AclRegs.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#include "squid.h"
10
11#if USE_ADAPTATION
12#include "acl/AdaptationService.h"
13#include "acl/AdaptationServiceData.h"
14#endif
15#include "acl/AllOf.h"
16#include "acl/AnnotateClient.h"
17#include "acl/AnnotateTransaction.h"
18#include "acl/AnnotationData.h"
19#include "acl/AnyOf.h"
20#if USE_SQUID_EUI
21#include "acl/Arp.h"
22#include "acl/Eui64.h"
23#endif
24#if USE_OPENSSL
25#include "acl/AtStep.h"
26#include "acl/AtStepData.h"
27#endif
28#include "acl/Asn.h"
29#include "acl/Checklist.h"
30#include "acl/ConnectionsEncrypted.h"
31#include "acl/Data.h"
32#include "acl/DestinationAsn.h"
33#include "acl/DestinationDomain.h"
34#include "acl/DestinationIp.h"
35#include "acl/DomainData.h"
36#if USE_LIBNETFILTERCONNTRACK
37#include "acl/ConnMark.h"
38#endif
39#if USE_AUTH
40#include "acl/ExtUser.h"
41#endif
42#include "acl/FilledChecklist.h"
43#include "acl/forward.h"
44#include "acl/Gadgets.h"
45#include "acl/HasComponent.h"
46#include "acl/HasComponentData.h"
47#include "acl/HierCode.h"
48#include "acl/HierCodeData.h"
49#include "acl/HttpHeaderData.h"
50#include "acl/HttpRepHeader.h"
51#include "acl/HttpReqHeader.h"
52#include "acl/HttpStatus.h"
53#include "acl/IntRange.h"
54#include "acl/Ip.h"
55#include "acl/LocalIp.h"
56#include "acl/LocalPort.h"
57#include "acl/MaxConnection.h"
58#include "acl/Method.h"
59#include "acl/MethodData.h"
60#include "acl/MyPortName.h"
61#include "acl/Note.h"
62#include "acl/NoteData.h"
63#include "acl/PeerName.h"
64#include "acl/Protocol.h"
65#include "acl/ProtocolData.h"
66#include "acl/Random.h"
67#include "acl/RegexData.h"
68#include "acl/ReplyHeaderStrategy.h"
69#include "acl/ReplyMimeType.h"
70#include "acl/RequestHeaderStrategy.h"
71#include "acl/RequestMimeType.h"
72#include "acl/SourceAsn.h"
73#include "acl/SourceDomain.h"
74#include "acl/SourceIp.h"
75#include "acl/SquidError.h"
76#include "acl/SquidErrorData.h"
77#if USE_OPENSSL
78#include "acl/Certificate.h"
79#include "acl/CertificateData.h"
80#include "acl/ServerName.h"
81#include "acl/SslError.h"
82#include "acl/SslErrorData.h"
83#endif
84#include "acl/StringData.h"
85#if USE_OPENSSL
86#include "acl/ServerCertificate.h"
87#endif
88#include "acl/Tag.h"
89#include "acl/Time.h"
90#include "acl/TimeData.h"
91#include "acl/TransactionInitiator.h"
92#include "acl/Url.h"
93#include "acl/UrlLogin.h"
94#include "acl/UrlPath.h"
95#include "acl/UrlPort.h"
96#include "acl/UserData.h"
97#if USE_AUTH
98#include "auth/AclMaxUserIp.h"
99#include "auth/AclProxyAuth.h"
100#endif
101#include "base/RegexPattern.h"
102#include "ExternalACL.h"
103#if USE_IDENT
104#include "ident/AclIdent.h"
105#endif
106#if SQUID_SNMP
107#include "snmp_core.h"
108#endif
109#include "sbuf/Stream.h"
110
111namespace Acl
112{
113
118template <class Parent>
119class FinalizedParameterizedNode: public Parent
120{
121 MEMPROXY_CLASS(Acl::FinalizedParameterizedNode<Parent>);
122
123public:
124 using Parameters = typename Parent::Parameters;
125 using Parent::data;
126
135 static void PreferAllocatorLabelPrefix(const char * const suffix)
136 {
137 assert(!PreferredAllocatorLabelSuffix); // must be called at most once
138 assert(!FinalPoolLabel); // must be called before the class constructor
139 assert(suffix);
140 PreferredAllocatorLabelSuffix = suffix;
141 }
142
143 FinalizedParameterizedNode(TypeName typeName, Parameters * const params):
144 typeName_(typeName)
145 {
146 Assure(!data); // base classes never set this data member
147 data.reset(params);
148 Assure(data); // ... but we always do
149
150 FinalizePoolLabel(typeName);
151 }
152
153 ~FinalizedParameterizedNode() override = default;
154
155 /* ACL API */
156 const char *typeString() const override { return typeName_; }
157
158private:
165 static void FinalizePoolLabel(const TypeName typeName)
166 {
167 if (FinalPoolLabel)
168 return; // the label has been finalized already
169
170 assert(typeName);
171 const auto label = ToSBuf("acltype=", PreferredAllocatorLabelSuffix ? PreferredAllocatorLabelSuffix : typeName);
172 FinalPoolLabel = SBufToCstring(label);
173 Pool().relabel(FinalPoolLabel);
174 }
175
177 inline static const char *PreferredAllocatorLabelSuffix = nullptr;
178
180 inline static const char *FinalPoolLabel = nullptr;
181
182 // TODO: Consider storing the spelling used by the admin instead.
184 TypeName typeName_;
185};
186
187} // namespace Acl
188
189// Not in src/acl/ because some of the ACLs it registers are not in src/acl/.
190void
191Acl::Init()
192{
193 /* the registration order does not matter */
194
195 // The explicit return type (ACL*) for lambdas is needed because the type
196 // of the return expression inside lambda is not ACL* but AclFoo* while
197 // Acl::Maker is defined to return ACL*.
198
199 RegisterMaker("all-of", [](TypeName)->ACL* { return new Acl::AllOf; }); // XXX: Add name parameter to ctor
200 RegisterMaker("any-of", [](TypeName)->ACL* { return new Acl::AnyOf; }); // XXX: Add name parameter to ctor
201 RegisterMaker("random", [](TypeName name)->ACL* { return new ACLRandom(name); });
202 RegisterMaker("time", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::CurrentTimeCheck>(name, new ACLTimeData); });
203 RegisterMaker("src_as", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SourceAsnCheck>(name, new ACLASN); });
204 RegisterMaker("dst_as", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::DestinationAsnCheck>(name, new ACLASN); });
205 RegisterMaker("browser", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::RequestHeaderCheck<Http::HdrType::USER_AGENT> >(name, new ACLRegexData); });
206
207 RegisterMaker("dstdomain", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::DestinationDomainCheck>(name, new ACLDomainData); });
208 RegisterMaker("dstdom_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::DestinationDomainCheck>(name, new ACLRegexData); });
209 Acl::FinalizedParameterizedNode<Acl::DestinationDomainCheck>::PreferAllocatorLabelPrefix("dstdomain+");
210
211 RegisterMaker("dst", [](TypeName)->ACL* { return new ACLDestinationIP; }); // XXX: Add name parameter to ctor
212 RegisterMaker("hier_code", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HierCodeCheck>(name, new ACLHierCodeData); });
213 RegisterMaker("rep_header", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HttpRepHeaderCheck>(name, new ACLHTTPHeaderData); });
214 RegisterMaker("req_header", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HttpReqHeaderCheck>(name, new ACLHTTPHeaderData); });
215 RegisterMaker("http_status", [](TypeName name)->ACL* { return new ACLHTTPStatus(name); });
216 RegisterMaker("maxconn", [](TypeName name)->ACL* { return new ACLMaxConnection(name); });
217 RegisterMaker("method", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::MethodCheck>(name, new ACLMethodData); });
218 RegisterMaker("localip", [](TypeName)->ACL* { return new ACLLocalIP; }); // XXX: Add name parameter to ctor
219 RegisterMaker("localport", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::LocalPortCheck>(name, new ACLIntRange); });
220 RegisterMaker("myportname", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::MyPortNameCheck>(name, new ACLStringData); });
221
222 RegisterMaker("peername", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::PeerNameCheck>(name, new ACLStringData); });
223 RegisterMaker("peername_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::PeerNameCheck>(name, new ACLRegexData); });
224 Acl::FinalizedParameterizedNode<Acl::PeerNameCheck>::PreferAllocatorLabelPrefix("peername+");
225
226 RegisterMaker("proto", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ProtocolCheck>(name, new ACLProtocolData); });
227 RegisterMaker("referer_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::RequestHeaderCheck<Http::HdrType::REFERER> >(name, new ACLRegexData); });
228 RegisterMaker("rep_mime_type", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ReplyHeaderCheck<Http::HdrType::CONTENT_TYPE> >(name, new ACLRegexData); });
229 RegisterMaker("req_mime_type", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::RequestHeaderCheck<Http::HdrType::CONTENT_TYPE> >(name, new ACLRegexData); });
230
231 RegisterMaker("srcdomain", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SourceDomainCheck>(name, new ACLDomainData); });
232 RegisterMaker("srcdom_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SourceDomainCheck>(name, new ACLRegexData); });
233 Acl::FinalizedParameterizedNode<Acl::SourceDomainCheck>::PreferAllocatorLabelPrefix("srcdomain+");
234
235 RegisterMaker("src", [](TypeName)->ACL* { return new ACLSourceIP; }); // XXX: Add name parameter to ctor
236 RegisterMaker("url_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlCheck>(name, new ACLRegexData); });
237 RegisterMaker("urllogin", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlLoginCheck>(name, new ACLRegexData); });
238 RegisterMaker("urlpath_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlPathCheck>(name, new ACLRegexData); });
239 RegisterMaker("port", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::UrlPortCheck>(name, new ACLIntRange); });
240 RegisterMaker("external", [](TypeName name)->ACL* { return new ACLExternal(name); });
241 RegisterMaker("squid_error", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SquidErrorCheck>(name, new ACLSquidErrorData); });
242 RegisterMaker("connections_encrypted", [](TypeName name)->ACL* { return new Acl::ConnectionsEncrypted(name); });
243 RegisterMaker("tag", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::TagCheck>(name, new ACLStringData); });
244 RegisterMaker("note", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::NoteCheck>(name, new ACLNoteData); });
245 RegisterMaker("annotate_client", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AnnotateClientCheck>(name, new ACLAnnotationData); });
246 RegisterMaker("annotate_transaction", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AnnotateTransactionCheck>(name, new ACLAnnotationData); });
247 RegisterMaker("has", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::HasComponentCheck>(name, new ACLHasComponentData); });
248 RegisterMaker("transaction_initiator", [](TypeName name)->ACL* {return new TransactionInitiator(name);});
249
250#if USE_LIBNETFILTERCONNTRACK
251 RegisterMaker("clientside_mark", [](TypeName)->ACL* { return new Acl::ConnMark; }); // XXX: Add name parameter to ctor
252 RegisterMaker("client_connection_mark", [](TypeName)->ACL* { return new Acl::ConnMark; }); // XXX: Add name parameter to ctor
253#endif
254
255#if USE_OPENSSL
256 RegisterMaker("ssl_error", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::CertificateErrorCheck>(name, new ACLSslErrorData); });
257
258 RegisterMaker("user_cert", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ClientCertificateCheck>(name, new ACLCertificateData(Ssl::GetX509UserAttribute, "*")); });
259 RegisterMaker("ca_cert", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ClientCertificateCheck>(name, new ACLCertificateData(Ssl::GetX509CAAttribute, "*")); });
260 Acl::FinalizedParameterizedNode<Acl::ClientCertificateCheck>::PreferAllocatorLabelPrefix("user_cert+");
261
262 RegisterMaker("server_cert_fingerprint", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ServerCertificateCheck>(name, new ACLCertificateData(Ssl::GetX509Fingerprint, nullptr, true)); });
263 RegisterMaker("at_step", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AtStepCheck>(name, new ACLAtStepData); });
264
265 RegisterMaker("ssl::server_name", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ServerNameCheck>(name, new ACLServerNameData); });
266 RegisterMaker("ssl::server_name_regex", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::ServerNameCheck>(name, new ACLRegexData); });
267 Acl::FinalizedParameterizedNode<Acl::ServerNameCheck>::PreferAllocatorLabelPrefix("ssl::server_name+");
268#endif
269
270#if USE_SQUID_EUI
271 RegisterMaker("arp", [](TypeName name)->ACL* { return new ACLARP(name); });
272 RegisterMaker("eui64", [](TypeName name)->ACL* { return new ACLEui64(name); });
273#endif
274
275#if USE_IDENT
276 RegisterMaker("ident", [](TypeName name)->ACL* { return new ACLIdent(new ACLUserData, name); });
277 RegisterMaker("ident_regex", [](TypeName name)->ACL* { return new ACLIdent(new ACLRegexData, name); });
278#endif
279
280#if USE_AUTH
281 RegisterMaker("ext_user", [](TypeName name)->ACL* { return new ACLExtUser(new ACLUserData, name); });
282 RegisterMaker("ext_user_regex", [](TypeName name)->ACL* { return new ACLExtUser(new ACLRegexData, name); });
283 RegisterMaker("proxy_auth", [](TypeName name)->ACL* { return new ACLProxyAuth(new ACLUserData, name); });
284 RegisterMaker("proxy_auth_regex", [](TypeName name)->ACL* { return new ACLProxyAuth(new ACLRegexData, name); });
285 RegisterMaker("max_user_ip", [](TypeName name)->ACL* { return new ACLMaxUserIP(name); });
286#endif
287
288#if USE_ADAPTATION
289 RegisterMaker("adaptation_service", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::AdaptationServiceCheck>(name, new ACLAdaptationServiceData); });
290#endif
291
292#if SQUID_SNMP
293 RegisterMaker("snmp_community", [](TypeName name)->ACL* { return new Acl::FinalizedParameterizedNode<Acl::SnmpCommunityCheck>(name, new ACLStringData); });
294#endif
295}
296
Assure
#define Assure(condition)
Definition: Assure.h:35
SBufToCstring
void SBufToCstring(char *d, const SBuf &s)
Definition: SBuf.h:752
assert
#define assert(EX)
Definition: assert.h:17
ACLARP
Definition: Arp.h:19
ACLASN
Definition: Asn.h:26
ACLEui64
Definition: Eui64.h:18
ACL
Definition: Acl.h:46
Acl::AnyOf
Configurable any-of ACL. Each ACL line is a disjuction of ACLs.
Definition: AnyOf.h:19
Acl::FinalizedParameterizedNode::~FinalizedParameterizedNode
~FinalizedParameterizedNode() override=default
Acl::FinalizedParameterizedNode::PreferredAllocatorLabelSuffix
static const char * PreferredAllocatorLabelSuffix
if set, overrules FinalizePoolLabel() argument
Definition: AclRegs.cc:177
Acl::FinalizedParameterizedNode::FinalizePoolLabel
static void FinalizePoolLabel(const TypeName typeName)
Definition: AclRegs.cc:165
Acl::FinalizedParameterizedNode::FinalPoolLabel
static const char * FinalPoolLabel
custom allocator label set by FinalizePoolLabel()
Definition: AclRegs.cc:180
Acl::FinalizedParameterizedNode::MEMPROXY_CLASS
MEMPROXY_CLASS(Acl::FinalizedParameterizedNode< Parent >)
Acl::FinalizedParameterizedNode::typeString
const char * typeString() const override
Definition: AclRegs.cc:156
Acl::FinalizedParameterizedNode::FinalizedParameterizedNode
FinalizedParameterizedNode(TypeName typeName, Parameters *const params)
Definition: AclRegs.cc:143
Acl::FinalizedParameterizedNode::PreferAllocatorLabelPrefix
static void PreferAllocatorLabelPrefix(const char *const suffix)
Definition: AclRegs.cc:135
Acl::FinalizedParameterizedNode::typeName_
TypeName typeName_
the "acltype" name in its canonical spelling
Definition: AclRegs.cc:184
Acl::TransactionInitiator
transaction_initiator ACL
Definition: TransactionInitiator.h:21
Ssl::GetX509UserAttribute
GETX509ATTRIBUTE GetX509UserAttribute
Definition: support.h:109
Ssl::GetX509CAAttribute
GETX509ATTRIBUTE GetX509CAAttribute
Definition: support.h:112
Ssl::GetX509Fingerprint
GETX509ATTRIBUTE GetX509Fingerprint
Definition: support.h:118
Acl
Definition: Acl.cc:31
Acl::Init
void Init(void)
prepares to parse ACLs configuration
Definition: AclRegs.cc:191
Acl::RegisterMaker
void RegisterMaker(TypeName typeName, Maker maker)
use the given ACL Maker for all ACLs of the named type
Definition: Acl.cc:71
Acl::TypeName
const char * TypeName
the ACL type name known to admins
Definition: Acl.h:27
ToSBuf
SBuf ToSBuf(Args &&... args)
slowly stream-prints all arguments into a freshly allocated SBuf
Definition: Stream.h:63
snmp_core.h

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors