r4741 - trunk/varnish-cache/lib/libvcl
phk at varnish-cache.org
phk at varnish-cache.org
Wed Apr 28 11:55:47 CEST 2010
Author: phk
Date: 2010-04-28 11:55:47 +0200 (Wed, 28 Apr 2010)
New Revision: 4741
Modified:
trunk/varnish-cache/lib/libvcl/vcc_action.c
trunk/varnish-cache/lib/libvcl/vcc_compile.h
trunk/varnish-cache/lib/libvcl/vcc_fixed_token.c
trunk/varnish-cache/lib/libvcl/vcc_obj.c
trunk/varnish-cache/lib/libvcl/vcc_parse.c
trunk/varnish-cache/lib/libvcl/vcc_string.c
trunk/varnish-cache/lib/libvcl/vcc_var.c
trunk/varnish-cache/lib/libvcl/vcc_xref.c
Log:
Implement distinct read/write access control for variables.
Modified: trunk/varnish-cache/lib/libvcl/vcc_action.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_action.c 2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_action.c 2010-04-28 09:55:47 UTC (rev 4741)
@@ -69,7 +69,7 @@
vcc_NextToken(tl);
if (tl->t->tok == VAR) {
- vp = vcc_FindVar(tl, tl->t, vcc_vars);
+ vp = vcc_FindVar(tl, tl->t, vcc_vars, 0, "read");
ERRCHK(tl);
assert(vp != NULL);
if (vp->fmt == INT) {
@@ -112,16 +112,6 @@
}
static void
-check_writebit(struct tokenlist *tl, const struct var *vp)
-{
-
- if (vp->access == V_RW || vp->access == V_WO)
- return;
- vsb_printf(tl->sb, "Variable %.*s cannot be modified.\n", PF(tl->t));
- vcc_ErrWhere(tl, tl->t);
-}
-
-static void
parse_set(struct tokenlist *tl)
{
struct var *vp;
@@ -130,11 +120,9 @@
vcc_NextToken(tl);
ExpectErr(tl, VAR);
vt = tl->t;
- vp = vcc_FindVar(tl, tl->t, vcc_vars);
+ vp = vcc_FindVar(tl, tl->t, vcc_vars, 1, "set");
ERRCHK(tl);
assert(vp != NULL);
- check_writebit(tl, vp);
- ERRCHK(tl);
Fb(tl, 1, "%s", vp->lname);
vcc_NextToken(tl);
switch (vp->fmt) {
@@ -262,15 +250,15 @@
vcc_NextToken(tl);
ExpectErr(tl, VAR);
- vp = vcc_FindVar(tl, tl->t, vcc_vars);
+ vp = vcc_FindVar(tl, tl->t, vcc_vars, 1, "unset");
ERRCHK(tl);
assert(vp != NULL);
if (vp->fmt != STRING || vp->hdr == NULL) {
- vsb_printf(tl->sb, "Only http header lines can be unset.\n");
+ vsb_printf(tl->sb,
+ "Only http header variables can be unset.\n");
vcc_ErrWhere(tl, tl->t);
return;
}
- check_writebit(tl, vp);
ERRCHK(tl);
Fb(tl, 1, "%s0);\n", vp->lname);
vcc_NextToken(tl);
Modified: trunk/varnish-cache/lib/libvcl/vcc_compile.h
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_compile.h 2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_compile.h 2010-04-28 09:55:47 UTC (rev 4741)
@@ -109,12 +109,6 @@
HEADER
};
-enum var_access {
- V_RO,
- V_RW,
- V_WO
-};
-
enum ref_type {
R_FUNC,
R_ACL,
@@ -134,10 +128,10 @@
enum var_type fmt;
unsigned len;
const char *rname;
+ unsigned r_methods;
const char *lname;
- enum var_access access;
+ unsigned l_methods;
const char *hdr;
- unsigned methods;
};
struct method {
@@ -225,7 +219,7 @@
/* vcc_var.c */
struct var *vcc_FindVar(struct tokenlist *tl, const struct token *t,
- struct var *vl);
+ struct var *vl, int wr_access, const char *use);
void vcc_VarVal(struct tokenlist *tl, const struct var *vp,
const struct token *vt);
@@ -238,7 +232,8 @@
struct proc *vcc_AddProc(struct tokenlist *tl, struct token *t);
void vcc_ProcAction(struct proc *p, unsigned action, struct token *t);
int vcc_CheckAction(struct tokenlist *tl);
-void vcc_AddUses(struct tokenlist *tl, struct var *v);
+void vcc_AddUses(struct tokenlist *tl, const struct token *t, unsigned mask,
+ const char *use);
int vcc_CheckUses(struct tokenlist *tl);
#define ERRCHK(tl) do { if ((tl)->err) return; } while (0)
Modified: trunk/varnish-cache/lib/libvcl/vcc_fixed_token.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_fixed_token.c 2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_fixed_token.c 2010-04-28 09:55:47 UTC (rev 4741)
@@ -215,8 +215,8 @@
"OF LIABILITY, WHETHER IN CONTRACT, STRICT\n * LIABILITY, OR "
"TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n"
" * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE "
- "POSSIBILITY OF\n * SUCH DAMAGE.\n *\n * $Id: vrt.h 4668 2010-04-"
- "16 10:24:59Z phk $\n *\n * Runtime support for compiled VCL "
+ "POSSIBILITY OF\n * SUCH DAMAGE.\n *\n * $Id: vrt.h 4735 2010-04-"
+ "27 15:19:41Z phk $\n *\n * Runtime support for compiled VCL "
"programs.\n *\n * XXX: When this file is changed, lib/libvcl/gen"
"erate.py *MUST* be rerun.\n */\n\nstruct sess;\nstruct vsb;\n"
"struct cli;\nstruct director;\nstruct VCL_conf;\n"
Modified: trunk/varnish-cache/lib/libvcl/vcc_obj.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_obj.c 2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_obj.c 2010-04-28 09:55:47 UTC (rev 4741)
@@ -14,303 +14,360 @@
struct var vcc_vars[] = {
{ "client.ip", IP, 9,
"VRT_r_client_ip(sp)",
- NULL,
- V_RO, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
},
{ "server.ip", IP, 9,
"VRT_r_server_ip(sp)",
- NULL,
- V_RO, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
},
{ "server.hostname", STRING, 15,
"VRT_r_server_hostname(sp)",
- NULL,
- V_RO, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
},
{ "server.identity", STRING, 15,
"VRT_r_server_identity(sp)",
- NULL,
- V_RO, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
},
{ "server.port", INT, 11,
"VRT_r_server_port(sp)",
- NULL,
- V_RO, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
},
{ "req.request", STRING, 11,
"VRT_r_req_request(sp)",
+ VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+ | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+ | VCL_MET_ERROR,
"VRT_l_req_request(sp, ",
- V_RW, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ 0,
},
{ "req.url", STRING, 7,
"VRT_r_req_url(sp)",
+ VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+ | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+ | VCL_MET_ERROR,
"VRT_l_req_url(sp, ",
- V_RW, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ 0,
},
{ "req.proto", STRING, 9,
"VRT_r_req_proto(sp)",
+ VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+ | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+ | VCL_MET_ERROR,
"VRT_l_req_proto(sp, ",
- V_RW, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ 0,
},
{ "req.http.", HEADER, 9,
"VRT_r_req_http_(sp)",
+ VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+ | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+ | VCL_MET_ERROR,
"VRT_l_req_http_(sp, ",
- V_RW, "HDR_REQ",
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ "HDR_REQ",
},
{ "req.hash", HASH, 8,
- NULL,
+ NULL, /* No reads allowed */
+ 0,
"VRT_l_req_hash(sp, ",
- V_WO, 0,
- VCL_MET_HASH | VCL_MET_ERROR
+ VCL_MET_HASH | VCL_MET_ERROR,
+ 0,
},
{ "req.backend", BACKEND, 11,
"VRT_r_req_backend(sp)",
+ VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+ | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+ | VCL_MET_ERROR,
"VRT_l_req_backend(sp, ",
- V_RW, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ 0,
},
{ "req.restarts", INT, 12,
"VRT_r_req_restarts(sp)",
- NULL,
- V_RO, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
},
{ "req.grace", RTIME, 9,
"VRT_r_req_grace(sp)",
+ VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+ | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+ | VCL_MET_ERROR,
"VRT_l_req_grace(sp, ",
- V_RW, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ 0,
},
{ "req.xid", STRING, 7,
"VRT_r_req_xid(sp)",
- NULL,
- V_RO, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
},
{ "req.esi", BOOL, 7,
"VRT_r_req_esi(sp)",
+ VCL_MET_RECV | VCL_MET_FETCH | VCL_MET_DELIVER | VCL_MET_ERROR,
"VRT_l_req_esi(sp, ",
- V_RW, 0,
- VCL_MET_RECV | VCL_MET_FETCH | VCL_MET_DELIVER | VCL_MET_ERROR
+ VCL_MET_RECV | VCL_MET_FETCH | VCL_MET_DELIVER | VCL_MET_ERROR,
+ 0,
},
{ "req.backend.healthy", BOOL, 19,
"VRT_r_req_backend_healthy(sp)",
- NULL,
- V_RO, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
},
{ "bereq.request", STRING, 13,
"VRT_r_bereq_request(sp)",
+ VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
"VRT_l_bereq_request(sp, ",
- V_RW, 0,
- VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH
+ VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
+ 0,
},
{ "bereq.url", STRING, 9,
"VRT_r_bereq_url(sp)",
+ VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
"VRT_l_bereq_url(sp, ",
- V_RW, 0,
- VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH
+ VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
+ 0,
},
{ "bereq.proto", STRING, 11,
"VRT_r_bereq_proto(sp)",
+ VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
"VRT_l_bereq_proto(sp, ",
- V_RW, 0,
- VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH
+ VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
