src/acl/Gadgets.cc

   1 /*
   2  * $Id$
   3  *
   4  * DEBUG: section 28    Access Control
   5  * AUTHOR: Duane Wessels
   6  *
   7  * This file contains ACL routines that are not part of the
   8  * ACL class, nor any other class yet, and that need to be
   9  * factored into appropriate places. They are here to reduce
  10  * unneeded dependencies between the ACL class and the rest
  11  * of squid.
  12  *
  13  * SQUID Web Proxy Cache          http://www.squid-cache.org/
  14  * ----------------------------------------------------------
  15  *
  16  *  Squid is the result of efforts by numerous individuals from
  17  *  the Internet community; see the CONTRIBUTORS file for full
  18  *  details.   Many organizations have provided support for Squid's
  19  *  development; see the SPONSORS file for full details.  Squid is
  20  *  Copyrighted (C) 2001 by the Regents of the University of
  21  *  California; see the COPYRIGHT file for full details.  Squid
  22  *  incorporates software developed and/or copyrighted by other
  23  *  sources; see the CREDITS file for full details.
  24  *
  25  *  This program is free software; you can redistribute it and/or modify
  26  *  it under the terms of the GNU General Public License as published by
  27  *  the Free Software Foundation; either version 2 of the License, or
  28  *  (at your option) any later version.
  29  *
  30  *  This program is distributed in the hope that it will be useful,
  31  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  32  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  33  *  GNU General Public License for more details.
  34  *
  35  *  You should have received a copy of the GNU General Public License
  36  *  along with this program; if not, write to the Free Software
  37  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
  38  *
  39  */
  40
  41 #include "squid.h"
  42 #include "acl/Acl.h"
  43 #include "acl/Checklist.h"
  44 #include "acl/Strategised.h"
  45 #include "acl/Gadgets.h"
  46 #include "ConfigParser.h"
  47 #include "errorpage.h"
  48 #include "globals.h"
  49 #include "HttpRequest.h"
  50 #include "protos.h"
  51
  52 /* does name lookup, returns page_id */
  53 err_type
  54 aclGetDenyInfoPage(acl_deny_info_list ** head, const char *name, int redirect_allowed)
  55 {
  56     acl_deny_info_list *A = NULL;
  57
  58     debugs(28, 8, HERE << "got called for " << name);
  59
  60     for (A = *head; A; A = A->next) {
  61         acl_name_list *L = NULL;
  62
  63         if (!redirect_allowed && strchr(A->err_page_name, ':') ) {
  64             debugs(28, 8, HERE << "Skip '" << A->err_page_name << "' 30x redirects not allowed as response here.");
  65             continue;
  66         }
  67
  68         for (L = A->acl_list; L; L = L->next) {
  69             if (!strcmp(name, L->name)) {
  70                 debugs(28, 8, HERE << "match on " << name);
  71                 return A->err_page_id;
  72             }
  73
  74         }
  75     }
  76
  77     debugs(28, 8, "aclGetDenyInfoPage: no match");
  78     return ERR_NONE;
  79 }
  80
  81 /* does name lookup, returns if it is a proxy_auth acl */
  82 int
  83 aclIsProxyAuth(const char *name)
  84 {
  85     debugs(28, 5, "aclIsProxyAuth: called for " << name);
  86
  87     if (NULL == name)
  88         return false;
  89
  90     ACL *a;
  91
  92     if ((a = ACL::FindByName(name))) {
  93         debugs(28, 5, "aclIsProxyAuth: returning " << a->isProxyAuth());
  94         return a->isProxyAuth();
  95     }
  96
  97     debugs(28, 3, "aclIsProxyAuth: WARNING, called for nonexistent ACL");
  98     return false;
  99 }
 100
 101 /* maex@space.net (05.09.96)
 102  *    get the info for redirecting "access denied" to info pages
 103  *      TODO (probably ;-)
 104  *      currently there is no optimization for
 105  *      - more than one deny_info line with the same url
 106  *      - a check, whether the given acl really is defined
 107  *      - a check, whether an acl is added more than once for the same url
 108  */
 109
 110 void
 111 aclParseDenyInfoLine(acl_deny_info_list ** head)
 112 {
 113     char *t = NULL;
 114     acl_deny_info_list *A = NULL;
 115     acl_deny_info_list *B = NULL;
 116     acl_deny_info_list **T = NULL;
 117     acl_name_list *L = NULL;
 118     acl_name_list **Tail = NULL;
 119
 120     /* first expect a page name */
 121
 122     if ((t = strtok(NULL, w_space)) == NULL) {
 123         debugs(28, DBG_CRITICAL, "aclParseDenyInfoLine: " << cfg_filename << " line " << config_lineno << ": " << config_input_line);
 124         debugs(28, DBG_CRITICAL, "aclParseDenyInfoLine: missing 'error page' parameter.");
 125         return;
 126     }
 127
 128     A = (acl_deny_info_list *)memAllocate(MEM_ACL_DENY_INFO_LIST);
 129     A->err_page_id = errorReservePageId(t);
 130     A->err_page_name = xstrdup(t);
 131     A->next = (acl_deny_info_list *) NULL;
 132     /* next expect a list of ACL names */
 133     Tail = &A->acl_list;
 134
 135     while ((t = strtok(NULL, w_space))) {
 136         L = (acl_name_list *)memAllocate(MEM_ACL_NAME_LIST);
 137         xstrncpy(L->name, t, ACL_NAME_SZ);
 138         *Tail = L;
 139         Tail = &L->next;
 140     }
 141
 142     if (A->acl_list == NULL) {
 143         debugs(28, DBG_CRITICAL, "aclParseDenyInfoLine: " << cfg_filename << " line " << config_lineno << ": " << config_input_line);
 144         debugs(28, DBG_CRITICAL, "aclParseDenyInfoLine: deny_info line contains no ACL's, skipping");
 145         memFree(A, MEM_ACL_DENY_INFO_LIST);
 146         return;
 147     }
 148
 149     for (B = *head, T = head; B; T = &B->next, B = B->next)
 150
 151         ;       /* find the tail */
 152     *T = A;
 153 }
 154
 155 void
 156 aclParseAccessLine(ConfigParser &parser, acl_access ** head)
 157 {
 158     char *t = NULL;
 159     acl_access *A = NULL;
 160     acl_access *B = NULL;
 161     acl_access **T = NULL;
 162
 163     /* first expect either 'allow' or 'deny' */
 164
 165     if ((t = strtok(NULL, w_space)) == NULL) {
 166         debugs(28, DBG_CRITICAL, "aclParseAccessLine: " << cfg_filename << " line " << config_lineno << ": " << config_input_line);
 167         debugs(28, DBG_CRITICAL, "aclParseAccessLine: missing 'allow' or 'deny'.");
 168         return;
 169     }
 170
 171     A = new acl_access;
 172
 173     if (!strcmp(t, "allow"))
 174         A->allow = ACCESS_ALLOWED;
 175     else if (!strcmp(t, "deny"))
 176         A->allow = ACCESS_DENIED;
 177     else {
 178         debugs(28, DBG_CRITICAL, "aclParseAccessLine: " << cfg_filename << " line " << config_lineno << ": " << config_input_line);
 179         debugs(28, DBG_CRITICAL, "aclParseAccessLine: expecting 'allow' or 'deny', got '" << t << "'.");
 180         delete A;
 181         return;
 182     }
 183
 184     aclParseAclList(parser, &A->aclList);
 185
 186     if (A->aclList == NULL) {
 187         debugs(28, DBG_CRITICAL, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line);
 188         debugs(28, DBG_CRITICAL, "aclParseAccessLine: Access line contains no ACL's, skipping");
 189         delete A;
 190         return;
 191     }
 192
 193     A->cfgline = xstrdup(config_input_line);
 194     /* Append to the end of this list */
 195
 196     for (B = *head, T = head; B; T = &B->next, B = B->next);
 197     *T = A;
 198
 199     /* We lock _acl_access structures in ACLChecklist::matchNonBlocking() */
 200 }
 201
 202 void
 203 aclParseAclList(ConfigParser &parser, ACLList ** head)
 204 {
 205     ACLList **Tail = head;      /* sane name in the use below */
 206     ACL *a = NULL;
 207     char *t;
 208
 209     /* next expect a list of ACL names, possibly preceeded
 210      * by '!' for negation */
 211
 212     while ((t = strtok(NULL, w_space))) {
 213         ACLList *L = new ACLList;
 214
 215         if (*t == '!') {
 216             L->negated (true);
 217             ++t;
 218         }
 219
 220         debugs(28, 3, "aclParseAclList: looking for ACL name '" << t << "'");
 221         a = ACL::FindByName(t);
 222
 223         if (a == NULL) {
 224             debugs(28, DBG_CRITICAL, "aclParseAclList: ACL name '" << t << "' not found.");
 225             delete L;
 226             parser.destruct();
 227             continue;
 228         }
 229
 230         L->_acl = a;
 231         *Tail = L;
 232         Tail = &L->next;
 233     }
 234 }
 235
 236 /*********************/
 237 /* Destroy functions */
 238 /*********************/
 239
 240 void
 241 aclDestroyAcls(ACL ** head)
 242 {
 243     ACL *next = NULL;
 244
 245     debugs(28, 8, "aclDestroyACLs: invoked");
 246
 247     for (ACL *a = *head; a; a = next) {
 248         next = a->next;
 249         delete a;
 250     }
 251
 252     *head = NULL;
 253 }
 254
 255 void
 256 aclDestroyAclList(ACLList ** head)
 257 {
 258     ACLList *l;
 259     debugs(28, 8, "aclDestroyAclList: invoked");
 260
 261     for (l = *head; l; l = *head) {
 262         *head = l->next;
 263         delete l;
 264     }
 265 }
 266
 267 void
 268 aclDestroyAccessList(acl_access ** list)
 269 {
 270     acl_access *l = NULL;
 271     acl_access *next = NULL;
 272
 273     for (l = *list; l; l = next) {
 274         debugs(28, 3, "aclDestroyAccessList: '" << l->cfgline << "'");
 275         next = l->next;
 276         aclDestroyAclList(&l->aclList);
 277         safe_free(l->cfgline);
 278         cbdataFree(l);
 279     }
 280
 281     *list = NULL;
 282 }
 283
 284 /* maex@space.net (06.09.1996)
 285  *    destroy an acl_deny_info_list */
 286
 287 void
 288 aclDestroyDenyInfoList(acl_deny_info_list ** list)
 289 {
 290     acl_deny_info_list *a = NULL;
 291     acl_deny_info_list *a_next = NULL;
 292     acl_name_list *l = NULL;
 293     acl_name_list *l_next = NULL;
 294
 295     debugs(28, 8, "aclDestroyDenyInfoList: invoked");
 296
 297     for (a = *list; a; a = a_next) {
 298         for (l = a->acl_list; l; l = l_next) {
 299             l_next = l->next;
 300             safe_free(l);
 301         }
 302
 303         a_next = a->next;
 304         xfree(a->err_page_name);
 305         memFree(a, MEM_ACL_DENY_INFO_LIST);
 306     }
 307
 308     *list = NULL;
 309 }