blob: b880110c472667f94c997a29268df8804e148cbe [file] [log] [blame]
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/proxy_resolution/pac_file_decider.h"
#include <utility>
#include "base/check_op.h"
#include "base/compiler_specific.h"
#include "base/format_macros.h"
#include "base/functional/bind.h"
#include "base/functional/callback_helpers.h"
#include "base/metrics/histogram_macros.h"
#include "base/notreached.h"
#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
#include "base/values.h"
#include "net/base/completion_repeating_callback.h"
#include "net/base/host_port_pair.h"
#include "net/base/isolation_info.h"
#include "net/base/net_errors.h"
#include "net/base/request_priority.h"
#include "net/log/net_log_capture_mode.h"
#include "net/log/net_log_event_type.h"
#include "net/log/net_log_source_type.h"
#include "net/proxy_resolution/dhcp_pac_file_fetcher.h"
#include "net/proxy_resolution/pac_file_fetcher.h"
#include "net/url_request/url_request_context.h"
namespace net {
namespace {
bool LooksLikePacScript(const std::u16string& script) {
// Note: this is only an approximation! It may not always work correctly,
// however it is very likely that legitimate scripts have this exact string,
// since they must minimally define a function of this name. Conversely, a
// file not containing the string is not likely to be a PAC script.
//
// An exact test would have to load the script in a javascript evaluator.
return script.find(u"FindProxyForURL") != std::u16string::npos;
}
// This is the hard-coded location used by the DNS portion of web proxy
// auto-discovery.
//
// Note that we not use DNS devolution to find the WPAD host, since that could
// be dangerous should our top level domain registry become out of date.
//
// Instead we directly resolve "wpad", and let the operating system apply the
// DNS suffix search paths. This is the same approach taken by Firefox, and
// compatibility hasn't been an issue.
//
// For more details, also check out this comment:
// http://code.google.com/p/chromium/issues/detail?id=18575#c20
const char kWpadUrl[] = "http://wpad/wpad.dat";
const int kQuickCheckDelayMs = 1000;
} // namespace
PacFileDataWithSource::PacFileDataWithSource() = default;
PacFileDataWithSource::~PacFileDataWithSource() = default;
PacFileDataWithSource::PacFileDataWithSource(const PacFileDataWithSource&) =
default;
PacFileDataWithSource& PacFileDataWithSource::operator=(
const PacFileDataWithSource&) = default;
base::Value::Dict PacFileDecider::PacSource::NetLogParams(
const GURL& effective_pac_url) const {
base::Value::Dict dict;
std::string source;
switch (type) {
case PacSource::WPAD_DHCP:
source = "WPAD DHCP";
break;
case PacSource::WPAD_DNS:
source = "WPAD DNS: ";
source += effective_pac_url.possibly_invalid_spec();
break;
case PacSource::CUSTOM:
source = "Custom PAC URL: ";
source += effective_pac_url.possibly_invalid_spec();
break;
}
dict.Set("source", source);
return dict;
}
PacFileDecider::PacFileDecider(PacFileFetcher* pac_file_fetcher,
DhcpPacFileFetcher* dhcp_pac_file_fetcher,
NetLog* net_log)
: pac_file_fetcher_(pac_file_fetcher),
dhcp_pac_file_fetcher_(dhcp_pac_file_fetcher),
net_log_(NetLogWithSource::Make(net_log,
NetLogSourceType::PAC_FILE_DECIDER)) {}
PacFileDecider::~PacFileDecider() {
if (next_state_ != STATE_NONE)
Cancel();
}
int PacFileDecider::Start(const ProxyConfigWithAnnotation& config,
const base::TimeDelta wait_delay,
bool fetch_pac_bytes,
CompletionOnceCallback callback) {
DCHECK_EQ(STATE_NONE, next_state_);
DCHECK(!callback.is_null());
DCHECK(config.value().HasAutomaticSettings());
net_log_.BeginEvent(NetLogEventType::PAC_FILE_DECIDER);
fetch_pac_bytes_ = fetch_pac_bytes;
// Save the |wait_delay| as a non-negative value.
wait_delay_ = wait_delay;
if (wait_delay_.is_negative())
wait_delay_ = base::TimeDelta();
pac_mandatory_ = config.value().pac_mandatory();
have_custom_pac_url_ = config.value().has_pac_url();
pac_sources_ = BuildPacSourcesFallbackList(config.value());
DCHECK(!pac_sources_.empty());
traffic_annotation_ =
net::MutableNetworkTrafficAnnotationTag(config.traffic_annotation());
next_state_ = STATE_WAIT;
int rv = DoLoop(OK);
if (rv == ERR_IO_PENDING)
callback_ = std::move(callback);
else
DidComplete();
return rv;
}
void PacFileDecider::OnShutdown() {
// Don't do anything if idle.
if (next_state_ == STATE_NONE)
return;
// Just cancel any pending work.
Cancel();
}
const ProxyConfigWithAnnotation& PacFileDecider::effective_config() const {
DCHECK_EQ(STATE_NONE, next_state_);
return effective_config_;
}
const PacFileDataWithSource& PacFileDecider::script_data() const {
DCHECK_EQ(STATE_NONE, next_state_);
return script_data_;
}
// Initialize the fallback rules.
// (1) WPAD (DHCP).
// (2) WPAD (DNS).
// (3) Custom PAC URL.
PacFileDecider::PacSourceList PacFileDecider::BuildPacSourcesFallbackList(
const ProxyConfig& config) const {
PacSourceList pac_sources;
if (config.auto_detect()) {
pac_sources.push_back(PacSource(PacSource::WPAD_DHCP, GURL(kWpadUrl)));
pac_sources.push_back(PacSource(PacSource::WPAD_DNS, GURL(kWpadUrl)));
}
if (config.has_pac_url())
pac_sources.push_back(PacSource(PacSource::CUSTOM, config.pac_url()));
return pac_sources;
}
void PacFileDecider::OnIOCompletion(int result) {
DCHECK_NE(STATE_NONE, next_state_);
int rv = DoLoop(result);
if (rv != ERR_IO_PENDING) {
DidComplete();
std::move(callback_).Run(rv);
}
}
int PacFileDecider::DoLoop(int result) {
DCHECK_NE(next_state_, STATE_NONE);
int rv = result;
do {
State state = next_state_;
next_state_ = STATE_NONE;
switch (state) {
case STATE_WAIT:
DCHECK_EQ(OK, rv);
rv = DoWait();
break;
case STATE_WAIT_COMPLETE:
rv = DoWaitComplete(rv);
break;
case STATE_QUICK_CHECK:
DCHECK_EQ(OK, rv);
rv = DoQuickCheck();
break;
case STATE_QUICK_CHECK_COMPLETE:
rv = DoQuickCheckComplete(rv);
break;
case STATE_FETCH_PAC_SCRIPT:
DCHECK_EQ(OK, rv);
rv = DoFetchPacScript();
break;
case STATE_FETCH_PAC_SCRIPT_COMPLETE:
rv = DoFetchPacScriptComplete(rv);
break;
case STATE_VERIFY_PAC_SCRIPT:
DCHECK_EQ(OK, rv);
rv = DoVerifyPacScript();
break;
case STATE_VERIFY_PAC_SCRIPT_COMPLETE:
rv = DoVerifyPacScriptComplete(rv);
break;
default:
NOTREACHED() << "bad state";
rv = ERR_UNEXPECTED;
break;
}
} while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
return rv;
}
int PacFileDecider::DoWait() {
next_state_ = STATE_WAIT_COMPLETE;
// If no waiting is required, continue on to the next state.
if (wait_delay_.ToInternalValue() == 0)
return OK;
// Otherwise wait the specified amount of time.
wait_timer_.Start(FROM_HERE, wait_delay_, this,
&PacFileDecider::OnWaitTimerFired);
net_log_.BeginEvent(NetLogEventType::PAC_FILE_DECIDER_WAIT);
return ERR_IO_PENDING;
}
int PacFileDecider::DoWaitComplete(int result) {
DCHECK_EQ(OK, result);
if (wait_delay_.ToInternalValue() != 0) {
net_log_.EndEventWithNetErrorCode(NetLogEventType::PAC_FILE_DECIDER_WAIT,
result);
}
if (quick_check_enabled_ && current_pac_source().type == PacSource::WPAD_DNS)
next_state_ = STATE_QUICK_CHECK;
else
next_state_ = GetStartState();
return OK;
}
int PacFileDecider::DoQuickCheck() {
DCHECK(quick_check_enabled_);
if (!pac_file_fetcher_ || !pac_file_fetcher_->GetRequestContext() ||
!pac_file_fetcher_->GetRequestContext()->host_resolver()) {
// If we have no resolver, skip QuickCheck altogether.
next_state_ = GetStartState();
return OK;
}
std::string host = current_pac_source().url.host();
HostResolver::ResolveHostParameters parameters;
// We use HIGHEST here because proxy decision blocks doing any other requests.
parameters.initial_priority = HIGHEST;
// Only resolve via the system resolver for maximum compatibility with DNS
// suffix search paths, because for security, we are relying on suffix search
// paths rather than WPAD-standard DNS devolution.
parameters.source = HostResolverSource::SYSTEM;
// For most users, the WPAD DNS query will have no results. Allowing the query
// to go out via LLMNR or mDNS (which usually have no quick negative response)
// would therefore typically result in waiting the full timeout before
// `quick_check_timer_` fires. Given that a lot of Chrome requests could be
// blocked on completing these checks, it is better to avoid multicast
// resolution for WPAD.
// See crbug.com/1176970.
parameters.avoid_multicast_resolution = true;
HostResolver* host_resolver =
pac_file_fetcher_->GetRequestContext()->host_resolver();
resolve_request_ = host_resolver->CreateRequest(
HostPortPair(host, 80),
pac_file_fetcher_->isolation_info().network_anonymization_key(), net_log_,
parameters);
CompletionRepeatingCallback callback = base::BindRepeating(
&PacFileDecider::OnIOCompletion, base::Unretained(this));
next_state_ = STATE_QUICK_CHECK_COMPLETE;
quick_check_timer_.Start(FROM_HERE, base::Milliseconds(kQuickCheckDelayMs),
base::BindOnce(callback, ERR_NAME_NOT_RESOLVED));
return resolve_request_->Start(callback);
}
int PacFileDecider::DoQuickCheckComplete(int result) {
DCHECK(quick_check_enabled_);
resolve_request_.reset();
quick_check_timer_.Stop();
if (result != OK)
return TryToFallbackPacSource(result);
next_state_ = GetStartState();
return result;
}
int PacFileDecider::DoFetchPacScript() {
DCHECK(fetch_pac_bytes_);
next_state_ = STATE_FETCH_PAC_SCRIPT_COMPLETE;
const PacSource& pac_source = current_pac_source();
GURL effective_pac_url;
DetermineURL(pac_source, &effective_pac_url);
net_log_.BeginEvent(NetLogEventType::PAC_FILE_DECIDER_FETCH_PAC_SCRIPT, [&] {
return pac_source.NetLogParams(effective_pac_url);
});
if (pac_source.type == PacSource::WPAD_DHCP) {
if (!dhcp_pac_file_fetcher_) {
net_log_.AddEvent(NetLogEventType::PAC_FILE_DECIDER_HAS_NO_FETCHER);
return ERR_UNEXPECTED;
}
return dhcp_pac_file_fetcher_->Fetch(
&pac_script_,
base::BindOnce(&PacFileDecider::OnIOCompletion, base::Unretained(this)),
net_log_, NetworkTrafficAnnotationTag(traffic_annotation_));
}
if (!pac_file_fetcher_) {
net_log_.AddEvent(NetLogEventType::PAC_FILE_DECIDER_HAS_NO_FETCHER);
return ERR_UNEXPECTED;
}
return pac_file_fetcher_->Fetch(
effective_pac_url, &pac_script_,
base::BindOnce(&PacFileDecider::OnIOCompletion, base::Unretained(this)),
NetworkTrafficAnnotationTag(traffic_annotation_));
}
int PacFileDecider::DoFetchPacScriptComplete(int result) {
DCHECK(fetch_pac_bytes_);
net_log_.EndEventWithNetErrorCode(
NetLogEventType::PAC_FILE_DECIDER_FETCH_PAC_SCRIPT, result);
if (result != OK)
return TryToFallbackPacSource(result);
next_state_ = STATE_VERIFY_PAC_SCRIPT;
return result;
}
int PacFileDecider::DoVerifyPacScript() {
next_state_ = STATE_VERIFY_PAC_SCRIPT_COMPLETE;
// This is just a heuristic. Ideally we would try to parse the script.
