RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-18 11:47:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

[MINOR] acl: add build_acl_cond() to make it easier to add ACLs in config

Browse Source 
This function automatically builds a rule, considering the if/unless
statements, and automatically updates the proxy's acl_requires, the
condition's file and line.
This commit is contained in:
Willy Tarreau 2010-01-28 16:48:33 +01:00
parent c3e8b25c79
commit 2bbba415d7
2 changed files with 60 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
include/proto/acl.h
View File

@ -1,23 +1,23 @@
/* /*
include/proto/acl.h * include/proto/acl.h
This file provides interface definitions for ACL manipulation. * This file provides interface definitions for ACL manipulation.
*
Copyright (C) 2000-2008 Willy Tarreau - w@1wt.eu * Copyright (C) 2000-2010 Willy Tarreau - w@1wt.eu
*
This library is free software; you can redistribute it and/or * This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public * modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation, version 2.1 * License as published by the Free Software Foundation, version 2.1
exclusively. * exclusively.
*
This library is distributed in the hope that it will be useful, * This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details. * Lesser General Public License for more details.
*
You should have received a copy of the GNU Lesser General Public * You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software * License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ */
#ifndef _PROTO_ACL_H #ifndef _PROTO_ACL_H
#define _PROTO_ACL_H #define _PROTO_ACL_H
@ -80,6 +80,14 @@ struct acl_cond *prune_acl_cond(struct acl_cond *cond);
*/ */
struct acl_cond *parse_acl_cond(const char **args, struct list *known_acl, int pol); struct acl_cond *parse_acl_cond(const char **args, struct list *known_acl, int pol);
/* Builds an ACL condition starting at the if/unless keyword. The complete
* condition is returned. NULL is returned in case of error or if the first
* word is neither "if" nor "unless". It automatically sets the file name and
* the line number in the condition for better error reporting, and adds the
* ACL requirements to the proxy's acl_requires.
*/
struct acl_cond *build_acl_cond(const char *file, int line, struct proxy *px, const char **args);
/* Execute condition <cond> and return either ACL_PAT_FAIL, ACL_PAT_MISS or /* Execute condition <cond> and return either ACL_PAT_FAIL, ACL_PAT_MISS or
* ACL_PAT_PASS depending on the test results. This function only computes the * ACL_PAT_PASS depending on the test results. This function only computes the
* condition, it does not apply the polarity required by IF/UNLESS, it's up to * condition, it does not apply the polarity required by IF/UNLESS, it's up to

33
src/acl.c
View File

@ -980,6 +980,39 @@ struct acl_cond *parse_acl_cond(const char **args, struct list *known_acl, int p
return NULL; return NULL;
} }
/* Builds an ACL condition starting at the if/unless keyword. The complete
* condition is returned. NULL is returned in case of error or if the first
* word is neither "if" nor "unless". It automatically sets the file name and
* the line number in the condition for better error reporting, and adds the
* ACL requirements to the proxy's acl_requires.
*/
struct acl_cond *build_acl_cond(const char *file, int line, struct proxy *px, const char **args)
{
int pol = ACL_COND_NONE;
struct acl_cond *cond = NULL;
if (!strcmp(*args, "if")) {
pol = ACL_COND_IF;
args++;
}
else if (!strcmp(*args, "unless")) {
pol = ACL_COND_UNLESS;
args++;
}
else
return NULL;
cond = parse_acl_cond(args, &px->acl, pol);
if (!cond)
return NULL;
cond->file = file;
cond->line = line;
px->acl_requires |= cond->requires;
return cond;
}
/* Execute condition <cond> and return either ACL_PAT_FAIL, ACL_PAT_MISS or /* Execute condition <cond> and return either ACL_PAT_FAIL, ACL_PAT_MISS or
* ACL_PAT_PASS depending on the test results. ACL_PAT_MISS may only be * ACL_PAT_PASS depending on the test results. ACL_PAT_MISS may only be
* returned if <dir> contains ACL_PARTIAL, indicating that incomplete data * returned if <dir> contains ACL_PARTIAL, indicating that incomplete data