3 * SQUID Web Proxy Cache http://www.squid-cache.org/
4 * ----------------------------------------------------------
6 * Squid is the result of efforts by numerous individuals from
7 * the Internet community; see the CONTRIBUTORS file for full
8 * details. Many organizations have provided support for Squid's
9 * development; see the SPONSORS file for full details. Squid is
10 * Copyrighted (C) 2001 by the Regents of the University of
11 * California; see the COPYRIGHT file for full details. Squid
12 * incorporates software developed and/or copyrighted by other
13 * sources; see the CREDITS file for full details.
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
30 * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
36 #include "acl/forward.h"
37 #include "base/Vector.h"
54 #define ACL_F_REGEX_CASE 'i'
55 #define ACL_F_NO_LOOKUP 'n'
56 #define ACL_F_STRICT 's'
57 #define ACL_F_END '\0'
61 * Used to hold a list of one-letter flags which can be passed as parameters
62 * to acls (eg '-i', '-n' etc)
67 explicit ACLFlags(const ACLFlag flags
[]) : supported_(flags
), flags_(0) {}
68 ACLFlags() : flags_(0) {}
69 bool supported(const ACLFlag f
) const; ///< True if the given flag supported
70 void makeSet(const ACLFlag f
) { flags_
|= flagToInt(f
); } ///< Set the given flag
71 /// Return true if the given flag is set
72 bool isSet(const ACLFlag f
) const { return flags_
& flagToInt(f
);}
73 /// Parse optional flags given in the form -[A..Z|a..z]
75 const char *flagsStr() const; ///< Convert the flags to a string representation
78 /// Convert a flag to a 64bit unsigned integer.
79 /// The characters from 'A' to 'z' represented by the values from 65 to 122.
80 /// They are 57 different characters which can be fit to the bits of an 64bit
82 uint64_t flagToInt(const ACLFlag f
) const {
83 assert('A' <= f
&& f
<= 'z');
84 return ((uint64_t)1 << (f
- 'A'));
87 std::string supported_
; ///< The supported character flags
88 uint64_t flags_
; ///< The flags which is set
90 static const ACLFlag NoFlags
[1]; ///< An empty flags list
93 /// A configurable condition. A node in the ACL expression tree.
94 /// Can evaluate itself in FilledChecklist context.
95 /// Does not change during evaluation.
101 void *operator new(size_t);
102 void operator delete(void *);
104 static ACL
*Factory(char const *);
105 static void ParseAclLine(ConfigParser
&parser
, ACL
** head
);
106 static void Initialize();
107 static ACL
*FindByName(const char *name
);
110 explicit ACL(const ACLFlag flgs
[]) : cfgline(NULL
), next(NULL
), flags(flgs
) { memset(name
, '\0', sizeof(name
)); }
113 /// sets user-specified ACL name and squid.conf context
114 void context(const char *name
, const char *configuration
);
116 /// Orchestrates matching checklist against the ACL using match(),
117 /// after checking preconditions and while providing debugging.
118 /// Returns true if and only if there was a successful match.
119 /// Updates the checklist state on match, async, and failure.
120 bool matches(ACLChecklist
*checklist
) const;
122 virtual ACL
*clone() const = 0;
124 /// parses node represenation in squid.conf; dies on failures
125 virtual void parse() = 0;
126 virtual char const *typeString() const = 0;
127 virtual bool isProxyAuth() const;
128 virtual wordlist
*dump() const = 0;
129 virtual bool empty() const = 0;
130 virtual bool valid() const;
132 int cacheMatchAcl(dlink_list
* cache
, ACLChecklist
*);
133 virtual int matchForCache(ACLChecklist
*checklist
);
135 virtual void prepareForUse() {}
137 char name
[ACL_NAME_SZ
];
139 ACL
*next
; // XXX: remove or at least use refcounting
140 ACLFlags flags
; ///< The list of given ACL flags
141 bool registered
; ///< added to the global list of ACLs via aclRegister()
150 Prototype(ACL
const *, char const *);
152 static bool Registered(char const *);
153 static ACL
*Factory(char const *);
156 ACL
const *prototype
;
157 char const *typeString
;
160 static Vector
<Prototype
const *> * Registry
;
161 static void *Initialized
;
162 typedef Vector
<Prototype
const*>::iterator iterator
;
163 typedef Vector
<Prototype
const*>::const_iterator const_iterator
;
168 /// Matches the actual data in checklist against this ACL.
169 virtual int match(ACLChecklist
*checklist
) = 0; // XXX: missing const
171 /// whether our (i.e. shallow) match() requires checklist to have a request
172 virtual bool requiresRequest() const;
173 /// whether our (i.e. shallow) match() requires checklist to have a reply
174 virtual bool requiresReply() const;
179 // Authorization ACL result states
184 // Authentication ACL result states
185 ACCESS_AUTH_REQUIRED
, // Missing Credentials
189 /// ACL check answer; TODO: Rename to Acl::Answer
193 // not explicit: allow "aclMatchCode to allow_t" conversions (for now)
194 allow_t(const aclMatchCode aCode
): code(aCode
), kind(0) {}
196 allow_t(): code(ACCESS_DUNNO
), kind(0) {}
198 bool operator ==(const aclMatchCode aCode
) const {
199 return code
== aCode
;
202 bool operator !=(const aclMatchCode aCode
) const {
203 return !(*this == aCode
);
206 operator aclMatchCode() const {
210 aclMatchCode code
; ///< ACCESS_* code
211 int kind
; ///< which custom access list verb matched
214 inline std::ostream
&
215 operator <<(std::ostream
&o
, const allow_t a
)
227 case ACCESS_AUTH_REQUIRED
:
228 o
<< "AUTH_REQUIRED";
235 class acl_proxy_auth_match_cache
239 MEMPROXY_CLASS(acl_proxy_auth_match_cache
);
245 MEMPROXY_CLASS_INLINE(acl_proxy_auth_match_cache
);
248 /// XXX: find a way to remove or at least use a refcounted ACL pointer
249 extern const char *AclMatchedName
; /* NULL */
251 #endif /* SQUID_ACL_H */