src/acl/Acl.h

   1 /*
   2  * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_ACL_H
  10 #define SQUID_ACL_H
  11
  12 #include "acl/forward.h"
  13 #include "cbdata.h"
  14 #include "defines.h"
  15 #include "dlink.h"
  16 #include "MemPool.h"
  17 #include "SBufList.h"
  18
  19 #include <ostream>
  20 #include <string>
  21 #include <vector>
  22
  23 class ConfigParser;
  24
  25 typedef char ACLFlag;
  26 // ACLData Flags
  27 #define ACL_F_REGEX_CASE 'i'
  28 #define ACL_F_NO_LOOKUP 'n'
  29 #define ACL_F_STRICT 's'
  30 #define ACL_F_END '\0'
  31
  32 /**
  33  * \ingroup ACLAPI
  34  * Used to hold a list of one-letter flags which can be passed as parameters
  35  * to acls  (eg '-i', '-n' etc)
  36  */
  37 class ACLFlags
  38 {
  39 public:
  40     explicit ACLFlags(const ACLFlag flags[]) : supported_(flags), flags_(0) {}
  41     ACLFlags() : flags_(0) {}
  42     bool supported(const ACLFlag f) const; ///< True if the given flag supported
  43     void makeSet(const ACLFlag f) { flags_ |= flagToInt(f); } ///< Set the given flag
  44     /// Return true if the given flag is set
  45     bool isSet(const ACLFlag f) const { return flags_ & flagToInt(f);}
  46     /// Parse optional flags given in the form -[A..Z|a..z]
  47     void parseFlags();
  48     const char *flagsStr() const; ///< Convert the flags to a string representation
  49
  50 private:
  51     /// Convert a flag to a 64bit unsigned integer.
  52     /// The characters from 'A' to 'z' represented by the values from 65 to 122.
  53     /// They are 57 different characters which can be fit to the bits of an 64bit
  54     /// integer.
  55     uint64_t flagToInt(const ACLFlag f) const {
  56         assert('A' <= f && f <= 'z');
  57         return ((uint64_t)1 << (f - 'A'));
  58     }
  59
  60     std::string supported_; ///< The supported character flags
  61     uint64_t flags_; ///< The flags which is set
  62 public:
  63     static const ACLFlag NoFlags[1]; ///< An empty flags list
  64 };
  65
  66 /// A configurable condition. A node in the ACL expression tree.
  67 /// Can evaluate itself in FilledChecklist context.
  68 /// Does not change during evaluation.
  69 /// \ingroup ACLAPI
  70 class ACL
  71 {
  72
  73 public:
  74     void *operator new(size_t);
  75     void operator delete(void *);
  76
  77     static ACL *Factory(char const *);
  78     static void ParseAclLine(ConfigParser &parser, ACL ** head);
  79     static void Initialize();
  80     static ACL *FindByName(const char *name);
  81
  82     ACL();
  83     explicit ACL(const ACLFlag flgs[]) : cfgline(NULL), next(NULL), flags(flgs) { memset(name, '\0', sizeof(name)); }
  84     virtual ~ACL();
  85
  86     /// sets user-specified ACL name and squid.conf context
  87     void context(const char *name, const char *configuration);
  88
  89     /// Orchestrates matching checklist against the ACL using match(),
  90     /// after checking preconditions and while providing debugging.
  91     /// Returns true if and only if there was a successful match.
  92     /// Updates the checklist state on match, async, and failure.
  93     bool matches(ACLChecklist *checklist) const;
  94
  95     virtual ACL *clone() const = 0;
  96
  97     /// parses node represenation in squid.conf; dies on failures
  98     virtual void parse() = 0;
  99     virtual char const *typeString() const = 0;
 100     virtual bool isProxyAuth() const;
 101     virtual SBufList dump() const = 0;
 102     virtual bool empty() const = 0;
 103     virtual bool valid() const;
 104
 105     int cacheMatchAcl(dlink_list * cache, ACLChecklist *);
 106     virtual int matchForCache(ACLChecklist *checklist);
 107
 108     virtual void prepareForUse() {}
 109
 110     char name[ACL_NAME_SZ];
 111     char *cfgline;
 112     ACL *next; // XXX: remove or at least use refcounting
 113     ACLFlags flags; ///< The list of given ACL flags
 114     bool registered; ///< added to the global list of ACLs via aclRegister()
 115
 116 public:
 117
 118     class Prototype
 119     {
 120
 121     public:
 122         Prototype();
 123         Prototype(ACL const *, char const *);
 124         ~Prototype();
 125         static bool Registered(char const *);
 126         static ACL *Factory(char const *);
 127
 128     private:
 129         ACL const *prototype;
 130         char const *typeString;
 131
 132     private:
 133         static std::vector<Prototype const *> * Registry;
 134         static void *Initialized;
 135         typedef std::vector<Prototype const*>::iterator iterator;
 136         typedef std::vector<Prototype const*>::const_iterator const_iterator;
 137         void registerMe();
 138     };
 139
 140 private:
 141     /// Matches the actual data in checklist against this ACL.
 142     virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const
 143
 144     /// whether our (i.e. shallow) match() requires checklist to have a request
 145     virtual bool requiresRequest() const;
 146     /// whether our (i.e. shallow) match() requires checklist to have a reply
 147     virtual bool requiresReply() const;
 148 };
 149
 150 /// \ingroup ACLAPI
 151 typedef enum {
 152     // Authorization ACL result states
 153     ACCESS_DENIED,
 154     ACCESS_ALLOWED,
 155     ACCESS_DUNNO,
 156
 157     // Authentication ACL result states
 158     ACCESS_AUTH_REQUIRED,    // Missing Credentials
 159 } aclMatchCode;
 160
 161 /// \ingroup ACLAPI
 162 /// ACL check answer; TODO: Rename to Acl::Answer
 163 class allow_t
 164 {
 165 public:
 166     // not explicit: allow "aclMatchCode to allow_t" conversions (for now)
 167     allow_t(const aclMatchCode aCode): code(aCode), kind(0) {}
 168
 169     allow_t(): code(ACCESS_DUNNO), kind(0) {}
 170
 171     bool operator ==(const aclMatchCode aCode) const {
 172         return code == aCode;
 173     }
 174
 175     bool operator !=(const aclMatchCode aCode) const {
 176         return !(*this == aCode);
 177     }
 178
 179     operator aclMatchCode() const {
 180         return code;
 181     }
 182
 183     aclMatchCode code; ///< ACCESS_* code
 184     int kind; ///< which custom access list verb matched
 185 };
 186
 187 inline std::ostream &
 188 operator <<(std::ostream &o, const allow_t a)
 189 {
 190     switch (a) {
 191     case ACCESS_DENIED:
 192         o << "DENIED";
 193         break;
 194     case ACCESS_ALLOWED:
 195         o << "ALLOWED";
 196         break;
 197     case ACCESS_DUNNO:
 198         o << "DUNNO";
 199         break;
 200     case ACCESS_AUTH_REQUIRED:
 201         o << "AUTH_REQUIRED";
 202         break;
 203     }
 204     return o;
 205 }
 206
 207 /// \ingroup ACLAPI
 208 class acl_proxy_auth_match_cache
 209 {
 210
 211 public:
 212     MEMPROXY_CLASS(acl_proxy_auth_match_cache);
 213     dlink_node link;
 214     int matchrv;
 215     void *acl_data;
 216 };
 217
 218 MEMPROXY_CLASS_INLINE(acl_proxy_auth_match_cache);
 219
 220 /// \ingroup ACLAPI
 221 /// XXX: find a way to remove or at least use a refcounted ACL pointer
 222 extern const char *AclMatchedName;      /* NULL */
 223
 224 #endif /* SQUID_ACL_H */