From 329c128c374643384d36b2320fa4a0ccf0cd0d72 Mon Sep 17 00:00:00 2001 From: josepjones Date: Fri, 12 Jul 2019 14:09:48 +0000 Subject: [PATCH] Rename allow_t to Acl::Answer (#425) Enact the TODO item asking to rename class to Acl::Answer --- src/ClientRequestContext.h | 6 +++--- src/ExternalACLEntry.h | 4 ++-- src/PeerSelectState.h | 8 ++++---- src/acl/Acl.h | 18 +++++++++++------- src/acl/Checklist.cc | 28 ++++++++++++++-------------- src/acl/Checklist.h | 20 ++++++++++---------- src/acl/Gadgets.cc | 6 +++--- src/acl/Tree.cc | 8 ++++---- src/acl/Tree.h | 12 ++++++------ src/acl/forward.h | 4 ++-- src/adaptation/AccessCheck.cc | 6 +++--- src/adaptation/AccessCheck.h | 4 ++-- src/auth/Acl.cc | 2 +- src/auth/Acl.h | 2 +- src/auth/AclMaxUserIp.cc | 2 +- src/auth/AclProxyAuth.cc | 2 +- src/auth/UserRequest.cc | 2 +- src/cache_cf.cc | 24 ++++++++++++------------ src/client_side.cc | 14 +++++++------- src/client_side_reply.cc | 4 ++-- src/client_side_reply.h | 2 +- src/client_side_request.cc | 26 +++++++++++++------------- src/external_acl.cc | 10 +++++----- src/http/Stream.cc | 2 +- src/peer_select.cc | 8 ++++---- src/ssl/PeekingPeerConnector.cc | 18 +++++++++--------- src/ssl/PeekingPeerConnector.h | 4 ++-- src/tests/stub_libauth_acls.cc | 4 ++-- 28 files changed, 127 insertions(+), 123 deletions(-) diff --git a/src/ClientRequestContext.h b/src/ClientRequestContext.h index 7b89fa2c8e..65b7842c71 100644 --- a/src/ClientRequestContext.h +++ b/src/ClientRequestContext.h @@ -37,13 +37,13 @@ public: void hostHeaderVerifyFailed(const char *A, const char *B); void clientAccessCheck(); void clientAccessCheck2(); - void clientAccessCheckDone(const allow_t &answer); + void clientAccessCheckDone(const Acl::Answer &answer); void clientRedirectStart(); void clientRedirectDone(const Helper::Reply &reply); void clientStoreIdStart(); void clientStoreIdDone(const Helper::Reply &reply); void checkNoCache(); - void checkNoCacheDone(const allow_t &answer); + void checkNoCacheDone(const Acl::Answer &answer); #if USE_ADAPTATION void adaptationAccessCheck(); @@ -56,7 +56,7 @@ public: */ bool sslBumpAccessCheck(); /// The callback function for ssl-bump access check list - void sslBumpAccessCheckDone(const allow_t &answer); + void sslBumpAccessCheckDone(const Acl::Answer &answer); #endif ClientHttpRequest *http; diff --git a/src/ExternalACLEntry.h b/src/ExternalACLEntry.h index c0d070216a..dd05e5fcf6 100644 --- a/src/ExternalACLEntry.h +++ b/src/ExternalACLEntry.h @@ -31,7 +31,7 @@ class ExternalACLEntryData public: ExternalACLEntryData() : result(ACCESS_DUNNO) {} - allow_t result; + Acl::Answer result; /// list of all kv-pairs returned by the helper NotePairs notes; @@ -61,7 +61,7 @@ public: void update(ExternalACLEntryData const &); dlink_node lru; - allow_t result; + Acl::Answer result; time_t date; /// list of all kv-pairs returned by the helper diff --git a/src/PeerSelectState.h b/src/PeerSelectState.h index f168a8158a..640590c3a5 100644 --- a/src/PeerSelectState.h +++ b/src/PeerSelectState.h @@ -104,8 +104,8 @@ protected: #endif int checkNetdbDirect(); - void checkAlwaysDirectDone(const allow_t answer); - void checkNeverDirectDone(const allow_t answer); + void checkAlwaysDirectDone(const Acl::Answer answer); + void checkNeverDirectDone(const Acl::Answer answer); void selectSomeNeighbor(); void selectSomeNeighborReplies(); @@ -124,8 +124,8 @@ protected: static EVH HandlePingTimeout; private: - allow_t always_direct; - allow_t never_direct; + Acl::Answer always_direct; + Acl::Answer never_direct; int direct; // TODO: fold always_direct/never_direct/prefer_direct into this now that ACL can do a multi-state result. size_t foundPaths = 0; ///< number of unique destinations identified so far ErrorState *lastError; diff --git a/src/acl/Acl.h b/src/acl/Acl.h index 45492c9859..29aa60d32a 100644 --- a/src/acl/Acl.h +++ b/src/acl/Acl.h @@ -109,14 +109,16 @@ typedef enum { } aclMatchCode; /// \ingroup ACLAPI -/// ACL check answer; TODO: Rename to Acl::Answer -class allow_t +/// ACL check answer +namespace Acl { + +class Answer { public: - // not explicit: allow "aclMatchCode to allow_t" conversions (for now) - allow_t(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {} + // not explicit: allow "aclMatchCode to Acl::Answer" conversions (for now) + Answer(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {} - allow_t(): code(ACCESS_DUNNO), kind(0) {} + Answer(): code(ACCESS_DUNNO), kind(0) {} bool operator ==(const aclMatchCode aCode) const { return code == aCode; @@ -126,7 +128,7 @@ public: return !(*this == aCode); } - bool operator ==(const allow_t allow) const { + bool operator ==(const Answer allow) const { return code == allow.code && kind == allow.kind; } @@ -153,8 +155,10 @@ public: int kind; ///< which custom access list verb matched }; +} // namespace Acl + inline std::ostream & -operator <<(std::ostream &o, const allow_t a) +operator <<(std::ostream &o, const Acl::Answer a) { switch (a) { case ACCESS_DENIED: diff --git a/src/acl/Checklist.cc b/src/acl/Checklist.cc index 5f6fe8d351..8a5775593f 100644 --- a/src/acl/Checklist.cc +++ b/src/acl/Checklist.cc @@ -55,12 +55,12 @@ ACLChecklist::completeNonBlocking() } void -ACLChecklist::markFinished(const allow_t &finalAnswer, const char *reason) +ACLChecklist::markFinished(const Acl::Answer &finalAnswer, const char *reason) { assert (!finished() && !asyncInProgress()); finished_ = true; - allow_ = finalAnswer; - debugs(28, 3, HERE << this << " answer " << allow_ << " for " << reason); + answer_ = finalAnswer; + debugs(28, 3, HERE << this << " answer " << answer_ << " for " << reason); } /// Called first (and once) by all checks to initialize their state @@ -156,7 +156,7 @@ ACLChecklist::goAsync(AsyncState *state) // ACLFilledChecklist overwrites this to unclock something before we // "delete this" void -ACLChecklist::checkCallback(allow_t answer) +ACLChecklist::checkCallback(Acl::Answer answer) { ACLCB *callback_; void *cbdata_; @@ -181,7 +181,7 @@ ACLChecklist::ACLChecklist() : asyncCaller_(false), occupied_(false), finished_(false), - allow_(ACCESS_DENIED), + answer_(ACCESS_DENIED), asyncStage_(asyncNone), state_(NullState::Instance()), asyncLoopDepth_(0) @@ -304,7 +304,7 @@ ACLChecklist::matchAndFinish() markFinished(accessList->winningAction(), "match"); } -allow_t const & +Acl::Answer const & ACLChecklist::fastCheck(const Acl::Tree * list) { PROF_start(aclCheckFast); @@ -332,7 +332,7 @@ ACLChecklist::fastCheck(const Acl::Tree * list) /* Warning: do not cbdata lock this here - it * may be static or on the stack */ -allow_t const & +Acl::Answer const & ACLChecklist::fastCheck() { PROF_start(aclCheckFast); @@ -370,13 +370,13 @@ ACLChecklist::fastCheck() void ACLChecklist::calcImplicitAnswer() { - const allow_t lastAction = (accessList && cbdataReferenceValid(accessList)) ? - accessList->lastAction() : allow_t(ACCESS_DUNNO); - allow_t implicitRuleAnswer = ACCESS_DUNNO; + const auto lastAction = (accessList && cbdataReferenceValid(accessList)) ? + accessList->lastAction() : Acl::Answer(ACCESS_DUNNO); + auto implicitRuleAnswer = Acl::Answer(ACCESS_DUNNO); if (lastAction == ACCESS_DENIED) // reverse last seen "deny" - implicitRuleAnswer = ACCESS_ALLOWED; + implicitRuleAnswer = Acl::Answer(ACCESS_ALLOWED); else if (lastAction == ACCESS_ALLOWED) // reverse last seen "allow" - implicitRuleAnswer = ACCESS_DENIED; + implicitRuleAnswer = Acl::Answer(ACCESS_DENIED); // else we saw no rules and will respond with ACCESS_DUNNO debugs(28, 3, HERE << this << " NO match found, last action " << @@ -391,7 +391,7 @@ ACLChecklist::callerGone() } bool -ACLChecklist::bannedAction(const allow_t &action) const +ACLChecklist::bannedAction(const Acl::Answer &action) const { const bool found = std::find(bannedActions_.begin(), bannedActions_.end(), action) != bannedActions_.end(); debugs(28, 5, "Action '" << action << "/" << action.kind << (found ? "' is " : "' is not") << " banned"); @@ -399,7 +399,7 @@ ACLChecklist::bannedAction(const allow_t &action) const } void -ACLChecklist::banAction(const allow_t &action) +ACLChecklist::banAction(const Acl::Answer &action) { bannedActions_.push_back(action); } diff --git a/src/acl/Checklist.h b/src/acl/Checklist.h index 9921204025..f9648946a0 100644 --- a/src/acl/Checklist.h +++ b/src/acl/Checklist.h @@ -16,7 +16,7 @@ class HttpRequest; /// ACL checklist callback -typedef void ACLCB(allow_t, void *); +typedef void ACLCB(Acl::Answer, void *); /** \ingroup ACLAPI Base class for maintaining Squid and transaction state for access checks. @@ -109,7 +109,7 @@ public: * * If there are no rules to check at all, the result becomes ACCESS_DUNNO. */ - allow_t const & fastCheck(); + Acl::Answer const & fastCheck(); /** * Perform a blocking (immediate) check whether a list of ACLs matches. @@ -132,7 +132,7 @@ public: * * If there are no ACLs to check at all, the result becomes ACCESS_ALLOWED. */ - allow_t const & fastCheck(const Acl::Tree *list); + Acl::Answer const & fastCheck(const Acl::Tree *list); /// If slow lookups are allowed, switches into "async in progress" state. /// Otherwise, returns false; the caller is expected to handle the failure. @@ -151,14 +151,14 @@ public: bool asyncInProgress() const { return asyncStage_ != asyncNone; } /// called