--------------------- PatchSet 2088 Date: 2001/04/26 00:09:08 Author: rbcollins Branch: generic_modules Tag: (none) Log: removed type field from acl Members: src/acl.c:1.21.4.12->1.21.4.13 src/acl.h:1.1.2.2->1.1.2.3 src/asn.c:1.9.4.3->1.9.4.4 src/cache_cf.c:1.18.4.26->1.18.4.27 src/client_side.c:1.18.4.3->1.18.4.4 src/enums.h:1.14.4.6->1.14.4.7 src/protos.h:1.18.4.20->1.18.4.21 Index: squid/src/acl.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/acl.c,v retrieving revision 1.21.4.12 retrieving revision 1.21.4.13 diff -u -r1.21.4.12 -r1.21.4.13 --- squid/src/acl.c 25 Apr 2001 12:28:59 -0000 1.21.4.12 +++ squid/src/acl.c 26 Apr 2001 00:09:08 -0000 1.21.4.13 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.21.4.12 2001/04/25 12:28:59 rbcollins Exp $ + * $Id: acl.c,v 1.21.4.13 2001/04/26 00:09:08 rbcollins Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -85,7 +85,6 @@ #if SQUID_SNMP static int aclMatchWordList(wordlist *, const char *); #endif -static squid_acl aclStrToType(const char *s); static int decode_addr(const char *, struct in_addr *, struct in_addr *); static void aclCheck(aclCheck_t * checklist); static void aclCheckCallback(aclCheck_t * checklist, allow_t answer); @@ -127,7 +126,7 @@ } -/* FIXME: should this be merged into cache_cf */ +/* FIXME: should this be merged into cache_cf ? */ aclName * aclNameByName(const char *name) { @@ -214,85 +213,15 @@ return t; } } - -static squid_acl -aclStrToType(const char *s) -{ #if 0 - if (!strcmp(s, "src")) - return ACL_DYNAMIC; //ACL_SRC_IP; - if (!strcmp(s, "dst")) - return ACL_DYNAMIC; // return ACL_DST_IP; - if (!strcmp(s, "myip")) - return ACL_DYNAMIC; // return ACL_MY_IP; - if (!strcmp(s, "domain")) - return ACL_DYNAMIC; // return ACL_DST_DOMAIN; - if (!strcmp(s, "dstdomain")) - return ACL_DYNAMIC; // return ACL_DST_DOMAIN; - if (!strcmp(s, "srcdomain")) - return ACL_DYNAMIC; // return ACL_SRC_DOMAIN; - if (!strcmp(s, "dstdom_regex")) - return ACL_DYNAMIC; // return ACL_DST_DOM_REGEX; - if (!strcmp(s, "srcdom_regex")) - return ACL_DYNAMIC; // return ACL_SRC_DOM_REGEX; - if (!strcmp(s, "time")) - return ACL_DYNAMIC; // return ACL_TIME; - if (!strcmp(s, "pattern")) - return ACL_DYNAMIC; // return ACL_URLPATH_REGEX; - if (!strcmp(s, "urlpath_regex")) - return ACL_DYNAMIC; // return ACL_URLPATH_REGEX; - if (!strcmp(s, "url_regex")) - return ACL_DYNAMIC; // return ACL_URL_REGEX; - if (!strcmp(s, "port")) - return ACL_DYNAMIC; // return ACL_URL_PORT; - if (!strcmp(s, "myport")) - return ACL_DYNAMIC; // return ACL_MY_PORT; - if (!strcmp(s, "maxconn")) - return ACL_DYNAMIC; // return ACL_MAXCONN; -#if USE_IDENT - if (!strcmp(s, "ident")) - return ACL_IDENT; - if (!strcmp(s, "ident_regex")) - return ACL_DYNAMIC; // return ACL_IDENT_REGEX; -#endif - if (!strncmp(s, "proto", 5)) - return ACL_PROTO; - if (!strcmp(s, "method")) - return ACL_METHOD; - if (!strcmp(s, "browser")) - return ACL_DYNAMIC; // return ACL_BROWSER; - if (!strcmp(s, "proxy_auth")) - return ACL_PROXY_AUTH; - if (!strcmp(s, "proxy_auth_regex")) - return ACL_DYNAMIC; // return ACL_PROXY_AUTH_REGEX; - if (!strcmp(s, "src_as")) - return ACL_SRC_ASN; - if (!strcmp(s, "dst_as")) - return ACL_DST_ASN; -#if SQUID_SNMP - if (!strcmp(s, "snmp_community")) - return ACL_SNMP_COMMUNITY; -#endif -#if SRC_RTT_NOT_YET_FINISHED - if (!strcmp(s, "src_rtt")) - return ACL_NETDB_SRC_RTT; -#endif -#endif - return ACL_NONE; -} - const char * aclTypeToStr(squid_acl type) { if (type == ACL_DYNAMIC) fatal("dynamic acl encountered\n"); #if 0 - if (type == ACL_SRC_IP) - return "src???"; if (type == ACL_DST_IP) return "dst???"; - if (type == ACL_MY_IP) - return "myip???"; if (type == ACL_DST_DOMAIN) return "dstdomain???"; if (type == ACL_SRC_DOMAIN) @@ -301,8 +230,6 @@ return "dstdom_regex???"; if (type == ACL_SRC_DOM_REGEX) return "srcdom_regex???"; - if (type == ACL_TIME) - return "time???"; if (type == ACL_URLPATH_REGEX) return "urlpath_regex??"; if (type == ACL_URL_REGEX) @@ -319,10 +246,6 @@ if (type == ACL_IDENT_REGEX) return "ident_regex???"; #endif - if (type == ACL_PROTO) - return "proto"; - if (type == ACL_METHOD) - return "method"; if (type == ACL_BROWSER) return "browser??"; if (type == ACL_PROXY_AUTH) @@ -344,6 +267,7 @@ #endif return "ERROR"; } +#endif static acl * aclFindByName(const char *name) @@ -781,21 +705,8 @@ char *token = NULL; acl *A = NULL; // LOCAL_ARRAY(char, aclname, ACL_NAME_SZ); - squid_acl acltype; - int new_acl = 0; parserTypeNode * parserType=NULL; -#if NEVER - /* snarf the ACL name */ - if ((token = strtok(NULL, w_space)) == NULL) { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); - debug(28, 0) ("aclParseAclLine: missing ACL name.\n"); - return; - } - xstrncpy(aclname, t, ACL_NAME_SZ); -#endif - /* snarf the ACL type */ if ((token = strtok(NULL, w_space)) == NULL) { debug(28, 0) ("%s line %d: %s\n", @@ -808,10 +719,9 @@ debug (28,0) ("acl name string %s\n",token); aclname = aclNameByName(token); if (aclname) { - acltype = ACL_DYNAMIC; parserType=aclname->type; debug (28,0) ("found parserType %s\n",parserType->typestr); - } else if ((acltype = aclStrToType(token)) == ACL_NONE) { + } else { debug(28, 0) ("%s line %d: %s\n", cfg_filename, config_lineno, config_input_line); debug(28, 0) ("aclParseAclLine: Invalid ACL type '%s'\n", token); @@ -820,9 +730,8 @@ return; } - /* We only get called once to assign the function: if data is already used, bomb */ - if (acltype == ACL_DYNAMIC && *head) { + if (*head) { debug(28, 0) ("aclParseAclLine: ACL '%s' already exists with different type, skipp ing.\n", parserName->namestr); /* flush the line */ @@ -830,45 +739,24 @@ return; } -#if NEVER - if ((A = aclFindByName(aclname)) == NULL) { - debug(28, 3) ("aclParseAclLine: Creating ACL '%s'\n", aclname); - A = memPoolAlloc(acl_pool); - xstrncpy(A->name, aclname, ACL_NAME_SZ); - A->type = acltype; - A->cfgline = xstrdup(config_input_line); - new_acl = 1; - } else -#endif - if ((A=*head)==NULL) { - debug(28, 3) ("aclParseAclLine: Creating new ACL\n"); - A = memPoolAlloc(acl_pool); - xstrncpy(A->name, parserName->namestr, ACL_NAME_SZ); - A->type = acltype; - A->cfgline = xstrdup(config_input_line); - new_acl = 1; - if (acltype == ACL_DYNAMIC) - A->aclname=aclname; - } else { - if (acltype != A->type) { - debug(28, 0) ("aclParseAclLine: ACL '%s' already exists with different type, skipping.\n", A->name); - /* flush the line */ - while (strtok(NULL, w_space)); - return; - } - debug(28, 3) ("aclParseAclLine: Appending to acl \n"); - new_acl = 0; - } + debug(28, 3) ("aclParseAclLine: Creating new ACL\n"); + A = memPoolAlloc(acl_pool); + xstrncpy(A->name, parserName->namestr, ACL_NAME_SZ); + A->cfgline = xstrdup(config_input_line); + A->aclname=aclname; + /* * Here we set AclMatchedName in case we need to use it in a * warning message in aclDomainCompare(). */ /* AclMatchedName = aclname; */ /* ugly */ -/* FIXME: the sub type should be registered via a one off instance - no new registrations - * Allowed. Ideally this is declaritive (list the allowed types, sepcificy one type per - * child */ +/* TODO: it might be cleaner for the sub type should be registered via a one off + * instance - no new registrations allowed. Ideally this is declaritive (list the + * allowed types, specify one type per child */ +#if 0 switch (A->type) { case ACL_DYNAMIC: +#endif /* back strtok up a step. Yummy - Should be macroised */ *(token + strlen(token))=' '; *(token-2) = 'A'; @@ -878,26 +766,21 @@ parserRegisterName(parserName, A->aclname->namestr, parserType, &(A->data), NULL, NULL, NULL); /* parse the rest of the line. */ parse_directive(parserName); +#if 0 break; - case ACL_SRC_IP: case ACL_DST_IP: - case ACL_MY_IP: case ACL_SRC_DOMAIN: case ACL_DST_DOMAIN: case ACL_SRC_DOM_REGEX: case ACL_DST_DOM_REGEX: case ACL_URL_REGEX: case ACL_URLPATH_REGEX: - case ACL_REQ_MIME_TYPE: - case ACL_REP_MIME_TYPE: #if USE_IDENT case ACL_IDENT: case ACL_IDENT_REGEX: #endif case ACL_PROXY_AUTH: case ACL_PROXY_AUTH_REGEX: - case ACL_TIME: - case ACL_METHOD: case ACL_SRC_ASN: case ACL_DST_ASN: #if SRC_RTT_NOT_YET_FINISHED @@ -905,64 +788,24 @@ #endif fatal("You hurt my feelings \n"); break; -#if 0 -#if USE_IDENT - case ACL_IDENT: - aclParseUserList(&A->data); - break; -#endif - case ACL_PROTO: - aclParseProtoList(&A->data); - break; - case ACL_METHOD: - aclParseMethodList(&A->data); - break; -// FIXME: Move the check code below into a post-parse check. - case ACL_PROXY_AUTH: - if (authenticateSchemeCount() == 0) { - debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \ -because no authentication schemes were compiled.