[MEDIUM] acl: added the TRUE and FALSE ACLs.

Those ACLs are sometimes useful for troubleshooting. Two ACL subjects "always_true" and "always_false" have been added too. They return what their subject says for every pattern. Also, acl_match_pst() has been removed.
2025-04-11 03:31:36 +00:00 · 2007-06-17 20:40:25 +02:00 · 2007-06-17 20:40:25 +02:00 · a590983fe5
commit a590983fe5
parent 55ea7579d7
2 changed files with 33 additions and 8 deletions
--- a/include/proto/acl.h
+++ b/include/proto/acl.h
@ -94,11 +94,6 @@ void acl_unregister_keywords(struct acl_kw_list *kwl);
 */


-/* This one always returns 1 because its only purpose is to check that the
- * value is present, which is already checked by getval().
- */
-int acl_match_pst(struct acl_test *test, struct acl_pattern *pattern);
-
 /* NB: For two strings to be identical, it is required that their lengths match */
 int acl_match_str(struct acl_test *test, struct acl_pattern *pattern);

--- a/src/acl.c
+++ b/src/acl.c
@ -30,14 +30,40 @@ static struct acl_kw_list acl_keywords = {
 };


-/* This one always returns 1 because its only purpose is to check that the
- * value is present, which is already checked by getval().
+/*
+ * These functions are only used for debugging complex configurations.
 */
-int acl_match_pst(struct acl_test *test, struct acl_pattern *pattern)
+
+/* ignore the current line */
+static int
+acl_parse_nothing(const char **text, struct acl_pattern *pattern, int *opaque)
 {
 	return 1;
 }

+/* always fake a data retrieval */
+static int
+acl_fetch_nothing(struct proxy *px, struct session *l4, void *l7, int dir,
+		  struct acl_expr *expr, struct acl_test *test)
+{
+	return 1;
+}
+
+/* always return true */
+static int
+acl_match_true(struct acl_test *test, struct acl_pattern *pattern)
+{
+	return 1;
+}
+
+/* always return false */
+static int
+acl_match_false(struct acl_test *test, struct acl_pattern *pattern)
+{
+	return 0;
+}
+
+
 /* NB: For two strings to be identical, it is required that their lengths match */
 int acl_match_str(struct acl_test *test, struct acl_pattern *pattern)
 {
@ -590,6 +616,8 @@ const struct {
 	const char *name;
 	const char *expr[4]; /* put enough for longest expression */
 } default_acl_list[] = {
+	{ .name = "TRUE",           .expr = {"always_true","1",""}},
+	{ .name = "FALSE",          .expr = {"always_false","0",""}},
 	{ .name = "LOCALHOST",      .expr = {"src","127.0.0.1/8",""}},
 	{ .name = "HTTP_1.0",       .expr = {"req_ver","1.0",""}},
 	{ .name = "HTTP_1.1",       .expr = {"req_ver","1.1",""}},
@ -871,6 +899,8 @@ int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, v

 /* Note: must not be declared <const> as its list will be overwritten */
 static struct acl_kw_list acl_kws = {{ },{
+	{ "always_true", acl_parse_nothing, acl_fetch_nothing, acl_match_true },
+	{ "always_false", acl_parse_nothing, acl_fetch_nothing, acl_match_false },
 #if 0
 	{ "time",       acl_parse_time,  acl_fetch_time,   acl_match_time  },
 #endif