]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/acl/CertificateData.cc
2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 28 Access Control */
12 #include "acl/CertificateData.h"
13 #include "acl/Checklist.h"
15 #include "ConfigParser.h"
19 ACLCertificateData::ACLCertificateData(Ssl::GETX509ATTRIBUTE
*sslStrategy
, const char *attrs
, bool optionalAttr
) : validAttributesStr(attrs
), attributeIsOptional(optionalAttr
), attribute (NULL
), values (), sslAttributeCall (sslStrategy
)
23 size_t next
= std::string::npos
;
24 std::string
valid(attrs
);
26 next
= valid
.find_first_of( "|", current
);
27 validAttributes
.push_back(valid
.substr( current
, (next
== std::string::npos
? std::string::npos
: next
- current
)));
29 } while (next
!= std::string::npos
);
33 ACLCertificateData::ACLCertificateData(ACLCertificateData
const &old
) : attribute (NULL
), values (old
.values
), sslAttributeCall (old
.sslAttributeCall
)
35 validAttributesStr
= old
.validAttributesStr
;
36 validAttributes
.assign (old
.validAttributes
.begin(), old
.validAttributes
.end());
37 attributeIsOptional
= old
.attributeIsOptional
;
39 attribute
= xstrdup(old
.attribute
);
49 ACLCertificateData::~ACLCertificateData()
51 safe_free (attribute
);
56 splaystrcmp (T
&l
, T
&r
)
58 return strcmp ((char *)l
,(char *)r
);
62 ACLCertificateData::match(X509
*cert
)
67 char const *value
= sslAttributeCall(cert
, attribute
);
68 debugs(28, 6, (attribute
? attribute
: "value") << "=" << value
);
72 return values
.match(value
);
76 ACLCertificateData::dump() const
79 if (validAttributesStr
)
80 sl
.push_back(SBuf(attribute
));
82 #if __cplusplus >= 201103L
83 sl
.splice(sl
.end(),values
.dump());
85 // temp is needed until c++11 move constructor
86 SBufList tmp
= values
.dump();
87 sl
.splice(sl
.end(),tmp
);
93 ACLCertificateData::parse()
95 if (validAttributesStr
) {
96 char *newAttribute
= ConfigParser::strtokFile();
99 if (attributeIsOptional
)
102 debugs(28, DBG_CRITICAL
, "FATAL: required attribute argument missing");
106 // Handle the cases where we have optional -x type attributes
107 if (attributeIsOptional
&& newAttribute
[0] != '-')
108 // The read token is not an attribute/option, so add it to values list
109 values
.insert(newAttribute
);
112 for (std::list
<std::string
>::const_iterator it
= validAttributes
.begin(); it
!= validAttributes
.end(); ++it
) {
113 if (*it
== "*" || *it
== newAttribute
) {
120 debugs(28, DBG_CRITICAL
, "FATAL: Unknown option. Supported option(s) are: " << validAttributesStr
);
124 /* an acl must use consistent attributes in all config lines */
126 if (strcasecmp(newAttribute
, attribute
) != 0) {
127 debugs(28, DBG_CRITICAL
, "FATAL: An acl must use consistent attributes in all config lines (" << newAttribute
<< "!=" << attribute
<< ").");
131 if (strcasecmp(newAttribute
, "DN") != 0) {
132 int nid
= OBJ_txt2nid(newAttribute
);
134 const size_t span
= strspn(newAttribute
, "0123456789.");
135 if(newAttribute
[span
] == '\0') { // looks like a numerical OID
136 // create a new object based on this attribute
138 // NOTE: Not a [bad] leak: If the same attribute
139 // has been added before, the OBJ_txt2nid call
140 // would return a valid nid value.
141 // TODO: call OBJ_cleanup() on reconfigure?
142 nid
= OBJ_create(newAttribute
, newAttribute
, newAttribute
);
143 debugs(28, 7, "New SSL certificate attribute created with name: " << newAttribute
<< " and nid: " << nid
);
147 debugs(28, DBG_CRITICAL
, "FATAL: Not valid SSL certificate attribute name or numerical OID: " << newAttribute
);
151 attribute
= xstrdup(newAttribute
);
160 ACLCertificateData::empty() const
162 return values
.empty();
166 ACLCertificateData::clone() const
168 /* Splay trees don't clone yet. */
169 return new ACLCertificateData(*this);