MAJOR: acl: make use of the new sample struct and get rid of acl_test
This change is invasive in lines of code but not much in terms of
functionalities as it's mainly a replacement of struct acl_test
with struct sample.
diff --git a/include/proto/acl.h b/include/proto/acl.h
index 95407dd..e21075f 100644
--- a/include/proto/acl.h
+++ b/include/proto/acl.h
@@ -135,13 +135,13 @@
int acl_parse_nothing(const char **text, struct acl_pattern *pattern, int *opaque);
/* NB: For two strings to be identical, it is required that their lengths match */
-int acl_match_str(struct acl_test *test, struct acl_pattern *pattern);
+int acl_match_str(struct sample *smp, struct acl_pattern *pattern);
/* Checks that the length of the pattern in <test> is included between min and max */
-int acl_match_len(struct acl_test *test, struct acl_pattern *pattern);
+int acl_match_len(struct sample *smp, struct acl_pattern *pattern);
/* Checks that the integer in <test> is included between min and max */
-int acl_match_int(struct acl_test *test, struct acl_pattern *pattern);
+int acl_match_int(struct sample *smp, struct acl_pattern *pattern);
/* Parse an integer. It is put both in min and max. */
int acl_parse_int(const char **text, struct acl_pattern *pattern, int *opaque);
@@ -172,45 +172,45 @@
/* always fake a data retrieval */
int acl_fetch_nothing(struct proxy *px, struct session *l4, void *l7, int dir,
- struct acl_expr *expr, struct acl_test *test);
+ struct acl_expr *expr, struct sample *smp);
/* always return false */
-int acl_match_nothing(struct acl_test *test, struct acl_pattern *pattern);
+int acl_match_nothing(struct sample *smp, struct acl_pattern *pattern);
/* Fetch the RDP cookie identified in the expression. */
int acl_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir,
- struct acl_expr *expr, struct acl_test *test);
+ struct acl_expr *expr, struct sample *smp);
/* Checks that the pattern matches the end of the tested string. */
-int acl_match_end(struct acl_test *test, struct acl_pattern *pattern);
+int acl_match_end(struct sample *smp, struct acl_pattern *pattern);
/* Checks that the pattern matches the beginning of the tested string. */
-int acl_match_beg(struct acl_test *test, struct acl_pattern *pattern);
+int acl_match_beg(struct sample *smp, struct acl_pattern *pattern);
/* Checks that the pattern is included inside the tested string. */
-int acl_match_sub(struct acl_test *test, struct acl_pattern *pattern);
+int acl_match_sub(struct sample *smp, struct acl_pattern *pattern);
/* Checks that the pattern is included inside the tested string, but enclosed
* between slashes or at the beginning or end of the string. Slashes at the
* beginning or end of the pattern are ignored.
*/
-int acl_match_dir(struct acl_test *test, struct acl_pattern *pattern);
+int acl_match_dir(struct sample *smp, struct acl_pattern *pattern);
/* Checks that the pattern is included inside the tested string, but enclosed
* between dots or at the beginning or end of the string. Dots at the beginning
* or end of the pattern are ignored.
*/
-int acl_match_dom(struct acl_test *test, struct acl_pattern *pattern);
+int acl_match_dom(struct sample *smp, struct acl_pattern *pattern);
/* Check that the IPv4 address in <test> matches the IP/mask in pattern */
-int acl_match_ip(struct acl_test *test, struct acl_pattern *pattern);
+int acl_match_ip(struct sample *smp, struct acl_pattern *pattern);
/* Executes a regex. It needs to change the data. If it is marked READ_ONLY
* then it will be allocated and duplicated in place so that others may use
* it later on. Note that this is embarrassing because we always try to avoid
* allocating memory at run time.
*/
-int acl_match_reg(struct acl_test *test, struct acl_pattern *pattern);
+int acl_match_reg(struct sample *smp, struct acl_pattern *pattern);
#endif /* _PROTO_ACL_H */
diff --git a/include/proto/auth.h b/include/proto/auth.h
index c7b2abc..daeb8b6 100644
--- a/include/proto/auth.h
+++ b/include/proto/auth.h
@@ -21,7 +21,7 @@
struct userlist *auth_find_userlist(char *name);
unsigned int auth_resolve_groups(struct userlist *l, char *groups);
void userlist_free(struct userlist *ul);
-int acl_match_auth(struct acl_test *test, struct acl_pattern *pattern);
+int acl_match_auth(struct sample *smp, struct acl_pattern *pattern);
int check_user(struct userlist *ul, unsigned int group_mask, const char *user, const char *pass);
#endif /* _PROTO_AUTH_H */
diff --git a/include/types/acl.h b/include/types/acl.h
index 4d79ee7..db63dfe 100644
--- a/include/types/acl.h
+++ b/include/types/acl.h
@@ -28,6 +28,7 @@
#include <types/arg.h>
#include <types/auth.h>
+#include <types/pattern.h>
#include <types/proxy.h>
#include <types/server.h>
#include <types/session.h>
@@ -70,26 +71,6 @@
ACL_COND_UNLESS, /* negative condition (after 'unless') */
};
-/* possible flags for intermediate test values. The flags are maintained
- * across consecutive fetches for a same entry (eg: parse all req lines).
- */
-enum {
- ACL_TEST_F_READ_ONLY = 1 << 0, /* test data are read-only */
- ACL_TEST_F_MUST_FREE = 1 << 1, /* test data must be freed after end of evaluation */
- ACL_TEST_F_VOL_TEST = 1 << 2, /* result must not survive longer than the test (eg: time) */
- ACL_TEST_F_VOL_HDR = 1 << 3, /* result sensitive to changes in headers */
- ACL_TEST_F_VOL_1ST = 1 << 4, /* result sensitive to changes in first line (eg: URI) */
- ACL_TEST_F_VOL_TXN = 1 << 5, /* result sensitive to new transaction (eg: persist) */
- ACL_TEST_F_VOL_SESS = 1 << 6, /* result sensitive to new session (eg: IP) */
- ACL_TEST_F_VOLATILE = (1<<2)|(1<<3)|(1<<4)|(1<<5)|(1<<6),
- ACL_TEST_F_FETCH_MORE = 1 << 7, /* if test does not match, retry with next entry (for multi-match) */
- ACL_TEST_F_MAY_CHANGE = 1 << 8, /* if test does not match, retry later (eg: request size) */
- ACL_TEST_F_RES_SET = 1 << 9, /* for fetch() function to assign the result without calling match() */
- ACL_TEST_F_RES_PASS = 1 << 10,/* with SET_RESULT, sets result to PASS (defaults to FAIL) */
- ACL_TEST_F_SET_RES_PASS = (ACL_TEST_F_RES_SET|ACL_TEST_F_RES_PASS), /* sets result to PASS */
- ACL_TEST_F_SET_RES_FAIL = (ACL_TEST_F_RES_SET), /* sets result to FAIL */
-};
-
/* ACLs can be evaluated on requests and on responses, and on partial or complete data */
enum {
ACL_DIR_REQ = 0, /* ACL evaluated on request */
@@ -236,21 +217,6 @@
int flags; /* expr or pattern flags. */
};
-/* The structure exchanged between an acl_fetch_* function responsible for
- * retrieving a value, and an acl_match_* function responsible for testing it.
- */
-struct acl_test {
- int flags; /* ACL_TEST_F_* set to 0 on first call */
- union { /* fetch_* functions context for any purpose */
- void *p; /* any pointer */
- int i; /* any integer */
- long long ll; /* any long long or smaller */
- double d; /* any float or double */
- void *a[8]; /* any array of up to 8 pointers */
- } ctx;
-};
-
-
/*
* ACL keyword: Associates keywords with parsers, methods to retrieve the value and testers.
*/
@@ -273,8 +239,8 @@
const char *kw;
int (*parse)(const char **text, struct acl_pattern *pattern, int *opaque);
int (*fetch)(struct proxy *px, struct session *l4, void *l7, int dir,
- struct acl_expr *expr, struct acl_test *test);
- int (*match)(struct acl_test *test, struct acl_pattern *pattern);
+ struct acl_expr *expr, struct sample *smp);
+ int (*match)(struct sample *smp, struct acl_pattern *pattern);
unsigned int requires; /* bit mask of all ACL_USE_* required to evaluate this keyword */
int arg_mask; /* mask describing up to 7 arg types */
/* must be after the config params */