Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-hoailona
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-hoailona
Commits
c673a9a8
Commit
c673a9a8
authored
Sep 14, 2017
by
Nils Goroll
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
update to Varnish-Cache master/5.2 and use of the in-tree blob vmod
parent
dcdcefcb
Pipeline
#281
skipped
Changes
6
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
40 additions
and
44 deletions
+40
-44
CONTRIBUTING.rst
CONTRIBUTING.rst
+2
-2
INSTALL.rst
INSTALL.rst
+2
-2
README.rst
README.rst
+13
-14
policy_obj.vtc
src/tests/policy_obj.vtc
+3
-4
secret.vtc
src/tests/secret.vtc
+7
-8
vmod_hoailona.vcc
src/vmod_hoailona.vcc
+13
-14
No files found.
CONTRIBUTING.rst
View file @
c673a9a8
...
...
@@ -30,7 +30,7 @@ off optimizations and function inlining, so that a debugger will step
through the code as expected.
To run the VTC test cases in ``src/test`` (as when ``make check`` is
invoked), you must have the VMOD ``blob
code
`` installed.
invoked), you must have the VMOD ``blob`` installed.
* source repository: https://code.uplex.de/uplex-varnish/libvmod-hoailona
* VMOD blob
code: https://code.uplex.de/uplex-varnish/libvmod-blobcode
* VMOD blob
: https://code.uplex.de/uplex-varnish/libvmod-blob
INSTALL.rst
View file @
c673a9a8
...
...
@@ -11,8 +11,8 @@ resources. This sequence will install the VMOD::
> make check # to run unit tests in src/tests/*.vtc
> sudo make install
``make check`` requires that the VMOD ``blob
code
`` is installed
(https://code.uplex.de/uplex-varnish/libvmod-blob
code
).
``make check`` requires that the VMOD ``blob`` is installed
(https://code.uplex.de/uplex-varnish/libvmod-blob).
If you have installed Varnish in a non-standard directory, call
``autogen.sh`` and ``configure`` with the ``PKG_CONFIG_PATH``
...
...
README.rst
View file @
c673a9a8
...
...
@@ -87,14 +87,14 @@ OPEN or DENY), a TTL for the TOKEN type, and possibly a shared secret
used for authorization. For example::
import hoailona;
import blob
code
;
import blob;
sub vcl_init {
# Define a policy for token authorization lasting one hour,
# and associate it with a shared secret.
new token_policy
= hoailona.policy(TOKEN, 1h,
blob
code
.decode(encoded="secret"));
blob.decode(encoded="secret"));
# Define a policy for open access (authorization not required)
new open_policy = hoailona.policy(OPEN);
...
...
@@ -173,7 +173,7 @@ the shared secret associated with the policy, to generate the
HMAC for the token::
import blobdigest;
import blob
code
;
import blob;
sub vcl_recv {
# .policy() returns 2 for policy type TOKEN
...
...
@@ -183,14 +183,14 @@ HMAC for the token::
# header
set req.http.Tmp-Token = config.token();
# Use VMOD blobdigest to generate the HMAC, and VMOD blob
code
# Use VMOD blobdigest to generate the HMAC, and VMOD blob
# to encode the result in lower case hex.
# The shared secret serves as the HMAC key, and the token just
# assigned to the temp header is the message to be hashed.
set req.http.Tmp-HMAC
= blob
code.encode(HEXLC
,
= blob
.encode(HEX, LOWER
,
blobdigest.hmacf(SHA256, config.secret(),
blob
code.decode(IDENTITY,
blob
.decode(encoded=
req.http.Tmp-Token)));
# These two temp headers can now be combined to form the full
...
...
@@ -256,7 +256,7 @@ correspond with ``ttl``.
The optional ``secret`` parameter may contain a shared secret for
authorization, which serves as the key for an HMAC. The data type for
``secret`` is BLOB, which cannot be expressed in native VCL, but can
be generated by a VMOD (such as VMOD ``blob
code
``). By default, no
be generated by a VMOD (such as VMOD ``blob``). By default, no
shared secret is stored for the policy.
The optional ``description`` parameter may contain any string; if
...
...
@@ -287,9 +287,9 @@ Examples::
# (Note that in Varnish 5.0.0, the negative integer for start_offset
# must be written as 0-10, because negative literals are not parsed
# correctly.)
import blob
code
;
import blob;
new token = hoailona.policy(type=TOKEN, ttl=2h, start_offset=0-10,
secret=blob
code.decode(HEX,
secret=blob
.decode(decoding=HEX, encoded=
"717569636B2062726F776E20666F7879"));
# A policy for "access denied"
...
...
@@ -598,7 +598,7 @@ the ``VCL_Error`` tag, and the method returns NULL.
Examples::
import blobdigest;
import blob
code
;
import blob;
sub vcl_recv {
if (config.policy(req.http.Host, req.url) == 2) {
...
...
@@ -608,9 +608,9 @@ Examples::
# Use VMOD blobdigest to generate the HMAC, where
# the shared secret serves as the HMAC key.
set req.http.Tmp-HMAC
= blob
code.encode(HEXLC
,
= blob
.encode(HEX, LOWER
,
blobdigest.hmacf(SHA256, config.secret(),
blob
code.decode(IDENTITY,
blob
.decode(encoded=
req.http.Tmp-Token)));
# Concatenate elements of the authorization token
...
...
@@ -680,7 +680,7 @@ Example::
REQUIREMENTS
============
This VMOD requires Varnish since version 5.
1.0.
This VMOD requires Varnish since version 5.
2
LIMITATIONS
===========
...
...
@@ -723,7 +723,6 @@ SEE ALSO
* varnishd(1)
* vcl(7)
* source repository: https://code.uplex.de/uplex-varnish/libvmod-hoailona
* VMOD blobcode: https://code.uplex.de/uplex-varnish/libvmod-blobcode
* VMOD blobdigest: https://code.uplex.de/uplex-varnish/libvmod-blobdigest
Akamai documentation
...
...
src/tests/policy_obj.vtc
View file @
c673a9a8
...
...
@@ -2,12 +2,11 @@
varnishtest "policy object constructor"
# VMOD blobcode must be installed
# Doesn't test much, just make sure nothing crashes
varnish v1 -vcl {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import blob
code
;
import blob;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
...
...
@@ -17,9 +16,9 @@ varnish v1 -vcl {
new p4 = hoailona.policy(TOKEN, 1h, description="policy p4");
new p5 = hoailona.policy(OPEN, start_offset= 0-10);
new p6 = hoailona.policy(DENY,
secret=blob
code
.decode(encoded="foo"));
secret=blob.decode(encoded="foo"));
new p7 = hoailona.policy(TOKEN, 1h, "p7",
blob
code
.decode(encoded="bar"), 0-30);
blob.decode(encoded="bar"), 0-30);
}
} -start
...
...
src/tests/secret.vtc
View file @
c673a9a8
...
...
@@ -2,16 +2,15 @@
varnishtest "hosts.secret()"
# VMOD blobcode must be installed
varnish v1 -vcl {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import blob
code
;
import blob;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new p = hoailona.policy(TOKEN, 2h,
secret=blob
code
.decode(encoded="foo"));
secret=blob.decode(encoded="foo"));
new h = hoailona.hosts();
h.add("example.com", "p");
}
...
...
@@ -22,7 +21,7 @@ varnish v1 -vcl {
sub vcl_synth {
set resp.http.p1 = h.policy("example.com", "/foo/bar");
set resp.http.s1 = blob
code
.encode(blob=h.secret());
set resp.http.s1 = blob.encode(blob=h.secret());
}
} -start
...
...
@@ -37,13 +36,13 @@ client c1 {
# Usage
varnish v1 -errvcl {h.secret() may not be called in vcl_init} {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import blob
code
;
import blob;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new p = hoailona.policy(OPEN);
new h = hoailona.hosts();
if (blob
code
.encode(blob=h.secret()) == "foo") {
if (blob.encode(blob=h.secret()) == "foo") {
return(fail);
}
}
...
...
@@ -51,7 +50,7 @@ varnish v1 -errvcl {h.secret() may not be called in vcl_init} {
varnish v1 -vcl {
import hoailona from "${vmod_topbuild}/src/.libs/libvmod_hoailona.so";
import blob
code
;
import blob;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
...
...
@@ -63,7 +62,7 @@ varnish v1 -vcl {
}
sub vcl_synth {
set resp.http.s1 = blob
code
.encode(blob=h.secret());
set resp.http.s1 = blob.encode(blob=h.secret());
}
}
...
...
src/vmod_hoailona.vcc
View file @
c673a9a8
...
...
@@ -70,14 +70,14 @@ OPEN or DENY), a TTL for the TOKEN type, and possibly a shared secret
used for authorization. For example::
import hoailona;
import blob
code
;
import blob;
sub vcl_init {
# Define a policy for token authorization lasting one hour,
# and associate it with a shared secret.
new token_policy
= hoailona.policy(TOKEN, 1h,
blob
code
.decode(encoded="secret"));
blob.decode(encoded="secret"));
# Define a policy for open access (authorization not required)
new open_policy = hoailona.policy(OPEN);
...
...
@@ -156,7 +156,7 @@ the shared secret associated with the policy, to generate the
HMAC for the token::
import blobdigest;
import blob
code
;
import blob;
sub vcl_recv {
# .policy() returns 2 for policy type TOKEN
...
...
@@ -166,14 +166,14 @@ HMAC for the token::
# header
set req.http.Tmp-Token = config.token();
# Use VMOD blobdigest to generate the HMAC, and VMOD blob
code
# Use VMOD blobdigest to generate the HMAC, and VMOD blob
# to encode the result in lower case hex.
# The shared secret serves as the HMAC key, and the token just
# assigned to the temp header is the message to be hashed.
set req.http.Tmp-HMAC
= blob
code.encode(HEXLC
,
= blob
.encode(HEX, LOWER
,
blobdigest.hmacf(SHA256, config.secret(),
blob
code.decode(IDENTITY,
blob
.decode(encoded=
req.http.Tmp-Token)));
# These two temp headers can now be combined to form the full
...
...
@@ -226,7 +226,7 @@ correspond with ``ttl``.
The optional ``secret`` parameter may contain a shared secret for
authorization, which serves as the key for an HMAC. The data type for
``secret`` is BLOB, which cannot be expressed in native VCL, but can
be generated by a VMOD (such as VMOD ``blob
code
``). By default, no
be generated by a VMOD (such as VMOD ``blob``). By default, no
shared secret is stored for the policy.
The optional ``description`` parameter may contain any string; if
...
...
@@ -257,9 +257,9 @@ Examples::
# (Note that in Varnish 5.0.0, the negative integer for start_offset
# must be written as 0-10, because negative literals are not parsed
# correctly.)
import blob
code
;
import blob;
new token = hoailona.policy(type=TOKEN, ttl=2h, start_offset=0-10,
secret=blob
code.decode(HEX,
secret=blob
.decode(decoding=HEX, encoded=
"717569636B2062726F776E20666F7879"));
# A policy for "access denied"
...
...
@@ -534,7 +534,7 @@ the ``VCL_Error`` tag, and the method returns NULL.
Examples::
import blobdigest;
import blob
code
;
import blob;
sub vcl_recv {
if (config.policy(req.http.Host, req.url) == 2) {
...
...
@@ -544,9 +544,9 @@ Examples::
# Use VMOD blobdigest to generate the HMAC, where
# the shared secret serves as the HMAC key.
set req.http.Tmp-HMAC
= blob
code.encode(HEXLC
,
= blob
.encode(HEX, LOWER
,
blobdigest.hmacf(SHA256, config.secret(),
blob
code.decode(IDENTITY,
blob
.decode(encoded=
req.http.Tmp-Token)));
# Concatenate elements of the authorization token
...
...
@@ -602,7 +602,7 @@ Example::
REQUIREMENTS
============
This VMOD requires Varnish since version 5.
1.0.
This VMOD requires Varnish since version 5.
2
LIMITATIONS
===========
...
...
@@ -645,7 +645,6 @@ SEE ALSO
* varnishd(1)
* vcl(7)
* source repository: https://code.uplex.de/uplex-varnish/libvmod-hoailona
* VMOD blobcode: https://code.uplex.de/uplex-varnish/libvmod-blobcode
* VMOD blobdigest: https://code.uplex.de/uplex-varnish/libvmod-blobdigest
Akamai documentation
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment