Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-hoailona
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-hoailona
Commits
a7d2369d
Unverified
Commit
a7d2369d
authored
Jun 13, 2023
by
Nils Goroll
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use $Restrict
parent
eec7316a
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
22 additions
and
83 deletions
+22
-83
README.rst
README.rst
+5
-19
add.vtc
src/tests/add.vtc
+2
-13
explain.vtc
src/tests/explain.vtc
+1
-1
policy_method.vtc
src/tests/policy_method.vtc
+1
-1
secret.vtc
src/tests/secret.vtc
+1
-1
token.vtc
src/tests/token.vtc
+1
-1
vmod_hoailona.c
src/vmod_hoailona.c
+6
-27
vmod_hoailona.vcc
src/vmod_hoailona.vcc
+5
-20
No files found.
README.rst
View file @
a7d2369d
...
...
@@ -337,10 +337,7 @@ Associate ``policy`` with the ``host``, optionally restricted to the
path pattern described by ``path``. The ``host`` and ``policy``
parameters are required, and must be non-empty.
The ``.add()`` method MUST be called in ``vcl_init`` only. If it is
called in any other subroutine, then an error message is emitted to
the Varnish log (using the ``VCL_Error`` tag), and the method call is
ignored.
Restricted to: ``vcl_init``
The value of ``host`` MUST be a valid host name, optionally beginning
with an asterisk (``*``):
...
...
@@ -478,8 +475,7 @@ return values are:
* -1 if no matching policy can be found
* -2 if there was an internal error
This method MAY NOT be called in ``vcl_init``. If it is, then the VCL
load fails.
Restricted to: ``client, backend``
The method searches for host names added by the ``.add()`` method that
match ``host`` in order of addition, possibly matching the suffix if
...
...
@@ -549,11 +545,7 @@ If the previous invocation of ``.policy()`` determined policy type
non-cryptographic portion of an authorization token; return NULL if no
matching policy could be determined. There are no required parameters.
This method MAY NOT be called in ``vcl_init``; if it is, then the VCL
load fails. If the previous ``.policy()`` call did not determine
policy type TOKEN, or if ``.policy()`` was not called previously in
the current task scope, then an error message is emitted to the
Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
Restricted to: ``client, backend``
If none of the optional parameters are specified, then the method
returns a string with the parameters ``st`` and ``exp`` for the start
...
...
@@ -601,10 +593,7 @@ Return the shared secret stored for the policy determined by the
previous invocation of ``.policy()``. Returns NULL if no such shared
secret was specified, or if no matching policy could be determined.
This method MAY NOT be called in ``vcl_init``; if it is, then the VCL
load fails. If ``.policy()`` was not called previously in the current
task scope, then an error message is emitted to the Varnish log with
the ``VCL_Error`` tag, and the method returns NULL.
Restricted to: ``client, backend``
Examples::
...
...
@@ -653,10 +642,7 @@ If description strings were provided in the declaration of the policy
and/or in the ``.add()`` method call that assigned the policy, then
these are included in the string.
The ``.explain()`` method MAY NOT be called in ``vcl_init``; if it is,
then the VCL load fails. If ``.policy()`` was not called previously in
the current task scope, then an error message is emitted to the
Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
Restricted to: ``client, backend``
Example::
...
...
src/tests/add.vtc
View file @
a7d2369d
...
...
@@ -18,7 +18,7 @@ varnish v1 -vcl {
}
} -start
varnish v1 -
vcl
{
varnish v1 -
errvcl {Not available in subroutine 'vcl_recv'}
{
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none;
...
...
@@ -29,20 +29,9 @@ varnish v1 -vcl {
sub vcl_recv {
h.add("example.com", "p");
}
}
}
client c1 {
txreq
rxresp
} -run
logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error "^vmod hoailona error: h.add.. may only be called in vcl_init$"
expect * = End
} -run
varnish v1 -errvcl {vmod hoailona error: host is empty in h.add()} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none;
...
...
src/tests/explain.vtc
View file @
a7d2369d
...
...
@@ -89,7 +89,7 @@ client c1 {
expect resp.http.eB == "No policy was matched"
} -run
varnish v1 -errvcl {
h.explain() may not be called in vcl_init
} {
varnish v1 -errvcl {
Not available in subroutine 'vcl_init'
} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none;
...
...
src/tests/policy_method.vtc
View file @
a7d2369d
...
...
@@ -387,7 +387,7 @@ client c1 {
} -run
# Usage tests
varnish v1 -errvcl {
h.policy() may not be called in vcl_init
} {
varnish v1 -errvcl {
Not available in subroutine 'vcl_init'
} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none;
...
...
src/tests/secret.vtc
View file @
a7d2369d
...
...
@@ -34,7 +34,7 @@ client c1 {
} -run
# Usage
varnish v1 -errvcl {
h.secret() may not be called in vcl_init
} {
varnish v1 -errvcl {
Not available in subroutine 'vcl_init'
} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import blob;
backend proforma none;
...
...
src/tests/token.vtc
View file @
a7d2369d
...
...
@@ -154,7 +154,7 @@ client c1 {
} -run
# Usage
varnish v1 -errvcl {
h.token() may not be called in vcl_init
} {
varnish v1 -errvcl {
Not available in subroutine 'vcl_init'
} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none;
...
...
src/vmod_hoailona.c
View file @
a7d2369d
...
...
@@ -57,8 +57,6 @@
#define ERRNOMEM(ctx, msg) \
ERR((ctx), msg ", out of space")
#define INIT(ctx) (((ctx)->method & VCL_MET_INIT) != 0)
struct
host
{
unsigned
magic
;
#define VMOD_HOAILONA_HOST_MAGIC 0x731af58f
...
...
