From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 30 May 2009 05:10:39 +0000 (+1200)
Subject: Author: Henrik Nordstrom <henrik@henriknordstrom.net>
X-Git-Tag: SQUID_3_2_0_1~995
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bb5e7a79d61c13002168a42bcc4093361b1092a6;p=thirdparty%2Fsquid.git

Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Adds "tag" type acl matching tags set by external acl helpers.

Currently using a list of strings (not even splay) as the number of
members is generally expected to be very small.

Should be complemented by a regex based acl.
---

bb5e7a79d61c13002168a42bcc4093361b1092a6
diff --cc src/AclRegs.cc
index 5c833b230c,0000000000..f4d735bdbe
mode 100644,000000..100644
--- a/src/AclRegs.cc
+++ b/src/AclRegs.cc
@@@ -1,151 -1,0 +1,155 @@@
 +#include "squid.h"
 +
 +/** This file exists to provide satic registration code to executables
 +    that need ACLs. We cannot place this code in acl/lib*.la because it
 +    does not get linked in, because nobody is using these classes by name.
 +*/
 +
 +#include "acl/Acl.h"
 +#ifdef USE_ARP_ACL
 +#include "acl/Arp.h"
 +#endif
 +#include "acl/Asn.h"
 +#include "acl/Browser.h"
 +#include "acl/Checklist.h"
 +#include "acl/Data.h"
 +#include "acl/DestinationAsn.h"
 +#include "acl/DestinationDomain.h"
 +#include "acl/DestinationIp.h"
 +#include "acl/DomainData.h"
 +#include "acl/ExtUser.h"
 +#include "acl/FilledChecklist.h"
 +#include "acl/Gadgets.h"
 +#include "acl/HttpHeaderData.h"
 +#include "acl/HttpRepHeader.h"
 +#include "acl/HttpReqHeader.h"
 +#include "acl/HttpStatus.h"
 +#if USE_IDENT
 +#include "acl/Ident.h"
 +#endif
 +#include "acl/IntRange.h"
 +#include "acl/Ip.h"
 +#include "acl/MaxConnection.h"
 +#include "acl/MethodData.h"
 +#include "acl/Method.h"
 +#include "acl/MyIp.h"
 +#include "acl/MyPort.h"
 +#include "acl/MyPortName.h"
 +#include "acl/PeerName.h"
 +#include "acl/ProtocolData.h"
 +#include "acl/Protocol.h"
 +#include "acl/Referer.h"
 +#include "acl/RegexData.h"
 +#include "acl/ReplyHeaderStrategy.h"
 +#include "acl/ReplyMimeType.h"
 +#include "acl/RequestHeaderStrategy.h"
 +#include "acl/RequestMimeType.h"
 +#include "acl/SourceAsn.h"
 +#include "acl/SourceDomain.h"
 +#include "acl/SourceIp.h"
 +#ifdef USE_SSL
 +#include "acl/SslErrorData.h"
 +#include "acl/SslError.h"
 +#include "acl/CertificateData.h"
 +#include "acl/Certificate.h"
 +#endif
 +#include "acl/Strategised.h"
 +#include "acl/Strategy.h"
 +#include "acl/StringData.h"
++#include "acl/Tag.h"
 +#include "acl/TimeData.h"
 +#include "acl/Time.h"
 +#include "acl/Url.h"
 +#include "acl/UrlPath.h"
 +#include "acl/UrlPort.h"
 +#include "acl/UserData.h"
 +#include "auth/AclProxyAuth.h"
 +#include "auth/AclMaxUserIp.h"
 +
 +
 +ACL::Prototype ACLBrowser::RegistryProtoype(&ACLBrowser::RegistryEntry_, "browser");
 +ACLStrategised<char const *> ACLBrowser::RegistryEntry_(new ACLRegexData, ACLRequestHeaderStrategy<HDR_USER_AGENT>::Instance(), "browser");
 +ACL::Prototype ACLDestinationDomain::LiteralRegistryProtoype(&ACLDestinationDomain::LiteralRegistryEntry_, "dstdomain");
 +ACLStrategised<char const *> ACLDestinationDomain::LiteralRegistryEntry_(new ACLDomainData, ACLDestinationDomainStrategy::Instance(), "dstdomain");
 +ACL::Prototype ACLDestinationDomain::RegexRegistryProtoype(&ACLDestinationDomain::RegexRegistryEntry_, "dstdom_regex");
 +ACLStrategised<char const *> ACLDestinationDomain::RegexRegistryEntry_(new ACLRegexData,ACLDestinationDomainStrategy::Instance() ,"dstdom_regex");
 +ACL::Prototype ACLDestinationIP::RegistryProtoype(&ACLDestinationIP::RegistryEntry_, "dst");
 +ACLDestinationIP ACLDestinationIP::RegistryEntry_;
 +ACL::Prototype ACLExtUser::UserRegistryProtoype(&ACLExtUser::UserRegistryEntry_, "ext_user");
 +ACLExtUser ACLExtUser::UserRegistryEntry_(new ACLUserData, "ext_user");
 +ACL::Prototype ACLExtUser::RegexRegistryProtoype(&ACLExtUser::RegexRegistryEntry_, "ext_user_regex" );
 +ACLExtUser ACLExtUser::RegexRegistryEntry_(new ACLRegexData, "ext_user_regex");
 +ACL::Prototype ACLHTTPRepHeader::RegistryProtoype(&ACLHTTPRepHeader::RegistryEntry_, "rep_header");
 +ACLStrategised<HttpHeader*> ACLHTTPRepHeader::RegistryEntry_(new ACLHTTPHeaderData, ACLHTTPRepHeaderStrategy::Instance(), "rep_header");
 +ACL::Prototype ACLHTTPReqHeader::RegistryProtoype(&ACLHTTPReqHeader::RegistryEntry_, "req_header");
 +ACLStrategised<HttpHeader*> ACLHTTPReqHeader::RegistryEntry_(new ACLHTTPHeaderData, ACLHTTPReqHeaderStrategy::Instance(), "req_header");
 +ACL::Prototype ACLHTTPStatus::RegistryProtoype(&ACLHTTPStatus::RegistryEntry_, "http_status");
 +ACLHTTPStatus ACLHTTPStatus::RegistryEntry_("http_status");
 +ACL::Prototype ACLMaxConnection::RegistryProtoype(&ACLMaxConnection::RegistryEntry_, "maxconn");
 +ACLMaxConnection ACLMaxConnection::RegistryEntry_("maxconn");
 +ACL::Prototype ACLMethod::RegistryProtoype(&ACLMethod::RegistryEntry_, "method");
 +ACLStrategised<HttpRequestMethod> ACLMethod::RegistryEntry_(new ACLMethodData, ACLMethodStrategy::Instance(), "method");
 +ACLMyIP ACLMyIP::RegistryEntry_;
 +ACLMyIP const &ACLMyIP::RegistryEntry() {return RegistryEntry_;}
 +ACL::Prototype ACLMyPort::RegistryProtoype(&ACLMyPort::RegistryEntry_, "myport");
 +ACLStrategised<int> ACLMyPort::RegistryEntry_(new ACLIntRange, ACLMyPortStrategy::Instance(), "myport");
 +ACL::Prototype ACLMyPortName::RegistryProtoype(&ACLMyPortName::RegistryEntry_, "myportname");
 +ACLStrategised<const char *> ACLMyPortName::RegistryEntry_(new ACLStringData, ACLMyPortNameStrategy::Instance(), "myportname");
 +ACL::Prototype ACLPeerName::RegistryProtoype(&ACLPeerName::RegistryEntry_, "peername");
 +ACLStrategised<const char *> ACLPeerName::RegistryEntry_(new ACLStringData, ACLPeerNameStrategy::Instance(), "peername");
 +ACL::Prototype ACLProtocol::RegistryProtoype(&ACLProtocol::RegistryEntry_, "proto");
 +ACLStrategised<protocol_t> ACLProtocol::RegistryEntry_(new ACLProtocolData, ACLProtocolStrategy::Instance(), "proto");
 +ACL::Prototype ACLReferer::RegistryProtoype(&ACLReferer::RegistryEntry_, "referer_regex");
 +ACLStrategised<char const *> ACLReferer::RegistryEntry_(new ACLRegexData, ACLRequestHeaderStrategy<HDR_REFERER>::Instance(), "referer_regex");
 +ACL::Prototype ACLReplyMIMEType::RegistryProtoype(&ACLReplyMIMEType::RegistryEntry_, "rep_mime_type");
 +ACLStrategised<char const *> ACLReplyMIMEType::RegistryEntry_(new ACLRegexData, ACLReplyHeaderStrategy<HDR_CONTENT_TYPE>::Instance(), "rep_mime_type");
 +ACL::Prototype ACLRequestMIMEType::RegistryProtoype(&ACLRequestMIMEType::RegistryEntry_, "req_mime_type");
 +ACLStrategised<char const *> ACLRequestMIMEType::RegistryEntry_(new ACLRegexData, ACLRequestHeaderStrategy<HDR_CONTENT_TYPE>::Instance(), "req_mime_type");
 +ACL::Prototype ACLSourceDomain::LiteralRegistryProtoype(&ACLSourceDomain::LiteralRegistryEntry_, "srcdomain");
 +ACLStrategised<char const *> ACLSourceDomain::LiteralRegistryEntry_(new ACLDomainData, ACLSourceDomainStrategy::Instance(), "srcdomain");
 +ACL::Prototype ACLSourceDomain::RegexRegistryProtoype(&ACLSourceDomain::RegexRegistryEntry_, "srcdom_regex");
 +ACLStrategised<char const *> ACLSourceDomain::RegexRegistryEntry_(new ACLRegexData,ACLSourceDomainStrategy::Instance() ,"srcdom_regex");
 +ACL::Prototype ACLSourceIP::RegistryProtoype(&ACLSourceIP::RegistryEntry_, "src");
 +ACLSourceIP ACLSourceIP::RegistryEntry_;
 +ACL::Prototype ACLTime::RegistryProtoype(&ACLTime::RegistryEntry_, "time");
 +ACLStrategised<time_t> ACLTime::RegistryEntry_(new ACLTimeData, ACLTimeStrategy::Instance(), "time");
 +ACL::Prototype ACLUrl::RegistryProtoype(&ACLUrl::RegistryEntry_, "url_regex");
 +ACLStrategised<char const *> ACLUrl::RegistryEntry_(new ACLRegexData, ACLUrlStrategy::Instance(), "url_regex");
 +ACL::Prototype ACLUrlPath::LegacyRegistryProtoype(&ACLUrlPath::RegistryEntry_, "pattern");
 +ACL::Prototype ACLUrlPath::RegistryProtoype(&ACLUrlPath::RegistryEntry_, "urlpath_regex");
 +ACLStrategised<char const *> ACLUrlPath::RegistryEntry_(new ACLRegexData, ACLUrlPathStrategy::Instance(), "urlpath_regex");
 +ACL::Prototype ACLUrlPort::RegistryProtoype(&ACLUrlPort::RegistryEntry_, "port");
 +ACLStrategised<int> ACLUrlPort::RegistryEntry_(new ACLIntRange, ACLUrlPortStrategy::Instance(), "port");
 +
 +#ifdef USE_SSL
 +ACL::Prototype ACLSslError::RegistryProtoype(&ACLSslError::RegistryEntry_, "ssl_error");
 +ACLStrategised<int> ACLSslError::RegistryEntry_(new ACLSslErrorData, ACLSslErrorStrategy::Instance(), "ssl_error");
 +ACL::Prototype ACLCertificate::UserRegistryProtoype(&ACLCertificate::UserRegistryEntry_, "user_cert");
 +ACLStrategised<SSL *> ACLCertificate::UserRegistryEntry_(new ACLCertificateData (sslGetUserAttribute), ACLCertificateStrategy::Instance(), "user_cert");
 +ACL::Prototype ACLCertificate::CARegistryProtoype(&ACLCertificate::CARegistryEntry_, "ca_cert");
 +ACLStrategised<SSL *> ACLCertificate::CARegistryEntry_(new ACLCertificateData (sslGetCAAttribute), ACLCertificateStrategy::Instance(), "ca_cert");
 +#endif
 +
 +#ifdef USE_ARP_ACL
 +ACL::Prototype ACLARP::RegistryProtoype(&ACLARP::RegistryEntry_, "arp");
 +ACLARP ACLARP::RegistryEntry_("arp");
 +#endif
 +
 +#if USE_IDENT
 +ACL::Prototype ACLIdent::UserRegistryProtoype(&ACLIdent::UserRegistryEntry_, "ident");
 +ACLIdent ACLIdent::UserRegistryEntry_(new ACLUserData, "ident");
 +ACL::Prototype ACLIdent::RegexRegistryProtoype(&ACLIdent::RegexRegistryEntry_, "ident_regex" );
 +ACLIdent ACLIdent::RegexRegistryEntry_(new ACLRegexData, "ident_regex");
 +#endif
 +
 +
 +ACL::Prototype ACLProxyAuth::UserRegistryProtoype(&ACLProxyAuth::UserRegistryEntry_, "proxy_auth");
 +ACLProxyAuth ACLProxyAuth::UserRegistryEntry_(new ACLUserData, "proxy_auth");
 +ACL::Prototype ACLProxyAuth::RegexRegistryProtoype(&ACLProxyAuth::RegexRegistryEntry_, "proxy_auth_regex" );
 +ACLProxyAuth ACLProxyAuth::RegexRegistryEntry_(new ACLRegexData, "proxy_auth_regex");
 +
 +ACL::Prototype ACLMaxUserIP::RegistryProtoype(&ACLMaxUserIP::RegistryEntry_, "max_user_ip");
 +ACLMaxUserIP ACLMaxUserIP::RegistryEntry_("max_user_ip");
++
++ACL::Prototype ACLTag::RegistryProtoype(&ACLTag::RegistryEntry_, "tag");
++ACLStrategised<const char *> ACLTag::RegistryEntry_(new ACLStringData, ACLTagStrategy::Instance(), "tag");
diff --cc src/acl/Makefile.am
index 41cbceedcc,0000000000..728563d0ea
mode 100644,000000..100644
--- a/src/acl/Makefile.am
+++ b/src/acl/Makefile.am
@@@ -1,142 -1,0 +1,144 @@@
 +include $(top_srcdir)/src/Common.am
 +include $(top_srcdir)/src/TestHeaders.am
 +
 +noinst_LTLIBRARIES = libapi.la libstate.la libacls.la
 +
 +## General data-independent ACL API
 +libapi_la_SOURCES = \
 +	Acl.cc \
 +	Acl.h \
 +	Checklist.cc \
 +	Checklist.h
 +
 +## Data-dependent Squid/transaction state used by specific ACLs.
 +## Does not refer to specific ACLs to avoid circular dependencies.
 +libstate_la_SOURCES = \
 +	Data.h \
 +	Strategy.h \
 +	Strategised.cc \
 +	Strategised.h \
 +	\
 +	FilledChecklist.cc \
 +	FilledChecklist.h
 +
 +## data-specific ACLs
 +libacls_la_SOURCES = \
 +	IntRange.cc \
 +	IntRange.h \
 +	RegexData.cc \
 +	RegexData.h \
 +	StringData.cc \
 +	StringData.h \
 +	Time.cc \
 +	Time.h \
 +	TimeData.cc \
 +	TimeData.h \
 +	\
 +	Asn.cc \
 +	Asn.h \
 +	Browser.cc \
 +	Browser.h \
 +	DestinationAsn.h \
 +	DestinationDomain.cc \
 +	DestinationDomain.h \
 +	DestinationIp.cc \
 +	DestinationIp.h \
 +	DomainData.cc \
 +	DomainData.h \
 +	ExtUser.cc \
 +	ExtUser.h \
 +	HttpHeaderData.cc \
 +	HttpHeaderData.h \
 +	HttpRepHeader.cc \
 +	HttpRepHeader.h \
 +	HttpReqHeader.cc \
 +	HttpReqHeader.h \
 +	HttpStatus.cc \
 +	HttpStatus.h \
 +	Ip.cc \
 +	Ip.h \
 +	MaxConnection.cc \
 +	MaxConnection.h \
 +	Method.cc \
 +	MethodData.cc \
 +	MethodData.h \
 +	Method.h \
 +	MyIp.cc \
 +	MyIp.h \
 +	MyPort.cc \
 +	MyPort.h \
 +	MyPortName.cc \
 +	MyPortName.h \
 +	PeerName.cc \
 +	PeerName.h \
 +	Protocol.cc \
 +	ProtocolData.cc \
 +	ProtocolData.h \
 +	Protocol.h \
 +	Referer.cc \
 +	Referer.h \
 +	ReplyHeaderStrategy.h \
 +	ReplyMimeType.cc \
 +	ReplyMimeType.h \
 +	RequestHeaderStrategy.h \
 +	RequestMimeType.cc \
 +	RequestMimeType.h \
 +	SourceAsn.h \
 +	SourceDomain.cc \
 +	SourceDomain.h \
 +	SourceIp.cc \
 +	SourceIp.h \
++	Tag.cc \
++	Tag.h \
 +	Url.cc \
 +	Url.h \
 +	UrlPath.cc \
 +	UrlPath.h \
 +	UrlPort.cc \
 +	UrlPort.h \
 +	UserData.cc \
 +	UserData.h \
 +	\
 +	Gadgets.cc \
 +	Gadgets.h
 +
 +## Add conditional sources
 +## TODO: move these to their respectful dirs when those dirs are created
 +
 +EXTRA_libacls_la_SOURCES =
 +
 +SSL_ACLS = \
 +        CertificateData.cc \
 +        CertificateData.h  \
 +        Certificate.cc \
 +        Certificate.h  \
 +        SslError.cc \
 +        SslError.h \
 +        SslErrorData.cc \
 +        SslErrorData.h
 +
 +if ENABLE_SSL
 +libacls_la_SOURCES += $(SSL_ACLS)
 +endif
 +
 +EXTRA_libacls_la_SOURCES += $(SSL_ACLS)
 +
 +
 +ARP_ACLS = Arp.cc Arp.h
 +
 +if ENABLE_ARP_ACL
 +libacls_la_SOURCES += $(ARP_ACLS)
 +endif
 +
 +EXTRA_libacls_la_SOURCES += $(ARP_ACLS)
 +
 +
 +IDENT_ACLS = Ident.cc Ident.h
 +
 +if ENABLE_IDENT
 +libacls_la_SOURCES += $(IDENT_ACLS)
 +endif
 +
 +EXTRA_libacls_la_SOURCES += $(IDENT_ACLS)
 +
 +
diff --cc src/acl/Tag.cc
index 0000000000,e63a7f0306..e63a7f0306
mode 000000,100644..100644
--- a/src/acl/Tag.cc
+++ b/src/acl/Tag.cc
diff --cc src/acl/Tag.h
index 0000000000,bce969aac4..bce969aac4
mode 000000,100644..100644
--- a/src/acl/Tag.h
+++ b/src/acl/Tag.h