blob: 9b2225f9ebe2c7a6727f73290934530741c336d4 [file] [log] [blame]
// Copyright 2011 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/proxy_resolution/proxy_resolver_apple.h"
#include <CFNetwork/CFProxySupport.h>
#include <CoreFoundation/CoreFoundation.h>
#include <memory>
#include "base/apple/foundation_util.h"
#include "base/apple/scoped_cftyperef.h"
#include "base/check.h"
#include "base/lazy_instance.h"
#include "base/memory/raw_ref.h"
#include "base/strings/string_util.h"
#include "base/strings/sys_string_conversions.h"
#include "base/synchronization/lock.h"
#include "base/threading/thread_checker.h"
#include "build/build_config.h"
#include "net/base/net_errors.h"
#include "net/proxy_resolution/proxy_chain_util_apple.h"
#include "net/proxy_resolution/proxy_info.h"
#include "net/proxy_resolution/proxy_list.h"
#include "net/proxy_resolution/proxy_resolver.h"
#include "url/gurl.h"
#if BUILDFLAG(IS_IOS)
#include <CFNetwork/CFProxySupport.h>
#else
#include <CoreServices/CoreServices.h>
#endif
#if LEAK_SANITIZER
#include <sanitizer/lsan_interface.h>
#endif
namespace net {
class NetworkAnonymizationKey;
namespace {
// A lock shared by all ProxyResolverApple instances. It is used to synchronize
// the events of multiple CFNetworkExecuteProxyAutoConfigurationURL run loop
// sources. These events are:
// 1. Adding the source to the run loop.
// 2. Handling the source result.
// 3. Removing the source from the run loop.
static base::LazyInstance<base::Lock>::Leaky g_cfnetwork_pac_runloop_lock =
LAZY_INSTANCE_INITIALIZER;
// Forward declaration of the callback function used by the
// SynchronizedRunLoopObserver class.
void RunLoopObserverCallBackFunc(CFRunLoopObserverRef observer,
CFRunLoopActivity activity,
void* info);
// Callback for CFNetworkExecuteProxyAutoConfigurationURL. |client| is a pointer
// to a CFTypeRef. This stashes either |error| or |proxies| in that location.
void ResultCallback(void* client, CFArrayRef proxies, CFErrorRef error) {
DCHECK((proxies != nullptr) == (error == nullptr));
CFTypeRef* result_ptr = reinterpret_cast<CFTypeRef*>(client);
DCHECK(result_ptr != nullptr);
DCHECK(*result_ptr == nullptr);
if (error != nullptr) {
*result_ptr = CFRetain(error);
} else {
*result_ptr = CFRetain(proxies);
}
CFRunLoopStop(CFRunLoopGetCurrent());
}
#pragma mark - SynchronizedRunLoopObserver
// A run loop observer that guarantees that no two run loop sources protected
// by the same lock will be fired concurrently in different threads.
// The observer does not prevent the parallel execution of the sources but only
// synchronizes the run loop events associated with the sources. In the context
// of proxy resolver, the observer is used to synchronize the execution of the
// callbacks function that handles the result of
// CFNetworkExecuteProxyAutoConfigurationURL execution.
class SynchronizedRunLoopObserver final {
public:
// Creates the instance of an observer that will synchronize the sources
// using a given |lock|.
SynchronizedRunLoopObserver(base::Lock& lock);
SynchronizedRunLoopObserver(const SynchronizedRunLoopObserver&) = delete;
SynchronizedRunLoopObserver& operator=(const SynchronizedRunLoopObserver&) =
delete;
// Destructor.
~SynchronizedRunLoopObserver();
// Adds the observer to the current run loop for a given run loop mode.
// This method should always be paired with |RemoveFromCurrentRunLoop|.
void AddToCurrentRunLoop(const CFStringRef mode);
// Removes the observer from the current run loop for a given run loop mode.
// This method should always be paired with |AddToCurrentRunLoop|.
void RemoveFromCurrentRunLoop(const CFStringRef mode);
// Callback function that is called when an observable run loop event occurs.
void RunLoopObserverCallBack(CFRunLoopObserverRef observer,
CFRunLoopActivity activity);
private:
// Lock to use to synchronize the run loop sources.
const raw_ref<base::Lock> lock_;
// Indicates whether the current observer holds the lock. It is used to
// avoid double locking and releasing.
bool lock_acquired_ = false;
// The underlying CFRunLoopObserverRef structure wrapped by this instance.
base::apple::ScopedCFTypeRef<CFRunLoopObserverRef> observer_;
// Validates that all methods of this class are executed on the same thread.
