Acl.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#ifndef SQUID_ACL_H
10#define SQUID_ACL_H
11
12#include "acl/forward.h"
13#include "acl/Options.h"
14#include "cbdata.h"
15#include "defines.h"
16#include "dlink.h"
17#include "sbuf/forward.h"
18
19#include <algorithm>
20#include <ostream>
21
22class ConfigParser;
23
24namespace Acl {
25
27typedef const char *TypeName;
29typedef ACL *(*Maker)(TypeName typeName);
31void RegisterMaker(TypeName typeName, Maker maker);
32
37void SetKey(SBuf &keyStorage, const char *keyParameterName, const char *newKey);
38
39} // namespace Acl
40
45class ACL
46{
47
48public:
49 void *operator new(size_t);
50 void operator delete(void *);
51
52 static void ParseAclLine(ConfigParser &parser, ACL ** head);
53 static void Initialize();
54 static ACL *FindByName(const char *name);
55
56 ACL();
57 ACL(ACL &&) = delete; // no copying of any kind
58 virtual ~ACL();
59
61 void context(const char *name, const char *configuration);
62
67 bool matches(ACLChecklist *checklist) const;
68
70 void parseFlags();
71
73 virtual void parse() = 0;
74 virtual char const *typeString() const = 0;
75 virtual bool isProxyAuth() const;
76 virtual SBufList dump() const = 0;
77 virtual bool empty() const = 0;
78 virtual bool valid() const;
79
80 int cacheMatchAcl(dlink_list * cache, ACLChecklist *);
81 virtual int matchForCache(ACLChecklist *checklist);
82
83 virtual void prepareForUse() {}
84
85 SBufList dumpOptions();
86
87 char name[ACL_NAME_SZ];
88 char *cfgline;
89 ACL *next; // XXX: remove or at least use refcounting
90 bool registered;
91
92private:
94 virtual int match(ACLChecklist *checklist) = 0; // XXX: missing const
95
97 virtual bool requiresAle() const;
99 virtual bool requiresRequest() const;
101 virtual bool requiresReply() const;
102
103 // TODO: Rename to globalOptions(); these are not the only supported options
105 virtual const Acl::Options &options() { return Acl::NoOptions(); }
106
109 virtual const Acl::Options &lineOptions() { return Acl::NoOptions(); }
110};
111
113typedef enum {
114 // Authorization ACL result states
115 ACCESS_DENIED,
116 ACCESS_ALLOWED,
117 ACCESS_DUNNO,
118
119 // Authentication ACL result states
120 ACCESS_AUTH_REQUIRED, // Missing Credentials
121} aclMatchCode;
122
125namespace Acl {
126
127class Answer
128{
129public:
130 // TODO: Find a good way to avoid implicit conversion (without explicitly
131 // casting every ACCESS_ argument in implicit constructor calls).
132 Answer(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {}
133
134 Answer() = default;
135
136 bool operator ==(const aclMatchCode aCode) const {
137 return code == aCode;
138 }
139
140 bool operator !=(const aclMatchCode aCode) const {
141 return !(*this == aCode);
142 }
143
144 bool operator ==(const Answer allow) const {
145 return code == allow.code && kind == allow.kind;
146 }
147
148 operator aclMatchCode() const {
149 return code;
150 }
151
156 bool allowed() const { return code == ACCESS_ALLOWED; }
157
162 bool denied() const { return code == ACCESS_DENIED; }
163
165 bool conflicted() const { return !allowed() && !denied(); }
166
167 aclMatchCode code = ACCESS_DUNNO;
168
170 int kind = 0;
171
173 bool implicit = false;
174};
175
176inline std::ostream &
177operator <<(std::ostream &o, const Answer a)
178{
179 switch (a) {
180 case ACCESS_DENIED:
181 o << "DENIED";
182 break;
183 case ACCESS_ALLOWED:
184 o << "ALLOWED";
185 break;
186 case ACCESS_DUNNO:
187 o << "DUNNO";
188 break;
189 case ACCESS_AUTH_REQUIRED:
190 o << "AUTH_REQUIRED";
191 break;
192 }
193 return o;
194}
195
196} // namespace Acl
197
199class acl_proxy_auth_match_cache
200{
201 MEMPROXY_CLASS(acl_proxy_auth_match_cache);
202
203public:
204 acl_proxy_auth_match_cache(int matchRv, void * aclData) :
205 matchrv(matchRv),
206 acl_data(aclData)
207 {}
208
209 dlink_node link;
210 int matchrv;
211 void *acl_data;
212};
213
216extern const char *AclMatchedName; /* NULL */
217
218#endif /* SQUID_ACL_H */
219
ACL_NAME_SZ
#define ACL_NAME_SZ
Definition: forward.h:41
head
squidaio_request_t * head
Definition: aiops.cc:127
ACL
Definition: Acl.h:46
ACL::ACL
ACL()
Definition: Acl.cc:132
ACL::valid
virtual bool valid() const
Definition: Acl.cc:140
ACL::requiresAle
virtual bool requiresAle() const
whether our (i.e. shallow) match() requires checklist to have a AccessLogEntry
Definition: Acl.cc:409
ACL::requiresRequest
virtual bool requiresRequest() const
whether our (i.e. shallow) match() requires checklist to have a request
Definition: Acl.cc:421
ACL::cacheMatchAcl
int cacheMatchAcl(dlink_list *cache, ACLChecklist *)
Definition: Acl.cc:367
ACL::cfgline
char * cfgline
Definition: Acl.h:88
ACL::match
virtual int match(ACLChecklist *checklist)=0
Matches the actual data in checklist against this ACL.
ACL::context
void context(const char *name, const char *configuration)
sets user-specified ACL name and squid.conf context
Definition: Acl.cc:180
ACL::matchForCache
virtual int matchForCache(ACLChecklist *checklist)
Definition: Acl.cc:349
ACL::requiresReply
virtual bool requiresReply() const
whether our (i.e. shallow) match() requires checklist to have a reply
Definition: Acl.cc:415
ACL::FindByName
static ACL * FindByName(const char *name)
Definition: Acl.cc:118
ACL::matches
bool matches(ACLChecklist *checklist) const
Definition: Acl.cc:146
ACL::name
char name[ACL_NAME_SZ]
Definition: Acl.h:87
ACL::next
ACL * next
Definition: Acl.h:89
ACL::Initialize
static void Initialize()
Definition: Acl.cc:438
ACL::lineOptions
virtual const Acl::Options & lineOptions()
Definition: Acl.h:109
ACL::dump
virtual SBufList dump() const =0
ACL::dumpOptions
SBufList dumpOptions()
Definition: Acl.cc:326
ACL::parse
virtual void parse()=0
parses node representation in squid.conf; dies on failures
ACL::prepareForUse
virtual void prepareForUse()
Definition: Acl.h:83
ACL::ACL
ACL(ACL &&)=delete
ACL::parseFlags
void parseFlags()
configures ACL options, throwing on configuration errors
Definition: Acl.cc:315
ACL::~ACL
virtual ~ACL()
Definition: Acl.cc:430
ACL::isProxyAuth
virtual bool isProxyAuth() const
Definition: Acl.cc:309
ACL::options
virtual const Acl::Options & options()
Definition: Acl.h:105
ACL::typeString
virtual char const * typeString() const =0
ACL::ParseAclLine
static void ParseAclLine(ConfigParser &parser, ACL **head)
Definition: Acl.cc:191
ACL::empty
virtual bool empty() const =0
ACL::registered
bool registered
added to the global list of ACLs via aclRegister()
Definition: Acl.h:90
Acl::Answer::Answer
Answer()=default
Acl::Answer::kind
int kind
the matched custom access list verb (or zero)
Definition: Acl.h:170
Acl::Answer::denied
bool denied() const
Definition: Acl.h:162
Acl::Answer::operator!=
bool operator!=(const aclMatchCode aCode) const
Definition: Acl.h:140
Acl::Answer::conflicted
bool conflicted() const
whether Squid is uncertain about the allowed() or denied() answer
Definition: Acl.h:165
Acl::Answer::code
aclMatchCode code
ACCESS_* code.
Definition: Acl.h:167
Acl::Answer::operator==
bool operator==(const aclMatchCode aCode) const
Definition: Acl.h:136
Acl::Answer::Answer
Answer(const aclMatchCode aCode, int aKind=0)
Definition: Acl.h:132
Acl::Answer::allowed
bool allowed() const
Definition: Acl.h:156
Acl::Answer::implicit
bool implicit
whether we were computed by the "negate the last explicit action" rule
Definition: Acl.h:173
SBuf
Definition: SBuf.h:94
acl_proxy_auth_match_cache
Definition: Acl.h:200
acl_proxy_auth_match_cache::link
dlink_node link
Definition: Acl.h:209
acl_proxy_auth_match_cache::matchrv
int matchrv
Definition: Acl.h:210
acl_proxy_auth_match_cache::acl_proxy_auth_match_cache
acl_proxy_auth_match_cache(int matchRv, void *aclData)
Definition: Acl.h:204
acl_proxy_auth_match_cache::acl_data
void * acl_data
Definition: Acl.h:211
acl_proxy_auth_match_cache::MEMPROXY_CLASS
MEMPROXY_CLASS(acl_proxy_auth_match_cache)
dlink_list
Definition: dlink.h:24
dlink_node
Definition: dlink.h:15
aclMatchCode
aclMatchCode
Definition: Acl.h:113
AclMatchedName
const char * AclMatchedName
Definition: Acl.cc:29
ACCESS_AUTH_REQUIRED
@ ACCESS_AUTH_REQUIRED
Definition: Acl.h:120
ACCESS_DENIED
@ ACCESS_DENIED
Definition: Acl.h:115
ACCESS_ALLOWED
@ ACCESS_ALLOWED
Definition: Acl.h:116
ACCESS_DUNNO
@ ACCESS_DUNNO
Definition: Acl.h:117
Acl
Definition: Acl.cc:31
Acl::RegisterMaker
void RegisterMaker(TypeName typeName, Maker maker)
use the given ACL Maker for all ACLs of the named type
Definition: Acl.cc:71
Acl::TypeName
const char * TypeName
the ACL type name known to admins
Definition: Acl.h:27
Acl::operator<<
std::ostream & operator<<(std::ostream &o, const Answer a)
Definition: Acl.h:177
Acl::NoOptions
const Options & NoOptions()
Definition: Options.cc:234
Acl::Maker
ACL *(* Maker)(TypeName typeName)
a "factory" function for making ACL objects (of some ACL child type)
Definition: Acl.h:29
Acl::SetKey
void SetKey(SBuf &keyStorage, const char *keyParameterName, const char *newKey)
Definition: Acl.cc:79
Acl::Options
std::vector< const Option * > Options
Definition: Options.h:214
SBufList
std::list< SBuf > SBufList
Definition: forward.h:23
size_t
int const char size_t
Definition: stub_liblog.cc:83

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors