[thirdparty/squid.git] / src / acl / Acl.h

/*
 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_ACL_H
#define SQUID_ACL_H

#include "acl/forward.h"
#include "cbdata.h"
#include "defines.h"
#include "dlink.h"
#include "SBufList.h"

#include <ostream>
#include <string>
#include <vector>

class ConfigParser;

typedef char ACLFlag;
// ACLData Flags
#define ACL_F_REGEX_CASE 'i'
#define ACL_F_NO_LOOKUP 'n'
#define ACL_F_STRICT 's'
#define ACL_F_END '\0'

/**
 * \ingroup ACLAPI
 * Used to hold a list of one-letter flags which can be passed as parameters
 * to acls  (eg '-i', '-n' etc)
 */
class ACLFlags
{
public:
    explicit ACLFlags(const ACLFlag flags[]) : supported_(flags), flags_(0) {}
    ACLFlags() : flags_(0) {}
    bool supported(const ACLFlag f) const; ///< True if the given flag supported
    void makeSet(const ACLFlag f) { flags_ |= flagToInt(f); } ///< Set the given flag
    /// Return true if the given flag is set
    bool isSet(const ACLFlag f) const { return flags_ & flagToInt(f);}
    /// Parse optional flags given in the form -[A..Z|a..z]
    void parseFlags();
    const char *flagsStr() const; ///< Convert the flags to a string representation

private:
    /// Convert a flag to a 64bit unsigned integer.
    /// The characters from 'A' to 'z' represented by the values from 65 to 122.
    /// They are 57 different characters which can be fit to the bits of an 64bit
    /// integer.
    uint64_t flagToInt(const ACLFlag f) const {
        assert('A' <= f && f <= 'z');
        return ((uint64_t)1 << (f - 'A'));
    }

    std::string supported_; ///< The supported character flags
    uint64_t flags_; ///< The flags which is set
public:
    static const ACLFlag NoFlags[1]; ///< An empty flags list
};

/// A configurable condition. A node in the ACL expression tree.
/// Can evaluate itself in FilledChecklist context.
/// Does not change during evaluation.
/// \ingroup ACLAPI
class ACL
{

public:
    void *operator new(size_t);
    void operator delete(void *);

    static ACL *Factory(char const *);
    static void ParseAclLine(ConfigParser &parser, ACL ** head);
    static void Initialize();
    static ACL *FindByName(const char *name);

    ACL();
    explicit ACL(const ACLFlag flgs[]) : cfgline(NULL), next(NULL), flags(flgs), registered(false) {
        *name = 0;
    }
    virtual ~ACL();

    /// sets user-specified ACL name and squid.conf context
    void context(const char *name, const char *configuration);

    /// Orchestrates matching checklist against the ACL using match(),
    /// after checking preconditions and while providing debugging.
    /// Returns true if and only if there was a successful match.
    /// Updates the checklist state on match, async, and failure.
    bool matches(ACLChecklist *checklist) const;

    virtual ACL *clone() const = 0;

    /// parses node represenation in squid.conf; dies on failures
    virtual void parse() = 0;
    virtual char const *typeString() const = 0;
    virtual bool isProxyAuth() const;
    virtual SBufList dump() const = 0;
    virtual bool empty() const = 0;
    virtual bool valid() const;

    int cacheMatchAcl(dlink_list * cache, ACLChecklist *);
    virtual int matchForCache(ACLChecklist *checklist);

    virtual void prepareForUse() {}

    char name[ACL_NAME_SZ];
    char *cfgline;
    ACL *next; // XXX: remove or at least use refcounting
    ACLFlags flags; ///< The list of given ACL flags
    bool registered; ///< added to the global list of ACLs via aclRegister()

public:

    class Prototype
    {

    public:
        Prototype();
        Prototype(ACL const *, char const *);
        ~Prototype();
        static bool Registered(char const *);
        static ACL *Factory(char const *);

    private:
        ACL const *prototype;
        char const *typeString;

    private:
        static std::vector<Prototype const *> * Registry;
        static void *Initialized;
        typedef std::vector<Prototype const*>::iterator iterator;
        typedef std::vector<Prototype const*>::const_iterator const_iterator;
        void registerMe();
    };

private:
    /// Matches the actual data in checklist against this ACL.
    virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const

    /// whether our (i.e. shallow) match() requires checklist to have a request
    virtual bool requiresRequest() const;
    /// whether our (i.e. shallow) match() requires checklist to have a reply
    virtual bool requiresReply() const;
};

/// \ingroup ACLAPI
typedef enum {
    // Authorization ACL result states
    ACCESS_DENIED,
    ACCESS_ALLOWED,
    ACCESS_DUNNO,

    // Authentication ACL result states
    ACCESS_AUTH_REQUIRED,    // Missing Credentials
} aclMatchCode;

/// \ingroup ACLAPI
/// ACL check answer; TODO: Rename to Acl::Answer
class allow_t
{
public:
    // not explicit: allow "aclMatchCode to allow_t" conversions (for now)
    allow_t(const aclMatchCode aCode): code(aCode), kind(0) {}

    allow_t(): code(ACCESS_DUNNO), kind(0) {}

    bool operator ==(const aclMatchCode aCode) const {
        return code == aCode;
    }

    bool operator !=(const aclMatchCode aCode) const {
        return !(*this == aCode);
    }

    operator aclMatchCode() const {
        return code;
    }

    aclMatchCode code; ///< ACCESS_* code
    int kind; ///< which custom access list verb matched
};

inline std::ostream &
operator <<(std::ostream &o, const allow_t a)
{
    switch (a) {
    case ACCESS_DENIED:
        o << "DENIED";
        break;
    case ACCESS_ALLOWED:
        o << "ALLOWED";
        break;
    case ACCESS_DUNNO:
        o << "DUNNO";
        break;
    case ACCESS_AUTH_REQUIRED:
        o << "AUTH_REQUIRED";
        break;
    }
    return o;
}

/// \ingroup ACLAPI
class acl_proxy_auth_match_cache
{
    MEMPROXY_CLASS(acl_proxy_auth_match_cache);

public:
    dlink_node link;
    int matchrv;
    void *acl_data;
};

/// \ingroup ACLAPI
/// XXX: find a way to remove or at least use a refcounted ACL pointer
extern const char *AclMatchedName;  /* NULL */

#endif /* SQUID_ACL_H */
Commit	Line	Data
b67e2c8c	1	/*
bbc27441	2	* Copyright (C) 1996-2014 The Squid Software Foundation and contributors
b67e2c8c	3	*
bbc27441 AJ	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
b67e2c8c	7	*/
	8
	9	#ifndef SQUID_ACL_H
	10	#define SQUID_ACL_H
63be0a78	11
6f58d7d7	12	#include "acl/forward.h"
aa839030	13	#include "cbdata.h"
582c2af2	14	#include "defines.h"
25b6a907	15	#include "dlink.h"
8966008b	16	#include "SBufList.h"
29b17d63	17
b1a20197	18	#include <ostream>
33810b1d	19	#include <string>
81481ec0	20	#include <vector>
b1a20197	21
a9f20260	22	class ConfigParser;
8000a965	23
33810b1d CT	24	typedef char ACLFlag;
	25	// ACLData Flags
	26	#define ACL_F_REGEX_CASE 'i'
	27	#define ACL_F_NO_LOOKUP 'n'
0e1815c0	28	#define ACL_F_STRICT 's'
33810b1d CT	29	#define ACL_F_END '\0'
	30
	31	/**
	32	* \ingroup ACLAPI
	33	* Used to hold a list of one-letter flags which can be passed as parameters
	34	* to acls (eg '-i', '-n' etc)
	35	*/
	36	class ACLFlags
	37	{
	38	public:
	39	explicit ACLFlags(const ACLFlag flags[]) : supported_(flags), flags_(0) {}
	40	ACLFlags() : flags_(0) {}
	41	bool supported(const ACLFlag f) const; ///< True if the given flag supported
	42	void makeSet(const ACLFlag f) { flags_ \|= flagToInt(f); } ///< Set the given flag
	43	/// Return true if the given flag is set
	44	bool isSet(const ACLFlag f) const { return flags_ & flagToInt(f);}
788542bd AJ	45	/// Parse optional flags given in the form -[A..Z\|a..z]
788542bd AJ	46	void parseFlags();
33810b1d CT	47	const char *flagsStr() const; ///< Convert the flags to a string representation
	48
	49	private:
	50	/// Convert a flag to a 64bit unsigned integer.
	51	/// The characters from 'A' to 'z' represented by the values from 65 to 122.
aec45181	52	/// They are 57 different characters which can be fit to the bits of an 64bit
33810b1d CT	53	/// integer.
	54	uint64_t flagToInt(const ACLFlag f) const {
	55	assert('A' <= f && f <= 'z');
	56	return ((uint64_t)1 << (f - 'A'));
	57	}
	58
	59	std::string supported_; ///< The supported character flags
	60	uint64_t flags_; ///< The flags which is set
	61	public:
	62	static const ACLFlag NoFlags[1]; ///< An empty flags list
	63	};
	64
6f58d7d7 AR	65	/// A configurable condition. A node in the ACL expression tree.
6f58d7d7 AR	66	/// Can evaluate itself in FilledChecklist context.
e936c41c	67	/// Does not change during evaluation.
63be0a78	68	/// \ingroup ACLAPI
62e76326	69	class ACL
	70	{
	71
	72	public:
29b17d63	73	void *operator new(size_t);
29b17d63	74	void operator delete(void *);
8000a965	75
d6d0eb11	76	static ACL Factory(char const );
a9f20260	77	static void ParseAclLine(ConfigParser &parser, ACL ** head);
b0dd28ba	78	static void Initialize();
d6d0eb11	79	static ACL FindByName(const char name);
225b7b10	80
8000a965	81	ACL();
4579a6d0 AJ	82	explicit ACL(const ACLFlag flgs[]) : cfgline(NULL), next(NULL), flags(flgs), registered(false) {
	83	*name = 0;
	84	}
8000a965	85	virtual ~ACL();
6f58d7d7 AR	86
	87	/// sets user-specified ACL name and squid.conf context
	88	void context(const char name, const char configuration);
	89
	90	/// Orchestrates matching checklist against the ACL using match(),
	91	/// after checking preconditions and while providing debugging.
	92	/// Returns true if and only if there was a successful match.
	93	/// Updates the checklist state on match, async, and failure.
	94	bool matches(ACLChecklist *checklist) const;
	95
d6d0eb11	96	virtual ACL *clone() const = 0;
6f58d7d7 AR	97
6f58d7d7 AR	98	/// parses node represenation in squid.conf; dies on failures
b0dd28ba	99	virtual void parse() = 0;
b0dd28ba	100	virtual char const *typeString() const = 0;
8000a965	101	virtual bool isProxyAuth() const;
8966008b	102	virtual SBufList dump() const = 0;
d6d0eb11 AJ	103	virtual bool empty() const = 0;
d6d0eb11 AJ	104	virtual bool valid() const;
62e76326	105
225b7b10	106	int cacheMatchAcl(dlink_list * cache, ACLChecklist *);
225b7b10	107	virtual int matchForCache(ACLChecklist *checklist);
8000a965	108
b0dd28ba	109	virtual void prepareForUse() {}
b0dd28ba	110
8000a965	111	char name[ACL_NAME_SZ];
8000a965	112	char *cfgline;
928a53d6	113	ACL *next; // XXX: remove or at least use refcounting
33810b1d	114	ACLFlags flags; ///< The list of given ACL flags
ed898bdf	115	bool registered; ///< added to the global list of ACLs via aclRegister()
62e76326	116
62e76326	117	public:
	118
	119	class Prototype
	120	{
	121
	122	public:
d6d0eb11 AJ	123	Prototype();
d6d0eb11 AJ	124	Prototype(ACL const , char const );
62e76326	125	~Prototype();
62e76326	126	static bool Registered(char const *);
d6d0eb11	127	static ACL Factory(char const );
62e76326	128
62e76326	129	private:
d6d0eb11	130	ACL const *prototype;
62e76326	131	char const *typeString;
	132
	133	private:
81481ec0	134	static std::vector<Prototype const > Registry;
62e76326	135	static void *Initialized;
81481ec0 FC	136	typedef std::vector<Prototype const*>::iterator iterator;
81481ec0 FC	137	typedef std::vector<Prototype const*>::const_iterator const_iterator;
62e76326	138	void registerMe();
8000a965	139	};
6f58d7d7 AR	140
	141	private:
	142	/// Matches the actual data in checklist against this ACL.
	143	virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const
	144
	145	/// whether our (i.e. shallow) match() requires checklist to have a request
	146	virtual bool requiresRequest() const;
	147	/// whether our (i.e. shallow) match() requires checklist to have a reply
	148	virtual bool requiresReply() const;
29b17d63	149	};
29b17d63	150
b50e327b AJ	151	/// \ingroup ACLAPI
b50e327b AJ	152	typedef enum {
7dfddb79	153	// Authorization ACL result states
b50e327b AJ	154	ACCESS_DENIED,
b50e327b AJ	155	ACCESS_ALLOWED,
2efeb0b7	156	ACCESS_DUNNO,
7dfddb79 AJ	157
7dfddb79 AJ	158	// Authentication ACL result states
7dfddb79	159	ACCESS_AUTH_REQUIRED, // Missing Credentials
f5f2ec03 AR	160	} aclMatchCode;
	161
	162	/// \ingroup ACLAPI
	163	/// ACL check answer; TODO: Rename to Acl::Answer
87f237a9 A	164	class allow_t
87f237a9 A	165	{
f5f2ec03 AR	166	public:
	167	// not explicit: allow "aclMatchCode to allow_t" conversions (for now)
	168	allow_t(const aclMatchCode aCode): code(aCode), kind(0) {}
	169
	170	allow_t(): code(ACCESS_DUNNO), kind(0) {}
	171
	172	bool operator ==(const aclMatchCode aCode) const {
	173	return code == aCode;
	174	}
	175
	176	bool operator !=(const aclMatchCode aCode) const {
	177	return !(*this == aCode);
	178	}
	179
	180	operator aclMatchCode() const {
	181	return code;
	182	}
	183
	184	aclMatchCode code; ///< ACCESS_* code
	185	int kind; ///< which custom access list verb matched
	186	};
	187
b1a20197 AJ	188	inline std::ostream &
	189	operator <<(std::ostream &o, const allow_t a)
	190	{
11796ba9	191	switch (a) {
b1a20197 AJ	192	case ACCESS_DENIED:
	193	o << "DENIED";
	194	break;
	195	case ACCESS_ALLOWED:
	196	o << "ALLOWED";
	197	break;
	198	case ACCESS_DUNNO:
	199	o << "DUNNO";
	200	break;
	201	case ACCESS_AUTH_REQUIRED:
	202	o << "AUTH_REQUIRED";
	203	break;
b1a20197 AJ	204	}
	205	return o;
	206	}
	207
63be0a78	208	/// \ingroup ACLAPI
25b6a907	209	class acl_proxy_auth_match_cache
25b6a907	210	{
741c2986	211	MEMPROXY_CLASS(acl_proxy_auth_match_cache);
25b6a907	212
25b6a907	213	public:
25b6a907	214	dlink_node link;
	215	int matchrv;
	216	void *acl_data;
	217	};
	218
c15d448c	219	/// \ingroup ACLAPI
928a53d6	220	/// XXX: find a way to remove or at least use a refcounted ACL pointer
f53969cc	221	extern const char AclMatchedName; / NULL */
c15d448c	222
b67e2c8c	223	#endif /* SQUID_ACL_H */
f53969cc	224