\n", A->cfgline); - } else if (authenticateActiveSchemeCount() == 0) { - debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \ -because no authentication schemes are fully configured.\n", A->cfgline); - } else { - aclParseUserList(parserName, &A->data); - } - break; -// FIXME: Move the check code below into a post-parse check. - case ACL_PROXY_AUTH_REGEX: - if (authenticateSchemeCount() == 0) { - debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \ -because no authentication schemes were compiled.\n", A->cfgline); - } else if (authenticateActiveSchemeCount() == 0) { - debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \ -because no authentication schemes are fully configured.\n", A->cfgline); - } else { - aclParseRegexList(parserName, &A->data); - } - break; -#endif case ACL_NONE: case ACL_ENUM_MAX: fatal("Bad ACL type"); break; } +#endif /* * Clear AclMatchedName from our temporary hack */ AclMatchedName = NULL; /* ugly */ - if (!new_acl) - return; if (A->data == NULL) { debug(28, 0) ("aclParseAclLine: IGNORING invalid ACL: %s\n", A->cfgline); memPoolFree(acl_pool, A); return; } - /* append */ - while (*head) - head = &(*head)->next; *head = A; + } /* does name lookup, returns page_id */ @@ -989,6 +832,7 @@ return ERR_NONE; } +#if 0 /* does name lookup, returns if it is a proxy_auth acl */ int aclIsProxyAuth(const char *name) @@ -998,7 +842,7 @@ return a->type == ACL_PROXY_AUTH; return 0; } - +#endif /* maex@space.net (05.09.96) * get the info for redirecting "access denied" to info pages @@ -1157,7 +1001,7 @@ " HTTP request -- access denied.\n"); return 0; } -//FIXME TOO debug(28, 3) ("aclMatchAcl: checking '%s'\n", ae->cfgline); +//FIXME TOO debug(28, 3) ("aclMatchDst: checking '%s'\n", ae->cfgline); ia = ipcache_gethostbyname(r->host, IP_LOOKUP_IF_MISS); if (ia) { for (k = 0; k < (int) ia->count; k++) { @@ -1166,7 +1010,7 @@ } return 0; } else if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_NONE) { -// debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n", +// debug(28, 3) ("aclMatchDst: Can't yet compare '%s' ACL for '%s'\n", // ae->name, r->host); checklist->state[ACL_DST_IP] = ACL_LOOKUP_NEEDED; return 0; @@ -1204,7 +1048,7 @@ " HTTP request -- access denied.\n"); return 0; } -//FIXME debug(28, 3) ("aclMatchAcl: checking '%s'\n", ae->cfgline); +//FIXME debug(28, 3) ("aclMatchDstDomain: checking '%s'\n", ae->cfgline); if ((ia = ipcacheCheckNumeric(r->host)) == NULL) return aclMatchDomainList(dataptr, r->host); @@ -1212,7 +1056,7 @@ if (fqdn) return aclMatchDomainList(dataptr, fqdn); if (checklist->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NONE) { -//FIXME debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n", +//FIXME debug(28, 3) ("aclMatchDstDomain: Can't yet compare '%s' ACL for '%s'\n", // ae->name, inet_ntoa(ia->in_addrs[0])); checklist->state[ACL_DST_DOMAIN] = ACL_LOOKUP_NEEDED; return 0; @@ -1224,13 +1068,13 @@ aclMatchSrcDomain(void * *dataptr, aclCheck_t * checklist) { const char *fqdn = NULL; -//FIXME debug(28, 3) ("aclMatchAcl: checking '%s'\n", ae->cfgline); +//FIXME debug(28, 3) ("aclMatchSrcDomain: checking '%s'\n", ae->cfgline); fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS); if (fqdn) { return aclMatchDomainList(dataptr, fqdn); } else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NONE) { -//FIXME debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n", +//FIXME debug(28, 3) ("aclMatchSrcDomain: Can't yet compare '%s' ACL for '%s'\n", // ae->name, inet_ntoa(checklist->src_addr)); checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_NEEDED; return 0; @@ -1280,7 +1124,7 @@ " HTTP request -- access denied.\n"); return 0; } -// FIXME debug(28, 3) ("aclMatchAcl: checking '%s'\n", ae->cfgline); +// FIXME debug(28, 3) ("aclMatchUrlPathRegex: checking '%s'\n", ae->cfgline); esc_buf = xstrdup(strBuf(r->urlpath)); rfc1738_unescape(esc_buf); k = aclMatchRegex(*dataptr, esc_buf); @@ -1299,7 +1143,7 @@ " HTTP request -- access denied.\n"); return 0; } -// debug(28, 3) ("aclMatchAcl: checking '%s'\n", ae->cfgline); +// debug(28, 3) ("aclMatchUrlRegex: checking '%s'\n", ae->cfgline); esc_buf = xstrdup(urlCanonical(r)); rfc1738_unescape(esc_buf); k = aclMatchRegex(*dataptr, esc_buf); @@ -1970,8 +1814,6 @@ case ACL_DST_DOM_REGEX: case ACL_URLPATH_REGEX: case ACL_URL_PORT: - case ACL_PROTO: - case ACL_METHOD: case ACL_DST_ASN: /* These ACL types require checklist->request */ if (NULL == r) { @@ -1985,11 +1827,13 @@ } #endif debug(28, 3) ("aclMatchAcl: checking '%s'\n", ae->cfgline); +#if 0 switch (ae->type) { case ACL_DYNAMIC: +#endif + // TODO: add data consistency checks for aclname & match return ae->aclname->match(&ae->data, checklist); - case ACL_SRC_IP: - case ACL_MY_IP: +#if 0 case ACL_DST_IP: case ACL_DST_DOMAIN: case ACL_SRC_DOMAIN: @@ -1997,228 +1841,15 @@ case ACL_SRC_DOM_REGEX: case ACL_URLPATH_REGEX: case ACL_URL_REGEX: - case ACL_REQ_MIME_TYPE: - case ACL_REP_MIME_TYPE: - case ACL_TIME: #if USE_IDENT case ACL_IDENT: case ACL_IDENT_REGEX: #endif case ACL_PROXY_AUTH: case ACL_PROXY_AUTH_REGEX: - case ACL_METHOD: case ACL_SRC_ASN: case ACL_DST_ASN: fatal("old code\n"); -#if 0 - return aclMatchIp(&ae->data, checklist->src_addr); - /* NOTREACHED */ - return aclMatchIp(&ae->data, checklist->my_addr); - /* NOTREACHED */ - ia = ipcache_gethostbyname(r->host, IP_LOOKUP_IF_MISS); - if (ia) { - for (k = 0; k < (int) ia->count; k++) { - if (aclMatchIp(&ae->data, ia->in_addrs[k])) - return 1; - } - return 0; - } else if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_NONE) { - debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n", - ae->name, r->host); - checklist->state[ACL_DST_IP] = ACL_LOOKUP_NEEDED; - return 0; - } else { - return aclMatchIp(&ae->data, no_addr); - } - /* NOTREACHED */ - case ACL_DST_DOMAIN: - if ((ia = ipcacheCheckNumeric(r->host)) == NULL) - return aclMatchDomainList(&ae->data, r->host); - fqdn = fqdncache_gethostbyaddr(ia->in_addrs[0], FQDN_LOOKUP_IF_MISS); - if (fqdn) - return aclMatchDomainList(&ae->data, fqdn); - if (checklist->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NONE) { - debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n", - ae->name, inet_ntoa(ia->in_addrs[0])); - checklist->state[ACL_DST_DOMAIN] = ACL_LOOKUP_NEEDED; - return 0; - } - return aclMatchDomainList(&ae->data, "none"); - /* NOTREACHED */ - case ACL_SRC_DOMAIN: - fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS); - if (fqdn) { - return aclMatchDomainList(&ae->data, fqdn); - } else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NONE) { - debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n", - ae->name, inet_ntoa(checklist->src_addr)); - checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_NEEDED; - return 0; - } - return aclMatchDomainList(&ae->data, "none"); - /* NOTREACHED */ - case ACL_DST_DOM_REGEX: - if ((ia = ipcacheCheckNumeric(r->host)) == NULL) - return aclMatchRegex(ae->data, r->host); - fqdn = fqdncache_gethostbyaddr(ia->in_addrs[0], FQDN_LOOKUP_IF_MISS); - if (fqdn) - return aclMatchRegex(ae->data, fqdn); - if (checklist->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NONE) { - debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n", - ae->name, inet_ntoa(ia->in_addrs[0])); - checklist->state[ACL_DST_DOMAIN] = ACL_LOOKUP_NEEDED; - return 0; - } - return aclMatchRegex(ae->data, "none"); - /* NOTREACHED */ - case ACL_SRC_DOM_REGEX: - fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS); - if (fqdn) { - return aclMatchRegex(ae->data, fqdn); - } else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NONE) { - debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n", - ae->name, inet_ntoa(checklist->src_addr)); - checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_NEEDED; - return 0; - } - return aclMatchRegex(ae->data, "none"); - /* NOTREACHED */ - case ACL_TIME: - return aclMatchTime(ae->data, squid_curtime); - /* NOTREACHED */ - case ACL_URLPATH_REGEX: - esc_buf = xstrdup(strBuf(r->urlpath)); - rfc1738_unescape(esc_buf); - k = aclMatchRegex(ae->data, esc_buf); - safe_free(esc_buf); - return k; - /* NOTREACHED */ - case ACL_URL_REGEX: - esc_buf = xstrdup(urlCanonical(r)); - rfc1738_unescape(esc_buf); - k = aclMatchRegex(ae->data, esc_buf); - safe_free(esc_buf); - return k; - /* NOTREACHED */ - case ACL_MAXCONN: - k = clientdbEstablished(checklist->src_addr, 0); - return ((k > ((intlist *) ae->data)->i) ? 1 : 0); - /* NOTREACHED */ - case ACL_URL_PORT: - return aclMatchIntegerRange(ae->data, (int) r->port); - /* NOTREACHED */ - case ACL_MY_PORT: - return aclMatchIntegerRange(ae->data, (int) checklist->my_port); - /* NOTREACHED */ -#if USE_IDENT - case ACL_IDENT: - if (checklist->rfc931[0]) { - return aclMatchUser(ae->data, checklist->rfc931); - } else { - checklist->state[ACL_IDENT] = ACL_LOOKUP_NEEDED; - return 0; - } - /* NOTREACHED */ - case ACL_IDENT_REGEX: - if (checklist->rfc931[0]) { - return aclMatchRegex(ae->data, checklist->rfc931); - } else { - checklist->state[ACL_IDENT] = ACL_LOOKUP_NEEDED; - return 0; - } - /* NOTREACHED */ -#endif - case ACL_PROTO: - return aclMatchInteger(ae->data, r->protocol); - /* NOTREACHED */ - case ACL_METHOD: - return aclMatchInteger(ae->data, r->method); - /* NOTREACHED */ - case ACL_PROXY_AUTH: - if (NULL == r) { - return -1; - } else if (!r->flags.accelerated) { - /* Proxy authorization on proxy requests */ - headertype = HDR_PROXY_AUTHORIZATION; - } else if (r->flags.internal) { - /* WWW authorization on accelerated internal requests */ - headertype = HDR_AUTHORIZATION; - } else { -#if AUTH_ON_ACCELERATION - /* WWW authorization on accelerated requests */ - headertype = HDR_AUTHORIZATION; -#else - debug(28, 1) ("aclMatchAcl: proxy_auth %s not applicable on accelerated requests.\n", ae->name); - return -1; -#endif - } - /* Check the credentials */ - switch (aclMatchProxyAuth(ae->data, headertype, - checklist->auth_user_request, checklist, ae->type)) { - case 0: - debug(28, 4) ("aclMatchAcl: returning 0 user authenticated but not authorised.\n"); - /* Authenticated but not Authorised for this ACL */ - return 0; - case 1: - debug(28, 4) ("aclMatchAcl: returning 1 user authenticated and authorised.\n"); - /* Authenticated and Authorised for this ACL */ - return 1; - case -2: - debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n"); - /* Authentication credentials invalid or missing. */ - /* Or partway through NTLM handshake. A proxy_Authenticate header - * gets sent to the client. */ - checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED; - return 0; - case -1: - debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n"); - /* - * we need to validate the password - */ - checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED; - return 0; - } - /* NOTREACHED */ -#if SQUID_SNMP - case ACL_SNMP_COMMUNITY: - return aclMatchWordList(ae->data, checklist->snmp_community); -#endif - case ACL_SRC_ASN: - return asnMatchIp(ae->data, checklist->src_addr); - case ACL_DST_ASN: - ia = ipcache_gethostbyname(r->host, IP_LOOKUP_IF_MISS); - if (ia) { - for (k = 0; k < (int) ia->count; k++) { - if (asnMatchIp(ae->data, ia->in_addrs[k])) - return 1; - } - return 0; - } else if (checklist->state[ACL_DST_ASN] == ACL_LOOKUP_NONE) { - debug(28, 3) ("asnMatchAcl: Can't yet compare '%s' ACL for '%s'\n", - ae->name, r->host); - checklist->state[ACL_DST_ASN] = ACL_LOOKUP_NEEDED; - } else { - return asnMatchIp(ae->data, no_addr); - } - return 0; -#endif -#if 0 - case ACL_REQ_MIME_TYPE: - header = httpHeaderGetStr(&checklist->request->header, - HDR_CONTENT_TYPE); - if (NULL == header) - header = ""; - return aclMatchRegex(ae->data, header); - /* NOTREACHED */ - case ACL_REP_MIME_TYPE: - if (!checklist->reply) - return 0; - header = httpHeaderGetStr(&checklist->reply->header, HDR_CONTENT_TYPE); - if (NULL == header) - header = ""; - return aclMatchRegex(ae->data, header); - /* NOTREACHED */ -#endif case ACL_NONE: case ACL_ENUM_MAX: break; @@ -2226,6 +1857,7 @@ debug(28, 0) ("aclMatchAcl: '%s' has bad type %d\n", ae->name, ae->type); return 0; +#endif } int @@ -2581,25 +2213,20 @@ for (a = *head; a; a = next) { next = a->next; debug(28, 3) ("aclDestroyAcls: '%s'\n", a->cfgline); +#if 0 switch (a->type) { case ACL_DYNAMIC: break; // The subnode is freed by the parser - case ACL_SRC_IP: case ACL_DST_IP: - case ACL_MY_IP: case ACL_SRC_DOM_REGEX: case ACL_DST_DOM_REGEX: case ACL_URL_REGEX: case ACL_URLPATH_REGEX: - case ACL_REP_MIME_TYPE: - case ACL_REQ_MIME_TYPE: - case ACL_TIME: #if USE_IDENT case ACL_IDENT: case ACL_IDENT_REGEX: #endif case ACL_PROXY_AUTH: case ACL_PROXY_AUTH_REGEX: - case ACL_METHOD: case ACL_SRC_ASN: case ACL_DST_ASN: fatal("old code somewhere!\n"); @@ -2631,8 +2258,6 @@ case ACL_PROXY_AUTH: aclDestroyUserList(NULL, a->data); break; - case ACL_PROTO: - case ACL_METHOD: #if SRC_RTT_NOT_YET_FINISHED case ACL_NETDB_SRC_RTT: #endif @@ -2644,6 +2269,7 @@ debug(28, 1) ("aclDestroyAcls: no case for ACL type %d\n", a->type); break; } +#endif safe_free(a->cfgline); memPoolFree(acl_pool, a); // Should we be locking the aclname struct and unlocking here? @@ -2938,31 +2564,23 @@ wordlist * aclDumpGeneric(const acl * a) { +#if 0 debug(28, 3) ("aclDumpGeneric: %s type %d\n", a->name, a->type); switch (a->type) { case ACL_DYNAMIC:break; - case ACL_SRC_IP: case ACL_DST_IP: - case ACL_MY_IP: -#if 0 - return aclDumpIpList(a->data); -#endif case ACL_SRC_DOMAIN: case ACL_DST_DOMAIN: case ACL_SRC_DOM_REGEX: case ACL_DST_DOM_REGEX: case ACL_URL_REGEX: case ACL_URLPATH_REGEX: - case ACL_REQ_MIME_TYPE: - case ACL_REP_MIME_TYPE: #if USE_IDENT case ACL_IDENT: case ACL_IDENT_REGEX: #endif case ACL_PROXY_AUTH: case ACL_PROXY_AUTH_REGEX: - case ACL_TIME: - case ACL_METHOD: case ACL_SRC_ASN: case ACL_DST_ASN: fatal("old code in Dump\n"); @@ -2971,6 +2589,8 @@ break; } debug(28, 1) ("aclDumpGeneric: no case for ACL type %d\n", a->type); +#endif + fatal("old code reached! FIXME\n"); return NULL; } @@ -2988,7 +2608,7 @@ storeAppendPrintf(entry, "%s %s %s %s\n", name, ae->name, - aclTypeToStr(ae->type), + ae->aclname->namestr, v->key); v = v->next; } @@ -3011,7 +2631,7 @@ storeAppendPrintf(entry, "%s %s %s %s\n", name, ae->name, - aclTypeToStr(ae->type), + ae->aclname->namestr, v->key); v = v->next; } @@ -3034,7 +2654,7 @@ storeAppendPrintf(entry, "%s %s %s %s\n", name, ae->name, - aclTypeToStr(ae->type), + ae->aclname->namestr, v->key); v = v->next; } @@ -3057,7 +2677,7 @@ storeAppendPrintf(entry, "%s %s %s %s\n", name, ae->name, - aclTypeToStr(ae->type), + ae->aclname->namestr, v->key); v = v->next; } @@ -3080,7 +2700,7 @@ storeAppendPrintf(entry, "%s %s %s %s\n", name, ae->name, - aclTypeToStr(ae->type), + ae->aclname->namestr, v->key); v = v->next; } @@ -3103,7 +2723,7 @@ storeAppendPrintf(entry, "%s %s %s %s\n", name, ae->name, - aclTypeToStr(ae->type), + ae->aclname->namestr, v->key); v = v->next; } @@ -3126,7 +2746,7 @@ storeAppendPrintf(entry, "%s %s %s %s\n", name, ae->name, - aclTypeToStr(ae->type), + ae->aclname->namestr, v->key); v = v->next; } @@ -3149,7 +2769,7 @@ storeAppendPrintf(entry, "%s %s %s %s\n", name, ae->name, - aclTypeToStr(ae->type), + ae->aclname->namestr, v->key); v = v->next; } @@ -3172,7 +2792,7 @@ storeAppendPrintf(entry, "%s %s %s %s\n", name, ae->name, - aclTypeToStr(ae->type), + ae->aclname->namestr, v->key); v = v->next; } @@ -3191,9 +2811,13 @@ aclPurgeMethodInUse(acl_access * a) { acl_list *b; + aclName *method = aclNameByName("method"); + if (!method) + /* method name not present */ + return 0; for (; a; a = a->next) { for (b = a->acl_list; b; b = b->next) { - if (ACL_METHOD != b->acl->type) + if (method != b->acl->aclname) continue; if (aclMatchInteger(b->acl->data, METHOD_PURGE)) return 1; @@ -3376,6 +3000,39 @@ // parserRegisterInstanceType(" } +static void +dump_acl(StoreEntry * entry, const char *name, void const * const data) +{ + acl * ae=*(acl * *)data; + wordlist *w; + wordlist *v; + while (ae != NULL) { + debug(3, 3) ("dump_acl: %s %s\n", name, ae->name); + v = w = aclDumpGeneric(ae); + while (v != NULL) { + debug(3, 3) ("dump_acl: %s %s %s\n", name, ae->name, v->key); + storeAppendPrintf(entry, "%s %s %s %s\n", + name, + ae->name, + ae->aclname->namestr, + v->key); + v = v->next; + } + wordlistDestroy(&w); + ae = ae->next; + } +} + +static void +free_acl(parserNameNode *parserName, void *data) +{ + int used; + acl ** ae=(acl **)data; + used=!check_null_acl(*ae); + aclDestroyAcls(ae); +// if (used) +// cbdataUnlock(parserName); +} void aclParserRegister(void) @@ -3385,6 +3042,8 @@ acl_pool = memPoolCreate("acl", sizeof(acl)); /* register the ACL types */ + parserRegisterType("acl",aclParseAclLine,free_acl,dump_acl); + parserRegisterType("iplist", aclParseIpList, aclDestroyIpList, dump_IpList ); parserRegisterType("domainlist", aclParseDomainList, aclDestroyDomainList, dump_DomainList); parserRegisterType("regexlist", aclParseRegexList, aclDestroyRegexList, dump_RegexList); Index: squid/src/acl.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/Attic/acl.h,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- squid/src/acl.h 25 Apr 2001 12:28:59 -0000 1.1.2.2 +++ squid/src/acl.h 26 Apr 2001 00:09:08 -0000 1.1.2.3 @@ -39,7 +39,7 @@ struct _acl { char name[ACL_NAME_SZ]; - squid_acl type; +// squid_acl type; aclName *aclname; void *data; char *cfgline; @@ -47,5 +47,6 @@ }; extern aclName *aclRegisterAclName(const char *, parserTypeNode *, ACLMATCH *); +extern aclName *aclNameByName(const char *); #endif /* ACL_H */ Index: squid/src/asn.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/asn.c,v retrieving revision 1.9.4.3 retrieving revision 1.9.4.4 diff -u -r1.9.4.3 -r1.9.4.4 --- squid/src/asn.c 25 Apr 2001 12:28:59 -0000 1.9.4.3 +++ squid/src/asn.c 26 Apr 2001 00:09:08 -0000 1.9.4.4 @@ -1,6 +1,6 @@ /* - * $Id: asn.c,v 1.9.4.3 2001/04/25 12:28:59 rbcollins Exp $ + * $Id: asn.c,v 1.9.4.4 2001/04/26 00:09:08 rbcollins Exp $ * * DEBUG: section 53 AS Number handling * AUTHOR: Duane Wessels, Kostas Anagnostakis @@ -140,6 +140,7 @@ intlist *i; parserNameNode *aclparserName = parserNameByName("acl"); parserNameNode *parserName; + aclName *srcName, *dstName; dlink_node *node; debug(53, 3) ("asnAclInitialize\n"); @@ -147,12 +148,18 @@ if (!aclparserName || aclparserName->children.head==NULL) return; + srcName = aclNameByName("src_as"); + dstName = aclNameByName("dst_as"); + /* we're not a module yet: these _must_be registered */ + assert(srcName); + assert(dstName); + node=aclparserName->children.head; while (node) { parserName=node->data; node=node->next; a=parserName->location; - if (a->type != ACL_DST_ASN && a->type != ACL_SRC_ASN) + if (a->aclname != srcName && a->aclname != dstName) continue; for (i = a->data; i; i = i->next) asnCacheStart(i->i); Index: squid/src/cache_cf.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/cache_cf.c,v retrieving revision 1.18.4.26 retrieving revision 1.18.4.27 diff -u -r1.18.4.26 -r1.18.4.27 --- squid/src/cache_cf.c 25 Apr 2001 12:28:59 -0000 1.18.4.26 +++ squid/src/cache_cf.c 26 Apr 2001 00:09:08 -0000 1.18.4.27 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.c,v 1.18.4.26 2001/04/25 12:28:59 rbcollins Exp $ + * $Id: cache_cf.c,v 1.18.4.27 2001/04/26 00:09:08 rbcollins Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -575,57 +575,6 @@ * Max *****************************************************************************/ -static void -dump_acl(StoreEntry * entry, const char *name, void const * const data) -{ - acl * ae=*(acl * *)data; - wordlist *w; - wordlist *v; - while (ae != NULL) { - debug(3, 3) ("dump_acl: %s %s\n", name, ae->name); - v = w = aclDumpGeneric(ae); - while (v != NULL) { - debug(3, 3) ("dump_acl: %s %s %s\n", name, ae->name, v->key); - storeAppendPrintf(entry, "%s %s %s %s\n", - name, - ae->name, - aclTypeToStr(ae->type), - v->key); - v = v->next; - } - wordlistDestroy(&w); - ae = ae->next; - } -} - -static int -check_null_acl(acl * a) -{ - return a == NULL; -} - -#if NEVER -static void -parse_acl(parserNameNode *parserName, void * data) -{ - acl ** ae=(acl **)data; - if (check_null_acl(*ae)) - cbdataLock(parserName); - aclParseAclLine(ae); -} -#endif - -static void -free_acl(parserNameNode *parserName, void *data) -{ - int used; - acl ** ae=(acl **)data; - used=!check_null_acl(*ae); - aclDestroyAcls(ae); -// if (used) -// cbdataUnlock(parserName); -} - static int check_null_acl_access(acl_access * a) { @@ -2389,7 +2338,7 @@ parserRegisterCFTypes(); parserRegisterType("instance_node", parse_instance_node, free_instance_node, dump_instance_node); - parserRegisterType("acl",aclParseAclLine,free_acl,dump_acl); +// parserRegisterType("acl",aclParseAclLine,free_acl,dump_acl); } Index: squid/src/client_side.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/client_side.c,v retrieving revision 1.18.4.3 retrieving revision 1.18.4.4 diff -u -r1.18.4.3 -r1.18.4.4 --- squid/src/client_side.c 31 Mar 2001 09:52:19 -0000 1.18.4.3 +++ squid/src/client_side.c 26 Apr 2001 00:09:08 -0000 1.18.4.4 @@ -1,6 +1,6 @@ /* - * $Id: client_side.c,v 1.18.4.3 2001/03/31 09:52:19 rbcollins Exp $ + * $Id: client_side.c,v 1.18.4.4 2001/04/26 00:09:08 rbcollins Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -247,7 +247,15 @@ http->log_type = LOG_TCP_DENIED; http->entry = clientCreateStoreEntry(http, http->request->method, null_request_flags); - if (answer == ACCESS_REQ_PROXY_AUTH || aclIsProxyAuth(AclMatchedName)) { + if (answer == ACCESS_REQ_PROXY_AUTH ) { +/* The test above was + * if (answer == ACCESS_REQ_PROXY_AUTH || aclIsProxyAuth(AclMatchedName)) { + * + * which is broken - the aclIs funciton didn't match proxy_auth_regex. + * But it also seems redundant - ACCESS_REQ_PROXY_AUTH is always set. + * Implementing aclIsProxyAuth is less efficient that checking a binary value. + * FIXME: if things fall through reimplementaclIsProxyAuth + */ if (!http->flags.accel) { /* Proxy authorisation needed */ status = HTTP_PROXY_AUTHENTICATION_REQUIRED; Index: squid/src/enums.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/enums.h,v retrieving revision 1.14.4.6 retrieving revision 1.14.4.7 diff -u -r1.14.4.6 -r1.14.4.7 --- squid/src/enums.h 25 Apr 2001 12:28:59 -0000 1.14.4.6 +++ squid/src/enums.h 26 Apr 2001 00:09:09 -0000 1.14.4.7 @@ -1,6 +1,6 @@ /* - * $Id: enums.h,v 1.14.4.6 2001/04/25 12:28:59 rbcollins Exp $ + * $Id: enums.h,v 1.14.4.7 2001/04/26 00:09:09 rbcollins Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -94,21 +94,17 @@ typedef enum { ACL_NONE, - ACL_SRC_IP, ACL_DST_IP, - ACL_MY_IP, ACL_SRC_DOMAIN, ACL_DST_DOMAIN, ACL_SRC_DOM_REGEX, ACL_DST_DOM_REGEX, - ACL_TIME, ACL_URLPATH_REGEX, ACL_URL_REGEX, #if USE_IDENT ACL_IDENT, ACL_IDENT_REGEX, #endif - ACL_METHOD, ACL_PROXY_AUTH, ACL_PROXY_AUTH_REGEX, ACL_SRC_ASN, @@ -116,8 +112,6 @@ #if SRC_RTT_NOT_YET_FINISHED ACL_NETDB_SRC_RTT, #endif - ACL_REQ_MIME_TYPE, - ACL_REP_MIME_TYPE, ACL_DYNAMIC, ACL_ENUM_MAX } squid_acl; Index: squid/src/protos.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/protos.h,v retrieving revision 1.18.4.20 retrieving revision 1.18.4.21 diff -u -r1.18.4.20 -r1.18.4.21 --- squid/src/protos.h 25 Apr 2001 00:22:28 -0000 1.18.4.20 +++ squid/src/protos.h 26 Apr 2001 00:09:09 -0000 1.18.4.21 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.18.4.20 2001/04/25 00:22:28 rbcollins Exp $ + * $Id: protos.h,v 1.18.4.21 2001/04/26 00:09:09 rbcollins Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -59,7 +59,9 @@ extern void aclDestroyAcls(acl **); extern void aclParseAccessLine(struct _acl_access **); extern PARSER_PARSE aclParseAclLine; +#if 0 extern int aclIsProxyAuth(const char *name); +#endif extern err_type aclGetDenyInfoPage(acl_deny_info_list ** head, const char *name); extern void aclParseDenyInfoLine(struct _acl_deny_info_list **); extern void aclDestroyDenyInfoList(struct _acl_deny_info_list **);