base::ThreadChecker thread_checker_;
};
SynchronizedRunLoopObserver::SynchronizedRunLoopObserver(base::Lock& lock)
: lock_(lock) {
CFRunLoopObserverContext observer_context = {0, this, nullptr, nullptr,
nullptr};
observer_.reset(CFRunLoopObserverCreate(
kCFAllocatorDefault,
kCFRunLoopBeforeSources | kCFRunLoopBeforeWaiting | kCFRunLoopExit, true,
0, RunLoopObserverCallBackFunc, &observer_context));
}
SynchronizedRunLoopObserver::~SynchronizedRunLoopObserver() {
DCHECK(thread_checker_.CalledOnValidThread());
DCHECK(!lock_acquired_);
}
void SynchronizedRunLoopObserver::AddToCurrentRunLoop(const CFStringRef mode) {
DCHECK(thread_checker_.CalledOnValidThread());
CFRunLoopAddObserver(CFRunLoopGetCurrent(), observer_.get(), mode);
}
void SynchronizedRunLoopObserver::RemoveFromCurrentRunLoop(
const CFStringRef mode) {
DCHECK(thread_checker_.CalledOnValidThread());
CFRunLoopRemoveObserver(CFRunLoopGetCurrent(), observer_.get(), mode);
}
void SynchronizedRunLoopObserver::RunLoopObserverCallBack(
CFRunLoopObserverRef observer,
CFRunLoopActivity activity) NO_THREAD_SAFETY_ANALYSIS {
DCHECK(thread_checker_.CalledOnValidThread());
// Acquire the lock when a source has been signaled and going to be fired.
// In the context of the proxy resolver that happens when the proxy for a
// given URL has been resolved and the callback function that handles the
// result is going to be fired.
// Release the lock when all source events have been handled.
//
// NO_THREAD_SAFETY_ANALYSIS: Runtime dependent locking.
switch (activity) {
case kCFRunLoopBeforeSources:
if (!lock_acquired_) {
lock_->Acquire();
lock_acquired_ = true;
}
break;
case kCFRunLoopBeforeWaiting:
case kCFRunLoopExit:
if (lock_acquired_) {
lock_acquired_ = false;
lock_->Release();
}
break;
}
}
void RunLoopObserverCallBackFunc(CFRunLoopObserverRef observer,
CFRunLoopActivity activity,
void* info) {
// Forward the call to the instance of SynchronizedRunLoopObserver
// that is associated with the current CF run loop observer.
SynchronizedRunLoopObserver* observerInstance =
(SynchronizedRunLoopObserver*)info;
observerInstance->RunLoopObserverCallBack(observer, activity);
}
#pragma mark - ProxyResolverApple
class ProxyResolverApple : public ProxyResolver {
public:
explicit ProxyResolverApple(const scoped_refptr<PacFileData>& script_data);
~ProxyResolverApple() override;
// ProxyResolver methods:
int GetProxyForURL(const GURL& url,
const NetworkAnonymizationKey& network_anonymization_key,
ProxyInfo* results,
CompletionOnceCallback callback,
std::unique_ptr<Request>* request,
const NetLogWithSource& net_log) override;
private:
const scoped_refptr<PacFileData> script_data_;
};
ProxyResolverApple::ProxyResolverApple(
const scoped_refptr<PacFileData>& script_data)
: script_data_(script_data) {}
ProxyResolverApple::~ProxyResolverApple() = default;
// Gets the proxy information for a query URL from a PAC. Implementation
// inspired by http://developer.apple.com/samplecode/CFProxySupportTool/
int ProxyResolverApple::GetProxyForURL(
const GURL& query_url,
const NetworkAnonymizationKey& network_anonymization_key,
ProxyInfo* results,
CompletionOnceCallback /*callback*/,
std::unique_ptr<Request>* /*request*/,
const NetLogWithSource& net_log) {
// OS X's system resolver does not support WebSocket URLs in proxy.pac, as of
// version 10.13.5. See https://crbug.com/862121.
GURL mutable_query_url = query_url;
if (query_url.SchemeIsWSOrWSS()) {
GURL::Replacements replacements;
replacements.SetSchemeStr(query_url.SchemeIsCryptographic() ? "https"
: "http");
mutable_query_url = query_url.ReplaceComponents(replacements);
}
base::apple::ScopedCFTypeRef<CFStringRef> query_ref(
base::SysUTF8ToCFStringRef(mutable_query_url.spec()));
base::apple::ScopedCFTypeRef<CFURLRef> query_url_ref(
CFURLCreateWithString(kCFAllocatorDefault, query_ref.get(), nullptr));
if (!query_url_ref.get())
return ERR_FAILED;
base::apple::ScopedCFTypeRef<CFStringRef> pac_ref(base::SysUTF8ToCFStringRef(
script_data_->type() == PacFileData::TYPE_AUTO_DETECT
? std::string()
: script_data_->url().spec()));
base::apple::ScopedCFTypeRef<CFURLRef> pac_url_ref(
CFURLCreateWithString(kCFAllocatorDefault, pac_ref.get(), nullptr));
if (!pac_url_ref.get())
return ERR_FAILED;
// Work around <rdar://problem/5530166>. This dummy call to
// CFNetworkCopyProxiesForURL initializes some state within CFNetwork that is
// required by CFNetworkExecuteProxyAutoConfigurationURL.
base::apple::ScopedCFTypeRef<CFDictionaryRef> empty_dictionary(
CFDictionaryCreate(nullptr, nullptr, nullptr, 0, nullptr, nullptr));
base::apple::ScopedCFTypeRef<CFArrayRef> dummy_result(
CFNetworkCopyProxiesForURL(query_url_ref.get(), empty_dictionary.get()));
// We cheat here. We need to act as if we were synchronous, so we pump the
// runloop ourselves. Our caller moved us to a new thread anyway, so this is
// OK to do. (BTW, CFNetworkExecuteProxyAutoConfigurationURL returns a
// runloop source we need to release despite its name.)
CFTypeRef result = nullptr;
CFStreamClientContext context = {0, &result, nullptr, nullptr, nullptr};
base::apple::ScopedCFTypeRef<CFRunLoopSourceRef> runloop_source(
CFNetworkExecuteProxyAutoConfigurationURL(
pac_url_ref.get(), query_url_ref.get(), ResultCallback, &context));
#if LEAK_SANITIZER
// CFNetworkExecuteProxyAutoConfigurationURL leaks the returned
// CFRunLoopSourceRef. Filed as FB12170226.
__lsan_ignore_object(runloop_source.get());
#endif
if (!runloop_source)
return ERR_FAILED;
const CFStringRef private_runloop_mode =
CFSTR("org.chromium.ProxyResolverApple");
// Add the run loop observer to synchronize events of
// CFNetworkExecuteProxyAutoConfigurationURL sources. See the definition of
// |g_cfnetwork_pac_runloop_lock|.
SynchronizedRunLoopObserver observer(g_cfnetwork_pac_runloop_lock.Get());
observer.AddToCurrentRunLoop(private_runloop_mode);
// Make sure that no CFNetworkExecuteProxyAutoConfigurationURL sources
// are added to the run loop concurrently.
{
base::AutoLock lock(g_cfnetwork_pac_runloop_lock.Get());
CFRunLoopAddSource(CFRunLoopGetCurrent(), runloop_source.get(),
private_runloop_mode);
}
CFRunLoopRunInMode(private_runloop_mode, DBL_MAX, false);
// Make sure that no CFNetworkExecuteProxyAutoConfigurationURL sources
// are removed from the run loop concurrently.
{
base::AutoLock lock(g_cfnetwork_pac_runloop_lock.Get());
CFRunLoopRemoveSource(CFRunLoopGetCurrent(), runloop_source.get(),
private_runloop_mode);
}
observer.RemoveFromCurrentRunLoop(private_runloop_mode);
DCHECK(result);
if (CFGetTypeID(result) == CFErrorGetTypeID()) {
// TODO(avi): do something better than this
CFRelease(result);
return ERR_FAILED;
}
base::apple::ScopedCFTypeRef<CFArrayRef> proxy_array_ref(
base::apple::CFCastStrict<CFArrayRef>(result));
DCHECK(proxy_array_ref);
ProxyList proxy_list;
CFIndex proxy_array_count = CFArrayGetCount(proxy_array_ref.get());
for (CFIndex i = 0; i < proxy_array_count; ++i) {
CFDictionaryRef proxy_dictionary =
base::apple::CFCastStrict<CFDictionaryRef>(
CFArrayGetValueAtIndex(proxy_array_ref.get(), i));
DCHECK(proxy_dictionary);
// The dictionary may have the following keys:
// - kCFProxyTypeKey : The type of the proxy
// - kCFProxyHostNameKey
// - kCFProxyPortNumberKey : The meat we're after.
// - kCFProxyUsernameKey
// - kCFProxyPasswordKey : Despite the existence of these keys in the
// documentation, they're never populated. Even if a
// username/password were to be set in the network
// proxy system preferences, we'd need to fetch it
// from the Keychain ourselves. CFProxy is such a
// tease.
// - kCFProxyAutoConfigurationURLKey : If the PAC file specifies another
// PAC file, I'm going home.
CFStringRef proxy_type = base::apple::GetValueFromDictionary<CFStringRef>(
proxy_dictionary, kCFProxyTypeKey);
ProxyChain proxy_chain =
ProxyDictionaryToProxyChain(proxy_type, proxy_dictionary,
kCFProxyHostNameKey, kCFProxyPortNumberKey);
if (!proxy_chain.IsValid()) {
continue;
}
proxy_list.AddProxyChain(proxy_chain);
}
if (!proxy_list.IsEmpty())
results->UseProxyList(proxy_list);
// Else do nothing (results is already guaranteed to be in the default state).
return OK;
}
} // namespace
ProxyResolverFactoryApple::ProxyResolverFactoryApple()
: ProxyResolverFactory(false /*expects_pac_bytes*/) {
}
int ProxyResolverFactoryApple::CreateProxyResolver(
const scoped_refptr<PacFileData>& pac_script,
std::unique_ptr<ProxyResolver>* resolver,
CompletionOnceCallback callback,
std::unique_ptr<Request>* request) {
*resolver = std::make_unique<ProxyResolverApple>(pac_script);
return OK;
}
} // namespace net