Acl.h

Go to the documentation of this file.

/*
 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */
 
#ifndef SQUID_ACL_H
#define SQUID_ACL_H
 
#include "acl/forward.h"
#include "acl/Options.h"
#include "cbdata.h"
#include "defines.h"
#include "dlink.h"
#include "sbuf/forward.h"
 
#include <algorithm>
#include <ostream>
 
class ConfigParser;
 
namespace Acl {
 
typedef const char *TypeName;
typedef ACL *(*Maker)(TypeName typeName);
void RegisterMaker(TypeName typeName, Maker maker);
 
} // namespace Acl
 
class ACL
{
 
public:
    void *operator new(size_t);
    void operator delete(void *);
 
    static void ParseAclLine(ConfigParser &parser, ACL ** head);
    static void Initialize();
    static ACL *FindByName(const char *name);
 
    ACL();
    virtual ~ACL();
 
    void context(const char *name, const char *configuration);
 
    bool matches(ACLChecklist *checklist) const;
 
    virtual const Acl::Options &options() { return Acl::NoOptions(); }
 
    virtual void parseFlags();
 
    virtual void parse() = 0;
    virtual char const *typeString() const = 0;
    virtual bool isProxyAuth() const;
    virtual SBufList dump() const = 0;
    virtual bool empty() const = 0;
    virtual bool valid() const;
 
    int cacheMatchAcl(dlink_list * cache, ACLChecklist *);
    virtual int matchForCache(ACLChecklist *checklist);
 
    virtual void prepareForUse() {}
 
    SBufList dumpOptions(); 
 
    char name[ACL_NAME_SZ];
    char *cfgline;
    ACL *next; // XXX: remove or at least use refcounting
    bool registered; 
 
private:
    virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const
 
    virtual bool requiresAle() const;
    virtual bool requiresRequest() const;
    virtual bool requiresReply() const;
};
 
typedef enum {
    // Authorization ACL result states
    ACCESS_DENIED,
    ACCESS_ALLOWED,
    ACCESS_DUNNO,
 
    // Authentication ACL result states
    ACCESS_AUTH_REQUIRED,    // Missing Credentials
} aclMatchCode;
 
namespace Acl {
 
class Answer
{
public:
    // not explicit: allow "aclMatchCode to Acl::Answer" conversions (for now)
    Answer(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {}
 
    Answer() = default;
 
    bool operator ==(const aclMatchCode aCode) const {
        return code == aCode;
    }
 
    bool operator !=(const aclMatchCode aCode) const {
        return !(*this == aCode);
    }
 
    bool operator ==(const Answer allow) const {
        return code == allow.code && kind == allow.kind;
    }
 
    operator aclMatchCode() const {
        return code;
    }
 
    bool allowed() const { return code == ACCESS_ALLOWED; }
 
    bool denied() const { return code == ACCESS_DENIED; }
 
    bool conflicted() const { return !allowed() && !denied(); }
 
    aclMatchCode code = ACCESS_DUNNO; 
 
    int kind = 0;
 
    bool implicit = false;
};
 
} // namespace Acl
 
inline std::ostream &
operator <<(std::ostream &o, const Acl::Answer a)
{
    switch (a) {
    case ACCESS_DENIED:
        o << "DENIED";
        break;
    case ACCESS_ALLOWED:
        o << "ALLOWED";
        break;
    case ACCESS_DUNNO:
        o << "DUNNO";
        break;
    case ACCESS_AUTH_REQUIRED:
        o << "AUTH_REQUIRED";
        break;
    }
    return o;
}
 
class acl_proxy_auth_match_cache
{
    MEMPROXY_CLASS(acl_proxy_auth_match_cache);
 
public:
    acl_proxy_auth_match_cache(int matchRv, void * aclData) :
        matchrv(matchRv),
        acl_data(aclData)
    {}
 
    dlink_node link;
    int matchrv;
    void *acl_data;
};
 
extern const char *AclMatchedName;  /* NULL */
 
#endif /* SQUID_ACL_H */