From 2bbba415d7d625c084995e2113bb5524dc5645f8 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 28 Jan 2010 16:48:33 +0100 Subject: [PATCH] [MINOR] acl: add build_acl_cond() to make it easier to add ACLs in config This function automatically builds a rule, considering the if/unless statements, and automatically updates the proxy's acl_requires, the condition's file and line. --- include/proto/acl.h | 46 ++++++++++++++++++++++++++------------------- src/acl.c | 33 ++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 19 deletions(-) diff --git a/include/proto/acl.h b/include/proto/acl.h index fffce48156..b65a2b302e 100644 --- a/include/proto/acl.h +++ b/include/proto/acl.h @@ -1,23 +1,23 @@ /* - include/proto/acl.h - This file provides interface definitions for ACL manipulation. - - Copyright (C) 2000-2008 Willy Tarreau - w@1wt.eu - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation, version 2.1 - exclusively. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ + * include/proto/acl.h + * This file provides interface definitions for ACL manipulation. + * + * Copyright (C) 2000-2010 Willy Tarreau - w@1wt.eu + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation, version 2.1 + * exclusively. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ #ifndef _PROTO_ACL_H #define _PROTO_ACL_H @@ -80,6 +80,14 @@ struct acl_cond *prune_acl_cond(struct acl_cond *cond); */ struct acl_cond *parse_acl_cond(const char **args, struct list *known_acl, int pol); +/* Builds an ACL condition starting at the if/unless keyword. The complete + * condition is returned. NULL is returned in case of error or if the first + * word is neither "if" nor "unless". It automatically sets the file name and + * the line number in the condition for better error reporting, and adds the + * ACL requirements to the proxy's acl_requires. + */ +struct acl_cond *build_acl_cond(const char *file, int line, struct proxy *px, const char **args); + /* Execute condition and return either ACL_PAT_FAIL, ACL_PAT_MISS or * ACL_PAT_PASS depending on the test results. This function only computes the * condition, it does not apply the polarity required by IF/UNLESS, it's up to diff --git a/src/acl.c b/src/acl.c index c4942b209a..344a91d4c1 100644 --- a/src/acl.c +++ b/src/acl.c @@ -980,6 +980,39 @@ struct acl_cond *parse_acl_cond(const char **args, struct list *known_acl, int p return NULL; } +/* Builds an ACL condition starting at the if/unless keyword. The complete + * condition is returned. NULL is returned in case of error or if the first + * word is neither "if" nor "unless". It automatically sets the file name and + * the line number in the condition for better error reporting, and adds the + * ACL requirements to the proxy's acl_requires. + */ +struct acl_cond *build_acl_cond(const char *file, int line, struct proxy *px, const char **args) +{ + int pol = ACL_COND_NONE; + struct acl_cond *cond = NULL; + + if (!strcmp(*args, "if")) { + pol = ACL_COND_IF; + args++; + } + else if (!strcmp(*args, "unless")) { + pol = ACL_COND_UNLESS; + args++; + } + else + return NULL; + + cond = parse_acl_cond(args, &px->acl, pol); + if (!cond) + return NULL; + + cond->file = file; + cond->line = line; + px->acl_requires |= cond->requires; + + return cond; +} + /* Execute condition and return either ACL_PAT_FAIL, ACL_PAT_MISS or * ACL_PAT_PASS depending on the test results. ACL_PAT_MISS may only be * returned if contains ACL_PARTIAL, indicating that incomplete data -- 2.47.3