[master] 0073245e1 vmod_directors: restrict methods and functions

Nils Goroll nils.goroll at uplex.de
Mon Apr 24 13:46:09 UTC 2023 

commit 0073245e1fc8c5e7f8336a8112984c4c8bc80138
Author: Walid Boudebouda <walid.boudebouda at gmail.com>
Date:   Thu Mar 9 14:53:21 2023 +0100

    vmod_directors: restrict methods and functions

diff --git a/bin/varnishtest/tests/b00016.vtc b/bin/varnishtest/tests/b00016.vtc
index af3627f52..c7ea39939 100644
--- a/bin/varnishtest/tests/b00016.vtc
+++ b/bin/varnishtest/tests/b00016.vtc
@@ -9,9 +9,6 @@ varnish v1 -vcl+backend {
 	import directors;
 
 	sub vcl_recv {
-		if (req.url == "/lookup") {
-			set req.http.foo = directors.lookup("s1");
-		}
 		return (pass);
 	}
 
@@ -24,10 +21,6 @@ client c1 {
 	txreq -url "/"
 	rxresp
 	expect resp.http.X-Backend-Name == "s1"
-	txreq -url "/lookup"
-	rxresp
-	expect resp.status == 503
-	expect resp.reason == "VCL failed"
 } -run
 
 varnish v1 -vcl+backend {
@@ -55,3 +48,17 @@ client c1 {
 	expect resp.http.X-Director-Name == "bar"
 	expect resp.http.X-Backend-Name == "s1"
 } -run
+
+varnish v1 -errvcl "Not available in subroutine 'vcl_recv'" {
+	import directors;
+
+	backend dummy None;
+
+	sub vcl_recv {
+		if (req.url == "/lookup") {
+			set req.http.foo = directors.lookup("s1");
+		}
+		return (pass);
+	}
+
+}
diff --git a/vmod/tests/directors_c00015.vtc b/vmod/tests/directors_c00015.vtc
index 9238f83c0..12af48d03 100644
--- a/vmod/tests/directors_c00015.vtc
+++ b/vmod/tests/directors_c00015.vtc
@@ -16,8 +16,6 @@ varnish v1 -vcl {
 	if (req.url == "/1") {
 	    set req.backend_hint = shard.backend(
 	      param=blob.decode(HEX, encoded=""));
-	} else if (req.url == "/2") {
-	    p.set(by=HASH);
 	}
     }
 } -start
@@ -30,9 +28,6 @@ logexpect l1 -v v1 -g raw -d 1 {
 logexpect l2 -v v1 -g raw {
     expect * 1001 VCL_Error {vmod_directors: shard shard: .backend.key_blob. param invalid}
 } -start
-logexpect l3 -v v1 -g raw {
-    expect * 1003 VCL_Error {vmod_directors: shard p: shard_param.set.. may only be used in vcl_init and in backend/pipe context}
-} -start
 
 client c1 {
     txreq -url "/1"
@@ -41,15 +36,8 @@ client c1 {
     expect_close
 } -run
 
-client c1 {
-    txreq -url "/2"
-    rxresp
-    expect resp.status == 503
-    expect_close
-} -run
 
 logexpect l2 -wait
-logexpect l3 -wait
 
 varnish v1 -errvcl {shard .associate param invalid} {
     import directors;
@@ -206,3 +194,22 @@ varnish v1 -errvcl {vmod_directors: shard shard: .remove_backend(): either backe
 	shard.remove_backend();
     }
 }
+
+varnish v1 -errvcl "Not available in subroutine 'vcl_recv'" {
+    import directors;
+    import blob;
+
+    backend dummy None;
+
+    sub vcl_init {
+        new shard = directors.shard();
+	    new p = directors.shard_param();
+	    p.set(by=BLOB, key_blob=blob.decode(HEX, encoded=""));
+    }
+
+    sub vcl_recv {
+	    if (req.url == "/2") {
+	        p.set(by=HASH);
+	    }
+    }
+}
diff --git a/vmod/vmod_directors.c b/vmod/vmod_directors.c
index 7f429c9cc..6488ff7ba 100644
--- a/vmod/vmod_directors.c
+++ b/vmod/vmod_directors.c
@@ -48,12 +48,7 @@
 VCL_BACKEND
 VPFX(lookup)(VRT_CTX, VCL_STRING name)
 {
-	if ((ctx->method & VCL_MET_TASK_H) == 0) {
-		VRT_fail(ctx,
-		    "lookup() may only be called from vcl_init / vcl_fini");
-		return (NULL);
-	}
-
+	AN(ctx->method & VCL_MET_TASK_H);
 	return (VRT_LookupDirector(ctx, name));
 }
 
diff --git a/vmod/vmod_directors.vcc b/vmod/vmod_directors.vcc
index 70474cdc0..d51f9535e 100644
--- a/vmod/vmod_directors.vcc
+++ b/vmod/vmod_directors.vcc
@@ -650,7 +650,7 @@ Reset the parameter set to default values as documented for
 * backend context and in ``vcl_pipe {}``, resets the parameter set for
   this backend request to the VCL defaults
 
-This method may not be used in client context other than ``vcl_pipe {}``.
+$Restrict vcl_pipe backend housekeeping
 
 $Method VOID .set(
 	[ ENUM {HASH, URL, KEY, BLOB} by ],
@@ -670,7 +670,7 @@ Change the given parameters of a parameter set as documented for
   for this backend request, keeping the defaults set for this VCL for
   unspecified arguments.
 
-This method may not be used in client context other than ``vcl_pipe {}``.
+$Restrict vcl_pipe backend housekeeping
 
 $Method STRING .get_by()
 
@@ -706,16 +706,16 @@ shard director using this parameter object would use. See
 
 $Method BLOB .use()
 
-This method may only be used in backend context and in ``vcl_pipe {}``.
-
 For use with the *param* argument of `xshard.backend()`_
 to associate this shard parameter set with a shard director.
 
+$Restrict vcl_pipe backend housekeeping
+
 $Function BACKEND lookup(STRING)
 
 Lookup a backend by its name.
 
-This function can only be used from ``vcl_init{}`` and  ``vcl_fini{}``.
+$Restrict housekeeping
 
 ACKNOWLEDGEMENTS
 ================

More information about the varnish-commit mailing list