security::locations

security::locations (public)

 security::locations

Defined in packages/acs-tcl/tcl/security-procs.tcl

This function returns the configured locations and the current location and the vhost locations, potentially in HTTP or in HTTPs variants. When the package parameter "SuppressHttpPort" of acs-tcl parameter is true, then an alternate location without a port is included. This proc also assumes hostnames from host_node_map table are accurate and legit. The term location refers to protocol://domain:port for website.

Returns:: insecure location and secure location followed possibly by alternate location(s) as a list.
Partial Call Graph (max 5 caller/called nodes):
Testcases:: ad_dom_sanitize_html

Source code:

    #
    # Is the current connection secure?
    #
    set secure_conn_p [expr {[ns_conn isconnected]
                             ? ([security::secure_conn_p] || [ad_conn behind_secure_proxy_p])
                             : 0}]
    #
    # Consider if we are behind a proxy and don't want to publish the
    # proxy's backend port. In this cases, SuppressHttpPort can be used
    #
    set suppress_http_port_p [parameter::get -parameter SuppressHttpPort  -boolean  -package_id [apm_package_id_from_key acs-tcl]  -default 0]
    #
    # Get Information from configured servers
    #
    set locations [acs::misc_cache eval security-configure-locations-$suppress_http_port_p-$secure_conn_p {
        set locations [security::configured_locations -suppress_http_port=$suppress_http_port_p -secure_conn=$secure_conn_p]
        #
        # The configured values values do not change at runtime. Set
        # it also once in the nsv array when setting the cache value.
        #
        foreach location $locations {
            nsv_set validated_location $location 1
        }
        set locations
    }]

    #
    # Add the previously validated locations
    #
    foreach location [nsv_array names validated_location] {
        if {$location ni $locations} {
            lappend locations $location
        }
    }


    #
    # When we are connected, add the current location if is not there
    # already, also potentially in a secure fashion.
    #
    # This is probably not needed, but is kept here for backwards
    # compatibility. For the time being, add log statements when this
    # happens.
    #
    if {[ns_conn isconnected]} {

        set current_location [util_current_location]
        if {$current_location ni $locations} {
            ns_log notice "security::locations add connected location <$current_location>"
            lappend locations $current_location
            nsv_set validated_location $current_location 1
        }

        #
        # When we are on a secure connection, the command above added
        # already a secure connection. When we are on a nonsecure
        # connection, but HTTPS is available, allow as well the
        # current host via the secure connection.
        #
        if {!$secure_conn_p && [https_available_p]} {
            set secure_current_location [security::get_secure_location]
            if {$secure_current_location ni $locations} {
                ns_log notice "security::locations add connected secure location <$secure_current_location>"
                lappend locations $secure_current_location
                nsv_set validated_location $secure_current_location 1
            }
        }
    }

    #ns_log notice "security::locations <$locations>"
    return $locations

Generic XQL file:

packages/acs-tcl/tcl/security-procs.xql

PostgreSQL XQL file:

packages/acs-tcl/tcl/security-procs-postgresql.xql

Oracle XQL file:

packages/acs-tcl/tcl/security-procs-oracle.xql

[ hide source ] | [ make this the default ]