void *)); +/* insert element into presorted list, returns listindex of new entry or -1*/ +size_t sblist_insert_sorted(sblist* l, void* o, int (*compar)(const void *, const void *)); + +#ifndef __COUNTER__ +#define __COUNTER__ __LINE__ +#endif + +#define __sblist_concat_impl( x, y ) x##y +#define __sblist_macro_concat( x, y ) __sblist_concat_impl( x, y ) +#define __sblist_iterator_name __sblist_macro_concat(sblist_iterator, __COUNTER__) + +/* use with custom iterator variable */ +#define sblist_iter_counter(LIST, ITER, PTR) \ + for(size_t ITER = 0; (PTR = sblist_get(LIST, ITER)), ITER < sblist_getsize(LIST); ITER++) + +/* use with custom iterator variable, which is predeclared */ +#define sblist_iter_counter2(LIST, ITER, PTR) \ + for(ITER = 0; (PTR = sblist_get(LIST, ITER)), ITER < sblist_getsize(LIST); ITER++) + +/* use with custom iterator variable, which is predeclared and signed */ +/* useful for a loop which can delete items from the list, and then decrease the iterator var. */ +#define sblist_iter_counter2s(LIST, ITER, PTR) \ + for(ITER = 0; (PTR = sblist_get(LIST, ITER)), ITER < (ssize_t) sblist_getsize(LIST); ITER++) + + +/* uses "magic" iterator variable */ +#define sblist_iter(LIST, PTR) sblist_iter_counter(LIST, __sblist_iterator_name, PTR) + +#ifdef __cplusplus +} +#endif + +#endif + @@ -33,6 +33,19 @@ #include "sock.h" #include "text.h" #include "conf.h" +#include "loop.h" +#include "sblist.h" + +/* + * Return a human readable error for getaddrinfo() and getnameinfo(). + */ +static const char * get_gai_error (int n) +{ + if (n == EAI_SYSTEM) + return strerror (errno); + else + return gai_strerror (n); +} /* * Bind the given socket to the supplied address. The socket is @@ -43,6 +56,7 @@ static int bind_socket (int sockfd, const char *addr, int family) { struct addrinfo hints, *res, *ressave; + int n; assert (sockfd >= 0); assert (addr != NULL && strlen (addr) != 0); @@ -51,9 +65,13 @@ bind_socket (int sockfd, const char *addr, int family) hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; - /* The local port it not important */ - if (getaddrinfo (addr, NULL, &hints, &res) != 0) + /* The local port is not important */ + n = getaddrinfo (addr, NULL, &hints, &res); + if (n != 0) { + log_message (LOG_INFO, + "bind_socket: getaddrinfo failed for %s: %s", addr, get_gai_error (n)); return -1; + } ressave = res; @@ -70,12 +88,32 @@ bind_socket (int sockfd, const char *addr, int family) return sockfd; } +/** + * Try binding the given socket to supplied addresses, stopping when one succeeds. + */ +static int +bind_socket_list (int sockfd, sblist *addresses, int family) +{ + size_t nb_addresses = sblist_getsize(addresses); + size_t i; + + for (i = 0; i < nb_addresses; i++) { + const char *address = *(const char **)sblist_get(addresses, i); + if (bind_socket(sockfd, address, family) >= 0) { + log_message(LOG_INFO, "Bound to %s", address); + return 0; + } + } + + return -1; +} + /* * Open a connection to a remote host. It's been re-written to use * the getaddrinfo() library function, which allows for a protocol * independent implementation (mostly for IPv4 and IPv6 addresses.) */ -int opensock (const char *host, int port, const char *bind_to) +int opensock (const char *host, int port, const char *bind_to, const char *bind_to_alt) { int sockfd, n; struct addrinfo hints, *res, *ressave; @@ -86,6 +124,10 @@ int opensock (const char *host, int port, const char *bind_to) log_message(LOG_INFO, "opensock: opening connection to %s:%d", host, port); + if (bind_to) { + log_message(LOG_INFO, + "opensock: bind to %s or %s", bind_to, bind_to_alt); + } memset (&hints, 0, sizeof (struct addrinfo)); hints.ai_family = AF_UNSPEC; @@ -96,7 +138,7 @@ int opensock (const char *host, int port, const char *bind_to) n = getaddrinfo (host, portstr, &hints, &res); if (n != 0) { log_message (LOG_ERR, - "opensock: Could not retrieve info for %s", host); + "opensock: Could not retrieve address info for %s:%d: %s", host, port, get_gai_error (n)); return -1; } @@ -113,20 +155,32 @@ int opensock (const char *host, int port, const char *bind_to) /* Bind to the specified address */ if (bind_to) { if (bind_socket (sockfd, bind_to, - res->ai_family) < 0) { + res->ai_family) < 0 && + (!bind_to_alt || + bind_socket (sockfd, bind_to_alt, + res->ai_family) < 0)) { close (sockfd); continue; /* can't bind, so try again */ } - } else if (config.bind_address) { - if (bind_socket (sockfd, config.bind_address, - res->ai_family) < 0) { + } else if (config->bind_addrs) { + if (bind_socket_list (sockfd, config->bind_addrs, + res->ai_family) < 0) { close (sockfd); continue; /* can't bind, so try again */ } } - if (connect (sockfd, res->ai_addr, res->ai_addrlen) == 0) + if (connect (sockfd, res->ai_addr, res->ai_addrlen) == 0) { + union sockaddr_union *p = (void*) res->ai_addr, u; + int af = res->ai_addr->sa_family; + unsigned dport = ntohs(af == AF_INET ? p->v4.sin_port : p->v6.sin6_port); + socklen_t slen = sizeof u; + if (dport == config->port) { + getsockname(sockfd, (void*)&u, &slen); + loop_records_add(&u); + } break; /* success */ + } close (sockfd); } while ((res = res->ai_next) != NULL); @@ -134,8 +188,9 @@ int opensock (const char *host, int port, const char *bind_to) freeaddrinfo (ressave); if (res == NULL) { log_message (LOG_ERR, - "opensock: Could not establish a connection to %s", - host); + "opensock: Could not establish a connection to %s:%d", + host, + port); return -1; } @@ -186,8 +241,7 @@ static int listen_on_one_socket(struct addrinfo *ad) ret = getnameinfo(ad->ai_addr, ad->ai_addrlen, numerichost, NI_MAXHOST, NULL, 0, flags); if (ret != 0) { - log_message(LOG_ERR, "error calling getnameinfo: %s", - gai_strerror(errno)); + log_message(LOG_ERR, "getnameinfo failed: %s", get_gai_error (ret)); return -1; } @@ -251,11 +305,12 @@ static int listen_on_one_socket(struct addrinfo *ad) * Upon success, the listen-fds are added to the listen_fds list * and 0 is returned. Upon error, -1 is returned. */ -int listen_sock (const char *addr, uint16_t port, vector_t listen_fds) +int listen_sock (const char *addr, uint16_t port, sblist* listen_fds) { struct addrinfo hints, *result, *rp; char portstr[6]; int ret = -1; + int n; assert (port > 0); assert (listen_fds != NULL); @@ -270,10 +325,13 @@ int listen_sock (const char *addr, uint16_t port, vector_t listen_fds) snprintf (portstr, sizeof (portstr), "%d", port); - if (getaddrinfo (addr, portstr, &hints, &result) != 0) { + n = getaddrinfo (addr, portstr, &hints, &result); + if (n != 0) { log_message (LOG_ERR, - "Unable to getaddrinfo() because of %s", - strerror (errno)); + "Unable to getaddrinfo() for %s:%d because of %s", + addr, + port, + get_gai_error (n)); return -1; } @@ -285,7 +343,7 @@ int listen_sock (const char *addr, uint16_t port, vector_t listen_fds) continue; } - vector_append (listen_fds, &listenfd, sizeof(int)); + sblist_add (listen_fds, &listenfd); /* success */ ret = 0; @@ -331,30 +389,34 @@ int getsock_ip (int fd, char *ipaddr) return 0; } -/* - * Return the peer's socket information. - */ -int getpeer_information (int fd, char *ipaddr, char *string_addr) +int getmapped_ipv4 (const char *ipv6mapped_conf, const char *ipaddr, char *ipaddr_mapped) { - struct sockaddr_storage sa; - socklen_t salen = sizeof sa; + struct in6_addr addr6; + struct in_addr addr; - assert (fd >= 0); - assert (ipaddr != NULL); - assert (string_addr != NULL); + memset(&addr6, 0, sizeof(addr6)); + if ( inet_pton(AF_INET6, ipaddr, &addr6) < 0 ) + return -1; - /* Set the strings to default values */ - ipaddr[0] = '\0'; - strlcpy (string_addr, "[unknown]", HOSTNAME_LENGTH); + memcpy(&addr, addr6.s6_addr + 12, sizeof(addr)); + return inet_ntop(AF_INET, &addr, ipaddr_mapped, IP_LENGTH) == NULL ? -1 : 0; +} - /* Look up the IP address */ - if (getpeername (fd, (struct sockaddr *) &sa, &salen) != 0) - return -1; +int getmapped_ipv6 (const char *ipv4mapped_conf, const char *ipaddr, char *ipaddr_mapped) +{ + memset(ipaddr_mapped, 0, IP_LENGTH); + strncpy(ipaddr_mapped, ipv4mapped_conf, IP_LENGTH-1); + strncat(ipaddr_mapped, ipaddr, IP_LENGTH-1-strlen(ipaddr_mapped)); + return 0; +} - if (get_ip_string ((struct sockaddr *) &sa, ipaddr, IP_LENGTH) == NULL) - return -1; - /* Get the full host name */ - return getnameinfo ((struct sockaddr *) &sa, salen, - string_addr, HOSTNAME_LENGTH, NULL, 0, 0); +/* + * Return the peer's socket information. + */ +void getpeer_information (union sockaddr_union* addr, char *ipaddr, size_t ipaddr_len) +{ + int af = addr->v4.sin_family; + void *ipdata = af == AF_INET ? (void*)&addr->v4.sin_addr : (void*)&addr->v6.sin6_addr; + inet_ntop(af, ipdata, ipaddr, ipaddr_len); } @@ -28,15 +28,37 @@ #define MAXLINE (1024 * 4) -#include "vector.h" +#include "common.h" +#include "sblist.h" -extern int opensock (const char *host, int port, const char *bind_to); -extern int listen_sock (const char *addr, uint16_t port, vector_t listen_fds); +#define SOCKADDR_UNION_AF(PTR) (PTR)->v4.sin_family + +#define SOCKADDR_UNION_LENGTH(PTR) ( \ + ( SOCKADDR_UNION_AF(PTR) == AF_INET ) ? sizeof((PTR)->v4) : ( \ + ( SOCKADDR_UNION_AF(PTR) == AF_INET6 ) ? sizeof((PTR)->v6) : 0 ) ) + +#define SOCKADDR_UNION_ADDRESS(PTR) ( \ + ( SOCKADDR_UNION_AF(PTR) == AF_INET ) ? (void*) &(PTR)->v4.sin_addr : ( \ + ( SOCKADDR_UNION_AF(PTR) == AF_INET6 ) ? (void*) &(PTR)->v6.sin6_addr : (void*) 0 ) ) + +#define SOCKADDR_UNION_PORT(PTR) ( \ + ( SOCKADDR_UNION_AF(PTR) == AF_INET ) ? (PTR)->v4.sin_port : ( \ + ( SOCKADDR_UNION_AF(PTR) == AF_INET6 ) ? (PTR)->v6.sin6_port : 0 ) ) + +union sockaddr_union { + struct sockaddr_in v4; + struct sockaddr_in6 v6; +}; + +extern int opensock (const char *host, int port, const char *bind_to, const char *bind_to_alt); +extern int listen_sock (const char *addr, uint16_t port, sblist* listen_fds); extern int socket_nonblocking (int sock); extern int socket_blocking (int sock); extern int getsock_ip (int fd, char *ipaddr); -extern int getpeer_information (int fd, char *ipaddr, char *string_addr); +extern int getmapped_ipv6 (const char *ipv4mapped_conf, const char *ipaddr, char *ipaddr_mapped); +extern int getmapped_ipv4 (const char *ipv6mapped_conf, const char *ipaddr, char *ipaddr_mapped); +extern void getpeer_information (union sockaddr_union *addr, char *ipaddr, size_t ipaddr_len); #endif diff --git a/src/stats.c b/src/stats.c index c7b4423..dfe054c 100644 --- a/src/stats.c +++ b/src/stats.c @@ -33,6 +33,7 @@ #include "stats.h" #include "utils.h" #include "conf.h" +#include <pthread.h> struct stat_s { unsigned long int num_reqs; @@ -42,18 +43,16 @@ struct stat_s { unsigned long int num_denied; }; -static struct stat_s *stats; +static struct stat_s stats_buf, *stats; +static pthread_mutex_t stats_update_lock = PTHREAD_MUTEX_INITIALIZER; +static pthread_mutex_t stats_file_lock = PTHREAD_MUTEX_INITIALIZER; /* * Initialize the statistics information to zero. */ void init_stats (void) { - stats = (struct stat_s *) malloc_shared_memory (sizeof (struct stat_s)); - if (stats == MAP_FAILED) - return; - - memset (stats, 0, sizeof (struct stat_s)); + stats = &stats_buf; } /* @@ -72,10 +71,15 @@ showstats (struct conn_s *connptr) snprintf (denied, sizeof (denied), "%lu", stats->num_denied); snprintf (refused, sizeof (refused), "%lu", stats->num_refused); - if (!config.statpage || (!(statfile = fopen (config.statpage, "r")))) { + pthread_mutex_lock(&stats_file_lock); + + if (!config->statpage || (!(statfile = fopen (config->statpage, "r")))) { message_buffer = (char *) safemalloc (MAXBUFFSIZE); - if (!message_buffer) + if (!message_buffer) { +err_minus_one: + pthread_mutex_unlock(&stats_file_lock); return -1; + } snprintf (message_buffer, MAXBUFFSIZE, @@ -105,13 +109,13 @@ showstats (struct conn_s *connptr) if (send_http_message (connptr, 200, "OK", message_buffer) < 0) { safefree (message_buffer); - return -1; + goto err_minus_one; } safefree (message_buffer); + pthread_mutex_unlock(&stats_file_lock); return 0; } - add_error_variable (connptr, "opens", opens); add_error_variable (connptr, "reqs", reqs); add_error_variable (connptr, "badconns", badconns); @@ -121,6 +125,7 @@ showstats (struct conn_s *connptr) send_http_headers (connptr, 200, "Statistic requested"); send_html_file (statfile, connptr); fclose (statfile); + pthread_mutex_unlock(&stats_file_lock); return 0; } @@ -131,6 +136,9 @@ showstats (struct conn_s *connptr) */ int update_stats (status_t update_level) { + int ret = 0; + + pthread_mutex_lock(&stats_update_lock); switch (update_level) { case STAT_BADCONN: ++stats->num_badcons; @@ -149,8 +157,9 @@ int update_stats (status_t update_level) ++stats->num_denied; break; default: - return -1; + ret = -1; } + pthread_mutex_unlock(&stats_update_lock); - return 