#include "acl/SslError.h"
#include "acl/SslErrorData.h"
#endif
-#include "acl/Strategised.h"
-#include "acl/Strategy.h"
#include "acl/StringData.h"
#if USE_OPENSSL
#include "acl/ServerCertificate.h"
#if SQUID_SNMP
#include "snmp_core.h"
#endif
+#include "sbuf/Stream.h"
+
+namespace Acl
+{
+
+/// Constructs a ParameterizedNode-derived ACL (specified as a Parent class).
+/// This template exists to avoid placing a variant of this ACL construction
+/// code in each ParameterizedNode-derived ACL class just to pass through
+/// TypeName and Parameters onto ParameterizedNode (and to add MEMPROXY_CLASS).
+template <class Parent>
+class FinalizedParameterizedNode: public Parent
+{
+ MEMPROXY_CLASS(Acl::FinalizedParameterizedNode<Parent>);
+
+public:
+ using Parameters = typename Parent::Parameters;
+ using Parent::data;
+
+ /// Replaces generic memory allocator label X set by our MEMPROXY_CLASS(X)
+ /// with an admin-friendly label based on the given acltype-like name.
+ /// Normally, our class constructor sets the right allocator label using the
+ /// actlype name, but that algorithm results in unstable and misleading
+ /// labels when the same instantiation of this template class is used for
+ /// _multiple_ acltype names. Calling this method corrects that behavior.
+ /// \prec this method must be called at most once
+ /// \prec if called, this method must be called before the class constructor
+ static void PreferAllocatorLabelPrefix(const char * const suffix)
+ {
+ assert(!PreferredAllocatorLabelSuffix); // must be called at most once
+ assert(!FinalPoolLabel); // must be called before the class constructor
+ assert(suffix);
+ PreferredAllocatorLabelSuffix = suffix;
+ }
+
+ FinalizedParameterizedNode(TypeName typeName, Parameters * const params):
+ typeName_(typeName)
+ {
+ Assure(!data); // base classes never set this data member
+ data.reset(params);
+ Assure(data); // ... but we always do
+
+ FinalizePoolLabel(typeName);
+ }
+
+ ~FinalizedParameterizedNode() override = default;
+
+ /* ACL API */
+ const char *typeString() const override { return typeName_; }
+
+private:
+ /// A constructor helper function that replaces generic memory allocator
+ /// label X set by our MEMPROXY_CLASS(X) with an admin-friendly label based
+ /// on the acltype name from squid.conf. Meant to be called from the
+ /// constructor so that no mgr:mem report lists this C++ template class
+ /// statistics using label X. Repeated calls are allowed but have no effect.
+ /// \sa PreferAllocatorLabelPrefix()
+ static void FinalizePoolLabel(const TypeName typeName)
+ {
+ if (FinalPoolLabel)
+ return; // the label has been finalized already
+
+ assert(typeName);
+ const auto label = ToSBuf("acltype=", PreferredAllocatorLabelSuffix ? PreferredAllocatorLabelSuffix : typeName);
+ FinalPoolLabel = SBufToCstring(label);
+ Pool().relabel(FinalPoolLabel);
+ }
+
+ /// if set, overrules FinalizePoolLabel() argument
+ inline static const char *PreferredAllocatorLabelSuffix = nullptr;
+
+ /// custom allocator label set by FinalizePoolLabel()
+ inline static const char *FinalPoolLabel = nullptr;
+
+ // TODO: Consider storing the spelling used by the admin instead.
+ /// the "acltype" name in its canonical spelling
+ TypeName typeName_;
+};
+
+} // namespace Acl
// Not in src/acl/ because some of the ACLs it registers are not in src/acl/.
void
RegisterMaker("all-of", [](TypeName)->ACL* { return new Acl::AllOf; }); // XXX: Add name parameter to ctor
RegisterMaker("any-of", [](TypeName)->ACL* { return new Acl::AnyOf; }); // XXX: Add name parameter to ctor
RegisterMaker("random", [](TypeName name)->ACL* { return new ACLRandom(name); });
- RegisterMaker("time", [](TypeName name)->ACL* { return new ACLStrategised<time_t>(new ACLTimeData, new ACLTimeStrategy, name); });
- RegisterMaker("src_as", [](TypeName name)->ACL* { return new ACLStrategised<Ip::Address>(new ACLASN, new ACLSourceASNStrategy, name); });
- RegisterMaker("dst_as", [](TypeName name)->ACL* { return new ACLStrategised<Ip::Address>(new ACLASN, new ACLDestinationASNStrategy, name); });
- RegisterMaker("browser", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLRequestHeaderStrategy<Http::HdrType::USER_AGENT>, name); });
- RegisterMaker("dstdomain", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLDomainData, new ACLDestinationDomainStrategy, name); });
- RegisterMaker("dstdom_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLDestinationDomainStrategy, name); });
+ RegisterMaker("time", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::CurrentTimeCheck>(name, new ACLTimeData); });
+ RegisterMaker("src_as", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SourceAsnCheck>(name, new ACLASN); });
+ RegisterMaker("dst_as", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::DestinationAsnCheck>(name, new ACLASN); });
+ RegisterMaker("browser", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::RequestHeaderCheck<Http::HdrType::USER_AGENT> >(name, new ACLRegexData); });
+
+ RegisterMaker("dstdomain", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::DestinationDomainCheck>(name, new ACLDomainData); });
+ RegisterMaker("dstdom_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::DestinationDomainCheck>(name, new ACLRegexData); });
+ Acl::FinalizedParameterizedNode<Acl::DestinationDomainCheck>::PreferAllocatorLabelPrefix("dstdomain+");
+
RegisterMaker("dst", [](TypeName)->ACL* { return new ACLDestinationIP; }); // XXX: Add name parameter to ctor
- RegisterMaker("hier_code", [](TypeName name)->ACL* { return new ACLStrategised<hier_code>(new ACLHierCodeData, new ACLHierCodeStrategy, name); });
- RegisterMaker("rep_header", [](TypeName name)->ACL* { return new ACLStrategised<HttpHeader*>(new ACLHTTPHeaderData, new ACLHTTPRepHeaderStrategy, name); });
- RegisterMaker("req_header", [](TypeName name)->ACL* { return new ACLStrategised<HttpHeader*>(new ACLHTTPHeaderData, new ACLHTTPReqHeaderStrategy, name); });
+ RegisterMaker("hier_code", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HierCodeCheck>(name, new ACLHierCodeData); });
+ RegisterMaker("rep_header", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HttpRepHeaderCheck>(name, new ACLHTTPHeaderData); });
+ RegisterMaker("req_header", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HttpReqHeaderCheck>(name, new ACLHTTPHeaderData); });
RegisterMaker("http_status", [](TypeName name)->ACL* { return new ACLHTTPStatus(name); });
RegisterMaker("maxconn", [](TypeName name)->ACL* { return new ACLMaxConnection(name); });
- RegisterMaker("method", [](TypeName name)->ACL* { return new ACLStrategised<HttpRequestMethod>(new ACLMethodData, new ACLMethodStrategy, name); });
+ RegisterMaker("method", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::MethodCheck>(name, new ACLMethodData); });
RegisterMaker("localip", [](TypeName)->ACL* { return new ACLLocalIP; }); // XXX: Add name parameter to ctor
- RegisterMaker("localport", [](TypeName name)->ACL* { return new ACLStrategised<int>(new ACLIntRange, new ACLLocalPortStrategy, name); });
- RegisterMaker("myportname", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLStringData, new ACLMyPortNameStrategy, name); });
- RegisterMaker("peername", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLStringData, new ACLPeerNameStrategy, name); });
- RegisterMaker("peername_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLPeerNameStrategy, name); });
- RegisterMaker("proto", [](TypeName name)->ACL* { return new ACLStrategised<AnyP::ProtocolType>(new ACLProtocolData, new ACLProtocolStrategy, name); });
- RegisterMaker("referer_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLRequestHeaderStrategy<Http::HdrType::REFERER>, name); });
- RegisterMaker("rep_mime_type", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLReplyHeaderStrategy<Http::HdrType::CONTENT_TYPE>, name); });
- RegisterMaker("req_mime_type", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLRequestHeaderStrategy<Http::HdrType::CONTENT_TYPE>, name); });
- RegisterMaker("srcdomain", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLDomainData, new ACLSourceDomainStrategy, name); });
- RegisterMaker("srcdom_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLSourceDomainStrategy, name); });
+ RegisterMaker("localport", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::LocalPortCheck>(name, new ACLIntRange); });
+ RegisterMaker("myportname", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::MyPortNameCheck>(name, new ACLStringData); });
+
+ RegisterMaker("peername", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::PeerNameCheck>(name, new ACLStringData); });
+ RegisterMaker("peername_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::PeerNameCheck>(name, new ACLRegexData); });
+ Acl::FinalizedParameterizedNode<Acl::PeerNameCheck>::PreferAllocatorLabelPrefix("peername+");
+
+ RegisterMaker("proto", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ProtocolCheck>(name, new ACLProtocolData); });
+ RegisterMaker("referer_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::RequestHeaderCheck<Http::HdrType::REFERER> >(name, new ACLRegexData); });
+ RegisterMaker("rep_mime_type", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ReplyHeaderCheck<Http::HdrType::CONTENT_TYPE> >(name, new ACLRegexData); });
+ RegisterMaker("req_mime_type", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::RequestHeaderCheck<Http::HdrType::CONTENT_TYPE> >(name, new ACLRegexData); });
+
+ RegisterMaker("srcdomain", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SourceDomainCheck>(name, new ACLDomainData); });
+ RegisterMaker("srcdom_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SourceDomainCheck>(name, new ACLRegexData); });
+ Acl::FinalizedParameterizedNode<Acl::SourceDomainCheck>::PreferAllocatorLabelPrefix("srcdomain+");
+
RegisterMaker("src", [](TypeName)->ACL* { return new ACLSourceIP; }); // XXX: Add name parameter to ctor
- RegisterMaker("url_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLUrlStrategy, name); });
- RegisterMaker("urllogin", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLUrlLoginStrategy, name); });
- RegisterMaker("urlpath_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLUrlPathStrategy, name); });
- RegisterMaker("port", [](TypeName name)->ACL* { return new ACLStrategised<int>(new ACLIntRange, new ACLUrlPortStrategy, name); });
+ RegisterMaker("url_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlCheck>(name, new ACLRegexData); });
+ RegisterMaker("urllogin", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlLoginCheck>(name, new ACLRegexData); });
+ RegisterMaker("urlpath_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlPathCheck>(name, new ACLRegexData); });
+ RegisterMaker("port", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlPortCheck>(name, new ACLIntRange); });
RegisterMaker("external", [](TypeName name)->ACL* { return new ACLExternal(name); });
- RegisterMaker("squid_error", [](TypeName name)->ACL* { return new ACLStrategised<err_type>(new ACLSquidErrorData, new ACLSquidErrorStrategy, name); });
+ RegisterMaker("squid_error", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SquidErrorCheck>(name, new ACLSquidErrorData); });
RegisterMaker("connections_encrypted", [](TypeName name)->ACL* { return new Acl::ConnectionsEncrypted(name); });
- RegisterMaker("tag", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLStringData, new ACLTagStrategy, name); });
- RegisterMaker("note", [](TypeName name)->ACL* { return new ACLStrategised<NotePairs::Entry*>(new ACLNoteData, new ACLNoteStrategy, name); });
- RegisterMaker("annotate_client", [](TypeName name)->ACL* { return new ACLStrategised<NotePairs::Entry*>(new ACLAnnotationData, new ACLAnnotateClientStrategy, name); });
- RegisterMaker("annotate_transaction", [](TypeName name)->ACL* { return new ACLStrategised<NotePairs::Entry*>(new ACLAnnotationData, new ACLAnnotateTransactionStrategy, name); });
- RegisterMaker("has", [](TypeName name)->ACL* {return new ACLStrategised<ACLChecklist *>(new ACLHasComponentData, new ACLHasComponentStrategy, name); });
+ RegisterMaker("tag", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::TagCheck>(name, new ACLStringData); });
+ RegisterMaker("note", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::NoteCheck>(name, new ACLNoteData); });
+ RegisterMaker("annotate_client", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AnnotateClientCheck>(name, new ACLAnnotationData); });
+ RegisterMaker("annotate_transaction", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AnnotateTransactionCheck>(name, new ACLAnnotationData); });
+ RegisterMaker("has", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HasComponentCheck>(name, new ACLHasComponentData); });
RegisterMaker("transaction_initiator", [](TypeName name)->ACL* {return new TransactionInitiator(name);});
#if USE_LIBNETFILTERCONNTRACK
#endif
#if USE_OPENSSL
- RegisterMaker("ssl_error", [](TypeName name)->ACL* { return new ACLStrategised<const Security::CertErrors *>(new ACLSslErrorData, new ACLSslErrorStrategy, name); });
- RegisterMaker("user_cert", [](TypeName name)->ACL* { return new ACLStrategised<X509*>(new ACLCertificateData(Ssl::GetX509UserAttribute, "*"), new ACLCertificateStrategy, name); });
- RegisterMaker("ca_cert", [](TypeName name)->ACL* { return new ACLStrategised<X509*>(new ACLCertificateData(Ssl::GetX509CAAttribute, "*"), new ACLCertificateStrategy, name); });
- RegisterMaker("server_cert_fingerprint", [](TypeName name)->ACL* { return new ACLStrategised<X509*>(new ACLCertificateData(Ssl::GetX509Fingerprint, nullptr, true), new ACLServerCertificateStrategy, name); });
- RegisterMaker("at_step", [](TypeName name)->ACL* { return new ACLStrategised<XactionStep>(new ACLAtStepData, new ACLAtStepStrategy, name); });
- RegisterMaker("ssl::server_name", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLServerNameData, new ACLServerNameStrategy, name); });
- RegisterMaker("ssl::server_name_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLServerNameStrategy, name); });
+ RegisterMaker("ssl_error", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::CertificateErrorCheck>(name, new ACLSslErrorData); });
+
+ RegisterMaker("user_cert", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ClientCertificateCheck>(name, new ACLCertificateData(Ssl::GetX509UserAttribute, "*")); });
+ RegisterMaker("ca_cert", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ClientCertificateCheck>(name, new ACLCertificateData(Ssl::GetX509CAAttribute, "*")); });
+ Acl::FinalizedParameterizedNode<Acl::ClientCertificateCheck>::PreferAllocatorLabelPrefix("user_cert+");
+
+ RegisterMaker("server_cert_fingerprint", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ServerCertificateCheck>(name, new ACLCertificateData(Ssl::GetX509Fingerprint, nullptr, true)); });
+ RegisterMaker("at_step", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AtStepCheck>(name, new ACLAtStepData); });
+
+ RegisterMaker("ssl::server_name", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ServerNameCheck>(name, new ACLServerNameData); });
+ RegisterMaker("ssl::server_name_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ServerNameCheck>(name, new ACLRegexData); });
+ Acl::FinalizedParameterizedNode<Acl::ServerNameCheck>::PreferAllocatorLabelPrefix("ssl::server_name+");
#endif
#if USE_SQUID_EUI
#endif
#if USE_ADAPTATION
- RegisterMaker("adaptation_service", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLAdaptationServiceData, new ACLAdaptationServiceStrategy, name); });
+ RegisterMaker("adaptation_service", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AdaptationServiceCheck>(name, new ACLAdaptationServiceData); });
#endif
#if SQUID_SNMP
- RegisterMaker("snmp_community", [](TypeName name)->ACL* { return new ACLStrategised<const char *>(new ACLStringData, new ACLSNMPCommunityStrategy, name); });
+ RegisterMaker("snmp_community", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SnmpCommunityCheck>(name, new ACLStringData); });
#endif
}
#include "squid.h"
#include "acl/AdaptationService.h"
#include "acl/FilledChecklist.h"
-#include "acl/IntRange.h"
-#include "adaptation/Config.h"
#include "adaptation/History.h"
#include "HttpRequest.h"
int
-ACLAdaptationServiceStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::AdaptationServiceCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
HttpRequest::Pointer request = checklist->request;
if (request == nullptr)
return 0;
#ifndef SQUID_ACLADAPTATIONSERVICE_H
#define SQUID_ACLADAPTATIONSERVICE_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
-/// \ingroup ACLAPI
-class ACLAdaptationServiceStrategy : public ACLStrategy<const char *>
+namespace Acl
{
+/// an "adaptation_service" ACL
+class AdaptationServiceCheck: public ParameterizedNode< ACLData<const char *> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACLADAPTATIONSERVICE_H */
#include "acl/FilledChecklist.h"
#include "client_side.h"
#include "http/Stream.h"
-#include "Notes.h"
int
-ACLAnnotateClientStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::AnnotateClientCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
if (const auto conn = checklist->conn()) {
- ACLAnnotationData *tdata = dynamic_cast<ACLAnnotationData*>(data);
+ const auto tdata = dynamic_cast<ACLAnnotationData*>(data.get());
assert(tdata);
tdata->annotate(conn->notes(), &delimiters.value, checklist->al);
if (const auto request = checklist->request)
#define SQUID_ACLANNOTATECLIENT
#include "acl/Note.h"
-#include "Notes.h"
-/// \ingroup ACLAPI
-class ACLAnnotateClientStrategy : public Acl::AnnotationStrategy
+namespace Acl
+{
+
+/// an "annotate_client" ACL
+class AnnotateClientCheck: public Acl::AnnotationCheck
{
public:
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override { return true; }
- int match(ACLData<MatchType> * &, ACLFilledChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACLANNOTATECLIENT */
#include "acl/AnnotationData.h"
#include "acl/FilledChecklist.h"
#include "HttpRequest.h"
-#include "Notes.h"
int
-ACLAnnotateTransactionStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::AnnotateTransactionCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
if (const auto request = checklist->request) {
- ACLAnnotationData *tdata = dynamic_cast<ACLAnnotationData*>(data);
+ const auto tdata = dynamic_cast<ACLAnnotationData*>(data.get());
assert(tdata);
tdata->annotate(request->notes(), &delimiters.value, checklist->al);
return 1;
#define SQUID_ACLANNOTATETRANSACTION
#include "acl/Note.h"
-#include "Notes.h"
-/// \ingroup ACLAPI
-class ACLAnnotateTransactionStrategy: public Acl::AnnotationStrategy
+namespace Acl
+{
+
+/// an "annotate_transaction" ACL
+class AnnotateTransactionCheck: public Acl::AnnotationCheck
{
public:
- int match(ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override { return true; }
};
+} // namespace Acl
+
#endif /* SQUID_ACLANNOTATETRANSACTION */
#include "squid.h"
#include "acl/Acl.h"
#include "acl/Asn.h"
-#include "acl/Checklist.h"
#include "acl/DestinationAsn.h"
#include "acl/DestinationIp.h"
+#include "acl/FilledChecklist.h"
#include "acl/SourceAsn.h"
-#include "acl/Strategised.h"
#include "base/CharacterSet.h"
#include "FwdState.h"
#include "HttpReply.h"
}
}
-/* explicit template instantiation required for some systems */
-
-template class ACLStrategised<Ip::Address>;
-
int
-ACLSourceASNStrategy::match (ACLData<Ip::Address> * &data, ACLFilledChecklist *checklist)
+Acl::SourceAsnCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
return data->match(checklist->src_addr);
}
int
-ACLDestinationASNStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::DestinationAsnCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
const ipcache_addrs *ia = ipcache_gethostbyname(checklist->request->url.host(), IP_LOOKUP_IF_MISS);
if (ia) {
#include "squid.h"
#include "acl/AtStep.h"
-#include "acl/AtStepData.h"
#include "acl/FilledChecklist.h"
#include "client_side.h"
#include "http/Stream.h"
#endif
int
-ACLAtStepStrategy::match(ACLData<XactionStep> * &data, ACLFilledChecklist *checklist)
+Acl::AtStepCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
#if USE_OPENSSL
// We use step1 for all these very different cases:
// - The transaction is not subject to ssl_bump rules (if any).
#ifndef SQUID_ACLATSTEP_H
#define SQUID_ACLATSTEP_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
#include "XactionStep.h"
-/// \ingroup ACLAPI
-class ACLAtStepStrategy: public ACLStrategy<XactionStep>
+namespace Acl
{
+/// an "at_step" ACL
+class AtStepCheck: public ParameterizedNode< ACLData<XactionStep> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACLATSTEP_H */
#if USE_OPENSSL
#include "acl/Certificate.h"
-#include "acl/CertificateData.h"
-#include "acl/Checklist.h"
-#include "client_side.h"
+#include "acl/FilledChecklist.h"
#include "fde.h"
#include "globals.h"
-#include "http/Stream.h"
-#include "HttpRequest.h"
int
-ACLCertificateStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::ClientCertificateCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
const int fd = checklist->fd();
const bool goodDescriptor = 0 <= fd && fd <= Biggest_FD;
auto ssl = goodDescriptor ? fd_table[fd].ssl.get() : nullptr;
#ifndef SQUID_ACLCERTIFICATE_H
#define SQUID_ACLCERTIFICATE_H
-#include "acl/Acl.h"
-#include "acl/Checklist.h"
#include "acl/Data.h"
-#include "acl/Strategised.h"
+#include "acl/ParameterizedNode.h"
#include "ssl/support.h"
-/// \ingroup ACLAPI
-class ACLCertificateStrategy : public ACLStrategy<X509 *>
+namespace Acl
{
+/// a "user_cert" or "ca_cert" ACL
+class ClientCertificateCheck: public ParameterizedNode< ACLData<X509 *> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACLCERTIFICATE_H */
#ifndef SQUID_ACLDESTINATIONASN_H
#define SQUID_ACLDESTINATIONASN_H
-#include "acl/Asn.h"
-#include "acl/Strategy.h"
-#include "ip/Address.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
+#include "ip/forward.h"
-/// \ingroup ACLAPI
-class ACLDestinationASNStrategy : public ACLStrategy<Ip::Address>
+namespace Acl
{
+/// a "dst_as" ACL
+class DestinationAsnCheck: public ParameterizedNode< ACLData<Ip::Address> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override {return true;}
};
+} // namespace Acl
+
#endif /* SQUID_ACLDESTINATIONASN_H */
/* DEBUG: section 28 Access Control */
#include "squid.h"
-#include "acl/Checklist.h"
#include "acl/DestinationDomain.h"
#include "acl/DomainData.h"
+#include "acl/FilledChecklist.h"
#include "acl/RegexData.h"
#include "fqdncache.h"
#include "HttpRequest.h"
checklist->resumeNonBlockingCheck(DestinationDomainLookup::Instance());
}
-/* ACLDestinationDomainStrategy */
+/* Acl::DestinationDomainCheck */
const Acl::Options &
-ACLDestinationDomainStrategy::options()
+Acl::DestinationDomainCheck::options()
{
static const Acl::BooleanOption LookupBanFlag("-n");
static const Acl::Options MyOptions = { &LookupBanFlag };
}
int
-ACLDestinationDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::DestinationDomainCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
assert(checklist != nullptr && checklist->request != nullptr);
if (data->match(checklist->request->url.host())) {
#ifndef SQUID_ACLDESTINATIONDOMAIN_H
#define SQUID_ACLDESTINATIONDOMAIN_H
-#include "acl/Acl.h"
#include "acl/Checklist.h"
#include "acl/Data.h"
-#include "acl/Strategised.h"
+#include "acl/ParameterizedNode.h"
#include "dns/forward.h"
-/// \ingroup ACLAPI
-class ACLDestinationDomainStrategy : public ACLStrategy<char const *>
+namespace Acl
{
+/// a "dstdomain" or "dstdom_regex" ACL
+class DestinationDomainCheck: public ParameterizedNode< ACLData<const char *> >
+{
public:
- /* ACLStrategy API */
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override {return true;}
const Acl::Options &options() override;
Acl::BooleanOptionValue lookupBanned; ///< Are DNS lookups allowed?
};
+} // namespace Acl
+
/// \ingroup ACLAPI
class DestinationDomainLookup : public ACLChecklist::AsyncState
{
*/
#include "squid.h"
-#include "acl/Acl.h"
#include "acl/AclDenyInfoList.h"
-#include "acl/Checklist.h"
#include "acl/Gadgets.h"
-#include "acl/Strategised.h"
#include "acl/Tree.h"
#include "cache_cf.h"
#include "ConfigParser.h"
#include "acl/HasComponentData.h"
int
-ACLHasComponentStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::HasComponentCheck::match(ACLChecklist * const checklist)
{
- ACLHasComponentData *cdata = dynamic_cast<ACLHasComponentData*>(data);
+ const auto cdata = dynamic_cast<ACLHasComponentData*>(data.get());
assert(cdata);
return cdata->match(checklist);
}
#ifndef SQUID_ACLHASCOMPONENT_H
#define SQUID_ACLHASCOMPONENT_H
-#include "acl/Strategised.h"
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
-/// \ingroup ACLAPI
-class ACLHasComponentStrategy : public ACLStrategy<ACLChecklist *>
+namespace Acl
+{
+
+/// a "has" ACL
+class HasComponentCheck: public ParameterizedNode< ACLData<ACLChecklist *> >
{
public:
- int match(ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif
*/
#include "squid.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/HierCode.h"
-#include "acl/HierCodeData.h"
-#include "acl/Strategised.h"
#include "HttpRequest.h"
-/* explicit template instantiation required for some systems */
-
-template class ACLStrategised<hier_code>;
-
int
-ACLHierCodeStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::HierCodeCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
return data->match (checklist->request->hier.code);
}
#ifndef SQUID_ACLHIERCODE_H
#define SQUID_ACLHIERCODE_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
#include "hier_code.h"
-/// \ingroup ACLAPI
-class ACLHierCodeStrategy : public ACLStrategy<hier_code>
+namespace Acl
{
+/// a "hier_code" ACL
+class HierCodeCheck: public ParameterizedNode< ACLData<hier_code> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override {return true;}
};
+} // namespace Acl
+
#endif /* SQUID_ACLHIERCODE_H */
#include "HttpReply.h"
int
-ACLHTTPRepHeaderStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::HttpRepHeaderCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
return data->match (&checklist->reply->header);
}
#ifndef SQUID_ACLHTTPREPHEADER_H
#define SQUID_ACLHTTPREPHEADER_H
-#include "acl/Strategised.h"
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
#include "HttpHeader.h"
-/// \ingroup ACLAPI
-class ACLHTTPRepHeaderStrategy : public ACLStrategy<HttpHeader*>
+namespace Acl
{
+/// a "rep_header" ACL
+class HttpRepHeaderCheck: public ParameterizedNode< ACLData<HttpHeader*> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresReply() const override { return true; }
};
+} // namespace Acl
+
#endif /* SQUID_ACLHTTPREPHEADER_H */
#include "HttpRequest.h"
int
-ACLHTTPReqHeaderStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::HttpReqHeaderCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
return data->match (&checklist->request->header);
}
#ifndef SQUID_ACLHTTPREQHEADER_H
#define SQUID_ACLHTTPREQHEADER_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
#include "HttpHeader.h"
-/// \ingroup ACLAPI
-class ACLHTTPReqHeaderStrategy : public ACLStrategy<HttpHeader*>
+namespace Acl
{
+/// a "req_header" ACL
+class HttpReqHeaderCheck: public ParameterizedNode< ACLData<HttpHeader*> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override { return true; }
};
+} // namespace Acl
+
#endif /* SQUID_ACLHTTPREQHEADER_H */
#include "acl/LocalPort.h"
int
-ACLLocalPortStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::LocalPortCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
return data->match (checklist->my_addr.port());
}
#ifndef SQUID_ACLLOCALPORT_H
#define SQUID_ACLLOCALPORT_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
-/// \ingroup ACLAPI
-class ACLLocalPortStrategy : public ACLStrategy<int>
+namespace Acl
{
+/// a "localport" ACL
+class LocalPortCheck: public ParameterizedNode< ACLData<int> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACLLOCALPORT_H */
Data.h \
FilledChecklist.cc \
FilledChecklist.h \
- Strategised.cc \
- Strategised.h \
- Strategy.h
+ ParameterizedNode.h
## data-specific ACLs
libacls_la_SOURCES = \
#include "squid.h"
#include "acl/FilledChecklist.h"
#include "acl/Method.h"
-#include "acl/MethodData.h"
-#include "acl/Strategised.h"
#include "HttpRequest.h"
-/* explicit template instantiation required for some systems */
-
-template class ACLStrategised<HttpRequestMethod>;
-
int
-ACLMethodStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::MethodCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
return data->match (checklist->request->method);
}
#ifndef SQUID_ACLMETHOD_H
#define SQUID_ACLMETHOD_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
#include "http/RequestMethod.h"
-/// \ingroup ACLAPI
-class ACLMethodStrategy : public ACLStrategy<HttpRequestMethod>
+namespace Acl
{
+/// a "method" ACL
+class MethodCheck: public ParameterizedNode< ACLData<HttpRequestMethod> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override {return true;}
};
+} // namespace Acl
+
#endif /* SQUID_ACLMETHOD_H */
#include "squid.h"
#include "acl/FilledChecklist.h"
#include "acl/MyPortName.h"
-#include "acl/StringData.h"
#include "anyp/PortCfg.h"
#include "client_side.h"
#include "http/Stream.h"
#include "HttpRequest.h"
int
-ACLMyPortNameStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::MyPortNameCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
if (checklist->conn() != nullptr && checklist->conn()->port != nullptr)
return data->match(checklist->conn()->port->name);
if (checklist->request != nullptr)
#ifndef SQUID_ACLMYPORTNAME_H
#define SQUID_ACLMYPORTNAME_H
-#include "acl/Strategy.h"
-class ACLMyPortNameStrategy : public ACLStrategy<const char *>
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
+
+namespace Acl
{
+/// a "myportname" ACL
+class MyPortNameCheck: public ParameterizedNode< ACLData<const char *> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACLMYPORTNAME_H */
#include "acl/NoteData.h"
#include "HttpRequest.h"
-/* Acl::AnnotationStrategy */
+/* Acl::AnnotationCheck */
const Acl::Options &
-Acl::AnnotationStrategy::options()
+Acl::AnnotationCheck::options()
{
static const Acl::CharacterSetOption Delimiters("-m");
static const Acl::Options MyOptions = { &Delimiters };
return MyOptions;
}
-/* ACLNoteStrategy */
+/* Acl::NoteCheck */
int
-ACLNoteStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::NoteCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
if (const auto request = checklist->request) {
- if (request->hasNotes() && matchNotes(data, request->notes().getRaw()))
+ if (request->hasNotes() && matchNotes(request->notes().getRaw()))
return 1;
#if USE_ADAPTATION
const Adaptation::History::Pointer ah = request->adaptLogHistory();
- if (ah != nullptr && ah->metaHeaders != nullptr && matchNotes(data, ah->metaHeaders.getRaw()))
+ if (ah != nullptr && ah->metaHeaders != nullptr && matchNotes(ah->metaHeaders.getRaw()))
return 1;
#endif
}
}
bool
-ACLNoteStrategy::matchNotes(ACLData<MatchType> *noteData, const NotePairs *note) const
+Acl::NoteCheck::matchNotes(const NotePairs *note) const
{
const NotePairs::Entries &entries = note->expandListEntries(&delimiters.value);
for (auto e: entries)
- if (noteData->match(e.getRaw()))
+ if (data->match(e.getRaw()))
return true;
return false;
}
#include "acl/CharacterSetOption.h"
#include "acl/Data.h"
-#include "acl/Strategy.h"
+#include "acl/ParameterizedNode.h"
#include "Notes.h"
namespace Acl {
/// common parent of several ACLs dealing with transaction annotations
-class AnnotationStrategy: public ACLStrategy<NotePairs::Entry *>
+class AnnotationCheck: public ParameterizedNode< ACLData<NotePairs::Entry *> >
{
public:
- AnnotationStrategy(): delimiters(CharacterSet(__FILE__, ",")) {}
+ AnnotationCheck(): delimiters(CharacterSet(__FILE__, ",")) {}
const Acl::Options &options() override;
Acl::CharacterSetOptionValue delimiters; ///< annotation separators
};
-} // namespace Acl
-
-/// \ingroup ACLAPI
-class ACLNoteStrategy: public Acl::AnnotationStrategy
+/// a "note" ACL
+class NoteCheck: public Acl::AnnotationCheck
{
-
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override { return true; }
private:
- bool matchNotes(ACLData<MatchType> *, const NotePairs *) const;
+ bool matchNotes(const NotePairs *) const;
};
+} // namespace Acl
+
#endif /* SQUID_ACLNOTE_H */
--- /dev/null
+/*
+ * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+#ifndef SQUID_SRC_ACL_PARAMETERIZEDNODE_H
+#define SQUID_SRC_ACL_PARAMETERIZEDNODE_H
+
+#include "acl/Acl.h"
+#include "base/Assure.h"
+
+#include <memory>
+
+namespace Acl
+{
+
+/// An ACL that manages squid.conf-configured ACL parameters using a given class
+/// P. That P class must support the ACLData<> or equivalent API.
+template <class P>
+class ParameterizedNode: public ACL
+{
+public:
+ using Parameters = P;
+
+ // to avoid dragging constructor parameters through each derived class, they
+ // are set in a leaf class constructor; \sa Acl::FinalizedParameterizedNode
+ ParameterizedNode() = default;
+ ~ParameterizedNode() override = default;
+
+protected:
+ /* ACL API */
+ void parse() override { Assure(data); data->parse(); }
+ void prepareForUse() override { data->prepareForUse(); }
+ SBufList dump() const override { return data->dump(); }
+ bool empty() const override { return data->empty(); }
+ const Acl::Options &lineOptions() override { return data->lineOptions(); }
+
+ /// Points to items this ACL is configured to match. A derived class ensures
+ /// that this pointer is never nil after the ACL object construction ends.
+ std::unique_ptr<Parameters> data;
+};
+
+} // namespace Acl
+
+#endif /* SQUID_SRC_ACL_PARAMETERIZEDNODE_H */
+
#include "squid.h"
#include "acl/FilledChecklist.h"
#include "acl/PeerName.h"
-#include "acl/RegexData.h"
-#include "acl/StringData.h"
int
-ACLPeerNameStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::PeerNameCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
if (!checklist->dst_peer_name.isEmpty())
return data->match(checklist->dst_peer_name.c_str());
return 0;
#ifndef SQUID_ACLPEERNAME_H
#define SQUID_ACLPEERNAME_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
-class ACLPeerNameStrategy : public ACLStrategy<const char *>
+namespace Acl
{
+/// a "peername" or "peername_regex" ACL
+class PeerNameCheck: public ParameterizedNode< ACLData<const char *> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACLPEERNAME_H */
#include "squid.h"
#include "acl/FilledChecklist.h"
#include "acl/Protocol.h"
-#include "acl/ProtocolData.h"
-#include "acl/Strategised.h"
#include "HttpRequest.h"
-/* explicit template instantiation required for some systems */
-
-template class ACLStrategised<AnyP::ProtocolType>;
-
int
-ACLProtocolStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::ProtocolCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
return data->match(checklist->request->url.getScheme());
}
#ifndef SQUID_ACLPROTOCOL_H
#define SQUID_ACLPROTOCOL_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
#include "anyp/ProtocolType.h"
-class ACLProtocolStrategy : public ACLStrategy<AnyP::ProtocolType>
+namespace Acl
{
+/// a "proto" ACL
+class ProtocolCheck: public ParameterizedNode< ACLData<AnyP::ProtocolType> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override {return true;}
};
+} // namespace Acl
+
#endif /* SQUID_ACLPROTOCOL_H */
#ifndef SQUID_ACLREPLYHEADERSTRATEGY_H
#define SQUID_ACLREPLYHEADERSTRATEGY_H
-#include "acl/Acl.h"
#include "acl/Data.h"
#include "acl/FilledChecklist.h"
-#include "acl/Strategy.h"
+#include "acl/ParameterizedNode.h"
+#include "acl/ReplyHeaderStrategy.h"
#include "HttpReply.h"
-template <Http::HdrType header>
-class ACLReplyHeaderStrategy : public ACLStrategy<char const *>
+namespace Acl
{
+/// matches the value of a given reply header (e.g., "rep_mime_type" ACL)
+template <Http::HdrType header>
+class ReplyHeaderCheck: public ParameterizedNode< ACLData<const char *> >
+{
public:
- int match (ACLData<char const *> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresReply() const override {return true;}
};
+} // namespace Acl
+
template <Http::HdrType header>
int
-ACLReplyHeaderStrategy<header>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::ReplyHeaderCheck<header>::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
char const *theHeader = checklist->reply->header.getStr(header);
if (nullptr == theHeader)
template <>
inline int
-ACLReplyHeaderStrategy<Http::HdrType::CONTENT_TYPE>::match(ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::ReplyHeaderCheck<Http::HdrType::CONTENT_TYPE>::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
char const *theHeader = checklist->reply->header.getStr(Http::HdrType::CONTENT_TYPE);
if (nullptr == theHeader)
#ifndef SQUID_ACLREQUESTHEADERSTRATEGY_H
#define SQUID_ACLREQUESTHEADERSTRATEGY_H
-#include "acl/Acl.h"
+
#include "acl/Data.h"
#include "acl/FilledChecklist.h"
-#include "acl/Strategy.h"
+#include "acl/ParameterizedNode.h"
#include "HttpRequest.h"
-template <Http::HdrType header>
-class ACLRequestHeaderStrategy : public ACLStrategy<char const *>
+namespace Acl
{
+/// matches the value of a given request header (e.g., "browser" or "referer_regex")
+template <Http::HdrType header>
+class RequestHeaderCheck: public ParameterizedNode< ACLData<const char *> >
+{
public:
- int match (ACLData<char const *> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override {return true;}
};
+} // namespace Acl
+
template <Http::HdrType header>
int
-ACLRequestHeaderStrategy<header>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::RequestHeaderCheck<header>::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
char const *theHeader = checklist->request->header.getStr(header);
if (nullptr == theHeader)
template <>
inline int
-ACLRequestHeaderStrategy<Http::HdrType::CONTENT_TYPE>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::RequestHeaderCheck<Http::HdrType::CONTENT_TYPE>::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
char const *theHeader = checklist->request->header.getStr(Http::HdrType::CONTENT_TYPE);
if (nullptr == theHeader)
#if USE_OPENSSL
-#include "acl/CertificateData.h"
-#include "acl/Checklist.h"
+#include "acl/FilledChecklist.h"
#include "acl/ServerCertificate.h"
#include "client_side.h"
#include "fde.h"
#include "ssl/ServerBump.h"
int
-ACLServerCertificateStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::ServerCertificateCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
Security::CertPointer cert;
if (checklist->serverCert)
cert = checklist->serverCert;
#ifndef SQUID_ACLSERVERCERTIFICATE_H
#define SQUID_ACLSERVERCERTIFICATE_H
-#include "acl/Acl.h"
-#include "acl/Checklist.h"
#include "acl/Data.h"
-#include "acl/Strategised.h"
+#include "acl/ParameterizedNode.h"
#include "ssl/support.h"
-/// \ingroup ACLAPI
-class ACLServerCertificateStrategy : public ACLStrategy<X509 *>
+namespace Acl
+{
+
+/// a "server_cert_fingerprint" ACL
+class ServerCertificateCheck: public ParameterizedNode< ACLData<X509 *> >
{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACLSERVERCERTIFICATE_H */
/* DEBUG: section 28 Access Control */
#include "squid.h"
-#include "acl/DomainData.h"
#include "acl/FilledChecklist.h"
-#include "acl/RegexData.h"
#include "acl/ServerName.h"
#include "client_side.h"
-#include "fde.h"
#include "http/Stream.h"
#include "HttpRequest.h"
-#include "ipcache.h"
-#include "SquidString.h"
#include "ssl/bio.h"
#include "ssl/ServerBump.h"
#include "ssl/support.h"
}
int
-ACLServerNameStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::ServerNameCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
assert(checklist != nullptr && checklist->request != nullptr);
const char *serverName = nullptr;
serverName = clientRequestedServerName;
else { // either no options or useServerProvided
if (X509 *peer_cert = (conn->serverBump() ? conn->serverBump()->serverCert.get() : nullptr))
- return Ssl::matchX509CommonNames(peer_cert, (void *)data, check_cert_domain<MatchType>);
+ return Ssl::matchX509CommonNames(peer_cert, data.get(), check_cert_domain<const char*>);
if (!useServerProvided)
serverName = clientRequestedServerName;
}
}
const Acl::Options &
-ACLServerNameStrategy::options()
+Acl::ServerNameCheck::options()
{
static const Acl::BooleanOption ClientRequested("--client-requested");
static const Acl::BooleanOption ServerProvided("--server-provided");
}
bool
-ACLServerNameStrategy::valid() const
+Acl::ServerNameCheck::valid() const
{
int optionCount = 0;
#ifndef SQUID_ACLSERVERNAME_H
#define SQUID_ACLSERVERNAME_H
-#include "acl/Acl.h"
#include "acl/DomainData.h"
-#include "acl/Strategy.h"
+#include "acl/ParameterizedNode.h"
class ACLServerNameData : public ACLDomainData {
MEMPROXY_CLASS(ACLServerNameData);
bool match(const char *) override;
};
-class ACLServerNameStrategy : public ACLStrategy<char const *>
