{
assert (_acl);
// XXX: AclMatchedName does not contain a matched ACL name when the acl
- // does not match (or contains stale name if no ACLs are checked). In
+ // does not match (or contains stale name if no ACLs are checked). In
// either case, we get misleading debugging and possibly incorrect error
// messages. Unfortunately, deny_info's "when none http_access
// lines match" exception essentially requires this mess.
if (resultBeforeAsync == nmrMatch)
continue;
-
+
if (resultBeforeAsync == nmrMismatch || resultBeforeAsync == nmrFinished)
return false;
// This is inefficient and ugly, but fixing all match() code, including
// the code it calls, such as ipcache_nbgethostbyname(), takes time.
if (!asyncInProgress()) { // failed to start an async operation
-
+
if (finished()) {
debugs(28, 3, HERE << this << " finished after failing to go async: " << currentAnswer());
return false; // an exceptional case
assert(!needsAsync);
debugs(28, 3, HERE << this << " exception: " << currentAnswer());
return nmrFinished;
- }
+ }
if (!needsAsync) {
debugs(28, 3, HERE << this << " simple mismatch");
// assume DENY/ALLOW on mis/matches due to not having acl_access object
if (matchAclList(list, true))
markFinished(ACCESS_ALLOWED, "all ACLs matched");
- else
- if (!finished())
+ else if (!finished())
markFinished(ACCESS_DENIED, "ACL mismatched");
PROF_stop(aclCheckFast);
return currentAnswer();
}
/// When no rules matched, the answer is the inversion of the last seen rule
-/// action (or ACCESS_DUNNO if the reversal is not possible). The caller
+/// action (or ACCESS_DUNNO if the reversal is not possible). The caller
/// should set lastSeenAction to ACCESS_DUNNO if there were no rules to see.
void
ACLChecklist::calcImplicitAnswer(const allow_t &lastSeenAction)
private: /* internal methods */
/// possible outcomes when trying to match a single ACL node in a list
typedef enum { nmrMatch, nmrMismatch, nmrFinished, nmrNeedsAsync }
- NodeMatchingResult;
+ NodeMatchingResult;
/// prepare for checking ACLs; called once per check
void preCheck(const char *what);
ExternalACLLookup::Start(ACLChecklist *checklist, external_acl_data *acl, bool inBackground)
{
external_acl *def = acl->def;
-
+
ACLFilledChecklist *ch = Filled(checklist);
const char *key = makeExternalAclKey(ch, acl);
assert(key);
const ConnStateData *conn = checklist->conn();
// check that ACLIdent::match() tested this lookup precondition
assert(conn && Comm::IsConnOpen(conn->clientConnection));
- debugs(28, 3, HERE << "Doing ident lookup" );
- checklist->asyncInProgress(true);
- Ident::Start(checklist->conn()->clientConnection, LookupDone, checklist);
+ debugs(28, 3, HERE << "Doing ident lookup" );
+ checklist->asyncInProgress(true);
+ Ident::Start(checklist->conn()->clientConnection, LookupDone, checklist);
}
void