]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/acl/Gadgets.cc
2 * DEBUG: section 28 Access Control
3 * AUTHOR: Duane Wessels
5 * This file contains ACL routines that are not part of the
6 * ACL class, nor any other class yet, and that need to be
7 * factored into appropriate places. They are here to reduce
8 * unneeded dependencies between the ACL class and the rest
11 * SQUID Web Proxy Cache http://www.squid-cache.org/
12 * ----------------------------------------------------------
14 * Squid is the result of efforts by numerous individuals from
15 * the Internet community; see the CONTRIBUTORS file for full
16 * details. Many organizations have provided support for Squid's
17 * development; see the SPONSORS file for full details. Squid is
18 * Copyrighted (C) 2001 by the Regents of the University of
19 * California; see the COPYRIGHT file for full details. Squid
20 * incorporates software developed and/or copyrighted by other
21 * sources; see the CREDITS file for full details.
23 * This program is free software; you can redistribute it and/or modify
24 * it under the terms of the GNU General Public License as published by
25 * the Free Software Foundation; either version 2 of the License, or
26 * (at your option) any later version.
28 * This program is distributed in the hope that it will be useful,
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
31 * GNU General Public License for more details.
33 * You should have received a copy of the GNU General Public License
34 * along with this program; if not, write to the Free Software
35 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
41 #include "acl/AclDenyInfoList.h"
42 #include "acl/AclNameList.h"
43 #include "acl/Checklist.h"
44 #include "acl/Gadgets.h"
45 #include "acl/Strategised.h"
47 #include "ConfigParser.h"
48 #include "errorpage.h"
50 #include "HttpRequest.h"
56 typedef std::set
<ACL
*> AclSet
;
57 /// Accumulates all ACLs to facilitate their clean deletion despite reuse.
58 static AclSet
*RegisteredAcls
; // TODO: Remove when ACLs are refcounted
60 /* does name lookup, returns page_id */
62 aclGetDenyInfoPage(AclDenyInfoList
** head
, const char *name
, int redirect_allowed
)
65 debugs(28, 3, "ERR_NONE due to a NULL name");
69 AclDenyInfoList
*A
= NULL
;
71 debugs(28, 8, HERE
<< "got called for " << name
);
73 for (A
= *head
; A
; A
= A
->next
) {
74 AclNameList
*L
= NULL
;
76 if (!redirect_allowed
&& strchr(A
->err_page_name
, ':') ) {
77 debugs(28, 8, HERE
<< "Skip '" << A
->err_page_name
<< "' 30x redirects not allowed as response here.");
81 for (L
= A
->acl_list
; L
; L
= L
->next
) {
82 if (!strcmp(name
, L
->name
)) {
83 debugs(28, 8, HERE
<< "match on " << name
);
84 return A
->err_page_id
;
90 debugs(28, 8, "aclGetDenyInfoPage: no match");
94 /* does name lookup, returns if it is a proxy_auth acl */
96 aclIsProxyAuth(const char *name
)
99 debugs(28, 3, "false due to a NULL name");
103 debugs(28, 5, "aclIsProxyAuth: called for " << name
);
107 if ((a
= ACL::FindByName(name
))) {
108 debugs(28, 5, "aclIsProxyAuth: returning " << a
->isProxyAuth());
109 return a
->isProxyAuth();
112 debugs(28, 3, "aclIsProxyAuth: WARNING, called for nonexistent ACL");
116 /* maex@space.net (05.09.96)
117 * get the info for redirecting "access denied" to info pages
119 * currently there is no optimization for
120 * - more than one deny_info line with the same url
121 * - a check, whether the given acl really is defined
122 * - a check, whether an acl is added more than once for the same url
126 aclParseDenyInfoLine(AclDenyInfoList
** head
)
129 AclDenyInfoList
*A
= NULL
;
130 AclDenyInfoList
*B
= NULL
;
131 AclDenyInfoList
**T
= NULL
;
132 AclNameList
*L
= NULL
;
133 AclNameList
**Tail
= NULL
;
135 /* first expect a page name */
137 if ((t
= ConfigParser::NextToken()) == NULL
) {
138 debugs(28, DBG_CRITICAL
, "aclParseDenyInfoLine: " << cfg_filename
<< " line " << config_lineno
<< ": " << config_input_line
);
139 debugs(28, DBG_CRITICAL
, "aclParseDenyInfoLine: missing 'error page' parameter.");
143 A
= (AclDenyInfoList
*)memAllocate(MEM_ACL_DENY_INFO_LIST
);
144 A
->err_page_id
= errorReservePageId(t
);
145 A
->err_page_name
= xstrdup(t
);
146 A
->next
= (AclDenyInfoList
*) NULL
;
147 /* next expect a list of ACL names */
150 while ((t
= ConfigParser::NextToken())) {
151 L
= (AclNameList
*)memAllocate(MEM_ACL_NAME_LIST
);
152 xstrncpy(L
->name
, t
, ACL_NAME_SZ
-1);
157 if (A
->acl_list
== NULL
) {
158 debugs(28, DBG_CRITICAL
, "aclParseDenyInfoLine: " << cfg_filename
<< " line " << config_lineno
<< ": " << config_input_line
);
159 debugs(28, DBG_CRITICAL
, "aclParseDenyInfoLine: deny_info line contains no ACL's, skipping");
160 memFree(A
, MEM_ACL_DENY_INFO_LIST
);
164 for (B
= *head
, T
= head
; B
; T
= &B
->next
, B
= B
->next
)
166 ; /* find the tail */
171 aclParseAccessLine(const char *directive
, ConfigParser
&, acl_access
**treep
)
173 /* first expect either 'allow' or 'deny' */
174 const char *t
= ConfigParser::NextToken();
177 debugs(28, DBG_CRITICAL
, "aclParseAccessLine: " << cfg_filename
<< " line " << config_lineno
<< ": " << config_input_line
);
178 debugs(28, DBG_CRITICAL
, "aclParseAccessLine: missing 'allow' or 'deny'.");
182 allow_t action
= ACCESS_DUNNO
;
183 if (!strcmp(t
, "allow"))
184 action
= ACCESS_ALLOWED
;
185 else if (!strcmp(t
, "deny"))
186 action
= ACCESS_DENIED
;
188 debugs(28, DBG_CRITICAL
, "aclParseAccessLine: " << cfg_filename
<< " line " << config_lineno
<< ": " << config_input_line
);
189 debugs(28, DBG_CRITICAL
, "aclParseAccessLine: expecting 'allow' or 'deny', got '" << t
<< "'.");
193 const int ruleId
= ((treep
&& *treep
) ? (*treep
)->childrenCount() : 0) + 1;
196 ctxBuf
.Printf("%s#%d", directive
, ruleId
);
199 Acl::AndNode
*rule
= new Acl::AndNode
;
200 rule
->context(ctxBuf
.content(), config_input_line
);
203 debugs(28, DBG_CRITICAL
, "aclParseAccessLine: " << cfg_filename
<< " line " << config_lineno
<< ": " << config_input_line
);
204 debugs(28, DBG_CRITICAL
, "aclParseAccessLine: Access line contains no ACL's, skipping");
209 /* Append to the end of this list */
213 *treep
= new Acl::Tree
;
214 (*treep
)->context(directive
, config_input_line
);
217 (*treep
)->add(rule
, action
);
219 /* We lock _acl_access structures in ACLChecklist::matchNonBlocking() */
222 // aclParseAclList does not expect or set actions (cf. aclParseAccessLine)
224 aclParseAclList(ConfigParser
&, Acl::Tree
**treep
, const char *label
)
226 // accomodate callers unable to convert their ACL list context to string
232 ctxLine
.Printf("(%s %s line)", cfg_directive
, label
);
235 Acl::AndNode
*rule
= new Acl::AndNode
;
236 rule
->context(ctxLine
.content(), config_input_line
);
241 ctxTree
.Printf("%s %s", cfg_directive
, label
);
244 // We want a cbdata-protected Tree (despite giving it only one child node).
245 Acl::Tree
*tree
= new Acl::Tree
;
247 tree
->context(ctxTree
.content(), config_input_line
);
255 aclRegister(ACL
*acl
)
257 if (!acl
->registered
) {
259 RegisteredAcls
= new AclSet
;
260 RegisteredAcls
->insert(acl
);
261 acl
->registered
= true;
265 /*********************/
266 /* Destroy functions */
267 /*********************/
269 /// helper for RegisteredAcls cleanup
271 aclDeleteOne(ACL
*acl
)
276 /// called to delete ALL Acls.
278 aclDestroyAcls(ACL
** head
)
280 *head
= NULL
; // Config.aclList
281 if (AclSet
*acls
= RegisteredAcls
) {
282 debugs(28, 8, "deleting all " << acls
->size() << " ACLs");
283 std::for_each(acls
->begin(), acls
->end(), &aclDeleteOne
);
289 aclDestroyAclList(ACLList
**list
)
291 debugs(28, 8, "aclDestroyAclList: invoked");
297 aclDestroyAccessList(acl_access
** list
)
301 debugs(28, 3, "destroying: " << *list
<< ' ' << (*list
)->name
);
305 /* maex@space.net (06.09.1996)
306 * destroy an AclDenyInfoList */
309 aclDestroyDenyInfoList(AclDenyInfoList
** list
)
311 AclDenyInfoList
*a
= NULL
;
312 AclDenyInfoList
*a_next
= NULL
;
313 AclNameList
*l
= NULL
;
314 AclNameList
*l_next
= NULL
;
316 debugs(28, 8, "aclDestroyDenyInfoList: invoked");
318 for (a
= *list
; a
; a
= a_next
) {
319 for (l
= a
->acl_list
; l
; l
= l_next
) {
325 xfree(a
->err_page_name
);
326 memFree(a
, MEM_ACL_DENY_INFO_LIST
);