2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_ACLFILLED_CHECKLIST_H
10 #define SQUID_ACLFILLED_CHECKLIST_H
12 #include "AccessLogEntry.h"
13 #include "acl/Checklist.h"
14 #include "acl/forward.h"
15 #include "base/CbcPointer.h"
16 #include "error/forward.h"
17 #include "ip/Address.h"
19 #include "auth/UserRequest.h"
21 #include "security/CertError.h"
29 ACLChecklist filled with specific data, representing Squid and transaction
30 state for access checks along with some data-specific checking methods
32 class ACLFilledChecklist
: public ACLChecklist
34 CBDATA_CLASS(ACLFilledChecklist
);
38 ACLFilledChecklist(const acl_access
*, HttpRequest
*, const char *ident
= nullptr);
39 ~ACLFilledChecklist() override
;
41 /// configure client request-related fields for the first time
42 void setRequest(HttpRequest
*);
43 /// configure rfc931 user identity for the first time
44 void setIdent(const char *userIdentity
);
47 /// The client connection manager
48 ConnStateData
* conn() const;
50 /// The client side fd. It uses conn() if available
54 void setConn(ConnStateData
*);
55 /// set the client side FD
56 void fd(int aDescriptor
);
58 //int authenticated();
60 bool destinationDomainChecked() const;
61 void markDestinationDomainChecked();
62 bool sourceDomainChecked() const;
63 void markSourceDomainChecked();
66 bool hasRequest() const override
{ return request
!= nullptr; }
67 bool hasReply() const override
{ return reply
!= nullptr; }
68 bool hasAle() const override
{ return al
!= nullptr; }
69 void syncAle(HttpRequest
*adaptedRequest
, const char *logUri
) const override
;
70 void verifyAle() const override
;
82 char rfc931
[USER_IDENT_SZ
];
84 Auth::UserRequest::Pointer auth_user_request
;
90 // TODO: RefCount errors; do not ignore them because their "owner" is gone!
91 /// TLS server [certificate validation] errors, in undefined order.
92 /// The errors are accumulated as Squid goes through validation steps
93 /// and server certificates. They are cleared on connection retries.
94 /// For sslproxy_cert_error checks, contains just the current/last error.
95 CbcPointer
<Security::CertErrors
> sslErrors
;
97 /// Peer certificate being checked by ssl_verify_cb() and by
98 /// Security::PeerConnector class. In other contexts, the peer
99 /// certificate is retrieved via ALE or ConnStateData::serverBump.
100 Security::CertPointer serverCert
;
102 AccessLogEntry::Pointer al
; ///< info for the future access.log, and external ACL
104 ExternalACLEntryPointer extacl_entry
;
106 err_type requestErrorType
;
109 ConnStateData
* conn_
; /**< hack for ident and NTLM */
110 int fd_
; /**< may be available when conn_ is not */
111 bool destinationDomainChecked_
;
112 bool sourceDomainChecked_
;
113 /// not implemented; will cause link failures if used
114 ACLFilledChecklist(const ACLFilledChecklist
&);
115 /// not implemented; will cause link failures if used
116 ACLFilledChecklist
&operator=(const ACLFilledChecklist
&);
119 /// convenience and safety wrapper for dynamic_cast<ACLFilledChecklist*>
121 ACLFilledChecklist
*Filled(ACLChecklist
*checklist
)
123 // this should always be safe because ACLChecklist is an abstract class
124 // and ACLFilledChecklist is its only [concrete] child
125 return dynamic_cast<ACLFilledChecklist
*>(checklist
);
128 #endif /* SQUID_ACLFILLED_CHECKLIST_H */