]> git.ipfire.org Git - thirdparty/squid.git/blob - src/acl/Acl.h
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merged from trunk (r12813).
[thirdparty/squid.git] / src / acl / Acl.h
1 /*
2 *
3 * SQUID Web Proxy Cache http://www.squid-cache.org/
4 * ----------------------------------------------------------
5 *
6 * Squid is the result of efforts by numerous individuals from
7 * the Internet community; see the CONTRIBUTORS file for full
8 * details. Many organizations have provided support for Squid's
9 * development; see the SPONSORS file for full details. Squid is
10 * Copyrighted (C) 2001 by the Regents of the University of
11 * California; see the COPYRIGHT file for full details. Squid
12 * incorporates software developed and/or copyrighted by other
13 * sources; see the CREDITS file for full details.
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
28 *
29 *
30 * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
31 */
32
33 #ifndef SQUID_ACL_H
34 #define SQUID_ACL_H
35
36 #include "acl/forward.h"
37 #include "base/Vector.h"
38 #include "cbdata.h"
39 #include "defines.h"
40 #include "dlink.h"
41 #include "MemPool.h"
42
43 #if HAVE_OSTREAM
44 #include <ostream>
45 #endif
46 #if HAVE_STRING
47 #include <string>
48 #endif
49
50 class ConfigParser;
51
52 typedef char ACLFlag;
53 // ACLData Flags
54 #define ACL_F_REGEX_CASE 'i'
55 #define ACL_F_NO_LOOKUP 'n'
56 #define ACL_F_END '\0'
57
58 /**
59 * \ingroup ACLAPI
60 * Used to hold a list of one-letter flags which can be passed as parameters
61 * to acls (eg '-i', '-n' etc)
62 */
63 class ACLFlags
64 {
65 public:
66 explicit ACLFlags(const ACLFlag flags[]) : supported_(flags), flags_(0) {}
67 ACLFlags() : flags_(0) {}
68 bool supported(const ACLFlag f) const; ///< True if the given flag supported
69 void makeSet(const ACLFlag f) { flags_ |= flagToInt(f); } ///< Set the given flag
70 /// Return true if the given flag is set
71 bool isSet(const ACLFlag f) const { return flags_ & flagToInt(f);}
72 /// Parse optional flags given in the form -[A..Z|a..z]
73 void parseFlags();
74 const char *flagsStr() const; ///< Convert the flags to a string representation
75
76 private:
77 /// Convert a flag to a 64bit unsigned integer.
78 /// The characters from 'A' to 'z' represented by the values from 65 to 122.
79 /// They are 57 different characters which can be fit to the bits of an 64bit
80 /// integer.
81 uint64_t flagToInt(const ACLFlag f) const {
82 assert('A' <= f && f <= 'z');
83 return ((uint64_t)1 << (f - 'A'));
84 }
85
86 std::string supported_; ///< The supported character flags
87 uint64_t flags_; ///< The flags which is set
88 public:
89 static const ACLFlag NoFlags[1]; ///< An empty flags list
90 };
91
92
93 /// A configurable condition. A node in the ACL expression tree.
94 /// Can evaluate itself in FilledChecklist context.
95 /// Does not change during evaluation.
96 /// \ingroup ACLAPI
97 class ACL
98 {
99
100 public:
101 void *operator new(size_t);
102 void operator delete(void *);
103
104 static ACL *Factory (char const *);
105 static void ParseAclLine(ConfigParser &parser, ACL ** head);
106 static void Initialize();
107 static ACL* FindByName(const char *name);
108
109 ACL();
110 explicit ACL(const ACLFlag flgs[]) : cfgline(NULL), next(NULL), flags(flgs) { memset(name, '\0', sizeof(name)); }
111 virtual ~ACL();
112
113 /// sets user-specified ACL name and squid.conf context
114 void context(const char *name, const char *configuration);
115
116 /// Orchestrates matching checklist against the ACL using match(),
117 /// after checking preconditions and while providing debugging.
118 /// Returns true if and only if there was a successful match.
119 /// Updates the checklist state on match, async, and failure.
120 bool matches(ACLChecklist *checklist) const;
121
122 virtual ACL *clone()const = 0;
123
124 /// parses node represenation in squid.conf; dies on failures
125 virtual void parse() = 0;
126 virtual char const *typeString() const = 0;
127 virtual bool isProxyAuth() const;
128 virtual wordlist *dump() const = 0;
129 virtual bool empty () const = 0;
130 virtual bool valid () const;
131
132 int cacheMatchAcl(dlink_list * cache, ACLChecklist *);
133 virtual int matchForCache(ACLChecklist *checklist);
134
135 virtual void prepareForUse() {}
136
137 char name[ACL_NAME_SZ];
138 char *cfgline;
139 ACL *next;
140 ACLFlags flags; ///< The list of given ACL flags
141 bool registered; ///< added to Config.aclList and can be reused via by FindByName()
142
143 public:
144
145 class Prototype
146 {
147
148 public:
149 Prototype ();
150 Prototype (ACL const *, char const *);
151 ~Prototype();
152 static bool Registered(char const *);
153 static ACL *Factory (char const *);
154
155 private:
156 ACL const*prototype;
157 char const *typeString;
158
159 private:
160 static Vector<Prototype const *> * Registry;
161 static void *Initialized;
162 typedef Vector<Prototype const*>::iterator iterator;
163 typedef Vector<Prototype const*>::const_iterator const_iterator;
164 void registerMe();
165 };
166
167 private:
168 /// Matches the actual data in checklist against this ACL.
169 virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const
170
171 /// whether our (i.e. shallow) match() requires checklist to have a request
172 virtual bool requiresRequest() const;
173 /// whether our (i.e. shallow) match() requires checklist to have a reply
174 virtual bool requiresReply() const;
175 };
176
177 /// \ingroup ACLAPI
178 typedef enum {
179 // Authorization ACL result states
180 ACCESS_DENIED,
181 ACCESS_ALLOWED,
182 ACCESS_DUNNO,
183
184 // Authentication ACL result states
185 ACCESS_AUTH_REQUIRED, // Missing Credentials
186 } aclMatchCode;
187
188 /// \ingroup ACLAPI
189 /// ACL check answer; TODO: Rename to Acl::Answer
190 class allow_t
191 {
192 public:
193 // not explicit: allow "aclMatchCode to allow_t" conversions (for now)
194 allow_t(const aclMatchCode aCode): code(aCode), kind(0) {}
195
196 allow_t(): code(ACCESS_DUNNO), kind(0) {}
197
198 bool operator ==(const aclMatchCode aCode) const {
199 return code == aCode;
200 }
201
202 bool operator !=(const aclMatchCode aCode) const {
203 return !(*this == aCode);
204 }
205
206 operator aclMatchCode() const {
207 return code;
208 }
209
210 aclMatchCode code; ///< ACCESS_* code
211 int kind; ///< which custom access list verb matched
212 };
213
214 inline std::ostream &
215 operator <<(std::ostream &o, const allow_t a)
216 {
217 switch (a) {
218 case ACCESS_DENIED:
219 o << "DENIED";
220 break;
221 case ACCESS_ALLOWED:
222 o << "ALLOWED";
223 break;
224 case ACCESS_DUNNO:
225 o << "DUNNO";
226 break;
227 case ACCESS_AUTH_REQUIRED:
228 o << "AUTH_REQUIRED";
229 break;
230 }
231 return o;
232 }
233
234 /// \ingroup ACLAPI
235 class acl_proxy_auth_match_cache
236 {
237
238 public:
239 MEMPROXY_CLASS(acl_proxy_auth_match_cache);
240 dlink_node link;
241 int matchrv;
242 void *acl_data;
243 };
244
245 MEMPROXY_CLASS_INLINE(acl_proxy_auth_match_cache);
246
247 /// \ingroup ACLAPI
248 extern const char *AclMatchedName; /* NULL */
249
250 #endif /* SQUID_ACL_H */
Mirror of https://github.com/squid-cache/squid.git