2 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
12 #include "acl/forward.h"
26 #define ACL_F_REGEX_CASE 'i'
27 #define ACL_F_NO_LOOKUP 'n'
28 #define ACL_F_STRICT 's'
29 #define ACL_F_END '\0'
33 * Used to hold a list of one-letter flags which can be passed as parameters
34 * to acls (eg '-i', '-n' etc)
39 explicit ACLFlags(const ACLFlag flags
[]) : supported_(flags
), flags_(0) {}
40 ACLFlags() : flags_(0) {}
41 bool supported(const ACLFlag f
) const; ///< True if the given flag supported
42 void makeSet(const ACLFlag f
) { flags_
|= flagToInt(f
); } ///< Set the given flag
43 void makeUnSet(const ACLFlag f
) { flags_
&= ~flagToInt(f
); } ///< Unset the given flag
44 /// Return true if the given flag is set
45 bool isSet(const ACLFlag f
) const { return flags_
& flagToInt(f
);}
46 /// Parse optional flags given in the form -[A..Z|a..z]
48 const char *flagsStr() const; ///< Convert the flags to a string representation
51 /// Convert a flag to a 64bit unsigned integer.
52 /// The characters from 'A' to 'z' represented by the values from 65 to 122.
53 /// They are 57 different characters which can be fit to the bits of an 64bit
55 uint64_t flagToInt(const ACLFlag f
) const {
56 assert('A' <= f
&& f
<= 'z');
57 return ((uint64_t)1 << (f
- 'A'));
60 std::string supported_
; ///< The supported character flags
61 uint64_t flags_
; ///< The flags which is set
63 static const ACLFlag NoFlags
[1]; ///< An empty flags list
66 /// A configurable condition. A node in the ACL expression tree.
67 /// Can evaluate itself in FilledChecklist context.
68 /// Does not change during evaluation.
74 void *operator new(size_t);
75 void operator delete(void *);
77 static ACL
*Factory(char const *);
78 static void ParseAclLine(ConfigParser
&parser
, ACL
** head
);
79 static void Initialize();
80 static ACL
*FindByName(const char *name
);
83 explicit ACL(const ACLFlag flgs
[]) : cfgline(NULL
), next(NULL
), flags(flgs
), registered(false) {
88 /// sets user-specified ACL name and squid.conf context
89 void context(const char *name
, const char *configuration
);
91 /// Orchestrates matching checklist against the ACL using match(),
92 /// after checking preconditions and while providing debugging.
93 /// Returns true if and only if there was a successful match.
94 /// Updates the checklist state on match, async, and failure.
95 bool matches(ACLChecklist
*checklist
) const;
97 virtual ACL
*clone() const = 0;
99 /// parses node represenation in squid.conf; dies on failures
100 virtual void parse() = 0;
101 virtual char const *typeString() const = 0;
102 virtual bool isProxyAuth() const;
103 virtual SBufList
dump() const = 0;
104 virtual bool empty() const = 0;
105 virtual bool valid() const;
107 int cacheMatchAcl(dlink_list
* cache
, ACLChecklist
*);
108 virtual int matchForCache(ACLChecklist
*checklist
);
110 virtual void prepareForUse() {}
112 char name
[ACL_NAME_SZ
];
114 ACL
*next
; // XXX: remove or at least use refcounting
115 ACLFlags flags
; ///< The list of given ACL flags
116 bool registered
; ///< added to the global list of ACLs via aclRegister()
125 Prototype(ACL
const *, char const *);
127 static bool Registered(char const *);
128 static ACL
*Factory(char const *);
131 ACL
const *prototype
;
132 char const *typeString
;
135 static std::vector
<Prototype
const *> * Registry
;
136 static void *Initialized
;
137 typedef std::vector
<Prototype
const*>::iterator iterator
;
138 typedef std::vector
<Prototype
const*>::const_iterator const_iterator
;
143 /// Matches the actual data in checklist against this ACL.
144 virtual int match(ACLChecklist
*checklist
) = 0; // XXX: missing const
146 /// whether our (i.e. shallow) match() requires checklist to have a request
147 virtual bool requiresRequest() const;
148 /// whether our (i.e. shallow) match() requires checklist to have a reply
149 virtual bool requiresReply() const;
154 // Authorization ACL result states
159 // Authentication ACL result states
160 ACCESS_AUTH_REQUIRED
, // Missing Credentials
164 /// ACL check answer; TODO: Rename to Acl::Answer
168 // not explicit: allow "aclMatchCode to allow_t" conversions (for now)
169 allow_t(const aclMatchCode aCode
): code(aCode
), kind(0) {}
171 allow_t(): code(ACCESS_DUNNO
), kind(0) {}
173 bool operator ==(const aclMatchCode aCode
) const {
174 return code
== aCode
;
177 bool operator !=(const aclMatchCode aCode
) const {
178 return !(*this == aCode
);
181 operator aclMatchCode() const {
185 aclMatchCode code
; ///< ACCESS_* code
186 int kind
; ///< which custom access list verb matched
189 inline std::ostream
&
190 operator <<(std::ostream
&o
, const allow_t a
)
202 case ACCESS_AUTH_REQUIRED
:
203 o
<< "AUTH_REQUIRED";
210 class acl_proxy_auth_match_cache
212 MEMPROXY_CLASS(acl_proxy_auth_match_cache
);
221 /// XXX: find a way to remove or at least use a refcounted ACL pointer
222 extern const char *AclMatchedName
; /* NULL */
224 #endif /* SQUID_ACL_H */