Source Format Enforcement (#532)

[thirdparty/squid.git] / src / acl / AtStep.cc

diff --git a/src/acl/AtStep.cc b/src/acl/AtStep.cc
index fdbd805c12a92e2e245d523711319142792706dd..cf59006f6b668cacee0e5b99f5627eb64f295c01 100644 (file)
--- a/src/acl/AtStep.cc
+++ b/src/acl/AtStep.cc
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
  *
  * Squid software is distributed under GPLv2+ license and includes
  * contributions from numerous individuals and organizations.
@@ -8,32 +8,48 @@
 
 #include "squid.h"
 
-#if USE_OPENSSL
-
 #include "acl/AtStep.h"
 #include "acl/AtStepData.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
 #include "client_side.h"
+#include "http/Stream.h"
+#if USE_OPENSSL
 #include "ssl/ServerBump.h"
+#endif
 
 int
-ACLAtStepStrategy::match (ACLData<Ssl::BumpStep> * &data, ACLFilledChecklist *checklist, ACLFlags &)
+ACLAtStepStrategy::match(ACLData<XactionStep> * &data, ACLFilledChecklist *checklist)
 {
-    Ssl::ServerBump *bump = NULL;
-    if (checklist->conn() != NULL && (bump = checklist->conn()->serverBump()))
-        return data->match(bump->step);
-    else
-        return data->match(Ssl::bumpStep1);
-    return 0;
-}
+#if USE_OPENSSL
+    // We use step1 for all these very different cases:
+    // - The transaction is not subject to ssl_bump rules (if any).
+    // - No ssl_bump action has matched yet.
+    // - The ssl_bump client-first action has already matched.
+    // - Another ssl_bump action has already matched, but
+    //   ConnStateData::serverBump() has not been built yet.
+    auto currentSslBumpStep = XactionStep::tlsBump1;
+
+    if (const auto mgr = checklist->conn()) {
+        if (const auto serverBump = mgr->serverBump())
+            currentSslBumpStep = serverBump->step;
+    }
+
+    if (data->match(currentSslBumpStep))
+        return 1;
+#endif // USE_OPENSSL
+
+    if (data->match(XactionStep::generatingConnect)) {
+        if (!checklist->request)
+            return 0; // we have warned about the missing request earlier
+
+        if (!checklist->request->masterXaction) {
+            debugs(28, DBG_IMPORTANT, "BUG: at_step GeneratingCONNECT ACL is missing master transaction info. Assuming mismatch.");
+            return 0;
+        }
+
+        return checklist->request->masterXaction->generatingConnect ? 1 : 0;
+    }
 
-ACLAtStepStrategy *
-ACLAtStepStrategy::Instance()
-{
-    return &Instance_;
+    return 0;
 }
 
-ACLAtStepStrategy ACLAtStepStrategy::Instance_;
-
-#endif /* USE_OPENSSL */
-