2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_ACLFILLED_CHECKLIST_H
10 #define SQUID_ACLFILLED_CHECKLIST_H
12 #include "AccessLogEntry.h"
13 #include "acl/Checklist.h"
14 #include "acl/forward.h"
15 #include "base/CbcPointer.h"
16 #include "error/forward.h"
17 #include "ip/Address.h"
19 #include "auth/UserRequest.h"
21 #include "security/CertError.h"
29 ACLChecklist filled with specific data, representing Squid and transaction
30 state for access checks along with some data-specific checking methods
32 class ACLFilledChecklist
: public ACLChecklist
34 CBDATA_CLASS(ACLFilledChecklist
);
38 ACLFilledChecklist(const acl_access
*, HttpRequest
*, const char *ident
= nullptr);
39 ~ACLFilledChecklist() override
;
41 /// configure client request-related fields for the first time
42 void setRequest(HttpRequest
*);
43 /// configure rfc931 user identity for the first time
44 void setIdent(const char *userIdentity
);
47 /// The client connection manager
48 ConnStateData
* conn() const;
50 /// The client side fd. It uses conn() if available
54 void setConn(ConnStateData
*);
55 /// set the client side FD
56 void fd(int aDescriptor
);
58 //int authenticated();
60 bool destinationDomainChecked() const;
61 void markDestinationDomainChecked();
62 bool sourceDomainChecked() const;
63 void markSourceDomainChecked();
66 bool hasRequest() const override
{ return request
!= nullptr; }
67 bool hasReply() const override
{ return reply
!= nullptr; }
68 bool hasAle() const override
{ return al
!= nullptr; }
69 void syncAle(HttpRequest
*adaptedRequest
, const char *logUri
) const override
;
70 void verifyAle() const override
;
82 char rfc931
[USER_IDENT_SZ
];
84 Auth::UserRequest::Pointer auth_user_request
;
90 /// TLS server [certificate validation] errors, in undefined order.
91 /// The errors are accumulated as Squid goes through validation steps
92 /// and server certificates. They are cleared on connection retries.
93 /// For sslproxy_cert_error checks, contains just the current/last error.
94 const Security::CertErrors
*sslErrors
;
96 /// Peer certificate being checked by ssl_verify_cb() and by
97 /// Security::PeerConnector class. In other contexts, the peer
98 /// certificate is retrieved via ALE or ConnStateData::serverBump.
99 Security::CertPointer serverCert
;
101 AccessLogEntry::Pointer al
; ///< info for the future access.log, and external ACL
103 ExternalACLEntryPointer extacl_entry
;
105 err_type requestErrorType
;
108 ConnStateData
* conn_
; /**< hack for ident and NTLM */
109 int fd_
; /**< may be available when conn_ is not */
110 bool destinationDomainChecked_
;
111 bool sourceDomainChecked_
;
112 /// not implemented; will cause link failures if used
113 ACLFilledChecklist(const ACLFilledChecklist
&);
114 /// not implemented; will cause link failures if used
115 ACLFilledChecklist
&operator=(const ACLFilledChecklist
&);
118 /// convenience and safety wrapper for dynamic_cast<ACLFilledChecklist*>
120 ACLFilledChecklist
*Filled(ACLChecklist
*checklist
)
122 // this should always be safe because ACLChecklist is an abstract class
123 // and ACLFilledChecklist is its only [concrete] child
124 return dynamic_cast<ACLFilledChecklist
*>(checklist
);
127 #endif /* SQUID_ACLFILLED_CHECKLIST_H */