]>
Commit | Line | Data |
---|---|---|
3841dd46 | 1 | /* |
262a0e14 | 2 | * $Id$ |
3841dd46 | 3 | * |
4 | * DEBUG: section 28 Access Control | |
5 | * AUTHOR: Duane Wessels | |
6 | * | |
7 | * SQUID Web Proxy Cache http://www.squid-cache.org/ | |
8 | * ---------------------------------------------------------- | |
9 | * | |
10 | * Squid is the result of efforts by numerous individuals from | |
11 | * the Internet community; see the CONTRIBUTORS file for full | |
12 | * details. Many organizations have provided support for Squid's | |
13 | * development; see the SPONSORS file for full details. Squid is | |
14 | * Copyrighted (C) 2001 by the Regents of the University of | |
15 | * California; see the COPYRIGHT file for full details. Squid | |
16 | * incorporates software developed and/or copyrighted by other | |
17 | * sources; see the CREDITS file for full details. | |
18 | * | |
19 | * This program is free software; you can redistribute it and/or modify | |
20 | * it under the terms of the GNU General Public License as published by | |
21 | * the Free Software Foundation; either version 2 of the License, or | |
22 | * (at your option) any later version. | |
26ac0430 | 23 | * |
3841dd46 | 24 | * This program is distributed in the hope that it will be useful, |
25 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
26 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
27 | * GNU General Public License for more details. | |
26ac0430 | 28 | * |
3841dd46 | 29 | * You should have received a copy of the GNU General Public License |
30 | * along with this program; if not, write to the Free Software | |
31 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
32 | * | |
33 | * | |
34 | * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org> | |
35 | */ | |
36 | ||
37 | #include "squid.h" | |
38 | #include "ACLCertificateData.h" | |
39 | #include "authenticate.h" | |
40 | #include "ACLChecklist.h" | |
836007fe | 41 | #include "wordlist.h" |
3841dd46 | 42 | |
48071869 | 43 | ACLCertificateData::ACLCertificateData(SSLGETATTRIBUTE *sslStrategy) : attribute (NULL), values (), sslAttributeCall (sslStrategy) |
62e76326 | 44 | {} |
3841dd46 | 45 | |
48071869 | 46 | ACLCertificateData::ACLCertificateData(ACLCertificateData const &old) : attribute (NULL), values (old.values), sslAttributeCall (old.sslAttributeCall) |
5dee515e | 47 | { |
5dee515e | 48 | if (old.attribute) |
62e76326 | 49 | attribute = xstrdup (old.attribute); |
5dee515e | 50 | } |
51 | ||
3841dd46 | 52 | template<class T> |
53 | inline void | |
54 | xRefFree(T &thing) | |
55 | { | |
56 | xfree (thing); | |
57 | } | |
58 | ||
59 | ACLCertificateData::~ACLCertificateData() | |
60 | { | |
5dee515e | 61 | safe_free (attribute); |
3841dd46 | 62 | } |
63 | ||
64 | template<class T> | |
65 | inline int | |
66 | splaystrcmp (T&l, T&r) | |
67 | { | |
68 | return strcmp ((char *)l,(char *)r); | |
69 | } | |
70 | ||
3841dd46 | 71 | bool |
5dee515e | 72 | ACLCertificateData::match(SSL *ssl) |
3841dd46 | 73 | { |
5dee515e | 74 | if (!ssl) |
62e76326 | 75 | return 0; |
76 | ||
5dee515e | 77 | char const *value = sslAttributeCall(ssl, attribute); |
62e76326 | 78 | |
5dee515e | 79 | if (value == NULL) |
62e76326 | 80 | return 0; |
81 | ||
48071869 | 82 | return values.match(value); |
3841dd46 | 83 | } |
84 | ||
85 | static void | |
5dee515e | 86 | aclDumpAttributeListWalkee(char * const & node_data, void *outlist) |
3841dd46 | 87 | { |
88 | /* outlist is really a wordlist ** */ | |
5dee515e | 89 | wordlistAdd((wordlist **)outlist, node_data); |
3841dd46 | 90 | } |
91 | ||
92 | wordlist * | |
93 | ACLCertificateData::dump() | |
94 | { | |
95 | wordlist *wl = NULL; | |
5dee515e | 96 | wordlistAdd(&wl, attribute); |
3841dd46 | 97 | /* damn this is VERY inefficient for long ACL lists... filling |
98 | * a wordlist this way costs Sum(1,N) iterations. For instance | |
99 | * a 1000-elements list will be filled in 499500 iterations. | |
100 | */ | |
48071869 | 101 | /* XXX FIXME: don't break abstraction */ |
102 | values.values->walk(aclDumpAttributeListWalkee, &wl); | |
3841dd46 | 103 | return wl; |
104 | } | |
105 | ||
106 | void | |
107 | ACLCertificateData::parse() | |
108 | { | |
5dee515e | 109 | char *newAttribute = strtokFile(); |
62e76326 | 110 | |
5dee515e | 111 | if (!newAttribute) |
62e76326 | 112 | self_destruct(); |
113 | ||
5dee515e | 114 | /* an acl must use consistent attributes in all config lines */ |
115 | if (attribute) { | |
62e76326 | 116 | if (strcasecmp(newAttribute, attribute) != 0) |
117 | self_destruct(); | |
5dee515e | 118 | } else |
62e76326 | 119 | attribute = xstrdup(newAttribute); |
120 | ||
48071869 | 121 | values.parse(); |
3841dd46 | 122 | } |
123 | ||
65092baf | 124 | bool |
125 | ACLCertificateData::empty() const | |
126 | { | |
127 | return values.empty(); | |
128 | } | |
3841dd46 | 129 | |
5dee515e | 130 | ACLData<SSL *> * |
3841dd46 | 131 | ACLCertificateData::clone() const |
132 | { | |
133 | /* Splay trees don't clone yet. */ | |
5dee515e | 134 | return new ACLCertificateData(*this); |
3841dd46 | 135 | } |