MAJOR: acl: make all ACLs reference the fetch function via a sample.
ACL fetch functions used to directly reference a fetch function. Now
that all ACL fetches have their sample fetches equivalent, we can make
ACLs reference a sample fetch keyword instead.
In order to simplify the code, a sample keyword name may be NULL if it
is the same as the ACL's, which is the most common case.
A minor change appeared, http_auth always expects one argument though
the ACL allowed it to be missing and reported as such afterwards, so
fix the ACL to match this. This is not really a bug.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 590c353..1106d1d 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2967,41 +2967,41 @@
* Please take care of keeping this list alphabetically sorted.
*/
static struct acl_kw_list acl_kws = {{ },{
- { "ssl_c_ca_err", acl_parse_int, smp_fetch_ssl_c_ca_err, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_c_ca_err_depth", acl_parse_int, smp_fetch_ssl_c_ca_err_depth, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_c_err", acl_parse_int, smp_fetch_ssl_c_err, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_c_i_dn", acl_parse_str, smp_fetch_ssl_c_i_dn, acl_match_str, ACL_USE_L6REQ_PERMANENT, ARG2(0,STR,SINT) },
- { "ssl_c_key_alg", acl_parse_str, smp_fetch_ssl_c_key_alg, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_c_notafter", acl_parse_str, smp_fetch_ssl_c_notafter, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_c_notbefore", acl_parse_str, smp_fetch_ssl_c_notbefore, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_c_sig_alg", acl_parse_str, smp_fetch_ssl_c_sig_alg, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_c_s_dn", acl_parse_str, smp_fetch_ssl_c_s_dn, acl_match_str, ACL_USE_L6REQ_PERMANENT, ARG2(0,STR,SINT) },
- { "ssl_c_serial", acl_parse_bin, smp_fetch_ssl_c_serial, acl_match_bin, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_c_used", acl_parse_nothing, smp_fetch_ssl_c_used, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_c_verify", acl_parse_int, smp_fetch_ssl_c_verify, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_c_version", acl_parse_int, smp_fetch_ssl_c_version, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_f_i_dn", acl_parse_str, smp_fetch_ssl_f_i_dn, acl_match_str, ACL_USE_L6REQ_PERMANENT, ARG2(0,STR,SINT) },
- { "ssl_f_key_alg", acl_parse_str, smp_fetch_ssl_f_key_alg, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_f_notafter", acl_parse_str, smp_fetch_ssl_f_notafter, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_f_notbefore", acl_parse_str, smp_fetch_ssl_f_notbefore, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_f_sig_alg", acl_parse_str, smp_fetch_ssl_f_sig_alg, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_f_s_dn", acl_parse_str, smp_fetch_ssl_f_s_dn, acl_match_str, ACL_USE_L6REQ_PERMANENT, ARG2(0,STR,SINT) },
- { "ssl_f_serial", acl_parse_bin, smp_fetch_ssl_f_serial, acl_match_bin, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_f_version", acl_parse_int, smp_fetch_ssl_f_version, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_fc", acl_parse_nothing, smp_fetch_ssl_fc, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_fc_alg_keysize", acl_parse_int, smp_fetch_ssl_fc_alg_keysize, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_fc_cipher", acl_parse_str, smp_fetch_ssl_fc_cipher, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_fc_has_crt", acl_parse_nothing, smp_fetch_ssl_fc_has_crt, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_fc_has_sni", acl_parse_nothing, smp_fetch_ssl_fc_has_sni, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_c_ca_err", NULL, acl_parse_int, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_c_ca_err_depth", NULL, acl_parse_int, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_c_err", NULL, acl_parse_int, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_c_i_dn", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, ARG2(0,STR,SINT) },
+ { "ssl_c_key_alg", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_c_notafter", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_c_notbefore", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_c_sig_alg", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_c_s_dn", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, ARG2(0,STR,SINT) },
+ { "ssl_c_serial", NULL, acl_parse_bin, acl_match_bin, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_c_used", NULL, acl_parse_nothing, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_c_verify", NULL, acl_parse_int, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_c_version", NULL, acl_parse_int, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_f_i_dn", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, ARG2(0,STR,SINT) },
+ { "ssl_f_key_alg", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_f_notafter", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_f_notbefore", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_f_sig_alg", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_f_s_dn", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, ARG2(0,STR,SINT) },
+ { "ssl_f_serial", NULL, acl_parse_bin, acl_match_bin, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_f_version", NULL, acl_parse_int, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_fc", NULL, acl_parse_nothing, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_fc_alg_keysize", NULL, acl_parse_int, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_fc_cipher", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_fc_has_crt", NULL, acl_parse_nothing, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_fc_has_sni", NULL, acl_parse_nothing, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 },
#ifdef OPENSSL_NPN_NEGOTIATED
- { "ssl_fc_npn", acl_parse_str, smp_fetch_ssl_fc_npn, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_fc_npn", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
#endif
- { "ssl_fc_protocol", acl_parse_str, smp_fetch_ssl_fc_protocol, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_fc_use_keysize", acl_parse_int, smp_fetch_ssl_fc_use_keysize, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_fc_sni", acl_parse_str, smp_fetch_ssl_fc_sni, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_fc_sni_end", acl_parse_str, smp_fetch_ssl_fc_sni, acl_match_end, ACL_USE_L6REQ_PERMANENT, 0 },
- { "ssl_fc_sni_reg", acl_parse_reg, smp_fetch_ssl_fc_sni, acl_match_reg, ACL_USE_L6REQ_PERMANENT, 0 },
- { NULL, NULL, NULL, NULL },
+ { "ssl_fc_protocol", NULL, acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_fc_use_keysize", NULL, acl_parse_int, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_fc_sni", "ssl_fc_sni", acl_parse_str, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_fc_sni_end", "ssl_fc_sni", acl_parse_str, acl_match_end, ACL_USE_L6REQ_PERMANENT, 0 },
+ { "ssl_fc_sni_reg", "ssl_fc_sni", acl_parse_reg, acl_match_reg, ACL_USE_L6REQ_PERMANENT, 0 },
+ { /* END */ },
}};
/* Note: must not be declared <const> as its list will be overwritten.