Skip to content

L
libvmod-hoailona
Unverified Commit a7d2369d authored by Nils Goroll's avatar Nils Goroll
Browse files
Options

Use $Restrict

parent eec7316a
Hide whitespace changes
Inline Side-by-side
Showing with 22 additions and 83 deletions
README.rst
View file @ a7d2369d
...@@ -337,10 +337,7 @@ Associate ``policy`` with the ``host``, optionally restricted to the ...@@ -337,10 +337,7 @@ Associate ``policy`` with the ``host``, optionally restricted to the
path pattern described by ``path``. The ``host`` and ``policy`` path pattern described by ``path``. The ``host`` and ``policy``
parameters are required, and must be non-empty. parameters are required, and must be non-empty.
The ``.add()`` method MUST be called in ``vcl_init`` only. If it is Restricted to: ``vcl_init``
called in any other subroutine, then an error message is emitted to
the Varnish log (using the ``VCL_Error`` tag), and the method call is
ignored.
The value of ``host`` MUST be a valid host name, optionally beginning The value of ``host`` MUST be a valid host name, optionally beginning
with an asterisk (``*``): with an asterisk (``*``):
...@@ -478,8 +475,7 @@ return values are: ...@@ -478,8 +475,7 @@ return values are:
* -1 if no matching policy can be found * -1 if no matching policy can be found
* -2 if there was an internal error * -2 if there was an internal error
This method MAY NOT be called in ``vcl_init``. If it is, then the VCL Restricted to: ``client, backend``
load fails.
The method searches for host names added by the ``.add()`` method that The method searches for host names added by the ``.add()`` method that
match ``host`` in order of addition, possibly matching the suffix if match ``host`` in order of addition, possibly matching the suffix if
...@@ -549,11 +545,7 @@ If the previous invocation of ``.policy()`` determined policy type ...@@ -549,11 +545,7 @@ If the previous invocation of ``.policy()`` determined policy type
non-cryptographic portion of an authorization token; return NULL if no non-cryptographic portion of an authorization token; return NULL if no
matching policy could be determined. There are no required parameters. matching policy could be determined. There are no required parameters.
This method MAY NOT be called in ``vcl_init``; if it is, then the VCL Restricted to: ``client, backend``
load fails. If the previous ``.policy()`` call did not determine
policy type TOKEN, or if ``.policy()`` was not called previously in
the current task scope, then an error message is emitted to the
Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
If none of the optional parameters are specified, then the method If none of the optional parameters are specified, then the method
returns a string with the parameters ``st`` and ``exp`` for the start returns a string with the parameters ``st`` and ``exp`` for the start
...@@ -601,10 +593,7 @@ Return the shared secret stored for the policy determined by the ...@@ -601,10 +593,7 @@ Return the shared secret stored for the policy determined by the
previous invocation of ``.policy()``. Returns NULL if no such shared previous invocation of ``.policy()``. Returns NULL if no such shared
secret was specified, or if no matching policy could be determined. secret was specified, or if no matching policy could be determined.
This method MAY NOT be called in ``vcl_init``; if it is, then the VCL Restricted to: ``client, backend``
load fails. If ``.policy()`` was not called previously in the current
task scope, then an error message is emitted to the Varnish log with
the ``VCL_Error`` tag, and the method returns NULL.
Examples:: Examples::
...@@ -653,10 +642,7 @@ If description strings were provided in the declaration of the policy ...@@ -653,10 +642,7 @@ If description strings were provided in the declaration of the policy
and/or in the ``.add()`` method call that assigned the policy, then and/or in the ``.add()`` method call that assigned the policy, then
these are included in the string. these are included in the string.
The ``.explain()`` method MAY NOT be called in ``vcl_init``; if it is, Restricted to: ``client, backend``
then the VCL load fails. If ``.policy()`` was not called previously in
the current task scope, then an error message is emitted to the
Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
Example:: Example::
......
src/tests/add.vtc
View file @ a7d2369d
...@@ -18,7 +18,7 @@ varnish v1 -vcl { ...@@ -18,7 +18,7 @@ varnish v1 -vcl {
} }
} -start } -start
varnish v1 -vcl { varnish v1 -errvcl {Not available in subroutine 'vcl_recv'} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so"; import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none; backend proforma none;
...@@ -29,20 +29,9 @@ varnish v1 -vcl { ...@@ -29,20 +29,9 @@ varnish v1 -vcl {
sub vcl_recv { sub vcl_recv {
h.add("example.com", "p"); h.add("example.com", "p");
} }
} }
client c1 {
txreq
rxresp
} -run
logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error "^vmod hoailona error: h.add.. may only be called in vcl_init$"
expect * = End
} -run
varnish v1 -errvcl {vmod hoailona error: host is empty in h.add()} { varnish v1 -errvcl {vmod hoailona error: host is empty in h.add()} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so"; import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none; backend proforma none;
......
src/tests/explain.vtc
View file @ a7d2369d
...@@ -89,7 +89,7 @@ client c1 { ...@@ -89,7 +89,7 @@ client c1 {
expect resp.http.eB == "No policy was matched" expect resp.http.eB == "No policy was matched"
} -run } -run
varnish v1 -errvcl {h.explain() may not be called in vcl_init} { varnish v1 -errvcl {Not available in subroutine 'vcl_init'} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so"; import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none; backend proforma none;
......
src/tests/policy_method.vtc
View file @ a7d2369d
...@@ -387,7 +387,7 @@ client c1 { ...@@ -387,7 +387,7 @@ client c1 {
} -run } -run
# Usage tests # Usage tests
varnish v1 -errvcl {h.policy() may not be called in vcl_init} { varnish v1 -errvcl {Not available in subroutine 'vcl_init'} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so"; import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none; backend proforma none;
......
src/tests/secret.vtc
View file @ a7d2369d
...@@ -34,7 +34,7 @@ client c1 { ...@@ -34,7 +34,7 @@ client c1 {
} -run } -run
# Usage # Usage
varnish v1 -errvcl {h.secret() may not be called in vcl_init} { varnish v1 -errvcl {Not available in subroutine 'vcl_init'} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so"; import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import blob; import blob;
backend proforma none; backend proforma none;
......
src/tests/token.vtc
View file @ a7d2369d
...@@ -154,7 +154,7 @@ client c1 { ...@@ -154,7 +154,7 @@ client c1 {
} -run } -run
# Usage # Usage
varnish v1 -errvcl {h.token() may not be called in vcl_init} { varnish v1 -errvcl {Not available in subroutine 'vcl_init'} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so"; import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
backend proforma none; backend proforma none;
......
src/vmod_hoailona.c
View file @ a7d2369d
...@@ -57,8 +57,6 @@ ...@@ -57,8 +57,6 @@
#define ERRNOMEM(ctx, msg) \ #define ERRNOMEM(ctx, msg) \
ERR((ctx), msg ", out of space") ERR((ctx), msg ", out of space")
#define INIT(ctx) (((ctx)->method & VCL_MET_INIT) != 0)
struct host { struct host {
unsigned magic; unsigned magic;
#define VMOD_HOAILONA_HOST_MAGIC 0x731af58f #define VMOD_HOAILONA_HOST_MAGIC 0x731af58f
...@@ -359,11 +357,8 @@ vmod_hosts_add(VRT_CTX, struct vmod_hoailona_hosts *hosts, ...@@ -359,11 +357,8 @@ vmod_hosts_add(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC); CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC); CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC);
AN(init_task); AN(init_task);
if (!INIT(ctx)) { assert(ctx->method == VCL_MET_INIT);
VERR(ctx, "%s.add() may only be called in vcl_init",
hosts->vcl_name);
return;
}
if (hostname == NULL || hostname[0] == '\0') { if (hostname == NULL || hostname[0] == '\0') {
VERR(ctx, "host is empty in %s.add()", hosts->vcl_name); VERR(ctx, "host is empty in %s.add()", hosts->vcl_name);
return; return;
...@@ -498,11 +493,7 @@ vmod_hosts_policy(VRT_CTX, struct vmod_hoailona_hosts *hosts, ...@@ -498,11 +493,7 @@ vmod_hosts_policy(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC); CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC); CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC);
AN(priv_task); AN(priv_task);
if (INIT(ctx)) { AZ(ctx->method & VCL_MET_INIT);
VERR(ctx, "%s.policy() may not be called in vcl_init",
hosts->vcl_name);
return -2;
}
if (hostname == NULL || hostname[0] == '\0') { if (hostname == NULL || hostname[0] == '\0') {
if (! (pathname == NULL || pathname[0] == '\0')) { if (! (pathname == NULL || pathname[0] == '\0')) {
VERR(ctx, "host is empty in %s.policy()", VERR(ctx, "host is empty in %s.policy()",
...@@ -664,11 +655,7 @@ vmod_hosts_token(VRT_CTX, struct vmod_hoailona_hosts *hosts, ...@@ -664,11 +655,7 @@ vmod_hosts_token(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC); CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC); CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC); CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC);
if (INIT(ctx)) { AZ(ctx->method & VCL_MET_INIT);
VERR(ctx, "%s.token() may not be called in vcl_init",
hosts->vcl_name);
return NULL;
}
if (ttl < 0) { if (ttl < 0) {
VERR(ctx, "ttl must not be < 0 in %s.token(): %f", VERR(ctx, "ttl must not be < 0 in %s.token(): %f",
hosts->vcl_name, ttl); hosts->vcl_name, ttl);
...@@ -720,11 +707,7 @@ vmod_hosts_secret(VRT_CTX, struct vmod_hoailona_hosts *hosts, ...@@ -720,11 +707,7 @@ vmod_hosts_secret(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC); CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC); CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC);
if (INIT(ctx)) { AZ(ctx->method & VCL_MET_INIT);
VERR(ctx, "%s.secret() may not be called in vcl_init",
hosts->vcl_name);
return NULL;
}
policy = get_policy(ctx, priv_task, hosts->vcl_name, "secret"); policy = get_policy(ctx, priv_task, hosts->vcl_name, "secret");
if (policy == NULL) if (policy == NULL)
...@@ -745,11 +728,7 @@ vmod_hosts_explain(VRT_CTX, struct vmod_hoailona_hosts *hosts, ...@@ -745,11 +728,7 @@ vmod_hosts_explain(VRT_CTX, struct vmod_hoailona_hosts *hosts,
CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC); CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC); CHECK_OBJ_NOTNULL(hosts, VMOD_HOAILONA_HOSTS_MAGIC);
AN(priv_task); AN(priv_task);
if (INIT(ctx)) { AZ(ctx->method & VCL_MET_INIT);
VERR(ctx, "%s.explain() may not be called in vcl_init",
hosts->vcl_name);
return NULL;
}
if (priv_task->priv == NULL) { if (priv_task->priv == NULL) {
VERR(ctx, "%s.explain() called before %s.policy()", VERR(ctx, "%s.explain() called before %s.policy()",
hosts->vcl_name, hosts->vcl_name); hosts->vcl_name, hosts->vcl_name);
......
src/vmod_hoailona.vcc
View file @ a7d2369d
...@@ -279,10 +279,7 @@ Associate ``policy`` with the ``host``, optionally restricted to the ...@@ -279,10 +279,7 @@ Associate ``policy`` with the ``host``, optionally restricted to the
path pattern described by ``path``. The ``host`` and ``policy`` path pattern described by ``path``. The ``host`` and ``policy``
parameters are required, and must be non-empty. parameters are required, and must be non-empty.
The ``.add()`` method MUST be called in ``vcl_init`` only. If it is $Restrict vcl_init
called in any other subroutine, then an error message is emitted to
the Varnish log (using the ``VCL_Error`` tag), and the method call is
ignored.
The value of ``host`` MUST be a valid host name, optionally beginning The value of ``host`` MUST be a valid host name, optionally beginning
with an asterisk (``*``): with an asterisk (``*``):
...@@ -417,8 +414,7 @@ return values are: ...@@ -417,8 +414,7 @@ return values are:
* -1 if no matching policy can be found * -1 if no matching policy can be found
* -2 if there was an internal error * -2 if there was an internal error
This method MAY NOT be called in ``vcl_init``. If it is, then the VCL $Restrict client backend
load fails.
The method searches for host names added by the ``.add()`` method that The method searches for host names added by the ``.add()`` method that
match ``host`` in order of addition, possibly matching the suffix if match ``host`` in order of addition, possibly matching the suffix if
...@@ -471,17 +467,12 @@ Calling ``.policy()`` with only one of the ``host`` and ``path`` ...@@ -471,17 +467,12 @@ Calling ``.policy()`` with only one of the ``host`` and ``path``
parameters empty is an error. parameters empty is an error.
$Method STRING .token(PRIV_TASK, STRING acl=0, DURATION ttl=0, STRING data=0) $Method STRING .token(PRIV_TASK, STRING acl=0, DURATION ttl=0, STRING data=0)
If the previous invocation of ``.policy()`` determined policy type If the previous invocation of ``.policy()`` determined policy type
``TOKEN`` (return value 2 from ``.policy()``), then return the ``TOKEN`` (return value 2 from ``.policy()``), then return the
non-cryptographic portion of an authorization token; return NULL if no non-cryptographic portion of an authorization token; return NULL if no
matching policy could be determined. There are no required parameters. matching policy could be determined. There are no required parameters.
This method MAY NOT be called in ``vcl_init``; if it is, then the VCL $Restrict client backend
load fails. If the previous ``.policy()`` call did not determine
policy type TOKEN, or if ``.policy()`` was not called previously in
the current task scope, then an error message is emitted to the
Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
If none of the optional parameters are specified, then the method If none of the optional parameters are specified, then the method
returns a string with the parameters ``st`` and ``exp`` for the start returns a string with the parameters ``st`` and ``exp`` for the start
...@@ -526,10 +517,7 @@ Return the shared secret stored for the policy determined by the ...@@ -526,10 +517,7 @@ Return the shared secret stored for the policy determined by the
previous invocation of ``.policy()``. Returns NULL if no such shared previous invocation of ``.policy()``. Returns NULL if no such shared
secret was specified, or if no matching policy could be determined. secret was specified, or if no matching policy could be determined.
This method MAY NOT be called in ``vcl_init``; if it is, then the VCL $Restrict client backend
load fails. If ``.policy()`` was not called previously in the current
task scope, then an error message is emitted to the Varnish log with
the ``VCL_Error`` tag, and the method returns NULL.
Examples:: Examples::
...@@ -575,10 +563,7 @@ If description strings were provided in the declaration of the policy ...@@ -575,10 +563,7 @@ If description strings were provided in the declaration of the policy
and/or in the ``.add()`` method call that assigned the policy, then and/or in the ``.add()`` method call that assigned the policy, then
these are included in the string. these are included in the string.
The ``.explain()`` method MAY NOT be called in ``vcl_init``; if it is, $Restrict client backend
then the VCL load fails. If ``.policy()`` was not called previously in
the current task scope, then an error message is emitted to the
Varnish log with the ``VCL_Error`` tag, and the method returns NULL.
Example:: Example::
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment