Acl.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#ifndef SQUID_ACL_H
10#define SQUID_ACL_H
11
12#include "acl/forward.h"
13#include "acl/Options.h"
14#include "cbdata.h"
15#include "defines.h"
16#include "dlink.h"
17#include "sbuf/forward.h"
18
19#include <algorithm>
20#include <ostream>
21
22class ConfigParser;
23
24namespace Acl {
25
27typedef const char *TypeName;
29typedef ACL *(*Maker)(TypeName typeName);
31void RegisterMaker(TypeName typeName, Maker maker);
32
37void SetKey(SBuf &keyStorage, const char *keyParameterName, const char *newKey);
38
39} // namespace Acl
40
45class ACL
46{
47
48public:
49 void *operator new(size_t);
50 void operator delete(void *);
51
52 static void ParseAclLine(ConfigParser &parser, ACL ** head);
53 static void Initialize();
54 static ACL *FindByName(const char *name);
55
56 ACL();
57 ACL(ACL &&) = delete; // no copying of any kind
58 virtual ~ACL();
59
61 void context(const char *name, const char *configuration);
62
67 bool matches(ACLChecklist *checklist) const;
68
70 void parseFlags();
71
73 virtual void parse() = 0;
74 virtual char const *typeString() const = 0;
75 virtual bool isProxyAuth() const;
76 virtual SBufList dump() const = 0;
77 virtual bool empty() const = 0;
78 virtual bool valid() const;
79
81 virtual int matchForCache(ACLChecklist *checklist);
82
83 virtual void prepareForUse() {}
84
86
88 char *cfgline;
89 ACL *next; // XXX: remove or at least use refcounting
91
92private:
94 virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const
95
97 virtual bool requiresAle() const;
99 virtual bool requiresRequest() const;
101 virtual bool requiresReply() const;
102
103 // TODO: Rename to globalOptions(); these are not the only supported options
105 virtual const Acl::Options &options() { return Acl::NoOptions(); }
106
109 virtual const Acl::Options &lineOptions() { return Acl::NoOptions(); }
110};
111
113typedef enum {
114 // Authorization ACL result states
118
119 // Authentication ACL result states
120 ACCESS_AUTH_REQUIRED, // Missing Credentials
122
125namespace Acl {
126
128{
129public:
130 // TODO: Find a good way to avoid implicit conversion (without explicitly
131 // casting every ACCESS_ argument in implicit constructor calls).
132 Answer(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {}
133
134 Answer() = default;
135
136 bool operator ==(const aclMatchCode aCode) const {
137 return code == aCode;
138 }
139
140 bool operator !=(const aclMatchCode aCode) const {
141 return !(*this == aCode);
142 }
143
144 bool operator ==(const Answer allow) const {
145 return code == allow.code && kind == allow.kind;
146 }
147
148 operator aclMatchCode() const {
149 return code;
150 }
151
156 bool allowed() const { return code == ACCESS_ALLOWED; }
157
162 bool denied() const { return code == ACCESS_DENIED; }
163
165 bool conflicted() const { return !allowed() && !denied(); }
166
168
170 int kind = 0;
171
173 bool implicit = false;
174};
175
176inline std::ostream &
177operator <<(std::ostream &o, const Answer a)
178{
179 switch (a) {
180 case ACCESS_DENIED:
181 o << "DENIED";
182 break;
183 case ACCESS_ALLOWED:
184 o << "ALLOWED";
185 break;
186 case ACCESS_DUNNO:
187 o << "DUNNO";
188 break;
190 o << "AUTH_REQUIRED";
191 break;
192 }
193 return o;
194}
195
196} // namespace Acl
197
200{
202
203public:
204 acl_proxy_auth_match_cache(int matchRv, void * aclData) :
205 matchrv(matchRv),
206 acl_data(aclData)
207 {}
208
211 void *acl_data;
212};
213
216extern const char *AclMatchedName; /* NULL */
217
218#endif /* SQUID_ACL_H */
219
#define ACL_NAME_SZ
Definition: forward.h:41
squidaio_request_t * head
Definition: aiops.cc:127
Definition: Acl.h:46
ACL()
Definition: Acl.cc:132
virtual bool valid() const
Definition: Acl.cc:140
virtual bool requiresAle() const
whether our (i.e. shallow) match() requires checklist to have a AccessLogEntry
Definition: Acl.cc:409
virtual bool requiresRequest() const
whether our (i.e. shallow) match() requires checklist to have a request
Definition: Acl.cc:421
int cacheMatchAcl(dlink_list *cache, ACLChecklist *)
Definition: Acl.cc:367
char * cfgline
Definition: Acl.h:88
virtual int match(ACLChecklist *checklist)=0
Matches the actual data in checklist against this ACL.
void context(const char *name, const char *configuration)
sets user-specified ACL name and squid.conf context
Definition: Acl.cc:180
virtual int matchForCache(ACLChecklist *checklist)
Definition: Acl.cc:349
virtual bool requiresReply() const
whether our (i.e. shallow) match() requires checklist to have a reply
Definition: Acl.cc:415
static ACL * FindByName(const char *name)
Definition: Acl.cc:118
bool matches(ACLChecklist *checklist) const
Definition: Acl.cc:146
char name[ACL_NAME_SZ]
Definition: Acl.h:87
ACL * next
Definition: Acl.h:89
static void Initialize()
Definition: Acl.cc:438
virtual const Acl::Options & lineOptions()
Definition: Acl.h:109
virtual SBufList dump() const =0
SBufList dumpOptions()
Definition: Acl.cc:326
virtual void parse()=0
parses node representation in squid.conf; dies on failures
virtual void prepareForUse()
Definition: Acl.h:83
ACL(ACL &&)=delete
void parseFlags()
configures ACL options, throwing on configuration errors
Definition: Acl.cc:315
virtual ~ACL()
Definition: Acl.cc:430
virtual bool isProxyAuth() const
Definition: Acl.cc:309
virtual const Acl::Options & options()
Definition: Acl.h:105
virtual char const * typeString() const =0
static void ParseAclLine(ConfigParser &parser, ACL **head)
Definition: Acl.cc:191
virtual bool empty() const =0
bool registered
added to the global list of ACLs via aclRegister()
Definition: Acl.h:90
Answer()=default
int kind
the matched custom access list verb (or zero)
Definition: Acl.h:170
bool denied() const
Definition: Acl.h:162
bool operator!=(const aclMatchCode aCode) const
Definition: Acl.h:140
bool conflicted() const
whether Squid is uncertain about the allowed() or denied() answer
Definition: Acl.h:165
aclMatchCode code
ACCESS_* code.
Definition: Acl.h:167
bool operator==(const aclMatchCode aCode) const
Definition: Acl.h:136
Answer(const aclMatchCode aCode, int aKind=0)
Definition: Acl.h:132
bool allowed() const
Definition: Acl.h:156
bool implicit
whether we were computed by the "negate the last explicit action" rule
Definition: Acl.h:173
Definition: SBuf.h:94
acl_proxy_auth_match_cache(int matchRv, void *aclData)
Definition: Acl.h:204
MEMPROXY_CLASS(acl_proxy_auth_match_cache)
aclMatchCode
Definition: Acl.h:113
const char * AclMatchedName
Definition: Acl.cc:29
@ ACCESS_AUTH_REQUIRED
Definition: Acl.h:120
@ ACCESS_DENIED
Definition: Acl.h:115
@ ACCESS_ALLOWED
Definition: Acl.h:116
@ ACCESS_DUNNO
Definition: Acl.h:117
Definition: Acl.cc:31
void RegisterMaker(TypeName typeName, Maker maker)
use the given ACL Maker for all ACLs of the named type
Definition: Acl.cc:71
const char * TypeName
the ACL type name known to admins
Definition: Acl.h:27
std::ostream & operator<<(std::ostream &o, const Answer a)
Definition: Acl.h:177
const Options & NoOptions()
Definition: Options.cc:234
ACL *(* Maker)(TypeName typeName)
a "factory" function for making ACL objects (of some ACL child type)
Definition: Acl.h:29
void SetKey(SBuf &keyStorage, const char *keyParameterName, const char *newKey)
Definition: Acl.cc:79
std::vector< const Option * > Options
Definition: Options.h:214
std::list< SBuf > SBufList
Definition: forward.h:23
int const char size_t
Definition: stub_liblog.cc:83

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors