#include <FilledChecklist.h>

Inheritance diagram for ACLFilledChecklist:
Collaboration diagram for ACLFilledChecklist:

Public Member Functions

 ACLFilledChecklist ()
 
 ACLFilledChecklist (const acl_access *, HttpRequest *, const char *ident=nullptr)
 
 ~ACLFilledChecklist ()
 
void setRequest (HttpRequest *)
 configure client request-related fields for the first time More...
 
void setIdent (const char *userIdentity)
 configure rfc931 user identity for the first time More...
 
ConnStateDataconn () const
 The client connection manager. More...
 
int fd () const
 The client side fd. It uses conn() if available. More...
 
void conn (ConnStateData *)
 set either conn More...
 
void fd (int aDescriptor)
 set the client side FD More...
 
bool destinationDomainChecked () const
 
void markDestinationDomainChecked ()
 
bool sourceDomainChecked () const
 
void markSourceDomainChecked ()
 
virtual bool hasRequest () const
 
virtual bool hasReply () const
 
virtual bool hasAle () const
 
virtual void syncAle (HttpRequest *adaptedRequest, const char *logUri) const
 assigns uninitialized adapted_request and url ALE components More...
 
virtual void verifyAle () const
 warns if there are uninitialized ALE components and fills them More...
 
void nonBlockingCheck (ACLCB *callback, void *callback_data)
 
Acl::Answer const & fastCheck ()
 
Acl::Answer const & fastCheck (const Acl::Tree *list)
 
bool goAsync (AsyncState *)
 
bool matchChild (const Acl::InnerNode *parent, Acl::Nodes::const_iterator pos, const ACL *child)
 
bool keepMatching () const
 Whether we should continue to match tree nodes or stop/pause. More...
 
bool finished () const
 whether markFinished() was called More...
 
bool asyncInProgress () const
 async call has been started and has not finished (or failed) yet More...
 
void markFinished (const Acl::Answer &newAnswer, const char *reason)
 
const Acl::AnswercurrentAnswer () const
 
bool bannedAction (const Acl::Answer &action) const
 whether the action is banned or not More...
 
void banAction (const Acl::Answer &action)
 add action to the list of banned actions More...
 
const Acl::TreechangeAcl (const Acl::Tree *t)
 
void resumeNonBlockingCheck (AsyncState *state)
 

Public Attributes

Ip::Address src_addr
 
Ip::Address dst_addr
 
Ip::Address my_addr
 
SBuf dst_peer_name
 
char * dst_rdns
 
HttpRequestrequest
 
HttpReplyreply
 
char rfc931 [USER_IDENT_SZ]
 
Auth::UserRequest::Pointer auth_user_request
 
char * snmp_community
 
const Security::CertErrorssslErrors
 SSL [certificate validation] errors, in undefined order. More...
 
Security::CertPointer serverCert
 The peer certificate. More...
 
AccessLogEntry::Pointer al
 info for the future access.log, and external ACL More...
 
ExternalACLEntryPointer extacl_entry
 
err_type requestErrorType
 
ACLCBcallback
 
void * callback_data
 

Private Member Functions

 CBDATA_CLASS (ACLFilledChecklist)
 
 ACLFilledChecklist (const ACLFilledChecklist &)
 not implemented; will cause link failures if used More...
 
ACLFilledChecklistoperator= (const ACLFilledChecklist &)
 not implemented; will cause link failures if used More...
 

Private Attributes

ConnStateDataconn_
 
int fd_
 
bool destinationDomainChecked_
 
bool sourceDomainChecked_
 

Detailed Description

ACLChecklist filled with specific data, representing Squid and transaction state for access checks along with some data-specific checking methods

Definition at line 32 of file FilledChecklist.h.

Constructor & Destructor Documentation

◆ ACLFilledChecklist() [1/3]

ACLFilledChecklist::ACLFilledChecklist ( )

Definition at line 26 of file FilledChecklist.cc.

References dst_addr, my_addr, rfc931, Ip::Address::setEmpty(), and src_addr.

◆ ACLFilledChecklist() [2/3]

ACLFilledChecklist::ACLFilledChecklist ( const acl_access A,
HttpRequest http_request,
const char *  ident = nullptr 
)

◆ ~ACLFilledChecklist()

ACLFilledChecklist::~ACLFilledChecklist ( )

◆ ACLFilledChecklist() [3/3]

ACLFilledChecklist::ACLFilledChecklist ( const ACLFilledChecklist )
private

Member Function Documentation

◆ asyncInProgress()

◆ banAction()

void ACLChecklist::banAction ( const Acl::Answer action)
inherited

◆ bannedAction()

bool ACLChecklist::bannedAction ( const Acl::Answer action) const
inherited

◆ CBDATA_CLASS()

ACLFilledChecklist::CBDATA_CLASS ( ACLFilledChecklist  )
private

◆ changeAcl()

const Acl::Tree* ACLChecklist::changeAcl ( const Acl::Tree t)
inlineinherited

◆ conn() [1/2]

◆ conn() [2/2]

void ACLFilledChecklist::conn ( ConnStateData aConn)

Definition at line 150 of file FilledChecklist.cc.

References assert, cbdataReference, conn(), conn_, and NULL.

◆ currentAnswer()

◆ destinationDomainChecked()

bool ACLFilledChecklist::destinationDomainChecked ( ) const

◆ fastCheck() [1/2]

Acl::Answer const & ACLChecklist::fastCheck ( )
inherited

Perform a blocking (immediate) check for a list of allow/deny rules. Each rule comes with a list of ACLs.

The first rule where all ACLs match wins. If there is such a rule, the result becomes that rule keyword (ACCESS_ALLOWED or ACCESS_DENIED).

If there are rules but all ACL lists mismatch, an implicit rule is used Its result is the negation of the keyword of the last seen rule.

Some ACLs may stop the check prematurely by setting an exceptional check result (e.g., ACCESS_AUTH_REQUIRED) instead of declaring a match or mismatch.

Some ACLs may require an async lookup which is prohibited by this method. In this case, the exceptional check result of ACCESS_DUNNO is immediately returned.

If there are no rules to check at all, the result becomes ACCESS_DUNNO.

Definition at line 336 of file Checklist.cc.

References ACLChecklist::accessList, ACLChecklist::asyncCaller_, ACLChecklist::calcImplicitAnswer(), cbdataReference, cbdataReferenceDone, cbdataReferenceValid(), ACLChecklist::currentAnswer(), debugs, ACLChecklist::finished(), ACLChecklist::matchAndFinish(), NULL, ACLChecklist::occupied_, ACLChecklist::preCheck(), PROF_start, and PROF_stop.

Referenced by accessLogLogTo(), aclFindNfMarkConfig(), aclMapTOS(), Client::blockCaching(), clientReplyContext::blockedHit(), HttpReply::calcMaxBodySize(), Adaptation::Icap::Launcher::canRepeat(), DelayId::DelayClient(), HttpStateData::finishingBrokenPost(), getOutgoingAddress(), HttpRequest::getRangeOffsetLimit(), HttpStateData::handle1xx(), Ftp::Server::handleUploadRequest(), httpHdrAdd(), httpHdrMangle(), icpAccessAllowed(), ClientHttpRequest::logRequest(), HttpRequest::manager(), Note::match(), StoreClient::onCollapsingPath(), FwdState::pconnPop(), peerAllowedToUse(), ConnStateData::proxyProtocolValidateClient(), schemesConfig(), Ftp::Client::sendPassive(), Http::Stream::sendStartOfMessage(), ConnStateData::serveDelayedError(), snmpDecodePacket(), ssl_verify_cb(), Security::PeerConnector::sslCrtvdCheckForErrors(), FwdState::Start(), tunnelStart(), and ConnStateData::whenClientIpKnown().

◆ fastCheck() [2/2]

Acl::Answer const & ACLChecklist::fastCheck ( const Acl::Tree list)
inherited

Perform a blocking (immediate) check whether a list of ACLs matches. This method is meant to be used with squid.conf ACL-driven options that lack allow/deny keywords and are tested one ACL list at a time. Whether the checks for other occurrences of the same option continue after this call is up to the caller and option semantics.

If all ACLs match, the result becomes ACCESS_ALLOWED.

If all ACLs mismatch, the result becomes ACCESS_DENIED.

Some ACLs may stop the check prematurely by setting an exceptional check result (e.g., ACCESS_AUTH_REQUIRED) instead of declaring a match or mismatch.

Some ACLs may require an async lookup which is prohibited by this method. In this case, the exceptional check result of ACCESS_DUNNO is immediately returned.

If there are no ACLs to check at all, the result becomes ACCESS_ALLOWED.

Definition at line 308 of file Checklist.cc.

References ACCESS_DENIED, ACLChecklist::accessList, ACLChecklist::asyncCaller_, cbdataReferenceValid(), ACLChecklist::changeAcl(), ACLChecklist::currentAnswer(), ACLChecklist::finished(), ACLChecklist::markFinished(), ACLChecklist::matchAndFinish(), ACLChecklist::occupied_, ACLChecklist::preCheck(), PROF_start, and PROF_stop.

◆ fd() [1/2]

int ACLFilledChecklist::fd ( ) const

Definition at line 159 of file FilledChecklist.cc.

References conn(), and fd_.

Referenced by ACLCertificateStrategy::match().

◆ fd() [2/2]

void ACLFilledChecklist::fd ( int  aDescriptor)

Definition at line 166 of file FilledChecklist.cc.

References assert, conn(), and fd_.

◆ finished()

◆ goAsync()

◆ hasAle()

virtual bool ACLFilledChecklist::hasAle ( ) const
inlinevirtual

Implements ACLChecklist.

Definition at line 68 of file FilledChecklist.h.

References al, NULL, syncAle(), and verifyAle().

◆ hasReply()

virtual bool ACLFilledChecklist::hasReply ( ) const
inlinevirtual

Implements ACLChecklist.

Definition at line 67 of file FilledChecklist.h.

References NULL, and reply.

◆ hasRequest()

virtual bool ACLFilledChecklist::hasRequest ( ) const
inlinevirtual

Implements ACLChecklist.

Definition at line 66 of file FilledChecklist.h.

References NULL, and request.

◆ keepMatching()

◆ markDestinationDomainChecked()

void ACLFilledChecklist::markDestinationDomainChecked ( )

◆ markFinished()

void ACLChecklist::markFinished ( const Acl::Answer newAnswer,
const char *  reason 
)
inherited

called when no more ACLs should be checked; sets the final answer and prints a debugging message explaining the reason for that answer

Definition at line 58 of file Checklist.cc.

References ACLChecklist::answer_, assert, ACLChecklist::asyncInProgress(), debugs, ACLChecklist::finished(), ACLChecklist::finished_, and HERE().

Referenced by ACLChecklist::asyncInProgress(), ACLChecklist::calcImplicitAnswer(), ACLChecklist::fastCheck(), ACLMaxUserIP::match(), ACLProxyAuth::match(), ACLIdent::match(), ACLExternal::match(), and ACLChecklist::matchAndFinish().

◆ markSourceDomainChecked()

void ACLFilledChecklist::markSourceDomainChecked ( )

◆ matchChild()

bool ACLChecklist::matchChild ( const Acl::InnerNode parent,
Acl::Nodes::const_iterator  pos,
const ACL child 
)
inherited

Matches (or resumes matching of) a child node while maintaning resumption breadcrumbs if a [grand]child node goes async.

Definition at line 82 of file Checklist.cc.

References assert, ACLChecklist::asyncInProgress(), ACLChecklist::asyncLoc_, ACLChecklist::asyncLoopDepth_, ACLChecklist::Breadcrumb::clear(), ACL::matches(), ACLChecklist::matchLoc_, and ACLChecklist::matchPath.

Referenced by Acl::AllOf::doMatch(), Acl::NotNode::doMatch(), Acl::AndNode::doMatch(), and Acl::OrNode::doMatch().

◆ nonBlockingCheck()

void ACLChecklist::nonBlockingCheck ( ACLCB callback_,
void *  callback_data_ 
)
inherited

Start a non-blocking (async) check for a list of allow/deny rules. Each rule comes with a list of ACLs.

The callback specified will be called with the result of the check.

The first rule where all ACLs match wins. If there is such a rule, the result becomes that rule keyword (ACCESS_ALLOWED or ACCESS_DENIED).

If there are rules but all ACL lists mismatch, an implicit rule is used. Its result is the negation of the keyword of the last seen rule.

Some ACLs may stop the check prematurely by setting an exceptional check result (e.g., ACCESS_AUTH_REQUIRED) instead of declaring a match or mismatch.

If there are no rules to check at all, the result becomes ACCESS_DUNNO. Calling this method with no rules to check wastes a lot of CPU cycles and will result in a DBG_CRITICAL debugging message.

Kick off a non-blocking (slow) ACL access list test

NP: this should probably be made Async now.

The ACL List should NEVER be NULL when calling this method. Always caller should check for NULL and handle appropriate to its needs first. We cannot select a sensible default for all callers here.

