1 /*
2  * include/types/acl.h
3  * This file provides structures and types for ACLs.
4  *
5  * Copyright (C) 2000-2012 Willy Tarreau - w@1wt.eu
6  *
7  * This library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation, version 2.1
10  * exclusively.
11  *
12  * This library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
20  */
21 
22 #ifndef _TYPES_ACL_H
23 #define _TYPES_ACL_H
24 
25 #include <common/compat.h>
26 #include <common/config.h>
27 #include <common/mini-clist.h>
28 
29 #include <types/arg.h>
30 #include <types/auth.h>
31 #include <types/pattern.h>
32 #include <types/proxy.h>
33 #include <types/server.h>
34 
35 #include <ebmbtree.h>
36 
37 /* ACL test result.
38  *
39  * We're using a 3-state matching system :
40  *   - PASS : at least one pattern already matches
41  *   - MISS : some data is missing to decide if some rules may finally match.
42  *   - FAIL : no mattern may ever match
43  *
44  * We assign values 0, 1 and 3 to FAIL, MISS and PASS respectively, so that we
45  * can make use of standard arithmetics for the truth tables below :
46  *
47  *      x  | !x          x&y | F(0) | M(1) | P(3)     x|y | F(0) | M(1) | P(3)
48  *   ------+-----       -----+------+------+-----    -----+------+------+-----
49  *    F(0) | P(3)        F(0)| F(0) | F(0) | F(0)     F(0)| F(0) | M(1) | P(3)
50  *    M(1) | M(1)        M(1)| F(0) | M(1) | M(1)     M(1)| M(1) | M(1) | P(3)
51  *    P(3) | F(0)        P(3)| F(0) | M(1) | P(3)     P(3)| P(3) | P(3) | P(3)
52  *
53  *  neg(x) = (3 >> x)       and(x,y) = (x & y)           or(x,y) = (x | y)
54  *
55  * For efficiency, the ACL return flags are directly mapped from the pattern
56  * match flags. See include/pattern.h for existing values.
57  */
58 enum acl_test_res {
59 	ACL_TEST_FAIL = 0,           /* test failed */
60 	ACL_TEST_MISS = 1,           /* test may pass with more info */
61 	ACL_TEST_PASS = 3,           /* test passed */
62 };
63 
64 /* Condition polarity. It makes it easier for any option to choose between
65  * IF/UNLESS if it can store that information within the condition itself.
66  * Those should be interpreted as "IF/UNLESS result == PASS".
67  */
68 enum acl_cond_pol {
69 	ACL_COND_NONE,		/* no polarity set yet */
70 	ACL_COND_IF,		/* positive condition (after 'if') */
71 	ACL_COND_UNLESS,	/* negative condition (after 'unless') */
72 };
73 
74 /* some dummy declarations to silent the compiler */
75 struct proxy;
76 struct stream;
77 
78 /*
79  * ACL keyword: Associates keywords with parsers, methods to retrieve the value and testers.
80  */
81 /*
82  * NOTE:
83  * The 'parse' function is called to parse words in the configuration. It must
84  * return the number of valid words read. 0 = error. The 'opaque' argument may
85  * be used by functions which need to maintain a context between consecutive
86  * values. It is initialized to zero before the first call, and passed along
87  * successive calls.
88  */
89 
90 struct acl_expr;
91 struct acl_keyword {
92 	const char *kw;
93 	char *fetch_kw;
94 	int match_type; /* Contain PAT_MATCH_* */
95 	int (*parse)(const char *text, struct pattern *pattern, int flags, char **err);
96 	int (*index)(struct pattern_expr *expr, struct pattern *pattern, char **err);
97 	void (*delete)(struct pattern_expr *expr, struct pat_ref_elt *);
98 	void (*prune)(struct pattern_expr *expr);
99 	struct pattern *(*match)(struct sample *smp, struct pattern_expr *expr, int fill);
100 	/* must be after the config params */
101 	struct sample_fetch *smp; /* the sample fetch we depend on */
102 };
103 
104 /*
105  * A keyword list. It is a NULL-terminated array of keywords. It embeds a
106  * struct list in order to be linked to other lists, allowing it to easily
107  * be declared where it is needed, and linked without duplicating data nor
108  * allocating memory.
109  */
110 struct acl_kw_list {
111 	struct list list;
112 	struct acl_keyword kw[VAR_ARRAY];
113 };
114 
115 /*
116  * Description of an ACL expression.
117  * The expression is part of a list. It contains pointers to the keyword, the
118  * sample fetch descriptor which defaults to the keyword's, and the associated
119  * pattern matching. The structure is organized so that the hot parts are
120  * grouped together in order to optimize caching.
121  */
122 struct acl_expr {
123 	struct sample_expr *smp;      /* the sample expression we depend on */
124 	struct pattern_head pat;      /* the pattern matching expression */
125 	struct list list;             /* chaining */
126 	const char *kw;               /* points to the ACL kw's name or fetch's name (must not free) */
127 };
128 
129 /* The acl will be linked to from the proxy where it is declared */
130 struct acl {
131 	struct list list;           /* chaining */
132 	char *name;		    /* acl name */
133 	struct list expr;	    /* list of acl_exprs */
134 	int cache_idx;              /* ACL index in cache */
135 	unsigned int use;           /* or'ed bit mask of all acl_expr's SMP_USE_* */
136 	unsigned int val;           /* or'ed bit mask of all acl_expr's SMP_VAL_* */
137 };
138 
139 /* the condition will be linked to from an action in a proxy */
140 struct acl_term {
141 	struct list list;           /* chaining */
142 	struct acl *acl;            /* acl pointed to by this term */
143 	int neg;                    /* 1 if the ACL result must be negated */
144 };
145 
146 struct acl_term_suite {
147 	struct list list;           /* chaining of term suites */
148 	struct list terms;          /* list of acl_terms */
149 };
150 
151 struct acl_cond {
152 	struct list list;           /* Some specific tests may use multiple conditions */
153 	struct list suites;         /* list of acl_term_suites */
154 	enum acl_cond_pol pol;      /* polarity: ACL_COND_IF / ACL_COND_UNLESS */
155 	unsigned int use;           /* or'ed bit mask of all suites's SMP_USE_* */
156 	unsigned int val;           /* or'ed bit mask of all suites's SMP_VAL_* */
157 	const char *file;           /* config file where the condition is declared */
158 	int line;                   /* line in the config file where the condition is declared */
159 };
160 
161 #endif /* _TYPES_ACL_H */
162 
163 /*
164  * Local variables:
165  *  c-indent-level: 8
166  *  c-basic-offset: 8
167  * End:
168  */
169