/*
- * $Id: ACLHTTPHeaderData.cc,v 1.1 2006/06/14 19:18:24 serassio Exp $
+ * $Id: ACLHTTPHeaderData.cc,v 1.2 2006/08/05 12:05:35 robertc Exp $
*
* DEBUG: section 28 Access Control
* AUTHOR: Duane Wessels
#include "authenticate.h"
#include "ACLChecklist.h"
#include "ACL.h"
+#include "ACLRegexData.h"
#include "wordlist.h"
#include "ConfigParser.h"
-//TODO: These should be unified
-static void aclDestroyRegexList(relist * data);
-void
-aclDestroyRegexList(relist * data)
-{
- relist *next = NULL;
-
- for (; data; data = next) {
- next = data->next;
- regfree(&data->regex);
- safe_free(data->pattern);
- memFree(data, MEM_RELIST);
- }
-}
+/* Construct an ACLHTTPHeaderData that uses an ACLRegex rule with the value of the
+ * selected header from a given request.
+ *
+ * TODO: This can be generalised by making the type of the regex_rule into a
+ * template parameter - so that we can use different rules types in future.
+ */
+ACLHTTPHeaderData::ACLHTTPHeaderData() : hdrId(HDR_BAD_HDR), regex_rule(new ACLRegexData)
+{}
ACLHTTPHeaderData::~ACLHTTPHeaderData()
{
- aclDestroyRegexList(data);
+ delete regex_rule;
}
bool
debug(28, 3) ("aclHeaderData::match: checking '%s'\n", hdrName.buf());
- relist *first, *prev;
-
- first = data;
-
- prev = NULL;
-
- relist *current = first;
-
String value = hdrId != HDR_BAD_HDR ? hdr->getStrOrList(hdrId) : hdr->getByName(hdrName.buf());
- // A header value will not be modified, but may not be present
- while (value.buf() && current) {
- debug(28, 3) ("aclHeaderData::match: looking for '%s'\n", current->pattern);
-
- if (regexec(¤t->regex, value.buf(), 0, 0, 0) == 0) {
- if (prev != NULL) {
- /* shift the element just found to the second position
- * in the list */
- prev->next = current->next;
- current->next = first->next;
- first->next = current;
- }
-
- debug(28, 2) ("aclHeaderData::match: match '%s' found in '%s'\n",
- current->pattern, value.buf());
- return 1;
- }
-
- prev = current;
- current = current->next;
- }
-
- return 0;
+ return regex_rule->match(value.buf());
}
wordlist *
ACLHTTPHeaderData::dump()
{
wordlist *W = NULL;
- relist *temp = data;
-
- while (temp != NULL) {
- wordlistAdd(&W, temp->pattern);
- temp = temp->next;
- }
-
+ wordlistAdd(&W, hdrName.buf());
+ wordlist * regex_dump = regex_rule->dump();
+ wordlistAddWl(&W, regex_dump);
+ wordlistDestroy(®ex_dump);
return W;
}
-static void aclParseHeaderList(relist **curlist);
-//TODO: These should be merged...
-void
-aclParseHeaderList(relist **curlist)
-{
- relist **Tail;
- relist *q = NULL;
- char *t = NULL;
- regex_t comp;
- int errcode;
- int flags = REG_EXTENDED | REG_NOSUB;
-
- for (Tail = (relist **)curlist; *Tail; Tail = &((*Tail)->next))
-
- ;
-
- while ((t = ConfigParser::strtokFile())) {
- if (strcmp(t, "-i") == 0) {
- flags |= REG_ICASE;
- continue;
- }
-
- if (strcmp(t, "+i") == 0) {
- flags &= ~REG_ICASE;
- continue;
- }
-
- if ((errcode = regcomp(&comp, t, flags)) != 0) {
- char errbuf[256];
- regerror(errcode, &comp, errbuf, sizeof errbuf);
- debug(28, 0) ("%s line %d: %s\n",
- cfg_filename, config_lineno, config_input_line);
- debug(28, 0) ("aclParseHeaderList: Invalid regular expression '%s': %s\n",
- t, errbuf);
- continue;
- }
-
- q = (relist *)memAllocate(MEM_RELIST);
- q->pattern = xstrdup(t);
- q->regex = comp;
- *(Tail) = q;
- Tail = &q->next;
- }
-}
-
void
ACLHTTPHeaderData::parse()
{
assert (t != NULL);
hdrName = t;
hdrId = httpHeaderIdByNameDef(hdrName.buf(), strlen(hdrName.buf()));
- aclParseHeaderList(&data);
+ regex_rule->parse();
}
bool
ACLHTTPHeaderData::empty() const
{
- return data == NULL;
+ return (hdrId == HDR_BAD_HDR && !hdrName.buf()) || regex_rule->empty();
}
ACLData<HttpHeader*> *
ACLHTTPHeaderData::clone() const
{
/* Header's don't clone yet. */
- assert (!data);
- return new ACLHTTPHeaderData;
+ ACLHTTPHeaderData * result = new ACLHTTPHeaderData;
+ result->regex_rule = regex_rule->clone();
+ result->hdrId = hdrId;
+ result->hdrName = hdrName;
+ return result;
}
-
/*
- * $Id: ACLHTTPHeaderData.h,v 1.1 2006/06/14 19:18:24 serassio Exp $
+ * $Id: ACLHTTPHeaderData.h,v 1.2 2006/08/05 12:05:35 robertc Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
* Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
*/
-#ifndef SQUID_ACLREGEXDATA_H
-#define SQUID_ACLREGEXDATA_H
+#ifndef SQUID_ACLHTTPHEADERDATA_H
+#define SQUID_ACLHTTPHEADERDATA_H
#include "ACLData.h"
class ACLHTTPHeaderData : public ACLData<HttpHeader*>
public:
MEMPROXY_CLASS(ACLHTTPHeaderData);
+ ACLHTTPHeaderData();
virtual ~ACLHTTPHeaderData();
virtual bool match(HttpHeader* hdr);
virtual wordlist *dump();
private:
http_hdr_type hdrId; // set if header is known
String hdrName; // always set
- relist *data;
+ ACLData<char const *> * regex_rule;
};
MEMPROXY_CLASS_INLINE(ACLHTTPHeaderData)
-#endif /* SQUID_ACLREGEXDATA_H */
+#endif /* SQUID_ACLHTTPHEADERDATA_H */
#
-# $Id: cf.data.pre,v 1.420 2006/07/31 13:17:57 serassio Exp $
+# $Id: cf.data.pre,v 1.421 2006/08/05 12:05:35 robertc Exp $
#
#
# SQUID Web Proxy Cache http://www.squid-cache.org/
# clients may appear to come from multiple addresses if they are
# going through proxy farms, so a limit of 1 may cause user problems.
- acl aclname req_mime_type mime-type1 ...
- # regex match agains the mime type of the request generated
- # by the client. Can be used to detect file upload or some
- # types HTTP tunneling requests.
- # NOTE: This does NOT match the reply. You cannot use this
- # to match the returned file type.
-
- acl aclname req_header header-name [-i] any\.regex\.here
- # regex match against any of the known request headers. May be
- # thought of as a superset of "browser", "referer" and "mime-type"
- # ACLs.
-
acl aclname rep_mime_type mime-type1 ...
# regex match against the mime type of the reply received by
# squid. Can be used to detect file download or some
# effect in rules that affect the reply data stream such as
# http_reply_access.
+ acl aclname rep_header header-name [-i] any\.regex\.here
+ # regex match against any of the known reply headers. May be
+ # thought of as a superset of "browser", "referer" and "mime-type"
+ # ACLs.
+
+ acl aclname req_mime_type mime-type1 ...
+ # regex match agains the mime type of the request generated
+ # by the client. Can be used to detect file upload or some
+ # types HTTP tunneling requests.
+ # NOTE: This does NOT match the reply. You cannot use this
+ # to match the returned file type.
+
acl aclname req_header header-name [-i] any\.regex\.here
# regex match against any of the known request headers. May be
# thought of as a superset of "browser", "referer" and "mime-type"
projects / thirdparty / squid.git / commitdiff