when no more ACLs should be checked; sets the final answer and /// prints a debugging message explaining the reason for that answer - void markFinished(const allow_t &newAnswer, const char *reason); + void markFinished(const Acl::Answer &newAnswer, const char *reason); - const allow_t ¤tAnswer() const { return allow_; } + const Acl::Answer ¤tAnswer() const { return answer_; } /// whether the action is banned or not - bool bannedAction(const allow_t &action) const; + bool bannedAction(const Acl::Answer &action) const; /// add action to the list of banned actions - void banAction(const allow_t &action); + void banAction(const Acl::Answer &action); // XXX: ACLs that need request or reply have to use ACLFilledChecklist and // should do their own checks so that we do not have to povide these two @@ -184,7 +184,7 @@ public: private: /// Calls non-blocking check callback with the answer and destroys self. - void checkCallback(allow_t answer); + void checkCallback(Acl::Answer answer); void matchAndFinish(); @@ -228,7 +228,7 @@ private: /* internal methods */ bool asyncCaller_; ///< whether the caller supports async/slow ACLs bool occupied_; ///< whether a check (fast or non-blocking) is in progress bool finished_; - allow_t allow_; + Acl::Answer answer_; enum AsyncStage { asyncNone, asyncStarting, asyncRunning, asyncFailed }; AsyncStage asyncStage_; @@ -242,7 +242,7 @@ private: /* internal methods */ /// suspended (due to an async lookup) matches() in the ACL tree std::stack matchPath; /// the list of actions which must ignored during acl checks - std::vector bannedActions_; + std::vector bannedActions_; }; #endif /* SQUID_ACLCHECKLIST_H */ diff --git a/src/acl/Gadgets.cc b/src/acl/Gadgets.cc index d04055f19e..bf04eb4d2e 100644 --- a/src/acl/Gadgets.cc +++ b/src/acl/Gadgets.cc @@ -145,11 +145,11 @@ aclParseAccessLine(const char *directive, ConfigParser &, acl_access **treep) return; } - allow_t action = ACCESS_DUNNO; + auto action = Acl::Answer(ACCESS_DUNNO); if (!strcmp(t, "allow")) - action = ACCESS_ALLOWED; + action = Acl::Answer(ACCESS_ALLOWED); else if (!strcmp(t, "deny")) - action = ACCESS_DENIED; + action = Acl::Answer(ACCESS_DENIED); else { debugs(28, DBG_CRITICAL, "aclParseAccessLine: " << cfg_filename << " line " << config_lineno << ": " << config_input_line); debugs(28, DBG_CRITICAL, "aclParseAccessLine: expecting 'allow' or 'deny', got '" << t << "'."); diff --git a/src/acl/Tree.cc b/src/acl/Tree.cc index 3184507918..30d8777b70 100644 --- a/src/acl/Tree.cc +++ b/src/acl/Tree.cc @@ -13,13 +13,13 @@ CBDATA_NAMESPACED_CLASS_INIT(Acl, Tree); -allow_t +Acl::Answer Acl::Tree::winningAction() const { return actionAt(lastMatch_ - nodes.begin()); } -allow_t +Acl::Answer Acl::Tree::lastAction() const { if (actions.empty()) @@ -28,7 +28,7 @@ Acl::Tree::lastAction() const } /// computes action that corresponds to the position of the matched rule -allow_t +Acl::Answer Acl::Tree::actionAt(const Nodes::size_type pos) const { assert(pos < nodes.size()); @@ -41,7 +41,7 @@ Acl::Tree::actionAt(const Nodes::size_type pos) const } void -Acl::Tree::add(ACL *rule, const allow_t &action) +Acl::Tree::add(ACL *rule, const Acl::Answer &action) { // either all rules have actions or none assert(nodes.size() == actions.size()); diff --git a/src/acl/Tree.h b/src/acl/Tree.h index b628280518..88fefc1ac3 100644 --- a/src/acl/Tree.h +++ b/src/acl/Tree.h @@ -30,27 +30,27 @@ public: SBufList treeDump(const char *name, ActionToStringConverter converter) const; /// Returns the corresponding action after a successful tree match. - allow_t winningAction() const; + Answer winningAction() const; /// what action to use if no nodes matched - allow_t lastAction() const; + Answer lastAction() const; /// appends and takes control over the rule with a given action - void add(ACL *rule, const allow_t &action); + void add(ACL *rule, const Answer &action); void add(ACL *rule); ///< same as InnerNode::add() protected: /// Acl::OrNode API virtual bool bannedAction(ACLChecklist *, Nodes::const_iterator) const override; - allow_t actionAt(const Nodes::size_type pos) const; + Answer actionAt(const Nodes::size_type pos) const; /// if not empty, contains actions corresponding to InnerNode::nodes - typedef std::vector Actions; + typedef std::vector Actions; Actions actions; }; inline const char * -AllowOrDeny(const allow_t &action) +AllowOrDeny(const Answer &action) { return action.allowed() ? "allow" : "deny"; } diff --git a/src/acl/forward.h b/src/acl/forward.h index a0bbd1e1b1..e5c4fee884 100644 --- a/src/acl/forward.h +++ b/src/acl/forward.h @@ -23,6 +23,7 @@ namespace Acl { class Address; +class Answer; class InnerNode; class NotNode; class AndNode; @@ -34,8 +35,7 @@ void Init(void); } // namespace Acl -class allow_t; -typedef void ACLCB(allow_t, void *); +typedef void ACLCB(Acl::Answer, void *); #define ACL_NAME_SZ 64 diff --git a/src/adaptation/AccessCheck.cc b/src/adaptation/AccessCheck.cc index 6b9797e766..8d847769d3 100644 --- a/src/adaptation/AccessCheck.cc +++ b/src/adaptation/AccessCheck.cc @@ -149,7 +149,7 @@ Adaptation::AccessCheck::checkCandidates() } void -Adaptation::AccessCheck::AccessCheckCallbackWrapper(allow_t answer, void *data) +Adaptation::AccessCheck::AccessCheckCallbackWrapper(Acl::Answer answer, void *data) { debugs(93, 8, HERE << "callback answer=" << answer); AccessCheck *ac = (AccessCheck*)data; @@ -160,7 +160,7 @@ Adaptation::AccessCheck::AccessCheckCallbackWrapper(allow_t answer, void *data) */ // convert to async call to get async call protections and features - typedef UnaryMemFunT MyDialer; + typedef UnaryMemFunT MyDialer; AsyncCall::Pointer call = asyncCall(93,7, "Adaptation::AccessCheck::noteAnswer", MyDialer(ac, &Adaptation::AccessCheck::noteAnswer, answer)); @@ -170,7 +170,7 @@ Adaptation::AccessCheck::AccessCheckCallbackWrapper(allow_t answer, void *data) /// process the results of the ACL check void -Adaptation::AccessCheck::noteAnswer(allow_t answer) +Adaptation::AccessCheck::noteAnswer(Acl::Answer answer) { Must(!candidates.empty()); // the candidate we were checking must be there debugs(93,5, HERE << topCandidate() << " answer=" << answer); diff --git a/src/adaptation/AccessCheck.h b/src/adaptation/AccessCheck.h index 90681d9978..eb7edc8dee 100644 --- a/src/adaptation/AccessCheck.h +++ b/src/adaptation/AccessCheck.h @@ -59,8 +59,8 @@ private: public: void checkCandidates(); - static void AccessCheckCallbackWrapper(allow_t, void*); - void noteAnswer(allow_t answer); + static void AccessCheckCallbackWrapper(Acl::Answer, void*); + void noteAnswer(Acl::Answer answer); protected: // AsyncJob API diff --git a/src/auth/Acl.cc b/src/auth/Acl.cc index 25f1fd3d9a..143724aecb 100644 --- a/src/auth/Acl.cc +++ b/src/auth/Acl.cc @@ -24,7 +24,7 @@ * \retval ACCESS_DENIED user not authorized * \retval ACCESS_ALLOWED user authenticated and authorized */ -allow_t +Acl::Answer AuthenticateAcl(ACLChecklist *ch) { ACLFilledChecklist *checklist = Filled(ch); diff --git a/src/auth/Acl.h b/src/auth/Acl.h index 1bdf225130..4e9214793d 100644 --- a/src/auth/Acl.h +++ b/src/auth/Acl.h @@ -19,7 +19,7 @@ class ACLChecklist; /// \ingroup AuthAPI -allow_t AuthenticateAcl(ACLChecklist *ch); +Acl::Answer AuthenticateAcl(ACLChecklist *ch); #endif /* USE_AUTH */ #endif /* SQUID_AUTH_ACL_H */ diff --git a/src/auth/AclMaxUserIp.cc b/src/auth/AclMaxUserIp.cc index 72dc1fe283..dd037ad88e 100644 --- a/src/auth/AclMaxUserIp.cc +++ b/src/auth/AclMaxUserIp.cc @@ -122,7 +122,7 @@ int ACLMaxUserIP::match(ACLChecklist *cl) { ACLFilledChecklist *checklist = Filled(cl); - allow_t answer = AuthenticateAcl(checklist); + auto answer = AuthenticateAcl(checklist); int ti; // convert to tri-state ACL match 1,0,-1 diff --git a/src/auth/AclProxyAuth.cc b/src/auth/AclProxyAuth.cc index 14c52ffec3..4316e17fb9 100644 --- a/src/auth/AclProxyAuth.cc +++ b/src/auth/AclProxyAuth.cc @@ -65,7 +65,7 @@ ACLProxyAuth::parse() int ACLProxyAuth::match(ACLChecklist *checklist) { - allow_t answer = AuthenticateAcl(checklist); + auto answer = AuthenticateAcl(checklist); // convert to tri-state ACL match 1,0,-1 switch (answer) { diff --git a/src/auth/UserRequest.cc b/src/auth/UserRequest.cc index 040484b99d..5062c613c4 100644 --- a/src/auth/UserRequest.cc +++ b/src/auth/UserRequest.cc @@ -468,7 +468,7 @@ schemesConfig(HttpRequest *request, HttpReply *rep) ACLFilledChecklist ch(NULL, request, NULL); ch.reply = rep; HTTPMSGLOCK(ch.reply); - const allow_t answer = ch.fastCheck(Auth::TheConfig.schemeAccess); + const auto answer = ch.fastCheck(Auth::TheConfig.schemeAccess); if (answer.allowed()) return Auth::TheConfig.schemeLists.at(answer.kind).authConfigs; } diff --git a/src/cache_cf.cc b/src/cache_cf.cc index 4402486d3b..ff1b0e6833 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -242,7 +242,7 @@ static void free_configuration_includes_quoted_values(bool *recognizeQuotedValue static void parse_on_unsupported_protocol(acl_access **access); static void dump_on_unsupported_protocol(StoreEntry *entry, const char *name, acl_access *access); static void free_on_unsupported_protocol(acl_access **access); -static void ParseAclWithAction(acl_access **access, const allow_t &action, const char *desc, ACL *acl = nullptr); +static void ParseAclWithAction(acl_access **access, const Acl::Answer &action, const char *desc, ACL *acl = nullptr); /* * LegacyParser is a parser for legacy code that uses the global @@ -1884,7 +1884,7 @@ parse_AuthSchemes(acl_access **authSchemes) return; } Auth::TheConfig.schemeLists.emplace_back(tok, ConfigParser::LastTokenWasQuoted()); - const allow_t action = allow_t(ACCESS_ALLOWED, Auth::TheConfig.schemeLists.size() - 1); + const auto action = Acl::Answer(ACCESS_ALLOWED, Auth::TheConfig.schemeLists.size() - 1); ParseAclWithAction(authSchemes, action, "auth_schemes"); } @@ -1899,7 +1899,7 @@ static void dump_AuthSchemes(StoreEntry *entry, const char *name, acl_access *authSchemes) { if (authSchemes) - dump_SBufList(entry, authSchemes->treeDump(name, [](const allow_t &action) { + dump_SBufList(entry, authSchemes->treeDump(name, [](const Acl::Answer &action) { return Auth::TheConfig.schemeLists.at(action.kind).rawSchemes; })); } @@ -1907,7 +1907,7 @@ dump_AuthSchemes(StoreEntry *entry, const char *name, acl_access *authSchemes) #endif /* USE_AUTH */ static void -ParseAclWithAction(acl_access **access, const allow_t &action, const char *desc, ACL *acl) +ParseAclWithAction(acl_access **access, const Acl::Answer &action, const char *desc, ACL *acl) { assert(access); SBuf name; @@ -4652,7 +4652,7 @@ static void parse_sslproxy_ssl_bump(acl_access **ssl_bump) sslBumpCfgRr::lastDeprecatedRule = Ssl::bumpEnd; } - allow_t action = allow_t(ACCESS_ALLOWED); + auto action = Acl::Answer(ACCESS_ALLOWED); if (strcmp(bm, Ssl::BumpModeStr[Ssl::bumpClientFirst]) == 0) { action.kind = Ssl::bumpClientFirst; @@ -4715,7 +4715,7 @@ static void parse_sslproxy_ssl_bump(acl_access **ssl_bump) static void dump_sslproxy_ssl_bump(StoreEntry *entry, const char *name, acl_access *ssl_bump) { if (ssl_bump) - dump_SBufList(entry, ssl_bump->treeDump(name, [](const allow_t &action) { + dump_SBufList(entry, ssl_bump->treeDump(name, [](const Acl::Answer &action) { return Ssl::BumpModeStr.at(action.kind); })); } @@ -4811,7 +4811,7 @@ static void free_note(Notes *notes) static bool FtpEspvDeprecated = false; static void parse_ftp_epsv(acl_access **ftp_epsv) { - allow_t ftpEpsvDeprecatedAction; + Acl::Answer ftpEpsvDeprecatedAction; bool ftpEpsvIsDeprecatedRule = false; char *t = ConfigParser::PeekAtToken(); @@ -4823,11 +4823,11 @@ static void parse_ftp_epsv(acl_access **ftp_epsv) if (!strcmp(t, "off")) { (void)ConfigParser::NextToken(); ftpEpsvIsDeprecatedRule = true; - ftpEpsvDeprecatedAction = allow_t(ACCESS_DENIED); + ftpEpsvDeprecatedAction = Acl::Answer(ACCESS_DENIED); } else if (!strcmp(t, "on")) { (void)ConfigParser::NextToken(); ftpEpsvIsDeprecatedRule = true; - ftpEpsvDeprecatedAction = allow_t(ACCESS_ALLOWED); + ftpEpsvDeprecatedAction = Acl::Answer(ACCESS_ALLOWED); } // Check for mixing "ftp_epsv on|off" and "ftp_epsv allow|deny .." rules: @@ -4846,7 +4846,7 @@ static void parse_ftp_epsv(acl_access **ftp_epsv) delete *ftp_epsv; *ftp_epsv = nullptr; - if (ftpEpsvDeprecatedAction == allow_t(ACCESS_DENIED)) { + if (ftpEpsvDeprecatedAction == Acl::Answer(ACCESS_DENIED)) { if (ACL *a = ACL::FindByName("all")) ParseAclWithAction(ftp_epsv, ftpEpsvDeprecatedAction, "ftp_epsv", a); else { @@ -4976,7 +4976,7 @@ parse_on_unsupported_protocol(acl_access **access) return; } - allow_t action = allow_t(ACCESS_ALLOWED); + auto action = Acl::Answer(ACCESS_ALLOWED); if (strcmp(tm, "tunnel") == 0) action.kind = 1; else if (strcmp(tm, "respond") == 0) @@ -5000,7 +5000,7 @@ dump_on_unsupported_protocol(StoreEntry *entry, const char *name, acl_access *ac "respond" }; if (access) { - SBufList lines = access->treeDump(name, [](const allow_t &action) { + SBufList lines = access->treeDump(name, [](const Acl::Answer &action) { return onErrorTunnelMode.at(action.kind); }); dump_SBufList(entry, lines); diff --git a/src/client_side.cc b/src/client_side.cc index 4b885ce992..4c7ee1e6a0 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -1566,7 +1566,7 @@ clientTunnelOnError(ConnStateData *conn, Http::StreamPointer &context, HttpReque ClientHttpRequest *http = context ? context->http : nullptr; const char *log_uri = http ? http->log_uri : nullptr; checklist.syncAle(request.getRaw(), log_uri); - allow_t answer = checklist.fastCheck(); + auto answer = checklist.fastCheck(); if (answer.allowed() && answer.kind == 1) { debugs(33, 3, "Request will be tunneled to server"); if (context) { @@ -2283,7 +2283,7 @@ ConnStateData::whenClientIpKnown() /* pools require explicit 'allow' to assign a client into them */ if (pools[pool]->access) { ch.changeAcl(pools[pool]->access); - allow_t answer = ch.fastCheck(); + auto answer = ch.fastCheck(); if (answer.allowed()) { /* request client information from db after we did all checks @@ -2544,7 +2544,7 @@ httpsEstablish(ConnStateData *connState, const Security::ContextPointer &ctx) * A callback function to use with the ACLFilledChecklist callback. */ static void -httpsSslBumpAccessCheckDone(allow_t answer, void *data) +httpsSslBumpAccessCheckDone(Acl::Answer answer, void *data) { ConnStateData *connState = (ConnStateData *) data; @@ -3023,7 +3023,7 @@ ConnStateData::parseTlsHandshake() } } -void httpsSslBumpStep2AccessCheckDone(allow_t answer, void *data) +void httpsSslBumpStep2AccessCheckDone(Acl::Answer answer, void *data) { ConnStateData *connState = (ConnStateData *) data; @@ -3103,9 +3103,9 @@ ConnStateData::startPeekAndSplice() acl_checklist->al = http ? http->al : nullptr; //acl_checklist->src_addr = params.conn->remote; //acl_checklist->my_addr = s->s; - acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpNone)); - acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpClientFirst)); - acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpServerFirst)); + acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpNone)); + acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpClientFirst)); + acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpServerFirst)); const char *log_uri = http ? http->log_uri : nullptr; acl_checklist->syncAle(sslServerBump->request.getRaw(), log_uri); acl_checklist->nonBlockingCheck(httpsSslBumpStep2AccessCheckDone, this); diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc index eb8fd5e169..7d7fc75ce8 100644 --- a/src/client_side_reply.cc +++ b/src/client_side_reply.cc @@ -2067,14 +2067,14 @@ clientReplyContext::processReplyAccess () } void -clientReplyContext::ProcessReplyAccessResult(allow_t rv, void *voidMe) +clientReplyContext::ProcessReplyAccessResult(Acl::Answer rv, void *voidMe) { clientReplyContext *me = static_cast(voidMe); me->processReplyAccessResult(rv); } void -clientReplyContext::processReplyAccessResult(const allow_t &accessAllowed) +clientReplyContext::processReplyAccessResult(const Acl::Answer &accessAllowed) { debugs(88, 2, "The reply for " << http->request->method << ' ' << http->uri << " is " << accessAllowed << ", because it matched " diff --git a/src/client_side_reply.h b/src/client_side_reply.h index 761adbace7..edd151305e 100644 --- a/src/client_side_reply.h +++ b/src/client_side_reply.h @@ -115,7 +115,7 @@ private: HttpReply *reply; void processReplyAccess(); static ACLCB ProcessReplyAccessResult; - void processReplyAccessResult(const allow_t &accessAllowed); + void processReplyAccessResult(const Acl::Answer &accessAllowed); void cloneReply(); void buildReplyHeader (); bool alwaysAllowResponse(Http::StatusCode sline) const; diff --git a/src/client_side_request.cc b/src/client_side_request.cc index 57b8d336e2..4339d6bb50 100644 --- a/src/client_side_request.cc +++ b/src/client_side_request.cc @@ -81,7 +81,7 @@ static const char *const crlf = "\r\n"; #if FOLLOW_X_FORWARDED_FOR -static void clientFollowXForwardedForCheck(allow_t answer, void *data); +static void clientFollowXForwardedForCheck(Acl::Answer answer, void *data); #endif /* FOLLOW_X_FORWARDED_FOR */ ErrorState *clientBuildError(err_type, Http::StatusCode, char const *url, Ip::Address &, HttpRequest *, const AccessLogEntry::Pointer &); @@ -90,15 +90,15 @@ CBDATA_CLASS_INIT(ClientRequestContext); /* Local functions */ /* other */ -static void clientAccessCheckDoneWrapper(allow_t, void *); +static void clientAccessCheckDoneWrapper(Acl::Answer, void *); #if USE_OPENSSL -static void sslBumpAccessCheckDoneWrapper(allow_t, void *); +static void sslBumpAccessCheckDoneWrapper(Acl::Answer, void *); #endif static int clientHierarchical(ClientHttpRequest * http); static void clientInterpretRequestHeaders(ClientHttpRequest * http); static HLPCB clientRedirectDoneWrapper; static HLPCB clientStoreIdDoneWrapper; -static void checkNoCacheDoneWrapper(allow_t, void *); +static void checkNoCacheDoneWrapper(Acl::Answer, void *); SQUIDCEXTERN CSR clientGetMoreData; SQUIDCEXTERN CSS clientReplyStatus; SQUIDCEXTERN CSD clientReplyDetach; @@ -437,7 +437,7 @@ ClientRequestContext::httpStateIsValid() * ++ indirect_client_addr contains the remote direct client from the trusted peers viewpoint. */ static void -clientFollowXForwardedForCheck(allow_t answer, void *data) +clientFollowXForwardedForCheck(Acl::Answer answer, void *data) { ClientRequestContext *calloutContext = (ClientRequestContext *) data; @@ -727,7 +727,7 @@ ClientRequestContext::clientAccessCheck2() } void -clientAccessCheckDoneWrapper(allow_t answer, void *data) +clientAccessCheckDoneWrapper(Acl::Answer answer, void *data) { ClientRequestContext *calloutContext = (ClientRequestContext *) data; @@ -738,7 +738,7 @@ clientAccessCheckDoneWrapper(allow_t answer, void *data) } void -ClientRequestContext::clientAccessCheckDone(const allow_t &answer) +ClientRequestContext::clientAccessCheckDone(const Acl::Answer &answer) { acl_checklist = NULL; err_type page_id; @@ -860,7 +860,7 @@ ClientHttpRequest::noteAdaptationAclCheckDone(Adaptation::ServiceGroupPointer g) #endif static void -clientRedirectAccessCheckDone(allow_t answer, void *data) +clientRedirectAccessCheckDone(Acl::Answer answer, void *data) { ClientRequestContext *context = (ClientRequestContext *)data; ClientHttpRequest *http = context->http; @@ -891,7 +891,7 @@ ClientRequestContext::clientRedirectStart() * Will handle as "ERR" (no change) in a case Access is not allowed. */ static void -clientStoreIdAccessCheckDone(allow_t answer, void *data) +clientStoreIdAccessCheckDone(Acl::Answer answer, void *data) { ClientRequestContext *context = static_cast(data); ClientHttpRequest *http = context->http; @@ -1375,7 +1375,7 @@ ClientRequestContext::checkNoCache() } static void -checkNoCacheDoneWrapper(allow_t answer, void *data) +checkNoCacheDoneWrapper(Acl::Answer answer, void *data) { ClientRequestContext *calloutContext = (ClientRequestContext *) data; @@ -1386,7 +1386,7 @@ checkNoCacheDoneWrapper(allow_t answer, void *data) } void -ClientRequestContext::checkNoCacheDone(const allow_t &answer) +ClientRequestContext::checkNoCacheDone(const Acl::Answer &answer) { acl_checklist = NULL; if (answer.denied()) { @@ -1473,7 +1473,7 @@ ClientRequestContext::sslBumpAccessCheck() * as ACLFilledChecklist callback */ static void -sslBumpAccessCheckDoneWrapper(allow_t answer, void *data) +sslBumpAccessCheckDoneWrapper(Acl::Answer answer, void *data) { ClientRequestContext *calloutContext = static_cast(data); @@ -1483,7 +1483,7 @@ sslBumpAccessCheckDoneWrapper(allow_t answer, void *data) } void -ClientRequestContext::sslBumpAccessCheckDone(const allow_t &answer) +ClientRequestContext::sslBumpAccessCheckDone(const Acl::Answer &answer) { if (!httpStateIsValid()) return; diff --git a/src/external_acl.cc b/src/external_acl.cc index 5799c0fc63..5b4bc69c96 100644 --- a/src/external_acl.cc +++ b/src/external_acl.cc @@ -84,7 +84,7 @@ public: void trimCache(); - bool maybeCacheable(const allow_t &) const; + bool maybeCacheable(const Acl::Answer &) const; int ttl; @@ -465,7 +465,7 @@ external_acl::trimCache() } bool -external_acl::maybeCacheable(const allow_t &result) const +external_acl::maybeCacheable(const Acl::Answer &result) const { if (cache_size <= 0) return false; // cache is disabled @@ -594,7 +594,7 @@ copyResultsFromEntry(HttpRequest *req, const ExternalACLEntryPointer &entry) } } -static allow_t +static Acl::Answer aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch) { debugs(82, 9, HERE << "acl=\"" << acl->def->name << "\""); @@ -631,7 +631,7 @@ aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch) if (acl->def->require_auth) { /* Make sure the user is authenticated */ debugs(82, 3, HERE << acl->def->name << " check user authenticated."); - const allow_t ti = AuthenticateAcl(ch); + const auto ti = AuthenticateAcl(ch); if (!ti.allowed()) { debugs(82, 2, HERE << acl->def->name << " user not authenticated (" << ti << ")"); return ti; @@ -705,7 +705,7 @@ aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch) int ACLExternal::match(ACLChecklist *checklist) { - allow_t answer = aclMatchExternal(data, Filled(checklist)); + auto answer = aclMatchExternal(data, Filled(checklist)); // convert to tri-state ACL match 1,0,-1 switch (answer) { diff --git a/src/http/Stream.cc b/src/http/Stream.cc index db25584845..1cd7c68deb 100644 --- a/src/http/Stream.cc +++ b/src/http/Stream.cc @@ -295,7 +295,7 @@ Http::Stream::sendStartOfMessage(HttpReply *rep, StoreIOBuffer bodyData) std::unique_ptr chl(clientAclChecklistCreate(pool->access, http)); chl->reply = rep; HTTPMSGLOCK(chl->reply); - const allow_t answer = chl->fastCheck(); + const auto answer = chl->fastCheck(); if (answer.allowed()) { writeQuotaHandler = pool->createBucket(); fd_table[clientConnection->fd].writeQuotaHandler = writeQuotaHandler; diff --git a/src/peer_select.cc b/src/peer_select.cc index 2a265003de..7bfb91b865 100644 --- a/src/peer_select.cc +++ b/src/peer_select.cc @@ -198,7 +198,7 @@ PeerSelectionInitiator::startSelectingDestinations(HttpRequest *request, const A } void -PeerSelector::checkNeverDirectDone(const allow_t answer) +PeerSelector::checkNeverDirectDone(const Acl::Answer answer) { acl_checklist = nullptr; debugs(44, 3, answer); @@ -220,13 +220,13 @@ PeerSelector::checkNeverDirectDone(const allow_t answer) } void -PeerSelector::CheckNeverDirectDone(allow_t answer, void *data) +PeerSelector::CheckNeverDirectDone(Acl::Answer answer, void *data) { static_cast(data)->checkNeverDirectDone(answer); } void -PeerSelector::checkAlwaysDirectDone(const allow_t answer) +PeerSelector::checkAlwaysDirectDone(const Acl::Answer answer) { acl_checklist = nullptr; debugs(44, 3, answer); @@ -248,7 +248,7 @@ PeerSelector::checkAlwaysDirectDone(const allow_t answer) } void -PeerSelector::CheckAlwaysDirectDone(allow_t answer, void *data) +PeerSelector::CheckAlwaysDirectDone(Acl::Answer answer, void *data) { static_cast(data)->checkAlwaysDirectDone(answer); } diff --git a/src/ssl/PeekingPeerConnector.cc b/src/ssl/PeekingPeerConnector.cc index 1a6f996c3d..b9d5cf6681 100644 --- a/src/ssl/PeekingPeerConnector.cc +++ b/src/ssl/PeekingPeerConnector.cc @@ -26,7 +26,7 @@ CBDATA_NAMESPACED_CLASS_INIT(Ssl, PeekingPeerConnector); void switchToTunnel(HttpRequest *request, Comm::ConnectionPointer & clientConn, Comm::ConnectionPointer &srvConn); void -Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone(allow_t answer, void *data) +Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone(Acl::Answer answer, void *data) { Ssl::PeekingPeerConnector *peerConnect = (Ssl::PeekingPeerConnector *) data; // Use job calls to add done() checks and other job logic/protections. @@ -34,7 +34,7 @@ Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone(allow_t answer, void *dat } void -Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone(allow_t answer) +Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone(Acl::Answer answer) { const Ssl::BumpMode finalAction = answer.allowed() ? static_cast(answer.kind): @@ -58,18 +58,18 @@ Ssl::PeekingPeerConnector::checkForPeekAndSplice() ::Config.accessList.ssl_bump, request.getRaw(), NULL); acl_checklist->al = al; - acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpNone)); - acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpPeek)); - acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpStare)); - acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpClientFirst)); - acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpServerFirst)); + acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpNone)); + acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpPeek)); + acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpStare)); + acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpClientFirst)); + acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpServerFirst)); Security::SessionPointer session(fd_table[serverConn->fd].ssl); BIO *b = SSL_get_rbio(session.get()); Ssl::ServerBio *srvBio = static_cast(BIO_get_data(b)); if (!srvBio->canSplice()) - acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpSplice)); + acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpSplice)); if (!srvBio->canBump()) - acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpBump)); + acl_checklist->banAction(Acl::Answer(ACCESS_ALLOWED, Ssl::bumpBump)); acl_checklist->syncAle(request.getRaw(), nullptr); acl_checklist->nonBlockingCheck(Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone, this); } diff --git a/src/ssl/PeekingPeerConnector.h b/src/ssl/PeekingPeerConnector.h index dd5f7a82e2..553d9e2b14 100644 --- a/src/ssl/PeekingPeerConnector.h +++ b/src/ssl/PeekingPeerConnector.h @@ -52,7 +52,7 @@ public: void checkForPeekAndSplice(); /// Callback function for ssl_bump acl check in step3 SSL bump step. - void checkForPeekAndSpliceDone(allow_t answer); + void checkForPeekAndSpliceDone(Acl::Answer answer); /// Handles the final bumping decision. void checkForPeekAndSpliceMatched(const Ssl::BumpMode finalMode); @@ -65,7 +65,7 @@ public: void serverCertificateVerified(); /// A wrapper function for checkForPeekAndSpliceDone for use with acl - static void cbCheckForPeekAndSpliceDone(allow_t answer, void *data); + static void cbCheckForPeekAndSpliceDone(Acl::Answer answer, void *data); private: diff --git a/src/tests/stub_libauth_acls.cc b/src/tests/stub_libauth_acls.cc index 694e456043..16c1aa2ac8 100644 --- a/src/tests/stub_libauth_acls.cc +++ b/src/tests/stub_libauth_acls.cc @@ -12,10 +12,10 @@ #include "STUB.h" #if USE_AUTH -#include "acl/Acl.h" /* for allow_t */ +#include "acl/Acl.h" /* for Acl::Answer */ #include "auth/Acl.h" -allow_t AuthenticateAcl(ACLChecklist *) STUB_RETVAL(ACCESS_DENIED) +Acl::Answer AuthenticateAcl(ACLChecklist *) STUB_RETVAL(ACCESS_DENIED) #include "auth/AclMaxUserIp.h" ACL * ACLMaxUserIP::clone() const STUB_RETVAL(NULL) -- 2.39.5