[thirdparty/squid.git] / src / ACLCertificateData.cc

/*
 * $Id: ACLCertificateData.cc,v 1.1 2003/02/16 02:23:18 robertc Exp $
 *
 * DEBUG: section 28    Access Control
 * AUTHOR: Duane Wessels
 *
 * SQUID Web Proxy Cache          http://www.squid-cache.org/
 * ----------------------------------------------------------
 *
 *  Squid is the result of efforts by numerous individuals from
 *  the Internet community; see the CONTRIBUTORS file for full
 *  details.   Many organizations have provided support for Squid's
 *  development; see the SPONSORS file for full details.  Squid is
 *  Copyrighted (C) 2001 by the Regents of the University of
 *  California; see the COPYRIGHT file for full details.  Squid
 *  incorporates software developed and/or copyrighted by other
 *  sources; see the CREDITS file for full details.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *  
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *  
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 *
 * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
 */

#include "squid.h"
#include "ACLCertificateData.h"
#include "authenticate.h"
#include "ACLChecklist.h"

MemPool *ACLCertificateData::Pool(NULL);
void *
ACLCertificateData::operator new (size_t byteCount)
{
    /* derived classes with different sizes must implement their own new */
    assert (byteCount == sizeof (ACLCertificateData));
    if (!Pool)
	Pool = memPoolCreate("ACLCertificateData", sizeof (ACLCertificateData));
    return memPoolAlloc(Pool);
}

void
ACLCertificateData::operator delete (void *address)
{
    memPoolFree (Pool, address);
}

void
ACLCertificateData::deleteSelf() const
{
    delete this;
}


ACLCertificateData::ACLCertificateData() : attribute (NULL), values (NULL)
{
}

template<class T>
inline void
xRefFree(T &thing)
{
    xfree (thing);
}

ACLCertificateData::~ACLCertificateData()
{
    if (values)
	values->destroy(xRefFree);
} 

template<class T>
inline int
splaystrcasecmp (T&l, T&r)
{
    return strcasecmp ((char *)l,(char *)r);
}

template<class T>
inline int
splaystrcmp (T&l, T&r)
{
    return strcmp ((char *)l,(char *)r);
}

/* general compare functions, these are used for tree search algorithms
 * so they return <0, 0 or >0 */

/* compare two values */

template<class T>
int
aclDomainCompare(T const &a, T const &b)
{
    char * const d1 = (char *const)b;
    char * const d2 = (char *const )a;
    int ret;
    ret = aclHostDomainCompare(d1, d2);
    if (ret != 0) {
	char *const d3 = d2;
	char *const d4 = d1;
	ret = aclHostDomainCompare(d3, d4);
    }
    /* FIXME this warning may display d1 and d2 when it should display d3 and d4 */
    if (ret == 0) {
	debug(28, 0) ("WARNING: '%s' is a subdomain of '%s'\n", d1, d2);
	debug(28, 0) ("WARNING: because of this '%s' is ignored to keep splay tree searching predictable\n", (char *) a);
	debug(28, 0) ("WARNING: You should probably remove '%s' from the ACL named '%s'\n", d1, AclMatchedName);
    }
    return ret;
}

/* compare a host and a domain */

static int
aclHostDomainCompare( char *const &a, char * const &b)
{
    const char *h = (const char *)a;
    const char *d = (const char *)b;
    return matchDomainName(h, d);
}


bool
ACLCertificateData::match(char const *host)
{
    if (host == NULL)
	return 0;
    debug(28, 3) ("aclMatchCertificateList: checking '%s'\n", host);
    values = values->splay((char *)host, aclHostDomainCompare);
    debug(28, 3) ("aclMatchCertificateList: '%s' %s\n",
	host, splayLastResult ? "NOT found" : "found");
    return !splayLastResult;
}

static void
aclDumpDomainListWalkee(char * const & node_data, void *outlist)
{
    /* outlist is really a wordlist ** */
    wordlistAdd((wordlist **)outlist, (char const *)node_data);
}

wordlist *
ACLCertificateData::dump()
{
    wordlist *wl = NULL;
    /* damn this is VERY inefficient for long ACL lists... filling
     * a wordlist this way costs Sum(1,N) iterations. For instance
     * a 1000-elements list will be filled in 499500 iterations.
     */
    values->walk(aclDumpDomainListWalkee, &wl);
    return wl;
}

void
ACLCertificateData::parse()
{
    char *t = NULL;
    while ((t = strtokFile())) {
	Tolower(t);
	values = values->insert(xstrdup(t), aclDomainCompare);
    }
}


ACLData *
ACLCertificateData::clone() const
{
    /* Splay trees don't clone yet. */
    assert (!values);
    return new ACLCertificateData;
}
Commit	Line	Data
3841dd46	1	/*
	2	* $Id: ACLCertificateData.cc,v 1.1 2003/02/16 02:23:18 robertc Exp $
	3	*
	4	* DEBUG: section 28 Access Control
	5	* AUTHOR: Duane Wessels
	6	*
	7	* SQUID Web Proxy Cache http://www.squid-cache.org/
	8	* ----------------------------------------------------------
	9	*
	10	* Squid is the result of efforts by numerous individuals from
	11	* the Internet community; see the CONTRIBUTORS file for full
	12	* details. Many organizations have provided support for Squid's
	13	* development; see the SPONSORS file for full details. Squid is
	14	* Copyrighted (C) 2001 by the Regents of the University of
	15	* California; see the COPYRIGHT file for full details. Squid
	16	* incorporates software developed and/or copyrighted by other
	17	* sources; see the CREDITS file for full details.
	18	*
	19	* This program is free software; you can redistribute it and/or modify
	20	* it under the terms of the GNU General Public License as published by
	21	* the Free Software Foundation; either version 2 of the License, or
	22	* (at your option) any later version.
	23	*
	24	* This program is distributed in the hope that it will be useful,
	25	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	26	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	27	* GNU General Public License for more details.
	28	*
	29	* You should have received a copy of the GNU General Public License
	30	* along with this program; if not, write to the Free Software
	31	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	32	*
	33	*
	34	* Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
	35	*/
	36
	37	#include "squid.h"
	38	#include "ACLCertificateData.h"
	39	#include "authenticate.h"
	40	#include "ACLChecklist.h"
	41
	42	MemPool *ACLCertificateData::Pool(NULL);
	43	void *
	44	ACLCertificateData::operator new (size_t byteCount)
	45	{
	46	/* derived classes with different sizes must implement their own new */
	47	assert (byteCount == sizeof (ACLCertificateData));
	48	if (!Pool)
	49	Pool = memPoolCreate("ACLCertificateData", sizeof (ACLCertificateData));
	50	return memPoolAlloc(Pool);
	51	}
	52
	53	void
	54	ACLCertificateData::operator delete (void *address)
	55	{
	56	memPoolFree (Pool, address);
	57	}
	58
	59	void
	60	ACLCertificateData::deleteSelf() const
	61	{
	62	delete this;
	63	}
	64
65
66	ACLCertificateData::ACLCertificateData() : attribute (NULL), values (NULL)
67	{
68	}
69
70	template<class T>
71	inline void
72	xRefFree(T &thing)
73	{
74	xfree (thing);
75	}
76
77	ACLCertificateData::~ACLCertificateData()
78	{
79	if (values)
80	values->destroy(xRefFree);
81	}
82
83	template<class T>
84	inline int
85	splaystrcasecmp (T&l, T&r)
86	{
87	return strcasecmp ((char )l,(char )r);
88	}
89
90	template<class T>
91	inline int
92	splaystrcmp (T&l, T&r)
93	{
94	return strcmp ((char )l,(char )r);
95	}
96
97	/* general compare functions, these are used for tree search algorithms
98	* so they return <0, 0 or >0 */
99
100	/* compare two values */
101
102	template<class T>
103	int
104	aclDomainCompare(T const &a, T const &b)
105	{
106	char * const d1 = (char *const)b;
107	char * const d2 = (char *const )a;
108	int ret;
109	ret = aclHostDomainCompare(d1, d2);
110	if (ret != 0) {
111	char *const d3 = d2;
112	char *const d4 = d1;
113	ret = aclHostDomainCompare(d3, d4);
114	}
115	/* FIXME this warning may display d1 and d2 when it should display d3 and d4 */
116	if (ret == 0) {
117	debug(28, 0) ("WARNING: '%s' is a subdomain of '%s'\n", d1, d2);
118	debug(28, 0) ("WARNING: because of this '%s' is ignored to keep splay tree searching predictable\n", (char *) a);
119	debug(28, 0) ("WARNING: You should probably remove '%s' from the ACL named '%s'\n", d1, AclMatchedName);
120	}
121	return ret;
122	}
123
124	/* compare a host and a domain */
125
126	static int
127	aclHostDomainCompare( char const &a, char const &b)
128	{
129	const char h = (const char )a;
130	const char d = (const char )b;
131	return matchDomainName(h, d);
132	}
133
134
135	bool
136	ACLCertificateData::match(char const *host)
137	{
138	if (host == NULL)
139	return 0;
140	debug(28, 3) ("aclMatchCertificateList: checking '%s'\n", host);
141	values = values->splay((char *)host, aclHostDomainCompare);
142	debug(28, 3) ("aclMatchCertificateList: '%s' %s\n",
143	host, splayLastResult ? "NOT found" : "found");
144	return !splayLastResult;
145	}
146
147	static void
148	aclDumpDomainListWalkee(char * const & node_data, void *outlist)
149	{
150	/* outlist is really a wordlist ** */
151	wordlistAdd((wordlist *)outlist, (char const )node_data);
152	}
153
154	wordlist *
155	ACLCertificateData::dump()
156	{
157	wordlist *wl = NULL;
158	/* damn this is VERY inefficient for long ACL lists... filling
159	* a wordlist this way costs Sum(1,N) iterations. For instance
160	* a 1000-elements list will be filled in 499500 iterations.
161	*/
162	values->walk(aclDumpDomainListWalkee, &wl);
163	return wl;
164	}
165
166	void
167	ACLCertificateData::parse()
168	{
169	char *t = NULL;
170	while ((t = strtokFile())) {
171	Tolower(t);
172	values = values->insert(xstrdup(t), aclDomainCompare);
173	}
174	}
175
176
177	ACLData *
178	ACLCertificateData::clone() const
179	{
180	/* Splay trees don't clone yet. */
181	assert (!values);
182	return new ACLCertificateData;
183	}