/*
- * DEBUG: section 28 Access Control
+ * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
+/* DEBUG: section 28 Access Control */
+
#include "squid.h"
#include "acl/Checklist.h"
#include "acl/Tree.h"
#include "Debug.h"
#include "profiler/Profiler.h"
+#include <algorithm>
+
/// common parts of nonBlockingCheck() and resumeNonBlockingCheck()
bool
ACLChecklist::prepNonBlocking()
}
ACLChecklist::ACLChecklist() :
- accessList (NULL),
- callback (NULL),
- callback_data (NULL),
- asyncCaller_(false),
- occupied_(false),
- finished_(false),
- allow_(ACCESS_DENIED),
- asyncStage_(asyncNone),
- state_(NullState::Instance())
+ accessList (NULL),
+ callback (NULL),
+ callback_data (NULL),
+ asyncCaller_(false),
+ occupied_(false),
+ finished_(false),
+ allow_(ACCESS_DENIED),
+ asyncStage_(asyncNone),
+ state_(NullState::Instance()),
+ asyncLoopDepth_(0)
{
}
{
assert (!asyncInProgress());
- cbdataReferenceDone(accessList);
+ changeAcl(nullptr);
debugs(28, 4, "ACLChecklist::~ACLChecklist: destroyed " << this);
}
// Concurrent checks are not supported, but sequential checks are, and they
// may use a mixture of fastCheck(void) and fastCheck(list) calls.
- const Acl::Tree * const savedList = accessList;
-
- accessList = cbdataReference(list);
+ const Acl::Tree * const savedList = changeAcl(list);
// assume DENY/ALLOW on mis/matches due to action-free accessList
// matchAndFinish() takes care of the ALLOW case
if (!finished())
markFinished(ACCESS_DENIED, "ACLs failed to match");
- cbdataReferenceDone(accessList);
- accessList = savedList;
+ changeAcl(savedList);
occupied_ = false;
PROF_stop(aclCheckFast);
return currentAnswer();
{
return !cbdataReferenceValid(callback_data);
}
+
+bool
+ACLChecklist::bannedAction(const allow_t &action) const
+{
+ const bool found = std::find(bannedActions_.begin(), bannedActions_.end(), action) != bannedActions_.end();
+ debugs(28, 5, "Action '" << action << "/" << action.kind << (found ? "' is " : "' is not") << " banned");
+ return found;
+}
+
+void
+ACLChecklist::banAction(const allow_t &action)
+{
+ bannedActions_.push_back(action);
+}
+