No-lookup DNS ACLs Currently, dst, dstdom, dstdom_regex (and other?) DNS-related ACLs do DNS lookups if such a lookup is needed to convert an IP address into a domain name or vice versa. This creates two kinds of problems: - It is difficult to identify requests that use raw IP addresses in Request-URI or Host headers. One would have to use something like url_regex and possibly req_header to identify those before using dst ACLs to match the request destination against a known IP subnet. IPv6 would only make this harder. - It is difficult to use dst* ACLs in options that support fast ACLs only. If an async lookup is required, the answer will be unpredictable (now) or DUNNO (when the ACL bugs are fixed), possibly with warnings and other complications. This patch adds a -n option to dst, dstdom, dstdom_regex and other DNS-related ACLs. The option disable lookups and address type conversions. If lookup or conversion is required because the parameter type (IP or domain name) does not match the message address type (domain name or IP), then the ACL with a -n option would immediately declare a mismatch without any warnings or lookups. The "--" option can be used to stop processing all options, in the case the first acl value has '-' character as first character (for example the '-' is a valid domain name) For example: # Matches requests with full URI host set to localhost # but not requests with full URI host set to 127.0.0.1 acl toLocalRawName dstdom -n localhost http_access allow toLocalRawName # Use -- option to stop processing flags acl AnACL dst_domain -n -- -cream-and-sugar.tumblr.com # Matches requests with full URI host set to 127.0.0.1 # but not requests with full URI host set to localhost acl toLocalRawIp dst -n 127.0.0.1/32 cache_peer_access peer1 allow toLocalRawIp Please note that -n prohibits lookups in Squid's DNS caches as well. This is a Measurement Factory project === modified file 'src/AclRegs.cc' --- src/AclRegs.cc 2012-11-24 15:44:47 +0000 +++ src/AclRegs.cc 2012-12-24 08:43:46 +0000 @@ -63,44 +63,46 @@ #include "acl/ServerCertificate.h" #endif #include "acl/Tag.h" #include "acl/TimeData.h" #include "acl/Time.h" #include "acl/Url.h" #include "acl/UrlLogin.h" #include "acl/UrlPath.h" #include "acl/UrlPort.h" #include "acl/UserData.h" #if USE_AUTH #include "auth/AclProxyAuth.h" #include "auth/AclMaxUserIp.h" #endif #if USE_IDENT #include "ident/AclIdent.h" #endif ACL::Prototype ACLBrowser::RegistryProtoype(&ACLBrowser::RegistryEntry_, "browser"); ACLStrategised ACLBrowser::RegistryEntry_(new ACLRegexData, ACLRequestHeaderStrategy::Instance(), "browser"); +ACLFlag DestinationDomainFlags[] = {ACL_F_NO_LOOKUP, ACL_F_END}; ACL::Prototype ACLDestinationDomain::LiteralRegistryProtoype(&ACLDestinationDomain::LiteralRegistryEntry_, "dstdomain"); -ACLStrategised ACLDestinationDomain::LiteralRegistryEntry_(new ACLDomainData, ACLDestinationDomainStrategy::Instance(), "dstdomain"); +ACLStrategised ACLDestinationDomain::LiteralRegistryEntry_(new ACLDomainData, ACLDestinationDomainStrategy::Instance(), "dstdomain", DestinationDomainFlags); ACL::Prototype ACLDestinationDomain::RegexRegistryProtoype(&ACLDestinationDomain::RegexRegistryEntry_, "dstdom_regex"); -ACLStrategised ACLDestinationDomain::RegexRegistryEntry_(new ACLRegexData,ACLDestinationDomainStrategy::Instance() ,"dstdom_regex"); +ACLFlag DestinationDomainRegexFlags[] = {ACL_F_NO_LOOKUP, ACL_F_REGEX_CASE, ACL_F_END}; +ACLStrategised ACLDestinationDomain::RegexRegistryEntry_(new ACLRegexData,ACLDestinationDomainStrategy::Instance() ,"dstdom_regex", DestinationDomainRegexFlags); ACL::Prototype ACLDestinationIP::RegistryProtoype(&ACLDestinationIP::RegistryEntry_, "dst"); ACLDestinationIP ACLDestinationIP::RegistryEntry_; #if USE_AUTH ACL::Prototype ACLExtUser::UserRegistryProtoype(&ACLExtUser::UserRegistryEntry_, "ext_user"); ACLExtUser ACLExtUser::UserRegistryEntry_(new ACLUserData, "ext_user"); ACL::Prototype ACLExtUser::RegexRegistryProtoype(&ACLExtUser::RegexRegistryEntry_, "ext_user_regex" ); ACLExtUser ACLExtUser::RegexRegistryEntry_(new ACLRegexData, "ext_user_regex"); #endif ACL::Prototype ACLHierCode::RegistryProtoype(&ACLHierCode::RegistryEntry_, "hier_code"); ACLStrategised ACLHierCode::RegistryEntry_(new ACLHierCodeData, ACLHierCodeStrategy::Instance(), "hier_code"); ACL::Prototype ACLHTTPRepHeader::RegistryProtoype(&ACLHTTPRepHeader::RegistryEntry_, "rep_header"); ACLStrategised ACLHTTPRepHeader::RegistryEntry_(new ACLHTTPHeaderData, ACLHTTPRepHeaderStrategy::Instance(), "rep_header"); ACL::Prototype ACLHTTPReqHeader::RegistryProtoype(&ACLHTTPReqHeader::RegistryEntry_, "req_header"); ACLStrategised ACLHTTPReqHeader::RegistryEntry_(new ACLHTTPHeaderData, ACLHTTPReqHeaderStrategy::Instance(), "req_header"); ACL::Prototype ACLHTTPStatus::RegistryProtoype(&ACLHTTPStatus::RegistryEntry_, "http_status"); ACLHTTPStatus ACLHTTPStatus::RegistryEntry_("http_status"); ACL::Prototype ACLMaxConnection::RegistryProtoype(&ACLMaxConnection::RegistryEntry_, "maxconn"); ACLMaxConnection ACLMaxConnection::RegistryEntry_("maxconn"); ACL::Prototype ACLMethod::RegistryProtoype(&ACLMethod::RegistryEntry_, "method"); ACLStrategised ACLMethod::RegistryEntry_(new ACLMethodData, ACLMethodStrategy::Instance(), "method"); === modified file 'src/ConfigParser.cc' --- src/ConfigParser.cc 2012-09-17 15:12:01 +0000 +++ src/ConfigParser.cc 2012-12-24 18:32:40 +0000 @@ -21,116 +21,142 @@ * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #include "squid.h" #include "cache_cf.h" #include "ConfigParser.h" #include "Debug.h" #include "fatal.h" #include "globals.h" +char *ConfigParser::lastToken = NULL; +std::queue ConfigParser::undo; + void ConfigParser::destruct() { shutting_down = 1; fatalf("Bungled %s line %d: %s", cfg_filename, config_lineno, config_input_line); } +void +ConfigParser::strtokFileUndo() +{ + assert(lastToken); + undo.push(lastToken); +} + +void +ConfigParser::strtokFilePutBack(const char *tok) +{ + assert(tok); + undo.push(tok); +} + char * ConfigParser::strtokFile(void) { static int fromFile = 0; static FILE *wordFile = NULL; + LOCAL_ARRAY(char, undoToken, CONFIG_LINE_LIMIT); char *t, *fn; LOCAL_ARRAY(char, buf, CONFIG_LINE_LIMIT); + if (!undo.empty()) { + strncpy(undoToken, undo.front().c_str(), sizeof(undoToken)); + undoToken[sizeof(undoToken) - 1] = '\0'; + undo.pop(); + return undoToken; + } + + lastToken = NULL; do { if (!fromFile) { t = (strtok(NULL, w_space)); if (!t || *t == '#') { return NULL; } else if (*t == '\"' || *t == '\'') { /* quote found, start reading from file */ fn = ++t; while (*t && *t != '\"' && *t != '\'') ++t; *t = '\0'; if ((wordFile = fopen(fn, "r")) == NULL) { debugs(28, DBG_CRITICAL, "strtokFile: " << fn << " not found"); return (NULL); } #if _SQUID_WINDOWS_ setmode(fileno(wordFile), O_TEXT); #endif fromFile = 1; } else { - return t; + return lastToken = t; } } /* fromFile */ if (fgets(buf, CONFIG_LINE_LIMIT, wordFile) == NULL) { /* stop reading from file */ fclose(wordFile); wordFile = NULL; fromFile = 0; return NULL; } else { char *t2, *t3; t = buf; /* skip leading and trailing white space */ t += strspn(buf, w_space); t2 = t + strcspn(t, w_space); t3 = t2 + strspn(t2, w_space); while (*t3 && *t3 != '#') { t2 = t3 + strcspn(t3, w_space); t3 = t2 + strspn(t2, w_space); } *t2 = '\0'; } /* skip comments */ /* skip blank lines */ } while ( *t == '#' || !