[MINOR] acl: detect and report potential mistakes in ACLs

I've discovered a configuration with lots of occurrences of the
following :

    acl xxx hdr_beg (host) xxx

The problem is that hdr_beg will match every header against patterns
(host) and xxx due to the space between both, which certainly is not
what the user wanted. Now we detect such ACLs and report a warning
with a suggestion to add "--" between "hdr_beg" and "(host)" if this
is definitely what is wanted.
(cherry picked from commit 404e8ab4615d564a74f92a0d3822b0292dd6224f)

diff --git a/src/acl.c b/src/acl.c
index c3a01c408f684a186357ddf0911b96685928533d..f69424fb6904d2478342d4f0dc7c599512f57ca6 100644 (file)
--- a/src/acl.c
+++ b/src/acl.c
@@ -19,6 +19,7 @@
 #include <common/standard.h>
 
 #include <proto/acl.h>
+#include <proto/log.h>
 
 /* The capabilities of filtering hooks describe the type of information
  * available to each of them.
@@ -761,6 +762,18 @@ struct acl *parse_acl(const char **args, struct list *known_acl)
        if (!acl_expr)
                goto out_return;
 
+       /* Check for args beginning with an opening parenthesis just after the
+        * subject, as this is almost certainly a typo. Right now we can only
+        * emit a warning, so let's do so.
+        */
+       if (*args[2] == '(')
+               Warning("parsing acl '%s' :\n"
+                       "  matching '%s' for pattern '%s' is likely a mistake and probably\n"
+                       "  not what you want. Maybe you need to remove the extraneous space before '('.\n"
+                       "  If you are really sure this is not an error, please insert '--' between the\n"
+                       "  match and the pattern to make this warning message disappear.\n",
+                       args[0], args[1], args[2]);
+
        cur_acl = find_acl_by_name(args[0], known_acl);
        if (!cur_acl) {
                name = strdup(args[0]);