0; + return ret; } diff --git a/src/transparent-proxy.c b/src/transparent-proxy.c index df5fbce..d090ae3 100644 --- a/src/transparent-proxy.c +++ b/src/transparent-proxy.c @@ -53,22 +53,27 @@ static int build_url (char **url, const char *host, int port, const char *path) } int -do_transparent_proxy (struct conn_s *connptr, hashmap_t hashofheaders, +do_transparent_proxy (struct conn_s *connptr, orderedmap hashofheaders, struct request_s *request, struct config_s *conf, char **url) { socklen_t length; char *data; size_t ulen = strlen (*url); - ssize_t i; + size_t i; - length = hashmap_entry_by_key (hashofheaders, "host", (void **) &data); - if (length <= 0) { - struct sockaddr_in dest_addr; + data = orderedmap_find (hashofheaders, "host"); + if (!data) { + union sockaddr_union dest_addr; + const void *dest_inaddr; + char namebuf[INET6_ADDRSTRLEN+1]; + int af; + length = sizeof(dest_addr); if (getsockname - (connptr->client_fd, (struct sockaddr *) &dest_addr, - &length) < 0) { + (connptr->client_fd, (void *) &dest_addr, + &length) < 0 || length > sizeof(dest_addr)) { + addr_err:; log_message (LOG_ERR, "process_request: cannot get destination IP for %d", connptr->client_fd); @@ -78,10 +83,14 @@ do_transparent_proxy (struct conn_s *connptr, hashmap_t hashofheaders, return 0; } - request->host = (char *) safemalloc (17); - strlcpy (request->host, inet_ntoa (dest_addr.sin_addr), 17); + af = SOCKADDR_UNION_AF(&dest_addr); + dest_inaddr = SOCKADDR_UNION_ADDRESS(&dest_addr); - request->port = ntohs (dest_addr.sin_port); + if (!inet_ntop(af, dest_inaddr, namebuf, sizeof namebuf)) + goto addr_err; + + request->host = safestrdup (namebuf); + request->port = ntohs (SOCKADDR_UNION_PORT(&dest_addr)); request->path = (char *) safemalloc (ulen + 1); strlcpy (request->path, *url, ulen + 1); @@ -91,6 +100,7 @@ do_transparent_proxy (struct conn_s *connptr, hashmap_t hashofheaders, "process_request: trans IP %s %s for %d", request->method, *url, connptr->client_fd); } else { + length = strlen (data); request->host = (char *) safemalloc (length + 1); if (sscanf (data, "%[^:]:%hu", request->host, &request->port) != 2) { @@ -111,12 +121,12 @@ do_transparent_proxy (struct conn_s *connptr, hashmap_t hashofheaders, return 1; } - for (i = 0; i < vector_length(conf->listen_addrs); i++) { - const char *addr; + for (i = 0; i < sblist_getsize(conf->listen_addrs); i++) { + char **addr; - addr = (char *)vector_getentry(conf->listen_addrs, i, NULL); + addr = sblist_get(conf->listen_addrs, i); - if (addr && strcmp(request->host, addr) == 0) { + if (addr && *addr && strcmp(request->host, *addr) == 0) { log_message(LOG_ERR, "transparent: destination IP %s is local " "on socket fd %d", diff --git a/src/transparent-proxy.h b/src/transparent-proxy.h index 4fc3a4d..b56c446 100644 --- a/src/transparent-proxy.h +++ b/src/transparent-proxy.h @@ -26,11 +26,11 @@ #ifdef TRANSPARENT_PROXY #include "conns.h" -#include "hashmap.h" +#include "orderedmap.h" #include "reqs.h" extern int do_transparent_proxy (struct conn_s *connptr, - hashmap_t hashofheaders, + orderedmap hashofheaders, struct request_s *request, struct config_s *config, char **url); diff --git a/src/upstream.c b/src/upstream.c index 327b727..c8fee22 100644 --- a/src/upstream.c +++ b/src/upstream.c @@ -43,20 +43,34 @@ proxy_type_name(proxy_type type) } } + +const char* upstream_build_error_string(enum upstream_build_error ube) { + static const char *emap[] = { + [UBE_SUCCESS] = "", + [UBE_OOM] = "Unable to allocate memory in upstream_build()", + [UBE_USERLEN] = "User / pass in upstream config too long", + [UBE_EDOMAIN] = "Nonsense upstream none rule: empty domain", + [UBE_INVHOST] = "Nonsense upstream rule: invalid host or port", + [UBE_INVPARAMS] = "Nonsense upstream rule: invalid parameters", + [UBE_NETMASK] = "Nonsense upstream rule: failed to parse netmask", + }; + return emap[ube]; +} + /** * Construct an upstream struct from input data. */ static struct upstream *upstream_build (const char *host, int port, const char *domain, const char *user, const char *pass, - proxy_type type) + proxy_type type, enum upstream_build_error *ube) { char *ptr; struct upstream *up; + *ube = UBE_SUCCESS; up = (struct upstream *) safemalloc (sizeof (struct