Lua Access Control Engine

• Index

Contents

• Functions

Modules

• lace
• lace.builtin
• lace.compiler
• lace.engine
• lace.error
• lace.lex

Manual

• 1. Lua Access Control Engine
• 2. Syntax
• 2.1 Definition statements
• 2.2 Include statements
• 2.3 Allow and Deny statements
• 2.4 The default statement
• 3. Compilation
• 4. Execution
• Helping with Development
• README

Module lace.engine

The runtime engine for the Lua Access Control Engine

Once a ruleset has been compiled, it can be run for multiple inputs without needing to be recompiled.

This is handy for controlling access to a long-lived daemon such as an HTTP proxy.

Functions

define (exec_context, name, defn)	Set a definition.
test (exec_context, name)	Test a definition.
internal_run (ruleset, exec_context)	Internal routine for running sub-rulesets
run (ruleset, exec_context)	Run a ruleset.

Functions

define (exec_context, name, defn)

Set a definition.

Parameters:

• exec_context table The execution context for the runtime.
• name string The name of the define to set.
• defn table The definition function to use.

Returns:

1. boolean Returns true if the definition was set successfully.
2. nil or table If the definition was not set successfully then this is the error table ready to have context added to it.

test (exec_context, name)

Test a definition.

Parameters:

• exec_context table The execution context for the runtime.
• name string The name of the define to test.

Returns:

1. boolean or nil If the named definition does not exist, this is nil. Otherwise it is true iff. the definition's function results in true.
2. nil or table If the named definition does not exist, this is the error table ready for filling out with more context. Otherwise it is nil.

internal_run (ruleset, exec_context)

Internal routine for running sub-rulesets

Parameters:

• ruleset table The compiled ruleset to run.
• exec_context table The execution context for the runtime.

Returns:

1. nil, boolean or string The first return value is nil in the case of a runtime error, false if a Lace error was encountered during runtime, otherwise it it a result string (typically allow or deny). In addition, internally, an empty result string will be returned if no result was set by the sub-ruleset.
2. nil or string If an error was encountered, this is the error message, otherwise it is an additional message to go with the result if there was one, or nil in the case of no result value being set by the ruleset.

run (ruleset, exec_context)

Run a ruleset.

Parameters:

• ruleset table The compiled ruleset to run.
• exec_context table The execution context for the runtime.

Returns:

1. nil, boolean or string The first return value is nil in the case of a runtime error, false if a Lace error was encountered during runtime, otherwise it it a result string (typically allow or deny).
2. string If an error was encountered, this is the error message, otherwise it is an additional message to go with the result.