1#pragma once
2
3#include <Core/Types.h>
4#include <Poco/Net/IPAddress.h>
5#include <memory>
6#include <vector>
7
8
9namespace Poco
10{
11class RegularExpression;
12}
13
14
15namespace DB
16{
17/// Represents lists of hosts an user is allowed to connect to server from.
18class AllowedClientHosts
19{
20public:
21 using IPAddress = Poco::Net::IPAddress;
22
23 struct IPSubnet
24 {
25 IPAddress prefix;
26 IPAddress mask;
27
28 String toString() const;
29
30 friend bool operator ==(const IPSubnet & lhs, const IPSubnet & rhs) { return (lhs.prefix == rhs.prefix) && (lhs.mask == rhs.mask); }
31 friend bool operator !=(const IPSubnet & lhs, const IPSubnet & rhs) { return !(lhs == rhs); }
32 };
33
34 struct AllAddressesTag {};
35
36 AllowedClientHosts();
37 explicit AllowedClientHosts(AllAddressesTag);
38 ~AllowedClientHosts();
39
40 AllowedClientHosts(const AllowedClientHosts & src);
41 AllowedClientHosts & operator =(const AllowedClientHosts & src);
42 AllowedClientHosts(AllowedClientHosts && src);
43 AllowedClientHosts & operator =(AllowedClientHosts && src);
44
45 /// Removes all contained addresses. This will disallow all addresses.
46 void clear();
47 bool empty() const;
48
49 /// Allows exact IP address.
50 /// For example, 213.180.204.3 or 2a02:6b8::3
51 void addAddress(const IPAddress & address);
52 void addAddress(const String & address);
53
54 /// Allows an IP subnet.
55 void addSubnet(const IPSubnet & subnet);
56 void addSubnet(const String & subnet);
57
58 /// Allows an IP subnet.
59 /// For example, 312.234.1.1/255.255.255.0 or 2a02:6b8::3/FFFF:FFFF:FFFF:FFFF::
60 void addSubnet(const IPAddress & prefix, const IPAddress & mask);
61
62 /// Allows an IP subnet.
63 /// For example, 10.0.0.1/8 or 2a02:6b8::3/64
64 void addSubnet(const IPAddress & prefix, size_t num_prefix_bits);
65
66 /// Allows all addresses.
67 void addAllAddresses();
68
69 /// Allows an exact host. The `contains()` function will check that the provided address equals to one of that host's addresses.
70 void addHostName(const String & host_name);
71
72 /// Allows a regular expression for the host.
73 void addHostRegexp(const String & host_regexp);
74
75 const std::vector<IPAddress> & getAddresses() const { return addresses; }
76 const std::vector<IPSubnet> & getSubnets() const { return subnets; }
77 const std::vector<String> & getHostNames() const { return host_names; }
78 const std::vector<String> & getHostRegexps() const { return host_regexps; }
79
80 /// Checks if the provided address is in the list. Returns false if not.
81 bool contains(const IPAddress & address) const;
82
83 /// Checks if any address is allowed.
84 bool containsAllAddresses() const;
85
86 /// Checks if the provided address is in the list. Throws an exception if not.
87 /// `username` is only used for generating an error message if the address isn't in the list.
88 void checkContains(const IPAddress & address, const String & user_name = String()) const;
89
90 friend bool operator ==(const AllowedClientHosts & lhs, const AllowedClientHosts & rhs);
91 friend bool operator !=(const AllowedClientHosts & lhs, const AllowedClientHosts & rhs) { return !(lhs == rhs); }
92
93private:
94 void compileRegexps() const;
95
96 std::vector<IPAddress> addresses;
97 bool localhost = false;
98 std::vector<IPSubnet> subnets;
99 std::vector<String> host_names;
100 std::vector<String> host_regexps;
101 mutable std::vector<std::unique_ptr<Poco::RegularExpression>> compiled_host_regexps;
102};
103}
104