+/*
+ * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
#include "squid.h"
+#include "AccessLogEntry.h"
#include "acl/FilledChecklist.h"
#include "adaptation/AccessCheck.h"
#include "adaptation/AccessRule.h"
#include "HttpReply.h"
#include "HttpRequest.h"
-/** \cond AUTODOCS-IGNORE */
+/** \cond AUTODOCS_IGNORE */
cbdata_type Adaptation::AccessCheck::CBDATA_AccessCheck = CBDATA_UNKNOWN;
/** \endcond */
bool
Adaptation::AccessCheck::Start(Method method, VectPoint vp,
- HttpRequest *req, HttpReply *rep, Adaptation::Initiator *initiator)
+ HttpRequest *req, HttpReply *rep,
+ AccessLogEntry::Pointer &al, Adaptation::Initiator *initiator)
{
if (Config::Enabled) {
// the new check will call the callback and delete self, eventually
AsyncJob::Start(new AccessCheck( // we do not store so not a CbcPointer
- ServiceFilter(method, vp, req, rep), initiator));
+ ServiceFilter(method, vp, req, rep, al), initiator));
return true;
}
Adaptation::AccessCheck::AccessCheck(const ServiceFilter &aFilter,
Adaptation::Initiator *initiator):
- AsyncJob("AccessCheck"), filter(aFilter),
- theInitiator(initiator),
- acl_checklist(NULL)
+ AsyncJob("AccessCheck"), filter(aFilter),
+ theInitiator(initiator),
+ acl_checklist(NULL)
{
#if ICAP_CLIENT
Adaptation::Icap::History::Pointer h = filter.request->icapHistory();
AccessRule *r = *i;
if (isCandidate(*r)) {
debugs(93, 5, HERE << "check: rule '" << r->id << "' is a candidate");
- candidates += r->id;
+ candidates.push_back(r->id);
}
}
/* BUG 2526: what to do when r->acl is empty?? */
// XXX: we do not have access to conn->rfc931 here.
acl_checklist = new ACLFilledChecklist(r->acl, filter.request, dash_str);
- acl_checklist->reply = filter.reply ? HTTPMSGLOCK(filter.reply) : NULL;
+ if ((acl_checklist->reply = filter.reply))
+ HTTPMSGLOCK(acl_checklist->reply);
+ acl_checklist->al = filter.al;
+ acl_checklist->syncAle(filter.request, nullptr);
acl_checklist->nonBlockingCheck(AccessCheckCallbackWrapper, this);
return;
}
- candidates.shift(); // the rule apparently went away (reconfigure)
+ candidates.erase(candidates.begin()); // the rule apparently went away (reconfigure)
}
debugs(93, 4, HERE << "NO candidates left");
}
void
-Adaptation::AccessCheck::AccessCheckCallbackWrapper(allow_t answer, void *data)
+Adaptation::AccessCheck::AccessCheckCallbackWrapper(Acl::Answer answer, void *data)
{
debugs(93, 8, HERE << "callback answer=" << answer);
AccessCheck *ac = (AccessCheck*)data;
- /** \todo AYJ 2008-06-12: If answer == ACCESS_AUTH_REQUIRED
+ /* TODO: AYJ 2008-06-12: If answer == ACCESS_AUTH_REQUIRED
* we should be kicking off an authentication before continuing
* with this request. see bug 2400 for details.
*/
// convert to async call to get async call protections and features
- typedef UnaryMemFunT<AccessCheck, allow_t> MyDialer;
+ typedef UnaryMemFunT<AccessCheck, Acl::Answer> MyDialer;
AsyncCall::Pointer call =
asyncCall(93,7, "Adaptation::AccessCheck::noteAnswer",
MyDialer(ac, &Adaptation::AccessCheck::noteAnswer, answer));
/// process the results of the ACL check
void
-Adaptation::AccessCheck::noteAnswer(allow_t answer)
+Adaptation::AccessCheck::noteAnswer(Acl::Answer answer)
{
Must(!candidates.empty()); // the candidate we were checking must be there
debugs(93,5, HERE << topCandidate() << " answer=" << answer);
- if (answer == ACCESS_ALLOWED) { // the rule matched
+ if (answer.allowed()) { // the rule matched
ServiceGroupPointer g = topGroup();
if (g != NULL) { // the corresponding group found
callBack(g);
}
// no match or the group disappeared during reconfiguration
- candidates.shift();
+ candidates.erase(candidates.begin());
checkCandidates();
}
debugs(93,7,HERE << r.groupId << (wants ? " wants" : " ignores"));
return wants;
}
+
projects / thirdparty / squid.git / blobdiff