during reconfiguration.
Group ACLs created later may use other ACLs created earlier and vice versa, a
group ACL created earlier may use other ACLs created later. The latter is
possible when an ACL (e.g., A2 below) is declared when the group already
exists:
acl A1 src 127.0.0.1
acl Group all-of A1
acl A2 src 127.0.0.2
acl Group all-of A2
Thus, the group (i.e., InnerNode) ACL destructor may access already deleted
children regardless of the global ACL deletion order (FIFO or LIFO with
respect to ACL creation). Instead of relying on the deletion order to protect
InnerNode, we remove the InnerNode ACL destructor completely and rely on a
global set of registered ACLs to destroy all ACLs.
The old code was destroying all explicit ACLs in the same centralized fashion.
We now add implicit ACLs (commonly used by InnerNodes) to the centralized
destruction sequence. We added a new destruction-dedicated container to avoid
messing with the by-name ACL search that Config.aclList global is used for.
This new container will become unnecessary once we start refcounting ACLs.
#include "squid.h"
#include "acl/Acl.h"
#include "acl/Checklist.h"
+#include "acl/Gadgets.h"
#include "anyp/PortCfg.h"
#include "cache_cf.h"
#include "ConfigParser.h"
A->cfgline);
}
- // prepend so that ACLs declared later (and possibly using earlier ACLs)
- // are destroyed earlier (before the ACLs they use are destroyed)
+ // add to the global list for searching explicit ACLs by name
assert(head && *head == Config.aclList);
- A->registered = true;
A->next = *head;
*head = A;
+
+ // register for centralized cleanup
+ aclRegister(A);
}
bool
char *cfgline;
ACL *next; // XXX: remove or at least use refcounting
ACLFlags flags; ///< The list of given ACL flags
- bool registered; ///< added to Config.aclList and can be reused via by FindByName()
+ bool registered; ///< added to the global list of ACLs via aclRegister()
public:
#include "HttpRequest.h"
#include "Mem.h"
+#include <set>
+#include <algorithm>
+
+
+typedef std::set<ACL*> AclSet;
+/// Accumulates all ACLs to facilitate their clean deletion despite reuse.
+static AclSet *RegisteredAcls; // TODO: Remove when ACLs are refcounted
+
/* does name lookup, returns page_id */
err_type
aclGetDenyInfoPage(AclDenyInfoList ** head, const char *name, int redirect_allowed)
*treep = tree;
}
+void
+aclRegister(ACL *acl)
+{
+ if (!acl->registered) {
+ if (!RegisteredAcls)
+ RegisteredAcls = new AclSet;
+ RegisteredAcls->insert(acl);
+ acl->registered = true;
+ }
+}
+
/*********************/
/* Destroy functions */
/*********************/
+/// helper for RegisteredAcls cleanup
+static void
+aclDeleteOne(ACL *acl)
+{
+ delete acl;
+}
+
+/// called to delete ALL Acls.
void
aclDestroyAcls(ACL ** head)
{
- ACL *next = NULL;
-
- debugs(28, 8, "aclDestroyACLs: invoked");
-
- for (ACL *a = *head; a; a = next) {
- next = a->next;
- delete a;
+ *head = NULL; // Config.aclList
+ if (AclSet *acls = RegisteredAcls) {
+ debugs(28, 8, "deleting all " << acls->size() << " ACLs");
+ std::for_each(acls->begin(), acls->end(), &aclDeleteOne);
+ acls->clear();
}
-
- *head = NULL;
}
void
class StoreEntry;
class wordlist;
+/// Register an ACL object for future deletion. Repeated registrations are OK.
+/// \ingroup ACLAPI
+void aclRegister(ACL *acl);
/// \ingroup ACLAPI
void aclDestroyAccessList(acl_access **list);
/// \ingroup ACLAPI
#include "wordlist.h"
#include <algorithm>
-// "delete acl" class to use with std::for_each() in InnerNode::~InnerNode()
-class AclDeleter
-{
-public:
- void operator()(ACL* acl) {
- // Do not delete explicit ACLs; they are maintained by Config.aclList.
- if (acl && !acl->registered)
- delete acl;
- }
-};
-
-Acl::InnerNode::~InnerNode()
-{
- std::for_each(nodes.begin(), nodes.end(), AclDeleter());
-}
-
void
Acl::InnerNode::prepareForUse()
{
class InnerNode: public ACL
{
public:
- virtual ~InnerNode();
+ // No ~InnerNode() to delete children. They are aclRegister()ed instead.
/// Resumes matching (suspended by an async call) at the given position.
bool resumeMatchingAt(ACLChecklist *checklist, Acl::Nodes::const_iterator pos) const;
projects / thirdparty / squid.git / commitdiff
