acl_2Acl_8h_source.html

/*

 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors

 *

 * Squid software is distributed under GPLv2+ license and includes

 * contributions from numerous individuals and organizations.

 * Please see the COPYING and CONTRIBUTORS files for details.

 */


#ifndef SQUID_SRC_ACL_ACL_H

#define SQUID_SRC_ACL_ACL_H


#include "acl/forward.h"

#include "defines.h"

#include "dlink.h"

#include "sbuf/SBuf.h"


#include <algorithm>

#include <optional>

#include <ostream>


namespace Acl {


using TypeName = const char *;

using Maker = Node *(*)(TypeName typeName);

void RegisterMaker(TypeName typeName, Maker maker);


void SetKey(SBuf &keyStorage, const char *keyParameterName, const char *newKey);


}  // namespace Acl


typedef enum {

    // Authorization ACL result states

    ACCESS_DENIED,

    ACCESS_ALLOWED,

    ACCESS_DUNNO,


    // Authentication Acl::Node result states

    ACCESS_AUTH_REQUIRED,    // Missing Credentials

} aclMatchCode;


namespace Acl {


class Answer

{

public:

    // TODO: Find a good way to avoid implicit conversion (without explicitly

    // casting every ACCESS_ argument in implicit constructor calls).

    Answer(const aclMatchCode aCode, int aKind = 0): code(aCode), kind(aKind) {}


    Answer() = default;


    bool operator ==(const aclMatchCode aCode) const {

        return code == aCode;

    }


    bool operator !=(const aclMatchCode aCode) const {

        return !(*this == aCode);

    }


    bool operator ==(const Answer &allow) const {

        return code == allow.code && kind == allow.kind;

    }


    operator aclMatchCode() const {

        return code;

    }


    bool allowed() const { return code == ACCESS_ALLOWED; }


    bool denied() const { return code == ACCESS_DENIED; }


    bool conflicted() const { return !allowed() && !denied(); }


    const SBuf &lastCheckDescription() const;


    aclMatchCode code = ACCESS_DUNNO;


    int kind = 0;


    bool implicit = false;


    std::optional<SBuf> lastCheckedName;

};


inline std::ostream &

operator <<(std::ostream &o, const Answer &a)

{

    switch (a) {

    case ACCESS_DENIED:

        o << "DENIED";

        break;

    case ACCESS_ALLOWED:

        o << "ALLOWED";

        break;

    case ACCESS_DUNNO:

        o << "DUNNO";

        break;

    case ACCESS_AUTH_REQUIRED:

        o << "AUTH_REQUIRED";

        break;

    }

    return o;

}


void DumpNamedAcls(std::ostream &, const char *directiveName, NamedAcls *);


void FreeNamedAcls(NamedAcls **);


} // namespace Acl


class acl_proxy_auth_match_cache

{

    MEMPROXY_CLASS(acl_proxy_auth_match_cache);


public:


    acl_proxy_auth_match_cache(int matchRv, void * aclData) :

        matchrv(matchRv),

        acl_data(aclData)

    {}


    dlink_node link;

    int matchrv;

    void *acl_data;

};


#endif /* SQUID_SRC_ACL_ACL_H */


SBuf.h

forward.h

Acl::Answer
Definition Acl.h:54

Acl::Answer::Answer
Answer()=default

Acl::Answer::kind
int kind
the matched custom access list verb (or zero)
Definition Acl.h:99

Acl::Answer::denied
bool denied() const
Definition Acl.h:88

Acl::Answer::lastCheckDescription
const SBuf & lastCheckDescription() const
describes the ACL that was evaluated last while obtaining this answer (for debugging)
Definition Acl.cc:123

Acl::Answer::operator!=
bool operator!=(const aclMatchCode aCode) const
Definition Acl.h:66

Acl::Answer::conflicted
bool conflicted() const
whether Squid is uncertain about the allowed() or denied() answer
Definition Acl.h:91

Acl::Answer::code
aclMatchCode code
ACCESS_* code.
Definition Acl.h:96

Acl::Answer::operator==
bool operator==(const aclMatchCode aCode) const
Definition Acl.h:62

Acl::Answer::Answer
Answer(const aclMatchCode aCode, int aKind=0)
Definition Acl.h:58

Acl::Answer::allowed
bool allowed() const
Definition Acl.h:82

Acl::Answer::implicit
bool implicit
whether we were computed by the "negate the last explicit action" rule
Definition Acl.h:102

Acl::Answer::lastCheckedName
std::optional< SBuf > lastCheckedName
the name of the ACL (if any) that was evaluated last while obtaining this answer
Definition Acl.h:105

Acl::Node
Definition Node.h:26

SBuf
Definition SBuf.h:94

acl_proxy_auth_match_cache
Definition Acl.h:138

acl_proxy_auth_match_cache::link
dlink_node link
Definition Acl.h:147

acl_proxy_auth_match_cache::matchrv
int matchrv
Definition Acl.h:148

acl_proxy_auth_match_cache::acl_proxy_auth_match_cache
acl_proxy_auth_match_cache(int matchRv, void *aclData)
Definition Acl.h:142

acl_proxy_auth_match_cache::acl_data
void * acl_data
Definition Acl.h:149

acl_proxy_auth_match_cache::MEMPROXY_CLASS
MEMPROXY_CLASS(acl_proxy_auth_match_cache)

dlink_node
Definition dlink.h:15

defines.h

dlink.h

aclMatchCode
aclMatchCode
Definition Acl.h:39

ACCESS_AUTH_REQUIRED
@ ACCESS_AUTH_REQUIRED
Definition Acl.h:46

ACCESS_DENIED
@ ACCESS_DENIED
Definition Acl.h:41

ACCESS_ALLOWED
@ ACCESS_ALLOWED
Definition Acl.h:42

ACCESS_DUNNO
@ ACCESS_DUNNO
Definition Acl.h:43

Acl
Definition Acl.cc:33

Acl::RegisterMaker
void RegisterMaker(TypeName typeName, Maker maker)
use the given Acl::Node Maker for all ACLs of the named type
Definition Acl.cc:92

Acl::DumpNamedAcls
void DumpNamedAcls(std::ostream &, const char *directiveName, NamedAcls *)
report the given list of "acl" directives (using squid.conf syntax)
Definition Acl.cc:335

Acl::Maker
Node *(*)(TypeName typeName) Maker
a "factory" function for making Acl::Node objects (of some Node child type)
Definition Acl.h:26

Acl::TypeName
const char * TypeName
the ACL type name known to admins
Definition Acl.h:24

Acl::SetKey
void SetKey(SBuf &keyStorage, const char *keyParameterName, const char *newKey)
Definition Acl.cc:100

Acl::operator<<
std::ostream & operator<<(std::ostream &o, const Answer &a)
Definition Acl.h:109

Acl::FreeNamedAcls
void FreeNamedAcls(NamedAcls **)
delete the given list of "acl" directives
Definition Acl.cc:346