#include <FilledChecklist.h>
Public Member Functions | |
| ACLFilledChecklist () | |
| ACLFilledChecklist (const acl_access *, HttpRequest *, const char *ident=nullptr) | |
| ~ACLFilledChecklist () override | |
| void | setRequest (HttpRequest *) |
| configure client request-related fields for the first time More... | |
| void | setIdent (const char *userIdentity) |
| configure rfc931 user identity for the first time More... | |
| ConnStateData * | conn () const |
| The client connection manager. More... | |
| int | fd () const |
| The client side fd. It uses conn() if available. More... | |
| void | setConn (ConnStateData *) |
| set either conn More... | |
| void | fd (int aDescriptor) |
| set the client side FD More... | |
| bool | destinationDomainChecked () const |
| void | markDestinationDomainChecked () |
| bool | sourceDomainChecked () const |
| void | markSourceDomainChecked () |
| bool | hasRequest () const override |
| bool | hasReply () const override |
| bool | hasAle () const override |
| void | syncAle (HttpRequest *adaptedRequest, const char *logUri) const override |
| assigns uninitialized adapted_request and url ALE components More... | |
| void | verifyAle () const override |
| warns if there are uninitialized ALE components and fills them More... | |
| void | nonBlockingCheck (ACLCB *callback, void *callback_data) |
| Acl::Answer const & | fastCheck () |
| Acl::Answer const & | fastCheck (const Acl::Tree *list) |
| bool | goAsync (AsyncState *) |
| bool | matchChild (const Acl::InnerNode *parent, Acl::Nodes::const_iterator pos, const ACL *child) |
| bool | keepMatching () const |
| Whether we should continue to match tree nodes or stop/pause. More... | |
| bool | finished () const |
| whether markFinished() was called More... | |
| bool | asyncInProgress () const |
| async call has been started and has not finished (or failed) yet More... | |
| void | markFinished (const Acl::Answer &newAnswer, const char *reason) |
| const Acl::Answer & | currentAnswer () const |
| bool | bannedAction (const Acl::Answer &action) const |
| whether the action is banned or not More... | |
| void | banAction (const Acl::Answer &action) |
| add action to the list of banned actions More... | |
| const Acl::Tree * | changeAcl (const Acl::Tree *t) |
| void | resumeNonBlockingCheck (AsyncState *state) |
Public Attributes | |
| Ip::Address | src_addr |
| Ip::Address | dst_addr |
| Ip::Address | my_addr |
| SBuf | dst_peer_name |
| char * | dst_rdns |
| HttpRequest::Pointer | request |
| HttpReply * | reply |
| char | rfc931 [USER_IDENT_SZ] |
| Auth::UserRequest::Pointer | auth_user_request |
| char * | snmp_community |
| CbcPointer< Security::CertErrors > | sslErrors |
| Security::CertPointer | serverCert |
| AccessLogEntry::Pointer | al |
| info for the future access.log, and external ACL More... | |
| ExternalACLEntryPointer | extacl_entry |
| err_type | requestErrorType |
| ACLCB * | callback |
| void * | callback_data |
Private Types | |
| enum | NodeMatchingResult { nmrMatch , nmrMismatch , nmrFinished , nmrNeedsAsync } |
| possible outcomes when trying to match a single ACL node in a list More... | |
| enum | AsyncStage { asyncNone , asyncStarting , asyncRunning , asyncFailed } |
Private Member Functions | |
| CBDATA_CLASS (ACLFilledChecklist) | |
| ACLFilledChecklist (const ACLFilledChecklist &) | |
| not implemented; will cause link failures if used More... | |
| ACLFilledChecklist & | operator= (const ACLFilledChecklist &) |
| not implemented; will cause link failures if used More... | |
| void | checkCallback (Acl::Answer answer) |
| Calls non-blocking check callback with the answer and destroys self. More... | |
| void | matchAndFinish () |
| performs (or resumes) an ACL tree match and, if successful, sets the action More... | |
| void | changeState (AsyncState *) |
| AsyncState * | asyncState () const |
| void | preCheck (const char *what) |
| prepare for checking ACLs; called once per check More... | |
| bool | prepNonBlocking () |
| common parts of nonBlockingCheck() and resumeNonBlockingCheck() More... | |
| void | completeNonBlocking () |
| void | calcImplicitAnswer () |
| bool | callerGone () |
Private Attributes | |
| ConnStateData * | conn_ |
| int | fd_ |
| bool | destinationDomainChecked_ |
| bool | sourceDomainChecked_ |
| const Acl::Tree * | accessList |
| bool | asyncCaller_ |
| whether the caller supports async/slow ACLs More... | |
| bool | occupied_ |
| whether a check (fast or non-blocking) is in progress More... | |
| bool | finished_ |
| Acl::Answer | answer_ |
| AsyncStage | asyncStage_ |
| AsyncState * | state_ |
| Breadcrumb | matchLoc_ |
| location of the node running matches() now More... | |
| Breadcrumb | asyncLoc_ |
| currentNode_ that called goAsync() More... | |
| unsigned | asyncLoopDepth_ |
| how many times the current async state has resumed More... | |
| std::stack< Breadcrumb > | matchPath |
| suspended (due to an async lookup) matches() in the ACL tree More... | |
| std::vector< Acl::Answer > | bannedActions_ |
| the list of actions which must ignored during acl checks More... | |
Detailed Description
ACLChecklist filled with specific data, representing Squid and transaction state for access checks along with some data-specific checking methods
Definition at line 31 of file FilledChecklist.h.
Member Enumeration Documentation
◆ AsyncStage
|
privateinherited |
| Enumerator | |
|---|---|
| asyncNone | |
| asyncStarting | |
| asyncRunning | |
| asyncFailed | |
Definition at line 233 of file Checklist.h.
◆ NodeMatchingResult
|
privateinherited |
| Enumerator | |
|---|---|
| nmrMatch | |
| nmrMismatch | |
| nmrFinished | |
| nmrNeedsAsync | |
Definition at line 219 of file Checklist.h.
Constructor & Destructor Documentation
◆ ACLFilledChecklist() [1/3]
| ACLFilledChecklist::ACLFilledChecklist | ( | ) |
Definition at line 27 of file FilledChecklist.cc.
References dst_addr, my_addr, rfc931, Ip::Address::setEmpty(), and src_addr.
◆ ACLFilledChecklist() [2/3]
| ACLFilledChecklist::ACLFilledChecklist | ( | const acl_access * | A, |
| HttpRequest * | http_request, | ||
| const char * | ident = nullptr |
||
| ) |
Definition at line 211 of file FilledChecklist.cc.
References A, ACLChecklist::changeAcl(), dst_addr, my_addr, rfc931, Ip::Address::setEmpty(), setIdent(), setRequest(), and src_addr.
◆ ~ACLFilledChecklist()
|
override |
Definition at line 48 of file FilledChecklist.cc.
References assert, ACLChecklist::asyncInProgress(), cbdataReferenceDone, conn_, debugs, dst_rdns, HTTPMSGUNLOCK(), reply, and safe_free.
◆ ACLFilledChecklist() [3/3]
|
private |
Member Function Documentation
◆ asyncInProgress()
|
inlineinherited |
Definition at line 151 of file Checklist.h.
References ACLChecklist::asyncNone, and ACLChecklist::asyncStage_.
Referenced by ACLChecklist::~ACLChecklist(), ~ACLFilledChecklist(), ACLChecklist::completeNonBlocking(), ACLChecklist::goAsync(), ACLChecklist::keepMatching(), ACLChecklist::markFinished(), ACLChecklist::matchChild(), ACL::matches(), ACLChecklist::nonBlockingCheck(), Acl::InnerNode::resumeMatchingAt(), and ACLChecklist::resumeNonBlockingCheck().
◆ asyncState()
|
privateinherited |
Definition at line 226 of file Checklist.cc.
References ACLChecklist::state_.
Referenced by ACLChecklist::resumeNonBlockingCheck().
◆ banAction()
|
inherited |
Definition at line 395 of file Checklist.cc.
References action(), and ACLChecklist::bannedActions_.
Referenced by Ssl::PeekingPeerConnector::checkForPeekAndSplice(), and ConnStateData::startPeekAndSplice().
◆ bannedAction()
|
inherited |
Definition at line 387 of file Checklist.cc.
References action(), ACLChecklist::bannedActions_, and debugs.
Referenced by Acl::Tree::bannedAction().
◆ calcImplicitAnswer()
|
privateinherited |
When no rules matched, the answer is the inversion of the last rule action (or ACCESS_DUNNO if the reversal is not possible).
Definition at line 363 of file Checklist.cc.
References ACCESS_ALLOWED, ACCESS_DENIED, ACCESS_DUNNO, ACLChecklist::accessList, cbdataReferenceValid(), debugs, Acl::Tree::lastAction(), and ACLChecklist::markFinished().
Referenced by ACLChecklist::completeNonBlocking(), and ACLChecklist::fastCheck().
◆ callerGone()
|
privateinherited |
Definition at line 381 of file Checklist.cc.
References ACLChecklist::callback_data, and cbdataReferenceValid().
Referenced by ACLChecklist::prepNonBlocking().
◆ CBDATA_CLASS()
|
private |
◆ changeAcl()
change the current ACL list
- Returns
- a pointer to the old list value (may be nullptr)
Definition at line 176 of file Checklist.h.
References ACLChecklist::accessList, cbdataReference, and cbdataReferenceDone.
Referenced by ACLFilledChecklist(), ACLChecklist::~ACLChecklist(), ACLChecklist::fastCheck(), HttpStateData::forwardUpgrade(), and ConnStateData::whenClientIpKnown().
◆ changeState()
|
privateinherited |
Definition at line 214 of file Checklist.cc.
References assert, ACLChecklist::NullState::Instance(), and ACLChecklist::state_.
Referenced by ACLChecklist::goAsync(), and ACLChecklist::resumeNonBlockingCheck().
◆ checkCallback()
|
privateinherited |
Definition at line 158 of file Checklist.cc.
References ACLChecklist::callback, ACLChecklist::callback_data, cbdataReferenceValidDone, debugs, and ACLChecklist::occupied_.
Referenced by ACLChecklist::completeNonBlocking(), ACLChecklist::nonBlockingCheck(), and ACLChecklist::prepNonBlocking().
◆ completeNonBlocking()
|
privateinherited |
Definition at line 45 of file Checklist.cc.
References ACLChecklist::accessList, assert, ACLChecklist::asyncInProgress(), ACLChecklist::calcImplicitAnswer(), cbdataReferenceDone, ACLChecklist::checkCallback(), ACLChecklist::currentAnswer(), and ACLChecklist::finished().
Referenced by ACLChecklist::nonBlockingCheck(), and ACLChecklist::resumeNonBlockingCheck().
◆ conn()
| ConnStateData * ACLFilledChecklist::conn | ( | ) | const |
Definition at line 134 of file FilledChecklist.cc.
References cbdataReferenceValid(), and conn_.
Referenced by AuthenticateAcl(), IdentLookup::checkForAsync(), fd(), ConnStateData::fillConnectionLevelDetails(), IdentLookup::LookupDone(), ProxyAuthLookup::LookupDone(), ACLDestinationIP::match(), ACLIdent::match(), and verifyAle().
◆ currentAnswer()
|
inlineinherited |
Definition at line 156 of file Checklist.h.
References ACLChecklist::answer_.
Referenced by ACLChecklist::completeNonBlocking(), and ACLChecklist::fastCheck().
◆ destinationDomainChecked()
| bool ACLFilledChecklist::destinationDomainChecked | ( | ) | const |
Definition at line 172 of file FilledChecklist.cc.
References destinationDomainChecked_.
Referenced by markDestinationDomainChecked().
◆ fastCheck() [1/2]
|
inherited |
Perform a blocking (immediate) check for a list of allow/deny rules. Each rule comes with a list of ACLs.
The first rule where all ACLs match wins. If there is such a rule, the result becomes that rule keyword (ACCESS_ALLOWED or ACCESS_DENIED).
If there are rules but all ACL lists mismatch, an implicit rule is used Its result is the negation of the keyword of the last seen rule.
Some ACLs may stop the check prematurely by setting an exceptional check result (e.g., ACCESS_AUTH_REQUIRED) instead of declaring a match or mismatch.
Some ACLs may require an async lookup which is prohibited by this method. In this case, the exceptional check result of ACCESS_DUNNO is immediately returned.
If there are no rules to check at all, the result becomes ACCESS_DUNNO.
Definition at line 332 of file Checklist.cc.
References ACLChecklist::accessList, ACLChecklist::asyncCaller_, ACLChecklist::calcImplicitAnswer(), cbdataReference, cbdataReferenceDone, cbdataReferenceValid(), ACLChecklist::currentAnswer(), debugs, ACLChecklist::finished(), ACLChecklist::matchAndFinish(), ACLChecklist::occupied_, and ACLChecklist::preCheck().
Referenced by accessLogLogTo(), aclFindNfMarkConfig(), aclMapTOS(), Client::blockCaching(), ConnStateData::buildSslCertGenerationParams(), HttpReply::calcMaxBodySize(), Adaptation::Icap::Launcher::canRepeat(), FwdState::connectStart(), DelayId::DelayClient(), HttpStateData::finishingBrokenPost(), HttpStateData::forwardUpgrade(), getOutgoingAddress(), HttpRequest::getRangeOffsetLimit(), HttpStateData::handle1xx(), Ftp::Server::handleUploadRequest(), htcpAccessAllowed(), httpHdrAdd(), httpHdrMangle(), icpAccessAllowed(), ClientHttpRequest::logRequest(), HttpRequest::manager(), Note::match(), StoreClient::onCollapsingPath(), peerAllowedToUse(), Http::One::Server::processParsedRequest(), ConnStateData::proxyProtocolValidateClient(), schemesConfig(), Ftp::Client::sendPassive(), ConnStateData::serveDelayedError(), Security::KeyLogger::shouldLog(), snmpDecodePacket(), ssl_verify_cb(), Security::PeerConnector::sslCrtvdCheckForErrors(), FwdState::Start(), ConnStateData::tunnelOnError(), tunnelStart(), and ConnStateData::whenClientIpKnown().
◆ fastCheck() [2/2]
|
inherited |
Perform a blocking (immediate) check whether a list of ACLs matches. This method is meant to be used with squid.conf ACL-driven options that lack allow/deny keywords and are tested one ACL list at a time. Whether the checks for other occurrences of the same option continue after this call is up to the caller and option semantics.
If all ACLs match, the result becomes ACCESS_ALLOWED.
If all ACLs mismatch, the result becomes ACCESS_DENIED.
Some ACLs may stop the check prematurely by setting an exceptional check result (e.g., ACCESS_AUTH_REQUIRED) instead of declaring a match or mismatch.
Some ACLs may require an async lookup which is prohibited by this method. In this case, the exceptional check result of ACCESS_DUNNO is immediately returned.
If there are no ACLs to check at all, the result becomes ACCESS_ALLOWED.
Definition at line 307 of file Checklist.cc.
References ACCESS_DENIED, ACLChecklist::accessList, ACLChecklist::asyncCaller_, cbdataReferenceValid(), ACLChecklist::changeAcl(), ACLChecklist::currentAnswer(), ACLChecklist::finished(), ACLChecklist::markFinished(), ACLChecklist::matchAndFinish(), ACLChecklist::occupied_, and ACLChecklist::preCheck().
◆ fd() [1/2]
| int ACLFilledChecklist::fd | ( | ) | const |
Definition at line 157 of file FilledChecklist.cc.
◆ fd() [2/2]
| void ACLFilledChecklist::fd | ( | int | aDescriptor | ) |
Definition at line 164 of file FilledChecklist.cc.
◆ finished()
|
inlineinherited |
Definition at line 149 of file Checklist.h.
References ACLChecklist::finished_.
Referenced by ACLChecklist::completeNonBlocking(), ACLChecklist::fastCheck(), ACLChecklist::keepMatching(), markDestinationDomainChecked(), ACLChecklist::markFinished(), markSourceDomainChecked(), and ACLChecklist::resumeNonBlockingCheck().
◆ goAsync()
|
inherited |
If slow lookups are allowed, switches into "async in progress" state. Otherwise, returns false; the caller is expected to handle the failure.
Definition at line 114 of file Checklist.cc.
References assert, ACLChecklist::asyncCaller_, ACLChecklist::asyncFailed, ACLChecklist::asyncInProgress(), ACLChecklist::asyncLoc_, ACLChecklist::asyncLoopDepth_, ACLChecklist::asyncNone, ACLChecklist::asyncRunning, ACLChecklist::asyncStage_, ACLChecklist::asyncStarting, ACLChecklist::changeState(), ACLChecklist::AsyncState::checkForAsync(), debugs, ACLChecklist::matchLoc_, and ACLChecklist::Breadcrumb::parent.
Referenced by aclMatchExternal(), AuthenticateAcl(), makeExternalAclKey(), ACLDestinationIP::match(), and ACLIdent::match().
◆ hasAle()
|
inlineoverridevirtual |
◆ hasReply()
|
inlineoverridevirtual |
◆ hasRequest()
|
inlineoverridevirtual |
◆ keepMatching()
|
inlineinherited |
Definition at line 146 of file Checklist.h.
References ACLChecklist::asyncInProgress(), and ACLChecklist::finished().
Referenced by Acl::AllOf::doMatch(), Acl::NotNode::doMatch(), Acl::AndNode::doMatch(), Acl::OrNode::doMatch(), ACLProxyAuth::match(), ACLExternal::match(), and ACLMaxUserIP::match().
◆ markDestinationDomainChecked()
| void ACLFilledChecklist::markDestinationDomainChecked | ( | ) |
Definition at line 178 of file FilledChecklist.cc.
References assert, destinationDomainChecked(), destinationDomainChecked_, and ACLChecklist::finished().
Referenced by DestinationDomainLookup::LookupDone().
◆ markFinished()
|
inherited |
called when no more ACLs should be checked; sets the final answer and prints a debugging message explaining the reason for that answer
Definition at line 57 of file Checklist.cc.
References ACLChecklist::answer_, assert, ACLChecklist::asyncInProgress(), debugs, ACLChecklist::finished(), and ACLChecklist::finished_.
Referenced by ACLChecklist::calcImplicitAnswer(), ACLChecklist::fastCheck(), ACLProxyAuth::match(), ACLExternal::match(), ACLIdent::match(), ACLMaxUserIP::match(), and ACLChecklist::matchAndFinish().
◆ markSourceDomainChecked()
| void ACLFilledChecklist::markSourceDomainChecked | ( | ) |
Definition at line 191 of file FilledChecklist.cc.
References assert, ACLChecklist::finished(), sourceDomainChecked(), and sourceDomainChecked_.
Referenced by SourceDomainLookup::LookupDone().
◆ matchAndFinish()
|
privateinherited |
Definition at line 291 of file Checklist.cc.
References ACLChecklist::accessList, ACLChecklist::markFinished(), ACL::matches(), ACLChecklist::matchPath, ACLChecklist::Breadcrumb::parent, ACLChecklist::Breadcrumb::position, Acl::InnerNode::resumeMatchingAt(), and Acl::Tree::winningAction().
Referenced by ACLChecklist::fastCheck(), ACLChecklist::nonBlockingCheck(), and ACLChecklist::resumeNonBlockingCheck().
◆ matchChild()
|
inherited |
Matches (or resumes matching of) a child node while maintaning resumption breadcrumbs if a [grand]child node goes async.
Definition at line 81 of file Checklist.cc.
References assert, ACLChecklist::asyncInProgress(), ACLChecklist::asyncLoc_, ACLChecklist::asyncLoopDepth_, ACLChecklist::Breadcrumb::clear(), ACL::matches(), ACLChecklist::matchLoc_, ACLChecklist::matchPath, ACLChecklist::Breadcrumb::parent, ACLChecklist::Breadcrumb::position, and Acl::InnerNode::resumeMatchingAt().
Referenced by Acl::AllOf::doMatch(), Acl::NotNode::doMatch(), Acl::AndNode::doMatch(), and Acl::OrNode::doMatch().
◆ nonBlockingCheck()
|
inherited |
Start a non-blocking (async) check for a list of allow/deny rules. Each rule comes with a list of ACLs.
The callback specified will be called with the result of the check.
The first rule where all ACLs match wins. If there is such a rule, the result becomes that rule keyword (ACCESS_ALLOWED or ACCESS_DENIED).
If there are rules but all ACL lists mismatch, an implicit rule is used. Its result is the negation of the keyword of the last seen rule.
Some ACLs may stop the check prematurely by setting an exceptional check result (e.g., ACCESS_AUTH_REQUIRED) instead of declaring a match or mismatch.
If there are no rules to check at all, the result becomes ACCESS_DUNNO. Calling this method with no rules to check wastes a lot of CPU cycles and will result in a DBG_CRITICAL debugging message.
Kick off a non-blocking (slow) ACL access list test
NP: this should probably be made Async now.
The ACL List should NEVER be NULL when calling this method. Always caller should check for NULL and handle appropriate to its needs first. We cannot select a sensible default for all callers here.
Definition at line 237 of file Checklist.cc.
References ACCESS_DUNNO, ACLChecklist::accessList, ACLChecklist::asyncCaller_, ACLChecklist::asyncInProgress(), ACLChecklist::callback, ACLChecklist::callback_data, cbdataReference, ACLChecklist::checkCallback(), ACLChecklist::completeNonBlocking(), DBG_CRITICAL, debugs, ACLChecklist::matchAndFinish(), ACLChecklist::preCheck(), and ACLChecklist::prepNonBlocking().
Referenced by Ssl::PeekingPeerConnector::checkForPeekAndSplice(), ClientRequestContext::checkNoCache(), ClientRequestContext::clientAccessCheck(), ClientRequestContext::clientAccessCheck2(), clientFollowXForwardedForCheck(), ClientRequestContext::clientRedirectStart(), ClientRequestContext::clientStoreIdStart(), ConnStateData::postHttpsAccept(), clientReplyContext::processReplyAccess(), PeerSelector::selectMore(), ClientRequestContext::sslBumpAccessCheck(), and ConnStateData::startPeekAndSplice().
◆ operator=()
|
private |
◆ preCheck()
|
privateinherited |
Called first (and once) by all checks to initialize their state.
Definition at line 67 of file Checklist.cc.
References AclMatchedName, assert, ACLChecklist::asyncLoopDepth_, debugs, ACLChecklist::finished_, and ACLChecklist::occupied_.
Referenced by ACLChecklist::fastCheck(), and ACLChecklist::nonBlockingCheck().
◆ prepNonBlocking()
|
privateinherited |
- If the accessList is no longer valid (i.e. its been freed because of a reconfigure), then bail with ACCESS_DUNNO.
Definition at line 20 of file Checklist.cc.
References ACCESS_DUNNO, ACLChecklist::accessList, assert, ACLChecklist::callerGone(), cbdataReferenceDone, cbdataReferenceValid(), ACLChecklist::checkCallback(), and debugs.
Referenced by ACLChecklist::nonBlockingCheck(), and ACLChecklist::resumeNonBlockingCheck().
◆ resumeNonBlockingCheck()
|
inherited |
Resumes non-blocking check started by nonBlockingCheck() and suspended until some async operation updated Squid state.
Definition at line 261 of file Checklist.cc.
References assert, ACLChecklist::asyncFailed, ACLChecklist::asyncInProgress(), ACLChecklist::asyncNone, ACLChecklist::asyncRunning, ACLChecklist::asyncStage_, ACLChecklist::asyncStarting, ACLChecklist::asyncState(), ACLChecklist::changeState(), ACLChecklist::completeNonBlocking(), ACLChecklist::finished(), ACLChecklist::NullState::Instance(), ACLChecklist::matchAndFinish(), ACLChecklist::matchPath, and ACLChecklist::prepNonBlocking().
Referenced by DestinationDomainLookup::LookupDone(), SourceDomainLookup::LookupDone(), IdentLookup::LookupDone(), ProxyAuthLookup::LookupDone(), and ExternalACLLookup::LookupDone().
◆ setConn()
| void ACLFilledChecklist::setConn | ( | ConnStateData * | aConn | ) |
Definition at line 140 of file FilledChecklist.cc.
References assert, cbdataReference, conn_, and ConnStateData::fillConnectionLevelDetails().
Referenced by clientAclChecklistFill(), ConnStateData::fillChecklist(), and setRequest().
◆ setIdent()
| void ACLFilledChecklist::setIdent | ( | const char * | userIdentity | ) |
Definition at line 255 of file FilledChecklist.cc.
References assert, rfc931, USER_IDENT_SZ, and xstrncpy().
Referenced by ACLFilledChecklist(), and ConnStateData::fillConnectionLevelDetails().
◆ setRequest()
| void ACLFilledChecklist::setRequest | ( | HttpRequest * | httpRequest | ) |
Definition at line 236 of file FilledChecklist.cc.
References SquidConfig::acl_uses_indirect_client, assert, HttpRequest::client_addr, HttpRequest::clientConnectionManager, Config, CbcPointer< Cbc >::get(), HttpRequest::indirect_client_addr, my_addr, HttpRequest::my_addr, SquidConfig::onoff, request, setConn(), and src_addr.
Referenced by ACLFilledChecklist(), clientAclChecklistFill(), htcpSpecifier::fillChecklist(), ICPState::fillChecklist(), and UrnState::fillChecklist().
◆ sourceDomainChecked()
| bool ACLFilledChecklist::sourceDomainChecked | ( | ) | const |
Definition at line 185 of file FilledChecklist.cc.
References sourceDomainChecked_.
Referenced by markSourceDomainChecked().
◆ syncAle()
|
overridevirtual |
Implements ACLChecklist.
Definition at line 121 of file FilledChecklist.cc.
References AccessLogEntry::adapted_request, al, HTTPMSGLOCK(), SBuf::isEmpty(), and AccessLogEntry::url.
Referenced by Ssl::PeekingPeerConnector::checkForPeekAndSplice(), clientAclChecklistFill(), FwdState::connectStart(), ClientHttpRequest::doCallouts(), Security::PeerConnector::fillChecklist(), HttpStateData::finishingBrokenPost(), HttpStateData::handle1xx(), Ftp::Server::handleUploadRequest(), HttpRequest::manager(), Note::match(), peerAllowedToUse(), ConnStateData::postHttpsAccept(), Http::One::Server::processParsedRequest(), FwdState::Start(), and tunnelStart().
◆ verifyAle()
|
overridevirtual |
Implements ACLChecklist.
Definition at line 73 of file FilledChecklist.cc.
References AccessLogEntry::adapted_request, al, AccessLogEntry::cache, conn(), HttpRequest::effectiveRequestUri(), RefCount< C >::getRaw(), HTTPMSGLOCK(), SBuf::isEmpty(), AccessLogEntry::CacheDetails::port, ConnStateData::port, AccessLogEntry::reply, reply, AccessLogEntry::request, request, AccessLogEntry::CacheDetails::rfc931, rfc931, showDebugWarning(), AccessLogEntry::url, and xstrdup.
Member Data Documentation
◆ accessList
|
privateinherited |
Definition at line 194 of file Checklist.h.
Referenced by ACLChecklist::calcImplicitAnswer(), ACLChecklist::changeAcl(), ACLChecklist::completeNonBlocking(), ACLChecklist::fastCheck(), ACLChecklist::matchAndFinish(), ACLChecklist::nonBlockingCheck(), and ACLChecklist::prepNonBlocking().
◆ al
| AccessLogEntry::Pointer ACLFilledChecklist::al |
Definition at line 101 of file FilledChecklist.h.
Referenced by AuthenticateAcl(), Client::blockCaching(), ProxyAuthLookup::checkForAsync(), Ssl::PeekingPeerConnector::checkForPeekAndSplice(), clientAclChecklistFill(), FwdState::connectStart(), ClientHttpRequest::doCallouts(), htcpSpecifier::fillChecklist(), ICPState::fillChecklist(), Security::PeerConnector::fillChecklist(), UrnState::fillChecklist(), HttpStateData::finishingBrokenPost(), HttpStateData::forwardUpgrade(), HttpStateData::handle1xx(), Ftp::Server::handleUploadRequest(), hasAle(), httpHdrAdd(), httpHdrMangle(), ClientHttpRequest::logRequest(), makeExternalAclKey(), HttpRequest::manager(), Note::match(), peerAllowedToUse(), ConnStateData::postHttpsAccept(), Http::One::Server::processParsedRequest(), PeerSelector::selectMore(), FwdState::Start(), syncAle(), tunnelStart(), and verifyAle().
◆ answer_
|
privateinherited |
Definition at line 231 of file Checklist.h.
Referenced by ACLChecklist::currentAnswer(), and ACLChecklist::markFinished().
◆ asyncCaller_
|
privateinherited |
Definition at line 228 of file Checklist.h.
Referenced by ACLChecklist::fastCheck(), ACLChecklist::goAsync(), and ACLChecklist::nonBlockingCheck().
◆ asyncLoc_
|
privateinherited |
Definition at line 237 of file Checklist.h.
Referenced by ACLChecklist::goAsync(), and ACLChecklist::matchChild().
◆ asyncLoopDepth_
|
privateinherited |
Definition at line 238 of file Checklist.h.
Referenced by ACLChecklist::goAsync(), ACLChecklist::matchChild(), and ACLChecklist::preCheck().
◆ asyncStage_
|
privateinherited |
Definition at line 234 of file Checklist.h.
Referenced by ACLChecklist::asyncInProgress(), ACLChecklist::goAsync(), and ACLChecklist::resumeNonBlockingCheck().
◆ auth_user_request
| Auth::UserRequest::Pointer ACLFilledChecklist::auth_user_request |
Definition at line 83 of file FilledChecklist.h.
Referenced by AuthenticateAcl(), ProxyAuthLookup::checkForAsync(), ProxyAuthLookup::LookupDone(), ACLMaxUserIP::match(), ACLProxyAuth::matchForCache(), and ACLProxyAuth::matchProxyAuth().
◆ bannedActions_
|
privateinherited |
Definition at line 245 of file Checklist.h.
Referenced by ACLChecklist::banAction(), and ACLChecklist::bannedAction().
◆ callback
|
inherited |
Definition at line 197 of file Checklist.h.
Referenced by ACLChecklist::checkCallback(), and ACLChecklist::nonBlockingCheck().
◆ callback_data
|
inherited |
Definition at line 198 of file Checklist.h.
Referenced by ACLChecklist::callerGone(), ACLChecklist::checkCallback(), and ACLChecklist::nonBlockingCheck().
◆ conn_
|
private |
hack for ident and NTLM
Definition at line 108 of file FilledChecklist.h.
Referenced by ~ACLFilledChecklist(), conn(), and setConn().
◆ destinationDomainChecked_
|
private |
Definition at line 110 of file FilledChecklist.h.
Referenced by destinationDomainChecked(), and markDestinationDomainChecked().
◆ dst_addr
| Ip::Address ACLFilledChecklist::dst_addr |
Definition at line 73 of file FilledChecklist.h.
Referenced by ACLFilledChecklist(), DestinationDomainLookup::checkForAsync(), GetNfmarkToServer(), getOutgoingAddress(), GetTosToServer(), and ACLDestinationIP::match().
◆ dst_peer_name
| SBuf ACLFilledChecklist::dst_peer_name |
Definition at line 75 of file FilledChecklist.h.
Referenced by Ssl::IcapPeerConnector::fillChecklist(), GetNfmarkToServer(), getOutgoingAddress(), and GetTosToServer().
◆ dst_rdns
| char* ACLFilledChecklist::dst_rdns |
Definition at line 76 of file FilledChecklist.h.
Referenced by ~ACLFilledChecklist().
◆ extacl_entry
| ExternalACLEntryPointer ACLFilledChecklist::extacl_entry |
Definition at line 103 of file FilledChecklist.h.
Referenced by aclMatchExternal(), and ExternalACLLookup::LookupDone().
◆ fd_
|
private |
may be available when conn_ is not
Definition at line 109 of file FilledChecklist.h.
Referenced by fd().
◆ finished_
|
privateinherited |
Definition at line 230 of file Checklist.h.
Referenced by ACLChecklist::finished(), ACLChecklist::markFinished(), and ACLChecklist::preCheck().
◆ matchLoc_
|
privateinherited |
Definition at line 236 of file Checklist.h.
Referenced by ACLChecklist::goAsync(), and ACLChecklist::matchChild().
◆ matchPath
|
privateinherited |
Definition at line 243 of file Checklist.h.
Referenced by ACLChecklist::matchAndFinish(), ACLChecklist::matchChild(), and ACLChecklist::resumeNonBlockingCheck().
◆ my_addr
| Ip::Address ACLFilledChecklist::my_addr |
Definition at line 74 of file FilledChecklist.h.
Referenced by ACLFilledChecklist(), ClientHttpRequest::doCallouts(), ConnStateData::fillConnectionLevelDetails(), HttpRequest::getRangeOffsetLimit(), htcpAccessAllowed(), icpAccessAllowed(), setRequest(), and tunnelStart().
◆ occupied_
|
privateinherited |
Definition at line 229 of file Checklist.h.
Referenced by ACLChecklist::checkCallback(), ACLChecklist::fastCheck(), and ACLChecklist::preCheck().
◆ reply
| HttpReply* ACLFilledChecklist::reply |
Definition at line 79 of file FilledChecklist.h.
Referenced by ~ACLFilledChecklist(), Client::blockCaching(), HttpReply::calcMaxBodySize(), Adaptation::Icap::Launcher::canRepeat(), clientAclChecklistFill(), DelayId::DelayClient(), HttpStateData::handle1xx(), hasReply(), httpHdrAdd(), httpHdrMangle(), icapLogLog(), ClientHttpRequest::logRequest(), Acl::ConnectionsEncrypted::match(), Note::match(), peerAllowedToUse(), clientReplyContext::processReplyAccess(), schemesConfig(), and verifyAle().
◆ request
| HttpRequest::Pointer ACLFilledChecklist::request |
Definition at line 78 of file FilledChecklist.h.
Referenced by aclMatchExternal(), AuthenticateAcl(), DestinationIPLookup::checkForAsync(), ProxyAuthLookup::checkForAsync(), clientAclChecklistFill(), ConnStateData::fillConnectionLevelDetails(), hasRequest(), DestinationDomainLookup::LookupDone(), SourceDomainLookup::LookupDone(), Acl::ConnectionsEncrypted::match(), ACLDestinationIP::match(), ACLExtUser::match(), Acl::TransactionInitiator::match(), ACLProxyAuth::matchProxyAuth(), setRequest(), and verifyAle().
◆ requestErrorType
| err_type ACLFilledChecklist::requestErrorType |
Definition at line 105 of file FilledChecklist.h.
Referenced by ConnStateData::tunnelOnError().
◆ rfc931
| char ACLFilledChecklist::rfc931[USER_IDENT_SZ] |
Definition at line 81 of file FilledChecklist.h.
Referenced by ACLFilledChecklist(), ConnStateData::fillConnectionLevelDetails(), IdentLookup::LookupDone(), makeExternalAclKey(), ACLIdent::match(), setIdent(), and verifyAle().
◆ serverCert
| Security::CertPointer ACLFilledChecklist::serverCert |
Peer certificate being checked by ssl_verify_cb() and by Security::PeerConnector class. In other contexts, the peer certificate is retrieved via ALE or ConnStateData::serverBump.
Definition at line 99 of file FilledChecklist.h.
Referenced by Security::PeerConnector::fillChecklist(), and ssl_verify_cb().
◆ snmp_community
| char* ACLFilledChecklist::snmp_community |
Definition at line 86 of file FilledChecklist.h.
Referenced by snmpDecodePacket().
◆ sourceDomainChecked_
|
private |
Definition at line 111 of file FilledChecklist.h.
Referenced by markSourceDomainChecked(), and sourceDomainChecked().
◆ src_addr
| Ip::Address ACLFilledChecklist::src_addr |
Definition at line 72 of file FilledChecklist.h.
Referenced by ACLFilledChecklist(), AuthenticateAcl(), clientFollowXForwardedForCheck(), DelayId::DelayClient(), ClientHttpRequest::doCallouts(), ConnStateData::fillConnectionLevelDetails(), HttpRequest::getRangeOffsetLimit(), htcpAccessAllowed(), icpAccessAllowed(), Comm::TcpAcceptor::logAcceptError(), ACLARP::match(), ACLEui64::match(), ACLMaxUserIP::match(), setRequest(), snmpDecodePacket(), FwdState::Start(), and tunnelStart().
◆ sslErrors
| CbcPointer<Security::CertErrors> ACLFilledChecklist::sslErrors |
TLS server [certificate validation] errors, in undefined order. The errors are accumulated as Squid goes through validation steps and server certificates. They are cleared on connection retries. For sslproxy_cert_error checks, contains just the current/last error.
Definition at line 94 of file FilledChecklist.h.
Referenced by ConnStateData::fillConnectionLevelDetails(), ConnStateData::serveDelayedError(), ssl_verify_cb(), and Security::PeerConnector::sslCrtvdCheckForErrors().
◆ state_
|
privateinherited |
Definition at line 235 of file Checklist.h.
Referenced by ACLChecklist::asyncState(), and ACLChecklist::changeState().
The documentation for this class was generated from the following files:
- src/acl/FilledChecklist.h
- src/acl/FilledChecklist.cc