AclRegs.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#include "squid.h"
10
11#if USE_ADAPTATION
14#endif
15#include "acl/AllOf.h"
16#include "acl/AnnotateClient.h"
18#include "acl/AnnotationData.h"
19#include "acl/AnyOf.h"
20#if USE_SQUID_EUI
21#include "acl/Arp.h"
22#include "acl/Eui64.h"
23#endif
24#if USE_OPENSSL
25#include "acl/AtStep.h"
26#include "acl/AtStepData.h"
27#endif
28#include "acl/Asn.h"
29#include "acl/Checklist.h"
31#include "acl/Data.h"
32#include "acl/DestinationAsn.h"
34#include "acl/DestinationIp.h"
35#include "acl/DomainData.h"
36#if USE_LIBNETFILTERCONNTRACK
37#include "acl/ConnMark.h"
38#endif
39#if USE_AUTH
40#include "acl/ExtUser.h"
41#endif
42#include "acl/FilledChecklist.h"
43#include "acl/forward.h"
44#include "acl/Gadgets.h"
45#include "acl/HasComponent.h"
47#include "acl/HierCode.h"
48#include "acl/HierCodeData.h"
49#include "acl/HttpHeaderData.h"
50#include "acl/HttpRepHeader.h"
51#include "acl/HttpReqHeader.h"
52#include "acl/HttpStatus.h"
53#include "acl/IntRange.h"
54#include "acl/Ip.h"
55#include "acl/LocalIp.h"
56#include "acl/LocalPort.h"
57#include "acl/MaxConnection.h"
58#include "acl/Method.h"
59#include "acl/MethodData.h"
60#include "acl/MyPortName.h"
61#include "acl/Note.h"
62#include "acl/NoteData.h"
63#include "acl/PeerName.h"
64#include "acl/Protocol.h"
65#include "acl/ProtocolData.h"
66#include "acl/Random.h"
67#include "acl/RegexData.h"
69#include "acl/ReplyMimeType.h"
71#include "acl/RequestMimeType.h"
72#include "acl/SourceAsn.h"
73#include "acl/SourceDomain.h"
74#include "acl/SourceIp.h"
75#include "acl/SquidError.h"
76#include "acl/SquidErrorData.h"
77#if USE_OPENSSL
78#include "acl/Certificate.h"
79#include "acl/CertificateData.h"
80#include "acl/ServerName.h"
81#include "acl/SslError.h"
82#include "acl/SslErrorData.h"
83#endif
84#include "acl/StringData.h"
85#if USE_OPENSSL
87#endif
88#include "acl/Tag.h"
89#include "acl/Time.h"
90#include "acl/TimeData.h"
92#include "acl/Url.h"
93#include "acl/UrlLogin.h"
94#include "acl/UrlPath.h"
95#include "acl/UrlPort.h"
96#include "acl/UserData.h"
97#if USE_AUTH
98#include "auth/AclMaxUserIp.h"
99#include "auth/AclProxyAuth.h"
100#endif
101#include "base/RegexPattern.h"
102#include "ExternalACL.h"
103#if USE_IDENT
104#include "ident/AclIdent.h"
105#endif
106#if SQUID_SNMP
107#include "snmp_core.h"
108#endif
109#include "sbuf/Stream.h"
110
111namespace Acl
112{
113
118template <class Parent>
120{
122
123public:
124 using Parameters = typename Parent::Parameters;
125 using Parent::data;
126
135 static void PreferAllocatorLabelPrefix(const char * const suffix)
136 {
137 assert(!PreferredAllocatorLabelSuffix); // must be called at most once
138 assert(!FinalPoolLabel); // must be called before the class constructor
139 assert(suffix);
141 }
142
144 typeName_(typeName)
145 {
146 Assure(!data); // base classes never set this data member
147 data.reset(params);
148 Assure(data); // ... but we always do
149
150 FinalizePoolLabel(typeName);
151 }
152
153 ~FinalizedParameterizedNode() override = default;
154
155 /* ACL API */
156 const char *typeString() const override { return typeName_; }
157
158private:
165 static void FinalizePoolLabel(const TypeName typeName)
166 {
167 if (FinalPoolLabel)
168 return; // the label has been finalized already
169
170 assert(typeName);
171 const auto label = ToSBuf("acltype=", PreferredAllocatorLabelSuffix ? PreferredAllocatorLabelSuffix : typeName);
173 Pool().relabel(FinalPoolLabel);
174 }
175
177 inline static const char *PreferredAllocatorLabelSuffix = nullptr;
178
180 inline static const char *FinalPoolLabel = nullptr;
181
182 // TODO: Consider storing the spelling used by the admin instead.
185};
186
187} // namespace Acl
188
189// Not in src/acl/ because some of the ACLs it registers are not in src/acl/.
190void
192{
193 /* the registration order does not matter */
194
195 // The explicit return type (ACL*) for lambdas is needed because the type
196 // of the return expression inside lambda is not ACL* but AclFoo* while
197 // Acl::Maker is defined to return ACL*.
198
199 RegisterMaker("all-of", [](TypeName)->ACL* { return new Acl::AllOf; }); // XXX: Add name parameter to ctor
200 RegisterMaker("any-of", [](TypeName)->ACL* { return new Acl::AnyOf; }); // XXX: Add name parameter to ctor
201 RegisterMaker("random", [](TypeName name)->ACL* { return new ACLRandom(name); });
203 RegisterMaker("src_as", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SourceAsnCheck>(name, new ACLASN); });
204 RegisterMaker("dst_as", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::DestinationAsnCheck>(name, new ACLASN); });
206
208 RegisterMaker("dstdom_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::DestinationDomainCheck>(name, new ACLRegexData); });
210
211 RegisterMaker("dst", [](TypeName)->ACL* { return new ACLDestinationIP; }); // XXX: Add name parameter to ctor
212 RegisterMaker("hier_code", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HierCodeCheck>(name, new ACLHierCodeData); });
215 RegisterMaker("http_status", [](TypeName name)->ACL* { return new ACLHTTPStatus(name); });
216 RegisterMaker("maxconn", [](TypeName name)->ACL* { return new ACLMaxConnection(name); });
217 RegisterMaker("method", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::MethodCheck>(name, new ACLMethodData); });
218 RegisterMaker("localip", [](TypeName)->ACL* { return new ACLLocalIP; }); // XXX: Add name parameter to ctor
219 RegisterMaker("localport", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::LocalPortCheck>(name, new ACLIntRange); });
220 RegisterMaker("myportname", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::MyPortNameCheck>(name, new ACLStringData); });
221
222 RegisterMaker("peername", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::PeerNameCheck>(name, new ACLStringData); });
223 RegisterMaker("peername_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::PeerNameCheck>(name, new ACLRegexData); });
225
230
231 RegisterMaker("srcdomain", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SourceDomainCheck>(name, new ACLDomainData); });
232 RegisterMaker("srcdom_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SourceDomainCheck>(name, new ACLRegexData); });
234
235 RegisterMaker("src", [](TypeName)->ACL* { return new ACLSourceIP; }); // XXX: Add name parameter to ctor
236 RegisterMaker("url_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlCheck>(name, new ACLRegexData); });
237 RegisterMaker("urllogin", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlLoginCheck>(name, new ACLRegexData); });
238 RegisterMaker("urlpath_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlPathCheck>(name, new ACLRegexData); });
239 RegisterMaker("port", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlPortCheck>(name, new ACLIntRange); });
240 RegisterMaker("external", [](TypeName name)->ACL* { return new ACLExternal(name); });
241 RegisterMaker("squid_error", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SquidErrorCheck>(name, new ACLSquidErrorData); });
242 RegisterMaker("connections_encrypted", [](TypeName name)->ACL* { return new Acl::ConnectionsEncrypted(name); });
243 RegisterMaker("tag", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::TagCheck>(name, new ACLStringData); });
244 RegisterMaker("note", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::NoteCheck>(name, new ACLNoteData); });
245 RegisterMaker("annotate_client", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AnnotateClientCheck>(name, new ACLAnnotationData); });
246 RegisterMaker("annotate_transaction", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AnnotateTransactionCheck>(name, new ACLAnnotationData); });
248 RegisterMaker("transaction_initiator", [](TypeName name)->ACL* {return new TransactionInitiator(name);});
249
250#if USE_LIBNETFILTERCONNTRACK
251 RegisterMaker("clientside_mark", [](TypeName)->ACL* { return new Acl::ConnMark; }); // XXX: Add name parameter to ctor
252 RegisterMaker("client_connection_mark", [](TypeName)->ACL* { return new Acl::ConnMark; }); // XXX: Add name parameter to ctor
253#endif
254
255#if USE_OPENSSL
257
261
262 RegisterMaker("server_cert_fingerprint", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ServerCertificateCheck>(name, new ACLCertificateData(Ssl::GetX509Fingerprint, nullptr, true)); });
263 RegisterMaker("at_step", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AtStepCheck>(name, new ACLAtStepData); });
264
265 RegisterMaker("ssl::server_name", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ServerNameCheck>(name, new ACLServerNameData); });
266 RegisterMaker("ssl::server_name_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ServerNameCheck>(name, new ACLRegexData); });
268#endif
269
270#if USE_SQUID_EUI
271 RegisterMaker("arp", [](TypeName name)->ACL* { return new ACLARP(name); });
272 RegisterMaker("eui64", [](TypeName name)->ACL* { return new ACLEui64(name); });
273#endif
274
275#if USE_IDENT
276 RegisterMaker("ident", [](TypeName name)->ACL* { return new ACLIdent(new ACLUserData, name); });
277 RegisterMaker("ident_regex", [](TypeName name)->ACL* { return new ACLIdent(new ACLRegexData, name); });
278#endif
279
280#if USE_AUTH
281 RegisterMaker("ext_user", [](TypeName name)->ACL* { return new ACLExtUser(new ACLUserData, name); });
282 RegisterMaker("ext_user_regex", [](TypeName name)->ACL* { return new ACLExtUser(new ACLRegexData, name); });
283 RegisterMaker("proxy_auth", [](TypeName name)->ACL* { return new ACLProxyAuth(new ACLUserData, name); });
284 RegisterMaker("proxy_auth_regex", [](TypeName name)->ACL* { return new ACLProxyAuth(new ACLRegexData, name); });
285 RegisterMaker("max_user_ip", [](TypeName name)->ACL* { return new ACLMaxUserIP(name); });
286#endif
287
288#if USE_ADAPTATION
290#endif
291
292#if SQUID_SNMP
293 RegisterMaker("snmp_community", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SnmpCommunityCheck>(name, new ACLStringData); });
294#endif
295}
296
#define Assure(condition)
Definition: Assure.h:35
void SBufToCstring(char *d, const SBuf &s)
Definition: SBuf.h:752
#define assert(EX)
Definition: assert.h:17
Definition: Arp.h:19
Definition: Asn.h:26
Definition: Eui64.h:18
Definition: Acl.h:46
Configurable any-of ACL. Each ACL line is a disjuction of ACLs.
Definition: AnyOf.h:19
~FinalizedParameterizedNode() override=default
static const char * PreferredAllocatorLabelSuffix
if set, overrules FinalizePoolLabel() argument
Definition: AclRegs.cc:177
static void FinalizePoolLabel(const TypeName typeName)
Definition: AclRegs.cc:165
static const char * FinalPoolLabel
custom allocator label set by FinalizePoolLabel()
Definition: AclRegs.cc:180
MEMPROXY_CLASS(Acl::FinalizedParameterizedNode< Parent >)
const char * typeString() const override
Definition: AclRegs.cc:156
FinalizedParameterizedNode(TypeName typeName, Parameters *const params)
Definition: AclRegs.cc:143
static void PreferAllocatorLabelPrefix(const char *const suffix)
Definition: AclRegs.cc:135
TypeName typeName_
the "acltype" name in its canonical spelling
Definition: AclRegs.cc:184
transaction_initiator ACL
GETX509ATTRIBUTE GetX509UserAttribute
Definition: support.h:109
GETX509ATTRIBUTE GetX509CAAttribute
Definition: support.h:112
GETX509ATTRIBUTE GetX509Fingerprint
Definition: support.h:118
Definition: Acl.cc:31
void Init(void)
prepares to parse ACLs configuration
Definition: AclRegs.cc:191
void RegisterMaker(TypeName typeName, Maker maker)
use the given ACL Maker for all ACLs of the named type
Definition: Acl.cc:71
const char * TypeName
the ACL type name known to admins
Definition: Acl.h:27
SBuf ToSBuf(Args &&... args)
slowly stream-prints all arguments into a freshly allocated SBuf
Definition: Stream.h:63

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors