2 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
12 #include "acl/forward.h"
27 #define ACL_F_REGEX_CASE 'i'
28 #define ACL_F_NO_LOOKUP 'n'
29 #define ACL_F_STRICT 's'
30 #define ACL_F_END '\0'
34 * Used to hold a list of one-letter flags which can be passed as parameters
35 * to acls (eg '-i', '-n' etc)
40 explicit ACLFlags(const ACLFlag flags
[]) : supported_(flags
), flags_(0) {}
41 ACLFlags() : flags_(0) {}
42 bool supported(const ACLFlag f
) const; ///< True if the given flag supported
43 void makeSet(const ACLFlag f
) { flags_
|= flagToInt(f
); } ///< Set the given flag
44 /// Return true if the given flag is set
45 bool isSet(const ACLFlag f
) const { return flags_
& flagToInt(f
);}
46 /// Parse optional flags given in the form -[A..Z|a..z]
48 const char *flagsStr() const; ///< Convert the flags to a string representation
51 /// Convert a flag to a 64bit unsigned integer.
52 /// The characters from 'A' to 'z' represented by the values from 65 to 122.
53 /// They are 57 different characters which can be fit to the bits of an 64bit
55 uint64_t flagToInt(const ACLFlag f
) const {
56 assert('A' <= f
&& f
<= 'z');
57 return ((uint64_t)1 << (f
- 'A'));
60 std::string supported_
; ///< The supported character flags
61 uint64_t flags_
; ///< The flags which is set
63 static const ACLFlag NoFlags
[1]; ///< An empty flags list
66 /// A configurable condition. A node in the ACL expression tree.
67 /// Can evaluate itself in FilledChecklist context.
68 /// Does not change during evaluation.
74 void *operator new(size_t);
75 void operator delete(void *);
77 static ACL
*Factory(char const *);
78 static void ParseAclLine(ConfigParser
&parser
, ACL
** head
);
79 static void Initialize();
80 static ACL
*FindByName(const char *name
);
83 explicit ACL(const ACLFlag flgs
[]) : cfgline(NULL
), next(NULL
), flags(flgs
) { memset(name
, '\0', sizeof(name
)); }
86 /// sets user-specified ACL name and squid.conf context
87 void context(const char *name
, const char *configuration
);
89 /// Orchestrates matching checklist against the ACL using match(),
90 /// after checking preconditions and while providing debugging.
91 /// Returns true if and only if there was a successful match.
92 /// Updates the checklist state on match, async, and failure.
93 bool matches(ACLChecklist
*checklist
) const;
95 virtual ACL
*clone() const = 0;
97 /// parses node represenation in squid.conf; dies on failures
98 virtual void parse() = 0;
99 virtual char const *typeString() const = 0;
100 virtual bool isProxyAuth() const;
101 virtual SBufList
dump() const = 0;
102 virtual bool empty() const = 0;
103 virtual bool valid() const;
105 int cacheMatchAcl(dlink_list
* cache
, ACLChecklist
*);
106 virtual int matchForCache(ACLChecklist
*checklist
);
108 virtual void prepareForUse() {}
110 char name
[ACL_NAME_SZ
];
112 ACL
*next
; // XXX: remove or at least use refcounting
113 ACLFlags flags
; ///< The list of given ACL flags
114 bool registered
; ///< added to the global list of ACLs via aclRegister()
123 Prototype(ACL
const *, char const *);
125 static bool Registered(char const *);
126 static ACL
*Factory(char const *);
129 ACL
const *prototype
;
130 char const *typeString
;
133 static std::vector
<Prototype
const *> * Registry
;
134 static void *Initialized
;
135 typedef std::vector
<Prototype
const*>::iterator iterator
;
136 typedef std::vector
<Prototype
const*>::const_iterator const_iterator
;
141 /// Matches the actual data in checklist against this ACL.
142 virtual int match(ACLChecklist
*checklist
) = 0; // XXX: missing const
144 /// whether our (i.e. shallow) match() requires checklist to have a request
145 virtual bool requiresRequest() const;
146 /// whether our (i.e. shallow) match() requires checklist to have a reply
147 virtual bool requiresReply() const;
152 // Authorization ACL result states
157 // Authentication ACL result states
158 ACCESS_AUTH_REQUIRED
, // Missing Credentials
162 /// ACL check answer; TODO: Rename to Acl::Answer
166 // not explicit: allow "aclMatchCode to allow_t" conversions (for now)
167 allow_t(const aclMatchCode aCode
): code(aCode
), kind(0) {}
169 allow_t(): code(ACCESS_DUNNO
), kind(0) {}
171 bool operator ==(const aclMatchCode aCode
) const {
172 return code
== aCode
;
175 bool operator !=(const aclMatchCode aCode
) const {
176 return !(*this == aCode
);
179 operator aclMatchCode() const {
183 aclMatchCode code
; ///< ACCESS_* code
184 int kind
; ///< which custom access list verb matched
187 inline std::ostream
&
188 operator <<(std::ostream
&o
, const allow_t a
)
200 case ACCESS_AUTH_REQUIRED
:
201 o
<< "AUTH_REQUIRED";
208 class acl_proxy_auth_match_cache
212 MEMPROXY_CLASS(acl_proxy_auth_match_cache
);
218 MEMPROXY_CLASS_INLINE(acl_proxy_auth_match_cache
);
221 /// XXX: find a way to remove or at least use a refcounted ACL pointer
222 extern const char *AclMatchedName
; /* NULL */
224 #endif /* SQUID_ACL_H */