[thirdparty/squid.git] / src / acl / UserData.cc

/*
 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/* DEBUG: section 28    Access Control */

#include "squid.h"
#include "acl/Checklist.h"
#include "acl/Options.h"
#include "acl/UserData.h"
#include "ConfigParser.h"
#include "debug/Stream.h"
#include "globals.h"
#include "sbuf/Algorithms.h"
#include "util.h"

Acl::BooleanOptionValue ACLUserData::CaseInsensitive_;

bool
ACLUserData::match(char const *user)
{
    debugs(28, 7, "user is " << user << ", case_insensitive is " << flags.case_insensitive);

    if (user == nullptr || strcmp(user, "-") == 0)
        return 0;

    if (flags.required) {
        debugs(28, 7, "aclMatchUser: user REQUIRED and auth-info present.");
        return 1;
    }

    bool result = (userDataNames.find(SBuf(user)) != userDataNames.end());
    debugs(28, 7, "returning " << result);
    return result;
}

SBufList
ACLUserData::dump() const
{
    SBufList sl;

    if (flags.required) {
        sl.push_back(SBuf("REQUIRED"));
        return sl;
    }

    if (flags.case_insensitive)
        sl.push_back(SBuf("-i"));

    sl.insert(sl.end(), userDataNames.begin(), userDataNames.end());

    debugs(28,5, "ACLUserData dump output: " <<
           JoinContainerToSBuf(userDataNames.begin(), userDataNames.end(),
                               SBuf(" ")));
    return sl;
}

static bool
CaseSensitiveSBufCompare(const SBuf &lhs, const SBuf &rhs)
{
    return (lhs.cmp(rhs) < 0);
}

static bool
CaseInsensitveSBufCompare(const SBuf &lhs, const SBuf &rhs)
{
    return (lhs.caseCmp(rhs) < 0);
}

ACLUserData::ACLUserData() :
    userDataNames(CaseSensitiveSBufCompare)
{
    flags.case_insensitive = false;
    flags.required = false;
}

const Acl::Options &
ACLUserData::lineOptions()
{
    static auto MyCaseSensitivityOption = Acl::CaseSensitivityOption();
    static const Acl::Options MyOptions = { &MyCaseSensitivityOption };
    MyCaseSensitivityOption.linkWith(&CaseInsensitive_);
    return MyOptions;
}

void
ACLUserData::parse()
{
    debugs(28, 2, "parsing user list");
    flags.case_insensitive = bool(CaseInsensitive_);

    char *t = nullptr;
    if ((t = ConfigParser::strtokFile())) {
        SBuf s(t);
        debugs(28, 5, "first token is " << s);

        if (s.cmp("-i",2) == 0) {
            debugs(28, 5, "Going case-insensitive");
            flags.case_insensitive = true;
            // due to how the std::set API work, if we want to change
            // the comparison function we have to create a new std::set
            UserDataNames_t newUdn(CaseInsensitveSBufCompare);
            newUdn.insert(userDataNames.begin(), userDataNames.end());
            swap(userDataNames,newUdn);
        } else if (s.cmp("REQUIRED") == 0) {
            debugs(28, 5, "REQUIRED-type enabled");
            flags.required = true;
        } else {
            if (flags.case_insensitive)
                s.toLower();

            debugs(28, 6, "Adding user " << s);
            userDataNames.insert(s);
        }
    }

    debugs(28, 3, "Case-insensitive-switch is " << flags.case_insensitive);
    /* we might inherit from a previous declaration */

    debugs(28, 4, "parsing following tokens");

    while ((t = ConfigParser::strtokFile())) {
        SBuf s(t);
        debugs(28, 6, "Got token: " << s);

        if (flags.case_insensitive)
            s.toLower();

        debugs(28, 6, "Adding user " << s);
        userDataNames.insert(s);
    }

    if (flags.required && !userDataNames.empty()) {
        debugs(28, DBG_PARSE_NOTE(1), "WARNING: detected attempt to add usernames to an acl of type REQUIRED");
        userDataNames.clear();
    }

    debugs(28,4, "ACL contains " << userDataNames.size() << " users");
}

bool
ACLUserData::empty() const
{
    debugs(28,6,"required: " << flags.required << ", number of users: " << userDataNames.size());
    if (flags.required)
        return false;
    return userDataNames.empty();
}
Commit	Line	Data
8000a965	1	/*
bf95c10a	2	* Copyright (C) 1996-2022 The Squid Software Foundation and contributors
8000a965	3	*
bbc27441 AJ	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
8000a965	7	*/
8000a965	8
bbc27441 AJ	9	/* DEBUG: section 28 Access Control */
bbc27441 AJ	10
582c2af2	11	#include "squid.h"
3ad63615	12	#include "acl/Checklist.h"
8d76389c	13	#include "acl/Options.h"
602d9612 A	14	#include "acl/UserData.h"
602d9612 A	15	#include "ConfigParser.h"
675b8408	16	#include "debug/Stream.h"
d82c26b8	17	#include "globals.h"
5218815a	18	#include "sbuf/Algorithms.h"
68acf08e	19	#include "util.h"
8000a965	20
8d76389c	21	Acl::BooleanOptionValue ACLUserData::CaseInsensitive_;
d4c6acac	22
8000a965	23	bool
	24	ACLUserData::match(char const *user)
	25	{
52669f3a	26	debugs(28, 7, "user is " << user << ", case_insensitive is " << flags.case_insensitive);
8000a965	27
aee3523a	28	if (user == nullptr \|\| strcmp(user, "-") == 0)
62e76326	29	return 0;
8000a965	30
8000a965	31	if (flags.required) {
bf8fe701	32	debugs(28, 7, "aclMatchUser: user REQUIRED and auth-info present.");
62e76326	33	return 1;
8000a965	34	}
62e76326	35
52669f3a FC	36	bool result = (userDataNames.find(SBuf(user)) != userDataNames.end());
	37	debugs(28, 7, "returning " << result);
	38	return result;
8000a965	39	}
8000a965	40
8966008b	41	SBufList
4f8ca96e	42	ACLUserData::dump() const
8000a965	43	{
8966008b	44	SBufList sl;
62e76326	45
52bc393b	46	if (flags.required) {
8966008b	47	sl.push_back(SBuf("REQUIRED"));
702240e4	48	return sl;
52bc393b	49	}
e20d485b	50
8000a965	51	if (flags.case_insensitive)
8966008b	52	sl.push_back(SBuf("-i"));
62e76326	53
d7e24049	54	sl.insert(sl.end(), userDataNames.begin(), userDataNames.end());
62e76326	55
f9879a34	56	debugs(28,5, "ACLUserData dump output: " <<
80bd33c3 SM	57	JoinContainerToSBuf(userDataNames.begin(), userDataNames.end(),
80bd33c3 SM	58	SBuf(" ")));
8966008b	59	return sl;
8000a965	60	}
8000a965	61
87b5a196 AJ	62	static bool
	63	CaseSensitiveSBufCompare(const SBuf &lhs, const SBuf &rhs)
	64	{
	65	return (lhs.cmp(rhs) < 0);
	66	}
	67
52669f3a FC	68	static bool
	69	CaseInsensitveSBufCompare(const SBuf &lhs, const SBuf &rhs)
	70	{
	71	return (lhs.caseCmp(rhs) < 0);
	72	}
bb517ac8	73
d59e4742	74	ACLUserData::ACLUserData() :
87b5a196	75	userDataNames(CaseSensitiveSBufCompare)
796e7038	76	{
cc8c4af2 AJ	77	flags.case_insensitive = false;
cc8c4af2 AJ	78	flags.required = false;
796e7038 FC	79	}
796e7038 FC	80
8d76389c EB	81	const Acl::Options &
	82	ACLUserData::lineOptions()
	83	{
	84	static auto MyCaseSensitivityOption = Acl::CaseSensitivityOption();
	85	static const Acl::Options MyOptions = { &MyCaseSensitivityOption };
	86	MyCaseSensitivityOption.linkWith(&CaseInsensitive_);
	87	return MyOptions;
	88	}
	89
8000a965	90	void
	91	ACLUserData::parse()
	92	{
52669f3a	93	debugs(28, 2, "parsing user list");
8d76389c	94	flags.case_insensitive = bool(CaseInsensitive_);
5bc2be30	95
aee3523a	96	char *t = nullptr;
d295d770	97	if ((t = ConfigParser::strtokFile())) {
bb517ac8 FC	98	SBuf s(t);
bb517ac8 FC	99	debugs(28, 5, "first token is " << s);
62e76326	100
bb517ac8	101	if (s.cmp("-i",2) == 0) {
52669f3a	102	debugs(28, 5, "Going case-insensitive");
3dd52a0b	103	flags.case_insensitive = true;
52669f3a FC	104	// due to how the std::set API work, if we want to change
	105	// the comparison function we have to create a new std::set
	106	UserDataNames_t newUdn(CaseInsensitveSBufCompare);
	107	newUdn.insert(userDataNames.begin(), userDataNames.end());
	108	swap(userDataNames,newUdn);
bb517ac8	109	} else if (s.cmp("REQUIRED") == 0) {
52669f3a	110	debugs(28, 5, "REQUIRED-type enabled");
3dd52a0b	111	flags.required = true;
62e76326	112	} else {
62e76326	113	if (flags.case_insensitive)
bb517ac8 FC	114	s.toLower();
	115
	116	debugs(28, 6, "Adding user " << s);
	117	userDataNames.insert(s);
62e76326	118	}
8000a965	119	}
62e76326	120
52669f3a	121	debugs(28, 3, "Case-insensitive-switch is " << flags.case_insensitive);
8000a965	122	/* we might inherit from a previous declaration */
8000a965	123
bb517ac8	124	debugs(28, 4, "parsing following tokens");
62e76326	125
d295d770	126	while ((t = ConfigParser::strtokFile())) {
bb517ac8 FC	127	SBuf s(t);
bb517ac8 FC	128	debugs(28, 6, "Got token: " << s);
62e76326	129
62e76326	130	if (flags.case_insensitive)
bb517ac8 FC	131	s.toLower();
	132
	133	debugs(28, 6, "Adding user " << s);
	134	userDataNames.insert(s);
8000a965	135	}
bb517ac8 FC	136
	137	if (flags.required && !userDataNames.empty()) {
	138	debugs(28, DBG_PARSE_NOTE(1), "WARNING: detected attempt to add usernames to an acl of type REQUIRED");
	139	userDataNames.clear();
	140	}
	141
	142	debugs(28,4, "ACL contains " << userDataNames.size() << " users");
8000a965	143	}
225b7b10	144
65092baf	145	bool
	146	ACLUserData::empty() const
	147	{
bb517ac8 FC	148	debugs(28,6,"required: " << flags.required << ", number of users: " << userDataNames.size());
	149	if (flags.required)
	150	return false;
	151	return userDataNames.empty();
65092baf	152	}
65092baf	153