]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/acl/Checklist.h
5 * SQUID Web Proxy Cache http://www.squid-cache.org/
6 * ----------------------------------------------------------
8 * Squid is the result of efforts by numerous individuals from
9 * the Internet community; see the CONTRIBUTORS file for full
10 * details. Many organizations have provided support for Squid's
11 * development; see the SPONSORS file for full details. Squid is
12 * Copyrighted (C) 2001 by the Regents of the University of
13 * California; see the COPYRIGHT file for full details. Squid
14 * incorporates software developed and/or copyrighted by other
15 * sources; see the CREDITS file for full details.
17 * This program is free software; you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation; either version 2 of the License, or
20 * (at your option) any later version.
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with this program; if not, write to the Free Software
29 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
33 #ifndef SQUID_ACLCHECKLIST_H
34 #define SQUID_ACLCHECKLIST_H
39 Base class for maintaining Squid and transaction state for access checks.
40 Provides basic ACL checking methods. Its only child, ACLFilledChecklist,
41 keeps the actual state data. The split is necessary to avoid exposing
42 all ACL-related code to virtually Squid data types. */
50 * This abstract class defines the behaviour of
51 * async lookups - which can vary for different ACL types.
52 * Today, every state object must be a singleton.
53 * See NULLState for an example.
55 \note *no* state should be stored in the state object,
56 * they are used to change the behaviour of the checklist, not
57 * to hold information. If you need to store information in the
58 * state object, consider subclassing ACLChecklist, converting it
59 * to a composite, or changing the state objects from singletons to
67 virtual void checkForAsync(ACLChecklist
*) const = 0;
68 virtual ~AsyncState() {}
71 void changeState (ACLChecklist
*, AsyncState
*) const;
74 class NullState
: public AsyncState
78 static NullState
*Instance();
79 virtual void checkForAsync(ACLChecklist
*) const;
80 virtual ~NullState() {}
83 static NullState _instance
;
89 virtual ~ACLChecklist();
92 * Trigger off a non-blocking access check for a set of *_access options..
93 * The callback specified will be called with true/false
94 * when the results of the ACL tests are known.
96 void nonBlockingCheck(PF
* callback
, void *callback_data
);
99 * Trigger a blocking access check for a set of *_access options.
101 * ACLs which cannot be satisfied directly from available data are ignored.
102 * This means any proxy_auth, external_acl, DNS lookups, Ident lookups etc
103 * which have not already been performed and cached will not be checked.
105 * If there is no access list to check the default is to return DENIED.
106 * However callers should perform their own check and default based on local
107 * knowledge of the ACL usage rather than depend on this default.
108 * That will also save on work setting up ACLChecklist fields for a no-op.
110 * \retval 1/true Access Allowed
111 * \retval 0/false Access Denied
116 * Trigger a blocking access check for a single ACL line (a AND b AND c).
118 * ACLs which cannot be satisfied directly from available data are ignored.
119 * This means any proxy_auth, external_acl, DNS lookups, Ident lookups etc
120 * which have not already been performed and cached will not be checked.
122 * \retval 1/true Access Allowed
123 * \retval 0/false Access Denied
125 bool matchAclListFast(const ACLList
* list
);
128 * Attempt to check the current checklist against current data.
129 * This is the core routine behind all ACL test routines.
130 * As much as possible of current tests are performed immediately
131 * and the result is maybe delayed to wait for async lookups.
133 * When all tests are done callback is presented with one of:
134 * - ACCESS_ALLOWED Access explicitly Allowed
135 * - ACCESS_DENIED Access explicitly Denied
139 bool asyncInProgress() const;
140 void asyncInProgress(bool const);
142 bool finished() const;
145 allow_t
const & currentAnswer() const;
146 void currentAnswer(allow_t
const);
148 void changeState(AsyncState
*);
149 AsyncState
*asyncState() const;
151 // XXX: ACLs that need request or reply have to use ACLFilledChecklist and
152 // should do their own checks so that we do not have to povide these two
153 // for ACL::checklistMatches to use
154 virtual bool hasRequest() const = 0;
155 virtual bool hasReply() const = 0;
158 virtual void checkCallback(allow_t answer
);
160 void checkAccessList();
161 void checkForAsync();
164 const acl_access
*accessList
;
169 private: /* internal methods */
171 void matchAclList(const ACLList
* list
, bool const fast
);
172 void matchAclListSlow(const ACLList
* list
);
180 bool checking() const;
181 void checking (bool const);
187 bool lastACLResult(bool x
) { return lastACLResult_
= x
; }
189 bool lastACLResult() const { return lastACLResult_
; }
192 #endif /* SQUID_ACLCHECKLIST_H */