| Willy Tarreau | a84d374 | 2007-05-07 00:36:48 +0200 | [diff] [blame] | 1 | /* |
| 2 | include/types/acl.h |
| 3 | This file provides structures and types for ACLs. |
| 4 | |
| 5 | Copyright (C) 2000-2007 Willy Tarreau - w@1wt.eu |
| 6 | |
| 7 | This library is free software; you can redistribute it and/or |
| 8 | modify it under the terms of the GNU Lesser General Public |
| 9 | License as published by the Free Software Foundation, version 2.1 |
| 10 | exclusively. |
| 11 | |
| 12 | This library is distributed in the hope that it will be useful, |
| 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 15 | Lesser General Public License for more details. |
| 16 | |
| 17 | You should have received a copy of the GNU Lesser General Public |
| 18 | License along with this library; if not, write to the Free Software |
| 19 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
| 20 | */ |
| 21 | |
| 22 | #ifndef _TYPES_ACL_H |
| 23 | #define _TYPES_ACL_H |
| 24 | |
| 25 | #include <common/compat.h> |
| 26 | #include <common/config.h> |
| 27 | #include <common/mini-clist.h> |
| 28 | |
| 29 | #include <types/proxy.h> |
| 30 | #include <types/session.h> |
| 31 | |
| 32 | |
| 33 | /* pattern matching function result */ |
| 34 | enum { |
| 35 | ACL_PAT_FAIL = 0, /* test failed */ |
| 36 | ACL_PAT_PASS = (1 << 0), /* test passed */ |
| 37 | ACL_PAT_MISS = (1 << 1), /* failed because of missing info (do not cache) */ |
| 38 | }; |
| 39 | |
| 40 | /* Condition polarity. It makes it easier for any option to choose between |
| 41 | * IF/UNLESS if it can store that information within the condition itself. |
| 42 | */ |
| 43 | enum { |
| 44 | ACL_COND_NONE, /* no polarity set yet */ |
| 45 | ACL_COND_IF, /* positive condition (after 'if') */ |
| 46 | ACL_COND_UNLESS, /* negative condition (after 'unless') */ |
| 47 | }; |
| 48 | |
| 49 | /* possible flags for intermediate test values. The flags are maintained |
| 50 | * across consecutive fetches for a same entry (eg: parse all req lines). |
| 51 | */ |
| 52 | enum { |
| 53 | ACL_TEST_F_READ_ONLY = 1 << 0, /* test data are read-only */ |
| 54 | ACL_TEST_F_MUST_FREE = 1 << 1, /* test data must be freed after end of evaluation */ |
| 55 | ACL_TEST_F_VOL_TEST = 1 << 2, /* result must not survive longer than the test (eg: time) */ |
| 56 | ACL_TEST_F_VOL_HDR = 1 << 3, /* result sensitive to changes in headers */ |
| 57 | ACL_TEST_F_VOL_1ST = 1 << 4, /* result sensitive to changes in first line (eg: URI) */ |
| 58 | ACL_TEST_F_VOL_TXN = 1 << 5, /* result sensitive to new transaction (eg: persist) */ |
| 59 | ACL_TEST_F_VOL_SESS = 1 << 6, /* result sensitive to new session (eg: IP) */ |
| 60 | ACL_TEST_F_VOLATILE = (1<<2)|(1<<3)|(1<<4)|(1<<5)|(1<<6), |
| 61 | ACL_TEST_F_FETCH_MORE = 1 << 7, /* if test does not match, retry with next entry */ |
| 62 | }; |
| 63 | |
| 64 | /* How to store a time range and the valid days in 29 bits */ |
| 65 | struct acl_time { |
| 66 | int dow:7; /* 1 bit per day of week: 0-6 */ |
| 67 | int h1:5, m1:6; /* 0..24:0..60. Use 0:0 for all day. */ |
| 68 | int h2:5, m2:6; /* 0..24:0..60. Use 24:0 for all day. */ |
| 69 | }; |
| 70 | |
| 71 | /* The acl will be linked to from the proxy where it is declared */ |
| 72 | struct acl_pattern { |
| 73 | struct list list; /* chaining */ |
| 74 | union { |
| 75 | int i; /* integer value */ |
| 76 | struct { int min, max; } range; /* integer range */ |
| Willy Tarreau | a67fad9 | 2007-05-08 19:50:09 +0200 | [diff] [blame^] | 77 | struct { |
| 78 | struct in_addr addr; |
| 79 | struct in_addr mask; |
| 80 | } ipv4; /* IPv4 address */ |
| Willy Tarreau | a84d374 | 2007-05-07 00:36:48 +0200 | [diff] [blame] | 81 | struct acl_time time; /* valid hours and days */ |
| 82 | } val; /* direct value */ |
| 83 | union { |
| 84 | void *ptr; /* any data */ |
| 85 | char *str; /* any string */ |
| 86 | regex_t *reg; /* a compiled regex */ |
| 87 | } ptr; /* indirect values, allocated */ |
| 88 | int len; /* data length when required */ |
| 89 | }; |
| 90 | |
| 91 | /* The structure exchanged between an acl_fetch_* function responsible for |
| 92 | * retrieving a value, and an acl_match_* function responsible for testing it. |
| 93 | */ |
| 94 | struct acl_test { |
| 95 | int i; /* integer value */ |
| 96 | char *ptr; /* pointer to beginning of value */ |
| 97 | int len; /* length of value at ptr, otherwise ignored */ |
| 98 | int flags; /* ACL_TEST_F_* set to 0 on first call */ |
| 99 | union { /* fetch_* functions context for any purpose */ |
| 100 | void *p; |
| 101 | int i; |
| 102 | } ctx; |
| 103 | }; |
| 104 | |
| 105 | |
| 106 | /* |
| 107 | * ACL keyword: Associates keywords with parsers, methods to retrieve the value and testers. |
| 108 | */ |
| 109 | |
| 110 | /* some dummy declarations to silent the compiler */ |
| 111 | struct proxy; |
| 112 | struct session; |
| 113 | |
| 114 | struct acl_keyword { |
| 115 | const char *kw; |
| 116 | int (*parse)(const char *text, struct acl_pattern *pattern); |
| 117 | int (*fetch)(struct proxy *px, struct session *l4, void *l7, void *arg, struct acl_test *test); |
| 118 | int (*match)(struct acl_test *test, struct acl_pattern *pattern); |
| 119 | int use_cnt; |
| 120 | }; |
| 121 | |
| 122 | /* |
| 123 | * A keyword list. It is a NULL-terminated array of keywords. It embeds a |
| 124 | * struct list in order to be linked to other lists, allowing it to easily |
| 125 | * be declared where it is needed, and linked without duplicating data nor |
| 126 | * allocating memory. |
| 127 | */ |
| 128 | struct acl_kw_list { |
| 129 | struct list list; |
| 130 | struct acl_keyword kw[VAR_ARRAY]; |
| 131 | }; |
| 132 | |
| 133 | /* |
| 134 | * Description of an ACL expression. |
| 135 | * It contains a subject and a set of patterns to test against it. |
| 136 | * - the function get() is called to retrieve the subject from the |
| 137 | * current session or transaction and build a test. |
| 138 | * - the function test() is called to evaluate the test based on the |
| 139 | * available patterns and return ACL_PAT_* |
| 140 | * Both of those functions are available through the keyword. |
| 141 | */ |
| 142 | struct acl_expr { |
| 143 | struct list list; /* chaining */ |
| 144 | struct acl_keyword *kw; /* back-reference to the keyword */ |
| 145 | union { /* optional argument of the subject (eg: header or cookie name) */ |
| 146 | char *str; |
| 147 | } arg; |
| 148 | struct list patterns; /* list of acl_patterns */ |
| 149 | }; |
| 150 | |
| 151 | struct acl { |
| 152 | struct list list; /* chaining */ |
| 153 | char *name; /* acl name */ |
| 154 | struct list expr; /* list of acl_exprs */ |
| 155 | int cache_idx; /* ACL index in cache */ |
| 156 | }; |
| 157 | |
| 158 | /* the condition will be linked to from an action in a proxy */ |
| 159 | struct acl_term { |
| 160 | struct list list; /* chaining */ |
| 161 | struct acl *acl; /* acl pointed to by this term */ |
| 162 | int neg; /* 1 if the ACL result must be negated */ |
| 163 | }; |
| 164 | |
| 165 | struct acl_term_suite { |
| 166 | struct list list; /* chaining of term suites */ |
| 167 | struct list terms; /* list of acl_terms */ |
| 168 | }; |
| 169 | |
| 170 | struct acl_cond { |
| 171 | struct list list; /* Some specific tests may use multiple conditions */ |
| 172 | struct list suites; /* list of acl_term_suites */ |
| 173 | int pol; /* polarity: ACL_COND_IF / ACL_COND_UNLESS */ |
| 174 | }; |
| 175 | |
| 176 | |
| 177 | #endif /* _TYPES_ACL_H */ |
| 178 | |
| 179 | /* |
| 180 | * Local variables: |
| 181 | * c-indent-level: 8 |
| 182 | * c-basic-offset: 8 |
| 183 | * End: |
| 184 | */ |