@@ -359,11 +357,8 @@ vmod_hosts_add(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL
(
ctx
->
ws
,
WS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
AN
(
init_task
);
if
(
!
INIT
(
ctx
))
{
VERR
(
ctx
,
"%s.add() may only be called in vcl_init"
,
hosts
->
vcl_name
);
return
;
}
assert
(
ctx
->
method
==
VCL_MET_INIT
);
if
(
hostname
==
NULL
||
hostname
[
0
]
==
'\0'
)
{
VERR
(
ctx
,
"host is empty in %s.add()"
,
hosts
->
vcl_name
);
return
;
...
...
@@ -498,11 +493,7 @@ vmod_hosts_policy(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL
(
ctx
->
ws
,
WS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
AN
(
priv_task
);
if
(
INIT
(
ctx
))
{
VERR
(
ctx
,
"%s.policy() may not be called in vcl_init"
,
hosts
->
vcl_name
);
return
-
2
;
}
AZ
(
ctx
->
method
&
VCL_MET_INIT
);
if
(
hostname
==
NULL
||
hostname
[
0
]
==
'\0'
)
{
if
(
!
(
pathname
==
NULL
||
pathname
[
0
]
==
'\0'
))
{
VERR
(
ctx
,
"host is empty in %s.policy()"
,
...
...
@@ -664,11 +655,7 @@ vmod_hosts_token(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
CHECK_OBJ_NOTNULL
(
ctx
->
ws
,
WS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
if
(
INIT
(
ctx
))
{
VERR
(
ctx
,
"%s.token() may not be called in vcl_init"
,
hosts
->
vcl_name
);
return
NULL
;
}
AZ
(
ctx
->
method
&
VCL_MET_INIT
);
if
(
ttl
<
0
)
{
VERR
(
ctx
,
"ttl must not be < 0 in %s.token(): %f"
,
hosts
->
vcl_name
,
ttl
);
...
...
@@ -720,11 +707,7 @@ vmod_hosts_secret(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
if
(
INIT
(
ctx
))
{
VERR
(
ctx
,
"%s.secret() may not be called in vcl_init"
,
hosts
->
vcl_name
);
return
NULL
;
}
AZ
(
ctx
->
method
&
VCL_MET_INIT
);
policy
=
get_policy
(
ctx
,
priv_task
,
hosts
->
vcl_name
,
"secret"
);
if
(
policy
==
NULL
)
...
...
@@ -745,11 +728,7 @@ vmod_hosts_explain(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL
(
ctx
->
ws
,
WS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
AN
(
priv_task
);
if
(
INIT
(
ctx
))
{
VERR
(
ctx
,
"%s.explain() may not be called in vcl_init"
,
hosts
->
vcl_name
);
return
NULL
;
}
AZ
(
ctx
->
method
&
VCL_MET_INIT
);
if
(
priv_task
->
priv
==
NULL
)
{
VERR
(
ctx
,
"%s.explain() called before %s.policy()"
,
hosts
->
vcl_name
,
hosts
->
vcl_name
);
...
...
src/vmod_hoailona.vcc
View file @
a7d2369d
...
...
@@ -279,10 +279,7 @@ Associate ``policy`` with the ``host``, optionally restricted to the
path pattern described by ``path``. The ``host`` and ``policy``
parameters are required, and must be non-empty.
The ``.add()`` method MUST be called in ``vcl_init`` only. If it is
called in any other subroutine, then an error message is emitted to
the Varnish log (using the ``VCL_Error`` tag), and the method call is
ignored.
$Restrict vcl_init
The value of ``host`` MUST be a valid host name, optionally beginning
with an asterisk (``*``):
...
...
@@ -417,8 +414,7 @@ return values are:
* -1 if no matching policy can be found
* -2 if there was an internal error
This method MAY NOT be called in ``vcl_init``. If it is, then the VCL
load fails.
$Restrict client backend
The method searches for host names added by the ``.add()`` method that
match ``host`` in order of addition, possibly matching the suffix if
...
...
@@ -471,17 +467,12 @@ Calling ``.policy()`` with only one of the ``host`` and ``path``
parameters empty is an error.
$Method STRING .token(PRIV_TASK, STRING acl=0, DURATION ttl=0, STRING data=0)
If the previous invocation of ``.policy()`` determined policy type
``TOKEN`` (return value 2 from ``.policy()``), then return the
non-cryptographic portion of an authorization token; return NULL if no
matching policy could be determined. There are no required parameters.
This method MAY NOT be called in ``vcl_init``; if it is, then the VCL
load fails. If the previous ``.policy()`` call did not determine
policy type TOKEN, or if ``.policy()`` was not called previously in
the current task scope, then an error message is emitted to the
Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
$Restrict client backend
If none of the optional parameters are specified, then the method
returns a string with the parameters ``st`` and ``exp`` for the start
...
...
@@ -526,10 +517,7 @@ Return the shared secret stored for the policy determined by the
previous invocation of ``.policy()``. Returns NULL if no such shared
secret was specified, or if no matching policy could be determined.
This method MAY NOT be called in ``vcl_init``; if it is, then the VCL
load fails. If ``.policy()`` was not called previously in the current
task scope, then an error message is emitted to the Varnish log with
the ``VCL_Error`` tag, and the method returns NULL.
$Restrict client backend
Examples::
...
...
@@ -575,10 +563,7 @@ If description strings were provided in the declaration of the policy
and/or in the ``.add()`` method call that assigned the policy, then
these are included in the string.
The ``.explain()`` method MAY NOT be called in ``vcl_init``; if it is,
then the VCL load fails. If ``.policy()`` was not called previously in
the current task scope, then an error message is emitted to the
Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
$Restrict client backend
Example::
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment