src/acl/Acl.h

   1 /*
   2  *
   3  * SQUID Web Proxy Cache          http://www.squid-cache.org/
   4  * ----------------------------------------------------------
   5  *
   6  *  Squid is the result of efforts by numerous individuals from
   7  *  the Internet community; see the CONTRIBUTORS file for full
   8  *  details.   Many organizations have provided support for Squid's
   9  *  development; see the SPONSORS file for full details.  Squid is
  10  *  Copyrighted (C) 2001 by the Regents of the University of
  11  *  California; see the COPYRIGHT file for full details.  Squid
  12  *  incorporates software developed and/or copyrighted by other
  13  *  sources; see the CREDITS file for full details.
  14  *
  15  *  This program is free software; you can redistribute it and/or modify
  16  *  it under the terms of the GNU General Public License as published by
  17  *  the Free Software Foundation; either version 2 of the License, or
  18  *  (at your option) any later version.
  19  *
  20  *  This program is distributed in the hope that it will be useful,
  21  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  22  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  23  *  GNU General Public License for more details.
  24  *
  25  *  You should have received a copy of the GNU General Public License
  26  *  along with this program; if not, write to the Free Software
  27  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
  28  *
  29  *
  30  * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
  31  */
  32
  33 #ifndef SQUID_ACL_H
  34 #define SQUID_ACL_H
  35
  36 #include "Array.h"
  37 #include "cbdata.h"
  38 #include "defines.h"
  39 #include "dlink.h"
  40 #include "MemPool.h"
  41
  42 #if HAVE_OSTREAM
  43 #include <ostream>
  44 #endif
  45 #if HAVE_STRING
  46 #include <string>
  47 #endif
  48
  49 class ConfigParser;
  50 class ACLChecklist;
  51 class ACLList;
  52
  53 typedef char ACLFlag;
  54 // ACLData Flags
  55 #define ACL_F_REGEX_CASE 'i'
  56 #define ACL_F_NO_LOOKUP 'n'
  57 #define ACL_F_END '\0'
  58
  59 /**
  60  * \ingroup ACLAPI
  61  * Used to hold a list of one-letter flags which can be passed as parameters
  62  * to acls  (eg '-i', '-n' etc)
  63  */
  64 class ACLFlags
  65 {
  66 public:
  67     explicit ACLFlags(const ACLFlag flags[]) : supported_(flags), flags_(0) {}
  68     ACLFlags() : flags_(0) {}
  69     bool supported(const ACLFlag f) const; ///< True if the given flag supported
  70     void makeSet(const ACLFlag f) { flags_ |= flagToInt(f); } ///< Set the given flag
  71     /// Return true if the given flag is set
  72     bool isSet(const ACLFlag f) const { return flags_ & flagToInt(f);}
  73     /// Parse a flags given in the form -[A..Z|a..z]
  74     void parseFlags(char * &nextToken);
  75     const char *flagsStr() const; ///< Convert the flags to a string representation
  76
  77 private:
  78     /// Convert a flag to a 64bit unsigned integer.
  79     /// The characters from 'A' to 'z' represented by the values from 65 to 122.
  80     /// They are 57 different characters which can be fit to the bits of an 64bit
  81     /// integer.
  82     uint64_t flagToInt(const ACLFlag f) const {
  83         assert('A' <= f && f <= 'z');
  84         return ((uint64_t)1 << (f - 'A'));
  85     }
  86
  87     std::string supported_; ///< The supported character flags
  88     uint64_t flags_; ///< The flags which is set
  89 public:
  90     static const ACLFlag NoFlags[1]; ///< An empty flags list
  91 };
  92
  93 /// \ingroup ACLAPI
  94 class ACL
  95 {
  96
  97 public:
  98     void *operator new(size_t);
  99     void operator delete(void *);
 100
 101     static ACL *Factory (char const *);
 102     static void ParseAclLine(ConfigParser &parser, ACL ** head);
 103     static void Initialize();
 104     static ACL* FindByName(const char *name);
 105
 106     ACL();
 107     explicit ACL(const ACLFlag flgs[]) : cfgline(NULL), flags(flgs) {}
 108     virtual ~ACL();
 109     virtual ACL *clone()const = 0;
 110     virtual void parse() = 0;
 111     virtual char const *typeString() const = 0;
 112     virtual bool isProxyAuth() const;
 113     virtual bool requiresRequest() const;
 114     virtual bool requiresReply() const;
 115     virtual int match(ACLChecklist * checklist) = 0;
 116     virtual wordlist *dump() const = 0;
 117     virtual bool empty () const = 0;
 118     virtual bool valid () const;
 119     int checklistMatches(ACLChecklist *);
 120
 121     int cacheMatchAcl(dlink_list * cache, ACLChecklist *);
 122     virtual int matchForCache(ACLChecklist *checklist);
 123
 124     virtual void prepareForUse() {}
 125
 126     char name[ACL_NAME_SZ];
 127     char *cfgline;
 128     ACL *next;
 129     ACLFlags flags; ///< The list of given ACL flags
 130
 131 public:
 132
 133     class Prototype
 134     {
 135
 136     public:
 137         Prototype ();
 138         Prototype (ACL const *, char const *);
 139         ~Prototype();
 140         static bool Registered(char const *);
 141         static ACL *Factory (char const *);
 142
 143     private:
 144         ACL const*prototype;
 145         char const *typeString;
 146
 147     private:
 148         static Vector<Prototype const *> * Registry;
 149         static void *Initialized;
 150         typedef Vector<Prototype const*>::iterator iterator;
 151         typedef Vector<Prototype const*>::const_iterator const_iterator;
 152         void registerMe();
 153     };
 154 };
 155
 156 /// \ingroup ACLAPI
 157 typedef enum {
 158     // Authorization ACL result states
 159     ACCESS_DENIED,
 160     ACCESS_ALLOWED,
 161     ACCESS_DUNNO,
 162
 163     // Authentication ACL result states
 164     ACCESS_AUTH_REQUIRED,    // Missing Credentials
 165 } aclMatchCode;
 166
 167 /// \ingroup ACLAPI
 168 /// ACL check answer; TODO: Rename to Acl::Answer
 169 class allow_t
 170 {
 171 public:
 172     // not explicit: allow "aclMatchCode to allow_t" conversions (for now)
 173     allow_t(const aclMatchCode aCode): code(aCode), kind(0) {}
 174
 175     allow_t(): code(ACCESS_DUNNO), kind(0) {}
 176
 177     bool operator ==(const aclMatchCode aCode) const {
 178         return code == aCode;
 179     }
 180
 181     bool operator !=(const aclMatchCode aCode) const {
 182         return !(*this == aCode);
 183     }
 184
 185     operator aclMatchCode() const {
 186         return code;
 187     }
 188
 189     aclMatchCode code; ///< ACCESS_* code
 190     int kind; ///< which custom access list verb matched
 191 };
 192
 193 inline std::ostream &
 194 operator <<(std::ostream &o, const allow_t a)
 195 {
 196     switch (a) {
 197     case ACCESS_DENIED:
 198         o << "DENIED";
 199         break;
 200     case ACCESS_ALLOWED:
 201         o << "ALLOWED";
 202         break;
 203     case ACCESS_DUNNO:
 204         o << "DUNNO";
 205         break;
 206     case ACCESS_AUTH_REQUIRED:
 207         o << "AUTH_REQUIRED";
 208         break;
 209     }
 210     return o;
 211 }
 212
 213 /// \ingroup ACLAPI
 214 class acl_access
 215 {
 216
 217 public:
 218     void *operator new(size_t);
 219     void operator delete(void *);
 220     allow_t allow;
 221     ACLList *aclList;
 222     char *cfgline;
 223     acl_access *next;
 224
 225 private:
 226     CBDATA_CLASS(acl_access);
 227 };
 228
 229 /// \ingroup ACLAPI
 230 class ACLList
 231 {
 232
 233 public:
 234     MEMPROXY_CLASS(ACLList);
 235
 236     ACLList();
 237     void negated(bool isNegated);
 238     bool matches (ACLChecklist *)const;
 239     int op;
 240     ACL *_acl;
 241     ACLList *next;
 242 };
 243
 244 MEMPROXY_CLASS_INLINE(ACLList);
 245
 246 /// \ingroup ACLAPI
 247 class acl_proxy_auth_match_cache
 248 {
 249
 250 public:
 251     MEMPROXY_CLASS(acl_proxy_auth_match_cache);
 252     dlink_node link;
 253     int matchrv;
 254     void *acl_data;
 255 };
 256
 257 MEMPROXY_CLASS_INLINE(acl_proxy_auth_match_cache);
 258
 259 /// \ingroup ACLAPI
 260 extern const char *AclMatchedName;      /* NULL */
 261
 262 #endif /* SQUID_ACL_H */