2 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 28 Access Control */
12 #include "acl/CertificateData.h"
13 #include "acl/Checklist.h"
18 ACLCertificateData::ACLCertificateData(Ssl::GETX509ATTRIBUTE
*sslStrategy
, const char *attrs
, bool optionalAttr
) : validAttributesStr(attrs
), attributeIsOptional(optionalAttr
), attribute (NULL
), values (), sslAttributeCall (sslStrategy
)
22 size_t next
= std::string::npos
;
23 std::string
valid(attrs
);
25 next
= valid
.find_first_of( "|", current
);
26 validAttributes
.push_back(valid
.substr( current
, (next
== std::string::npos
? std::string::npos
: next
- current
)));
28 } while (next
!= std::string::npos
);
32 ACLCertificateData::ACLCertificateData(ACLCertificateData
const &old
) : attribute (NULL
), values (old
.values
), sslAttributeCall (old
.sslAttributeCall
)
34 validAttributesStr
= old
.validAttributesStr
;
35 validAttributes
.assign (old
.validAttributes
.begin(), old
.validAttributes
.end());
36 attributeIsOptional
= old
.attributeIsOptional
;
38 attribute
= xstrdup(old
.attribute
);
48 ACLCertificateData::~ACLCertificateData()
50 safe_free (attribute
);
55 splaystrcmp (T
&l
, T
&r
)
57 return strcmp ((char *)l
,(char *)r
);
61 ACLCertificateData::match(X509
*cert
)
66 char const *value
= sslAttributeCall(cert
, attribute
);
67 debugs(28, 6, (attribute
? attribute
: "value") << "=" << value
);
71 return values
.match(value
);
75 aclDumpAttributeListWalkee(char * const & node_data
, void *outlist
)
77 /* outlist is really a SBufList * */
78 static_cast<SBufList
*>(outlist
)->push_back(SBuf(node_data
));
82 ACLCertificateData::dump() const
85 if (validAttributesStr
)
86 sl
.push_back(SBuf(attribute
));
87 /* damn this is VERY inefficient for long ACL lists... filling
88 * a wordlist this way costs Sum(1,N) iterations. For instance
89 * a 1000-elements list will be filled in 499500 iterations.
91 /* XXX FIXME: don't break abstraction */
92 values
.values
->walk(aclDumpAttributeListWalkee
, &sl
);
97 ACLCertificateData::parse()
99 if (validAttributesStr
) {
100 char *newAttribute
= strtokFile();
103 if (attributeIsOptional
)
106 debugs(28, DBG_CRITICAL
, "FATAL: required attribute argument missing");
110 // Handle the cases where we have optional -x type attributes
111 if (attributeIsOptional
&& newAttribute
[0] != '-')
112 // The read token is not an attribute/option, so add it to values list
113 values
.insert(newAttribute
);
116 for (std::list
<std::string
>::const_iterator it
= validAttributes
.begin(); it
!= validAttributes
.end(); ++it
) {
117 if (*it
== "*" || *it
== newAttribute
) {
124 debugs(28, DBG_CRITICAL
, "FATAL: Unknown option. Supported option(s) are: " << validAttributesStr
);
128 /* an acl must use consistent attributes in all config lines */
130 if (strcasecmp(newAttribute
, attribute
) != 0) {
131 debugs(28, DBG_CRITICAL
, "FATAL: An acl must use consistent attributes in all config lines (" << newAttribute
<< "!=" << attribute
<< ").");
135 attribute
= xstrdup(newAttribute
);
143 ACLCertificateData::empty() const
145 return values
.empty();
149 ACLCertificateData::clone() const
151 /* Splay trees don't clone yet. */
152 return new ACLCertificateData(*this);