Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-hoailona
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-hoailona
Commits
a7d2369d
Unverified
Commit
a7d2369d
authored
Jun 13, 2023
by
Nils Goroll
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use $Restrict
parent
eec7316a
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
22 additions
and
83 deletions
+22
-83
README.rst
README.rst
+5
-19
add.vtc
src/tests/add.vtc
+2
-13
explain.vtc
src/tests/explain.vtc
+1
-1
policy_method.vtc
src/tests/policy_method.vtc
+1
-1
secret.vtc
src/tests/secret.vtc
+1
-1
token.vtc
src/tests/token.vtc
+1
-1
vmod_hoailona.c
src/vmod_hoailona.c
+6
-27
vmod_hoailona.vcc
src/vmod_hoailona.vcc
+5
-20
No files found.
README.rst
View file @
a7d2369d
...
@@ -337,10 +337,7 @@ Associate ``policy`` with the ``host``, optionally restricted to the
...
@@ -337,10 +337,7 @@ Associate ``policy`` with the ``host``, optionally restricted to the
path pattern described by ``path``. The ``host`` and ``policy``
path pattern described by ``path``. The ``host`` and ``policy``
parameters are required, and must be non-empty.
parameters are required, and must be non-empty.
The ``.add()`` method MUST be called in ``vcl_init`` only. If it is
Restricted to: ``vcl_init``
called in any other subroutine, then an error message is emitted to
the Varnish log (using the ``VCL_Error`` tag), and the method call is
ignored.
The value of ``host`` MUST be a valid host name, optionally beginning
The value of ``host`` MUST be a valid host name, optionally beginning
with an asterisk (``*``):
with an asterisk (``*``):
...
@@ -478,8 +475,7 @@ return values are:
...
@@ -478,8 +475,7 @@ return values are:
* -1 if no matching policy can be found
* -1 if no matching policy can be found
* -2 if there was an internal error
* -2 if there was an internal error
This method MAY NOT be called in ``vcl_init``. If it is, then the VCL
Restricted to: ``client, backend``
load fails.
The method searches for host names added by the ``.add()`` method that
The method searches for host names added by the ``.add()`` method that
match ``host`` in order of addition, possibly matching the suffix if
match ``host`` in order of addition, possibly matching the suffix if
...
@@ -549,11 +545,7 @@ If the previous invocation of ``.policy()`` determined policy type
...
@@ -549,11 +545,7 @@ If the previous invocation of ``.policy()`` determined policy type
non-cryptographic portion of an authorization token; return NULL if no
non-cryptographic portion of an authorization token; return NULL if no
matching policy could be determined. There are no required parameters.
matching policy could be determined. There are no required parameters.
This method MAY NOT be called in ``vcl_init``; if it is, then the VCL
Restricted to: ``client, backend``
load fails. If the previous ``.policy()`` call did not determine
policy type TOKEN, or if ``.policy()`` was not called previously in
the current task scope, then an error message is emitted to the
Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
If none of the optional parameters are specified, then the method
If none of the optional parameters are specified, then the method
returns a string with the parameters ``st`` and ``exp`` for the start
returns a string with the parameters ``st`` and ``exp`` for the start
...
@@ -601,10 +593,7 @@ Return the shared secret stored for the policy determined by the
...
@@ -601,10 +593,7 @@ Return the shared secret stored for the policy determined by the
previous invocation of ``.policy()``. Returns NULL if no such shared
previous invocation of ``.policy()``. Returns NULL if no such shared
secret was specified, or if no matching policy could be determined.
secret was specified, or if no matching policy could be determined.
This method MAY NOT be called in ``vcl_init``; if it is, then the VCL
Restricted to: ``client, backend``
load fails. If ``.policy()`` was not called previously in the current
task scope, then an error message is emitted to the Varnish log with
the ``VCL_Error`` tag, and the method returns NULL.
Examples::
Examples::
...
@@ -653,10 +642,7 @@ If description strings were provided in the declaration of the policy
...
@@ -653,10 +642,7 @@ If description strings were provided in the declaration of the policy
and/or in the ``.add()`` method call that assigned the policy, then
and/or in the ``.add()`` method call that assigned the policy, then
these are included in the string.
these are included in the string.
The ``.explain()`` method MAY NOT be called in ``vcl_init``; if it is,
Restricted to: ``client, backend``
then the VCL load fails. If ``.policy()`` was not called previously in
the current task scope, then an error message is emitted to the
Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
Example::
Example::
...
...
src/tests/add.vtc
View file @
a7d2369d
...
@@ -18,7 +18,7 @@ varnish v1 -vcl {
...
@@ -18,7 +18,7 @@ varnish v1 -vcl {
}
}
} -start
} -start
varnish v1 -
vcl
{
varnish v1 -
errvcl {Not available in subroutine 'vcl_recv'}
{
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none;
backend proforma none;
...
@@ -29,20 +29,9 @@ varnish v1 -vcl {
...
@@ -29,20 +29,9 @@ varnish v1 -vcl {
sub vcl_recv {
sub vcl_recv {
h.add("example.com", "p");
h.add("example.com", "p");
}
}
}
}
client c1 {
txreq
rxresp
} -run
logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error "^vmod hoailona error: h.add.. may only be called in vcl_init$"
expect * = End
} -run
varnish v1 -errvcl {vmod hoailona error: host is empty in h.add()} {
varnish v1 -errvcl {vmod hoailona error: host is empty in h.add()} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none;
backend proforma none;
...
...
src/tests/explain.vtc
View file @
a7d2369d
...
@@ -89,7 +89,7 @@ client c1 {
...
@@ -89,7 +89,7 @@ client c1 {
expect resp.http.eB == "No policy was matched"
expect resp.http.eB == "No policy was matched"
} -run
} -run
varnish v1 -errvcl {
h.explain() may not be called in vcl_init
} {
varnish v1 -errvcl {
Not available in subroutine 'vcl_init'
} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none;
backend proforma none;
...
...
src/tests/policy_method.vtc
View file @
a7d2369d
...
@@ -387,7 +387,7 @@ client c1 {
...
@@ -387,7 +387,7 @@ client c1 {
} -run
} -run
# Usage tests
# Usage tests
varnish v1 -errvcl {
h.policy() may not be called in vcl_init
} {
varnish v1 -errvcl {
Not available in subroutine 'vcl_init'
} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none;
backend proforma none;
...
...
src/tests/secret.vtc
View file @
a7d2369d
...
@@ -34,7 +34,7 @@ client c1 {
...
@@ -34,7 +34,7 @@ client c1 {
} -run
} -run
# Usage
# Usage
varnish v1 -errvcl {
h.secret() may not be called in vcl_init
} {
varnish v1 -errvcl {
Not available in subroutine 'vcl_init'
} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import blob;
import blob;
backend proforma none;
backend proforma none;
...
...
src/tests/token.vtc
View file @
a7d2369d
...
@@ -154,7 +154,7 @@ client c1 {
...
@@ -154,7 +154,7 @@ client c1 {
} -run
} -run
# Usage
# Usage
varnish v1 -errvcl {
h.token() may not be called in vcl_init
} {
varnish v1 -errvcl {
Not available in subroutine 'vcl_init'
} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none;
backend proforma none;
...
...
src/vmod_hoailona.c
View file @
a7d2369d
...
@@ -57,8 +57,6 @@
...
@@ -57,8 +57,6 @@
#define ERRNOMEM(ctx, msg) \
#define ERRNOMEM(ctx, msg) \
ERR((ctx), msg ", out of space")
ERR((ctx), msg ", out of space")
#define INIT(ctx) (((ctx)->method & VCL_MET_INIT) != 0)
struct
host
{
struct
host
{
unsigned
magic
;
unsigned
magic
;
#define VMOD_HOAILONA_HOST_MAGIC 0x731af58f
#define VMOD_HOAILONA_HOST_MAGIC 0x731af58f
...
@@ -359,11 +357,8 @@ vmod_hosts_add(VRT_CTX, struct vmod_hoailona_hosts *hosts,
...
@@ -359,11 +357,8 @@ vmod_hosts_add(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL
(
ctx
->
ws
,
WS_MAGIC
);
CHECK_OBJ_NOTNULL
(
ctx
->
ws
,
WS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
AN
(
init_task
);
AN
(
init_task
);
if
(
!
INIT
(
ctx
))
{
assert
(
ctx
->
method
==
VCL_MET_INIT
);
VERR
(
ctx
,
"%s.add() may only be called in vcl_init"
,
hosts
->
vcl_name
);
return
;
}
if
(
hostname
==
NULL
||
hostname
[
0
]
==
'\0'
)
{
if
(
hostname
==
NULL
||
hostname
[
0
]
==
'\0'
)
{
VERR
(
ctx
,
"host is empty in %s.add()"
,
hosts
->
vcl_name
);
VERR
(
ctx
,
"host is empty in %s.add()"
,
hosts
->
vcl_name
);
return
;
return
;
...
@@ -498,11 +493,7 @@ vmod_hosts_policy(VRT_CTX, struct vmod_hoailona_hosts *hosts,
...
@@ -498,11 +493,7 @@ vmod_hosts_policy(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL
(
ctx
->
ws
,
WS_MAGIC
);
CHECK_OBJ_NOTNULL
(
ctx
->
ws
,
WS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
AN
(
priv_task
);
AN
(
priv_task
);
if
(
INIT
(
ctx
))
{
AZ
(
ctx
->
method
&
VCL_MET_INIT
);
VERR
(
ctx
,
"%s.policy() may not be called in vcl_init"
,
hosts
->
vcl_name
);
return
-
2
;
}
if
(
hostname
==
NULL
||
hostname
[
0
]
==
'\0'
)
{
if
(
hostname
==
NULL
||
hostname
[
0
]
==
'\0'
)
{
if
(
!
(
pathname
==
NULL
||
pathname
[
0
]
==
'\0'
))
{
if
(
!
(
pathname
==
NULL
||
pathname
[
0
]
==
'\0'
))
{
VERR
(
ctx
,
"host is empty in %s.policy()"
,
VERR
(
ctx
,
"host is empty in %s.policy()"
,
...
@@ -664,11 +655,7 @@ vmod_hosts_token(VRT_CTX, struct vmod_hoailona_hosts *hosts,
...
@@ -664,11 +655,7 @@ vmod_hosts_token(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
CHECK_OBJ_NOTNULL
(
ctx
->
ws
,
WS_MAGIC
);
CHECK_OBJ_NOTNULL
(
ctx
->
ws
,
WS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
if
(
INIT
(
ctx
))
{
AZ
(
ctx
->
method
&
VCL_MET_INIT
);
VERR
(
ctx
,
"%s.token() may not be called in vcl_init"
,
hosts
->
vcl_name
);
return
NULL
;
}
if
(
ttl
<
0
)
{
if
(
ttl
<
0
)
{
VERR
(
ctx
,
"ttl must not be < 0 in %s.token(): %f"
,
VERR
(
ctx
,
"ttl must not be < 0 in %s.token(): %f"
,
hosts
->
vcl_name
,
ttl
);
hosts
->
vcl_name
,
ttl
);
...
@@ -720,11 +707,7 @@ vmod_hosts_secret(VRT_CTX, struct vmod_hoailona_hosts *hosts,
...
@@ -720,11 +707,7 @@ vmod_hosts_secret(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
if
(
INIT
(
ctx
))
{
AZ
(
ctx
->
method
&
VCL_MET_INIT
);
VERR
(
ctx
,
"%s.secret() may not be called in vcl_init"
,
hosts
->
vcl_name
);
return
NULL
;
}
policy
=
get_policy
(
ctx
,
priv_task
,
hosts
->
vcl_name
,
"secret"
);
policy
=
get_policy
(
ctx
,
priv_task
,
hosts
->
vcl_name
,
"secret"
);
if
(
policy
==
NULL
)
if
(
policy
==
NULL
)
...
@@ -745,11 +728,7 @@ vmod_hosts_explain(VRT_CTX, struct vmod_hoailona_hosts *hosts,
...
@@ -745,11 +728,7 @@ vmod_hosts_explain(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL
(
ctx
->
ws
,
WS_MAGIC
);
CHECK_OBJ_NOTNULL
(
ctx
->
ws
,
WS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
CHECK_OBJ_NOTNULL
(
hosts
,
VMOD_HOAILONA_HOSTS_MAGIC
);
AN
(
priv_task
);
AN
(
priv_task
);
if
(
INIT
(
ctx
))
{
AZ
(
ctx
->
method
&
VCL_MET_INIT
);
VERR
(
ctx
,
"%s.explain() may not be called in vcl_init"
,
hosts
->
vcl_name
);
return
NULL
;
}
if
(
priv_task
->
priv
==
NULL
)
{
if
(
priv_task
->
priv
==
NULL
)
{
VERR
(
ctx
,
"%s.explain() called before %s.policy()"
,
VERR
(
ctx
,
"%s.explain() called before %s.policy()"
,
hosts
->
vcl_name
,
hosts
->
vcl_name
);
hosts
->
vcl_name
,
hosts
->
vcl_name
);
...
...
src/vmod_hoailona.vcc
View file @
a7d2369d
...
@@ -279,10 +279,7 @@ Associate ``policy`` with the ``host``, optionally restricted to the
...
@@ -279,10 +279,7 @@ Associate ``policy`` with the ``host``, optionally restricted to the
path pattern described by ``path``. The ``host`` and ``policy``
path pattern described by ``path``. The ``host`` and ``policy``
parameters are required, and must be non-empty.
parameters are required, and must be non-empty.
The ``.add()`` method MUST be called in ``vcl_init`` only. If it is
$Restrict vcl_init
called in any other subroutine, then an error message is emitted to
the Varnish log (using the ``VCL_Error`` tag), and the method call is
ignored.
The value of ``host`` MUST be a valid host name, optionally beginning
The value of ``host`` MUST be a valid host name, optionally beginning
with an asterisk (``*``):
with an asterisk (``*``):
...
@@ -417,8 +414,7 @@ return values are:
...
@@ -417,8 +414,7 @@ return values are:
* -1 if no matching policy can be found
* -1 if no matching policy can be found
* -2 if there was an internal error
* -2 if there was an internal error
This method MAY NOT be called in ``vcl_init``. If it is, then the VCL
$Restrict client backend
load fails.
The method searches for host names added by the ``.add()`` method that
The method searches for host names added by the ``.add()`` method that
match ``host`` in order of addition, possibly matching the suffix if
match ``host`` in order of addition, possibly matching the suffix if
...
@@ -471,17 +467,12 @@ Calling ``.policy()`` with only one of the ``host`` and ``path``
...
@@ -471,17 +467,12 @@ Calling ``.policy()`` with only one of the ``host`` and ``path``
parameters empty is an error.
parameters empty is an error.
$Method STRING .token(PRIV_TASK, STRING acl=0, DURATION ttl=0, STRING data=0)
$Method STRING .token(PRIV_TASK, STRING acl=0, DURATION ttl=0, STRING data=0)
If the previous invocation of ``.policy()`` determined policy type
If the previous invocation of ``.policy()`` determined policy type
``TOKEN`` (return value 2 from ``.policy()``), then return the
``TOKEN`` (return value 2 from ``.policy()``), then return the
non-cryptographic portion of an authorization token; return NULL if no
non-cryptographic portion of an authorization token; return NULL if no
matching policy could be determined. There are no required parameters.
matching policy could be determined. There are no required parameters.
This method MAY NOT be called in ``vcl_init``; if it is, then the VCL
$Restrict client backend
load fails. If the previous ``.policy()`` call did not determine
policy type TOKEN, or if ``.policy()`` was not called previously in
the current task scope, then an error message is emitted to the
Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
If none of the optional parameters are specified, then the method
If none of the optional parameters are specified, then the method
returns a string with the parameters ``st`` and ``exp`` for the start
returns a string with the parameters ``st`` and ``exp`` for the start
...
@@ -526,10 +517,7 @@ Return the shared secret stored for the policy determined by the
...
@@ -526,10 +517,7 @@ Return the shared secret stored for the policy determined by the
previous invocation of ``.policy()``. Returns NULL if no such shared
previous invocation of ``.policy()``. Returns NULL if no such shared
secret was specified, or if no matching policy could be determined.
secret was specified, or if no matching policy could be determined.
This method MAY NOT be called in ``vcl_init``; if it is, then the VCL
$Restrict client backend
load fails. If ``.policy()`` was not called previously in the current
task scope, then an error message is emitted to the Varnish log with
the ``VCL_Error`` tag, and the method returns NULL.
Examples::
Examples::
...
@@ -575,10 +563,7 @@ If description strings were provided in the declaration of the policy
...
@@ -575,10 +563,7 @@ If description strings were provided in the declaration of the policy
and/or in the ``.add()`` method call that assigned the policy, then
and/or in the ``.add()`` method call that assigned the policy, then
these are included in the string.
these are included in the string.
The ``.explain()`` method MAY NOT be called in ``vcl_init``; if it is,
$Restrict client backend
then the VCL load fails. If ``.policy()`` was not called previously in
the current task scope, then an error message is emitted to the
Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
Example::
Example::
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment