]>
Commit | Line | Data |
---|---|---|
3841dd46 | 1 | /* |
bde978a6 | 2 | * Copyright (C) 1996-2015 The Squid Software Foundation and contributors |
3841dd46 | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
3841dd46 | 7 | */ |
8 | ||
bbc27441 AJ |
9 | /* DEBUG: section 28 Access Control */ |
10 | ||
582c2af2 | 11 | #include "squid.h" |
3ad63615 AR |
12 | #include "acl/CertificateData.h" |
13 | #include "acl/Checklist.h" | |
fc54b8d2 | 14 | #include "cache_cf.h" |
16c5ad96 | 15 | #include "ConfigParser.h" |
602d9612 | 16 | #include "Debug.h" |
836007fe | 17 | #include "wordlist.h" |
3841dd46 | 18 | |
00352183 AR |
19 | ACLCertificateData::ACLCertificateData(Ssl::GETX509ATTRIBUTE *sslStrategy, const char *attrs, bool optionalAttr) : validAttributesStr(attrs), attributeIsOptional(optionalAttr), attribute (NULL), values (), sslAttributeCall (sslStrategy) |
20 | { | |
21 | if (attrs) { | |
c9b5fbaf CT |
22 | size_t current = 0; |
23 | size_t next = std::string::npos; | |
00352183 AR |
24 | std::string valid(attrs); |
25 | do { | |
00352183 | 26 | next = valid.find_first_of( "|", current); |
c9b5fbaf CT |
27 | validAttributes.push_back(valid.substr( current, (next == std::string::npos ? std::string::npos : next - current))); |
28 | current = next + 1; | |
00352183 AR |
29 | } while (next != std::string::npos); |
30 | } | |
31 | } | |
3841dd46 | 32 | |
48071869 | 33 | ACLCertificateData::ACLCertificateData(ACLCertificateData const &old) : attribute (NULL), values (old.values), sslAttributeCall (old.sslAttributeCall) |
5dee515e | 34 | { |
00352183 AR |
35 | validAttributesStr = old.validAttributesStr; |
36 | validAttributes.assign (old.validAttributes.begin(), old.validAttributes.end()); | |
37 | attributeIsOptional = old.attributeIsOptional; | |
5dee515e | 38 | if (old.attribute) |
86c63190 | 39 | attribute = xstrdup(old.attribute); |
5dee515e | 40 | } |
41 | ||
3841dd46 | 42 | template<class T> |
43 | inline void | |
44 | xRefFree(T &thing) | |
45 | { | |
46 | xfree (thing); | |
47 | } | |
48 | ||
49 | ACLCertificateData::~ACLCertificateData() | |
50 | { | |
5dee515e | 51 | safe_free (attribute); |
3841dd46 | 52 | } |
53 | ||
54 | template<class T> | |
55 | inline int | |
56 | splaystrcmp (T&l, T&r) | |
57 | { | |
58 | return strcmp ((char *)l,(char *)r); | |
59 | } | |
60 | ||
3841dd46 | 61 | bool |
00352183 | 62 | ACLCertificateData::match(X509 *cert) |
3841dd46 | 63 | { |
00352183 | 64 | if (!cert) |
62e76326 | 65 | return 0; |
66 | ||
00352183 | 67 | char const *value = sslAttributeCall(cert, attribute); |
72b12f9e | 68 | debugs(28, 6, (attribute ? attribute : "value") << "=" << value); |
5dee515e | 69 | if (value == NULL) |
62e76326 | 70 | return 0; |
71 | ||
48071869 | 72 | return values.match(value); |
3841dd46 | 73 | } |
74 | ||
2cb8d372 FC |
75 | SBufList |
76 | ACLCertificateData::dump() const | |
3841dd46 | 77 | { |
2cb8d372 | 78 | SBufList sl; |
00352183 | 79 | if (validAttributesStr) |
2cb8d372 | 80 | sl.push_back(SBuf(attribute)); |
c2044052 | 81 | |
524f5ff6 | 82 | #if __cplusplus >= 201103L |
68acf08e | 83 | sl.splice(sl.end(),values.dump()); |
524f5ff6 AJ |
84 | #else |
85 | // temp is needed until c++11 move constructor | |
86 | SBufList tmp = values.dump(); | |
87 | sl.splice(sl.end(),tmp); | |
88 | #endif | |
2cb8d372 | 89 | return sl; |
3841dd46 | 90 | } |
91 | ||
92 | void | |
93 | ACLCertificateData::parse() | |
94 | { | |
00352183 | 95 | if (validAttributesStr) { |
16c5ad96 | 96 | char *newAttribute = ConfigParser::strtokFile(); |
62e76326 | 97 | |
00352183 AR |
98 | if (!newAttribute) { |
99 | if (attributeIsOptional) | |
100 | return; | |
62e76326 | 101 | |
72b12f9e | 102 | debugs(28, DBG_CRITICAL, "FATAL: required attribute argument missing"); |
62e76326 | 103 | self_destruct(); |
00352183 AR |
104 | } |
105 | ||
106 | // Handle the cases where we have optional -x type attributes | |
107 | if (attributeIsOptional && newAttribute[0] != '-') | |
108 | // The read token is not an attribute/option, so add it to values list | |
109 | values.insert(newAttribute); | |
110 | else { | |
111 | bool valid = false; | |
112 | for (std::list<std::string>::const_iterator it = validAttributes.begin(); it != validAttributes.end(); ++it) { | |
113 | if (*it == "*" || *it == newAttribute) { | |
114 | valid = true; | |
115 | break; | |
116 | } | |
117 | } | |
118 | ||
119 | if (!valid) { | |
72b12f9e | 120 | debugs(28, DBG_CRITICAL, "FATAL: Unknown option. Supported option(s) are: " << validAttributesStr); |
00352183 AR |
121 | self_destruct(); |
122 | } | |
960e100b | 123 | |
00352183 AR |
124 | /* an acl must use consistent attributes in all config lines */ |
125 | if (attribute) { | |
126 | if (strcasecmp(newAttribute, attribute) != 0) { | |
72b12f9e | 127 | debugs(28, DBG_CRITICAL, "FATAL: An acl must use consistent attributes in all config lines (" << newAttribute << "!=" << attribute << ")."); |
00352183 AR |
128 | self_destruct(); |
129 | } | |
130 | } else | |
131 | attribute = xstrdup(newAttribute); | |
132 | } | |
133 | } | |
62e76326 | 134 | |
48071869 | 135 | values.parse(); |
3841dd46 | 136 | } |
137 | ||
65092baf | 138 | bool |
139 | ACLCertificateData::empty() const | |
140 | { | |
141 | return values.empty(); | |
142 | } | |
3841dd46 | 143 | |
00352183 | 144 | ACLData<X509 *> * |
3841dd46 | 145 | ACLCertificateData::clone() const |
146 | { | |
147 | /* Splay trees don't clone yet. */ | |
5dee515e | 148 | return new ACLCertificateData(*this); |
3841dd46 | 149 | } |
f53969cc | 150 |