upstream)); if (!up) { - log_message (LOG_ERR, - "Unable to allocate memory in upstream_build()"); + *ube = UBE_OOM; return NULL; } @@ -69,8 +83,7 @@ static struct upstream *upstream_build (const char *host, int port, const char * ssize_t ret; ret = basicauth_string(user, pass, b, sizeof b); if (ret == 0) { - log_message (LOG_ERR, - "User / pass in upstream config too long"); + *ube = UBE_USERLEN; return NULL; } up->ua.authstr = safestrdup (b); @@ -81,9 +94,13 @@ static struct upstream *upstream_build (const char *host, int port, const char * } if (domain == NULL) { - if (!host || host[0] == '\0' || port < 1) { - log_message (LOG_WARNING, - "Nonsense upstream rule: invalid host or port"); + if (type == PT_NONE) { + e_nonedomain:; + *ube = UBE_EDOMAIN; + goto fail; + } + if (!host || !host[0] || port < 1) { + *ube = UBE_INVHOST; goto fail; } @@ -92,11 +109,16 @@ static struct upstream *upstream_build (const char *host, int port, const char * log_message (LOG_INFO, "Added upstream %s %s:%d for [default]", proxy_type_name(type), host, port); - } else if (host == NULL || type == PT_NONE) { - if (!domain || domain[0] == '\0') { - log_message (LOG_WARNING, - "Nonsense no-upstream rule: empty domain"); - goto fail; + } else { + if (type == PT_NONE) { + if (!domain[0]) goto e_nonedomain; + } else { + if (!host || !host[0] || !domain[0]) { + *ube = UBE_INVPARAMS; + goto fail; + } + up->host = safestrdup (host); + up->port = port; } ptr = strchr (domain, '/'); @@ -116,26 +138,20 @@ static struct upstream *upstream_build (const char *host, int port, const char * up->mask = ~((1 << (32 - atoi (ptr))) - 1); } + up->ip = up->ip & up->mask; + } else { + *ube = UBE_NETMASK; + goto fail; } } else { up->domain = safestrdup (domain); } - log_message (LOG_INFO, "Added no-upstream for %s", domain); - } else { - if (!host || host[0] == '\0' || port < 1 || !domain - || domain[0] == '\0') { - log_message (LOG_WARNING, - "Nonsense upstream rule: invalid parameters"); - goto fail; - } - - up->host = safestrdup (host); - up->port = port; - up->domain = safestrdup (domain); - - log_message (LOG_INFO, "Added upstream %s %s:%d for %s", - proxy_type_name(type), host, port, domain); + if (type == PT_NONE) + log_message (LOG_INFO, "Added upstream none for %s", domain); + else + log_message (LOG_INFO, "Added upstream %s %s:%d for %s", + proxy_type_name(type), host, port, domain); } return up; @@ -153,15 +169,17 @@ fail: /* * Add an entry to the upstream list */ -void upstream_add (const char *host, int port, const char *domain, +enum upstream_build_error upstream_add ( + const char *host, int port, const char *domain, const char *user, const char *pass, proxy_type type, struct upstream **upstream_list) { struct upstream *up; + enum upstream_build_error ube; - up = upstream_build (host, port, domain, user, pass, type); + up = upstream_build (host, port, domain, user, pass, type, &ube); if (up == NULL) { - return; + return ube; } if (!up->domain && !up->ip) { /* always add default to end */ @@ -177,7 +195,7 @@ void upstream_add (const char *host, int port, const char *domain, if (!tmp->next) { up->next = NULL; tmp->next = up; - return; + return ube; } tmp = tmp->next; @@ -187,14 +205,14 @@ void upstream_add (const char *host, int port, const char *domain, up->next = *upstream_list; *upstream_list = up; - return; + return ube; upstream_cleanup: safefree (up->host); safefree (up->domain); safefree (up); - return; + return ube; } /* @@ -234,7 +252,7 @@ struct upstream *upstream_get (char *host, struct upstream *up) up = up->next; } - if (up && (!up->host || !up->port)) + if (up && (!up->host)) up = NULL; if (up) diff --git a/src/upstream.h b/src/upstream.h index c112784..a611807 100644 --- a/src/upstream.h +++ b/src/upstream.h @@ -27,6 +27,16 @@ #include "common.h" +enum upstream_build_error { + UBE_SUCCESS = 0, + UBE_OOM, + UBE_USERLEN, + UBE_EDOMAIN, + UBE_INVHOST, + UBE_INVPARAMS, + UBE_NETMASK, +}; + /* * Even if upstream support is not compiled into tinyproxy, this * structure still needs to be defined. @@ -54,11 +64,13 @@ struct upstream { #ifdef UPSTREAM_SUPPORT const char *proxy_type_name(proxy_type type); -extern void upstream_add (const char *host, int port, const char *domain, +extern enum upstream_build_error upstream_add ( + const char *host, int port, const char *domain, const char *user, const char *pass, proxy_type type, struct upstream **upstream_list); extern struct upstream *upstream_get (char *host, struct upstream *up); extern void free_upstream_list (struct upstream *up); +extern const char* upstream_build_error_string(enum upstream_build_error); #endif /* UPSTREAM_SUPPORT */ #endif /* _TINYPROXY_UPSTREAM_H_ */ diff --git a/src/vector.c b/src/vector.c deleted file mode 100644 index cf9fc75..0000000 --- a/src/vector.c +++ /dev/null @@ -1,214 +0,0 @@ -/* tinyproxy - A fast light-weight HTTP proxy - * Copyright (C) 2002 Robert James Kaes <rjkaes@users.sourceforge.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -/* A vector implementation. The vector can be of an arbitrary length, and - * the data for each entry is an lump of data (the size is stored in the - * vector.) - */ - -#include "main.h" - -#include "heap.h" -#include "vector.h" - -/* - * These structures are the storage for the "vector". Entries are - * stored in struct vectorentry_s (the data and the length), and the - * "vector" structure is implemented as a linked-list. The struct - * vector_s stores a pointer to the first vector (vector[0]) and a - * count of the number of entries (or how long the vector is.) - */ -struct vectorentry_s { - void *data; - size_t len; - - struct vectorentry_s *next; -}; - -struct vector_s { - size_t num_entries; - struct vectorentry_s *head; - struct vectorentry_s *tail; -}; - -/* - * Create an vector. The vector initially has no elements and no - * storage has been allocated for the entries. - * - * A NULL is returned if memory could not be allocated for the - * vector. - */ -vector_t vector_create (void) -{ - vector_t vector; - - vector = (vector_t) safemalloc (sizeof (struct vector_s)); - if (!vector) - return NULL; - - vector->num_entries = 0; - vector->head = vector->tail = NULL; - - return vector; -} - -/* - * Deletes an vector. All the entries when this function is run. - * - * Returns: 0 on success - * negative if a NULL vector is supplied - */ -int vector_delete (vector_t vector) -{ - struct vectorentry_s *ptr, *next; - - if (!vector) - return -EINVAL; - - ptr = vector->head; - while (ptr) { - next = ptr->next; - safefree (ptr->data); - safefree (ptr); - - ptr = next; - } - - safefree (vector); - - return 0; -} - -/* - * Appends an entry into the vector. The entry is an arbitrary - * collection of bytes of _len_ octets. The data is copied into the - * vector, so the original data must be freed to avoid a memory leak. - * The "data" must be non-NULL and the "len" must be greater than zero. - * "pos" is either 0 to prepend the data, or 1 to append the data. - * - * Returns: 0 on success - * negative number if there are errors - */ - -typedef enum { - INSERT_PREPEND, - INSERT_APPEND -} vector_pos_t; - -static int -vector_insert (vector_t vector, - void *data, - size_t len, - vector_pos_t pos) -{ - struct vectorentry_s *entry; - - if (!vector || !data || len <= 0 || - (pos != INSERT_PREPEND && pos != INSERT_APPEND)) - return -EINVAL; - - entry = - (struct vectorentry_s *) safemalloc (sizeof (struct vectorentry_s)); - if (!entry) - return -ENOMEM; - - entry->data = safemalloc (len); - if (!entry->data) { - safefree (entry); - return -ENOMEM; - } - - memcpy (entry->data, data, len); - entry->len = len; - entry->next = NULL; - - /* If there is no head or tail, create them */ - if (!vector->head && !vector->tail) - vector->head = vector->tail = entry; - else if (pos == INSERT_PREPEND) { - /* prepend the entry */ - entry->next = vector->head; - vector->head = entry; - } else { - /* append the entry */ - vector->tail->next = entry; - vector->tail = entry; - } - - vector->num_entries++; - - return 0; -} - -/* - * The following two function are used to make the API clearer. As you - * can see they simply call the vector_insert() function with appropriate - * arguments. - */ -int vector_append (vector_t vector, void *data, size_t len) -{ - return vector_insert (vector, data, len, INSERT_APPEND); -} - -int vector_prepend (vector_t vector, void *data, size_t len) -{ - return vector_insert (vector, data, len, INSERT_PREPEND); -} - -/* - * A