Reworked squidGuard fd's to use popen()

jeroennijhof · Apr 16, 2015 · ca5530e · ca5530e
1 parent 22e7125
commit ca5530e
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 86 deletions.
diff --git a/openufp.c b/openufp.c
@@ -190,10 +190,6 @@ int main(int argc, char**argv) {
                 int denied = 0;
                 char msg[REQ_SIZE];
                 struct uf_request request;
-                FILE *sg_fd[2];
-
-                if (squidguard)
-                    squidguard_getfd(sg_fd);
 
                 DB *cachedb = NULL;
                 if (cache_exp_secs > 0)
@@ -210,8 +206,6 @@ int main(int argc, char**argv) {
                     msgsize = recvfrom(cli_fd, msg, REQ_SIZE, 0, (struct sockaddr *)&cli_addr, &cli_size);
                     if (msgsize < 1) {
                         syslog(LOG_WARNING, "connection closed by client.");
-                        if (squidguard)
-                            squidguard_closefd(sg_fd);
                         close_cache(cachedb, debug);
                         close(cli_fd);
                         exit(1);
@@ -236,8 +230,6 @@ int main(int argc, char**argv) {
                     }
                     if (request.type == UNKNOWN) {
                         syslog(LOG_WARNING, "request type not known, closing connecion.");
-                        if (squidguard)
-                            squidguard_closefd(sg_fd);
                         close_cache(cachedb, debug);
                         close(cli_fd);
                         exit(1);
@@ -286,7 +278,7 @@ int main(int argc, char**argv) {
 
                         // parse url to squidguard
                         if (!cached && !denied && squidguard) {
-                            denied = squidguard_backend(sg_fd, request.srcip, request.usr, request.url, sg_redirect, debug);
+                            denied = squidguard_backend(request.srcip, request.usr, request.url, sg_redirect, debug);
                         }
 
                         if (denied) {
@@ -320,8 +312,6 @@ int main(int argc, char**argv) {
                         denied = 0;
                     }
                 }
-                if (squidguard)
-                    squidguard_closefd(sg_fd);
                 close_cache(cachedb, debug);
             }
             close(cli_fd);

diff --git a/squidguard.c b/squidguard.c
@@ -8,66 +8,9 @@
 
 #include "openufp.h"
 
-int squidguard_getfd(FILE *sg_fd[2]) {
-    int outfd[2];
-    int infd[2];
+int squidguard_backend(char srcip[16], char srcusr[URL_SIZE], char url[URL_SIZE], char *sg_redirect, int debug) {
 
-    int oldstdin, oldstdout;
-
-    if (pipe(outfd) == -1) {
-        syslog(LOG_WARNING, "squidguard: pipe failed.");
-        return -1;
-    }
-    if (pipe(infd) == -1) {
-        syslog(LOG_WARNING, "squidguard: pipe failed.");
-        return -1;
-    }
-
-    oldstdin = dup(0);
-    oldstdout = dup(1);
-
-    close(0);
-    close(1);
-
-    dup2(outfd[0], 0);
-    dup2(infd[1], 1);
-
-    if (!fork()) {
-        char *argv[] = { "/usr/bin/squidGuard", 0 };
-
-        close(outfd[0]);
-        close(outfd[1]);
-        close(infd[0]);
-        close(infd[1]);
-        close(2);
-
-        if (execv(argv[0], argv) == -1) {
-            syslog(LOG_WARNING, "squidguard: failed executing /usr/bin/squidGuard.");
-            return -1;
-        }
-    } else {
-        close(0);
-        close(1);
-        dup2(oldstdin, 0);
-        dup2(oldstdout, 1);
-
-        close(outfd[0]);
-        close(infd[1]);
-
-        sg_fd[0] = fdopen(infd[0], "r");
-        sg_fd[1] = fdopen(outfd[1], "w");
-        return 0;
-    }
-    return 0;
-}
-
-int squidguard_closefd(FILE *sg_fd[2]) {
-    fclose(sg_fd[0]);
-    fclose(sg_fd[1]);
-    return 0;
-}
-
-int squidguard_backend(FILE *sg_fd[2], char srcip[16], char srcusr[URL_SIZE], char url[URL_SIZE], char *sg_redirect, int debug) {
+    FILE *sg_fd;
     char redirect_url[URL_SIZE];
 
     //Check user; if empty, use ip only:
@@ -83,33 +26,48 @@ int squidguard_backend(FILE *sg_fd[2], char srcip[16], char srcusr[URL_SIZE], ch
         syslog(LOG_INFO, "squidguard: url check using ip and user: ip: %s user: %s for url %s", srcip, srcusr, url);
     }
 
-    if (sg_fd[1] == NULL) {
-        syslog(LOG_WARNING, "squidguard: could not open fd for input.");
-        return 0;
-    }
+    //Updated fd management to popen():
+    char cmd[URL_SIZE];
 
-    fprintf(sg_fd[1], "%s %s/ %s - GET\n", url, srcip, srcusr);
-    fflush(sg_fd[1]);
+    snprintf(cmd, URL_SIZE, "echo '%s %s/ - - GET' | /usr/bin/squidGuard", url, srcip);
+    sg_fd = popen(cmd, "r");
 
-    if (sg_fd[0] == NULL) {
-        syslog(LOG_WARNING, "squidguard: could not open fd for output.");
-        return 0;
+    if (sg_fd == NULL)
+    {
+        syslog(LOG_WARNING, "squidguard: couldn't popen() for output. Verify squidGuard: /usr/bin/squidGuard");
+	return 0;
     }
-    while (fgets(redirect_url, URL_SIZE, sg_fd[0]) != NULL) {
-        if (strlen(redirect_url) > 2) {
+
+    while (fgets(redirect_url, URL_SIZE, sg_fd) != NULL)
+    {
+        int rl = 0;
+        rl = strlen(redirect_url);
+
+        if (debug > 2)
+        {
+            syslog(LOG_INFO, "squidguard: redirect_url length: %d, post fgets: %s", rl, redirect_url );
+        }
+
+        if (rl > 2)
+        {
             char *parse;
-            parse = strtok (redirect_url, " ");
+            parse = strtok (redirect_url, " \t");
             strcpy(sg_redirect, parse);
 
             if (debug > 0)
-                syslog(LOG_INFO, "squidguard: url blocked. parsed_red: %s -- sg_redirectURL: %s", parse, sg_redirect );
+                syslog(LOG_INFO, "squidguard: url blocked. parsed_redirect: %s, sg_redirectURL: %s", parse, sg_redirect );
 
+	    pclose(sg_fd);
             return 1;
         }
         if (debug > 0)
             syslog(LOG_INFO, "squidguard: url accepted.");
+
+	pclose(sg_fd);
         return 0;
+
     }
+    pclose(sg_fd);
     return 0;
 }
 
diff --git a/squidguard.h b/squidguard.h
@@ -6,6 +6,5 @@
  * squidguard.h: squidguard backend
  */
 
-extern int squidguard_getfd(FILE *sg_fd[2]);
-extern int squidguard_closefd(FILE *sg_fd[2]);
-extern int squidguard_backend(FILE *sg_fd[2], char srcip[16], char srcusr[URL_SIZE], char url[URL_SIZE], char *sg_redirect, int debug);
+extern int squidguard_closefd(FILE *sg_fd);
+extern int squidguard_backend(char srcip[16], char srcusr[URL_SIZE], char url[URL_SIZE], char *sg_redirect, int debug);