2 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 28 Access Control */
12 #include "acl/Checklist.h"
13 #include "acl/DomainData.h"
16 #include "ConfigParser.h"
27 ACLDomainData::~ACLDomainData()
30 domains
->destroy(xRefFree
);
37 splaystrcasecmp (T
&l
, T
&r
)
39 return strcasecmp ((char *)l
,(char *)r
);
44 splaystrcmp (T
&l
, T
&r
)
46 return strcmp ((char *)l
,(char *)r
);
49 /* general compare functions, these are used for tree search algorithms
50 * so they return <0, 0 or >0 */
52 /* compare a host and a domain */
55 aclHostDomainCompare( char *const &a
, char * const &b
)
57 const char *h
= static_cast<const char *>(a
);
58 const char *d
= static_cast<const char *>(b
);
59 return matchDomainName(h
, d
);
62 /* compare two domains */
66 aclDomainCompare(T
const &a
, T
const &b
)
68 char * const d1
= static_cast<char *>(b
);
69 char * const d2
= static_cast<char *>(a
);
71 ret
= aclHostDomainCompare(d1
, d2
);
76 ret
= aclHostDomainCompare(d3
, d4
);
78 // When a.example.com comes after .example.com in an ACL
79 // sub-domain is ignored. That is okay. Just important
80 bool d3big
= (strlen(d3
) > strlen(d4
)); // Always suggest removing the longer one.
81 debugs(28, DBG_IMPORTANT
, "WARNING: '" << (d3big
?d3
:d4
) << "' is a subdomain of '" << (d3big
?d4
:d3
) << "'");
82 debugs(28, DBG_IMPORTANT
, "WARNING: You should remove '" << (d3big
?d3
:d4
) << "' from the ACL named '" << AclMatchedName
<< "'");
83 debugs(28, 2, HERE
<< "Ignore '" << d3
<< "' to keep splay tree searching predictable");
85 } else if (ret
== 0) {
86 // It may be an exact duplicate. No problem. Just drop.
87 if (strcmp(d1
,d2
)==0) {
88 debugs(28, 2, "WARNING: '" << d2
<< "' is duplicated in the list.");
89 debugs(28, 2, "WARNING: You should remove one '" << d2
<< "' from the ACL named '" << AclMatchedName
<< "'");
92 // When a.example.com comes before .example.com in an ACL
93 // discarding the wildcard is critically bad.
94 // or Maybe even both are wildcards. Things are very weird in those cases.
95 bool d1big
= (strlen(d1
) > strlen(d2
)); // Always suggest removing the longer one.
96 debugs(28, DBG_CRITICAL
, "ERROR: '" << (d1big
?d1
:d2
) << "' is a subdomain of '" << (d1big
?d2
:d1
) << "'");
97 debugs(28, DBG_CRITICAL
, "ERROR: You need to remove '" << (d1big
?d1
:d2
) << "' from the ACL named '" << AclMatchedName
<< "'");
105 ACLDomainData::match(char const *host
)
110 debugs(28, 3, "aclMatchDomainList: checking '" << host
<< "'");
112 char *h
= const_cast<char *>(host
);
113 char const * const * result
= domains
->find(h
, aclHostDomainCompare
);
115 debugs(28, 3, "aclMatchDomainList: '" << host
<< "' " << (result
? "found" : "NOT found"));
117 return (result
!= NULL
);
120 struct AclDomainDataDumpVisitor
{
122 void operator() (char * const & node_data
) {
123 contents
.push_back(SBuf(node_data
));
128 ACLDomainData::dump() const
130 AclDomainDataDumpVisitor visitor
;
131 domains
->visit(visitor
);
132 return visitor
.contents
;
136 ACLDomainData::parse()
139 domains
= new Splay
<char *>();
141 while (char *t
= ConfigParser::strtokFile()) {
143 domains
->insert(xstrdup(t
), aclDomainCompare
);
148 ACLDomainData::empty() const
150 return domains
->empty();
153 ACLData
<char const *> *
154 ACLDomainData::clone() const
156 /* Splay trees don't clone yet. */
158 return new ACLDomainData
;