[MINOR] acl: detect and report potential mistakes in ACLs

I've discovered a configuration with lots of occurrences of the
following :

    acl xxx hdr_beg (host) xxx

The problem is that hdr_beg will match every header against patterns
(host) and xxx due to the space between both, which certainly is not
what the user wanted. Now we detect such ACLs and report a warning
with a suggestion to add "--" between "hdr_beg" and "(host)" if this
is definitely what is wanted.

diff --git a/src/acl.c b/src/acl.c
index f86b1b05f0bd8e7e7a82228055692d3a3d766fc0..77ca627e525577d4b078703ed9cb0e0d2ad45009 100644 (file)
--- a/src/acl.c
+++ b/src/acl.c
@@ -19,6 +19,7 @@
 #include <common/standard.h>
 
 #include <proto/acl.h>
+#include <proto/log.h>
 
 /* The capabilities of filtering hooks describe the type of information
  * available to each of them.
@@ -761,6 +762,18 @@ struct acl *parse_acl(const char **args, struct list *known_acl)
        if (!acl_expr)
                goto out_return;
 
+       /* Check for args beginning with an opening parenthesis just after the
+        * subject, as this is almost certainly a typo. Right now we can only
+        * emit a warning, so let's do so.
+        */
+       if (*args[2] == '(')
+               Warning("parsing acl '%s' :\n"
+                       "  matching '%s' for pattern '%s' is likely a mistake and probably\n"
+                       "  not what you want. Maybe you need to remove the extraneous space before '('.\n"
+                       "  If you are really sure this is not an error, please insert '--' between the\n"
+                       "  match and the pattern to make this warning message disappear.\n",
+                       args[0], args[1], args[2]);
+
        cur_acl = find_acl_by_name(args[0], known_acl);
        if (!cur_acl) {
                name = strdup(args[0]);