1 | #pragma once |
2 | |
3 | #include <Core/Types.h> |
4 | #include <Poco/Net/IPAddress.h> |
5 | #include <memory> |
6 | #include <vector> |
7 | |
8 | |
9 | namespace Poco |
10 | { |
11 | class RegularExpression; |
12 | } |
13 | |
14 | |
15 | namespace DB |
16 | { |
17 | /// Represents lists of hosts an user is allowed to connect to server from. |
18 | class AllowedClientHosts |
19 | { |
20 | public: |
21 | using IPAddress = Poco::Net::IPAddress; |
22 | |
23 | struct IPSubnet |
24 | { |
25 | IPAddress prefix; |
26 | IPAddress mask; |
27 | |
28 | String toString() const; |
29 | |
30 | friend bool operator ==(const IPSubnet & lhs, const IPSubnet & rhs) { return (lhs.prefix == rhs.prefix) && (lhs.mask == rhs.mask); } |
31 | friend bool operator !=(const IPSubnet & lhs, const IPSubnet & rhs) { return !(lhs == rhs); } |
32 | }; |
33 | |
34 | struct AllAddressesTag {}; |
35 | |
36 | AllowedClientHosts(); |
37 | explicit AllowedClientHosts(AllAddressesTag); |
38 | ~AllowedClientHosts(); |
39 | |
40 | AllowedClientHosts(const AllowedClientHosts & src); |
41 | AllowedClientHosts & operator =(const AllowedClientHosts & src); |
42 | AllowedClientHosts(AllowedClientHosts && src); |
43 | AllowedClientHosts & operator =(AllowedClientHosts && src); |
44 | |
45 | /// Removes all contained addresses. This will disallow all addresses. |
46 | void clear(); |
47 | bool empty() const; |
48 | |
49 | /// Allows exact IP address. |
50 | /// For example, 213.180.204.3 or 2a02:6b8::3 |
51 | void addAddress(const IPAddress & address); |
52 | void addAddress(const String & address); |
53 | |
54 | /// Allows an IP subnet. |
55 | void addSubnet(const IPSubnet & subnet); |
56 | void addSubnet(const String & subnet); |
57 | |
58 | /// Allows an IP subnet. |
59 | /// For example, 312.234.1.1/255.255.255.0 or 2a02:6b8::3/FFFF:FFFF:FFFF:FFFF:: |
60 | void addSubnet(const IPAddress & prefix, const IPAddress & mask); |
61 | |
62 | /// Allows an IP subnet. |
63 | /// For example, 10.0.0.1/8 or 2a02:6b8::3/64 |
64 | void addSubnet(const IPAddress & prefix, size_t num_prefix_bits); |
65 | |
66 | /// Allows all addresses. |
67 | void addAllAddresses(); |
68 | |
69 | /// Allows an exact host. The `contains()` function will check that the provided address equals to one of that host's addresses. |
70 | void addHostName(const String & host_name); |
71 | |
72 | /// Allows a regular expression for the host. |
73 | void addHostRegexp(const String & host_regexp); |
74 | |
75 | const std::vector<IPAddress> & getAddresses() const { return addresses; } |
76 | const std::vector<IPSubnet> & getSubnets() const { return subnets; } |
77 | const std::vector<String> & getHostNames() const { return host_names; } |
78 | const std::vector<String> & getHostRegexps() const { return host_regexps; } |
79 | |
80 | /// Checks if the provided address is in the list. Returns false if not. |
81 | bool contains(const IPAddress & address) const; |
82 | |
83 | /// Checks if any address is allowed. |
84 | bool containsAllAddresses() const; |
85 | |
86 | /// Checks if the provided address is in the list. Throws an exception if not. |
87 | /// `username` is only used for generating an error message if the address isn't in the list. |
88 | void checkContains(const IPAddress & address, const String & user_name = String()) const; |
89 | |
90 | friend bool operator ==(const AllowedClientHosts & lhs, const AllowedClientHosts & rhs); |
91 | friend bool operator !=(const AllowedClientHosts & lhs, const AllowedClientHosts & rhs) { return !(lhs == rhs); } |
92 | |
93 | private: |
94 | void compileRegexps() const; |
95 | |
96 | std::vector<IPAddress> addresses; |
97 | bool localhost = false; |
98 | std::vector<IPSubnet> subnets; |
99 | std::vector<String> host_names; |
100 | std::vector<String> host_regexps; |
101 | mutable std::vector<std::unique_ptr<Poco::RegularExpression>> compiled_host_regexps; |
102 | }; |
103 | } |
104 | |