/*
- * $Id: ACLChecklist.cc,v 1.14 2003/08/04 22:14:38 robertc Exp $
+ * $Id: ACLChecklist.cc,v 1.15 2003/09/21 00:30:48 robertc Exp $
*
* DEBUG: section 28 Access Control
* AUTHOR: Duane Wessels
void
ACLChecklist::checkAccessList()
{
- debug(28, 3) ("ACLChecklist::checkAccessList: %p checking '%s'\n", this, accessList->cfgline);
- /* what is our result on a match? */
- currentAnswer(accessList->allow);
/* does the current AND clause match */
matchAclListSlow(accessList->aclList);
}
ACLChecklist::matchAclList(const acl_list * head, bool const fast)
{
PROF_start(aclMatchAclList);
+ debug(28, 3) ("ACLChecklist::matchAclList: %p checking '%s'\n", this, accessList->cfgline);
+ /* what is our result on a match? */
+ currentAnswer(accessList->allow);
const acl_list *node = head;
while (node) {
check();
}
+/* Warning: do not cbdata lock this here - it
+ * may be static or on the stack
+ */
+int
+ACLChecklist::fastCheck()
+{
+ PROF_start(aclCheckFast);
+ currentAnswer(ACCESS_DENIED);
+ debug(28, 5) ("aclCheckFast: list: %p\n", accessList);
+
+ while (accessList) {
+ matchAclListFast(accessList->aclList);
+
+ if (finished()) {
+ PROF_stop(aclCheckFast);
+ return currentAnswer() == ACCESS_ALLOWED;
+ }
+
+ accessList = accessList->next;
+ }
+
+ debug(28, 5) ("aclCheckFast: no matches, returning: %d\n", currentAnswer() == ACCESS_DENIED);
+ PROF_stop(aclCheckFast);
+ return currentAnswer() == ACCESS_DENIED;
+}
+
+
bool
ACLChecklist::destinationDomainChecked() const
{
checking_ = newValue;
}
+/*
+ * Any ACLChecklist created by aclChecklistCreate() must eventually be
+ * freed by ACLChecklist::operator delete(). There are two common cases:
+ *
+ * A) Using aclCheckFast(): The caller creates the ACLChecklist using
+ * aclChecklistCreate(), checks it using aclCheckFast(), and frees it
+ * using aclChecklistFree().
+ *
+ * B) Using aclNBCheck() and callbacks: The caller creates the
+ * ACLChecklist using aclChecklistCreate(), and passes it to
+ * aclNBCheck(). Control eventually passes to ACLChecklist::checkCallback(),
+ * which will invoke the callback function as requested by the
+ * original caller of aclNBCheck(). This callback function must
+ * *not* invoke aclChecklistFree(). After the callback function
+ * returns, ACLChecklist::checkCallback() will free the ACLChecklist using
+ * aclChecklistFree().
+ */
+
+ACLChecklist *
+aclChecklistCreate(const acl_access * A, HttpRequest * request, const char *ident)
+{
+ ACLChecklist *checklist = new ACLChecklist;
+
+ if (A)
+ checklist->accessList = cbdataReference(A);
+
+ if (request != NULL) {
+ checklist->request = requestLink(request);
+ checklist->src_addr = request->client_addr;
+ checklist->my_addr = request->my_addr;
+ checklist->my_port = request->my_port;
+ }
+
+#if USE_IDENT
+ if (ident)
+ xstrncpy(checklist->rfc931, ident, USER_IDENT_SZ);
+
+#endif
+
+ checklist->auth_user_request = NULL;
+
+ return checklist;
+}
+
#ifndef _USE_INLINE_
#include "ACLChecklist.cci"
#endif
/*
- * $Id: ACLChecklist.h,v 1.17 2003/08/11 13:00:41 robertc Exp $
+ * $Id: ACLChecklist.h,v 1.18 2003/09/21 00:30:48 robertc Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
ACLChecklist &operator=(ACLChecklist const &);
void nonBlockingCheck(PF * callback, void *callback_data);
+ int fastCheck();
void checkCallback(allow_t answer);
_SQUID_INLINE_ bool matchAclListFast(const acl_list * list);
_SQUID_INLINE_ void matchAclListSlow(const acl_list * list);
SQUIDCEXTERN ACLChecklist *aclChecklistCreate(const acl_access *,
HttpRequest *,
const char *ident);
-SQUIDCEXTERN int aclCheckFast(const acl_access *A, ACLChecklist *);
#ifdef _USE_INLINE_
#include "ACLChecklist.cci"
/*
- * $Id: DelayId.cc,v 1.14 2003/09/06 12:47:34 robertc Exp $
+ * $Id: DelayId.cc,v 1.15 2003/09/21 00:30:48 robertc Exp $
*
* DEBUG: section 77 Delay Pools
* AUTHOR: Robert Collins <robertc@squid-cache.org>
ch.request = requestLink(r);
+ ch.accessList = DelayPools::delay_data[pool].access;
+
if (DelayPools::delay_data[pool].theComposite().getRaw() &&
- aclCheckFast(DelayPools::delay_data[pool].access, &ch)) {
+ ch.fastCheck()) {
+ ch.accessList = NULL;
DelayId result (pool + 1);
CompositePoolNode::CompositeSelectionDetails details;
details.src_addr = ch.src_addr;
result.compositePosition(DelayPools::delay_data[pool].theComposite()->id(details));
return result;
}
+
+ ch.accessList = NULL;
}
/*
- * $Id: HttpHeaderTools.cc,v 1.44 2003/08/10 11:00:40 robertc Exp $
+ * $Id: HttpHeaderTools.cc,v 1.45 2003/09/21 00:30:46 robertc Exp $
*
* DEBUG: section 66 HTTP Header Tools
* AUTHOR: Alex Rousskov
hm = &Config.header_access[e->id];
checklist = aclChecklistCreate(hm->access_list, request, NULL);
- if (1 == aclCheckFast(hm->access_list, checklist)) {
+ if (1 == checklist->fastCheck()) {
/* aclCheckFast returns 1 for allow. */
retval = 1;
} else if (NULL == hm->replacement) {
/*
- * $Id: acl.cc,v 1.311 2003/08/10 11:00:40 robertc Exp $
+ * $Id: acl.cc,v 1.312 2003/09/21 00:30:46 robertc Exp $
*
* DEBUG: section 28 Access Control
* AUTHOR: Duane Wessels
return true;
}
-/* Warning: do not cbdata lock checklist here - it
- * may be static or on the stack
- */
-int
-aclCheckFast(const acl_access * A, ACLChecklist * checklist)
-{
- allow_t allow = ACCESS_DENIED;
- PROF_start(aclCheckFast);
- debug(28, 5) ("aclCheckFast: list: %p\n", A);
-
- while (A) {
- allow = A->allow;
- checklist->matchAclListFast(A->aclList);
-
- if (checklist->finished()) {
- PROF_stop(aclCheckFast);
- return allow == ACCESS_ALLOWED;
- }
-
- A = A->next;
- }
-
- debug(28, 5) ("aclCheckFast: no matches, returning: %d\n", allow == ACCESS_DENIED);
- PROF_stop(aclCheckFast);
- return allow == ACCESS_DENIED;
-}
-
-/*
- * Any ACLChecklist created by aclChecklistCreate() must eventually be
- * freed by ACLChecklist::operator delete(). There are two common cases:
- *
- * A) Using aclCheckFast(): The caller creates the ACLChecklist using
- * aclChecklistCreate(), checks it using aclCheckFast(), and frees it
- * using aclChecklistFree().
- *
- * B) Using aclNBCheck() and callbacks: The caller creates the
- * ACLChecklist using aclChecklistCreate(), and passes it to
- * aclNBCheck(). Control eventually passes to ACLChecklist::checkCallback(),
- * which will invoke the callback function as requested by the
- * original caller of aclNBCheck(). This callback function must
- * *not* invoke aclChecklistFree(). After the callback function
- * returns, ACLChecklist::checkCallback() will free the ACLChecklist using
- * aclChecklistFree().
- */
-
-
-ACLChecklist *
-aclChecklistCreate(const acl_access * A, HttpRequest * request, const char *ident)
-{
- ACLChecklist *checklist = new ACLChecklist;
-
- if (A)
- checklist->accessList = cbdataReference(A);
-
- if (request != NULL) {
- checklist->request = requestLink(request);
- checklist->src_addr = request->client_addr;
- checklist->my_addr = request->my_addr;
- checklist->my_port = request->my_port;
- }
-
-#if USE_IDENT
- if (ident)
- xstrncpy(checklist->rfc931, ident, USER_IDENT_SZ);
-
-#endif
-
- checklist->auth_user_request = NULL;
-
- return checklist;
-}
/*********************/
/* Destroy functions */
/*
- * $Id: client_side.cc,v 1.659 2003/09/06 12:47:34 robertc Exp $
+ * $Id: client_side.cc,v 1.660 2003/09/21 00:30:46 robertc Exp $
*
* DEBUG: section 33 Client-side Routines
* AUTHOR: Duane Wessels
checklist->reply = al.reply;
- if (!Config.accessList.log || aclCheckFast(Config.accessList.log, checklist)) {
+ if (!Config.accessList.log || checklist->fastCheck()) {
al.request = requestLink(request);
accessLogLog(&al, checklist);
updateCounters();
identChecklist.my_port = ntohs(details->me.sin_port);
- if (aclCheckFast(Config.accessList.identLookup, &identChecklist))
+ identChecklist.accessList = Config.accessList.identLookup;
+
+ if (identChecklist.fastCheck())
identStart(&details->me, &details->peer, clientIdentDone, connState);
+ identChecklist.accessList = NULL;
+
#endif
connState->readSomeData();
/*
- * $Id: forward.cc,v 1.113 2003/09/19 13:25:37 hno Exp $
+ * $Id: forward.cc,v 1.114 2003/09/21 00:30:47 robertc Exp $
*
* DEBUG: section 17 Request Forwarding
* AUTHOR: Duane Wessels
ch.my_addr = r->my_addr;
ch.my_port = r->my_port;
ch.request = requestLink(r);
- answer = aclCheckFast(Config.accessList.miss, &ch);
+ ch.accessList = Config.accessList.miss;
+ answer = ch.fastCheck();
+ ch.accessList = NULL;
if (answer == 0) {
err = errorCon(ERR_FORWARDING_DENIED, HTTP_FORBIDDEN);
/*
- * $Id: http.cc,v 1.427 2003/09/01 03:49:38 robertc Exp $
+ * $Id: http.cc,v 1.428 2003/09/21 00:30:47 robertc Exp $
*
* DEBUG: section 11 Hypertext Transfer Protocol (HTTP)
* AUTHOR: Harvest Derived
ACLChecklist ch;
debug(11, 5) ("httpSendRequestEntityDone: FD %d\n", fd);
ch.request = requestLink(httpState->request);
+ ch.accessList = Config.accessList.brokenPosts;
if (!Config.accessList.brokenPosts) {
debug(11, 5) ("httpSendRequestEntityDone: No brokenPosts list\n");
HttpStateData::SendComplete(fd, NULL, 0, COMM_OK, data);
- } else if (!aclCheckFast(Config.accessList.brokenPosts, &ch)) {
+ } else if (!ch.fastCheck()) {
debug(11, 5) ("httpSendRequestEntityDone: didn't match brokenPosts\n");
HttpStateData::SendComplete(fd, NULL, 0, COMM_OK, data);
} else {
debug(11, 2) ("httpSendRequestEntityDone: matched brokenPosts\n");
comm_old_write(fd, "\r\n", 2, HttpStateData::SendComplete, data, NULL);
}
+
+ ch.accessList = NULL;
}
static void
/*
- * $Id: icp_v2.cc,v 1.83 2003/09/01 03:49:39 robertc Exp $
+ * $Id: icp_v2.cc,v 1.84 2003/09/21 00:30:47 robertc Exp $
*
* DEBUG: section 12 Internet Cache Protocol
* AUTHOR: Duane Wessels
checklist.src_addr = from->sin_addr;
checklist.my_addr = no_addr;
checklist.request = requestLink(icp_request);
- return aclCheckFast(Config.accessList.icp, &checklist);
+ checklist.accessList = Config.accessList.icp;
+ int result = checklist.fastCheck();
+ checklist.accessList = NULL;
+ return result;
}
char const *
/*
- * $Id: neighbors.cc,v 1.322 2003/08/13 00:39:16 wessels Exp $
+ * $Id: neighbors.cc,v 1.323 2003/09/21 00:30:47 robertc Exp $
*
* DEBUG: section 15 Neighbor Routines
* AUTHOR: Harvest Derived
checklist.request = requestLink(request);
+ checklist.accessList = p->access;
+
#if 0 && USE_IDENT
/*
* this is currently broken because 'request->user_ident' has been
#endif
- return aclCheckFast(p->access, &checklist);
+ int result = checklist.fastCheck();
+
+ checklist.accessList = NULL;
+
+ return result;
}
/* Return TRUE if it is okay to send an ICP request to this peer. */
/*
- * $Id: redirect.cc,v 1.101 2003/07/14 14:16:02 robertc Exp $
+ * $Id: redirect.cc,v 1.102 2003/09/21 00:30:47 robertc Exp $
*
* DEBUG: section 61 Redirector
* AUTHOR: Duane Wessels
}
ch.request = requestLink(http->request);
+ ch.accessList = Config.accessList.redirector;
- if (!aclCheckFast(Config.accessList.redirector, &ch)) {
+ if (!ch.fastCheck()) {
+ ch.accessList = NULL;
/* denied -- bypass redirector */
handler(data, NULL);
return;
}
+
+ ch.accessList = NULL;
}
if (Config.onoff.redirector_bypass && redirectors->stats.queue_size) {
/*
- * $Id: snmp_core.cc,v 1.64 2003/02/25 12:24:35 robertc Exp $
+ * $Id: snmp_core.cc,v 1.65 2003/09/21 00:30:47 robertc Exp $
*
* DEBUG: section 49 SNMP support
* AUTHOR: Glenn Chisholm
ACLChecklist checklist;
checklist.src_addr = rq->from.sin_addr;
checklist.snmp_community = (char *) Community;
+ checklist.accessList = Config.accessList.snmp;
if (Community)
- allow = aclCheckFast(Config.accessList.snmp, &checklist);
+ allow = checklist.fastCheck();
+
+ checklist.accessList = NULL;
if ((snmp_coexist_V2toV1(PDU)) && (Community) && (allow)) {
rq->community = Community;
/*
- * $Id: tunnel.cc,v 1.145 2003/08/10 11:00:44 robertc Exp $
+ * $Id: tunnel.cc,v 1.146 2003/09/21 00:30:47 robertc Exp $
*
* DEBUG: section 26 Secure Sockets Layer Proxy
* AUTHOR: Duane Wessels
ch.my_addr = request->my_addr;
ch.my_port = request->my_port;
ch.request = requestLink(request);
- answer = aclCheckFast(Config.accessList.miss, &ch);
+ ch.accessList = Config.accessList.miss;
+ answer = ch.fastCheck();
+ ch.accessList = NULL;
if (answer == 0) {
err = errorCon(ERR_FORWARDING_DENIED, HTTP_FORBIDDEN);