#include "squid.h"
-/** This file exists to provide satic registration code to executables
- that need ACLs. We cannot place this code in acl/lib*.la because it
- does not get linked in, because nobody is using these classes by name.
-*/
-
#if USE_ADAPTATION
#include "acl/AdaptationService.h"
#include "acl/AdaptationServiceData.h"
#include "acl/AtStepData.h"
#endif
#include "acl/Asn.h"
-#include "acl/Browser.h"
#include "acl/Checklist.h"
#include "acl/ConnectionsEncrypted.h"
#include "acl/Data.h"
#include "acl/ExtUser.h"
#endif
#include "acl/FilledChecklist.h"
+#include "acl/forward.h"
#include "acl/Gadgets.h"
#include "acl/HasComponent.h"
#include "acl/HasComponentData.h"
#include "acl/Protocol.h"
#include "acl/ProtocolData.h"
#include "acl/Random.h"
-#include "acl/Referer.h"
#include "acl/RegexData.h"
#include "acl/ReplyHeaderStrategy.h"
#include "acl/ReplyMimeType.h"
#include "auth/AclProxyAuth.h"
#endif
#include "base/RegexPattern.h"
+#include "ExternalACL.h"
#if USE_IDENT
#include "ident/AclIdent.h"
#endif
-
-ACL::Prototype ACLBrowser::RegistryProtoype(&ACLBrowser::RegistryEntry_, "browser");
-ACLStrategised<char const *> ACLBrowser::RegistryEntry_(new ACLRegexData, ACLRequestHeaderStrategy<Http::HdrType::USER_AGENT>::Instance(), "browser");
-ACLFlag DestinationDomainFlags[] = {ACL_F_NO_LOOKUP, ACL_F_END};
-ACL::Prototype ACLDestinationDomain::LiteralRegistryProtoype(&ACLDestinationDomain::LiteralRegistryEntry_, "dstdomain");
-ACLStrategised<char const *> ACLDestinationDomain::LiteralRegistryEntry_(new ACLDomainData, ACLDestinationDomainStrategy::Instance(), "dstdomain", DestinationDomainFlags);
-ACL::Prototype ACLDestinationDomain::RegexRegistryProtoype(&ACLDestinationDomain::RegexRegistryEntry_, "dstdom_regex");
-ACLFlag DestinationDomainRegexFlags[] = {ACL_F_NO_LOOKUP, ACL_F_REGEX_CASE, ACL_F_END};
-ACLStrategised<char const *> ACLDestinationDomain::RegexRegistryEntry_(new ACLRegexData,ACLDestinationDomainStrategy::Instance() ,"dstdom_regex", DestinationDomainRegexFlags);
-ACL::Prototype ACLDestinationIP::RegistryProtoype(&ACLDestinationIP::RegistryEntry_, "dst");
-ACLDestinationIP ACLDestinationIP::RegistryEntry_;
-#if USE_AUTH
-ACL::Prototype ACLExtUser::UserRegistryProtoype(&ACLExtUser::UserRegistryEntry_, "ext_user");
-ACLExtUser ACLExtUser::UserRegistryEntry_(new ACLUserData, "ext_user");
-ACL::Prototype ACLExtUser::RegexRegistryProtoype(&ACLExtUser::RegexRegistryEntry_, "ext_user_regex" );
-ACLExtUser ACLExtUser::RegexRegistryEntry_(new ACLRegexData, "ext_user_regex");
+#if SQUID_SNMP
+#include "snmp_core.h"
#endif
-ACL::Prototype ACLHierCode::RegistryProtoype(&ACLHierCode::RegistryEntry_, "hier_code");
-ACLStrategised<hier_code> ACLHierCode::RegistryEntry_(new ACLHierCodeData, ACLHierCodeStrategy::Instance(), "hier_code");
-ACL::Prototype ACLHTTPRepHeader::RegistryProtoype(&ACLHTTPRepHeader::RegistryEntry_, "rep_header");
-ACLStrategised<HttpHeader*> ACLHTTPRepHeader::RegistryEntry_(new ACLHTTPHeaderData, ACLHTTPRepHeaderStrategy::Instance(), "rep_header");
-ACL::Prototype ACLHTTPReqHeader::RegistryProtoype(&ACLHTTPReqHeader::RegistryEntry_, "req_header");
-ACLStrategised<HttpHeader*> ACLHTTPReqHeader::RegistryEntry_(new ACLHTTPHeaderData, ACLHTTPReqHeaderStrategy::Instance(), "req_header");
-ACL::Prototype ACLHTTPStatus::RegistryProtoype(&ACLHTTPStatus::RegistryEntry_, "http_status");
-ACLHTTPStatus ACLHTTPStatus::RegistryEntry_("http_status");
-ACL::Prototype ACLMaxConnection::RegistryProtoype(&ACLMaxConnection::RegistryEntry_, "maxconn");
-ACLMaxConnection ACLMaxConnection::RegistryEntry_("maxconn");
-ACL::Prototype ACLMethod::RegistryProtoype(&ACLMethod::RegistryEntry_, "method");
-ACLStrategised<HttpRequestMethod> ACLMethod::RegistryEntry_(new ACLMethodData, ACLMethodStrategy::Instance(), "method");
-ACL::Prototype ACLLocalIP::RegistryProtoype(&ACLLocalIP::RegistryEntry_, "localip");
-ACLLocalIP ACLLocalIP::RegistryEntry_;
-ACL::Prototype ACLLocalPort::RegistryProtoype(&ACLLocalPort::RegistryEntry_, "localport");
-ACLStrategised<int> ACLLocalPort::RegistryEntry_(new ACLIntRange, ACLLocalPortStrategy::Instance(), "localport");
-ACL::Prototype ACLMyPortName::RegistryProtoype(&ACLMyPortName::RegistryEntry_, "myportname");
-ACLStrategised<const char *> ACLMyPortName::RegistryEntry_(new ACLStringData, ACLMyPortNameStrategy::Instance(), "myportname");
-ACL::Prototype ACLPeerName::RegistryProtoype(&ACLPeerName::RegistryEntry_, "peername");
-ACLStrategised<const char *> ACLPeerName::RegistryEntry_(new ACLStringData, ACLPeerNameStrategy::Instance(), "peername");
-ACL::Prototype ACLPeerName::RegexRegistryProtoype(&ACLPeerName::RegexRegistryEntry_, "peername_regex");
-ACLStrategised<char const *> ACLPeerName::RegexRegistryEntry_(new ACLRegexData, ACLPeerNameStrategy::Instance(), "peername_regex");
-ACL::Prototype ACLProtocol::RegistryProtoype(&ACLProtocol::RegistryEntry_, "proto");
-ACLStrategised<AnyP::ProtocolType> ACLProtocol::RegistryEntry_(new ACLProtocolData, ACLProtocolStrategy::Instance(), "proto");
-ACL::Prototype ACLRandom::RegistryProtoype(&ACLRandom::RegistryEntry_, "random");
-ACLRandom ACLRandom::RegistryEntry_("random");
-ACL::Prototype ACLReferer::RegistryProtoype(&ACLReferer::RegistryEntry_, "referer_regex");
-ACLStrategised<char const *> ACLReferer::RegistryEntry_(new ACLRegexData, ACLRequestHeaderStrategy<Http::HdrType::REFERER>::Instance(), "referer_regex");
-ACL::Prototype ACLReplyMIMEType::RegistryProtoype(&ACLReplyMIMEType::RegistryEntry_, "rep_mime_type");
-ACLStrategised<char const *> ACLReplyMIMEType::RegistryEntry_(new ACLRegexData, ACLReplyHeaderStrategy<Http::HdrType::CONTENT_TYPE>::Instance(), "rep_mime_type");
-ACL::Prototype ACLRequestMIMEType::RegistryProtoype(&ACLRequestMIMEType::RegistryEntry_, "req_mime_type");
-ACLStrategised<char const *> ACLRequestMIMEType::RegistryEntry_(new ACLRegexData, ACLRequestHeaderStrategy<Http::HdrType::CONTENT_TYPE>::Instance(), "req_mime_type");
-ACL::Prototype ACLSourceDomain::LiteralRegistryProtoype(&ACLSourceDomain::LiteralRegistryEntry_, "srcdomain");
-ACLStrategised<char const *> ACLSourceDomain::LiteralRegistryEntry_(new ACLDomainData, ACLSourceDomainStrategy::Instance(), "srcdomain");
-ACL::Prototype ACLSourceDomain::RegexRegistryProtoype(&ACLSourceDomain::RegexRegistryEntry_, "srcdom_regex");
-ACLStrategised<char const *> ACLSourceDomain::RegexRegistryEntry_(new ACLRegexData,ACLSourceDomainStrategy::Instance() ,"srcdom_regex");
-ACL::Prototype ACLSourceIP::RegistryProtoype(&ACLSourceIP::RegistryEntry_, "src");
-ACLSourceIP ACLSourceIP::RegistryEntry_;
-ACL::Prototype ACLTime::RegistryProtoype(&ACLTime::RegistryEntry_, "time");
-ACLStrategised<time_t> ACLTime::RegistryEntry_(new ACLTimeData, ACLTimeStrategy::Instance(), "time");
-ACL::Prototype ACLUrl::RegistryProtoype(&ACLUrl::RegistryEntry_, "url_regex");
-ACLStrategised<char const *> ACLUrl::RegistryEntry_(new ACLRegexData, ACLUrlStrategy::Instance(), "url_regex");
-ACL::Prototype ACLUrlLogin::RegistryProtoype(&ACLUrlLogin::RegistryEntry_, "urllogin");
-ACLStrategised<char const *> ACLUrlLogin::RegistryEntry_(new ACLRegexData, ACLUrlLoginStrategy::Instance(), "urllogin");
-ACL::Prototype ACLUrlPath::LegacyRegistryProtoype(&ACLUrlPath::RegistryEntry_, "pattern");
-ACL::Prototype ACLUrlPath::RegistryProtoype(&ACLUrlPath::RegistryEntry_, "urlpath_regex");
-ACLStrategised<char const *> ACLUrlPath::RegistryEntry_(new ACLRegexData, ACLUrlPathStrategy::Instance(), "urlpath_regex");
-ACL::Prototype ACLUrlPort::RegistryProtoype(&ACLUrlPort::RegistryEntry_, "port");
-ACLStrategised<int> ACLUrlPort::RegistryEntry_(new ACLIntRange, ACLUrlPortStrategy::Instance(), "port");
-
-#if USE_OPENSSL
-ACL::Prototype ACLSslError::RegistryProtoype(&ACLSslError::RegistryEntry_, "ssl_error");
-ACLStrategised<const Security::CertErrors *> ACLSslError::RegistryEntry_(new ACLSslErrorData, ACLSslErrorStrategy::Instance(), "ssl_error");
-ACL::Prototype ACLCertificate::UserRegistryProtoype(&ACLCertificate::UserRegistryEntry_, "user_cert");
-ACLStrategised<X509 *> ACLCertificate::UserRegistryEntry_(new ACLCertificateData (Ssl::GetX509UserAttribute, "*"), ACLCertificateStrategy::Instance(), "user_cert");
-ACL::Prototype ACLCertificate::CARegistryProtoype(&ACLCertificate::CARegistryEntry_, "ca_cert");
-ACLStrategised<X509 *> ACLCertificate::CARegistryEntry_(new ACLCertificateData (Ssl::GetX509CAAttribute, "*"), ACLCertificateStrategy::Instance(), "ca_cert");
-ACL::Prototype ACLServerCertificate::X509FingerprintRegistryProtoype(&ACLServerCertificate::X509FingerprintRegistryEntry_, "server_cert_fingerprint");
-ACLStrategised<X509 *> ACLServerCertificate::X509FingerprintRegistryEntry_(new ACLCertificateData(Ssl::GetX509Fingerprint, "-sha1", true), ACLServerCertificateStrategy::Instance(), "server_cert_fingerprint");
-ACL::Prototype ACLAtStep::RegistryProtoype(&ACLAtStep::RegistryEntry_, "at_step");
-ACLStrategised<Ssl::BumpStep> ACLAtStep::RegistryEntry_(new ACLAtStepData, ACLAtStepStrategy::Instance(), "at_step");
+// Not in src/acl/ because some of the ACLs it registers are not in src/acl/.
+void
+Acl::Init()
+{
+ /* the registration order does not matter */
+
+ // The explicit return type (ACL*) for lambdas is needed because the type
+ // of the return expression inside lambda is not ACL* but AclFoo* while
+ // Acl::Maker is defined to return ACL*.