Definition at line 238 of file Checklist.cc.

References ACCESS_DUNNO, ACLChecklist::accessList, ACLChecklist::asyncCaller_, ACLChecklist::asyncInProgress(), ACLChecklist::callback, ACLChecklist::callback_data, cbdataReference, ACLChecklist::checkCallback(), ACLChecklist::completeNonBlocking(), DBG_CRITICAL, debugs, ACLChecklist::matchAndFinish(), NULL, ACLChecklist::preCheck(), and ACLChecklist::prepNonBlocking().

Referenced by Adaptation::AccessCheck::checkCandidates(), Ssl::PeekingPeerConnector::checkForPeekAndSplice(), clientFollowXForwardedForCheck(), ConnStateData::postHttpsAccept(), clientReplyContext::processReplyAccess(), ClientRequestContext::sslBumpAccessCheck(), and ConnStateData::startPeekAndSplice().

◆ operator=()

ACLFilledChecklist& ACLFilledChecklist::operator= ( const ACLFilledChecklist )
private

◆ resumeNonBlockingCheck()

◆ setIdent()

void ACLFilledChecklist::setIdent ( const char *  userIdentity)

Definition at line 262 of file FilledChecklist.cc.

References assert, rfc931, USER_IDENT_SZ, and xstrncpy().

Referenced by ACLFilledChecklist(), and clientAclChecklistFill().

◆ setRequest()

◆ sourceDomainChecked()

bool ACLFilledChecklist::sourceDomainChecked ( ) const

Definition at line 187 of file FilledChecklist.cc.

References sourceDomainChecked_.

Referenced by markSourceDomainChecked(), and ACLSourceDomainStrategy::match().

◆ syncAle()

◆ verifyAle()

Member Data Documentation

◆ al

◆ auth_user_request

◆ callback

ACLCB* ACLChecklist::callback
inherited

Definition at line 197 of file Checklist.h.

Referenced by ACLChecklist::checkCallback(), and ACLChecklist::nonBlockingCheck().

◆ callback_data

void* ACLChecklist::callback_data
inherited

◆ conn_

ConnStateData* ACLFilledChecklist::conn_
private

hack for ident and NTLM

Definition at line 102 of file FilledChecklist.h.

Referenced by conn(), and ~ACLFilledChecklist().

◆ destinationDomainChecked_

bool ACLFilledChecklist::destinationDomainChecked_
private

Definition at line 104 of file FilledChecklist.h.

Referenced by destinationDomainChecked(), and markDestinationDomainChecked().

◆ dst_addr

◆ dst_peer_name

SBuf ACLFilledChecklist::dst_peer_name

◆ dst_rdns

char* ACLFilledChecklist::dst_rdns

Definition at line 77 of file FilledChecklist.h.

Referenced by ACLDestinationDomainStrategy::match(), and ~ACLFilledChecklist().

◆ extacl_entry

ExternalACLEntryPointer ACLFilledChecklist::extacl_entry

Definition at line 97 of file FilledChecklist.h.

Referenced by aclMatchExternal(), and ExternalACLLookup::LookupDone().

◆ fd_

int ACLFilledChecklist::fd_
private

may be available when conn_ is not

Definition at line 103 of file FilledChecklist.h.

Referenced by fd().

◆ my_addr

◆ reply

◆ request

◆ requestErrorType

err_type ACLFilledChecklist::requestErrorType

Definition at line 99 of file FilledChecklist.h.

Referenced by ACLSquidErrorStrategy::match().

◆ rfc931

char ACLFilledChecklist::rfc931[USER_IDENT_SZ]

◆ serverCert

Security::CertPointer ACLFilledChecklist::serverCert

Definition at line 93 of file FilledChecklist.h.

Referenced by ACLServerCertificateStrategy::match(), and ssl_verify_cb().

◆ snmp_community

char* ACLFilledChecklist::snmp_community

Definition at line 87 of file FilledChecklist.h.

Referenced by ACLSNMPCommunityStrategy::match(), and snmpDecodePacket().

◆ sourceDomainChecked_

bool ACLFilledChecklist::sourceDomainChecked_
private

Definition at line 105 of file FilledChecklist.h.

Referenced by markSourceDomainChecked(), and sourceDomainChecked().

◆ src_addr

◆ sslErrors


The documentation for this class was generated from the following files:

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors