Acl.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_ACL_H
10 #define SQUID_ACL_H
11 
12 #include "acl/forward.h"
13 #include "acl/Options.h"
14 #include "cbdata.h"
15 #include "defines.h"
16 #include "dlink.h"
17 #include "sbuf/forward.h"
18 
19 #include <algorithm>
20 #include <ostream>
21 
22 class ConfigParser;
23 
24 namespace Acl {
25 
27 typedef const char *TypeName;
29 typedef ACL *(*Maker)(TypeName typeName);
31 void RegisterMaker(TypeName typeName, Maker maker);
32 
33 } // namespace Acl
34 
39 class ACL
40 {
41 
42 public:
43  void *operator new(size_t);
44  void operator delete(void *);
45 
46  static void ParseAclLine(ConfigParser &parser, ACL ** head);
47  static void Initialize();
48  static ACL *FindByName(const char *name);
49 
50  ACL();
51  virtual ~ACL();
52 
54  void context(const char *name, const char *configuration);
55 
60  bool matches(ACLChecklist *checklist) const;
61 
63  virtual const Acl::Options &options() { return Acl::NoOptions(); }
64 
66  virtual void parseFlags();
67 
69  virtual void parse() = 0;
70  virtual char const *typeString() const = 0;
71  virtual bool isProxyAuth() const;
72  virtual SBufList dump() const = 0;
73  virtual bool empty() const = 0;
74  virtual bool valid() const;
75 
76  int cacheMatchAcl(dlink_list * cache, ACLChecklist *);
77  virtual int matchForCache(ACLChecklist *checklist);
78 
79  virtual void prepareForUse() {}
80 
82 
84  char *cfgline;
85  ACL *next; // XXX: remove or at least use refcounting
86  bool registered;
87 
88 private:
90  virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const
91 
93  virtual bool requiresAle() const;
95  virtual bool requiresRequest() const;
97  virtual bool requiresReply() const;
98 };
99 
101 typedef enum {
102  // Authorization ACL result states
106 
107  // Authentication ACL result states
108  ACCESS_AUTH_REQUIRED, // Missing Credentials
109 } aclMatchCode;
110 
113 namespace Acl {
114 
115 class Answer
116 {
117 public:
118  // not explicit: allow "aclMatchCode to Acl::Answer" conversions (for now)
119  Answer(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {}
120 
121  Answer() = default;
122 
123  bool operator ==(const aclMatchCode aCode) const {
124  return code == aCode;
125  }
126 
127  bool operator !=(const aclMatchCode aCode) const {
128  return !(*this == aCode);
129  }
130 
131  bool operator ==(const Answer allow) const {
132  return code == allow.code && kind == allow.kind;
133  }
134 
135  operator aclMatchCode() const {
136  return code;
137  }
138 
143  bool allowed() const { return code == ACCESS_ALLOWED; }
144 
149  bool denied() const { return code == ACCESS_DENIED; }
150 
152  bool conflicted() const { return !allowed() && !denied(); }
153 
155 
157  int kind = 0;
158 
160  bool implicit = false;
161 };
162 
163 } // namespace Acl
164 
165 inline std::ostream &
166 operator <<(std::ostream &o, const Acl::Answer a)
167 {
168  switch (a) {
169  case ACCESS_DENIED:
170  o << "DENIED";
171  break;
172  case ACCESS_ALLOWED:
173  o << "ALLOWED";
174  break;
175  case ACCESS_DUNNO:
176  o << "DUNNO";
177  break;
179  o << "AUTH_REQUIRED";
180  break;
181  }
182  return o;
183 }
184 
187 {
189 
190 public:
191  acl_proxy_auth_match_cache(int matchRv, void * aclData) :
192  matchrv(matchRv),
193  acl_data(aclData)
194  {}
195 
197  int matchrv;
198  void *acl_data;
199 };
200 
203 extern const char *AclMatchedName; /* NULL */
204 
205 #endif /* SQUID_ACL_H */
206 
bool registered
added to the global list of ACLs via aclRegister()
Definition: Acl.h:86
virtual int matchForCache(ACLChecklist *checklist)
Definition: Acl.cc:318
virtual void parse()=0
parses node representation in squid.conf; dies on failures
void RegisterMaker(TypeName typeName, Maker maker)
use the given ACL Maker for all ACLs of the named type
Definition: Acl.cc:72
static ACL * FindByName(const char *name)
Definition: Acl.cc:93
std::list< SBuf > SBufList
Definition: forward.h:22
Answer()=default
virtual void parseFlags()
configures ACL options, throwing on configuration errors
Definition: Acl.cc:292
ACL * next
Definition: Acl.h:85
Definition: Acl.cc:32
SBufList dumpOptions()
Definition: Acl.cc:299
int const char size_t
Definition: stub_liblog.cc:86
bool implicit
whether we were computed by the "negate the last explicit action" rule
Definition: Acl.h:160
@ ACCESS_AUTH_REQUIRED
Definition: Acl.h:108
const char * AclMatchedName
Definition: Acl.cc:30
MEMPROXY_CLASS(acl_proxy_auth_match_cache)
std::ostream & operator<<(std::ostream &o, const Acl::Answer a)
Definition: Acl.h:166
static void ParseAclLine(ConfigParser &parser, ACL **head)
Definition: Acl.cc:168
ACL *(* Maker)(TypeName typeName)
a "factory" function for making ACL objects (of some ACL child type)
Definition: Acl.h:29
std::map< OptionName, const Option *, OptionNameCmp > Options
name:option map
Definition: Options.h:159
Answer(const aclMatchCode aCode, int aKind=0)
Definition: Acl.h:119
bool denied() const
Definition: Acl.h:149
aclMatchCode code
ACCESS_* code.
Definition: Acl.h:154
void context(const char *name, const char *configuration)
sets user-specified ACL name and squid.conf context
Definition: Acl.cc:157
acl_proxy_auth_match_cache(int matchRv, void *aclData)
Definition: Acl.h:191
virtual ~ACL()
Definition: Acl.cc:399
virtual bool isProxyAuth() const
Definition: Acl.cc:286
Definition: Acl.h:39
#define ACL_NAME_SZ
Definition: forward.h:40
static void Initialize()
Definition: Acl.cc:407
bool matches(ACLChecklist *checklist) const
Definition: Acl.cc:121
char * cfgline
Definition: Acl.h:84
virtual bool requiresRequest() const
whether our (i.e. shallow) match() requires checklist to have a request
Definition: Acl.cc:390
const typedef char * TypeName
the ACL type name known to admins
Definition: Acl.h:27
const Options & NoOptions()
Definition: Options.cc:247
bool operator==(const aclMatchCode aCode) const
Definition: Acl.h:123
bool allowed() const
Definition: Acl.h:143
virtual bool empty() const =0
squidaio_request_t * head
Definition: aiops.cc:127
virtual bool valid() const
Definition: Acl.cc:115
virtual int match(ACLChecklist *checklist)=0
Matches the actual data in checklist against this ACL.
@ ACCESS_ALLOWED
Definition: Acl.h:104
@ ACCESS_DENIED
Definition: Acl.h:103
@ ACCESS_DUNNO
Definition: Acl.h:105
int kind
the matched custom access list verb (or zero)
Definition: Acl.h:157
bool conflicted() const
whether Squid is uncertain about the allowed() or denied() answer
Definition: Acl.h:152
virtual SBufList dump() const =0
bool operator!=(const aclMatchCode aCode) const
Definition: Acl.h:127
virtual const Acl::Options & options()
Definition: Acl.h:63
ACL()
Definition: Acl.cc:107
int cacheMatchAcl(dlink_list *cache, ACLChecklist *)
Definition: Acl.cc:336
virtual void prepareForUse()
Definition: Acl.h:79
aclMatchCode
Definition: Acl.h:101
virtual const char * typeString() const =0
virtual bool requiresAle() const
whether our (i.e. shallow) match() requires checklist to have a AccessLogEntry
Definition: Acl.cc:378
char name[ACL_NAME_SZ]
Definition: Acl.h:83
virtual bool requiresReply() const
whether our (i.e. shallow) match() requires checklist to have a reply
Definition: Acl.cc:384

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors