r4741 - trunk/varnish-cache/lib/libvcl

phk at varnish-cache.org phk at varnish-cache.org
Wed Apr 28 11:55:47 CEST 2010


Author: phk
Date: 2010-04-28 11:55:47 +0200 (Wed, 28 Apr 2010)
New Revision: 4741

Modified:
   trunk/varnish-cache/lib/libvcl/vcc_action.c
   trunk/varnish-cache/lib/libvcl/vcc_compile.h
   trunk/varnish-cache/lib/libvcl/vcc_fixed_token.c
   trunk/varnish-cache/lib/libvcl/vcc_obj.c
   trunk/varnish-cache/lib/libvcl/vcc_parse.c
   trunk/varnish-cache/lib/libvcl/vcc_string.c
   trunk/varnish-cache/lib/libvcl/vcc_var.c
   trunk/varnish-cache/lib/libvcl/vcc_xref.c
Log:
Implement distinct read/write access control for variables.



Modified: trunk/varnish-cache/lib/libvcl/vcc_action.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_action.c	2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_action.c	2010-04-28 09:55:47 UTC (rev 4741)
@@ -69,7 +69,7 @@
 
 	vcc_NextToken(tl);
 	if (tl->t->tok == VAR) {
-		vp = vcc_FindVar(tl, tl->t, vcc_vars);
+		vp = vcc_FindVar(tl, tl->t, vcc_vars, 0, "read");
 		ERRCHK(tl);
 		assert(vp != NULL);
 		if (vp->fmt == INT) {
@@ -112,16 +112,6 @@
 }
 
 static void
-check_writebit(struct tokenlist *tl, const struct var *vp)
-{
-
-	if (vp->access == V_RW || vp->access == V_WO)
-		return;
-	vsb_printf(tl->sb, "Variable %.*s cannot be modified.\n", PF(tl->t));
-	vcc_ErrWhere(tl, tl->t);
-}
-
-static void
 parse_set(struct tokenlist *tl)
 {
 	struct var *vp;
@@ -130,11 +120,9 @@
 	vcc_NextToken(tl);
 	ExpectErr(tl, VAR);
 	vt = tl->t;
-	vp = vcc_FindVar(tl, tl->t, vcc_vars);
+	vp = vcc_FindVar(tl, tl->t, vcc_vars, 1, "set");
 	ERRCHK(tl);
 	assert(vp != NULL);
-	check_writebit(tl, vp);
-	ERRCHK(tl);
 	Fb(tl, 1, "%s", vp->lname);
 	vcc_NextToken(tl);
 	switch (vp->fmt) {
@@ -262,15 +250,15 @@
 
 	vcc_NextToken(tl);
 	ExpectErr(tl, VAR);
-	vp = vcc_FindVar(tl, tl->t, vcc_vars);
+	vp = vcc_FindVar(tl, tl->t, vcc_vars, 1, "unset");
 	ERRCHK(tl);
 	assert(vp != NULL);
 	if (vp->fmt != STRING || vp->hdr == NULL) {
-		vsb_printf(tl->sb, "Only http header lines can be unset.\n");
+		vsb_printf(tl->sb,
+		    "Only http header variables can be unset.\n");
 		vcc_ErrWhere(tl, tl->t);
 		return;
 	}
-	check_writebit(tl, vp);
 	ERRCHK(tl);
 	Fb(tl, 1, "%s0);\n", vp->lname);
 	vcc_NextToken(tl);

Modified: trunk/varnish-cache/lib/libvcl/vcc_compile.h
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_compile.h	2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_compile.h	2010-04-28 09:55:47 UTC (rev 4741)
@@ -109,12 +109,6 @@
 	HEADER
 };
 
-enum var_access {
-	V_RO,
-	V_RW,
-	V_WO
-};
-
 enum ref_type {
 	R_FUNC,
 	R_ACL,
@@ -134,10 +128,10 @@
 	enum var_type		fmt;
 	unsigned		len;
 	const char		*rname;
+	unsigned		r_methods;
 	const char		*lname;
-	enum var_access		access;
+	unsigned		l_methods;
 	const char		*hdr;
-	unsigned		methods;
 };
 
 struct method {
@@ -225,7 +219,7 @@
 
 /* vcc_var.c */
 struct var *vcc_FindVar(struct tokenlist *tl, const struct token *t,
-    struct var *vl);
+    struct var *vl, int wr_access, const char *use);
 void vcc_VarVal(struct tokenlist *tl, const struct var *vp,
     const struct token *vt);
 
@@ -238,7 +232,8 @@
 struct proc *vcc_AddProc(struct tokenlist *tl, struct token *t);
 void vcc_ProcAction(struct proc *p, unsigned action, struct token *t);
 int vcc_CheckAction(struct tokenlist *tl);
-void vcc_AddUses(struct tokenlist *tl, struct var *v);
+void vcc_AddUses(struct tokenlist *tl, const struct token *t, unsigned mask,
+    const char *use);
 int vcc_CheckUses(struct tokenlist *tl);
 
 #define ERRCHK(tl)      do { if ((tl)->err) return; } while (0)

Modified: trunk/varnish-cache/lib/libvcl/vcc_fixed_token.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_fixed_token.c	2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_fixed_token.c	2010-04-28 09:55:47 UTC (rev 4741)
@@ -215,8 +215,8 @@
 	    "OF LIABILITY, WHETHER IN CONTRACT, STRICT\n * LIABILITY, OR "
 	    "TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n"
 	    " * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE "
-	    "POSSIBILITY OF\n * SUCH DAMAGE.\n *\n * $Id: vrt.h 4668 2010-04-"
-	    "16 10:24:59Z phk $\n *\n * Runtime support for compiled VCL "
+	    "POSSIBILITY OF\n * SUCH DAMAGE.\n *\n * $Id: vrt.h 4735 2010-04-"
+	    "27 15:19:41Z phk $\n *\n * Runtime support for compiled VCL "
 	    "programs.\n *\n * XXX: When this file is changed, lib/libvcl/gen"
 	    "erate.py *MUST* be rerun.\n */\n\nstruct sess;\nstruct vsb;\n"
 	    "struct cli;\nstruct director;\nstruct VCL_conf;\n"

