src/acl/Acl.h

   1 /*
   2  * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_ACL_H
  10 #define SQUID_ACL_H
  11
  12 #include "acl/forward.h"
  13 #include "cbdata.h"
  14 #include "defines.h"
  15 #include "dlink.h"
  16 #include "MemPool.h"
  17 #include "SBufList.h"
  18
  19 #include <ostream>
  20 #include <string>
  21 #include <vector>
  22
  23 class ConfigParser;
  24
  25 typedef char ACLFlag;
  26 // ACLData Flags
  27 #define ACL_F_REGEX_CASE 'i'
  28 #define ACL_F_NO_LOOKUP 'n'
  29 #define ACL_F_STRICT 's'
  30 #define ACL_F_END '\0'
  31
  32 /**
  33  * \ingroup ACLAPI
  34  * Used to hold a list of one-letter flags which can be passed as parameters
  35  * to acls  (eg '-i', '-n' etc)
  36  */
  37 class ACLFlags
  38 {
  39 public:
  40     explicit ACLFlags(const ACLFlag flags[]) : supported_(flags), flags_(0) {}
  41     ACLFlags() : flags_(0) {}
  42     bool supported(const ACLFlag f) const; ///< True if the given flag supported
  43     void makeSet(const ACLFlag f) { flags_ |= flagToInt(f); } ///< Set the given flag
  44     /// Return true if the given flag is set
  45     bool isSet(const ACLFlag f) const { return flags_ & flagToInt(f);}
  46     /// Parse optional flags given in the form -[A..Z|a..z]
  47     void parseFlags();
  48     const char *flagsStr() const; ///< Convert the flags to a string representation
  49
  50 private:
  51     /// Convert a flag to a 64bit unsigned integer.
  52     /// The characters from 'A' to 'z' represented by the values from 65 to 122.
  53     /// They are 57 different characters which can be fit to the bits of an 64bit
  54     /// integer.
  55     uint64_t flagToInt(const ACLFlag f) const {
  56         assert('A' <= f && f <= 'z');
  57         return ((uint64_t)1 << (f - 'A'));
  58     }
  59
  60     std::string supported_; ///< The supported character flags
  61     uint64_t flags_; ///< The flags which is set
  62 public:
  63     static const ACLFlag NoFlags[1]; ///< An empty flags list
  64 };
  65
  66 /// A configurable condition. A node in the ACL expression tree.
  67 /// Can evaluate itself in FilledChecklist context.
  68 /// Does not change during evaluation.
  69 /// \ingroup ACLAPI
  70 class ACL
  71 {
  72
  73 public:
  74     void *operator new(size_t);
  75     void operator delete(void *);
  76
  77     static ACL *Factory(char const *);
  78     static void ParseAclLine(ConfigParser &parser, ACL ** head);
  79     static void Initialize();
  80     static ACL *FindByName(const char *name);
  81
  82     ACL();
  83     explicit ACL(const ACLFlag flgs[]) : cfgline(NULL), next(NULL), flags(flgs), registered(false) {
  84         *name = 0;
  85     }
  86     virtual ~ACL();
  87
  88     /// sets user-specified ACL name and squid.conf context
  89     void context(const char *name, const char *configuration);
  90
  91     /// Orchestrates matching checklist against the ACL using match(),
  92     /// after checking preconditions and while providing debugging.
  93     /// Returns true if and only if there was a successful match.
  94     /// Updates the checklist state on match, async, and failure.
  95     bool matches(ACLChecklist *checklist) const;
  96
  97     virtual ACL *clone() const = 0;
  98
  99     /// parses node represenation in squid.conf; dies on failures
 100     virtual void parse() = 0;
 101     virtual char const *typeString() const = 0;
 102     virtual bool isProxyAuth() const;
 103     virtual SBufList dump() const = 0;
 104     virtual bool empty() const = 0;
 105     virtual bool valid() const;
 106
 107     int cacheMatchAcl(dlink_list * cache, ACLChecklist *);
 108     virtual int matchForCache(ACLChecklist *checklist);
 109
 110     virtual void prepareForUse() {}
 111
 112     char name[ACL_NAME_SZ];
 113     char *cfgline;
 114     ACL *next; // XXX: remove or at least use refcounting
 115     ACLFlags flags; ///< The list of given ACL flags
 116     bool registered; ///< added to the global list of ACLs via aclRegister()
 117
 118 public:
 119
 120     class Prototype
 121     {
 122
 123     public:
 124         Prototype();
 125         Prototype(ACL const *, char const *);
 126         ~Prototype();
 127         static bool Registered(char const *);
 128         static ACL *Factory(char const *);
 129
 130     private:
 131         ACL const *prototype;
 132         char const *typeString;
 133
 134     private:
 135         static std::vector<Prototype const *> * Registry;
 136         static void *Initialized;
 137         typedef std::vector<Prototype const*>::iterator iterator;
 138         typedef std::vector<Prototype const*>::const_iterator const_iterator;
 139         void registerMe();
 140     };
 141
 142 private:
 143     /// Matches the actual data in checklist against this ACL.
 144     virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const
 145
 146     /// whether our (i.e. shallow) match() requires checklist to have a request
 147     virtual bool requiresRequest() const;
 148     /// whether our (i.e. shallow) match() requires checklist to have a reply
 149     virtual bool requiresReply() const;
 150 };
 151
 152 /// \ingroup ACLAPI
 153 typedef enum {
 154     // Authorization ACL result states
 155     ACCESS_DENIED,
 156     ACCESS_ALLOWED,
 157     ACCESS_DUNNO,
 158
 159     // Authentication ACL result states
 160     ACCESS_AUTH_REQUIRED,    // Missing Credentials
 161 } aclMatchCode;
 162
 163 /// \ingroup ACLAPI
 164 /// ACL check answer; TODO: Rename to Acl::Answer
 165 class allow_t
 166 {
 167 public:
 168     // not explicit: allow "aclMatchCode to allow_t" conversions (for now)
 169     allow_t(const aclMatchCode aCode): code(aCode), kind(0) {}
 170
 171     allow_t(): code(ACCESS_DUNNO), kind(0) {}
 172
 173     bool operator ==(const aclMatchCode aCode) const {
 174         return code == aCode;
 175     }
 176
 177     bool operator !=(const aclMatchCode aCode) const {
 178         return !(*this == aCode);
 179     }
 180
 181     operator aclMatchCode() const {
 182         return code;
 183     }
 184
 185     aclMatchCode code; ///< ACCESS_* code
 186     int kind; ///< which custom access list verb matched
 187 };
 188
 189 inline std::ostream &
 190 operator <<(std::ostream &o, const allow_t a)
 191 {
 192     switch (a) {
 193     case ACCESS_DENIED:
 194         o << "DENIED";
 195         break;
 196     case ACCESS_ALLOWED:
 197         o << "ALLOWED";
 198         break;
 199     case ACCESS_DUNNO:
 200         o << "DUNNO";
 201         break;
 202     case ACCESS_AUTH_REQUIRED:
 203         o << "AUTH_REQUIRED";
 204         break;
 205     }
 206     return o;
 207 }
 208
 209 /// \ingroup ACLAPI
 210 class acl_proxy_auth_match_cache
 211 {
 212     MEMPROXY_CLASS(acl_proxy_auth_match_cache);
 213
 214 public:
 215     dlink_node link;
 216     int matchrv;
 217     void *acl_data;
 218 };
 219
 220 /// \ingroup ACLAPI
 221 /// XXX: find a way to remove or at least use a refcounted ACL pointer
 222 extern const char *AclMatchedName;      /* NULL */
 223
 224 #endif /* SQUID_ACL_H */