--------------------- PatchSet 2325 Date: 2001/05/13 09:49:51 Author: rbcollins Branch: generic_modules Tag: (none) Log: aclstate array has gone away Members: src/acl.c:1.21.4.20->1.21.4.21 src/enums.h:1.14.4.10->1.14.4.11 src/protos.h:1.18.4.26->1.18.4.27 src/structs.h:1.24.4.23->1.24.4.24 Index: squid/src/acl.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/acl.c,v retrieving revision 1.21.4.20 retrieving revision 1.21.4.21 diff -u -r1.21.4.20 -r1.21.4.21 --- squid/src/acl.c 12 May 2001 15:22:30 -0000 1.21.4.20 +++ squid/src/acl.c 13 May 2001 09:49:51 -0000 1.21.4.21 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.21.4.20 2001/05/12 15:22:30 rbcollins Exp $ + * $Id: acl.c,v 1.21.4.21 2001/05/13 09:49:51 rbcollins Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -460,7 +460,6 @@ return 1; } - #define SCAN_ACL1 "%[0123456789.]-%[0123456789.]/%[0123456789.]" #define SCAN_ACL2 "%[0123456789.]-%[0123456789.]%c" #define SCAN_ACL3 "%[0123456789.]/%[0123456789.]" @@ -1269,27 +1268,76 @@ return aclMatchRegex(ae->data, header); } +#if USE_IDENT static int aclMatchIdent(acl * ae, aclCheck_t * checklist, unsigned int flags) { if (checklist->rfc931[0]) { return aclMatchUser(ae->data, checklist->rfc931); } else { - checklist->state[ACL_IDENT] = ACL_LOOKUP_NEEDED; - return 0; + checklist->lastcheckowner=ae; + checklist->lastcheckstate=ACL_LOOKUP_PENDING; + debug(28, 3) ("aclCheck: Doing ident lookup\n"); + if (cbdataValid(checklist->conn)) { + identStart(&checklist->conn->me, &checklist->conn->peer, + aclLookupIdentDone, checklist); + return ACL_MATCH_NEED_LOOKUP; + } else { + debug(28, 1) ("aclCheck: Can't start ident lookup. No client connection\n"); + cbdataUnlock(checklist->conn); + checklist->conn = NULL; + return ACL_MATCH_INSUFFICIENT_INFORMATION; + } } } static int aclMatchIdentRegex(acl * ae, aclCheck_t * checklist, unsigned int flags) { + if (checklist->lastcheckowner==ae) { + checklist->lastcheckowner=NULL; + checklist->lastcheckstate=ACL_LOOKUP_NONE; + } if (checklist->rfc931[0]) { return aclMatchRegex(ae->data, checklist->rfc931); } else { - checklist->state[ACL_IDENT] = ACL_LOOKUP_NEEDED; - return 0; + checklist->lastcheckowner=ae; + checklist->lastcheckstate=ACL_LOOKUP_PENDING; + debug(28, 3) ("aclCheck: Doing ident lookup\n"); + if (cbdataValid(checklist->conn)) { + identStart(&checklist->conn->me, &checklist->conn->peer, + aclLookupIdentDone, checklist); + return ACL_MATCH_NEED_LOOKUP; + } else { + debug(28, 1) ("aclCheck: Can't start ident lookup. No client connection\n"); + cbdataUnlock(checklist->conn); + checklist->conn = NULL; + return ACL_MATCH_INSUFFICIENT_INFORMATION; + } + } +} + +static void +aclLookupIdentDone(const char *ident, void *data) +{ + aclCheck_t *checklist = data; + if (ident) { + xstrncpy(checklist->rfc931, ident, USER_IDENT_SZ); +#if DONT + xstrncpy(checklist->request->authuser, ident, USER_IDENT_SZ); +#endif + } else { + xstrncpy(checklist->rfc931, dash_str, USER_IDENT_SZ); } + /* + * Cache the ident result in the connection, to avoid redoing ident lookup + * over and over on persistent connections + */ + if (cbdataValid(checklist->conn) && !checklist->conn->rfc931[0]) + xstrncpy(checklist->conn->rfc931, checklist->rfc931, USER_IDENT_SZ); + aclCheck(checklist); } +#endif static int aclMatchProxyAuth(acl * , http_hdr_type headertype, @@ -1878,26 +1926,7 @@ /* We don't reset the owner because the owner needs to test it */ checklist->lastcheckstate = ACL_LOOKUP_DONE; aclCheck(checklist); -#if 0 - aclCheck_t *checklist = data; - checklist->state[ACL_DST_ASN] = ACL_LOOKUP_DONE; - aclCheck(checklist); -#endif -} - - -#if 0 -static int -aclMatchAcl(acl * ae, aclCheck_t * checklist) -{ - if (!ae) - return 0; - debug(28, 3) ("aclMatchAcl: checking '%s'\n", ae->cfgline); - // TODO: add data consistency checks for aclname & match - return ae->aclname->match(&ae->data, checklist); } -#endif - /* test each acl in a list for a match. * if the result does not match the logic test, stop iterating and return @@ -1977,56 +2006,8 @@ * or non-match */ allow=0; - } else -#if 0 - if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_NEEDED) { - checklist->state[ACL_DST_IP] = ACL_LOOKUP_PENDING; - ipcache_nbgethostbyname(checklist->request->host, - aclLookupDstIPDone, checklist); - return; } - else - - if (checklist->state[ACL_DST_ASN] == ACL_LOOKUP_NEEDED) { - checklist->state[ACL_DST_ASN] = ACL_LOOKUP_PENDING; - ipcache_nbgethostbyname(checklist->request->host, - aclLookupDstIPforASNDone, checklist); - return; - } else - if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NEEDED) { - checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_PENDING; - fqdncache_nbgethostbyaddr(checklist->src_addr, - aclLookupSrcFQDNDone, checklist); - return; - } else - if (checklist->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NEEDED) { - ia = ipcacheCheckNumeric(checklist->request->host); - if (ia == NULL) { - checklist->state[ACL_DST_DOMAIN] = ACL_LOOKUP_DONE; - return; - } - checklist->dst_addr = ia->in_addrs[0]; - checklist->state[ACL_DST_DOMAIN] = ACL_LOOKUP_PENDING; - fqdncache_nbgethostbyaddr(checklist->dst_addr, - aclLookupDstFQDNDone, checklist); - return; - } else - if (checklist->state[ACL_PROXY_AUTH] == ACL_LOOKUP_NEEDED) { - debug(28, 3) - ("aclCheck: checking password via authenticator\n"); - aclLookupProxyAuthStart(checklist); - checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_PENDING; - return; - } else if (checklist->state[ACL_PROXY_AUTH] == ACL_PROXY_AUTH_NEEDED) { - /* Client is required to resend the request with correct authentication - * credentials. (This may be part of a stateful auth protocol. - * The request is denied. - */ - debug(28, 6) ("aclCheck: requiring Proxy Auth header.\n"); - allow = ACCESS_REQ_PROXY_AUTH; - match = -1; - } else -#endif +#if 0 #if USE_IDENT if (checklist->state[ACL_IDENT] == ACL_LOOKUP_NEEDED) { debug(28, 3) ("aclCheck: Doing ident lookup\n"); @@ -2044,6 +2025,7 @@ } } #endif +#endif /* * We are done with this _acl_access entry. Either the request * is allowed, denied, requires authentication, or we move on to @@ -2094,29 +2076,6 @@ aclChecklistFree(checklist); } -#if USE_IDENT -static void -aclLookupIdentDone(const char *ident, void *data) -{ - aclCheck_t *checklist = data; - if (ident) { - xstrncpy(checklist->rfc931, ident, USER_IDENT_SZ); -#if DONT - xstrncpy(checklist->request->authuser, ident, USER_IDENT_SZ); -#endif - } else { - xstrncpy(checklist->rfc931, dash_str, USER_IDENT_SZ); - } - /* - * Cache the ident result in the connection, to avoid redoing ident lookup - * over and over on persistent connections - */ - if (cbdataValid(checklist->conn) && !checklist->conn->rfc931[0]) - xstrncpy(checklist->conn->rfc931, checklist->rfc931, USER_IDENT_SZ); - aclCheck(checklist); -} -#endif - aclCheck_t * aclChecklistCreate(const acl_access * A, request_t * request, const char *ident) { @@ -2136,8 +2095,6 @@ checklist->my_addr = request->my_addr; checklist->my_port = request->my_port; } - for (i = 0; i < ACL_ENUM_MAX; i++) - checklist->state[i] = ACL_LOOKUP_NONE; #if USE_IDENT if (ident) xstrncpy(checklist->rfc931, ident, USER_IDENT_SZ); @@ -2741,8 +2698,6 @@ } } -//parserRegisterType("acl",parse_acl,free_acl,dump_acl); - static void name_document_acl(void){ printf( Index: squid/src/enums.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/enums.h,v retrieving revision 1.14.4.10 retrieving revision 1.14.4.11 diff -u -r1.14.4.10 -r1.14.4.11 --- squid/src/enums.h 12 May 2001 15:22:30 -0000 1.14.4.10 +++ squid/src/enums.h 13 May 2001 09:49:51 -0000 1.14.4.11 @@ -1,6 +1,6 @@ /* - * $Id: enums.h,v 1.14.4.10 2001/05/12 15:22:30 rbcollins Exp $ + * $Id: enums.h,v 1.14.4.11 2001/05/13 09:49:51 rbcollins Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -93,22 +93,9 @@ } err_type; typedef enum { - ACL_NONE, -#if USE_IDENT - ACL_IDENT, - ACL_IDENT_REGEX, -#endif - ACL_PROXY_AUTH, - ACL_PROXY_AUTH_REGEX, - ACL_ENUM_MAX -} squid_acl; - -typedef enum { ACL_LOOKUP_NONE, - ACL_LOOKUP_NEEDED, ACL_LOOKUP_PENDING, ACL_LOOKUP_DONE, - ACL_PROXY_AUTH_NEEDED, } acl_lookup_state; enum { Index: squid/src/protos.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/protos.h,v retrieving revision 1.18.4.26 retrieving revision 1.18.4.27 diff -u -r1.18.4.26 -r1.18.4.27 --- squid/src/protos.h 12 May 2001 13:06:03 -0000 1.18.4.26 +++ squid/src/protos.h 13 May 2001 09:49:51 -0000 1.18.4.27 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.18.4.26 2001/05/12 13:06:03 rbcollins Exp $ + * $Id: protos.h,v 1.18.4.27 2001/05/13 09:49:51 rbcollins Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -68,7 +68,6 @@ extern int aclMatchRegex(relist * data, const char *word); extern PARSER_PARSE aclParseRegexList; #endif -extern const char *aclTypeToStr(squid_acl); extern int aclPurgeMethodInUse(acl_access *); extern void aclCacheMatchFlush(dlink_list * cache); extern void aclRegisterAclDirective(void); Index: squid/src/structs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/structs.h,v retrieving revision 1.24.4.23 retrieving revision 1.24.4.24 diff -u -r1.24.4.23 -r1.24.4.24 --- squid/src/structs.h 12 May 2001 13:06:03 -0000 1.24.4.23 +++ squid/src/structs.h 13 May 2001 09:49:51 -0000 1.24.4.24 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.24.4.23 2001/05/12 13:06:03 rbcollins Exp $ + * $Id: structs.h,v 1.24.4.24 2001/05/13 09:49:51 rbcollins Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -188,7 +188,6 @@ ConnStateData *conn; /* hack for ident and NTLM */ char rfc931[USER_IDENT_SZ]; auth_user_request_t *auth_user_request; - acl_lookup_state state[ACL_ENUM_MAX]; acl_lookup_state lastcheckstate; acl * lastcheckowner; #if SQUID_SNMP