2 * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 28 Access Control */
12 #include "acl/Checklist.h"
13 #include "acl/UserData.h"
14 #include "ConfigParser.h"
17 #include "sbuf/Algorithms.h"
20 const Acl::ParameterFlags
&
21 ACLUserData::supportedFlags() const
23 static const Acl::ParameterFlags flagNames
= { "-i", "+i" };
28 ACLUserData::match(char const *user
)
30 debugs(28, 7, "user is " << user
<< ", case_insensitive is " << flags
.case_insensitive
);
32 if (user
== NULL
|| strcmp(user
, "-") == 0)
36 debugs(28, 7, "aclMatchUser: user REQUIRED and auth-info present.");
40 bool result
= (userDataNames
.find(SBuf(user
)) != userDataNames
.end());
41 debugs(28, 7, "returning " << result
);
46 ACLUserData::dump() const
51 sl
.push_back(SBuf("REQUIRED"));
55 if (flags
.case_insensitive
)
56 sl
.push_back(SBuf("-i"));
58 sl
.insert(sl
.end(), userDataNames
.begin(), userDataNames
.end());
60 debugs(28,5, "ACLUserData dump output: " <<
61 JoinContainerToSBuf(userDataNames
.begin(), userDataNames
.end(),
67 CaseSensitiveSBufCompare(const SBuf
&lhs
, const SBuf
&rhs
)
69 return (lhs
.cmp(rhs
) < 0);
73 CaseInsensitveSBufCompare(const SBuf
&lhs
, const SBuf
&rhs
)
75 return (lhs
.caseCmp(rhs
) < 0);
78 ACLUserData::ACLUserData() :
79 userDataNames(CaseSensitiveSBufCompare
)
81 flags
.case_insensitive
= false;
82 flags
.required
= false;
88 debugs(28, 2, "parsing user list");
91 if ((t
= ConfigParser::strtokFile())) {
93 debugs(28, 5, "first token is " << s
);
95 if (s
.cmp("-i",2) == 0) {
96 debugs(28, 5, "Going case-insensitive");
97 flags
.case_insensitive
= true;
98 // due to how the std::set API work, if we want to change
99 // the comparison function we have to create a new std::set
100 UserDataNames_t
newUdn(CaseInsensitveSBufCompare
);
101 newUdn
.insert(userDataNames
.begin(), userDataNames
.end());
102 swap(userDataNames
,newUdn
);
103 } else if (s
.cmp("REQUIRED") == 0) {
104 debugs(28, 5, "REQUIRED-type enabled");
105 flags
.required
= true;
107 if (flags
.case_insensitive
)
110 debugs(28, 6, "Adding user " << s
);
111 userDataNames
.insert(s
);
115 debugs(28, 3, "Case-insensitive-switch is " << flags
.case_insensitive
);
116 /* we might inherit from a previous declaration */
118 debugs(28, 4, "parsing following tokens");
120 while ((t
= ConfigParser::strtokFile())) {
122 debugs(28, 6, "Got token: " << s
);
124 if (flags
.case_insensitive
)
127 debugs(28, 6, "Adding user " << s
);
128 userDataNames
.insert(s
);
131 if (flags
.required
&& !userDataNames
.empty()) {
132 debugs(28, DBG_PARSE_NOTE(1), "WARNING: detected attempt to add usernames to an acl of type REQUIRED");
133 userDataNames
.clear();
136 debugs(28,4, "ACL contains " << userDataNames
.size() << " users");
140 ACLUserData::empty() const
142 debugs(28,6,"required: " << flags
.required
<< ", number of users: " << userDataNames
.size());
145 return userDataNames
.empty();
148 ACLData
<char const *> *
149 ACLUserData::clone() const
151 return new ACLUserData
;