Replaced ACLStrategised, enabling other ACL improvements (#1392)

The ACLStrategised class stands in the way of several ACL bug fixes and
improvements because its design forces us to place ACL-like match()
methods inside non-ACL classes, creating two parallel matching
hierarchies: one rooted in the ACL class and one rooted in the Strategy
template. The two APIs have similar methods, but Strategy-based objects
lie outside the ACL hierarchy and cannot be treated as ACL objects.

ACLStrategised pairs an ACL-like matching algorithm (a Strategy-derived
class) with an ACLData-derived class. The need to combine the two is
genuine, but the same combination is best supported without creating a
parallel hierarchy of Strategy classes. The new ACL-derived
ParameterizedNode base class accomplishes that, addressing the old
ACLStrategised design XXX.

Strategy-derived classes were not pooled at all! With these changes, all
formerly ACLStrategised classes get individual memory pools, typically
one per acltype, with proper acltype-based naming in mgr:mem reports. No
other functionality changes intended.

diff --git a/src/AclRegs.cc b/src/AclRegs.cc
index 166e3bdad7bf607675eb02eca4c9015b57c5e94e..58fab91815fb2b22eae2deb30e0f2d3bfe0a0bfc 100644 (file)
--- a/src/AclRegs.cc
+++ b/src/AclRegs.cc
@@ -81,8 +81,6 @@
 #include "acl/SslError.h"
 #include "acl/SslErrorData.h"
 #endif
-#include "acl/Strategised.h"
-#include "acl/Strategy.h"
 #include "acl/StringData.h"
 #if USE_OPENSSL
 #include "acl/ServerCertificate.h"
@@ -108,6 +106,85 @@
 #if SQUID_SNMP
 #include "snmp_core.h"
 #endif
+#include "sbuf/Stream.h"
+
+namespace Acl
+{
+
+/// Constructs a ParameterizedNode-derived ACL (specified as a Parent class).
+/// This template exists to avoid placing a variant of this ACL construction
+/// code in each ParameterizedNode-derived ACL class just to pass through
+/// TypeName and Parameters onto ParameterizedNode (and to add MEMPROXY_CLASS).
+template <class Parent>
+class FinalizedParameterizedNode: public Parent
+{
+    MEMPROXY_CLASS(Acl::FinalizedParameterizedNode<Parent>);
+
+public:
+    using Parameters = typename Parent::Parameters;
+    using Parent::data;
+
+    /// Replaces generic memory allocator label X set by our MEMPROXY_CLASS(X)
+    /// with an admin-friendly label based on the given acltype-like name.
+    /// Normally, our class constructor sets the right allocator label using the
+    /// actlype name, but that algorithm results in unstable and misleading
+    /// labels when the same instantiation of this template class is used for
+    /// _multiple_ acltype names. Calling this method corrects that behavior.
+    /// \prec this method must be called at most once
+    /// \prec if called, this method must be called before the class constructor
+    static void PreferAllocatorLabelPrefix(const char * const suffix)
+    {
+        assert(!PreferredAllocatorLabelSuffix); // must be called at most once
+        assert(!FinalPoolLabel); // must be called before the class constructor
+        assert(suffix);
+        PreferredAllocatorLabelSuffix = suffix;
+    }
+
+    FinalizedParameterizedNode(TypeName typeName, Parameters * const params):
+        typeName_(typeName)
+    {
+        Assure(!data); // base classes never set this data member
+        data.reset(params);
+        Assure(data); // ... but we always do
+
+        FinalizePoolLabel(typeName);
+    }
+
+    ~FinalizedParameterizedNode() override = default;
+
+    /* ACL API */
+    const char *typeString() const override { return typeName_; }
+
+private:
+    /// A constructor helper function that replaces generic memory allocator
+    /// label X set by our MEMPROXY_CLASS(X) with an admin-friendly label based
+    /// on the acltype name from squid.conf. Meant to be called from the
+    /// constructor so that no mgr:mem report lists this C++ template class
+    /// statistics using label X. Repeated calls are allowed but have no effect.
+    /// \sa PreferAllocatorLabelPrefix()
+    static void FinalizePoolLabel(const TypeName typeName)
+    {
+        if (FinalPoolLabel)
+            return; // the label has been finalized already
+
+        assert(typeName);
+        const auto label = ToSBuf("acltype=", PreferredAllocatorLabelSuffix ? PreferredAllocatorLabelSuffix : typeName);
+        FinalPoolLabel = SBufToCstring(label);
+        Pool().relabel(FinalPoolLabel);
+    }
+
+    /// if set, overrules FinalizePoolLabel() argument
+    inline static const char *PreferredAllocatorLabelSuffix = nullptr;
+
+    /// custom allocator label set by FinalizePoolLabel()
+    inline static const char *FinalPoolLabel = nullptr;
+
+    // TODO: Consider storing the spelling used by the admin instead.
+    /// the "acltype" name in its canonical spelling
+    TypeName typeName_;
+};
+
+} // namespace Acl
 
 // Not in src/acl/ because some of the ACLs it registers are not in src/acl/.
 void
@@ -122,43 +199,52 @@ Acl::Init()
     RegisterMaker("all-of", [](TypeName)->ACL* { return new Acl::AllOf; }); // XXX: Add name parameter to ctor
     RegisterMaker("any-of", [](TypeName)->ACL* { return new Acl::AnyOf; }); // XXX: Add name parameter to ctor
     RegisterMaker("random", [](TypeName name)->ACL* { return new ACLRandom(name); });
-    RegisterMaker("time", [](TypeName name)->ACL* { return new ACLStrategised<time_t>(new ACLTimeData, new ACLTimeStrategy, name); });
-    RegisterMaker("src_as", [](TypeName name)->ACL* { return new ACLStrategised<Ip::Address>(new ACLASN, new ACLSourceASNStrategy, name); });
-    RegisterMaker("dst_as", [](TypeName name)->ACL* { return new ACLStrategised<Ip::Address>(new ACLASN, new ACLDestinationASNStrategy, name); });
-    RegisterMaker("browser", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLRequestHeaderStrategy<Http::HdrType::USER_AGENT>, name); });
-    RegisterMaker("dstdomain", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLDomainData, new ACLDestinationDomainStrategy, name); });
-    RegisterMaker("dstdom_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLDestinationDomainStrategy, name); });
+    RegisterMaker("time", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::CurrentTimeCheck>(name, new ACLTimeData); });
+    RegisterMaker("src_as", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SourceAsnCheck>(name, new ACLASN); });
+    RegisterMaker("dst_as", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::DestinationAsnCheck>(name, new ACLASN); });
+    RegisterMaker("browser", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::RequestHeaderCheck<Http::HdrType::USER_AGENT> >(name, new ACLRegexData); });
+
+    RegisterMaker("dstdomain", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::DestinationDomainCheck>(name, new ACLDomainData); });
+    RegisterMaker("dstdom_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::DestinationDomainCheck>(name, new ACLRegexData); });
+    Acl::FinalizedParameterizedNode<Acl::DestinationDomainCheck>::PreferAllocatorLabelPrefix("dstdomain+");
+
     RegisterMaker("dst", [](TypeName)->ACL* { return new ACLDestinationIP; }); // XXX: Add name parameter to ctor
-    RegisterMaker("hier_code", [](TypeName name)->ACL* { return new ACLStrategised<hier_code>(new ACLHierCodeData, new ACLHierCodeStrategy, name); });
-    RegisterMaker("rep_header", [](TypeName name)->ACL* { return new ACLStrategised<HttpHeader*>(new ACLHTTPHeaderData, new ACLHTTPRepHeaderStrategy, name); });
-    RegisterMaker("req_header", [](TypeName name)->ACL* { return new ACLStrategised<HttpHeader*>(new ACLHTTPHeaderData, new ACLHTTPReqHeaderStrategy, name); });
+    RegisterMaker("hier_code", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HierCodeCheck>(name, new ACLHierCodeData); });
+    RegisterMaker("rep_header", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HttpRepHeaderCheck>(name, new ACLHTTPHeaderData); });
+    RegisterMaker("req_header", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HttpReqHeaderCheck>(name, new ACLHTTPHeaderData); });
     RegisterMaker("http_status", [](TypeName name)->ACL* { return new ACLHTTPStatus(name); });
     RegisterMaker("maxconn", [](TypeName name)->ACL* { return new ACLMaxConnection(name); });
-    RegisterMaker("method", [](TypeName name)->ACL* { return new ACLStrategised<HttpRequestMethod>(new ACLMethodData, new ACLMethodStrategy, name); });
+    RegisterMaker("method", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::MethodCheck>(name, new ACLMethodData); });
     RegisterMaker("localip", [](TypeName)->ACL* { return new ACLLocalIP; }); // XXX: Add name parameter to ctor
-    RegisterMaker("localport", [](TypeName name)->ACL* { return new ACLStrategised<int>(new ACLIntRange, new ACLLocalPortStrategy, name); });
-    RegisterMaker("myportname", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLStringData, new ACLMyPortNameStrategy, name); });
-    RegisterMaker("peername", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLStringData, new ACLPeerNameStrategy, name); });
-    RegisterMaker("peername_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLPeerNameStrategy, name); });
-    RegisterMaker("proto", [](TypeName name)->ACL* { return new ACLStrategised<AnyP::ProtocolType>(new ACLProtocolData, new ACLProtocolStrategy, name); });
-    RegisterMaker("referer_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLRequestHeaderStrategy<Http::HdrType::REFERER>, name); });
-    RegisterMaker("rep_mime_type", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLReplyHeaderStrategy<Http::HdrType::CONTENT_TYPE>, name); });
-    RegisterMaker("req_mime_type", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLRequestHeaderStrategy<Http::HdrType::CONTENT_TYPE>, name); });
-    RegisterMaker("srcdomain", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLDomainData, new ACLSourceDomainStrategy, name); });
-    RegisterMaker("srcdom_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLSourceDomainStrategy, name); });
+    RegisterMaker("localport", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::LocalPortCheck>(name, new ACLIntRange); });
+    RegisterMaker("myportname", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::MyPortNameCheck>(name, new ACLStringData); });
+
+    RegisterMaker("peername", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::PeerNameCheck>(name, new ACLStringData); });
+    RegisterMaker("peername_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::PeerNameCheck>(name, new ACLRegexData); });
+    Acl::FinalizedParameterizedNode<Acl::PeerNameCheck>::PreferAllocatorLabelPrefix("peername+");
+
+    RegisterMaker("proto", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ProtocolCheck>(name, new ACLProtocolData); });
+    RegisterMaker("referer_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::RequestHeaderCheck<Http::HdrType::REFERER> >(name, new ACLRegexData); });
+    RegisterMaker("rep_mime_type", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ReplyHeaderCheck<Http::HdrType::CONTENT_TYPE> >(name, new ACLRegexData); });
+    RegisterMaker("req_mime_type", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::RequestHeaderCheck<Http::HdrType::CONTENT_TYPE> >(name, new ACLRegexData); });
+
+    RegisterMaker("srcdomain", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SourceDomainCheck>(name, new ACLDomainData); });
+    RegisterMaker("srcdom_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SourceDomainCheck>(name, new ACLRegexData); });
+    Acl::FinalizedParameterizedNode<Acl::SourceDomainCheck>::PreferAllocatorLabelPrefix("srcdomain+");
+
     RegisterMaker("src", [](TypeName)->ACL* { return new ACLSourceIP; }); // XXX: Add name parameter to ctor
-    RegisterMaker("url_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLUrlStrategy, name); });
-    RegisterMaker("urllogin", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLUrlLoginStrategy, name); });
-    RegisterMaker("urlpath_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLUrlPathStrategy, name); });
-    RegisterMaker("port", [](TypeName name)->ACL* { return new ACLStrategised<int>(new ACLIntRange, new ACLUrlPortStrategy, name); });
+    RegisterMaker("url_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlCheck>(name, new ACLRegexData); });
+    RegisterMaker("urllogin", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlLoginCheck>(name, new ACLRegexData); });
+    RegisterMaker("urlpath_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlPathCheck>(name, new ACLRegexData); });
+    RegisterMaker("port", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlPortCheck>(name, new ACLIntRange); });
     RegisterMaker("external", [](TypeName name)->ACL* { return new ACLExternal(name); });
-    RegisterMaker("squid_error", [](TypeName name)->ACL* { return new ACLStrategised<err_type>(new ACLSquidErrorData, new ACLSquidErrorStrategy, name); });
+    RegisterMaker("squid_error", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SquidErrorCheck>(name, new ACLSquidErrorData); });
     RegisterMaker("connections_encrypted", [](TypeName name)->ACL* { return new Acl::ConnectionsEncrypted(name); });
-    RegisterMaker("tag", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLStringData, new ACLTagStrategy, name); });
-    RegisterMaker("note", [](TypeName name)->ACL* { return new ACLStrategised<NotePairs::Entry*>(new ACLNoteData, new ACLNoteStrategy, name); });
-    RegisterMaker("annotate_client", [](TypeName name)->ACL* { return new ACLStrategised<NotePairs::Entry*>(new ACLAnnotationData, new ACLAnnotateClientStrategy, name); });
-    RegisterMaker("annotate_transaction", [](TypeName name)->ACL* { return new ACLStrategised<NotePairs::Entry*>(new ACLAnnotationData, new ACLAnnotateTransactionStrategy, name); });
-    RegisterMaker("has", [](TypeName name)->ACL* {return new ACLStrategised<ACLChecklist *>(new ACLHasComponentData, new ACLHasComponentStrategy, name); });
+    RegisterMaker("tag", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::TagCheck>(name, new ACLStringData); });
+    RegisterMaker("note", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::NoteCheck>(name, new ACLNoteData); });
+    RegisterMaker("annotate_client", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AnnotateClientCheck>(name, new ACLAnnotationData); });
+    RegisterMaker("annotate_transaction", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AnnotateTransactionCheck>(name, new ACLAnnotationData); });
+    RegisterMaker("has", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HasComponentCheck>(name, new ACLHasComponentData); });
     RegisterMaker("transaction_initiator", [](TypeName name)->ACL* {return new TransactionInitiator(name);});
 
 #if USE_LIBNETFILTERCONNTRACK
@@ -167,13 +253,18 @@ Acl::Init()
 #endif
 
 #if USE_OPENSSL
-    RegisterMaker("ssl_error", [](TypeName name)->ACL* { return new ACLStrategised<const Security::CertErrors *>(new ACLSslErrorData, new ACLSslErrorStrategy, name); });
-    RegisterMaker("user_cert", [](TypeName name)->ACL* { return new ACLStrategised<X509*>(new ACLCertificateData(Ssl::GetX509UserAttribute, "*"), new ACLCertificateStrategy, name); });
-    RegisterMaker("ca_cert", [](TypeName name)->ACL* { return new ACLStrategised<X509*>(new ACLCertificateData(Ssl::GetX509CAAttribute, "*"), new ACLCertificateStrategy, name); });
-    RegisterMaker("server_cert_fingerprint", [](TypeName name)->ACL* { return new ACLStrategised<X509*>(new ACLCertificateData(Ssl::GetX509Fingerprint, nullptr, true), new ACLServerCertificateStrategy, name); });
-    RegisterMaker("at_step", [](TypeName name)->ACL* { return new ACLStrategised<XactionStep>(new ACLAtStepData, new ACLAtStepStrategy, name); });
-    RegisterMaker("ssl::server_name", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLServerNameData, new ACLServerNameStrategy, name); });
-    RegisterMaker("ssl::server_name_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLServerNameStrategy, name); });
+    RegisterMaker("ssl_error", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::CertificateErrorCheck>(name, new ACLSslErrorData); });
+
+    RegisterMaker("user_cert", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ClientCertificateCheck>(name, new ACLCertificateData(Ssl::GetX509UserAttribute, "*")); });
+    RegisterMaker("ca_cert", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ClientCertificateCheck>(name, new ACLCertificateData(Ssl::GetX509CAAttribute, "*")); });
+    Acl::FinalizedParameterizedNode<Acl::ClientCertificateCheck>::PreferAllocatorLabelPrefix("user_cert+");
+
+    RegisterMaker("server_cert_fingerprint", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ServerCertificateCheck>(name, new ACLCertificateData(Ssl::GetX509Fingerprint, nullptr, true)); });
+    RegisterMaker("at_step", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AtStepCheck>(name, new ACLAtStepData); });
+
+    RegisterMaker("ssl::server_name", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ServerNameCheck>(name, new ACLServerNameData); });
+    RegisterMaker("ssl::server_name_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ServerNameCheck>(name, new ACLRegexData); });
+    Acl::FinalizedParameterizedNode<Acl::ServerNameCheck>::PreferAllocatorLabelPrefix("ssl::server_name+");
 #endif
 
 #if USE_SQUID_EUI
@@ -195,11 +286,11 @@ Acl::Init()
 #endif
 
 #if USE_ADAPTATION
-    RegisterMaker("adaptation_service", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLAdaptationServiceData, new ACLAdaptationServiceStrategy, name); });
+    RegisterMaker("adaptation_service", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AdaptationServiceCheck>(name, new ACLAdaptationServiceData); });
 #endif
 
 #if SQUID_SNMP
-    RegisterMaker("snmp_community", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLStringData, new ACLSNMPCommunityStrategy, name); });
+    RegisterMaker("snmp_community", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SnmpCommunityCheck>(name, new ACLStringData); });
 #endif
 }
 

diff --git a/src/acl/AdaptationService.cc b/src/acl/AdaptationService.cc
index 8686efdda1c0ee773392cf43664506b49429bba8..f5c0f00b715f4eeb1e6e3deac700652bfbf50e44 100644 (file)
--- a/src/acl/AdaptationService.cc
+++ b/src/acl/AdaptationService.cc
@@ -9,14 +9,14 @@
 #include "squid.h"
 #include "acl/AdaptationService.h"
 #include "acl/FilledChecklist.h"
-#include "acl/IntRange.h"
-#include "adaptation/Config.h"
 #include "adaptation/History.h"
 #include "HttpRequest.h"
 
 int
-ACLAdaptationServiceStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::AdaptationServiceCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     HttpRequest::Pointer request = checklist->request;
     if (request == nullptr)
         return 0;

diff --git a/src/acl/AdaptationService.h b/src/acl/AdaptationService.h
index 1fb997c2dbc8bb64e9dace569c812d2658d640b7..92e7416c2b5a75dfe160be65415616d5a97902c8 100644 (file)
--- a/src/acl/AdaptationService.h
+++ b/src/acl/AdaptationService.h
@@ -9,15 +9,21 @@
 #ifndef SQUID_ACLADAPTATIONSERVICE_H
 #define SQUID_ACLADAPTATIONSERVICE_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 
-/// \ingroup ACLAPI
-class ACLAdaptationServiceStrategy : public ACLStrategy<const char *>
+namespace Acl
 {
 
+/// an "adaptation_service" ACL
+class AdaptationServiceCheck: public ParameterizedNode< ACLData<const char *> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLADAPTATIONSERVICE_H */
 

diff --git a/src/acl/AnnotateClient.cc b/src/acl/AnnotateClient.cc
index 9282a92f8dcce9faad3a2223cbe6a00b14849b34..a2080047d6281d657c6e7a9d31f6d5e298efcf9e 100644 (file)
--- a/src/acl/AnnotateClient.cc
+++ b/src/acl/AnnotateClient.cc
@@ -12,13 +12,14 @@
 #include "acl/FilledChecklist.h"
 #include "client_side.h"
 #include "http/Stream.h"
-#include "Notes.h"
 
 int
-ACLAnnotateClientStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::AnnotateClientCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     if (const auto conn = checklist->conn()) {
-        ACLAnnotationData *tdata = dynamic_cast<ACLAnnotationData*>(data);
+        const auto tdata = dynamic_cast<ACLAnnotationData*>(data.get());
         assert(tdata);
         tdata->annotate(conn->notes(), &delimiters.value, checklist->al);
         if (const auto request = checklist->request)

diff --git a/src/acl/AnnotateClient.h b/src/acl/AnnotateClient.h
index ec4df279c3aaf958961eb7d08914bea6ed6bd02d..ce714970c46b3513354ced87e309be38d91ecf87 100644 (file)
--- a/src/acl/AnnotateClient.h
+++ b/src/acl/AnnotateClient.h
@@ -10,15 +10,20 @@
 #define SQUID_ACLANNOTATECLIENT
 
 #include "acl/Note.h"
-#include "Notes.h"
 
-/// \ingroup ACLAPI
-class ACLAnnotateClientStrategy : public Acl::AnnotationStrategy
+namespace Acl
+{
+
+/// an "annotate_client" ACL
+class AnnotateClientCheck: public Acl::AnnotationCheck
 {
 public:
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override { return true; }
-    int match(ACLData<MatchType> * &, ACLFilledChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLANNOTATECLIENT */
 

diff --git a/src/acl/AnnotateTransaction.cc b/src/acl/AnnotateTransaction.cc
index ee4ea29fcfd75aba7c76b50de2677b1c81632cfe..39d027734f35ead6c66d10ada1c67e7c141785a2 100644 (file)
--- a/src/acl/AnnotateTransaction.cc
+++ b/src/acl/AnnotateTransaction.cc
@@ -11,13 +11,14 @@
 #include "acl/AnnotationData.h"
 #include "acl/FilledChecklist.h"
 #include "HttpRequest.h"
-#include "Notes.h"
 
 int
-ACLAnnotateTransactionStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::AnnotateTransactionCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     if (const auto request = checklist->request) {
-        ACLAnnotationData *tdata = dynamic_cast<ACLAnnotationData*>(data);
+        const auto tdata = dynamic_cast<ACLAnnotationData*>(data.get());
         assert(tdata);
         tdata->annotate(request->notes(), &delimiters.value, checklist->al);
         return 1;

diff --git a/src/acl/AnnotateTransaction.h b/src/acl/AnnotateTransaction.h
index 08211e1039365d0f705ca4d655b49c07a17e07d6..147fcec75b9741a1e6fc7bb3a6d45f86a5571e1d 100644 (file)
--- a/src/acl/AnnotateTransaction.h
+++ b/src/acl/AnnotateTransaction.h
@@ -10,15 +10,20 @@
 #define SQUID_ACLANNOTATETRANSACTION
 
 #include "acl/Note.h"
-#include "Notes.h"
 
-/// \ingroup ACLAPI
-class ACLAnnotateTransactionStrategy: public Acl::AnnotationStrategy
+namespace Acl
+{
+
+/// an "annotate_transaction" ACL
+class AnnotateTransactionCheck: public Acl::AnnotationCheck
 {
 public:
-    int match(ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override { return true; }
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLANNOTATETRANSACTION */
 

diff --git a/src/acl/Asn.cc b/src/acl/Asn.cc
index f3d20138ee1a33e8bce76292e3e11633a0ee3bb6..f1e318b1c732c44e8ce455c99900fcb3417c1532 100644 (file)
--- a/src/acl/Asn.cc
+++ b/src/acl/Asn.cc
@@ -11,11 +11,10 @@
 #include "squid.h"
 #include "acl/Acl.h"
 #include "acl/Asn.h"
-#include "acl/Checklist.h"
 #include "acl/DestinationAsn.h"
 #include "acl/DestinationIp.h"
+#include "acl/FilledChecklist.h"
 #include "acl/SourceAsn.h"
-#include "acl/Strategised.h"
 #include "base/CharacterSet.h"
 #include "FwdState.h"
 #include "HttpReply.h"
@@ -517,19 +516,19 @@ ACLASN::parse()
     }
 }
 
-/* explicit template instantiation required for some systems */
-
-template class ACLStrategised<Ip::Address>;
-
 int
-ACLSourceASNStrategy::match (ACLData<Ip::Address> * &data, ACLFilledChecklist *checklist)
+Acl::SourceAsnCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     return data->match(checklist->src_addr);
 }
 
 int
-ACLDestinationASNStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::DestinationAsnCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     const ipcache_addrs *ia = ipcache_gethostbyname(checklist->request->url.host(), IP_LOOKUP_IF_MISS);
 
     if (ia) {

diff --git a/src/acl/AtStep.cc b/src/acl/AtStep.cc
index 8f92897b959b1292491ebb336be20c9ca5fe8647..0eb56051d22d0fc7bdd5619caea6ce6032deec4f 100644 (file)
--- a/src/acl/AtStep.cc
+++ b/src/acl/AtStep.cc
@@ -9,7 +9,6 @@
 #include "squid.h"
 
 #include "acl/AtStep.h"
-#include "acl/AtStepData.h"
 #include "acl/FilledChecklist.h"
 #include "client_side.h"
 #include "http/Stream.h"
@@ -18,8 +17,10 @@
 #endif
 
 int
-ACLAtStepStrategy::match(ACLData<XactionStep> * &data, ACLFilledChecklist *checklist)
+Acl::AtStepCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
 #if USE_OPENSSL
     // We use step1 for all these very different cases:
     // - The transaction is not subject to ssl_bump rules (if any).

diff --git a/src/acl/AtStep.h b/src/acl/AtStep.h
index e3d8018bd157a825d28f78447b8d108822e33682..6c315da64ed2aa3d2fb882eefd25b2bc7d3821da 100644 (file)
--- a/src/acl/AtStep.h
+++ b/src/acl/AtStep.h
@@ -9,16 +9,22 @@
 #ifndef SQUID_ACLATSTEP_H
 #define SQUID_ACLATSTEP_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 #include "XactionStep.h"
 
-/// \ingroup ACLAPI
-class ACLAtStepStrategy: public ACLStrategy<XactionStep>
+namespace Acl
 {
 
+/// an "at_step" ACL
+class AtStepCheck: public ParameterizedNode< ACLData<XactionStep> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLATSTEP_H */
 

diff --git a/src/acl/Certificate.cc b/src/acl/Certificate.cc
index f08835dea3fd96323d5bcb30028aa90238117b97..4416249202abf658e126dd0d0a1149c22a7ffc8e 100644 (file)
--- a/src/acl/Certificate.cc
+++ b/src/acl/Certificate.cc
@@ -16,17 +16,15 @@
 #if USE_OPENSSL
 
 #include "acl/Certificate.h"
-#include "acl/CertificateData.h"
-#include "acl/Checklist.h"
-#include "client_side.h"
+#include "acl/FilledChecklist.h"
 #include "fde.h"
 #include "globals.h"
-#include "http/Stream.h"
-#include "HttpRequest.h"
 
 int
-ACLCertificateStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::ClientCertificateCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     const int fd = checklist->fd();
     const bool goodDescriptor = 0 <= fd && fd <= Biggest_FD;
     auto ssl = goodDescriptor ? fd_table[fd].ssl.get() : nullptr;

diff --git a/src/acl/Certificate.h b/src/acl/Certificate.h
index e8fc70144b3ebac1d4f547b1cca1172f759dad4f..baadebce85d3a66730b8c6b3a5c0458345687f9d 100644 (file)
--- a/src/acl/Certificate.h
+++ b/src/acl/Certificate.h
@@ -9,19 +9,22 @@
 #ifndef SQUID_ACLCERTIFICATE_H
 #define SQUID_ACLCERTIFICATE_H
 
-#include "acl/Acl.h"
-#include "acl/Checklist.h"
 #include "acl/Data.h"
-#include "acl/Strategised.h"
+#include "acl/ParameterizedNode.h"
 #include "ssl/support.h"
 
-/// \ingroup ACLAPI
-class ACLCertificateStrategy : public ACLStrategy<X509 *>
+namespace Acl
 {
 
+/// a "user_cert" or "ca_cert" ACL
+class ClientCertificateCheck: public ParameterizedNode< ACLData<X509 *> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLCERTIFICATE_H */
 

diff --git a/src/acl/DestinationAsn.h b/src/acl/DestinationAsn.h
index f7da6511e0a18e16b3f77d92437b75d9aa5b014f..7955a8ff96eb7ba6eff37c9f4b7fed7c218e2801 100644 (file)
--- a/src/acl/DestinationAsn.h
+++ b/src/acl/DestinationAsn.h
@@ -9,18 +9,23 @@
 #ifndef SQUID_ACLDESTINATIONASN_H
 #define SQUID_ACLDESTINATIONASN_H
 
-#include "acl/Asn.h"
-#include "acl/Strategy.h"
-#include "ip/Address.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
+#include "ip/forward.h"
 
-/// \ingroup ACLAPI
-class ACLDestinationASNStrategy : public ACLStrategy<Ip::Address>
+namespace Acl
 {
 
+/// a "dst_as" ACL
+class DestinationAsnCheck: public ParameterizedNode< ACLData<Ip::Address> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override {return true;}
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLDESTINATIONASN_H */
 

diff --git a/src/acl/DestinationDomain.cc b/src/acl/DestinationDomain.cc
index c7450e13b1a14d3b8050ffadbf5429a383ef2d93..156cee05746b5dea35645e0dd467c99153804b85 100644 (file)
--- a/src/acl/DestinationDomain.cc
+++ b/src/acl/DestinationDomain.cc
@@ -9,9 +9,9 @@
 /* DEBUG: section 28    Access Control */
 
 #include "squid.h"
-#include "acl/Checklist.h"
 #include "acl/DestinationDomain.h"
 #include "acl/DomainData.h"
+#include "acl/FilledChecklist.h"
 #include "acl/RegexData.h"
 #include "fqdncache.h"
 #include "HttpRequest.h"
@@ -40,10 +40,10 @@ DestinationDomainLookup::LookupDone(const char *, const Dns::LookupDetails &deta
     checklist->resumeNonBlockingCheck(DestinationDomainLookup::Instance());
 }
 
-/* ACLDestinationDomainStrategy */
+/* Acl::DestinationDomainCheck */
 
 const Acl::Options &
-ACLDestinationDomainStrategy::options()
+Acl::DestinationDomainCheck::options()
 {
     static const Acl::BooleanOption LookupBanFlag("-n");
     static const Acl::Options MyOptions = { &LookupBanFlag };
@@ -52,8 +52,10 @@ ACLDestinationDomainStrategy::options()
 }
 
 int
-ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::DestinationDomainCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     assert(checklist != nullptr && checklist->request != nullptr);
 
     if (data->match(checklist->request->url.host())) {

diff --git a/src/acl/DestinationDomain.h b/src/acl/DestinationDomain.h
index 6ed635d81627be45dedb728516557bb105e507c1..8910bf4ec0cebfccb064db4c739a7989bea8b19e 100644 (file)
--- a/src/acl/DestinationDomain.h
+++ b/src/acl/DestinationDomain.h
@@ -9,19 +9,20 @@
 #ifndef SQUID_ACLDESTINATIONDOMAIN_H
 #define SQUID_ACLDESTINATIONDOMAIN_H
 
-#include "acl/Acl.h"
 #include "acl/Checklist.h"
 #include "acl/Data.h"
-#include "acl/Strategised.h"
+#include "acl/ParameterizedNode.h"
 #include "dns/forward.h"
 
-/// \ingroup ACLAPI
-class ACLDestinationDomainStrategy : public ACLStrategy<char const *>
+namespace Acl
 {
 
+/// a "dstdomain" or "dstdom_regex" ACL
+class DestinationDomainCheck: public ParameterizedNode< ACLData<const char *> >
+{
 public:
-    /* ACLStrategy API */
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override {return true;}
     const Acl::Options &options() override;
 
@@ -29,6 +30,8 @@ private:
     Acl::BooleanOptionValue lookupBanned; ///< Are DNS lookups allowed?
 };
 
+} // namespace Acl
+
 /// \ingroup ACLAPI
 class DestinationDomainLookup : public ACLChecklist::AsyncState
 {

diff --git a/src/acl/Gadgets.cc b/src/acl/Gadgets.cc
index 605d409d7a8d8603cc5aa401cc7547d98d5bdb07..fd65b519fab762926317b9acf484dbc0b8cd469d 100644 (file)
--- a/src/acl/Gadgets.cc
+++ b/src/acl/Gadgets.cc
@@ -17,11 +17,8 @@
  */
 
 #include "squid.h"
-#include "acl/Acl.h"
 #include "acl/AclDenyInfoList.h"
-#include "acl/Checklist.h"
 #include "acl/Gadgets.h"
-#include "acl/Strategised.h"
 #include "acl/Tree.h"
 #include "cache_cf.h"
 #include "ConfigParser.h"

diff --git a/src/acl/HasComponent.cc b/src/acl/HasComponent.cc
index 5c9136f9a27e539cfe18679d7305194cb6eaa076..e03e6b8de97d42219af00eb031b606b3de2a3948 100644 (file)
--- a/src/acl/HasComponent.cc
+++ b/src/acl/HasComponent.cc
@@ -11,9 +11,9 @@
 #include "acl/HasComponentData.h"
 
 int
-ACLHasComponentStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::HasComponentCheck::match(ACLChecklist * const checklist)
 {
-    ACLHasComponentData *cdata = dynamic_cast<ACLHasComponentData*>(data);
+    const auto cdata = dynamic_cast<ACLHasComponentData*>(data.get());
     assert(cdata);
     return cdata->match(checklist);
 }

diff --git a/src/acl/HasComponent.h b/src/acl/HasComponent.h
index a0a8e5203e0ca102d18f8faca9f08e837854e755..9c26689db1adcc788e6cbcea2f47f73aee1fae76 100644 (file)
--- a/src/acl/HasComponent.h
+++ b/src/acl/HasComponent.h
@@ -9,15 +9,21 @@
 #ifndef SQUID_ACLHASCOMPONENT_H
 #define SQUID_ACLHASCOMPONENT_H
 
-#include "acl/Strategised.h"
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 
-/// \ingroup ACLAPI
-class ACLHasComponentStrategy : public ACLStrategy<ACLChecklist *>
+namespace Acl
+{
+
+/// a "has" ACL
+class HasComponentCheck: public ParameterizedNode< ACLData<ACLChecklist *> >
 {
 public:
-    int match(ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif
 

diff --git a/src/acl/HierCode.cc b/src/acl/HierCode.cc
index 3a74e6285573130500cfd349c088af1128c8714a..2bfca1d773dff43f9e565bcc365385114f03e3d8 100644 (file)
--- a/src/acl/HierCode.cc
+++ b/src/acl/HierCode.cc
@@ -7,19 +7,15 @@
  */
 
 #include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
 #include "acl/HierCode.h"
-#include "acl/HierCodeData.h"
-#include "acl/Strategised.h"
 #include "HttpRequest.h"
 
-/* explicit template instantiation required for some systems */
-
-template class ACLStrategised<hier_code>;
-
 int
-ACLHierCodeStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::HierCodeCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     return data->match (checklist->request->hier.code);
 }
 

diff --git a/src/acl/HierCode.h b/src/acl/HierCode.h
index 821df248df322c17d46a224a5677b858716d1563..24bf04f12b15c32048674cdbcac32795530c6d18 100644 (file)
--- a/src/acl/HierCode.h
+++ b/src/acl/HierCode.h
@@ -9,17 +9,23 @@
 #ifndef SQUID_ACLHIERCODE_H
 #define SQUID_ACLHIERCODE_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 #include "hier_code.h"
 
-/// \ingroup ACLAPI
-class ACLHierCodeStrategy : public ACLStrategy<hier_code>
+namespace Acl
 {
 
+/// a "hier_code" ACL
+class HierCodeCheck: public ParameterizedNode< ACLData<hier_code> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override {return true;}
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLHIERCODE_H */
 

diff --git a/src/acl/HttpRepHeader.cc b/src/acl/HttpRepHeader.cc
index 819a0e7f69839356557362bf6b6c0c5b3be8e11e..afa7a52c3f03a044a0b49321d8daade2963a16d1 100644 (file)
--- a/src/acl/HttpRepHeader.cc
+++ b/src/acl/HttpRepHeader.cc
@@ -13,8 +13,10 @@
 #include "HttpReply.h"
 
 int
-ACLHTTPRepHeaderStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::HttpRepHeaderCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     return data->match (&checklist->reply->header);
 }
 

diff --git a/src/acl/HttpRepHeader.h b/src/acl/HttpRepHeader.h
index 3e17d6d444650a68a5aef486c3eb61eeb5bde53d..e1f43610c74e9cf90f30130c3365f650d9d5bdff 100644 (file)
--- a/src/acl/HttpRepHeader.h
+++ b/src/acl/HttpRepHeader.h
@@ -9,18 +9,23 @@
 #ifndef SQUID_ACLHTTPREPHEADER_H
 #define SQUID_ACLHTTPREPHEADER_H
 
-#include "acl/Strategised.h"
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 #include "HttpHeader.h"
 
-/// \ingroup ACLAPI
-class ACLHTTPRepHeaderStrategy : public ACLStrategy<HttpHeader*>
+namespace Acl
 {
 
+/// a "rep_header" ACL
+class HttpRepHeaderCheck: public ParameterizedNode< ACLData<HttpHeader*> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresReply() const override { return true; }
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLHTTPREPHEADER_H */
 

diff --git a/src/acl/HttpReqHeader.cc b/src/acl/HttpReqHeader.cc
index 58911aecd8ac1ed303c00a481488459c4fcd98c3..1d8bf42a7f27a5c7f48866b1dc05a843dca1eab2 100644 (file)
--- a/src/acl/HttpReqHeader.cc
+++ b/src/acl/HttpReqHeader.cc
@@ -13,8 +13,10 @@
 #include "HttpRequest.h"
 
 int
-ACLHTTPReqHeaderStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::HttpReqHeaderCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     return data->match (&checklist->request->header);
 }
 

diff --git a/src/acl/HttpReqHeader.h b/src/acl/HttpReqHeader.h
index 30d0b4aa565318522d9acdea2c91c96a6f1fca6a..0e1e78b6e8e12d7a2207194e3d60a6648a9f6de2 100644 (file)
--- a/src/acl/HttpReqHeader.h
+++ b/src/acl/HttpReqHeader.h
@@ -9,17 +9,23 @@
 #ifndef SQUID_ACLHTTPREQHEADER_H
 #define SQUID_ACLHTTPREQHEADER_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 #include "HttpHeader.h"
 
-/// \ingroup ACLAPI
-class ACLHTTPReqHeaderStrategy : public ACLStrategy<HttpHeader*>
+namespace Acl
 {
 
+/// a "req_header" ACL
+class HttpReqHeaderCheck: public ParameterizedNode< ACLData<HttpHeader*> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override { return true; }
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLHTTPREQHEADER_H */
 

diff --git a/src/acl/LocalPort.cc b/src/acl/LocalPort.cc
index 2cf48dc2050775023292442786c100c0caff0c4e..d018c68f12304eced5c02be0728226cf712effe0 100644 (file)
--- a/src/acl/LocalPort.cc
+++ b/src/acl/LocalPort.cc
@@ -11,8 +11,10 @@
 #include "acl/LocalPort.h"
 
 int
-ACLLocalPortStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::LocalPortCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     return data->match (checklist->my_addr.port());
 }
 

diff --git a/src/acl/LocalPort.h b/src/acl/LocalPort.h
index 9e1a82202e177d63c6ce05b69bd3b900f2595075..1ca6f5d58b00f396f6d779e3f704835561b9ceff 100644 (file)
--- a/src/acl/LocalPort.h
+++ b/src/acl/LocalPort.h
@@ -9,15 +9,21 @@
 #ifndef SQUID_ACLLOCALPORT_H
 #define SQUID_ACLLOCALPORT_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 
-/// \ingroup ACLAPI
-class ACLLocalPortStrategy : public ACLStrategy<int>
+namespace Acl
 {
 
+/// a "localport" ACL
+class LocalPortCheck: public ParameterizedNode< ACLData<int> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLLOCALPORT_H */
 

diff --git a/src/acl/Makefile.am b/src/acl/Makefile.am
index 4043044f7b223fd2ea988b69e68119b7d0d3c302..a2904d664a4c45b550b08077caff83b5d5e9cd53 100644 (file)
--- a/src/acl/Makefile.am
+++ b/src/acl/Makefile.am
@@ -38,9 +38,7 @@ libstate_la_SOURCES = \
        Data.h \
        FilledChecklist.cc \
        FilledChecklist.h \
-       Strategised.cc \
-       Strategised.h \
-       Strategy.h
+       ParameterizedNode.h
 
 ## data-specific ACLs
 libacls_la_SOURCES = \

diff --git a/src/acl/Method.cc b/src/acl/Method.cc
index f1de157694317a705534ad7a3dab2c199eda2776..0087072fc512e93d3e2ce6f59e30ad30454c10a8 100644 (file)
--- a/src/acl/Method.cc
+++ b/src/acl/Method.cc
@@ -9,17 +9,13 @@
 #include "squid.h"
 #include "acl/FilledChecklist.h"
 #include "acl/Method.h"
-#include "acl/MethodData.h"
-#include "acl/Strategised.h"
 #include "HttpRequest.h"
 
-/* explicit template instantiation required for some systems */
-
-template class ACLStrategised<HttpRequestMethod>;
-
 int
-ACLMethodStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::MethodCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     return data->match (checklist->request->method);
 }
 

diff --git a/src/acl/Method.h b/src/acl/Method.h
index 9c5c4d833bc09a19e54b71db0c94769812bfeefe..96231db5744c2a18a3e1625e83362cdb35b3d5b1 100644 (file)
--- a/src/acl/Method.h
+++ b/src/acl/Method.h
@@ -9,17 +9,23 @@
 #ifndef SQUID_ACLMETHOD_H
 #define SQUID_ACLMETHOD_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 #include "http/RequestMethod.h"
 
-/// \ingroup ACLAPI
-class ACLMethodStrategy : public ACLStrategy<HttpRequestMethod>
+namespace Acl
 {
 
+/// a "method" ACL
+class MethodCheck: public ParameterizedNode< ACLData<HttpRequestMethod> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override {return true;}
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLMETHOD_H */
 

diff --git a/src/acl/MyPortName.cc b/src/acl/MyPortName.cc
index 0583b3aaac665a8acba04e1c240e653934ca3f82..ac60431eb3bc6ef05c79b36f49e28555f4d86e00 100644 (file)
--- a/src/acl/MyPortName.cc
+++ b/src/acl/MyPortName.cc
@@ -9,15 +9,16 @@
 #include "squid.h"
 #include "acl/FilledChecklist.h"
 #include "acl/MyPortName.h"
-#include "acl/StringData.h"
 #include "anyp/PortCfg.h"
 #include "client_side.h"
 #include "http/Stream.h"
 #include "HttpRequest.h"
 
 int
-ACLMyPortNameStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::MyPortNameCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     if (checklist->conn() != nullptr && checklist->conn()->port != nullptr)
         return data->match(checklist->conn()->port->name);
     if (checklist->request != nullptr)

diff --git a/src/acl/MyPortName.h b/src/acl/MyPortName.h
index fbb630a61da5b33568879a9ddcacf70f72855db3..62a57f762b4d5fbd0750f19c0dfe7f1f8b0af457 100644 (file)
--- a/src/acl/MyPortName.h
+++ b/src/acl/MyPortName.h
@@ -8,14 +8,22 @@
 
 #ifndef SQUID_ACLMYPORTNAME_H
 #define SQUID_ACLMYPORTNAME_H
-#include "acl/Strategy.h"
 
-class ACLMyPortNameStrategy : public ACLStrategy<const char *>
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
+
+namespace Acl
 {
 
+/// a "myportname" ACL
+class MyPortNameCheck: public ParameterizedNode< ACLData<const char *> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLMYPORTNAME_H */
 

diff --git a/src/acl/Note.cc b/src/acl/Note.cc
index 3f6d3d041d85adceb4029ac1462d97a2a7a28786..5b462958eb0f3e54226bd40531100b4a97329428 100644 (file)
--- a/src/acl/Note.cc
+++ b/src/acl/Note.cc
@@ -13,10 +13,10 @@
 #include "acl/NoteData.h"
 #include "HttpRequest.h"
 
-/* Acl::AnnotationStrategy */
+/* Acl::AnnotationCheck */
 
 const Acl::Options &
-Acl::AnnotationStrategy::options()
+Acl::AnnotationCheck::options()
 {
     static const Acl::CharacterSetOption Delimiters("-m");
     static const Acl::Options MyOptions = { &Delimiters };
@@ -24,17 +24,19 @@ Acl::AnnotationStrategy::options()
     return MyOptions;
 }
 
-/* ACLNoteStrategy */
+/* Acl::NoteCheck */
 
 int
-ACLNoteStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::NoteCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     if (const auto request = checklist->request) {
-        if (request->hasNotes() && matchNotes(data, request->notes().getRaw()))
+        if (request->hasNotes() && matchNotes(request->notes().getRaw()))
             return 1;
 #if USE_ADAPTATION
         const Adaptation::History::Pointer ah = request->adaptLogHistory();
-        if (ah != nullptr && ah->metaHeaders != nullptr && matchNotes(data, ah->metaHeaders.getRaw()))
+        if (ah != nullptr && ah->metaHeaders != nullptr && matchNotes(ah->metaHeaders.getRaw()))
             return 1;
 #endif
     }
@@ -42,11 +44,11 @@ ACLNoteStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist
 }
 
 bool
-ACLNoteStrategy::matchNotes(ACLData<MatchType> *noteData, const NotePairs *note) const
+Acl::NoteCheck::matchNotes(const NotePairs *note) const
 {
     const NotePairs::Entries &entries = note->expandListEntries(&delimiters.value);
     for (auto e: entries)
-        if (noteData->match(e.getRaw()))
+        if (data->match(e.getRaw()))
             return true;
     return false;
 }

diff --git a/src/acl/Note.h b/src/acl/Note.h
index 1024d032acd28fec0840c92da5202dc661f2b91a..0cf32a051259877a464e86364d948650d0343b95 100644 (file)
--- a/src/acl/Note.h
+++ b/src/acl/Note.h
@@ -11,35 +11,35 @@
 
 #include "acl/CharacterSetOption.h"
 #include "acl/Data.h"
-#include "acl/Strategy.h"
+#include "acl/ParameterizedNode.h"
 #include "Notes.h"
 
 namespace Acl {
 
 /// common parent of several ACLs dealing with transaction annotations
-class AnnotationStrategy: public ACLStrategy<NotePairs::Entry *>
+class AnnotationCheck: public ParameterizedNode< ACLData<NotePairs::Entry *> >
 {
 public:
-    AnnotationStrategy(): delimiters(CharacterSet(__FILE__, ",")) {}
+    AnnotationCheck(): delimiters(CharacterSet(__FILE__, ",")) {}
 
     const Acl::Options &options() override;
 
     Acl::CharacterSetOptionValue delimiters; ///< annotation separators
 };
 
-} // namespace Acl
-
-/// \ingroup ACLAPI
-class ACLNoteStrategy: public Acl::AnnotationStrategy
+/// a "note" ACL
+class NoteCheck: public Acl::AnnotationCheck
 {
-
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override { return true; }
 
 private:
-    bool matchNotes(ACLData<MatchType> *, const NotePairs *) const;
+    bool matchNotes(const NotePairs *) const;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLNOTE_H */
 

diff --git a/src/acl/ParameterizedNode.h b/src/acl/ParameterizedNode.h
new file mode 100644 (file)
index 0000000..a36c751
--- /dev/null
+++ b/src/acl/ParameterizedNode.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+#ifndef SQUID_SRC_ACL_PARAMETERIZEDNODE_H
+#define SQUID_SRC_ACL_PARAMETERIZEDNODE_H
+
+#include "acl/Acl.h"
+#include "base/Assure.h"
+
+#include <memory>
+
+namespace Acl
+{
+
+/// An ACL that manages squid.conf-configured ACL parameters using a given class
+/// P. That P class must support the ACLData<> or equivalent API.
+template <class P>
+class ParameterizedNode: public ACL
+{
+public:
+    using Parameters = P;
+
+    // to avoid dragging constructor parameters through each derived class, they
+    // are set in a leaf class constructor; \sa Acl::FinalizedParameterizedNode
+    ParameterizedNode() = default;
+    ~ParameterizedNode() override = default;
+
+protected:
+    /* ACL API */
+    void parse() override { Assure(data); data->parse(); }
+    void prepareForUse() override { data->prepareForUse(); }
+    SBufList dump() const override { return data->dump(); }
+    bool empty() const override { return data->empty(); }
+    const Acl::Options &lineOptions() override { return data->lineOptions(); }
+
+    /// Points to items this ACL is configured to match. A derived class ensures
+    /// that this pointer is never nil after the ACL object construction ends.
+    std::unique_ptr<Parameters> data;
+};
+
+} // namespace Acl
+
+#endif /* SQUID_SRC_ACL_PARAMETERIZEDNODE_H */
+

diff --git a/src/acl/PeerName.cc b/src/acl/PeerName.cc
index 0ebb728dcae6612fb06d55f363ea27b4c4d86b39..42cba8530f1ec13b81771262ff04dc08580356f0 100644 (file)
--- a/src/acl/PeerName.cc
+++ b/src/acl/PeerName.cc
@@ -9,12 +9,12 @@
 #include "squid.h"
 #include "acl/FilledChecklist.h"
 #include "acl/PeerName.h"
-#include "acl/RegexData.h"
-#include "acl/StringData.h"
 
 int
-ACLPeerNameStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::PeerNameCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     if (!checklist->dst_peer_name.isEmpty())
         return data->match(checklist->dst_peer_name.c_str());
     return 0;

diff --git a/src/acl/PeerName.h b/src/acl/PeerName.h
index ed0246d9def30b0c461ca4a19a1f830f4dae888a..d65e294c8eaf542f67bc9a7a9f2e4dfedbf7cc45 100644 (file)
--- a/src/acl/PeerName.h
+++ b/src/acl/PeerName.h
@@ -9,14 +9,21 @@
 #ifndef SQUID_ACLPEERNAME_H
 #define SQUID_ACLPEERNAME_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 
-class ACLPeerNameStrategy : public ACLStrategy<const char *>
+namespace Acl
 {
 
+/// a "peername" or "peername_regex" ACL
+class PeerNameCheck: public ParameterizedNode< ACLData<const char *> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLPEERNAME_H */
 

diff --git a/src/acl/Protocol.cc b/src/acl/Protocol.cc
index d53ff93b939adce290365ff8621caeaa0a8b60ab..e7c92c5e05e5be6649706c7cc3f9f13183cc87ea 100644 (file)
--- a/src/acl/Protocol.cc
+++ b/src/acl/Protocol.cc
@@ -9,17 +9,13 @@
 #include "squid.h"
 #include "acl/FilledChecklist.h"
 #include "acl/Protocol.h"
-#include "acl/ProtocolData.h"
-#include "acl/Strategised.h"
 #include "HttpRequest.h"
 
-/* explicit template instantiation required for some systems */
-
-template class ACLStrategised<AnyP::ProtocolType>;
-
 int
-ACLProtocolStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::ProtocolCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     return data->match(checklist->request->url.getScheme());
 }
 

diff --git a/src/acl/Protocol.h b/src/acl/Protocol.h
index a7ef518ca84289d11151f7fdc349238ff44e4bc3..2517cdc6e12fe5dfc28bb53f17c98d92fac17d10 100644 (file)
--- a/src/acl/Protocol.h
+++ b/src/acl/Protocol.h
@@ -9,16 +9,23 @@
 #ifndef SQUID_ACLPROTOCOL_H
 #define SQUID_ACLPROTOCOL_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 #include "anyp/ProtocolType.h"
 
-class ACLProtocolStrategy : public ACLStrategy<AnyP::ProtocolType>
+namespace Acl
 {
 
+/// a "proto" ACL
+class ProtocolCheck: public ParameterizedNode< ACLData<AnyP::ProtocolType> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override {return true;}
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLPROTOCOL_H */
 

diff --git a/src/acl/ReplyHeaderStrategy.h b/src/acl/ReplyHeaderStrategy.h
index 26005ae6b06307ef9d3865f9d378472b2f6957c1..da0b202572208c731586d9b678b2ef13d0766dd3 100644 (file)
--- a/src/acl/ReplyHeaderStrategy.h
+++ b/src/acl/ReplyHeaderStrategy.h
@@ -9,25 +9,33 @@
 #ifndef SQUID_ACLREPLYHEADERSTRATEGY_H
 #define SQUID_ACLREPLYHEADERSTRATEGY_H
 
-#include "acl/Acl.h"
 #include "acl/Data.h"
 #include "acl/FilledChecklist.h"
-#include "acl/Strategy.h"
+#include "acl/ParameterizedNode.h"
+#include "acl/ReplyHeaderStrategy.h"
 #include "HttpReply.h"
 
-template <Http::HdrType header>
-class ACLReplyHeaderStrategy : public ACLStrategy<char const *>
+namespace Acl
 {
 
+/// matches the value of a given reply header (e.g., "rep_mime_type" ACL)
+template <Http::HdrType header>
+class ReplyHeaderCheck: public ParameterizedNode< ACLData<const char *> >
+{
 public:
-    int match (ACLData<char const *> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresReply() const override {return true;}
 };
 
+} // namespace Acl
+
 template <Http::HdrType header>
 int
-ACLReplyHeaderStrategy<header>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::ReplyHeaderCheck<header>::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     char const *theHeader = checklist->reply->header.getStr(header);
 
     if (nullptr == theHeader)

diff --git a/src/acl/ReplyMimeType.h b/src/acl/ReplyMimeType.h
index 2af7cb23718d7a9f724b3444ffd937f42272b020..1a7750cc5a3f868caa8ebc0430998dabc528821e 100644 (file)
--- a/src/acl/ReplyMimeType.h
+++ b/src/acl/ReplyMimeType.h
@@ -17,8 +17,10 @@
 
 template <>
 inline int
-ACLReplyHeaderStrategy<Http::HdrType::CONTENT_TYPE>::match(ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::ReplyHeaderCheck<Http::HdrType::CONTENT_TYPE>::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     char const *theHeader = checklist->reply->header.getStr(Http::HdrType::CONTENT_TYPE);
 
     if (nullptr == theHeader)

diff --git a/src/acl/RequestHeaderStrategy.h b/src/acl/RequestHeaderStrategy.h
index dc04068215567a2f6b28bbaa0cab1045e38279d2..44c20b8b0777df18189a756f2c76fd2f90ce3beb 100644 (file)
--- a/src/acl/RequestHeaderStrategy.h
+++ b/src/acl/RequestHeaderStrategy.h
@@ -8,25 +8,33 @@
 
 #ifndef SQUID_ACLREQUESTHEADERSTRATEGY_H
 #define SQUID_ACLREQUESTHEADERSTRATEGY_H
-#include "acl/Acl.h"
+
 #include "acl/Data.h"
 #include "acl/FilledChecklist.h"
-#include "acl/Strategy.h"
+#include "acl/ParameterizedNode.h"
 #include "HttpRequest.h"
 
-template <Http::HdrType header>
-class ACLRequestHeaderStrategy : public ACLStrategy<char const *>
+namespace Acl
 {
 
+/// matches the value of a given request header (e.g., "browser" or "referer_regex")
+template <Http::HdrType header>
+class RequestHeaderCheck: public ParameterizedNode< ACLData<const char *> >
+{
 public:
-    int match (ACLData<char const *> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override {return true;}
 };
 
+} // namespace Acl
+
 template <Http::HdrType header>
 int
-ACLRequestHeaderStrategy<header>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::RequestHeaderCheck<header>::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     char const *theHeader = checklist->request->header.getStr(header);
 
     if (nullptr == theHeader)

diff --git a/src/acl/RequestMimeType.h b/src/acl/RequestMimeType.h
index 3927cd7eb92fd0c14df13bef0bc7ab174eb03c28..67c8e52792a2c5aac4c992b4b52072cbb18b68f7 100644 (file)
--- a/src/acl/RequestMimeType.h
+++ b/src/acl/RequestMimeType.h
@@ -17,8 +17,10 @@
 
 template <>
 inline int
-ACLRequestHeaderStrategy<Http::HdrType::CONTENT_TYPE>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::RequestHeaderCheck<Http::HdrType::CONTENT_TYPE>::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     char const *theHeader = checklist->request->header.getStr(Http::HdrType::CONTENT_TYPE);
 
     if (nullptr == theHeader)

diff --git a/src/acl/ServerCertificate.cc b/src/acl/ServerCertificate.cc
index 873eec775cc1930b605eee0d3cb0148e0fb26643..a7d2c286afc388820369939cd1780d26b05d1b90 100644 (file)
--- a/src/acl/ServerCertificate.cc
+++ b/src/acl/ServerCertificate.cc
@@ -10,8 +10,7 @@
 
 #if USE_OPENSSL
 
-#include "acl/CertificateData.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
 #include "acl/ServerCertificate.h"
 #include "client_side.h"
 #include "fde.h"
@@ -19,8 +18,10 @@
 #include "ssl/ServerBump.h"
 
 int
-ACLServerCertificateStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::ServerCertificateCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     Security::CertPointer cert;
     if (checklist->serverCert)
         cert = checklist->serverCert;

diff --git a/src/acl/ServerCertificate.h b/src/acl/ServerCertificate.h
index 8315c81a1cd7d71d26dd068ea51f101c1c47b4cc..a25d641d62dc605f44e7c7f5ec50f21906f2c919 100644 (file)
--- a/src/acl/ServerCertificate.h
+++ b/src/acl/ServerCertificate.h
@@ -9,18 +9,22 @@
 #ifndef SQUID_ACLSERVERCERTIFICATE_H
 #define SQUID_ACLSERVERCERTIFICATE_H
 
-#include "acl/Acl.h"
-#include "acl/Checklist.h"
 #include "acl/Data.h"
-#include "acl/Strategised.h"
+#include "acl/ParameterizedNode.h"
 #include "ssl/support.h"
 
-/// \ingroup ACLAPI
-class ACLServerCertificateStrategy : public ACLStrategy<X509 *>
+namespace Acl
+{
+
+/// a "server_cert_fingerprint" ACL
+class ServerCertificateCheck: public ParameterizedNode< ACLData<X509 *> >
 {
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLSERVERCERTIFICATE_H */
 

diff --git a/src/acl/ServerName.cc b/src/acl/ServerName.cc
index fe356923e9897f985d88a7b67a85bdb1b5e2fb72..f48629dddca82c7cb041e02708c9bc8450ca50b6 100644 (file)
--- a/src/acl/ServerName.cc
+++ b/src/acl/ServerName.cc
@@ -9,16 +9,11 @@
 /* DEBUG: section 28    Access Control */
 
 #include "squid.h"
-#include "acl/DomainData.h"
 #include "acl/FilledChecklist.h"
-#include "acl/RegexData.h"
 #include "acl/ServerName.h"
 #include "client_side.h"
-#include "fde.h"
 #include "http/Stream.h"
 #include "HttpRequest.h"
-#include "ipcache.h"
-#include "SquidString.h"
 #include "ssl/bio.h"
 #include "ssl/ServerBump.h"
 #include "ssl/support.h"
@@ -78,8 +73,10 @@ check_cert_domain( void *check_data, ASN1_STRING *cn_data)
 }
 
 int
-ACLServerNameStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::ServerNameCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     assert(checklist != nullptr && checklist->request != nullptr);
 
     const char *serverName = nullptr;
@@ -104,7 +101,7 @@ ACLServerNameStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *ch
             serverName = clientRequestedServerName;
         else { // either no options or useServerProvided
             if (X509 *peer_cert = (conn->serverBump() ? conn->serverBump()->serverCert.get() : nullptr))
-                return Ssl::matchX509CommonNames(peer_cert, (void *)data, check_cert_domain<MatchType>);
+                return Ssl::matchX509CommonNames(peer_cert, data.get(), check_cert_domain<const char*>);
             if (!useServerProvided)
                 serverName = clientRequestedServerName;
         }
@@ -117,7 +114,7 @@ ACLServerNameStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *ch
 }
 
 const Acl::Options &
-ACLServerNameStrategy::options()
+Acl::ServerNameCheck::options()
 {
     static const Acl::BooleanOption ClientRequested("--client-requested");
     static const Acl::BooleanOption ServerProvided("--server-provided");
@@ -130,7 +127,7 @@ ACLServerNameStrategy::options()
 }
 
 bool
-ACLServerNameStrategy::valid() const
+Acl::ServerNameCheck::valid() const
 {
     int optionCount = 0;
 

diff --git a/src/acl/ServerName.h b/src/acl/ServerName.h
index a797c1c22d725d2a9886baf47f064ccf9ef54999..a804b2fbeae6b0637de2de49fc7005566d3810a9 100644 (file)
--- a/src/acl/ServerName.h
+++ b/src/acl/ServerName.h
@@ -9,9 +9,8 @@
 #ifndef SQUID_ACLSERVERNAME_H
 #define SQUID_ACLSERVERNAME_H
 
-#include "acl/Acl.h"
 #include "acl/DomainData.h"
-#include "acl/Strategy.h"
+#include "acl/ParameterizedNode.h"
 
 class ACLServerNameData : public ACLDomainData {
     MEMPROXY_CLASS(ACLServerNameData);
@@ -20,12 +19,15 @@ public:
     bool match(const char *) override;
 };
 
-class ACLServerNameStrategy : public ACLStrategy<char const *>
+namespace Acl
 {
 
+/// an "ssl::server_name" or "ssl::server_name_regex" ACL
+class ServerNameCheck: public ParameterizedNode< ACLData<const char *> >
+{
 public:
-    /* ACLStrategy API */
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override {return true;}
     const Acl::Options &options() override;
     bool valid() const override;
@@ -36,5 +38,7 @@ private:
     Acl::BooleanOptionValue useConsensus; ///< Ignore mismatching names
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLSERVERNAME_H */
 

diff --git a/src/acl/SourceAsn.h b/src/acl/SourceAsn.h
index 416115357c358da1d9fc5898b6ebf8e583be3712..70029b720341dc844ffa00f1d0f6685a7318111b 100644 (file)
--- a/src/acl/SourceAsn.h
+++ b/src/acl/SourceAsn.h
@@ -9,17 +9,22 @@
 #ifndef SQUID_ACL_SOURCEASN_H
 #define SQUID_ACL_SOURCEASN_H
 
-#include "acl/Strategy.h"
-#include "ip/Address.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
+#include "ip/forward.h"
 
-class ACLChecklist;
-
-class ACLSourceASNStrategy : public ACLStrategy<Ip::Address>
+namespace Acl
 {
 
+/// a "src_as" ACL
+class SourceAsnCheck: public ParameterizedNode< ACLData<Ip::Address> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACL_SOURCEASN_H */
 

diff --git a/src/acl/SourceDomain.cc b/src/acl/SourceDomain.cc
index d9670525f5936a1fe7ae7cb3ccd944810355e7e6..ea892b3eacb6bcc088ea5d7dc5c839e57d301a1e 100644 (file)
--- a/src/acl/SourceDomain.cc
+++ b/src/acl/SourceDomain.cc
@@ -41,8 +41,10 @@ SourceDomainLookup::LookupDone(const char *, const Dns::LookupDetails &details,
 }
 
 int
-ACLSourceDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::SourceDomainCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     const char *fqdn = nullptr;
     fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS);
 

diff --git a/src/acl/SourceDomain.h b/src/acl/SourceDomain.h
index 99cac9ea60f17495d4d53f164346847cbfbee9bf..2a327923641fa872920d16bb67a725da587867a0 100644 (file)
--- a/src/acl/SourceDomain.h
+++ b/src/acl/SourceDomain.h
@@ -8,19 +8,24 @@
 
 #ifndef SQUID_ACLSOURCEDOMAIN_H
 #define SQUID_ACLSOURCEDOMAIN_H
-#include "acl/Acl.h"
-#include "acl/Checklist.h"
+
 #include "acl/Data.h"
-#include "acl/Strategy.h"
+#include "acl/ParameterizedNode.h"
 #include "dns/forward.h"
 
-class ACLSourceDomainStrategy : public ACLStrategy<char const *>
+namespace Acl
 {
 
+/// a "srcdomain" or "srcdom_regex" ACL
+class SourceDomainCheck: public ParameterizedNode< ACLData<const char *> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 class SourceDomainLookup : public ACLChecklist::AsyncState
 {
 

diff --git a/src/acl/SquidError.cc b/src/acl/SquidError.cc
index efbfd8d091399ae8a9a42c6ff9afe8e7bdf3870c..5540abd8fd16bd860b85fded0816f6f6e7bb3aa8 100644 (file)
--- a/src/acl/SquidError.cc
+++ b/src/acl/SquidError.cc
@@ -12,8 +12,10 @@
 #include "HttpRequest.h"
 
 int
-ACLSquidErrorStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::SquidErrorCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     if (checklist->requestErrorType != ERR_MAX)
         return data->match(checklist->requestErrorType);
     else if (checklist->request)

diff --git a/src/acl/SquidError.h b/src/acl/SquidError.h
index 5d31126b795d5860dfe54dce1ee081722068e28b..b9185b6d23c97600368ee4ac7bde8c1fb82a30f8 100644 (file)
--- a/src/acl/SquidError.h
+++ b/src/acl/SquidError.h
@@ -9,15 +9,22 @@
 #ifndef SQUID_ACLSQUIDERROR_H
 #define SQUID_ACLSQUIDERROR_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 #include "error/forward.h"
 
-class ACLSquidErrorStrategy : public ACLStrategy<err_type>
+namespace Acl
 {
 
+/// a "squid_error" ACL
+class SquidErrorCheck: public ParameterizedNode< ACLData<err_type> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLSQUIDERROR_H */
 

diff --git a/src/acl/SslError.cc b/src/acl/SslError.cc
index 4bea9f73499d039e8d25c6471e4d54ff35fd7a22..0513aac1260c9ac0ed84d40a39b1658cbb3785e7 100644 (file)
--- a/src/acl/SslError.cc
+++ b/src/acl/SslError.cc
@@ -9,11 +9,12 @@
 #include "squid.h"
 #include "acl/FilledChecklist.h"
 #include "acl/SslError.h"
-#include "acl/SslErrorData.h"
 
 int
-ACLSslErrorStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::CertificateErrorCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     return data->match(checklist->sslErrors.get());
 }
 

diff --git a/src/acl/SslError.h b/src/acl/SslError.h
index 4bc8a187f2786842d7545ca8bfd8b3ffbcac3302..c1747e27cd89c7db19f230cb94c0a166a77f0b3c 100644 (file)
--- a/src/acl/SslError.h
+++ b/src/acl/SslError.h
@@ -9,15 +9,22 @@
 #ifndef SQUID_ACLSSL_ERROR_H
 #define SQUID_ACLSSL_ERROR_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 #include "security/forward.h"
 
-class ACLSslErrorStrategy : public ACLStrategy<const Security::CertErrors *>
+namespace Acl
 {
 
+/// an "ssl_error" ACL
+class CertificateErrorCheck: public ParameterizedNode< ACLData<const Security::CertErrors *> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLSSL_ERROR_H */
 

diff --git a/src/acl/Strategised.cc b/src/acl/Strategised.cc
deleted file mode 100644 (file)
index 52b942a..0000000
--- a/src/acl/Strategised.cc
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-/* DEBUG: section 28    Access Control */
-
-#include "squid.h"
-#include "acl/Strategised.h"
-#include "HttpHeader.h"
-
-/*
- *  moved template instantiation into ACLStrategized.cc
- *  to compile on Mac OSX 10.5 Leopard.
- *  This corrects a duplicate symbol error
- */
-
-/* explicit template instantiation required for some systems */
-
-/* XXX: move to ACLHTTPRepHeader or ACLHTTPReqHeader */
-template class ACLStrategised<HttpHeader*>;
-
-/* ACLMyPortName + ACLMyPeerName + ACLBrowser */
-template class ACLStrategised<const char *>;
-
-/* ACLLocalPort + ACLSslError */
-template class ACLStrategised<int>;
-

diff --git a/src/acl/Strategised.h b/src/acl/Strategised.h
deleted file mode 100644 (file)
index 46650d7..0000000
--- a/src/acl/Strategised.h
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-#ifndef SQUID_ACLSTRATEGISED_H
-#define SQUID_ACLSTRATEGISED_H
-
-#include "acl/Acl.h"
-#include "acl/Data.h"
-#include "acl/FilledChecklist.h"
-#include "acl/Strategy.h"
-
-// XXX: Replace with a much simpler abstract ACL child class without the
-// ACLStrategy parameter (and associated call forwarding). Duplicating key
-// portions of the ACL class API in ACLStrategy is not needed because
-// ACLStrategy is unused outside the ACLStrategised context. Existing classes
-// like ACLExtUser, ACLProxyAuth, and ACLIdent seem to confirm this assertion.
-// It also requires forwarding ACL info to ACLStrategy as method parameters.
-
-/// Splits the ACL API into two individually configurable components:
-/// * ACLStrategy that usually extracts information from the current transaction
-/// * ACLData that usually matches information against admin-configured values
-template <class M>
-class ACLStrategised : public ACL
-{
-    MEMPROXY_CLASS(ACLStrategised);
-
-public:
-    typedef M MatchType;
-
-    ~ACLStrategised() override;
-    ACLStrategised(ACLData<MatchType> *, ACLStrategy<MatchType> *, char const *);
-
-    char const *typeString() const override;
-
-    bool requiresRequest() const override {return matcher->requiresRequest();}
-
-    bool requiresReply() const override {return matcher->requiresReply();}
-
-    void prepareForUse() override { data->prepareForUse();}
-    void parse() override;
-    int match(ACLChecklist *checklist) override;
-    virtual int match (M const &);
-    SBufList dump() const override;
-    bool empty () const override;
-    bool valid () const override;
-
-private:
-    /* ACL API */
-    const Acl::Options &options() override { return matcher->options(); }
-    const Acl::Options &lineOptions() override { return data->lineOptions(); }
-
-    ACLData<MatchType> *data;
-    char const *type_;
-    ACLStrategy<MatchType> *matcher;
-};
-
-/* implementation follows */
-
-template <class MatchType>
-ACLStrategised<MatchType>::~ACLStrategised()
-{
-    delete data;
-    delete matcher;
-}
-
-template <class MatchType>
-ACLStrategised<MatchType>::ACLStrategised(ACLData<MatchType> *newData, ACLStrategy<MatchType> *theStrategy, char const *theType): data(newData), type_(theType), matcher(theStrategy)
-{}
-
-template <class MatchType>
-char const *
-ACLStrategised<MatchType>::typeString() const
-{
-    return type_;
-}
-
-template <class MatchType>
-void
-ACLStrategised<MatchType>::parse()
-{
-    data->parse();
-}
-
-template <class MatchType>
-bool
-ACLStrategised<MatchType>::empty() const
-{
-    return data->empty();
-}
-
-template <class MatchType>
-int
-ACLStrategised<MatchType>::match(ACLChecklist *cl)
-{
-    ACLFilledChecklist *checklist = dynamic_cast<ACLFilledChecklist*>(cl);
-    assert(checklist);
-    return matcher->match(data, checklist);
-}
-
-template <class MatchType>
-int
-ACLStrategised<MatchType>::match(MatchType const &toFind)
-{
-    return data->match(toFind);
-}
-
-template <class MatchType>
-SBufList
-ACLStrategised<MatchType>::dump() const
-{
-    return data->dump();
-}
-
-template <class MatchType>
-bool
-ACLStrategised<MatchType>::valid () const
-{
-    return matcher->valid();
-}
-
-#endif /* SQUID_ACLSTRATEGISED_H */
-

diff --git a/src/acl/Strategy.h b/src/acl/Strategy.h
deleted file mode 100644 (file)
index a3712bc..0000000
--- a/src/acl/Strategy.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-#ifndef SQUID_ACLSTRATEGY_H
-#define SQUID_ACLSTRATEGY_H
-
-#include "acl/Acl.h"
-#include "acl/Data.h"
-#include "acl/Options.h"
-
-class ACLFilledChecklist;
-
-template<class M>
-
-/// A matching algorithm.
-class ACLStrategy
-{
-
-public:
-    typedef M MatchType;
-
-    /* Replicate ACL API parts relevant to the matching algorithm. */
-    virtual const Acl::Options &options() { return Acl::NoOptions(); }
-    virtual int match (ACLData<M> * &, ACLFilledChecklist *) = 0;
-    virtual bool requiresRequest() const {return false;}
-
-    virtual bool requiresReply() const {return false;}
-
-    virtual bool valid() const {return true;}
-
-    virtual ~ACLStrategy() {}
-};
-
-#endif /* SQUID_ACLSTRATEGY_H */
-

diff --git a/src/acl/Tag.cc b/src/acl/Tag.cc
index e7376e883f07d8a5da6a56754a43d45657169ed7..6f7a90c76a49398793a23d3d6833a8bdac270c7a 100644 (file)
--- a/src/acl/Tag.cc
+++ b/src/acl/Tag.cc
@@ -8,13 +8,14 @@
 
 #include "squid.h"
 #include "acl/FilledChecklist.h"
-#include "acl/StringData.h"
 #include "acl/Tag.h"
 #include "HttpRequest.h"
 
 int
-ACLTagStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::TagCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     if (checklist->request != nullptr)
         return data->match (checklist->request->tag.termedBuf());
     return 0;

diff --git a/src/acl/Tag.h b/src/acl/Tag.h
index 528eaad2975afb510a14dc514312e3f2a628e6f9..3541b96dd6d0cfd19efd061aaf6c336f03e1a404 100644 (file)
--- a/src/acl/Tag.h
+++ b/src/acl/Tag.h
@@ -9,14 +9,21 @@
 #ifndef SQUID_ACLTAG_H
 #define SQUID_ACLTAG_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 
-class ACLTagStrategy : public ACLStrategy<const char *>
+namespace Acl
 {
 
+/// a "tag" ACL
+class TagCheck: public ParameterizedNode< ACLData<const char *> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLMYPORTNAME_H */
 

diff --git a/src/acl/Time.cc b/src/acl/Time.cc
index 7dca02be6a3199715def7914b72c1d5d002f8045..a5ca873acc1787b6e67c0cfc8e5fd12488a36f05 100644 (file)
--- a/src/acl/Time.cc
+++ b/src/acl/Time.cc
@@ -10,10 +10,10 @@
 
 #include "squid.h"
 #include "acl/Time.h"
-#include "acl/TimeData.h"
+#include "time/gadgets.h"
 
 int
-ACLTimeStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *)
+Acl::CurrentTimeCheck::match(ACLChecklist *)
 {
     return data->match(squid_curtime);
 }

diff --git a/src/acl/Time.h b/src/acl/Time.h
index 9a44fd4a477e2f017c72b25f6a5c3d4debc0e7bc..30d1f5a9f57d718e02febcccbf04b4ea6370c614 100644 (file)
--- a/src/acl/Time.h
+++ b/src/acl/Time.h
@@ -8,15 +8,23 @@
 
 #ifndef SQUID_ACLTIME_H
 #define SQUID_ACLTIME_H
-#include "acl/Data.h"
-#include "acl/Strategised.h"
 
-class ACLTimeStrategy : public ACLStrategy<time_t>
+#include "acl/ParameterizedNode.h"
+#include "acl/TimeData.h"
+#include "mem/AllocatorProxy.h"
+
+namespace Acl
 {
 
+/// a "time" ACL
+class CurrentTimeCheck: public ParameterizedNode<ACLTimeData>
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLTIME_H */
 

diff --git a/src/acl/Url.cc b/src/acl/Url.cc
index 143afc5c0cc10417a291a853b580a2f4131bda8e..6e9e91a754147e94688823508753c901775309e4 100644 (file)
--- a/src/acl/Url.cc
+++ b/src/acl/Url.cc
@@ -10,14 +10,15 @@
 
 #include "squid.h"
 #include "acl/FilledChecklist.h"
-#include "acl/RegexData.h"
 #include "acl/Url.h"
 #include "HttpRequest.h"
 #include "rfc1738.h"
 
 int
-ACLUrlStrategy::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::UrlCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     char *esc_buf = SBufToCstring(checklist->request->effectiveRequestUri());
     rfc1738_unescape(esc_buf);
     int result = data->match(esc_buf);

diff --git a/src/acl/Url.h b/src/acl/Url.h
index d705f64af2ce0bbe793d36c49f97c1390303f9f4..20d81b5137f862d10541bc6cc0cc658059d8f61e 100644 (file)
--- a/src/acl/Url.h
+++ b/src/acl/Url.h
@@ -10,15 +10,21 @@
 #define SQUID_ACLURL_H
 
 #include "acl/Data.h"
-#include "acl/Strategised.h"
+#include "acl/ParameterizedNode.h"
 
-class ACLUrlStrategy : public ACLStrategy<char const *>
+namespace Acl
 {
 
+/// a "url_regex" ACL
+class UrlCheck: public ParameterizedNode< ACLData<const char *> >
+{
 public:
-    int match (ACLData<char const *> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override {return true;}
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLURL_H */
 

diff --git a/src/acl/UrlLogin.cc b/src/acl/UrlLogin.cc
index 598ceb2644b7ee13a57397b6796cc92afcd35a9d..f56031bac3997301acfbff3d896bcf875324bb70 100644 (file)
--- a/src/acl/UrlLogin.cc
+++ b/src/acl/UrlLogin.cc
@@ -10,14 +10,15 @@
 
 #include "squid.h"
 #include "acl/FilledChecklist.h"
-#include "acl/RegexData.h"
 #include "acl/UrlLogin.h"
 #include "HttpRequest.h"
 #include "rfc1738.h"
 
 int
-ACLUrlLoginStrategy::match(ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::UrlLoginCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     if (checklist->request->url.userInfo().isEmpty()) {
         debugs(28, 5, "URL has no user-info details. cannot match");
         return 0; // nothing can match

diff --git a/src/acl/UrlLogin.h b/src/acl/UrlLogin.h
index e32ac064cb7cf5d968187d993df808627984bc3a..7c579e9c71aa1742c70f52657af635b2ef066d66 100644 (file)
--- a/src/acl/UrlLogin.h
+++ b/src/acl/UrlLogin.h
@@ -9,17 +9,22 @@
 #ifndef SQUID_ACLURLLOGIN_H
 #define SQUID_ACLURLLOGIN_H
 
-#include "acl/Acl.h"
 #include "acl/Data.h"
-#include "acl/Strategy.h"
+#include "acl/ParameterizedNode.h"
 
-class ACLUrlLoginStrategy : public ACLStrategy<char const *>
+namespace Acl
 {
 
+/// a "urllogin" ACL
+class UrlLoginCheck: public ParameterizedNode< ACLData<const char *> >
+{
 public:
-    int match (ACLData<char const *> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override {return true;}
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLURLLOGIN_H */
 

diff --git a/src/acl/UrlPath.cc b/src/acl/UrlPath.cc
index 0467299c9ad5d519885d95bd1a672c6a83eac2a4..714937f5a028a74e765290fac63dcba1d6bdaffa 100644 (file)
--- a/src/acl/UrlPath.cc
+++ b/src/acl/UrlPath.cc
@@ -10,14 +10,15 @@
 
 #include "squid.h"
 #include "acl/FilledChecklist.h"
-#include "acl/RegexData.h"
 #include "acl/UrlPath.h"
 #include "HttpRequest.h"
 #include "rfc1738.h"
 
 int
-ACLUrlPathStrategy::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::UrlPathCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     if (checklist->request->url.path().isEmpty())
         return -1;
 

diff --git a/src/acl/UrlPath.h b/src/acl/UrlPath.h
index d86acfefbe759b188cf14a0070b78007f35a384c..0ead4e6764f4301fc4098bae5ab8d5f28319a439 100644 (file)
--- a/src/acl/UrlPath.h
+++ b/src/acl/UrlPath.h
@@ -9,15 +9,22 @@
 #ifndef SQUID_ACLURLPATH_H
 #define SQUID_ACLURLPATH_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 
-class ACLUrlPathStrategy : public ACLStrategy<char const *>
+namespace Acl
 {
 
+/// a "urlpath_regex" ACL
+class UrlPathCheck: public ParameterizedNode< ACLData<const char *> >
+{
 public:
-    int match (ACLData<char const *> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override {return true;}
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLURLPATH_H */
 

diff --git a/src/acl/UrlPort.cc b/src/acl/UrlPort.cc
index 2b01f5a8ec5fbda019dd2d9e5a3ca4edd4df3bc6..bb81b769d3601aff815df173f55eb60bebc2863a 100644 (file)
--- a/src/acl/UrlPort.cc
+++ b/src/acl/UrlPort.cc
@@ -12,8 +12,10 @@
 #include "HttpRequest.h"
 
 int
-ACLUrlPortStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::UrlPortCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     return data->match(checklist->request->url.port().value_or(0));
 }
 

diff --git a/src/acl/UrlPort.h b/src/acl/UrlPort.h
index 75d6f800254efbe7842f97d68268e61bfb183039..83389bbbc037a40ab304c75af16545fad3c19d16 100644 (file)
--- a/src/acl/UrlPort.h
+++ b/src/acl/UrlPort.h
@@ -9,15 +9,22 @@
 #ifndef SQUID_ACLURLPORT_H
 #define SQUID_ACLURLPORT_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 
-class ACLUrlPortStrategy : public ACLStrategy<int>
+namespace Acl
 {
 
+/// a "port" ACL
+class UrlPortCheck: public ParameterizedNode< ACLData<int> >
+{
 public:
-    int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
     bool requiresRequest() const override {return true;}
 };
 
+} // namespace Acl
+
 #endif /* SQUID_ACLURLPORT_H */
 

diff --git a/src/mem/Allocator.h b/src/mem/Allocator.h
index a554881cc793a65cafbcffd75520f5d86f0ad0a0..aa6b3eaaf9e8d91092a1c51ccf6e71e6fcf16972 100644 (file)
--- a/src/mem/Allocator.h
+++ b/src/mem/Allocator.h
@@ -29,6 +29,10 @@ public:
         objectSize(RoundedSize(sz))
     {}
 
+    /// change the allocator description if we were only able to provide an
+    /// approximate description at object construction time
+    void relabel(const char * const aLabel) { label = aLabel; }
+
     // TODO make this method const
     /**
      * fill the given object with statistical data about pool
@@ -102,7 +106,7 @@ public:
     // XXX: no counter for the number of free() calls avoided
 
     /// brief description of objects returned by alloc()
-    const char *const label;
+    const char *label;
 
     /// the size (in bytes) of objects managed by this allocator
     const size_t objectSize;

diff --git a/src/mem/AllocatorProxy.cc b/src/mem/AllocatorProxy.cc
index 92de07b691ad095dec812939cf72ac49b0a8b904..5ce7bd2cbd0e2fe0dde97a042d71d38d9cfb3553 100644 (file)
--- a/src/mem/AllocatorProxy.cc
+++ b/src/mem/AllocatorProxy.cc
@@ -52,6 +52,13 @@ Mem::AllocatorProxy::zeroBlocks(bool doIt)
     getAllocator()->zeroBlocks(doIt);
 }
 
+void
+Mem::AllocatorProxy::relabel(const char * const aLabel)
+{
+    getAllocator()->relabel(aLabel);
+    label = aLabel;
+}
+
 Mem::PoolMeter const &
 Mem::AllocatorProxy::getMeter() const
 {

diff --git a/src/mem/AllocatorProxy.h b/src/mem/AllocatorProxy.h
index 9c906ced30103c7e0e58c161c593ce7095a4b81a..c9cb8c5f036d94cb8abddbdf1f91015b8d17ffb3 100644 (file)
--- a/src/mem/AllocatorProxy.h
+++ b/src/mem/AllocatorProxy.h
@@ -82,6 +82,9 @@ public:
 
     void zeroBlocks(bool doIt);
 
+    /// \copydoc Mem::Allocator::relabel()
+    void relabel(const char * const aLabel);
+
 private:
     Allocator *getAllocator() const;
 

diff --git a/src/snmp_core.cc b/src/snmp_core.cc
index 46868425414b6f67775a6c48ff42f437e381c9f2..65384979902e364143fa391ed8c99e0031a1daea 100644 (file)
--- a/src/snmp_core.cc
+++ b/src/snmp_core.cc
@@ -1132,8 +1132,10 @@ oid2addr(oid * id, Ip::Address &addr, u_int size)
 }
 
 int
-ACLSNMPCommunityStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::SnmpCommunityCheck::match(ACLChecklist * const ch)
 {
+    const auto checklist = Filled(ch);
+
     return data->match (checklist->snmp_community);
 }
 

diff --git a/src/snmp_core.h b/src/snmp_core.h
index dfc715db870dde6725055f278ce384b12eda51f8..3f67c4fe1b702b70d5bae5e54fd5282828e77035 100644 (file)
--- a/src/snmp_core.h
+++ b/src/snmp_core.h
@@ -11,7 +11,8 @@
 #ifndef SQUID_SNMP_CORE_H
 #define SQUID_SNMP_CORE_H
 
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
 #include "cache_snmp.h"
 #include "comm/forward.h"
 #include "ip/forward.h"
@@ -52,11 +53,18 @@ const char * snmpDebugOid(oid * Name, snint Len, MemBuf &outbuf);
 void addr2oid(Ip::Address &addr, oid *Dest);
 void oid2addr(oid *Dest, Ip::Address &addr, u_int code);
 
-class ACLSNMPCommunityStrategy: public ACLStrategy<char const *>
+namespace Acl
+{
+
+/// an "snmp_community" ACL
+class SnmpCommunityCheck: public ParameterizedNode< ACLData<const char *> >
 {
 public:
-    int match (ACLData<MatchType> *&data, ACLFilledChecklist *checklist) override;
+    /* ACL API */
+    int match(ACLChecklist *) override;
 };
 
+} // namespace Acl
+
 #endif /* SQUID_SNMP_CORE_H */