[REORG] http: move the http-request rules to proto_http
And also rename "req_acl_rule" "http_req_rule". At the beginning that
was a bit confusing to me, especially the "req_acl" list which in fact
holds what we call rules. After some digging, it appeared that some
part of the code is 100% HTTP and not just related to authentication
anymore, so let's move that part to HTTP and keep the auth-only code
in auth.c.
diff --git a/include/common/uri_auth.h b/include/common/uri_auth.h
index 906cb2c..495d240 100644
--- a/include/common/uri_auth.h
+++ b/include/common/uri_auth.h
@@ -1,7 +1,7 @@
/*
* URI-based user authentication using the HTTP basic method.
*
- * Copyright 2006-2007 Willy Tarreau <w@1wt.eu>
+ * Copyright 2006-2011 Willy Tarreau <w@1wt.eu>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -42,7 +42,7 @@
int flags; /* some flags describing the statistics page */
struct stat_scope *scope; /* linked list of authorized proxies */
struct userlist *userlist; /* private userlist to emulate legacy "stats auth user:password" */
- struct list req_acl; /* http stats ACL: allow/deny/auth */
+ struct list http_req_rules; /* stats http-request rules : allow/deny/auth */
struct list admin_rules; /* 'stats admin' rules (chained) */
struct uri_auth *next; /* Used at deinit() to build a list of unique elements */
};
diff --git a/include/proto/auth.h b/include/proto/auth.h
index 7385ab0..8c060b5 100644
--- a/include/proto/auth.h
+++ b/include/proto/auth.h
@@ -20,9 +20,7 @@
struct userlist *auth_find_userlist(char *name);
unsigned int auth_resolve_groups(struct userlist *l, char *groups);
-struct req_acl_rule *parse_auth_cond(const char **args, const char *file, int linenum, struct proxy *proxy);
void userlist_free(struct userlist *ul);
-void req_acl_free(struct list *r);
int acl_match_auth(struct acl_test *test, struct acl_pattern *pattern);
#endif /* _PROTO_AUTH_H */
diff --git a/include/proto/proto_http.h b/include/proto/proto_http.h
index a2d91ff..73ec35f 100644
--- a/include/proto/proto_http.h
+++ b/include/proto/proto_http.h
@@ -2,7 +2,7 @@
* include/proto/proto_http.h
* This file contains HTTP protocol definitions.
*
- * Copyright (C) 2000-2010 Willy Tarreau - w@1wt.eu
+ * Copyright (C) 2000-2011 Willy Tarreau - w@1wt.eu
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -99,6 +99,9 @@
void http_end_txn(struct session *s);
void http_reset_txn(struct session *s);
+struct http_req_rule *parse_http_req_cond(const char **args, const char *file, int linenum, struct proxy *proxy);
+void free_http_req_rules(struct list *r);
+
/* to be used when contents change in an HTTP message */
#define http_msg_move_end(msg, bytes) do { \
unsigned int _bytes = (bytes); \
diff --git a/include/types/auth.h b/include/types/auth.h
index f7e3dd6..e60d363 100644
--- a/include/types/auth.h
+++ b/include/types/auth.h
@@ -22,25 +22,6 @@
#define AU_O_INSECURE 0x00000001 /* insecure, unencrypted password */
-enum {
- PR_REQ_ACL_ACT_UNKNOWN = 0,
- PR_REQ_ACL_ACT_ALLOW,
- PR_REQ_ACL_ACT_DENY,
- PR_REQ_ACL_ACT_HTTP_AUTH,
-
- PR_REQ_ACL_ACT_MAX
-};
-
-
-struct req_acl_rule {
- struct list list;
- struct acl_cond *cond; /* acl condition to meet */
- unsigned int action;
- struct {
- char *realm;
- } http_auth;
-};
-
struct auth_users {
struct auth_users *next;
unsigned int flags;
diff --git a/include/types/proto_http.h b/include/types/proto_http.h
index 421bb98..3ccb2bd 100644
--- a/include/types/proto_http.h
+++ b/include/types/proto_http.h
@@ -2,7 +2,7 @@
* include/types/proto_http.h
* This file contains HTTP protocol definitions.
*
- * Copyright (C) 2000-2010 Willy Tarreau - w@1wt.eu
+ * Copyright (C) 2000-2011 Willy Tarreau - w@1wt.eu
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -228,6 +228,14 @@
HTTP_AUTH_DIGEST,
};
+enum {
+ HTTP_REQ_ACT_UNKNOWN = 0,
+ HTTP_REQ_ACT_ALLOW,
+ HTTP_REQ_ACT_DENY,
+ HTTP_REQ_ACT_HTTP_AUTH,
+ HTTP_REQ_ACT_MAX
+};
+
/* This is an HTTP message, as described in RFC2616. It can be either a request
* message or a response message.
*
@@ -285,6 +293,15 @@
char *user, *pass; /* extracted username & password */
};
+struct http_req_rule {
+ struct list list;
+ struct acl_cond *cond; /* acl condition to meet */
+ unsigned int action;
+ struct {
+ char *realm;
+ } http_auth;
+};
+
/* This is an HTTP transaction. It contains both a request message and a
* response message (which can be empty).
*/
diff --git a/include/types/proxy.h b/include/types/proxy.h
index 6208d7b..214cdf5 100644
--- a/include/types/proxy.h
+++ b/include/types/proxy.h
@@ -2,7 +2,7 @@
* include/types/proxy.h
* This file defines everything related to proxies.
*
- * Copyright (C) 2000-2010 Willy Tarreau - w@1wt.eu
+ * Copyright (C) 2000-2011 Willy Tarreau - w@1wt.eu
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -188,7 +188,7 @@
char *name; /* default backend name during config parse */
} defbe;
struct list acl; /* ACL declared on this proxy */
- struct list req_acl; /* request ACL: allow/deny/http-auth */
+ struct list http_req_rules; /* HTTP request rules: allow/deny/http-auth */
struct list block_cond; /* early blocking conditions (chained) */
struct list redirect_rules; /* content redirecting rules (chained) */
struct list switching_rules; /* content switching rules (chained) */