pointer to the data at position "pos" (zero based) is returned. - * If the vector is out of bound, data is set to NULL. - * - * Returns: negative upon an error - * length of data if position is valid - */ -void *vector_getentry (vector_t vector, size_t pos, size_t * size) -{ - struct vectorentry_s *ptr; - size_t loc; - - if (!vector || pos >= vector->num_entries) - return NULL; - - loc = 0; - ptr = vector->head; - - while (loc != pos) { - ptr = ptr->next; - loc++; - } - - if (size) - *size = ptr->len; - - return ptr->data; -} - -/* - * Returns the number of entries (or the length) of the vector. - * - * Returns: negative if vector is not valid - * positive length of vector otherwise - */ -ssize_t vector_length (vector_t vector) -{ - if (!vector) - return -EINVAL; - - return vector->num_entries; -} diff --git a/src/vector.h b/src/vector.h deleted file mode 100644 index ef8f953..0000000 --- a/src/vector.h +++ /dev/null @@ -1,75 +0,0 @@ -/* tinyproxy - A fast light-weight HTTP proxy - * Copyright (C) 2002 Robert James Kaes <rjkaes@users.sourceforge.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -/* See 'vector.c' for detailed information. */ - -#ifndef _VECTOR_H -#define _VECTOR_H - -/* - * We're using a typedef here to "hide" the implementation details of the - * vector. Sure, it's a pointer, but the struct is hidden in the C file. - * So, just use the vector_t like it's a cookie. :) - */ -typedef struct vector_s *vector_t; - -/* - * vector_create() takes no arguments. - * vector_delete() is self explanatory. - */ -extern vector_t vector_create (void); -extern int vector_delete (vector_t vector); - -/* - * When you insert a piece of data into the vector, the data will be - * duplicated, so you must free your copy if it was created on the heap. - * The data must be non-NULL and the length must be greater than zero. - * - * Returns: negative on error - * 0 upon successful insert. - */ -extern int vector_append (vector_t vector, void *data, size_t len); -extern int vector_prepend (vector_t vector, void *data, size_t len); - -/* - * A pointer to the data at position "pos" (zero based) is returned and the - * size pointer contains the length of the data stored. - * - * The pointer points to the actual data in the vector, so you have - * the power to modify the data, but do it responsibly since the - * library doesn't take any steps to prevent you from messing up the - * vector. (A better rule is, don't modify the data since you'll - * likely mess up the "length" parameter of the data.) However, DON'T - * try to realloc or free the data; doing so will break the vector. - * - * If "size" is NULL the size of the data is not returned. - * - * Returns: NULL on error - * valid pointer to data - */ -extern void *vector_getentry (vector_t vector, size_t pos, size_t * size); - -/* - * Returns the number of enteries (or the length) of the vector. - * - * Returns: negative if vector is not valid - * positive length of vector otherwise - */ -extern ssize_t vector_length (vector_t vector); - -#endif /* _VECTOR_H */ diff --git a/tests/scripts/run_tests.sh b/tests/scripts/run_tests.sh index dd95400..eb1d3c4 100755 --- a/tests/scripts/run_tests.sh +++ b/tests/scripts/run_tests.sh @@ -30,6 +30,7 @@ TINYPROXY_USER=$(id -un) TINYPROXY_PID_DIR=$TESTENV_DIR/var/run/tinyproxy TINYPROXY_PID_FILE=$TINYPROXY_PID_DIR/tinyproxy.pid TINYPROXY_LOG_DIR=$LOG_DIR/tinyproxy +TINYPROXY_LOG_FILE=$TINYPROXY_LOG_DIR/tinyproxy.log TINYPROXY_DATA_DIR=$TESTENV_DIR/usr/share/tinyproxy TINYPROXY_CONF_DIR=$TESTENV_DIR/etc/tinyproxy TINYPROXY_CONF_FILE=$TINYPROXY_CONF_DIR/tinyproxy.conf @@ -79,26 +80,30 @@ Listen $TINYPROXY_IP Timeout 600 StatHost "$TINYPROXY_STATHOST_IP" DefaultErrorFile "$TINYPROXY_DATA_DIR/debug.html" +ErrorFile 400 "$TINYPROXY_DATA_DIR/debug.html" +ErrorFile 403 "$TINYPROXY_DATA_DIR/debug.html" +ErrorFile 501 "$TINYPROXY_DATA_DIR/debug.html" StatFile "$TINYPROXY_DATA_DIR/stats.html" -Logfile "$TINYPROXY_LOG_DIR/tinyproxy.log" +Logfile "$TINYPROXY_LOG_FILE" PidFile "$TINYPROXY_PID_FILE" LogLevel Info MaxClients 100 -MinSpareServers 5 -MaxSpareServers 20 -StartServers 10 -MaxRequestsPerChild 0 Allow 127.0.0.0/8 ViaProxyName "tinyproxy" #DisableViaHeader Yes ConnectPort 443 ConnectPort 563 -FilterURLs On +#FilterURLs On Filter "$TINYPROXY_FILTER_FILE" XTinyproxy Yes +AddHeader "X-My-Header1" "Powered by Tinyproxy" +AddHeader "X-My-Header2" "Powered by Tinyproxy" +AddHeader "X-My-Header3" "Powered by Tinyproxy" EOF - touch $TINYPROXY_FILTER_FILE +cat << 'EOF' > $TINYPROXY_FILTER_FILE +.*\.google-analytics\.com$ +EOF } start_tinyproxy() { @@ -107,13 +112,26 @@ start_tinyproxy() { echo " done (listening on $TINYPROXY_IP:$TINYPROXY_PORT)" } +reload_config() { + echo -n "signaling tinyproxy to reload config..." + pid=$(cat $TINYPROXY_PID_FILE) + #1: SIGHUP + kill -1 $pid && echo "ok" || echo "fail" +} + stop_tinyproxy() { echo -n "killing tinyproxy..." - kill $(cat $TINYPROXY_PID_FILE) + pid=$(cat $TINYPROXY_PID_FILE) + kill $pid if test "x$?" = "x0" ; then echo " ok" else - echo " error" + echo " error killing pid $pid" + ps aux | grep tinyproxy + echo "### printing logfile" + cat $TINYPROXY_LOG_FILE + echo "### printing stderr logfile" + cat $TINYPROXY_STDERR_LOG fi } @@ -154,7 +172,7 @@ wait_for_some_seconds() { } run_basic_webclient_request() { - $WEBCLIENT_BIN $1 $2 >> $WEBCLIENT_LOG 2>&1 + $WEBCLIENT_BIN $1 $2 > $WEBCLIENT_LOG 2>&1 WEBCLIENT_EXIT_CODE=$? if test "x$WEBCLIENT_EXIT_CODE" = "x0" ; then echo " ok" @@ -162,11 +180,31 @@ run_basic_webclient_request() { echo "ERROR ($WEBCLIENT_EXIT_CODE)" echo "webclient output:" cat $WEBCLIENT_LOG + echo "######################################" fi return $WEBCLIENT_EXIT_CODE } +run_failure_webclient_request() { + ec=$1 + expected_error=$(($1 - 399)) + shift + $WEBCLIENT_BIN "$1" "$2" "$3" "$4" > $WEBCLIENT_LOG 2>&1 + WEBCLIENT_EXIT_CODE=$? + if test "x$WEBCLIENT_EXIT_CODE" = "x$expected_error" ; then + echo " ok, got expected error code $ec" + return 0 + else + echo "ERROR ($WEBCLIENT_EXIT_CODE)" + echo "webclient output:" + cat $WEBCLIENT_LOG + echo "######################################" + fi + + return 1 +} + # "main" provision_initial @@ -176,10 +214,11 @@ provision_webserver start_webserver start_tinyproxy -wait_for_some_seconds 3 +wait_for_some_seconds 1 FAILED=0 +basic_test() { echo -n "checking direct connection to web server..." run_basic_webclient_request "$WEBSERVER_IP:$WEBSERVER_PORT" / test "x$?" = "x0" || FAILED=$((FAILED + 1)) @@ -191,6 +230,26 @@ test "x$?" = "x0" || FAILED=$((FAILED + 1)) echo -n "requesting statspage via stathost url..." run_basic_webclient_request "$TINYPROXY_IP:$TINYPROXY_PORT" "http://$TINYPROXY_STATHOST_IP" test "x$?" = "x0" || FAILED=$((FAILED + 1)) +} + +ext_test() { +echo -n "checking bogus request..." +run_failure_webclient_request 400 --method="BIG FART" "$TINYPROXY_IP:$TINYPROXY_PORT" "http://$WEBSERVER_IP:$WEBSERVER_PORT" +test "x$?" = "x0" || FAILED=$((FAILED + 1)) + +echo -n "testing connection to filtered domain..." +run_failure_webclient_request 403 "$TINYPROXY_IP:$TINYPROXY_PORT" "http://badgoy.google-analytics.com/" +test "x$?" = "x0" || FAILED=$((FAILED + 1)) + +echo -n "requesting connect method to denied port..." +run_failure_webclient_request 403 --method=CONNECT "$TINYPROXY_IP:$TINYPROXY_PORT" "localhost:12345" +test "x$?" = "x0" || FAILED=$((FAILED + 1)) +} + +basic_test +reload_config +basic_test +ext_test echo "$FAILED errors" diff --git a/tests/scripts/run_tests_valgrind.sh b/tests/scripts/run_tests_valgrind.sh index b93371f..72b2115 100755 --- a/tests/scripts/run_tests_valgrind.sh +++ b/tests/scripts/run_tests_valgrind.sh @@ -24,5 +24,5 @@ TESTS_DIR=$SCRIPTS_DIR/.. TESTENV_DIR=$TESTS_DIR/env LOG_DIR=$TESTENV_DIR/var/log -VALGRIND="valgrind -q --tool=memcheck --leak-check=full --log-file=$LOG_DIR/valgrind.log" $SCRIPTS_DIR/run_tests.sh +VALGRIND="valgrind --track-origins=yes --show-leak-kinds=all --tool=memcheck --leak-check=full --log-file=$LOG_DIR/valgrind.log" $SCRIPTS_DIR/run_tests.sh diff --git a/tests/scripts/webclient.pl b/tests/scripts/webclient.pl index 25c0fb7..4dddb69 100755 --- a/tests/scripts/webclient.pl +++ b/tests/scripts/webclient.pl @@ -122,11 +122,16 @@ foreach my $document (@ARGV) { print $remote $request; + $_ = <$remote>; + print; # /* HTTP/1.0 400 Bad Request */ + my($errn) = ($_ =~ /HTTP\/\d\.\d (\d{3})/); + while (<$remote>) { print; } close $remote; + exit($errn - 399) if($errn > 399); } exit(0); |