Modified: trunk/varnish-cache/lib/libvcl/vcc_obj.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_obj.c	2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_obj.c	2010-04-28 09:55:47 UTC (rev 4741)
@@ -14,303 +14,360 @@
 struct var vcc_vars[] = {
 	{ "client.ip", IP, 9,
 	    "VRT_r_client_ip(sp)",
-	    NULL,
-	    V_RO,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    NULL,	/* No writes allowed */
+	    0,
+	    0,
 	},
 	{ "server.ip", IP, 9,
 	    "VRT_r_server_ip(sp)",
-	    NULL,
-	    V_RO,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    NULL,	/* No writes allowed */
+	    0,
+	    0,
 	},
 	{ "server.hostname", STRING, 15,
 	    "VRT_r_server_hostname(sp)",
-	    NULL,
-	    V_RO,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    NULL,	/* No writes allowed */
+	    0,
+	    0,
 	},
 	{ "server.identity", STRING, 15,
 	    "VRT_r_server_identity(sp)",
-	    NULL,
-	    V_RO,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    NULL,	/* No writes allowed */
+	    0,
+	    0,
 	},
 	{ "server.port", INT, 11,
 	    "VRT_r_server_port(sp)",
-	    NULL,
-	    V_RO,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    NULL,	/* No writes allowed */
+	    0,
+	    0,
 	},
 	{ "req.request", STRING, 11,
 	    "VRT_r_req_request(sp)",
+	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+	     | VCL_MET_ERROR,
 	    "VRT_l_req_request(sp, ",
-	    V_RW,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    0,
 	},
 	{ "req.url", STRING, 7,
 	    "VRT_r_req_url(sp)",
+	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+	     | VCL_MET_ERROR,
 	    "VRT_l_req_url(sp, ",
-	    V_RW,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    0,
 	},
 	{ "req.proto", STRING, 9,
 	    "VRT_r_req_proto(sp)",
+	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+	     | VCL_MET_ERROR,
 	    "VRT_l_req_proto(sp, ",
-	    V_RW,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    0,
 	},
 	{ "req.http.", HEADER, 9,
 	    "VRT_r_req_http_(sp)",
+	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+	     | VCL_MET_ERROR,
 	    "VRT_l_req_http_(sp, ",
-	    V_RW,	    "HDR_REQ",
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    "HDR_REQ",
 	},
 	{ "req.hash", HASH, 8,
-	    NULL,
+	    NULL,	/* No reads allowed */
+	    0,
 	    "VRT_l_req_hash(sp, ",
-	    V_WO,	    0,
-	    VCL_MET_HASH | VCL_MET_ERROR
+	    VCL_MET_HASH | VCL_MET_ERROR,
+	    0,
 	},
 	{ "req.backend", BACKEND, 11,
 	    "VRT_r_req_backend(sp)",
+	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+	     | VCL_MET_ERROR,
 	    "VRT_l_req_backend(sp, ",
-	    V_RW,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    0,
 	},
 	{ "req.restarts", INT, 12,
 	    "VRT_r_req_restarts(sp)",
-	    NULL,
-	    V_RO,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    NULL,	/* No writes allowed */
+	    0,
+	    0,
 	},
 	{ "req.grace", RTIME, 9,
 	    "VRT_r_req_grace(sp)",
+	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
+	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
+	     | VCL_MET_ERROR,
 	    "VRT_l_req_grace(sp, ",
-	    V_RW,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    0,
 	},
 	{ "req.xid", STRING, 7,
 	    "VRT_r_req_xid(sp)",
-	    NULL,
-	    V_RO,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    NULL,	/* No writes allowed */
+	    0,
+	    0,
 	},
 	{ "req.esi", BOOL, 7,
 	    "VRT_r_req_esi(sp)",
+	    VCL_MET_RECV | VCL_MET_FETCH | VCL_MET_DELIVER | VCL_MET_ERROR,
 	    "VRT_l_req_esi(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_RECV | VCL_MET_FETCH | VCL_MET_DELIVER | VCL_MET_ERROR
+	    VCL_MET_RECV | VCL_MET_FETCH | VCL_MET_DELIVER | VCL_MET_ERROR,
+	    0,
 	},
 	{ "req.backend.healthy", BOOL, 19,
 	    "VRT_r_req_backend_healthy(sp)",
-	    NULL,
-	    V_RO,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    NULL,	/* No writes allowed */
+	    0,
+	    0,
 	},
 	{ "bereq.request", STRING, 13,
 	    "VRT_r_bereq_request(sp)",
+	    VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
 	    "VRT_l_bereq_request(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH
+	    VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
+	    0,
 	},
 	{ "bereq.url", STRING, 9,
 	    "VRT_r_bereq_url(sp)",
+	    VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
 	    "VRT_l_bereq_url(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH
+	    VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
+	    0,
 	},
 	{ "bereq.proto", STRING, 11,
 	    "VRT_r_bereq_proto(sp)",
+	    VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
 	    "VRT_l_bereq_proto(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH
+	    VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
+	    0,
 	},
 	{ "bereq.http.", HEADER, 11,
 	    "VRT_r_bereq_http_(sp)",
+	    VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
 	    "VRT_l_bereq_http_(sp, ",
-	    V_RW,	    "HDR_BEREQ",
-	    VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH
+	    VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_MISS | VCL_MET_FETCH,
+	    "HDR_BEREQ",
 	},
 	{ "bereq.connect_timeout", RTIME, 21,
 	    "VRT_r_bereq_connect_timeout(sp)",
+	    VCL_MET_PASS | VCL_MET_MISS,
 	    "VRT_l_bereq_connect_timeout(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_PASS | VCL_MET_MISS
+	    VCL_MET_PASS | VCL_MET_MISS,
+	    0,
 	},
 	{ "bereq.first_byte_timeout", RTIME, 24,
 	    "VRT_r_bereq_first_byte_timeout(sp)",
+	    VCL_MET_PASS | VCL_MET_MISS,
 	    "VRT_l_bereq_first_byte_timeout(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_PASS | VCL_MET_MISS
+	    VCL_MET_PASS | VCL_MET_MISS,
+	    0,
 	},
 	{ "bereq.between_bytes_timeout", RTIME, 27,
 	    "VRT_r_bereq_between_bytes_timeout(sp)",
+	    VCL_MET_PASS | VCL_MET_MISS,
 	    "VRT_l_bereq_between_bytes_timeout(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_PASS | VCL_MET_MISS
+	    VCL_MET_PASS | VCL_MET_MISS,
+	    0,
 	},
 	{ "beresp.proto", STRING, 12,
 	    "VRT_r_beresp_proto(sp)",
+	    VCL_MET_FETCH,
 	    "VRT_l_beresp_proto(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_FETCH
+	    VCL_MET_FETCH,
+	    0,
 	},
 	{ "beresp.saintmode", RTIME, 16,
-	    NULL,
+	    NULL,	/* No reads allowed */
+	    0,
 	    "VRT_l_beresp_saintmode(sp, ",
-	    V_WO,	    0,
-	    VCL_MET_FETCH
+	    VCL_MET_FETCH,
+	    0,
 	},
 	{ "beresp.status", INT, 13,
 	    "VRT_r_beresp_status(sp)",
+	    VCL_MET_FETCH,
 	    "VRT_l_beresp_status(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_FETCH
+	    VCL_MET_FETCH,
+	    0,
 	},
 	{ "beresp.response", STRING, 15,
 	    "VRT_r_beresp_response(sp)",
+	    VCL_MET_FETCH,
 	    "VRT_l_beresp_response(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_FETCH
+	    VCL_MET_FETCH,
+	    0,
 	},
 	{ "beresp.http.", HEADER, 12,
 	    "VRT_r_beresp_http_(sp)",
+	    VCL_MET_FETCH,
 	    "VRT_l_beresp_http_(sp, ",
-	    V_RW,	    "HDR_BERESP",
-	    VCL_MET_FETCH
+	    VCL_MET_FETCH,
+	    "HDR_BERESP",
 	},
 	{ "beresp.cacheable", BOOL, 16,
 	    "VRT_r_beresp_cacheable(sp)",
+	    VCL_MET_FETCH,
 	    "VRT_l_beresp_cacheable(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_FETCH
+	    VCL_MET_FETCH,
+	    0,
 	},
 	{ "beresp.ttl", RTIME, 10,
 	    "VRT_r_beresp_ttl(sp)",
+	    VCL_MET_FETCH,
 	    "VRT_l_beresp_ttl(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_FETCH
+	    VCL_MET_FETCH,
+	    0,
 	},
 	{ "beresp.grace", RTIME, 12,
 	    "VRT_r_beresp_grace(sp)",
+	    VCL_MET_FETCH,
 	    "VRT_l_beresp_grace(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_FETCH
+	    VCL_MET_FETCH,
+	    0,
 	},
 	{ "obj.proto", STRING, 9,
 	    "VRT_r_obj_proto(sp)",
+	    VCL_MET_HIT | VCL_MET_ERROR,
 	    "VRT_l_obj_proto(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_HIT | VCL_MET_ERROR
+	    VCL_MET_HIT | VCL_MET_ERROR,
+	    0,
 	},
 	{ "obj.status", INT, 10,
 	    "VRT_r_obj_status(sp)",
+	    VCL_MET_ERROR,
 	    "VRT_l_obj_status(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_ERROR
+	    VCL_MET_ERROR,
+	    0,
 	},
 	{ "obj.response", STRING, 12,
 	    "VRT_r_obj_response(sp)",
+	    VCL_MET_ERROR,
 	    "VRT_l_obj_response(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_ERROR
+	    VCL_MET_ERROR,
+	    0,
 	},
 	{ "obj.hits", INT, 8,
 	    "VRT_r_obj_hits(sp)",
-	    NULL,
-	    V_RO,	    0,
-	    VCL_MET_HIT | VCL_MET_DELIVER
+	    VCL_MET_HIT | VCL_MET_DELIVER,
+	    NULL,	/* No writes allowed */
+	    0,
+	    0,
 	},
 	{ "obj.http.", HEADER, 9,
 	    "VRT_r_obj_http_(sp)",
+	    VCL_MET_HIT | VCL_MET_ERROR,
 	    "VRT_l_obj_http_(sp, ",
-	    V_RW,	    "HDR_OBJ",
-	    VCL_MET_HIT | VCL_MET_ERROR
+	    VCL_MET_ERROR,
+	    "HDR_OBJ",
 	},
 	{ "obj.cacheable", BOOL, 13,
 	    "VRT_r_obj_cacheable(sp)",
+	    VCL_MET_HIT,
 	    "VRT_l_obj_cacheable(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_HIT
+	    VCL_MET_HIT,
+	    0,
 	},
 	{ "obj.ttl", RTIME, 7,
 	    "VRT_r_obj_ttl(sp)",
+	    VCL_MET_HIT | VCL_MET_ERROR,
 	    "VRT_l_obj_ttl(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_HIT | VCL_MET_ERROR
+	    VCL_MET_HIT | VCL_MET_ERROR,
+	    0,
 	},
 	{ "obj.grace", RTIME, 9,
 	    "VRT_r_obj_grace(sp)",
+	    VCL_MET_HIT | VCL_MET_ERROR,
 	    "VRT_l_obj_grace(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_HIT | VCL_MET_ERROR
+	    VCL_MET_HIT | VCL_MET_ERROR,
+	    0,
 	},
 	{ "obj.lastuse", RTIME, 11,
 	    "VRT_r_obj_lastuse(sp)",
-	    NULL,
-	    V_RO,	    0,
-	    VCL_MET_HIT | VCL_MET_DELIVER | VCL_MET_ERROR
+	    VCL_MET_HIT | VCL_MET_DELIVER | VCL_MET_ERROR,
+	    NULL,	/* No writes allowed */
+	    0,
+	    0,
 	},
 	{ "resp.proto", STRING, 10,
 	    "VRT_r_resp_proto(sp)",
+	    VCL_MET_DELIVER,
 	    "VRT_l_resp_proto(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_DELIVER
+	    VCL_MET_DELIVER,
+	    0,
 	},
 	{ "resp.status", INT, 11,
 	    "VRT_r_resp_status(sp)",
+	    VCL_MET_DELIVER,
 	    "VRT_l_resp_status(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_DELIVER
+	    VCL_MET_DELIVER,
+	    0,
 	},
 	{ "resp.response", STRING, 13,
 	    "VRT_r_resp_response(sp)",
+	    VCL_MET_DELIVER,
 	    "VRT_l_resp_response(sp, ",
-	    V_RW,	    0,
-	    VCL_MET_DELIVER
+	    VCL_MET_DELIVER,
+	    0,
 	},
 	{ "resp.http.", HEADER, 10,
 	    "VRT_r_resp_http_(sp)",
+	    VCL_MET_DELIVER,
 	    "VRT_l_resp_http_(sp, ",
-	    V_RW,	    "HDR_RESP",
-	    VCL_MET_DELIVER
+	    VCL_MET_DELIVER,
+	    "HDR_RESP",
 	},
 	{ "now", TIME, 3,
 	    "VRT_r_now(sp)",
-	    NULL,
-	    V_RO,	    0,
 	    VCL_MET_RECV | VCL_MET_PIPE | VCL_MET_PASS | VCL_MET_HASH
 	     | VCL_MET_MISS | VCL_MET_HIT | VCL_MET_FETCH | VCL_MET_DELIVER
-	     | VCL_MET_ERROR
+	     | VCL_MET_ERROR,
+	    NULL,	/* No writes allowed */
+	    0,
+	    0,
 	},
 	{ NULL }
 };

Modified: trunk/varnish-cache/lib/libvcl/vcc_parse.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_parse.c	2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_parse.c	2010-04-28 09:55:47 UTC (rev 4741)
@@ -333,7 +333,7 @@
 		vcc_Cond_0(tl);
 		SkipToken(tl, ')');
 	} else if (tl->t->tok == VAR) {
-		vp = vcc_FindVar(tl, tl->t, vcc_vars);
+		vp = vcc_FindVar(tl, tl->t, vcc_vars, 0, "read");
 		ERRCHK(tl);
 		assert(vp != NULL);
 		vcc_NextToken(tl);

Modified: trunk/varnish-cache/lib/libvcl/vcc_string.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_string.c	2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_string.c	2010-04-28 09:55:47 UTC (rev 4741)
@@ -154,7 +154,7 @@
 	if (tl->t->tok == ID && vcc_IdIs(tl->t, "regsuball"))
 		return (vcc_regsub(tl, 1));
 	if (tl->t->tok == VAR) {
-		vp = vcc_FindVar(tl, tl->t, vcc_vars);
+		vp = vcc_FindVar(tl, tl->t, vcc_vars, 0, "read");
 		if (tl->err)
 			return (0);
 		assert(vp != NULL);

Modified: trunk/varnish-cache/lib/libvcl/vcc_var.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_var.c	2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_var.c	2010-04-28 09:55:47 UTC (rev 4741)
@@ -61,10 +61,10 @@
 	memcpy(p, t->b, i);
 	p[i] = '\0';
 	v->name = p;
-	v->access = V_RW;
+	v->r_methods = vh->r_methods;
+	v->l_methods = vh->l_methods;
 	v->fmt = STRING;
 	v->hdr = vh->hdr;
-	v->methods = vh->methods;
 	l = strlen(v->name + vh->len) + 1;
 
 	bprintf(buf, "VRT_GetHdr(sp, %s, \"\\%03o%s:\")",
@@ -87,7 +87,8 @@
 /*--------------------------------------------------------------------*/
 
 struct var *
-vcc_FindVar(struct tokenlist *tl, const struct token *t, struct var *vl)
+vcc_FindVar(struct tokenlist *tl, const struct token *t, struct var *vl,
+    int wr_access, const char *use)
 {
 	struct var *v;
 
@@ -98,7 +99,25 @@
 			continue;
 		if (memcmp(t->b, v->name, v->len))
 			continue;
-		vcc_AddUses(tl, v);
+		if (wr_access && v->l_methods == 0) {
+			vsb_printf(tl->sb, "Variable ");
+			vcc_ErrToken(tl, t);
+			vsb_printf(tl->sb, " is read only.");
+			vsb_cat(tl->sb, "\nAt: ");
+			vcc_ErrWhere(tl, t);
+			return (NULL);
+		} else if (wr_access) {
+			vcc_AddUses(tl, t, v->l_methods, use);
+		} else if (v->r_methods == 0) {
+			vsb_printf(tl->sb, "Variable ");
+			vcc_ErrToken(tl, t);
+			vsb_printf(tl->sb, " is write only.");
+			vsb_cat(tl->sb, "\nAt: ");
+			vcc_ErrWhere(tl, t);
+			return (NULL);
+		} else {
+			vcc_AddUses(tl, t, v->r_methods, use);
+		}
 		if (v->fmt != HEADER)
 			return (v);
 		return (HeaderVar(tl, t, v));

Modified: trunk/varnish-cache/lib/libvcl/vcc_xref.c
===================================================================
--- trunk/varnish-cache/lib/libvcl/vcc_xref.c	2010-04-28 09:54:52 UTC (rev 4740)
+++ trunk/varnish-cache/lib/libvcl/vcc_xref.c	2010-04-28 09:55:47 UTC (rev 4741)
@@ -61,7 +61,8 @@
 struct procuse {
 	VTAILQ_ENTRY(procuse)	list;
 	struct token		*t;
-	struct var		*v;
+	unsigned		mask;
+	const char		*use;
 };
 
 struct proc {
@@ -212,16 +213,19 @@
 }
 
 void
-vcc_AddUses(struct tokenlist *tl, struct var *v)
+vcc_AddUses(struct tokenlist *tl, const struct token *t, unsigned mask,
+    const char *use)
 {
 	struct procuse *pu;
 
+	(void)t;
 	if (tl->curproc == NULL)	/* backend */
 		return;
 	pu = TlAlloc(tl, sizeof *pu);
 	assert(pu != NULL);
-	pu->v = v;
 	pu->t = tl->t;
+	pu->mask = mask;
+	pu->use = use;
 	VTAILQ_INSERT_TAIL(&tl->curproc->uses, pu, list);
 }
 
@@ -339,7 +343,7 @@
 	struct procuse *pu;
 
 	VTAILQ_FOREACH(pu, &p->uses, list)
-		if (!(pu->v->methods & m->bitval))
+		if (!(pu->mask & m->bitval))
 			return (pu);
 	return (NULL);
 }
@@ -389,8 +393,8 @@
 		pu = vcc_FindIllegalUse(p, m);
 		if (pu != NULL) {
 			vsb_printf(tl->sb,
-			    "Variable '%.*s' not accessible in method '%.*s'.",
-			    PF(pu->t), PF(p->name));
+			    "Variable '%.*s': %s not allowed in method '%.*s'.",
+			    PF(pu->t), pu->use, PF(p->name));
 			vsb_cat(tl->sb, "\nAt: ");
 			vcc_ErrWhere(tl, pu->t);
 			return (1);




More information about the varnish-commit mailing list