AclMatchedName = NULL; // in case it was pointing to our name
}
-
ACL::Prototype::Prototype() : prototype (NULL), typeString (NULL) {}
ACL::Prototype::Prototype (ACL const *aPrototype, char const *aType) : prototype (aPrototype), typeString (aType)
static const ACLFlag NoFlags[1]; ///< An empty flags list
};
-
/// A configurable condition. A node in the ACL expression tree.
/// Can evaluate itself in FilledChecklist context.
-/// Does not change during evaluation.
+/// Does not change during evaluation.
/// \ingroup ACLAPI
class ACL
{
#include "globals.h"
#include "MemBuf.h"
-
char const *
Acl::AllOf::typeString() const
{
lineCtx.init();
lineCtx.Printf("(%s line #%d)", name, lineId);
lineCtx.terminate();
-
+
Acl::AndNode *line = new AndNode;
line->context(lineCtx.content(), config_input_line);
line->lineParse();
#include "acl/InnerNode.h"
-namespace Acl {
+namespace Acl
+{
/// Configurable all-of ACL. Each ACL line is a conjuction of ACLs.
/// Uses AndNode and OrNode to handle squid.conf configuration where multiple
#include "acl/BoolOps.h"
-namespace Acl {
+namespace Acl
+{
/// Configurable any-of ACL. Each ACL line is a disjuction of ACLs.
class AnyOf: public Acl::OrNode
return -1;
// else fall through to noaddr match, hiding the lookup failure (XXX)
}
- Ip::Address noaddr;
- noaddr.SetNoAddr();
- return data->match(noaddr);
+ Ip::Address noaddr;
+ noaddr.SetNoAddr();
+ return data->match(noaddr);
}
ACLDestinationASNStrategy *
#include "Debug.h"
#include "wordlist.h"
-
/* Acl::NotNode */
Acl::NotNode::NotNode(ACL *acl)
{
// Not implemented: by the time an upper level parser discovers
// an '!' operator, there is nothing left for us to parse.
- assert(false);
+ assert(false);
}
int
return text;
}
-
/* Acl::AndNode */
char const *
Acl::AndNode::parse()
{
// Not implemented: AndNode cannot be configured directly. See Acl::AllOf.
- assert(false);
+ assert(false);
}
-
/* Acl::OrNode */
char const *
* They cannot be specified directly in squid.conf because squid.conf ACLs are
* more complex than (and are implemented using) these operator-like classes.*/
-namespace Acl {
+namespace Acl
+{
/// Implements the "not" or "!" operator.
class NotNode: public InnerNode
};
MEMPROXY_CLASS_INLINE(Acl::NotNode);
-
/// An inner ACL expression tree node representing a boolean conjuction (AND)
/// operator applied to a list of child tree nodes.
/// For example, conditions expressed on a single http_access line are ANDed.
};
MEMPROXY_CLASS_INLINE(Acl::OrNode);
-
} // namespace Acl
#endif /* SQUID_ACL_LOGIC_H */
return false;
}
- /** \par
- * If the _acl_access is no longer valid (i.e. its been
- * freed because of a reconfigure), then bail with ACCESS_DUNNO.
- */
-
- if (!cbdataReferenceValid(accessList)) {
- cbdataReferenceDone(accessList);
- debugs(28, 4, "ACLChecklist::check: " << this << " accessList is invalid");
- checkCallback(ACCESS_DUNNO);
- return false;
- }
+ /** \par
+ * If the _acl_access is no longer valid (i.e. its been
+ * freed because of a reconfigure), then bail with ACCESS_DUNNO.
+ */
- // If doNonBlocking() was called for a finished() checklist to call
- // the callbacks, then do not try to match again. XXX: resumeNonBlockingCheck() should check for this instead.
- if (!finished())
- return true;
-
- /** \par
- * Either the request is allowed, denied, requires authentication.
- */
- debugs(28, 3, this << " calling back with " << currentAnswer());
- cbdataReferenceDone(accessList); /* A */
- checkCallback(currentAnswer());
- /* From here on in, this may be invalid */
- return false;
+ if (!cbdataReferenceValid(accessList)) {
+ cbdataReferenceDone(accessList);
+ debugs(28, 4, "ACLChecklist::check: " << this << " accessList is invalid");
+ checkCallback(ACCESS_DUNNO);
+ return false;
+ }
+
+ // If doNonBlocking() was called for a finished() checklist to call
+ // the callbacks, then do not try to match again. XXX: resumeNonBlockingCheck() should check for this instead.
+ if (!finished())
+ return true;
+
+ /** \par
+ * Either the request is allowed, denied, requires authentication.
+ */
+ debugs(28, 3, this << " calling back with " << currentAnswer());
+ cbdataReferenceDone(accessList); /* A */
+ checkCallback(currentAnswer());
+ /* From here on in, this may be invalid */
+ return false;
}
void
asyncStage_ = asyncNone; // sanity restored
return false;
}
-
+
// yes, we must pause until the async callback calls resumeNonBlockingCheck
asyncStage_ = asyncRunning;
return true;
/// performs (or resumes) an ACL tree match and, if successful, sets the action
void
-ACLChecklist::matchAndFinish() {
+ACLChecklist::matchAndFinish()
+{
bool result = false;
if (matchPath.empty()) {
result = accessList->matches(this);
matchPath.pop();
result = top.parent->resumeMatchingAt(this, top.position);
}
-
+
if (result) // the entire tree matched
markFinished(accessList->winningAction(), "match");
}
{
// XXX: rename lastSeenAction after review and before commit
const allow_t lastSeenAction = (accessList && cbdataReferenceValid(accessList)) ?
- accessList->lastAction() : allow_t(ACCESS_DUNNO);
+ accessList->lastAction() : allow_t(ACCESS_DUNNO);
allow_t implicitRuleAnswer = ACCESS_DUNNO;
if (lastSeenAction == ACCESS_DENIED) // reverse last seen "deny"
implicitRuleAnswer = ACCESS_ALLOWED;
/// Otherwise, returns false; the caller is expected to handle the failure.
bool goAsync(AsyncState *);
- /// Matches (or resumes matching of) a child node while maintaning
+ /// Matches (or resumes matching of) a child node while maintaning
/// resumption breadcrumbs if a [grand]child node goes async.
bool matchChild(const Acl::InnerNode *parent, Acl::Nodes::const_iterator pos, const ACL *child);
private: /* internal methods */
/// Position of a child node within an ACL tree.
- class Breadcrumb {
+ class Breadcrumb
+ {
public:
Breadcrumb(): parent(NULL) {}
Breadcrumb(const Acl::InnerNode *aParent, Acl::Nodes::const_iterator aPos): parent(aParent), position(aPos) {}
/// Template to convert various context lables to strings. \ingroup ACLAPI
template <class Any>
inline
-void aclParseAclList(ConfigParser &parser, Acl::Tree **tree, const Any any) {
+void aclParseAclList(ConfigParser &parser, Acl::Tree **tree, const Any any)
+{
std::ostringstream buf;
buf << any;
aclParseAclList(parser, tree, buf.str().c_str());
#include "wordlist.h"
#include <algorithm>
-
// "delete acl" class to use with std::for_each() in InnerNode::~InnerNode()
-class AclDeleter {
+class AclDeleter
+{
public:
void operator()(ACL* acl) {
// Do not delete explicit ACLs; they are maintained by Config.aclList.
}
};
-
Acl::InnerNode::~InnerNode()
{
std::for_each(nodes.begin(), nodes.end(), AclDeleter());
#include "acl/Acl.h"
#include <vector>
-namespace Acl {
+namespace Acl
+{
typedef std::vector<ACL*> Nodes; ///< a collection of nodes
CBDATA_NAMESPACED_CLASS_INIT(Acl, Tree);
-
allow_t
Acl::Tree::winningAction() const
{
if (action != actions.end()) {
const char *act = convert ? convert[action->kind] :
- (*action == ACCESS_ALLOWED ? "allow" : "deny");
+ (*action == ACCESS_ALLOWED ? "allow" : "deny");
wordlistAdd(&text, act ? act : "???");
++action;
}
#include "acl/BoolOps.h"
-namespace Acl {
+namespace Acl
+{
/// An ORed set of rules at the top of the ACL expression tree, providing two
/// unique properties: cbdata protection and optional rule actions.
CBDATA_CLASS2(Tree);
};
-
} // namespace Acl
#endif /* SQUID_ACL_TREE_H */
class AclDenyInfoList;
class AclSizeLimit;
-
-namespace Acl {
+namespace Acl
+{
class InnerNode;
class NotNode;