+namespace Acl
{
+/// an "ssl::server_name" or "ssl::server_name_regex" ACL
+class ServerNameCheck: public ParameterizedNode< ACLData<const char *> >
+{
public:
- /* ACLStrategy API */
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override {return true;}
const Acl::Options &options() override;
bool valid() const override;
Acl::BooleanOptionValue useConsensus; ///< Ignore mismatching names
};
+} // namespace Acl
+
#endif /* SQUID_ACLSERVERNAME_H */
#ifndef SQUID_ACL_SOURCEASN_H
#define SQUID_ACL_SOURCEASN_H
-#include "acl/Strategy.h"
-#include "ip/Address.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
+#include "ip/forward.h"
-class ACLChecklist;
-
-class ACLSourceASNStrategy : public ACLStrategy<Ip::Address>
+namespace Acl
{
+/// a "src_as" ACL
+class SourceAsnCheck: public ParameterizedNode< ACLData<Ip::Address> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACL_SOURCEASN_H */
}
int
-ACLSourceDomainStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::SourceDomainCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
const char *fqdn = nullptr;
fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS);
#ifndef SQUID_ACLSOURCEDOMAIN_H
#define SQUID_ACLSOURCEDOMAIN_H
-#include "acl/Acl.h"
-#include "acl/Checklist.h"
+
#include "acl/Data.h"
-#include "acl/Strategy.h"
+#include "acl/ParameterizedNode.h"
#include "dns/forward.h"
-class ACLSourceDomainStrategy : public ACLStrategy<char const *>
+namespace Acl
{
+/// a "srcdomain" or "srcdom_regex" ACL
+class SourceDomainCheck: public ParameterizedNode< ACLData<const char *> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
class SourceDomainLookup : public ACLChecklist::AsyncState
{
#include "HttpRequest.h"
int
-ACLSquidErrorStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::SquidErrorCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
if (checklist->requestErrorType != ERR_MAX)
return data->match(checklist->requestErrorType);
else if (checklist->request)
#ifndef SQUID_ACLSQUIDERROR_H
#define SQUID_ACLSQUIDERROR_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
#include "error/forward.h"
-class ACLSquidErrorStrategy : public ACLStrategy<err_type>
+namespace Acl
{
+/// a "squid_error" ACL
+class SquidErrorCheck: public ParameterizedNode< ACLData<err_type> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACLSQUIDERROR_H */
#include "squid.h"
#include "acl/FilledChecklist.h"
#include "acl/SslError.h"
-#include "acl/SslErrorData.h"
int
-ACLSslErrorStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::CertificateErrorCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
return data->match(checklist->sslErrors.get());
}
#ifndef SQUID_ACLSSL_ERROR_H
#define SQUID_ACLSSL_ERROR_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
#include "security/forward.h"
-class ACLSslErrorStrategy : public ACLStrategy<const Security::CertErrors *>
+namespace Acl
{
+/// an "ssl_error" ACL
+class CertificateErrorCheck: public ParameterizedNode< ACLData<const Security::CertErrors *> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACLSSL_ERROR_H */
+++ /dev/null
-/*
- * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-/* DEBUG: section 28 Access Control */
-
-#include "squid.h"
-#include "acl/Strategised.h"
-#include "HttpHeader.h"
-
-/*
- * moved template instantiation into ACLStrategized.cc
- * to compile on Mac OSX 10.5 Leopard.
- * This corrects a duplicate symbol error
- */
-
-/* explicit template instantiation required for some systems */
-
-/* XXX: move to ACLHTTPRepHeader or ACLHTTPReqHeader */
-template class ACLStrategised<HttpHeader*>;
-
-/* ACLMyPortName + ACLMyPeerName + ACLBrowser */
-template class ACLStrategised<const char *>;
-
-/* ACLLocalPort + ACLSslError */
-template class ACLStrategised<int>;
-
+++ /dev/null
-/*
- * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-#ifndef SQUID_ACLSTRATEGISED_H
-#define SQUID_ACLSTRATEGISED_H
-
-#include "acl/Acl.h"
-#include "acl/Data.h"
-#include "acl/FilledChecklist.h"
-#include "acl/Strategy.h"
-
-// XXX: Replace with a much simpler abstract ACL child class without the
-// ACLStrategy parameter (and associated call forwarding). Duplicating key
-// portions of the ACL class API in ACLStrategy is not needed because
-// ACLStrategy is unused outside the ACLStrategised context. Existing classes
-// like ACLExtUser, ACLProxyAuth, and ACLIdent seem to confirm this assertion.
-// It also requires forwarding ACL info to ACLStrategy as method parameters.
-
-/// Splits the ACL API into two individually configurable components:
-/// * ACLStrategy that usually extracts information from the current transaction
-/// * ACLData that usually matches information against admin-configured values
-template <class M>
-class ACLStrategised : public ACL
-{
- MEMPROXY_CLASS(ACLStrategised);
-
-public:
- typedef M MatchType;
-
- ~ACLStrategised() override;
- ACLStrategised(ACLData<MatchType> *, ACLStrategy<MatchType> *, char const *);
-
- char const *typeString() const override;
-
- bool requiresRequest() const override {return matcher->requiresRequest();}
-
- bool requiresReply() const override {return matcher->requiresReply();}
-
- void prepareForUse() override { data->prepareForUse();}
- void parse() override;
- int match(ACLChecklist *checklist) override;
- virtual int match (M const &);
- SBufList dump() const override;
- bool empty () const override;
- bool valid () const override;
-
-private:
- /* ACL API */
- const Acl::Options &options() override { return matcher->options(); }
- const Acl::Options &lineOptions() override { return data->lineOptions(); }
-
- ACLData<MatchType> *data;
- char const *type_;
- ACLStrategy<MatchType> *matcher;
-};
-
-/* implementation follows */
-
-template <class MatchType>
-ACLStrategised<MatchType>::~ACLStrategised()
-{
- delete data;
- delete matcher;
-}
-
-template <class MatchType>
-ACLStrategised<MatchType>::ACLStrategised(ACLData<MatchType> *newData, ACLStrategy<MatchType> *theStrategy, char const *theType): data(newData), type_(theType), matcher(theStrategy)
-{}
-
-template <class MatchType>
-char const *
-ACLStrategised<MatchType>::typeString() const
-{
- return type_;
-}
-
-template <class MatchType>
-void
-ACLStrategised<MatchType>::parse()
-{
- data->parse();
-}
-
-template <class MatchType>
-bool
-ACLStrategised<MatchType>::empty() const
-{
- return data->empty();
-}
-
-template <class MatchType>
-int
-ACLStrategised<MatchType>::match(ACLChecklist *cl)
-{
- ACLFilledChecklist *checklist = dynamic_cast<ACLFilledChecklist*>(cl);
- assert(checklist);
- return matcher->match(data, checklist);
-}
-
-template <class MatchType>
-int
-ACLStrategised<MatchType>::match(MatchType const &toFind)
-{
- return data->match(toFind);
-}
-
-template <class MatchType>
-SBufList
-ACLStrategised<MatchType>::dump() const
-{
- return data->dump();
-}
-
-template <class MatchType>
-bool
-ACLStrategised<MatchType>::valid () const
-{
- return matcher->valid();
-}
-
-#endif /* SQUID_ACLSTRATEGISED_H */
-
+++ /dev/null
-/*
- * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-#ifndef SQUID_ACLSTRATEGY_H
-#define SQUID_ACLSTRATEGY_H
-
-#include "acl/Acl.h"
-#include "acl/Data.h"
-#include "acl/Options.h"
-
-class ACLFilledChecklist;
-
-template<class M>
-
-/// A matching algorithm.
-class ACLStrategy
-{
-
-public:
- typedef M MatchType;
-
- /* Replicate ACL API parts relevant to the matching algorithm. */
- virtual const Acl::Options &options() { return Acl::NoOptions(); }
- virtual int match (ACLData<M> * &, ACLFilledChecklist *) = 0;
- virtual bool requiresRequest() const {return false;}
-
- virtual bool requiresReply() const {return false;}
-
- virtual bool valid() const {return true;}
-
- virtual ~ACLStrategy() {}
-};
-
-#endif /* SQUID_ACLSTRATEGY_H */
-
#include "squid.h"
#include "acl/FilledChecklist.h"
-#include "acl/StringData.h"
#include "acl/Tag.h"
#include "HttpRequest.h"
int
-ACLTagStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::TagCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
if (checklist->request != nullptr)
return data->match (checklist->request->tag.termedBuf());
return 0;
#ifndef SQUID_ACLTAG_H
#define SQUID_ACLTAG_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
-class ACLTagStrategy : public ACLStrategy<const char *>
+namespace Acl
{
+/// a "tag" ACL
+class TagCheck: public ParameterizedNode< ACLData<const char *> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACLMYPORTNAME_H */
#include "squid.h"
#include "acl/Time.h"
-#include "acl/TimeData.h"
+#include "time/gadgets.h"
int
-ACLTimeStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *)
+Acl::CurrentTimeCheck::match(ACLChecklist *)
{
return data->match(squid_curtime);
}
#ifndef SQUID_ACLTIME_H
#define SQUID_ACLTIME_H
-#include "acl/Data.h"
-#include "acl/Strategised.h"
-class ACLTimeStrategy : public ACLStrategy<time_t>
+#include "acl/ParameterizedNode.h"
+#include "acl/TimeData.h"
+#include "mem/AllocatorProxy.h"
+
+namespace Acl
{
+/// a "time" ACL
+class CurrentTimeCheck: public ParameterizedNode<ACLTimeData>
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_ACLTIME_H */
#include "squid.h"
#include "acl/FilledChecklist.h"
-#include "acl/RegexData.h"
#include "acl/Url.h"
#include "HttpRequest.h"
#include "rfc1738.h"
int
-ACLUrlStrategy::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::UrlCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
char *esc_buf = SBufToCstring(checklist->request->effectiveRequestUri());
rfc1738_unescape(esc_buf);
int result = data->match(esc_buf);
#define SQUID_ACLURL_H
#include "acl/Data.h"
-#include "acl/Strategised.h"
+#include "acl/ParameterizedNode.h"
-class ACLUrlStrategy : public ACLStrategy<char const *>
+namespace Acl
{
+/// a "url_regex" ACL
+class UrlCheck: public ParameterizedNode< ACLData<const char *> >
+{
public:
- int match (ACLData<char const *> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override {return true;}
};
+} // namespace Acl
+
#endif /* SQUID_ACLURL_H */
#include "squid.h"
#include "acl/FilledChecklist.h"
-#include "acl/RegexData.h"
#include "acl/UrlLogin.h"
#include "HttpRequest.h"
#include "rfc1738.h"
int
-ACLUrlLoginStrategy::match(ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::UrlLoginCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
if (checklist->request->url.userInfo().isEmpty()) {
debugs(28, 5, "URL has no user-info details. cannot match");
return 0; // nothing can match
#ifndef SQUID_ACLURLLOGIN_H
#define SQUID_ACLURLLOGIN_H
-#include "acl/Acl.h"
#include "acl/Data.h"
-#include "acl/Strategy.h"
+#include "acl/ParameterizedNode.h"
-class ACLUrlLoginStrategy : public ACLStrategy<char const *>
+namespace Acl
{
+/// a "urllogin" ACL
+class UrlLoginCheck: public ParameterizedNode< ACLData<const char *> >
+{
public:
- int match (ACLData<char const *> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override {return true;}
};
+} // namespace Acl
+
#endif /* SQUID_ACLURLLOGIN_H */
#include "squid.h"
#include "acl/FilledChecklist.h"
-#include "acl/RegexData.h"
#include "acl/UrlPath.h"
#include "HttpRequest.h"
#include "rfc1738.h"
int
-ACLUrlPathStrategy::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
+Acl::UrlPathCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
if (checklist->request->url.path().isEmpty())
return -1;
#ifndef SQUID_ACLURLPATH_H
#define SQUID_ACLURLPATH_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
-class ACLUrlPathStrategy : public ACLStrategy<char const *>
+namespace Acl
{
+/// a "urlpath_regex" ACL
+class UrlPathCheck: public ParameterizedNode< ACLData<const char *> >
+{
public:
- int match (ACLData<char const *> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override {return true;}
};
+} // namespace Acl
+
#endif /* SQUID_ACLURLPATH_H */
#include "HttpRequest.h"
int
-ACLUrlPortStrategy::match(ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::UrlPortCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
return data->match(checklist->request->url.port().value_or(0));
}
#ifndef SQUID_ACLURLPORT_H
#define SQUID_ACLURLPORT_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
-class ACLUrlPortStrategy : public ACLStrategy<int>
+namespace Acl
{
+/// a "port" ACL
+class UrlPortCheck: public ParameterizedNode< ACLData<int> >
+{
public:
- int match (ACLData<MatchType> * &, ACLFilledChecklist *) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
bool requiresRequest() const override {return true;}
};
+} // namespace Acl
+
#endif /* SQUID_ACLURLPORT_H */
objectSize(RoundedSize(sz))
{}
+ /// change the allocator description if we were only able to provide an
+ /// approximate description at object construction time
+ void relabel(const char * const aLabel) { label = aLabel; }
+
// TODO make this method const
/**
* fill the given object with statistical data about pool
// XXX: no counter for the number of free() calls avoided
/// brief description of objects returned by alloc()
- const char *const label;
+ const char *label;
/// the size (in bytes) of objects managed by this allocator
const size_t objectSize;
getAllocator()->zeroBlocks(doIt);
}
+void
+Mem::AllocatorProxy::relabel(const char * const aLabel)
+{
+ getAllocator()->relabel(aLabel);
+ label = aLabel;
+}
+
Mem::PoolMeter const &
Mem::AllocatorProxy::getMeter() const
{
void zeroBlocks(bool doIt);
+ /// \copydoc Mem::Allocator::relabel()
+ void relabel(const char * const aLabel);
+
private:
Allocator *getAllocator() const;
}
int
-ACLSNMPCommunityStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+Acl::SnmpCommunityCheck::match(ACLChecklist * const ch)
{
+ const auto checklist = Filled(ch);
+
return data->match (checklist->snmp_community);
}
#ifndef SQUID_SNMP_CORE_H
#define SQUID_SNMP_CORE_H
-#include "acl/Strategy.h"
+#include "acl/Data.h"
+#include "acl/ParameterizedNode.h"
#include "cache_snmp.h"
#include "comm/forward.h"
#include "ip/forward.h"
void addr2oid(Ip::Address &addr, oid *Dest);
void oid2addr(oid *Dest, Ip::Address &addr, u_int code);
-class ACLSNMPCommunityStrategy: public ACLStrategy<char const *>
+namespace Acl
+{
+
+/// an "snmp_community" ACL
+class SnmpCommunityCheck: public ParameterizedNode< ACLData<const char *> >
{
public:
- int match (ACLData<MatchType> *&data, ACLFilledChecklist *checklist) override;
+ /* ACL API */
+ int match(ACLChecklist *) override;
};
+} // namespace Acl
+
#endif /* SQUID_SNMP_CORE_H */