]>
Commit | Line | Data |
---|---|---|
8000a965 | 1 | /* |
77b1029d | 2 | * Copyright (C) 1996-2020 The Squid Software Foundation and contributors |
8000a965 | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
8000a965 | 7 | */ |
8 | ||
bbc27441 AJ |
9 | /* DEBUG: section 28 Access Control */ |
10 | ||
582c2af2 | 11 | #include "squid.h" |
3ad63615 | 12 | #include "acl/Checklist.h" |
602d9612 A |
13 | #include "acl/UserData.h" |
14 | #include "ConfigParser.h" | |
582c2af2 | 15 | #include "Debug.h" |
d82c26b8 | 16 | #include "globals.h" |
5218815a | 17 | #include "sbuf/Algorithms.h" |
68acf08e | 18 | #include "util.h" |
8000a965 | 19 | |
d4c6acac AJ |
20 | const Acl::ParameterFlags & |
21 | ACLUserData::supportedFlags() const | |
22 | { | |
23 | static const Acl::ParameterFlags flagNames = { "-i", "+i" }; | |
24 | return flagNames; | |
25 | } | |
26 | ||
8000a965 | 27 | bool |
28 | ACLUserData::match(char const *user) | |
29 | { | |
52669f3a | 30 | debugs(28, 7, "user is " << user << ", case_insensitive is " << flags.case_insensitive); |
8000a965 | 31 | |
72aa8f18 | 32 | if (user == NULL || strcmp(user, "-") == 0) |
62e76326 | 33 | return 0; |
8000a965 | 34 | |
35 | if (flags.required) { | |
bf8fe701 | 36 | debugs(28, 7, "aclMatchUser: user REQUIRED and auth-info present."); |
62e76326 | 37 | return 1; |
8000a965 | 38 | } |
62e76326 | 39 | |
52669f3a FC |
40 | bool result = (userDataNames.find(SBuf(user)) != userDataNames.end()); |
41 | debugs(28, 7, "returning " << result); | |
42 | return result; | |
8000a965 | 43 | } |
44 | ||
8966008b | 45 | SBufList |
4f8ca96e | 46 | ACLUserData::dump() const |
8000a965 | 47 | { |
8966008b | 48 | SBufList sl; |
62e76326 | 49 | |
52bc393b | 50 | if (flags.required) { |
8966008b | 51 | sl.push_back(SBuf("REQUIRED")); |
702240e4 | 52 | return sl; |
52bc393b | 53 | } |
e20d485b | 54 | |
8000a965 | 55 | if (flags.case_insensitive) |
8966008b | 56 | sl.push_back(SBuf("-i")); |
62e76326 | 57 | |
d7e24049 | 58 | sl.insert(sl.end(), userDataNames.begin(), userDataNames.end()); |
62e76326 | 59 | |
f9879a34 | 60 | debugs(28,5, "ACLUserData dump output: " << |
80bd33c3 SM |
61 | JoinContainerToSBuf(userDataNames.begin(), userDataNames.end(), |
62 | SBuf(" "))); | |
8966008b | 63 | return sl; |
8000a965 | 64 | } |
65 | ||
87b5a196 AJ |
66 | static bool |
67 | CaseSensitiveSBufCompare(const SBuf &lhs, const SBuf &rhs) | |
68 | { | |
69 | return (lhs.cmp(rhs) < 0); | |
70 | } | |
71 | ||
52669f3a FC |
72 | static bool |
73 | CaseInsensitveSBufCompare(const SBuf &lhs, const SBuf &rhs) | |
74 | { | |
75 | return (lhs.caseCmp(rhs) < 0); | |
76 | } | |
bb517ac8 | 77 | |
d59e4742 | 78 | ACLUserData::ACLUserData() : |
87b5a196 | 79 | userDataNames(CaseSensitiveSBufCompare) |
796e7038 | 80 | { |
cc8c4af2 AJ |
81 | flags.case_insensitive = false; |
82 | flags.required = false; | |
796e7038 FC |
83 | } |
84 | ||
8000a965 | 85 | void |
86 | ACLUserData::parse() | |
87 | { | |
52669f3a | 88 | debugs(28, 2, "parsing user list"); |
5bc2be30 FC |
89 | |
90 | char *t = NULL; | |
d295d770 | 91 | if ((t = ConfigParser::strtokFile())) { |
bb517ac8 FC |
92 | SBuf s(t); |
93 | debugs(28, 5, "first token is " << s); | |
62e76326 | 94 | |
bb517ac8 | 95 | if (s.cmp("-i",2) == 0) { |
52669f3a | 96 | debugs(28, 5, "Going case-insensitive"); |
3dd52a0b | 97 | flags.case_insensitive = true; |
52669f3a FC |
98 | // due to how the std::set API work, if we want to change |
99 | // the comparison function we have to create a new std::set | |
100 | UserDataNames_t newUdn(CaseInsensitveSBufCompare); | |
101 | newUdn.insert(userDataNames.begin(), userDataNames.end()); | |
102 | swap(userDataNames,newUdn); | |
bb517ac8 | 103 | } else if (s.cmp("REQUIRED") == 0) { |
52669f3a | 104 | debugs(28, 5, "REQUIRED-type enabled"); |
3dd52a0b | 105 | flags.required = true; |
62e76326 | 106 | } else { |
107 | if (flags.case_insensitive) | |
bb517ac8 FC |
108 | s.toLower(); |
109 | ||
110 | debugs(28, 6, "Adding user " << s); | |
111 | userDataNames.insert(s); | |
62e76326 | 112 | } |
8000a965 | 113 | } |
62e76326 | 114 | |
52669f3a | 115 | debugs(28, 3, "Case-insensitive-switch is " << flags.case_insensitive); |
8000a965 | 116 | /* we might inherit from a previous declaration */ |
117 | ||
bb517ac8 | 118 | debugs(28, 4, "parsing following tokens"); |
62e76326 | 119 | |
d295d770 | 120 | while ((t = ConfigParser::strtokFile())) { |
bb517ac8 FC |
121 | SBuf s(t); |
122 | debugs(28, 6, "Got token: " << s); | |
62e76326 | 123 | |
124 | if (flags.case_insensitive) | |
bb517ac8 FC |
125 | s.toLower(); |
126 | ||
127 | debugs(28, 6, "Adding user " << s); | |
128 | userDataNames.insert(s); | |
8000a965 | 129 | } |
bb517ac8 FC |
130 | |
131 | if (flags.required && !userDataNames.empty()) { | |
132 | debugs(28, DBG_PARSE_NOTE(1), "WARNING: detected attempt to add usernames to an acl of type REQUIRED"); | |
133 | userDataNames.clear(); | |
134 | } | |
135 | ||
136 | debugs(28,4, "ACL contains " << userDataNames.size() << " users"); | |
8000a965 | 137 | } |
225b7b10 | 138 | |
65092baf | 139 | bool |
140 | ACLUserData::empty() const | |
141 | { | |
bb517ac8 FC |
142 | debugs(28,6,"required: " << flags.required << ", number of users: " << userDataNames.size()); |
143 | if (flags.required) | |
144 | return false; | |
145 | return userDataNames.empty(); | |
65092baf | 146 | } |
147 | ||
5dee515e | 148 | ACLData<char const *> * |
225b7b10 | 149 | ACLUserData::clone() const |
150 | { | |
225b7b10 | 151 | return new ACLUserData; |
152 | } | |
f53969cc | 153 |