2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 28 Access Control */
12 #include "acl/CertificateData.h"
13 #include "acl/Checklist.h"
18 ACLCertificateData::ACLCertificateData(Ssl::GETX509ATTRIBUTE
*sslStrategy
, const char *attrs
, bool optionalAttr
) : validAttributesStr(attrs
), attributeIsOptional(optionalAttr
), attribute (NULL
), values (), sslAttributeCall (sslStrategy
)
22 size_t next
= std::string::npos
;
23 std::string
valid(attrs
);
25 next
= valid
.find_first_of( "|", current
);
26 validAttributes
.push_back(valid
.substr( current
, (next
== std::string::npos
? std::string::npos
: next
- current
)));
28 } while (next
!= std::string::npos
);
32 ACLCertificateData::ACLCertificateData(ACLCertificateData
const &old
) : attribute (NULL
), values (old
.values
), sslAttributeCall (old
.sslAttributeCall
)
34 validAttributesStr
= old
.validAttributesStr
;
35 validAttributes
.assign (old
.validAttributes
.begin(), old
.validAttributes
.end());
36 attributeIsOptional
= old
.attributeIsOptional
;
38 attribute
= xstrdup(old
.attribute
);
48 ACLCertificateData::~ACLCertificateData()
50 safe_free (attribute
);
55 splaystrcmp (T
&l
, T
&r
)
57 return strcmp ((char *)l
,(char *)r
);
61 ACLCertificateData::match(X509
*cert
)
66 char const *value
= sslAttributeCall(cert
, attribute
);
67 debugs(28, 6, (attribute
? attribute
: "value") << "=" << value
);
71 return values
.match(value
);
74 struct CertificateDataAclDumpVisitor
{
76 void operator() (char * const & node_data
) {
77 contents
.push_back(SBuf(node_data
));
82 ACLCertificateData::dump() const
85 if (validAttributesStr
)
86 sl
.push_back(SBuf(attribute
));
88 CertificateDataAclDumpVisitor visitor
;
89 values
.values
->visit(visitor
);
90 sl
.splice(sl
.end(),visitor
.contents
);
95 ACLCertificateData::parse()
97 if (validAttributesStr
) {
98 char *newAttribute
= strtokFile();
101 if (attributeIsOptional
)
104 debugs(28, DBG_CRITICAL
, "FATAL: required attribute argument missing");
108 // Handle the cases where we have optional -x type attributes
109 if (attributeIsOptional
&& newAttribute
[0] != '-')
110 // The read token is not an attribute/option, so add it to values list
111 values
.insert(newAttribute
);
114 for (std::list
<std::string
>::const_iterator it
= validAttributes
.begin(); it
!= validAttributes
.end(); ++it
) {
115 if (*it
== "*" || *it
== newAttribute
) {
122 debugs(28, DBG_CRITICAL
, "FATAL: Unknown option. Supported option(s) are: " << validAttributesStr
);
126 /* an acl must use consistent attributes in all config lines */
128 if (strcasecmp(newAttribute
, attribute
) != 0) {
129 debugs(28, DBG_CRITICAL
, "FATAL: An acl must use consistent attributes in all config lines (" << newAttribute
<< "!=" << attribute
<< ").");
133 attribute
= xstrdup(newAttribute
);
141 ACLCertificateData::empty() const
143 return values
.empty();
147 ACLCertificateData::clone() const
149 /* Splay trees don't clone yet. */
150 return new ACLCertificateData(*this);