[thirdparty/squid.git] / src / acl / AtStep.cc

/*
 * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#include "squid.h"

#include "acl/AtStep.h"
#include "acl/AtStepData.h"
#include "acl/FilledChecklist.h"
#include "client_side.h"
#include "http/Stream.h"
#if USE_OPENSSL
#include "ssl/ServerBump.h"
#endif

int
ACLAtStepStrategy::match(ACLData<XactionStep> * &data, ACLFilledChecklist *checklist)
{
#if USE_OPENSSL
    // We use step1 for all these very different cases:
    // - The transaction is not subject to ssl_bump rules (if any).
    // - No ssl_bump action has matched yet.
    // - The ssl_bump client-first action has already matched.
    // - Another ssl_bump action has already matched, but
    //   ConnStateData::serverBump() has not been built yet.
    auto currentSslBumpStep = XactionStep::tlsBump1;

    if (const auto mgr = checklist->conn()) {
        if (const auto serverBump = mgr->serverBump())
            currentSslBumpStep = serverBump->step;
    }

    if (data->match(currentSslBumpStep))
        return 1;
#endif // USE_OPENSSL

    if (data->match(XactionStep::generatingConnect)) {
        if (!checklist->request)
            return 0; // we have warned about the missing request earlier

        if (!checklist->request->masterXaction) {
            debugs(28, DBG_IMPORTANT, "BUG: at_step GeneratingCONNECT ACL is missing master transaction info. Assuming mismatch.");
            return 0;
        }

        return checklist->request->masterXaction->generatingConnect ? 1 : 0;
    }

    return 0;
}
Commit	Line	Data
bbc27441	1	/*
77b1029d	2	* Copyright (C) 1996-2020 The Squid Software Foundation and contributors
bbc27441 AJ	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
5d65362c	9	#include "squid.h"
8693472e	10
8693472e CT	11	#include "acl/AtStep.h"
8693472e CT	12	#include "acl/AtStepData.h"
4eac3407	13	#include "acl/FilledChecklist.h"
5d65362c	14	#include "client_side.h"
d3dddfb5	15	#include "http/Stream.h"
090f1d3c	16	#if USE_OPENSSL
5d65362c	17	#include "ssl/ServerBump.h"
090f1d3c	18	#endif
5d65362c CT	19
5d65362c CT	20	int
090f1d3c	21	ACLAtStepStrategy::match(ACLData<XactionStep> * &data, ACLFilledChecklist *checklist)
5d65362c	22	{
090f1d3c CT	23	#if USE_OPENSSL
	24	// We use step1 for all these very different cases:
	25	// - The transaction is not subject to ssl_bump rules (if any).
	26	// - No ssl_bump action has matched yet.
	27	// - The ssl_bump client-first action has already matched.
	28	// - Another ssl_bump action has already matched, but
	29	// ConnStateData::serverBump() has not been built yet.
	30	auto currentSslBumpStep = XactionStep::tlsBump1;
	31
	32	if (const auto mgr = checklist->conn()) {
	33	if (const auto serverBump = mgr->serverBump())
	34	currentSslBumpStep = serverBump->step;
	35	}
	36
	37	if (data->match(currentSslBumpStep))
	38	return 1;
	39	#endif // USE_OPENSSL
	40
	41	if (data->match(XactionStep::generatingConnect)) {
	42	if (!checklist->request)
	43	return 0; // we have warned about the missing request earlier
	44
	45	if (!checklist->request->masterXaction) {
	46	debugs(28, DBG_IMPORTANT, "BUG: at_step GeneratingCONNECT ACL is missing master transaction info. Assuming mismatch.");
	47	return 0;
	48	}
	49
	50	return checklist->request->masterXaction->generatingConnect ? 1 : 0;
	51	}
	52
5d65362c CT	53	return 0;
	54	}
	55