if (fetch_pac_bytes_ && !LooksLikePacScript(pac_script_))
return ERR_PAC_SCRIPT_FAILED;
return OK;
}
int PacFileDecider::DoVerifyPacScriptComplete(int result) {
if (result != OK)
return TryToFallbackPacSource(result);
const PacSource& pac_source = current_pac_source();
// Extract the current script data.
script_data_.from_auto_detect = pac_source.type != PacSource::CUSTOM;
if (fetch_pac_bytes_) {
script_data_.data = PacFileData::FromUTF16(pac_script_);
} else {
script_data_.data = pac_source.type == PacSource::CUSTOM
? PacFileData::FromURL(pac_source.url)
: PacFileData::ForAutoDetect();
}
// Let the caller know which automatic setting we ended up initializing the
// resolver for (there may have been multiple fallbacks to choose from.)
ProxyConfig config;
if (current_pac_source().type == PacSource::CUSTOM) {
config = ProxyConfig::CreateFromCustomPacURL(current_pac_source().url);
config.set_pac_mandatory(pac_mandatory_);
} else {
if (fetch_pac_bytes_) {
GURL auto_detected_url;
switch (current_pac_source().type) {
case PacSource::WPAD_DHCP:
auto_detected_url = dhcp_pac_file_fetcher_->GetPacURL();
break;
case PacSource::WPAD_DNS:
auto_detected_url = GURL(kWpadUrl);
break;
default:
NOTREACHED();
}
config = ProxyConfig::CreateFromCustomPacURL(auto_detected_url);
} else {
// The resolver does its own resolution so we cannot know the
// URL. Just do the best we can and state that the configuration
// is to auto-detect proxy settings.
config = ProxyConfig::CreateAutoDetect();
}
}
effective_config_ = ProxyConfigWithAnnotation(
config, net::NetworkTrafficAnnotationTag(traffic_annotation_));
return OK;
}
int PacFileDecider::TryToFallbackPacSource(int error) {
DCHECK_LT(error, 0);
if (current_pac_source_index_ + 1 >= pac_sources_.size()) {
// Nothing left to fall back to.
return error;
}
// Advance to next URL in our list.
++current_pac_source_index_;
net_log_.AddEvent(
NetLogEventType::PAC_FILE_DECIDER_FALLING_BACK_TO_NEXT_PAC_SOURCE);
if (quick_check_enabled_ && current_pac_source().type == PacSource::WPAD_DNS)
next_state_ = STATE_QUICK_CHECK;
else
next_state_ = GetStartState();
return OK;
}
PacFileDecider::State PacFileDecider::GetStartState() const {
return fetch_pac_bytes_ ? STATE_FETCH_PAC_SCRIPT : STATE_VERIFY_PAC_SCRIPT;
}
void PacFileDecider::DetermineURL(const PacSource& pac_source,
GURL* effective_pac_url) {
DCHECK(effective_pac_url);
switch (pac_source.type) {
case PacSource::WPAD_DHCP:
break;
case PacSource::WPAD_DNS:
*effective_pac_url = GURL(kWpadUrl);
break;
case PacSource::CUSTOM:
*effective_pac_url = pac_source.url;
break;
}
}
const PacFileDecider::PacSource& PacFileDecider::current_pac_source() const {
DCHECK_LT(current_pac_source_index_, pac_sources_.size());
return pac_sources_[current_pac_source_index_];
}
void PacFileDecider::OnWaitTimerFired() {
OnIOCompletion(OK);
}
void PacFileDecider::DidComplete() {
net_log_.EndEvent(NetLogEventType::PAC_FILE_DECIDER);
}
void PacFileDecider::Cancel() {
DCHECK_NE(STATE_NONE, next_state_);
net_log_.AddEvent(NetLogEventType::CANCELLED);
switch (next_state_) {
case STATE_QUICK_CHECK_COMPLETE:
resolve_request_.reset();
break;
case STATE_WAIT_COMPLETE:
wait_timer_.Stop();
break;
case STATE_FETCH_PAC_SCRIPT_COMPLETE:
pac_file_fetcher_->Cancel();
break;
default:
break;
}
next_state_ = STATE_NONE;
// This is safe to call in any state.
if (dhcp_pac_file_fetcher_)
dhcp_pac_file_fetcher_->Cancel();
DCHECK(!resolve_request_);
DidComplete();
}
} // namespace net