]>
Commit | Line | Data |
---|---|---|
8000a965 | 1 | /* |
bf95c10a | 2 | * Copyright (C) 1996-2022 The Squid Software Foundation and contributors |
8000a965 | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
8000a965 | 7 | */ |
8 | ||
bbc27441 AJ |
9 | /* DEBUG: section 28 Access Control */ |
10 | ||
582c2af2 | 11 | #include "squid.h" |
3ad63615 | 12 | #include "acl/Checklist.h" |
8d76389c | 13 | #include "acl/Options.h" |
602d9612 A |
14 | #include "acl/UserData.h" |
15 | #include "ConfigParser.h" | |
675b8408 | 16 | #include "debug/Stream.h" |
d82c26b8 | 17 | #include "globals.h" |
5218815a | 18 | #include "sbuf/Algorithms.h" |
68acf08e | 19 | #include "util.h" |
8000a965 | 20 | |
8d76389c | 21 | Acl::BooleanOptionValue ACLUserData::CaseInsensitive_; |
d4c6acac | 22 | |
8000a965 | 23 | bool |
24 | ACLUserData::match(char const *user) | |
25 | { | |
52669f3a | 26 | debugs(28, 7, "user is " << user << ", case_insensitive is " << flags.case_insensitive); |
8000a965 | 27 | |
aee3523a | 28 | if (user == nullptr || strcmp(user, "-") == 0) |
62e76326 | 29 | return 0; |
8000a965 | 30 | |
31 | if (flags.required) { | |
bf8fe701 | 32 | debugs(28, 7, "aclMatchUser: user REQUIRED and auth-info present."); |
62e76326 | 33 | return 1; |
8000a965 | 34 | } |
62e76326 | 35 | |
52669f3a FC |
36 | bool result = (userDataNames.find(SBuf(user)) != userDataNames.end()); |
37 | debugs(28, 7, "returning " << result); | |
38 | return result; | |
8000a965 | 39 | } |
40 | ||
8966008b | 41 | SBufList |
4f8ca96e | 42 | ACLUserData::dump() const |
8000a965 | 43 | { |
8966008b | 44 | SBufList sl; |
62e76326 | 45 | |
52bc393b | 46 | if (flags.required) { |
8966008b | 47 | sl.push_back(SBuf("REQUIRED")); |
702240e4 | 48 | return sl; |
52bc393b | 49 | } |
e20d485b | 50 | |
8000a965 | 51 | if (flags.case_insensitive) |
8966008b | 52 | sl.push_back(SBuf("-i")); |
62e76326 | 53 | |
d7e24049 | 54 | sl.insert(sl.end(), userDataNames.begin(), userDataNames.end()); |
62e76326 | 55 | |
f9879a34 | 56 | debugs(28,5, "ACLUserData dump output: " << |
80bd33c3 SM |
57 | JoinContainerToSBuf(userDataNames.begin(), userDataNames.end(), |
58 | SBuf(" "))); | |
8966008b | 59 | return sl; |
8000a965 | 60 | } |
61 | ||
87b5a196 AJ |
62 | static bool |
63 | CaseSensitiveSBufCompare(const SBuf &lhs, const SBuf &rhs) | |
64 | { | |
65 | return (lhs.cmp(rhs) < 0); | |
66 | } | |
67 | ||
52669f3a FC |
68 | static bool |
69 | CaseInsensitveSBufCompare(const SBuf &lhs, const SBuf &rhs) | |
70 | { | |
71 | return (lhs.caseCmp(rhs) < 0); | |
72 | } | |
bb517ac8 | 73 | |
d59e4742 | 74 | ACLUserData::ACLUserData() : |
87b5a196 | 75 | userDataNames(CaseSensitiveSBufCompare) |
796e7038 | 76 | { |
cc8c4af2 AJ |
77 | flags.case_insensitive = false; |
78 | flags.required = false; | |
796e7038 FC |
79 | } |
80 | ||
8d76389c EB |
81 | const Acl::Options & |
82 | ACLUserData::lineOptions() | |
83 | { | |
84 | static auto MyCaseSensitivityOption = Acl::CaseSensitivityOption(); | |
85 | static const Acl::Options MyOptions = { &MyCaseSensitivityOption }; | |
86 | MyCaseSensitivityOption.linkWith(&CaseInsensitive_); | |
87 | return MyOptions; | |
88 | } | |
89 | ||
8000a965 | 90 | void |
91 | ACLUserData::parse() | |
92 | { | |
52669f3a | 93 | debugs(28, 2, "parsing user list"); |
8d76389c | 94 | flags.case_insensitive = bool(CaseInsensitive_); |
5bc2be30 | 95 | |
aee3523a | 96 | char *t = nullptr; |
d295d770 | 97 | if ((t = ConfigParser::strtokFile())) { |
bb517ac8 FC |
98 | SBuf s(t); |
99 | debugs(28, 5, "first token is " << s); | |
62e76326 | 100 | |
bb517ac8 | 101 | if (s.cmp("-i",2) == 0) { |
52669f3a | 102 | debugs(28, 5, "Going case-insensitive"); |
3dd52a0b | 103 | flags.case_insensitive = true; |
52669f3a FC |
104 | // due to how the std::set API work, if we want to change |
105 | // the comparison function we have to create a new std::set | |
106 | UserDataNames_t newUdn(CaseInsensitveSBufCompare); | |
107 | newUdn.insert(userDataNames.begin(), userDataNames.end()); | |
108 | swap(userDataNames,newUdn); | |
bb517ac8 | 109 | } else if (s.cmp("REQUIRED") == 0) { |
52669f3a | 110 | debugs(28, 5, "REQUIRED-type enabled"); |
3dd52a0b | 111 | flags.required = true; |
62e76326 | 112 | } else { |
113 | if (flags.case_insensitive) | |
bb517ac8 FC |
114 | s.toLower(); |
115 | ||
116 | debugs(28, 6, "Adding user " << s); | |
117 | userDataNames.insert(s); | |
62e76326 | 118 | } |
8000a965 | 119 | } |
62e76326 | 120 | |
52669f3a | 121 | debugs(28, 3, "Case-insensitive-switch is " << flags.case_insensitive); |
8000a965 | 122 | /* we might inherit from a previous declaration */ |
123 | ||
bb517ac8 | 124 | debugs(28, 4, "parsing following tokens"); |
62e76326 | 125 | |
d295d770 | 126 | while ((t = ConfigParser::strtokFile())) { |
bb517ac8 FC |
127 | SBuf s(t); |
128 | debugs(28, 6, "Got token: " << s); | |
62e76326 | 129 | |
130 | if (flags.case_insensitive) | |
bb517ac8 FC |
131 | s.toLower(); |
132 | ||
133 | debugs(28, 6, "Adding user " << s); | |
134 | userDataNames.insert(s); | |
8000a965 | 135 | } |
bb517ac8 FC |
136 | |
137 | if (flags.required && !userDataNames.empty()) { | |
138 | debugs(28, DBG_PARSE_NOTE(1), "WARNING: detected attempt to add usernames to an acl of type REQUIRED"); | |
139 | userDataNames.clear(); | |
140 | } | |
141 | ||
142 | debugs(28,4, "ACL contains " << userDataNames.size() << " users"); | |
8000a965 | 143 | } |
225b7b10 | 144 | |
65092baf | 145 | bool |
146 | ACLUserData::empty() const | |
147 | { | |
bb517ac8 FC |
148 | debugs(28,6,"required: " << flags.required << ", number of users: " << userDataNames.size()); |
149 | if (flags.required) | |
150 | return false; | |
151 | return userDataNames.empty(); | |
65092baf | 152 | } |
153 |