]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/acl/CertificateData.cc
2 * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 28 Access Control */
12 #include "acl/CertificateData.h"
13 #include "acl/Checklist.h"
15 #include "ConfigParser.h"
19 ACLCertificateData::ACLCertificateData(Ssl::GETX509ATTRIBUTE
*sslStrategy
, const char *attrs
, bool optionalAttr
) : validAttributesStr(attrs
), attributeIsOptional(optionalAttr
), attribute (NULL
), values (), sslAttributeCall (sslStrategy
)
23 size_t next
= std::string::npos
;
24 std::string
valid(attrs
);
26 next
= valid
.find_first_of( "|", current
);
27 validAttributes
.push_back(valid
.substr( current
, (next
== std::string::npos
? std::string::npos
: next
- current
)));
29 } while (next
!= std::string::npos
);
33 ACLCertificateData::ACLCertificateData(ACLCertificateData
const &old
) : attribute (NULL
), values (old
.values
), sslAttributeCall (old
.sslAttributeCall
)
35 validAttributesStr
= old
.validAttributesStr
;
36 validAttributes
.assign (old
.validAttributes
.begin(), old
.validAttributes
.end());
37 attributeIsOptional
= old
.attributeIsOptional
;
39 attribute
= xstrdup(old
.attribute
);
49 ACLCertificateData::~ACLCertificateData()
51 safe_free (attribute
);
56 splaystrcmp (T
&l
, T
&r
)
58 return strcmp ((char *)l
,(char *)r
);
62 ACLCertificateData::match(X509
*cert
)
67 char const *value
= sslAttributeCall(cert
, attribute
);
68 debugs(28, 6, (attribute
? attribute
: "value") << "=" << value
);
72 return values
.match(value
);
76 ACLCertificateData::dump() const
79 if (validAttributesStr
)
80 sl
.push_back(SBuf(attribute
));
82 sl
.splice(sl
.end(),values
.dump());
87 ACLCertificateData::parse()
89 if (validAttributesStr
) {
90 char *newAttribute
= ConfigParser::strtokFile();
93 if (!attributeIsOptional
) {
94 debugs(28, DBG_CRITICAL
, "FATAL: required attribute argument missing");
100 // Handle the cases where we have optional -x type attributes
101 if (attributeIsOptional
&& newAttribute
[0] != '-')
102 // The read token is not an attribute/option, so add it to values list
103 values
.insert(newAttribute
);
106 for (std::list
<std::string
>::const_iterator it
= validAttributes
.begin(); it
!= validAttributes
.end(); ++it
) {
107 if (*it
== "*" || *it
== newAttribute
) {
114 debugs(28, DBG_CRITICAL
, "FATAL: Unknown option. Supported option(s) are: " << validAttributesStr
);
119 /* an acl must use consistent attributes in all config lines */
121 if (strcasecmp(newAttribute
, attribute
) != 0) {
122 debugs(28, DBG_CRITICAL
, "FATAL: An acl must use consistent attributes in all config lines (" << newAttribute
<< "!=" << attribute
<< ").");
127 if (strcasecmp(newAttribute
, "DN") != 0) {
128 int nid
= OBJ_txt2nid(newAttribute
);
130 const size_t span
= strspn(newAttribute
, "0123456789.");
131 if(newAttribute
[span
] == '\0') { // looks like a numerical OID
132 // create a new object based on this attribute
134 // NOTE: Not a [bad] leak: If the same attribute
135 // has been added before, the OBJ_txt2nid call
136 // would return a valid nid value.
137 // TODO: call OBJ_cleanup() on reconfigure?
138 nid
= OBJ_create(newAttribute
, newAttribute
, newAttribute
);
139 debugs(28, 7, "New SSL certificate attribute created with name: " << newAttribute
<< " and nid: " << nid
);
143 debugs(28, DBG_CRITICAL
, "FATAL: Not valid SSL certificate attribute name or numerical OID: " << newAttribute
);
148 attribute
= xstrdup(newAttribute
);
157 ACLCertificateData::empty() const
159 return values
.empty();
163 ACLCertificateData::clone() const
165 /* Splay trees don't clone yet. */
166 return new ACLCertificateData(*this);