src/acl/UserData.cc

   1 /*
   2  * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /* DEBUG: section 28    Access Control */
  10
  11 #include "squid.h"
  12 #include "acl/Checklist.h"
  13 #include "acl/UserData.h"
  14 #include "ConfigParser.h"
  15 #include "Debug.h"
  16 #include "globals.h"
  17 #include "util.h"
  18
  19 ACLUserData::~ACLUserData()
  20 {
  21 }
  22
  23 bool
  24 ACLUserData::match(char const *user)
  25 {
  26     debugs(28, 7, "user is " << user << ", case_insensitive is " << flags.case_insensitive);
  27
  28     if (user == NULL || strcmp(user, "-") == 0)
  29         return 0;
  30
  31     if (flags.required) {
  32         debugs(28, 7, "aclMatchUser: user REQUIRED and auth-info present.");
  33         return 1;
  34     }
  35
  36     bool result = (userDataNames.find(SBuf(user)) != userDataNames.end());
  37     debugs(28, 7, "returning " << result);
  38     return result;
  39 }
  40
  41 SBufList
  42 ACLUserData::dump() const
  43 {
  44     SBufList sl;
  45
  46     if (flags.case_insensitive)
  47         sl.push_back(SBuf("-i"));
  48
  49     if (flags.required) {
  50         sl.push_back(SBuf("REQUIRED"));
  51     } else {
  52         sl.insert(sl.end(), userDataNames.begin(), userDataNames.end());
  53     }
  54     return sl;
  55 }
  56
  57 static bool
  58 CaseInsensitveSBufCompare(const SBuf &lhs, const SBuf &rhs)
  59 {
  60     return (lhs.caseCmp(rhs) < 0);
  61 }
  62
  63 void
  64 ACLUserData::parse()
  65 {
  66     debugs(28, 2, "parsing user list");
  67
  68     char *t = NULL;
  69     if ((t = ConfigParser::strtokFile())) {
  70         SBuf s(t);
  71         debugs(28, 5, "first token is " << s);
  72
  73         if (s.cmp("-i",2) == 0) {
  74             debugs(28, 5, "Going case-insensitive");
  75             flags.case_insensitive = true;
  76             // due to how the std::set API work, if we want to change
  77             // the comparison function we have to create a new std::set
  78             UserDataNames_t newUdn(CaseInsensitveSBufCompare);
  79             newUdn.insert(userDataNames.begin(), userDataNames.end());
  80             swap(userDataNames,newUdn);
  81         } else if (s.cmp("REQUIRED") == 0) {
  82             debugs(28, 5, "REQUIRED-type enabled");
  83             flags.required = true;
  84         } else {
  85             if (flags.case_insensitive)
  86                 s.toLower();
  87
  88             debugs(28, 6, "Adding user " << s);
  89             userDataNames.insert(s);
  90         }
  91     }
  92
  93     debugs(28, 3, "Case-insensitive-switch is " << flags.case_insensitive);
  94     /* we might inherit from a previous declaration */
  95
  96     debugs(28, 4, "parsing following tokens");
  97
  98     while ((t = ConfigParser::strtokFile())) {
  99         SBuf s(t);
 100         debugs(28, 6, "Got token: " << s);
 101
 102         if (flags.case_insensitive)
 103             s.toLower();
 104
 105         debugs(28, 6, "Adding user " << s);
 106         userDataNames.insert(s);
 107     }
 108
 109     if (flags.required && !userDataNames.empty()) {
 110         debugs(28, DBG_PARSE_NOTE(1), "WARNING: detected attempt to add usernames to an acl of type REQUIRED");
 111         userDataNames.clear();
 112     }
 113
 114     debugs(28,4, "ACL contains " << userDataNames.size() << " users");
 115 }
 116
 117 bool
 118 ACLUserData::empty() const
 119 {
 120     debugs(28,6,"required: " << flags.required << ", number of users: " << userDataNames.size());
 121     if (flags.required)
 122         return false;
 123     return userDataNames.empty();
 124 }
 125
 126 ACLData<char const *> *
 127 ACLUserData::clone() const
 128 {
 129     return new ACLUserData;
 130 }
 131