CertificateData.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/* DEBUG: section 28 Access Control */
10
11#include "squid.h"
12#include "acl/CertificateData.h"
13#include "acl/Checklist.h"
14#include "cache_cf.h"
15#include "ConfigParser.h"
16#include "debug/Stream.h"
17#include "wordlist.h"
18
19ACLCertificateData::ACLCertificateData(Ssl::GETX509ATTRIBUTE *sslStrategy, const char *attrs, bool optionalAttr) : validAttributesStr(attrs), attributeIsOptional(optionalAttr), attribute (nullptr), values (), sslAttributeCall (sslStrategy)
20{
21 if (attrs) {
22 size_t current = 0;
23 size_t next = std::string::npos;
24 std::string valid(attrs);
25 do {
26 next = valid.find_first_of( "|", current);
27 validAttributes.push_back(valid.substr( current, (next == std::string::npos ? std::string::npos : next - current)));
28 current = next + 1;
29 } while (next != std::string::npos);
30 }
31}
32
33template<class T>
34inline void
36{
37 xfree (thing);
38}
39
41{
43}
44
45template<class T>
46inline int
47splaystrcmp (T&l, T&r)
48{
49 return strcmp ((char *)l,(char *)r);
50}
51
52bool
54{
55 if (!cert)
56 return 0;
57
58 char const *value = sslAttributeCall(cert, attribute);
59 debugs(28, 6, (attribute ? attribute : "value") << "=" << value);
60 if (value == nullptr)
61 return 0;
62
63 return values.match(value);
64}
65
68{
69 SBufList sl;
71 sl.push_back(SBuf(attribute));
72
73 sl.splice(sl.end(),values.dump());
74 return sl;
75}
76
77void
79{
81 char *newAttribute = ConfigParser::strtokFile();
82
83 if (!newAttribute) {
85 debugs(28, DBG_CRITICAL, "FATAL: required attribute argument missing");
87 }
88 return;
89 }
90
91 // Handle the cases where we have optional -x type attributes
92 if (attributeIsOptional && newAttribute[0] != '-')
93 // The read token is not an attribute/option, so add it to values list
94 values.insert(newAttribute);
95 else {
96 bool valid = false;
97 for (std::list<std::string>::const_iterator it = validAttributes.begin(); it != validAttributes.end(); ++it) {
98 if (*it == "*" || *it == newAttribute) {
99 valid = true;
100 break;
101 }
102 }
103
104 if (!valid) {
105 debugs(28, DBG_CRITICAL, "FATAL: Unknown option. Supported option(s) are: " << validAttributesStr);
107 return;
108 }
109
110 /* an acl must use consistent attributes in all config lines */
111 if (attribute) {
112 if (strcasecmp(newAttribute, attribute) != 0) {
113 debugs(28, DBG_CRITICAL, "FATAL: An acl must use consistent attributes in all config lines (" << newAttribute << "!=" << attribute << ").");
115 return;
116 }
117 } else {
118 if (strcasecmp(newAttribute, "DN") != 0) {
119 int nid = OBJ_txt2nid(newAttribute);
120 if (nid == 0) {
121 const size_t span = strspn(newAttribute, "0123456789.");
122 if(newAttribute[span] == '\0') { // looks like a numerical OID
123 // create a new object based on this attribute
124
125 // NOTE: Not a [bad] leak: If the same attribute
126 // has been added before, the OBJ_txt2nid call
127 // would return a valid nid value.
128 // TODO: call OBJ_cleanup() on reconfigure?
129 nid = OBJ_create(newAttribute, newAttribute, newAttribute);
130 debugs(28, 7, "New SSL certificate attribute created with name: " << newAttribute << " and nid: " << nid);
131 }
132 }
133 if (nid == 0) {
134 debugs(28, DBG_CRITICAL, "FATAL: Not valid SSL certificate attribute name or numerical OID: " << newAttribute);
136 return;
137 }
138 }
139 attribute = xstrdup(newAttribute);
140 }
141 }
142 }
143
144 values.parse();
145}
146
147bool
149{
150 return values.empty();
151}
152
int splaystrcmp(T &l, T &r)
void xRefFree(T &thing)
void self_destruct(void)
Definition: cache_cf.cc:276
virtual ~ACLCertificateData()
bool attributeIsOptional
True if the attribute is optional (-xxx options)
Ssl::GETX509ATTRIBUTE * sslAttributeCall
The callback used to retrieve the data from X509 cert.
virtual SBufList dump() const
ACLCertificateData(Ssl::GETX509ATTRIBUTE *, const char *attributes, bool optionalAttr=false)
ACLStringData values
const char * validAttributesStr
std::list< std::string > validAttributes
Parsed list of valid attribute names.
virtual SBufList dump() const
Definition: StringData.cc:45
bool match(char const *)
Definition: StringData.cc:39
void insert(const char *)
Insert a string data value.
Definition: StringData.cc:18
virtual void parse()
Definition: StringData.cc:53
bool empty() const
Definition: StringData.cc:60
static char * strtokFile()
Definition: ConfigParser.cc:64
Definition: SBuf.h:94
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Stream.h:196
#define DBG_CRITICAL
Definition: Stream.h:40
char const * GETX509ATTRIBUTE(X509 *, const char *)
Definition: support.h:105
#define xfree
#define xstrdup
std::list< SBuf > SBufList
Definition: forward.h:23
#define safe_free(x)
Definition: xalloc.h:73

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors