src/acl/FilledChecklist.h

   1 /*
   2  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_ACLFILLED_CHECKLIST_H
  10 #define SQUID_ACLFILLED_CHECKLIST_H
  11
  12 #include "AccessLogEntry.h"
  13 #include "acl/Checklist.h"
  14 #include "acl/forward.h"
  15 #include "base/CbcPointer.h"
  16 #include "error/forward.h"
  17 #include "ip/Address.h"
  18 #if USE_AUTH
  19 #include "auth/UserRequest.h"
  20 #endif
  21 #include "security/CertError.h"
  22
  23 class CachePeer;
  24 class ConnStateData;
  25 class HttpRequest;
  26 class HttpReply;
  27
  28 /** \ingroup ACLAPI
  29     ACLChecklist filled with specific data, representing Squid and transaction
  30     state for access checks along with some data-specific checking methods
  31  */
  32 class ACLFilledChecklist: public ACLChecklist
  33 {
  34     CBDATA_CLASS(ACLFilledChecklist);
  35
  36 public:
  37     ACLFilledChecklist();
  38     ACLFilledChecklist(const acl_access *, HttpRequest *, const char *ident = nullptr);
  39     ~ACLFilledChecklist() override;
  40
  41     /// configure client request-related fields for the first time
  42     void setRequest(HttpRequest *);
  43     /// configure rfc931 user identity for the first time
  44     void setIdent(const char *userIdentity);
  45
  46 public:
  47     /// The client connection manager
  48     ConnStateData * conn() const;
  49
  50     /// The client side fd. It uses conn() if available
  51     int fd() const;
  52
  53     /// set either conn
  54     void setConn(ConnStateData *);
  55     /// set the client side FD
  56     void fd(int aDescriptor);
  57
  58     //int authenticated();
  59
  60     bool destinationDomainChecked() const;
  61     void markDestinationDomainChecked();
  62     bool sourceDomainChecked() const;
  63     void markSourceDomainChecked();
  64
  65     // ACLChecklist API
  66     bool hasRequest() const override { return request != nullptr; }
  67     bool hasReply() const override { return reply != nullptr; }
  68     bool hasAle() const override { return al != nullptr; }
  69     void syncAle(HttpRequest *adaptedRequest, const char *logUri) const override;
  70     void verifyAle() const override;
  71
  72 public:
  73     Ip::Address src_addr;
  74     Ip::Address dst_addr;
  75     Ip::Address my_addr;
  76     SBuf dst_peer_name;
  77     char *dst_rdns;
  78
  79     HttpRequest *request;
  80     HttpReply *reply;
  81
  82     char rfc931[USER_IDENT_SZ];
  83 #if USE_AUTH
  84     Auth::UserRequest::Pointer auth_user_request;
  85 #endif
  86 #if SQUID_SNMP
  87     char *snmp_community;
  88 #endif
  89
  90     // TODO: RefCount errors; do not ignore them because their "owner" is gone!
  91     /// TLS server [certificate validation] errors, in undefined order.
  92     /// The errors are accumulated as Squid goes through validation steps
  93     /// and server certificates. They are cleared on connection retries.
  94     /// For sslproxy_cert_error checks, contains just the current/last error.
  95     CbcPointer<Security::CertErrors> sslErrors;
  96
  97     /// Peer certificate being checked by ssl_verify_cb() and by
  98     /// Security::PeerConnector class. In other contexts, the peer
  99     /// certificate is retrieved via ALE or ConnStateData::serverBump.
 100     Security::CertPointer serverCert;
 101
 102     AccessLogEntry::Pointer al; ///< info for the future access.log, and external ACL
 103
 104     ExternalACLEntryPointer extacl_entry;
 105
 106     err_type requestErrorType;
 107
 108 private:
 109     ConnStateData * conn_;          /**< hack for ident and NTLM */
 110     int fd_;                        /**< may be available when conn_ is not */
 111     bool destinationDomainChecked_;
 112     bool sourceDomainChecked_;
 113     /// not implemented; will cause link failures if used
 114     ACLFilledChecklist(const ACLFilledChecklist &);
 115     /// not implemented; will cause link failures if used
 116     ACLFilledChecklist &operator=(const ACLFilledChecklist &);
 117 };
 118
 119 /// convenience and safety wrapper for dynamic_cast<ACLFilledChecklist*>
 120 inline
 121 ACLFilledChecklist *Filled(ACLChecklist *checklist)
 122 {
 123     // this should always be safe because ACLChecklist is an abstract class
 124     // and ACLFilledChecklist is its only [concrete] child
 125     return dynamic_cast<ACLFilledChecklist*>(checklist);
 126 }
 127
 128 #endif /* SQUID_ACLFILLED_CHECKLIST_H */
 129