projects / thirdparty / squid.git / blame
| Commit | Line | Data |
|---|---|---|
| 8000a965 | 1 | /* |
| 4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
| 8000a965 | 3 | * |
| bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
| 5 | * contributions from numerous individuals and organizations. | |
| 6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
| 8000a965 | 7 | */ |
| 8 | ||
| bbc27441 AJ |
9 | /* DEBUG: section 28 Access Control */ |
| 10 | ||
| 582c2af2 | 11 | #include "squid.h" |
| 3ad63615 | 12 | #include "acl/Checklist.h" |
| 602d9612 A |
13 | #include "acl/UserData.h" |
| 14 | #include "ConfigParser.h" | |
| 582c2af2 | 15 | #include "Debug.h" |
| d82c26b8 | 16 | #include "globals.h" |
| 5218815a | 17 | #include "sbuf/Algorithms.h" |
| 68acf08e | 18 | #include "util.h" |
| 8000a965 | 19 | |
| 20 | bool | |
| 21 | ACLUserData::match(char const *user) | |
| 22 | { | |
| 52669f3a | 23 | debugs(28, 7, "user is " << user << ", case_insensitive is " << flags.case_insensitive); |
| 8000a965 | 24 | |
| 72aa8f18 | 25 | if (user == NULL || strcmp(user, "-") == 0) |
| 62e76326 | 26 | return 0; |
| 8000a965 | 27 | |
| 28 | if (flags.required) { | |
| bf8fe701 | 29 | debugs(28, 7, "aclMatchUser: user REQUIRED and auth-info present."); |
| 62e76326 | 30 | return 1; |
| 8000a965 | 31 | } |
| 62e76326 | 32 | |
| 52669f3a FC |
33 | bool result = (userDataNames.find(SBuf(user)) != userDataNames.end()); |
| 34 | debugs(28, 7, "returning " << result); | |
| 35 | return result; | |
| 8000a965 | 36 | } |
| 37 | ||
| 8966008b | 38 | SBufList |
| 4f8ca96e | 39 | ACLUserData::dump() const |
| 8000a965 | 40 | { |
| 8966008b | 41 | SBufList sl; |
| 62e76326 | 42 | |
| 52bc393b | 43 | if (flags.required) { |
| 8966008b | 44 | sl.push_back(SBuf("REQUIRED")); |
| 702240e4 | 45 | return sl; |
| 52bc393b | 46 | } |
| e20d485b | 47 | |
| 8000a965 | 48 | if (flags.case_insensitive) |
| 8966008b | 49 | sl.push_back(SBuf("-i")); |
| 62e76326 | 50 | |
| d7e24049 | 51 | sl.insert(sl.end(), userDataNames.begin(), userDataNames.end()); |
| 62e76326 | 52 | |
| f9879a34 | 53 | debugs(28,5, "ACLUserData dump output: " << |
| 80bd33c3 SM |
54 | JoinContainerToSBuf(userDataNames.begin(), userDataNames.end(), |
| 55 | SBuf(" "))); | |
| 8966008b | 56 | return sl; |
| 8000a965 | 57 | } |
| 58 | ||
| 87b5a196 AJ |
59 | static bool |
| 60 | CaseSensitiveSBufCompare(const SBuf &lhs, const SBuf &rhs) | |
| 61 | { | |
| 62 | return (lhs.cmp(rhs) < 0); | |
| 63 | } | |
| 64 | ||
| 52669f3a FC |
65 | static bool |
| 66 | CaseInsensitveSBufCompare(const SBuf &lhs, const SBuf &rhs) | |
| 67 | { | |
| 68 | return (lhs.caseCmp(rhs) < 0); | |
| 69 | } | |
| bb517ac8 | 70 | |
| d59e4742 | 71 | ACLUserData::ACLUserData() : |
| 87b5a196 | 72 | userDataNames(CaseSensitiveSBufCompare) |
| 796e7038 | 73 | { |
| cc8c4af2 AJ |
74 | flags.case_insensitive = false; |
| 75 | flags.required = false; | |
| 796e7038 FC |
76 | } |
| 77 | ||
| 8000a965 | 78 | void |
| 79 | ACLUserData::parse() | |
| 80 | { | |
| 52669f3a | 81 | debugs(28, 2, "parsing user list"); |
| 5bc2be30 FC |
82 | |
| 83 | char *t = NULL; | |
| d295d770 | 84 | if ((t = ConfigParser::strtokFile())) { |
| bb517ac8 FC |
85 | SBuf s(t); |
| 86 | debugs(28, 5, "first token is " << s); | |
| 62e76326 | 87 | |
| bb517ac8 | 88 | if (s.cmp("-i",2) == 0) { |
| 52669f3a | 89 | debugs(28, 5, "Going case-insensitive"); |
| 3dd52a0b | 90 | flags.case_insensitive = true; |
| 52669f3a FC |
91 | // due to how the std::set API work, if we want to change |
| 92 | // the comparison function we have to create a new std::set | |
| 93 | UserDataNames_t newUdn(CaseInsensitveSBufCompare); | |
| 94 | newUdn.insert(userDataNames.begin(), userDataNames.end()); | |
| 95 | swap(userDataNames,newUdn); | |
| bb517ac8 | 96 | } else if (s.cmp("REQUIRED") == 0) { |
| 52669f3a | 97 | debugs(28, 5, "REQUIRED-type enabled"); |
| 3dd52a0b | 98 | flags.required = true; |
| 62e76326 | 99 | } else { |
| 100 | if (flags.case_insensitive) | |
| bb517ac8 FC |
101 | s.toLower(); |
| 102 | ||
| 103 | debugs(28, 6, "Adding user " << s); | |
| 104 | userDataNames.insert(s); | |
| 62e76326 | 105 | } |
| 8000a965 | 106 | } |
| 62e76326 | 107 | |
| 52669f3a | 108 | debugs(28, 3, "Case-insensitive-switch is " << flags.case_insensitive); |
| 8000a965 | 109 | /* we might inherit from a previous declaration */ |
| 110 | ||
| bb517ac8 | 111 | debugs(28, 4, "parsing following tokens"); |
| 62e76326 | 112 | |
| d295d770 | 113 | while ((t = ConfigParser::strtokFile())) { |
| bb517ac8 FC |
114 | SBuf s(t); |
| 115 | debugs(28, 6, "Got token: " << s); | |
| 62e76326 | 116 | |
| 117 | if (flags.case_insensitive) | |
| bb517ac8 FC |
118 | s.toLower(); |
| 119 | ||
| 120 | debugs(28, 6, "Adding user " << s); | |
| 121 | userDataNames.insert(s); | |
| 8000a965 | 122 | } |
| bb517ac8 FC |
123 | |
| 124 | if (flags.required && !userDataNames.empty()) { | |
| 125 | debugs(28, DBG_PARSE_NOTE(1), "WARNING: detected attempt to add usernames to an acl of type REQUIRED"); | |
| 126 | userDataNames.clear(); | |
| 127 | } | |
| 128 | ||
| 129 | debugs(28,4, "ACL contains " << userDataNames.size() << " users"); | |
| 8000a965 | 130 | } |
| 225b7b10 | 131 | |
| 65092baf | 132 | bool |
| 133 | ACLUserData::empty() const | |
| 134 | { | |
| bb517ac8 FC |
135 | debugs(28,6,"required: " << flags.required << ", number of users: " << userDataNames.size()); |
| 136 | if (flags.required) | |
| 137 | return false; | |
| 138 | return userDataNames.empty(); | |
| 65092baf | 139 | } |
| 140 | ||
| 5dee515e | 141 | ACLData<char const *> * |
| 225b7b10 | 142 | ACLUserData::clone() const |
| 143 | { | |
| 225b7b10 | 144 | return new ACLUserData; |
| 145 | } | |
| f53969cc | 146 |