5
* SQUID Web Proxy Cache http://www.squid-cache.org/
6
* ----------------------------------------------------------
8
* Squid is the result of efforts by numerous individuals from
9
* the Internet community; see the CONTRIBUTORS file for full
10
* details. Many organizations have provided support for Squid's
11
* development; see the SPONSORS file for full details. Squid is
12
* Copyrighted (C) 2001 by the Regents of the University of
13
* California; see the COPYRIGHT file for full details. Squid
14
* incorporates software developed and/or copyrighted by other
15
* sources; see the CREDITS file for full details.
17
* This program is free software; you can redistribute it and/or modify
18
* it under the terms of the GNU General Public License as published by
19
* the Free Software Foundation; either version 2 of the License, or
20
* (at your option) any later version.
22
* This program is distributed in the hope that it will be useful,
23
* but WITHOUT ANY WARRANTY; without even the implied warranty of
24
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25
* GNU General Public License for more details.
27
* You should have received a copy of the GNU General Public License
28
* along with this program; if not, write to the Free Software
29
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
33
#ifndef SQUID_ACLCHECKLIST_H
34
#define SQUID_ACLCHECKLIST_H
39
Base class for maintaining Squid and transaction state for access checks.
40
Provides basic ACL checking methods. Its only child, ACLFilledChecklist,
41
keeps the actual state data. The split is necessary to avoid exposing
42
all ACL-related code to virtually Squid data types. */
50
* This abstract class defines the behaviour of
51
* async lookups - which can vary for different ACL types.
52
* Today, every state object must be a singleton.
53
* See NULLState for an example.
55
\note *no* state should be stored in the state object,
56
* they are used to change the behaviour of the checklist, not
57
* to hold information. If you need to store information in the
58
* state object, consider subclassing ACLChecklist, converting it
59
* to a composite, or changing the state objects from singletons to
67
virtual void checkForAsync(ACLChecklist *) const = 0;
68
virtual ~AsyncState() {}
71
void changeState (ACLChecklist *, AsyncState *) const;
74
class NullState : public AsyncState
78
static NullState *Instance();
79
virtual void checkForAsync(ACLChecklist *) const;
80
virtual ~NullState() {}
83
static NullState _instance;
89
virtual ~ACLChecklist();
92
* Trigger off a non-blocking access check for a set of *_access options..
93
* The callback specified will be called with true/false
94
* when the results of the ACL tests are known.
96
void nonBlockingCheck(PF * callback, void *callback_data);
99
* Trigger a blocking access check for a set of *_access options.
101
* ACLs which cannot be satisfied directly from available data are ignored.
102
* This means any proxy_auth, external_acl, DNS lookups, Ident lookups etc
103
* which have not already been performed and cached will not be checked.
105
* If there is no access list to check the default is to return DENIED.
106
* However callers should perform their own check and default based on local
107
* knowledge of the ACL usage rather than depend on this default.
108
* That will also save on work setting up ACLChecklist fields for a no-op.
110
* \retval 1/true Access Allowed
111
* \retval 0/false Access Denied
116
* Trigger a blocking access check for a single ACL line (a AND b AND c).
118
* ACLs which cannot be satisfied directly from available data are ignored.
119
* This means any proxy_auth, external_acl, DNS lookups, Ident lookups etc
120
* which have not already been performed and cached will not be checked.
122
* \retval 1/true Access Allowed
123
* \retval 0/false Access Denied
125
bool matchAclListFast(const ACLList * list);
128
* Attempt to check the current checklist against current data.
129
* This is the core routine behind all ACL test routines.
130
* As much as possible of current tests are performed immediately
131
* and the result is maybe delayed to wait for async lookups.
133
* When all tests are done callback is presented with one of:
134
* - ACCESS_ALLOWED Access explicitly Allowed
135
* - ACCESS_DENIED Access explicitly Denied
139
bool asyncInProgress() const;
140
void asyncInProgress(bool const);
142
bool finished() const;
145
allow_t const & currentAnswer() const;
146
void currentAnswer(allow_t const);
148
void changeState(AsyncState *);
149
AsyncState *asyncState() const;
151
// XXX: ACLs that need request or reply have to use ACLFilledChecklist and
152
// should do their own checks so that we do not have to povide these two
153
// for ACL::checklistMatches to use
154
virtual bool hasRequest() const = 0;
155
virtual bool hasReply() const = 0;
158
virtual void checkCallback(allow_t answer);
160
void checkAccessList();
161
void checkForAsync();
164
const acl_access *accessList;
169
private: /* internal methods */
171
void matchAclList(const ACLList * list, bool const fast);
172
void matchAclListSlow(const ACLList * list);
180
bool checking() const;
181
void checking (bool const);
187
bool lastACLResult(bool x) { return lastACLResult_ = x; }
189
bool lastACLResult() const { return lastACLResult_; }
192
#endif /* SQUID_ACLCHECKLIST_H */
added
removed
src/acl/Checklist.h
