void hostHeaderVerifyFailed(const char *A, const char *B);
void clientAccessCheck();
void clientAccessCheck2();
- void clientAccessCheckDone(const allow_t &answer);
+ void clientAccessCheckDone(const Acl::Answer &answer);
void clientRedirectStart();
void clientRedirectDone(const Helper::Reply &reply);
void clientStoreIdStart();
void clientStoreIdDone(const Helper::Reply &reply);
void checkNoCache();
- void checkNoCacheDone(const allow_t &answer);
+ void checkNoCacheDone(const Acl::Answer &answer);
#if USE_ADAPTATION
void adaptationAccessCheck();
*/
bool sslBumpAccessCheck();
/// The callback function for ssl-bump access check list
- void sslBumpAccessCheckDone(const allow_t &answer);
+ void sslBumpAccessCheckDone(const Acl::Answer &answer);
#endif
ClientHttpRequest *http;
public:
ExternalACLEntryData() : result(ACCESS_DUNNO) {}
- allow_t result;
+ Acl::Answer result;
/// list of all kv-pairs returned by the helper
NotePairs notes;
void update(ExternalACLEntryData const &);
dlink_node lru;
- allow_t result;
+ Acl::Answer result;
time_t date;
/// list of all kv-pairs returned by the helper
#endif
int checkNetdbDirect();
- void checkAlwaysDirectDone(const allow_t answer);
- void checkNeverDirectDone(const allow_t answer);
+ void checkAlwaysDirectDone(const Acl::Answer answer);
+ void checkNeverDirectDone(const Acl::Answer answer);
void selectSomeNeighbor();
void selectSomeNeighborReplies();
static EVH HandlePingTimeout;
private:
- allow_t always_direct;
- allow_t never_direct;
+ Acl::Answer always_direct;
+ Acl::Answer never_direct;
int direct; // TODO: fold always_direct/never_direct/prefer_direct into this now that ACL can do a multi-state result.
size_t foundPaths = 0; ///< number of unique destinations identified so far
ErrorState *lastError;
} aclMatchCode;
/// \ingroup ACLAPI
-/// ACL check answer; TODO: Rename to Acl::Answer
-class allow_t
+/// ACL check answer
+namespace Acl {
+
+class Answer
{
public:
- // not explicit: allow "aclMatchCode to allow_t" conversions (for now)
- allow_t(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {}
+ // not explicit: allow "aclMatchCode to Acl::Answer" conversions (for now)
+ Answer(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {}
- allow_t(): code(ACCESS_DUNNO), kind(0) {}
+ Answer(): code(ACCESS_DUNNO), kind(0) {}
bool operator ==(const aclMatchCode aCode) const {
return code == aCode;
return !(*this == aCode);
}
- bool operator ==(const allow_t allow) const {
+ bool operator ==(const Answer allow) const {
return code == allow.code && kind == allow.kind;
}
int kind; ///< which custom access list verb matched
};
+} // namespace Acl
+
inline std::ostream &
-operator <<(std::ostream &o, const allow_t a)
+operator <<(std::ostream &o, const Acl::Answer a)
{
switch (a) {
case ACCESS_DENIED:
}
void
-ACLChecklist::markFinished(const allow_t &finalAnswer, const char *reason)
+ACLChecklist::markFinished(const Acl::Answer &finalAnswer, const char *reason)
{
assert (!finished() && !asyncInProgress());
finished_ = true;
- allow_ = finalAnswer;
- debugs(28, 3, HERE << this << " answer " << allow_ << " for " << reason);
+ answer_ = finalAnswer;
+ debugs(28, 3, HERE << this << " answer " << answer_ << " for " << reason);
}
/// Called first (and once) by all checks to initialize their state
// ACLFilledChecklist overwrites this to unclock something before we
// "delete this"
void
-ACLChecklist::checkCallback(allow_t answer)
+ACLChecklist::checkCallback(Acl::Answer answer)
{
ACLCB *callback_;
void *cbdata_;
asyncCaller_(false),
occupied_(false),
finished_(false),
- allow_(ACCESS_DENIED),
+ answer_(ACCESS_DENIED),
asyncStage_(asyncNone),
state_(NullState::Instance()),
asyncLoopDepth_(0)
markFinished(accessList->winningAction(), "match");
}
-allow_t const &
+Acl::Answer const &
ACLChecklist::fastCheck(const Acl::Tree * list)
{
PROF_start(aclCheckFast);
/* Warning: do not cbdata lock this here - it
* may be static or on the stack
*/
-allow_t const &
+Acl::Answer const &
ACLChecklist::fastCheck()
{
PROF_start(aclCheckFast);
void
ACLChecklist::calcImplicitAnswer()
{
- const allow_t lastAction = (accessList && cbdataReferenceValid(accessList)) ?
- accessList->lastAction() : allow_t(ACCESS_DUNNO);
- allow_t implicitRuleAnswer = ACCESS_DUNNO;
+ const auto lastAction = (accessList && cbdataReferenceValid(accessList)) ?
+ accessList->lastAction() : Acl::Answer(ACCESS_DUNNO);
+ auto implicitRuleAnswer = Acl::Answer(ACCESS_DUNNO);
if (lastAction == ACCESS_DENIED) // reverse last seen "deny"
- implicitRuleAnswer = ACCESS_ALLOWED;
+ implicitRuleAnswer = Acl::Answer(ACCESS_ALLOWED);
else if (lastAction == ACCESS_ALLOWED) // reverse last seen "allow"
- implicitRuleAnswer = ACCESS_DENIED;
+ implicitRuleAnswer = Acl::Answer(ACCESS_DENIED);
// else we saw no rules and will respond with ACCESS_DUNNO
debugs(28, 3, HERE << this << " NO match found, last action " <<
}
bool
-ACLChecklist::bannedAction(const allow_t &action) const
+ACLChecklist::bannedAction(const Acl::Answer &action) const
{
const bool found = std::find(bannedActions_.begin(), bannedActions_.end(), action) != bannedActions_.end();
debugs(28, 5, "Action '" << action << "/" << action.kind << (found ? "' is " : "' is not") << " banned");
}
void
-ACLChecklist::banAction(const allow_t &action)
+ACLChecklist::banAction(const Acl::Answer &action)
{
bannedActions_.push_back(action);
}
class HttpRequest;
/// ACL checklist callback
-typedef void ACLCB(allow_t, void *);
+typedef void ACLCB(Acl::Answer, void *);
/** \ingroup ACLAPI
Base class for maintaining Squid and transaction state for access checks.
*
* If there are no rules to check at all, the result becomes ACCESS_DUNNO.
*/
- allow_t const & fastCheck();
+ Acl::Answer const & fastCheck();
/**
* Perform a blocking (immediate) check whether a list of ACLs matches.
*
* If there are no ACLs to check at all, the result becomes ACCESS_ALLOWED.
*/
- allow_t const & fastCheck(const Acl::Tree *list);
+ Acl::Answer const & fastCheck(const Acl::Tree *list);
/// If slow lookups are allowed, switches into "async in progress" state.
/// Otherwise, returns false; the caller is expected to handle the failure.
bool asyncInProgress() const { return asyncStage_ != asyncNone; }
/// called when no more ACLs should be checked; sets the final answer and
/// prints a debugging message explaining the reason for that answer
- void markFinished(const allow_t &newAnswer, const char *reason);
+ void markFinished(const Acl::Answer &newAnswer, const char *reason);
- const allow_t ¤tAnswer() const { return allow_; }
+ const Acl::Answer ¤tAnswer() const { return answer_; }
/// whether the action is banned or not
- bool bannedAction(const allow_t &action) const;
+ bool bannedAction(const Acl::Answer &action) const;
/// add action to the list of banned actions
- void banAction(const allow_t &action);
+ void banAction(const Acl::Answer &action);
// XXX: ACLs that need request or reply have to use ACLFilledChecklist and
// should do their own checks so that we do not have to povide these two
private:
/// Calls non-blocking check callback with the answer and destroys self.
- void checkCallback(allow_t answer);
+ void checkCallback(Acl::Answer answer);
void matchAndFinish();
bool asyncCaller_; ///< whether the caller supports async/slow ACLs
bool occupied_; ///< whether a check (fast or non-blocking) is in progress
bool finished_;
- allow_t allow_;
+ Acl::Answer answer_;
enum AsyncStage { asyncNone, asyncStarting, asyncRunning, asyncFailed };
AsyncStage asyncStage_;
/// suspended (due to an async lookup) matches() in the ACL tree
std::stack<Breadcrumb> matchPath;
/// the list of actions which must ignored during acl checks
- std::vector<allow_t> bannedActions_;
+ std::vector<Acl::Answer> bannedActions_;
};
#endif /* SQUID_ACLCHECKLIST_H */
return;
}
- allow_t action = ACCESS_DUNNO;
+ auto action = Acl::Answer(ACCESS_DUNNO);
if (!strcmp(t, "allow"))
- action = ACCESS_ALLOWED;
+ action = Acl::Answer(ACCESS_ALLOWED);
else if (!strcmp(t, "deny"))
- action = ACCESS_DENIED;
+ action = Acl::Answer(ACCESS_DENIED);
else {
debugs(28, DBG_CRITICAL, "aclParseAccessLine: " << cfg_filename << " line " << config_lineno << ": " << config_input_line);
debugs(28, DBG_CRITICAL, "aclParseAccessLine: expecting 'allow' or 'deny', got '" << t << "'.");
CBDATA_NAMESPACED_CLASS_INIT(Acl, Tree);
-allow_t
+Acl::Answer
Acl::Tree::winningAction() const
{
return actionAt(lastMatch_ - nodes.begin());
}
-allow_t
+Acl::Answer
Acl::Tree::lastAction() const
{
if (actions.empty())
}
/// computes action that corresponds to the position of the matched rule
-allow_t
+Acl::Answer
Acl::Tree::actionAt(const Nodes::size_type pos) const
{
assert(pos < nodes.size());
}
void
-Acl::Tree::add(ACL *rule, const allow_t &action)
+Acl::Tree::add(ACL *rule, const Acl::Answer &action)
{
// either all rules have actions or none
assert(nodes.size() == actions.size());
SBufList treeDump(const char *name, ActionToStringConverter converter) const;
/// Returns the corresponding action after a successful tree match.
- allow_t winningAction() const;
+ Answer winningAction() const;
/// what action to use if no nodes matched
- allow_t lastAction() const;
+ Answer lastAction() const;
/// appends and takes control over the rule with a given action
- void add(ACL *rule, const allow_t &action);
+ void add(ACL *rule, const Answer &action);
void add(ACL *rule); ///< same as InnerNode::add()
protected:
/// Acl::OrNode API
virtual bool bannedAction(ACLChecklist *, Nodes::const_iterator) const override;
- allow_t actionAt(const Nodes::size_type pos) const;
+ Answer actionAt(const Nodes::size_type pos) const;
/// if not empty, contains actions corresponding to InnerNode::nodes
- typedef std::vector<allow_t> Actions;
+ typedef std::vector<Answer> Actions;
Actions actions;
};
inline const char *
-AllowOrDeny(const allow_t &action)
+AllowOrDeny(const Answer &action)
{
return action.allowed() ? "allow" : "deny";
}
{
class Address;
+class Answer;
class InnerNode;
class NotNode;
class AndNode;
} // namespace Acl
-class allow_t;
-typedef void ACLCB(allow_t, void *);
+typedef void ACLCB(Acl::Answer, void *);
#define ACL_NAME_SZ 64
}
void
-Adaptation::AccessCheck::AccessCheckCallbackWrapper(allow_t answer, void *data)
+Adaptation::AccessCheck::AccessCheckCallbackWrapper(Acl::Answer answer, void *data)
{
debugs(93, 8, HERE << "callback answer=" << answer);
AccessCheck *ac = (AccessCheck*)data;
*/
// convert to async call to get async call protections and features
- typedef UnaryMemFunT<AccessCheck, allow_t> MyDialer;
+ typedef UnaryMemFunT<AccessCheck, Acl::Answer> MyDialer;
AsyncCall::Pointer call =
asyncCall(93,7, "Adaptation::AccessCheck::noteAnswer",
MyDialer(ac, &Adaptation::AccessCheck::noteAnswer, answer));
/// process the results of the ACL check
void
-Adaptation::AccessCheck::noteAnswer(allow_t answer)
+Adaptation::AccessCheck::noteAnswer(Acl::Answer answer)
{
Must(!candidates.empty()); // the candidate we were checking must be there
debugs(93,5, HERE << topCandidate() << " answer=" << answer);
public:
void checkCandidates();
- static void AccessCheckCallbackWrapper(allow_t, void*);
- void noteAnswer(allow_t answer);
+ static void AccessCheckCallbackWrapper(Acl::Answer, void*);
+ void noteAnswer(Acl::Answer answer);
protected:
// AsyncJob API
* \retval ACCESS_DENIED user not authorized
* \retval ACCESS_ALLOWED user authenticated and authorized
*/
-allow_t
+Acl::Answer
AuthenticateAcl(ACLChecklist *ch)
{
ACLFilledChecklist *checklist = Filled(ch);
class ACLChecklist;
/// \ingroup AuthAPI
-allow_t AuthenticateAcl(ACLChecklist *ch);
+Acl::Answer AuthenticateAcl(ACLChecklist *ch);
#endif /* USE_AUTH */
#endif /* SQUID_AUTH_ACL_H */
ACLMaxUserIP::match(ACLChecklist *cl)
{
ACLFilledChecklist *checklist = Filled(cl);
- allow_t answer = AuthenticateAcl(checklist);
+ auto answer = AuthenticateAcl(checklist);
int ti;
// convert to tri-state ACL match 1,0,-1
int
ACLProxyAuth::match(ACLChecklist *checklist)
{
- allow_t answer = AuthenticateAcl(checklist);
+ auto answer = AuthenticateAcl(checklist);
// convert to tri-state ACL match 1,0,-1
switch (answer) {
ACLFilledChecklist ch(NULL, request, NULL);
ch.reply = rep;
HTTPMSGLOCK(ch.reply);
- const allow_t answer = ch.fastCheck(Auth::TheConfig.schemeAccess);
+ const auto answer = ch.fastCheck(Auth::TheConfig.schemeAccess);
if (answer.allowed())
return Auth::TheConfig.schemeLists.at(answer.kind).authConfigs;
}
static void parse_on_unsupported_protocol(acl_access **access);
static void dump_on_unsupported_protocol(StoreEntry *entry, const char *name, acl_access *access);
static void free_on_unsupported_protocol(acl_access **access);
-static void ParseAclWithAction(acl_access **access, const allow_t &action, const char *desc, ACL *acl = nullptr);
+static void ParseAclWithAction(acl_access **access, const Acl::Answer &action, const char *desc, ACL *acl = nullptr);
/*
* LegacyParser is a parser for legacy code that uses the global
return;
}
Auth::TheConfig.schemeLists.emplace_back(tok, ConfigParser::LastTokenWasQuoted());
- const allow_t action = allow_t(ACCESS_ALLOWED, Auth::TheConfig.schemeLists.size() - 1);
+ const auto action = Acl::Answer(ACCESS_ALLOWED, Auth::TheConfig.schemeLists.size() - 1);
ParseAclWithAction(authSchemes, action, "auth_schemes");
}
dump_AuthSchemes(StoreEntry *entry, const char *name, acl_access *authSchemes)
{
if (authSchemes)
- dump_SBufList(entry, authSchemes->treeDump(name, [](const allow_t &action) {
+ dump_SBufList(entry, authSchemes->treeDump(name, [](const Acl::Answer &action) {
return Auth::TheConfig.schemeLists.at(action.kind).rawSchemes;
}));
}
#endif /* USE_AUTH */
static void
-ParseAclWithAction(acl_access **access, const allow_t &action, const char *desc, ACL *acl)
+ParseAclWithAction(acl_access **access, const Acl::Answer &action, const char *desc, ACL *acl)
{
assert(access);
SBuf name;
sslBumpCfgRr::lastDeprecatedRule = Ssl::bumpEnd;
}
- allow_t action = allow_t(ACCESS_ALLOWED);
+ auto action = Acl::Answer(ACCESS_ALLOWED);
if (strcmp(bm, Ssl::BumpModeStr[Ssl::bumpClientFirst]) == 0) {
action.kind = Ssl::bumpClientFirst;
static void dump_sslproxy_ssl_bump(StoreEntry *entry, const char *name, acl_access *ssl_bump)
{
if (ssl_bump)
- dump_SBufList(entry, ssl_bump->treeDump(name, [](const allow_t &action) {
+ dump_SBufList(entry, ssl_bump->treeDump(name, [](const Acl::Answer &action) {
return Ssl::BumpModeStr.at(action.kind);
}));
}
static bool FtpEspvDeprecated = false;
static void parse_ftp_epsv(acl_access **ftp_epsv)
{
- allow_t ftpEpsvDeprecatedAction;
+ Acl::Answer ftpEpsvDeprecatedAction;
bool ftpEpsvIsDeprecatedRule = false;
char *t = ConfigParser::PeekAtToken();
if (!strcmp(t, "off")) {
(void)ConfigParser::NextToken();
ftpEpsvIsDeprecatedRule = true;
- ftpEpsvDeprecatedAction = allow_t(ACCESS_DENIED);
+ ftpEpsvDeprecatedAction = Acl::Answer(ACCESS_DENIED);
} else if (!strcmp(t, "on")) {
(void)ConfigParser::NextToken();
ftpEpsvIsDeprecatedRule = true;
- ftpEpsvDeprecatedAction = allow_t(ACCESS_ALLOWED);
+ ftpEpsvDeprecatedAction = Acl::Answer(ACCESS_ALLOWED);
}
// Check for mixing "ftp_epsv on|off" and "ftp_epsv allow|deny .." rules:
delete *ftp_epsv;
*ftp_epsv = nullptr;
- if (ftpEpsvDeprecatedAction == allow_t(ACCESS_DENIED)) {
+ if (ftpEpsvDeprecatedAction == Acl::Answer(ACCESS_DENIED)) {
if (ACL *a = ACL::FindByName("all"))
ParseAclWithAction(ftp_epsv, ftpEpsvDeprecatedAction, "ftp_epsv", a);
else {
return;
}
- allow_t action = allow_t(ACCESS_ALLOWED);
+ auto action = Acl::Answer(ACCESS_ALLOWED);
if (strcmp(tm, "tunnel") == 0)
action.kind = 1;
else if (strcmp(tm, "respond") == 0)
"respond"
};
if (access) {
- SBufList lines = access->treeDump(name, [](const allow_t &action) {
+ SBufList lines = access->treeDump(name, [](const Acl::Answer &action) {
return onErrorTunnelMode.at(action.kind);
});
dump_SBufList(entry, lines);
ClientHttpRequest *http = context ? context->http : nullptr;
const char *log_uri = http ? http->log_uri : nullptr;
checklist.syncAle(request.getRaw(), log_uri);
- allow_t answer = checklist.fastCheck();
+ auto answer = checklist.fastCheck();
if (answer.allowed() && answer.kind == 1) {
debugs(33, 3, "Request will be tunneled to server");
if (context) {
/* pools require explicit 'allow' to assign a client into them */
if (pools[pool]->access) {
ch.changeAcl(pools[pool]->access);
- allow_t answer = ch.fastCheck();
+ auto answer = ch.fastCheck();
if (answer.allowed()) {
/* request client information from db after we did all checks
* A callback function to use with the ACLFilledChecklist callback.
*/
static void
-httpsSslBumpAccessCheckDone(allow_t answer, void *data)
+httpsSslBumpAccessCheckDone(Acl::Answer answer, void *data)
{
ConnStateData *connState = (ConnStateData *) data;
}
}
-void httpsSslBumpStep2AccessCheckDone(allow_t answer, void *data)
+void httpsSslBumpStep2AccessCheckDone(Acl::Answer answer, void *data)
{
ConnStateData *connState = (ConnStateData *) data;
acl_checklist->al = http ? http->al : nullptr;
//acl_checklist->src_addr = params.conn->remote;
//acl_checklist->my_addr = s->s;
- acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpNone));
- acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpClientFirst));
- acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpServerFirst));
+ acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpNone));
+ acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpClientFirst));
+ acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpServerFirst));
const char *log_uri = http ? http->log_uri : nullptr;
acl_checklist->syncAle(sslServerBump->request.getRaw(), log_uri);
acl_checklist->nonBlockingCheck(httpsSslBumpStep2AccessCheckDone, this);
}
void
-clientReplyContext::ProcessReplyAccessResult(allow_t rv, void *voidMe)
+clientReplyContext::ProcessReplyAccessResult(Acl::Answer rv, void *voidMe)
{
clientReplyContext *me = static_cast<clientReplyContext *>(voidMe);
me->processReplyAccessResult(rv);
}
void
-clientReplyContext::processReplyAccessResult(const allow_t &accessAllowed)
+clientReplyContext::processReplyAccessResult(const Acl::Answer &accessAllowed)
{
debugs(88, 2, "The reply for " << http->request->method
<< ' ' << http->uri << " is " << accessAllowed << ", because it matched "
HttpReply *reply;
void processReplyAccess();
static ACLCB ProcessReplyAccessResult;
- void processReplyAccessResult(const allow_t &accessAllowed);
+ void processReplyAccessResult(const Acl::Answer &accessAllowed);
void cloneReply();
void buildReplyHeader ();
bool alwaysAllowResponse(Http::StatusCode sline) const;
static const char *const crlf = "\r\n";
#if FOLLOW_X_FORWARDED_FOR
-static void clientFollowXForwardedForCheck(allow_t answer, void *data);
+static void clientFollowXForwardedForCheck(Acl::Answer answer, void *data);
#endif /* FOLLOW_X_FORWARDED_FOR */
ErrorState *clientBuildError(err_type, Http::StatusCode, char const *url, Ip::Address &, HttpRequest *, const AccessLogEntry::Pointer &);
/* Local functions */
/* other */
-static void clientAccessCheckDoneWrapper(allow_t, void *);
+static void clientAccessCheckDoneWrapper(Acl::Answer, void *);
#if USE_OPENSSL
-static void sslBumpAccessCheckDoneWrapper(allow_t, void *);
+static void sslBumpAccessCheckDoneWrapper(Acl::Answer, void *);
#endif
static int clientHierarchical(ClientHttpRequest * http);
static void clientInterpretRequestHeaders(ClientHttpRequest * http);
static HLPCB clientRedirectDoneWrapper;
static HLPCB clientStoreIdDoneWrapper;
-static void checkNoCacheDoneWrapper(allow_t, void *);
+static void checkNoCacheDoneWrapper(Acl::Answer, void *);
SQUIDCEXTERN CSR clientGetMoreData;
SQUIDCEXTERN CSS clientReplyStatus;
SQUIDCEXTERN CSD clientReplyDetach;
* ++ indirect_client_addr contains the remote direct client from the trusted peers viewpoint.
*/
static void
-clientFollowXForwardedForCheck(allow_t answer, void *data)
+clientFollowXForwardedForCheck(Acl::Answer answer, void *data)
{
ClientRequestContext *calloutContext = (ClientRequestContext *) data;
}
void
-clientAccessCheckDoneWrapper(allow_t answer, void *data)
+clientAccessCheckDoneWrapper(Acl::Answer answer, void *data)
{
ClientRequestContext *calloutContext = (ClientRequestContext *) data;
}
void
-ClientRequestContext::clientAccessCheckDone(const allow_t &answer)
+ClientRequestContext::clientAccessCheckDone(const Acl::Answer &answer)
{
acl_checklist = NULL;
err_type page_id;
#endif
static void
-clientRedirectAccessCheckDone(allow_t answer, void *data)
+clientRedirectAccessCheckDone(Acl::Answer answer, void *data)
{
ClientRequestContext *context = (ClientRequestContext *)data;
ClientHttpRequest *http = context->http;
* Will handle as "ERR" (no change) in a case Access is not allowed.
*/
static void
-clientStoreIdAccessCheckDone(allow_t answer, void *data)
+clientStoreIdAccessCheckDone(Acl::Answer answer, void *data)
{
ClientRequestContext *context = static_cast<ClientRequestContext *>(data);
ClientHttpRequest *http = context->http;
}
static void
-checkNoCacheDoneWrapper(allow_t answer, void *data)
+checkNoCacheDoneWrapper(Acl::Answer answer, void *data)
{
ClientRequestContext *calloutContext = (ClientRequestContext *) data;
}
void
-ClientRequestContext::checkNoCacheDone(const allow_t &answer)
+ClientRequestContext::checkNoCacheDone(const Acl::Answer &answer)
{
acl_checklist = NULL;
if (answer.denied()) {
* as ACLFilledChecklist callback
*/
static void
-sslBumpAccessCheckDoneWrapper(allow_t answer, void *data)
+sslBumpAccessCheckDoneWrapper(Acl::Answer answer, void *data)
{
ClientRequestContext *calloutContext = static_cast<ClientRequestContext *>(data);
}
void
-ClientRequestContext::sslBumpAccessCheckDone(const allow_t &answer)
+ClientRequestContext::sslBumpAccessCheckDone(const Acl::Answer &answer)
{
if (!httpStateIsValid())
return;
void trimCache();
- bool maybeCacheable(const allow_t &) const;
+ bool maybeCacheable(const Acl::Answer &) const;
int ttl;
}
bool
-external_acl::maybeCacheable(const allow_t &result) const
+external_acl::maybeCacheable(const Acl::Answer &result) const
{
if (cache_size <= 0)
return false; // cache is disabled
}
}
-static allow_t
+static Acl::Answer
aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch)
{
debugs(82, 9, HERE << "acl=\"" << acl->def->name << "\"");
if (acl->def->require_auth) {
/* Make sure the user is authenticated */
debugs(82, 3, HERE << acl->def->name << " check user authenticated.");
- const allow_t ti = AuthenticateAcl(ch);
+ const auto ti = AuthenticateAcl(ch);
if (!ti.allowed()) {
debugs(82, 2, HERE << acl->def->name << " user not authenticated (" << ti << ")");
return ti;
int
ACLExternal::match(ACLChecklist *checklist)
{
- allow_t answer = aclMatchExternal(data, Filled(checklist));
+ auto answer = aclMatchExternal(data, Filled(checklist));
// convert to tri-state ACL match 1,0,-1
switch (answer) {
std::unique_ptr<ACLFilledChecklist> chl(clientAclChecklistCreate(pool->access, http));
chl->reply = rep;
HTTPMSGLOCK(chl->reply);
- const allow_t answer = chl->fastCheck();
+ const auto answer = chl->fastCheck();
if (answer.allowed()) {
writeQuotaHandler = pool->createBucket();
fd_table[clientConnection->fd].writeQuotaHandler = writeQuotaHandler;
}
void
-PeerSelector::checkNeverDirectDone(const allow_t answer)
+PeerSelector::checkNeverDirectDone(const Acl::Answer answer)
{
acl_checklist = nullptr;
debugs(44, 3, answer);
}
void
-PeerSelector::CheckNeverDirectDone(allow_t answer, void *data)
+PeerSelector::CheckNeverDirectDone(Acl::Answer answer, void *data)
{
static_cast<PeerSelector*>(data)->checkNeverDirectDone(answer);
}
void
-PeerSelector::checkAlwaysDirectDone(const allow_t answer)
+PeerSelector::checkAlwaysDirectDone(const Acl::Answer answer)
{
acl_checklist = nullptr;
debugs(44, 3, answer);
}
void
-PeerSelector::CheckAlwaysDirectDone(allow_t answer, void *data)
+PeerSelector::CheckAlwaysDirectDone(Acl::Answer answer, void *data)
{
static_cast<PeerSelector*>(data)->checkAlwaysDirectDone(answer);
}
void switchToTunnel(HttpRequest *request, Comm::ConnectionPointer & clientConn, Comm::ConnectionPointer &srvConn);
void
-Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone(allow_t answer, void *data)
+Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone(Acl::Answer answer, void *data)
{
Ssl::PeekingPeerConnector *peerConnect = (Ssl::PeekingPeerConnector *) data;
// Use job calls to add done() checks and other job logic/protections.
}
void
-Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone(allow_t answer)
+Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone(Acl::Answer answer)
{
const Ssl::BumpMode finalAction = answer.allowed() ?
static_cast<Ssl::BumpMode>(answer.kind):
::Config.accessList.ssl_bump,
request.getRaw(), NULL);
acl_checklist->al = al;
- acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpNone));
- acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpPeek));
- acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpStare));
- acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpClientFirst));
- acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpServerFirst));
+ acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpNone));
+ acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpPeek));
+ acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpStare));
+ acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpClientFirst));
+ acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpServerFirst));
Security::SessionPointer session(fd_table[serverConn->fd].ssl);
BIO *b = SSL_get_rbio(session.get());
Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
if (!srvBio->canSplice())
- acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpSplice));
+ acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpSplice));
if (!srvBio->canBump())
- acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpBump));
+ acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpBump));
acl_checklist->syncAle(request.getRaw(), nullptr);
acl_checklist->nonBlockingCheck(Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone, this);
}
void checkForPeekAndSplice();
/// Callback function for ssl_bump acl check in step3 SSL bump step.
- void checkForPeekAndSpliceDone(allow_t answer);
+ void checkForPeekAndSpliceDone(Acl::Answer answer);
/// Handles the final bumping decision.
void checkForPeekAndSpliceMatched(const Ssl::BumpMode finalMode);
void serverCertificateVerified();
/// A wrapper function for checkForPeekAndSpliceDone for use with acl
- static void cbCheckForPeekAndSpliceDone(allow_t answer, void *data);
+ static void cbCheckForPeekAndSpliceDone(Acl::Answer answer, void *data);
private:
#include "STUB.h"
#if USE_AUTH
-#include "acl/Acl.h" /* for allow_t */
+#include "acl/Acl.h" /* for Acl::Answer */
#include "auth/Acl.h"
-allow_t AuthenticateAcl(ACLChecklist *) STUB_RETVAL(ACCESS_DENIED)
+Acl::Answer AuthenticateAcl(ACLChecklist *) STUB_RETVAL(ACCESS_DENIED)
#include "auth/AclMaxUserIp.h"
ACL * ACLMaxUserIP::clone() const STUB_RETVAL(NULL)