# Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: rousskov@measurement-factory.com-20090309055308-\ # pycnvm7arktsd5yv # target_branch: http://www.squid-cache.org/bzr/squid3/trunk # testament_sha1: ace0a0653c337a5cbc0969213c1afaafd42574cd # timestamp: 2009-03-08 23:53:52 -0600 # base_revision_id: rousskov@measurement-factory.com-20090308184106-\ # 4hkp9exkjcdwqvfi # # Begin patch === modified file 'configure.in' --- configure.in 2009-03-06 07:36:36 +0000 +++ configure.in 2009-03-09 05:53:08 +0000 @@ -1576,15 +1576,10 @@ dnl Authentication libraries to build dnl This list will not be needed when each auth library has its own Makefile AUTH_LIBS_TO_BUILD= -dnl Authentication libraries to link authenticating executables with. -dnl These are the same as AUTH_LIBS_TO_BUILD, but with a path -AUTH_LIBS_TO_ADD= for module in $AUTH_MODULES; do - AUTH_LIBS_TO_BUILD="$AUTH_LIBS_TO_BUILD lib${module}.a" - AUTH_LIBS_TO_ADD="$AUTH_LIBS_TO_ADD auth/lib${module}.a" + AUTH_LIBS_TO_BUILD="$AUTH_LIBS_TO_BUILD lib${module}.la" done AC_SUBST(AUTH_MODULES) -AC_SUBST(AUTH_LIBS_TO_ADD) AC_SUBST(AUTH_LIBS_TO_BUILD) dnl bundled auth modules, in order to have handy defines for the cppunit testsuite @@ -3806,6 +3801,7 @@ scripts/RunAccel \ src/Makefile \ src/base/Makefile \ + src/acl/Makefile \ src/fs/Makefile \ src/repl/Makefile \ src/auth/Makefile \ === removed file 'src/ACLChecklist.cci' --- src/ACLChecklist.cci 2009-01-21 03:47:47 +0000 +++ src/ACLChecklist.cci 1970-01-01 00:00:00 +0000 @@ -1,41 +0,0 @@ -/* - * $Id$ - * - * DEBUG: section 28 Access Control - * AUTHOR: Henrik Nordstrom - * - * SQUID Web Proxy Cache http://www.squid-cache.org/ - * ---------------------------------------------------------- - * - * Squid is the result of efforts by numerous individuals from - * the Internet community; see the CONTRIBUTORS file for full - * details. Many organizations have provided support for Squid's - * development; see the SPONSORS file for full details. Squid is - * Copyrighted (C) 2001 by the Regents of the University of - * California; see the COPYRIGHT file for full details. Squid - * incorporates software developed and/or copyrighted by other - * sources; see the CREDITS file for full details. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - * - */ - -bool -ACLChecklist::matchAclListFast(const ACLList * list) -{ - matchAclList(list, true); - return finished(); -} - === modified file 'src/DelayBucket.cc' --- src/DelayBucket.cc 2009-01-21 03:47:47 +0000 +++ src/DelayBucket.cc 2009-03-08 19:34:36 +0000 @@ -49,8 +49,8 @@ #include "StoreClient.h" #include "MemObject.h" #include "client_side_request.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/Checklist.h" +#include "acl/Acl.h" #include "ConfigParser.h" #include "DelayId.h" #include "Array.h" === modified file 'src/DelayConfig.cc' --- src/DelayConfig.cc 2009-01-21 03:47:47 +0000 +++ src/DelayConfig.cc 2009-03-08 19:34:36 +0000 @@ -46,7 +46,8 @@ #include "DelayPools.h" #include "DelayPool.h" #include "Store.h" -#include "ACL.h" +#include "acl/Acl.h" +#include "acl/Gadgets.h" void DelayConfig::parsePoolCount() === modified file 'src/DelayId.cc' --- src/DelayId.cc 2009-02-04 09:52:20 +0000 +++ src/DelayId.cc 2009-03-08 21:57:12 +0000 @@ -47,7 +47,7 @@ #include "squid.h" #include "DelayId.h" #include "client_side_request.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "DelayPools.h" #include "DelayPool.h" #include "HttpRequest.h" @@ -114,7 +114,7 @@ continue; } - ACLChecklist ch; + ACLFilledChecklist ch(DelayPools::delay_data[pool].access, r, NULL); #if FOLLOW_X_FORWARDED_FOR if (Config.onoff.delay_pool_uses_indirect_client) ch.src_addr = r->indirect_client_addr; @@ -126,12 +126,6 @@ if (http->getConn() != NULL) ch.conn(http->getConn()); - ch.request = HTTPMSGLOCK(r); - - ch.accessList = cbdataReference(DelayPools::delay_data[pool].access); - - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ - if (DelayPools::delay_data[pool].theComposite().getRaw() && ch.fastCheck()) { DelayId result (pool + 1); === modified file 'src/DelayPool.cc' --- src/DelayPool.cc 2009-02-03 21:35:04 +0000 +++ src/DelayPool.cc 2009-03-08 19:34:36 +0000 @@ -41,7 +41,8 @@ #if DELAY_POOLS #include "DelayPool.h" #include "CommonPool.h" -#include "ACL.h" +#include "acl/Acl.h" +#include "acl/Gadgets.h" #include "Store.h" DelayPool::DelayPool() : pool (NULL), access (NULL) === modified file 'src/DelayTagged.cc' --- src/DelayTagged.cc 2009-02-18 09:45:32 +0000 +++ src/DelayTagged.cc 2009-03-07 20:43:32 +0000 @@ -40,7 +40,6 @@ #if DELAY_POOLS #include "squid.h" #include "DelayTagged.h" -#include "authenticate.h" #include "NullDelayId.h" #include "Store.h" === modified file 'src/DelayTagged.h' --- src/DelayTagged.h 2009-01-21 03:47:47 +0000 +++ src/DelayTagged.h 2009-03-08 19:34:36 +0000 @@ -41,7 +41,7 @@ #if DELAY_POOLS #include "squid.h" -#include "authenticate.h" +#include "auth/Gadgets.h" #include "CompositePoolNode.h" #include "DelayIdComposite.h" #include "DelayBucket.h" === modified file 'src/DelayUser.h' --- src/DelayUser.h 2009-01-21 03:47:47 +0000 +++ src/DelayUser.h 2009-03-08 19:34:36 +0000 @@ -41,7 +41,7 @@ #if DELAY_POOLS #include "squid.h" -#include "authenticate.h" +#include "auth/Gadgets.h" #include "CompositePoolNode.h" #include "DelayIdComposite.h" #include "DelayBucket.h" === modified file 'src/ExternalACL.h' --- src/ExternalACL.h 2009-01-21 03:47:47 +0000 +++ src/ExternalACL.h 2009-03-08 19:34:36 +0000 @@ -34,7 +34,7 @@ #ifndef SQUID_EXTERNALACL_H #define SQUID_EXTERNALACL_H -#include "ACLChecklist.h" +#include "acl/Checklist.h" class external_acl; @@ -53,7 +53,7 @@ /** \todo CLEANUP: kill this typedef. */ typedef struct _external_acl_data external_acl_data; -#include "ACL.h" +#include "acl/Acl.h" class ACLExternal : public ACL { === modified file 'src/HttpHeaderTools.cc' --- src/HttpHeaderTools.cc 2009-03-01 22:22:22 +0000 +++ src/HttpHeaderTools.cc 2009-03-09 05:53:08 +0000 @@ -36,7 +36,7 @@ #include "squid.h" #include "HttpHeader.h" #include "HttpHdrContRange.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "MemBuf.h" static void httpHeaderPutStrvf(HttpHeader * hdr, http_hdr_type id, const char *fmt, va_list vargs); @@ -372,7 +372,6 @@ /* check with anonymizer tables */ header_mangler *hm; - ACLChecklist *checklist; assert(e); if (ROR_REQUEST == req_or_rep) { @@ -389,9 +388,9 @@ return 1; } - checklist = aclChecklistCreate(hm->access_list, request, NULL); + ACLFilledChecklist checklist(hm->access_list, request, NULL); - if (checklist->fastCheck()) { + if (checklist.fastCheck()) { /* aclCheckFast returns true for allow. */ retval = 1; } else if (NULL == hm->replacement) { @@ -406,7 +405,6 @@ retval = 1; } - delete checklist; return retval; } === modified file 'src/HttpReply.cc' --- src/HttpReply.cc 2009-02-18 09:45:32 +0000 +++ src/HttpReply.cc 2009-03-08 21:57:12 +0000 @@ -39,7 +39,7 @@ #include "HttpReply.h" #include "HttpHdrContRange.h" #include "HttpHdrSc.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "HttpRequest.h" #include "MemBuf.h" @@ -538,11 +538,10 @@ return; bodySizeMax = -1; - ACLChecklist ch; + ACLFilledChecklist ch(NULL, &request, NULL); ch.src_addr = request.client_addr; ch.my_addr = request.my_addr; ch.reply = HTTPMSGLOCK(this); // XXX: this lock makes method non-const - ch.request = HTTPMSGLOCK(&request); for (acl_size_t *l = Config.ReplyBodySize; l; l = l -> next) { /* if there is no ACL list or if the ACLs listed match use this size value */ if (!l->aclList || ch.matchAclListFast(l->aclList)) { === modified file 'src/Makefile.am' --- src/Makefile.am 2009-02-27 15:34:07 +0000 +++ src/Makefile.am 2009-03-08 19:34:36 +0000 @@ -32,7 +32,7 @@ TESTS=$(check_PROGRAMS) check_PROGRAMS= -SUBDIRS = base fs repl auth ip icmp +SUBDIRS = base acl fs repl auth ip icmp if USE_ADAPTATION SUBDIRS += adaptation @@ -132,14 +132,6 @@ endif SSL_ALL_SOURCE = \ - ACLCertificateData.cc \ - ACLCertificateData.h \ - ACLCertificate.cc \ - ACLCertificate.h \ - ACLSslError.cc \ - ACLSslError.h \ - ACLSslErrorData.cc \ - ACLSslErrorData.h \ ssl_support.cc \ ssl_support.h @@ -181,20 +173,13 @@ AIOPS_SOURCE = DiskIO/DiskThreads/aiops.cc endif -IDENT_ALL_SOURCE = ACLIdent.cc ACLIdent.h ident.cc ident.h +IDENT_ALL_SOURCE = ident.cc ident.h if ENABLE_IDENT IDENT_SOURCE = $(IDENT_ALL_SOURCE) else IDENT_SOURCE = endif -ARP_ACL_ALL_SOURCE = ACLARP.cc ACLARP.h -if ENABLE_ARP_ACL -ARP_ACL_SOURCE = $(ARP_ACL_ALL_SOURCE) -else -ARP_ACL_SOURCE = -endif - AM_CFLAGS = @SQUID_CFLAGS@ AM_CXXFLAGS = @SQUID_CXXFLAGS@ @@ -205,7 +190,11 @@ # libraries used by many targets COMMON_LIBS = \ libsquid.la \ - auth/libauth.a \ + auth/libacls.la \ + acl/libacls.la \ + acl/libstate.la \ + auth/libauth.la \ + acl/libapi.la \ base/libbase.la \ ip/libip.la @@ -278,7 +267,6 @@ EXTRA_squid_SOURCES = \ $(AIO_WIN32_ALL_SOURCES) \ $(all_AUTHMODULES) \ - $(ARP_ACL_ALL_SOURCE) \ ConfigOption.h \ $(DELAY_POOL_ALL_SOURCE) \ dns.cc \ @@ -301,89 +289,6 @@ DiskIO/DiskThreads/aiops.cc \ DiskIO/DiskThreads/aiops_win32.cc -squid_ACLSOURCES = \ - $(ARP_ACL_SOURCE) \ - ACLASN.cc \ - ACLASN.h \ - ACLDestinationASN.h \ - ACLSourceASN.h \ - ACLBrowser.cc \ - ACLBrowser.h \ - ACLData.h \ - ACLDestinationDomain.cc \ - ACLDestinationDomain.h \ - ACLDestinationIP.cc \ - ACLDestinationIP.h \ - ACLDomainData.h \ - ACLDomainData.cc \ - ACLExtUser.h \ - ACLExtUser.cc \ - ACLHTTPHeaderData.h \ - ACLHTTPHeaderData.cc \ - ACLHTTPStatus.h \ - ACLHTTPStatus.cc \ - ACLIntRange.cc \ - ACLIntRange.h \ - ACLIP.cc \ - ACLIP.h \ - ACLMaxConnection.cc \ - ACLMaxConnection.h \ - ACLMaxUserIP.cc \ - ACLMaxUserIP.h \ - ACLMethod.cc \ - ACLMethod.h \ - ACLMethodData.cc \ - ACLMethodData.h \ - ACLMyIP.cc \ - ACLMyIP.h \ - ACLMyPort.cc \ - ACLMyPort.h \ - ACLMyPortName.cc \ - ACLMyPortName.h \ - ACLPeerName.cc \ - ACLPeerName.h \ - ACLProtocol.cc \ - ACLProtocol.h \ - ACLProtocolData.cc \ - ACLProtocolData.h \ - ACLProxyAuth.cc \ - ACLProxyAuth.h \ - ACLReferer.cc \ - ACLReferer.h \ - ACLRegexData.cc \ - ACLRegexData.h \ - ACLReplyHeaderStrategy.h \ - ACLReplyMIMEType.cc \ - ACLReplyMIMEType.h \ - ACLHTTPRepHeader.cc \ - ACLHTTPRepHeader.h \ - ACLHTTPReqHeader.cc \ - ACLHTTPReqHeader.h \ - ACLRequestHeaderStrategy.h \ - ACLRequestMIMEType.cc \ - ACLRequestMIMEType.h \ - ACLSourceDomain.cc \ - ACLSourceDomain.h \ - ACLSourceIP.cc \ - ACLSourceIP.h \ - ACLStrategised.cc \ - ACLStrategised.h \ - ACLStrategy.h \ - ACLStringData.cc \ - ACLStringData.h \ - ACLTime.cc \ - ACLTime.h \ - ACLTimeData.cc \ - ACLTimeData.h \ - ACLUrl.cc \ - ACLUrl.h \ - ACLUrlPath.cc \ - ACLUrlPath.h \ - ACLUrlPort.cc \ - ACLUrlPort.h \ - ACLUserData.cc \ - ACLUserData.h - squid_COMMSOURCES = \ comm_select.cc \ comm_select.h \ @@ -413,12 +318,6 @@ squid_SOURCES = \ access_log.cc \ AccessLogEntry.h \ - acl.cc \ - acl_noncore.cc \ - ACL.h \ - ACLChecklist.cc \ - ACLChecklist.h \ - $(squid_ACLSOURCES) \ asn.cc \ AsyncCallQueue.cc \ AsyncCallQueue.h \ @@ -427,8 +326,6 @@ AsyncJobCalls.h \ AsyncEngine.cc \ AsyncEngine.h \ - authenticate.cc \ - authenticate.h \ cache_cf.cc \ ProtoPort.cc \ ProtoPort.h \ @@ -472,6 +369,7 @@ $(DNSSOURCE) \ enums.h \ errorpage.cc \ + errorpage.h \ $(ESI_SOURCE) \ ETag.cc \ event.cc \ @@ -637,7 +535,7 @@ $(WIN32_SOURCE) \ $(WINSVC_SOURCE) -noinst_HEADERS = ACLChecklist.cci \ +noinst_HEADERS = \ client_side_request.cci \ MemBuf.cci \ MemBuf.h \ @@ -663,7 +561,6 @@ @REPL_OBJS@ \ @STORE_LIBS_TO_ADD@ \ @DISK_LIBS@ \ - @AUTH_LIBS_TO_ADD@ \ @CRYPTLIB@ \ @REGEXLIB@ \ @SNMPLIB@ \ @@ -677,8 +574,7 @@ @STORE_LIBS_TO_ADD@ \ @DISK_LIBS@ \ @DISK_LINKOBJS@ \ - @REPL_OBJS@ \ - @AUTH_LIBS_TO_ADD@ + @REPL_OBJS@ if USE_LOADABLE_MODULES squid_SOURCES += $(LOADABLE_MODULES_SOURCES) @@ -729,162 +625,20 @@ String.cc \ time.cc \ ufsdump.cc \ - url.cc \ - AsyncCallQueue.cc \ - AsyncCallQueue.h \ - AsyncCall.cc \ - AsyncCall.h \ - BodyPipe.cc \ - BodyPipe.h \ - ConfigParser.cc \ - store.cc \ - StoreFileSystem.cc \ - StoreSwapLogData.cc \ - StoreSwapLogData.h \ - access_log.cc \ - acl.cc \ - acl_noncore.cc \ - ACLChecklist.cc \ - ACLProxyAuth.cc \ - ACLUserData.cc \ - ACLRegexData.cc \ - ACLStringData.cc \ - authenticate.cc \ - cache_cf.cc \ - ProtoPort.cc \ - ProtoPort.h \ - cache_manager.cc \ - CacheDigest.cc \ - carp.cc \ - cbdata.cc \ - ChunkedCodingParser.cc \ - ChunkedCodingParser.h \ - client_db.cc \ - client_side.cc \ - client_side_reply.cc \ - client_side_request.cc \ - client_side_request.h \ - clientStream.cc \ - clientStream.h \ - CommIO.h \ - $(squid_COMMSOURCES) \ - ConfigOption.cc \ - defines.h \ - $(DELAY_POOL_SOURCE) \ - disk.cc \ dlink.h \ dlink.cc \ - $(DNSSOURCE) \ - enums.h \ - errorpage.cc \ - errorpage.h \ - $(ESI_SOURCE) \ - ETag.cc \ - event.cc \ - external_acl.cc \ - ExternalACLEntry.cc \ - fd.cc \ - fde.cc \ - fde.h \ - filemap.cc \ - forward.cc \ - forward.h \ - fqdncache.cc \ - ftp.cc \ - gopher.cc \ - helper.cc \ - $(HTCPSOURCE) \ - http.cc \ - HttpStatusLine.cc \ - HttpHdrCc.cc \ - HttpHdrRange.cc \ - HttpHdrSc.cc \ - HttpHdrScTarget.cc \ - HttpHdrContRange.cc \ - HttpHeader.cc \ - HttpHeaderTools.cc \ - HttpBody.cc \ - HttpMsg.cc \ - HttpReply.cc \ - HttpRequest.cc \ HttpRequestMethod.cc \ - icp_v2.cc \ - icp_v3.cc \ - $(IDENT_SOURCE) \ - internal.cc \ - $(IPC_SOURCE) \ - ipcache.cc \ - $(LEAKFINDERSOURCE) \ - list.cc \ - logfile.cc \ - mem_node.cc \ - mem_node.h \ - Mem.h \ - MemBuf.cc \ - MemObject.cc \ - MemObject.h \ - mime.cc \ - multicast.cc \ - neighbors.cc \ - Packer.cc \ - Parsing.cc \ - $(XPROF_STATS_SOURCE) \ - pconn.cc \ - peer_digest.cc \ - peer_select.cc \ - peer_sourcehash.cc \ - peer_userhash.cc \ - protos.h \ - redirect.cc \ - referer.cc \ - refresh.cc \ RemovalPolicy.cc \ - send-announce.cc \ - $(SNMP_SOURCE) \ squid.h \ - $(SSL_SOURCE) \ - tunnel.cc \ - Server.cc \ - SquidNew.cc \ - stat.cc \ - StatHist.cc \ - stmem.cc \ - store_io.cc \ - StoreIOBuffer.h \ - StoreIOState.cc \ - store_client.cc \ - StoreClient.h \ - store_digest.cc \ - store_dir.cc \ - store_log.cc \ - store_rebuild.cc \ - store_swapin.cc \ - store_swapmeta.cc \ - store_swapout.cc \ - structs.h \ - SwapDir.cc \ - tools.cc \ - typedefs.h \ - $(UNLINKDSOURCE) \ - URLScheme.cc \ - urn.cc \ - useragent.cc \ - wccp.cc \ - wccp2.cc \ - whois.cc \ - wordlist.cc \ $(WIN32_SOURCE) ufsdump_LDADD = \ $(COMMON_LIBS) \ - icmp/libicmp.la icmp/libicmp-core.la \ @XTRA_OBJS@ \ @REPL_OBJS@ \ @STORE_LIBS_TO_ADD@ \ - @AUTH_LIBS_TO_ADD@ \ @CRYPTLIB@ \ @REGEXLIB@ \ @SNMPLIB@ \ - ${ADAPTATION_LIBS} \ @SSLLIB@ \ -L$(top_builddir)/lib -lmiscutil \ @XTRA_LIBS@ \ @@ -894,14 +648,10 @@ @STORE_LIBS_TO_ADD@ \ @DISK_LIBS@ \ @DISK_LINKOBJS@ \ - @REPL_OBJS@ \ - @AUTH_LIBS_TO_ADD@ + @REPL_OBJS@ nodist_ufsdump_SOURCES = \ - repl_modules.cc \ - cf_parser.h \ - globals.cc \ - string_arrays.c + globals.cc BUILT_SOURCES = \ cf_gen_defines.h \ @@ -1163,13 +913,12 @@ tests_testAuth_SOURCES = \ tests/testAuth.cc tests/testMain.cc tests/testAuth.h \ - authenticate.cc \ ConfigParser.cc \ tests/stub_acl.cc tests/stub_cache_cf.cc \ tests/stub_helper.cc cbdata.cc String.cc \ - tests/stub_store.cc HttpHeaderTools.cc HttpHeader.cc acl.cc mem.cc \ - MemBuf.cc HttpHdrContRange.cc Packer.cc ACLChecklist.cc HttpHdrCc.cc HttpHdrSc.cc \ - HttpHdrScTarget.cc url.cc ACLProxyAuth.cc ACLRegexData.cc ACLUserData.cc \ + tests/stub_store.cc HttpHeaderTools.cc HttpHeader.cc mem.cc \ + MemBuf.cc HttpHdrContRange.cc Packer.cc HttpHdrCc.cc HttpHdrSc.cc \ + HttpHdrScTarget.cc url.cc \ StatHist.cc HttpHdrRange.cc ETag.cc tests/stub_errorpage.cc \ tests/stub_HttpRequest.cc tests/stub_DelayId.cc \ tests/stub_MemObject.cc mem_node.cc \ @@ -1194,22 +943,19 @@ tests_testAuth_LDADD= \ $(COMMON_LIBS) \ - @AUTH_LIBS_TO_ADD@ \ -L../lib -lmiscutil \ @REGEXLIB@ \ @SQUID_CPPUNIT_LIBS@ \ @SSLLIB@ tests_testAuth_LDFLAGS = $(LIBADD_DL) tests_testAuth_DEPENDENCIES = $(top_builddir)/lib/libmiscutil.a \ - @AUTH_LIBS_TO_ADD@ \ @SQUID_CPPUNIT_LA@ ## Tests for the ACLMaxUserIP class ## acl needs wordlist. wordlist needs MemBug ## MemBuf needs mem, MemBuf needs event, ## event needs cbdata. -## ACLMaxUserUP needs authenticate.cc -## authenticate.cc needs libauth.la +## ACLMaxUserUP needs libauth.la ## ACLMaxUserIP needs ACLChecklist ## AuthUser request needs HttpHeader, which brings in ## ETag.cc \ @@ -1224,13 +970,6 @@ ## StatHist.cc \ ## String.cc \ tests_testACLMaxUserIP_SOURCES= \ - acl.cc \ - ACLChecklist.cc \ - ACLMaxUserIP.cc \ - ACLProxyAuth.cc \ - ACLRegexData.cc \ - ACLUserData.cc \ - authenticate.cc \ cbdata.cc \ ConfigParser.cc \ ETag.cc \ @@ -1302,14 +1041,6 @@ tests/testMain.cc \ time.cc \ access_log.cc \ - acl.cc \ - acl_noncore.cc \ - ACLChecklist.cc \ - ACLProxyAuth.cc \ - ACLStringData.cc \ - ACLRegexData.cc \ - ACLUserData.cc \ - authenticate.cc \ BodyPipe.cc \ cache_manager.cc \ cache_cf.cc \ @@ -1452,10 +1183,11 @@ nodist_tests_testDiskIO_SOURCES= \ $(SWAP_TEST_GEN_SOURCES) tests_testDiskIO_LDADD = \ + $(SWAP_TEST_LDADD) \ + @DISK_LIBS@ \ $(COMMON_LIBS) \ - @DISK_LIBS@ \ - $(SWAP_TEST_LDADD) \ SquidConfig.o + tests_testDiskIO_LDFLAGS = $(LIBADD_DL) tests_testDiskIO_DEPENDENCIES = $(top_builddir)/lib/libmiscutil.a \ @DISK_LIBS@ \ @@ -1478,14 +1210,6 @@ tests/testMain.cc \ time.cc \ access_log.cc \ - acl.cc \ - acl_noncore.cc \ - ACLChecklist.cc \ - ACLProxyAuth.cc \ - ACLStringData.cc \ - ACLRegexData.cc \ - ACLUserData.cc \ - authenticate.cc \ BodyPipe.cc \ cache_manager.cc \ cache_cf.cc \ @@ -1633,14 +1357,6 @@ tests/testMain.cc \ time.cc \ access_log.cc \ - acl.cc \ - acl_noncore.cc \ - ACLChecklist.cc \ - ACLProxyAuth.cc \ - ACLStringData.cc \ - ACLRegexData.cc \ - ACLUserData.cc \ - authenticate.cc \ BodyPipe.cc \ cache_manager.cc \ cache_cf.cc \ @@ -1776,14 +1492,6 @@ tests_test_http_range_SOURCES = \ tests/test_http_range.cc \ access_log.cc \ - acl.cc \ - acl_noncore.cc \ - ACLChecklist.cc \ - ACLProxyAuth.cc \ - ACLStringData.cc \ - ACLRegexData.cc \ - ACLUserData.cc \ - authenticate.cc \ BodyPipe.cc \ cache_cf.cc \ ProtoPort.cc \ @@ -1938,14 +1646,6 @@ tests/testMain.cc \ time.cc \ access_log.cc \ - acl.cc \ - acl_noncore.cc \ - ACLChecklist.cc \ - ACLProxyAuth.cc \ - ACLStringData.cc \ - ACLRegexData.cc \ - ACLUserData.cc \ - authenticate.cc \ BodyPipe.cc \ cache_manager.cc \ cache_cf.cc \ @@ -2097,7 +1797,6 @@ Parsing.cc \ ConfigOption.cc \ SwapDir.cc \ - authenticate.cc \ tests/stub_acl.cc tests/stub_cache_cf.cc \ tests/stub_helper.cc cbdata.cc String.cc \ tests/stub_comm.cc \ @@ -2106,10 +1805,9 @@ mem_node.cc \ stmem.cc \ tests/stub_mime.cc \ - HttpHeaderTools.cc HttpHeader.cc acl.cc mem.cc \ - acl_noncore.cc \ - MemBuf.cc HttpHdrContRange.cc Packer.cc ACLChecklist.cc HttpHdrCc.cc HttpHdrSc.cc \ - HttpHdrScTarget.cc url.cc ACLProxyAuth.cc ACLRegexData.cc ACLUserData.cc \ + HttpHeaderTools.cc HttpHeader.cc mem.cc \ + MemBuf.cc HttpHdrContRange.cc Packer.cc HttpHdrCc.cc HttpHdrSc.cc \ + HttpHdrScTarget.cc url.cc \ StatHist.cc HttpHdrRange.cc ETag.cc tests/stub_errorpage.cc \ tests/stub_HttpRequest.cc tests/stub_access_log.cc \ refresh.cc \ @@ -2223,6 +1921,7 @@ @REPL_OBJS@ \ @DISK_LIBS@ \ -L../lib -lmiscutil \ + acl/libapi.la \ @SQUID_CPPUNIT_LIBS@ SWAP_TEST_DS =\ $(top_builddir)/lib/libmiscutil.a \ @@ -2241,8 +1940,8 @@ nodist_tests_testUfs_SOURCES = \ $(SWAP_TEST_GEN_SOURCES) tests_testUfs_LDADD = \ + $(SWAP_TEST_LDADD) \ $(COMMON_LIBS) \ - $(SWAP_TEST_LDADD) \ @SSLLIB@ tests_testUfs_LDFLAGS = $(LIBADD_DL) tests_testUfs_DEPENDENCIES = \ @@ -2296,14 +1995,6 @@ tests/testMain.cc \ time.cc \ access_log.cc \ - acl.cc \ - acl_noncore.cc \ - ACLChecklist.cc \ - ACLProxyAuth.cc \ - ACLStringData.cc \ - ACLRegexData.cc \ - ACLUserData.cc \ - authenticate.cc \ BodyPipe.cc \ cache_manager.cc \ cache_cf.cc \ === modified file 'src/access_log.cc' --- src/access_log.cc 2009-02-06 00:59:06 +0000 +++ src/access_log.cc 2009-03-08 19:34:36 +0000 @@ -39,7 +39,7 @@ // Store.h Required by configuration directives parsing/dumping only #include "Store.h" -#include "ACLChecklist.h" +#include "acl/Checklist.h" #include "HttpReply.h" #include "HttpRequest.h" === added directory 'src/acl' === renamed file 'src/acl.cc' => 'src/acl/Acl.cc' --- src/acl.cc 2009-02-18 00:18:43 +0000 +++ src/acl/Acl.cc 2009-03-08 19:45:44 +0000 @@ -33,12 +33,10 @@ */ #include "config.h" -#include "ACL.h" -#include "ACLChecklist.h" +#include "acl/Acl.h" +#include "acl/Checklist.h" #include "ConfigParser.h" #include "dlink.h" -/* for special-case PURGE test */ -#include "HttpRequestMethod.h" const char *AclMatchedName = NULL; @@ -278,12 +276,12 @@ { int rv; - if (NULL == checklist->request && requiresRequest()) { + if (!checklist->hasRequest() && requiresRequest()) { debugs(28, 1, "ACL::checklistMatches WARNING: '" << name << "' ACL is used but there is no HTTP request -- not matching."); return 0; } - if (NULL == checklist->reply && requiresReply()) { + if (!checklist->hasReply() && requiresReply()) { debugs(28, 1, "ACL::checklistMatches WARNING: '" << name << "' ACL is used but there is no HTTP reply -- not matching."); return 0; } @@ -321,35 +319,6 @@ safe_free(cfgline); } -#include "ACLStrategised.h" -bool -acl_access::containsPURGE() const -{ - acl_access const *a = this; - ACLList *b; - - debugs(28, 6, "acl_access::containsPURGE: invoked for '" << cfgline << "'"); - - for (; a; a = a->next) { - for (b = a->aclList; b; b = b->next) { - ACLStrategised *tempAcl = dynamic_cast *>(b->_acl); - - if (!tempAcl) { - debugs(28, 7, "acl_access::containsPURGE: can't create tempAcl"); - continue; - } - - if (tempAcl->match(METHOD_PURGE)) { - debugs(28, 6, "acl_access::containsPURGE: returning true"); - return true; - } - } - } - - debugs(28, 6, "acl_access::containsPURGE: returning false"); - return false; -} - /* to be split into separate files in the future */ CBDATA_CLASS_INIT(acl_access); === renamed file 'src/ACL.h' => 'src/acl/Acl.h' --- src/ACL.h 2009-02-04 09:52:20 +0000 +++ src/acl/Acl.h 2009-03-08 19:45:44 +0000 @@ -38,46 +38,9 @@ #include "Array.h" #include "cbdata.h" #include "dlink.h" -/** - \todo FIXME: finish splitting out the dependencies here - * - typedefs should not be needed to parse this. - */ -#include "typedefs.h" class ConfigParser; - -/* acl.c */ - -/// \ingroup ACLAPI -SQUIDCEXTERN void aclDestroyAccessList(acl_access **list); -/// \ingroup ACLAPI -SQUIDCEXTERN void aclDestroyAcls(ACL **); -/// \ingroup ACLAPI -SQUIDCEXTERN void aclDestroyAclList(ACLList **); -/// \ingroup ACLAPI -SQUIDCEXTERN void aclParseAccessLine(ConfigParser &parser, acl_access **); -/// \ingroup ACLAPI -SQUIDCEXTERN void aclParseAclList(ConfigParser &parser, ACLList **); -/// \ingroup ACLAPI -SQUIDCEXTERN int aclIsProxyAuth(const char *name); -/// \ingroup ACLAPI -SQUIDCEXTERN err_type aclGetDenyInfoPage(acl_deny_info_list ** head, const char *name, int redirect_allowed); - -/// \ingroup ACLAPI -SQUIDCEXTERN void aclParseDenyInfoLine(struct acl_deny_info_list **); - -/// \ingroup ACLAPI -SQUIDCEXTERN void aclDestroyDenyInfoList(struct acl_deny_info_list **); -/// \ingroup ACLAPI -SQUIDCEXTERN wordlist *aclDumpGeneric(const ACL *); -/// \ingroup ACLAPI -SQUIDCEXTERN void aclCacheMatchFlush(dlink_list * cache); -/// \ingroup ACLAPI -extern void dump_acl_access(StoreEntry * entry, const char *name, acl_access * head); -/// \ingroup ACLAPI -int aclPurgeMethodInUse(acl_access * a); -/// \ingroup ACLAPI -extern const char *AclMatchedName; /* NULL */ +class ACLChecklist; /// \ingroup ACLAPI class ACL @@ -154,7 +117,6 @@ public: void *operator new(size_t); void operator delete(void *); - bool containsPURGE() const; allow_t allow; ACLList *aclList; char *cfgline; @@ -194,4 +156,8 @@ MEMPROXY_CLASS_INLINE(acl_proxy_auth_match_cache); + +/// \ingroup ACLAPI +extern const char *AclMatchedName; /* NULL */ + #endif /* SQUID_ACL_H */ === renamed file 'src/ACLARP.cc' => 'src/acl/Arp.cc' --- src/ACLARP.cc 2009-01-07 11:24:40 +0000 +++ src/acl/Arp.cc 2009-03-08 21:57:12 +0000 @@ -73,7 +73,8 @@ #endif #endif -#include "ACLARP.h" +#include "acl/Arp.h" +#include "acl/FilledChecklist.h" #include "wordlist.h" #if !USE_ARP_ACL @@ -224,8 +225,10 @@ } int -ACLARP::match(ACLChecklist *checklist) +ACLARP::match(ACLChecklist *cl) { + ACLFilledChecklist *checklist = Filled(cl); + /* IPv6 does not do ARP */ if (!checklist->src_addr.IsIPv4()) { debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist->src_addr ); === renamed file 'src/ACLARP.h' => 'src/acl/Arp.h' --- src/ACLARP.h 2009-01-21 03:47:47 +0000 +++ src/acl/Arp.h 2009-03-08 19:34:36 +0000 @@ -35,8 +35,8 @@ #ifndef SQUID_ACLARP_H #define SQUID_ACLARP_H -#include "ACL.h" -#include "ACLChecklist.h" +#include "acl/Acl.h" +#include "acl/Checklist.h" #include "splay.h" /// \ingroup ACLAPI === renamed file 'src/ACLASN.cc' => 'src/acl/Asn.cc' --- src/ACLASN.cc 2009-01-21 03:47:47 +0000 +++ src/acl/Asn.cc 2009-03-08 19:34:36 +0000 @@ -34,6 +34,6 @@ */ #include "squid.h" -#include "ACLASN.h" -#include "ACLChecklist.h" +#include "acl/Asn.h" +#include "acl/Checklist.h" === renamed file 'src/ACLASN.h' => 'src/acl/Asn.h' --- src/ACLASN.h 2009-01-07 11:24:40 +0000 +++ src/acl/Asn.h 2009-03-08 19:34:36 +0000 @@ -32,10 +32,10 @@ #ifndef SQUID_ACLASN_H #define SQUID_ACLASN_H -#include "ACLData.h" +#include "acl/Data.h" #include "CbDataList.h" -#include "ACLStrategised.h" -#include "ACLChecklist.h" +#include "acl/Strategised.h" +#include "acl/Checklist.h" #include "ip/IpAddress.h" SQUIDCEXTERN int asnMatchIp(CbDataList *, IpAddress &); === renamed file 'src/ACLBrowser.cc' => 'src/acl/Browser.cc' --- src/ACLBrowser.cc 2009-01-21 03:47:47 +0000 +++ src/acl/Browser.cc 2009-03-08 19:34:36 +0000 @@ -35,9 +35,9 @@ */ #include "squid.h" -#include "ACLChecklist.h" -#include "ACLBrowser.h" -#include "ACLRegexData.h" +#include "acl/Checklist.h" +#include "acl/Browser.h" +#include "acl/RegexData.h" /* explicit template instantiation required for some systems */ === renamed file 'src/ACLBrowser.h' => 'src/acl/Browser.h' --- src/ACLBrowser.h 2009-01-21 03:47:47 +0000 +++ src/acl/Browser.h 2009-03-08 19:34:36 +0000 @@ -35,10 +35,10 @@ #ifndef SQUID_ACLBROWSER_H #define SQUID_ACLBROWSER_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLRequestHeaderStrategy.h" -#include "ACLStrategised.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/RequestHeaderStrategy.h" +#include "acl/Strategised.h" /// \ingroup ACLAPI class ACLBrowser === renamed file 'src/ACLCertificate.cc' => 'src/acl/Certificate.cc' --- src/ACLCertificate.cc 2009-01-21 03:47:47 +0000 +++ src/acl/Certificate.cc 2009-03-08 21:53:27 +0000 @@ -41,9 +41,9 @@ */ #if USE_SSL -#include "ACLCertificate.h" -#include "ACLChecklist.h" -#include "ACLCertificateData.h" +#include "acl/Certificate.h" +#include "acl/Checklist.h" +#include "acl/CertificateData.h" #include "fde.h" #include "client_side.h" @@ -53,7 +53,7 @@ ACLStrategised ACLCertificate::CARegistryEntry_(new ACLCertificateData (sslGetCAAttribute), ACLCertificateStrategy::Instance(), "ca_cert"); int -ACLCertificateStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLCertificateStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { const int fd = checklist->fd(); const bool goodDescriptor = 0 <= fd && fd <= Biggest_FD; === renamed file 'src/ACLCertificate.h' => 'src/acl/Certificate.h' --- src/ACLCertificate.h 2009-01-21 03:47:47 +0000 +++ src/acl/Certificate.h 2009-03-08 21:53:27 +0000 @@ -35,18 +35,18 @@ #ifndef SQUID_ACLCERTIFICATE_H #define SQUID_ACLCERTIFICATE_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLChecklist.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Checklist.h" #include "ssl_support.h" -#include "ACLStrategised.h" +#include "acl/Strategised.h" /// \ingroup ACLAPI class ACLCertificateStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); static ACLCertificateStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about === renamed file 'src/ACLCertificateData.cc' => 'src/acl/CertificateData.cc' --- src/ACLCertificateData.cc 2009-01-21 03:47:47 +0000 +++ src/acl/CertificateData.cc 2009-03-08 19:34:36 +0000 @@ -35,9 +35,8 @@ */ #include "squid.h" -#include "ACLCertificateData.h" -#include "authenticate.h" -#include "ACLChecklist.h" +#include "acl/CertificateData.h" +#include "acl/Checklist.h" #include "wordlist.h" ACLCertificateData::ACLCertificateData(SSLGETATTRIBUTE *sslStrategy) : attribute (NULL), values (), sslAttributeCall (sslStrategy) === renamed file 'src/ACLCertificateData.h' => 'src/acl/CertificateData.h' --- src/ACLCertificateData.h 2009-01-21 03:47:47 +0000 +++ src/acl/CertificateData.h 2009-03-08 19:34:36 +0000 @@ -36,10 +36,10 @@ #define SQUID_ACLCERTIFICATEDATA_H #include "splay.h" -#include "ACL.h" -#include "ACLData.h" +#include "acl/Acl.h" +#include "acl/Data.h" #include "ssl_support.h" -#include "ACLStringData.h" +#include "acl/StringData.h" /// \ingroup ACLAPI class ACLCertificateData : public ACLData === renamed file 'src/ACLChecklist.cc' => 'src/acl/Checklist.cc' --- src/ACLChecklist.cc 2009-02-24 23:52:44 +0000 +++ src/acl/Checklist.cc 2009-03-08 19:41:27 +0000 @@ -34,78 +34,7 @@ */ #include "squid.h" -#include "ACLChecklist.h" -#include "HttpRequest.h" -#include "HttpReply.h" -#include "authenticate.h" -#include "ACLProxyAuth.h" -#include "client_side.h" -#include "auth/UserRequest.h" - -int -ACLChecklist::authenticated() -{ - http_hdr_type headertype; - - if (NULL == request) { - fatal ("requiresRequest SHOULD have been true for this ACL!!"); - return 0; - } else if (request->flags.accelerated) { - /* WWW authorization on accelerated requests */ - headertype = HDR_AUTHORIZATION; - } else if (request->flags.intercepted || request->flags.spoof_client_ip) { - debugs(28, DBG_IMPORTANT, HERE << " authentication not applicable on intercepted requests."); - return -1; - } else { - /* Proxy authorization on proxy requests */ - headertype = HDR_PROXY_AUTHORIZATION; - } - - /* get authed here */ - /* Note: this fills in auth_user_request when applicable */ - /* - * DPW 2007-05-08 - * tryToAuthenticateAndSetAuthUser used to try to lock and - * unlock auth_user_request on our behalf, but it was too - * ugly and hard to follow. Now we do our own locking here. - * - * I'm not sure what tryToAuthenticateAndSetAuthUser does when - * auth_user_request is set before calling. I'm tempted to - * unlock and set it to NULL, but it seems safer to save the - * pointer before calling and unlock it afterwards. If the - * pointer doesn't change then its a no-op. - */ - AuthUserRequest *old_auth_user_request = auth_user_request; - auth_acl_t result = AuthUserRequest::tryToAuthenticateAndSetAuthUser (&auth_user_request, headertype, request, conn(), src_addr); - if (auth_user_request) - AUTHUSERREQUESTLOCK(auth_user_request, "ACLChecklist"); - AUTHUSERREQUESTUNLOCK(old_auth_user_request, "old ACLChecklist"); - switch (result) { - - case AUTH_ACL_CANNOT_AUTHENTICATE: - debugs(28, 4, "aclMatchAcl: returning 0 user authenticated but not authorised."); - return 0; - - case AUTH_AUTHENTICATED: - - return 1; - break; - - case AUTH_ACL_HELPER: - debugs(28, 4, "aclMatchAcl: returning 0 sending credentials to helper."); - changeState (ProxyAuthLookup::Instance()); - return 0; - - case AUTH_ACL_CHALLENGE: - debugs(28, 4, "aclMatchAcl: returning 0 sending authentication challenge."); - changeState (ProxyAuthNeeded::Instance()); - return 0; - - default: - fatal("unexpected authenticateAuthenticate reply\n"); - return 0; - } -} +#include "acl/Checklist.h" allow_t const & ACLChecklist::currentAnswer() const @@ -249,6 +178,8 @@ asyncState()->checkForAsync(this); } +// ACLFilledChecklist overwrites this to unclock something before we +// "delete this" void ACLChecklist::checkCallback(allow_t answer) { @@ -256,23 +187,6 @@ void *cbdata_; debugs(28, 3, "ACLChecklist::checkCallback: " << this << " answer=" << answer); - /* During reconfigure, we can end up not finishing call - * sequences into the auth code */ - - if (auth_user_request) { - /* the checklist lock */ - AUTHUSERREQUESTUNLOCK(auth_user_request, "ACLChecklist"); - /* it might have been connection based */ - assert(conn() != NULL); - /* - * DPW 2007-05-08 - * yuck, this make me uncomfortable. why do this here? - * ConnStateData will do its own unlocking. - */ - AUTHUSERREQUESTUNLOCK(conn()->auth_user_request, "conn via ACLChecklist"); - conn()->auth_type = AUTH_BROKEN; - } - callback_ = callback; callback = NULL; @@ -346,104 +260,28 @@ PROF_stop(aclMatchAclList); } -CBDATA_CLASS_INIT(ACLChecklist); - -void * -ACLChecklist::operator new (size_t size) -{ - assert (size == sizeof(ACLChecklist)); - CBDATA_INIT_TYPE(ACLChecklist); - ACLChecklist *result = cbdataAlloc(ACLChecklist); - return result; -} - -void -ACLChecklist::operator delete (void *address) -{ - ACLChecklist *t = static_cast(address); - cbdataFree(t); -} - ACLChecklist::ACLChecklist() : accessList (NULL), - dst_peer(NULL), - request (NULL), - reply (NULL), - auth_user_request (NULL), -#if SQUID_SNMP - snmp_community(NULL), -#endif -#if USE_SSL - ssl_error(0), -#endif callback (NULL), callback_data (NULL), - extacl_entry (NULL), - conn_(NULL), - fd_(-1), async_(false), finished_(false), allow_(ACCESS_DENIED), state_(NullState::Instance()), - destinationDomainChecked_(false), - sourceDomainChecked_(false), lastACLResult_(false) { - my_addr.SetEmpty(); - src_addr.SetEmpty(); - dst_addr.SetEmpty(); - rfc931[0] = '\0'; } ACLChecklist::~ACLChecklist() { assert (!asyncInProgress()); - if (extacl_entry) - cbdataReferenceDone(extacl_entry); - - HTTPMSGUNLOCK(request); - - HTTPMSGUNLOCK(reply); - - // no auth_user_request in builds without any Authentication configured - if (auth_user_request) - AUTHUSERREQUESTUNLOCK(auth_user_request, "ACLChecklist destructor"); - - cbdataReferenceDone(conn_); - cbdataReferenceDone(accessList); debugs(28, 4, "ACLChecklist::~ACLChecklist: destroyed " << this); } -ConnStateData * -ACLChecklist::conn() const -{ - return conn_; -} - -void -ACLChecklist::conn(ConnStateData *aConn) -{ - assert (conn() == NULL); - conn_ = cbdataReference(aConn); -} - -int -ACLChecklist::fd() const -{ - return conn_ != NULL ? conn_->fd : fd_; -} - -void -ACLChecklist::fd(int aDescriptor) -{ - assert(!conn() || conn()->fd == aDescriptor); - fd_ = aDescriptor; -} - void ACLChecklist::AsyncState::changeState (ACLChecklist *checklist, AsyncState *newState) const { @@ -533,32 +371,6 @@ bool -ACLChecklist::destinationDomainChecked() const -{ - return destinationDomainChecked_; -} - -void -ACLChecklist::markDestinationDomainChecked() -{ - assert (!finished() && !destinationDomainChecked()); - destinationDomainChecked_ = true; -} - -bool -ACLChecklist::sourceDomainChecked() const -{ - return sourceDomainChecked_; -} - -void -ACLChecklist::markSourceDomainChecked() -{ - assert (!finished() && !sourceDomainChecked()); - sourceDomainChecked_ = true; -} - -bool ACLChecklist::checking() const { return checking_; @@ -570,58 +382,17 @@ checking_ = newValue; } -/* - * Any ACLChecklist created by aclChecklistCreate() must eventually be - * freed by ACLChecklist::operator delete(). There are two common cases: - * - * A) Using aclCheckFast(): The caller creates the ACLChecklist using - * aclChecklistCreate(), checks it using aclCheckFast(), and frees it - * using aclChecklistFree(). - * - * B) Using aclNBCheck() and callbacks: The caller creates the - * ACLChecklist using aclChecklistCreate(), and passes it to - * aclNBCheck(). Control eventually passes to ACLChecklist::checkCallback(), - * which will invoke the callback function as requested by the - * original caller of aclNBCheck(). This callback function must - * *not* invoke aclChecklistFree(). After the callback function - * returns, ACLChecklist::checkCallback() will free the ACLChecklist using - * aclChecklistFree(). - */ -ACLChecklist * -aclChecklistCreate(const acl_access * A, HttpRequest * request, const char *ident) -{ - // TODO: make this a constructor? On-stack creation uses the same code. - ACLChecklist *checklist = new ACLChecklist; - - if (A) - checklist->accessList = cbdataReference(A); - - if (request != NULL) { - checklist->request = HTTPMSGLOCK(request); -#if FOLLOW_X_FORWARDED_FOR - if (Config.onoff.acl_uses_indirect_client) - checklist->src_addr = request->indirect_client_addr; - else -#endif /* FOLLOW_X_FORWARDED_FOR */ - checklist->src_addr = request->client_addr; - checklist->my_addr = request->my_addr; - } - -#if USE_IDENT - if (ident) - xstrncpy(checklist->rfc931, ident, USER_IDENT_SZ); - -#endif - - return checklist; -} - bool ACLChecklist::callerGone() { return !cbdataReferenceValid(callback_data); } -#ifndef _USE_INLINE_ -#include "ACLChecklist.cci" -#endif +bool +ACLChecklist::matchAclListFast(const ACLList * list) +{ + matchAclList(list, true); + return finished(); +} + + === renamed file 'src/ACLChecklist.h' => 'src/acl/Checklist.h' --- src/ACLChecklist.h 2009-02-04 09:52:20 +0000 +++ src/acl/Checklist.h 2009-03-08 19:41:27 +0000 @@ -33,17 +33,13 @@ #ifndef SQUID_ACLCHECKLIST_H #define SQUID_ACLCHECKLIST_H -//#include "typedefs.h" -//#include "client_side.h" -//#include "structs.h" - -#include "ACL.h" - -class AuthUserRequest; -class ExternalACLEntry; -class ConnStateData; - -/// \ingroup ACLAPI +#include "acl/Acl.h" + +/** \ingroup ACLAPI + Base class for maintaining Squid and transaction state for access checks. + Provides basic ACL checking methods. Its only child, ACLFilledChecklist, + keeps the actual state data. The split is necessary to avoid exposing + all ACL-related code to virtually Squid data types. */ class ACLChecklist { @@ -88,18 +84,9 @@ }; -public: /* operators */ - void *operator new(size_t); - void operator delete(void *); - +public: ACLChecklist(); - ~ACLChecklist(); - /** NP: To cause link failures if assignment attempted */ - ACLChecklist (ACLChecklist const &); - /** NP: To cause link failures if assignment attempted */ - ACLChecklist &operator=(ACLChecklist const &); - -public: /* API methods */ + virtual ~ACLChecklist(); /** * Trigger off a non-blocking access check for a set of *_access options.. @@ -135,7 +122,7 @@ * \retval 1/true Access Allowed * \retval 0/false Access Denied */ - _SQUID_INLINE_ bool matchAclListFast(const ACLList * list); + bool matchAclListFast(const ACLList * list); /** * Attempt to check the current checklist against current data. @@ -149,20 +136,6 @@ */ void check(); - ConnStateData * conn() const; - - /// uses conn() if available - int fd() const; - - /// set either conn - void conn(ConnStateData *); - /// set FD - void fd(int aDescriptor); - -/* Accessors used by internal ACL stuff */ - - int authenticated(); - bool asyncInProgress() const; void asyncInProgress(bool const); @@ -175,62 +148,33 @@ void changeState(AsyncState *); AsyncState *asyncState() const; -private: /* NP: only used internally */ + // XXX: ACLs that need request or reply have to use ACLFilledChecklist and + // should do their own checks so that we do not have to povide these two + // for ACL::checklistMatches to use + virtual bool hasRequest() const = 0; + virtual bool hasReply() const = 0; - void checkCallback(allow_t answer); +private: + virtual void checkCallback(allow_t answer); void checkAccessList(); void checkForAsync(); -public: /* checklist available data */ - +public: const acl_access *accessList; - IpAddress src_addr; - - IpAddress dst_addr; - - IpAddress my_addr; - - struct peer *dst_peer; - - HttpRequest *request; - - /* for acls that look at reply data */ - HttpReply *reply; - char rfc931[USER_IDENT_SZ]; - AuthUserRequest *auth_user_request; -#if SQUID_SNMP - - char *snmp_community; -#endif - -#if USE_SSL - int ssl_error; -#endif - PF *callback; void *callback_data; - ExternalACLEntry *extacl_entry; - - bool destinationDomainChecked() const; - void markDestinationDomainChecked(); - bool sourceDomainChecked() const; - void markSourceDomainChecked(); private: /* internal methods */ void preCheck(); void matchAclList(const ACLList * list, bool const fast); void matchAclListSlow(const ACLList * list); - CBDATA_CLASS(ACLChecklist); - ConnStateData * conn_; /**< hack for ident and NTLM */ - int fd_; /**< may be available when conn_ is not */ bool async_; bool finished_; allow_t allow_; AsyncState *state_; - bool destinationDomainChecked_; - bool sourceDomainChecked_; + bool checking_; bool checking() const; void checking (bool const); @@ -244,13 +188,4 @@ bool lastACLResult() const { return lastACLResult_; } }; -/// \ingroup ACLAPI -SQUIDCEXTERN ACLChecklist *aclChecklistCreate(const acl_access *, - HttpRequest *, - const char *ident); - -#ifdef _USE_INLINE_ -#include "ACLChecklist.cci" -#endif - #endif /* SQUID_ACLCHECKLIST_H */ === renamed file 'src/ACLData.h' => 'src/acl/Data.h' === renamed file 'src/ACLDestinationASN.h' => 'src/acl/DestinationAsn.h' --- src/ACLDestinationASN.h 2009-01-07 11:24:40 +0000 +++ src/acl/DestinationAsn.h 2009-03-08 21:53:27 +0000 @@ -32,8 +32,8 @@ #ifndef SQUID_ACLDESTINATIONASN_H #define SQUID_ACLDESTINATIONASN_H -#include "ACLASN.h" -#include "ACLStrategy.h" +#include "acl/Asn.h" +#include "acl/Strategy.h" #include "ip/IpAddress.h" /// \ingroup ACLAPI @@ -41,7 +41,7 @@ { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); virtual bool requiresRequest() const {return true;} static ACLDestinationASNStrategy *Instance(); === renamed file 'src/ACLDestinationDomain.cc' => 'src/acl/DestinationDomain.cc' --- src/ACLDestinationDomain.cc 2009-01-21 03:47:47 +0000 +++ src/acl/DestinationDomain.cc 2009-03-08 21:57:12 +0000 @@ -35,10 +35,10 @@ */ #include "squid.h" -#include "ACLDestinationDomain.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" -#include "ACLDomainData.h" +#include "acl/DestinationDomain.h" +#include "acl/Checklist.h" +#include "acl/RegexData.h" +#include "acl/DomainData.h" #include "HttpRequest.h" DestinationDomainLookup DestinationDomainLookup::instance_; @@ -50,8 +50,9 @@ } void -DestinationDomainLookup::checkForAsync(ACLChecklist *checklist) const +DestinationDomainLookup::checkForAsync(ACLChecklist *cl) const { + ACLFilledChecklist *checklist = Filled(cl); checklist->asyncInProgress(true); fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist); } @@ -64,7 +65,7 @@ checklist->asyncInProgress(false); checklist->changeState (ACLChecklist::NullState::Instance()); - checklist->markDestinationDomainChecked(); + Filled(checklist)->markDestinationDomainChecked(); checklist->check(); } @@ -74,7 +75,7 @@ ACLStrategised ACLDestinationDomain::RegexRegistryEntry_(new ACLRegexData,ACLDestinationDomainStrategy::Instance() ,"dstdom_regex"); int -ACLDestinationDomainStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLDestinationDomainStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { assert(checklist != NULL && checklist->request != NULL); === renamed file 'src/ACLDestinationDomain.h' => 'src/acl/DestinationDomain.h' --- src/ACLDestinationDomain.h 2009-01-21 03:47:47 +0000 +++ src/acl/DestinationDomain.h 2009-03-08 21:53:27 +0000 @@ -35,17 +35,17 @@ #ifndef SQUID_ACLSOURCEDOMAIN_H #define SQUID_ACLSOURCEDOMAIN_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLChecklist.h" -#include "ACLStrategised.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Checklist.h" +#include "acl/Strategised.h" /// \ingroup ACLAPI class ACLDestinationDomainStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); static ACLDestinationDomainStrategy *Instance(); /** === renamed file 'src/ACLDestinationIP.cc' => 'src/acl/DestinationIp.cc' --- src/ACLDestinationIP.cc 2008-10-10 08:02:53 +0000 +++ src/acl/DestinationIp.cc 2009-03-08 21:57:12 +0000 @@ -34,8 +34,8 @@ */ #include "squid.h" -#include "ACLDestinationIP.h" -#include "ACLChecklist.h" +#include "acl/DestinationIp.h" +#include "acl/FilledChecklist.h" #include "HttpRequest.h" char const * @@ -45,8 +45,9 @@ } int -ACLDestinationIP::match(ACLChecklist *checklist) +ACLDestinationIP::match(ACLChecklist *cl) { + ACLFilledChecklist *checklist = Filled(cl); const ipcache_addrs *ia = ipcache_gethostbyname(checklist->request->GetHost(), IP_LOOKUP_IF_MISS); if (ia) { @@ -77,8 +78,9 @@ } void -DestinationIPLookup::checkForAsync(ACLChecklist *checklist)const +DestinationIPLookup::checkForAsync(ACLChecklist *cl)const { + ACLFilledChecklist *checklist = Filled(cl); checklist->asyncInProgress(true); ipcache_nbgethostbyname(checklist->request->GetHost(), LookupDone, checklist); } @@ -88,7 +90,7 @@ { ACLChecklist *checklist = (ACLChecklist *)data; assert (checklist->asyncState() == DestinationIPLookup::Instance()); - checklist->request->flags.destinationIPLookupCompleted(); + Filled(checklist)->request->flags.destinationIPLookupCompleted(); checklist->asyncInProgress(false); checklist->changeState (ACLChecklist::NullState::Instance()); checklist->check(); === renamed file 'src/ACLDestinationIP.h' => 'src/acl/DestinationIp.h' --- src/ACLDestinationIP.h 2008-10-10 08:02:53 +0000 +++ src/acl/DestinationIp.h 2009-03-08 19:34:36 +0000 @@ -35,8 +35,8 @@ #ifndef SQUID_ACLDESTINATIONIP_H #define SQUID_ACLDESTINATIONIP_H -#include "ACLChecklist.h" -#include "ACLIP.h" +#include "acl/Checklist.h" +#include "acl/Ip.h" class DestinationIPLookup : public ACLChecklist::AsyncState { === renamed file 'src/ACLDomainData.cc' => 'src/acl/DomainData.cc' --- src/ACLDomainData.cc 2009-01-21 03:47:47 +0000 +++ src/acl/DomainData.cc 2009-03-08 19:34:36 +0000 @@ -35,9 +35,8 @@ */ #include "squid.h" -#include "ACLDomainData.h" -#include "authenticate.h" -#include "ACLChecklist.h" +#include "acl/DomainData.h" +#include "acl/Checklist.h" #include "wordlist.h" template === renamed file 'src/ACLDomainData.h' => 'src/acl/DomainData.h' --- src/ACLDomainData.h 2009-01-21 03:47:47 +0000 +++ src/acl/DomainData.h 2009-03-08 19:34:36 +0000 @@ -36,8 +36,8 @@ #define SQUID_ACLDOMAINDATA_H #include "splay.h" -#include "ACL.h" -#include "ACLData.h" +#include "acl/Acl.h" +#include "acl/Data.h" /// \ingroup ACLAPI class ACLDomainData : public ACLData === renamed file 'src/ACLExtUser.cc' => 'src/acl/ExtUser.cc' --- src/ACLExtUser.cc 2009-02-10 11:02:53 +0000 +++ src/acl/ExtUser.cc 2009-03-08 21:53:27 +0000 @@ -35,11 +35,10 @@ */ #include "squid.h" -#include "ACLExtUser.h" -#include "authenticate.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" -#include "ACLUserData.h" +#include "acl/ExtUser.h" +#include "acl/FilledChecklist.h" +#include "acl/RegexData.h" +#include "acl/UserData.h" #include "client_side.h" #include "HttpRequest.h" @@ -76,8 +75,9 @@ } int -ACLExtUser::match(ACLChecklist *checklist) +ACLExtUser::match(ACLChecklist *cl) { + ACLFilledChecklist *checklist = Filled(cl); if (checklist->request->extacl_user.size()) { return data->match(checklist->request->extacl_user.termedBuf()); } else { === renamed file 'src/ACLExtUser.h' => 'src/acl/ExtUser.h' --- src/ACLExtUser.h 2009-01-21 03:47:47 +0000 +++ src/acl/ExtUser.h 2009-03-08 19:34:36 +0000 @@ -35,9 +35,9 @@ #ifndef SQUID_ACLIDENT_H #define SQUID_ACLIDENT_H -#include "ACL.h" -#include "ACLChecklist.h" -#include "ACLData.h" +#include "acl/Acl.h" +#include "acl/Checklist.h" +#include "acl/Data.h" /// \ingroup ACLAPI class ACLExtUser : public ACL === added file 'src/acl/FilledChecklist.cc' --- src/acl/FilledChecklist.cc 1970-01-01 00:00:00 +0000 +++ src/acl/FilledChecklist.cc 2009-03-08 19:41:27 +0000 @@ -0,0 +1,274 @@ +#include "squid.h" +#include "HttpRequest.h" +#include "HttpReply.h" +#include "client_side.h" +#include "auth/UserRequest.h" +#include "auth/AclProxyAuth.h" +#include "acl/FilledChecklist.h" + +CBDATA_CLASS_INIT(ACLFilledChecklist); + +#if MOVED +int +ACLFilledChecklist::authenticated() +{ + http_hdr_type headertype; + + if (NULL == request) { + fatal ("requiresRequest SHOULD have been true for this ACL!!"); + return 0; + } else if (request->flags.accelerated) { + /* WWW authorization on accelerated requests */ + headertype = HDR_AUTHORIZATION; + } else if (request->flags.intercepted || request->flags.spoof_client_ip) { + debugs(28, DBG_IMPORTANT, HERE << " authentication not applicable on intercepted requests."); + return -1; + } else { + /* Proxy authorization on proxy requests */ + headertype = HDR_PROXY_AUTHORIZATION; + } + + /* get authed here */ + /* Note: this fills in auth_user_request when applicable */ + /* + * DPW 2007-05-08 + * tryToAuthenticateAndSetAuthUser used to try to lock and + * unlock auth_user_request on our behalf, but it was too + * ugly and hard to follow. Now we do our own locking here. + * + * I'm not sure what tryToAuthenticateAndSetAuthUser does when + * auth_user_request is set before calling. I'm tempted to + * unlock and set it to NULL, but it seems safer to save the + * pointer before calling and unlock it afterwards. If the + * pointer doesn't change then its a no-op. + */ + AuthUserRequest *old_auth_user_request = auth_user_request; + auth_acl_t result = AuthUserRequest::tryToAuthenticateAndSetAuthUser (&auth_user_request, headertype, request, conn(), src_addr); + if (auth_user_request) + AUTHUSERREQUESTLOCK(auth_user_request, "ACLFilledChecklist"); + AUTHUSERREQUESTUNLOCK(old_auth_user_request, "old ACLFilledChecklist"); + switch (result) { + + case AUTH_ACL_CANNOT_AUTHENTICATE: + debugs(28, 4, "aclMatchAcl: returning 0 user authenticated but not authorised."); + return 0; + + case AUTH_AUTHENTICATED: + + return 1; + break; + + case AUTH_ACL_HELPER: + debugs(28, 4, "aclMatchAcl: returning 0 sending credentials to helper."); + changeState (ProxyAuthLookup::Instance()); + return 0; + + case AUTH_ACL_CHALLENGE: + debugs(28, 4, "aclMatchAcl: returning 0 sending authentication challenge."); + changeState (ProxyAuthNeeded::Instance()); + return 0; + + default: + fatal("unexpected authenticateAuthenticate reply\n"); + return 0; + } +} +#endif + +void +ACLFilledChecklist::checkCallback(allow_t answer) +{ + debugs(28, 5, "ACLFilledChecklist::checkCallback: " << this << " answer=" << answer); + + /* During reconfigure, we can end up not finishing call + * sequences into the auth code */ + + if (auth_user_request) { + /* the filled_checklist lock */ + AUTHUSERREQUESTUNLOCK(auth_user_request, "ACLFilledChecklist"); + /* it might have been connection based */ + assert(conn() != NULL); + /* + * DPW 2007-05-08 + * yuck, this make me uncomfortable. why do this here? + * ConnStateData will do its own unlocking. + */ + AUTHUSERREQUESTUNLOCK(conn()->auth_user_request, "conn via ACLFilledChecklist"); + conn()->auth_type = AUTH_BROKEN; + } + + ACLFilledChecklist::checkCallback(answer); // may delete us +} + + +void * +ACLFilledChecklist::operator new (size_t size) +{ + assert (size == sizeof(ACLFilledChecklist)); + CBDATA_INIT_TYPE(ACLFilledChecklist); + ACLFilledChecklist *result = cbdataAlloc(ACLFilledChecklist); + return result; +} + +void +ACLFilledChecklist::operator delete (void *address) +{ + ACLFilledChecklist *t = static_cast(address); + cbdataFree(t); +} + + +ACLFilledChecklist::ACLFilledChecklist() : + dst_peer(NULL), + request (NULL), + reply (NULL), + auth_user_request (NULL), +#if SQUID_SNMP + snmp_community(NULL), +#endif +#if USE_SSL + ssl_error(0), +#endif + extacl_entry (NULL), + conn_(NULL), + fd_(-1), + destinationDomainChecked_(false), + sourceDomainChecked_(false) +{ + my_addr.SetEmpty(); + src_addr.SetEmpty(); + dst_addr.SetEmpty(); + rfc931[0] = '\0'; +} + + +ACLFilledChecklist::~ACLFilledChecklist() +{ + assert (!asyncInProgress()); + + if (extacl_entry) + cbdataReferenceDone(extacl_entry); + + HTTPMSGUNLOCK(request); + + HTTPMSGUNLOCK(reply); + + // no auth_user_request in builds without any Authentication configured + if (auth_user_request) + AUTHUSERREQUESTUNLOCK(auth_user_request, "ACLFilledChecklist destructor"); + + cbdataReferenceDone(conn_); + + debugs(28, 4, HERE << "ACLFilledChecklist destroyed " << this); +} + + +ConnStateData * +ACLFilledChecklist::conn() const +{ + return conn_; +} + +void +ACLFilledChecklist::conn(ConnStateData *aConn) +{ + assert (conn() == NULL); + conn_ = cbdataReference(aConn); +} + +int +ACLFilledChecklist::fd() const +{ + return conn_ != NULL ? conn_->fd : fd_; +} + +void +ACLFilledChecklist::fd(int aDescriptor) +{ + assert(!conn() || conn()->fd == aDescriptor); + fd_ = aDescriptor; +} + +bool +ACLFilledChecklist::destinationDomainChecked() const +{ + return destinationDomainChecked_; +} + +void +ACLFilledChecklist::markDestinationDomainChecked() +{ + assert (!finished() && !destinationDomainChecked()); + destinationDomainChecked_ = true; +} + +bool +ACLFilledChecklist::sourceDomainChecked() const +{ + return sourceDomainChecked_; +} + +void +ACLFilledChecklist::markSourceDomainChecked() +{ + assert (!finished() && !sourceDomainChecked()); + sourceDomainChecked_ = true; +} + +/* + * There are two common ACLFilledChecklist lifecycles paths: + * + * A) Using aclCheckFast(): The caller creates an ACLFilledChecklist object + * on stack and calls aclCheckFast(). + * + * B) Using aclNBCheck() and callbacks: The caller allocates an + * ACLFilledChecklist object (via operator new) and passes it to + * aclNBCheck(). Control eventually passes to ACLChecklist::checkCallback(), + * which will invoke the callback function as requested by the + * original caller of aclNBCheck(). This callback function must + * *not* delete the list. After the callback function returns, + * checkCallback() will delete the list (i.e., self). + */ +ACLFilledChecklist::ACLFilledChecklist(const acl_access *A, HttpRequest *request, const char *ident): + dst_peer(NULL), + request(NULL), + reply(NULL), + auth_user_request(NULL), +#if SQUID_SNMP + snmp_community(NULL), +#endif +#if USE_SSL + ssl_error(0), +#endif + extacl_entry (NULL), + conn_(NULL), + fd_(-1), + destinationDomainChecked_(false), + sourceDomainChecked_(false) +{ + my_addr.SetEmpty(); + src_addr.SetEmpty(); + dst_addr.SetEmpty(); + rfc931[0] = '\0'; + + // cbdataReferenceDone() is in either fastCheck() or the destructor + if (A) + accessList = cbdataReference(A); + + if (request != NULL) { + request = HTTPMSGLOCK(request); +#if FOLLOW_X_FORWARDED_FOR + if (Config.onoff.acl_uses_indirect_client) + src_addr = request->indirect_client_addr; + else +#endif /* FOLLOW_X_FORWARDED_FOR */ + src_addr = request->client_addr; + my_addr = request->my_addr; + } + +#if USE_IDENT + if (ident) + xstrncpy(rfc931, ident, USER_IDENT_SZ); +#endif +} + === added file 'src/acl/FilledChecklist.h' --- src/acl/FilledChecklist.h 1970-01-01 00:00:00 +0000 +++ src/acl/FilledChecklist.h 2009-03-08 19:41:27 +0000 @@ -0,0 +1,94 @@ +#ifndef SQUID_ACLFILLED_CHECKLIST_H +#define SQUID_ACLFILLED_CHECKLIST_H + +#include "acl/Checklist.h" + +class AuthUserRequest; +class ExternalACLEntry; +class ConnStateData; + +/** \ingroup ACLAPI + ACLChecklist filled with specific data, representing Squid and transaction + state for access checks along with some data-specific checking methods */ +class ACLFilledChecklist: public ACLChecklist +{ +public: + void *operator new(size_t); + void operator delete(void *); + + ACLFilledChecklist(); + ACLFilledChecklist(const acl_access *, HttpRequest *, const char *ident); + ~ACLFilledChecklist(); + +public: + ConnStateData * conn() const; + + /// uses conn() if available + int fd() const; + + /// set either conn + void conn(ConnStateData *); + /// set FD + void fd(int aDescriptor); + + //int authenticated(); + + bool destinationDomainChecked() const; + void markDestinationDomainChecked(); + bool sourceDomainChecked() const; + void markSourceDomainChecked(); + + // ACLChecklist API + virtual bool hasRequest() const { return request != NULL; } + virtual bool hasReply() const { return reply != NULL; } + +public: + IpAddress src_addr; + IpAddress dst_addr; + IpAddress my_addr; + struct peer *dst_peer; + + HttpRequest *request; + HttpReply *reply; + + char rfc931[USER_IDENT_SZ]; + AuthUserRequest *auth_user_request; + +#if SQUID_SNMP + char *snmp_community; +#endif + +#if USE_SSL + int ssl_error; +#endif + + ExternalACLEntry *extacl_entry; + +private: + virtual void checkCallback(allow_t answer); + +private: + CBDATA_CLASS(ACLFilledChecklist); + + ConnStateData * conn_; /**< hack for ident and NTLM */ + int fd_; /**< may be available when conn_ is not */ + bool destinationDomainChecked_; + bool sourceDomainChecked_; + +private: + /// not implemented; will cause link failures if used + ACLFilledChecklist(const ACLFilledChecklist &); + /// not implemented; will cause link failures if used + ACLFilledChecklist &operator=(const ACLFilledChecklist &); +}; + +/// convenience and safety wrapper for dynamic_cast +inline +ACLFilledChecklist *Filled(ACLChecklist *checklist) +{ + // this should always be safe because ACLChecklist is an abstract class + // and ACLFilledChecklist is its only [concrete] child + return dynamic_cast(checklist); +} + +#endif /* SQUID_ACLFILLED_CHECKLIST_H */ === renamed file 'src/acl_noncore.cc' => 'src/acl/Gadgets.cc' --- src/acl_noncore.cc 2009-01-21 03:47:47 +0000 +++ src/acl/Gadgets.cc 2009-03-08 19:45:44 +0000 @@ -39,8 +39,10 @@ */ #include "squid.h" -#include "ACL.h" -#include "ACLChecklist.h" +#include "acl/Acl.h" +#include "acl/Checklist.h" +#include "acl/Strategised.h" +#include "acl/Gadgets.h" #include "ConfigParser.h" #include "errorpage.h" #include "HttpRequest.h" @@ -318,5 +320,26 @@ int aclPurgeMethodInUse(acl_access * a) { - return a->containsPURGE(); + ACLList *b; + + debugs(28, 6, "aclPurgeMethodInUse: invoked for '" << a->cfgline << "'"); + + for (; a; a = a->next) { + for (b = a->aclList; b; b = b->next) { + ACLStrategised *tempAcl = dynamic_cast *>(b->_acl); + + if (!tempAcl) { + debugs(28, 7, "aclPurgeMethodInUse: can't create tempAcl"); + continue; + } + + if (tempAcl->match(METHOD_PURGE)) { + debugs(28, 6, "aclPurgeMethodInUse: returning true"); + return true; + } + } + } + + debugs(28, 6, "aclPurgeMethodInUse: returning false"); + return false; } === added file 'src/acl/Gadgets.h' --- src/acl/Gadgets.h 1970-01-01 00:00:00 +0000 +++ src/acl/Gadgets.h 2009-03-08 19:45:44 +0000 @@ -0,0 +1,43 @@ +#ifndef SQUID_ACL_GADGETS_H +#define SQUID_ACL_GADGETS_H + +#include "config.h" +#include "enums.h" /* for err_type */ + +struct dlink_list; +class StoreEntry; +class ConfigParser; +class acl_access; +class ACL; +class ACLList; +struct acl_deny_info_list; +class wordlist; + +/// \ingroup ACLAPI +extern void aclDestroyAccessList(acl_access **list); +/// \ingroup ACLAPI +extern void aclDestroyAcls(ACL **); +/// \ingroup ACLAPI +extern void aclDestroyAclList(ACLList **); +/// \ingroup ACLAPI +extern void aclParseAccessLine(ConfigParser &parser, acl_access **); +/// \ingroup ACLAPI +extern void aclParseAclList(ConfigParser &parser, ACLList **); +/// \ingroup ACLAPI +extern int aclIsProxyAuth(const char *name); +/// \ingroup ACLAPI +extern err_type aclGetDenyInfoPage(acl_deny_info_list ** head, const char *name, int redirect_allowed); +/// \ingroup ACLAPI +extern void aclParseDenyInfoLine(acl_deny_info_list **); +/// \ingroup ACLAPI +extern void aclDestroyDenyInfoList(acl_deny_info_list **); +/// \ingroup ACLAPI +extern wordlist *aclDumpGeneric(const ACL *); +/// \ingroup ACLAPI +extern void aclCacheMatchFlush(dlink_list * cache); +/// \ingroup ACLAPI +extern void dump_acl_access(StoreEntry * entry, const char *name, acl_access * head); +/// \ingroup ACLAPI +int aclPurgeMethodInUse(acl_access * a); + +#endif /* SQUID_ACL_GADGETS_H */ === renamed file 'src/ACLHTTPHeaderData.cc' => 'src/acl/HttpHeaderData.cc' --- src/ACLHTTPHeaderData.cc 2009-01-30 14:55:22 +0000 +++ src/acl/HttpHeaderData.cc 2009-03-08 19:34:36 +0000 @@ -35,11 +35,10 @@ */ #include "squid.h" -#include "ACLHTTPHeaderData.h" -#include "authenticate.h" -#include "ACLChecklist.h" -#include "ACL.h" -#include "ACLRegexData.h" +#include "acl/HttpHeaderData.h" +#include "acl/Checklist.h" +#include "acl/Acl.h" +#include "acl/RegexData.h" #include "wordlist.h" #include "ConfigParser.h" === renamed file 'src/ACLHTTPHeaderData.h' => 'src/acl/HttpHeaderData.h' --- src/ACLHTTPHeaderData.h 2009-01-21 03:47:47 +0000 +++ src/acl/HttpHeaderData.h 2009-03-08 19:34:36 +0000 @@ -38,7 +38,7 @@ class wordlist; /* becaue we inherit from it */ -#include "ACLData.h" +#include "acl/Data.h" /* for String field */ #include "SquidString.h" /* for http_hdr_type field */ === renamed file 'src/ACLHTTPRepHeader.cc' => 'src/acl/HttpRepHeader.cc' --- src/ACLHTTPRepHeader.cc 2009-01-21 03:47:47 +0000 +++ src/acl/HttpRepHeader.cc 2009-03-08 21:53:27 +0000 @@ -34,9 +34,9 @@ */ #include "squid.h" -#include "ACLHTTPRepHeader.h" -#include "ACLHTTPHeaderData.h" -#include "ACLChecklist.h" +#include "acl/HttpRepHeader.h" +#include "acl/HttpHeaderData.h" +#include "acl/Checklist.h" #include "HttpReply.h" ACL::Prototype ACLHTTPRepHeader::RegistryProtoype(&ACLHTTPRepHeader::RegistryEntry_, "rep_header"); @@ -44,7 +44,7 @@ ACLStrategised ACLHTTPRepHeader::RegistryEntry_(new ACLHTTPHeaderData, ACLHTTPRepHeaderStrategy::Instance(), "rep_header"); int -ACLHTTPRepHeaderStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLHTTPRepHeaderStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { return data->match (&checklist->reply->header); } === renamed file 'src/ACLHTTPRepHeader.h' => 'src/acl/HttpRepHeader.h' --- src/ACLHTTPRepHeader.h 2009-01-21 03:47:47 +0000 +++ src/acl/HttpRepHeader.h 2009-03-08 21:53:27 +0000 @@ -35,8 +35,8 @@ #ifndef SQUID_ACLHTTPREPHEADER_H #define SQUID_ACLHTTPREPHEADER_H -#include "ACLStrategy.h" -#include "ACLStrategised.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" #include "HttpHeader.h" /// \ingroup ACLAPI @@ -44,7 +44,7 @@ { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); virtual bool requiresReply() const { return true; } static ACLHTTPRepHeaderStrategy *Instance(); === renamed file 'src/ACLHTTPReqHeader.cc' => 'src/acl/HttpReqHeader.cc' --- src/ACLHTTPReqHeader.cc 2009-01-21 03:47:47 +0000 +++ src/acl/HttpReqHeader.cc 2009-03-08 21:53:27 +0000 @@ -34,9 +34,9 @@ */ #include "squid.h" -#include "ACLHTTPReqHeader.h" -#include "ACLHTTPHeaderData.h" -#include "ACLChecklist.h" +#include "acl/HttpReqHeader.h" +#include "acl/HttpHeaderData.h" +#include "acl/Checklist.h" #include "HttpRequest.h" ACL::Prototype ACLHTTPReqHeader::RegistryProtoype(&ACLHTTPReqHeader::RegistryEntry_, "req_header"); @@ -44,7 +44,7 @@ ACLStrategised ACLHTTPReqHeader::RegistryEntry_(new ACLHTTPHeaderData, ACLHTTPReqHeaderStrategy::Instance(), "req_header"); int -ACLHTTPReqHeaderStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLHTTPReqHeaderStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { return data->match (&checklist->request->header); } === renamed file 'src/ACLHTTPReqHeader.h' => 'src/acl/HttpReqHeader.h' --- src/ACLHTTPReqHeader.h 2009-01-21 03:47:47 +0000 +++ src/acl/HttpReqHeader.h 2009-03-08 21:53:27 +0000 @@ -35,8 +35,8 @@ #ifndef SQUID_ACLHTTPREQHEADER_H #define SQUID_ACLHTTPREQHEADER_H -#include "ACLStrategy.h" -#include "ACLStrategised.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" #include "HttpHeader.h" /// \ingroup ACLAPI @@ -44,7 +44,7 @@ { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); virtual bool requiresRequest() const { return true; } static ACLHTTPReqHeaderStrategy *Instance(); === renamed file 'src/ACLHTTPStatus.cc' => 'src/acl/HttpStatus.cc' --- src/ACLHTTPStatus.cc 2009-01-21 03:47:47 +0000 +++ src/acl/HttpStatus.cc 2009-03-08 21:57:12 +0000 @@ -40,7 +40,8 @@ #endif #include "squid.h" -#include "ACLHTTPStatus.h" +#include "acl/HttpStatus.h" +#include "acl/FilledChecklist.h" #include "HttpReply.h" #include "wordlist.h" @@ -161,7 +162,7 @@ int ACLHTTPStatus::match(ACLChecklist *checklist) { - return aclMatchHTTPStatus(&data, checklist->reply->sline.status); + return aclMatchHTTPStatus(&data, Filled(checklist)->reply->sline.status); } int === renamed file 'src/ACLHTTPStatus.h' => 'src/acl/HttpStatus.h' --- src/ACLHTTPStatus.h 2009-01-21 03:47:47 +0000 +++ src/acl/HttpStatus.h 2009-03-08 19:34:36 +0000 @@ -35,8 +35,8 @@ #ifndef SQUID_ACLHTTPSTATUS_H #define SQUID_ACLHTTPSTATUS_H -#include "ACL.h" -#include "ACLChecklist.h" +#include "acl/Acl.h" +#include "acl/Checklist.h" #include "splay.h" /// \ingroup ACLAPI === renamed file 'src/ACLIdent.cc' => 'src/acl/Ident.cc' --- src/ACLIdent.cc 2008-10-10 08:02:53 +0000 +++ src/acl/Ident.cc 2009-03-08 21:53:27 +0000 @@ -35,11 +35,10 @@ */ #include "squid.h" -#include "ACLIdent.h" -#include "authenticate.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" -#include "ACLUserData.h" +#include "acl/Ident.h" +#include "acl/FilledChecklist.h" +#include "acl/RegexData.h" +#include "acl/UserData.h" #include "client_side.h" #include "ident.h" @@ -79,8 +78,9 @@ } int -ACLIdent::match(ACLChecklist *checklist) +ACLIdent::match(ACLChecklist *cl) { + ACLFilledChecklist *checklist = Filled(cl); if (checklist->rfc931[0]) { return data->match(checklist->rfc931); } else if (checklist->conn() != NULL && checklist->conn()->rfc931[0]) { @@ -124,8 +124,9 @@ } void -IdentLookup::checkForAsync(ACLChecklist *checklist)const +IdentLookup::checkForAsync(ACLChecklist *cl)const { + ACLFilledChecklist *checklist = Filled(cl); if (checklist->conn() != NULL) { debugs(28, 3, "IdentLookup::checkForAsync: Doing ident lookup" ); checklist->asyncInProgress(true); @@ -141,7 +142,7 @@ void IdentLookup::LookupDone(const char *ident, void *data) { - ACLChecklist *checklist = (ACLChecklist *)data; + ACLFilledChecklist *checklist = Filled(static_cast(data)); assert (checklist->asyncState() == IdentLookup::Instance()); if (ident) { === renamed file 'src/ACLIdent.h' => 'src/acl/Ident.h' --- src/ACLIdent.h 2008-10-10 08:02:53 +0000 +++ src/acl/Ident.h 2009-03-08 19:34:36 +0000 @@ -35,7 +35,7 @@ #ifndef SQUID_ACLIDENT_H #define SQUID_ACLIDENT_H -#include "ACLChecklist.h" +#include "acl/Checklist.h" /// \ingroup ACLAPI class IdentLookup : public ACLChecklist::AsyncState @@ -51,8 +51,8 @@ }; -#include "ACL.h" -#include "ACLData.h" +#include "acl/Acl.h" +#include "acl/Data.h" /// \ingroup ACLAPI class ACLIdent : public ACL === renamed file 'src/ACLIntRange.cc' => 'src/acl/IntRange.cc' --- src/ACLIntRange.cc 2009-01-21 03:47:47 +0000 +++ src/acl/IntRange.cc 2009-03-08 19:34:36 +0000 @@ -35,7 +35,7 @@ */ #include "squid.h" -#include "ACLIntRange.h" +#include "acl/IntRange.h" #include "wordlist.h" #include "Parsing.h" === renamed file 'src/ACLIntRange.h' => 'src/acl/IntRange.h' --- src/ACLIntRange.h 2009-01-21 03:47:47 +0000 +++ src/acl/IntRange.h 2009-03-08 19:34:36 +0000 @@ -35,7 +35,7 @@ #ifndef SQUID_ACLINTRANGE_H #define SQUID_ACLINTRANGE_H -#include "ACLData.h" +#include "acl/Data.h" #include "CbDataList.h" #include "Range.h" === renamed file 'src/ACLIP.cc' => 'src/acl/Ip.cc' --- src/ACLIP.cc 2009-02-22 03:40:03 +0000 +++ src/acl/Ip.cc 2009-03-08 19:34:36 +0000 @@ -34,8 +34,8 @@ */ #include "squid.h" -#include "ACLIP.h" -#include "ACLChecklist.h" +#include "acl/Ip.h" +#include "acl/Checklist.h" #include "MemBuf.h" #include "wordlist.h" === renamed file 'src/ACLIP.h' => 'src/acl/Ip.h' --- src/ACLIP.h 2009-01-09 13:12:24 +0000 +++ src/acl/Ip.h 2009-03-08 19:34:36 +0000 @@ -32,7 +32,7 @@ #ifndef SQUID_ACLIP_H #define SQUID_ACLIP_H -#include "ACL.h" +#include "acl/Acl.h" #include "splay.h" #include "ip/IpAddress.h" === added file 'src/acl/Makefile.am' --- src/acl/Makefile.am 1970-01-01 00:00:00 +0000 +++ src/acl/Makefile.am 2009-03-08 19:34:36 +0000 @@ -0,0 +1,142 @@ +include $(top_srcdir)/src/Common.am +include $(top_srcdir)/src/TestHeaders.am + +noinst_LTLIBRARIES = libapi.la libstate.la libacls.la + +## General data-independent ACL API +libapi_la_SOURCES = \ + Acl.cc \ + Acl.h \ + Checklist.cc \ + Checklist.h + +## Data-dependent Squid/transaction state used by specific ACLs. +## Does not refer to specific ACLs to avoid circular dependencies. +libstate_la_SOURCES = \ + Data.h \ + Strategy.h \ + Strategised.cc \ + Strategised.h \ + \ + FilledChecklist.cc \ + FilledChecklist.h + +## data-specific ACLs +libacls_la_SOURCES = \ + IntRange.cc \ + IntRange.h \ + RegexData.cc \ + RegexData.h \ + StringData.cc \ + StringData.h \ + Time.cc \ + Time.h \ + TimeData.cc \ + TimeData.h \ + \ + Asn.cc \ + Asn.h \ + Browser.cc \ + Browser.h \ + DestinationAsn.h \ + DestinationDomain.cc \ + DestinationDomain.h \ + DestinationIp.cc \ + DestinationIp.h \ + DomainData.cc \ + DomainData.h \ + ExtUser.cc \ + ExtUser.h \ + HttpHeaderData.cc \ + HttpHeaderData.h \ + HttpRepHeader.cc \ + HttpRepHeader.h \ + HttpReqHeader.cc \ + HttpReqHeader.h \ + HttpStatus.cc \ + HttpStatus.h \ + Ip.cc \ + Ip.h \ + MaxConnection.cc \ + MaxConnection.h \ + Method.cc \ + MethodData.cc \ + MethodData.h \ + Method.h \ + MyIp.cc \ + MyIp.h \ + MyPort.cc \ + MyPort.h \ + MyPortName.cc \ + MyPortName.h \ + PeerName.cc \ + PeerName.h \ + Protocol.cc \ + ProtocolData.cc \ + ProtocolData.h \ + Protocol.h \ + Referer.cc \ + Referer.h \ + ReplyHeaderStrategy.h \ + ReplyMimeType.cc \ + ReplyMimeType.h \ + RequestHeaderStrategy.h \ + RequestMimeType.cc \ + RequestMimeType.h \ + SourceAsn.h \ + SourceDomain.cc \ + SourceDomain.h \ + SourceIp.cc \ + SourceIp.h \ + Url.cc \ + Url.h \ + UrlPath.cc \ + UrlPath.h \ + UrlPort.cc \ + UrlPort.h \ + UserData.cc \ + UserData.h \ + \ + Gadgets.cc \ + Gadgets.h + +## Add conditional sources +## TODO: move these to their respectful dirs when those dirs are created + +EXTRA_libacls_la_SOURCES = + +SSL_ACLS = \ + CertificateData.cc \ + CertificateData.h \ + Certificate.cc \ + Certificate.h \ + SslError.cc \ + SslError.h \ + SslErrorData.cc \ + SslErrorData.h + +if ENABLE_SSL +libacls_la_SOURCES += $(SSL_ACLS) +endif + +EXTRA_libacls_la_SOURCES += $(SSL_ACLS) + + +ARP_ACLS = Arp.cc Arp.h + +if ENABLE_ARP_ACL +libacls_la_SOURCES += $(ARP_ACLS) +endif + +EXTRA_libacls_la_SOURCES += $(ARP_ACLS) + + +IDENT_ACLS = Ident.cc Ident.h + +if ENABLE_IDENT +libacls_la_SOURCES += $(IDENT_ACLS) +endif + +EXTRA_libacls_la_SOURCES += $(IDENT_ACLS) + + === renamed file 'src/ACLMaxConnection.cc' => 'src/acl/MaxConnection.cc' --- src/ACLMaxConnection.cc 2009-01-21 03:47:47 +0000 +++ src/acl/MaxConnection.cc 2009-03-08 21:57:12 +0000 @@ -35,7 +35,8 @@ */ #include "squid.h" -#include "ACLMaxConnection.h" +#include "acl/FilledChecklist.h" +#include "acl/MaxConnection.h" #include "wordlist.h" ACL::Prototype ACLMaxConnection::RegistryProtoype(&ACLMaxConnection::RegistryEntry_, "maxconn"); @@ -95,7 +96,7 @@ int ACLMaxConnection::match(ACLChecklist *checklist) { - return (clientdbEstablished(checklist->src_addr, 0) > limit ? 1 : 0); + return clientdbEstablished(Filled(checklist)->src_addr, 0) > limit ? 1 : 0; } wordlist * === renamed file 'src/ACLMaxConnection.h' => 'src/acl/MaxConnection.h' --- src/ACLMaxConnection.h 2009-01-21 03:47:47 +0000 +++ src/acl/MaxConnection.h 2009-03-08 19:34:36 +0000 @@ -35,8 +35,8 @@ #ifndef SQUID_ACLMAXCONNECTION_H #define SQUID_ACLMAXCONNECTION_H -#include "ACL.h" -#include "ACLChecklist.h" +#include "acl/Acl.h" +#include "acl/Checklist.h" /// \ingroup ACLAPI class ACLMaxConnection : public ACL === renamed file 'src/ACLMethod.cc' => 'src/acl/Method.cc' --- src/ACLMethod.cc 2009-01-21 03:47:47 +0000 +++ src/acl/Method.cc 2009-03-08 21:53:27 +0000 @@ -34,9 +34,9 @@ */ #include "squid.h" -#include "ACLMethod.h" -#include "ACLMethodData.h" -#include "ACLChecklist.h" +#include "acl/Method.h" +#include "acl/MethodData.h" +#include "acl/Checklist.h" #include "HttpRequest.h" /* explicit template instantiation required for some systems */ @@ -48,7 +48,7 @@ ACLStrategised ACLMethod::RegistryEntry_(new ACLMethodData, ACLMethodStrategy::Instance(), "method"); int -ACLMethodStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLMethodStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { return data->match (checklist->request->method); } === renamed file 'src/ACLMethod.h' => 'src/acl/Method.h' --- src/ACLMethod.h 2009-01-21 03:47:47 +0000 +++ src/acl/Method.h 2009-03-08 21:53:27 +0000 @@ -35,15 +35,15 @@ #ifndef SQUID_ACLMETHOD_H #define SQUID_ACLMETHOD_H -#include "ACLStrategy.h" -#include "ACLStrategised.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" /// \ingroup ACLAPI class ACLMethodStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); virtual bool requiresRequest() const {return true;} static ACLMethodStrategy *Instance(); === renamed file 'src/ACLMethodData.cc' => 'src/acl/MethodData.cc' --- src/ACLMethodData.cc 2009-01-21 03:47:47 +0000 +++ src/acl/MethodData.cc 2009-03-08 19:34:36 +0000 @@ -35,8 +35,8 @@ */ #include "squid.h" -#include "ACLMethodData.h" -#include "ACLChecklist.h" +#include "acl/MethodData.h" +#include "acl/Checklist.h" #include "HttpRequestMethod.h" #include "wordlist.h" === renamed file 'src/ACLMethodData.h' => 'src/acl/MethodData.h' --- src/ACLMethodData.h 2009-01-21 03:47:47 +0000 +++ src/acl/MethodData.h 2009-03-08 19:34:36 +0000 @@ -35,8 +35,8 @@ #ifndef SQUID_ACLMETHODDATA_H #define SQUID_ACLMETHODDATA_H -#include "ACL.h" -#include "ACLData.h" +#include "acl/Acl.h" +#include "acl/Data.h" #include "CbDataList.h" /// \ingroup ACLAPI === renamed file 'src/ACLMyIP.cc' => 'src/acl/MyIp.cc' --- src/ACLMyIP.cc 2008-10-10 08:02:53 +0000 +++ src/acl/MyIp.cc 2009-03-08 21:57:12 +0000 @@ -34,8 +34,8 @@ */ #include "squid.h" -#include "ACLMyIP.h" -#include "ACLChecklist.h" +#include "acl/MyIp.h" +#include "acl/FilledChecklist.h" char const * ACLMyIP::typeString() const @@ -46,7 +46,7 @@ int ACLMyIP::match(ACLChecklist *checklist) { - return ACLIP::match (checklist->my_addr); + return ACLIP::match (Filled(checklist)->my_addr); } ACL::Prototype ACLMyIP::RegistryProtoype(&ACLMyIP::RegistryEntry(), "myip"); === renamed file 'src/ACLMyIP.h' => 'src/acl/MyIp.h' --- src/ACLMyIP.h 2008-10-10 08:02:53 +0000 +++ src/acl/MyIp.h 2009-03-08 19:34:36 +0000 @@ -35,7 +35,7 @@ #ifndef SQUID_ACLMYIP_H #define SQUID_ACLMYIP_H -#include "ACLIP.h" +#include "acl/Ip.h" /// \ingroup ACLAPI class ACLMyIP : public ACLIP === renamed file 'src/ACLMyPort.cc' => 'src/acl/MyPort.cc' --- src/ACLMyPort.cc 2009-01-21 03:47:47 +0000 +++ src/acl/MyPort.cc 2009-03-08 21:53:27 +0000 @@ -34,9 +34,9 @@ */ #include "squid.h" -#include "ACLMyPort.h" -#include "ACLIntRange.h" -#include "ACLChecklist.h" +#include "acl/MyPort.h" +#include "acl/IntRange.h" +#include "acl/Checklist.h" /* explicit template instantiation required for some systems */ @@ -47,7 +47,7 @@ ACLStrategised ACLMyPort::RegistryEntry_(new ACLIntRange, ACLMyPortStrategy::Instance(), "myport"); int -ACLMyPortStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLMyPortStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { return data->match (checklist->my_addr.GetPort()); } === renamed file 'src/ACLMyPort.h' => 'src/acl/MyPort.h' --- src/ACLMyPort.h 2009-01-21 03:47:47 +0000 +++ src/acl/MyPort.h 2009-03-08 21:53:27 +0000 @@ -35,15 +35,15 @@ #ifndef SQUID_ACLMYPORT_H #define SQUID_ACLMYPORT_H -#include "ACLStrategy.h" -#include "ACLStrategised.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" /// \ingroup ACLAPI class ACLMyPortStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); static ACLMyPortStrategy *Instance(); /** * Not implemented to prevent copies of the instance. === renamed file 'src/ACLMyPortName.cc' => 'src/acl/MyPortName.cc' --- src/ACLMyPortName.cc 2009-02-04 09:52:20 +0000 +++ src/acl/MyPortName.cc 2009-03-08 21:53:27 +0000 @@ -35,9 +35,9 @@ #include "squid.h" #include "ProtoPort.h" -#include "ACLMyPortName.h" -#include "ACLStringData.h" -#include "ACLChecklist.h" +#include "acl/MyPortName.h" +#include "acl/StringData.h" +#include "acl/Checklist.h" /* for ConnStateData */ #include "client_side.h" @@ -48,7 +48,7 @@ ACLStrategised ACLMyPortName::RegistryEntry_(new ACLStringData, ACLMyPortNameStrategy::Instance(), "myportname"); int -ACLMyPortNameStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLMyPortNameStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { if (checklist->conn() != NULL) return data->match (checklist->conn()->port->name); === renamed file 'src/ACLMyPortName.h' => 'src/acl/MyPortName.h' --- src/ACLMyPortName.h 2009-01-21 03:47:47 +0000 +++ src/acl/MyPortName.h 2009-03-08 21:53:27 +0000 @@ -35,14 +35,14 @@ #ifndef SQUID_ACLMYPORTNAME_H #define SQUID_ACLMYPORTNAME_H -#include "ACLStrategy.h" -#include "ACLStrategised.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" class ACLMyPortNameStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); static ACLMyPortNameStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about === renamed file 'src/ACLPeerName.cc' => 'src/acl/PeerName.cc' --- src/ACLPeerName.cc 2008-12-12 00:17:10 +0000 +++ src/acl/PeerName.cc 2009-03-08 21:53:27 +0000 @@ -1,14 +1,14 @@ #include "squid.h" -#include "ACLPeerName.h" -#include "ACLStringData.h" -#include "ACLChecklist.h" +#include "acl/PeerName.h" +#include "acl/StringData.h" +#include "acl/Checklist.h" ACL::Prototype ACLPeerName::RegistryProtoype(&ACLPeerName::RegistryEntry_, "peername"); ACLStrategised ACLPeerName::RegistryEntry_(new ACLStringData, ACLPeerNameStrategy::Instance(), "peername"); int -ACLPeerNameStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLPeerNameStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { if (checklist->dst_peer != NULL && checklist->dst_peer->name != NULL) return data->match(checklist->dst_peer->name); === renamed file 'src/ACLPeerName.h' => 'src/acl/PeerName.h' --- src/ACLPeerName.h 2008-12-12 00:17:10 +0000 +++ src/acl/PeerName.h 2009-03-08 21:53:27 +0000 @@ -1,14 +1,14 @@ #ifndef SQUID_ACLPEERNAME_H #define SQUID_ACLPEERNAME_H -#include "ACLStrategy.h" -#include "ACLStrategised.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" class ACLPeerNameStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); static ACLPeerNameStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about === renamed file 'src/ACLProtocol.cc' => 'src/acl/Protocol.cc' --- src/ACLProtocol.cc 2009-01-21 03:47:47 +0000 +++ src/acl/Protocol.cc 2009-03-08 21:53:27 +0000 @@ -34,9 +34,9 @@ */ #include "squid.h" -#include "ACLProtocol.h" -#include "ACLProtocolData.h" -#include "ACLChecklist.h" +#include "acl/Protocol.h" +#include "acl/ProtocolData.h" +#include "acl/Checklist.h" #include "HttpRequest.h" /* explicit template instantiation required for some systems */ @@ -48,7 +48,7 @@ ACLStrategised ACLProtocol::RegistryEntry_(new ACLProtocolData, ACLProtocolStrategy::Instance(), "proto"); int -ACLProtocolStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLProtocolStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { return data->match (checklist->request->protocol); } === renamed file 'src/ACLProtocol.h' => 'src/acl/Protocol.h' --- src/ACLProtocol.h 2009-01-21 03:47:47 +0000 +++ src/acl/Protocol.h 2009-03-08 21:53:27 +0000 @@ -35,14 +35,14 @@ #ifndef SQUID_ACLPROTOCOL_H #define SQUID_ACLPROTOCOL_H -#include "ACLStrategy.h" -#include "ACLStrategised.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" class ACLProtocolStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); virtual bool requiresRequest() const {return true;} static ACLProtocolStrategy *Instance(); === renamed file 'src/ACLProtocolData.cc' => 'src/acl/ProtocolData.cc' --- src/ACLProtocolData.cc 2009-01-21 03:47:47 +0000 +++ src/acl/ProtocolData.cc 2009-03-08 19:34:36 +0000 @@ -35,8 +35,8 @@ */ #include "squid.h" -#include "ACLProtocolData.h" -#include "ACLChecklist.h" +#include "acl/ProtocolData.h" +#include "acl/Checklist.h" #include "URLScheme.h" #include "wordlist.h" === renamed file 'src/ACLProtocolData.h' => 'src/acl/ProtocolData.h' --- src/ACLProtocolData.h 2009-01-21 03:47:47 +0000 +++ src/acl/ProtocolData.h 2009-03-08 19:34:36 +0000 @@ -35,8 +35,8 @@ #ifndef SQUID_ACLPROTOCOLDATA_H #define SQUID_ACLPROTOCOLDATA_H -#include "ACL.h" -#include "ACLData.h" +#include "acl/Acl.h" +#include "acl/Data.h" #include "CbDataList.h" class ACLProtocolData : public ACLData === renamed file 'src/ACLReferer.cc' => 'src/acl/Referer.cc' --- src/ACLReferer.cc 2009-01-21 03:47:47 +0000 +++ src/acl/Referer.cc 2009-03-08 19:34:36 +0000 @@ -35,9 +35,9 @@ */ #include "squid.h" -#include "ACLReferer.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" +#include "acl/Referer.h" +#include "acl/Checklist.h" +#include "acl/RegexData.h" /* explicit template instantiation required for some systems */ === renamed file 'src/ACLReferer.h' => 'src/acl/Referer.h' --- src/ACLReferer.h 2009-01-21 03:47:47 +0000 +++ src/acl/Referer.h 2009-03-08 19:34:36 +0000 @@ -35,10 +35,10 @@ #ifndef SQUID_ACLREFERER_H #define SQUID_ACLREFERER_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLRequestHeaderStrategy.h" -#include "ACLStrategised.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/RequestHeaderStrategy.h" +#include "acl/Strategised.h" class ACLReferer { === renamed file 'src/ACLRegexData.cc' => 'src/acl/RegexData.cc' --- src/ACLRegexData.cc 2009-01-21 03:47:47 +0000 +++ src/acl/RegexData.cc 2009-03-08 19:34:36 +0000 @@ -35,10 +35,9 @@ */ #include "squid.h" -#include "ACLRegexData.h" -#include "authenticate.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/RegexData.h" +#include "acl/Checklist.h" +#include "acl/Acl.h" #include "wordlist.h" #include "ConfigParser.h" === renamed file 'src/ACLRegexData.h' => 'src/acl/RegexData.h' --- src/ACLRegexData.h 2009-01-21 03:47:47 +0000 +++ src/acl/RegexData.h 2009-03-08 19:34:36 +0000 @@ -34,7 +34,7 @@ #ifndef SQUID_ACLREGEXDATA_H #define SQUID_ACLREGEXDATA_H -#include "ACLData.h" +#include "acl/Data.h" #include "MemPool.h" /** \todo CLEANUP: break out relist, we don't need the rest. */ === renamed file 'src/ACLReplyHeaderStrategy.h' => 'src/acl/ReplyHeaderStrategy.h' --- src/ACLReplyHeaderStrategy.h 2009-01-21 03:47:47 +0000 +++ src/acl/ReplyHeaderStrategy.h 2009-03-08 21:53:27 +0000 @@ -36,10 +36,10 @@ class ACLChecklist; -#include "ACL.h" -#include "ACLData.h" -#include "ACLStrategy.h" -#include "ACLChecklist.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Strategy.h" +#include "acl/FilledChecklist.h" #include "HttpReply.h" template @@ -47,7 +47,7 @@ { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); virtual bool requiresReply() const {return true;} static ACLReplyHeaderStrategy *Instance(); @@ -65,7 +65,7 @@ template int -ACLReplyHeaderStrategy
::match (ACLData * &data, ACLChecklist *checklist) +ACLReplyHeaderStrategy
::match (ACLData * &data, ACLFilledChecklist *checklist) { char const *theHeader = checklist->reply->header.getStr(header); === renamed file 'src/ACLReplyMIMEType.cc' => 'src/acl/ReplyMimeType.cc' --- src/ACLReplyMIMEType.cc 2009-01-21 03:47:47 +0000 +++ src/acl/ReplyMimeType.cc 2009-03-08 19:34:36 +0000 @@ -35,9 +35,9 @@ */ #include "squid.h" -#include "ACLReplyMIMEType.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" +#include "acl/ReplyMimeType.h" +#include "acl/Checklist.h" +#include "acl/RegexData.h" /* explicit template instantiation required for some systems */ === renamed file 'src/ACLReplyMIMEType.h' => 'src/acl/ReplyMimeType.h' --- src/ACLReplyMIMEType.h 2009-01-21 03:47:47 +0000 +++ src/acl/ReplyMimeType.h 2009-03-08 21:53:27 +0000 @@ -34,8 +34,8 @@ #ifndef SQUID_ACLREPLYMIMETYPE_H #define SQUID_ACLREPLYMIMETYPE_H -#include "ACL.h" -#include "ACLStrategised.h" +#include "acl/Acl.h" +#include "acl/Strategised.h" class ACLReplyMIMEType { @@ -47,13 +47,13 @@ /* partial specialisation */ -#include "ACLData.h" -#include "ACLReplyHeaderStrategy.h" -#include "ACLChecklist.h" +#include "acl/Data.h" +#include "acl/ReplyHeaderStrategy.h" +#include "acl/Checklist.h" template <> inline int -ACLReplyHeaderStrategy::match(ACLData * &data, ACLChecklist *checklist) +ACLReplyHeaderStrategy::match(ACLData * &data, ACLFilledChecklist *checklist) { char const *theHeader = checklist->reply->header.getStr(HDR_CONTENT_TYPE); === renamed file 'src/ACLRequestHeaderStrategy.h' => 'src/acl/RequestHeaderStrategy.h' --- src/ACLRequestHeaderStrategy.h 2009-01-21 03:47:47 +0000 +++ src/acl/RequestHeaderStrategy.h 2009-03-08 21:53:27 +0000 @@ -35,11 +35,11 @@ #ifndef SQUID_ACLREQUESTHEADERSTRATEGY_H #define SQUID_ACLREQUESTHEADERSTRATEGY_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLStrategy.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Strategy.h" #include "HttpRequest.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" template @@ -47,7 +47,7 @@ { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); virtual bool requiresRequest() const {return true;} static ACLRequestHeaderStrategy *Instance(); @@ -65,7 +65,7 @@ template int -ACLRequestHeaderStrategy
::match (ACLData * &data, ACLChecklist *checklist) +ACLRequestHeaderStrategy
::match (ACLData * &data, ACLFilledChecklist *checklist) { char const *theHeader = checklist->request->header.getStr(header); === renamed file 'src/ACLRequestMIMEType.cc' => 'src/acl/RequestMimeType.cc' --- src/ACLRequestMIMEType.cc 2009-01-21 03:47:47 +0000 +++ src/acl/RequestMimeType.cc 2009-03-08 19:34:36 +0000 @@ -35,9 +35,9 @@ */ #include "squid.h" -#include "ACLRequestMIMEType.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" +#include "acl/RequestMimeType.h" +#include "acl/Checklist.h" +#include "acl/RegexData.h" /* explicit template instantiation required for some systems */ === renamed file 'src/ACLRequestMIMEType.h' => 'src/acl/RequestMimeType.h' --- src/ACLRequestMIMEType.h 2009-01-21 03:47:47 +0000 +++ src/acl/RequestMimeType.h 2009-03-08 21:53:27 +0000 @@ -34,8 +34,8 @@ #ifndef SQUID_ACLREQUESTMIMETYPE_H #define SQUID_ACLREQUESTMIMETYPE_H -#include "ACL.h" -#include "ACLStrategised.h" +#include "acl/Acl.h" +#include "acl/Strategised.h" class ACLRequestMIMEType { @@ -47,13 +47,13 @@ /* partial specialisation */ -#include "ACLData.h" -#include "ACLRequestHeaderStrategy.h" -#include "ACLChecklist.h" +#include "acl/Data.h" +#include "acl/RequestHeaderStrategy.h" +#include "acl/Checklist.h" template <> inline int -ACLRequestHeaderStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLRequestHeaderStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { char const *theHeader = checklist->request->header.getStr(HDR_CONTENT_TYPE); === renamed file 'src/ACLSourceASN.h' => 'src/acl/SourceAsn.h' --- src/ACLSourceASN.h 2009-01-07 11:24:40 +0000 +++ src/acl/SourceAsn.h 2009-03-08 21:53:27 +0000 @@ -32,19 +32,19 @@ #define SQUID_ACLSOURCEASN_H #if 0 -#include "ACLASN.h" +#include "acl/Asn.h" #endif class ACLChecklist; -#include "ACLStrategy.h" +#include "acl/Strategy.h" #include "ip/IpAddress.h" class ACLSourceASNStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); static ACLSourceASNStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about === renamed file 'src/ACLSourceDomain.cc' => 'src/acl/SourceDomain.cc' --- src/ACLSourceDomain.cc 2009-01-21 03:47:47 +0000 +++ src/acl/SourceDomain.cc 2009-03-08 21:57:12 +0000 @@ -35,10 +35,10 @@ */ #include "squid.h" -#include "ACLSourceDomain.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" -#include "ACLDomainData.h" +#include "acl/SourceDomain.h" +#include "acl/Checklist.h" +#include "acl/RegexData.h" +#include "acl/DomainData.h" SourceDomainLookup SourceDomainLookup::instance_; @@ -52,7 +52,7 @@ SourceDomainLookup::checkForAsync(ACLChecklist *checklist) const { checklist->asyncInProgress(true); - fqdncache_nbgethostbyaddr(checklist->src_addr, LookupDone, checklist); + fqdncache_nbgethostbyaddr(Filled(checklist)->src_addr, LookupDone, checklist); } void @@ -63,7 +63,7 @@ checklist->asyncInProgress(false); checklist->changeState (ACLChecklist::NullState::Instance()); - checklist->markSourceDomainChecked(); + Filled(checklist)->markSourceDomainChecked(); checklist->check(); } @@ -73,7 +73,7 @@ ACLStrategised ACLSourceDomain::RegexRegistryEntry_(new ACLRegexData,ACLSourceDomainStrategy::Instance() ,"srcdom_regex"); int -ACLSourceDomainStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLSourceDomainStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { const char *fqdn = NULL; fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS); === renamed file 'src/ACLSourceDomain.h' => 'src/acl/SourceDomain.h' --- src/ACLSourceDomain.h 2009-01-21 03:47:47 +0000 +++ src/acl/SourceDomain.h 2009-03-08 21:53:27 +0000 @@ -35,16 +35,16 @@ #ifndef SQUID_ACLSOURCEDOMAIN_H #define SQUID_ACLSOURCEDOMAIN_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLChecklist.h" -#include "ACLStrategised.