+
+ RegisterMaker("all-of", [](TypeName)->ACL* { return new Acl::AllOf; }); // XXX: Add name parameter to ctor
+ RegisterMaker("any-of", [](TypeName)->ACL* { return new Acl::AnyOf; }); // XXX: Add name parameter to ctor
+ RegisterMaker("random", [](TypeName name)->ACL* { return new ACLRandom(name); });
+ RegisterMaker("time", [](TypeName name)->ACL* { return new ACLStrategised<time_t>(new ACLTimeData, new ACLTimeStrategy, name); });
+ RegisterMaker("src_as", [](TypeName name)->ACL* { return new ACLStrategised<Ip::Address>(new ACLASN, new ACLSourceASNStrategy, name); });
+ RegisterMaker("dst_as", [](TypeName name)->ACL* { return new ACLStrategised<Ip::Address>(new ACLASN, new ACLDestinationASNStrategy, name); });
+ RegisterMaker("browser", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLRequestHeaderStrategy<Http::HdrType::USER_AGENT>, name); });
+ RegisterMaker("dstdomain", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLDomainData, new ACLDestinationDomainStrategy, name); });
+ RegisterMaker("dstdom_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLDestinationDomainStrategy , name); });
+ RegisterMaker("dst", [](TypeName)->ACL* { return new ACLDestinationIP; }); // XXX: Add name parameter to ctor
+ RegisterMaker("hier_code", [](TypeName name)->ACL* { return new ACLStrategised<hier_code>(new ACLHierCodeData, new ACLHierCodeStrategy, name); });
+ RegisterMaker("rep_header", [](TypeName name)->ACL* { return new ACLStrategised<HttpHeader*>(new ACLHTTPHeaderData, new ACLHTTPRepHeaderStrategy, name); });
+ RegisterMaker("req_header", [](TypeName name)->ACL* { return new ACLStrategised<HttpHeader*>(new ACLHTTPHeaderData, new ACLHTTPReqHeaderStrategy, name); });
+ RegisterMaker("http_status", [](TypeName name)->ACL* { return new ACLHTTPStatus(name); });
+ RegisterMaker("maxconn", [](TypeName name)->ACL* { return new ACLMaxConnection(name); });
+ RegisterMaker("method", [](TypeName name)->ACL* { return new ACLStrategised<HttpRequestMethod>(new ACLMethodData, new ACLMethodStrategy, name); });
+ RegisterMaker("localip", [](TypeName)->ACL* { return new ACLLocalIP; }); // XXX: Add name parameter to ctor
+ RegisterMaker("localport", [](TypeName name)->ACL* { return new ACLStrategised<int>(new ACLIntRange, new ACLLocalPortStrategy, name); });
+ RegisterMaker("myportname", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLStringData, new ACLMyPortNameStrategy, name); });
+ RegisterMaker("peername", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLStringData, new ACLPeerNameStrategy, name); });
+ RegisterMaker("peername_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLPeerNameStrategy, name); });
+ RegisterMaker("proto", [](TypeName name)->ACL* { return new ACLStrategised<AnyP::ProtocolType>(new ACLProtocolData, new ACLProtocolStrategy, name); });
+ RegisterMaker("referer_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLRequestHeaderStrategy<Http::HdrType::REFERER>, name); });
+ RegisterMaker("rep_mime_type", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLReplyHeaderStrategy<Http::HdrType::CONTENT_TYPE>, name); });
+ RegisterMaker("req_mime_type", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLRequestHeaderStrategy<Http::HdrType::CONTENT_TYPE>, name); });
+ RegisterMaker("srcdomain", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLDomainData, new ACLSourceDomainStrategy, name); });
+ RegisterMaker("srcdom_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLSourceDomainStrategy, name); });
+ RegisterMaker("src", [](TypeName)->ACL* { return new ACLSourceIP; }); // XXX: Add name parameter to ctor
+ RegisterMaker("url_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLUrlStrategy, name); });
+ RegisterMaker("urllogin", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLUrlLoginStrategy, name); });
+ RegisterMaker("urlpath_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLUrlPathStrategy, name); });
+ RegisterMaker("port", [](TypeName name)->ACL* { return new ACLStrategised<int>(new ACLIntRange, new ACLUrlPortStrategy, name); });
+ RegisterMaker("external", [](TypeName name)->ACL* { return new ACLExternal(name); });
+ RegisterMaker("squid_error", [](TypeName name)->ACL* { return new ACLStrategised<err_type>(new ACLSquidErrorData, new ACLSquidErrorStrategy, name); });
+ RegisterMaker("connections_encrypted", [](TypeName name)->ACL* { return new Acl::ConnectionsEncrypted(name); });
+ RegisterMaker("tag", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLStringData, new ACLTagStrategy, name); });
+ RegisterMaker("note", [](TypeName name)->ACL* { return new ACLStrategised<NotePairs::Entry*>(new ACLNoteData, new ACLNoteStrategy, name); });
+ RegisterMaker("annotate_client", [](TypeName name)->ACL* { return new ACLStrategised<NotePairs::Entry*>(new ACLAnnotationData, new ACLAnnotateClientStrategy, name); });
+ RegisterMaker("annotate_transaction", [](TypeName name)->ACL* { return new ACLStrategised<NotePairs::Entry*>(new ACLAnnotationData, new ACLAnnotateTransactionStrategy, name); });
+ RegisterMaker("has", [](TypeName name)->ACL* {return new ACLStrategised<ACLChecklist *>(new ACLHasComponentData, new ACLHasComponentStrategy, name); });
-ACL::Prototype ACLServerName::LiteralRegistryProtoype(&ACLServerName::LiteralRegistryEntry_, "ssl::server_name");
-ACLStrategised<char const *> ACLServerName::LiteralRegistryEntry_(new ACLServerNameData, ACLServerNameStrategy::Instance(), "ssl::server_name");
-ACL::Prototype ACLServerName::RegexRegistryProtoype(&ACLServerName::RegexRegistryEntry_, "ssl::server_name_regex");
-ACLFlag ServerNameRegexFlags[] = {ACL_F_REGEX_CASE, ACL_F_END};
-ACLStrategised<char const *> ACLServerName::RegexRegistryEntry_(new ACLRegexData, ACLServerNameStrategy::Instance(), "ssl::server_name_regex", ServerNameRegexFlags);
+#if USE_OPENSSL
+ RegisterMaker("ssl_error", [](TypeName name)->ACL* { return new ACLStrategised<const Security::CertErrors *>(new ACLSslErrorData, new ACLSslErrorStrategy, name); });
+ RegisterMaker("user_cert", [](TypeName name)->ACL* { return new ACLStrategised<X509*>(new ACLCertificateData(Ssl::GetX509UserAttribute, "*"), new ACLCertificateStrategy, name); });
+ RegisterMaker("ca_cert", [](TypeName name)->ACL* { return new ACLStrategised<X509*>(new ACLCertificateData(Ssl::GetX509CAAttribute, "*"), new ACLCertificateStrategy, name); });
+ RegisterMaker("server_cert_fingerprint", [](TypeName name)->ACL* { return new ACLStrategised<X509*>(new ACLCertificateData(Ssl::GetX509Fingerprint, "-sha1", true), new ACLServerCertificateStrategy, name); });
+ RegisterMaker("at_step", [](TypeName name)->ACL* { return new ACLStrategised<Ssl::BumpStep>(new ACLAtStepData, new ACLAtStepStrategy, name); });
+ RegisterMaker("ssl::server_name", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLServerNameData, new ACLServerNameStrategy, name); });
+ RegisterMaker("ssl::server_name_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLServerNameStrategy, name); });
#endif
#if USE_SQUID_EUI
-ACL::Prototype ACLARP::RegistryProtoype(&ACLARP::RegistryEntry_, "arp");
-ACLARP ACLARP::RegistryEntry_("arp");
-ACL::Prototype ACLEui64::RegistryProtoype(&ACLEui64::RegistryEntry_, "eui64");
-ACLEui64 ACLEui64::RegistryEntry_("eui64");
+ RegisterMaker("arp", [](TypeName name)->ACL* { return new ACLARP(name); });
+ RegisterMaker("eui64", [](TypeName name)->ACL* { return new ACLEui64(name); });
#endif
#if USE_IDENT
-ACL::Prototype ACLIdent::UserRegistryProtoype(&ACLIdent::UserRegistryEntry_, "ident");
-ACLIdent ACLIdent::UserRegistryEntry_(new ACLUserData, "ident");
-ACL::Prototype ACLIdent::RegexRegistryProtoype(&ACLIdent::RegexRegistryEntry_, "ident_regex" );
-ACLIdent ACLIdent::RegexRegistryEntry_(new ACLRegexData, "ident_regex");
+ RegisterMaker("ident", [](TypeName name)->ACL* { return new ACLIdent(new ACLUserData, name); });
+ RegisterMaker("ident_regex", [](TypeName name)->ACL* { return new ACLIdent(new ACLRegexData, name); });
#endif
#if USE_AUTH
-ACL::Prototype ACLProxyAuth::UserRegistryProtoype(&ACLProxyAuth::UserRegistryEntry_, "proxy_auth");
-ACLProxyAuth ACLProxyAuth::UserRegistryEntry_(new ACLUserData, "proxy_auth");
-ACL::Prototype ACLProxyAuth::RegexRegistryProtoype(&ACLProxyAuth::RegexRegistryEntry_, "proxy_auth_regex" );
-ACLProxyAuth ACLProxyAuth::RegexRegistryEntry_(new ACLRegexData, "proxy_auth_regex");
-
-ACL::Prototype ACLMaxUserIP::RegistryProtoype(&ACLMaxUserIP::RegistryEntry_, "max_user_ip");
-ACLMaxUserIP ACLMaxUserIP::RegistryEntry_("max_user_ip");
+ RegisterMaker("ext_user", [](TypeName name)->ACL* { return new ACLExtUser(new ACLUserData, name); });
+ RegisterMaker("ext_user_regex", [](TypeName name)->ACL* { return new ACLExtUser(new ACLRegexData, name); });
+ RegisterMaker("proxy_auth", [](TypeName name)->ACL* { return new ACLProxyAuth(new ACLUserData, name); });
+ RegisterMaker("proxy_auth_regex", [](TypeName name)->ACL* { return new ACLProxyAuth(new ACLRegexData, name); });
+ RegisterMaker("max_user_ip", [](TypeName name)->ACL* { return new ACLMaxUserIP(name); });
#endif
-ACL::Prototype ACLTag::RegistryProtoype(&ACLTag::RegistryEntry_, "tag");
-ACLStrategised<const char *> ACLTag::RegistryEntry_(new ACLStringData, ACLTagStrategy::Instance(), "tag");
-
-ACL::Prototype Acl::AnyOf::RegistryProtoype(&Acl::AnyOf::RegistryEntry_, "any-of");
-Acl::AnyOf Acl::AnyOf::RegistryEntry_;
-
-ACL::Prototype Acl::AllOf::RegistryProtoype(&Acl::AllOf::RegistryEntry_, "all-of");
-Acl::AllOf Acl::AllOf::RegistryEntry_;
-
-ACL::Prototype ACLNote::RegistryProtoype(&ACLNote::RegistryEntry_, "note");
-ACLStrategised<NotePairs::Entry *> ACLNote::RegistryEntry_(new ACLNoteData, ACLNoteStrategy::Instance(), "note");
-
-ACL::Prototype ACLAnnotateClient::RegistryProtoype(&ACLAnnotateClient::RegistryEntry_, "annotate_client");
-ACLStrategised<NotePairs::Entry *> ACLAnnotateClient::RegistryEntry_(new ACLAnnotationData, ACLAnnotateClientStrategy::Instance(), "annotate_client");
-
-ACL::Prototype ACLAnnotateTransaction::RegistryProtoype(&ACLAnnotateTransaction::RegistryEntry_, "annotate_transaction");
-ACLStrategised<NotePairs::Entry *> ACLAnnotateTransaction::RegistryEntry_(new ACLAnnotationData, ACLAnnotateTransactionStrategy::Instance(), "annotate_transaction");
-
#if USE_ADAPTATION
-ACL::Prototype ACLAdaptationService::RegistryProtoype(&ACLAdaptationService::RegistryEntry_, "adaptation_service");
-ACLStrategised<const char *> ACLAdaptationService::RegistryEntry_(new ACLAdaptationServiceData, ACLAdaptationServiceStrategy::Instance(), "adaptation_service");
+ RegisterMaker("adaptation_service", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLAdaptationServiceData, new ACLAdaptationServiceStrategy, name); });
#endif
-ACL::Prototype ACLSquidError::RegistryProtoype(&ACLSquidError::RegistryEntry_, "squid_error");
-ACLStrategised<err_type> ACLSquidError::RegistryEntry_(new ACLSquidErrorData, ACLSquidErrorStrategy::Instance(), "squid_error");
-
-ACL::Prototype Acl::ConnectionsEncrypted::RegistryProtoype(&Acl::ConnectionsEncrypted::RegistryEntry_, "connections_encrypted");
-Acl::ConnectionsEncrypted Acl::ConnectionsEncrypted::RegistryEntry_("connections_encrypted");
-
-ACL::Prototype ACLHasComponent::RegistryProtoype(&ACLHasComponent::RegistryEntry_, "has");
-ACLStrategised<ACLChecklist *> ACLHasComponent::RegistryEntry_(new ACLHasComponentData, ACLHasComponentStrategy::Instance(), "has");
+#if SQUID_SNMP
+ RegisterMaker("snmp_community", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLStringData, new ACLSNMPCommunityStrategy, name); });
+#endif
+}
virtual bool empty () const;
protected:
- static Prototype RegistryProtoype;
- static ACLExternal RegistryEntry_;
external_acl_data *data;
char const *class_;
};
#include "base/RefCount.h"
#include "DelayBucket.h"
#include "DelayPools.h"
+#include "sbuf/SBuf.h"
class MessageBucket;
typedef RefCount<MessageBucket> MessageBucketPointer;
#include "acl/Acl.h"
#include "acl/Checklist.h"
#include "acl/Gadgets.h"
+#include "acl/Options.h"
#include "anyp/PortCfg.h"
#include "cache_cf.h"
#include "ConfigParser.h"
#include "Debug.h"
-#include "dlink.h"
#include "fatal.h"
#include "globals.h"
#include "profiler/Profiler.h"
+#include "sbuf/List.h"
+#include "sbuf/Stream.h"
#include "SquidConfig.h"
-#include <vector>
-
-#define abortFlags(CONTENT) \
- do { \
- debugs(28, 0, CONTENT); \
- self_destruct(); \
- } while (0)
-
-const ACLFlag ACLFlags::NoFlags[1] = {ACL_F_END};
+#include <algorithm>
+#include <map>
const char *AclMatchedName = NULL;
-ACLFlags::FlagsTokenizer::FlagsTokenizer()
- : tokPos(nullptr), Parameter(nullptr) {}
+namespace Acl {
-ACLFlag
-ACLFlags::FlagsTokenizer::nextFlag()
-{
- if (needNextToken()) {
- if (!nextToken())
- return 0;
- } else
- ++tokPos;
- return *tokPos;
-}
-
-bool
-ACLFlags::FlagsTokenizer::hasParameter() const
-{
- return tokPos && tokPos[0] && !tokPos[1] && Parameter;
-}
+/// ACL type name comparison functor
+class TypeNameCmp {
+public:
+ bool operator()(TypeName a, TypeName b) const { return strcmp(a, b) < 0; }
+};
-SBuf
-ACLFlags::FlagsTokenizer::getParameter() const
-{
- return hasParameter() ? SBuf(Parameter) : SBuf();
-}
+/// ACL makers indexed by ACL type name
+typedef std::map<TypeName, Maker, TypeNameCmp> Makers;
-bool
-ACLFlags::FlagsTokenizer::needNextToken() const
+/// registered ACL Makers
+static Makers &
+TheMakers()
{
- return !tokPos || !tokPos[0] || !tokPos[1];
+ static Makers Registry;
+ return Registry;
}
-bool
-ACLFlags::FlagsTokenizer::nextToken()
+/// creates an ACL object of the named (and already registered) ACL child type
+static
+ACL *
+Make(TypeName typeName)
{
- char *t = ConfigParser::PeekAtToken();
- if (t == NULL || t[0] != '-' || !t[1])
- return false;
- if (strchr(t, '=')) {
- if(!ConfigParser::NextKvPair(tokPos, Parameter))
- abortFlags("Invalid formatting for flag '" << t << "'");
- assert(tokPos[0] == '-');
- tokPos++;
- } else {
- (void)ConfigParser::NextToken();
- if (!strcmp(t, "--"))
- return false;
- tokPos = t + 1;
+ const auto pos = TheMakers().find(typeName);
+ if (pos == TheMakers().end()) {
+ debugs(28, DBG_CRITICAL, "FATAL: Invalid ACL type '" << typeName << "'");
+ self_destruct();
+ assert(false); // not reached
}
- return true;
-}
-
-ACLFlags::~ACLFlags()
-{
- delete delimiters_;
-}
-
-ACLFlags::Status
-ACLFlags::flagStatus(const ACLFlag f) const
-{
- if (f == ACL_F_REGEX_CASE)
- return noParameter;
- if (f == ACL_F_SUBSTRING)
- return parameterOptional;
- if (supported_.find(f) != std::string::npos)
- return noParameter;
- return notSupported;
-}
-
-bool
-ACLFlags::parameterSupported(const ACLFlag f, const SBuf &val) const
-{
- if (f == ACL_F_SUBSTRING)
- return val.findFirstOf(CharacterSet::ALPHA + CharacterSet::DIGIT) == SBuf::npos;
- return true;
-}
-void
-ACLFlags::makeSet(const ACLFlag f, const SBuf ¶m)
-{
- flags_ |= flagToInt(f);
- if (!param.isEmpty())
- flagParameters_[f].append(param);
+ ACL *result = (pos->second)(pos->first);
+ debugs(28, 4, typeName << '=' << result);
+ assert(result);
+ return result;
}
-void
-ACLFlags::makeUnSet(const ACLFlag f)
-{
- flags_ &= ~flagToInt(f);
- flagParameters_[f].clear();
-}
+} // namespace Acl
void
-ACLFlags::parseFlags()
-{
- FlagsTokenizer tokenizer;
- ACLFlag flag('\0');
- while ((flag = tokenizer.nextFlag())) {
- switch (flagStatus(flag))
- {
- case notSupported:
- abortFlags("Flag '" << flag << "' not supported");
- break;
- case noParameter:
- makeSet(flag);
- break;
- case parameterRequired:
- if (!tokenizer.hasParameter()) {
- abortFlags("Flag '" << flag << "' must have a parameter");
- break;
- }
- case parameterOptional:
- SBuf param;
- if (tokenizer.hasParameter()) {
- param = tokenizer.getParameter();
- if (!parameterSupported(flag, param))
- abortFlags("Parameter '" << param << "' for flag '" << flag << "' not supported");
- }
- makeSet(flag, param);
- break;
- }
- }
-
- /*Regex code needs to parse -i file*/
- if ( isSet(ACL_F_REGEX_CASE)) {
- ConfigParser::TokenPutBack("-i");
- makeUnSet('i');
- }
-}
-
-SBuf
-ACLFlags::parameter(const ACLFlag f) const
+Acl::RegisterMaker(TypeName typeName, Maker maker)
{
- assert(static_cast<uint32_t>(f - 'A') < FlagIndexMax);
- auto p = flagParameters_.find(f);
- return p == flagParameters_.end() ? SBuf() : p->second;
-}
-
-const CharacterSet *
-ACLFlags::delimiters()
-{
- if (isSet(ACL_F_SUBSTRING) && !delimiters_) {
- static const SBuf defaultParameter(",");
- SBuf rawParameter = parameter(ACL_F_SUBSTRING);
- if (rawParameter.isEmpty())
- rawParameter = defaultParameter;
- delimiters_ = new CharacterSet("ACLFlags::delimiters", rawParameter.c_str());
- }
- return delimiters_;
-}
-
-const char *
-ACLFlags::flagsStr() const
-{
- static char buf[64];
- if (flags_ == 0)
- return "";
-
- char *s = buf;
- *s++ = '-';
- for (ACLFlag f = 'A'; f <= 'z'; f++) {
- // ACL_F_REGEX_CASE (-i) flag handled by ACLRegexData class, ignore
- if (isSet(f) && f != ACL_F_REGEX_CASE)
- *s++ = f;
- }
- *s = '\0';
- return buf;
+ assert(typeName);
+ assert(*typeName);
+ TheMakers().emplace(typeName, maker);
}
void *
return NULL;
}
-ACL *
-ACL::Factory (char const *type)
-{
- ACL *result = Prototype::Factory (type);
-
- if (!result)
- fatal ("Unknown acl type in ACL::Factory");
-
- return result;
-}
-
ACL::ACL() :
cfgline(nullptr),
next(nullptr),
*name = 0;
}
-ACL::ACL(const ACLFlag flgs[]) :
- cfgline(NULL),
- next(NULL),
- flags(flgs),
- registered(false)
-{
- *name = 0;
-}
-
bool ACL::valid () const
{
return true;
return; // ignore the line
}
- if (!Prototype::Registered(theType)) {
- debugs(28, DBG_CRITICAL, "FATAL: Invalid ACL type '" << theType << "'");
- // XXX: make this an ERROR and skip the ACL creation. We *may* die later when its use is attempted. Or may not.
- parser.destruct();
- return;
- }
-
if ((A = FindByName(aclname)) == NULL) {
debugs(28, 3, "aclParseAclLine: Creating ACL '" << aclname << "'");
- A = ACL::Factory(theType);
+ A = Acl::Make(theType);
A->context(aclname, config_input_line);
new_acl = 1;
} else {
*/
AclMatchedName = A->name; /* ugly */
- A->flags.parseFlags();
+ A->parseFlags();
/*split the function here */
A->parse();
return false;
}
+void
+ACL::parseFlags()
+{
+ // ACL kids that carry ACLData which supports parameter flags override this
+ Acl::ParseFlags(options(), Acl::NoFlags());
+}
+
+SBufList
+ACL::dumpOptions()
+{
+ SBufList result;
+ const auto &myOptions = options();
+ // optimization: most ACLs do not have myOptions
+ // this check also works around dump_SBufList() adding ' ' after empty items
+ if (!myOptions.empty()) {
+ SBufStream stream;
+ stream << myOptions;
+ const SBuf optionsImage = stream.buf();
+ if (!optionsImage.isEmpty())
+ result.push_back(optionsImage);
+ }
+ return result;
+}
+
/* ACL result caching routines */
int
AclMatchedName = NULL; // in case it was pointing to our name
}
-ACL::Prototype::Prototype() : prototype (NULL), typeString (NULL) {}
-
-ACL::Prototype::Prototype (ACL const *aPrototype, char const *aType) : prototype (aPrototype), typeString (aType)
-{
- registerMe ();
-}
-
-std::vector<ACL::Prototype const *> * ACL::Prototype::Registry;
-void *ACL::Prototype::Initialized;
-
-bool
-ACL::Prototype::Registered(char const *aType)
-{
- debugs(28, 7, "ACL::Prototype::Registered: invoked for type " << aType);
-
- for (iterator i = Registry->begin(); i != Registry->end(); ++i)
- if (!strcmp (aType, (*i)->typeString)) {
- debugs(28, 7, "ACL::Prototype::Registered: yes");
- return true;
- }
-
- debugs(28, 7, "ACL::Prototype::Registered: no");
- return false;
-}
-
-void
-ACL::Prototype::registerMe ()
-{
- if (!Registry || (Initialized != ((char *)Registry - 5)) ) {
- /* TODO: extract this */
- /* Not initialised */
- Registry = new std::vector<ACL::Prototype const *>;
- Initialized = (char *)Registry - 5;
- }
-
- if (Registered (typeString))
- fatalf ("Attempt to register %s twice", typeString);
-
- Registry->push_back (this);
-}
-
-ACL::Prototype::~Prototype()
-{
- // TODO: unregister me
-}
-
-ACL *
-ACL::Prototype::Factory (char const *typeToClone)
-{
- debugs(28, 4, "ACL::Prototype::Factory: cloning an object for type '" << typeToClone << "'");
-
- for (iterator i = Registry->begin(); i != Registry->end(); ++i)
- if (!strcmp (typeToClone, (*i)->typeString)) {
- ACL *A = (*i)->prototype->clone();
- A->flags = (*i)->prototype->flags;
- return A;
- }
-
- debugs(28, 4, "ACL::Prototype::Factory: cloning failed, no type '" << typeToClone << "' available");
-
- return NULL;
-}
-
void
ACL::Initialize()
{
#define SQUID_ACL_H
#include "acl/forward.h"
-#include "base/CharacterSet.h"
+#include "acl/Options.h"
#include "cbdata.h"
#include "defines.h"
#include "dlink.h"
-#include "sbuf/List.h"
+#include "sbuf/forward.h"
-#include <map>
#include <ostream>
-#include <string>
-#include <vector>
class ConfigParser;
-typedef char ACLFlag;
-// ACLData Flags
-#define ACL_F_REGEX_CASE 'i'
-#define ACL_F_NO_LOOKUP 'n'
-#define ACL_F_STRICT 's'
-#define ACL_F_SUBSTRING 'm'
-#define ACL_F_END '\0'
-
-/**
- * \ingroup ACLAPI
- * Used to hold a list of one-letter flags which can be passed as parameters
- * to acls (eg '-i', '-n' etc)
- */
-class ACLFlags
-{
-public:
- enum Status
- {
- notSupported,
- noParameter,
- parameterOptional,
- parameterRequired
- };
-
- explicit ACLFlags(const ACLFlag flags[]) : supported_(flags), flags_(0), delimiters_(nullptr) {}
- ACLFlags() : flags_(0), delimiters_(nullptr) {}
- ~ACLFlags();
- /// \return a Status for the given ACLFlag.
- Status flagStatus(const ACLFlag f) const;
- /// \return true if the parameter for the given flag is acceptable.
- bool parameterSupported(const ACLFlag f, const SBuf &val) const;
- /// Set the given flag
- void makeSet(const ACLFlag f, const SBuf ¶m = SBuf(""));
- void makeUnSet(const ACLFlag f); ///< Unset the given flag
- /// \return true if the given flag is set.
- bool isSet(const ACLFlag f) const { return flags_ & flagToInt(f);}
- /// \return the parameter value of the given flag if set.
- SBuf parameter(const ACLFlag f) const;
- /// \return ACL_F_SUBSTRING parameter value(if set) converted to CharacterSet.
- const CharacterSet *delimiters();
- /// Parse optional flags given in the form -[A..Z|a..z]
- void parseFlags();
- const char *flagsStr() const; ///< Convert the flags to a string representation
- /**
- * Lexical analyzer for ACL flags
- *
- * Support tokens in the form:
- * flag := '-' [A-Z|a-z]+ ['=' parameter ]
- * Each token consist by one or more single-letter flags, which may
- * followed by a parameter string.
- * The parameter can belongs only to the last flag in token.
- */
- class FlagsTokenizer
- {
- public:
- FlagsTokenizer();
- ACLFlag nextFlag(); ///< The next flag or '\0' if finished
- /// \return true if a parameter follows the last parsed flag.
- bool hasParameter() const;
- /// \return the parameter of last parsed flag, if exist.
- SBuf getParameter() const;
-
- private:
- /// \return true if the current token parsing is finished.
- bool needNextToken() const;
- /// Peeks at the next token and return false if the next token
- /// is not flag, or a '--' is read.
- bool nextToken();
-
- char *tokPos;
- char *Parameter;
- };
+namespace Acl {
-private:
- /// Convert a flag to a 64bit unsigned integer.
- /// The characters from 'A' to 'z' represented by the values from 65 to 122.
- /// They are 57 different characters which can be fit to the bits of an 64bit
- /// integer.
- uint64_t flagToInt(const ACLFlag f) const {
- assert('A' <= f && f <= 'z');
- return ((uint64_t)1 << (f - 'A'));
- }
+/// the ACL type name known to admins
+typedef const char *TypeName;
+/// a "factory" function for making ACL objects (of some ACL child type)
+typedef ACL *(*Maker)(TypeName typeName);
+/// use the given ACL Maker for all ACLs of the named type
+void RegisterMaker(TypeName typeName, Maker maker);
- std::string supported_; ///< The supported character flags
- uint64_t flags_; ///< The flags which are set
- static const uint32_t FlagIndexMax = 'z' - 'A';
- std::map<ACLFlag, SBuf> flagParameters_;
- CharacterSet *delimiters_;
-public:
- static const ACLFlag NoFlags[1]; ///< An empty flags list
-};
+} // namespace Acl
/// A configurable condition. A node in the ACL expression tree.
/// Can evaluate itself in FilledChecklist context.
void *operator new(size_t);
void operator delete(void *);
- static ACL *Factory(char const *);
static void ParseAclLine(ConfigParser &parser, ACL ** head);
static void Initialize();
static ACL *FindByName(const char *name);
ACL();
- explicit ACL(const ACLFlag flgs[]);
virtual ~ACL();
/// sets user-specified ACL name and squid.conf context
/// Updates the checklist state on match, async, and failure.
bool matches(ACLChecklist *checklist) const;
- virtual ACL *clone() const = 0;
+ /// \returns (linked) Options supported by this ACL
+ virtual const Acl::Options &options() { return Acl::NoOptions(); }
+
+ /// configures ACL options, throwing on configuration errors
+ virtual void parseFlags();
/// parses node represenation in squid.conf; dies on failures
virtual void parse() = 0;
virtual void prepareForUse() {}
+ SBufList dumpOptions(); ///< \returns approximate options configuration
+
char name[ACL_NAME_SZ];
char *cfgline;
ACL *next; // XXX: remove or at least use refcounting
- ACLFlags flags; ///< The list of given ACL flags
bool registered; ///< added to the global list of ACLs via aclRegister()
-public:
-
- class Prototype
- {
-
- public:
- Prototype();
- Prototype(ACL const *, char const *);
- ~Prototype();
- static bool Registered(char const *);
- static ACL *Factory(char const *);
-
- private:
- ACL const *prototype;
- char const *typeString;
-
- private:
- static std::vector<Prototype const *> * Registry;
- static void *Initialized;
- typedef std::vector<Prototype const*>::iterator iterator;
- typedef std::vector<Prototype const*>::const_iterator const_iterator;
- void registerMe();
- };
-
private:
/// Matches the actual data in checklist against this ACL.
virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const
#include "squid.h"
#include "acl/AdaptationService.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/IntRange.h"
#include "adaptation/Config.h"
#include "adaptation/History.h"
#include "HttpRequest.h"
int
-ACLAdaptationServiceStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLAdaptationServiceStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
HttpRequest::Pointer request = checklist->request;
if (request == NULL)
return 0;
}
-ACLAdaptationServiceStrategy *
-ACLAdaptationServiceStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLAdaptationServiceStrategy ACLAdaptationServiceStrategy::Instance_;
-
#ifndef SQUID_ACLADAPTATIONSERVICE_H
#define SQUID_ACLADAPTATIONSERVICE_H
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
/// \ingroup ACLAPI
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLAdaptationServiceStrategy *Instance();
- /**
- * Not implemented to prevent copies of the instance.
- */
- ACLAdaptationServiceStrategy(ACLAdaptationServiceStrategy const &);
-
-private:
- static ACLAdaptationServiceStrategy Instance_;
- ACLAdaptationServiceStrategy() {}
-
- ACLAdaptationServiceStrategy &operator = (ACLAdaptationServiceStrategy const &);
-};
-
-/// \ingroup ACLAPI
-class ACLAdaptationService
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<const char *> RegistryEntry_;
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
#endif /* SQUID_ACLADAPTATIONSERVICE_H */
private:
/* Acl::InnerNode API */
virtual int doMatch(ACLChecklist *checklist, Nodes::const_iterator start) const;
-
- static Prototype RegistryProtoype;
- static AllOf RegistryEntry_;
};
} // namespace Acl
#include "squid.h"
#include "acl/AnnotateClient.h"
#include "acl/AnnotationData.h"
+#include "acl/FilledChecklist.h"
#include "client_side.h"
#include "http/Stream.h"
#include "Notes.h"
int
-ACLAnnotateClientStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &flags)
+ACLAnnotateClientStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
if (const auto conn = checklist->conn()) {
ACLAnnotationData *tdata = dynamic_cast<ACLAnnotationData*>(data);
assert(tdata);
- tdata->annotate(conn->notes(), flags.delimiters(), checklist->al);
+ tdata->annotate(conn->notes(), &delimiters.value, checklist->al);
if (const auto request = checklist->request)
- tdata->annotate(request->notes(), flags.delimiters(), checklist->al);
+ tdata->annotate(request->notes(), &delimiters.value, checklist->al);
return 1;
}
return 0;
}
-ACLAnnotateClientStrategy *
-ACLAnnotateClientStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLAnnotateClientStrategy ACLAnnotateClientStrategy::Instance_;
-
#ifndef SQUID_ACLANNOTATECLIENT
#define SQUID_ACLANNOTATECLIENT
-#include "acl/Strategised.h"
-#include "acl/Strategy.h"
+#include "acl/Note.h"
+#include "Notes.h"
/// \ingroup ACLAPI
-class ACLAnnotateClientStrategy : public ACLStrategy<NotePairs::Entry *>
+class ACLAnnotateClientStrategy : public Acl::AnnotationStrategy
{
public:
- static ACLAnnotateClientStrategy *Instance();
- ACLAnnotateClientStrategy(ACLAnnotateClientStrategy const &) = delete;
- ACLAnnotateClientStrategy& operator=(ACLAnnotateClientStrategy const &) = delete;
-
virtual bool requiresRequest() const { return true; }
- virtual int match(ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
-
-private:
- static ACLAnnotateClientStrategy Instance_;
- ACLAnnotateClientStrategy() { }
-};
-
-/// \ingroup ACLAPI
-class ACLAnnotateClient
-{
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<NotePairs::Entry *> RegistryEntry_;
+ virtual int match(ACLData<MatchType> * &, ACLFilledChecklist *);
};
#endif /* SQUID_ACLANNOTATECLIENT */
#include "squid.h"
#include "acl/AnnotateTransaction.h"
#include "acl/AnnotationData.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "HttpRequest.h"
#include "Notes.h"
int
-ACLAnnotateTransactionStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &flags)
+ACLAnnotateTransactionStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
if (const auto request = checklist->request) {
ACLAnnotationData *tdata = dynamic_cast<ACLAnnotationData*>(data);
assert(tdata);
- tdata->annotate(request->notes(), flags.delimiters(), checklist->al);
+ tdata->annotate(request->notes(), &delimiters.value, checklist->al);
return 1;
}
return 0;
}
-ACLAnnotateTransactionStrategy *
-ACLAnnotateTransactionStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLAnnotateTransactionStrategy ACLAnnotateTransactionStrategy::Instance_;
-
#ifndef SQUID_ACLANNOTATETRANSACTION
#define SQUID_ACLANNOTATETRANSACTION
-#include "acl/Strategised.h"
-#include "acl/Strategy.h"
+#include "acl/Note.h"
+#include "Notes.h"
/// \ingroup ACLAPI
-class ACLAnnotateTransactionStrategy : public ACLStrategy<NotePairs::Entry *>
+class ACLAnnotateTransactionStrategy: public Acl::AnnotationStrategy
{
public:
- virtual int match(ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match(ACLData<MatchType> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const { return true; }
-
- static ACLAnnotateTransactionStrategy *Instance();
- ACLAnnotateTransactionStrategy(ACLAnnotateTransactionStrategy const &) = delete;
- ACLAnnotateTransactionStrategy& operator=(ACLAnnotateTransactionStrategy const &) = delete;
-
-private:
- static ACLAnnotateTransactionStrategy Instance_;
- ACLAnnotateTransactionStrategy() {}
-};
-
-/// \ingroup ACLAPI
-class ACLAnnotateTransaction
-{
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<NotePairs::Entry *> RegistryEntry_;
};
#endif /* SQUID_ACLANNOTATETRANSACTION */
virtual char const *typeString() const;
virtual ACL *clone() const;
virtual void parse();
-
-private:
- static Prototype RegistryProtoype;
- static AnyOf RegistryEntry_;
};
} // namespace Acl
#define SQUID_ACLARP_H
#include "acl/Acl.h"
-#include "acl/Checklist.h"
#include <set>
virtual bool empty () const;
protected:
- static Prototype RegistryProtoype;
- static ACLARP RegistryEntry_;
char const *class_;
typedef std::set<Eui::Eui48> AclArpData_t;
AclArpData_t aclArpData;
#include "acl/DestinationAsn.h"
#include "acl/DestinationIp.h"
#include "acl/SourceAsn.h"
+#include "acl/Strategised.h"
#include "FwdState.h"
#include "HttpReply.h"
#include "HttpRequest.h"
template class ACLStrategised<Ip::Address>;
-ACL::Prototype ACLASN::SourceRegistryProtoype(&ACLASN::SourceRegistryEntry_, "src_as");
-
-ACLStrategised<Ip::Address> ACLASN::SourceRegistryEntry_(new ACLASN, ACLSourceASNStrategy::Instance(), "src_as");
-
-ACL::Prototype ACLASN::DestinationRegistryProtoype(&ACLASN::DestinationRegistryEntry_, "dst_as");
-
-ACLStrategised<Ip::Address> ACLASN::DestinationRegistryEntry_(new ACLASN, ACLDestinationASNStrategy::Instance(), "dst_as");
-
int
-ACLSourceASNStrategy::match (ACLData<Ip::Address> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLSourceASNStrategy::match (ACLData<Ip::Address> * &data, ACLFilledChecklist *checklist)
{
return data->match(checklist->src_addr);
}
-ACLSourceASNStrategy *
-ACLSourceASNStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLSourceASNStrategy ACLSourceASNStrategy::Instance_;
-
int
-ACLDestinationASNStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLDestinationASNStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
const ipcache_addrs *ia = ipcache_gethostbyname(checklist->request->url.host(), IP_LOOKUP_IF_MISS);
return data->match(noaddr);
}
-ACLDestinationASNStrategy *
-ACLDestinationASNStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLDestinationASNStrategy ACLDestinationASNStrategy::Instance_;
-
#ifndef SQUID_ACLASN_H
#define SQUID_ACLASN_H
-#include "acl/Checklist.h"
#include "acl/Data.h"
-#include "acl/Strategised.h"
#include "base/CbDataList.h"
#include "ip/Address.h"
virtual void prepareForUse();
private:
- static ACL::Prototype SourceRegistryProtoype;
- static ACLStrategised<Ip::Address> SourceRegistryEntry_;
- static ACL::Prototype DestinationRegistryProtoype;
- static ACLStrategised<Ip::Address> DestinationRegistryEntry_;
CbDataList<int> *data;
};
#include "acl/AtStep.h"
#include "acl/AtStepData.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "client_side.h"
#include "http/Stream.h"
#include "ssl/ServerBump.h"
int
-ACLAtStepStrategy::match (ACLData<Ssl::BumpStep> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLAtStepStrategy::match (ACLData<Ssl::BumpStep> * &data, ACLFilledChecklist *checklist)
{
Ssl::ServerBump *bump = NULL;
if (checklist->conn() != NULL && (bump = checklist->conn()->serverBump()))
return 0;
}
-ACLAtStepStrategy *
-ACLAtStepStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLAtStepStrategy ACLAtStepStrategy::Instance_;
-
#endif /* USE_OPENSSL */
#if USE_OPENSSL
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
#include "ssl/support.h"
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLAtStepStrategy *Instance();
-
- // Not implemented to prevent copies of the instance.
- ACLAtStepStrategy(ACLAtStepStrategy const &);
-
-private:
- static ACLAtStepStrategy Instance_;
- ACLAtStepStrategy() {}
-
- ACLAtStepStrategy&operator=(ACLAtStepStrategy const &);
-};
-
-class ACLAtStep
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<Ssl::BumpStep> RegistryEntry_;
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
#endif /* USE_OPENSSL */
#include "acl/BoolOps.h"
#include "acl/Checklist.h"
#include "Debug.h"
+#include "sbuf/SBuf.h"
/* Acl::NotNode */
+++ /dev/null
-/*
- * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-/* DEBUG: section 28 Access Control */
-
-#include "squid.h"
-#include "acl/Browser.h"
-#include "acl/Checklist.h"
-#include "acl/RegexData.h"
-
-/* explicit template instantiation required for some systems */
-
-template class ACLRequestHeaderStrategy<Http::HdrType::USER_AGENT>;
-
+++ /dev/null
-/*
- * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-#ifndef SQUID_ACLBROWSER_H
-#define SQUID_ACLBROWSER_H
-
-#include "acl/Acl.h"
-#include "acl/Data.h"
-#include "acl/RequestHeaderStrategy.h"
-#include "acl/Strategised.h"
-
-/// \ingroup ACLAPI
-class ACLBrowser
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<char const *> RegistryEntry_;
-};
-
-#endif /* SQUID_ACLBROWSER_H */
-
#include "HttpRequest.h"
int
-ACLCertificateStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLCertificateStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
const int fd = checklist->fd();
const bool goodDescriptor = 0 <= fd && fd <= Biggest_FD;
return res;
}
-ACLCertificateStrategy *
-ACLCertificateStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLCertificateStrategy ACLCertificateStrategy::Instance_;
-
#endif /* USE_OPENSSL */
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLCertificateStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLCertificateStrategy(ACLCertificateStrategy const &);
-
-private:
- static ACLCertificateStrategy Instance_;
- ACLCertificateStrategy() {}
-
- ACLCertificateStrategy&operator=(ACLCertificateStrategy const &);
-};
-
-/// \ingroup ACLAPI
-class ACLCertificate
-{
-
-private:
- static ACL::Prototype UserRegistryProtoype;
- static ACLStrategised<X509*> UserRegistryEntry_;
- static ACL::Prototype CARegistryProtoype;
- static ACLStrategised<X509 *> CARegistryEntry_;
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
};
#endif /* SQUID_ACLCERTIFICATE_H */
--- /dev/null
+/*
+ * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+#ifndef SQUID_ACL_CHARACTER_SET_OPTION_H
+#define SQUID_ACL_CHARACTER_SET_OPTION_H
+
+#include "acl/Options.h"
+#include "base/CharacterSet.h"
+#include "sbuf/SBuf.h"
+
+namespace Acl {
+
+typedef OptionValue<CharacterSet> CharacterSetOptionValue;
+
+/* TypedOption<CharacterSetOptionValue> specializations */
+
+template <>
+inline
+void
+TypedOption<CharacterSetOptionValue>::import(const SBuf &rawValue) const
+{
+ SBuf chars = rawValue; // because c_str() is not constant
+ recipient_->value = CharacterSet(__FILE__, chars.c_str());
+}
+
+template <>
+inline
+void
+TypedOption<CharacterSetOptionValue>::print(std::ostream &os) const
+{
+ recipient_->value.printChars(os); // TODO: Quote if needed.
+}
+
+/// option value to configure one or more characters (e.g., -m=",;")
+class CharacterSetOption: public TypedOption<CharacterSetOptionValue>
+{
+public:
+ typedef TypedOption<CharacterSetOptionValue> Parent;
+ CharacterSetOption(): Parent(valueOptional) {}
+};
+
+} // namespace Acl
+
+#endif /* SQUID_ACL_CHARACTER_SET_OPTION_H */
+
virtual bool empty () const;
protected:
- static Prototype RegistryProtoype;
- static ConnectionsEncrypted RegistryEntry_;
char const *class_;
};
#ifndef SQUID_ACLDATA_H
#define SQUID_ACLDATA_H
+#include "acl/Options.h"
#include "sbuf/List.h"
-/// \ingroup ACLAPI
+/// Configured ACL parameter(s) (e.g., domain names in dstdomain ACL).
template <class M>
class ACLData
{
virtual ~ACLData() {}
+ /// \returns the flags supported by these ACL parameters (e.g., "-i")
+ virtual const Acl::ParameterFlags &supportedFlags() const { return Acl::NoFlags(); }
+
virtual bool match(M) =0;
virtual SBufList dump() const =0;
virtual void parse() =0;
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const {return true;}
-
- static ACLDestinationASNStrategy *Instance();
-
- /**
- * Not implemented to prevent copies of the instance.
- \par
- * Not private to prevent brain dead g++ warnings about
- * private constructors with no friends
- */
- ACLDestinationASNStrategy(ACLDestinationASNStrategy const &);
-
-private:
- static ACLDestinationASNStrategy Instance_;
- ACLDestinationASNStrategy() {}
-
- ACLDestinationASNStrategy&operator=(ACLDestinationASNStrategy const &);
};
#endif /* SQUID_ACLDESTINATIONASN_H */
checklist->resumeNonBlockingCheck(DestinationDomainLookup::Instance());
}
+/* ACLDestinationDomainStrategy */
+
+const Acl::Options &
+ACLDestinationDomainStrategy::options()
+{
+ static const Acl::BooleanOption LookupBanFlag;
+ static const Acl::Options MyOptions = { { "-n", &LookupBanFlag } };
+ LookupBanFlag.linkWith(&lookupBanned);
+ return MyOptions;
+}
+
int
-ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &flags)
+ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
assert(checklist != NULL && checklist->request != NULL);
return 1;
}
- if (flags.isSet(ACL_F_NO_LOOKUP)) {
+ if (lookupBanned) {
debugs(28, 3, "No-lookup DNS ACL '" << AclMatchedName << "' for " << checklist->request->url.host());
return 0;
}
return data->match("none");
}
-ACLDestinationDomainStrategy *
-ACLDestinationDomainStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLDestinationDomainStrategy ACLDestinationDomainStrategy::Instance_;
-
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLDestinationDomainStrategy *Instance();
+ /* ACLStrategy API */
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const {return true;}
-
- /**
- * Not implemented to prevent copies of the instance.
- \par
- * Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends
- */
- ACLDestinationDomainStrategy(ACLDestinationDomainStrategy const &);
+ virtual const Acl::Options &options();
private:
- static ACLDestinationDomainStrategy Instance_;
- ACLDestinationDomainStrategy() {}
-
- ACLDestinationDomainStrategy&operator=(ACLDestinationDomainStrategy const &);
+ Acl::BooleanOptionValue lookupBanned; ///< Are DNS lookups allowed?
};
/// \ingroup ACLAPI
static void LookupDone(const char *, const Dns::LookupDetails &, void *);
};
-/// \ingroup ACLAPI
-class ACLDestinationDomain
-{
-
-private:
- static ACL::Prototype LiteralRegistryProtoype;
- static ACLStrategised<char const *> LiteralRegistryEntry_;
- static ACL::Prototype RegexRegistryProtoype;
- static ACLStrategised<char const *> RegexRegistryEntry_;
-};
-
#endif /* SQUID_ACLDESTINATIONDOMAIN_H */
#include "HttpRequest.h"
#include "SquidConfig.h"
-ACLFlag ACLDestinationIP::SupportedFlags[] = {ACL_F_NO_LOOKUP, ACL_F_END};
-
char const *
ACLDestinationIP::typeString() const
{
return "dst";
}
+const Acl::Options &
+ACLDestinationIP::options()
+{
+ static const Acl::BooleanOption LookupBan;
+ static const Acl::Options MyOptions = { { "-n", &LookupBan } };
+ LookupBan.linkWith(&lookupBanned);
+ return MyOptions;
+}
+
int
ACLDestinationIP::match(ACLChecklist *cl)
{
ACLIP::match(conn->clientConnection->local) : -1;
}
- if (flags.isSet(ACL_F_NO_LOOKUP)) {
+ if (lookupBanned) {
if (!checklist->request->url.hostIsNumeric()) {
debugs(28, 3, "No-lookup DNS ACL '" << AclMatchedName << "' for " << checklist->request->url.host());
return 0;
MEMPROXY_CLASS(ACLDestinationIP);
public:
- ACLDestinationIP(): ACLIP(ACLDestinationIP::SupportedFlags) {}
virtual char const *typeString() const;
+ virtual const Acl::Options &options();
virtual int match(ACLChecklist *checklist);
virtual ACL *clone()const;
- static ACLFlag SupportedFlags[];
private:
- static Prototype RegistryProtoype;
- static ACLDestinationIP RegistryEntry_;
+ Acl::BooleanOptionValue lookupBanned; ///< are DNS lookups allowed?
};
#endif /* SQUID_ACLDESTINATIONIP_H */
#define SQUID_ACLEUI64_H
#include "acl/Acl.h"
-#include "acl/Checklist.h"
#include <set>
virtual bool empty () const;
protected:
- static Prototype RegistryProtoype;
- static ACLEui64 RegistryEntry_;
typedef std::set<Eui::Eui64> Eui64Data_t;
Eui64Data_t eui64Data;
char const *class_;
return type_;
}
+void
+ACLExtUser::parseFlags()
+{
+ ParseFlags(Acl::NoOptions(), data->supportedFlags());
+}
+
void
ACLExtUser::parse()
{
ACLExtUser & operator= (ACLExtUser const &rhs);
~ACLExtUser();
+ /* ACL API */
virtual char const *typeString() const;
virtual void parse();
-
+ virtual void parseFlags();
virtual int match(ACLChecklist *checklist);
virtual SBufList dump() const;
virtual bool empty () const;
virtual ACL *clone()const;
private:
- static Prototype UserRegistryProtoype;
- static ACLExtUser UserRegistryEntry_;
- static Prototype RegexRegistryProtoype;
- static ACLExtUser RegexRegistryEntry_;
ACLData<char const *> *data;
char const *type_;
};
#include "acl/HasComponentData.h"
int
-ACLHasComponentStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &flags)
+ACLHasComponentStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
ACLHasComponentData *cdata = dynamic_cast<ACLHasComponentData*>(data);
assert(cdata);
return cdata->match(checklist);
}
-
-ACLHasComponentStrategy *
-ACLHasComponentStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLHasComponentStrategy ACLHasComponentStrategy::Instance_;
-
class ACLHasComponentStrategy : public ACLStrategy<ACLChecklist *>
{
public:
- static ACLHasComponentStrategy *Instance();
- ACLHasComponentStrategy(ACLHasComponentStrategy const &) = delete;
- ACLHasComponentStrategy& operator=(ACLHasComponentStrategy const &) = delete;
- virtual int match(ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
-
-private:
- static ACLHasComponentStrategy Instance_;
- ACLHasComponentStrategy() { }
-};
-
-/// \ingroup ACLAPI
-class ACLHasComponent
-{
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<ACLChecklist *> RegistryEntry_;
+ virtual int match(ACLData<MatchType> * &, ACLFilledChecklist *);
};
#endif
#include "acl/Checklist.h"
#include "acl/HierCode.h"
#include "acl/HierCodeData.h"
+#include "acl/Strategised.h"
#include "HttpRequest.h"
/* explicit template instantiation required for some systems */
template class ACLStrategised<hier_code>;
int
-ACLHierCodeStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLHierCodeStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
return data->match (checklist->request->hier.code);
}
-ACLHierCodeStrategy *
-ACLHierCodeStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLHierCodeStrategy ACLHierCodeStrategy::Instance_;
-
#ifndef SQUID_ACLHIERCODE_H
#define SQUID_ACLHIERCODE_H
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
#include "hier_code.h"
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const {return true;}
-
- static ACLHierCodeStrategy *Instance();
-
- /**
- * Not implemented to prevent copies of the instance.
- \par
- * Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends
- */
- ACLHierCodeStrategy(ACLHierCodeStrategy const &);
-
-private:
- static ACLHierCodeStrategy Instance_;
- ACLHierCodeStrategy() {}
-
- ACLHierCodeStrategy &operator=(ACLHierCodeStrategy const &);
-};
-
-/// \ingroup ACLAPI
-class ACLHierCode
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<hier_code> RegistryEntry_;
};
#endif /* SQUID_ACLHIERCODE_H */
*/
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/HttpHeaderData.h"
#include "acl/HttpRepHeader.h"
#include "HttpReply.h"
int
-ACLHTTPRepHeaderStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLHTTPRepHeaderStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
return data->match (&checklist->reply->header);
}
-ACLHTTPRepHeaderStrategy *
-ACLHTTPRepHeaderStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLHTTPRepHeaderStrategy ACLHTTPRepHeaderStrategy::Instance_;
-
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
virtual bool requiresReply() const { return true; }
-
- static ACLHTTPRepHeaderStrategy *Instance();
- /**
- * Not implemented to prevent copies of the instance.
- \par
- * Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends
- */
- ACLHTTPRepHeaderStrategy(ACLHTTPRepHeaderStrategy const &);
-
-private:
- static ACLHTTPRepHeaderStrategy Instance_;
- ACLHTTPRepHeaderStrategy() { }
-
- ACLHTTPRepHeaderStrategy&operator = (ACLHTTPRepHeaderStrategy const &);
-};
-
-/// \ingroup ACLAPI
-class ACLHTTPRepHeader
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<HttpHeader*> RegistryEntry_;
};
#endif /* SQUID_ACLHTTPREPHEADER_H */
*/
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/HttpHeaderData.h"
#include "acl/HttpReqHeader.h"
#include "HttpRequest.h"
int
-ACLHTTPReqHeaderStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLHTTPReqHeaderStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
return data->match (&checklist->request->header);
}
-ACLHTTPReqHeaderStrategy *
-ACLHTTPReqHeaderStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLHTTPReqHeaderStrategy ACLHTTPReqHeaderStrategy::Instance_;
-
#ifndef SQUID_ACLHTTPREQHEADER_H
#define SQUID_ACLHTTPREQHEADER_H
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
#include "HttpHeader.h"
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const { return true; }
-
- static ACLHTTPReqHeaderStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLHTTPReqHeaderStrategy(ACLHTTPReqHeaderStrategy const &);
-
-private:
- static ACLHTTPReqHeaderStrategy Instance_;
- ACLHTTPReqHeaderStrategy() { }
-
- ACLHTTPReqHeaderStrategy&operator = (ACLHTTPReqHeaderStrategy const &);
-};
-
-/// \ingroup ACLAPI
-class ACLHTTPReqHeader
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<HttpHeader*> RegistryEntry_;
};
#endif /* SQUID_ACLHTTPREQHEADER_H */
virtual bool requiresReply() const { return true; }
protected:
- static Prototype RegistryProtoype;
- static ACLHTTPStatus RegistryEntry_;
Splay<acl_httpstatus_data*> *data;
char const *class_;
};
if (data == NULL)
data = new IPSplay();
- flags.parseFlags();
-
while (char *t = ConfigParser::strtokFile()) {
acl_ip_data *q = acl_ip_data::FactoryParse(t);
void operator delete(void *);
ACLIP() : data(NULL) {}
- explicit ACLIP(const ACLFlag flgs[]) : ACL(flgs), data(NULL) {}
-
~ACLIP();
typedef Splay<acl_ip_data *> IPSplay;
MEMPROXY_CLASS(ACLLocalIP);
public:
- static ACLLocalIP const &RegistryEntry();
-
virtual char const *typeString() const;
virtual int match(ACLChecklist *checklist);
virtual ACL *clone()const;
-
-private:
- static Prototype RegistryProtoype;
- static ACLLocalIP RegistryEntry_;
};
#endif /* SQUID_ACLLOCALIP_H */
*/
#include "squid.h"
-#include "acl/Checklist.h"
-#include "acl/IntRange.h"
+#include "acl/FilledChecklist.h"
#include "acl/LocalPort.h"
int
-ACLLocalPortStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLLocalPortStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
return data->match (checklist->my_addr.port());
}
-ACLLocalPortStrategy *
-ACLLocalPortStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLLocalPortStrategy ACLLocalPortStrategy::Instance_;
-
#ifndef SQUID_ACLLOCALPORT_H
#define SQUID_ACLLOCALPORT_H
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
/// \ingroup ACLAPI
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLLocalPortStrategy *Instance();
- /**
- * Not implemented to prevent copies of the instance.
- \par
- * Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends
- */
- ACLLocalPortStrategy(ACLLocalPortStrategy const &);
-
-private:
- static ACLLocalPortStrategy Instance_;
- ACLLocalPortStrategy() {}
-
- ACLLocalPortStrategy&operator=(ACLLocalPortStrategy const &);
-};
-
-/// \ingroup ACLAPI
-class ACLLocalPort
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<int> RegistryEntry_;
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
#endif /* SQUID_ACLLOCALPORT_H */
forward.h \
InnerNode.cc \
InnerNode.h \
+ Options.h \
+ Options.cc \
Tree.cc \
Tree.h
## Data-dependent Squid/transaction state used by specific ACLs.
## Does not refer to specific ACLs to avoid circular dependencies.
libstate_la_SOURCES = \
+ CharacterSetOption.h \
Data.h \
Strategy.h \
Strategised.cc \
AnyOf.h \
Asn.cc \
Asn.h \
- Browser.cc \
- Browser.h \
ConnectionsEncrypted.cc \
ConnectionsEncrypted.h \
DestinationAsn.h \
Protocol.h \
Random.cc \
Random.h \
- Referer.cc \
- Referer.h \
ReplyHeaderStrategy.h \
- ReplyMimeType.cc \
ReplyMimeType.h \
RequestHeaderStrategy.h \
- RequestMimeType.cc \
RequestMimeType.h \
SourceAsn.h \
SourceDomain.cc \
#define SQUID_ACLMAXCONNECTION_H
#include "acl/Acl.h"
-#include "acl/Checklist.h"
/// \ingroup ACLAPI
class ACLMaxConnection : public ACL
virtual void prepareForUse();
protected:
- static Prototype RegistryProtoype;
- static ACLMaxConnection RegistryEntry_;
char const *class_;
int limit;
};
*/
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/Method.h"
#include "acl/MethodData.h"
+#include "acl/Strategised.h"
#include "HttpRequest.h"
/* explicit template instantiation required for some systems */
template class ACLStrategised<HttpRequestMethod>;
int
-ACLMethodStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLMethodStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
return data->match (checklist->request->method);
}
-ACLMethodStrategy *
-ACLMethodStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLMethodStrategy ACLMethodStrategy::Instance_;
-
#ifndef SQUID_ACLMETHOD_H
#define SQUID_ACLMETHOD_H
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
#include "http/RequestMethod.h"
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const {return true;}
-
- static ACLMethodStrategy *Instance();
-
- /**
- * Not implemented to prevent copies of the instance.
- \par
- * Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends
- */
- ACLMethodStrategy(ACLMethodStrategy const &);
-
-private:
- static ACLMethodStrategy Instance_;
- ACLMethodStrategy() {}
-
- ACLMethodStrategy&operator=(ACLMethodStrategy const &);
-};
-
-/// \ingroup ACLAPI
-class ACLMethod
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<HttpRequestMethod> RegistryEntry_;
};
#endif /* SQUID_ACLMETHOD_H */
*/
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/MyPortName.h"
#include "acl/StringData.h"
#include "anyp/PortCfg.h"
#include "HttpRequest.h"
int
-ACLMyPortNameStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLMyPortNameStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
if (checklist->conn() != NULL && checklist->conn()->port != NULL)
return data->match(checklist->conn()->port->name);
return 0;
}
-ACLMyPortNameStrategy *
-ACLMyPortNameStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLMyPortNameStrategy ACLMyPortNameStrategy::Instance_;
-
#ifndef SQUID_ACLMYPORTNAME_H
#define SQUID_ACLMYPORTNAME_H
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
class ACLMyPortNameStrategy : public ACLStrategy<const char *>
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLMyPortNameStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLMyPortNameStrategy(ACLMyPortNameStrategy const &);
-
-private:
- static ACLMyPortNameStrategy Instance_;
- ACLMyPortNameStrategy() {}
-
- ACLMyPortNameStrategy&operator=(ACLMyPortNameStrategy const &);
-};
-
-class ACLMyPortName
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<const char *> RegistryEntry_;
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
#endif /* SQUID_ACLMYPORTNAME_H */
*/
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/HttpHeaderData.h"
#include "acl/Note.h"
#include "acl/NoteData.h"
#include "HttpRequest.h"
-#include "Notes.h"
-#include "parser/Tokenizer.h"
-#include "sbuf/StringConvert.h"
+
+/* Acl::AnnotationStrategy */
+
+const Acl::Options &
+Acl::AnnotationStrategy::options()
+{
+ static const Acl::CharacterSetOption Delimiters;
+ static const Acl::Options MyOptions = {
+ { "-m", &Delimiters }
+ };
+ Delimiters.linkWith(&delimiters);
+ return MyOptions;
+}
+
+/* ACLNoteStrategy */
int
-ACLNoteStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &flags)
+ACLNoteStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
if (const auto request = checklist->request) {
- if (request->hasNotes() && matchNotes(data, request->notes().getRaw(), flags.delimiters()))
+ if (request->hasNotes() && matchNotes(data, request->notes().getRaw()))
return 1;
#if USE_ADAPTATION
const Adaptation::History::Pointer ah = request->adaptLogHistory();
- if (ah != NULL && ah->metaHeaders != NULL && matchNotes(data, ah->metaHeaders.getRaw(), flags.delimiters()))
+ if (ah != NULL && ah->metaHeaders != NULL && matchNotes(data, ah->metaHeaders.getRaw()))
return 1;
#endif
}
}
bool
-ACLNoteStrategy::matchNotes(ACLData<MatchType> *noteData, const NotePairs *note, const CharacterSet *delimiters) const
+ACLNoteStrategy::matchNotes(ACLData<MatchType> *noteData, const NotePairs *note) const
{
- const NotePairs::Entries &entries = note->expandListEntries(delimiters);
+ const NotePairs::Entries &entries = note->expandListEntries(&delimiters.value);
for (auto e: entries)
if (noteData->match(e.getRaw()))
return true;
return false;
}
-ACLNoteStrategy *
-ACLNoteStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLNoteStrategy ACLNoteStrategy::Instance_;
-
#ifndef SQUID_ACLNOTE_H
#define SQUID_ACLNOTE_H
-#include "acl/Strategised.h"
+#include "acl/CharacterSetOption.h"
+#include "acl/Data.h"
#include "acl/Strategy.h"
+#include "Notes.h"
-class ACLNoteData;
-class CharacterSet;
-class HttpRequest;
+namespace Acl {
-/// \ingroup ACLAPI
-class ACLNoteStrategy : public ACLStrategy<NotePairs::Entry *>
+/// common parent of several ACLs dealing with transaction annotations
+class AnnotationStrategy: public ACLStrategy<NotePairs::Entry *>
{
-
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- virtual bool requiresRequest() const { return true; }
+ AnnotationStrategy(): delimiters(CharacterSet(__FILE__, ",")) {}
- static ACLNoteStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLNoteStrategy(ACLNoteStrategy const &);
-
-private:
- static ACLNoteStrategy Instance_;
- ACLNoteStrategy() { }
+ virtual const Acl::Options &options() override;
- ACLNoteStrategy& operator = (ACLNoteStrategy const &);
- bool matchNotes(ACLData<MatchType> *, const NotePairs *, const CharacterSet *) const;
+ Acl::CharacterSetOptionValue delimiters; ///< annotation separators
};
+} // namespace Acl
+
/// \ingroup ACLAPI
-class ACLNote
+class ACLNoteStrategy: public Acl::AnnotationStrategy
{
+public:
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
+ virtual bool requiresRequest() const { return true; }
+
private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<NotePairs::Entry *> RegistryEntry_;
+ bool matchNotes(ACLData<MatchType> *, const NotePairs *) const;
};
#endif /* SQUID_ACLNOTE_H */
--- /dev/null
+/*
+ * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+#include "squid.h"
+#include "acl/Options.h"
+#include "ConfigParser.h"
+#include "Debug.h"
+#include "sbuf/Stream.h"
+
+#include <iostream>
+#include <vector>
+
+namespace Acl {
+
+/// low-level parser that extracts but does not interpret ACL options
+class OptionExtractor
+{
+public:
+ /// parses the next option and fills public members with its details
+ /// \returns whether option extraction was successful
+ bool extractOne();
+
+ /* extracted option details (after successful extraction */
+ SBuf name; ///< extracted option name, including dash(es)
+ bool hasValue = false; ///< whether the option has a value (-x=value)
+ const SBuf &value() const; ///< extracted option value (requires hasValue)
+
+protected:
+ bool advance();
+ void extractWhole();
+ void extractShort();
+
+private:
+ SBuf prefix_; ///< option name(s), including leading dash(es)
+ SBuf value_; ///< the last seen value of some option
+ SBuf::size_type letterPos_ = 0; ///< letter position inside an -xyz sequence
+ bool sawValue_ = false; ///< the current option sequence had a value
+};
+
+/// parses/validates/stores ACL options; skips/preserves parameter flags
+class OptionsParser
+{
+public:
+ OptionsParser(const Options &options, const ParameterFlags &flags);
+
+ // fill previously supplied options container, throwing on errors
+ void parse();
+
+private:
+ const Option *findOption(/* const */ SBuf &rawName);
+
+ /// ACL parameter flags in parsing order
+ typedef std::vector<OptionName> Names;
+ /// parsed ACL parameter flags that must be preserved for ACLData::parse()
+ static Names flagsToSkip;
+
+ const Options &options_; ///< caller-supported, linked options
+ const ParameterFlags ¶meterFlags_; ///< caller-supported parameter flags
+};
+
+} // namespace Acl
+
+/* Acl::OptionNameCmp */
+
+bool
+Acl::OptionNameCmp::operator()(const OptionName a, const OptionName b) const
+{
+ return strcmp(a, b) < 0;
+}
+
+/* Acl::OptionExtractor */
+
+const SBuf &
+Acl::OptionExtractor::value() const
+{
+ Must(hasValue);
+ return value_;
+}
+
+bool
+Acl::OptionExtractor::extractOne()
+{
+ if (!prefix_.isEmpty()) {
+ extractShort(); // continue with the previously extracted flags
+ return true;
+ }
+
+ if (!advance())
+ return false; // end of options (and, possibly, the whole "acl" directive)
+
+ if (prefix_.length() < 2)
+ throw TexcHere(ToSBuf("truncated(?) ACL flag: ", prefix_)); // single - or +
+
+ if (prefix_[0] == '-' && prefix_[1] == '-') {
+ if (prefix_.length() == 2)
+ return false; // skipped "--", an explicit end-of-options marker
+ extractWhole();
+ return true;
+ }
+
+ if (prefix_.length() == 2) { // common trivial case: -x or +y
+ extractWhole();
+ return true;
+ }
+
+ // -xyz or +xyz
+ letterPos_ = 1;
+ extractShort();
+ return true;
+}
+
+/// extracts a token with the next option/flag(s) or returns false
+bool
+Acl::OptionExtractor::advance()
+{
+ const char *next = ConfigParser::PeekAtToken();
+ if (!next)
+ return false; // end of the "acl" line
+
+ const char nextChar = *next;
+ if (!(nextChar == '-' || nextChar == '+'))
+ return false; // start of ACL parameters
+
+ sawValue_ = strchr(next, '='); // TODO: Make ConfigParser reject '^=.*' tokens
+ if (sawValue_) {
+ char *rawPrefix = nullptr;
+ char *rawValue = nullptr;
+ if (!ConfigParser::NextKvPair(rawPrefix, rawValue))
+ throw TexcHere(ToSBuf("Malformed acl option=value: ", next));
+ prefix_.assign(rawPrefix);
+ value_.assign(rawValue);
+ } else {
+ prefix_.assign(next);
+ ConfigParser::NextToken(); // consume what we have peeked at
+ }
+ return true;
+}
+
+/// handles -x[=option] or --foo[=option]
+void
+Acl::OptionExtractor::extractWhole()
+{
+ debugs(28, 8, "from " << prefix_ << " value: " << sawValue_);
+ hasValue = sawValue_;
+ name = prefix_;
+ prefix_.clear();
+}
+
+/// handles one flag letter inside an -xyx[=option] or +xyz[=option] sequence
+void
+Acl::OptionExtractor::extractShort()
+{
+ debugs(28, 8, "from " << prefix_ << " at " << letterPos_ << " value: " << sawValue_);
+ name.assign(prefix_.rawContent(), 1); // leading - or +
+ name.append(prefix_.at(letterPos_++));
+ if (letterPos_ >= prefix_.length()) { // got last flag in the sequence
+ hasValue = sawValue_;
+ prefix_.clear();
+ } else {
+ hasValue = false;
+ }
+}
+
+/* Acl::OptionsParser */
+
+// being "static" is an optimization to avoid paying for vector creation/growth
+Acl::OptionsParser::Names Acl::OptionsParser::flagsToSkip;
+
+Acl::OptionsParser::OptionsParser(const Options &options, const ParameterFlags &flags):
+ options_(options),
+ parameterFlags_(flags)
+{
+}
+
+const Acl::Option *
+Acl::OptionsParser::findOption(/* const */ SBuf &rawNameBuf)
+{
+ // TODO: new std::map::find() in C++14 does not require this conversion
+ const auto rawName = rawNameBuf.c_str();
+
+ const auto optionPos = options_.find(rawName);
+ if (optionPos != options_.end())
+ return optionPos->second;
+
+ const auto flagPos = parameterFlags_.find(rawName);
+ if (flagPos != parameterFlags_.end()) {
+ flagsToSkip.push_back(*flagPos); // *flagPos is permanent unlike rawName
+ return nullptr;
+ }
+
+ throw TexcHere(ToSBuf("unsupported ACL option: ", rawNameBuf));
+}
+
+void
+Acl::OptionsParser::parse()
+{
+ flagsToSkip.clear();
+
+ OptionExtractor oex;
+ while (oex.extractOne()) {
+ /* const */ auto rawName = oex.name;
+ if (const Option *optionPtr = findOption(rawName)) {
+ const Option &option = *optionPtr;
+ if (option.configured())
+ debugs(28, 7, "acl uses multiple " << rawName << " options");
+ switch (option.valueExpectation)
+ {
+ case Option::valueNone:
+ if (oex.hasValue)
+ throw TexcHere(ToSBuf("unexpected value for an ACL option: ", rawName, '=', oex.value()));
+ option.configureDefault();
+ break;
+ case Option::valueRequired:
+ if (!oex.hasValue)
+ throw TexcHere(ToSBuf("missing required value for ACL option ", rawName));
+ option.configureWith(oex.value());
+ break;
+ case Option::valueOptional:
+ if (oex.hasValue)
+ option.configureWith(oex.value());
+ else
+ option.configureDefault();
+ break;
+ }
+ }
+ // else skip supported parameter flag
+ }
+
+ /* hack: regex code wants to parse all -i and +i flags itself */
+ for (const auto name: flagsToSkip)
+ ConfigParser::TokenPutBack(name);
+}
+
+void
+Acl::ParseFlags(const Options &options, const ParameterFlags &flags)
+{
+ OptionsParser parser(options, flags);
+ parser.parse();
+}
+
+const Acl::Options &
+Acl::NoOptions()
+{
+ static const Options none;
+ return none;
+}
+
+const Acl::ParameterFlags &
+Acl::NoFlags()
+{
+ static const ParameterFlags none;
+ return none;
+}
+
+std::ostream &
+operator <<(std::ostream &os, const Acl::Option &option)
+{
+ if (option.valued()) {
+ os << '=';
+ option.print(os);
+ }
+ return os;
+}
+
+std::ostream &
+operator <<(std::ostream &os, const Acl::Options &options)
+{
+ for (const auto pos: options) {
+ assert(pos.second);
+ const auto &option = *pos.second;
+ if (option.configured())
+ os << pos.first << option;
+ }
+ // TODO: Remember "--" presence and print that delimiter when present.
+ // Detecting its need is difficult because parameter flags start with "-".
+ return os;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+#ifndef SQUID_ACL_OPTIONS_H
+#define SQUID_ACL_OPTIONS_H
+
+#include "acl/forward.h"
+#include "sbuf/forward.h"
+
+#include <iosfwd>
+#include <map>
+#include <set>
+
+// After all same-name acl configuration lines are merged into one ACL:
+// configuration = acl name type [option...] [[flag...] parameter...]
+// option = -x[=value] | --name[=value]
+// flag = option
+//
+// Options and flags use the same syntax, but differ in scope and handling code:
+// * ACL options appear before all parameters and apply to all parameters.
+// They are handled by ACL kids (or equivalent).
+// * Parameter flags may appear after some other parameters and apply only to
+// the subsequent parameters (until they are overwritten by later flags).
+// They are handled by ACLData kids.
+// ACL options parsing code skips and leaves leading parameter flags (if any)
+// for ACLData code to process.
+
+namespace Acl {
+
+typedef const char *OptionName;
+
+/// A single option supported by an ACL: -x[=value] or --name[=value]
+/// Unlike a parameter flag, this option applies to all ACL parameters.
+class Option
+{
+public:
+ typedef enum { valueNone, valueOptional, valueRequired } ValueExpectation;
+ explicit Option(ValueExpectation vex = valueNone): valueExpectation(vex) {}
+ virtual ~Option() {}
+
+ /// whether the admin explicitly specified this option
+ /// (i.e., whether configureWith() or configureDefault() has been called)
+ virtual bool configured() const = 0;
+
+ /// called after parsing -x or --name
+ virtual void configureDefault() const = 0;
+
+ /// called after parsing -x=value or --name=value
+ virtual void configureWith(const SBuf &rawValue) const = 0;
+
+ virtual bool valued() const = 0;
+
+ /// prints a configuration snippet (as an admin could have typed)
+ virtual void print(std::ostream &os) const = 0;
+
+ ValueExpectation valueExpectation = valueNone; ///< expect "=value" part?
+};
+
+/// Stores configuration of a typical boolean flag or a single-value Option.
+template <class Value>
+class OptionValue
+{
+public:
+ typedef Value value_type;
+
+ OptionValue(): value {} {}
+ explicit OptionValue(const Value &aValue): value(aValue) {}
+
+ explicit operator bool() const { return configured; }
+
+ Value value; ///< final value storage, possibly after conversions
+ bool configured = false; ///< whether the option was present in squid.conf
+ bool valued = false; ///< whether a configured option had a value
+};
+
+/// a type-specific Option (e.g., a boolean --toggle or -m=SBuf)
+template <class Recipient>
+class TypedOption: public Option
+{
+public:
+ //typedef typename Recipient::value_type value_type;
+ explicit TypedOption(ValueExpectation vex = valueNone): Option(vex) {}
+
+ /// who to tell when this option is enabled
+ void linkWith(Recipient *recipient) const
+ {
+ assert(recipient);
+ recipient_ = recipient;
+ }
+
+ /* Option API */
+
+ virtual bool configured() const override { return recipient_ && recipient_->configured; }
+ virtual bool valued() const override { return recipient_ && recipient_->valued; }
+
+ /// sets the default value when option is used without a value
+ virtual void configureDefault() const override
+ {
+ assert(recipient_);
+ recipient_->configured = true;
+ recipient_->valued = false;
+ // sets recipient_->value to default
+ setDefault();
+ }
+
+ /// sets the option value from rawValue
+ virtual void configureWith(const SBuf &rawValue) const override
+ {
+ assert(recipient_);
+ recipient_->configured = true;
+ recipient_->valued = true;
+ import(rawValue);
+ }
+
+ virtual void print(std::ostream &os) const override { if (valued()) os << recipient_->value; }
+
+private:
+ void import(const SBuf &rawValue) const { recipient_->value = rawValue; }
+ void setDefault() const { /*leave recipient_->value as is*/}
+
+ // The "mutable" specifier demarcates set-once Option kind/behavior from the
+ // ever-changing recipient of the actual admin-configured option value.
+ mutable Recipient *recipient_ = nullptr; ///< parsing results storage
+};
+
+/* two typical option kinds: --foo and --bar=text */
+typedef OptionValue<bool> BooleanOptionValue;
+typedef OptionValue<SBuf> TextOptionValue;
+typedef TypedOption<BooleanOptionValue> BooleanOption;
+typedef TypedOption<TextOptionValue> TextOption;
+
+// this specialization should never be called until we start supporting
+// boolean option values like --name=enable or --name=false
+template <>
+inline void
+BooleanOption::import(const SBuf &) const
+{
+ assert(!"boolean options do not have ...=values (for now)");
+}
+
+template <>
+inline void
+BooleanOption::setDefault() const
+{
+ recipient_->value = true;
+}
+
+/// option name comparison functor
+class OptionNameCmp {
+public:
+ bool operator()(const OptionName a, const OptionName b) const;
+};
+/// name:option map
+typedef std::map<OptionName, const Option*, OptionNameCmp> Options;
+
+/// a set of parameter flag names
+typedef std::set<OptionName, OptionNameCmp> ParameterFlags;
+
+/// parses the flags part of the being-parsed ACL, filling Option values
+/// \param options options supported by the ACL as a whole (e.g., -n)
+/// \param flags options supported by ACL parameter(s) (e.g., -i)
+void ParseFlags(const Options &options, const ParameterFlags &flags);
+
+/* handy for Class::options() and Class::supportedFlags() defaults */
+const Options &NoOptions(); ///< \returns an empty Options container
+const ParameterFlags &NoFlags(); ///< \returns an empty ParameterFlags container
+
+} // namespace Acl
+
+std::ostream &operator <<(std::ostream &os, const Acl::Option &option);
+std::ostream &operator <<(std::ostream &os, const Acl::Options &options);
+
+#endif /* SQUID_ACL_OPTIONS_H */
+
*/
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/PeerName.h"
#include "acl/RegexData.h"
#include "acl/StringData.h"
-#include "CachePeer.h"
int
-ACLPeerNameStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLPeerNameStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
if (!checklist->dst_peer_name.isEmpty())
return data->match(checklist->dst_peer_name.c_str());
return 0;
}
-ACLPeerNameStrategy *
-ACLPeerNameStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLPeerNameStrategy ACLPeerNameStrategy::Instance_;
-
#ifndef SQUID_ACLPEERNAME_H
#define SQUID_ACLPEERNAME_H
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
class ACLPeerNameStrategy : public ACLStrategy<const char *>
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLPeerNameStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLPeerNameStrategy(ACLPeerNameStrategy const &);
-
-private:
- static ACLPeerNameStrategy Instance_;
- ACLPeerNameStrategy() {}
-
- ACLPeerNameStrategy&operator=(ACLPeerNameStrategy const &);
-};
-
-class ACLPeerName
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<const char *> RegistryEntry_;
- static ACL::Prototype RegexRegistryProtoype;
- static ACLStrategised<char const *> RegexRegistryEntry_;
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
#endif /* SQUID_ACLPEERNAME_H */
*/
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/Protocol.h"
#include "acl/ProtocolData.h"
+#include "acl/Strategised.h"
#include "HttpRequest.h"
/* explicit template instantiation required for some systems */
template class ACLStrategised<AnyP::ProtocolType>;
int
-ACLProtocolStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLProtocolStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
return data->match(checklist->request->url.getScheme());
}
-ACLProtocolStrategy *
-ACLProtocolStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLProtocolStrategy ACLProtocolStrategy::Instance_;
-
#ifndef SQUID_ACLPROTOCOL_H
#define SQUID_ACLPROTOCOL_H
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
#include "anyp/ProtocolType.h"
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const {return true;}
-
- static ACLProtocolStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLProtocolStrategy(ACLProtocolStrategy const &);
-
-private:
- static ACLProtocolStrategy Instance_;
- ACLProtocolStrategy() {}
-
- ACLProtocolStrategy&operator=(ACLProtocolStrategy const &);
-};
-
-class ACLProtocol
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<AnyP::ProtocolType> RegistryEntry_;
};
#endif /* SQUID_ACLPROTOCOL_H */
#define SQUID_ACL_RANDOM_H
#include "acl/Acl.h"
-#include "acl/Checklist.h"
class ACLRandom : public ACL
{
virtual bool valid() const;
protected:
- static Prototype RegistryProtoype;
- static ACLRandom RegistryEntry_;
double data; // value to be exceeded before this ACL will match
char pattern[256]; // pattern from config file. Used to generate 'data'
char const *class_;
+++ /dev/null
-/*
- * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-/* DEBUG: section 28 Access Control */
-
-#include "squid.h"
-#include "acl/Checklist.h"
-#include "acl/Referer.h"
-#include "acl/RegexData.h"
-
-/* explicit template instantiation required for some systems */
-
-template class ACLRequestHeaderStrategy<Http::HdrType::REFERER>;
-
+++ /dev/null
-/*
- * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-#ifndef SQUID_ACLREFERER_H
-#define SQUID_ACLREFERER_H
-#include "acl/Acl.h"
-#include "acl/Data.h"
-#include "acl/RequestHeaderStrategy.h"
-#include "acl/Strategised.h"
-
-class ACLReferer
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<char const *> RegistryEntry_;
-};
-
-#endif /* SQUID_ACLREFERER_H */
-
{
}
+const Acl::ParameterFlags &
+ACLRegexData::supportedFlags() const
+{
+ static const Acl::ParameterFlags flags = { "-i", "+i" };
+ return flags;
+}
+
bool
ACLRegexData::match(char const *word)
{
virtual bool match(char const *user);
virtual SBufList dump() const;
virtual void parse();
+ virtual const Acl::ParameterFlags &supportedFlags() const;
virtual bool empty() const;
virtual ACLData<char const *> *clone() const;
#ifndef SQUID_ACLREPLYHEADERSTRATEGY_H
#define SQUID_ACLREPLYHEADERSTRATEGY_H
-class ACLChecklist;
-
#include "acl/Acl.h"
#include "acl/Data.h"
#include "acl/FilledChecklist.h"
{
public:
- virtual int match (ACLData<char const *> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match (ACLData<char const *> * &, ACLFilledChecklist *);
virtual bool requiresReply() const {return true;}
-
- static ACLReplyHeaderStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLReplyHeaderStrategy(ACLReplyHeaderStrategy const &);
-
-private:
- static ACLReplyHeaderStrategy *Instance_;
- ACLReplyHeaderStrategy() {}
-
- ACLReplyHeaderStrategy&operator=(ACLReplyHeaderStrategy const &);
};
template <Http::HdrType header>
int
-ACLReplyHeaderStrategy<header>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLReplyHeaderStrategy<header>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
{
char const *theHeader = checklist->reply->header.getStr(header);
return data->match(theHeader);
}
-template <Http::HdrType header>
-ACLReplyHeaderStrategy<header> *
-ACLReplyHeaderStrategy<header>::Instance()
-{
- if (!Instance_)
- Instance_ = new ACLReplyHeaderStrategy<header>;
-
- return Instance_;
-}
-
-template <Http::HdrType header>
-ACLReplyHeaderStrategy<header> * ACLReplyHeaderStrategy<header>::Instance_ = NULL;
-
#endif /* SQUID_REPLYHEADERSTRATEGY_H */
+++ /dev/null
-/*
- * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-/* DEBUG: section 28 Access Control */
-
-#include "squid.h"
-#include "acl/Checklist.h"
-#include "acl/RegexData.h"
-#include "acl/ReplyMimeType.h"
-
-/* explicit template instantiation required for some systems */
-
-template class ACLReplyHeaderStrategy<Http::HdrType::CONTENT_TYPE>;
-
#ifndef SQUID_ACLREPLYMIMETYPE_H
#define SQUID_ACLREPLYMIMETYPE_H
-#include "acl/Acl.h"
-#include "acl/Strategised.h"
-
-class ACLReplyMIMEType
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<char const *> RegistryEntry_;
-};
-
-/* partial specialisation */
-
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/Data.h"
#include "acl/ReplyHeaderStrategy.h"
+/* partial specialisation */
+
template <>
inline int
-ACLReplyHeaderStrategy<Http::HdrType::CONTENT_TYPE>::match(ACLData<char const *> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLReplyHeaderStrategy<Http::HdrType::CONTENT_TYPE>::match(ACLData<char const *> * &data, ACLFilledChecklist *checklist)
{
char const *theHeader = checklist->reply->header.getStr(Http::HdrType::CONTENT_TYPE);
{
public:
- virtual int match (ACLData<char const *> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match (ACLData<char const *> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const {return true;}
-
- static ACLRequestHeaderStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLRequestHeaderStrategy(ACLRequestHeaderStrategy const &);
-
-private:
- static ACLRequestHeaderStrategy *Instance_;
- ACLRequestHeaderStrategy() {}
-
- ACLRequestHeaderStrategy&operator=(ACLRequestHeaderStrategy const &);
};
template <Http::HdrType header>
int
-ACLRequestHeaderStrategy<header>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLRequestHeaderStrategy<header>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
{
char const *theHeader = checklist->request->header.getStr(header);
return data->match(theHeader);
}
-template <Http::HdrType header>
-ACLRequestHeaderStrategy<header> *
-ACLRequestHeaderStrategy<header>::Instance()
-{
- if (!Instance_)
- Instance_ = new ACLRequestHeaderStrategy<header>;
-
- return Instance_;
-}
-
-template <Http::HdrType header>
-ACLRequestHeaderStrategy<header> * ACLRequestHeaderStrategy<header>::Instance_ = NULL;
-
#endif /* SQUID_REQUESTHEADERSTRATEGY_H */
+++ /dev/null
-/*
- * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-/* DEBUG: section 28 Access Control */
-
-#include "squid.h"
-#include "acl/Checklist.h"
-#include "acl/RegexData.h"
-#include "acl/RequestMimeType.h"
-
-/* explicit template instantiation required for some systems */
-
-template class ACLRequestHeaderStrategy<Http::HdrType::CONTENT_TYPE>;
-
#ifndef SQUID_ACLREQUESTMIMETYPE_H
#define SQUID_ACLREQUESTMIMETYPE_H
-#include "acl/Acl.h"
-#include "acl/Strategised.h"
-
-class ACLRequestMIMEType
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<char const *> RegistryEntry_;
-};
-
-/* partial specialisation */
-
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/Data.h"
#include "acl/RequestHeaderStrategy.h"
+/* partial specialisation */
+
template <>
inline int
-ACLRequestHeaderStrategy<Http::HdrType::CONTENT_TYPE>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLRequestHeaderStrategy<Http::HdrType::CONTENT_TYPE>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
{
char const *theHeader = checklist->request->header.getStr(Http::HdrType::CONTENT_TYPE);
#include "ssl/ServerBump.h"
int
-ACLServerCertificateStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLServerCertificateStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
Security::CertPointer cert;
if (checklist->serverCert)
return data->match(cert.get());
}
-ACLServerCertificateStrategy *
-ACLServerCertificateStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLServerCertificateStrategy ACLServerCertificateStrategy::Instance_;
-
#endif /* USE_OPENSSL */
class ACLServerCertificateStrategy : public ACLStrategy<X509 *>
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLServerCertificateStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLServerCertificateStrategy(ACLServerCertificateStrategy const &);
-
-private:
- static ACLServerCertificateStrategy Instance_;
- ACLServerCertificateStrategy() {}
-
- ACLServerCertificateStrategy&operator=(ACLServerCertificateStrategy const &);
-};
-
-/// \ingroup ACLAPI
-class ACLServerCertificate
-{
-private:
- static ACL::Prototype X509FingerprintRegistryProtoype;
- static ACLStrategised<X509*> X509FingerprintRegistryEntry_;
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
#endif /* SQUID_ACLSERVERCERTIFICATE_H */
/* DEBUG: section 28 Access Control */
#include "squid.h"
-#include "acl/Checklist.h"
#include "acl/DomainData.h"
+#include "acl/FilledChecklist.h"
#include "acl/RegexData.h"
#include "acl/ServerName.h"
#include "client_side.h"
}
int
-ACLServerNameStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &flags)
+ACLServerNameStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
assert(checklist != NULL && checklist->request != NULL);
return data->match(serverName);
}
-ACLServerNameStrategy *
-ACLServerNameStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLServerNameStrategy ACLServerNameStrategy::Instance_;
-
#define SQUID_ACLSERVERNAME_H
#include "acl/Acl.h"
-#include "acl/Checklist.h"
-#include "acl/Data.h"
#include "acl/DomainData.h"
-#include "acl/Strategised.h"
+#include "acl/Strategy.h"
class ACLServerNameData : public ACLDomainData {
MEMPROXY_CLASS(ACLServerNameData);
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLServerNameStrategy *Instance();
+ /* ACLStrategy API */
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const {return true;}
- /**
- * Not implemented to prevent copies of the instance.
- \par
- * Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends
- */
- ACLServerNameStrategy(ACLServerNameStrategy const &);
-
-private:
- static ACLServerNameStrategy Instance_;
- ACLServerNameStrategy() {}
-
- ACLServerNameStrategy&operator=(ACLServerNameStrategy const &);
-};
-
-class ACLServerName
-{
-
-private:
- static ACL::Prototype LiteralRegistryProtoype;
- static ACLStrategised<char const *> LiteralRegistryEntry_;
- static ACL::Prototype RegexRegistryProtoype;
- static ACLStrategised<char const *> RegexRegistryEntry_;
};
#endif /* SQUID_ACLSERVERNAME_H */
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLSourceASNStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLSourceASNStrategy(ACLSourceASNStrategy const &);
-
-private:
- static ACLSourceASNStrategy Instance_;
- ACLSourceASNStrategy() {}
-
- ACLSourceASNStrategy&operator=(ACLSourceASNStrategy const &);
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
#endif /* SQUID_ACL_SOURCEASN_H */
#include "squid.h"
#include "acl/Checklist.h"
#include "acl/DomainData.h"
+#include "acl/FilledChecklist.h"
#include "acl/RegexData.h"
#include "acl/SourceDomain.h"
#include "fqdncache.h"
}
int
-ACLSourceDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLSourceDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
const char *fqdn = NULL;
fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS);
return data->match("none");
}
-ACLSourceDomainStrategy *
-ACLSourceDomainStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLSourceDomainStrategy ACLSourceDomainStrategy::Instance_;
-
#include "acl/Acl.h"
#include "acl/Checklist.h"
#include "acl/Data.h"
-#include "acl/Strategised.h"
+#include "acl/Strategy.h"
#include "dns/forward.h"
class ACLSourceDomainStrategy : public ACLStrategy<char const *>
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLSourceDomainStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLSourceDomainStrategy(ACLSourceDomainStrategy const &);
-
-private:
- static ACLSourceDomainStrategy Instance_;
- ACLSourceDomainStrategy() {}
-
- ACLSourceDomainStrategy&operator=(ACLSourceDomainStrategy const &);
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
class SourceDomainLookup : public ACLChecklist::AsyncState
static void LookupDone(const char *, const Dns::LookupDetails &, void *);
};
-class ACLSourceDomain
-{
-
-private:
- static ACL::Prototype LiteralRegistryProtoype;
- static ACLStrategised<char const *> LiteralRegistryEntry_;
- static ACL::Prototype RegexRegistryProtoype;
- static ACLStrategised<char const *> RegexRegistryEntry_;
-};
-
#endif /* SQUID_ACLSOURCEDOMAIN_H */
virtual char const *typeString() const;
virtual int match(ACLChecklist *checklist);
virtual ACL *clone()const;
-
-private:
- static Prototype RegistryProtoype;
- static ACLSourceIP RegistryEntry_;
};
#endif /* SQUID_ACLSOURCEIP_H */
*/
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/SquidError.h"
#include "HttpRequest.h"
int
-ACLSquidErrorStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLSquidErrorStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
if (checklist->requestErrorType != ERR_MAX)
return data->match(checklist->requestErrorType);
return 0;
}
-ACLSquidErrorStrategy *
-ACLSquidErrorStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLSquidErrorStrategy ACLSquidErrorStrategy::Instance_;
-
#ifndef SQUID_ACLSQUIDERROR_H
#define SQUID_ACLSQUIDERROR_H
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
#include "err_type.h"
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
-
- static ACLSquidErrorStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLSquidErrorStrategy(ACLSquidErrorStrategy const &);
-
-private:
- static ACLSquidErrorStrategy Instance_;
- ACLSquidErrorStrategy() {}
-
- ACLSquidErrorStrategy&operator=(ACLSquidErrorStrategy const &);
-};
-
-class ACLSquidError
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<err_type> RegistryEntry_;
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
#endif /* SQUID_ACLSQUIDERROR_H */
*/
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/SslError.h"
#include "acl/SslErrorData.h"
int
-ACLSslErrorStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLSslErrorStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
return data->match (checklist->sslErrors);
}
-ACLSslErrorStrategy *
-ACLSslErrorStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLSslErrorStrategy ACLSslErrorStrategy::Instance_;
-
#ifndef SQUID_ACLSSL_ERROR_H
#define SQUID_ACLSSL_ERROR_H
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
+#include "security/forward.h"
class ACLSslErrorStrategy : public ACLStrategy<const Security::CertErrors *>
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLSslErrorStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLSslErrorStrategy(ACLSslErrorStrategy const &);
-
-private:
- static ACLSslErrorStrategy Instance_;
- ACLSslErrorStrategy() {}
-
- ACLSslErrorStrategy&operator=(ACLSslErrorStrategy const &);
-};
-
-class ACLSslError
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<const Security::CertErrors *> RegistryEntry_;
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
#endif /* SQUID_ACLSSL_ERROR_H */
#include "acl/FilledChecklist.h"
#include "acl/Strategy.h"
+// XXX: Replace with a much simpler abstract ACL child class without the
+// ACLStrategy parameter (and associated call forwarding). Duplicating key
+// portions of the ACL class API in ACLStrategy is not needed because
+// ACLStrategy is unused outside the ACLStrategised context. Existing classes
+// like ACLExtUser, ACLProxyAuth, and ACLIdent seem to confirm this assertion.
+// It also requires forwarding ACL info to ACLStrategy as method parameters.
+
+/// Splits the ACL API into two individually configurable components:
+/// * ACLStrategy that usually extracts information from the current transaction
+/// * ACLData that usually matches information against admin-configured values
template <class M>
class ACLStrategised : public ACL
{
typedef M MatchType;
~ACLStrategised();
- ACLStrategised(ACLData<MatchType> *, ACLStrategy<MatchType> *, char const *, const ACLFlag flags[] = ACLFlags::NoFlags);
- ACLStrategised (ACLStrategised const &);
- ACLStrategised &operator= (ACLStrategised const &);
+ ACLStrategised(ACLData<MatchType> *, ACLStrategy<MatchType> *, char const *);
+ ACLStrategised(ACLStrategised const &&) = delete;
virtual char const *typeString() const;
+ virtual void parseFlags();
+
virtual bool requiresRequest() const {return matcher->requiresRequest();}
virtual bool requiresReply() const {return matcher->requiresReply();}
virtual void prepareForUse() { data->prepareForUse();}
-
+ virtual const Acl::Options &options() { return matcher->options(); }
virtual void parse();
virtual int match(ACLChecklist *checklist);
virtual int match (M const &);
virtual SBufList dump() const;
virtual bool empty () const;
virtual bool valid () const;
- virtual ACL *clone()const;
private:
ACLData<MatchType> *data;
}
template <class MatchType>
-ACLStrategised<MatchType>::ACLStrategised(ACLData<MatchType> *newData, ACLStrategy<MatchType> *theStrategy, char const *theType, const ACLFlag flgs[]) : ACL(flgs), data (newData), type_(theType), matcher(theStrategy) {}
-
-template <class MatchType>
-ACLStrategised<MatchType>::ACLStrategised (ACLStrategised const &old) : data (old.data->clone()), type_(old.type_), matcher (old.matcher)
+ACLStrategised<MatchType>::ACLStrategised(ACLData<MatchType> *newData, ACLStrategy<MatchType> *theStrategy, char const *theType): data(newData), type_(theType), matcher(theStrategy)
{}
template <class MatchType>
-ACLStrategised<MatchType> &
-ACLStrategised<MatchType>::operator= (ACLStrategised const &rhs)
+char const *
+ACLStrategised<MatchType>::typeString() const
{
- data = rhs.data->clone();
- type_ = rhs.type_;
- matcher = rhs.matcher;
- return *this;
+ return type_;
}
template <class MatchType>
-char const *
-ACLStrategised<MatchType>::typeString() const
+void
+ACLStrategised<MatchType>::parseFlags()
{
- return type_;
+ ParseFlags(options(), data->supportedFlags());
}
template <class MatchType>
{
ACLFilledChecklist *checklist = dynamic_cast<ACLFilledChecklist*>(cl);
assert(checklist);
- return matcher->match(data, checklist, flags);
+ return matcher->match(data, checklist);
}
template <class MatchType>
return matcher->valid();
}
-template <class MatchType>
-ACL *
-ACLStrategised<MatchType>::clone() const
-{
- return new ACLStrategised(*this);
-}
-
#endif /* SQUID_ACLSTRATEGISED_H */
#include "acl/Acl.h"
#include "acl/Data.h"
+#include "acl/Options.h"
class ACLFilledChecklist;
template<class M>
+/// A matching algorithm.
class ACLStrategy
{
public:
typedef M MatchType;
- virtual int match (ACLData<M> * &, ACLFilledChecklist *, ACLFlags &) = 0;
+
+ /* Replicate ACL API parts relevant to the matching algorithm. */
+ virtual const Acl::Options &options() { return Acl::NoOptions(); }
+ virtual int match (ACLData<M> * &, ACLFilledChecklist *) = 0;
virtual bool requiresRequest() const {return false;}
virtual bool requiresReply() const {return false;}
*/
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/StringData.h"
#include "acl/Tag.h"
#include "HttpRequest.h"
int
-ACLTagStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLTagStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
if (checklist->request != NULL)
return data->match (checklist->request->tag.termedBuf());
return 0;
}
-ACLTagStrategy *
-ACLTagStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLTagStrategy ACLTagStrategy::Instance_;
-
#ifndef SQUID_ACLTAG_H
#define SQUID_ACLTAG_H
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
class ACLTagStrategy : public ACLStrategy<const char *>
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLTagStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLTagStrategy(ACLTagStrategy const &);
-
-private:
- static ACLTagStrategy Instance_;
- ACLTagStrategy() {}
-
- ACLTagStrategy&operator=(ACLTagStrategy const &);
-};
-
-class ACLTag
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<const char *> RegistryEntry_;
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
#endif /* SQUID_ACLMYPORTNAME_H */
#include "SquidTime.h"
int
-ACLTimeStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *, ACLFlags &)
+ACLTimeStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *)
{
return data->match(squid_curtime);
}
-ACLTimeStrategy *
-ACLTimeStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLTimeStrategy ACLTimeStrategy::Instance_;
-
#ifndef SQUID_ACLTIME_H
#define SQUID_ACLTIME_H
-#include "acl/Acl.h"
#include "acl/Data.h"
#include "acl/Strategised.h"
-class ACLChecklist; // XXX: we do not need it
-
class ACLTimeStrategy : public ACLStrategy<time_t>
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLTimeStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLTimeStrategy(ACLTimeStrategy const &);
-
-private:
- static ACLTimeStrategy Instance_;
- ACLTimeStrategy() {}
-
- ACLTimeStrategy&operator=(ACLTimeStrategy const &);
-};
-
-class ACLTime
-{
-
-public:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<time_t> RegistryEntry_;
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
#endif /* SQUID_ACLTIME_H */
/* DEBUG: section 28 Access Control */
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/RegexData.h"
#include "acl/Url.h"
#include "HttpRequest.h"
#include "src/URL.h"
int
-ACLUrlStrategy::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLUrlStrategy::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
{
char *esc_buf = SBufToCstring(checklist->request->effectiveRequestUri());
rfc1738_unescape(esc_buf);
return result;
}
-ACLUrlStrategy *
-ACLUrlStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLUrlStrategy ACLUrlStrategy::Instance_;
-
#ifndef SQUID_ACLURL_H
#define SQUID_ACLURL_H
-#include "acl/Acl.h"
+
#include "acl/Data.h"
#include "acl/Strategised.h"
{
public:
- virtual int match (ACLData<char const *> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match (ACLData<char const *> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const {return true;}
-
- static ACLUrlStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLUrlStrategy(ACLUrlStrategy const &);
-
-private:
- static ACLUrlStrategy Instance_;
- ACLUrlStrategy() {}
-
- ACLUrlStrategy&operator=(ACLUrlStrategy const &);
-};
-
-class ACLUrl
-{
-
-public:
- static ACL::Prototype RegistryProtoype;
- static ACL::Prototype LegacyRegistryProtoype;
- static ACLStrategised<char const *> RegistryEntry_;
};
#endif /* SQUID_ACLURL_H */
/* DEBUG: section 28 Access Control */
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/RegexData.h"
#include "acl/UrlLogin.h"
#include "HttpRequest.h"
#include "rfc1738.h"
int
-ACLUrlLoginStrategy::match(ACLData<char const *> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLUrlLoginStrategy::match(ACLData<char const *> * &data, ACLFilledChecklist *checklist)
{
if (checklist->request->url.userInfo().isEmpty()) {
debugs(28, 5, "URL has no user-info details. cannot match");
return data->match(str);
}
-ACLUrlLoginStrategy *
-ACLUrlLoginStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLUrlLoginStrategy ACLUrlLoginStrategy::Instance_;
-
#include "acl/Acl.h"
#include "acl/Data.h"
-#include "acl/Strategised.h"
#include "acl/Strategy.h"
class ACLUrlLoginStrategy : public ACLStrategy<char const *>
{
public:
- virtual int match (ACLData<char const *> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match (ACLData<char const *> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const {return true;}
-
- static ACLUrlLoginStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLUrlLoginStrategy(ACLUrlLoginStrategy const &);
-
-private:
- static ACLUrlLoginStrategy Instance_;
- ACLUrlLoginStrategy() {}
-
- ACLUrlLoginStrategy&operator=(ACLUrlLoginStrategy const &);
-};
-
-class ACLUrlLogin
-{
-
-public:
- static ACL::Prototype RegistryProtoype;
- static ACL::Prototype LegacyRegistryProtoype;
- static ACLStrategised<char const *> RegistryEntry_;
};
#endif /* SQUID_ACLURLLOGIN_H */
/* DEBUG: section 28 Access Control */
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/RegexData.h"
#include "acl/UrlPath.h"
#include "HttpRequest.h"
#include "rfc1738.h"
int
-ACLUrlPathStrategy::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLUrlPathStrategy::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
{
if (checklist->request->url.path().isEmpty())
return -1;
return result;
}
-ACLUrlPathStrategy *
-ACLUrlPathStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLUrlPathStrategy ACLUrlPathStrategy::Instance_;
-
#ifndef SQUID_ACLURLPATH_H
#define SQUID_ACLURLPATH_H
-#include "acl/Acl.h"
-#include "acl/Data.h"
-#include "acl/Strategised.h"
+
#include "acl/Strategy.h"
class ACLUrlPathStrategy : public ACLStrategy<char const *>
{
public:
- virtual int match (ACLData<char const *> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match (ACLData<char const *> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const {return true;}
-
- static ACLUrlPathStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLUrlPathStrategy(ACLUrlPathStrategy const &);
-
-private:
- static ACLUrlPathStrategy Instance_;
- ACLUrlPathStrategy() {}
-
- ACLUrlPathStrategy&operator=(ACLUrlPathStrategy const &);
-};
-
-class ACLUrlPath
-{
-
-public:
- static ACL::Prototype RegistryProtoype;
- static ACL::Prototype LegacyRegistryProtoype;
- static ACLStrategised<char const *> RegistryEntry_;
};
#endif /* SQUID_ACLURLPATH_H */
*/
#include "squid.h"
-#include "acl/Checklist.h"
-#include "acl/IntRange.h"
+#include "acl/FilledChecklist.h"
#include "acl/UrlPort.h"
#include "HttpRequest.h"
int
-ACLUrlPortStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLUrlPortStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
return data->match(checklist->request->url.port());
}
-ACLUrlPortStrategy *
-ACLUrlPortStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLUrlPortStrategy ACLUrlPortStrategy::Instance_;
-
#ifndef SQUID_ACLURLPORT_H
#define SQUID_ACLURLPORT_H
-#include "acl/Strategised.h"
+
#include "acl/Strategy.h"
class ACLUrlPortStrategy : public ACLStrategy<int>
{
public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
virtual bool requiresRequest() const {return true;}
-
- static ACLUrlPortStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g+++ warnings about
- * private constructors with no friends */
- ACLUrlPortStrategy(ACLUrlPortStrategy const &);
-
-private:
- static ACLUrlPortStrategy Instance_;
- ACLUrlPortStrategy() {}
-
- ACLUrlPortStrategy&operator=(ACLUrlPortStrategy const &);
-};
-
-class ACLUrlPort
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<int> RegistryEntry_;
};
#endif /* SQUID_ACLURLPORT_H */
class OrNode;
class Tree;
+/// prepares to parse ACLs configuration
+void Init(void);
+
} // namespace Acl
class allow_t;
#include "Parsing.h"
#include "wordlist.h"
-ACLFlag ACLMaxUserIP::SupportedFlags[] = {ACL_F_STRICT, ACL_F_END};
-
ACLMaxUserIP::ACLMaxUserIP(char const *theClass) :
- ACL(SupportedFlags),
class_(theClass),
maximum(0)
{}
-ACLMaxUserIP::ACLMaxUserIP(ACLMaxUserIP const &old) :
- class_(old.class_),
- maximum(old.maximum)
-{
- flags = old.flags;
-}
-
-ACLMaxUserIP::~ACLMaxUserIP()
-{}
-
ACL *
ACLMaxUserIP::clone() const
{
return maximum > 0;
}
+const Acl::Options &
+ACLMaxUserIP::options()
+{
+ static const Acl::BooleanOption BeStrict;
+ static const Acl::Options MyOptions = { { "-s", &BeStrict } };
+ BeStrict.linkWith(&beStrict);
+ return MyOptions;
+}
+
void
ACLMaxUserIP::parse()
{
debugs(28, DBG_IMPORTANT, "aclMatchUserMaxIP: user '" << auth_user_request->username() << "' tries to use too many IP addresses (max " << maximum << " allowed)!");
/* this is a match */
- if (flags.isSet(ACL_F_STRICT)) {
+ if (beStrict) {
/*
* simply deny access - the user name is already associated with
* the request
#if USE_AUTH
#include "acl/Acl.h"
-#include "acl/Checklist.h"
#include "auth/UserRequest.h"
class ACLMaxUserIP : public ACL
MEMPROXY_CLASS(ACLMaxUserIP);
public:
- ACLMaxUserIP(char const *theClass);
- ACLMaxUserIP(ACLMaxUserIP const &old);
- ~ACLMaxUserIP();
- ACLMaxUserIP &operator =(ACLMaxUserIP const &);
+ explicit ACLMaxUserIP(char const *theClass);
virtual ACL *clone() const;
virtual char const *typeString() const;
+ virtual const Acl::Options &options();
virtual void parse();
virtual int match(ACLChecklist *cl);
virtual SBufList dump() const;
int getMaximum() const {return maximum;}
- bool getStrict() const {return flags.isSet(ACL_F_STRICT);}
-
private:
- static Prototype RegistryProtoype;
- static ACLMaxUserIP RegistryEntry_;
- static ACLFlag SupportedFlags[];
-
int match(Auth::UserRequest::Pointer auth_user_request, Ip::Address const &src_addr);
+
+public:
+ Acl::BooleanOptionValue beStrict; ///< Enforce "one user, one device" policy?
+
+private:
char const *class_;
int maximum;
};
return type_;
}
+void
+ACLProxyAuth::parseFlags()
+{
+ ParseFlags(Acl::NoOptions(), data->supportedFlags());
+}
+
void
ACLProxyAuth::parse()
{
ACLProxyAuth(ACLProxyAuth const &);
ACLProxyAuth &operator =(ACLProxyAuth const &);
+ /* ACL API */
virtual char const *typeString() const;
virtual void parse();
virtual bool isProxyAuth() const {return true;}
-
+ virtual void parseFlags();
virtual int match(ACLChecklist *checklist);
virtual SBufList dump() const;
virtual bool valid() const;
virtual bool empty() const;
virtual bool requiresRequest() const {return true;}
-
virtual ACL *clone() const;
virtual int matchForCache(ACLChecklist *checklist);
private:
- static Prototype UserRegistryProtoype;
- static ACLProxyAuth UserRegistryEntry_;
- static Prototype RegexRegistryProtoype;
- static ACLProxyAuth RegexRegistryEntry_;
int matchProxyAuth(ACLChecklist *);
ACLData<char const *> *data;
char const *type_;
addRange(range.first, range.second);
}
+void
+CharacterSet::printChars(std::ostream &os) const
+{
+ for (size_t idx = 0; idx < 256; ++idx) {
+ if (chars_[idx])
+ os << static_cast<char>(idx);
+ }
+}
+
CharacterSet
operator+ (CharacterSet lhs, const CharacterSet &rhs)
{
public:
typedef std::vector<uint8_t> Storage;
- /// define a character set with the given label ("anonymous" if nullptr)
- /// with specified initial contents
- CharacterSet(const char *label, const char * const initial);
+ /// a character set with a given label and contents
+ explicit CharacterSet(const char *label = "anonymous", const char * const chars = "");
/// define a character set with the given label ("anonymous" if nullptr)
/// containing characters defined in the supplied ranges
/// \see addRange
CharacterSet(const char *label, std::initializer_list<std::pair<uint8_t,uint8_t>> ranges);
+ /// whether the set lacks any members
+ bool isEmpty() const { return chars_.empty(); }
+
/// whether a given character exists in the set
bool operator[](unsigned char c) const {return chars_[static_cast<uint8_t>(c)] != 0;}
/// \note Ignores label
bool operator != (const CharacterSet &cs) const { return !operator==(cs); }
+ /// prints all chars in arbitrary order, without any quoting/escaping
+ void printChars(std::ostream &os) const;
+
/// optional set label for debugging (default: "anonymous")
const char * name;
return err_count;
}
+static
int
-parseConfigFile(const char *file_name)
+parseConfigFileOrThrow(const char *file_name)
{
int err_count = 0;
return err_count;
}
+// TODO: Refactor main.cc to centrally handle (and report) all exceptions.
+int
+parseConfigFile(const char *file_name)
+{
+ try {
+ return parseConfigFileOrThrow(file_name);
+ }
+ catch (const std::exception &ex) {
+ debugs(3, DBG_CRITICAL, "FATAL: bad configuration: " << ex.what());
+ self_destruct();
+ return 1; // not reached
+ }
+}
+
static void
configDoConfigure(void)
{
{
while (ae != NULL) {
debugs(3, 3, "dump_acl: " << name << " " << ae->name);
- storeAppendPrintf(entry, "%s %s %s %s ",
+ storeAppendPrintf(entry, "%s %s %s ",
name,
ae->name,
- ae->typeString(),
- ae->flags.flagsStr());
- dump_SBufList(entry, ae->dump());
+ ae->typeString());
+ SBufList tail;
+ tail.splice(tail.end(), ae->dumpOptions());
+ tail.splice(tail.end(), ae->dump()); // ACL parameters
+ dump_SBufList(entry, tail);
ae = ae->next;
}
}
checklist->resumeNonBlockingCheck(ExternalACLLookup::Instance());
}
-/* This registers "external" in the registry. To do dynamic definitions
- * of external ACL's, rather than a static prototype, have a Prototype instance
- * prototype in the class that defines each external acl 'class'.
- * Then, then the external acl instance is created, it self registers under
- * it's name.
- * Be sure that clone is fully functional for that acl class though!
- */
-ACL::Prototype ACLExternal::RegistryProtoype(&ACLExternal::RegistryEntry_, "external");
-
-ACLExternal ACLExternal::RegistryEntry_("external");
-
ACL *
ACLExternal::clone() const
{
return type_;
}
+void
+ACLIdent::parseFlags()
+{
+ ParseFlags(Acl::NoOptions(), data->supportedFlags());
+}
+
void
ACLIdent::parse()
{
ACLIdent & operator= (ACLIdent const &rhs);
~ACLIdent();
+ /* ACL API */
virtual char const *typeString() const;
virtual void parse();
virtual bool isProxyAuth() const {return true;}
-
+ virtual void parseFlags();
virtual int match(ACLChecklist *checklist);
virtual SBufList dump() const;
virtual bool empty () const;
virtual ACL *clone()const;
private:
- static Prototype UserRegistryProtoype;
- static ACLIdent UserRegistryEntry_;
- static Prototype RegexRegistryProtoype;
- static ACLIdent RegexRegistryEntry_;
ACLData<char const *> *data;
char const *type_;
};
#include "squid.h"
#include "AccessLogEntry.h"
-#include "acl/Acl.h"
+//#include "acl/Acl.h"
#include "acl/Asn.h"
+#include "acl/forward.h"
#include "anyp/UriScheme.h"
#include "auth/Config.h"
#include "auth/Gadgets.h"
/* we may want the parsing process to set this up in the future */
Store::Init();
+ Acl::Init();
Auth::Init(); /* required for config parsing. NOP if !USE_AUTH */
Ip::ProbeTransport(); // determine IPv4 or IPv6 capabilities before parsing.
addr = i6addr;
}
-/* SNMP checklists */
-#include "acl/Strategised.h"
-#include "acl/Strategy.h"
-#include "acl/StringData.h"
-
-class ACLSNMPCommunityStrategy : public ACLStrategy<char const *>
-{
-
-public:
- virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *, ACLFlags &);
- static ACLSNMPCommunityStrategy *Instance();
- /* Not implemented to prevent copies of the instance. */
- /* Not private to prevent brain dead g++ warnings about
- * private constructors with no friends */
- ACLSNMPCommunityStrategy(ACLSNMPCommunityStrategy const &);
-
-private:
- static ACLSNMPCommunityStrategy Instance_;
- ACLSNMPCommunityStrategy() {}
-
- ACLSNMPCommunityStrategy&operator=(ACLSNMPCommunityStrategy const &);
-};
-
-class ACLSNMPCommunity
-{
-
-private:
- static ACL::Prototype RegistryProtoype;
- static ACLStrategised<char const *> RegistryEntry_;
-};
-
-ACL::Prototype ACLSNMPCommunity::RegistryProtoype(&ACLSNMPCommunity::RegistryEntry_, "snmp_community");
-ACLStrategised<char const *> ACLSNMPCommunity::RegistryEntry_(new ACLStringData, ACLSNMPCommunityStrategy::Instance(), "snmp_community");
-
int
-ACLSNMPCommunityStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLSNMPCommunityStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
return data->match (checklist->snmp_community);
}
-ACLSNMPCommunityStrategy *
-ACLSNMPCommunityStrategy::Instance()
-{
- return &Instance_;
-}
-
-ACLSNMPCommunityStrategy ACLSNMPCommunityStrategy::Instance_;
-
#ifndef SQUID_SNMP_CORE_H
#define SQUID_SNMP_CORE_H
+#include "acl/Strategy.h"
#include "cache_snmp.h"
#include "comm/forward.h"
#include "ip/forward.h"
void addr2oid(Ip::Address &addr, oid *Dest);
void oid2addr(oid *Dest, Ip::Address &addr, u_int code);
+class ACLSNMPCommunityStrategy: public ACLStrategy<char const *>
+{
+public:
+ virtual int match (ACLData<MatchType> *&data, ACLFilledChecklist *checklist) override;
+};
+
#endif /* SQUID_SNMP_CORE_H */
#include "auth/AclMaxUserIp.h"
ACL * ACLMaxUserIP::clone() const STUB_RETVAL(NULL)
ACLMaxUserIP::ACLMaxUserIP (char const *) STUB
-ACLMaxUserIP::ACLMaxUserIP (ACLMaxUserIP const &) STUB
-ACLMaxUserIP::~ACLMaxUserIP() STUB
char const * ACLMaxUserIP::typeString() const STUB_RETVAL(NULL)
bool ACLMaxUserIP::empty () const STUB_RETVAL(false)
bool ACLMaxUserIP::valid () const STUB_RETVAL(false)
int ACLMaxUserIP::match(Auth::UserRequest::Pointer, Ip::Address const &) STUB_RETVAL(0)
int ACLMaxUserIP::match(ACLChecklist *) STUB_RETVAL(0)
SBufList ACLMaxUserIP::dump() const STUB_RETVAL(SBufList())
+const Acl::Options &ACLMaxUserIP::options() STUB_RETVAL(Acl::NoOptions())
#include "auth/AclProxyAuth.h"
ACLProxyAuth::~ACLProxyAuth() STUB
ACL * ACLProxyAuth::clone() const STUB_RETVAL(NULL)
int ACLProxyAuth::matchForCache(ACLChecklist *) STUB_RETVAL(0)
int ACLProxyAuth::matchProxyAuth(ACLChecklist *) STUB_RETVAL(0)
+void ACLProxyAuth::parseFlags() STUB
#endif /* USE_AUTH */
#if USE_AUTH
+#include "acl/Acl.h"
#include "auth/AclMaxUserIp.h"
+#include "auth/UserRequest.h"
#include "ConfigParser.h"
#include "testACLMaxUserIP.h"
#include "unitTestMain.h"
/* 0 is not a valid maximum, so we start at 0 */
CPPUNIT_ASSERT_EQUAL(0,anACL.getMaximum());
/* and we have no option to turn strict OFF, so start ON. */
- CPPUNIT_ASSERT_EQUAL(false,anACL.getStrict());
+ CPPUNIT_ASSERT_EQUAL(false, static_cast<bool>(anACL.beStrict));
/* an unparsed acl must not be valid - there is no sane default */
CPPUNIT_ASSERT_EQUAL(false,anACL.valid());
}
-ACL::Prototype ACLMaxUserIP::RegistryProtoype(&ACLMaxUserIP::RegistryEntry_, "max_user_ip");
-ACLMaxUserIP ACLMaxUserIP::RegistryEntry_("max_user_ip");
+void
+testACLMaxUserIP::setUp()
+{
+ CPPUNIT_NS::TestFixture::setUp();
+ Acl::RegisterMaker("max_user_ip", [](Acl::TypeName name)->ACL* { return new ACLMaxUserIP(name); });
+}
void
testACLMaxUserIP::testParseLine()
if (maxUserIpACL) {
/* we want a maximum of one, and strict to be true */
CPPUNIT_ASSERT_EQUAL(1, maxUserIpACL->getMaximum());
- CPPUNIT_ASSERT_EQUAL(true, maxUserIpACL->getStrict());
+ CPPUNIT_ASSERT_EQUAL(true, static_cast<bool>(maxUserIpACL->beStrict));
/* the acl must be vaid */
CPPUNIT_ASSERT_EQUAL(true, maxUserIpACL->valid());
}
CPPUNIT_TEST_SUITE_END();
public:
+ virtual void setUp() override;
protected:
void testDefaults();