Adds "tag" type acl matching tags set by external acl helpers.
Currently using a list of strings (not even splay) as the number of
members is generally expected to be very small.
Should be complemented by a regex based acl.
<sect1>Changes to existing tags<label id="modifiedtags">
<p>
<descrip>
- <tag>acl dst ipv6</tag>
+ <tag>acl</tag>
<p>New preset content <em>ipv6</em> available as a preset type in the src and dst ACL matching all of the public IPv6 network space.
<p>New acl type myportname, matching the name of the http_port or https_port where the request was accepted.
+ <p>New acl type tag, matching the tag= returned from the external_acl_type helper.
<p>New acl type peername, matching against a named cache_peer entry where the request will be attempted first.
NP: peername currently is limited to only match the first peer possible.
<verb>
acl aclname src ipv6 # request from IPv6 address
acl aclname myportname 3128 ... # http(s)_port name
acl aclname peername myPeer ... # cache_peer ... name=myPeer
+ acl aclname tag value ... # tag= option from external ACL
</verb>
<tag>auth_param ntlm, basic, digest</tag>
#include "acl/Strategised.h"
#include "acl/Strategy.h"
#include "acl/StringData.h"
+#include "acl/Tag.h"
#include "acl/TimeData.h"
#include "acl/Time.h"
#include "acl/Url.h"
ACL::Prototype ACLMaxUserIP::RegistryProtoype(&ACLMaxUserIP::RegistryEntry_, "max_user_ip");
ACLMaxUserIP ACLMaxUserIP::RegistryEntry_("max_user_ip");
+
+ACL::Prototype ACLTag::RegistryProtoype(&ACLTag::RegistryEntry_, "tag");
+ACLStrategised<const char *> ACLTag::RegistryEntry_(new ACLStringData, ACLTagStrategy::Instance(), "tag");
SourceDomain.h \
SourceIp.cc \
SourceIp.h \
+ Tag.cc \
+ Tag.h \
Url.cc \
Url.h \
UrlPath.cc \
--- /dev/null
+
+/*
+ * $Id: ACLTag.cc,v 1.2 2008/02/11 22:44:50 rousskov Exp $
+ *
+ *
+ * SQUID Web Proxy Cache http://www.squid-cache.org/
+ * ----------------------------------------------------------
+ *
+ * Squid is the result of efforts by numerous individuals from
+ * the Internet community; see the CONTRIBUTORS file for full
+ * details. Many organizations have provided support for Squid's
+ * development; see the SPONSORS file for full details. Squid is
+ * Copyrighted (C) 2001 by the Regents of the University of
+ * California; see the COPYRIGHT file for full details. Squid
+ * incorporates software developed and/or copyrighted by other
+ * sources; see the CREDITS file for full details.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ *
+ *
+ * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
+ * Copyright (c) 2009, Henrik Nordstrom <henrik@henriknordstrom.net>
+ */
+
+#include "squid.h"
+#include "acl/Tag.h"
+#include "acl/StringData.h"
+#include "acl/Checklist.h"
+#include "HttpRequest.h"
+
+int
+ACLTagStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+{
+ if (checklist->conn() != NULL)
+ return data->match (checklist->request->tag.termedBuf());
+ return 0;
+}
+
+ACLTagStrategy *
+ACLTagStrategy::Instance()
+{
+ return &Instance_;
+}
+
+ACLTagStrategy ACLTagStrategy::Instance_;
--- /dev/null
+/*
+ * $Id$
+ *
+ *
+ * SQUID Web Proxy Cache http://www.squid-cache.org/
+ * ----------------------------------------------------------
+ *
+ * Squid is the result of efforts by numerous individuals from
+ * the Internet community; see the CONTRIBUTORS file for full
+ * details. Many organizations have provided support for Squid's
+ * development; see the SPONSORS file for full details. Squid is
+ * Copyrighted (C) 2001 by the Regents of the University of
+ * California; see the COPYRIGHT file for full details. Squid
+ * incorporates software developed and/or copyrighted by other
+ * sources; see the CREDITS file for full details.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ *
+ *
+ * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
+ * Copyright (c) 2009, Henrik Nordstrom <henrik@henriknordstrom.net>
+ */
+
+#ifndef SQUID_ACLTAG_H
+#define SQUID_ACLTAG_H
+
+#include "acl/Strategy.h"
+#include "acl/Strategised.h"
+
+class ACLTagStrategy : public ACLStrategy<const char *>
+{
+
+public:
+ virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
+ static ACLTagStrategy *Instance();
+ /* Not implemented to prevent copies of the instance. */
+ /* Not private to prevent brain dead g+++ warnings about
+ * private constructors with no friends */
+ ACLTagStrategy(ACLTagStrategy const &);
+
+private:
+ static ACLTagStrategy Instance_;
+ ACLTagStrategy(){}
+
+ ACLTagStrategy&operator=(ACLTagStrategy const &);
+};
+
+class ACLTag
+{
+
+private:
+ static ACL::Prototype RegistryProtoype;
+ static ACLStrategised<const char *> RegistryEntry_;
+};
+
+#endif /* SQUID_ACLMYPORTNAME_H */
acl aclname ext_user_regex [-i] pattern ...
# string match on username returned by external acl helper
# use REQUIRED to accept any non-null user name.
+ #
+ acl aclname tag tagvalue ...
+ # string match on tag returned by external acl helper
Examples:
acl macaddress arp 09:00:2b:23:45:67
projects / thirdparty / squid.git / commitdiff
