]>
Commit | Line | Data |
---|---|---|
b67e2c8c | 1 | /* |
bbc27441 | 2 | * Copyright (C) 1996-2014 The Squid Software Foundation and contributors |
b67e2c8c | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
b67e2c8c | 7 | */ |
8 | ||
9 | #ifndef SQUID_ACL_H | |
10 | #define SQUID_ACL_H | |
63be0a78 | 11 | |
6f58d7d7 | 12 | #include "acl/forward.h" |
aa839030 | 13 | #include "cbdata.h" |
582c2af2 | 14 | #include "defines.h" |
25b6a907 | 15 | #include "dlink.h" |
8966008b | 16 | #include "SBufList.h" |
29b17d63 | 17 | |
b1a20197 | 18 | #include <ostream> |
33810b1d | 19 | #include <string> |
81481ec0 | 20 | #include <vector> |
b1a20197 | 21 | |
a9f20260 | 22 | class ConfigParser; |
8000a965 | 23 | |
33810b1d CT |
24 | typedef char ACLFlag; |
25 | // ACLData Flags | |
26 | #define ACL_F_REGEX_CASE 'i' | |
27 | #define ACL_F_NO_LOOKUP 'n' | |
0e1815c0 | 28 | #define ACL_F_STRICT 's' |
33810b1d CT |
29 | #define ACL_F_END '\0' |
30 | ||
31 | /** | |
32 | * \ingroup ACLAPI | |
33 | * Used to hold a list of one-letter flags which can be passed as parameters | |
34 | * to acls (eg '-i', '-n' etc) | |
35 | */ | |
36 | class ACLFlags | |
37 | { | |
38 | public: | |
39 | explicit ACLFlags(const ACLFlag flags[]) : supported_(flags), flags_(0) {} | |
40 | ACLFlags() : flags_(0) {} | |
41 | bool supported(const ACLFlag f) const; ///< True if the given flag supported | |
42 | void makeSet(const ACLFlag f) { flags_ |= flagToInt(f); } ///< Set the given flag | |
43 | /// Return true if the given flag is set | |
44 | bool isSet(const ACLFlag f) const { return flags_ & flagToInt(f);} | |
788542bd AJ |
45 | /// Parse optional flags given in the form -[A..Z|a..z] |
46 | void parseFlags(); | |
33810b1d CT |
47 | const char *flagsStr() const; ///< Convert the flags to a string representation |
48 | ||
49 | private: | |
50 | /// Convert a flag to a 64bit unsigned integer. | |
51 | /// The characters from 'A' to 'z' represented by the values from 65 to 122. | |
aec45181 | 52 | /// They are 57 different characters which can be fit to the bits of an 64bit |
33810b1d CT |
53 | /// integer. |
54 | uint64_t flagToInt(const ACLFlag f) const { | |
55 | assert('A' <= f && f <= 'z'); | |
56 | return ((uint64_t)1 << (f - 'A')); | |
57 | } | |
58 | ||
59 | std::string supported_; ///< The supported character flags | |
60 | uint64_t flags_; ///< The flags which is set | |
61 | public: | |
62 | static const ACLFlag NoFlags[1]; ///< An empty flags list | |
63 | }; | |
64 | ||
6f58d7d7 AR |
65 | /// A configurable condition. A node in the ACL expression tree. |
66 | /// Can evaluate itself in FilledChecklist context. | |
e936c41c | 67 | /// Does not change during evaluation. |
63be0a78 | 68 | /// \ingroup ACLAPI |
62e76326 | 69 | class ACL |
70 | { | |
71 | ||
72 | public: | |
29b17d63 | 73 | void *operator new(size_t); |
74 | void operator delete(void *); | |
8000a965 | 75 | |
d6d0eb11 | 76 | static ACL *Factory(char const *); |
a9f20260 | 77 | static void ParseAclLine(ConfigParser &parser, ACL ** head); |
b0dd28ba | 78 | static void Initialize(); |
d6d0eb11 | 79 | static ACL *FindByName(const char *name); |
225b7b10 | 80 | |
8000a965 | 81 | ACL(); |
4579a6d0 AJ |
82 | explicit ACL(const ACLFlag flgs[]) : cfgline(NULL), next(NULL), flags(flgs), registered(false) { |
83 | *name = 0; | |
84 | } | |
8000a965 | 85 | virtual ~ACL(); |
6f58d7d7 AR |
86 | |
87 | /// sets user-specified ACL name and squid.conf context | |
88 | void context(const char *name, const char *configuration); | |
89 | ||
90 | /// Orchestrates matching checklist against the ACL using match(), | |
91 | /// after checking preconditions and while providing debugging. | |
92 | /// Returns true if and only if there was a successful match. | |
93 | /// Updates the checklist state on match, async, and failure. | |
94 | bool matches(ACLChecklist *checklist) const; | |
95 | ||
d6d0eb11 | 96 | virtual ACL *clone() const = 0; |
6f58d7d7 AR |
97 | |
98 | /// parses node represenation in squid.conf; dies on failures | |
b0dd28ba | 99 | virtual void parse() = 0; |
100 | virtual char const *typeString() const = 0; | |
8000a965 | 101 | virtual bool isProxyAuth() const; |
8966008b | 102 | virtual SBufList dump() const = 0; |
d6d0eb11 AJ |
103 | virtual bool empty() const = 0; |
104 | virtual bool valid() const; | |
62e76326 | 105 | |
225b7b10 | 106 | int cacheMatchAcl(dlink_list * cache, ACLChecklist *); |
107 | virtual int matchForCache(ACLChecklist *checklist); | |
8000a965 | 108 | |
b0dd28ba | 109 | virtual void prepareForUse() {} |
110 | ||
8000a965 | 111 | char name[ACL_NAME_SZ]; |
112 | char *cfgline; | |
928a53d6 | 113 | ACL *next; // XXX: remove or at least use refcounting |
33810b1d | 114 | ACLFlags flags; ///< The list of given ACL flags |
ed898bdf | 115 | bool registered; ///< added to the global list of ACLs via aclRegister() |
62e76326 | 116 | |
62e76326 | 117 | public: |
118 | ||
119 | class Prototype | |
120 | { | |
121 | ||
122 | public: | |
d6d0eb11 AJ |
123 | Prototype(); |
124 | Prototype(ACL const *, char const *); | |
62e76326 | 125 | ~Prototype(); |
126 | static bool Registered(char const *); | |
d6d0eb11 | 127 | static ACL *Factory(char const *); |
62e76326 | 128 | |
129 | private: | |
d6d0eb11 | 130 | ACL const *prototype; |
62e76326 | 131 | char const *typeString; |
132 | ||
133 | private: | |
81481ec0 | 134 | static std::vector<Prototype const *> * Registry; |
62e76326 | 135 | static void *Initialized; |
81481ec0 FC |
136 | typedef std::vector<Prototype const*>::iterator iterator; |
137 | typedef std::vector<Prototype const*>::const_iterator const_iterator; | |
62e76326 | 138 | void registerMe(); |
8000a965 | 139 | }; |
6f58d7d7 AR |
140 | |
141 | private: | |
142 | /// Matches the actual data in checklist against this ACL. | |
143 | virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const | |
144 | ||
145 | /// whether our (i.e. shallow) match() requires checklist to have a request | |
146 | virtual bool requiresRequest() const; | |
147 | /// whether our (i.e. shallow) match() requires checklist to have a reply | |
148 | virtual bool requiresReply() const; | |
29b17d63 | 149 | }; |
150 | ||
b50e327b AJ |
151 | /// \ingroup ACLAPI |
152 | typedef enum { | |
7dfddb79 | 153 | // Authorization ACL result states |
b50e327b AJ |
154 | ACCESS_DENIED, |
155 | ACCESS_ALLOWED, | |
2efeb0b7 | 156 | ACCESS_DUNNO, |
7dfddb79 AJ |
157 | |
158 | // Authentication ACL result states | |
7dfddb79 | 159 | ACCESS_AUTH_REQUIRED, // Missing Credentials |
f5f2ec03 AR |
160 | } aclMatchCode; |
161 | ||
162 | /// \ingroup ACLAPI | |
163 | /// ACL check answer; TODO: Rename to Acl::Answer | |
87f237a9 A |
164 | class allow_t |
165 | { | |
f5f2ec03 AR |
166 | public: |
167 | // not explicit: allow "aclMatchCode to allow_t" conversions (for now) | |
168 | allow_t(const aclMatchCode aCode): code(aCode), kind(0) {} | |
169 | ||
170 | allow_t(): code(ACCESS_DUNNO), kind(0) {} | |
171 | ||
172 | bool operator ==(const aclMatchCode aCode) const { | |
173 | return code == aCode; | |
174 | } | |
175 | ||
176 | bool operator !=(const aclMatchCode aCode) const { | |
177 | return !(*this == aCode); | |
178 | } | |
179 | ||
180 | operator aclMatchCode() const { | |
181 | return code; | |
182 | } | |
183 | ||
184 | aclMatchCode code; ///< ACCESS_* code | |
185 | int kind; ///< which custom access list verb matched | |
186 | }; | |
187 | ||
b1a20197 AJ |
188 | inline std::ostream & |
189 | operator <<(std::ostream &o, const allow_t a) | |
190 | { | |
11796ba9 | 191 | switch (a) { |
b1a20197 AJ |
192 | case ACCESS_DENIED: |
193 | o << "DENIED"; | |
194 | break; | |
195 | case ACCESS_ALLOWED: | |
196 | o << "ALLOWED"; | |
197 | break; | |
198 | case ACCESS_DUNNO: | |
199 | o << "DUNNO"; | |
200 | break; | |
201 | case ACCESS_AUTH_REQUIRED: | |
202 | o << "AUTH_REQUIRED"; | |
203 | break; | |
b1a20197 AJ |
204 | } |
205 | return o; | |
206 | } | |
207 | ||
63be0a78 | 208 | /// \ingroup ACLAPI |
25b6a907 | 209 | class acl_proxy_auth_match_cache |
210 | { | |
741c2986 | 211 | MEMPROXY_CLASS(acl_proxy_auth_match_cache); |
25b6a907 | 212 | |
213 | public: | |
25b6a907 | 214 | dlink_node link; |
215 | int matchrv; | |
216 | void *acl_data; | |
217 | }; | |
218 | ||
c15d448c | 219 | /// \ingroup ACLAPI |
928a53d6 | 220 | /// XXX: find a way to remove or at least use a refcounted ACL pointer |
f53969cc | 221 | extern const char *AclMatchedName; /* NULL */ |
c15d448c | 222 | |
b67e2c8c | 223 | #endif /* SQUID_ACL_H */ |
f53969cc | 224 |