]>
Commit | Line | Data |
---|---|---|
8000a965 | 1 | /* |
4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
8000a965 | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
8000a965 | 7 | */ |
8 | ||
bbc27441 AJ |
9 | /* DEBUG: section 28 Access Control */ |
10 | ||
582c2af2 | 11 | #include "squid.h" |
3ad63615 | 12 | #include "acl/Checklist.h" |
602d9612 A |
13 | #include "acl/UserData.h" |
14 | #include "ConfigParser.h" | |
582c2af2 | 15 | #include "Debug.h" |
d82c26b8 | 16 | #include "globals.h" |
5218815a | 17 | #include "sbuf/Algorithms.h" |
68acf08e | 18 | #include "util.h" |
8000a965 | 19 | |
20 | bool | |
21 | ACLUserData::match(char const *user) | |
22 | { | |
52669f3a | 23 | debugs(28, 7, "user is " << user << ", case_insensitive is " << flags.case_insensitive); |
8000a965 | 24 | |
72aa8f18 | 25 | if (user == NULL || strcmp(user, "-") == 0) |
62e76326 | 26 | return 0; |
8000a965 | 27 | |
28 | if (flags.required) { | |
bf8fe701 | 29 | debugs(28, 7, "aclMatchUser: user REQUIRED and auth-info present."); |
62e76326 | 30 | return 1; |
8000a965 | 31 | } |
62e76326 | 32 | |
52669f3a FC |
33 | bool result = (userDataNames.find(SBuf(user)) != userDataNames.end()); |
34 | debugs(28, 7, "returning " << result); | |
35 | return result; | |
8000a965 | 36 | } |
37 | ||
8966008b | 38 | SBufList |
4f8ca96e | 39 | ACLUserData::dump() const |
8000a965 | 40 | { |
8966008b | 41 | SBufList sl; |
62e76326 | 42 | |
52bc393b | 43 | if (flags.required) { |
8966008b | 44 | sl.push_back(SBuf("REQUIRED")); |
702240e4 | 45 | return sl; |
52bc393b | 46 | } |
e20d485b | 47 | |
8000a965 | 48 | if (flags.case_insensitive) |
8966008b | 49 | sl.push_back(SBuf("-i")); |
62e76326 | 50 | |
d7e24049 | 51 | sl.insert(sl.end(), userDataNames.begin(), userDataNames.end()); |
62e76326 | 52 | |
f9879a34 | 53 | debugs(28,5, "ACLUserData dump output: " << |
80bd33c3 SM |
54 | JoinContainerToSBuf(userDataNames.begin(), userDataNames.end(), |
55 | SBuf(" "))); | |
8966008b | 56 | return sl; |
8000a965 | 57 | } |
58 | ||
87b5a196 AJ |
59 | static bool |
60 | CaseSensitiveSBufCompare(const SBuf &lhs, const SBuf &rhs) | |
61 | { | |
62 | return (lhs.cmp(rhs) < 0); | |
63 | } | |
64 | ||
52669f3a FC |
65 | static bool |
66 | CaseInsensitveSBufCompare(const SBuf &lhs, const SBuf &rhs) | |
67 | { | |
68 | return (lhs.caseCmp(rhs) < 0); | |
69 | } | |
bb517ac8 | 70 | |
d59e4742 | 71 | ACLUserData::ACLUserData() : |
87b5a196 | 72 | userDataNames(CaseSensitiveSBufCompare) |
796e7038 | 73 | { |
cc8c4af2 AJ |
74 | flags.case_insensitive = false; |
75 | flags.required = false; | |
796e7038 FC |
76 | } |
77 | ||
8000a965 | 78 | void |
79 | ACLUserData::parse() | |
80 | { | |
52669f3a | 81 | debugs(28, 2, "parsing user list"); |
5bc2be30 FC |
82 | |
83 | char *t = NULL; | |
d295d770 | 84 | if ((t = ConfigParser::strtokFile())) { |
bb517ac8 FC |
85 | SBuf s(t); |
86 | debugs(28, 5, "first token is " << s); | |
62e76326 | 87 | |
bb517ac8 | 88 | if (s.cmp("-i",2) == 0) { |
52669f3a | 89 | debugs(28, 5, "Going case-insensitive"); |
3dd52a0b | 90 | flags.case_insensitive = true; |
52669f3a FC |
91 | // due to how the std::set API work, if we want to change |
92 | // the comparison function we have to create a new std::set | |
93 | UserDataNames_t newUdn(CaseInsensitveSBufCompare); | |
94 | newUdn.insert(userDataNames.begin(), userDataNames.end()); | |
95 | swap(userDataNames,newUdn); | |
bb517ac8 | 96 | } else if (s.cmp("REQUIRED") == 0) { |
52669f3a | 97 | debugs(28, 5, "REQUIRED-type enabled"); |
3dd52a0b | 98 | flags.required = true; |
62e76326 | 99 | } else { |
100 | if (flags.case_insensitive) | |
bb517ac8 FC |
101 | s.toLower(); |
102 | ||
103 | debugs(28, 6, "Adding user " << s); | |
104 | userDataNames.insert(s); | |
62e76326 | 105 | } |
8000a965 | 106 | } |
62e76326 | 107 | |
52669f3a | 108 | debugs(28, 3, "Case-insensitive-switch is " << flags.case_insensitive); |
8000a965 | 109 | /* we might inherit from a previous declaration */ |
110 | ||
bb517ac8 | 111 | debugs(28, 4, "parsing following tokens"); |
62e76326 | 112 | |
d295d770 | 113 | while ((t = ConfigParser::strtokFile())) { |
bb517ac8 FC |
114 | SBuf s(t); |
115 | debugs(28, 6, "Got token: " << s); | |
62e76326 | 116 | |
117 | if (flags.case_insensitive) | |
bb517ac8 FC |
118 | s.toLower(); |
119 | ||
120 | debugs(28, 6, "Adding user " << s); | |
121 | userDataNames.insert(s); | |
8000a965 | 122 | } |
bb517ac8 FC |
123 | |
124 | if (flags.required && !userDataNames.empty()) { | |
125 | debugs(28, DBG_PARSE_NOTE(1), "WARNING: detected attempt to add usernames to an acl of type REQUIRED"); | |
126 | userDataNames.clear(); | |
127 | } | |
128 | ||
129 | debugs(28,4, "ACL contains " << userDataNames.size() << " users"); | |
8000a965 | 130 | } |
225b7b10 | 131 | |
65092baf | 132 | bool |
133 | ACLUserData::empty() const | |
134 | { | |
bb517ac8 FC |
135 | debugs(28,6,"required: " << flags.required << ", number of users: " << userDataNames.size()); |
136 | if (flags.required) | |
137 | return false; | |
138 | return userDataNames.empty(); | |
65092baf | 139 | } |
140 | ||
5dee515e | 141 | ACLData<char const *> * |
225b7b10 | 142 | ACLUserData::clone() const |
143 | { | |
225b7b10 | 144 | return new ACLUserData; |
145 | } | |
f53969cc | 146 |