2 * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_ACLFILLED_CHECKLIST_H
10 #define SQUID_ACLFILLED_CHECKLIST_H
12 #include "AccessLogEntry.h"
13 #include "acl/Checklist.h"
14 #include "acl/forward.h"
15 #include "base/CbcPointer.h"
17 #include "ip/Address.h"
19 #include "auth/UserRequest.h"
21 #include "security/CertError.h"
29 ACLChecklist filled with specific data, representing Squid and transaction
30 state for access checks along with some data-specific checking methods
32 class ACLFilledChecklist
: public ACLChecklist
34 CBDATA_CLASS(ACLFilledChecklist
);
38 ACLFilledChecklist(const acl_access
*, HttpRequest
*, const char *ident
= nullptr);
39 ~ACLFilledChecklist();
41 /// configure client request-related fields for the first time
42 void setRequest(HttpRequest
*);
43 /// configure rfc931 user identity for the first time
44 void setIdent(const char *userIdentity
);
47 /// The client connection manager
48 ConnStateData
* conn() const;
50 /// The client side fd. It uses conn() if available
54 void conn(ConnStateData
*);
55 /// set the client side FD
56 void fd(int aDescriptor
);
58 //int authenticated();
60 bool destinationDomainChecked() const;
61 void markDestinationDomainChecked();
62 bool sourceDomainChecked() const;
63 void markSourceDomainChecked();
66 virtual bool hasRequest() const { return request
!= NULL
; }
67 virtual bool hasReply() const { return reply
!= NULL
; }
68 virtual bool hasAle() const { return al
!= NULL
; }
69 virtual void syncAle(HttpRequest
*adaptedRequest
, const char *logUri
) const;
70 virtual void verifyAle() const;
82 char rfc931
[USER_IDENT_SZ
];
84 Auth::UserRequest::Pointer auth_user_request
;
90 /// SSL [certificate validation] errors, in undefined order
91 const Security::CertErrors
*sslErrors
;
93 /// Peer certificate being checked by ssl_verify_cb() and by
94 /// Security::PeerConnector class. In other contexts, the peer
95 /// certificate is retrieved via ALE or ConnStateData::serverBump.
96 Security::CertPointer serverCert
;
98 AccessLogEntry::Pointer al
; ///< info for the future access.log, and external ACL
100 ExternalACLEntryPointer extacl_entry
;
102 err_type requestErrorType
;
105 ConnStateData
* conn_
; /**< hack for ident and NTLM */
106 int fd_
; /**< may be available when conn_ is not */
107 bool destinationDomainChecked_
;
108 bool sourceDomainChecked_
;
109 /// not implemented; will cause link failures if used
110 ACLFilledChecklist(const ACLFilledChecklist
&);
111 /// not implemented; will cause link failures if used
112 ACLFilledChecklist
&operator=(const ACLFilledChecklist
&);
115 /// convenience and safety wrapper for dynamic_cast<ACLFilledChecklist*>
117 ACLFilledChecklist
*Filled(ACLChecklist
*checklist
)
119 // this should always be safe because ACLChecklist is an abstract class
120 // and ACLFilledChecklist is its only [concrete] child
121 return dynamic_cast<ACLFilledChecklist
*>(checklist
);
124 #endif /* SQUID_ACLFILLED_CHECKLIST_H */