2 * DEBUG: section 28 Access Control
3 * AUTHOR: Duane Wessels
5 * SQUID Web Proxy Cache http://www.squid-cache.org/
6 * ----------------------------------------------------------
8 * Squid is the result of efforts by numerous individuals from
9 * the Internet community; see the CONTRIBUTORS file for full
10 * details. Many organizations have provided support for Squid's
11 * development; see the SPONSORS file for full details. Squid is
12 * Copyrighted (C) 2001 by the Regents of the University of
13 * California; see the COPYRIGHT file for full details. Squid
14 * incorporates software developed and/or copyrighted by other
15 * sources; see the CREDITS file for full details.
17 * This program is free software; you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation; either version 2 of the License, or
20 * (at your option) any later version.
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with this program; if not, write to the Free Software
29 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
32 * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
36 #include "acl/CertificateData.h"
37 #include "acl/Checklist.h"
42 ACLCertificateData::ACLCertificateData(Ssl::GETX509ATTRIBUTE
*sslStrategy
, const char *attrs
, bool optionalAttr
) : validAttributesStr(attrs
), attributeIsOptional(optionalAttr
), attribute (NULL
), values (), sslAttributeCall (sslStrategy
)
47 std::string
valid(attrs
);
50 next
= valid
.find_first_of( "|", current
);
51 validAttributes
.push_back(valid
.substr( current
, next
- current
));
52 } while (next
!= std::string::npos
);
56 ACLCertificateData::ACLCertificateData(ACLCertificateData
const &old
) : attribute (NULL
), values (old
.values
), sslAttributeCall (old
.sslAttributeCall
)
58 validAttributesStr
= old
.validAttributesStr
;
59 validAttributes
.assign (old
.validAttributes
.begin(), old
.validAttributes
.end());
60 attributeIsOptional
= old
.attributeIsOptional
;
62 attribute
= xstrdup (old
.attribute
);
72 ACLCertificateData::~ACLCertificateData()
74 safe_free (attribute
);
79 splaystrcmp (T
&l
, T
&r
)
81 return strcmp ((char *)l
,(char *)r
);
85 ACLCertificateData::match(X509
*cert
)
90 char const *value
= sslAttributeCall(cert
, attribute
);
91 debugs(28, 6, (attribute
? attribute
: "value") << "=" << value
);
95 return values
.match(value
);
99 aclDumpAttributeListWalkee(char * const & node_data
, void *outlist
)
101 /* outlist is really a wordlist ** */
102 wordlistAdd((wordlist
**)outlist
, node_data
);
106 ACLCertificateData::dump()
109 if (validAttributesStr
)
110 wordlistAdd(&wl
, attribute
);
111 /* damn this is VERY inefficient for long ACL lists... filling
112 * a wordlist this way costs Sum(1,N) iterations. For instance
113 * a 1000-elements list will be filled in 499500 iterations.
115 /* XXX FIXME: don't break abstraction */
116 values
.values
->walk(aclDumpAttributeListWalkee
, &wl
);
121 ACLCertificateData::parse()
123 if (validAttributesStr
) {
124 char *newAttribute
= strtokFile();
127 if (attributeIsOptional
)
130 debugs(28, DBG_CRITICAL
, "FATAL: required attribute argument missing");
134 // Handle the cases where we have optional -x type attributes
135 if (attributeIsOptional
&& newAttribute
[0] != '-')
136 // The read token is not an attribute/option, so add it to values list
137 values
.insert(newAttribute
);
140 for (std::list
<std::string
>::const_iterator it
= validAttributes
.begin(); it
!= validAttributes
.end(); ++it
) {
141 if (*it
== "*" || *it
== newAttribute
) {
148 debugs(28, DBG_CRITICAL
, "FATAL: Unknown option. Supported option(s) are: " << validAttributesStr
);
152 /* an acl must use consistent attributes in all config lines */
154 if (strcasecmp(newAttribute
, attribute
) != 0) {
155 debugs(28, DBG_CRITICAL
, "FATAL: An acl must use consistent attributes in all config lines (" << newAttribute
<< "!=" << attribute
<< ").");
159 attribute
= xstrdup(newAttribute
);
167 ACLCertificateData::empty() const
169 return values
.empty();
173 ACLCertificateData::clone() const
175 /* Splay trees don't clone yet. */
176 return new ACLCertificateData(*this);