]> git.ipfire.org Git - thirdparty/squid.git/blob - src/acl/Acl.h
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Sync with trunk rev.13542
[thirdparty/squid.git] / src / acl / Acl.h
1 /*
2 *
3 * SQUID Web Proxy Cache http://www.squid-cache.org/
4 * ----------------------------------------------------------
5 *
6 * Squid is the result of efforts by numerous individuals from
7 * the Internet community; see the CONTRIBUTORS file for full
8 * details. Many organizations have provided support for Squid's
9 * development; see the SPONSORS file for full details. Squid is
10 * Copyrighted (C) 2001 by the Regents of the University of
11 * California; see the COPYRIGHT file for full details. Squid
12 * incorporates software developed and/or copyrighted by other
13 * sources; see the CREDITS file for full details.
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
28 *
29 *
30 * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
31 */
32
33 #ifndef SQUID_ACL_H
34 #define SQUID_ACL_H
35
36 #include "acl/forward.h"
37 #include "cbdata.h"
38 #include "defines.h"
39 #include "dlink.h"
40 #include "MemPool.h"
41 #include "SBufList.h"
42
43 #include <ostream>
44 #include <string>
45 #include <vector>
46
47 class ConfigParser;
48
49 typedef char ACLFlag;
50 // ACLData Flags
51 #define ACL_F_REGEX_CASE 'i'
52 #define ACL_F_NO_LOOKUP 'n'
53 #define ACL_F_STRICT 's'
54 #define ACL_F_END '\0'
55
56 /**
57 * \ingroup ACLAPI
58 * Used to hold a list of one-letter flags which can be passed as parameters
59 * to acls (eg '-i', '-n' etc)
60 */
61 class ACLFlags
62 {
63 public:
64 explicit ACLFlags(const ACLFlag flags[]) : supported_(flags), flags_(0) {}
65 ACLFlags() : flags_(0) {}
66 bool supported(const ACLFlag f) const; ///< True if the given flag supported
67 void makeSet(const ACLFlag f) { flags_ |= flagToInt(f); } ///< Set the given flag
68 /// Return true if the given flag is set
69 bool isSet(const ACLFlag f) const { return flags_ & flagToInt(f);}
70 /// Parse optional flags given in the form -[A..Z|a..z]
71 void parseFlags();
72 const char *flagsStr() const; ///< Convert the flags to a string representation
73
74 private:
75 /// Convert a flag to a 64bit unsigned integer.
76 /// The characters from 'A' to 'z' represented by the values from 65 to 122.
77 /// They are 57 different characters which can be fit to the bits of an 64bit
78 /// integer.
79 uint64_t flagToInt(const ACLFlag f) const {
80 assert('A' <= f && f <= 'z');
81 return ((uint64_t)1 << (f - 'A'));
82 }
83
84 std::string supported_; ///< The supported character flags
85 uint64_t flags_; ///< The flags which is set
86 public:
87 static const ACLFlag NoFlags[1]; ///< An empty flags list
88 };
89
90 /// A configurable condition. A node in the ACL expression tree.
91 /// Can evaluate itself in FilledChecklist context.
92 /// Does not change during evaluation.
93 /// \ingroup ACLAPI
94 class ACL
95 {
96
97 public:
98 void *operator new(size_t);
99 void operator delete(void *);
100
101 static ACL *Factory(char const *);
102 static void ParseAclLine(ConfigParser &parser, ACL ** head);
103 static void Initialize();
104 static ACL *FindByName(const char *name);
105
106 ACL();
107 explicit ACL(const ACLFlag flgs[]) : cfgline(NULL), next(NULL), flags(flgs) { memset(name, '\0', sizeof(name)); }
108 virtual ~ACL();
109
110 /// sets user-specified ACL name and squid.conf context
111 void context(const char *name, const char *configuration);
112
113 /// Orchestrates matching checklist against the ACL using match(),
114 /// after checking preconditions and while providing debugging.
115 /// Returns true if and only if there was a successful match.
116 /// Updates the checklist state on match, async, and failure.
117 bool matches(ACLChecklist *checklist) const;
118
119 virtual ACL *clone() const = 0;
120
121 /// parses node represenation in squid.conf; dies on failures
122 virtual void parse() = 0;
123 virtual char const *typeString() const = 0;
124 virtual bool isProxyAuth() const;
125 virtual SBufList dump() const = 0;
126 virtual bool empty() const = 0;
127 virtual bool valid() const;
128
129 int cacheMatchAcl(dlink_list * cache, ACLChecklist *);
130 virtual int matchForCache(ACLChecklist *checklist);
131
132 virtual void prepareForUse() {}
133
134 char name[ACL_NAME_SZ];
135 char *cfgline;
136 ACL *next; // XXX: remove or at least use refcounting
137 ACLFlags flags; ///< The list of given ACL flags
138 bool registered; ///< added to the global list of ACLs via aclRegister()
139
140 public:
141
142 class Prototype
143 {
144
145 public:
146 Prototype();
147 Prototype(ACL const *, char const *);
148 ~Prototype();
149 static bool Registered(char const *);
150 static ACL *Factory(char const *);
151
152 private:
153 ACL const *prototype;
154 char const *typeString;
155
156 private:
157 static std::vector<Prototype const *> * Registry;
158 static void *Initialized;
159 typedef std::vector<Prototype const*>::iterator iterator;
160 typedef std::vector<Prototype const*>::const_iterator const_iterator;
161 void registerMe();
162 };
163
164 private:
165 /// Matches the actual data in checklist against this ACL.
166 virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const
167
168 /// whether our (i.e. shallow) match() requires checklist to have a request
169 virtual bool requiresRequest() const;
170 /// whether our (i.e. shallow) match() requires checklist to have a reply
171 virtual bool requiresReply() const;
172 };
173
174 /// \ingroup ACLAPI
175 typedef enum {
176 // Authorization ACL result states
177 ACCESS_DENIED,
178 ACCESS_ALLOWED,
179 ACCESS_DUNNO,
180
181 // Authentication ACL result states
182 ACCESS_AUTH_REQUIRED, // Missing Credentials
183 } aclMatchCode;
184
185 /// \ingroup ACLAPI
186 /// ACL check answer; TODO: Rename to Acl::Answer
187 class allow_t
188 {
189 public:
190 // not explicit: allow "aclMatchCode to allow_t" conversions (for now)
191 allow_t(const aclMatchCode aCode): code(aCode), kind(0) {}
192
193 allow_t(): code(ACCESS_DUNNO), kind(0) {}
194
195 bool operator ==(const aclMatchCode aCode) const {
196 return code == aCode;
197 }
198
199 bool operator !=(const aclMatchCode aCode) const {
200 return !(*this == aCode);
201 }
202
203 operator aclMatchCode() const {
204 return code;
205 }
206
207 aclMatchCode code; ///< ACCESS_* code
208 int kind; ///< which custom access list verb matched
209 };
210
211 inline std::ostream &
212 operator <<(std::ostream &o, const allow_t a)
213 {
214 switch (a) {
215 case ACCESS_DENIED:
216 o << "DENIED";
217 break;
218 case ACCESS_ALLOWED:
219 o << "ALLOWED";
220 break;
221 case ACCESS_DUNNO:
222 o << "DUNNO";
223 break;
224 case ACCESS_AUTH_REQUIRED:
225 o << "AUTH_REQUIRED";
226 break;
227 }
228 return o;
229 }
230
231 /// \ingroup ACLAPI
232 class acl_proxy_auth_match_cache
233 {
234
235 public:
236 MEMPROXY_CLASS(acl_proxy_auth_match_cache);
237 dlink_node link;
238 int matchrv;
239 void *acl_data;
240 };
241
242 MEMPROXY_CLASS_INLINE(acl_proxy_auth_match_cache);
243
244 /// \ingroup ACLAPI
245 /// XXX: find a way to remove or at least use a refcounted ACL pointer
246 extern const char *AclMatchedName; /* NULL */
247
248 #endif /* SQUID_ACL_H */
Mirror of https://github.com/squid-cache/squid.git