*t ); - return t; + return lastToken = t; } void ConfigParser::ParseQuotedString(char **var, bool *wasQuoted) { String sVar; ParseQuotedString(&sVar, wasQuoted); *var = xstrdup(sVar.termedBuf()); } void ConfigParser::ParseQuotedString(String *var, bool *wasQuoted) { // Get all of the remaining string char *token = strtok(NULL, ""); if (token == NULL) self_destruct(); if (*token != '"') { token = strtok(token, w_space); === modified file 'src/ConfigParser.h' --- src/ConfigParser.h 2012-09-21 14:57:30 +0000 +++ src/ConfigParser.h 2012-12-24 09:54:54 +0000 @@ -18,40 +18,44 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_CONFIGPARSER_H #define SQUID_CONFIGPARSER_H #include "SquidString.h" +#include +#if HAVE_STRING +#include +#endif class wordlist; /** * Limit to how long any given config line may be. * This affects squid.conf and all included files. * * Behaviour when setting larger than 2KB is unknown. * The config parser read mechanism can cope, but the other systems * receiving the data from its buffers on such lines may not. */ #define CONFIG_LINE_LIMIT 2048 /** * A configuration file Parser. Instances of this class track * parsing state and perform tokenisation. Syntax is currently * taken care of outside this class. * * One reason for this class is to allow testing of configuration * using modules without linking cache_cf.o in - because that drags * in all of squid by reference. Instead the tokeniser only is @@ -59,25 +63,30 @@ */ class ConfigParser { public: void destruct(); static void ParseUShort(unsigned short *var); static void ParseBool(bool *var); static void ParseString(char **var); static void ParseString(String *var); /// Parse an unquoted token (no spaces) or a "quoted string" that /// may include spaces. In some contexts, quotes strings may also /// include macros. Quoted strings may escape any character with /// a backslash (\), which is currently only useful for inner /// quotes. TODO: support quoted strings anywhere a token is accepted. static void ParseQuotedString(char **var, bool *wasQuoted = NULL); static void ParseQuotedString(String *var, bool *wasQuoted = NULL); static const char *QuoteString(String &var); static void ParseWordList(wordlist **list); static char * strtokFile(); + static void strtokFileUndo(); + static void strtokFilePutBack(const char *); +private: + static char *lastToken; + static std::queue undo; }; int parseConfigFile(const char *file_name); #endif /* SQUID_CONFIGPARSER_H */ === modified file 'src/acl/Acl.cc' --- src/acl/Acl.cc 2012-11-15 07:35:32 +0000 +++ src/acl/Acl.cc 2012-12-24 17:55:05 +0000 @@ -16,48 +16,104 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * */ #include "squid.h" #include "acl/Acl.h" #include "acl/Checklist.h" #include "anyp/PortCfg.h" +#include "cache_cf.h" #include "ConfigParser.h" #include "Debug.h" #include "dlink.h" #include "globals.h" #include "SquidConfig.h" +const ACLFlag ACLFlags::NoFlags[] = {ACL_F_END}; + const char *AclMatchedName = NULL; +bool ACLFlags::supported(const ACLFlag f) const +{ + if (f == ACL_F_REGEX_CASE) + return true; + return (supported_.find(f) != std::string::npos); +} + +void +ACLFlags::parseFlags(char * &nextToken) +{ + while((nextToken = ConfigParser::strtokFile()) != NULL && nextToken[0] == '-') { + + //if token is the "--" break flag + if (strcmp(nextToken, "--") == 0) + break; + + for (const char *flg = nextToken+1; *flg!='\0'; flg++ ) { + if (supported(*flg)) { + makeSet(*flg); + } + else { + debugs(28, 0, HERE << "Flag '" << *flg << "' not supported"); + self_destruct(); + } + } + } + + /*Regex code needs to parse -i file*/ + if ( isSet(ACL_F_REGEX_CASE)) + ConfigParser::strtokFilePutBack("-i"); + + if (nextToken != NULL && strcmp(nextToken, "--") != 0 ) + ConfigParser::strtokFileUndo(); +} + +const char * +ACLFlags::flagsStr() const +{ + static char buf[64]; + if (flags_ == 0) + return ""; + + char *s = buf; + *s++ = '-'; + for (ACLFlag f = 'A'; f <= 'z'; f++) { + // ACL_F_REGEX_CASE (-i) flag handled by ACLRegexData class, ignore + if (isSet(f) && f != ACL_F_REGEX_CASE) + *s++ = f; + } + *s = '\0'; + return buf; +} + void * ACL::operator new (size_t byteCount) { fatal ("unusable ACL::new"); return (void *)1; } void ACL::operator delete (void *address) { fatal ("unusable ACL::delete"); } ACL * ACL::FindByName(const char *name) { ACL *a; debugs(28, 9, "ACL::FindByName '" << name << "'"); for (a = Config.aclList; a; a = a->next) @@ -163,40 +219,43 @@ xstrncpy(A->name, aclname, ACL_NAME_SZ); A->cfgline = xstrdup(config_input_line); new_acl = 1; } else { if (strcmp (A->typeString(),theType) ) { debugs(28, DBG_CRITICAL, "aclParseAclLine: ACL '" << A->name << "' already exists with different type."); parser.destruct(); return; } debugs(28, 3, "aclParseAclLine: Appending to '" << aclname << "'"); new_acl = 0; } /* * Here we set AclMatchedName in case we need to use it in a * warning message in aclDomainCompare(). */ AclMatchedName = A->name; /* ugly */ + char *aTok; + A->flags.parseFlags(aTok); + /*split the function here */ A->parse(); /* * Clear AclMatchedName from our temporary hack */ AclMatchedName = NULL; /* ugly */ if (!new_acl) return; if (A->empty()) { debugs(28, DBG_CRITICAL, "Warning: empty ACL: " << A->cfgline); } if (!A->valid()) { fatalf("ERROR: Invalid ACL: %s\n", A->cfgline); } @@ -408,39 +467,42 @@ Initialized = (char *)Registry - 5; } if (Registered (typeString)) fatalf ("Attempt to register %s twice", typeString); Registry->push_back (this); } ACL::Prototype::~Prototype() { // TODO: unregister me } ACL * ACL::Prototype::Factory (char const *typeToClone) { debugs(28, 4, "ACL::Prototype::Factory: cloning an object for type '" << typeToClone << "'"); for (iterator i = Registry->begin(); i != Registry->end(); ++i) - if (!strcmp (typeToClone, (*i)->typeString)) - return (*i)->prototype->clone(); + if (!strcmp (typeToClone, (*i)->typeString)) { + ACL *A = (*i)->prototype->clone(); + A->flags = (*i)->prototype->flags; + return A; + } debugs(28, 4, "ACL::Prototype::Factory: cloning failed, no type '" << typeToClone << "' available"); return NULL; } void ACL::Initialize() { ACL *a = Config.aclList; debugs(53, 3, "ACL::Initialize"); while (a) { a->prepareForUse(); a = a->next; } } === modified file 'src/acl/Acl.h' --- src/acl/Acl.h 2012-09-23 09:04:21 +0000 +++ src/acl/Acl.h 2012-12-24 20:06:48 +0000 @@ -25,80 +25,125 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACL_H #define SQUID_ACL_H #include "Array.h" #include "cbdata.h" #include "defines.h" #include "dlink.h" #include "MemPool.h" #if HAVE_OSTREAM #include #endif +#if HAVE_STRING +#include +#endif class ConfigParser; class ACLChecklist; class ACLList; +typedef char ACLFlag; +// ACLData Flags +#define ACL_F_REGEX_CASE 'i' +#define ACL_F_NO_LOOKUP 'n' +#define ACL_F_END '\0' + +/** + * \ingroup ACLAPI + * Used to hold a list of one-letter flags which can be passed as parameters + * to acls (eg '-i', '-n' etc) + */ +class ACLFlags +{ +public: + explicit ACLFlags(const ACLFlag flags[]) : supported_(flags), flags_(0) {} + ACLFlags() : flags_(0) {} + bool supported(const ACLFlag f) const; ///< True if the given flag supported + void makeSet(const ACLFlag f) { flags_ |= flagToInt(f); } ///< Set the given flag + /// Return true if the given flag is set + bool isSet(const ACLFlag f) const { return flags_ & flagToInt(f);} + /// Parse a flags given in the form -[A..Z|a..z] + void parseFlags(char * &nextToken); + const char *flagsStr() const; ///< Convert the flags to a string representation + +private: + /// Convert a flag to a 64bit unsigned integer. + /// The characters from 'A' to 'z' represented by the values from 65 to 122. + /// They are 57 different characters which can be fit to the bits of an 64bit + /// integer. + uint64_t flagToInt(const ACLFlag f) const { + assert('A' <= f && f <= 'z'); + return ((uint64_t)1 << (f - 'A')); + } + + std::string supported_; ///< The supported character flags + uint64_t flags_; ///< The flags which is set +public: + static const ACLFlag NoFlags[]; ///< The list of flags supported by squid acls. +}; + /// \ingroup ACLAPI class ACL { public: void *operator new(size_t); void operator delete(void *); static ACL *Factory (char const *); static void ParseAclLine(ConfigParser &parser, ACL ** head); static void Initialize(); static ACL* FindByName(const char *name); ACL(); + explicit ACL(const ACLFlag flgs[]) : cfgline(NULL), flags(flgs){} virtual ~ACL(); virtual ACL *clone()const = 0; virtual void parse() = 0; virtual char const *typeString() const = 0; virtual bool isProxyAuth() const; virtual bool requiresRequest() const; virtual bool requiresReply() const; virtual int match(ACLChecklist * checklist) = 0; virtual wordlist *dump() const = 0; virtual bool empty () const = 0; virtual bool valid () const; int checklistMatches(ACLChecklist *); int cacheMatchAcl(dlink_list * cache, ACLChecklist *); virtual int matchForCache(ACLChecklist *checklist); virtual void prepareForUse() {} char name[ACL_NAME_SZ]; char *cfgline; ACL *next; + ACLFlags flags; ///< The list of given ACL flags public: class Prototype { public: Prototype (); Prototype (ACL const *, char const *); ~Prototype(); static bool Registered(char const *); static ACL *Factory (char const *); private: ACL const*prototype; char const *typeString; private: static Vector * Registry; static void *Initialized; === modified file 'src/acl/Asn.cc' --- src/acl/Asn.cc 2012-11-15 07:35:32 +0000 +++ src/acl/Asn.cc 2012-12-24 08:43:46 +0000 @@ -596,55 +596,55 @@ { if (data) fatal ("cloning of ACLASN not implemented"); return new ACLASN(*this); } /* explicit template instantiation required for some systems */ template class ACLStrategised; ACL::Prototype ACLASN::SourceRegistryProtoype(&ACLASN::SourceRegistryEntry_, "src_as"); ACLStrategised ACLASN::SourceRegistryEntry_(new ACLASN, ACLSourceASNStrategy::Instance(), "src_as"); ACL::Prototype