2 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
12 #include "acl/forward.h"
26 #define ACL_F_REGEX_CASE 'i'
27 #define ACL_F_NO_LOOKUP 'n'
28 #define ACL_F_STRICT 's'
29 #define ACL_F_END '\0'
33 * Used to hold a list of one-letter flags which can be passed as parameters
34 * to acls (eg '-i', '-n' etc)
39 explicit ACLFlags(const ACLFlag flags
[]) : supported_(flags
), flags_(0) {}
40 ACLFlags() : flags_(0) {}
41 bool supported(const ACLFlag f
) const; ///< True if the given flag supported
42 void makeSet(const ACLFlag f
) { flags_
|= flagToInt(f
); } ///< Set the given flag
43 /// Return true if the given flag is set
44 bool isSet(const ACLFlag f
) const { return flags_
& flagToInt(f
);}
45 /// Parse optional flags given in the form -[A..Z|a..z]
47 const char *flagsStr() const; ///< Convert the flags to a string representation
50 /// Convert a flag to a 64bit unsigned integer.
51 /// The characters from 'A' to 'z' represented by the values from 65 to 122.
52 /// They are 57 different characters which can be fit to the bits of an 64bit
54 uint64_t flagToInt(const ACLFlag f
) const {
55 assert('A' <= f
&& f
<= 'z');
56 return ((uint64_t)1 << (f
- 'A'));
59 std::string supported_
; ///< The supported character flags
60 uint64_t flags_
; ///< The flags which is set
62 static const ACLFlag NoFlags
[1]; ///< An empty flags list
65 /// A configurable condition. A node in the ACL expression tree.
66 /// Can evaluate itself in FilledChecklist context.
67 /// Does not change during evaluation.
73 void *operator new(size_t);
74 void operator delete(void *);
76 static ACL
*Factory(char const *);
77 static void ParseAclLine(ConfigParser
&parser
, ACL
** head
);
78 static void Initialize();
79 static ACL
*FindByName(const char *name
);
82 explicit ACL(const ACLFlag flgs
[]) : cfgline(NULL
), next(NULL
), flags(flgs
), registered(false) {
87 /// sets user-specified ACL name and squid.conf context
88 void context(const char *name
, const char *configuration
);
90 /// Orchestrates matching checklist against the ACL using match(),
91 /// after checking preconditions and while providing debugging.
92 /// Returns true if and only if there was a successful match.
93 /// Updates the checklist state on match, async, and failure.
94 bool matches(ACLChecklist
*checklist
) const;
96 virtual ACL
*clone() const = 0;
98 /// parses node represenation in squid.conf; dies on failures
99 virtual void parse() = 0;
100 virtual char const *typeString() const = 0;
101 virtual bool isProxyAuth() const;
102 virtual SBufList
dump() const = 0;
103 virtual bool empty() const = 0;
104 virtual bool valid() const;
106 int cacheMatchAcl(dlink_list
* cache
, ACLChecklist
*);
107 virtual int matchForCache(ACLChecklist
*checklist
);
109 virtual void prepareForUse() {}
111 char name
[ACL_NAME_SZ
];
113 ACL
*next
; // XXX: remove or at least use refcounting
114 ACLFlags flags
; ///< The list of given ACL flags
115 bool registered
; ///< added to the global list of ACLs via aclRegister()
124 Prototype(ACL
const *, char const *);
126 static bool Registered(char const *);
127 static ACL
*Factory(char const *);
130 ACL
const *prototype
;
131 char const *typeString
;
134 static std::vector
<Prototype
const *> * Registry
;
135 static void *Initialized
;
136 typedef std::vector
<Prototype
const*>::iterator iterator
;
137 typedef std::vector
<Prototype
const*>::const_iterator const_iterator
;
142 /// Matches the actual data in checklist against this ACL.
143 virtual int match(ACLChecklist
*checklist
) = 0; // XXX: missing const
145 /// whether our (i.e. shallow) match() requires checklist to have a request
146 virtual bool requiresRequest() const;
147 /// whether our (i.e. shallow) match() requires checklist to have a reply
148 virtual bool requiresReply() const;
153 // Authorization ACL result states
158 // Authentication ACL result states
159 ACCESS_AUTH_REQUIRED
, // Missing Credentials
163 /// ACL check answer; TODO: Rename to Acl::Answer
167 // not explicit: allow "aclMatchCode to allow_t" conversions (for now)
168 allow_t(const aclMatchCode aCode
): code(aCode
), kind(0) {}
170 allow_t(): code(ACCESS_DUNNO
), kind(0) {}
172 bool operator ==(const aclMatchCode aCode
) const {
173 return code
== aCode
;
176 bool operator !=(const aclMatchCode aCode
) const {
177 return !(*this == aCode
);
180 operator aclMatchCode() const {
184 aclMatchCode code
; ///< ACCESS_* code
185 int kind
; ///< which custom access list verb matched
188 inline std::ostream
&
189 operator <<(std::ostream
&o
, const allow_t a
)
201 case ACCESS_AUTH_REQUIRED
:
202 o
<< "AUTH_REQUIRED";
209 class acl_proxy_auth_match_cache
211 MEMPROXY_CLASS(acl_proxy_auth_match_cache
);
220 /// XXX: find a way to remove or at least use a refcounted ACL pointer
221 extern const char *AclMatchedName
; /* NULL */
223 #endif /* SQUID_ACL_H */