mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-29 14:50:59 +01:00
Code Issues Projects Releases Wiki Activity

[CLEANUP] config: use warnif_cond_requires_resp() to check for bad ACLs

Browse Source 
Factor out some repetitive copy-pasted code to check for request ACLs
validity.
This commit is contained in:
Willy Tarreau 2010-01-28 17:59:39 +01:00
parent ef6494cb8c
commit f1e98b8628
3 changed files with 24 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/proto/acl.h
View File

@ -98,7 +98,7 @@ int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, v
/* Reports a pointer to the first ACL used in condition <cond> which requires /* Reports a pointer to the first ACL used in condition <cond> which requires
* at least one of the USE_FLAGS in <require>. Returns NULL if none matches. * at least one of the USE_FLAGS in <require>. Returns NULL if none matches.
*/ */
struct acl *cond_find_require(struct acl_cond *cond, unsigned int require); struct acl *cond_find_require(const struct acl_cond *cond, unsigned int require);
/* Return a pointer to the ACL <name> within the list starting at <head>, or /* Return a pointer to the ACL <name> within the list starting at <head>, or
* NULL if not found. * NULL if not found.

2
src/acl.c
View File

@ -1150,7 +1150,7 @@ int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, v
* through and never cached, because that way, this function can be used as a * through and never cached, because that way, this function can be used as a
* late check. * late check.
*/ */
struct acl *cond_find_require(struct acl_cond *cond, unsigned int require) struct acl *cond_find_require(const struct acl_cond *cond, unsigned int require)
{ {
struct acl_term_suite *suite; struct acl_term_suite *suite;
struct acl_term *term; struct acl_term *term;

53
src/cfgparse.c
View File

@ -388,6 +388,24 @@ int warnif_misplaced_reqadd(struct proxy *proxy, const char *file, int line, cha
warnif_rule_after_use_backend(proxy, file, line, arg); warnif_rule_after_use_backend(proxy, file, line, arg);
} }
/* Report it if a request ACL condition uses some response-only parameters. It
* returns either 0 or ERR_WARN so that its result can be or'ed with err_code.
* Note that <cond> may be NULL and then will be ignored.
*/
static int warnif_cond_requires_resp(const struct acl_cond *cond, const char *file, int line)
{
struct acl *acl;
if (!cond || !(cond->requires & ACL_USE_RTR_ANY))
return 0;
acl = cond_find_require(cond, ACL_USE_RTR_ANY);
Warning("parsing [%s:%d] : acl '%s' involves some response-only criteria which will be ignored.\n",
file, line, acl ? acl->name : "(unknown)");
return ERR_WARN;
}
/* /*
* parse a line in a <global> section. Returns the error code, 0 if OK, or * parse a line in a <global> section. Returns the error code, 0 if OK, or
* any combination of : * any combination of :
@ -2012,16 +2030,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
goto out; goto out;
} }
if (cond->requires & ACL_USE_RTR_ANY) { err_code |= warnif_cond_requires_resp(cond, file, linenum);
struct acl *acl;
const char *name;
acl = cond_find_require(cond, ACL_USE_RTR_ANY);
name = acl ? acl->name : "(unknown)";
Warning("parsing [%s:%d] : acl '%s' involves some response-only criteria which will be ignored.\n",
file, linenum, name);
err_code |= ERR_WARN;
}
rule = (struct switching_rule *)calloc(1, sizeof(*rule)); rule = (struct switching_rule *)calloc(1, sizeof(*rule));
rule->cond = cond; rule->cond = cond;
@ -2056,16 +2065,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
goto out; goto out;
} }
if (cond->requires & ACL_USE_RTR_ANY) { err_code |= warnif_cond_requires_resp(cond, file, linenum);
struct acl *acl;
const char *name;
acl = cond_find_require(cond, ACL_USE_RTR_ANY);
name = acl ? acl->name : "(unknown)";
Warning("parsing [%s:%d] : acl '%s' involves some response-only criteria which will be ignored.\n",
file, linenum, name);
err_code |= ERR_WARN;
}
rule = (struct force_persist_rule *)calloc(1, sizeof(*rule)); rule = (struct force_persist_rule *)calloc(1, sizeof(*rule));
rule->cond = cond; rule->cond = cond;
@ -2233,17 +2233,6 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
err_code |= ERR_ALERT | ERR_FATAL; err_code |= ERR_ALERT | ERR_FATAL;
goto out; goto out;
} }
if (cond->requires & ACL_USE_RTR_ANY) {
struct acl *acl;
const char *name;
acl = cond_find_require(cond, ACL_USE_RTR_ANY);
name = acl ? acl->name : "(unknown)";
Warning("parsing [%s:%d] : '%s' : acl '%s' involves some response-only criteria which will be ignored.\n",
file, linenum, args[0], name);
err_code |= ERR_WARN;
}
} }
else if (*(args[myidx])) { else if (*(args[myidx])) {
Alert("parsing [%s:%d] : '%s': unknown keyword '%s'.\n", Alert("parsing [%s:%d] : '%s': unknown keyword '%s'.\n",
@ -2252,6 +2241,8 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
goto out; goto out;
} }
err_code |= warnif_cond_requires_resp(cond, file, linenum);
rule = (struct sticking_rule *)calloc(1, sizeof(*rule)); rule = (struct sticking_rule *)calloc(1, sizeof(*rule));
rule->cond = cond; rule->cond = cond;
rule->expr = expr; rule->expr = expr;