RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-25 04:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

[CLEANUP] config: use build_acl_cond() to simplify http-request ACL parsing

Browse Source 
Now that we have this new function to make your life better, use it.
This commit is contained in:
Willy Tarreau 2010-02-01 10:43:44 +01:00
parent 5142594dea
commit 9cc670f7d9
3 changed files with 17 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/proto/auth.h
View File

@ -20,7 +20,7 @@ extern struct userlist *userlist;
struct userlist *auth_find_userlist(char *name);
unsigned int auth_resolve_groups(struct userlist *l, char *groups);
struct req_acl_rule *parse_auth_cond(const char **args, const char *file, int linenum, struct list *known_acl, int *acl_requires);
struct req_acl_rule *parse_auth_cond(const char **args, const char *file, int linenum, struct proxy *proxy);
void userlist_free(struct userlist *ul);
void req_acl_free(struct list *r);
int acl_match_auth(struct acl_test *test, struct acl_pattern *pattern);

32
src/auth.c
View File

@ -78,7 +78,7 @@ auth_resolve_groups(struct userlist *l, char *groups)
}
struct req_acl_rule *
parse_auth_cond(const char **args, const char *file, int linenum, struct list *known_acl, int *acl_requires)
parse_auth_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
{
struct req_acl_rule *req_acl;
int cur_arg;
@ -116,32 +116,22 @@ req_error_parsing:
return NULL;
}
if (*args[cur_arg]) {
int pol = ACL_COND_NONE;
if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
struct acl_cond *cond;
if (!strcmp(args[cur_arg], "if"))
pol = ACL_COND_IF;
else if (!strcmp(args[cur_arg], "unless"))
pol = ACL_COND_UNLESS;
else {
Alert("parsing [%s:%d]: '%s' expects 'realm' for 'auth' or"
" either 'if' or 'unless' followed by a condition but found '%s'.\n",
file, linenum, args[0], args[cur_arg]);
if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg)) == NULL) {
Alert("parsing [%s:%d] : error detected while parsing an 'http-request %s' condition.\n",
file, linenum, args[0]);
return NULL;
}
if ((cond = parse_acl_cond((const char **)args + cur_arg + 1, known_acl, pol)) == NULL) {
Alert("parsing [%s:%d]: error detected while parsing 'req' condition.\n",
file, linenum);
return NULL;
}
cond->file = file;
cond->line = linenum;
*acl_requires |= cond->requires;
req_acl->cond = cond;
}
else if (*args[cur_arg]) {
Alert("parsing [%s:%d]: 'http-request %s' expects 'realm' for 'auth' or"
" either 'if' or 'unless' followed by a condition but found '%s'.\n",
file, linenum, args[0], args[cur_arg]);
return NULL;
}
return req_acl;
}

9
src/cfgparse.c
View File

@ -1944,13 +1944,14 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
err_code |= ERR_WARN;
}
req_acl = parse_auth_cond((const char **)args + 1, file, linenum, &curproxy->acl, &curproxy->acl_requires);
req_acl = parse_auth_cond((const char **)args + 1, file, linenum, curproxy);
if (!req_acl) {
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
err_code |= warnif_cond_requires_resp(req_acl->cond, file, linenum);
LIST_ADDQ(&curproxy->req_acl, &req_acl->list);
}
else if (!strcmp(args[0], "block")) { /* early blocking based on ACLs */
@ -2436,13 +2437,14 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
err_code |= ERR_WARN;
}
req_acl = parse_auth_cond((const char **)args + 2, file, linenum, &curproxy->acl, &curproxy->acl_requires);
req_acl = parse_auth_cond((const char **)args + 2, file, linenum, curproxy);
if (!req_acl) {
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
err_code |= warnif_cond_requires_resp(req_acl->cond, file, linenum);
LIST_ADDQ(&curproxy->uri_auth->req_acl, &req_acl->list);
} else if (!strcmp(args[1], "auth")) {
@ -4753,8 +4755,7 @@ int check_config_validity()
uri_auth_compat_req[1][1] = "";
for (i = 0; *uri_auth_compat_req[i]; i++) {
req_acl = parse_auth_cond(uri_auth_compat_req[i], "internal-stats-auth-compat", i,
&curproxy->acl, &curproxy->acl_requires);
req_acl = parse_auth_cond(uri_auth_compat_req[i], "internal-stats-auth-compat", i, curproxy);
if (!req_acl) {
cfgerr++;
break;