Acl.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SRC_ACL_ACL_H
10 #define SQUID_SRC_ACL_ACL_H
11 
12 #include "acl/forward.h"
13 #include "defines.h"
14 #include "dlink.h"
15 #include "sbuf/SBuf.h"
16 
17 #include <algorithm>
18 #include <optional>
19 #include <ostream>
20 
21 namespace Acl {
22 
24 using TypeName = const char *;
26 using Maker = Node *(*)(TypeName typeName);
28 void RegisterMaker(TypeName typeName, Maker maker);
29 
34 void SetKey(SBuf &keyStorage, const char *keyParameterName, const char *newKey);
35 
36 } // namespace Acl
37 
39 typedef enum {
40  // Authorization ACL result states
41  ACCESS_DENIED,
42  ACCESS_ALLOWED,
43  ACCESS_DUNNO,
44 
45  // Authentication Acl::Node result states
46  ACCESS_AUTH_REQUIRED, // Missing Credentials
47 } aclMatchCode;
48 
51 namespace Acl {
52 
53 class Answer
54 {
55 public:
56  // TODO: Find a good way to avoid implicit conversion (without explicitly
57  // casting every ACCESS_ argument in implicit constructor calls).
58  Answer(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {}
59 
60  Answer() = default;
61 
62  bool operator ==(const aclMatchCode aCode) const {
63  return code == aCode;
64  }
65 
66  bool operator !=(const aclMatchCode aCode) const {
67  return !(*this == aCode);
68  }
69 
70  bool operator ==(const Answer &allow) const {
71  return code == allow.code && kind == allow.kind;
72  }
73 
74  operator aclMatchCode() const {
75  return code;
76  }
77 
82  bool allowed() const { return code == ACCESS_ALLOWED; }
83 
88  bool denied() const { return code == ACCESS_DENIED; }
89 
91  bool conflicted() const { return !allowed() && !denied(); }
92 
94  const SBuf &lastCheckDescription() const;
95 
96  aclMatchCode code = ACCESS_DUNNO;
97 
99  int kind = 0;
100 
102  bool implicit = false;
103 
105  std::optional<SBuf> lastCheckedName;
106 };
107 
108 inline std::ostream &
109 operator <<(std::ostream &o, const Answer &a)
110 {
111  switch (a) {
112  case ACCESS_DENIED:
113  o << "DENIED";
114  break;
115  case ACCESS_ALLOWED:
116  o << "ALLOWED";
117  break;
118  case ACCESS_DUNNO:
119  o << "DUNNO";
120  break;
121  case ACCESS_AUTH_REQUIRED:
122  o << "AUTH_REQUIRED";
123  break;
124  }
125  return o;
126 }
127 
129 void DumpNamedAcls(std::ostream &, const char *directiveName, NamedAcls *);
130 
132 void FreeNamedAcls(NamedAcls **);
133 
134 } // namespace Acl
135 
137 class acl_proxy_auth_match_cache
138 {
139  MEMPROXY_CLASS(acl_proxy_auth_match_cache);
140 
141 public:
142  acl_proxy_auth_match_cache(int matchRv, void * aclData) :
143  matchrv(matchRv),
144  acl_data(aclData)
145  {}
146 
147  dlink_node link;
148  int matchrv;
149  void *acl_data;
150 };
151 
152 #endif /* SQUID_SRC_ACL_ACL_H */
153 
Acl::DumpNamedAcls
void DumpNamedAcls(std::ostream &, const char *directiveName, NamedAcls *)
report the given list of "acl" directives (using squid.conf syntax)
Definition: Acl.cc:335
Acl::RegisterMaker
void RegisterMaker(TypeName typeName, Maker maker)
use the given Acl::Node Maker for all ACLs of the named type
Definition: Acl.cc:92
Acl::Answer::lastCheckDescription
const SBuf & lastCheckDescription() const
describes the ACL that was evaluated last while obtaining this answer (for debugging)
Definition: Acl.cc:123
Acl::Maker
Node *(*)(TypeName typeName) Maker
a "factory" function for making Acl::Node objects (of some Node child type)
Definition: Acl.h:26
Acl::Answer::Answer
Answer()=default
SBuf
Definition: SBuf.h:93
Acl::FreeNamedAcls
void FreeNamedAcls(NamedAcls **)
delete the given list of "acl" directives
Definition: Acl.cc:346
Acl
Definition: Acl.cc:33
Acl::SetKey
void SetKey(SBuf &keyStorage, const char *keyParameterName, const char *newKey)
Definition: Acl.cc:100
Acl::Answer::implicit
bool implicit
whether we were computed by the "negate the last explicit action" rule
Definition: Acl.h:102
ACCESS_AUTH_REQUIRED
@ ACCESS_AUTH_REQUIRED
Definition: Acl.h:46
acl_proxy_auth_match_cache::MEMPROXY_CLASS
MEMPROXY_CLASS(acl_proxy_auth_match_cache)
acl_proxy_auth_match_cache::acl_data
void * acl_data
Definition: Acl.h:149
dlink_node
Definition: dlink.h:14
Acl::Answer::Answer
Answer(const aclMatchCode aCode, int aKind=0)
Definition: Acl.h:58
Acl::Answer::denied
bool denied() const
Definition: Acl.h:88
Acl::Answer::code
aclMatchCode code
ACCESS_* code.
Definition: Acl.h:96
acl_proxy_auth_match_cache::acl_proxy_auth_match_cache
acl_proxy_auth_match_cache(int matchRv, void *aclData)
Definition: Acl.h:142
Acl::Answer::operator==
bool operator==(const aclMatchCode aCode) const
Definition: Acl.h:62
Acl::Answer::allowed
bool allowed() const
Definition: Acl.h:82
Acl::Node
Definition: Node.h:25
acl_proxy_auth_match_cache::matchrv
int matchrv
Definition: Acl.h:148
Acl::TypeName
const char * TypeName
the ACL type name known to admins
Definition: Acl.h:24
ACCESS_ALLOWED
@ ACCESS_ALLOWED
Definition: Acl.h:42
ACCESS_DENIED
@ ACCESS_DENIED
Definition: Acl.h:41
Acl::Answer::lastCheckedName
std::optional< SBuf > lastCheckedName
the name of the ACL (if any) that was evaluated last while obtaining this answer
Definition: Acl.h:105
ACCESS_DUNNO
@ ACCESS_DUNNO
Definition: Acl.h:43
Acl::Answer::kind
int kind
the matched custom access list verb (or zero)
Definition: Acl.h:99
Acl::Answer::conflicted
bool conflicted() const
whether Squid is uncertain about the allowed() or denied() answer
Definition: Acl.h:91
Acl::Answer::operator!=
bool operator!=(const aclMatchCode aCode) const
Definition: Acl.h:66
acl_proxy_auth_match_cache::link
dlink_node link
Definition: Acl.h:147
aclMatchCode
aclMatchCode
Definition: Acl.h:39
Acl::operator<<
std::ostream & operator<<(std::ostream &o, const Answer &a)
Definition: Acl.h:109
acl_proxy_auth_match_cache
Definition: Acl.h:137

 

Introduction

Documentation

Support

Miscellaneous