PROF_start(aclCheckFast);
currentAnswer(ACCESS_DENIED);
debugs(28, 5, "aclCheckFast: list: " << accessList);
-
- while (accessList) {
- preCheck();
- matchAclListFast(accessList->aclList);
-
- if (finished()) {
+ const acl_access *acl = cbdataReference(accessList);
+ while (acl != NULL && cbdataReferenceValid(acl)) {
+ currentAnswer(acl->allow);
+ if (matchAclListFast(acl->aclList)) {
PROF_stop(aclCheckFast);
- cbdataReferenceDone(accessList);
+ cbdataReferenceDone(acl);
return currentAnswer() == ACCESS_ALLOWED;
}
/*
* Reference the next access entry
*/
- const acl_access *A = accessList;
-
- assert (A);
-
- accessList = cbdataReference(A->next);
-
+ const acl_access *A = acl;
+ acl = cbdataReference(acl->next);
cbdataReferenceDone(A);
}
* This means any proxy_auth, external_acl, DNS lookups, Ident lookups etc
* which have not already been performed and cached will not be checked.
*
- * If there is no access list to check the default is to return DENIED.
+ * If there is no access list to check the default is to return ALLOWED.
* However callers should perform their own check and default based on local
* knowledge of the ACL usage rather than depend on this default.
* That will also save on work setting up ACLChecklist fields for a no-op.