[thirdparty/squid.git] / src / acl / FilledChecklist.h

/*
 * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_ACLFILLED_CHECKLIST_H
#define SQUID_ACLFILLED_CHECKLIST_H

#include "AccessLogEntry.h"
#include "acl/Checklist.h"
#include "acl/forward.h"
#include "base/CbcPointer.h"
#include "err_type.h"
#include "ip/Address.h"
#if USE_AUTH
#include "auth/UserRequest.h"
#endif
#include "security/CertError.h"

class CachePeer;
class ConnStateData;
class HttpRequest;
class HttpReply;

/** \ingroup ACLAPI
    ACLChecklist filled with specific data, representing Squid and transaction
    state for access checks along with some data-specific checking methods
 */
class ACLFilledChecklist: public ACLChecklist
{
    CBDATA_CLASS(ACLFilledChecklist);

public:
    ACLFilledChecklist();
    ACLFilledChecklist(const acl_access *, HttpRequest *, const char *ident = nullptr);
    ~ACLFilledChecklist();

    /// configure client request-related fields for the first time
    void setRequest(HttpRequest *);
    /// configure rfc931 user identity for the first time
    void setIdent(const char *userIdentity);

public:
    /// The client connection manager
    ConnStateData * conn() const;

    /// The client side fd. It uses conn() if available
    int fd() const;

    /// set either conn
    void conn(ConnStateData *);
    /// set the client side FD
    void fd(int aDescriptor);

    //int authenticated();

    bool destinationDomainChecked() const;
    void markDestinationDomainChecked();
    bool sourceDomainChecked() const;
    void markSourceDomainChecked();

    // ACLChecklist API
    virtual bool hasRequest() const { return request != NULL; }
    virtual bool hasReply() const { return reply != NULL; }
    virtual bool hasAle() const { return al != NULL; }
    virtual void syncAle(HttpRequest *adaptedRequest, const char *logUri) const;
    virtual void verifyAle() const;

public:
    Ip::Address src_addr;
    Ip::Address dst_addr;
    Ip::Address my_addr;
    SBuf dst_peer_name;
    char *dst_rdns;

    HttpRequest *request;
    HttpReply *reply;

    char rfc931[USER_IDENT_SZ];
#if USE_AUTH
    Auth::UserRequest::Pointer auth_user_request;
#endif
#if SQUID_SNMP
    char *snmp_community;
#endif

    /// SSL [certificate validation] errors, in undefined order
    const Security::CertErrors *sslErrors;

    /// Peer certificate being checked by ssl_verify_cb() and by
    /// Security::PeerConnector class. In other contexts, the peer
    /// certificate is retrieved via ALE or ConnStateData::serverBump.
    Security::CertPointer serverCert;

    AccessLogEntry::Pointer al; ///< info for the future access.log, and external ACL

    ExternalACLEntryPointer extacl_entry;

    err_type requestErrorType;

private:
    ConnStateData * conn_;          /**< hack for ident and NTLM */
    int fd_;                        /**< may be available when conn_ is not */
    bool destinationDomainChecked_;
    bool sourceDomainChecked_;
    /// not implemented; will cause link failures if used
    ACLFilledChecklist(const ACLFilledChecklist &);
    /// not implemented; will cause link failures if used
    ACLFilledChecklist &operator=(const ACLFilledChecklist &);
};

/// convenience and safety wrapper for dynamic_cast<ACLFilledChecklist*>
inline
ACLFilledChecklist *Filled(ACLChecklist *checklist)
{
    // this should always be safe because ACLChecklist is an abstract class
    // and ACLFilledChecklist is its only [concrete] child
    return dynamic_cast<ACLFilledChecklist*>(checklist);
}

#endif /* SQUID_ACLFILLED_CHECKLIST_H */
Commit	Line	Data
bbc27441	1	/*
77b1029d	2	* Copyright (C) 1996-2020 The Squid Software Foundation and contributors
bbc27441 AJ	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
351fe86d AR	9	#ifndef SQUID_ACLFILLED_CHECKLIST_H
	10	#define SQUID_ACLFILLED_CHECKLIST_H
	11
d4806c91	12	#include "AccessLogEntry.h"
351fe86d	13	#include "acl/Checklist.h"
6f58d7d7	14	#include "acl/forward.h"
abdd93d0	15	#include "base/CbcPointer.h"
3248e962	16	#include "err_type.h"
d9c7489e	17	#include "ip/Address.h"
2f1431ea	18	#if USE_AUTH
a33a428a	19	#include "auth/UserRequest.h"
2f1431ea	20	#endif
92e3827b	21	#include "security/CertError.h"
351fe86d	22
a011edee	23	class CachePeer;
351fe86d	24	class ConnStateData;
582c2af2	25	class HttpRequest;
71b673d4	26	class HttpReply;
351fe86d AR	27
	28	/** \ingroup ACLAPI
	29	ACLChecklist filled with specific data, representing Squid and transaction
5c2f68b7 AJ	30	state for access checks along with some data-specific checking methods
5c2f68b7 AJ	31	*/
351fe86d AR	32	class ACLFilledChecklist: public ACLChecklist
351fe86d AR	33	{
5c2f68b7 AJ	34	CBDATA_CLASS(ACLFilledChecklist);
5c2f68b7 AJ	35
351fe86d	36	public:
351fe86d	37	ACLFilledChecklist();
3a3d4ba6	38	ACLFilledChecklist(const acl_access , HttpRequest , const char *ident = nullptr);
351fe86d AR	39	~ACLFilledChecklist();
351fe86d AR	40
819be284 EB	41	/// configure client request-related fields for the first time
	42	void setRequest(HttpRequest *);
	43	/// configure rfc931 user identity for the first time
	44	void setIdent(const char *userIdentity);
	45
351fe86d	46	public:
233ead05	47	/// The client connection manager
351fe86d AR	48	ConnStateData * conn() const;
351fe86d AR	49
233ead05	50	/// The client side fd. It uses conn() if available
351fe86d AR	51	int fd() const;
	52
	53	/// set either conn
	54	void conn(ConnStateData *);
233ead05	55	/// set the client side FD
351fe86d AR	56	void fd(int aDescriptor);
	57
	58	//int authenticated();
	59
	60	bool destinationDomainChecked() const;
	61	void markDestinationDomainChecked();
	62	bool sourceDomainChecked() const;
	63	void markSourceDomainChecked();
	64
	65	// ACLChecklist API
	66	virtual bool hasRequest() const { return request != NULL; }
	67	virtual bool hasReply() const { return reply != NULL; }
4ff6370b	68	virtual bool hasAle() const { return al != NULL; }
cb365059 EB	69	virtual void syncAle(HttpRequest adaptedRequest, const char logUri) const;
cb365059 EB	70	virtual void verifyAle() const;
351fe86d AR	71
351fe86d AR	72	public:
b7ac5457 AJ	73	Ip::Address src_addr;
	74	Ip::Address dst_addr;
	75	Ip::Address my_addr;
1b091aec	76	SBuf dst_peer_name;
12ef783b	77	char *dst_rdns;
351fe86d AR	78
	79	HttpRequest *request;
	80	HttpReply *reply;
	81
	82	char rfc931[USER_IDENT_SZ];
2f1431ea	83	#if USE_AUTH
c7baff40	84	Auth::UserRequest::Pointer auth_user_request;
2f1431ea	85	#endif
351fe86d AR	86	#if SQUID_SNMP
	87	char *snmp_community;
	88	#endif
	89
23bb0ebf	90	/// SSL [certificate validation] errors, in undefined order
92e3827b	91	const Security::CertErrors *sslErrors;
fab3a825 CT	92
	93	/// Peer certificate being checked by ssl_verify_cb() and by
	94	/// Security::PeerConnector class. In other contexts, the peer
	95	/// certificate is retrieved via ALE or ConnStateData::serverBump.
f97700a0	96	Security::CertPointer serverCert;
351fe86d	97
4e56d7f6	98	AccessLogEntry::Pointer al; ///< info for the future access.log, and external ACL
d4806c91	99
abdd93d0	100	ExternalACLEntryPointer extacl_entry;
351fe86d	101
3248e962 CT	102	err_type requestErrorType;
3248e962 CT	103
351fe86d	104	private:
351fe86d AR	105	ConnStateData * conn_; /*< hack for ident and NTLM /
	106	int fd_; /*< may be available when conn_ is not /
	107	bool destinationDomainChecked_;
	108	bool sourceDomainChecked_;
351fe86d AR	109	/// not implemented; will cause link failures if used
	110	ACLFilledChecklist(const ACLFilledChecklist &);
	111	/// not implemented; will cause link failures if used
	112	ACLFilledChecklist &operator=(const ACLFilledChecklist &);
	113	};
	114
	115	/// convenience and safety wrapper for dynamic_cast<ACLFilledChecklist*>
	116	inline
	117	ACLFilledChecklist Filled(ACLChecklist checklist)
	118	{
	119	// this should always be safe because ACLChecklist is an abstract class
	120	// and ACLFilledChecklist is its only [concrete] child
	121	return dynamic_cast<ACLFilledChecklist*>(checklist);
	122	}
	123
	124	#endif /* SQUID_ACLFILLED_CHECKLIST_H */
f53969cc	125