*/
#include "squid.h"
-#include "CacheManager.h"
+#include "mgr/Registration.h"
#include "ExternalACL.h"
#include "ExternalACLEntry.h"
#include "auth/UserRequest.h"
#if USE_IDENT
#include "ident/AclIdent.h"
#endif
+#include "ip/tools.h"
#include "client_side.h"
+#include "comm/Connection.h"
#include "HttpRequest.h"
#include "HttpReply.h"
#include "auth/Acl.h"
dlink_list queue;
+ /**
+ * Configuration flag. May only be altered by the configuration parser.
+ *
+ * Indicates that all uses of this external_acl_type helper require authentication
+ * details to be processed. If none are available its a fail match.
+ */
bool require_auth;
enum {
QUOTE_METHOD_URL
} quote;
- IpAddress local_addr;
+ Ip::Address local_addr;
};
struct _external_acl_format {
debugs(3, 0, "WARNING: Error converting " << a->local_addr << " to IPv4 in " << a->name );
}
} else if (strcmp(token, "ipv6") == 0) {
-#if !USE_IPV6
- debugs(3, 0, "WARNING: --enable-ipv6 required for external ACL helpers to use IPv6: " << a->name );
-#else
- (void)0;
-#endif
+ if (!Ip::EnableIpv6)
+ debugs(3, 0, "WARNING: --enable-ipv6 required for external ACL helpers to use IPv6: " << a->name );
+ // else nothing to do.
} else {
break;
}
if (acl->def->require_auth) {
int ti;
/* Make sure the user is authenticated */
+ debugs(82, 3, "aclMatchExternal: " << acl->def->name << " check user authenticated.");
if ((ti = AuthenticateAcl(ch)) != 1) {
debugs(82, 2, "aclMatchExternal: " << acl->def->name << " user not authenticated (" << ti << ")");
return ti;
}
+ debugs(82, 3, "aclMatchExternal: " << acl->def->name << " user is authenticated.");
}
key = makeExternalAclKey(ch, acl);
- if (acl->def->require_auth)
- AUTHUSERREQUESTUNLOCK(ch->auth_user_request, "ACLChecklist via aclMatchExternal");
-
if (!key) {
/* Not sufficient data to process */
return -1;
switch (format->type) {
case _external_acl_format::EXT_ACL_LOGIN:
- assert (ch->auth_user_request);
+ assert (ch->auth_user_request != NULL);
str = ch->auth_user_request->username();
break;
#if USE_IDENT
case _external_acl_format::EXT_ACL_USER_CERT_RAW:
- if (ch->conn() != NULL) {
- SSL *ssl = fd_table[ch->conn()->fd].ssl;
+ if (ch->conn() != NULL && Comm::IsConnOpen(ch->conn()->clientConn)) {
+ SSL *ssl = fd_table[ch->conn()->clientConn->fd].ssl;
if (ssl)
str = sslGetUserCertificatePEM(ssl);
case _external_acl_format::EXT_ACL_USER_CERTCHAIN_RAW:
- if (ch->conn() != NULL) {
- SSL *ssl = fd_table[ch->conn()->fd].ssl;
+ if (ch->conn() != NULL && Comm::IsConnOpen(ch->conn()->clientConn)) {
+ SSL *ssl = fd_table[ch->conn()->clientConn->fd].ssl;
if (ssl)
str = sslGetUserCertificateChainPEM(ssl);
case _external_acl_format::EXT_ACL_USER_CERT:
- if (ch->conn() != NULL) {
- SSL *ssl = fd_table[ch->conn()->fd].ssl;
+ if (ch->conn() != NULL && Comm::IsConnOpen(ch->conn()->clientConn)) {
+ SSL *ssl = fd_table[ch->conn()->clientConn->fd].ssl;
if (ssl)
str = sslGetUserAttribute(ssl, format->header);
case _external_acl_format::EXT_ACL_CA_CERT:
- if (ch->conn() != NULL) {
- SSL *ssl = fd_table[ch->conn()->fd].ssl;
+ if (ch->conn() != NULL && Comm::IsConnOpen(ch->conn()->clientConn)) {
+ SSL *ssl = fd_table[ch->conn()->clientConn->fd].ssl;
if (ssl)
str = sslGetCAAttribute(ssl, format->header);
if (acl->def->require_auth) {
int ti;
/* Make sure the user is authenticated */
+ debugs(82, 3, "aclMatchExternal: " << acl->def->name << " check user authenticated.");
if ((ti = AuthenticateAcl(ch)) != 1) {
debugs(82, 1, "externalAclLookup: " << acl->def->name <<
callback(callback_data, NULL);
return;
}
+ debugs(82, 3, "aclMatchExternal: " << acl->def->name << " user is authenticated.");
}
const char *key = makeExternalAclKey(ch, acl);
static void
externalAclRegisterWithCacheManager(void)
{
- CacheManager::GetInstance()->
- registerAction("external_acl",
- "External ACL stats",
- externalAclStats, 0, 1);
+ Mgr::RegisterAction("external_acl",
+ "External ACL stats",
+ externalAclStats, 0, 1);
}
void