]>
Commit | Line | Data |
---|---|---|
bbc27441 | 1 | /* |
77b1029d | 2 | * Copyright (C) 1996-2020 The Squid Software Foundation and contributors |
bbc27441 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
351fe86d AR |
9 | #ifndef SQUID_ACLFILLED_CHECKLIST_H |
10 | #define SQUID_ACLFILLED_CHECKLIST_H | |
11 | ||
d4806c91 | 12 | #include "AccessLogEntry.h" |
351fe86d | 13 | #include "acl/Checklist.h" |
6f58d7d7 | 14 | #include "acl/forward.h" |
abdd93d0 | 15 | #include "base/CbcPointer.h" |
3248e962 | 16 | #include "err_type.h" |
d9c7489e | 17 | #include "ip/Address.h" |
2f1431ea | 18 | #if USE_AUTH |
a33a428a | 19 | #include "auth/UserRequest.h" |
2f1431ea | 20 | #endif |
92e3827b | 21 | #include "security/CertError.h" |
351fe86d | 22 | |
a011edee | 23 | class CachePeer; |
351fe86d | 24 | class ConnStateData; |
582c2af2 | 25 | class HttpRequest; |
71b673d4 | 26 | class HttpReply; |
351fe86d AR |
27 | |
28 | /** \ingroup ACLAPI | |
29 | ACLChecklist filled with specific data, representing Squid and transaction | |
5c2f68b7 AJ |
30 | state for access checks along with some data-specific checking methods |
31 | */ | |
351fe86d AR |
32 | class ACLFilledChecklist: public ACLChecklist |
33 | { | |
5c2f68b7 AJ |
34 | CBDATA_CLASS(ACLFilledChecklist); |
35 | ||
351fe86d | 36 | public: |
351fe86d | 37 | ACLFilledChecklist(); |
3a3d4ba6 | 38 | ACLFilledChecklist(const acl_access *, HttpRequest *, const char *ident = nullptr); |
351fe86d AR |
39 | ~ACLFilledChecklist(); |
40 | ||
819be284 EB |
41 | /// configure client request-related fields for the first time |
42 | void setRequest(HttpRequest *); | |
43 | /// configure rfc931 user identity for the first time | |
44 | void setIdent(const char *userIdentity); | |
45 | ||
351fe86d | 46 | public: |
233ead05 | 47 | /// The client connection manager |
351fe86d AR |
48 | ConnStateData * conn() const; |
49 | ||
233ead05 | 50 | /// The client side fd. It uses conn() if available |
351fe86d AR |
51 | int fd() const; |
52 | ||
53 | /// set either conn | |
54 | void conn(ConnStateData *); | |
233ead05 | 55 | /// set the client side FD |
351fe86d AR |
56 | void fd(int aDescriptor); |
57 | ||
58 | //int authenticated(); | |
59 | ||
60 | bool destinationDomainChecked() const; | |
61 | void markDestinationDomainChecked(); | |
62 | bool sourceDomainChecked() const; | |
63 | void markSourceDomainChecked(); | |
64 | ||
65 | // ACLChecklist API | |
66 | virtual bool hasRequest() const { return request != NULL; } | |
67 | virtual bool hasReply() const { return reply != NULL; } | |
4ff6370b | 68 | virtual bool hasAle() const { return al != NULL; } |
cb365059 EB |
69 | virtual void syncAle(HttpRequest *adaptedRequest, const char *logUri) const; |
70 | virtual void verifyAle() const; | |
351fe86d AR |
71 | |
72 | public: | |
b7ac5457 AJ |
73 | Ip::Address src_addr; |
74 | Ip::Address dst_addr; | |
75 | Ip::Address my_addr; | |
1b091aec | 76 | SBuf dst_peer_name; |
12ef783b | 77 | char *dst_rdns; |
351fe86d AR |
78 | |
79 | HttpRequest *request; | |
80 | HttpReply *reply; | |
81 | ||
82 | char rfc931[USER_IDENT_SZ]; | |
2f1431ea | 83 | #if USE_AUTH |
c7baff40 | 84 | Auth::UserRequest::Pointer auth_user_request; |
2f1431ea | 85 | #endif |
351fe86d AR |
86 | #if SQUID_SNMP |
87 | char *snmp_community; | |
88 | #endif | |
89 | ||
23bb0ebf | 90 | /// SSL [certificate validation] errors, in undefined order |
92e3827b | 91 | const Security::CertErrors *sslErrors; |
fab3a825 CT |
92 | |
93 | /// Peer certificate being checked by ssl_verify_cb() and by | |
94 | /// Security::PeerConnector class. In other contexts, the peer | |
95 | /// certificate is retrieved via ALE or ConnStateData::serverBump. | |
f97700a0 | 96 | Security::CertPointer serverCert; |
351fe86d | 97 | |
4e56d7f6 | 98 | AccessLogEntry::Pointer al; ///< info for the future access.log, and external ACL |
d4806c91 | 99 | |
abdd93d0 | 100 | ExternalACLEntryPointer extacl_entry; |
351fe86d | 101 | |
3248e962 CT |
102 | err_type requestErrorType; |
103 | ||
351fe86d | 104 | private: |
351fe86d AR |
105 | ConnStateData * conn_; /**< hack for ident and NTLM */ |
106 | int fd_; /**< may be available when conn_ is not */ | |
107 | bool destinationDomainChecked_; | |
108 | bool sourceDomainChecked_; | |
351fe86d AR |
109 | /// not implemented; will cause link failures if used |
110 | ACLFilledChecklist(const ACLFilledChecklist &); | |
111 | /// not implemented; will cause link failures if used | |
112 | ACLFilledChecklist &operator=(const ACLFilledChecklist &); | |
113 | }; | |
114 | ||
115 | /// convenience and safety wrapper for dynamic_cast<ACLFilledChecklist*> | |
116 | inline | |
117 | ACLFilledChecklist *Filled(ACLChecklist *checklist) | |
118 | { | |
119 | // this should always be safe because ACLChecklist is an abstract class | |
120 | // and ACLFilledChecklist is its only [concrete] child | |
121 | return dynamic_cast<ACLFilledChecklist*>(checklist); | |
122 | } | |
123 | ||
124 | #endif /* SQUID_ACLFILLED_CHECKLIST_H */ | |
f53969cc | 125 |