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Checklist.h" +#include "acl/Strategised.h" class ACLSourceDomainStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); static ACLSourceDomainStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about === renamed file 'src/ACLSourceIP.cc' => 'src/acl/SourceIp.cc' --- src/ACLSourceIP.cc 2008-10-10 08:02:53 +0000 +++ src/acl/SourceIp.cc 2009-03-08 21:57:12 +0000 @@ -34,8 +34,8 @@ */ #include "squid.h" -#include "ACLSourceIP.h" -#include "ACLChecklist.h" +#include "acl/SourceIp.h" +#include "acl/FilledChecklist.h" char const * ACLSourceIP::typeString() const @@ -46,7 +46,7 @@ int ACLSourceIP::match(ACLChecklist *checklist) { - return ACLIP::match(checklist->src_addr); + return ACLIP::match(Filled(checklist)->src_addr); } ACL::Prototype ACLSourceIP::RegistryProtoype(&ACLSourceIP::RegistryEntry_, "src"); === renamed file 'src/ACLSourceIP.h' => 'src/acl/SourceIp.h' --- src/ACLSourceIP.h 2008-10-10 08:02:53 +0000 +++ src/acl/SourceIp.h 2009-03-08 19:34:36 +0000 @@ -34,7 +34,7 @@ #ifndef SQUID_ACLSOURCEIP_H #define SQUID_ACLSOURCEIP_H -#include "ACLIP.h" +#include "acl/Ip.h" class ACLSourceIP : public ACLIP { === renamed file 'src/ACLSslError.cc' => 'src/acl/SslError.cc' --- src/ACLSslError.cc 2009-01-21 03:47:47 +0000 +++ src/acl/SslError.cc 2009-03-08 21:53:27 +0000 @@ -4,9 +4,9 @@ */ #include "squid.h" -#include "ACLSslError.h" -#include "ACLSslErrorData.h" -#include "ACLChecklist.h" +#include "acl/SslError.h" +#include "acl/SslErrorData.h" +#include "acl/Checklist.h" /* explicit template instantiation required for some systems */ @@ -17,7 +17,7 @@ ACLStrategised ACLSslError::RegistryEntry_(new ACLSslErrorData, ACLSslErrorStrategy::Instance(), "ssl_error"); int -ACLSslErrorStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLSslErrorStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { return data->match (checklist->ssl_error); } === renamed file 'src/ACLSslError.h' => 'src/acl/SslError.h' --- src/ACLSslError.h 2009-01-21 03:47:47 +0000 +++ src/acl/SslError.h 2009-03-08 21:53:27 +0000 @@ -5,14 +5,14 @@ #ifndef SQUID_ACLSSL_ERROR_H #define SQUID_ACLSSL_ERROR_H -#include "ACLStrategy.h" -#include "ACLStrategised.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" class ACLSslErrorStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); static ACLSslErrorStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about === renamed file 'src/ACLSslErrorData.cc' => 'src/acl/SslErrorData.cc' --- src/ACLSslErrorData.cc 2009-01-21 03:47:47 +0000 +++ src/acl/SslErrorData.cc 2009-03-08 19:34:36 +0000 @@ -3,8 +3,8 @@ */ #include "squid.h" -#include "ACLSslErrorData.h" -#include "ACLChecklist.h" +#include "acl/SslErrorData.h" +#include "acl/Checklist.h" #include "wordlist.h" ACLSslErrorData::ACLSslErrorData() : values (NULL) === renamed file 'src/ACLSslErrorData.h' => 'src/acl/SslErrorData.h' --- src/ACLSslErrorData.h 2009-01-21 03:47:47 +0000 +++ src/acl/SslErrorData.h 2009-03-08 19:34:36 +0000 @@ -5,8 +5,8 @@ #ifndef SQUID_ACLSSL_ERRORDATA_H #define SQUID_ACLSSL_ERRORDATA_H -#include "ACL.h" -#include "ACLData.h" +#include "acl/Acl.h" +#include "acl/Data.h" #include "CbDataList.h" #include "ssl_support.h" === renamed file 'src/ACLStrategised.cc' => 'src/acl/Strategised.cc' --- src/ACLStrategised.cc 2009-01-21 03:47:47 +0000 +++ src/acl/Strategised.cc 2009-03-08 21:57:12 +0000 @@ -35,11 +35,7 @@ */ #include "squid.h" -#include "ACLStrategised.h" -#include "authenticate.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" -#include "ACLDomainData.h" +#include "acl/Strategised.h" /* * moved template instantiation into ACLStrategized.cc @@ -49,7 +45,7 @@ /* explicit template instantiation required for some systems */ -/* ACLHTTPRepHeader + ACLHTTPReqHeader */ +/* XXX: move to ACLHTTPRepHeader or ACLHTTPReqHeader */ template class ACLStrategised; /* ACLMyPortName + ACLMyPeerName + ACLBrowser */ === renamed file 'src/ACLStrategised.h' => 'src/acl/Strategised.h' --- src/ACLStrategised.h 2009-01-21 03:47:47 +0000 +++ src/acl/Strategised.h 2009-03-08 21:57:12 +0000 @@ -35,9 +35,10 @@ #ifndef SQUID_ACLSTRATEGISED_H #define SQUID_ACLSTRATEGISED_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLStrategy.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Strategy.h" +#include "acl/FilledChecklist.h" template @@ -147,8 +148,10 @@ template int -ACLStrategised::match(ACLChecklist *checklist) +ACLStrategised::match(ACLChecklist *cl) { + ACLFilledChecklist *checklist = dynamic_cast(cl); + assert(checklist); return matcher->match(data, checklist); } === renamed file 'src/ACLStrategy.h' => 'src/acl/Strategy.h' --- src/ACLStrategy.h 2009-01-21 03:47:47 +0000 +++ src/acl/Strategy.h 2009-03-08 21:57:12 +0000 @@ -35,10 +35,10 @@ #ifndef SQUID_ACLSTRATEGY_H #define SQUID_ACLSTRATEGY_H -#include "ACL.h" -#include "ACLData.h" - -/* Perhaps this should live in ACL? */ + +#include "acl/Data.h" + +class ACLFilledChecklist; template @@ -47,7 +47,7 @@ public: typedef M MatchType; - virtual int match (ACLData * &, ACLChecklist *) = 0; + virtual int match (ACLData * &, ACLFilledChecklist *) = 0; virtual bool requiresRequest() const {return false;} virtual bool requiresReply() const {return false;} === renamed file 'src/ACLStringData.cc' => 'src/acl/StringData.cc' --- src/ACLStringData.cc 2009-01-21 03:47:47 +0000 +++ src/acl/StringData.cc 2009-03-08 19:34:36 +0000 @@ -35,8 +35,8 @@ */ #include "squid.h" -#include "ACLStringData.h" -#include "ACLChecklist.h" +#include "acl/StringData.h" +#include "acl/Checklist.h" #include "wordlist.h" === renamed file 'src/ACLStringData.h' => 'src/acl/StringData.h' --- src/ACLStringData.h 2009-01-21 03:47:47 +0000 +++ src/acl/StringData.h 2009-03-08 19:34:36 +0000 @@ -36,8 +36,8 @@ #ifndef SQUID_ACLSTRINGDATA_H #define SQUID_ACLSTRINGDATA_H #include "splay.h" -#include "ACL.h" -#include "ACLData.h" +#include "acl/Acl.h" +#include "acl/Data.h" class ACLStringData : public ACLData === renamed file 'src/ACLTime.cc' => 'src/acl/Time.cc' --- src/ACLTime.cc 2009-01-21 03:47:47 +0000 +++ src/acl/Time.cc 2009-03-08 21:53:27 +0000 @@ -35,15 +35,15 @@ */ #include "squid.h" -#include "ACLTime.h" -#include "ACLTimeData.h" +#include "acl/Time.h" +#include "acl/TimeData.h" #include "SquidTime.h" ACL::Prototype ACLTime::RegistryProtoype(&ACLTime::RegistryEntry_, "time"); ACLStrategised ACLTime::RegistryEntry_(new ACLTimeData, ACLTimeStrategy::Instance(), "time"); int -ACLTimeStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLTimeStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { return data->match (squid_curtime); } === renamed file 'src/ACLTime.h' => 'src/acl/Time.h' --- src/ACLTime.h 2009-01-21 03:47:47 +0000 +++ src/acl/Time.h 2009-03-08 21:57:12 +0000 @@ -35,16 +35,17 @@ #ifndef SQUID_ACLTIME_H #define SQUID_ACLTIME_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLChecklist.h" -#include "ACLStrategised.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Strategised.h" + +class ACLChecklist; // XXX: we do not need it class ACLTimeStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); static ACLTimeStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about === renamed file 'src/ACLTimeData.cc' => 'src/acl/TimeData.cc' --- src/ACLTimeData.cc 2009-01-21 03:47:47 +0000 +++ src/acl/TimeData.cc 2009-03-08 19:34:36 +0000 @@ -35,9 +35,8 @@ */ #include "squid.h" -#include "ACLTimeData.h" -#include "authenticate.h" -#include "ACLChecklist.h" +#include "acl/TimeData.h" +#include "acl/Checklist.h" #include "wordlist.h" ACLTimeData::ACLTimeData () : weekbits (0), start (0), stop (0), next (NULL) {} === renamed file 'src/ACLTimeData.h' => 'src/acl/TimeData.h' --- src/ACLTimeData.h 2009-01-21 03:47:47 +0000 +++ src/acl/TimeData.h 2009-03-08 19:34:36 +0000 @@ -36,8 +36,8 @@ #ifndef SQUID_ACLTIMEDATA_H #define SQUID_ACLTIMEDATA_H #include "splay.h" -#include "ACL.h" -#include "ACLData.h" +#include "acl/Acl.h" +#include "acl/Data.h" class ACLTimeData : public ACLData { === renamed file 'src/ACLUrl.cc' => 'src/acl/Url.cc' --- src/ACLUrl.cc 2009-01-21 03:47:47 +0000 +++ src/acl/Url.cc 2009-03-08 21:53:27 +0000 @@ -35,15 +35,15 @@ */ #include "squid.h" -#include "ACLUrl.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" +#include "acl/Url.h" +#include "acl/Checklist.h" +#include "acl/RegexData.h" ACL::Prototype ACLUrl::RegistryProtoype(&ACLUrl::RegistryEntry_, "url_regex"); ACLStrategised ACLUrl::RegistryEntry_(new ACLRegexData, ACLUrlStrategy::Instance(), "url_regex"); int -ACLUrlStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLUrlStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { char *esc_buf = xstrdup(urlCanonical(checklist->request)); rfc1738_unescape(esc_buf); === renamed file 'src/ACLUrl.h' => 'src/acl/Url.h' --- src/ACLUrl.h 2009-01-21 03:47:47 +0000 +++ src/acl/Url.h 2009-03-08 21:53:27 +0000 @@ -35,15 +35,15 @@ #ifndef SQUID_ACLURL_H #define SQUID_ACLURL_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLStrategised.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Strategised.h" class ACLUrlStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); virtual bool requiresRequest() const {return true;} static ACLUrlStrategy *Instance(); === renamed file 'src/ACLUrlPath.cc' => 'src/acl/UrlPath.cc' --- src/ACLUrlPath.cc 2009-01-30 14:55:22 +0000 +++ src/acl/UrlPath.cc 2009-03-08 21:53:27 +0000 @@ -35,9 +35,9 @@ */ #include "squid.h" -#include "ACLUrlPath.h" -#include "ACLChecklist.h" -#include "ACLRegexData.h" +#include "acl/UrlPath.h" +#include "acl/Checklist.h" +#include "acl/RegexData.h" #include "HttpRequest.h" ACL::Prototype ACLUrlPath::LegacyRegistryProtoype(&ACLUrlPath::RegistryEntry_, "pattern"); @@ -45,7 +45,7 @@ ACLStrategised ACLUrlPath::RegistryEntry_(new ACLRegexData, ACLUrlPathStrategy::Instance(), "urlpath_regex"); int -ACLUrlPathStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLUrlPathStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { char *esc_buf = xstrdup(checklist->request->urlpath.termedBuf()); rfc1738_unescape(esc_buf); === renamed file 'src/ACLUrlPath.h' => 'src/acl/UrlPath.h' --- src/ACLUrlPath.h 2009-01-21 03:47:47 +0000 +++ src/acl/UrlPath.h 2009-03-08 21:53:27 +0000 @@ -35,16 +35,16 @@ #ifndef SQUID_ACLURLPATH_H #define SQUID_ACLURLPATH_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLStrategy.h" -#include "ACLStrategised.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" class ACLUrlPathStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); virtual bool requiresRequest() const {return true;} static ACLUrlPathStrategy *Instance(); === renamed file 'src/ACLUrlPort.cc' => 'src/acl/UrlPort.cc' --- src/ACLUrlPort.cc 2009-01-21 03:47:47 +0000 +++ src/acl/UrlPort.cc 2009-03-08 21:53:27 +0000 @@ -34,16 +34,16 @@ */ #include "squid.h" -#include "ACLUrlPort.h" -#include "ACLIntRange.h" -#include "ACLChecklist.h" +#include "acl/UrlPort.h" +#include "acl/IntRange.h" +#include "acl/Checklist.h" #include "HttpRequest.h" ACL::Prototype ACLUrlPort::RegistryProtoype(&ACLUrlPort::RegistryEntry_, "port"); ACLStrategised ACLUrlPort::RegistryEntry_(new ACLIntRange, ACLUrlPortStrategy::Instance(), "port"); int -ACLUrlPortStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLUrlPortStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { return data->match (checklist->request->port); } === renamed file 'src/ACLUrlPort.h' => 'src/acl/UrlPort.h' --- src/ACLUrlPort.h 2009-01-21 03:47:47 +0000 +++ src/acl/UrlPort.h 2009-03-08 21:53:27 +0000 @@ -35,14 +35,14 @@ #ifndef SQUID_ACLURLPORT_H #define SQUID_ACLURLPORT_H -#include "ACLStrategy.h" -#include "ACLStrategised.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" class ACLUrlPortStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); virtual bool requiresRequest() const {return true;} static ACLUrlPortStrategy *Instance(); === renamed file 'src/ACLUserData.cc' => 'src/acl/UserData.cc' --- src/ACLUserData.cc 2008-10-10 08:02:53 +0000 +++ src/acl/UserData.cc 2009-03-08 19:34:36 +0000 @@ -35,9 +35,8 @@ */ #include "squid.h" -#include "ACLUserData.h" -#include "authenticate.h" -#include "ACLChecklist.h" +#include "acl/UserData.h" +#include "acl/Checklist.h" #include "wordlist.h" #include "ConfigParser.h" === renamed file 'src/ACLUserData.h' => 'src/acl/UserData.h' --- src/ACLUserData.h 2008-10-10 08:02:53 +0000 +++ src/acl/UserData.h 2009-03-08 19:34:36 +0000 @@ -36,8 +36,8 @@ #ifndef SQUID_ACLUSERDATA_H #define SQUID_ACLUSERDATA_H #include "splay.h" -#include "ACL.h" -#include "ACLData.h" +#include "acl/Acl.h" +#include "acl/Data.h" class ACLUserData : public ACLData { === modified file 'src/adaptation/AccessCheck.cc' --- src/adaptation/AccessCheck.cc 2009-02-26 16:27:40 +0000 +++ src/adaptation/AccessCheck.cc 2009-03-08 21:53:27 +0000 @@ -2,10 +2,9 @@ #include "structs.h" #include "ConfigParser.h" -#include "ACL.h" #include "HttpRequest.h" #include "HttpReply.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "adaptation/Service.h" #include "adaptation/ServiceGroups.h" #include "adaptation/AccessRule.h" @@ -106,7 +105,7 @@ if (AccessRule *r = FindRule(topCandidate())) { /* BUG 2526: what to do when r->acl is empty?? */ // XXX: we do not have access to conn->rfc931 here. - acl_checklist = aclChecklistCreate(r->acl, req, dash_str); + acl_checklist = new ACLFilledChecklist(r->acl, req, dash_str); acl_checklist->reply = rep ? HTTPMSGLOCK(rep) : NULL; acl_checklist->nonBlockingCheck(AccessCheckCallbackWrapper, this); return; === modified file 'src/adaptation/AccessCheck.h' --- src/adaptation/AccessCheck.h 2009-02-19 07:17:31 +0000 +++ src/adaptation/AccessCheck.h 2009-03-08 21:53:27 +0000 @@ -7,6 +7,7 @@ class HttpRequest; class HttpReply; +class ACLFilledChecklist; namespace Adaptation { @@ -35,7 +36,7 @@ HttpReply *rep; AccessCheckCallback *callback; void *callback_data; - ACLChecklist *acl_checklist; + ACLFilledChecklist *acl_checklist; typedef int Candidate; typedef Vector Candidates; === modified file 'src/adaptation/AccessRule.cc' --- src/adaptation/AccessRule.cc 2009-02-11 19:11:36 +0000 +++ src/adaptation/AccessRule.cc 2009-03-08 19:34:36 +0000 @@ -2,7 +2,7 @@ #include "structs.h" #include "ConfigParser.h" -#include "ACL.h" +#include "acl/Gadgets.h" #include "adaptation/AccessRule.h" #include "adaptation/Service.h" #include "adaptation/ServiceGroups.h" === modified file 'src/adaptation/Config.cc' --- src/adaptation/Config.cc 2009-02-26 16:27:40 +0000 +++ src/adaptation/Config.cc 2009-03-08 19:34:36 +0000 @@ -34,7 +34,7 @@ #include "structs.h" #include "ConfigParser.h" -#include "ACL.h" +#include "acl/Gadgets.h" #include "Store.h" #include "Array.h" // really Vector #include "adaptation/Config.h" === modified file 'src/adaptation/icap/Config.cc' --- src/adaptation/icap/Config.cc 2009-02-20 19:08:58 +0000 +++ src/adaptation/icap/Config.cc 2009-03-04 22:56:29 +0000 @@ -35,14 +35,12 @@ #include "squid.h" #include "ConfigParser.h" -#include "ACL.h" #include "Store.h" #include "Array.h" // really Vector #include "adaptation/icap/Config.h" #include "adaptation/icap/ServiceRep.h" #include "HttpRequest.h" #include "HttpReply.h" -#include "ACLChecklist.h" #include "wordlist.h" Adaptation::Icap::Config Adaptation::Icap::TheConfig; === modified file 'src/asn.cc' --- src/asn.cc 2009-01-21 03:47:47 +0000 +++ src/asn.cc 2009-03-08 21:53:27 +0000 @@ -39,11 +39,11 @@ #include "HttpRequest.h" #include "StoreClient.h" #include "Store.h" -#include "ACL.h" -#include "ACLASN.h" -#include "ACLSourceASN.h" -#include "ACLDestinationASN.h" -#include "ACLDestinationIP.h" +#include "acl/Acl.h" +#include "acl/Asn.h" +#include "acl/SourceAsn.h" +#include "acl/DestinationAsn.h" +#include "acl/DestinationIp.h" #include "HttpReply.h" #include "forward.h" #include "wordlist.h" @@ -605,7 +605,7 @@ ACLStrategised ACLASN::DestinationRegistryEntry_(new ACLASN, ACLDestinationASNStrategy::Instance(), "dst_as"); int -ACLSourceASNStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLSourceASNStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { return data->match(checklist->src_addr); } @@ -620,7 +620,7 @@ int -ACLDestinationASNStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLDestinationASNStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { const ipcache_addrs *ia = ipcache_gethostbyname(checklist->request->GetHost(), IP_LOOKUP_IF_MISS); === added file 'src/auth/Acl.cc' --- src/auth/Acl.cc 1970-01-01 00:00:00 +0000 +++ src/auth/Acl.cc 2009-03-08 22:20:22 +0000 @@ -0,0 +1,78 @@ +#include "squid.h" +#include "acl/Acl.h" +#include "acl/FilledChecklist.h" +#include "auth/UserRequest.h" +#include "auth/Acl.h" +#include "auth/AclProxyAuth.h" +#include "HttpRequest.h" + +/** retval -1 user not authenticated (authentication error?) + retval 0 user not authorized OR user authentication is in pgrogress + retval +1 user authenticated and authorized */ +int +AuthenticateAcl(ACLChecklist *ch) +{ + ACLFilledChecklist *checklist = Filled(ch); + HttpRequest *request = checklist->request; + http_hdr_type headertype; + + if (NULL == request) { + fatal ("requiresRequest SHOULD have been true for this ACL!!"); + return 0; + } else if (request->flags.accelerated) { + /* WWW authorization on accelerated requests */ + headertype = HDR_AUTHORIZATION; + } else if (request->flags.intercepted || request->flags.spoof_client_ip) { + debugs(28, DBG_IMPORTANT, HERE << " authentication not applicable on intercepted requests."); + return -1; + } else { + /* Proxy authorization on proxy requests */ + headertype = HDR_PROXY_AUTHORIZATION; + } + + /* get authed here */ + /* Note: this fills in auth_user_request when applicable */ + /* + * DPW 2007-05-08 + * tryToAuthenticateAndSetAuthUser used to try to lock and + * unlock auth_user_request on our behalf, but it was too + * ugly and hard to follow. Now we do our own locking here. + * + * I'm not sure what tryToAuthenticateAndSetAuthUser does when + * auth_user_request is set before calling. I'm tempted to + * unlock and set it to NULL, but it seems safer to save the + * pointer before calling and unlock it afterwards. If the + * pointer doesn't change then its a no-op. + */ + AuthUserRequest *old_auth_user_request = checklist->auth_user_request; + const auth_acl_t result = AuthUserRequest::tryToAuthenticateAndSetAuthUser( + &checklist->auth_user_request, headertype, request, + checklist->conn(), checklist->src_addr); + if (checklist->auth_user_request) + AUTHUSERREQUESTLOCK(checklist->auth_user_request, "ACLAuth::authenticated"); + AUTHUSERREQUESTUNLOCK(old_auth_user_request, "old ACLAuth"); + switch (result) { + + case AUTH_ACL_CANNOT_AUTHENTICATE: + debugs(28, 4, HERE << "returning 0 user authenticated but not authorised."); + return 0; + + case AUTH_AUTHENTICATED: + return 1; + break; + + case AUTH_ACL_HELPER: + debugs(28, 4, HERE << "returning 0 sending credentials to helper."); + checklist->changeState(ProxyAuthLookup::Instance()); + return 0; + + case AUTH_ACL_CHALLENGE: + debugs(28, 4, HERE << "returning 0 sending authentication challenge."); + checklist->changeState (ProxyAuthNeeded::Instance()); + return 0; + + default: + fatal("unexpected authenticateAuthenticate reply\n"); + return 0; + } +} === added file 'src/auth/Acl.h' --- src/auth/Acl.h 1970-01-01 00:00:00 +0000 +++ src/auth/Acl.h 2009-03-08 22:20:22 +0000 @@ -0,0 +1,12 @@ +#ifndef SQUID_AUTH_ACL_H +#define SQUID_AUTH_ACL_H + +// ACL-related code used by authentication-related code. This code is not in +// auth/Gadgets to avoid making auth/libauth dependent on acl/libstate because +// acl/libstate already depends on auth/libauth. + +class ACLChecklist; +/// \ingroup AuthAPI +extern int AuthenticateAcl(ACLChecklist *ch); + +#endif /* SQUID_AUTH_ACL_H */ === renamed file 'src/ACLMaxUserIP.cc' => 'src/auth/AclMaxUserIp.cc' --- src/ACLMaxUserIP.cc 2009-02-24 23:52:44 +0000 +++ src/auth/AclMaxUserIp.cc 2009-03-08 21:57:12 +0000 @@ -35,9 +35,10 @@ */ #include "squid.h" -#include "ACLMaxUserIP.h" +#include "acl/FilledChecklist.h" +#include "auth/Acl.h" +#include "auth/AclMaxUserIp.h" #include "auth/UserRequest.h" -#include "authenticate.h" #include "wordlist.h" #include "ConfigParser.h" @@ -152,11 +153,12 @@ } int -ACLMaxUserIP::match(ACLChecklist *checklist) +ACLMaxUserIP::match(ACLChecklist *cl) { + ACLFilledChecklist *checklist = Filled(cl); int ti; - if ((ti = checklist->authenticated()) != 1) + if ((ti = AuthenticateAcl(checklist)) != 1) return ti; ti = match(checklist->auth_user_request, checklist->src_addr); === renamed file 'src/ACLMaxUserIP.h' => 'src/auth/AclMaxUserIp.h' --- src/ACLMaxUserIP.h 2009-01-21 03:47:47 +0000 +++ src/auth/AclMaxUserIp.h 2009-03-08 21:57:12 +0000 @@ -35,8 +35,10 @@ #ifndef SQUID_ACLMAXUSERIP_H #define SQUID_ACLMAXUSERIP_H -#include "ACL.h" -#include "ACLChecklist.h" +#include "acl/Acl.h" +#include "acl/Checklist.h" + +class AuthUserRequest; /// \ingroup ACLAPI class ACLMaxUserIP : public ACL === renamed file 'src/ACLProxyAuth.cc' => 'src/auth/AclProxyAuth.cc' --- src/ACLProxyAuth.cc 2009-02-24 23:52:44 +0000 +++ src/auth/AclProxyAuth.cc 2009-03-08 21:57:12 +0000 @@ -35,13 +35,14 @@ */ #include "squid.h" -#include "ACLProxyAuth.h" -#include "authenticate.h" -#include "ACLChecklist.h" -#include "ACLUserData.h" -#include "ACLRegexData.h" +#include "auth/AclProxyAuth.h" +#include "auth/Gadgets.h" +#include "acl/FilledChecklist.h" +#include "acl/UserData.h" +#include "acl/RegexData.h" #include "client_side.h" #include "HttpRequest.h" +#include "auth/Acl.h" #include "auth/User.h" #include "auth/UserRequest.h" @@ -80,7 +81,7 @@ { int ti; - if ((ti = checklist->authenticated()) != 1) + if ((ti = AuthenticateAcl(checklist)) != 1) return ti; ti = matchProxyAuth(checklist); @@ -133,8 +134,10 @@ } void -ProxyAuthLookup::checkForAsync(ACLChecklist *checklist)const +ProxyAuthLookup::checkForAsync(ACLChecklist *cl)const { + ACLFilledChecklist *checklist = Filled(cl); + checklist->asyncInProgress(true); debugs(28, 3, "ACLChecklist::checkForAsync: checking password via authenticator"); @@ -150,7 +153,8 @@ void ProxyAuthLookup::LookupDone(void *data, char *result) { - ACLChecklist *checklist = (ACLChecklist *)data; + ACLFilledChecklist *checklist = Filled(static_cast(data)); + assert (checklist->asyncState() == ProxyAuthLookup::Instance()); if (result != NULL) @@ -198,8 +202,9 @@ } int -ACLProxyAuth::matchForCache(ACLChecklist *checklist) +ACLProxyAuth::matchForCache(ACLChecklist *cl) { + ACLFilledChecklist *checklist = Filled(cl); assert (checklist->auth_user_request); return data->match(checklist->auth_user_request->username()); } @@ -209,8 +214,9 @@ * 1 : Authorisation OK. (Matched) */ int -ACLProxyAuth::matchProxyAuth(ACLChecklist *checklist) +ACLProxyAuth::matchProxyAuth(ACLChecklist *cl) { + ACLFilledChecklist *checklist = Filled(cl); checkAuthForCaching(checklist); /* check to see if we have matched the user-acl before */ int result = cacheMatchAcl(&checklist->auth_user_request->user()-> @@ -224,7 +230,7 @@ { /* for completeness */ /* consistent parameters ? */ - assert(authenticateUserAuthenticated(checklist->auth_user_request)); + assert(authenticateUserAuthenticated(Filled(checklist)->auth_user_request)); /* this check completed */ } === renamed file 'src/ACLProxyAuth.h' => 'src/auth/AclProxyAuth.h' --- src/ACLProxyAuth.h 2008-10-10 08:02:53 +0000 +++ src/auth/AclProxyAuth.h 2009-03-08 19:57:33 +0000 @@ -34,9 +34,9 @@ #ifndef SQUID_ACLPROXYAUTH_H #define SQUID_ACLPROXYAUTH_H -#include "ACL.h" -#include "ACLData.h" -#include "ACLChecklist.h" +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Checklist.h" class ProxyAuthLookup : public ACLChecklist::AsyncState { === renamed file 'src/authenticate.cc' => 'src/auth/Gadgets.cc' --- src/authenticate.cc 2009-02-24 23:52:44 +0000 +++ src/auth/Gadgets.cc 2009-03-08 19:34:36 +0000 @@ -38,12 +38,15 @@ * See acl.c for access control and client_side.c for auditing */ #include "squid.h" -#include "authenticate.h" -#include "ACL.h" +#include "acl/Acl.h" +#include "acl/FilledChecklist.h" #include "client_side.h" #include "auth/Config.h" #include "auth/Scheme.h" +#include "auth/Gadgets.h" #include "auth/User.h" +#include "auth/UserRequest.h" +#include "auth/AclProxyAuth.h" #include "HttpReply.h" #include "HttpRequest.h" === renamed file 'src/authenticate.h' => 'src/auth/Gadgets.h' --- src/authenticate.h 2009-01-21 03:47:47 +0000 +++ src/auth/Gadgets.h 2009-03-08 21:19:10 +0000 @@ -30,10 +30,12 @@ * */ -#ifndef SQUID_AUTHENTICATE_H -#define SQUID_AUTHENTICATE_H +#ifndef SQUID_AUTH_GADGETS_H +#define SQUID_AUTH_GADGETS_H -#include "client_side.h" +#include "hash.h" +#include "MemPool.h" +#include "typedefs.h" /* for authConfig */ class AuthUser; @@ -65,6 +67,7 @@ class ConnStateData; class AuthScheme; +class StoreEntry; /** \ingroup AuthAPI @@ -98,4 +101,4 @@ /// \ingroup AuthAPI extern void authenticateOnCloseConnection(ConnStateData * conn); -#endif /* SQUID_AUTHENTICATE_H */ +#endif /* SQUID_AUTH_GADGETS_H */ === modified file 'src/auth/Makefile.am' --- src/auth/Makefile.am 2009-02-25 06:08:49 +0000 +++ src/auth/Makefile.am 2009-03-08 21:29:22 +0000 @@ -1,11 +1,10 @@ include $(top_srcdir)/src/Common.am -EXTRA_LIBRARIES = libbasic.a libdigest.a libntlm.a libnegotiate.a -noinst_LIBRARIES = libauth.a @AUTH_LIBS_TO_BUILD@ +noinst_LTLIBRARIES = libauth.la libacls.la @AUTH_LIBS_TO_BUILD@ +EXTRA_LTLIBRARIES = libbasic.la libdigest.la libntlm.la libnegotiate.la ## authentication framework; this library is always built -## TODO: use libtool and add @AUTH_LIBS_TO_BUILD@ to libauth.la -libauth_a_SOURCES = \ +libauth_la_SOURCES = \ Config.cc \ Config.h \ Scheme.cc \ @@ -14,27 +13,43 @@ User.cci \ User.cc \ UserRequest.h \ - UserRequest.cc - -libbasic_a_SOURCES = \ + UserRequest.cc \ + Gadgets.cc \ + Gadgets.h + +libauth_la_LIBADD = @AUTH_LIBS_TO_BUILD@ +libauth_la_DEPENDENCIES = @AUTH_LIBS_TO_BUILD@ + +## authentication-dependent ACLs and authentication code they share +libacls_la_SOURCES = \ + Acl.cc \ + Acl.h \ + \ + AclMaxUserIp.cc \ + AclMaxUserIp.h \ + AclProxyAuth.cc \ + AclProxyAuth.h + + +libbasic_la_SOURCES = \ basic/basicScheme.cc \ basic/basicScheme.h \ basic/auth_basic.cc \ basic/auth_basic.h -libdigest_a_SOURCES = \ +libdigest_la_SOURCES = \ digest/digestScheme.cc \ digest/digestScheme.h \ digest/auth_digest.cc \ digest/auth_digest.h -libntlm_a_SOURCES = \ +libntlm_la_SOURCES = \ ntlm/ntlmScheme.cc \ ntlm/ntlmScheme.h \ ntlm/auth_ntlm.cc \ ntlm/auth_ntlm.h -libnegotiate_a_SOURCES = \ +libnegotiate_la_SOURCES = \ negotiate/negotiateScheme.cc \ negotiate/negotiateScheme.h \ negotiate/auth_negotiate.cc \ === modified file 'src/auth/Scheme.cc' --- src/auth/Scheme.cc 2009-02-24 23:52:44 +0000 +++ src/auth/Scheme.cc 2009-03-08 19:34:36 +0000 @@ -36,7 +36,7 @@ #include "squid.h" #include "auth/Scheme.h" -#include "authenticate.h" +#include "auth/Gadgets.h" #include "auth/Config.h" Vector *AuthScheme::_Schemes = NULL; === modified file 'src/auth/User.cc' --- src/auth/User.cc 2009-02-24 23:52:44 +0000 +++ src/auth/User.cc 2009-03-08 19:34:36 +0000 @@ -37,8 +37,9 @@ #include "auth/User.h" #include "auth/UserRequest.h" #include "auth/Config.h" -#include "authenticate.h" -#include "ACL.h" +#include "auth/Gadgets.h" +#include "acl/Acl.h" +#include "acl/Gadgets.h" #include "event.h" #include "SquidTime.h" === modified file 'src/auth/UserRequest.cc' --- src/auth/UserRequest.cc 2009-02-24 23:52:44 +0000 +++ src/auth/UserRequest.cc 2009-03-08 19:34:36 +0000 @@ -43,8 +43,8 @@ #include "squid.h" #include "auth/UserRequest.h" #include "auth/User.h" -/*#include "authenticate.h" -#include "ACL.h" +/*#include "auth/Gadgets.h" +#include "acl/Acl.h" #include "client_side.h" */ #include "auth/Config.h" === modified file 'src/auth/basic/auth_basic.cc' --- src/auth/basic/auth_basic.cc 2009-02-11 11:10:32 +0000 +++ src/auth/basic/auth_basic.cc 2009-03-08 19:34:36 +0000 @@ -39,7 +39,7 @@ #include "squid.h" #include "auth_basic.h" -#include "authenticate.h" +#include "auth/Gadgets.h" #include "CacheManager.h" #include "Store.h" #include "HttpReply.h" === modified file 'src/auth/basic/auth_basic.h' --- src/auth/basic/auth_basic.h 2009-02-24 23:52:44 +0000 +++ src/auth/basic/auth_basic.h 2009-03-08 19:34:36 +0000 @@ -5,7 +5,7 @@ #ifndef __AUTH_BASIC_H__ #define __AUTH_BASIC_H__ -#include "authenticate.h" +#include "auth/Gadgets.h" #include "auth/User.h" #include "auth/UserRequest.h" #include "auth/Config.h" === modified file 'src/auth/digest/auth_digest.cc' --- src/auth/digest/auth_digest.cc 2009-02-11 11:10:32 +0000 +++ src/auth/digest/auth_digest.cc 2009-03-08 19:34:36 +0000 @@ -40,7 +40,7 @@ #include "squid.h" #include "rfc2617.h" #include "auth_digest.h" -#include "authenticate.h" +#include "auth/Gadgets.h" #include "event.h" #include "CacheManager.h" #include "Store.h" === modified file 'src/auth/digest/auth_digest.h' --- src/auth/digest/auth_digest.h 2009-02-24 23:52:44 +0000 +++ src/auth/digest/auth_digest.h 2009-03-08 19:34:36 +0000 @@ -6,7 +6,7 @@ #ifndef __AUTH_DIGEST_H__ #define __AUTH_DIGEST_H__ #include "rfc2617.h" -#include "authenticate.h" +#include "auth/Gadgets.h" #include "auth/User.h" #include "auth/UserRequest.h" #include "auth/Config.h" === modified file 'src/auth/negotiate/auth_negotiate.cc' --- src/auth/negotiate/auth_negotiate.cc 2009-02-11 11:10:32 +0000 +++ src/auth/negotiate/auth_negotiate.cc 2009-03-08 19:34:36 +0000 @@ -39,7 +39,7 @@ #include "squid.h" #include "auth_negotiate.h" -#include "authenticate.h" +#include "auth/Gadgets.h" #include "CacheManager.h" #include "Store.h" #include "client_side.h" === modified file 'src/auth/negotiate/auth_negotiate.h' --- src/auth/negotiate/auth_negotiate.h 2009-02-24 23:52:44 +0000 +++ src/auth/negotiate/auth_negotiate.h 2009-03-08 19:34:36 +0000 @@ -5,7 +5,7 @@ #ifndef __AUTH_NEGOTIATE_H__ #define __AUTH_NEGOTIATE_H__ -#include "authenticate.h" +#include "auth/Gadgets.h" #include "auth/User.h" #include "auth/UserRequest.h" #include "auth/Config.h" === modified file 'src/auth/ntlm/auth_ntlm.cc' --- src/auth/ntlm/auth_ntlm.cc 2009-02-11 11:10:32 +0000 +++ src/auth/ntlm/auth_ntlm.cc 2009-03-08 19:34:36 +0000 @@ -39,7 +39,7 @@ #include "squid.h" #include "auth_ntlm.h" -#include "authenticate.h" +#include "auth/Gadgets.h" #include "CacheManager.h" #include "Store.h" #include "client_side.h" === modified file 'src/auth/ntlm/auth_ntlm.h' --- src/auth/ntlm/auth_ntlm.h 2009-02-24 23:52:44 +0000 +++ src/auth/ntlm/auth_ntlm.h 2009-03-08 19:34:36 +0000 @@ -5,7 +5,7 @@ #ifndef __AUTH_NTLM_H__ #define __AUTH_NTLM_H__ -#include "authenticate.h" +#include "auth/Gadgets.h" #include "auth/User.h" #include "auth/UserRequest.h" #include "auth/Config.h" === modified file 'src/cache_cf.cc' --- src/cache_cf.cc 2009-02-28 08:50:18 +0000 +++ src/cache_cf.cc 2009-03-09 05:53:08 +0000 @@ -33,7 +33,6 @@ */ #include "squid.h" -#include "authenticate.h" #include "ProtoPort.h" #include "HttpRequestMethod.h" #include "auth/Config.h" @@ -42,7 +41,8 @@ #include "Store.h" #include "SwapDir.h" #include "ConfigParser.h" -#include "ACL.h" +#include "acl/Acl.h" +#include "acl/Gadgets.h" #include "StoreFileSystem.h" #include "Parsing.h" #include "MemBuf.h" === modified file 'src/client_side.cc' --- src/client_side.cc 2009-03-06 13:26:57 +0000 +++ src/client_side.cc 2009-03-09 05:53:08 +0000 @@ -96,7 +96,7 @@ #include "MemObject.h" #include "fde.h" #include "client_side_request.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "ConnectionDetail.h" #include "client_side_reply.h" #include "ClientRequestContext.h" @@ -527,7 +527,7 @@ #endif - ACLChecklist *checklist = clientAclChecklistCreate(Config.accessList.log, this); + ACLFilledChecklist *checklist = clientAclChecklistCreate(Config.accessList.log, this); if (al.reply) checklist->reply = HTTPMSGLOCK(al.reply); @@ -2874,12 +2874,9 @@ #if USE_IDENT if (Config.accessList.identLookup) { - ACLChecklist identChecklist; + ACLFilledChecklist identChecklist(Config.accessList.identLookup, NULL, NULL); identChecklist.src_addr = details->peer; identChecklist.my_addr = details->me; - identChecklist.accessList = cbdataReference(Config.accessList.identLookup); - - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ if (identChecklist.fastCheck()) identStart(details->me, details->peer, clientIdentDone, connState); } @@ -3089,12 +3086,9 @@ #if USE_IDENT if (Config.accessList.identLookup) { - ACLChecklist identChecklist; + ACLFilledChecklist identChecklist(Config.accessList.identLookup, NULL, NULL); identChecklist.src_addr = details->peer; identChecklist.my_addr = details->me; - identChecklist.accessList = cbdataReference(Config.accessList.identLookup); - - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ if (identChecklist.fastCheck()) identStart(details->me, details->peer, clientIdentDone, connState); } @@ -3345,12 +3339,12 @@ } } -ACLChecklist * +ACLFilledChecklist * clientAclChecklistCreate(const acl_access * acl, ClientHttpRequest * http) { - ACLChecklist *ch; ConnStateData * conn = http->getConn(); - ch = aclChecklistCreate(acl, http->request, cbdataReferenceValid(conn) && conn != NULL ? conn->rfc931 : dash_str); + ACLFilledChecklist *ch = new ACLFilledChecklist(acl, http->request, + cbdataReferenceValid(conn) && conn != NULL ? conn->rfc931 : dash_str); /* * hack for ident ACL. It needs to get full addresses, and a place to store @@ -3365,7 +3359,7 @@ */ if (conn != NULL) - ch->conn(conn); /* unreferenced in acl.cc */ + ch->conn(conn); /* unreferenced in FilledCheckList.cc */ return ch; } === modified file 'src/client_side_reply.cc' --- src/client_side_reply.cc 2009-02-24 23:52:44 +0000 +++ src/client_side_reply.cc 2009-03-08 21:53:27 +0000 @@ -52,8 +52,8 @@ #endif #include "MemObject.h" #include "fde.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/FilledChecklist.h" +#include "acl/Gadgets.h" #if DELAY_POOLS #include "DelayPools.h" #endif @@ -1785,8 +1785,8 @@ } /** Process http_reply_access lists */ - ACLChecklist *replyChecklist; - replyChecklist = clientAclChecklistCreate(Config.accessList.reply, http); + ACLFilledChecklist *replyChecklist = + clientAclChecklistCreate(Config.accessList.reply, http); replyChecklist->reply = HTTPMSGLOCK(reply); replyChecklist->nonBlockingCheck(ProcessReplyAccessResult, this); } === modified file 'src/client_side_request.cc' --- src/client_side_request.cc 2009-02-24 23:52:44 +0000 +++ src/client_side_request.cc 2009-03-08 21:57:12 +0000 @@ -48,8 +48,8 @@ #include "auth/UserRequest.h" #include "HttpRequest.h" #include "ProtoPort.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/FilledChecklist.h" +#include "acl/Gadgets.h" #include "client_side.h" #include "client_side_reply.h" #include "Store.h" @@ -1113,12 +1113,9 @@ debugs(85, 5, HERE << "SslBump possible, checking ACL"); - ACLChecklist check; + ACLFilledChecklist check(Config.accessList.ssl_bump, request, NULL); check.src_addr = request->client_addr; check.my_addr = request->my_addr; - check.request = HTTPMSGLOCK(request); - check.accessList = cbdataReference(Config.accessList.ssl_bump); - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ return check.fastCheck() == 1; } @@ -1285,10 +1282,9 @@ if (!calloutContext->clientside_tos_done) { calloutContext->clientside_tos_done = true; if (getConn() != NULL) { - ACLChecklist ch; + ACLFilledChecklist ch(NULL, request, NULL); ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; - ch.request = HTTPMSGLOCK(request); int tos = aclMapTOS(Config.accessList.clientside_tos, &ch); if (tos) comm_set_tos(getConn()->fd, tos); === modified file 'src/client_side_request.h' --- src/client_side_request.h 2009-02-19 07:17:31 +0000 +++ src/client_side_request.h 2009-03-08 21:57:12 +0000 @@ -187,7 +187,9 @@ /* client http based routines */ SQUIDCEXTERN char *clientConstructTraceEcho(ClientHttpRequest *); -SQUIDCEXTERN ACLChecklist *clientAclChecklistCreate(const acl_access * acl,ClientHttpRequest * http); + +class ACLFilledChecklist; +SQUIDCEXTERN ACLFilledChecklist *clientAclChecklistCreate(const acl_access * acl,ClientHttpRequest * http); SQUIDCEXTERN int clientHttpRequestStatus(int fd, ClientHttpRequest const *http); SQUIDCEXTERN void clientAccessCheck(ClientHttpRequest *); === modified file 'src/external_acl.cc' --- src/external_acl.cc 2009-02-24 23:52:44 +0000 +++ src/external_acl.cc 2009-03-08 21:57:12 +0000 @@ -48,15 +48,16 @@ #include "SquidTime.h" #include "Store.h" #include "fde.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/FilledChecklist.h" +#include "acl/Acl.h" #if USE_IDENT -#include "ACLIdent.h" +#include "acl/Ident.h" #endif #include "client_side.h" #include "HttpRequest.h" #include "HttpReply.h" -#include "authenticate.h" +#include "auth/Acl.h" +#include "auth/Gadgets.h" #include "helper.h" #include "MemBuf.h" #include "URLScheme.h" @@ -71,7 +72,7 @@ typedef struct _external_acl_format external_acl_format; -static char *makeExternalAclKey(ACLChecklist * ch, external_acl_data * acl_data); +static char *makeExternalAclKey(ACLFilledChecklist * ch, external_acl_data * acl_data); static void external_acl_cache_delete(external_acl * def, external_acl_entry * entry); static int external_acl_entry_expired(external_acl * def, external_acl_entry * entry); static int external_acl_grace_expired(external_acl * def, external_acl_entry * entry); @@ -677,9 +678,7 @@ } static int -aclMatchExternal(external_acl_data *acl, ACLChecklist * ch); -static int -aclMatchExternal(external_acl_data *acl, ACLChecklist * ch) +aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch) { int result; external_acl_entry *entry; @@ -705,7 +704,7 @@ int ti; /* Make sure the user is authenticated */ - if ((ti = ch->authenticated()) != 1) { + if ((ti = AuthenticateAcl(ch)) != 1) { debugs(82, 2, "aclMatchExternal: " << acl->def->name << " user not authenticated (" << ti << ")"); return ti; } @@ -777,7 +776,7 @@ int ACLExternal::match(ACLChecklist *checklist) { - return aclMatchExternal (data, checklist); + return aclMatchExternal (data, Filled(checklist)); } wordlist * @@ -811,7 +810,7 @@ } static char * -makeExternalAclKey(ACLChecklist * ch, external_acl_data * acl_data) +makeExternalAclKey(ACLFilledChecklist * ch, external_acl_data * acl_data) { static MemBuf mb; char buf[256]; @@ -1216,7 +1215,7 @@ } void -ACLExternal::ExternalAclLookup(ACLChecklist * ch, ACLExternal * me, EAH * callback, void *callback_data) +ACLExternal::ExternalAclLookup(ACLChecklist *checklist, ACLExternal * me, EAH * callback, void *callback_data) { MemBuf buf; external_acl_data *acl = me->data; @@ -1226,11 +1225,12 @@ externalAclState *oldstate = NULL; bool graceful = 0; + ACLFilledChecklist *ch = Filled(checklist); if (acl->def->require_auth) { int ti; /* Make sure the user is authenticated */ - if ((ti = ch->authenticated()) != 1) { + if ((ti = AuthenticateAcl(ch)) != 1) { debugs(82, 1, "externalAclLookup: " << acl->def->name << " user authentication failure (" << ti << ", ch=" << ch << ")"); callback(callback_data, NULL); @@ -1434,7 +1434,7 @@ void ExternalACLLookup::LookupDone(void *data, void *result) { - ACLChecklist *checklist = (ACLChecklist *)data; + ACLFilledChecklist *checklist = Filled(static_cast(data)); checklist->extacl_entry = cbdataReference((external_acl_entry *)result); checklist->asyncInProgress(false); checklist->changeState (ACLChecklist::NullState::Instance()); === modified file 'src/forward.cc' --- src/forward.cc 2009-02-04 09:52:20 +0000 +++ src/forward.cc 2009-03-08 21:57:12 +0000 @@ -33,8 +33,8 @@ #include "squid.h" #include "forward.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/FilledChecklist.h" +#include "acl/Gadgets.h" #include "CacheManager.h" #include "event.h" #include "errorpage.h" @@ -205,12 +205,9 @@ /** * Check if this host is allowed to fetch MISSES from us (miss_access) */ - ACLChecklist ch; + ACLFilledChecklist ch(Config.accessList.miss, request, NULL); ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; - ch.request = HTTPMSGLOCK(request); - ch.accessList = cbdataReference(Config.accessList.miss); - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ int answer = ch.fastCheck(); if (answer == 0) { @@ -664,7 +661,7 @@ // Create the ACL check list now, while we have access to more info. // The list is used in ssl_verify_cb() and is freed in ssl_free(). if (acl_access *acl = Config.ssl_client.cert_error) { - ACLChecklist *check = aclChecklistCreate(acl, request, dash_str); + ACLFilledChecklist *check = new ACLFilledChecklist(acl, request, dash_str); check->fd(fd); SSL_set_ex_data(ssl, ssl_ex_index_cert_error_check, check); } @@ -1341,8 +1338,6 @@ IpAddress getOutgoingAddr(HttpRequest * request, struct peer *dst_peer) { - ACLChecklist ch; - if (request && request->flags.spoof_client_ip) return request->client_addr; @@ -1350,12 +1345,12 @@ return IpAddress(); // anything will do. } + ACLFilledChecklist ch(NULL, request, NULL); ch.dst_peer = dst_peer; if (request) { ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; - ch.request = HTTPMSGLOCK(request); } return aclMapAddr(Config.accessList.outgoing_address, &ch); @@ -1364,12 +1359,11 @@ unsigned long getOutgoingTOS(HttpRequest * request) { - ACLChecklist ch; + ACLFilledChecklist ch(NULL, request, NULL); if (request) { ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; - ch.request = HTTPMSGLOCK(request); } return aclMapTOS(Config.accessList.outgoing_tos, &ch); === modified file 'src/htcp.cc' --- src/htcp.cc 2009-02-09 08:53:49 +0000 +++ src/htcp.cc 2009-03-08 21:57:12 +0000 @@ -35,8 +35,8 @@ #include "squid.h" #include "htcp.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/FilledChecklist.h" +#include "acl/Acl.h" #include "SquidTime.h" #include "Store.h" #include "StoreClient.h" @@ -850,12 +850,9 @@ if (!acl) return 0; - ACLChecklist checklist; + ACLFilledChecklist checklist(acl, s->request, NULL); checklist.src_addr = from; checklist.my_addr.SetNoAddr(); - checklist.request = HTTPMSGLOCK(s->request); - checklist.accessList = cbdataReference(acl); - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ int result = checklist.fastCheck(); return result; } === modified file 'src/http.cc' --- src/http.cc 2009-02-25 20:59:20 +0000 +++ src/http.cc 2009-03-08 21:57:12 +0000 @@ -50,7 +50,7 @@ #include "HttpHdrContRange.h" #include "HttpHdrSc.h" #include "HttpHdrScTarget.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "fde.h" #if DELAY_POOLS #include "DelayPools.h" @@ -1974,13 +1974,8 @@ debugs(11,5, HERE << "doneSendingRequestBody: FD " << fd); #if HTTP_VIOLATIONS - ACLChecklist ch; - ch.request = HTTPMSGLOCK(request); - if (Config.accessList.brokenPosts) { - ch.accessList = cbdataReference(Config.accessList.brokenPosts); - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ - + ACLFilledChecklist ch(Config.accessList.brokenPosts, request, NULL); if (!ch.fastCheck()) { debugs(11, 5, "doneSendingRequestBody: didn't match brokenPosts"); CommIoCbParams io(NULL); === modified file 'src/icp_v2.cc' --- src/icp_v2.cc 2009-02-04 09:52:20 +0000 +++ src/icp_v2.cc 2009-03-08 21:57:12 +0000 @@ -40,8 +40,8 @@ #include "comm.h" #include "ICP.h" #include "HttpRequest.h" -#include "ACLChecklist.h" -#include "ACL.h" +#include "acl/FilledChecklist.h" +#include "acl/Acl.h" #include "AccessLogEntry.h" #include "wordlist.h" #include "SquidTime.h" @@ -409,12 +409,9 @@ if (!Config.accessList.icp) return 0; - ACLChecklist checklist; + ACLFilledChecklist checklist(Config.accessList.icp, icp_request, NULL); checklist.src_addr = from; checklist.my_addr.SetNoAddr(); - checklist.request = HTTPMSGLOCK(icp_request); - checklist.accessList = cbdataReference(Config.accessList.icp); - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ int result = checklist.fastCheck(); return result; } === modified file 'src/logfile.cc' --- src/logfile.cc 2009-02-19 09:36:01 +0000 +++ src/logfile.cc 2009-03-07 21:07:45 +0000 @@ -33,7 +33,6 @@ */ #include "squid.h" -#include "authenticate.h" #include "fde.h" static void logfileWriteWrapper(Logfile * lf, const void *buf, size_t len); === modified file 'src/main.cc' --- src/main.cc 2009-02-27 16:38:06 +0000 +++ src/main.cc 2009-03-08 19:34:36 +0000 @@ -34,7 +34,7 @@ #include "squid.h" #include "AccessLogEntry.h" -#include "authenticate.h" +#include "auth/Gadgets.h" #include "ConfigParser.h" #include "errorpage.h" #include "event.h" @@ -46,8 +46,8 @@ #include "HttpReply.h" #include "pconn.h" #include "Mem.h" -#include "ACLASN.h" -#include "ACL.h" +#include "acl/Asn.h" +#include "acl/Acl.h" #include "htcp.h" #include "StoreFileSystem.h" #include "DiskIO/DiskIOModule.h" === modified file 'src/neighbors.cc' --- src/neighbors.cc 2009-01-13 06:17:33 +0000 +++ src/neighbors.cc 2009-03-08 21:57:12 +0000 @@ -32,7 +32,7 @@ #include "squid.h" #include "ProtoPort.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "event.h" #include "CacheManager.h" #include "htcp.h" @@ -175,18 +175,10 @@ if (p->access == NULL) return do_ping; - ACLChecklist checklist; - + ACLFilledChecklist checklist(p->access, request, NULL); checklist.src_addr = request->client_addr; - checklist.my_addr = request->my_addr; - checklist.request = HTTPMSGLOCK(request); - - checklist.accessList = cbdataReference(p->access); - - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ - #if 0 && USE_IDENT /* * this is currently broken because 'request->user_ident' has been === modified file 'src/peer_select.cc' --- src/peer_select.cc 2009-02-04 09:52:20 +0000 +++ src/peer_select.cc 2009-03-08 21:53:27 +0000 @@ -38,7 +38,7 @@ #include "Store.h" #include "ICP.h" #include "HttpRequest.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "htcp.h" #include "forward.h" #include "SquidTime.h" @@ -294,7 +294,7 @@ if (ps->direct == DIRECT_UNKNOWN) { if (ps->always_direct == 0 && Config.accessList.AlwaysDirect) { /** check always_direct; */ - ps->acl_checklist = aclChecklistCreate( + ps->acl_checklist = new ACLFilledChecklist( Config.accessList.AlwaysDirect, request, NULL); /* ident */ @@ -305,7 +305,7 @@ ps->direct = DIRECT_YES; } else if (ps->never_direct == 0 && Config.accessList.NeverDirect) { /** check never_direct; */ - ps->acl_checklist = aclChecklistCreate( + ps->acl_checklist = new ACLFilledChecklist( Config.accessList.NeverDirect, request, NULL); /* ident */ === modified file 'src/redirect.cc' --- src/redirect.cc 2009-02-24 23:52:44 +0000 +++ src/redirect.cc 2009-03-08 19:34:36 +0000 @@ -39,7 +39,7 @@ #include "Store.h" #include "fde.h" #include "client_side_request.h" -#include "ACLChecklist.h" +#include "acl/Checklist.h" #include "HttpRequest.h" #include "client_side.h" #include "helper.h" === modified file 'src/snmp_core.cc' --- src/snmp_core.cc 2009-02-08 00:02:47 +0000 +++ src/snmp_core.cc 2009-03-08 21:57:12 +0000 @@ -32,7 +32,7 @@ #include "squid.h" #include "comm.h" #include "cache_snmp.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #include "ip/IpAddress.h" #define SNMP_REQUEST_SIZE 4096 @@ -530,11 +530,9 @@ /* Check if we have explicit permission to access SNMP data. * default (set above) is to deny all */ if (Community && Config.accessList.snmp) { - ACLChecklist checklist; - checklist.accessList = cbdataReference(Config.accessList.snmp); + ACLFilledChecklist checklist(Config.accessList.snmp, NULL, NULL); checklist.src_addr = rq->from; checklist.snmp_community = (char *) Community; - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ allow = checklist.fastCheck(); } @@ -1136,15 +1134,15 @@ } /* SNMP checklists */ -#include "ACLStrategy.h" -#include "ACLStrategised.h" -#include "ACLStringData.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" +#include "acl/StringData.h" class ACLSNMPCommunityStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *); static ACLSNMPCommunityStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about @@ -1170,7 +1168,7 @@ ACLStrategised ACLSNMPCommunity::RegistryEntry_(new ACLStringData, ACLSNMPCommunityStrategy::Instance(), "snmp_community"); int -ACLSNMPCommunityStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLSNMPCommunityStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) { return data->match (checklist->snmp_community); } === modified file 'src/ssl_support.cc' --- src/ssl_support.cc 2009-01-21 03:47:47 +0000 +++ src/ssl_support.cc 2009-03-08 21:57:12 +0000 @@ -41,7 +41,7 @@ #if USE_SSL #include "fde.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" /** \defgroup ServerProtocolSSLInternal Server-Side SSL Internals @@ -182,7 +182,7 @@ debugs(83, 2, "SQUID_X509_V_ERR_DOMAIN_MISMATCH: Certificate " << buffer << " does not match domainname " << server); ok = 0; if (check) - check->ssl_error = SQUID_X509_V_ERR_DOMAIN_MISMATCH; + Filled(check)->ssl_error = SQUID_X509_V_ERR_DOMAIN_MISMATCH; } } } else { @@ -216,7 +216,7 @@ } if (check) - check->ssl_error = ctx->error; + Filled(check)->ssl_error = ctx->error; } if (!ok && check) { === modified file 'src/tests/testACLMaxUserIP.cc' --- src/tests/testACLMaxUserIP.cc 2008-08-10 05:49:14 +0000 +++ src/tests/testACLMaxUserIP.cc 2009-03-08 19:34:36 +0000 @@ -4,7 +4,7 @@ #include #include "testACLMaxUserIP.h" -#include "ACLMaxUserIP.h" +#include "auth/AclMaxUserIp.h" CPPUNIT_TEST_SUITE_REGISTRATION( testACLMaxUserIP ); === modified file 'src/tests/testAuth.cc' --- src/tests/testAuth.cc 2009-02-24 23:52:44 +0000 +++ src/tests/testAuth.cc 2009-03-08 19:34:36 +0000 @@ -2,7 +2,7 @@ #include "squid.h" #include "testAuth.h" -#include "authenticate.h" +#include "auth/Gadgets.h" #include "auth/UserRequest.h" #include "auth/Scheme.h" #include "auth/Config.h" === modified file 'src/tests/test_http_range.cc' --- src/tests/test_http_range.cc 2009-01-21 03:47:47 +0000 +++ src/tests/test_http_range.cc 2009-03-08 19:34:36 +0000 @@ -45,7 +45,7 @@ #include "Mem.h" #if 0 -#include "ACLChecklist.h" +#include "acl/Checklist.h" #endif /* Stub routines */ === modified file 'src/tunnel.cc' --- src/tunnel.cc 2009-02-23 10:55:43 +0000 +++ src/tunnel.cc 2009-03-08 21:57:12 +0000 @@ -39,7 +39,7 @@ #include "fde.h" #include "comm.h" #include "client_side_request.h" -#include "ACLChecklist.h" +#include "acl/FilledChecklist.h" #if DELAY_POOLS #include "DelayId.h" #endif @@ -618,12 +618,9 @@ * Check if this host is allowed to fetch MISSES from us (miss_access) * default is to allow. */ - ACLChecklist ch; + ACLFilledChecklist ch(Config.accessList.miss, request, NULL); ch.src_addr = request->client_addr; ch.my_addr = request->my_addr; - ch.request = HTTPMSGLOCK(request); - ch.accessList = cbdataReference(Config.accessList.miss); - /* cbdataReferenceDone() happens in either fastCheck() or ~ACLCheckList */ answer = ch.fastCheck(); if (answer == 0) { === modified file 'src/ufsdump.cc' --- src/ufsdump.cc 2009-01-21 03:47:47 +0000 +++ src/ufsdump.cc 2009-03-08 21:37:32 +0000 @@ -45,19 +45,37 @@ #include /* stub functions for parts of squid not factored to be dynamic yet */ -void shut_down(int) -{} - -void -reconfigure(int) -{} - -#if WHENITMINIMAL void eventAdd(const char *name, EVH * func, void *arg, double when, int, bool cbdata) {} -#endif +// required by storeKeyPublicByRequest* +// XXX: what pulls in storeKeyPublicByRequest? +const char *urlCanonical(HttpRequest *) { assert(false); return NULL; } + +void +storeAppendPrintf(StoreEntry * e, const char *fmt,...) +{ + va_list args; + va_start(args, fmt); + + assert(false); + + va_end(args); +} + +#include "CacheManager.h" +CacheManager* +CacheManager::GetInstance() +{ + assert(false); + return NULL; +} + +void +CacheManager::registerAction(char const * action, char const * desc, OBJH * handler, int pw_req_flag, int atomic) {} + + /* end stub functions */ struct MetaStd { # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWTRPa1QAiFd/gHd0RAB9//// /////r////9gkP55u84Ozm2w4D289nugdgXeHrRl56ClSHIaqneHXkBlQAu7u+vuPt1T4Bh7zrev PZZ3c9hdnB3vffPW2PevC30Zz33r4Hdg+X30LYH0A0AOZ8b7z0+2a4bdPQAdAAnPj730aNAD6K7Y Bfd8t4eho6HQAJ4vcaKAUoALjznRQAABbl93gA6AAzx3AACgHvePe+tAAAH3h3FA+gADzQ+RASoW bVrFvl10ZGLWm26DVSLpWeAATgXcslScks4AKBggAxaGa7BrAcAGuRt2xVPp8j4XLA987umOtHDq ad3bch3ABoEDVdCJpoDIMmhYwUN2DkOwwAkG7dUAAAjWUk6YQ33zzvfXXQwIX193uZVUvs3ZoBrQ 0hFFW2mEkQIATTQATQQnoCZBqYTUPVPUfpE2o09T1PFAGjZINNAIIU0EyJhNJH6p+qeoNqBoA9QA AAaGmgGgGmIClFU/VP1T8qeTNRqep6gGj1ANPUBoAAAAAAAJNJITREwhTMjTQ1MJqT8mKQ9Q9NJk epoAepoAABoESiCaaAI0AEwEAAmBTaTCAmSepp6nqHpD1GhoFUgJkAQikxGgRppT9U2o0ZNDQAAA AGgADMichzBRQMSIBIAdBEBDnCygqNn9Id5D7QTVEVb751/z/fU/+W0CYX2iB3QKwhPqQA+5Jw63 6ddbH1PPH8Ok/qyz6sBRzd/U3x2xGT+lDvEhjDdn4OX1H8P691sD0f5PY3X1maw+O9jnFxtzx+Lw z4rYmM1W0L73kIwXJ4MvqYUyu/j175hR08/nr3e6FxhcGHw1u6u0iVh4V5iHTAaYN6lEK+F5SnUt s7u7I0TjsTzq1eAWcrQVe40Yu6o9SATC6rupzW7jaypnj9oRHv91vyJjgKfNqz2XXya/75VkBQqF fWysgqnDiTN2mJmdMmMMYIe35bw8O44tpS3DOOTX5Dp/N+X3cQ/6OMm4hNmEidPDIAY+FpA8GVgx OO+ZMlLCvTDMgg1KWaobpoWOoxrtQp73RzrMa3ZmG7oZmm0Q/g+TQ22rpA2sf+N/Ll06c7a+lIDE HKHSqRScoNtJCdIldS3t5ySdu3wtdN1tZXNpSB05dEirtDJPU6pEcYRPXMuZcIs8nZkGVebZWVbd pqmD34PK/fCj8IdhP4RobED8QocDQ3rgf9BmwoUSdr1vFYaaWXuXqF+pPuH7nd5gP7/P5MiTlIdh l/n7uEO+fRoL9PPWbBkMw0qQAnKUiLWlKoHBUEMkP7HCKn6b2ZEyAEf5SmVZATI309rmLp1A/5cN Sq6/2n7u/6MJkGhZRRhkX5+LDo0RfxVLqn267kIzGan7Zimwjee8JGYf/OpxDQofTXiDNgBsW09w DvsmQeUA+v5PHQVY7w5xIEXrCr/nSRJwW+nGXG/f+nDbphexczMY14KQ0dk8avdx36ocXxU7Kx26 MfWF5rqB65KqDkRjcevz8iPwD21uk3skFKNYFKDjZmwxZslXTcKKSDGHDjpKkNRAU0hoYGzsjbsM VUVYpklmnEihrDWsdCOOmlC20BYLF1mOAGhlQqWRTLmUVyUriVrN6QqGqaTdzf2Zrfezub5Z6u23 oikHznQUB/Ekh3dbqlG2FYo2rFmMqsF73TMe9IVBcTTiuMxDBPvZLqqslAGlKSKSIMRTIrADzVPJ YaDusGlTg3Xjz0aqDhCEqgF8X9jFNmCF8dTVGnB57GNlPhKqrXhGj0WfGVb1LpHeeVI1VWZJUuTQ J7JmVYVJhqds7e2U+O2M0au0eTMh+aeonztupM4zSmqdnwRi6qIbEMMxGHy83bDLTV6mtGvwhZKN Ua7uWeuCRiX/KAoHF07nKEIbmgKHCrCJw+TiEIyjTa2tiOo1wNkn2sEpOVlbTgzk3m0Go6NkDhxC uIaZUgppk3YHrTdDrlgBeLiIRAw4YE8h1qKIjykGQMMaYsiTxvSa2pVTdwZpjxths1ixYGYU0gN1 mmSU4pJKgTfMwk4tgHW0OWTXVpAN0kNmdebJ0TlNk6pJykMYaG3iZCa46Oc78vDp48rh5NcRlZ9J 9Xs8fPggBPb7Zn4EnmeL6PShKwkVVZExlMb6rLgxSqIKQigpFFIxUVYU9M9PuOvv8MeUsAoyo9UQ yCMvksp3cndxZw0YqgS7UmDHQgggQhfYLujnBXeghucLGaC2rYpVF7wrcvWQmakU4eRVxWdt6WqW 0Z26qqBdc7FAI3XZJmelu6p5hC295J57YiErI8T4S7kUqrkT5M2bo1VG+2ltJxRNDh5VgWUvIEwE u2R4KxdjLI3bNzNIk1biNMC3Mi1elZYq4lOc7c8rjDOAsApIApBXbJzDligool1m5gNc4pQPGPzp 9v3Z9fhQROvP8n7G6X07rM2Zb7m7ocmlhXygQakhz1zNYlN/RUNR+1UuJt9uy2vdRCvWeJW0JMHv mWPjiEnpFRTyQQFTL4QFJEGQFkUSEQAkRALIISHcbuETSb1NAU/1018Kfmejg/cGuQNwqIRYgE56 FCrQ4JaHsGhimU3lE+5WnSZZwZ7RH1GqC+ohBU8psdo5O7emcWvp91hyWf7VmBWThObGi+CiR5yw tPZChNJWyrohkgIn6XGYkzDPZQPl1665Ip+//O60PtyeE0jVCuGIxKEgK11xaFa0Ssupr+o9hThN yfcdpFBTfUUO85IIoUURJBkUZGRJBAkCRIsiRYCRIgsBgEUJFYxEECMBgCCQGCSLAESCgsFBEixZ BYRUQBggpEgpJIBIcAYPNhzQYdlA/wLxxVWCREQI+r6vxvWYj8texfj/a+pa60VP1TulT0arMnJ5 TRWcRdur8deaq7MrbcvnXkAfD3ihEZEImCCQUJBJBT9PsBmIXjWxqXHJZhSNysPzbsFmGojOnZFF aonjbZpqjJDpA0hZjCjJo6RZ3SgJSBognNoN2LDBhkW6eEWDtBPFJHEUcdMcQEdQ1j2MXVGgjgNF 03h3rqQT4ennhDDtOyJodfTPWux3KNc2RhCMDqR7XGWstIwMqnJjThjSN5Bm+QUgQFunp7m1wys0 y3WHbFacQUOsNq1RoUkLEPTlaQw56W1NsBlGTiFoMMjbQ4lnUye5MxhDLPadqRtqtQs0dIR4gyrK NkMGxXQijRvJvJcOQpUWuM3ALscFXUPC3S6kzm4rmCaM2pOOgslYhzQXpmzJGg0xK0ZOalhjuGUQ BAwc4g2axjUO4ana9Mq1MWaZ1vIdWGx+BFGc4bBasu4koJKmMyJqIF+jAZhGo9SiWZw8t2RZtDZ2 3lsks+qq5rzmdDTe1x8dUR4CDao5Kyn5brhAA8kadPasJIS1kz0hmlTFyp3zkJs0sZrmhtZMkSaB iNMm6CDMUOQhQijssRVoQG+14NmkrIEypKBbm3G2J0cRSbgcNAHlKptrjOQZabIYEjCsJd3onkAC u8vOxu3Z10FlKgffEICyB5SERBMR6cvDEUNQRIJjwIRFOGS0fDO8wLHGMcADmzEP07HGEEaoww/P Hm2p7MjIgjkOiTLiCW/BDEDkKY4AUoARk5D1OBwoqBMZQM0ysoMVKxmC+XUMWpSUOtU6ISiE2hAv hRDgTJ86JgKVZhEUeO66MxL8gOASTMvGDGsYxeXFCswVfMBl0jMcC2kuaONKMVrlNPNsPCfKYlcx UiwxVoeiV8GHCBiKpQwXUCoeDTEwXFa1bglM0tGSNDEsAVWyuzN8iogaXaGkbjYJw3NXIBxBk3h8 I5VxMEC6QnHPlZi3nrkedTP0+D5/o/oHvIHwBz73/khhX5X0sNoTzwWwJZ1RT/Hd77awpG2dui9q V+t5pqF+r3l8JQO2DfGNBvEZO4xsKGX1zvl/aAUvrp9P4xs9dv2Wr0wGBI/nRS870MQunKWv7EQj 7bQwI52l5Sf7qZyrdPoPiBtxtr9+xSo5tgXlC2AfLfJrXqWRFXDP8VKt44WTGSVutVwCIrXwQQLb bi0xKUodBXC4qkgAAgpobYlxYiawkD8SImhz8zxDu7u7u7K2o1pHEzK9RnOYyK2MhmbK0H5kjip2 zvPKe9FW0qqsiqq1qsRFVVRFVFFFVRVVVVQ+QL+7UINKCzm5fN2doNYWJL6t242bNiUaW/e1Uxzm cTrUFnUuKtV26ZQ4JFlRBZNVOOTjOELJEq5KVUzgMZ13EGnvCcSSYjXhCLRsu/IlUxkMWVeJpE1R dsBjwjFXcKqyMDUYw7FkKEf1ylWbCuceDHsbM0HJFzuuUW9dv5eulWjy5Gz95qld40OcauBuKHaR eVD1J3sIwjoeUuVD5jlIdq8Edbma+zezSsZnaNCDLAsKOTLdAr8mOls+QqCtu0uhBoRcLWB6n8ME 9zVUGxW+YBkYChPpIHCrsL82QPYONfObDDEOn5vaM0qkjN0fpjjPe0YTHPkIyIlETv7goy5KvX27 mv/b/WwD9dN8kWAmHqQ4qzFNq1/RHdo+u2BshXVbwaMNW3h3S6tW10eGGgcn6w1EHv4qrwPFqJJZ T62QdVthoBXy2OxbbCk/MUJUcussoR8TR6FLHtq0fspFoYsJJBYmKDE2kWQulkMbaGN7UMbLSBNW y8UlekqK2g2U2YalVhBOSPOLlJA3mVvZXQyLDIewwK9kLJVMeLam28Zlwc7S+Ke2Tve6ixWwa5UO dWRTWhDDldd30wsqsms9qSt4Qqo7kcriB8J2kB3yLY7GHYJFCF8G9tW/kbZUcgqY2ltCLcnJtH8H WFB/jnOsyJcRyMSxRjhzlqi7qiEV9Hxqtv4D3vtDhzuue3Gsi0W4DS5ZrPHkgQFiSYQt0CqpFv51 nBDEg0p20H3YFLRs+6VZR2CsJOqVuWEEVu4zDkNTWlCUHmPBRInGEc2Hakq64ktrvssLyE1JtEAI sTh9TUegGBy7j1O7pzhPhy42jApqMmxbl48QwM7SFthoIZdGG9O4zWmbyek2JXDeUBO0hIRERRRR RRRRRRQ6eXbv8B9R3nx9inxCql2qwaBnCFjtXWPrjTpx9Y/Ura86GowupbNWmAaB4iovKm1HeJbk z7Hl/oIdxhimUQKKGV8vJO/FSBC/3vq0l1NVbZJa1uuV/w+M73+9d9WdSCL0OYGaVMyPio7cjGvP jDXedTvsERGC/kPj5LHaaFiXQ95To+02YoJBCxZfpDQkIEP55heo14vuNusuMS4hl7b44XbVUVSc MS93o3kRlGZQgsj6+p+Tvwlquts0cDaNKbHk8mhy6GUmJRYckO8W09tfiWR7VV1NuxhW0ucdm+1K QyFWMSLlq8D/IyEf7QaEmpNemiqCfTh/VPrWcn1sLfv++s+0trdXIfa/COStUMC1UDk3vct7Krnb Cvrb6mOxxW8LGp68von6F+W9c+2c9fbmrWb5vnBci3ZkZxfdgWWmJdx7crsrJnEam+mh16FyGAjN 3DJIOTP9P2fjgfBETaImsWoUYfOoSCZklkYa3MxCXLNxTNCqDepw2pym2qFJzMpjBhOYSuHXfdtb uvMbuyZxtLpa7e7up7s9E2E6FSJEzdCY2TbKHPF0/Z+hViiKigoqqip6WiqxiCiIrEEGKKMEQUFB K2IrFU+RlVy0gKBruiPWwqd7FkqKuWh1EKwrjiCwTLTzoGTKRZCLFWtiosarVRVKZZ1z42fyvL73 wfJ8n7Xo+98HZns9C6ZiFHx88x32zK6cXCo/vtMrjiriK2FfW+TrTRQr8iVHPRq6PldhxOMuCWtq 2qzFKooayobDsHBDlFKBVDsMnNcdjHZ2bw8Xfx8uMeV5VcYrynbHwe48XrNc545lmmK7WvVK3HDZ s9Qec22dcY2c3rjUNVbzMteD111xrUaZovMb0lY5xxzxWuJmua655t+Y6xq5xqqunzgLnEtrWdZG eR4eM9766XX7J2W3bKFJYvXEfVTVR+PHx58NNjcW/IGYNZ3nSdqKCbN/Tfwb3Dm2b/DxZLuK1X1K 8A6QAkVCQhEZFESAChBBYqxQCRZAUkFAWSCgREPpLLIEIiSAxSQofQD8UUU74DaJ+4h7PF9yVBcn 8aCh9iScETvHPqDUth3xTsjmN62Dv6ydUY4QIfGZhyCmQaQFBzTyhYDuBaBEgmCbEH9UsKhKsrew n8/EkyPWFAEOxYef4/p+umP7yt1Y4y9tK3eI5hV7d2A8Do9+aYMVcO0AHJFAd3e8oSQft5Sjw7J+ BFURyI6IUFEEPElXRA7O033T8SYno5nNddfINw1Oo3sI1Enin7Np0z5AfMVBtqrPjcfCDpkMwLBh 4tH84r/pg59VavsaO51tw4EJQPj8wipsvobvw/j+wjlvw0ikF7YGmCbeQ8Bl9zSqy9/Ox6yz6fbU 1KTk7md6Vlz1GBZsiB9BfpWM+sM3od9Oe4zHkvaQz/j/E37N5795xvfcS9Ki5Dq/n6ppVcmlDkUE RQXIl2NG5OblIeD88XyLjOtjY+4s5IoiQxaAEgggiP+JvoRj5Wls+E67rqr13/kf8RnGrcmwIX/K Q0hxkEGV46NREcNJwygmzYzQa1dZQLu7ATZYUqkRmzJNhmzA2NUIwZDcYAGIfwQSzZIsg6ItE+P1 fl8Wxy6PAGuxE18Ipt3X3kInvLgz50tZhXDDMuS8nslG7oSwqOxyr2VPRmv7R/0jL9Vy4RGpe+Ho sqysn8q322SszUlc0ZHsiau9I/MoaHqyo9kiFm4X9ozHefiAHeHgvxQewO37N1If1/pfgT9UbIu3 am1lq6zu/Crp/Z6J9+y7bN42ZYWwazDSVsnu1Z643wkaqW12TZtt3vDLyReSIUgNIqSSAp5zXv58 N+hZJcsfKABVTVOZmaAE1VeQ5mZczYSYSJSdmGZmFsAR1BhINhxJCnsqhY7Ueurbhpqnm5pxeG+n GVHa2++vDKdlj2l19kscsrlga1ibgTAxqKURNFMBD6A0URBEEREREEREREERBEET1hSiCIiIiIiI IiJyUhKHxiQlERE+aIFMKU8aQoiIiIiIm4UKJ7/TIUwpIQw7WSsUK07GOCEnokAYUsohQiFxcFBE BoUKKnpV/AENIfD0OsaPp6/EetZhjc2LsYCUB9KATPwvOcmMAu0nMrMADj64FW7C+DTMqfgMiaFe Y/mMU6qsgQLVta/cqWta1YQRdgvbRbSatKVq0cGyEEZynOhGEpSsPUKpAQBFoYb9O3PmeV7MzEGD hq+MoiGNrPO2Ftby6eqEGDTWZJDBTMBbjbPQ8AKbiufViheGCYqUornQBXFCoohAFxJDukhFgu1c CRcXAcRViKt+vfQQL+Ey6sRElYYfrZiHkFCKt0JvX9qWHbv/kknnTWu3HEYpiBai0QzCWQuKIA3B cVvATEjatnR443boR8ojy/vOhGgxtm5vPRzInQl4dPYe62mdg59oxbY7ucok4y8MowFmPUfRGtqq S+d2MBpkDZGwHIfpy7u7ny690PQx2YhLEWJ+7gI+EN+tC17hw7fDAoesQJkj0FfTnEq+XcWMB3DY mvqHpT4kafixt5Mm/TWxK0y2EE9KlI60IoX5PTh5wrKZBxgWq2q8R9M22Jznh8Txtea4mic/F2pj 4aL2c6pUlfWXH8aFmy7Jlgk3bLt2hho3SOXLU2YaNFFWyp4kok6TUbpJO2G6rLRRZhNZhNhVhZZh NRoqwwo4TapMpMLE0k1XiphqlCERvARCY+xtMqaOWNvxjahoYkSzvw12Htb0pNhYRqvzVXG+mokH i+8h+GzHAtqO2XEgoxUWRrCiHRJ0dLDTjDNaMMbNmzBGXKMEmUCYuvJqhZbKUI02bmFBM0ylFsqJ 1CWsIMznaKhKBHAhkNDvGNFCgBxEQwxextHx9rpHwwhIIDaAZWoAgdMjYRyIJIVVhgJyiiEkknKv XEYyLE5UJo4lSHcS6iA1RQrLNmIdqDwI1Jl+LxnHWq6z8uIgXXUUSaLNWXKRZJMs5JmjZJNVhhVN oso0cqMqKpLMrLMqMOGF1CYw5gQKEig6gKCtdx2fIaGGE5R9EFGbepCE7KgWGDKWBsxO0FkMvcA1 gSCe8/H86ez86EhgET7mJE4Ddgf2f4VAhizWLoiDJKLKDJZWlQCg2KCmBcOWKJFIqtIKBVRUFEVY gMAoMAgpCz2/QJ+n613C/p1DYT4huLZWIW1hVKUrQEv10MUUxbRLEtpSIsD6kP49OqZ7dUxxK8F6 M2fY+Xf6FiREYfDk+D/nknDJO9JJjJHXy22222SAW22hbQtttttttoELaSS2ltDb7x+bafpy+Z93 83ntn5b23Ze0o0UQYHibSEWzabkoM06yTOIEoKcp2zUXeITGUxk8PhEQIgDMwmHERiVFEBkROySc 5YHPNhOrJFIcMmyHRIG6FYHKoByw3TdIGJDowwYodEh1YcdOTnXVhUDdIb5Y43lJ1ebddaS80J0S QAyISKEYDJBAykKMAmzAOGAGA7JN4JFhKzEAWGmV0wKoSiCMqjAZUI5AJCJkhBJSCiPlpqsvgVqW ZcsEsjQpkq6x9kZupvLaRE++OP1RIHtACd47h2JosCh3yI9hOl7djfbeud0mmCUynfsTIP7zVEE1 dmFB2k2ayaUCIZZTHcWGNUbbjCohK4FVaKQVyFDA8pYiMIYiFknpdl7SSSZcOGH/UD+9Bjlv1xWs oh0iIwkujg3LCKk5y7OSKNF1kRBmNF0yldMdW11fv/zuGqpWRg3RBNh6ficOXLVN1lKepSOeDZX0 smdsmUXVXhU+X89VpM+YvwwraMtLNBFtEkMxRgwhcWjDYDQSVCAblncM5kEwgSnJMkFhESylERCL MoyuZT+lVIhRY6Z6Xe5pxvKIyy9tGy7VoTiU3Fd6puKCEJQZRMmkcJiEIqkRRddKRj/ZOk8os0ee VWYlJEQdpE0rpNUspR8cFHTR2u7ffjbRptIRQ1wo4GV4hhUTolZ118cqt4RoTJamYNTtajR0pu5T ctHb4iBRc0LiscwIFusbFBVhjCAlDFwVmtPsmXSaLti7BKUFKKIuhKZdQeTV1csbrkXX+fJt5aNU aNntbGNNNEnjxu2rtTbaMUaQo70uk1LJIjFekp8kSxEsp+0sqibdqIrHCy0TZYUW2nLZ2ooww5Tc NXirZy1asbxPnVJpW2Ltd40ULyqYc/FYVjDhTWIjZKDBuw1WWWoywwhND+KJ9JWsn01Tw3cuGhw5 LsnyJ5ltHVJU0lOkiJV7iEVSHz5YR7V2lA6veeFmYAj3KIiarg58ZBJgncJ3JovPHBxRpo37jqXo mxoxo01vp4TdPEly7RY/rZf44Oa0lNJO19K8QhEIXqRLpOVaHC6lpdELOVy2Iho6UnjZszOIsRE6 xOJulmdCzRZR0o0ZWbKKiIjeSERt+tEf/jjh79zU5SfTpy3Yx4q9MP8D029NNHtPXXxZu3dJOGXK xNZ6UbMqu3tq0JOmqzRcwsk1auednDdIk3SbqqOmzePwcJ9qtXl2plo/CCSjK7Lc7YbO2Ukj9ERB /acJ1Yf6x+JKsk0kSlKSSUuC70y5VYcqOlH+H8HDLx4+MOGW77+8KJGzRJs5SUWUarLFQeP9W0Nw cSmhDrBcQ95rDIX5UPoJ2KcZ95uAdYbEQ8h1mk6Q6lZuvpOnkWaeKwt1yFY0jJIwFJ9HMkJJ79W2 oLs8m22deeAOEJmuHDllQ8OxQOUDd0CDGRGGxw500DnRwEDxFAxAqsXg8UigALMCyEGH4+CQoZNz hq3PkwAsQPcxjqhMvyfJt+Ic2J81OjHAiBRCKIqKQwtrLVW3VOf8vVeUfM9B0y5FC4kIyA5IJSAs ggG7ivy6DJxTQFjPQSwoTajYZOFlENIEt1PMushJOhtALvwdM/pxENn7n9MXiFhE/FlTDRZprhF3 iKdSHJlJSkGERBJG8jCSSSGQ6InuOiJ4oeUYaGcjDgzg4DQgnMBIsxEpGqjC62tk7Mv0ZrEszzLt L3h6VblHGYaIh79Uhd4vRvpy7T5YLtit0jpJpiS1FTyuTFQNNzPPK/VljWmye8xxGryJUZmxBqgZ vz4Fw9I9g8zDIYbyh4D3gzQnIRSScaPFPUpQVx0qyys9O3TV4u5cppKPEbR1acS2611p6rWc3GUX hAmhnKxKQ0Y2EkESZIEmHUU0bE5eXDykOGpJNYankjld6V3iSpospVJWIiWP3cP4wVaH03oYk8QQ ODolACnby5SK8vHxZ+m78Rq98nxfxpYzXLkckmDzxjjjUdhsdcYLqtrZsqpNLYXDDl64xzw+M9c3 xa3Fdci8NfPLNjO9725uetqdVt98xba0Wl2zxxXRfa3bddC9QpnIa1mTjOecdO5zV9CERNiyhpo5 IkYF5wC/amZtDRnZNi61ZkNGbKoKWFb6m1apppFvNiI6bq32m0pmTRDdNNafTsWaIETweOpwcmgr Dv6FhoQOROaWT0kNms55mhulzo3UQzBdOaTxJVmeqV5aPZ27SYSTjXiXkZ8auJIpKimbRbPXaENI IuDkFCpSsMTQIKZEyWjaFUiLekql8ShywneRldOH0zEzxZNdZyp41WoqxN7SRwlFUpPGiSbLloss q2OdvT0/tV3RJJ7pVJERHVXWzxwRkj5eNSSMIQ2+NVWlYiEKKe0nKV3SrjNiyTt0njDLSsRhL0lG rSbaECXKUMpFZHb0o4bu2742UdLPHpdf24bSkfNqso93aaSIlOEyEtZfFpxj4m3SVaePT0N4j04e /uer5ZN06Tm1TLCPpPmUY19q1rXakbJJLRPhdPx0fGjt7Se1nCbLVL3KUvnyfCs2t1p30940jqIn Oi5S1OFNUQSi57e2VKyvNKTxWule2vKHvsuw7T6RTMpVUXpCXua/CtLOmjZszQaSJWa6ymUSt3sj P1QQjSRlW+oYdWkgewZiPUIIn3KLtIyppyk4fFTW/xhWsayKtnFo1s9vvhNR+r8HLZw179+qOqxK XlNq14+VxvTswtgwrHqfpeLoYt7ES6WpaQJsMOE3SIQXSgizE4iJ1NdI5bNGkG6zCrCeZJU0XVj0 uwpeOiIiU5ohdJu5ctU3TVs3cKrnDll73cvqBEOYlbp6aq14Se1XTpw0VOVF3SbDZowm8WZavEfe KNE8N3CyrhZokcOmHSOmrZhlrsloq1ZaMLt3K67jRsw2fxOVHRcuquk5bMsOXTtos4Wct2DdJZo1 WZYSScJtmVHRhJ+kDZlo3atWKOHLY3aPEnab6/H09O3pd02bt0lElFCijZdR0ku0cujmGEChIoT+ gR3IC0MgqPcbPUceIvHzkVjpIRebGKzkEw3HBB8AXqPUeO1HZaztsY4QcOnXufb0fECMFCK7djA7 HYHahIG3XV0cY4txNW7bMlYdWFZuh89jICIDXe4mVVzaTzGMoj0YwuhEIbkmU/XXWHceYDckqKeV mNq+KFXBJSr1fTOxhcwSe1tuskAkRFEEBokYCEQ3s1eFC+HLFfryfDEl3VhtBkoACCUI0axpTfu9 G83z4WGQDYILZvCBhUlEJQSgmhN0pzS9bfwjFuvLSiuawJlXLaXYNwoUIIqdMESxgABqJQiIQTxE YNCXBy/hesQuzlstSvpfd7S5EWgveCjXGy6Ggujj20tDaNaRnfCnq1o0unZKgqq6KOmE3t/Bq6Vd Pzbxyp5rjjh3dV6tOtJgIiAQgDUD9VixSC48EAwxsjwFyC/jZPEE6c939WrxL3PhuRGiGV0EW1g7 dHFCIgwpT4RkhOjWiIKdJK1utEUTpFI1Wjl8UeJPihxy8Y98tGIafOIYvMYYmS6+4zqVQ11XKFkB 0slt99gIwi3rF9ZEI6bmaIr8cLq7AyjU/LGbwJ8pePp7pm6ERnDpOD3Ul74asxYiEaNGquZSzek4 z1wu7bJuGXpo32OdK6pytScp4clDjFk9F3Nq0k5ubo2IbGM2iWZSlkHTZtJqe1kadrtak9YGEEVp rERV9N3xWzXxd0um9NGzVy6TenVFDOm8JKW2czwRzsfCSd3jR5WMQJe5Up1JIiNyddXKdXHV3bZV 3VdljLho9rtnSjiOW28pEY0xWs6+UrlypW3FxEelfqKV9avbci3xzy5Zzdyk7a3Y2tBy6cJsGihf ER6Z7eNHbJdZoyf1SQjogxK5YO7T2vgGWesUzVZIlVVAqJZllHUk+laWdqp1SX0Xu9n2bK7LulWP qbL44YaJsOGzaO3K2JKXiIQ5QtERfLVPQiEVnNNNhzzSbdupTKc5Tq3ZTcpOXLeIbEiqhWq2HJTk r4zgzxhKUszaCC73CUyugVlFOnhvH9eXktHTVnRxELNPWqi13oo+KwwGC+IwR5ceQMjsNCR0Mhxf gvleySTryYHvdYUtdVvECkE0GOBSt4YDZkZILBq79HSQK0tJvp7bvNqLJ6y4n29Pbxq9uF3b0/yj R7XnCERsgIk0ZYVfT+bDZRZNNu4VbMrrJqKv2LqnX6vt4w2cu3xZJZ06SfE3SSqzLDVyZbNXKr7c GmyWr25d91ct3STdV25WctWG6q6jlllN0uVatnpZZ2665ctW6ijpRJswk5XeKrP1dLqatE4/Z6bX dvajlnSz20arPbLCpo6OmHbg0cOlUntyk0UYe/faOEmWrto2WdNlGiiREwJngQ7w3eQuoWzNuIX+ fl3hn6TckswOJsCHvL68/Qd/jmFDfR7iKqzyHp8rtJJdj4nlUggXPpNGoVgGpnXWpAdxfttkfIhJ chziAhSSJMAkzc9I1BzlDwGZ69eu7235lSdG3N1nOVWGTAl1TinSLQJVrbuzhTx+rgzlYfaEhCSC Tqvb115LWt+6ee7PNvt4AAHn9ZLIioiKjA2668TCBEOOhtqQ2gPTXa3uUtOaJ6TxO6m7Uuywk/R8 iGq94skxNV9tLEEJbJfpdFYNkkPbWat/iiJNlnUqiJJudiKhBFJMSImwoRE/spvqyuaPiSqvmayz PbftLS+vVsz5Rq/fhdR6PHT8C64HbCWTTrbLLdjXhgMa8rjAea+QwiTDZjlBJLpTIc0WrUtG6jtw jD8/azG/szJ5Os41zSdMddweKmkHLO22oi7eijXa3K+XWqm2lDDtZBGrUkqrSkTTyszKiriIhD7V 44e2iuO2zZV4kYWbpOG7pss+OM8nUnij3rjOEAO4hvhyWaM2p5cQPJ2N+fAZ4JR4utmt2J5Wjxw5 WrlJZVw4ct2IJ4xrOtJaeqP46Vbq5JPSTXpVNyiEGydnDlPLSIz17UWxdwiINaVy9J6c2Tm0ek1k iv3niFFkCyQfBDhVCMRgpb3gCgmF0FgWFAzlutm0bJswLIaW9VQRop2k3bJqtGUlHuRwqso9H70L 027v0lJEO9r71hSl66wgjZxlEILq2fSnzM91PjL6enPq8vmqTWeWq/TRw03uRrR8nOOGibgw98bN V03arCag5cSNYxmajMuHjihJTd7XejITQebPOxgm3emqrSxKW6c4hqUVVVk9crKvpo2eOWdEtHXL Ks1XpVJ48ZYeLu1l360frRvEMSN90+5N8TRDUqOysPm70h49K54S+OG7Vw8X56Ybs2ln5+WXTV9N HpVZs/CDS+z3zOPJSkWlCcoC0ogtr1Nlqo9pr0l2ywp9pZWa09vUlGFOWXmzKTRVq3bs+suYQiNs TSnoo2ekk0k1nLU8KsPHto6au8pTSXddbNkmjZw/WYTatlm7Blym8WccenLCzCTXtLLxu3XartVX CxdRUu1Ycq0Ss9KNmqy7tc2enThZsVaJMpun8UQcxNwn+zKjs9+9WrpJ29Na0e3pZdI9tdelmGjZ Or4e1VHJsw8RI4eOWI5YEzHHAoaxzAcuLTed4C8zv8LIH0a8h0IFsJmw0D1m4NgqjmSyanMgNwHO lGB2GYZgjtERVITC0TiEr2UvsYLtA142dIRuAQKMZlabtLcE4RI+Ku88mashy4nLy7koaMzuRYzR 1DBeZEU1hVjLy34c4tm+tzfhnJhJpWoKgYnvKq6NbyqthvrpelPvMwcQiSAxCTwskQluHj49MkCR A2aw0gTGcvhqwtxXS2CqyIKfk11fxKNmlUaJun8N3xy0bGKv0nVK0uFlYRndJtpotEcsKIIh9Par dwqm/tEZgaSYltIh3OcT2SVZjZe0XQKBtSUmqthdtlSUqWYWXGrwIGRzKGRYw5GjFKdqMq4Sy4cO W72ky5ctkvvmJy7iJSklpaUp81iko9SVkhGnah8aLSb+SbtisoN3EcKE5pQKnj8jf2/dZT2mn8LW xHNoTk1ctGA5sOxVszArbbmbIO17ulow8NUYlFEGd4kCk1ykSg84YVROaX0u7cbeIhB7ZbG6fA4m xK7Lp4y4dLpOV30m8SSfrVfh6epRKJKczaSiK+pvrTb3A0CRowrL1J42T6Ycm725bNIp97sJNVrJ OlSazDPvXq9YlJC954n9bUg1iGRSvKzPLC6T/L1tRowopERRhNRhJ9pvH07WjubCmrTpVXDDtk0a LtGVVL9c0d3oiskRTnnKFM3lXDpLoqu6V+1m7rdRNd0u39ZWcJpuGz+EII0f1oyXkyJaGBgbc72Z jXK+MVCqUE7SYQ7SzzZmJntEQYYbK6Hj0nwkbS95REGjnhw4dqNl/i7Xt2nRo/PV6eLPS7DCjL+a sQR68vOjFWTkmE10HYUyZoMOSjKg5nJalQd7jUQPSia95rMtFPHx8/VNhSnic7tFKbPbR4y0cPPU cyzZNFJ6fKa4mrW0dJcWzJ6dW3e2npsopzKyezas1nplNl7Nl1XjZpEUAogiGm6U3Kjp6XUWXYen TZ17lL0q5YdmzLhu7cIxp0wnSXhoaueZSsoymsm3Xvl4wk8bNXBIoym1TcqOlHibLV0bu2zKjth4 s6cKN3L+kQ6Nlnr1My9MqJtHbps1WcPGXTRODbMWTnhlZJNJ/TVs3bPT0qy9OlVGzKbhhVysqqw9 rNHLR25WMrqKvXqjlVu0VcqKqpN27h/UhyfP1x1B3+f0gj+D4eH8hGD+SH8yj8oLCQd3ZBYkdDOT c33a2hXBbNso0pAlBsVRmZUcqPQ70/A2QHaNJ9kOVahqItyIE0pKIfhSMbVnxT82KHeCIVLHoIrG lNsVDrhyzHOZIwwvF45tcRFaShb7kIunQEyDNkqW9LhYzd1ls0Ls0fciJtBo4B0AjjRARS4REzVe xssYHFoyAOEBRBgAJxIRE99ZZThUwcOpE6ZVj6UTSdJkfsfk5VizCqU37F9G07rNJEuU10OsJ5VP /zRq2WaN1VGqh2a9WvOCZ6UhFZZCoKIyoHMYgdzRadZflWVUMSBUmojR9OGiqHSevziYicgbN027 44dN12pEdpIiTtKUms5w5r3luVJSaJtN14ia7NUtBWBs8ws1WQ4O1XXxd/YgJeXswnpmXkS0Y1G0 KUoRGWSLtFBh2jDVAGhX69V4kgiRF0m6CuGkRCFnzCdGbvRNX7TW/s+zZs02ap6NX2u5enLVs6zr vlpXNonTRK6qcVl+CfTKvCrKTaybVqyq12iIvodq7KxdPdLZL326asNaONGX4I0+nbou1VYUVePk PPJYklOZvpxKCJarpMpJ7PTcjpEk0tmXLTCVEtHtRq6Ve2VVFGGCi1l1mrKy7aIj39Wdstseo9bS rJPmlI7lC9bbxERq8XU6aqsQUary3S6eJx4lwmmsmnHnDpRu0SaJvTCjpy6OaZvKTudKc1aGVl4Q MrI+KViFG70yos8aNmHHHXLWT8DW0qO2W717e2rh7enLtRJ30234Z6e++q0zR3K3pymXbKM8qpLn hn5y0YSTlNhOh9KnKzwy9P6PXz439VicuK7WPUl10618UbOTdTzyrX28YbPbpucNttVl323TREFG XChwznpRdu9unbdNs6Ybu1nTKNWyzdoNW7pwaN1VHbeHo0bqrulVmVWNmGWiabRy6cNzlVNom6ZV cum/SXDRNVhJos5arrt11Hnmrtlhoy7VavFF1nD8nGiWZOmzRZq2SeHCT61sk1cfsoT+LOGqjVdV 7ZYaMPFnnxLt2vERRJGjKzRJ8+YUVbuW7Vw1YiIQ+z+uCcHhHfZ9HZHYPQkuS8kJLIF7EG/TO9zX GMenHpFRyuBBJRvUDPv8WbbLncazpoiMDAKCxaoJYrSAnFjdqYMQtQhm0s3d3qmNu7oFXmFMU8qT 1659enpOpMrOA2zUAIkFQCrqW6aFOGeJWBUYqQpc3h9bAyUoGswPT271xFbbu9oMadFNT3AGoYOD BtRBgUaIKGkTKFUvBKN9ZUpRrdqqpEWBdOkJTKTsqliUNYgURfsaLLLJG35wbUVSeniZGrKyKenx i0uLttMrkP29MunblQ7USWZbNXUpVvtOSdGiUnTqej2123tj3f6rqv65xZryy/ds2SdrkbMqqvFu Hff8LMvn3uw8bPajl6fmu99SlLuPn1TFKUrPZ+Z900YXd8rUkkrEocs4TfHTd7eJs+3iylTZE6wW Wfhw3SUOF1HpVo4fzIbttMbyZlP1e16pzl4naoiz8GqkcPFmkkeNZvfDRP70tC6TLCbKrhsqXenL hSuklbzvXi1NrRLCvp2thqm3N1Fe3Cfeif4SbsHa3tJq+mjd9EG6SEavSjDsywo/VTStfJVYlJu9 +02nblbqsSk1ShN7fNxFfn10qMjjgUwcjA0NDQYQNgnqbyYPfIaXoCBDiNXPPLtps1aqYbpzXdPT Lhq+LJJpuWr+ye0S7ljSi8uLtf2k9eEo1aMvSZSjL9SqknKaz6bpuGye8qPvTZ/OlnpdlNNI3dPj 7+93T8FlG0Y6+pJyjZJJsno7cspMOJJsta2fHTlRdqo3XWYZcu6Z1XlSmlfa8lHLZS0sVce2uqP2 xEekVXYTc9sJ6tf1KMLNHLU/fy8iCIddrOVLG7VNl0m3elGHLVuk0dqOlkmHtwyXbuHLko1cqLru Grhy27OXDplo1ZSTbKuWjt06bO1XbZwqw/oasqPFHr74PbdJOEEXaN3So/tQ0cunpZ7Smly8SN3C pJNZ2y3Ve0m7dhykssyw/k17aNlIy2fGXTZddwq7MrMuFVXv3y0WXTeKsOm7RbWic+VW20mgRKyh QuGLzMoTO30ABvDvNEIDQ7jtv8kICKSyrN8tWcGGDYOZEGZtdgRY8h8+7hOFrGyH4X4vioZuhcei cMDLogOJSDsJwCREEgHUIEIx69SuTtrX2X5bphh3PHzJFhaQtrX5dk8eM7rriNDM9tyvPGciOYxi 5lALcEqTnGDahcYm4dxFTisM7aiLGwmlSAEPv8vNbqcWv1xPqeseI7JrxEIVSQk5OqlERBWIjimR DLHE5ZtpWnd6pLHCf5KKNqpRVok/Lhc2bUYcqTaNeV3SzZ9qqLvT0o7ScRE94neVdJTRdy2SLlr8 rNKQgT10xxecrZyko1lEQcO42cMNnCqKw2aLtVYQRs1iOHDx5+WXpy4buWxq3a61/aj13SUu5xmW tZ18prOfPjSBVVKcGFq2SqWXa+nSjRR6Sdt2uWiSrVHDRNhZpHONKaUn42TibZeCr0W7g2UbqNVk KbsJ0mdvbCpovVJdR793at3TCjh6Satyph08xfiTEq942lhy5927aJNukuIOl1mrlZC6Ig8b76N+ Gq70yjKrdZ49MNXT2zu9ece+a6U33auWao9NW6yRwqoUSatVlHa72u3aN1XiTR2467lbqlNrSm35 pKE93jhn+Oj1R6dMPSab0yaulllWTdbw7xOlq98r80pS3LR40cumd2zxKM9t3bSc3z5dhq3SZVbO mQnXR4Yc02ZV45a/FV6bgSG0OwIxsQMhgfAYFXbhhVhhR751V0lt3jqmml61n29rxSvLQ6Sy8Vkv 23k0Zrs0bpMssKmWyTtVV6gEUevebtDxNu7YZe1nDxoSTaF3plOD+sj+yDV11qu6OnD07WeOE3TC Sz2my339Jz9tHDLCfSVHt0qkmo5e0mMO2ibl23bJOkk2rrrVdZo5cPHDhNho4cuHT8OF3DC54flp hq0eeavTly2Ue1n5zKPT0s7WVcvcTe05NHbdN2o+NmU1G67eQg5kO9Te363eCINw8qoOJiHYGYKb ke9I2nij1JTKwuLBAvV6A3WtGWRpen3wdrEOVu+yF8+k0oXnEtk0p6dn3G6cmQSYBsFRQZ9MkPuT BxM3aUhiY8UedeKtNsWLkZiNZwelpXau6sztqBCIuW20oCmj5g8DhUxjEmDThs2FJ0EdUQKSQAnb dD0VeF9Oz83JrNEfT9JSE0lEQr0ZKOSJqIdWta0/K96Pbr6OOEL1N9zQHkMhyYSkidA+QTDSFUxH eU4otGrR43o1cLpvCSZvK67hgW6h4vYAECIQhAw4FjjLKpPW+n1nleRr3++bR+xuv6VZemrEdqE4 UYTiIEenjthlR0s2en5Gu6UStxPnX05iIEe1HZs0I1jVy/Ygj5qvCCOG7tww3VaE2rtu/c5lv1TH d8TidIiKPjjU70swk0Ruyw27du3beabR8Uctj40+vbrhv1upTzye1660XhXpNNrOa87PRq6VNmja ITeLJuHTtV432Tenbloks4ck++qa0iJqSivu6/Ltsq9e/yaOm7V8Vw6bHxbpdw0UeLWuy9u2Fk1l FWjdd611itZeusp01kk5p1F1Gy7hi+nTp0wso9etFWr46aN2Xxsu9JtFk3TFvXe23rXesS4Sem7l rIu0wm2uneSzV01csum67j+S3Gdmadz3dqLSUc8sMPknxyw8XYqmqs1UavG7tdVw3cJU3n5KmO62 nO1nH0teOl+XW54q8fX1Rd07T2y1Scrptnp25aPEn0/J8iI1dYyldNJZhRVlVsm9t2GFFnCrqKpa sOWzhN7btH04STSXclHTRls1cNn5xEf1aO2V0mrVhl05SZJPGWjRy5aPv78XbMPSrVJRw7Uaqqva iyabddqu1NEmrDlo2VScpvz4ZbrJMmzrrh6/dh2vfZ7YbMtlFmN2icTLPHtd7USYeKMKMJu3PPDl Iku5avs/nER3B9ohB+9/J/UHwDccZ1GgS8MRQ5TiOsu6uRanJ4KVMvaF3B3w+7+TXL9tv631/lz3 AdkscE9p+S0+Ssx4YZZyb+iLb8m+CiyKOMTSI5UGrxDfQ75NMzDrp2UjIrszwWgqKmzoGZ2CQLxZ KRiBDHiF1kPTHeSOmzArxd4hFLxjwA66tiZvyxUTdTWXK6QWamgNXivi2SvZp17z55wdAIBRA5SQ xEjdKCty1zevVZWia0uH6fpw7IQtI1btKETSROUQgg6UbbH7VoRJo6m7d3WcuFGJfwy2U8TT5eNG zvdY9OWI41xuqHy69yxCAKq4Et2rGuYdruC2t6TUptQKGBhAijR0w4W0XeOmztdVd56trnSXXdNr 287cbbZea53glMG6WxDhPSjZJ9vacOJRCarDLxZJNlJsq0bXWapJMOnCddtdd5pS3TZiKKGy6SaI QcLrQgjTZZ7SQmq8bOiqr05XbnW29uK5tvEROdlL5Tk5aUqXTiIwpq5drWkap9LLLpGijdRus4es +Ad4kFWzHHUNnDNniNkQilmObBh0kzQBLyerFrvicFlFf7PF1l2FDd6VfS76felpS7v1IiIw0Tfb xpL7wy2W33SX++m1lnL2yYx7dNnbhPqetJ8TnTajam65RZMr296RmN3PPpy40dN3Knj5P0l0m4Ue Jt028ddzlr5zbjlEUpW27crdOfDVhJo598JOUnvlqqy3dtWzlRNo3fk384knKnEkO9HDFO1HjR6V Zo7WaQiI6SQwkiPny7o1ePGj03XenqSWGi6znV/IiPFHT477+L8stjp9NVnLluwk330bMptHSTlV 4/a/h4yq5cunT6UenLRh6fSrZhZRZhVow7UdNHiT83pVVZ21crquXbZwsq6TTUWUdpNU3bdqqy4V ZLPnyrDLRdluu6enTD04OknSbdiq7tlVom772i0v3dN3bZ/CDtJNwuky5JuHT292WZj17dp+3v3Z o4ScN3pJVZ6VUcvTtZwyq1cLKu3TCqj9b+CPmpP+AFPIHCPSr3nghyhyFqBtICcvKA5wqGsVDsxR A7VPt4uc1kPZQp+0/0hO7hMmTdZx+i5S3F0i2Y3/2cdFEoxE8UCXRhIUyee0uPbJKAfk5iROQQ/m /rkcLK1pkIWQPGBmEgREiHXGgBCCEI9CvfDxrYoFRBSHggAyoAFsEFKXKihdR3uALouBEyypwkKa Z31KXkW/rn66iFsf7xMsb5cSRQtinKYguf0XT/sYf4HfoN3SoLIYnxYX/lNchT3GojDQhOwl7Uk4 Ont0YbJsdzONN7BbfWpWmn55ddtvMZGor9hP2EPxRSqsV7AaAai8zIBIJaoCVICvSrFW4+8Yn9Qg AR/0jQWkf0ghQjI73j31eAGCd0kpYKooAiQUIqxQUIsEQRgsEEFiyRRIgiCggwZPAkjRFYyIorEE FixGRioCMWAyG0kZAkoD4AsIBKhWEVVVVVSWAiWSMiUspRYiiWSMBJaWSJUVSKqkWKs/BixQZIAx YgxBixYsWICRgrGEIEKREJIwZJLMifEX9BBJEDWrwq0VQqrerVQrFMiu//e1lQWCMFFBHTROpzkn 6+xtd5JQOqsX2ojNGRv1f0ISrte0/BAFccF+iIvv+jo+P6Z8NaYe5IfEIfkyBj6rR2ALf32VP/z8 JhVm0hCzgceZTjNjIQ3zUz/L6cUEELckhkQuTP+qFZtt2ENCY6Q0rO34auF6azrB6x6Iht0shhFU WbcX2arId0CBkzUSywGDT8q8ROX/2M6PSWf+j/ieYxh8YDR/8B+tQphrO71SMlheH8QrA5I3GAQT IZNd/OP/tZrJHEy9j+7viOwmLepIYkCE4xuXVd5XXFQ8aqmqLVoXj7uvkdwXaSfnTuIrj0tOa+3b aNprMwDjxDTBpDCJUdrULyGeJ+g5KFiWCxQQmySAsIFQIpFJIMgLCMSQGQFCQVixX+/e8j/95z8n /o3PNAImXy2aNsfX/gf7gqKwr1N0EGDdZozyEYrISREZAgkN/LphzetYFh1WzbSklCnJ4+Uh6jIe 7oFLixSSIgQSRD2WyAsUFH+VLBQWAvQZCoMZ8j1anZGIxQUARGRUVFRUYMVkRiGIaiQVJJJgn9rf 2dnd5RMDPR7O43dBYWP9E4Clok2JP9ufea0yccXBSPDqjwO+AHaKU/X4RqXwFQFaiTg+yIo/R7vn +f4v6rol02TJq1KVT9GZlr72AyIkRoVBiqmN1WG6GTYuWMLCCQgIWZmjfzLZNiQiIcWUOnHoE8MK OzO/oXSQ0otIfINWNwwyiKqsRURR32d5daWfPxx8pPu/I+D9qs5yng6/rMyXgRP/VFCqQ5IGFMa1 BIiKP4Jdp0M688QjPQtx7dQ2akz5JGcY7xSE2g3flxcM4PP1szP691h+r84TTG0OpiQ+tv9Pufyu Gd3TgFYkgMsGyQA8EI/lqcmXhDy3ZC7L4HcLiveWYGJiMOCTkPRz4XAfD+jh1VD8RiEEx4BATIwH OB8Qfo2hJ3gf60UUVED+L3qDmZg0HoT0iPm+mXMorl7Ji5dvl32d3Y8TVeL9sgbJhgwBXh6dRyuG cgAa+SdH1KIbqg99je52Oh5wXcWhvyzbWPPVFfq+CVFw7g31tYnyyjTzk8YSHlGMyTSd4xjN4Qly XLvwxZeC5CPky8JlwOoMxohgCIBAiEGBBV5jzpzFRUsTBogKV5WAUPSy9Qb3nMxLBvg8tJInoxPa WgOLEzsB6y3So/D51SmwlaUfLELKh0HjOSj1m61KnDTD1ZU1htLF3I7k2gczNDteADau1Go/ibEd Gfja7XcyuF6Sb/RuIqPo6dk56PNqu7szvUejjoDK9MGR1S2B1NByRAoOGLANuIwWCEiRgZNnVJIQ nZKcZaHfOM1ieL5a/MpcHUgVzDqQNCBokHncWlyVcVthcpMR/1Wyo3IQ5IopmodHhbDNWhWRPLiv sTC69G6vl3/gxuqqqRfq9704elq0vTOx7vLqBsfOfBO4NLwLxoHU0PG8KcqhuLB+JwrY2N4W3+Is SoHRpByCqA54oPiLbube7szoT+lbC/4IZt4MZmfIGi1dQCY/DgxgJA+SGGDELMjNFiWZXJJVZZAV DAOzsG9xfE27kLxVZuok3iquA6AkaMAQgEOhC5KiYjEkcxV3JbA1WnYX8xWYbNlHZnf2qMYNF5VJ HFAMj8YtJ3ZnHp7Q8gOnNGhWXVNWkh61kRinGQMMDEfXb1i/ZxtflEniQ9FAtsa1D5qo5MdjoA5+ /odg7mQBEJBo05zdevQhgmA+VC5LW8O4qlDPDiPabM3REZhmAzNNGk7szj6qhbA4CNwAYf6gLxRq MlB3J6zCxQ8TuXZ90DjRDbsm2lJKU21pK0qdZ7QcWsXYmy2ttsi1gP+IFFGEVAI2GXKrUv7jgdJQ vLy/oDoGBYFhYcTYZOgJ+03TJ5om2MiskigP+REDcfyNnb+ffySQkIQIQkZN30ps8WZx37BFMjYR 2sQPsOBMUJooEF2JGjf3ROBOpmGs3uzs7Ds/Zi8rPIldQu++xKwl6bSwvB6gC4LDUXJOv5U7G4R6 2XvZeR7TqzMLMcd3I8YWDbaBzDRslp/zMg1fXDCBgOygn2uMj1gwAjIBEFCMIjAEZBZEUh0CpKAh AjD7sAqVEAcCxf3Ss0W/Ky7kDR9HThWtG64dLBwdDoALX/r7FSyFRjkvpOJCeKKApIjICrIoQWSK LBZCEUkVFLjN+lzi5WGUwsjAWt7HIh5vmwnBhMoMPB1BmhT+Hu/3/x2+6OUqfwsRawhXZMzGRFRE kguOReVH8TA/kH8jIgMGB+r+/WQMzL+pw1cqER/4wbuFX1z3LjjiWJ94yojvu7+D8UEQ7TasNz1e BEPyemVnTRl7bJMPT9u+XDxTxQ9KtlS5RJhus6MqbJRNRymym5UcsuGqzC0nDVousotU4t0upTLl N69VWcvbxlwsso8TctmFHa7D9cHows9O1oNVnfdHCrl4km9JNnbh/1Qw8UaMNGWGaOzKmSTjibZs kkenpN7Ye2x0knePG+9a5WauTpjFlmrphy9nTpc0bLHaTLRJh0uo/yH/Z9NPb4nJo4fFXiLLvibl o0XWYdO2jt6ZZeKtHpywkwwwmm9Kspst1GzZu0ePx/KREP+j/coUH7kH5Rs8bn29OX0k+Py/LD8G GrR9vp+D8FV36lDpR+URH+S2X5J+mrBsmy1bN3Dl41bsMvyYfViX3HP4RGOkvHLZs2XJt327SSJk SQ5YfoN/Ykwz+xz9IkREeP5szMzNHXiZGh+5kDIZLZ4/RuBfUNZbl4eGTEspiAU3dx3Zsh30AUbC EgsCW2QkH+eJFgdE6al/ez/SkwOtinVNz+HTU0bR8YdjpsevMVVVVVVVVVVVVVVVVVVVVVVVVVdF qqqqqqqqqqqqqqqqqqq+iSWqqqqqqqqqqqqqqqqr/EeT+EOfdACSP09uHUtHIN0PA6HYgOeIWkSh j9FoeJWEQ8i8tLDsNS8D5YIcfHkMyoH3qh/MwKmjUTiChecvb+td/N+D/NapssPxYNUySaj8U139 0Qw5fb6P6NWWqi782yrZ27bt1FlGf2Qk2finf0eHBeK1EAfYHx7CQ1DkXYeo5G33oLEGMgdIdH+K BgN5OJaOfIHvkQQje7xY62OqicqOUggPgfnXL37R18RMzExkEPQvU8K7r3aLlM202oWHnSGqgmR+ wQIMCQQUhFsPNirRcz2hwByLamVW5BNcHY/YLEiQcPNbA9CCKJhRq+XEkRhcYe9AxtCRNg8AziiG 5A7B7VfmeLaKRrTTD5JMr2iAD6DejYRxBaC2gusVeHpRYMxWNUbxp33u6ZM4toG3/B3YhuUBL4/J sA0Ow6EelL7fmxh4NmsOihP8woBQxQBX+3HsBgrs+0IEZFWQJGAkEIgpBSApELgqCPWxkVSAeyHR iM5GqL8Z+oyGioIxSMp94YAWRIo5t6jSgyblAS0LCCStf4vMayMJMid1+HDRD6jaFHGxVhBLN+o2 qbgHENZkAu5WE5AZ7jIQoFlgQhFhB9qCh8rnuRRRdo1FFF/b834m8nH1bIjHQ/+P7m+JzzS2nCH6 x/dSwxJNtlkodT3kDnqnEHjQ4TxC9QvN4kLgg/mow8xhef26rvs+n55T+n2Eu78MoHpLrrrqxvvP iVF5EgXH3mJgYn0FgSOBEtmSLi4/AcuPWXYWSpZY0MHOva0gZYYYZSg/yqLuHbdh/quyTuCuir0p Vwm5apNFGqjlR33ds7eLpspsKpsvT+7RuvCOx5PCilMP701Fnpy9qPPO3CTZ6Te2zKWqU2zRhJys 0dM4auVPbQ9nZV33uw3cLsvaU5cpLNFnDQoqw0eKsmWixJ0y6YUaKsO1lGjxSiWzRNNw3TWZaMt1 mx2uw2SZcYmlPCzR41SeecsNiRx5o1UpJlNV42eOnabVhds6UePHKqzMKWSu880cJOFa6OXZ2ijd hq4KVjpyo22upeyTJ/fwu/uPFlF27xom1cuXPNGEl3p49PH9v47fjq6avp48fbChyw9KlZv6oXRJ azMuKjcYFpWlUGoW09grCILfcN9vib03dFHLx+DLtVVd7fFXD6dKvP1cmz6ZfnEQh1z7fqTpu8fH LVhc6Jvar4kskuu0Omhqo1WUXVVe2zZhR69ehww2bPb7iL3cp9PFXibKkWePHjd40ZfGp9NlFGzV s5f2ywy0bvi0SdJxH9UJO/Gicjlwy5VXapruSTt7aulHjfpN/V/iI/NFgHEJNnfTMrwhkQ9RW84X 0GAR8jgnMrlVtu9JT6dQecUMb2SZ6LlJ2nELgGM16zsqBReBUSgbO/4nKdOeYiKoXQRColVJAFkI kCRVTRnplPFmDivNty8h3AhQRKELCCJwEBIQBCnyPyKLcj0HSQzHN4dVkv6383xNh+D4/m7VYUWZ WP7H9hO7RlTRlJ+qbbq30uy3astV3DlNuk1UatXKSbZywk4cKo/wtMJXdH9jd0k2evXpuemXLRwm m/jy9KrtG7LffZsum3TcPbp7aJOVD+PZ00WdMLNHPNW7hdqm5SZbOV1npxw44m6bP5qGxVy1Yx9N Wrtd2SVdl26bpX1JdKfjKazxqk0ZMMLsMtkk3Jok+QgaqG6SzhR8ek+Uoy0el2E12E2zhhRw2ZUb OVGrDt2YTXf1bqN2rhqmwYZdLsv3obfPnDVlqlEmpw5dLPbpV2uk9NX4wft/N+aFIOT8HSRuy7dK oFpMqDxWgGh8hjG0zKzebzaWhaj2MJOvIBxekCAhLyZC1EUw2wzIDHA0Im04F50oNE2c4lRQrNRz L9TJvM3G4qMDyQgNoyQCv/oomgiGjh7fsX1fCjxd+JRJo+1n2+KrLTeKnGZ1D8mSAyCbT+oUvy5T 80K1xNRmLjL6SSePHj/Assy1XPH8G0II5j9ykVrQWdK1y5VatVWyrh7VVXVZZbwhvEgS2TatHx4o y4ZcqtY/vSq1N36fplstDkkY/uE/uVJQrCDdJHf8ES7OVXj21fg+nxkYyLiZaOTPfqKis167j50Q kdxuPFQS8QYYIn1JnPHgkpAkTiEamZwPJqm/gIhoArIkj6Qt0FhBhagcgUSipcLSUh8q4v6ih0Hi LnHKq5IWXtvH7CiS7B80hti6ApBu+Z7/dJjcwMEr7ZJTFYgm9pFJFJBLNGCIiA9pQoDZPIUhIvEh NzWIVaII1GLAFgwgiCRiRixJGDFgwCIDj70CEoAEKe0qA7q8d9eeHSeogSSSN14obYiGMEGiKiQA 9obMx9yINUKA8a+tEW0wBNm0EsQBXLYAYJkf5Mqz7TLIsYcYkDbDnA8NH2yclGBA8maUIBzh/cpI IVAtoFIccFkyT/eGzYw39z8VKBn0kPnOvSGvgHrPo+YR5yEqm1ZZffcMgO0LkAJIjx9AcU+brv+f Mu3dmT7Fs6SI5FIiM/WWGkNW2LB0Blo5GJaSlKKL9rTTKVOrbsZJRuqjrAplksE7ksYaoHcMMFFF T7F/H8OPxdv1/lZPQikDlgTuwpN+6ldAbTvybWqd/9KbmGhFhCiVUES+w6nY/Yeo/M8RMPM3Nj+M TxXfF4J/hdP2ut9T+uNu783pVo3ZVNGGz827ds0TdOFjZskw/wPtsyqk8cquk04huu5WdGyarlhd 21XWdxZLdyyxGjLpssSfz/fNypTVo2XZfUIRG7d7Lm7xokcquXbKazdNVwsyuoo2WeLNkybl/FJw ow3w3T9pParhJNuZaNHSxdw5YaGrhdd+0i/dGidOk3DVdlo6dOXj84giGjL6+pSyoquWtKVFXL+7 CPbhjGW7Zy6O2HRZ+qAR4+MQeknLdJu+ntzKU2z6fG7160aqUm2cPT3ER6TasunDRl5F2+9Kqu3t h/LZZwwm9OVnKiayrZyYavT0cNiwQVOQoggxGbVpTXCEGQnGFN90k+vrdLxy9JLunfaX09HT7TfT LZdzxZkO4PFMMehN9QkO0BaHY5HAgdC84ExMTJExiBMmTDQC3hv2G8165SkdkGh0ORvJkyBvD8U0 35Oms2X5m7dJ01OFU0n5rKrtnCrhVNldlZ7dNWxqmw+z+rJ4qso4aOEjtddu3btH7Ca6STtVswcK JxeSIVYTsFETIw6KJIDFxDOagymchrLSh9qWRA3bsjI1G0oXmgxWYEjFBIKGs0PNeTJp9pT4zc9/ cRO48/PA5P/ofSb7ffwqqqrqKXoaoQPCSMCEgSXnSFonfLvGUDaqB3KpiFze7E1wPj6hDrQ3HdyN x2DuDqFCRA8iRUSIh4DneWHUrEkGxAj5lEBQ3gH0iBIy6nMVhnMPE6g5T5sSILzO5A/ulE2m9U+v z++wqQzogxcQzhyh58op/IDEoNpiS8pS/QV7yxu/5yPaAjmUEfICrUN3oNWGiRrVZ+soHmDl17yU 9MoZZqrN8URPWwk6MhYfxUzYWp77sOIbuYC7XUE4xqYzwo98cB7J6/vWNBTDU5cwNW9UnJwhIi7z ReWMIBFpNUPeWSqjgOicrGkPjGKhUYL3sw54tnAIxVhnYccHNiQSIMs6hzdhGJkQiQqhNhmi9LMa SajwkiVz0Nptw8+3KHovq2R0ZGmog0Ja4kW3PvkaMivSyGcCuHG6O8n9AXA7K36wSDBZHwle0fTU CNGTHBg5LkuYopZZsgISJFBCxYYYoMMUCJIdBIBsOLlyZh0OOOOQHIBMTqGAGFSQCPWbS89pvLzI 2kDebyBtPWROA5QmcRiwvLDsHt9nvxHdzuI4DlQ1tsYZ236mz+7d3cHw8rOFt+yHO8xNZM1GszIF pekmwu2Weyyaaar9qTRR9/eyyS7Rumk1UUcPtqs3bmjl+pR6auuuX9Z+Td21btm1eVFnpXp0sy1V VZZenpRosyYcrruKJR6UbP4oyo4YT9qOGiztRw7bumTIcsKED112ucWyZG5h207+6ARfOBzaJ0fl o72SgN+TsjFx0zDzIcom+u9kswDJHm3DupYoD6inwYD3N7G7FgRbKJ9OGCmST949MoHwN5O41XfT FvN5V1QzzpMitb3v6a65daquRidRZjFRaRKiAMTOj9btVZJUs0TWZXYfE0k2GiXc2EoaSJSfo1dN GrVs4fkykkmyy0fms1YwwsaJGzZJRJyuTbKNHCb937uX4qk2zjtN226aE+TlJw2SSarJtmqbDQ5X XUelXjhRo1eOCeuEtm6jo5atFnDpRQwu4SVUdG7lJo6dMlf2n5kn7fzU/YfriHuEBLRBTlVuACK9 nSvDhlAkGyrQ9kWAKeLCSVJAWERIxgLJBFFQZOVRFVN9ghuH2FhQZCfVDrEUVGENFoi7JAIkIAUC GxBgTfYDvwOT8VH5vtN+Syij8nxZgwk0WbpPj+goSGLEGBIAbS4ynIXlibXSbyAK1Qr+zZLh00eo h+t7el3T2w6Mv2KKsNE3xdUss3WWVYVUekRJw3bJMtXCq5RumOEiJYOVmBMwMDA5kyw5gtiEgS9O nwG2MMMmJKqDIGieGHLqSugenUpQbo65Ew9EXjUxFiZBxRYz7dtZVaZPN6VEHCKYseDjAxCGbnGV zsXqUKDFFuZaElPr6VJ3IjAijFVS5G45nEYgdDsZnMoMFCJmXl6xQIFk3iEqvtJJM1fqO35/gjoy q/xq3fF3t8m/c7zQgbcDaen01lgby43jqh4kRiZ4mR1AoOftIEzmupitiEJb+AfsEyWQRANpWahy 8xNhtImsiOXk2MOqAuNhacDkOGP7RMwwyYkejRXIOKaqXoF4dIgTgEooNxzHcdoWuAajztona2vW GIn7ANCvOmUKDTWhlxPVQadx4A/o0auYzIArDed5eFtIRlKNDdYea8tiefUPW6PfRX5nxYpvBU/h 6SaURdZx6AvNG3QG30l7OnyZYASRhLEWJvACCQK1KGRAchaGRFNIapVVRr6ORyBw2m+tVCgVQYKC iQSHj8gXJGHZCwEGJBBkEQgKCMYKKggCSGuCnPOAbxzFoECGbqkSXYqlTyU1WbEVwK5lh7TR1O5G 1WUQoIlLR4ccGFEsPDWPW9e6SbjlRGIqKBoiEpAYSTj9G5LZFyy6STeI4D9ddJIrc8kRGp9lpuDM H4UsqH7d50XwIDpFf0MxGEWBUsCIkmAuL+EyK5SGZoWqMGq5RNxZXAqhP7QrN8q3xpdtZPfRlhWV pxPedmE4DJe35mYirKGQSBIQJBTOKwDpFMzFB4yICoyKxIUZP8bJZibSRMnJDrEYIKRIUKFlDIj0 J24E+pU9kw90sIRqqJ7h8UGbRyS8zjzEIwgBAKeQIKloKcR0WgdORt5oKgGcbmHAMC1A4gTKifP3 Npgd1DfAES3v+h9LFbhfD7TAurXOGj+Y0NO1X3BXrRTyBF7GSgBPwJIlT1+73ufVv8+tW25dx09J QX2n2FhYOajEcuFeRMTzBj7TVZJN8fj/p/why9K16enf04rPj1rHCb08dOWF2jBu7WaN100l03lP 9NhPd0km3TdHDpomZXYcvPNnTpJw1YiItPZsnTk4ZNGSbhZq1TPHKTZu7WTduWHibDL/G5YXYcsJ uDY2ctnbVh0os0Zdv5IiDKar++JvGr03ZNm7589PTRJqkkmy9MrsY2cvaa7DDTSzR2ywo3bOl1Vl Xt25b7/b/SiI0ul4y6cNm70oo6dqvSqSjxo+nD22ZWZevWVnbd2m2Tatll3SrdRl07ccWaPaTVvR Ltlq6bpqKKLcOTo6dtUmGE3LlRrHw+KMOUm6bZNyk7SVKGcuKmJaWl5tN5AFamU6w61mlAiff3ij l+kH2+307culX4/jqTnZo+GVz6YSMrvS70rH0qtJLSOkuX5Q662faT8WqijlNJl/iafcpXaHJJwk 9OW7dS7+196v1tGHT4+m6r8I4iHDhZ9rvnr7Ubsvabdy1dJoIhhdd+/dd8XXSffbaBL3H6+X4vaz Cjd792aLtmy99CrDt48QRDxLP6NkM/paA0mp0IBcX7D7CAlBfK+RQEsFRPJskoWj+BQ7UPl1Lm9p b6PqCIagh40LgLU7u6ghnGKvm06p6i/rVE4erIu2ZaAfh3Hb2v4wwPH3K5Q5SYFonsADg9PEfdEQ PKKh3nOcqWRANZECyySSSmqz0AVbkasAtu2gPcC5jaXXegQMEKvNzZnpBBO0PghdeHmy8uywkBkF XHVvZ5CSilIHEAJ7BcCJELBECRce7bVIAnOicD0hgOnKnkCFvIUvUDsPSecOgO2o72X4xC8wFTbO ImtEajGQx9e1AUEtB7EukK/kryIbwHIOdQfahy9VD1qpBUhQVitCECWiyR+ukwyngUJgEkzZi1AL YIugd8v+tBNmlDQreGAyJEkgAQRJg0RYoCm/nLCkRYVnphIdly+cJVdL0og3+otA+skCQkkkJHKQ aRjGgpeazOQh5vaVC48ZQPWF4ZD9SRkFgIgyQRgBEIJIChBRRYikIsBGIsBCJGCQkEEkFkEk3O4L 88Aw2HJ4wo52P95oITydHhaML5UIUGeYALQ+4Nx7RMXvy4FcNEcYwkIh5A2978fDxFwociGWgGaB ikppOE9Nnrj6TYMju+LOaWKEW+w718QiRHB3cC1JCJ2Bj5GkPGh5B9Y4IftXmARHAPZrDj3NmTkQ 4E8QeZe095lUyYe8yh8im9aj07FANXQQpApCylDb4YfOybwNw0GYHAfL7nc5EYIIgEWJbAKBSgPp ct6vN7T10wyzDL6xT3ECSRa0A8CAK+HaIKm01gGPP8ShgSENBxX/AHQYrsyCN20kbYlIb4rOVTwP 5eyUaQTQFbE7H8ULHGxQUygYQMoJZcEN9EDMKc8e3ATm8bOgzXAeUd1CodJjfJCWIgAeVZ/kAixb bSHqQNfqIRhF+wlFDOBFdh06dzR9SFB8UTGIcXSNUTvIAExxQI/u5AhCKFQ6Zu8QAqgv8vuyNgf4 jvOyYZnLyFiN1hFRasvkTjPmUjIaKmUYh0n6hiBFSLUf8IGGd0SBtuC9dNoeNo28RKTy95RUlxcF TkM9AcoYafmriragegF4i1DcrEEiADFWCrECzgN47TE3GcKlhYWFh8FYFmouOI8YdpQCLDkFeMzw IEZsolAkWJ34nUIGZ0zIKgF/UWKdBBSSRFkkBSACgsRBQkiMkRkgRgMkirBHd1q0VZFDodDxgWHh HrnS4MitQ9+QMJ+oPJ7fgpvh7bgwMvGKCVJls4xJ69vnKwrWpeXoFTMfVS8Oc30OZDuamIV5IN4k IOvUmBYQPs+ISwRwPu7gF8BG8RhUUQ5yG7ONULEOAiWRk8CKus55r6q1pWlJL7R6BByiQ8RpCzKa ii5mLGZDjtFxhLBTOffYrZYnAdIHLCcBxdWZe0QBy4BIfVdbv1EQHAhsMDxAc4Aq3Oy4A7OvcC0S OncYcD3IPQTWs5EHSucb6IIgM0jR3aURjfQZCGkrSlgs0IigshFhQZAIgliXultt2sRKYJY2yAoS VIrbBKUkgQ2CfWHmQ2EhJPFAA6Oru5DEOrszOhZiEXQMTEGCtQYrWkoJYNlBCJGMfKIc4hzG243g N4L0XOJluoqbyNgBkLS5KPUVGwhBa97FQStDJMpLEb4wigJnd+BRQEyPRmTMKi/MMQovfYGQDIuQ xoWDfwv2VoXB9DRdpPnw2ANQPD8RE9f3qqlMtlVWyqqyBIyBJRCUmgTEd2OAH3xEutctOXu276WG +ZAM3ONk1RUjC2CKUggVgCyAEgfSKV9dFLIqrbBsItc4TT2zihAk35zA1RoKixCsOKcxExLKWlAC icSmQku81dtiWhitoqOnYO2i/Ho0b2RUlYFYcRxMiyRCp6nOPKqJVEyac4LxFIP6fFQXa3yRPsrg rYBrCIqJaQA+neeAAb+Y9YdymU5mcN4cecwttuhSUW2QipWBYYG0Yn9SQpWrBorTzhcUCqrCKCj6 NzYtS4NYdJtQOzqPMHm9XmEHWp2vnuB0g7h20desDq65QVOtPN5LbZJLA9XxpSU71WtUBkiCSZ+y 4nUhQ+s7p9p3zXs+aoUTaiUlRRiHu+NsgSGEVSH80AJJShvC5EFa6lfirarhcmYCBVUr6zrCmQLS pmIQu85PcrfYJy0RPBD1B/K4xMU4aUdckkDu3B44lqtoUKjjwiCnd3l2tLQjQ/oPyz9djjuQOA+C onciDwYDvBtN7UKhm9J4/19nkUfRB3Asj4G7jtOVItvlByDAmeMCDjOMOQC7F0aww0OWzfakDG7D M2uhNazBFw2LCaE1EGlBjqZrW+QNnjZ2ErCAP8hb8hz0hOjBnACFQNZW2yoglKW2tSiFaIiSm4QB kjN/jBkNYnzHeMxdiG+iDxuY4twZVbEQM4opaixRmv89YFSi0QsFXKGYtrQAgeRyFSENwgpgTrC4 vETlD2h8NaGozrkTXkxsSLYzLKqx6bUVEljnlFsbRGMBJCUbVBTpGK1+A0CjvhFKQEhe3wKnBYNS EZbw+3ZK1tV2m4S8oHpiek3x9BTzy90B5mIi3g7TrPUmcQM/OwQpEWRCRA3jIQEqVEIPmOmgcqt3 GNzISwPdVMwYPEFSsQ7iUW5O1YgNHUlOB4HAPIhyFwFsAOyVgSHMYXoag+iIGczE1+0Bu8NzaEhk /RCzRMmgVBRRGEGIqEkkmGpLCEhTEUL74DMAwI7YiNeU1jzlgXAxFIltDzsZIQAFvs0lamg919yK cR3A0OM7igLkITsjcGVfl1Ii1wXZ25jxgPbFKxD06KBWFhKjEOmUki0aSCA9MkhYYIi5A8pQ5PGi D0hDQfrHSvRyodhSLQ5QoIawS3jEDMCdVAzgV6sgtzX6MF6Rw9IpEzZLIRYsLhASXUPUbTuD8kXY 2CUh8GqcSJSQl+P8X8n+osa8JeJgtiAKw3w3BCDCABAyhZiQA/cxVnw9b7LCrCH6mWMRkQWfnZWD IWQVELeBgUCzEOlXAW1YEQvOJ6ychyHMN4BwioCQRGJ8NFAJgwIpJM59Q4Q5T7Kc4Nv77CSnWECv BoQr2EPhqnPT7Xgr7wHzF/QFhLo1IkJGlCUlCRkpUjEO0YUJsSLRQBgeQzm9eHGk/Kl9gxDiA8Zm v6OwDEqq5q8LuDhWDAgFtEjiqgBtC5sdFLtSvfA6GL/A091omhEyJASwO1/MSMIkQCCH8FbEAV1h dPko+ZXKhEAV0hxEIQxya5UNI5ZpNRQgXhLkN8E7woi/An68vQoQ8KUJQ4ihU55tPie3037nH4AS GSzCEKGIFpAlqshI0AoQ9xap2hnFDFDBW0IcqnG6QG4cyhmChS4DrIQIsiAUWJjoI7rLg01QBOM+ av4K+RAB8ZaPIE7jeMRBTWi75BA3gfqSl/zfu0TEN91QAyUqbwgGCbQTmx6TTlDgAoaw/AFsKoZg mEe80FqoelT3ZgsNB/PK6ypCDTfbtB9ImgO4OpXt2iajJ8UnEr0CsV0gVYFv7S8MwVNxDEKDflSB aKITfQ+oeB9O2wHnAfIJmwQKnAHjDdo3Dq5fUXB9UDQJiOYD7zA7hO/nVOiDogJ5oi6t4stQxVxC wTjxDWbDgE3leH6HCPaGY94mdBA7g7hJERaIZ29856zjOc68SqNWBT3xDFJ8QzQRwsoUEQQYk89G tEy00rGIltTaldDfVXQ3MKK/PTxPxoaIybMiwiMFgpFhEn7YOYQKPqqP6CKiPxTQ/DU+z9+TGyNU AUVBaFKIsiIKQlBApBE3ippSxQBsOr2q+i0hF4DhsVqXBERJvEH8+tUTkRXjUAsCIcQcaVDQIJ6B MEdtTIZtcuYC6BHnYyTCWwPAzBb+o5iMKYAZIVPV5Zb89aIu8AV9eYD21OeRjmQBXUvFsQBIRAFs OkI/jPn2ft/n8OBP3HB4EZmg4znSm/5lhpOrCjuc5kiA/2rjw6HY0lDId4myba7EQnrHwgeJwppL OXqZGhjnKcerYLGsAhD+VM8kkaky/crvK1UBOVWCpUA9gqG3NkLekHYu3iEc0HzIG+ILx41UCruQ vyrFuCZ6TYE4C6FrmYQ/tiSEYcpAoj4UAtVc11VSkJCMSCeUgplqh35qzp1WWZ1htuBXaC3FCMGR Dv7pzAP6pJ9ZCe9D5ig0Sg0Sg0qUpCAyQCxKDYlkQolkQolBolBolBolBolkIIEKJYAJJKCWCUSk Q46f6j0DEpgwCBnT6mJGG30G02sKwP0IRiRYPfJCrLgIhGSDKCvvW6wEahAlor1lRQyIfAxV6EQP SU1Ch7Kplch6CHWiDelgBpaEkhQAVYJFepD2JkL9J1/nT6Et1sKwPQ8UwlcxqhI3D2WzZWMojZsx dV3xm7os/S8/A8y/QMIcLbY9l2agJUKlBEWHDC6YE4WpebUSA6hR7LvuORiUU64f9cZTYbfFjHWm 9pTJ4ieRUbOgPEqByDHE/e034wRMqKeWMdHJ3AJDwdLPA+71ee4et808RlzRq466HY8u0w8VcwRD DWishF9XqzBE0bBvTMP2ht64H2eoCOH3i5BhnaHUO8KAlqs0N2NTyAMhJO4AyBo/DibGMsl6FAuu ThSoroWyhU2ihfU3TLEfY+ayrJtB7lSlP8uxxSlVpk70TpMuaQLo8nKFgV4W9yQwi3ghpfKxDEl5 hcCIynrqiYDRVpRLiSSgB9zA1iyYwlLx7FROGtgXCCmKApd5s6USQlEAf5MY1K4egkgD6ZUEAhx+ 5ASwAFX5icAip9QaoUWAe3w4OA8DYkRg/L3fD4+73TZlPYbq8UTkn8sTGpkHNAol5qUp7GMZNdG4 /eBoMyIsBCx0xwpQ/jPxN+kdJTmOA0Ju0oRAjJJIO8RFaIHQAKuvKZd7t4+D6gOp9Yde7uwLoYjK xtiwI0hQrCSIsZRklFGFwELhZTHJaZkoFAZArBEBjEaMlWYWBRJRCSxGIoRZFEYDAWAIIkVkREFQ QUYIjBYEihIxiDIshEcLRYhSlYYBYlkoEi1fY0CPuy1QLEpr9ZTRKRZI7/U12e4MDqmeKppu4hAH NlqFHwMxDYG2D37TFMDXTYxNGmg5zfj64VHS6qpuQBX05RxOsLOQDlNEPQT55GhCCbmMkrRENcBE ycIUdxEBQPq63llYVfPfDKnRMnKbjymkPOccBz5j4VRhBxA/iBERPgryURV4xVzgnCAg9+awsZ+b OidexuJcnSENjg6s3NoWeg3MBhSdKjCNcDA3bSJAvIpM1kS6KySRlCASXQBgRIxFyEMSPEQXJZ5a oZq0OiGaCK2EiNHQU/2fd8evnB3hGICmaJwToRWgCSeikKzsXYwzGnlpuUKUw0YYCGQhIzDCyBKw BZRCFSiSlChPL5Hu0KicpQ9iFUQen8QAxVEu9W0UMDhNSnGpoQNUBbIfBWititQOQVhazEiUYWRI WsoHmSwE6EwmHpllkASBUQEoAQQEuFVbb7SxIZwuE+mQ4C6CGQT84kFkQEn6gtRGIcM6r1E5SKjm XidpiJY6ot0AoESRANhD3CAeEkQDSTyEROyQ9AYlk1AwIgp1avX00ea4IHErjUMwAWGDpvfG+Ekk D1ZAbAQE41aXIXuvUV42RjBCwgIxRRYjISLJAOCEO8pYMAlXuVPv/tmYkEkQXE4naeKo9GNokhe0 KIDgIN+YCCuKCW2wtlDMlBrLytBiwSKRVpCEEpPEJ4uT3ZBdIZQ+aB8XeEA7g75wk/BCpSyyQRPJ hVjFDUCOoGNsT4NWDVGqYwyY6g9EIBd4MEbVYgCsFeYeBXWURQ13LzXBm1w5bTEhEGEZBGEFPeiL EKBZLiK0AsEZPxoOB7T4vvE8dU1pszTCkgPBJPV1+MGqAD5sitg/0EGKNwjhAuyD16pignAptCje Q7DW5cO8uVu4x0tVZ6CgRhYBDNhwQnYGgB1qiYh8ioZEO1T6bg2q8yjugFpsH9QZCx6982+b7+0v A2oqJAxPXxaLH9EEDIepDiHj55x+Ow8w6RcAQDKiBQaIfeUfYdXUGCfvyHD95yherxuSHSTfL0zR /jK6zIud2mwNFq8zHIXIGQr3twoQDmDzgl+gOy3AVDEsTjAiAK9B4l15yod3vlagakCNp+n6Sg0U ix94zIY2MfJlB4QFI7G0c9gLmDwG09V9ttHfAFXf0UDmJBgLTQP0YSMQSMgRBSAhJESJIkigqJ7F feKIe4FENdXEsIAGswVg8YwPKucVCFiHTqbTmOhD1KZhBpjkQBXIn1dRwvnDr1ljfCEd+iHpd6RF JS/QB5A8zQF4+e25+kxI/LVIKdkcmYVAPWA/QUQxN9wOC1gLngBalgxiXXsBFhnd3ZlUOG+dK+Q8 xoM4eIUQ5fcegUQ3+CJBhJCEDIJw3Kb/yV9RTsUyq5cHhOlNyeI6D3rVDIW/qDV7zwmewW24gkde jiISHFWVG8ALg6FwMjySGJKit9gIzDEX1HAOSpTLcgv6oHDUCUEHcZ8QOqQRBGKRogN4Ja+VhsPE Bd1AREsXMmiKAZBzWIZHBIiF0wyLn3mJUgbyIPWhZYFrTqVE6gqlgqF4qGBvhn+1wv2GCgpBIBIF yugdAJ2KZEHEVDaGg4XXIE3yIa9pjWeBQ56XWV99QBMbRJOVGqypqyjzZwpb7WUggKodzZMhCKRA FblSkS6qsMTlQ3grCoagRqp3BaaOoUQ6NQYiGbMaIVCiu+7EDC6VolL3+CVSpQHYHxDJYZRlx4hp kCxXYhFBYbJhcHcDmm83m8FE3TZq+IeRggyPGo3GoO1C3b5sah1iag8E+rio8ZtAeJH+IQgmEwAM KJgBLRBA61pbPUbpBusBz1gtZyJIHn9Hf7uunM1rz+ltlLtvhlz44QkcEREhLCUjQlpDKhFPAxIP QHbrMbENOxd43sagBEQEI4AmXSKXovOyPMt0Np8BJA5uORXiDOJ2DbiaEQM4DvgBtFEOQB7LDELh UKGCvlOdYIQWR/Wv+tP92Ppt/ziUn9FqTSRPy1mjlIk7s3/vbf/xdyRThQkDRPa1QA==