+ 0,
},
{ "bereq.http.", HEADER, 11,
"VRT_r_bereq_http_(sp)",
+ VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
"VRT_l_bereq_http_(sp, ",
- V_RW, "HDR_BEREQ",
- VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH
+ VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
+ "HDR_BEREQ",
},
{ "bereq.connect_timeout", RTIME, 21,
"VRT_r_bereq_connect_timeout(sp)",
+ VCL_MET_PASS | VCL_MET_MISS,
"VRT_l_bereq_connect_timeout(sp, ",
- V_RW, 0,
- VCL_MET_PASS | VCL_MET_MISS
+ VCL_MET_PASS | VCL_MET_MISS,
+ 0,
},
{ "bereq.first_byte_timeout", RTIME, 24,
"VRT_r_bereq_first_byte_timeout(sp)",
+ VCL_MET_PASS | VCL_MET_MISS,
"VRT_l_bereq_first_byte_timeout(sp, ",
- V_RW, 0,
- VCL_MET_PASS | VCL_MET_MISS
+ VCL_MET_PASS | VCL_MET_MISS,
+ 0,
},
{ "bereq.between_bytes_timeout", RTIME, 27,
"VRT_r_bereq_between_bytes_timeout(sp)",
+ VCL_MET_PASS | VCL_MET_MISS,
"VRT_l_bereq_between_bytes_timeout(sp, ",
- V_RW, 0,
- VCL_MET_PASS | VCL_MET_MISS
+ VCL_MET_PASS | VCL_MET_MISS,
+ 0,
},
{ "beresp.proto", STRING, 12,
"VRT_r_beresp_proto(sp)",
+ VCL_MET_FETCH,
"VRT_l_beresp_proto(sp, ",
- V_RW, 0,
- VCL_MET_FETCH
+ VCL_MET_FETCH,
+ 0,
},
{ "beresp.saintmode", RTIME, 16,
- NULL,
+ NULL, /* No reads allowed */
+ 0,
"VRT_l_beresp_saintmode(sp, ",
- V_WO, 0,
- VCL_MET_FETCH
+ VCL_MET_FETCH,
+ 0,
},
{ "beresp.status", INT, 13,
"VRT_r_beresp_status(sp)",
+ VCL_MET_FETCH,
"VRT_l_beresp_status(sp, ",
- V_RW, 0,
- VCL_MET_FETCH
+ VCL_MET_FETCH,
+ 0,
},
{ "beresp.response", STRING, 15,
"VRT_r_beresp_response(sp)",
+ VCL_MET_FETCH,
"VRT_l_beresp_response(sp, ",
- V_RW, 0,
- VCL_MET_FETCH
+ VCL_MET_FETCH,
+ 0,
},
{ "beresp.http.", HEADER, 12,
"VRT_r_beresp_http_(sp)",
+ VCL_MET_FETCH,
"VRT_l_beresp_http_(sp, ",
- V_RW, "HDR_BERESP",
- VCL_MET_FETCH
+ VCL_MET_FETCH,
+ "HDR_BERESP",
},
{ "beresp.cacheable", BOOL, 16,
"VRT_r_beresp_cacheable(sp)",
+ VCL_MET_FETCH,
"VRT_l_beresp_cacheable(sp, ",
- V_RW, 0,
- VCL_MET_FETCH
+ VCL_MET_FETCH,
+ 0,
},
{ "beresp.ttl", RTIME, 10,
"VRT_r_beresp_ttl(sp)",
+ VCL_MET_FETCH,
"VRT_l_beresp_ttl(sp, ",
- V_RW, 0,
- VCL_MET_FETCH
+ VCL_MET_FETCH,
+ 0,
},
{ "beresp.grace", RTIME, 12,
"VRT_r_beresp_grace(sp)",
+ VCL_MET_FETCH,
"VRT_l_beresp_grace(sp, ",
- V_RW, 0,
- VCL_MET_FETCH
+ VCL_MET_FETCH,
+ 0,
},
{ "obj.proto", STRING, 9,
"VRT_r_obj_proto(sp)",
+ VCL_MET_HIT | VCL_MET_ERROR,
"VRT_l_obj_proto(sp, ",
- V_RW, 0,
- VCL_MET_HIT | VCL_MET_ERROR
+ VCL_MET_HIT | VCL_MET_ERROR,
+ 0,
},
{ "obj.status", INT, 10,
"VRT_r_obj_status(sp)",
+ VCL_MET_ERROR,
"VRT_l_obj_status(sp, ",
- V_RW, 0,
- VCL_MET_ERROR
+ VCL_MET_ERROR,
+ 0,
},
{ "obj.response", STRING, 12,
"VRT_r_obj_response(sp)",
+ VCL_MET_ERROR,
"VRT_l_obj_response(sp, ",
- V_RW, 0,
- VCL_MET_ERROR
+ VCL_MET_ERROR,
+ 0,
},
{ "obj.hits", INT, 8,
"VRT_r_obj_hits(sp)",
- NULL,
- V_RO, 0,
- VCL_MET_HIT | VCL_MET_DELIVER
+ VCL_MET_HIT | VCL_MET_DELIVER,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
},
{ "obj.http.", HEADER, 9,
"VRT_r_obj_http_(sp)",
+ VCL_MET_HIT | VCL_MET_ERROR,
"VRT_l_obj_http_(sp, ",
- V_RW, "HDR_OBJ",
- VCL_MET_HIT | VCL_MET_ERROR
+ VCL_MET_ERROR,
+ "HDR_OBJ",
},
{ "obj.cacheable", BOOL, 13,
"VRT_r_obj_cacheable(sp)",
+ VCL_MET_HIT,
"VRT_l_obj_cacheable(sp, ",
- V_RW, 0,
- VCL_MET_HIT
+ VCL_MET_HIT,
+ 0,
},
{ "obj.ttl", RTIME, 7,
"VRT_r_obj_ttl(sp)",
+ VCL_MET_HIT | VCL_MET_ERROR,
"VRT_l_obj_ttl(sp, ",
- V_RW, 0,
- VCL_MET_HIT | VCL_MET_ERROR
+ VCL_MET_HIT | VCL_MET_ERROR,
+ 0,
},
{ "obj.grace", RTIME, 9,
"VRT_r_obj_grace(sp)",
+ VCL_MET_HIT | VCL_MET_ERROR,
"VRT_l_obj_grace(sp, ",
- V_RW, 0,
- VCL_MET_HIT | VCL_MET_ERROR
+ VCL_MET_HIT | VCL_MET_ERROR,
+ 0,
},
{ "obj.lastuse", RTIME, 11,
"VRT_r_obj_lastuse(sp)",
- NULL,
- V_RO, 0,
- VCL_MET_HIT | VCL_MET_DELIVER | VCL_MET_ERROR
+ VCL_MET_HIT | VCL_MET_DELIVER | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
},
{ "resp.proto", STRING, 10,
"VRT_r_resp_proto(sp)",
+ VCL_MET_DELIVER,
"VRT_l_resp_proto(sp, ",
- V_RW, 0,
- VCL_MET_DELIVER
+ VCL_MET_DELIVER,
+ 0,
},
{ "resp.status", INT, 11,
"VRT_r_resp_status(sp)",
+ VCL_MET_DELIVER,
"VRT_l_resp_status(sp, ",
- V_RW, 0,
- VCL_MET_DELIVER
+ VCL_MET_DELIVER,
+ 0,
},
{ "resp.response", STRING, 13,
"VRT_r_resp_response(sp)",
+ VCL_MET_DELIVER,
"VRT_l_resp_response(sp, ",
- V_RW, 0,
- VCL_MET_DELIVER
+ VCL_MET_DELIVER,
+ 0,
},
{ "resp.http.", HEADER, 10,
"VRT_r_resp_http_(sp)",
+ VCL_MET_DELIVER,
"VRT_l_resp_http_(sp, ",
- V_RW, "HDR_RESP",
- VCL_MET_DELIVER
+ VCL_MET_DELIVER,
+ "HDR_RESP",
},
{ "now", TIME, 3,
"VRT_r_now(sp)",
- NULL,
- V_RO, 0,
VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
| VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
- | VCL_MET_ERROR
+ | VCL_MET_ERROR,
+ NULL, /* No writes allowed */
+ 0,
+ 0,
},
{ NULL }
};
Modified: trunk/varnish-cache/lib/libvcl/vcc_parse.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_parse.c 2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_parse.c 2010-04-28 09:55:47 UTC (rev 4741)
@@ -333,7 +333,7 @@
vcc_Cond_0(tl);
SkipToken(tl, ')');
} else if (tl->t->tok == VAR) {
- vp = vcc_FindVar(tl, tl->t, vcc_vars);
+ vp = vcc_FindVar(tl, tl->t, vcc_vars, 0, "read");
ERRCHK(tl);
assert(vp != NULL);
vcc_NextToken(tl);
Modified: trunk/varnish-cache/lib/libvcl/vcc_string.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_string.c 2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_string.c 2010-04-28 09:55:47 UTC (rev 4741)
@@ -154,7 +154,7 @@
if (tl->t->tok == ID && vcc_IdIs(tl->t, "regsuball"))
return (vcc_regsub(tl, 1));
if (tl->t->tok == VAR) {
- vp = vcc_FindVar(tl, tl->t, vcc_vars);
+ vp = vcc_FindVar(tl, tl->t, vcc_vars, 0, "read");
if (tl->err)
return (0);
assert(vp != NULL);
Modified: trunk/varnish-cache/lib/libvcl/vcc_var.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_var.c 2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_var.c 2010-04-28 09:55:47 UTC (rev 4741)
@@ -61,10 +61,10 @@
memcpy(p, t->b, i);
p[i] = '\0';
v->name = p;
- v->access = V_RW;
+ v->r_methods = vh->r_methods;
+ v->l_methods = vh->l_methods;
v->fmt = STRING;
v->hdr = vh->hdr;
- v->methods = vh->methods;
l = strlen(v->name + vh->len) + 1;
bprintf(buf, "VRT_GetHdr(sp, %s, \"\\%03o%s:\")",
@@ -87,7 +87,8 @@
/*--------------------------------------------------------------------*/
struct var *
-vcc_FindVar(struct tokenlist *tl, const struct token *t, struct var *vl)
+vcc_FindVar(struct tokenlist *tl, const struct token *t, struct var *vl,
+ int wr_access, const char *use)
{
struct var *v;
@@ -98,7 +99,25 @@
continue;
if (memcmp(t->b, v->name, v->len))
continue;
- vcc_AddUses(tl, v);
+ if (wr_access && v->l_methods == 0) {
+ vsb_printf(tl->sb, "Variable ");
+ vcc_ErrToken(tl, t);
+ vsb_printf(tl->sb, " is read only.");
+ vsb_cat(tl->sb, "\nAt: ");
+ vcc_ErrWhere(tl, t);
+ return (NULL);
+ } else if (wr_access) {
+ vcc_AddUses(tl, t, v->l_methods, use);
+ } else if (v->r_methods == 0) {
+ vsb_printf(tl->sb, "Variable ");
+ vcc_ErrToken(tl, t);
+ vsb_printf(tl->sb, " is write only.");
+ vsb_cat(tl->sb, "\nAt: ");
+ vcc_ErrWhere(tl, t);
+ return (NULL);
+ } else {
+ vcc_AddUses(tl, t, v->r_methods, use);
+ }
if (v->fmt != HEADER)
return (v);
return (HeaderVar(tl, t, v));
Modified: trunk/varnish-cache/lib/libvcl/vcc_xref.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_xref.c 2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_xref.c 2010-04-28 09:55:47 UTC (rev 4741)
@@ -61,7 +61,8 @@
struct procuse {
VTAILQ_ENTRY(procuse) list;
struct token *t;
- struct var *v;
+ unsigned mask;
+ const char *use;
};
struct proc {
@@ -212,16 +213,19 @@
}
void
-vcc_AddUses(struct tokenlist *tl, struct var *v)
+vcc_AddUses(struct tokenlist *tl, const struct token *t, unsigned mask,
+ const char *use)
{
struct procuse *pu;
+ (void)t;
if (tl->curproc == NULL) /* backend */
return;
pu = TlAlloc(tl, sizeof *pu);
assert(pu != NULL);
- pu->v = v;
pu->t = tl->t;
+ pu->mask = mask;
+ pu->use = use;
VTAILQ_INSERT_TAIL(&tl->curproc->uses, pu, list);
}
@@ -339,7 +343,7 @@
struct procuse *pu;
VTAILQ_FOREACH(pu, &p->uses, list)
- if (!(pu->v->methods & m->bitval))
+ if (!(pu->mask & m->bitval))
return (pu);
return (NULL);
}
@@ -389,8 +393,8 @@
pu = vcc_FindIllegalUse(p, m);
if (pu != NULL) {
vsb_printf(tl->sb,
- "Variable '%.*s' not accessible in method '%.*s'.",
- PF(pu->t), PF(p->name));
+ "Variable '%.*s': %s not allowed in method '%.*s'.",
+ PF(pu->t), pu->use, PF(p->name));
vsb_cat(tl->sb, "\nAt: ");
vcc_ErrWhere(tl, pu->t);
return (1);
More information about the varnish-commit
mailing list