[master] 0d2fe019f vmod_unix: restrict all $Functions to client and backend

Mon Apr 24 13:46:08 UTC 2023

commit 0d2fe019f9bf65a3283325425539d46d4466f8e0
Author: Walid Boudebouda <walid.boudebouda at gmail.com>
Date:   Thu Mar 9 09:48:23 2023 +0100

    vmod_unix: restrict all $Functions to client and backend

diff --git a/vmod/tests/unix_c00000.vtc b/vmod/tests/unix_c00000.vtc
index 9298f9d7a..723ee99e1 100644
--- a/vmod/tests/unix_c00000.vtc
+++ b/vmod/tests/unix_c00000.vtc
@@ -58,7 +58,7 @@ logexpect l1 -v v1 -d 1 -c {
 } -run
 
 
-varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini} {
+varnish v1 -errvcl {Not available in subroutine 'vcl_init'} {
 	import unix;
 	import std;
 	backend b None;
@@ -68,7 +68,7 @@ varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini
 	}
 }
 
-varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini} {
+varnish v1 -errvcl {Not available in subroutine 'vcl_init'} {
 	import unix;
 	import std;
 	backend b None;
@@ -78,7 +78,7 @@ varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini
 	}
 }
 
-varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini} {
+varnish v1 -errvcl {Not available in subroutine 'vcl_init'} {
 	import unix;
 	import std;
 	backend b None;
@@ -88,7 +88,7 @@ varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini
 	}
 }
 
-varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini} {
+varnish v1 -errvcl {Not available in subroutine 'vcl_init'} {
 	import unix;
 	import std;
 	backend b None;
diff --git a/vmod/vmod_unix.c b/vmod/vmod_unix.c
index 1edfca9d5..18b1d70ce 100644
--- a/vmod/vmod_unix.c
+++ b/vmod/vmod_unix.c
@@ -49,9 +49,6 @@
 #define VERR(ctx, fmt, ...) \
 	VSLb((ctx)->vsl, SLT_VCL_Error, "vmod unix error: " fmt, __VA_ARGS__)
 
-#define FAILNOINIT(ctx) \
-	FAIL((ctx), "may not be called in vcl_init or vcl_fini")
-
 #define ERRNOTUDS(ctx) \
 	ERR((ctx), "not listening on a Unix domain socket")
 
@@ -93,10 +90,7 @@ vmod_##func(VRT_CTX)					\
 	int ret;					\
 							\
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);		\
-	if ((ctx->method & VCL_MET_TASK_H) != 0) {	\
-		FAILNOINIT(ctx);			\
-		return (-1);				\
-	}						\
+	AZ(ctx->method & VCL_MET_TASK_H);	\
 							\
 	sp = get_sp(ctx);				\
 	if (!sp->listen_sock->uds) {			\
diff --git a/vmod/vmod_unix.vcc b/vmod/vmod_unix.vcc
index a7e6de913..b88c2326e 100644
--- a/vmod/vmod_unix.vcc
+++ b/vmod/vmod_unix.vcc
@@ -67,18 +67,26 @@ $Function STRING user()
 
 Return the user name of the peer process owner.
 
+$Restrict client backend
+
 $Function STRING group()
 
 Return the group name of the peer process owner.
 
+$Restrict client backend
+
 $Function INT uid()
 
 Return the numeric user id of the peer process owner.
 
+$Restrict client backend
+
 $Function INT gid()
 
 Return the numeric group id of the peer process owner.
 
+$Restrict client backend
+
 ERRORS
 ======
 
