]>
Commit | Line | Data |
---|---|---|
b67e2c8c | 1 | /* |
b8ae064d | 2 | * Copyright (C) 1996-2023 The Squid Software Foundation and contributors |
b67e2c8c | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
b67e2c8c | 7 | */ |
8 | ||
ff9d9458 FC |
9 | #ifndef SQUID_SRC_ACL_ACL_H |
10 | #define SQUID_SRC_ACL_ACL_H | |
63be0a78 | 11 | |
6f58d7d7 | 12 | #include "acl/forward.h" |
582c2af2 | 13 | #include "defines.h" |
25b6a907 | 14 | #include "dlink.h" |
4eac3407 | 15 | #include "sbuf/forward.h" |
29b17d63 | 16 | |
06bf5384 | 17 | #include <algorithm> |
b1a20197 | 18 | #include <ostream> |
b1a20197 | 19 | |
4eac3407 | 20 | namespace Acl { |
33810b1d | 21 | |
4eac3407 | 22 | /// the ACL type name known to admins |
922513e5 FC |
23 | using TypeName = const char *; |
24 | /// a "factory" function for making Acl::Node objects (of some Node child type) | |
25 | using Maker = Node *(*)(TypeName typeName); | |
26 | /// use the given Acl::Node Maker for all ACLs of the named type | |
4eac3407 CT |
27 | void RegisterMaker(TypeName typeName, Maker maker); |
28 | ||
0b5786d3 EB |
29 | /// Validate and store the ACL key parameter for ACL types |
30 | /// declared using "acl aclname type key argument..." declaration that | |
31 | /// require unique key values (if any) for each aclname+type combination. | |
32 | /// Key comparison is case-insensitive. | |
33 | void SetKey(SBuf &keyStorage, const char *keyParameterName, const char *newKey); | |
34 | ||
922513e5 | 35 | } // namespace Acl |
29b17d63 | 36 | |
b50e327b AJ |
37 | /// \ingroup ACLAPI |
38 | typedef enum { | |
7dfddb79 | 39 | // Authorization ACL result states |
b50e327b AJ |
40 | ACCESS_DENIED, |
41 | ACCESS_ALLOWED, | |
2efeb0b7 | 42 | ACCESS_DUNNO, |
7dfddb79 | 43 | |
922513e5 | 44 | // Authentication Acl::Node result states |
7dfddb79 | 45 | ACCESS_AUTH_REQUIRED, // Missing Credentials |
f5f2ec03 AR |
46 | } aclMatchCode; |
47 | ||
48 | /// \ingroup ACLAPI | |
922513e5 | 49 | /// Acl::Node check answer |
329c128c | 50 | namespace Acl { |
51 | ||
52 | class Answer | |
87f237a9 | 53 | { |
f5f2ec03 | 54 | public: |
9dc39e0e AR |
55 | // TODO: Find a good way to avoid implicit conversion (without explicitly |
56 | // casting every ACCESS_ argument in implicit constructor calls). | |
329c128c | 57 | Answer(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {} |
f5f2ec03 | 58 | |
1c2b4465 | 59 | Answer() = default; |
f5f2ec03 AR |
60 | |
61 | bool operator ==(const aclMatchCode aCode) const { | |
62 | return code == aCode; | |
63 | } | |
64 | ||
65 | bool operator !=(const aclMatchCode aCode) const { | |
66 | return !(*this == aCode); | |
67 | } | |
68 | ||
329c128c | 69 | bool operator ==(const Answer allow) const { |
640fe8fb CT |
70 | return code == allow.code && kind == allow.kind; |
71 | } | |
72 | ||
f5f2ec03 AR |
73 | operator aclMatchCode() const { |
74 | return code; | |
75 | } | |
76 | ||
06bf5384 AR |
77 | /// Whether an "allow" rule matched. If in doubt, use this popular method. |
78 | /// Also use this method to treat exceptional ACCESS_DUNNO and | |
79 | /// ACCESS_AUTH_REQUIRED outcomes as if a "deny" rule matched. | |
80 | /// See also: denied(). | |
81 | bool allowed() const { return code == ACCESS_ALLOWED; } | |
82 | ||
83 | /// Whether a "deny" rule matched. Avoid this rarely used method. | |
84 | /// Use this method (only) to treat exceptional ACCESS_DUNNO and | |
85 | /// ACCESS_AUTH_REQUIRED outcomes as if an "allow" rule matched. | |
86 | /// See also: allowed(). | |
87 | bool denied() const { return code == ACCESS_DENIED; } | |
88 | ||
9b537f95 EB |
89 | /// whether Squid is uncertain about the allowed() or denied() answer |
90 | bool conflicted() const { return !allowed() && !denied(); } | |
06bf5384 | 91 | |
1c2b4465 CT |
92 | aclMatchCode code = ACCESS_DUNNO; ///< ACCESS_* code |
93 | ||
94 | /// the matched custom access list verb (or zero) | |
95 | int kind = 0; | |
96 | ||
97 | /// whether we were computed by the "negate the last explicit action" rule | |
98 | bool implicit = false; | |
f5f2ec03 AR |
99 | }; |
100 | ||
b1a20197 | 101 | inline std::ostream & |
25ecffe5 | 102 | operator <<(std::ostream &o, const Answer a) |
b1a20197 | 103 | { |
11796ba9 | 104 | switch (a) { |
b1a20197 AJ |
105 | case ACCESS_DENIED: |
106 | o << "DENIED"; | |
107 | break; | |
108 | case ACCESS_ALLOWED: | |
109 | o << "ALLOWED"; | |
110 | break; | |
111 | case ACCESS_DUNNO: | |
112 | o << "DUNNO"; | |
113 | break; | |
114 | case ACCESS_AUTH_REQUIRED: | |
115 | o << "AUTH_REQUIRED"; | |
116 | break; | |
b1a20197 AJ |
117 | } |
118 | return o; | |
119 | } | |
120 | ||
25ecffe5 AR |
121 | } // namespace Acl |
122 | ||
63be0a78 | 123 | /// \ingroup ACLAPI |
25b6a907 | 124 | class acl_proxy_auth_match_cache |
125 | { | |
741c2986 | 126 | MEMPROXY_CLASS(acl_proxy_auth_match_cache); |
25b6a907 | 127 | |
128 | public: | |
d59e4742 FC |
129 | acl_proxy_auth_match_cache(int matchRv, void * aclData) : |
130 | matchrv(matchRv), | |
131 | acl_data(aclData) | |
132 | {} | |
133 | ||
25b6a907 | 134 | dlink_node link; |
135 | int matchrv; | |
136 | void *acl_data; | |
137 | }; | |
138 | ||
c15d448c | 139 | /// \ingroup ACLAPI |
922513e5 | 140 | /// XXX: find a way to remove or at least use a refcounted Acl::Node pointer |
f53969cc | 141 | extern const char *AclMatchedName; /* NULL */ |
c15d448c | 142 | |
ff9d9458 | 143 | #endif /* SQUID_SRC_ACL_ACL_H */ |
f53969cc | 144 |