]>
Commit | Line | Data |
---|---|---|
3841dd46 | 1 | /* |
2 | * $Id: ACLCertificateData.cc,v 1.1 2003/02/16 02:23:18 robertc Exp $ | |
3 | * | |
4 | * DEBUG: section 28 Access Control | |
5 | * AUTHOR: Duane Wessels | |
6 | * | |
7 | * SQUID Web Proxy Cache http://www.squid-cache.org/ | |
8 | * ---------------------------------------------------------- | |
9 | * | |
10 | * Squid is the result of efforts by numerous individuals from | |
11 | * the Internet community; see the CONTRIBUTORS file for full | |
12 | * details. Many organizations have provided support for Squid's | |
13 | * development; see the SPONSORS file for full details. Squid is | |
14 | * Copyrighted (C) 2001 by the Regents of the University of | |
15 | * California; see the COPYRIGHT file for full details. Squid | |
16 | * incorporates software developed and/or copyrighted by other | |
17 | * sources; see the CREDITS file for full details. | |
18 | * | |
19 | * This program is free software; you can redistribute it and/or modify | |
20 | * it under the terms of the GNU General Public License as published by | |
21 | * the Free Software Foundation; either version 2 of the License, or | |
22 | * (at your option) any later version. | |
23 | * | |
24 | * This program is distributed in the hope that it will be useful, | |
25 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
26 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
27 | * GNU General Public License for more details. | |
28 | * | |
29 | * You should have received a copy of the GNU General Public License | |
30 | * along with this program; if not, write to the Free Software | |
31 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
32 | * | |
33 | * | |
34 | * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org> | |
35 | */ | |
36 | ||
37 | #include "squid.h" | |
38 | #include "ACLCertificateData.h" | |
39 | #include "authenticate.h" | |
40 | #include "ACLChecklist.h" | |
41 | ||
42 | MemPool *ACLCertificateData::Pool(NULL); | |
43 | void * | |
44 | ACLCertificateData::operator new (size_t byteCount) | |
45 | { | |
46 | /* derived classes with different sizes must implement their own new */ | |
47 | assert (byteCount == sizeof (ACLCertificateData)); | |
48 | if (!Pool) | |
49 | Pool = memPoolCreate("ACLCertificateData", sizeof (ACLCertificateData)); | |
50 | return memPoolAlloc(Pool); | |
51 | } | |
52 | ||
53 | void | |
54 | ACLCertificateData::operator delete (void *address) | |
55 | { | |
56 | memPoolFree (Pool, address); | |
57 | } | |
58 | ||
59 | void | |
60 | ACLCertificateData::deleteSelf() const | |
61 | { | |
62 | delete this; | |
63 | } | |
64 | ||
65 | ||
66 | ACLCertificateData::ACLCertificateData() : attribute (NULL), values (NULL) | |
67 | { | |
68 | } | |
69 | ||
70 | template<class T> | |
71 | inline void | |
72 | xRefFree(T &thing) | |
73 | { | |
74 | xfree (thing); | |
75 | } | |
76 | ||
77 | ACLCertificateData::~ACLCertificateData() | |
78 | { | |
79 | if (values) | |
80 | values->destroy(xRefFree); | |
81 | } | |
82 | ||
83 | template<class T> | |
84 | inline int | |
85 | splaystrcasecmp (T&l, T&r) | |
86 | { | |
87 | return strcasecmp ((char *)l,(char *)r); | |
88 | } | |
89 | ||
90 | template<class T> | |
91 | inline int | |
92 | splaystrcmp (T&l, T&r) | |
93 | { | |
94 | return strcmp ((char *)l,(char *)r); | |
95 | } | |
96 | ||
97 | /* general compare functions, these are used for tree search algorithms | |
98 | * so they return <0, 0 or >0 */ | |
99 | ||
100 | /* compare two values */ | |
101 | ||
102 | template<class T> | |
103 | int | |
104 | aclDomainCompare(T const &a, T const &b) | |
105 | { | |
106 | char * const d1 = (char *const)b; | |
107 | char * const d2 = (char *const )a; | |
108 | int ret; | |
109 | ret = aclHostDomainCompare(d1, d2); | |
110 | if (ret != 0) { | |
111 | char *const d3 = d2; | |
112 | char *const d4 = d1; | |
113 | ret = aclHostDomainCompare(d3, d4); | |
114 | } | |
115 | /* FIXME this warning may display d1 and d2 when it should display d3 and d4 */ | |
116 | if (ret == 0) { | |
117 | debug(28, 0) ("WARNING: '%s' is a subdomain of '%s'\n", d1, d2); | |
118 | debug(28, 0) ("WARNING: because of this '%s' is ignored to keep splay tree searching predictable\n", (char *) a); | |
119 | debug(28, 0) ("WARNING: You should probably remove '%s' from the ACL named '%s'\n", d1, AclMatchedName); | |
120 | } | |
121 | return ret; | |
122 | } | |
123 | ||
124 | /* compare a host and a domain */ | |
125 | ||
126 | static int | |
127 | aclHostDomainCompare( char *const &a, char * const &b) | |
128 | { | |
129 | const char *h = (const char *)a; | |
130 | const char *d = (const char *)b; | |
131 | return matchDomainName(h, d); | |
132 | } | |
133 | ||
134 | ||
135 | bool | |
136 | ACLCertificateData::match(char const *host) | |
137 | { | |
138 | if (host == NULL) | |
139 | return 0; | |
140 | debug(28, 3) ("aclMatchCertificateList: checking '%s'\n", host); | |
141 | values = values->splay((char *)host, aclHostDomainCompare); | |
142 | debug(28, 3) ("aclMatchCertificateList: '%s' %s\n", | |
143 | host, splayLastResult ? "NOT found" : "found"); | |
144 | return !splayLastResult; | |
145 | } | |
146 | ||
147 | static void | |
148 | aclDumpDomainListWalkee(char * const & node_data, void *outlist) | |
149 | { | |
150 | /* outlist is really a wordlist ** */ | |
151 | wordlistAdd((wordlist **)outlist, (char const *)node_data); | |
152 | } | |
153 | ||
154 | wordlist * | |
155 | ACLCertificateData::dump() | |
156 | { | |
157 | wordlist *wl = NULL; | |
158 | /* damn this is VERY inefficient for long ACL lists... filling | |
159 | * a wordlist this way costs Sum(1,N) iterations. For instance | |
160 | * a 1000-elements list will be filled in 499500 iterations. | |
161 | */ | |
162 | values->walk(aclDumpDomainListWalkee, &wl); | |
163 | return wl; | |
164 | } | |
165 | ||
166 | void | |
167 | ACLCertificateData::parse() | |
168 | { | |
169 | char *t = NULL; | |
170 | while ((t = strtokFile())) { | |
171 | Tolower(t); | |
172 | values = values->insert(xstrdup(t), aclDomainCompare); | |
173 | } | |
174 | } | |
175 | ||
176 | ||
177 | ACLData * | |
178 | ACLCertificateData::clone() const | |
179 | { | |
180 | /* Splay trees don't clone yet. */ | |
181 | assert (!values); | |
182 | return new ACLCertificateData; | |
183 | } |