projects / thirdparty / squid.git / blame
| Commit | Line | Data |
|---|---|---|
| b67e2c8c | 1 | /* |
| b8ae064d | 2 | * Copyright (C) 1996-2023 The Squid Software Foundation and contributors |
| b67e2c8c | 3 | * |
| bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
| 5 | * contributions from numerous individuals and organizations. | |
| 6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
| b67e2c8c | 7 | */ |
| 8 | ||
| ff9d9458 FC |
9 | #ifndef SQUID_SRC_ACL_ACL_H |
| 10 | #define SQUID_SRC_ACL_ACL_H | |
| 63be0a78 | 11 | |
| 6f58d7d7 | 12 | #include "acl/forward.h" |
| 582c2af2 | 13 | #include "defines.h" |
| 25b6a907 | 14 | #include "dlink.h" |
| 4eac3407 | 15 | #include "sbuf/forward.h" |
| 29b17d63 | 16 | |
| 06bf5384 | 17 | #include <algorithm> |
| b1a20197 | 18 | #include <ostream> |
| b1a20197 | 19 | |
| 4eac3407 | 20 | namespace Acl { |
| 33810b1d | 21 | |
| 4eac3407 | 22 | /// the ACL type name known to admins |
| 922513e5 FC |
23 | using TypeName = const char *; |
| 24 | /// a "factory" function for making Acl::Node objects (of some Node child type) | |
| 25 | using Maker = Node *(*)(TypeName typeName); | |
| 26 | /// use the given Acl::Node Maker for all ACLs of the named type | |
| 4eac3407 CT |
27 | void RegisterMaker(TypeName typeName, Maker maker); |
| 28 | ||
| 0b5786d3 EB |
29 | /// Validate and store the ACL key parameter for ACL types |
| 30 | /// declared using "acl aclname type key argument..." declaration that | |
| 31 | /// require unique key values (if any) for each aclname+type combination. | |
| 32 | /// Key comparison is case-insensitive. | |
| 33 | void SetKey(SBuf &keyStorage, const char *keyParameterName, const char *newKey); | |
| 34 | ||
| 922513e5 | 35 | } // namespace Acl |
| 29b17d63 | 36 | |
| b50e327b AJ |
37 | /// \ingroup ACLAPI |
| 38 | typedef enum { | |
| 7dfddb79 | 39 | // Authorization ACL result states |
| b50e327b AJ |
40 | ACCESS_DENIED, |
| 41 | ACCESS_ALLOWED, | |
| 2efeb0b7 | 42 | ACCESS_DUNNO, |
| 7dfddb79 | 43 | |
| 922513e5 | 44 | // Authentication Acl::Node result states |
| 7dfddb79 | 45 | ACCESS_AUTH_REQUIRED, // Missing Credentials |
| f5f2ec03 AR |
46 | } aclMatchCode; |
| 47 | ||
| 48 | /// \ingroup ACLAPI | |
| 922513e5 | 49 | /// Acl::Node check answer |
| 329c128c | 50 | namespace Acl { |
| 51 | ||
| 52 | class Answer | |
| 87f237a9 | 53 | { |
| f5f2ec03 | 54 | public: |
| 9dc39e0e AR |
55 | // TODO: Find a good way to avoid implicit conversion (without explicitly |
| 56 | // casting every ACCESS_ argument in implicit constructor calls). | |
| 329c128c | 57 | Answer(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {} |
| f5f2ec03 | 58 | |
| 1c2b4465 | 59 | Answer() = default; |
| f5f2ec03 AR |
60 | |
| 61 | bool operator ==(const aclMatchCode aCode) const { | |
| 62 | return code == aCode; | |
| 63 | } | |
| 64 | ||
| 65 | bool operator !=(const aclMatchCode aCode) const { | |
| 66 | return !(*this == aCode); | |
| 67 | } | |
| 68 | ||
| 329c128c | 69 | bool operator ==(const Answer allow) const { |
| 640fe8fb CT |
70 | return code == allow.code && kind == allow.kind; |
| 71 | } | |
| 72 | ||
| f5f2ec03 AR |
73 | operator aclMatchCode() const { |
| 74 | return code; | |
| 75 | } | |
| 76 | ||
| 06bf5384 AR |
77 | /// Whether an "allow" rule matched. If in doubt, use this popular method. |
| 78 | /// Also use this method to treat exceptional ACCESS_DUNNO and | |
| 79 | /// ACCESS_AUTH_REQUIRED outcomes as if a "deny" rule matched. | |
| 80 | /// See also: denied(). | |
| 81 | bool allowed() const { return code == ACCESS_ALLOWED; } | |
| 82 | ||
| 83 | /// Whether a "deny" rule matched. Avoid this rarely used method. | |
| 84 | /// Use this method (only) to treat exceptional ACCESS_DUNNO and | |
| 85 | /// ACCESS_AUTH_REQUIRED outcomes as if an "allow" rule matched. | |
| 86 | /// See also: allowed(). | |
| 87 | bool denied() const { return code == ACCESS_DENIED; } | |
| 88 | ||
| 9b537f95 EB |
89 | /// whether Squid is uncertain about the allowed() or denied() answer |
| 90 | bool conflicted() const { return !allowed() && !denied(); } | |
| 06bf5384 | 91 | |
| 1c2b4465 CT |
92 | aclMatchCode code = ACCESS_DUNNO; ///< ACCESS_* code |
| 93 | ||
| 94 | /// the matched custom access list verb (or zero) | |
| 95 | int kind = 0; | |
| 96 | ||
| 97 | /// whether we were computed by the "negate the last explicit action" rule | |
| 98 | bool implicit = false; | |
| f5f2ec03 AR |
99 | }; |
| 100 | ||
| b1a20197 | 101 | inline std::ostream & |
| 25ecffe5 | 102 | operator <<(std::ostream &o, const Answer a) |
| b1a20197 | 103 | { |
| 11796ba9 | 104 | switch (a) { |
| b1a20197 AJ |
105 | case ACCESS_DENIED: |
| 106 | o << "DENIED"; | |
| 107 | break; | |
| 108 | case ACCESS_ALLOWED: | |
| 109 | o << "ALLOWED"; | |
| 110 | break; | |
| 111 | case ACCESS_DUNNO: | |
| 112 | o << "DUNNO"; | |
| 113 | break; | |
| 114 | case ACCESS_AUTH_REQUIRED: | |
| 115 | o << "AUTH_REQUIRED"; | |
| 116 | break; | |
| b1a20197 AJ |
117 | } |
| 118 | return o; | |
| 119 | } | |
| 120 | ||
| 25ecffe5 AR |
121 | } // namespace Acl |
| 122 | ||
| 63be0a78 | 123 | /// \ingroup ACLAPI |
| 25b6a907 | 124 | class acl_proxy_auth_match_cache |
| 125 | { | |
| 741c2986 | 126 | MEMPROXY_CLASS(acl_proxy_auth_match_cache); |
| 25b6a907 | 127 | |
| 128 | public: | |
| d59e4742 FC |
129 | acl_proxy_auth_match_cache(int matchRv, void * aclData) : |
| 130 | matchrv(matchRv), | |
| 131 | acl_data(aclData) | |
| 132 | {} | |
| 133 | ||
| 25b6a907 | 134 | dlink_node link; |
| 135 | int matchrv; | |
| 136 | void *acl_data; | |
| 137 | }; | |
| 138 | ||
| c15d448c | 139 | /// \ingroup ACLAPI |
| 922513e5 | 140 | /// XXX: find a way to remove or at least use a refcounted Acl::Node pointer |
| f53969cc | 141 | extern const char *AclMatchedName; /* NULL */ |
| c15d448c | 142 | |
| ff9d9458 | 143 | #endif /* SQUID_SRC_ACL_ACL_H */ |
| f53969cc | 144 |