ACLASN::DestinationRegistryProtoype(&ACLASN::DestinationRegistryEntry_, "dst_as"); ACLStrategised ACLASN::DestinationRegistryEntry_(new ACLASN, ACLDestinationASNStrategy::Instance(), "dst_as"); int -ACLSourceASNStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLSourceASNStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { return data->match(checklist->src_addr); } ACLSourceASNStrategy * ACLSourceASNStrategy::Instance() { return &Instance_; } ACLSourceASNStrategy ACLSourceASNStrategy::Instance_; int -ACLDestinationASNStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLDestinationASNStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { const ipcache_addrs *ia = ipcache_gethostbyname(checklist->request->GetHost(), IP_LOOKUP_IF_MISS); if (ia) { for (int k = 0; k < (int) ia->count; ++k) { if (data->match(ia->in_addrs[k])) return 1; } return 0; } else if (!checklist->request->flags.destinationIpLookedUp) { /* No entry in cache, lookup not attempted */ /* XXX FIXME: allow accessing the acl name here */ debugs(28, 3, "asnMatchAcl: Can't yet compare '" << "unknown" /*name*/ << "' ACL for '" << checklist->request->GetHost() << "'"); checklist->changeState (DestinationIPLookup::Instance()); } else { Ip::Address noaddr; noaddr.SetNoAddr(); return data->match(noaddr); === modified file 'src/acl/Certificate.cc' --- src/acl/Certificate.cc 2012-11-13 18:19:17 +0000 +++ src/acl/Certificate.cc 2012-12-24 08:43:46 +0000 @@ -31,40 +31,40 @@ * * Copyright (c) 2003, Robert Collins */ #include "squid.h" /* MS Visual Studio Projects are monolithic, so we need the following * #if to exclude the SSL code from compile process when not needed. */ #if USE_SSL #include "acl/Certificate.h" #include "acl/Checklist.h" #include "acl/CertificateData.h" #include "HttpRequest.h" #include "client_side.h" #include "fde.h" #include "globals.h" int -ACLCertificateStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLCertificateStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { const int fd = checklist->fd(); const bool goodDescriptor = 0 <= fd && fd <= Biggest_FD; SSL *ssl = goodDescriptor ? fd_table[fd].ssl : 0; X509 *cert = SSL_get_peer_certificate(ssl); const bool res = data->match (cert); X509_free(cert); return res; } ACLCertificateStrategy * ACLCertificateStrategy::Instance() { return &Instance_; } ACLCertificateStrategy ACLCertificateStrategy::Instance_; #endif /* USE_SSL */ === modified file 'src/acl/Certificate.h' --- src/acl/Certificate.h 2012-11-13 18:19:17 +0000 +++ src/acl/Certificate.h 2012-12-24 08:43:46 +0000 @@ -27,41 +27,41 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLCERTIFICATE_H #define SQUID_ACLCERTIFICATE_H #include "acl/Acl.h" #include "acl/Data.h" #include "acl/Checklist.h" #include "ssl/support.h" #include "acl/Strategised.h" /// \ingroup ACLAPI class ACLCertificateStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLCertificateStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLCertificateStrategy(ACLCertificateStrategy const &); private: static ACLCertificateStrategy Instance_; ACLCertificateStrategy() {} ACLCertificateStrategy&operator=(ACLCertificateStrategy const &); }; /// \ingroup ACLAPI class ACLCertificate { private: static ACL::Prototype UserRegistryProtoype; static ACLStrategised UserRegistryEntry_; === modified file 'src/acl/DestinationAsn.h' --- src/acl/DestinationAsn.h 2010-05-02 19:32:42 +0000 +++ src/acl/DestinationAsn.h 2012-08-03 08:46:17 +0000 @@ -24,41 +24,41 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLDESTINATIONASN_H #define SQUID_ACLDESTINATIONASN_H #include "acl/Asn.h" #include "acl/Strategy.h" #include "ip/Address.h" /// \ingroup ACLAPI class ACLDestinationASNStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); virtual bool requiresRequest() const {return true;} static ACLDestinationASNStrategy *Instance(); /** * Not implemented to prevent copies of the instance. \par * Not private to prevent brain dead g++ warnings about * private constructors with no friends */ ACLDestinationASNStrategy(ACLDestinationASNStrategy const &); private: static ACLDestinationASNStrategy Instance_; ACLDestinationASNStrategy() {} ACLDestinationASNStrategy&operator=(ACLDestinationASNStrategy const &); }; #endif /* SQUID_ACLDESTINATIONASN_H */ === modified file 'src/acl/DestinationDomain.cc' --- src/acl/DestinationDomain.cc 2012-09-01 14:38:36 +0000 +++ src/acl/DestinationDomain.cc 2012-12-24 08:43:46 +0000 @@ -54,48 +54,53 @@ { ACLFilledChecklist *checklist = Filled(cl); checklist->asyncInProgress(true); fqdncache_nbgethostbyaddr(checklist->dst_addr, LookupDone, checklist); } void DestinationDomainLookup::LookupDone(const char *fqdn, const DnsLookupDetails &details, void *data) { ACLFilledChecklist *checklist = Filled((ACLChecklist*)data); assert (checklist->asyncState() == DestinationDomainLookup::Instance()); checklist->asyncInProgress(false); checklist->changeState (ACLChecklist::NullState::Instance()); checklist->markDestinationDomainChecked(); checklist->request->recordLookup(details); checklist->matchNonBlocking(); } int -ACLDestinationDomainStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLDestinationDomainStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &flags) { assert(checklist != NULL && checklist->request != NULL); if (data->match(checklist->request->GetHost())) { return 1; } + if (flags.isSet(ACL_F_NO_LOOKUP)) { + debugs(28, 3, "aclMatchAcl: No-lookup DNS ACL '" << AclMatchedName << "' for '" << checklist->request->GetHost() << "'"); + return 0; + } + /* numeric IPA? no, trust the above result. */ if (checklist->request->GetHostIsNumeric() == 0) { return 0; } /* do we already have the rDNS? match on it if we do. */ if (checklist->dst_rdns) { debugs(28, 3, "aclMatchAcl: '" << AclMatchedName << "' match with stored rDNS '" << checklist->dst_rdns << "' for '" << checklist->request->GetHost() << "'"); return data->match(checklist->dst_rdns); } /* raw IP without rDNS? look it up and wait for the result */ const ipcache_addrs *ia = ipcacheCheckNumeric(checklist->request->GetHost()); if (!ia) { /* not a valid IPA */ checklist->dst_rdns = xstrdup("invalid"); return 0; } checklist->dst_addr = ia->in_addrs[0]; === modified file 'src/acl/DestinationDomain.h' --- src/acl/DestinationDomain.h 2012-09-01 14:38:36 +0000 +++ src/acl/DestinationDomain.h 2012-12-24 08:43:46 +0000 @@ -26,41 +26,41 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLDESTINATIONDOMAIN_H #define SQUID_ACLDESTINATIONDOMAIN_H #include "acl/Acl.h" #include "acl/Data.h" #include "acl/Checklist.h" #include "acl/Strategised.h" /// \ingroup ACLAPI class ACLDestinationDomainStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLDestinationDomainStrategy *Instance(); virtual bool requiresRequest() const {return true;} /** * Not implemented to prevent copies of the instance. \par * Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLDestinationDomainStrategy(ACLDestinationDomainStrategy const &); private: static ACLDestinationDomainStrategy Instance_; ACLDestinationDomainStrategy() {} ACLDestinationDomainStrategy&operator=(ACLDestinationDomainStrategy const &); }; /// \ingroup ACLAPI class DestinationDomainLookup : public ACLChecklist::AsyncState === modified file 'src/acl/DestinationIp.cc' --- src/acl/DestinationIp.cc 2012-11-15 07:35:32 +0000 +++ src/acl/DestinationIp.cc 2012-12-24 08:43:46 +0000 @@ -22,60 +22,73 @@ * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * Copyright (c) 2003, Robert Collins */ #include "squid.h" #include "acl/DestinationIp.h" #include "acl/FilledChecklist.h" #include "client_side.h" #include "comm/Connection.h" #include "HttpRequest.h" #include "SquidConfig.h" +ACLFlag ACLDestinationIP::SupportedFlags[] = {ACL_F_NO_LOOKUP, ACL_F_END}; + char const * ACLDestinationIP::typeString() const { return "dst"; } int ACLDestinationIP::match(ACLChecklist *cl) { ACLFilledChecklist *checklist = Filled(cl); // Bug 3243: CVE 2009-0801 // Bypass of browser same-origin access control in intercepted communication // To resolve this we will force DIRECT and only to the original client destination. // In which case, we also need this ACL to accurately match the destination if (Config.onoff.client_dst_passthru && (checklist->request->flags.intercepted || checklist->request->flags.spoofClientIp)) { assert(checklist->conn() && checklist->conn()->clientConnection != NULL); return ACLIP::match(checklist->conn()->clientConnection->local); } + if (flags.isSet(ACL_F_NO_LOOKUP)) { + if (!checklist->request->GetHostIsNumeric()) { + debugs(28, 3, "aclMatchAcl: No-lookup DNS ACL '" << AclMatchedName << "' for '" << checklist->request->GetHost() << "'"); + return 0; + } + + if(ACLIP::match(checklist->request->host_addr)) + return 1; + return 0; + } + const ipcache_addrs *ia = ipcache_gethostbyname(checklist->request->GetHost(), IP_LOOKUP_IF_MISS); if (ia) { /* Entry in cache found */ for (int k = 0; k < (int) ia->count; ++k) { if (ACLIP::match(ia->in_addrs[k])) return 1; } return 0; } else if (!checklist->request->flags.destinationIpLookedUp) { /* No entry in cache, lookup not attempted */ debugs(28, 3, "aclMatchAcl: Can't yet compare '" << name << "' ACL for '" << checklist->request->GetHost() << "'"); checklist->changeState (DestinationIPLookup::Instance()); return 0; } else { return 0; } } === modified file 'src/acl/DestinationIp.h' --- src/acl/DestinationIp.h 2012-09-01 14:38:36 +0000 +++ src/acl/DestinationIp.h 2012-12-24 08:43:46 +0000 @@ -38,34 +38,36 @@ #include "ipcache.h" class DestinationIPLookup : public ACLChecklist::AsyncState { public: static DestinationIPLookup *Instance(); virtual void checkForAsync(ACLChecklist *)const; private: static DestinationIPLookup instance_; static IPH LookupDone; }; class ACLDestinationIP : public ACLIP { public: MEMPROXY_CLASS(ACLDestinationIP); + ACLDestinationIP(): ACLIP(ACLDestinationIP::SupportedFlags) {} virtual char const *typeString() const; virtual int match(ACLChecklist *checklist); virtual bool requiresRequest() const {return true;} virtual ACL *clone()const; + static ACLFlag SupportedFlags[]; private: static Prototype RegistryProtoype; static ACLDestinationIP RegistryEntry_; }; MEMPROXY_CLASS_INLINE(ACLDestinationIP); #endif /* SQUID_ACLDESTINATIONIP_H */ === modified file 'src/acl/HierCode.cc' --- src/acl/HierCode.cc 2012-08-28 13:00:30 +0000 +++ src/acl/HierCode.cc 2012-12-24 08:43:46 +0000 @@ -1,23 +1,23 @@ #include "squid.h" #include "acl/HierCode.h" #include "acl/HierCodeData.h" #include "acl/Checklist.h" #include "HttpRequest.h" /* explicit template instantiation required for some systems */ template class ACLStrategised; int -ACLHierCodeStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLHierCodeStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { return data->match (checklist->request->hier.code); } ACLHierCodeStrategy * ACLHierCodeStrategy::Instance() { return &Instance_; } ACLHierCodeStrategy ACLHierCodeStrategy::Instance_; === modified file 'src/acl/HierCode.h' --- src/acl/HierCode.h 2009-08-15 02:14:54 +0000 +++ src/acl/HierCode.h 2012-08-03 08:46:17 +0000 @@ -1,33 +1,33 @@ #ifndef SQUID_ACLHIERCODE_H #define SQUID_ACLHIERCODE_H #include "acl/Strategy.h" #include "acl/Strategised.h" #include "hier_code.h" /// \ingroup ACLAPI class ACLHierCodeStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); virtual bool requiresRequest() const {return true;} static ACLHierCodeStrategy *Instance(); /** * Not implemented to prevent copies of the instance. \par * Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLHierCodeStrategy(ACLHierCodeStrategy const &); private: static ACLHierCodeStrategy Instance_; ACLHierCodeStrategy() {} ACLHierCodeStrategy &operator=(ACLHierCodeStrategy const &); }; /// \ingroup ACLAPI === modified file 'src/acl/HttpRepHeader.cc' --- src/acl/HttpRepHeader.cc 2012-09-01 14:38:36 +0000 +++ src/acl/HttpRepHeader.cc 2012-12-24 08:43:46 +0000 @@ -21,33 +21,33 @@ * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #include "squid.h" #include "acl/HttpRepHeader.h" #include "acl/HttpHeaderData.h" #include "acl/Checklist.h" #include "HttpReply.h" int -ACLHTTPRepHeaderStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLHTTPRepHeaderStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { return data->match (&checklist->reply->header); } ACLHTTPRepHeaderStrategy * ACLHTTPRepHeaderStrategy::Instance() { return &Instance_; } ACLHTTPRepHeaderStrategy ACLHTTPRepHeaderStrategy::Instance_; === modified file 'src/acl/HttpRepHeader.h' --- src/acl/HttpRepHeader.h 2012-09-01 14:38:36 +0000 +++ src/acl/HttpRepHeader.h 2012-12-24 08:43:46 +0000 @@ -25,41 +25,41 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLHTTPREPHEADER_H #define SQUID_ACLHTTPREPHEADER_H #include "acl/Strategy.h" #include "acl/Strategised.h" #include "HttpHeader.h" /// \ingroup ACLAPI class ACLHTTPRepHeaderStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); virtual bool requiresReply() const { return true; } static ACLHTTPRepHeaderStrategy *Instance(); /** * Not implemented to prevent copies of the instance. \par * Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLHTTPRepHeaderStrategy(ACLHTTPRepHeaderStrategy const &); private: static ACLHTTPRepHeaderStrategy Instance_; ACLHTTPRepHeaderStrategy() { } ACLHTTPRepHeaderStrategy&operator = (ACLHTTPRepHeaderStrategy const &); }; /// \ingroup ACLAPI class ACLHTTPRepHeader === modified file 'src/acl/HttpReqHeader.cc' --- src/acl/HttpReqHeader.cc 2012-09-01 14:38:36 +0000 +++ src/acl/HttpReqHeader.cc 2012-12-24 08:43:46 +0000 @@ -21,33 +21,33 @@ * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #include "squid.h" #include "acl/HttpReqHeader.h" #include "acl/HttpHeaderData.h" #include "acl/Checklist.h" #include "HttpRequest.h" int -ACLHTTPReqHeaderStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLHTTPReqHeaderStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { return data->match (&checklist->request->header); } ACLHTTPReqHeaderStrategy * ACLHTTPReqHeaderStrategy::Instance() { return &Instance_; } ACLHTTPReqHeaderStrategy ACLHTTPReqHeaderStrategy::Instance_; === modified file 'src/acl/HttpReqHeader.h' --- src/acl/HttpReqHeader.h 2012-09-01 14:38:36 +0000 +++ src/acl/HttpReqHeader.h 2012-12-24 08:43:46 +0000 @@ -25,41 +25,41 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLHTTPREQHEADER_H #define SQUID_ACLHTTPREQHEADER_H #include "acl/Strategy.h" #include "acl/Strategised.h" #include "HttpHeader.h" /// \ingroup ACLAPI class ACLHTTPReqHeaderStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); virtual bool requiresRequest() const { return true; } static ACLHTTPReqHeaderStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLHTTPReqHeaderStrategy(ACLHTTPReqHeaderStrategy const &); private: static ACLHTTPReqHeaderStrategy Instance_; ACLHTTPReqHeaderStrategy() { } ACLHTTPReqHeaderStrategy&operator = (ACLHTTPReqHeaderStrategy const &); }; /// \ingroup ACLAPI class ACLHTTPReqHeader { private: === modified file 'src/acl/Ip.cc' --- src/acl/Ip.cc 2012-11-15 07:35:32 +0000 +++ src/acl/Ip.cc 2012-12-24 08:43:46 +0000 @@ -492,51 +492,56 @@ changed = 0; changed += q->addr1.ApplyMask(q->mask); changed += q->addr2.ApplyMask(q->mask); if (changed) debugs(28, DBG_CRITICAL, "aclIpParseIpData: WARNING: Netmask masks away part of the specified IP in '" << t << "'"); debugs(28,9, HERE << "Parsed: " << q->addr1 << "-" << q->addr2 << "/" << q->mask << "(/" << q->mask.GetCIDR() <<")"); /* 1.2.3.4/255.255.255.0 --> 1.2.3.0 */ /* Same as IPv6 (not so trivial to depict) */ return q; } void ACLIP::parse() { char *t = NULL; - while ((t = strtokFile())) { + flags.parseFlags(t); + + if (!t) + return; + + do { acl_ip_data *q = acl_ip_data::FactoryParse(t); while (q != NULL) { /* pop each result off the list and add it to the data tree individually */ acl_ip_data *next_node = q->next; q->next = NULL; data = data->insert(q, acl_ip_data::NetworkCompare); q = next_node; } - } + } while ((t = strtokFile())); } ACLIP::~ACLIP() { if (data) data->destroy(IPSplay::DefaultFree); } wordlist * ACLIP::dump() const { wordlist *w = NULL; data->walk (DumpIpListWalkee, &w); return w; } bool ACLIP::empty () const { return data->empty(); === modified file 'src/acl/Ip.h' --- src/acl/Ip.h 2010-05-02 19:32:42 +0000 +++ src/acl/Ip.h 2012-08-03 08:46:17 +0000 @@ -16,40 +16,41 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLIP_H #define SQUID_ACLIP_H #include "acl/Acl.h" +#include "acl/Data.h" #include "splay.h" #include "ip/Address.h" /// \ingroup ACLAPI class acl_ip_data { public: MEMPROXY_CLASS(acl_ip_data); static acl_ip_data *FactoryParse(char const *); static int NetworkCompare(acl_ip_data * const & a, acl_ip_data * const &b); acl_ip_data (); acl_ip_data (Ip::Address const &, Ip::Address const &, Ip::Address const &, acl_ip_data *); void toStr(char *buf, int len) const; Ip::Address addr1; Ip::Address addr2; @@ -57,40 +58,41 @@ Ip::Address mask; /**< \todo This should perhapse be stored as a CIDR range now instead of a full IP mask. */ acl_ip_data *next; /**< used for parsing, not for storing */ private: static bool DecodeMask(const char *asc, Ip::Address &mask, int string_format_type); }; MEMPROXY_CLASS_INLINE(acl_ip_data); /// \ingroup ACLAPI class ACLIP : public ACL { public: void *operator new(size_t); void operator delete(void *); ACLIP() : data(NULL) {} + explicit ACLIP(const ACLFlag flags[]) : ACL(flags), data(NULL) {} ~ACLIP(); typedef SplayNode IPSplay; virtual char const *typeString() const = 0; virtual void parse(); // virtual bool isProxyAuth() const {return true;} virtual int match(ACLChecklist *checklist) = 0; virtual wordlist *dump() const; virtual bool empty () const; protected: int match(Ip::Address &); IPSplay *data; private: static void DumpIpListWalkee(acl_ip_data * const & ip, void *state); }; === modified file 'src/acl/LocalPort.cc' --- src/acl/LocalPort.cc 2012-09-01 14:38:36 +0000 +++ src/acl/LocalPort.cc 2012-12-24 08:43:46 +0000 @@ -20,32 +20,32 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #include "squid.h" #include "acl/LocalPort.h" #include "acl/IntRange.h" #include "acl/Checklist.h" int -ACLLocalPortStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLLocalPortStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { return data->match (checklist->my_addr.GetPort()); } ACLLocalPortStrategy * ACLLocalPortStrategy::Instance() { return &Instance_; } ACLLocalPortStrategy ACLLocalPortStrategy::Instance_; === modified file 'src/acl/LocalPort.h' --- src/acl/LocalPort.h 2012-09-01 14:38:36 +0000 +++ src/acl/LocalPort.h 2012-12-24 08:43:46 +0000 @@ -24,41 +24,41 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLLOCALPORT_H #define SQUID_ACLLOCALPORT_H #include "acl/Strategy.h" #include "acl/Strategised.h" /// \ingroup ACLAPI class ACLLocalPortStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLLocalPortStrategy *Instance(); /** * Not implemented to prevent copies of the instance. \par * Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLLocalPortStrategy(ACLLocalPortStrategy const &); private: static ACLLocalPortStrategy Instance_; ACLLocalPortStrategy() {} ACLLocalPortStrategy&operator=(ACLLocalPortStrategy const &); }; /// \ingroup ACLAPI class ACLLocalPort { === modified file 'src/acl/Method.cc' --- src/acl/Method.cc 2012-09-01 14:38:36 +0000 +++ src/acl/Method.cc 2012-12-24 08:43:46 +0000 @@ -25,32 +25,32 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #include "squid.h" #include "acl/Method.h" #include "acl/MethodData.h" #include "acl/Checklist.h" #include "HttpRequest.h" /* explicit template instantiation required for some systems */ template class ACLStrategised; int -ACLMethodStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLMethodStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { return data->match (checklist->request->method); } ACLMethodStrategy * ACLMethodStrategy::Instance() { return &Instance_; } ACLMethodStrategy ACLMethodStrategy::Instance_; === modified file 'src/acl/Method.h' --- src/acl/Method.h 2012-09-01 14:38:36 +0000 +++ src/acl/Method.h 2012-12-24 08:43:46 +0000 @@ -25,41 +25,41 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLMETHOD_H #define SQUID_ACLMETHOD_H #include "acl/Strategy.h" #include "acl/Strategised.h" #include "HttpRequestMethod.h" /// \ingroup ACLAPI class ACLMethodStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); virtual bool requiresRequest() const {return true;} static ACLMethodStrategy *Instance(); /** * Not implemented to prevent copies of the instance. \par * Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLMethodStrategy(ACLMethodStrategy const &); private: static ACLMethodStrategy Instance_; ACLMethodStrategy() {} ACLMethodStrategy&operator=(ACLMethodStrategy const &); }; /// \ingroup ACLAPI === modified file 'src/acl/MyPortName.cc' --- src/acl/MyPortName.cc 2012-09-01 14:38:36 +0000 +++ src/acl/MyPortName.cc 2012-12-24 08:43:46 +0000 @@ -25,36 +25,36 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #include "squid.h" #include "acl/MyPortName.h" #include "acl/StringData.h" #include "acl/Checklist.h" #include "anyp/PortCfg.h" #include "HttpRequest.h" /* for ConnStateData */ #include "client_side.h" int -ACLMyPortNameStrategy::match(ACLData * &data, ACLFilledChecklist *checklist) +ACLMyPortNameStrategy::match(ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { if (checklist->conn() != NULL) return data->match(checklist->conn()->port->name); if (checklist->request != NULL) return data->match(checklist->request->myportname.termedBuf()); return 0; } ACLMyPortNameStrategy * ACLMyPortNameStrategy::Instance() { return &Instance_; } ACLMyPortNameStrategy ACLMyPortNameStrategy::Instance_; === modified file 'src/acl/MyPortName.h' --- src/acl/MyPortName.h 2012-09-01 14:38:36 +0000 +++ src/acl/MyPortName.h 2012-12-24 08:43:46 +0000 @@ -23,41 +23,41 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLMYPORTNAME_H #define SQUID_ACLMYPORTNAME_H #include "acl/Strategy.h" #include "acl/Strategised.h" class ACLMyPortNameStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLMyPortNameStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLMyPortNameStrategy(ACLMyPortNameStrategy const &); private: static ACLMyPortNameStrategy Instance_; ACLMyPortNameStrategy() {} ACLMyPortNameStrategy&operator=(ACLMyPortNameStrategy const &); }; class ACLMyPortName { private: static ACL::Prototype RegistryProtoype; static ACLStrategised RegistryEntry_; }; === modified file 'src/acl/PeerName.cc' --- src/acl/PeerName.cc 2012-09-04 15:15:51 +0000 +++ src/acl/PeerName.cc 2012-12-24 08:43:46 +0000 @@ -1,22 +1,22 @@ #include "squid.h" #include "acl/PeerName.h" #include "acl/RegexData.h" #include "acl/StringData.h" #include "acl/Checklist.h" #include "CachePeer.h" int -ACLPeerNameStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLPeerNameStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { if (checklist->dst_peer != NULL && checklist->dst_peer->name != NULL) return data->match(checklist->dst_peer->name); return 0; } ACLPeerNameStrategy * ACLPeerNameStrategy::Instance() { return &Instance_; } ACLPeerNameStrategy ACLPeerNameStrategy::Instance_; === modified file 'src/acl/PeerName.h' --- src/acl/PeerName.h 2012-08-13 07:24:50 +0000 +++ src/acl/PeerName.h 2012-12-24 08:43:46 +0000 @@ -1,31 +1,31 @@ #ifndef SQUID_ACLPEERNAME_H #define SQUID_ACLPEERNAME_H #include "acl/Strategy.h" #include "acl/Strategised.h" class ACLPeerNameStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLPeerNameStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLPeerNameStrategy(ACLPeerNameStrategy const &); private: static ACLPeerNameStrategy Instance_; ACLPeerNameStrategy() {} ACLPeerNameStrategy&operator=(ACLPeerNameStrategy const &); }; class ACLPeerName { private: static ACL::Prototype RegistryProtoype; static ACLStrategised RegistryEntry_; static ACL::Prototype RegexRegistryProtoype; === modified file 'src/acl/Protocol.cc' --- src/acl/Protocol.cc 2012-09-01 14:38:36 +0000 +++ src/acl/Protocol.cc 2012-12-24 08:43:46 +0000 @@ -25,32 +25,32 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #include "squid.h" #include "acl/Protocol.h" #include "acl/ProtocolData.h" #include "acl/Checklist.h" #include "HttpRequest.h" /* explicit template instantiation required for some systems */ template class ACLStrategised; int -ACLProtocolStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLProtocolStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { return data->match (checklist->request->protocol); } ACLProtocolStrategy * ACLProtocolStrategy::Instance() { return &Instance_; } ACLProtocolStrategy ACLProtocolStrategy::Instance_; === modified file 'src/acl/Protocol.h' --- src/acl/Protocol.h 2012-09-01 14:38:36 +0000 +++ src/acl/Protocol.h 2012-12-24 08:43:46 +0000 @@ -25,41 +25,41 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLPROTOCOL_H #define SQUID_ACLPROTOCOL_H #include "acl/Strategy.h" #include "acl/Strategised.h" #include "anyp/ProtocolType.h" class ACLProtocolStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); virtual bool requiresRequest() const {return true;} static ACLProtocolStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLProtocolStrategy(ACLProtocolStrategy const &); private: static ACLProtocolStrategy Instance_; ACLProtocolStrategy() {} ACLProtocolStrategy&operator=(ACLProtocolStrategy const &); }; class ACLProtocol { private: static ACL::Prototype RegistryProtoype; === modified file 'src/acl/ReplyHeaderStrategy.h' --- src/acl/ReplyHeaderStrategy.h 2012-09-01 14:38:36 +0000 +++ src/acl/ReplyHeaderStrategy.h 2012-12-24 08:43:46 +0000 @@ -28,59 +28,59 @@ * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLREPLYHEADERSTRATEGY_H #define SQUID_ACLREPLYHEADERSTRATEGY_H class ACLChecklist; #include "acl/Acl.h" #include "acl/Data.h" #include "acl/Strategy.h" #include "acl/FilledChecklist.h" #include "HttpReply.h" template class ACLReplyHeaderStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); virtual bool requiresReply() const {return true;} static ACLReplyHeaderStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLReplyHeaderStrategy(ACLReplyHeaderStrategy const &); private: static ACLReplyHeaderStrategy *Instance_; ACLReplyHeaderStrategy() {} ACLReplyHeaderStrategy&operator=(ACLReplyHeaderStrategy const &); }; template int -ACLReplyHeaderStrategy
::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLReplyHeaderStrategy
::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { char const *theHeader = checklist->reply->header.getStr(header); if (NULL == theHeader) return 0; return data->match(theHeader); } template ACLReplyHeaderStrategy
* ACLReplyHeaderStrategy
::Instance() { if (!Instance_) Instance_ = new ACLReplyHeaderStrategy
; return Instance_; } template === modified file 'src/acl/ReplyMimeType.h' --- src/acl/ReplyMimeType.h 2012-09-01 14:38:36 +0000 +++ src/acl/ReplyMimeType.h 2012-12-24 08:43:46 +0000 @@ -34,31 +34,31 @@ #include "acl/Acl.h" #include "acl/Strategised.h" class ACLReplyMIMEType { private: static ACL::Prototype RegistryProtoype; static ACLStrategised RegistryEntry_; }; /* partial specialisation */ #include "acl/Data.h" #include "acl/ReplyHeaderStrategy.h" #include "acl/Checklist.h" template <> inline int -ACLReplyHeaderStrategy::match(ACLData * &data, ACLFilledChecklist *checklist) +ACLReplyHeaderStrategy::match(ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { char const *theHeader = checklist->reply->header.getStr(HDR_CONTENT_TYPE); if (NULL == theHeader) theHeader = ""; return data->match(theHeader); } #endif /* SQUID_ACLREPLYMIMETYPE_H */ === modified file 'src/acl/RequestHeaderStrategy.h' --- src/acl/RequestHeaderStrategy.h 2012-09-01 14:38:36 +0000 +++ src/acl/RequestHeaderStrategy.h 2012-12-24 08:43:46 +0000 @@ -28,59 +28,59 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLREQUESTHEADERSTRATEGY_H #define SQUID_ACLREQUESTHEADERSTRATEGY_H #include "acl/Acl.h" #include "acl/Data.h" #include "acl/Strategy.h" #include "HttpRequest.h" #include "acl/FilledChecklist.h" template class ACLRequestHeaderStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); virtual bool requiresRequest() const {return true;} static ACLRequestHeaderStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLRequestHeaderStrategy(ACLRequestHeaderStrategy const &); private: static ACLRequestHeaderStrategy *Instance_; ACLRequestHeaderStrategy() {} ACLRequestHeaderStrategy&operator=(ACLRequestHeaderStrategy const &); }; template int -ACLRequestHeaderStrategy
::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLRequestHeaderStrategy
::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { char const *theHeader = checklist->request->header.getStr(header); if (NULL == theHeader) return 0; return data->match(theHeader); } template ACLRequestHeaderStrategy
* ACLRequestHeaderStrategy
::Instance() { if (!Instance_) Instance_ = new ACLRequestHeaderStrategy
; return Instance_; } template === modified file 'src/acl/RequestMimeType.h' --- src/acl/RequestMimeType.h 2012-09-01 14:38:36 +0000 +++ src/acl/RequestMimeType.h 2012-12-24 08:43:46 +0000 @@ -34,31 +34,31 @@ #include "acl/Acl.h" #include "acl/Strategised.h" class ACLRequestMIMEType { private: static ACL::Prototype RegistryProtoype; static ACLStrategised RegistryEntry_; }; /* partial specialisation */ #include "acl/Data.h" #include "acl/RequestHeaderStrategy.h" #include "acl/Checklist.h" template <> inline int -ACLRequestHeaderStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLRequestHeaderStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { char const *theHeader = checklist->request->header.getStr(HDR_CONTENT_TYPE); if (NULL == theHeader) theHeader = ""; return data->match(theHeader); } #endif /* SQUID_ACLREQUESTMIMETYPE_H */ === modified file 'src/acl/ServerCertificate.cc' --- src/acl/ServerCertificate.cc 2012-11-24 15:44:47 +0000 +++ src/acl/ServerCertificate.cc 2012-12-24 09:27:06 +0000 @@ -1,36 +1,36 @@ /* */ #include "squid.h" #if USE_SSL #include "acl/ServerCertificate.h" #include "acl/Checklist.h" #include "acl/CertificateData.h" #include "client_side.h" #include "fde.h" #include "ssl/ServerBump.h" int -ACLServerCertificateStrategy::match(ACLData * &data, ACLFilledChecklist *checklist) +ACLServerCertificateStrategy::match(ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { X509 *cert = NULL; if (checklist->serverCert.get()) cert = checklist->serverCert.get(); else if (checklist->conn() != NULL && checklist->conn()->serverBump()) cert = checklist->conn()->serverBump()->serverCert.get(); if (!cert) return 0; return data->match(cert); } ACLServerCertificateStrategy * ACLServerCertificateStrategy::Instance() { return &Instance_; } ACLServerCertificateStrategy ACLServerCertificateStrategy::Instance_; === modified file 'src/acl/ServerCertificate.h' --- src/acl/ServerCertificate.h 2012-11-24 15:44:47 +0000 +++ src/acl/ServerCertificate.h 2012-12-24 09:26:56 +0000 @@ -1,37 +1,37 @@ /* */ #ifndef SQUID_ACLSERVERCERTIFICATE_H #define SQUID_ACLSERVERCERTIFICATE_H #include "acl/Acl.h" #include "acl/Data.h" #include "acl/Checklist.h" #include "ssl/support.h" #include "acl/Strategised.h" /// \ingroup ACLAPI class ACLServerCertificateStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLServerCertificateStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLServerCertificateStrategy(ACLServerCertificateStrategy const &); private: static ACLServerCertificateStrategy Instance_; ACLServerCertificateStrategy() {} ACLServerCertificateStrategy&operator=(ACLServerCertificateStrategy const &); }; /// \ingroup ACLAPI class ACLServerCertificate { private: static ACL::Prototype X509FingerprintRegistryProtoype; static ACLStrategised X509FingerprintRegistryEntry_; }; === modified file 'src/acl/SourceAsn.h' --- src/acl/SourceAsn.h 2010-05-02 19:32:42 +0000 +++ src/acl/SourceAsn.h 2012-08-03 08:46:17 +0000 @@ -27,35 +27,35 @@ * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLSOURCEASN_H #define SQUID_ACLSOURCEASN_H #if 0 #include "acl/Asn.h" #endif class ACLChecklist; #include "acl/Strategy.h" #include "ip/Address.h" class ACLSourceASNStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLSourceASNStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLSourceASNStrategy(ACLSourceASNStrategy const &); private: static ACLSourceASNStrategy Instance_; ACLSourceASNStrategy() {} ACLSourceASNStrategy&operator=(ACLSourceASNStrategy const &); }; #endif /* SQUID_ACLSOURCEASN_H */ === modified file 'src/acl/SourceDomain.cc' --- src/acl/SourceDomain.cc 2012-09-01 14:38:36 +0000 +++ src/acl/SourceDomain.cc 2012-12-24 08:43:46 +0000 @@ -52,41 +52,41 @@ SourceDomainLookup::checkForAsync(ACLChecklist *checklist) const { checklist->asyncInProgress(true); fqdncache_nbgethostbyaddr(Filled(checklist)->src_addr, LookupDone, checklist); } void SourceDomainLookup::LookupDone(const char *fqdn, const DnsLookupDetails &details, void *data) { ACLFilledChecklist *checklist = Filled((ACLChecklist*)data); assert (checklist->asyncState() == SourceDomainLookup::Instance()); checklist->asyncInProgress(false); checklist->changeState (ACLChecklist::NullState::Instance()); checklist->markSourceDomainChecked(); checklist->request->recordLookup(details); checklist->matchNonBlocking(); } int -ACLSourceDomainStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLSourceDomainStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { const char *fqdn = NULL; fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS); if (fqdn) { return data->match(fqdn); } else if (!checklist->sourceDomainChecked()) { /* FIXME: Using AclMatchedName here is not OO correct. Should find a way to the current acl */ debugs(28, 3, "aclMatchAcl: Can't yet compare '" << AclMatchedName << "' ACL for '" << checklist->src_addr << "'"); checklist->changeState(SourceDomainLookup::Instance()); return 0; } return data->match("none"); } ACLSourceDomainStrategy * ACLSourceDomainStrategy::Instance() { return &Instance_; === modified file 'src/acl/SourceDomain.h' --- src/acl/SourceDomain.h 2012-09-01 14:38:36 +0000 +++ src/acl/SourceDomain.h 2012-12-24 08:43:46 +0000 @@ -25,41 +25,41 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLSOURCEDOMAIN_H #define SQUID_ACLSOURCEDOMAIN_H #include "acl/Acl.h" #include "acl/Data.h" #include "acl/Checklist.h" #include "acl/Strategised.h" class ACLSourceDomainStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLSourceDomainStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLSourceDomainStrategy(ACLSourceDomainStrategy const &); private: static ACLSourceDomainStrategy Instance_; ACLSourceDomainStrategy() {} ACLSourceDomainStrategy&operator=(ACLSourceDomainStrategy const &); }; class SourceDomainLookup : public ACLChecklist::AsyncState { public: static SourceDomainLookup *Instance(); virtual void checkForAsync(ACLChecklist *)const; === modified file 'src/acl/SslError.cc' --- src/acl/SslError.cc 2012-10-04 11:10:17 +0000 +++ src/acl/SslError.cc 2012-12-24 08:43:46 +0000 @@ -1,18 +1,18 @@ #include "squid.h" #include "acl/SslError.h" #include "acl/SslErrorData.h" #include "acl/Checklist.h" int -ACLSslErrorStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLSslErrorStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { return data->match (checklist->sslErrors); } ACLSslErrorStrategy * ACLSslErrorStrategy::Instance() { return &Instance_; } ACLSslErrorStrategy ACLSslErrorStrategy::Instance_; === modified file 'src/acl/SslError.h' --- src/acl/SslError.h 2012-10-04 11:10:17 +0000 +++ src/acl/SslError.h 2012-12-24 08:43:46 +0000 @@ -1,31 +1,31 @@ #ifndef SQUID_ACLSSL_ERROR_H #define SQUID_ACLSSL_ERROR_H #include "acl/Strategy.h" #include "acl/Strategised.h" #include "ssl/support.h" class ACLSslErrorStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLSslErrorStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLSslErrorStrategy(ACLSslErrorStrategy const &); private: static ACLSslErrorStrategy Instance_; ACLSslErrorStrategy() {} ACLSslErrorStrategy&operator=(ACLSslErrorStrategy const &); }; class ACLSslError { private: static ACL::Prototype RegistryProtoype; static ACLStrategised RegistryEntry_; }; === modified file 'src/acl/Strategised.h' --- src/acl/Strategised.h 2012-09-01 14:38:36 +0000 +++ src/acl/Strategised.h 2012-12-24 08:43:46 +0000 @@ -32,41 +32,41 @@ */ #ifndef SQUID_ACLSTRATEGISED_H #define SQUID_ACLSTRATEGISED_H #include "acl/Acl.h" #include "acl/Data.h" #include "acl/Strategy.h" #include "acl/FilledChecklist.h" template class ACLStrategised : public ACL { public: typedef M MatchType; void *operator new(size_t); void operator delete(void *); ~ACLStrategised(); - ACLStrategised(ACLData *, ACLStrategy *, char const *); + ACLStrategised(ACLData *, ACLStrategy *, char const *, const ACLFlag flags[] = ACLFlags::NoFlags); ACLStrategised (ACLStrategised const &); ACLStrategised &operator= (ACLStrategised const &); virtual char const *typeString() const; virtual bool requiresRequest() const {return matcher->requiresRequest();} virtual bool requiresReply() const {return matcher->requiresReply();} virtual void prepareForUse() { data->prepareForUse();} virtual void parse(); virtual int match(ACLChecklist *checklist); virtual int match (M const &); virtual wordlist *dump() const; virtual bool empty () const; virtual bool valid () const; virtual ACL *clone()const; private: static MemAllocator *Pool; @@ -90,41 +90,41 @@ if (!Pool) Pool = memPoolCreate("ACLStrategised", sizeof (ACLStrategised)); return Pool->alloc(); } template void ACLStrategised::operator delete (void *address) { Pool->freeOne(address); } template ACLStrategised::~ACLStrategised() { delete data; } template -ACLStrategised::ACLStrategised(ACLData *newData, ACLStrategy *theStrategy, char const *theType) : data (newData), type_(theType), matcher(theStrategy) {} +ACLStrategised::ACLStrategised(ACLData *newData, ACLStrategy *theStrategy, char const *theType, const ACLFlag flgs[]) : ACL(flgs), data (newData), type_(theType), matcher(theStrategy) {} template ACLStrategised::ACLStrategised (ACLStrategised const &old) : data (old.data->clone()), type_(old.type_), matcher (old.matcher) {} template ACLStrategised & ACLStrategised::operator= (ACLStrategised const &rhs) { data = rhs.data->clone(); type_ = rhs.type_; matcher = rhs.matcher; return *this; } template char const * ACLStrategised::typeString() const { return type_; @@ -133,41 +133,41 @@ template void ACLStrategised::parse() { data->parse(); } template bool ACLStrategised::empty() const { return data->empty(); } template int ACLStrategised::match(ACLChecklist *cl) { ACLFilledChecklist *checklist = dynamic_cast(cl); assert(checklist); - return matcher->match(data, checklist); + return matcher->match(data, checklist, flags); } template int ACLStrategised::match(MatchType const &toFind) { return data->match(toFind); } template wordlist * ACLStrategised::dump() const { return data->dump(); } template bool ACLStrategised::valid () const { === modified file 'src/acl/Strategy.h' --- src/acl/Strategy.h 2012-09-01 14:38:36 +0000 +++ src/acl/Strategy.h 2012-12-24 08:43:46 +0000 @@ -17,42 +17,43 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLSTRATEGY_H #define SQUID_ACLSTRATEGY_H +#include "acl/Acl.h" #include "acl/Data.h" class ACLFilledChecklist; template class ACLStrategy { public: typedef M MatchType; - virtual int match (ACLData * &, ACLFilledChecklist *) = 0; + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &) = 0; virtual bool requiresRequest() const {return false;} virtual bool requiresReply() const {return false;} virtual bool valid() const {return true;} virtual ~ACLStrategy() {} }; #endif /* SQUID_ACLSTRATEGY_H */ === modified file 'src/acl/Tag.cc' --- src/acl/Tag.cc 2012-08-14 11:53:07 +0000 +++ src/acl/Tag.cc 2012-12-24 08:43:46 +0000 @@ -24,34 +24,34 @@ * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins * Copyright (c) 2009, Henrik Nordstrom */ #include "squid.h" #include "acl/Tag.h" #include "acl/StringData.h" #include "acl/Checklist.h" #include "HttpRequest.h" int -ACLTagStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLTagStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { if (checklist->request != NULL) return data->match (checklist->request->tag.termedBuf()); return 0; } ACLTagStrategy * ACLTagStrategy::Instance() { return &Instance_; } ACLTagStrategy ACLTagStrategy::Instance_; === modified file 'src/acl/Tag.h' --- src/acl/Tag.h 2012-09-01 14:38:36 +0000 +++ src/acl/Tag.h 2012-12-24 08:43:46 +0000 @@ -24,41 +24,41 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins * Copyright (c) 2009, Henrik Nordstrom */ #ifndef SQUID_ACLTAG_H #define SQUID_ACLTAG_H #include "acl/Strategy.h" #include "acl/Strategised.h" class ACLTagStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLTagStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLTagStrategy(ACLTagStrategy const &); private: static ACLTagStrategy Instance_; ACLTagStrategy() {} ACLTagStrategy&operator=(ACLTagStrategy const &); }; class ACLTag { private: static ACL::Prototype RegistryProtoype; static ACLStrategised RegistryEntry_; }; === modified file 'src/acl/Time.cc' --- src/acl/Time.cc 2012-09-01 14:38:36 +0000 +++ src/acl/Time.cc 2012-12-24 08:43:46 +0000 @@ -21,32 +21,32 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #include "squid.h" #include "acl/Time.h" #include "acl/TimeData.h" #include "SquidTime.h" int -ACLTimeStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLTimeStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { return data->match (squid_curtime); } ACLTimeStrategy * ACLTimeStrategy::Instance() { return &Instance_; } ACLTimeStrategy ACLTimeStrategy::Instance_; === modified file 'src/acl/Time.h' --- src/acl/Time.h 2012-09-01 14:38:36 +0000 +++ src/acl/Time.h 2012-12-24 08:43:46 +0000 @@ -26,41 +26,41 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLTIME_H #define SQUID_ACLTIME_H #include "acl/Acl.h" #include "acl/Data.h" #include "acl/Strategised.h" class ACLChecklist; // XXX: we do not need it class ACLTimeStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLTimeStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLTimeStrategy(ACLTimeStrategy const &); private: static ACLTimeStrategy Instance_; ACLTimeStrategy() {} ACLTimeStrategy&operator=(ACLTimeStrategy const &); }; class ACLTime { public: static ACL::Prototype RegistryProtoype; static ACLStrategised RegistryEntry_; }; === modified file 'src/acl/Url.cc' --- src/acl/Url.cc 2012-09-01 14:38:36 +0000 +++ src/acl/Url.cc 2012-12-24 08:43:46 +0000 @@ -23,36 +23,36 @@ * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #include "squid.h" #include "acl/Url.h" #include "acl/Checklist.h" #include "acl/RegexData.h" #include "rfc1738.h" #include "URL.h" int -ACLUrlStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLUrlStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { char *esc_buf = xstrdup(urlCanonical(checklist->request)); rfc1738_unescape(esc_buf); int result = data->match(esc_buf); safe_free(esc_buf); return result; } ACLUrlStrategy * ACLUrlStrategy::Instance() { return &Instance_; } ACLUrlStrategy ACLUrlStrategy::Instance_; === modified file 'src/acl/Url.h' --- src/acl/Url.h 2012-09-01 14:38:36 +0000 +++ src/acl/Url.h 2012-12-24 08:43:46 +0000 @@ -24,41 +24,41 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLURL_H #define SQUID_ACLURL_H #include "acl/Acl.h" #include "acl/Data.h" #include "acl/Strategised.h" class ACLUrlStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); virtual bool requiresRequest() const {return true;} static ACLUrlStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLUrlStrategy(ACLUrlStrategy const &); private: static ACLUrlStrategy Instance_; ACLUrlStrategy() {} ACLUrlStrategy&operator=(ACLUrlStrategy const &); }; class ACLUrl { public: static ACL::Prototype RegistryProtoype; === modified file 'src/acl/UrlLogin.cc' --- src/acl/UrlLogin.cc 2012-10-29 13:01:01 +0000 +++ src/acl/UrlLogin.cc 2012-12-24 09:26:13 +0000 @@ -21,36 +21,36 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * */ #include "squid.h" #include "acl/UrlLogin.h" #include "acl/Checklist.h" #include "acl/RegexData.h" #include "HttpRequest.h" #include "rfc1738.h" int -ACLUrlLoginStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLUrlLoginStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { char *esc_buf = xstrdup(checklist->request->login); rfc1738_unescape(esc_buf); int result = data->match(esc_buf); safe_free(esc_buf); return result; } ACLUrlLoginStrategy * ACLUrlLoginStrategy::Instance() { return &Instance_; } ACLUrlLoginStrategy ACLUrlLoginStrategy::Instance_; === modified file 'src/acl/UrlLogin.h' --- src/acl/UrlLogin.h 2012-10-29 13:01:01 +0000 +++ src/acl/UrlLogin.h 2012-12-24 09:25:51 +0000 @@ -28,41 +28,41 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLURLLOGIN_H #define SQUID_ACLURLLOGIN_H #include "acl/Acl.h" #include "acl/Data.h" #include "acl/Strategy.h" #include "acl/Strategised.h" class ACLUrlLoginStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); virtual bool requiresRequest() const {return true;} static ACLUrlLoginStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLUrlLoginStrategy(ACLUrlLoginStrategy const &); private: static ACLUrlLoginStrategy Instance_; ACLUrlLoginStrategy() {} ACLUrlLoginStrategy&operator=(ACLUrlLoginStrategy const &); }; class ACLUrlLogin { public: static ACL::Prototype RegistryProtoype; === modified file 'src/acl/UrlPath.cc' --- src/acl/UrlPath.cc 2012-09-01 14:38:36 +0000 +++ src/acl/UrlPath.cc 2012-12-24 08:43:46 +0000 @@ -23,36 +23,36 @@ * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #include "squid.h" #include "acl/UrlPath.h" #include "acl/Checklist.h" #include "acl/RegexData.h" #include "HttpRequest.h" #include "rfc1738.h" int -ACLUrlPathStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLUrlPathStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { char *esc_buf = xstrdup(checklist->request->urlpath.termedBuf()); rfc1738_unescape(esc_buf); int result = data->match(esc_buf); safe_free(esc_buf); return result; } ACLUrlPathStrategy * ACLUrlPathStrategy::Instance() { return &Instance_; } ACLUrlPathStrategy ACLUrlPathStrategy::Instance_; === modified file 'src/acl/UrlPath.h' --- src/acl/UrlPath.h 2012-09-01 14:38:36 +0000 +++ src/acl/UrlPath.h 2012-12-24 08:43:46 +0000 @@ -25,41 +25,41 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLURLPATH_H #define SQUID_ACLURLPATH_H #include "acl/Acl.h" #include "acl/Data.h" #include "acl/Strategy.h" #include "acl/Strategised.h" class ACLUrlPathStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); virtual bool requiresRequest() const {return true;} static ACLUrlPathStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLUrlPathStrategy(ACLUrlPathStrategy const &); private: static ACLUrlPathStrategy Instance_; ACLUrlPathStrategy() {} ACLUrlPathStrategy&operator=(ACLUrlPathStrategy const &); }; class ACLUrlPath { public: static ACL::Prototype RegistryProtoype; === modified file 'src/acl/UrlPort.cc' --- src/acl/UrlPort.cc 2012-09-01 14:38:36 +0000 +++ src/acl/UrlPort.cc 2012-12-24 08:43:46 +0000 @@ -21,32 +21,32 @@ * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #include "squid.h" #include "acl/UrlPort.h" #include "acl/IntRange.h" #include "acl/Checklist.h" #include "HttpRequest.h" int -ACLUrlPortStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLUrlPortStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { return data->match (checklist->request->port); } ACLUrlPortStrategy * ACLUrlPortStrategy::Instance() { return &Instance_; } ACLUrlPortStrategy ACLUrlPortStrategy::Instance_; === modified file 'src/acl/UrlPort.h' --- src/acl/UrlPort.h 2012-09-01 14:38:36 +0000 +++ src/acl/UrlPort.h 2012-12-24 08:43:46 +0000 @@ -23,41 +23,41 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * * * Copyright (c) 2003, Robert Collins */ #ifndef SQUID_ACLURLPORT_H #define SQUID_ACLURLPORT_H #include "acl/Strategy.h" #include "acl/Strategised.h" class ACLUrlPortStrategy : public ACLStrategy { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); virtual bool requiresRequest() const {return true;} static ACLUrlPortStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g+++ warnings about * private constructors with no friends */ ACLUrlPortStrategy(ACLUrlPortStrategy const &); private: static ACLUrlPortStrategy Instance_; ACLUrlPortStrategy() {} ACLUrlPortStrategy&operator=(ACLUrlPortStrategy const &); }; class ACLUrlPort { private: static ACL::Prototype RegistryProtoype; === modified file 'src/cache_cf.cc' --- src/cache_cf.cc 2012-11-17 12:58:59 +0000 +++ src/cache_cf.cc 2012-12-24 08:43:46 +0000 @@ -1244,44 +1244,45 @@ if (!strncasecmp(unit, B_GBYTES_STR, strlen(B_GBYTES_STR))) return 1 << 30; debugs(3, DBG_CRITICAL, "WARNING: Unknown bytes unit '" << unit << "'"); return 0; } /***************************************************************************** * Max *****************************************************************************/ static void dump_acl(StoreEntry * entry, const char *name, ACL * ae) { wordlist *w; wordlist *v; while (ae != NULL) { debugs(3, 3, "dump_acl: " << name << " " << ae->name); - storeAppendPrintf(entry, "%s %s %s ", + storeAppendPrintf(entry, "%s %s %s %s ", name, ae->name, - ae->typeString()); + ae->typeString(), + ae->flags.flagsStr()); v = w = ae->dump(); while (v != NULL) { debugs(3, 3, "dump_acl: " << name << " " << ae->name << " " << v->key); storeAppendPrintf(entry, "%s ", v->key); v = v->next; } storeAppendPrintf(entry, "\n"); wordlistDestroy(&w); ae = ae->next; } } static void parse_acl(ACL ** ae) { ACL::ParseAclLine(LegacyParser, ae); } === modified file 'src/external_acl.cc' --- src/external_acl.cc 2012-11-27 21:19:46 +0000 +++ src/external_acl.cc 2012-12-24 08:43:46 +0000 @@ -688,41 +688,41 @@ static void free_external_acl_data(void *data) { external_acl_data *p = static_cast(data); wordlistDestroy(&p->arguments); cbdataReferenceDone(p->def); } void ACLExternal::parse() { char *token; if (data) self_destruct(); CBDATA_INIT_TYPE_FREECB(external_acl_data, free_external_acl_data); data = cbdataAlloc(external_acl_data); - token = strtok(NULL, w_space); + token = strtokFile(); if (!token) self_destruct(); data->def = cbdataReference(find_externalAclHelper(token)); if (!data->def) self_destruct(); while ((token = strtokFile())) { wordlistAdd(&data->arguments, token); } } bool ACLExternal::valid () const { #if USE_AUTH if (data->def->require_auth) { if (authenticateSchemeCount() == 0) { === modified file 'src/snmp_core.cc' --- src/snmp_core.cc 2012-10-10 09:14:27 +0000 +++ src/snmp_core.cc 2012-12-24 08:43:46 +0000 @@ -1143,58 +1143,58 @@ MemBuf tmp; debugs(49, 7, "oid2addr: id : " << snmpDebugOid(id, size, tmp) ); for (i=0 ; i { public: - virtual int match (ACLData * &, ACLFilledChecklist *); + virtual int match (ACLData * &, ACLFilledChecklist *, ACLFlags &); static ACLSNMPCommunityStrategy *Instance(); /* Not implemented to prevent copies of the instance. */ /* Not private to prevent brain dead g++ warnings about * private constructors with no friends */ ACLSNMPCommunityStrategy(ACLSNMPCommunityStrategy const &); private: static ACLSNMPCommunityStrategy Instance_; ACLSNMPCommunityStrategy() {} ACLSNMPCommunityStrategy&operator=(ACLSNMPCommunityStrategy const &); }; class ACLSNMPCommunity { private: static ACL::Prototype RegistryProtoype; static ACLStrategised RegistryEntry_; }; ACL::Prototype ACLSNMPCommunity::RegistryProtoype(&ACLSNMPCommunity::RegistryEntry_, "snmp_community"); ACLStrategised ACLSNMPCommunity::RegistryEntry_(new ACLStringData, ACLSNMPCommunityStrategy::Instance(), "snmp_community"); int -ACLSNMPCommunityStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +ACLSNMPCommunityStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { return data->match (checklist->snmp_community); } ACLSNMPCommunityStrategy * ACLSNMPCommunityStrategy::Instance() { return &Instance_; } ACLSNMPCommunityStrategy ACLSNMPCommunityStrategy::Instance_;