--------------------- PatchSet 2104 Date: 2001/04/27 06:58:15 Author: rbcollins Branch: generic_modules Tag: (none) Log: removed more cruft. Integrated the parsing code somewhat Members: src/acl.c:1.21.4.14->1.21.4.15 src/cache_cf.c:1.18.4.28->1.18.4.29 src/cf.data.pre:1.21.4.12->1.21.4.13 src/protos.h:1.18.4.22->1.18.4.23 Index: squid/src/acl.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/acl.c,v retrieving revision 1.21.4.14 retrieving revision 1.21.4.15 diff -u -r1.21.4.14 -r1.21.4.15 --- squid/src/acl.c 26 Apr 2001 23:54:41 -0000 1.21.4.14 +++ squid/src/acl.c 27 Apr 2001 06:58:15 -0000 1.21.4.15 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.21.4.14 2001/04/26 23:54:41 rbcollins Exp $ + * $Id: acl.c,v 1.21.4.15 2001/04/27 06:58:15 rbcollins Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -75,14 +75,15 @@ static PARSER_PARSE aclParseMethodList; static PARSER_PARSE aclParseTimeSpec; static PARSER_PARSE aclParseIntRange; +static PARSER_PARSE parse_denyinfo; static char *strtokFile(void); static void aclDestroyAclList(acl_list * list); static PARSER_FREE aclDestroyTimeSpecList; static PARSER_FREE aclDestroyIntRange; +static PARSER_FREE free_denyinfo; static void aclLookupProxyAuthStart(aclCheck_t * checklist); static void aclLookupProxyAuthDone(void *data, char *result); static struct _acl *aclFindByName(const char *name); -static int aclMatchAcl(struct _acl *, aclCheck_t *); static int aclMatchIntegerRange(intrange * data, int i); static int aclMatchTimeSpec(acl_time_data * data, time_t when); static int aclMatchUser(void *proxyauth_acl, char *user); @@ -109,6 +110,7 @@ static wordlist *aclDumpIntRangeList(intrange * data); static wordlist *aclDumpProtoList(intlist * data); static wordlist *aclDumpMethodList(intlist * data); +static PARSER_DUMP dump_denyinfo; static SPLAYCMP aclIpNetworkCompare; static SPLAYCMP aclHostDomainCompare; static SPLAYCMP aclDomainCompare; @@ -304,6 +306,143 @@ } } +static void +name_document_deny_info(void){ + printf( +"# TAG: deny_info" +"\n" +"#\tUsage: deny_info err_page_name acl\n" +"#\tExample: deny_info ERR_CUSTOM_ACCESS_DENIED bad_guys\n" +"#\n" +"#\tThis can be used to return a ERR_ page for requests which\n" +"#\tdo not pass the 'http_access' rules. A single ACL will cause\n" +"#\tthe http_access check to fail. If a 'deny_info' line exists\n" +"#\tfor that ACL then Squid returns a corresponding error page.\n" +"#\n" +"#\tYou may use ERR_ pages that come with Squid or create your own pages\n" +"#\tand put them into the configured errors/ directory.\n" +"#\n" +"#Default:\n" +"# none\n" +"\n" + );} + +static void +parse_denyinfo(parserNameNode *parserName, void * data) +{ + acl_deny_info_list ** head=( acl_deny_info_list **)data; +/* maex@space.net (05.09.96) + * get the info for redirecting "access denied" to info pages + * TODO (probably ;-) + * currently there is no optimization for + * - more than one deny_info line with the same url + * - a check, whether the given acl really is defined + * - a check, whether an acl is added more than once for the same url + */ + char *t = NULL; + acl_deny_info_list *A = NULL; + acl_deny_info_list *B = NULL; + acl_deny_info_list **T = NULL; + acl_name_list *L = NULL; + acl_name_list **Tail = NULL; + + /* first expect a page name */ + if ((t = strtok(NULL, w_space)) == NULL) { + debug(28, 0) ("%s line %d: %s\n", + cfg_filename, config_lineno, config_input_line); + debug(28, 0) ("parse_denyinfo: missing 'error page' parameter.\n"); + return; + } + A = memPoolAlloc(acl_deny_info_list_pool); + A->err_page_id = errorReservePageId(t); + A->err_page_name = xstrdup(t); + A->next = (acl_deny_info_list *) NULL; + /* next expect a list of ACL names */ + /* FIXME: verify the names exist, and look them up and lock them. + * Possibly a postparse thing. + */ + Tail = &A->acl_list; + while ((t = strtok(NULL, w_space))) { + L = memPoolAlloc(acl_name_list_pool); + xstrncpy(L->name, t, ACL_NAME_SZ); + *Tail = L; + Tail = &L->next; + } + if (A->acl_list == NULL) { + debug(28, 0) ("%s line %d: %s\n", + cfg_filename, config_lineno, config_input_line); + debug(28, 0) ("parse_denyinfo: deny_info line contains no ACL's, skipping\n"); + memPoolFree(acl_deny_info_list_pool, A); + return; + } + for (B = *head, T = head; B; T = &B->next, B = B->next); /* find the tail */ + *T = A; + + cbdataLock(parserName); +} + +static void +dump_denyinfo(StoreEntry * entry, const char *name, void const * const data) +{ + acl_deny_info_list *var=*(acl_deny_info_list **)data; + acl_name_list *a; + while (var != NULL) { + storeAppendPrintf(entry, "%s %s", name, var->err_page_name); + for (a = var->acl_list; a != NULL; a = a->next) + storeAppendPrintf(entry, " %s", a->name); + storeAppendPrintf(entry, "\n"); + var = var->next; + } +} + +static void +free_denyinfo(parserNameNode *parserName, void * data) +{ + acl_deny_info_list ** list=( acl_deny_info_list **)data; + acl_deny_info_list *a = NULL; + acl_deny_info_list *a_next = NULL; + acl_name_list *l = NULL; + acl_name_list *l_next = NULL; + for (a = *list; a; a = a_next) { + for (l = a->acl_list; l; l = l_next) { + l_next = l->next; + memPoolFree(acl_name_list_pool, l); + l = NULL; + } + a_next = a->next; + safe_free (a->err_page_name); + memPoolFree(acl_deny_info_list_pool, a); + a = NULL; + cbdataUnlock(parserName); + } + *list = NULL; +} + +#if 0 +/* maex@space.net (06.09.1996) + * destroy an _acl_deny_info_list */ + +void +aclDestroyDenyInfoList(acl_deny_info_list ** list) +{ + acl_deny_info_list *a = NULL; + acl_deny_info_list *a_next = NULL; + acl_name_list *l = NULL; + acl_name_list *l_next = NULL; + + for (a = *list; a; a = a_next) { + for (l = a->acl_list; l; l = l_next) { + l_next = l->next; + safe_free(l); + } + a_next = a->next; + xfree(a->err_page_name); + memPoolFree(acl_deny_info_list_pool, a); + } + *list = NULL; +} +#endif + /* * Decode a ascii representation (asc) of a IP adress, and place * adress and netmask information in addr and mask. @@ -704,10 +843,6 @@ /* TODO: it might be cleaner for the sub type should be registered via a one off * instance - no new registrations allowed. Ideally this is declaritive (list the * allowed types, specify one type per child */ -#if 0 - switch (A->type) { - case ACL_DYNAMIC: -#endif /* back strtok up a step. Yummy - Should be macroised */ *(token + strlen(token))=' '; *(token-2) = 'A'; @@ -717,34 +852,6 @@ parserRegisterName(parserName, A->aclname->namestr, parserType, &(A->data), NULL, NULL, NULL); /* parse the rest of the line. */ parse_directive(parserName); -#if 0 - break; - case ACL_DST_IP: - case ACL_SRC_DOMAIN: - case ACL_DST_DOMAIN: - case ACL_SRC_DOM_REGEX: - case ACL_DST_DOM_REGEX: - case ACL_URL_REGEX: - case ACL_URLPATH_REGEX: -#if USE_IDENT - case ACL_IDENT: - case ACL_IDENT_REGEX: -#endif - case ACL_PROXY_AUTH: - case ACL_PROXY_AUTH_REGEX: - case ACL_SRC_ASN: - case ACL_DST_ASN: -#if SRC_RTT_NOT_YET_FINISHED - case ACL_NETDB_SRC_RTT: -#endif - fatal("You hurt my feelings \n"); - break; - case ACL_NONE: - case ACL_ENUM_MAX: - fatal("Bad ACL type"); - break; - } -#endif /* * Clear AclMatchedName from our temporary hack */ @@ -795,55 +902,6 @@ } #endif -/* maex@space.net (05.09.96) - * get the info for redirecting "access denied" to info pages - * TODO (probably ;-) - * currently there is no optimization for - * - more than one deny_info line with the same url - * - a check, whether the given acl really is defined - * - a check, whether an acl is added more than once for the same url - */ - -void -aclParseDenyInfoLine(acl_deny_info_list ** head) -{ - char *t = NULL; - acl_deny_info_list *A = NULL; - acl_deny_info_list *B = NULL; - acl_deny_info_list **T = NULL; - acl_name_list *L = NULL; - acl_name_list **Tail = NULL; - - /* first expect a page name */ - if ((t = strtok(NULL, w_space)) == NULL) { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); - debug(28, 0) ("aclParseDenyInfoLine: missing 'error page' parameter.\n"); - return; - } - A = memPoolAlloc(acl_deny_info_list_pool); - A->err_page_id = errorReservePageId(t); - A->err_page_name = xstrdup(t); - A->next = (acl_deny_info_list *) NULL; - /* next expect a list of ACL names */ - Tail = &A->acl_list; - while ((t = strtok(NULL, w_space))) { - L = memPoolAlloc(acl_name_list_pool); - xstrncpy(L->name, t, ACL_NAME_SZ); - *Tail = L; - Tail = &L->next; - } - if (A->acl_list == NULL) { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); - debug(28, 0) ("aclParseDenyInfoLine: deny_info line contains no ACL's, skipping\n"); - memPoolFree(acl_deny_info_list_pool, A); - return; - } - for (B = *head, T = head; B; T = &B->next, B = B->next); /* find the tail */ - *T = A; -} - void aclParseAccessLine(acl_access ** head) { @@ -1742,75 +1800,28 @@ return 0; } - +#if 0 static int aclMatchAcl(acl * ae, aclCheck_t * checklist) { -#if 0 - request_t *r = checklist->request; - const ipcache_addrs *ia = NULL; - const char *fqdn = NULL; - char *esc_buf; - const char *header; - const char *browser; - int k; - http_hdr_type headertype; -#endif if (!ae) return 0; -#if 0 - switch (ae->type) { - case ACL_DST_IP: - case ACL_DST_DOMAIN: - case ACL_DST_DOM_REGEX: - case ACL_URLPATH_REGEX: - case ACL_URL_PORT: - case ACL_DST_ASN: - /* These ACL types require checklist->request */ - if (NULL == r) { - debug(28, 1) ("WARNING: '%s' ACL is used but there is no" - " HTTP request -- access denied.\n", ae->name); - return 0; - } - break; - default: - break; - } -#endif debug(28, 3) ("aclMatchAcl: checking '%s'\n", ae->cfgline); -#if 0 - switch (ae->type) { - case ACL_DYNAMIC: -#endif // TODO: add data consistency checks for aclname & match return ae->aclname->match(&ae->data, checklist); -#if 0 - case ACL_DST_IP: - case ACL_DST_DOMAIN: - case ACL_SRC_DOMAIN: - case ACL_DST_DOM_REGEX: - case ACL_SRC_DOM_REGEX: - case ACL_URLPATH_REGEX: - case ACL_URL_REGEX: -#if USE_IDENT - case ACL_IDENT: - case ACL_IDENT_REGEX: -#endif - case ACL_PROXY_AUTH: - case ACL_PROXY_AUTH_REGEX: - case ACL_SRC_ASN: - case ACL_DST_ASN: - fatal("old code\n"); - case ACL_NONE: - case ACL_ENUM_MAX: - break; - } - debug(28, 0) ("aclMatchAcl: '%s' has bad type %d\n", - ae->name, ae->type); - return 0; -#endif } +#endif + +/* test each acl in a list for a match. + * if the result does not match the logic test, stop iterating and return + * + * ie, true=1, false =0 + * if a test for true returns 1, check the next acl + * if a test for true returns 0, return 0. + * and vice verca. + * callback tests return -1 (never matches the logic test, stops processing the list + */ int aclMatchAclList(const acl_list * list, aclCheck_t * checklist) { @@ -1818,7 +1829,7 @@ AclMatchedName = list->acl->name; debug(28, 3) ("aclMatchAclList: checking %s%s\n", list->op ? null_string : "!", list->acl->name); - if (aclMatchAcl(list->acl, checklist) != list->op) { + if (list->acl->aclname->match(&(list->acl->data), checklist) != list->op) { debug(28, 3) ("aclMatchAclList: returning 0\n"); return 0; } @@ -2164,63 +2175,6 @@ for (a = *head; a; a = next) { next = a->next; debug(28, 3) ("aclDestroyAcls: '%s'\n", a->cfgline); -#if 0 - switch (a->type) { - case ACL_DYNAMIC: break; // The subnode is freed by the parser - case ACL_DST_IP: - case ACL_SRC_DOM_REGEX: - case ACL_DST_DOM_REGEX: - case ACL_URL_REGEX: - case ACL_URLPATH_REGEX: -#if USE_IDENT - case ACL_IDENT: - case ACL_IDENT_REGEX: -#endif - case ACL_PROXY_AUTH: - case ACL_PROXY_AUTH_REGEX: - case ACL_SRC_ASN: - case ACL_DST_ASN: - fatal("old code somewhere!\n"); -#if 0 - splay_destroy(a->data, aclFreeIpData); -#endif - break; - case ACL_DST_DOMAIN: - case ACL_SRC_DOMAIN: -#if SRC_RTT_NOT_YET_FINISHED - case ACL_NETDB_SRC_RTT: -#endif - fatal("old code somewhere!\n"); -#if 0 - splay_destroy(a->data, xfree); -#endif - break; -#if 0 -#if SQUID_SNMP - case ACL_SNMP_COMMUNITY: - wordlistDestroy((wordlist **) & a->data); - break; -#endif -#if USE_IDENT - case ACL_IDENT: - aclFreeUserData(a->data); - break; -#endif - case ACL_PROXY_AUTH: - aclDestroyUserList(NULL, a->data); - break; -#if SRC_RTT_NOT_YET_FINISHED - case ACL_NETDB_SRC_RTT: -#endif - free_intlist(NULL, (intlist **) & a->data); - break; -#endif - case ACL_NONE: - case ACL_ENUM_MAX: - debug(28, 1) ("aclDestroyAcls: no case for ACL type %d\n", a->type); - break; - } -#endif safe_free(a->cfgline); memPoolFree(acl_pool, a); // Should we be locking the aclname struct and unlocking here? @@ -2254,29 +2208,6 @@ *list = NULL; } -/* maex@space.net (06.09.1996) - * destroy an _acl_deny_info_list */ - -void -aclDestroyDenyInfoList(acl_deny_info_list ** list) -{ - acl_deny_info_list *a = NULL; - acl_deny_info_list *a_next = NULL; - acl_name_list *l = NULL; - acl_name_list *l_next = NULL; - - for (a = *list; a; a = a_next) { - for (l = a->acl_list; l; l = l_next) { - l_next = l->next; - safe_free(l); - } - a_next = a->next; - xfree(a->err_page_name); - memPoolFree(acl_deny_info_list_pool, a); - } - *list = NULL; -} - static void aclDestroyIntRange(parserNameNode *parserName, void * data) { @@ -2512,39 +2443,6 @@ return W; } -wordlist * -aclDumpGeneric(const acl * a) -{ -#if 0 - debug(28, 3) ("aclDumpGeneric: %s type %d\n", a->name, a->type); - switch (a->type) { - case ACL_DYNAMIC:break; - case ACL_DST_IP: - case ACL_SRC_DOMAIN: - case ACL_DST_DOMAIN: - case ACL_SRC_DOM_REGEX: - case ACL_DST_DOM_REGEX: - case ACL_URL_REGEX: - case ACL_URLPATH_REGEX: -#if USE_IDENT - case ACL_IDENT: - case ACL_IDENT_REGEX: -#endif - case ACL_PROXY_AUTH: - case ACL_PROXY_AUTH_REGEX: - case ACL_SRC_ASN: - case ACL_DST_ASN: - fatal("old code in Dump\n"); - case ACL_NONE: - case ACL_ENUM_MAX: - break; - } - debug(28, 1) ("aclDumpGeneric: no case for ACL type %d\n", a->type); -#endif - fatal("old code reached! FIXME\n"); - return NULL; -} - static void dump_IpList(StoreEntry * entry, const char *name, void const * const data) { @@ -2958,8 +2856,8 @@ wordlist *w; wordlist *v; while (ae != NULL) { - debug(3, 3) ("dump_acl: %s %s\n", name, ae->name); - v = w = aclDumpGeneric(ae); + debug(3, 0) ("dump_acl: %s %s\n", name, ae->name); + v = NULL; // w = aclDumpGeneric(ae); while (v != NULL) { debug(3, 3) ("dump_acl: %s %s %s\n", name, ae->name, v->key); storeAppendPrintf(entry, "%s %s %s %s\n", @@ -2969,7 +2867,7 @@ v->key); v = v->next; } - wordlistDestroy(&w); +// wordlistDestroy(&w); ae = ae->next; } } @@ -3009,6 +2907,8 @@ /* register the ACL types */ parserRegisterType("acl",aclParseAclLine,free_acl,dump_acl); + parserRegisterType("denyinfo",parse_denyinfo,free_denyinfo,dump_denyinfo); + parserRegisterType("iplist", aclParseIpList, aclDestroyIpList, dump_IpList ); parserRegisterType("domainlist", aclParseDomainList, aclDestroyDomainList, dump_DomainList); parserRegisterType("regexlist", aclParseRegexList, aclDestroyRegexList, dump_RegexList); @@ -3023,6 +2923,9 @@ parserRegisterType("arplist", aclParseArpList, aclDestroyArpList, dump_ArpList); #endif + parserRegisterName(NULL, "deny_info",parserTypeByName("denyinfo"), + &Config.denyInfoList,NULL,name_document_deny_info, NULL); + /* register the acl instance names */ aclRegisterAclName("src", parserTypeByName("iplist"), aclMatchSrc); aclRegisterAclName("dst", parserTypeByName("iplist"), aclMatchDst); Index: squid/src/cache_cf.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/cache_cf.c,v retrieving revision 1.18.4.28 retrieving revision 1.18.4.29 diff -u -r1.18.4.28 -r1.18.4.29 --- squid/src/cache_cf.c 26 Apr 2001 02:04:09 -0000 1.18.4.28 +++ squid/src/cache_cf.c 27 Apr 2001 06:58:15 -0000 1.18.4.29 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.c,v 1.18.4.28 2001/04/26 02:04:09 rbcollins Exp $ + * $Id: cache_cf.c,v 1.18.4.29 2001/04/27 06:58:15 rbcollins Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -87,9 +87,6 @@ static PARSER_DUMP dump_http_header_replace; static PARSER_PARSE parse_http_header_replace; static PARSER_FREE free_http_header_replace; -static PARSER_PARSE parse_denyinfo; -static PARSER_DUMP dump_denyinfo; -static PARSER_FREE free_denyinfo; static PARSER_PARSE parse_sockaddr_in_list; static PARSER_DUMP dump_sockaddr_in_list; static PARSER_FREE free_sockaddr_in_list; @@ -1631,50 +1628,6 @@ } static void -dump_denyinfo(StoreEntry * entry, const char *name, void const * const data) -{ - acl_deny_info_list *var=*(acl_deny_info_list **)data; - acl_name_list *a; - while (var != NULL) { - storeAppendPrintf(entry, "%s %s", name, var->err_page_name); - for (a = var->acl_list; a != NULL; a = a->next) - storeAppendPrintf(entry, " %s", a->name); - storeAppendPrintf(entry, "\n"); - var = var->next; - } -} - -static void -parse_denyinfo(parserNameNode *parserName, void * data) -{ - acl_deny_info_list ** var=( acl_deny_info_list **)data; - aclParseDenyInfoLine(var); - cbdataLock(parserName); -} - -void -free_denyinfo(parserNameNode *parserName, void * data) -{ - acl_deny_info_list ** list=( acl_deny_info_list **)data; - acl_deny_info_list *a = NULL; - acl_deny_info_list *a_next = NULL; - acl_name_list *l = NULL; - acl_name_list *l_next = NULL; - for (a = *list; a; a = a_next) { - for (l = a->acl_list; l; l = l_next) { - l_next = l->next; - memFree(l, MEM_ACL_NAME_LIST); - l = NULL; - } - a_next = a->next; - memFree(a, MEM_ACL_DENY_INFO_LIST); - a = NULL; - cbdataUnlock(parserName); - } - *list = NULL; -} - -static void parse_peer_access(parserNameNode *parserName, void * data) { char *host = NULL; Index: squid/src/cf.data.pre =================================================================== RCS file: /cvsroot/squid-sf//squid/src/cf.data.pre,v retrieving revision 1.21.4.12 retrieving revision 1.21.4.13 diff -u -r1.21.4.12 -r1.21.4.13 --- squid/src/cf.data.pre 11 Mar 2001 21:43:09 -0000 1.21.4.12 +++ squid/src/cf.data.pre 27 Apr 2001 06:58:15 -0000 1.21.4.13 @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.21.4.12 2001/03/11 21:43:09 rbcollins Exp $ +# $Id: cf.data.pre,v 1.21.4.13 2001/04/27 06:58:15 rbcollins Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -2291,23 +2291,6 @@ DOC_END -NAME: deny_info -TYPE: denyinfo -LOC: Config.denyInfoList -DEFAULT: none -DOC_START - Usage: deny_info err_page_name acl - Example: deny_info ERR_CUSTOM_ACCESS_DENIED bad_guys - - This can be used to return a ERR_ page for requests which - do not pass the 'http_access' rules. A single ACL will cause - the http_access check to fail. If a 'deny_info' line exists - for that ACL then Squid returns a corresponding error page. - - You may use ERR_ pages that come with Squid or create your own pages - and put them into the configured errors/ directory. -DOC_END - NAME: memory_pools COMMENT: on|off TYPE: onoff Index: squid/src/protos.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/protos.h,v retrieving revision 1.18.4.22 retrieving revision 1.18.4.23 diff -u -r1.18.4.22 -r1.18.4.23 --- squid/src/protos.h 26 Apr 2001 23:54:41 -0000 1.18.4.22 +++ squid/src/protos.h 27 Apr 2001 06:58:15 -0000 1.18.4.23 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.18.4.22 2001/04/26 23:54:41 rbcollins Exp $ + * $Id: protos.h,v 1.18.4.23 2001/04/27 06:58:15 rbcollins Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -64,14 +64,12 @@ #endif extern err_type aclGetDenyInfoPage(acl_deny_info_list ** head, const char *name); extern void aclParseDenyInfoLine(struct _acl_deny_info_list **); -extern void aclDestroyDenyInfoList(struct _acl_deny_info_list **); #if 0 extern PARSER_FREE aclDestroyRegexList; extern int aclMatchRegex(relist * data, const char *word); extern PARSER_PARSE aclParseRegexList; #endif extern const char *aclTypeToStr(squid_acl); -extern wordlist *aclDumpGeneric(const acl *); extern int aclPurgeMethodInUse(acl_access *); extern void aclCacheMatchFlush(dlink_list * cache); extern void aclRegisterAclDirective(void);