Acl.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#ifndef SQUID_ACL_H
10#define SQUID_ACL_H
11
12#include "acl/forward.h"
13#include "acl/Options.h"
14#include "cbdata.h"
15#include "defines.h"
16#include "dlink.h"
17#include "sbuf/forward.h"
18
19#include <algorithm>
20#include <ostream>
21
22class ConfigParser;
23
24namespace Acl {
25
27typedef const char *TypeName;
29typedef ACL *(*Maker)(TypeName typeName);
31void RegisterMaker(TypeName typeName, Maker maker);
32
33} // namespace Acl
34
39class ACL
40{
41
42public:
43 void *operator new(size_t);
44 void operator delete(void *);
45
46 static void ParseAclLine(ConfigParser &parser, ACL ** head);
47 static void Initialize();
48 static ACL *FindByName(const char *name);
49
50 ACL();
51 ACL(ACL &&) = delete; // no copying of any kind
52 virtual ~ACL();
53
55 void context(const char *name, const char *configuration);
56
61 bool matches(ACLChecklist *checklist) const;
62
64 void parseFlags();
65
67 virtual void parse() = 0;
68 virtual char const *typeString() const = 0;
69 virtual bool isProxyAuth() const;
70 virtual SBufList dump() const = 0;
71 virtual bool empty() const = 0;
72 virtual bool valid() const;
73
75 virtual int matchForCache(ACLChecklist *checklist);
76
77 virtual void prepareForUse() {}
78
80
82 char *cfgline;
83 ACL *next; // XXX: remove or at least use refcounting
85
86private:
88 virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const
89
91 virtual bool requiresAle() const;
93 virtual bool requiresRequest() const;
95 virtual bool requiresReply() const;
96
97 // TODO: Rename to globalOptions(); these are not the only supported options
99 virtual const Acl::Options &options() { return Acl::NoOptions(); }
100
103 virtual const Acl::Options &lineOptions() { return Acl::NoOptions(); }
104};
105
107typedef enum {
108 // Authorization ACL result states
112
113 // Authentication ACL result states
114 ACCESS_AUTH_REQUIRED, // Missing Credentials
116
119namespace Acl {
120
122{
123public:
124 // TODO: Find a good way to avoid implicit conversion (without explicitly
125 // casting every ACCESS_ argument in implicit constructor calls).
126 Answer(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {}
127
128 Answer() = default;
129
130 bool operator ==(const aclMatchCode aCode) const {
131 return code == aCode;
132 }
133
134 bool operator !=(const aclMatchCode aCode) const {
135 return !(*this == aCode);
136 }
137
138 bool operator ==(const Answer allow) const {
139 return code == allow.code && kind == allow.kind;
140 }
141
142 operator aclMatchCode() const {
143 return code;
144 }
145
150 bool allowed() const { return code == ACCESS_ALLOWED; }
151
156 bool denied() const { return code == ACCESS_DENIED; }
157
159 bool conflicted() const { return !allowed() && !denied(); }
160
162
164 int kind = 0;
165
167 bool implicit = false;
168};
169
170} // namespace Acl
171
172inline std::ostream &
173operator <<(std::ostream &o, const Acl::Answer a)
174{
175 switch (a) {
176 case ACCESS_DENIED:
177 o << "DENIED";
178 break;
179 case ACCESS_ALLOWED:
180 o << "ALLOWED";
181 break;
182 case ACCESS_DUNNO:
183 o << "DUNNO";
184 break;
186 o << "AUTH_REQUIRED";
187 break;
188 }
189 return o;
190}
191
194{
196
197public:
198 acl_proxy_auth_match_cache(int matchRv, void * aclData) :
199 matchrv(matchRv),
200 acl_data(aclData)
201 {}
202
205 void *acl_data;
206};
207
210extern const char *AclMatchedName; /* NULL */
211
212#endif /* SQUID_ACL_H */
213
std::ostream & operator<<(std::ostream &o, const Acl::Answer a)
Definition: Acl.h:173
#define ACL_NAME_SZ
Definition: forward.h:41
squidaio_request_t * head
Definition: aiops.cc:126
Definition: Acl.h:40
ACL()
Definition: Acl.cc:106
virtual bool valid() const
Definition: Acl.cc:114
virtual bool requiresAle() const
whether our (i.e. shallow) match() requires checklist to have a AccessLogEntry
Definition: Acl.cc:383
virtual bool requiresRequest() const
whether our (i.e. shallow) match() requires checklist to have a request
Definition: Acl.cc:395
int cacheMatchAcl(dlink_list *cache, ACLChecklist *)
Definition: Acl.cc:341
char * cfgline
Definition: Acl.h:82
virtual int match(ACLChecklist *checklist)=0
Matches the actual data in checklist against this ACL.
void context(const char *name, const char *configuration)
sets user-specified ACL name and squid.conf context
Definition: Acl.cc:154
virtual int matchForCache(ACLChecklist *checklist)
Definition: Acl.cc:323
virtual bool requiresReply() const
whether our (i.e. shallow) match() requires checklist to have a reply
Definition: Acl.cc:389
static ACL * FindByName(const char *name)
Definition: Acl.cc:92
bool matches(ACLChecklist *checklist) const
Definition: Acl.cc:120
char name[ACL_NAME_SZ]
Definition: Acl.h:81
ACL * next
Definition: Acl.h:83
static void Initialize()
Definition: Acl.cc:412
virtual const Acl::Options & lineOptions()
Definition: Acl.h:103
virtual SBufList dump() const =0
SBufList dumpOptions()
Definition: Acl.cc:300
virtual void parse()=0
parses node representation in squid.conf; dies on failures
virtual void prepareForUse()
Definition: Acl.h:77
ACL(ACL &&)=delete
void parseFlags()
configures ACL options, throwing on configuration errors
Definition: Acl.cc:289
virtual ~ACL()
Definition: Acl.cc:404
virtual bool isProxyAuth() const
Definition: Acl.cc:283
virtual const Acl::Options & options()
Definition: Acl.h:99
virtual char const * typeString() const =0
static void ParseAclLine(ConfigParser &parser, ACL **head)
Definition: Acl.cc:165
virtual bool empty() const =0
bool registered
added to the global list of ACLs via aclRegister()
Definition: Acl.h:84
Answer()=default
int kind
the matched custom access list verb (or zero)
Definition: Acl.h:164
bool denied() const
Definition: Acl.h:156
bool operator!=(const aclMatchCode aCode) const
Definition: Acl.h:134
bool conflicted() const
whether Squid is uncertain about the allowed() or denied() answer
Definition: Acl.h:159
aclMatchCode code
ACCESS_* code.
Definition: Acl.h:161
bool operator==(const aclMatchCode aCode) const
Definition: Acl.h:130
Answer(const aclMatchCode aCode, int aKind=0)
Definition: Acl.h:126
bool allowed() const
Definition: Acl.h:150
bool implicit
whether we were computed by the "negate the last explicit action" rule
Definition: Acl.h:167
acl_proxy_auth_match_cache(int matchRv, void *aclData)
Definition: Acl.h:198
MEMPROXY_CLASS(acl_proxy_auth_match_cache)
aclMatchCode
Definition: Acl.h:107
const char * AclMatchedName
Definition: Acl.cc:29
@ ACCESS_AUTH_REQUIRED
Definition: Acl.h:114
@ ACCESS_DENIED
Definition: Acl.h:109
@ ACCESS_ALLOWED
Definition: Acl.h:110
@ ACCESS_DUNNO
Definition: Acl.h:111
Definition: Acl.cc:31
void RegisterMaker(TypeName typeName, Maker maker)
use the given ACL Maker for all ACLs of the named type
Definition: Acl.cc:71
const char * TypeName
the ACL type name known to admins
Definition: Acl.h:27
const Options & NoOptions()
Definition: Options.cc:234
ACL *(* Maker)(TypeName typeName)
a "factory" function for making ACL objects (of some ACL child type)
Definition: Acl.h:29
std::vector< const Option * > Options
Definition: Options.h:214
std::list< SBuf > SBufList
Definition: forward.h:23
int const char size_t
Definition: stub_liblog.cc:86

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors