blob: bf29fc3e1a6a767a8986c382f51ce3e3da088ca9 [file] [log] [blame]
Willy Tarreau79e57332018-10-02 16:01:16 +02001/*
2 * HTTP ACLs declaration
3 *
4 * Copyright 2000-2018 Willy Tarreau <w@1wt.eu>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <sys/types.h>
14
15#include <ctype.h>
16#include <string.h>
17#include <time.h>
18
Willy Tarreaudcc048a2020-06-04 19:11:43 +020019#include <haproxy/acl.h>
Willy Tarreau4c7e4b72020-05-27 12:58:42 +020020#include <haproxy/api.h>
Willy Tarreaub2551052020-06-09 09:07:15 +020021#include <haproxy/arg.h>
22#include <haproxy/auth.h>
Willy Tarreauc13ed532020-06-02 10:22:45 +020023#include <haproxy/chunk.h>
Willy Tarreaucd72d8c2020-06-02 19:11:26 +020024#include <haproxy/http.h>
Willy Tarreau225a90a2020-06-04 15:06:28 +020025#include <haproxy/pattern.h>
Willy Tarreaud0ef4392020-06-02 09:38:52 +020026#include <haproxy/pool.h>
Willy Tarreau48fbcae2020-06-03 18:09:46 +020027#include <haproxy/tools.h>
Willy Tarreaud6788052020-05-27 15:59:00 +020028#include <haproxy/version.h>
Willy Tarreau79e57332018-10-02 16:01:16 +020029
Willy Tarreau79e57332018-10-02 16:01:16 +020030
31/* We use the pre-parsed method if it is known, and store its number as an
32 * integer. If it is unknown, we use the pointer and the length.
33 */
34static int pat_parse_meth(const char *text, struct pattern *pattern, int mflags, char **err)
35{
36 int len, meth;
37
38 len = strlen(text);
39 meth = find_http_meth(text, len);
40
41 pattern->val.i = meth;
42 if (meth == HTTP_METH_OTHER) {
43 pattern->ptr.str = (char *)text;
44 pattern->len = len;
45 }
46 else {
47 pattern->ptr.str = NULL;
48 pattern->len = 0;
49 }
50 return 1;
51}
52
53/* See above how the method is stored in the global pattern */
54static struct pattern *pat_match_meth(struct sample *smp, struct pattern_expr *expr, int fill)
55{
56 int icase;
57 struct pattern_list *lst;
58 struct pattern *pattern;
59
60 list_for_each_entry(lst, &expr->patterns, list) {
61 pattern = &lst->pat;
62
63 /* well-known method */
64 if (pattern->val.i != HTTP_METH_OTHER) {
65 if (smp->data.u.meth.meth == pattern->val.i)
66 return pattern;
67 else
68 continue;
69 }
70
71 /* Other method, we must compare the strings */
72 if (pattern->len != smp->data.u.meth.str.data)
73 continue;
74
75 icase = expr->mflags & PAT_MF_IGNORE_CASE;
76 if ((icase && strncasecmp(pattern->ptr.str, smp->data.u.meth.str.area, smp->data.u.meth.str.data) == 0) ||
77 (!icase && strncmp(pattern->ptr.str, smp->data.u.meth.str.area, smp->data.u.meth.str.data) == 0))
78 return pattern;
79 }
80 return NULL;
81}
82
83/************************************************************************/
84/* All supported ACL keywords must be declared here. */
85/************************************************************************/
86
87/* Note: must not be declared <const> as its list will be overwritten.
88 * Please take care of keeping this list alphabetically sorted.
89 */
90static struct acl_kw_list acl_kws = {ILH, {
91 { "base", "base", PAT_MATCH_STR },
92 { "base_beg", "base", PAT_MATCH_BEG },
93 { "base_dir", "base", PAT_MATCH_DIR },
94 { "base_dom", "base", PAT_MATCH_DOM },
95 { "base_end", "base", PAT_MATCH_END },
96 { "base_len", "base", PAT_MATCH_LEN },
97 { "base_reg", "base", PAT_MATCH_REG },
98 { "base_sub", "base", PAT_MATCH_SUB },
99
100 { "cook", "req.cook", PAT_MATCH_STR },
101 { "cook_beg", "req.cook", PAT_MATCH_BEG },
102 { "cook_dir", "req.cook", PAT_MATCH_DIR },
103 { "cook_dom", "req.cook", PAT_MATCH_DOM },
104 { "cook_end", "req.cook", PAT_MATCH_END },
105 { "cook_len", "req.cook", PAT_MATCH_LEN },
106 { "cook_reg", "req.cook", PAT_MATCH_REG },
107 { "cook_sub", "req.cook", PAT_MATCH_SUB },
108
109 { "hdr", "req.hdr", PAT_MATCH_STR },
110 { "hdr_beg", "req.hdr", PAT_MATCH_BEG },
111 { "hdr_dir", "req.hdr", PAT_MATCH_DIR },
112 { "hdr_dom", "req.hdr", PAT_MATCH_DOM },
113 { "hdr_end", "req.hdr", PAT_MATCH_END },
114 { "hdr_len", "req.hdr", PAT_MATCH_LEN },
115 { "hdr_reg", "req.hdr", PAT_MATCH_REG },
116 { "hdr_sub", "req.hdr", PAT_MATCH_SUB },
117
118 /* these two declarations uses strings with list storage (in place
119 * of tree storage). The basic match is PAT_MATCH_STR, but the indexation
120 * and delete functions are relative to the list management. The parse
121 * and match method are related to the corresponding fetch methods. This
122 * is very particular ACL declaration mode.
123 */
Willy Tarreaub35aa9b2020-11-02 20:23:10 +0100124 { "http_auth_group", NULL, PAT_MATCH_STR, NULL, pat_idx_list_str, NULL, NULL, pat_match_auth },
125 { "method", NULL, PAT_MATCH_STR, pat_parse_meth, pat_idx_list_str, NULL, NULL, pat_match_meth },
Willy Tarreau79e57332018-10-02 16:01:16 +0200126
127 { "path", "path", PAT_MATCH_STR },
128 { "path_beg", "path", PAT_MATCH_BEG },
129 { "path_dir", "path", PAT_MATCH_DIR },
130 { "path_dom", "path", PAT_MATCH_DOM },
131 { "path_end", "path", PAT_MATCH_END },
132 { "path_len", "path", PAT_MATCH_LEN },
133 { "path_reg", "path", PAT_MATCH_REG },
134 { "path_sub", "path", PAT_MATCH_SUB },
135
136 { "req_ver", "req.ver", PAT_MATCH_STR },
137 { "resp_ver", "res.ver", PAT_MATCH_STR },
138
139 { "scook", "res.cook", PAT_MATCH_STR },
140 { "scook_beg", "res.cook", PAT_MATCH_BEG },
141 { "scook_dir", "res.cook", PAT_MATCH_DIR },
142 { "scook_dom", "res.cook", PAT_MATCH_DOM },
143 { "scook_end", "res.cook", PAT_MATCH_END },
144 { "scook_len", "res.cook", PAT_MATCH_LEN },
145 { "scook_reg", "res.cook", PAT_MATCH_REG },
146 { "scook_sub", "res.cook", PAT_MATCH_SUB },
147
148 { "shdr", "res.hdr", PAT_MATCH_STR },
149 { "shdr_beg", "res.hdr", PAT_MATCH_BEG },
150 { "shdr_dir", "res.hdr", PAT_MATCH_DIR },
151 { "shdr_dom", "res.hdr", PAT_MATCH_DOM },
152 { "shdr_end", "res.hdr", PAT_MATCH_END },
153 { "shdr_len", "res.hdr", PAT_MATCH_LEN },
154 { "shdr_reg", "res.hdr", PAT_MATCH_REG },
155 { "shdr_sub", "res.hdr", PAT_MATCH_SUB },
156
157 { "url", "url", PAT_MATCH_STR },
158 { "url_beg", "url", PAT_MATCH_BEG },
159 { "url_dir", "url", PAT_MATCH_DIR },
160 { "url_dom", "url", PAT_MATCH_DOM },
161 { "url_end", "url", PAT_MATCH_END },
162 { "url_len", "url", PAT_MATCH_LEN },
163 { "url_reg", "url", PAT_MATCH_REG },
164 { "url_sub", "url", PAT_MATCH_SUB },
165
166 { "urlp", "urlp", PAT_MATCH_STR },
167 { "urlp_beg", "urlp", PAT_MATCH_BEG },
168 { "urlp_dir", "urlp", PAT_MATCH_DIR },
169 { "urlp_dom", "urlp", PAT_MATCH_DOM },
170 { "urlp_end", "urlp", PAT_MATCH_END },
171 { "urlp_len", "urlp", PAT_MATCH_LEN },
172 { "urlp_reg", "urlp", PAT_MATCH_REG },
173 { "urlp_sub", "urlp", PAT_MATCH_SUB },
174
175 { /* END */ },
176}};
177
Willy Tarreau0108d902018-11-25 19:14:37 +0100178INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
Willy Tarreau79e57332018-10-02 16:01:16 +0200179
180/*
181 * Local variables:
182 * c-indent-level: 8
183 * c-basic-offset: 8
184 * End:
185 */