From: Alex Rousskov Date: Sun, 8 Mar 2009 21:57:12 +0000 (-0600) Subject: Synced #includes after moving files around. X-Git-Tag: SQUID_3_2_0_1~1111^2~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c0941a6af6ff018bcc99c5b9c0f544bd9cef7958;p=thirdparty%2Fsquid.git Synced #includes after moving files around. Use newly added ACLFilledChecklist for fast ACL checks. Its constructor locks request and accessList, simplifying the caller code. Use newly added ACLFilledChecklist for state-specific ACL code. Also, the ACLChecklist::authenticated() method is now an AuthenticateAcl global function. See ACLFilledChecklist addition log for rationale. Context: SourceLayout: acl/, take 1 --- diff --git a/src/DelayId.cc b/src/DelayId.cc index 986c1ec7a1..8337f37a59 100644 --- a/src/DelayId.cc +++ b/src/DelayId.cc @@ -47,7 +47,7 @@ #include "squid.h" #include "DelayId.h" #include "client_side_request.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "DelayPools.h" #include "DelayPool.h" #include "HttpRequest.h" @@ -114,7 +114,7 @@ DelayId::DelayClient(ClientHttpRequest * http) continue; } - ACLChecklist ch; + ACLFilledChecklist ch(DelayPools::delay_data[pool].access, r, NULL); #if FOLLOW_X_FORWARDED_FOR if (Config.onoff.delay_pool_uses_indirect_client) ch.src_addr = r->indirect_client_addr; @@ -126,12 +126,6 @@ DelayId::DelayClient(ClientHttpRequest * http) if (http->getConn() != NULL) ch.conn(http->getConn()); - ch.request = HTTPMSGLOCK(r); - - ch.accessList = cbdataReference(DelayPools::delay_data[pool].access); - - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ - if (DelayPools::delay_data[pool].theComposite().getRaw() && ch.fastCheck()) { DelayId result (pool + 1); diff --git a/src/HttpHeaderTools.cc b/src/HttpHeaderTools.cc index 33ac3d5712..b9fd9f9f68 100644 --- a/src/HttpHeaderTools.cc +++ b/src/HttpHeaderTools.cc @@ -36,7 +36,7 @@ #include "squid.h" #include "HttpHeader.h" #include "HttpHdrContRange.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "MemBuf.h" static void httpHeaderPutStrvf(HttpHeader * hdr, http_hdr_type id, const char *fmt, va_list vargs); @@ -372,7 +372,6 @@ httpHdrMangle(HttpHeaderEntry * e, HttpRequest * request, int req_or_rep) /* check with anonymizer tables */ header_mangler *hm; - ACLChecklist *checklist; assert(e); if (ROR_REQUEST == req_or_rep) { @@ -389,9 +388,9 @@ httpHdrMangle(HttpHeaderEntry * e, HttpRequest * request, int req_or_rep) return 1; } - checklist = aclChecklistCreate(hm->access_list, request, NULL); + ACLFilledChecklist checklist(hm->access_list, request, NULL); - if (checklist->fastCheck()) { + if (checklist.fastCheck()) { /* aclCheckFast returns true for allow. */ retval = 1; } else if (NULL == hm->replacement) { @@ -406,7 +405,6 @@ httpHdrMangle(HttpHeaderEntry * e, HttpRequest * request, int req_or_rep) retval = 1; } - delete checklist; return retval; } diff --git a/src/HttpReply.cc b/src/HttpReply.cc index 42d0c21b18..a6d42d3534 100644 --- a/src/HttpReply.cc +++ b/src/HttpReply.cc @@ -39,7 +39,7 @@ #include "HttpReply.h" #include "HttpHdrContRange.h" #include "HttpHdrSc.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "HttpRequest.h" #include "MemBuf.h" @@ -538,11 +538,10 @@ HttpReply::calcMaxBodySize(HttpRequest& request) return; bodySizeMax = -1; - ACLChecklist ch; + ACLFilledChecklist ch(NULL, &request, NULL); ch.src_addr = request.client_addr; ch.my_addr = request.my_addr; ch.reply = HTTPMSGLOCK(this); // XXX: this lock makes method non-const - ch.request = HTTPMSGLOCK(&request); for (acl_size_t *l = Config.ReplyBodySize; l; l = l -> next) { /* if there is no ACL list or if the ACLs listed match use this size value */ if (!l->aclList || ch.matchAclListFast(l->aclList)) { diff --git a/src/ACLARP.cc b/src/acl/Arp.cc similarity index 99% rename from src/ACLARP.cc rename to src/acl/Arp.cc index 54ab4032f8..0e6f891a63 100644 --- a/src/ACLARP.cc +++ b/src/acl/Arp.cc @@ -73,7 +73,8 @@ struct arpreq { #endif #endif -#include "ACLARP.h" +#include "acl/Arp.h" +#include "acl/FilledChecklist.h" #include "wordlist.h" #if !USE_ARP_ACL @@ -224,8 +225,10 @@ aclParseArpList(SplayNode **curlist) } int -ACLARP::match(ACLChecklist *checklist) +ACLARP::match(ACLChecklist *cl) { + ACLFilledChecklist *checklist = Filled(cl); + /* IPv6 does not do ARP */ if (!checklist->src_addr.IsIPv4()) { debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist->src_addr ); diff --git a/src/ACLDestinationDomain.cc b/src/acl/DestinationDomain.cc similarity index 92% rename from src/ACLDestinationDomain.cc rename to src/acl/DestinationDomain.cc index d732bafbee..09aa9570ae 100644 --- a/src/ACLDestinationDomain.cc +++ b/src/acl/DestinationDomain.cc @@ -35,10 +35,10 @@ */ #include "squid.h" -#include "ACLDestinationDomain.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" -#include "ACLDomainData.h" +#include "acl/DestinationDomain.h" +#include "acl/Checklist.h" +#include "acl/RegexData.h" +#include "acl/DomainData.h" #include "HttpRequest.h" DestinationDomainLookup DestinationDomainLookup::instance_; @@ -50,8 +50,9 @@ DestinationDomainLookup::Instance() } void -DestinationDomainLookup::checkForAsync(ACLChecklist *checklist) const +DestinationDomainLookup::checkForAsync(ACLChecklist *cl) const { + ACLFilledChecklist *checklist = Filled(cl); checklist->asyncInProgress(true); fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist); } @@ -64,7 +65,7 @@ DestinationDomainLookup::LookupDone(const char *fqdn, void *data) checklist->asyncInProgress(false); checklist->changeState (ACLChecklist::NullState::Instance()); - checklist->markDestinationDomainChecked(); + Filled(checklist)->markDestinationDomainChecked(); checklist->check(); } @@ -74,7 +75,7 @@ ACL::Prototype ACLDestinationDomain::RegexRegistryProtoype(&ACLDestinationDomain ACLStrategised ACLDestinationDomain::RegexRegistryEntry_(new ACLRegexData,ACLDestinationDomainStrategy::Instance() ,"dstdom_regex"); int -ACLDestinationDomainStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLDestinationDomainStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { assert(checklist != NULL && checklist->request != NULL); diff --git a/src/ACLDestinationIP.cc b/src/acl/DestinationIp.cc similarity index 90% rename from src/ACLDestinationIP.cc rename to src/acl/DestinationIp.cc index c04ad0e30d..925d518e92 100644 --- a/src/ACLDestinationIP.cc +++ b/src/acl/DestinationIp.cc @@ -34,8 +34,8 @@ */ #include "squid.h" -#include "ACLDestinationIP.h" -#include "ACLChecklist.h" +#include "acl/DestinationIp.h" +#include "acl/FilledChecklist.h" #include "HttpRequest.h" char const * @@ -45,8 +45,9 @@ ACLDestinationIP::typeString() const } int -ACLDestinationIP::match(ACLChecklist *checklist) +ACLDestinationIP::match(ACLChecklist *cl) { + ACLFilledChecklist *checklist = Filled(cl); const ipcache_addrs *ia = ipcache_gethostbyname(checklist->request->GetHost(), IP_LOOKUP_IF_MISS); if (ia) { @@ -77,8 +78,9 @@ DestinationIPLookup::Instance() } void -DestinationIPLookup::checkForAsync(ACLChecklist *checklist)const +DestinationIPLookup::checkForAsync(ACLChecklist *cl)const { + ACLFilledChecklist *checklist = Filled(cl); checklist->asyncInProgress(true); ipcache_nbgethostbyname(checklist->request->GetHost(), LookupDone, checklist); } @@ -88,7 +90,7 @@ DestinationIPLookup::LookupDone(const ipcache_addrs * ia, void *data) { ACLChecklist *checklist = (ACLChecklist *)data; assert (checklist->asyncState() == DestinationIPLookup::Instance()); - checklist->request->flags.destinationIPLookupCompleted(); + Filled(checklist)->request->flags.destinationIPLookupCompleted(); checklist->asyncInProgress(false); checklist->changeState (ACLChecklist::NullState::Instance()); checklist->check(); diff --git a/src/ACLHTTPStatus.cc b/src/acl/HttpStatus.cc similarity index 97% rename from src/ACLHTTPStatus.cc rename to src/acl/HttpStatus.cc index bf043fdf0a..d7c9731500 100644 --- a/src/ACLHTTPStatus.cc +++ b/src/acl/HttpStatus.cc @@ -40,7 +40,8 @@ #endif #include "squid.h" -#include "ACLHTTPStatus.h" +#include "acl/HttpStatus.h" +#include "acl/FilledChecklist.h" #include "HttpReply.h" #include "wordlist.h" @@ -161,7 +162,7 @@ aclParseHTTPStatusList(SplayNode **curlist) int ACLHTTPStatus::match(ACLChecklist *checklist) { - return aclMatchHTTPStatus(&data, checklist->reply->sline.status); + return aclMatchHTTPStatus(&data, Filled(checklist)->reply->sline.status); } int diff --git a/src/ACLMaxConnection.cc b/src/acl/MaxConnection.cc similarity index 95% rename from src/ACLMaxConnection.cc rename to src/acl/MaxConnection.cc index 274154ce0f..5bc67fb578 100644 --- a/src/ACLMaxConnection.cc +++ b/src/acl/MaxConnection.cc @@ -35,7 +35,8 @@ */ #include "squid.h" -#include "ACLMaxConnection.h" +#include "acl/FilledChecklist.h" +#include "acl/MaxConnection.h" #include "wordlist.h" ACL::Prototype ACLMaxConnection::RegistryProtoype(&ACLMaxConnection::RegistryEntry_, "maxconn"); @@ -95,7 +96,7 @@ ACLMaxConnection::parse() int ACLMaxConnection::match(ACLChecklist *checklist) { - return (clientdbEstablished(checklist->src_addr, 0) > limit ? 1 : 0); + return clientdbEstablished(Filled(checklist)->src_addr, 0) > limit ? 1 : 0; } wordlist * diff --git a/src/ACLMyIP.cc b/src/acl/MyIp.cc similarity index 94% rename from src/ACLMyIP.cc rename to src/acl/MyIp.cc index fedb831315..00729a99c4 100644 --- a/src/ACLMyIP.cc +++ b/src/acl/MyIp.cc @@ -34,8 +34,8 @@ */ #include "squid.h" -#include "ACLMyIP.h" -#include "ACLChecklist.h" +#include "acl/MyIp.h" +#include "acl/FilledChecklist.h" char const * ACLMyIP::typeString() const @@ -46,7 +46,7 @@ ACLMyIP::typeString() const int ACLMyIP::match(ACLChecklist *checklist) { - return ACLIP::match (checklist->my_addr); + return ACLIP::match (Filled(checklist)->my_addr); } ACL::Prototype ACLMyIP::RegistryProtoype(&ACLMyIP::RegistryEntry(), "myip"); diff --git a/src/ACLSourceDomain.cc b/src/acl/SourceDomain.cc similarity index 90% rename from src/ACLSourceDomain.cc rename to src/acl/SourceDomain.cc index bb8f522305..997b1638cd 100644 --- a/src/ACLSourceDomain.cc +++ b/src/acl/SourceDomain.cc @@ -35,10 +35,10 @@ */ #include "squid.h" -#include "ACLSourceDomain.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" -#include "ACLDomainData.h" +#include "acl/SourceDomain.h" +#include "acl/Checklist.h" +#include "acl/RegexData.h" +#include "acl/DomainData.h" SourceDomainLookup SourceDomainLookup::instance_; @@ -52,7 +52,7 @@ void SourceDomainLookup::checkForAsync(ACLChecklist *checklist) const { checklist->asyncInProgress(true); - fqdncache_nbgethostbyaddr(checklist->src_addr, LookupDone, checklist); + fqdncache_nbgethostbyaddr(Filled(checklist)->src_addr, LookupDone, checklist); } void @@ -63,7 +63,7 @@ SourceDomainLookup::LookupDone(const char *fqdn, void *data) checklist->asyncInProgress(false); checklist->changeState (ACLChecklist::NullState::Instance()); - checklist->markSourceDomainChecked(); + Filled(checklist)->markSourceDomainChecked(); checklist->check(); } @@ -73,7 +73,7 @@ ACL::Prototype ACLSourceDomain::RegexRegistryProtoype(&ACLSourceDomain::RegexReg ACLStrategised ACLSourceDomain::RegexRegistryEntry_(new ACLRegexData,ACLSourceDomainStrategy::Instance() ,"srcdom_regex"); int -ACLSourceDomainStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLSourceDomainStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { const char *fqdn = NULL; fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS); diff --git a/src/ACLSourceIP.cc b/src/acl/SourceIp.cc similarity index 94% rename from src/ACLSourceIP.cc rename to src/acl/SourceIp.cc index 0b4f939d79..3e275d6d79 100644 --- a/src/ACLSourceIP.cc +++ b/src/acl/SourceIp.cc @@ -34,8 +34,8 @@ */ #include "squid.h" -#include "ACLSourceIP.h" -#include "ACLChecklist.h" +#include "acl/SourceIp.h" +#include "acl/FilledChecklist.h" char const * ACLSourceIP::typeString() const @@ -46,7 +46,7 @@ ACLSourceIP::typeString() const int ACLSourceIP::match(ACLChecklist *checklist) { - return ACLIP::match(checklist->src_addr); + return ACLIP::match(Filled(checklist)->src_addr); } ACL::Prototype ACLSourceIP::RegistryProtoype(&ACLSourceIP::RegistryEntry_, "src"); diff --git a/src/ACLStrategised.cc b/src/acl/Strategised.cc similarity index 91% rename from src/ACLStrategised.cc rename to src/acl/Strategised.cc index 8f73e3b2e7..bda36470b3 100644 --- a/src/ACLStrategised.cc +++ b/src/acl/Strategised.cc @@ -35,11 +35,7 @@ */ #include "squid.h" -#include "ACLStrategised.h" -#include "authenticate.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" -#include "ACLDomainData.h" +#include "acl/Strategised.h" /* * moved template instantiation into ACLStrategized.cc @@ -49,7 +45,7 @@ /* explicit template instantiation required for some systems */ -/* ACLHTTPRepHeader + ACLHTTPReqHeader */ +/* XXX: move to ACLHTTPRepHeader or ACLHTTPReqHeader */ template class ACLStrategised; /* ACLMyPortName + ACLMyPeerName + ACLBrowser */ diff --git a/src/ACLStrategised.h b/src/acl/Strategised.h similarity index 95% rename from src/ACLStrategised.h rename to src/acl/Strategised.h index 0e34464523..a46cfa3f95 100644 --- a/src/ACLStrategised.h +++ b/src/acl/Strategised.h @@ -35,9 +35,10 @@ #ifndef SQUID_ACLSTRATEGISED_H #define SQUID_ACLSTRATEGISED_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLStrategy.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Strategy.h" +#include "acl/FilledChecklist.h" template @@ -147,8 +148,10 @@ ACLStrategised::empty() const template int -ACLStrategised::match(ACLChecklist *checklist) +ACLStrategised::match(ACLChecklist *cl) { + ACLFilledChecklist *checklist = dynamic_cast(cl); + assert(checklist); return matcher->match(data, checklist); } diff --git a/src/ACLStrategy.h b/src/acl/Strategy.h similarity index 92% rename from src/ACLStrategy.h rename to src/acl/Strategy.h index 89f6d40e84..106f800ef5 100644 --- a/src/ACLStrategy.h +++ b/src/acl/Strategy.h @@ -35,10 +35,10 @@ #ifndef SQUID_ACLSTRATEGY_H #define SQUID_ACLSTRATEGY_H -#include "ACL.h" -#include "ACLData.h" -/* Perhaps this should live in ACL? */ +#include "acl/Data.h" + +class ACLFilledChecklist; template @@ -47,7 +47,7 @@ class ACLStrategy public: typedef M MatchType; - virtual int match (ACLData * &, ACLChecklist *) = 0; + virtual int match (ACLData * &, ACLFilledChecklist *) = 0; virtual bool requiresRequest() const {return false;} virtual bool requiresReply() const {return false;} diff --git a/src/ACLTime.h b/src/acl/Time.h similarity index 91% rename from src/ACLTime.h rename to src/acl/Time.h index dbaeb9e5fc..79284651d6 100644 --- a/src/ACLTime.h +++ b/src/acl/Time.h @@ -35,16 +35,17 @@ #ifndef SQUID_ACLTIME_H #define SQUID_ACLTIME_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLChecklist.h" -#include "ACLStrategised.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Strategised.h" + +class ACLChecklist; // XXX: we do not need it class ACLTimeStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); static ACLTimeStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about diff --git a/src/ACLMaxUserIP.cc b/src/auth/AclMaxUserIp.cc similarity index 95% rename from src/ACLMaxUserIP.cc rename to src/auth/AclMaxUserIp.cc index 31aafc4212..0326b8feb4 100644 --- a/src/ACLMaxUserIP.cc +++ b/src/auth/AclMaxUserIp.cc @@ -35,9 +35,10 @@ */ #include "squid.h" -#include "ACLMaxUserIP.h" +#include "acl/FilledChecklist.h" +#include "auth/Acl.h" +#include "auth/AclMaxUserIp.h" #include "auth/UserRequest.h" -#include "authenticate.h" #include "wordlist.h" #include "ConfigParser.h" @@ -152,11 +153,12 @@ ACLMaxUserIP::match(AuthUserRequest * auth_user_request, } int -ACLMaxUserIP::match(ACLChecklist *checklist) +ACLMaxUserIP::match(ACLChecklist *cl) { + ACLFilledChecklist *checklist = Filled(cl); int ti; - if ((ti = checklist->authenticated()) != 1) + if ((ti = AuthenticateAcl(checklist)) != 1) return ti; ti = match(checklist->auth_user_request, checklist->src_addr); diff --git a/src/ACLMaxUserIP.h b/src/auth/AclMaxUserIp.h similarity index 97% rename from src/ACLMaxUserIP.h rename to src/auth/AclMaxUserIp.h index 903e2031ad..dd9d088416 100644 --- a/src/ACLMaxUserIP.h +++ b/src/auth/AclMaxUserIp.h @@ -35,8 +35,10 @@ #ifndef SQUID_ACLMAXUSERIP_H #define SQUID_ACLMAXUSERIP_H -#include "ACL.h" -#include "ACLChecklist.h" +#include "acl/Acl.h" +#include "acl/Checklist.h" + +class AuthUserRequest; /// \ingroup ACLAPI class ACLMaxUserIP : public ACL diff --git a/src/ACLProxyAuth.cc b/src/auth/AclProxyAuth.cc similarity index 90% rename from src/ACLProxyAuth.cc rename to src/auth/AclProxyAuth.cc index e8643cd38b..d4b5748544 100644 --- a/src/ACLProxyAuth.cc +++ b/src/auth/AclProxyAuth.cc @@ -35,13 +35,14 @@ */ #include "squid.h" -#include "ACLProxyAuth.h" -#include "authenticate.h" -#include "ACLChecklist.h" -#include "ACLUserData.h" -#include "ACLRegexData.h" +#include "auth/AclProxyAuth.h" +#include "auth/Gadgets.h" +#include "acl/FilledChecklist.h" +#include "acl/UserData.h" +#include "acl/RegexData.h" #include "client_side.h" #include "HttpRequest.h" +#include "auth/Acl.h" #include "auth/User.h" #include "auth/UserRequest.h" @@ -80,7 +81,7 @@ ACLProxyAuth::match(ACLChecklist *checklist) { int ti; - if ((ti = checklist->authenticated()) != 1) + if ((ti = AuthenticateAcl(checklist)) != 1) return ti; ti = matchProxyAuth(checklist); @@ -133,8 +134,10 @@ ProxyAuthLookup::Instance() } void -ProxyAuthLookup::checkForAsync(ACLChecklist *checklist)const +ProxyAuthLookup::checkForAsync(ACLChecklist *cl)const { + ACLFilledChecklist *checklist = Filled(cl); + checklist->asyncInProgress(true); debugs(28, 3, "ACLChecklist::checkForAsync: checking password via authenticator"); @@ -150,7 +153,8 @@ ProxyAuthLookup::checkForAsync(ACLChecklist *checklist)const void ProxyAuthLookup::LookupDone(void *data, char *result) { - ACLChecklist *checklist = (ACLChecklist *)data; + ACLFilledChecklist *checklist = Filled(static_cast(data)); + assert (checklist->asyncState() == ProxyAuthLookup::Instance()); if (result != NULL) @@ -198,8 +202,9 @@ ACLProxyAuth::clone() const } int -ACLProxyAuth::matchForCache(ACLChecklist *checklist) +ACLProxyAuth::matchForCache(ACLChecklist *cl) { + ACLFilledChecklist *checklist = Filled(cl); assert (checklist->auth_user_request); return data->match(checklist->auth_user_request->username()); } @@ -209,8 +214,9 @@ ACLProxyAuth::matchForCache(ACLChecklist *checklist) * 1 : Authorisation OK. (Matched) */ int -ACLProxyAuth::matchProxyAuth(ACLChecklist *checklist) +ACLProxyAuth::matchProxyAuth(ACLChecklist *cl) { + ACLFilledChecklist *checklist = Filled(cl); checkAuthForCaching(checklist); /* check to see if we have matched the user-acl before */ int result = cacheMatchAcl(&checklist->auth_user_request->user()-> @@ -224,7 +230,7 @@ ACLProxyAuth::checkAuthForCaching(ACLChecklist *checklist)const { /* for completeness */ /* consistent parameters ? */ - assert(authenticateUserAuthenticated(checklist->auth_user_request)); + assert(authenticateUserAuthenticated(Filled(checklist)->auth_user_request)); /* this check completed */ } diff --git a/src/client_side.cc b/src/client_side.cc index 4934d55126..4141f66c94 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -96,7 +96,7 @@ #include "MemObject.h" #include "fde.h" #include "client_side_request.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "ConnectionDetail.h" #include "client_side_reply.h" #include "ClientRequestContext.h" @@ -527,7 +527,7 @@ ClientHttpRequest::logRequest() #endif - ACLChecklist *checklist = clientAclChecklistCreate(Config.accessList.log, this); + ACLFilledChecklist *checklist = clientAclChecklistCreate(Config.accessList.log, this); if (al.reply) checklist->reply = HTTPMSGLOCK(al.reply); @@ -2874,12 +2874,9 @@ httpAccept(int sock, int newfd, ConnectionDetail *details, #if USE_IDENT if (Config.accessList.identLookup) { - ACLChecklist identChecklist; + ACLFilledChecklist identChecklist(Config.accessList.identLookup, NULL, NULL); identChecklist.src_addr = details->peer; identChecklist.my_addr = details->me; - identChecklist.accessList = cbdataReference(Config.accessList.identLookup); - - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ if (identChecklist.fastCheck()) identStart(details->me, details->peer, clientIdentDone, connState); } @@ -3089,12 +3086,9 @@ httpsAccept(int sock, int newfd, ConnectionDetail *details, #if USE_IDENT if (Config.accessList.identLookup) { - ACLChecklist identChecklist; + ACLFilledChecklist identChecklist(Config.accessList.identLookup, NULL, NULL); identChecklist.src_addr = details->peer; identChecklist.my_addr = details->me; - identChecklist.accessList = cbdataReference(Config.accessList.identLookup); - - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ if (identChecklist.fastCheck()) identStart(details->me, details->peer, clientIdentDone, connState); } @@ -3345,12 +3339,12 @@ varyEvaluateMatch(StoreEntry * entry, HttpRequest * request) } } -ACLChecklist * +ACLFilledChecklist * clientAclChecklistCreate(const acl_access * acl, ClientHttpRequest * http) { - ACLChecklist *ch; ConnStateData * conn = http->getConn(); - ch = aclChecklistCreate(acl, http->request, cbdataReferenceValid(conn) && conn != NULL ? conn->rfc931 : dash_str); + ACLFilledChecklist *ch = new ACLFilledChecklist(acl, http->request, + cbdataReferenceValid(conn) && conn != NULL ? conn->rfc931 : dash_str); /* * hack for ident ACL. It needs to get full addresses, and a place to store @@ -3365,7 +3359,7 @@ clientAclChecklistCreate(const acl_access * acl, ClientHttpRequest * http) */ if (conn != NULL) - ch->conn(conn); /* unreferenced in acl.cc */ + ch->conn(conn); /* unreferenced in FilledCheckList.cc */ return ch; } diff --git a/src/client_side_request.cc b/src/client_side_request.cc index f59e386162..39aec87431 100644 --- a/src/client_side_request.cc +++ b/src/client_side_request.cc @@ -48,8 +48,8 @@ #include "auth/UserRequest.h" #include "HttpRequest.h" #include "ProtoPort.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/FilledChecklist.h" +#include "acl/Gadgets.h" #include "client_side.h" #include "client_side_reply.h" #include "Store.h" @@ -1113,12 +1113,9 @@ ClientHttpRequest::sslBumpNeeded() const debugs(85, 5, HERE << "SslBump possible, checking ACL"); - ACLChecklist check; + ACLFilledChecklist check(Config.accessList.ssl_bump, request, NULL); check.src_addr = request->client_addr; check.my_addr = request->my_addr; - check.request = HTTPMSGLOCK(request); - check.accessList = cbdataReference(Config.accessList.ssl_bump); - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ return check.fastCheck() == 1; } @@ -1285,10 +1282,9 @@ ClientHttpRequest::doCallouts() if (!calloutContext->clientside_tos_done) { calloutContext->clientside_tos_done = true; if (getConn() != NULL) { - ACLChecklist ch; + ACLFilledChecklist ch(NULL, request, NULL); ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; - ch.request = HTTPMSGLOCK(request); int tos = aclMapTOS(Config.accessList.clientside_tos, &ch); if (tos) comm_set_tos(getConn()->fd, tos); diff --git a/src/client_side_request.h b/src/client_side_request.h index 0d1cd041c0..485a0a3cdc 100644 --- a/src/client_side_request.h +++ b/src/client_side_request.h @@ -187,7 +187,9 @@ private: /* client http based routines */ SQUIDCEXTERN char *clientConstructTraceEcho(ClientHttpRequest *); -SQUIDCEXTERN ACLChecklist *clientAclChecklistCreate(const acl_access * acl,ClientHttpRequest * http); + +class ACLFilledChecklist; +SQUIDCEXTERN ACLFilledChecklist *clientAclChecklistCreate(const acl_access * acl,ClientHttpRequest * http); SQUIDCEXTERN int clientHttpRequestStatus(int fd, ClientHttpRequest const *http); SQUIDCEXTERN void clientAccessCheck(ClientHttpRequest *); diff --git a/src/external_acl.cc b/src/external_acl.cc index 7948822189..afed604bb8 100644 --- a/src/external_acl.cc +++ b/src/external_acl.cc @@ -48,15 +48,16 @@ #include "SquidTime.h" #include "Store.h" #include "fde.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/FilledChecklist.h" +#include "acl/Acl.h" #if USE_IDENT -#include "ACLIdent.h" +#include "acl/Ident.h" #endif #include "client_side.h" #include "HttpRequest.h" #include "HttpReply.h" -#include "authenticate.h" +#include "auth/Acl.h" +#include "auth/Gadgets.h" #include "helper.h" #include "MemBuf.h" #include "URLScheme.h" @@ -71,7 +72,7 @@ typedef struct _external_acl_format external_acl_format; -static char *makeExternalAclKey(ACLChecklist * ch, external_acl_data * acl_data); +static char *makeExternalAclKey(ACLFilledChecklist * ch, external_acl_data * acl_data); static void external_acl_cache_delete(external_acl * def, external_acl_entry * entry); static int external_acl_entry_expired(external_acl * def, external_acl_entry * entry); static int external_acl_grace_expired(external_acl * def, external_acl_entry * entry); @@ -677,9 +678,7 @@ ACLExternal::~ACLExternal() } static int -aclMatchExternal(external_acl_data *acl, ACLChecklist * ch); -static int -aclMatchExternal(external_acl_data *acl, ACLChecklist * ch) +aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch) { int result; external_acl_entry *entry; @@ -705,7 +704,7 @@ aclMatchExternal(external_acl_data *acl, ACLChecklist * ch) int ti; /* Make sure the user is authenticated */ - if ((ti = ch->authenticated()) != 1) { + if ((ti = AuthenticateAcl(ch)) != 1) { debugs(82, 2, "aclMatchExternal: " << acl->def->name << " user not authenticated (" << ti << ")"); return ti; } @@ -777,7 +776,7 @@ aclMatchExternal(external_acl_data *acl, ACLChecklist * ch) int ACLExternal::match(ACLChecklist *checklist) { - return aclMatchExternal (data, checklist); + return aclMatchExternal (data, Filled(checklist)); } wordlist * @@ -811,7 +810,7 @@ external_acl_cache_touch(external_acl * def, external_acl_entry * entry) } static char * -makeExternalAclKey(ACLChecklist * ch, external_acl_data * acl_data) +makeExternalAclKey(ACLFilledChecklist * ch, external_acl_data * acl_data) { static MemBuf mb; char buf[256]; @@ -1216,7 +1215,7 @@ externalAclHandleReply(void *data, char *reply) } void -ACLExternal::ExternalAclLookup(ACLChecklist * ch, ACLExternal * me, EAH * callback, void *callback_data) +ACLExternal::ExternalAclLookup(ACLChecklist *checklist, ACLExternal * me, EAH * callback, void *callback_data) { MemBuf buf; external_acl_data *acl = me->data; @@ -1226,11 +1225,12 @@ ACLExternal::ExternalAclLookup(ACLChecklist * ch, ACLExternal * me, EAH * callba externalAclState *oldstate = NULL; bool graceful = 0; + ACLFilledChecklist *ch = Filled(checklist); if (acl->def->require_auth) { int ti; /* Make sure the user is authenticated */ - if ((ti = ch->authenticated()) != 1) { + if ((ti = AuthenticateAcl(ch)) != 1) { debugs(82, 1, "externalAclLookup: " << acl->def->name << " user authentication failure (" << ti << ", ch=" << ch << ")"); callback(callback_data, NULL); @@ -1434,7 +1434,7 @@ ExternalACLLookup::checkForAsync(ACLChecklist *checklist)const void ExternalACLLookup::LookupDone(void *data, void *result) { - ACLChecklist *checklist = (ACLChecklist *)data; + ACLFilledChecklist *checklist = Filled(static_cast(data)); checklist->extacl_entry = cbdataReference((external_acl_entry *)result); checklist->asyncInProgress(false); checklist->changeState (ACLChecklist::NullState::Instance()); diff --git a/src/forward.cc b/src/forward.cc index 6cab0929fb..95f21431b6 100644 --- a/src/forward.cc +++ b/src/forward.cc @@ -33,8 +33,8 @@ #include "squid.h" #include "forward.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/FilledChecklist.h" +#include "acl/Gadgets.h" #include "CacheManager.h" #include "event.h" #include "errorpage.h" @@ -205,12 +205,9 @@ FwdState::fwdStart(int client_fd, StoreEntry *entry, HttpRequest *request) /** * Check if this host is allowed to fetch MISSES from us (miss_access) */ - ACLChecklist ch; + ACLFilledChecklist ch(Config.accessList.miss, request, NULL); ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; - ch.request = HTTPMSGLOCK(request); - ch.accessList = cbdataReference(Config.accessList.miss); - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ int answer = ch.fastCheck(); if (answer == 0) { @@ -664,7 +661,7 @@ FwdState::initiateSSL() // Create the ACL check list now, while we have access to more info. // The list is used in ssl_verify_cb() and is freed in ssl_free(). if (acl_access *acl = Config.ssl_client.cert_error) { - ACLChecklist *check = aclChecklistCreate(acl, request, dash_str); + ACLFilledChecklist *check = new ACLFilledChecklist(acl, request, dash_str); check->fd(fd); SSL_set_ex_data(ssl, ssl_ex_index_cert_error_check, check); } @@ -1341,8 +1338,6 @@ aclMapTOS(acl_tos * head, ACLChecklist * ch) IpAddress getOutgoingAddr(HttpRequest * request, struct peer *dst_peer) { - ACLChecklist ch; - if (request && request->flags.spoof_client_ip) return request->client_addr; @@ -1350,12 +1345,12 @@ getOutgoingAddr(HttpRequest * request, struct peer *dst_peer) return IpAddress(); // anything will do. } + ACLFilledChecklist ch(NULL, request, NULL); ch.dst_peer = dst_peer; if (request) { ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; - ch.request = HTTPMSGLOCK(request); } return aclMapAddr(Config.accessList.outgoing_address, &ch); @@ -1364,12 +1359,11 @@ getOutgoingAddr(HttpRequest * request, struct peer *dst_peer) unsigned long getOutgoingTOS(HttpRequest * request) { - ACLChecklist ch; + ACLFilledChecklist ch(NULL, request, NULL); if (request) { ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; - ch.request = HTTPMSGLOCK(request); } return aclMapTOS(Config.accessList.outgoing_tos, &ch); diff --git a/src/htcp.cc b/src/htcp.cc index fe3bbf7b16..ee54e9fae8 100644 --- a/src/htcp.cc +++ b/src/htcp.cc @@ -35,8 +35,8 @@ #include "squid.h" #include "htcp.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/FilledChecklist.h" +#include "acl/Acl.h" #include "SquidTime.h" #include "Store.h" #include "StoreClient.h" @@ -850,12 +850,9 @@ htcpAccessCheck(acl_access * acl, htcpSpecifier * s, IpAddress &from) if (!acl) return 0; - ACLChecklist checklist; + ACLFilledChecklist checklist(acl, s->request, NULL); checklist.src_addr = from; checklist.my_addr.SetNoAddr(); - checklist.request = HTTPMSGLOCK(s->request); - checklist.accessList = cbdataReference(acl); - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ int result = checklist.fastCheck(); return result; } diff --git a/src/http.cc b/src/http.cc index f59de00b26..9f445f4f69 100644 --- a/src/http.cc +++ b/src/http.cc @@ -50,7 +50,7 @@ #include "HttpHdrContRange.h" #include "HttpHdrSc.h" #include "HttpHdrScTarget.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "fde.h" #if DELAY_POOLS #include "DelayPools.h" @@ -1974,13 +1974,8 @@ HttpStateData::doneSendingRequestBody() debugs(11,5, HERE << "doneSendingRequestBody: FD " << fd); #if HTTP_VIOLATIONS - ACLChecklist ch; - ch.request = HTTPMSGLOCK(request); - if (Config.accessList.brokenPosts) { - ch.accessList = cbdataReference(Config.accessList.brokenPosts); - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ - + ACLFilledChecklist ch(Config.accessList.brokenPosts, request, NULL); if (!ch.fastCheck()) { debugs(11, 5, "doneSendingRequestBody: didn't match brokenPosts"); CommIoCbParams io(NULL); diff --git a/src/icp_v2.cc b/src/icp_v2.cc index ec7d8c7f94..350c8f68f8 100644 --- a/src/icp_v2.cc +++ b/src/icp_v2.cc @@ -40,8 +40,8 @@ #include "comm.h" #include "ICP.h" #include "HttpRequest.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/FilledChecklist.h" +#include "acl/Acl.h" #include "AccessLogEntry.h" #include "wordlist.h" #include "SquidTime.h" @@ -409,12 +409,9 @@ icpAccessAllowed(IpAddress &from, HttpRequest * icp_request) if (!Config.accessList.icp) return 0; - ACLChecklist checklist; + ACLFilledChecklist checklist(Config.accessList.icp, icp_request, NULL); checklist.src_addr = from; checklist.my_addr.SetNoAddr(); - checklist.request = HTTPMSGLOCK(icp_request); - checklist.accessList = cbdataReference(Config.accessList.icp); - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ int result = checklist.fastCheck(); return result; } diff --git a/src/neighbors.cc b/src/neighbors.cc index f1f842c366..bfec5cc6e3 100644 --- a/src/neighbors.cc +++ b/src/neighbors.cc @@ -32,7 +32,7 @@ #include "squid.h" #include "ProtoPort.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "event.h" #include "CacheManager.h" #include "htcp.h" @@ -175,18 +175,10 @@ peerAllowedToUse(const peer * p, HttpRequest * request) if (p->access == NULL) return do_ping; - ACLChecklist checklist; - + ACLFilledChecklist checklist(p->access, request, NULL); checklist.src_addr = request->client_addr; - checklist.my_addr = request->my_addr; - checklist.request = HTTPMSGLOCK(request); - - checklist.accessList = cbdataReference(p->access); - - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ - #if 0 && USE_IDENT /* * this is currently broken because 'request->user_ident' has been diff --git a/src/snmp_core.cc b/src/snmp_core.cc index 1a1fb2626f..e46cd49504 100644 --- a/src/snmp_core.cc +++ b/src/snmp_core.cc @@ -32,7 +32,7 @@ #include "squid.h" #include "comm.h" #include "cache_snmp.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "ip/IpAddress.h" #define SNMP_REQUEST_SIZE 4096 @@ -530,11 +530,9 @@ snmpDecodePacket(snmp_request_t * rq) /* Check if we have explicit permission to access SNMP data. * default (set above) is to deny all */ if (Community && Config.accessList.snmp) { - ACLChecklist checklist; - checklist.accessList = cbdataReference(Config.accessList.snmp); + ACLFilledChecklist checklist(Config.accessList.snmp, NULL, NULL); checklist.src_addr = rq->from; checklist.snmp_community = (char *) Community; - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ allow = checklist.fastCheck(); } @@ -1136,15 +1134,15 @@ oid2addr(oid * id, IpAddress &addr, u_int size) } /* SNMP checklists */ -#include "ACLStrategy.h" -#include "ACLStrategised.h" -#include "ACLStringData.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" +#include "acl/StringData.h" class ACLSNMPCommunityStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); static ACLSNMPCommunityStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about @@ -1170,7 +1168,7 @@ ACL::Prototype ACLSNMPCommunity::RegistryProtoype(&ACLSNMPCommunity::RegistryEnt ACLStrategised ACLSNMPCommunity::RegistryEntry_(new ACLStringData, ACLSNMPCommunityStrategy::Instance(), "snmp_community"); int -ACLSNMPCommunityStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLSNMPCommunityStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { return data->match (checklist->snmp_community); } diff --git a/src/ssl_support.cc b/src/ssl_support.cc index 2a824f1e87..1563ee176c 100644 --- a/src/ssl_support.cc +++ b/src/ssl_support.cc @@ -41,7 +41,7 @@ #if USE_SSL #include "fde.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" /** \defgroup ServerProtocolSSLInternal Server-Side SSL Internals @@ -182,7 +182,7 @@ ssl_verify_cb(int ok, X509_STORE_CTX * ctx) debugs(83, 2, "SQUID_X509_V_ERR_DOMAIN_MISMATCH: Certificate " << buffer << " does not match domainname " << server); ok = 0; if (check) - check->ssl_error = SQUID_X509_V_ERR_DOMAIN_MISMATCH; + Filled(check)->ssl_error = SQUID_X509_V_ERR_DOMAIN_MISMATCH; } } } else { @@ -216,7 +216,7 @@ ssl_verify_cb(int ok, X509_STORE_CTX * ctx) } if (check) - check->ssl_error = ctx->error; + Filled(check)->ssl_error = ctx->error; } if (!ok && check) { diff --git a/src/tunnel.cc b/src/tunnel.cc index d2937c44f4..5b6635fc46 100644 --- a/src/tunnel.cc +++ b/src/tunnel.cc @@ -39,7 +39,7 @@ #include "fde.h" #include "comm.h" #include "client_side_request.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #if DELAY_POOLS #include "DelayId.h" #endif @@ -618,12 +618,9 @@ tunnelStart(ClientHttpRequest * http, int64_t * size_ptr, int *status_ptr) * Check if this host is allowed to fetch MISSES from us (miss_access) * default is to allow. */ - ACLChecklist ch; + ACLFilledChecklist ch(Config.accessList.miss, request, NULL); ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; - ch.request = HTTPMSGLOCK(request); - ch.accessList = cbdataReference(Config.accessList.miss); - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ answer = ch.fastCheck(); if (answer == 0) {