Bug 4847 pt1: regression in proxy_auth ACL flags (#191)

r15058 "Support for --long-acl-options" in Squid-4.0.21
unintentionally removed the proxy_auth ACL support for -i/+i
flags. See bug report for details.

Fix proxy_auth ACL -i and +i flags no longer working by copying
RegexData flags registration, since ACLs for UserData all use
the same names and meanings.

Add documentation to indicate that ident and ext_user ACLs do
support -i/+i just like proxy_auth ACLs.

TODO: fix server_cert_fingerprint ACL which is still broken.

diff --git a/src/acl/UserData.cc b/src/acl/UserData.cc
index 775117c9e07824987d1c741f29af0a92cdb0cdeb..10d6f56eaafa06b41be226d12b9e81729c2ba725 100644 (file)
--- a/src/acl/UserData.cc
+++ b/src/acl/UserData.cc
@@ -17,6 +17,13 @@
 #include "sbuf/Algorithms.h"
 #include "util.h"
 
+const Acl::ParameterFlags &
+ACLUserData::supportedFlags() const
+{
+    static const Acl::ParameterFlags flagNames = { "-i", "+i" };
+    return flagNames;
+}
+
 bool
 ACLUserData::match(char const *user)
 {

diff --git a/src/acl/UserData.h b/src/acl/UserData.h
index 057fa7a4506a6fe27e0f9bfd6532a8af2bac76a2..bfee1c925f00c1094dfc34eb9e3baeeaed80e4ea 100644 (file)
--- a/src/acl/UserData.h
+++ b/src/acl/UserData.h
@@ -25,6 +25,7 @@ public:
     bool match(char const *user);
     virtual SBufList dump() const;
     void parse();
+    virtual const Acl::ParameterFlags &supportedFlags() const;
     bool empty() const;
     virtual ACLData<char const *> *clone() const;
 

diff --git a/src/cf.data.pre b/src/cf.data.pre
index bae7a4718e10167a2ecda2691068f867c8a44041..4286716e600b0f2cca4549d94bbd87d94311887e 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1142,7 +1142,7 @@ endif
          # pattern match on Referer header [fast]
          # Referer is highly unreliable, so use with care
 
-       acl aclname ident username ...
+       acl aclname ident [-i] username ...
        acl aclname ident_regex [-i] pattern ...
          # string match on ident output [slow]
          # use REQUIRED to accept any non-null ident.
@@ -1237,7 +1237,7 @@ endif
          # match against attributes a users issuing CA SSL certificate
          # attribute is one of DN/C/O/CN/L/ST or a numerical OID  [fast]
 
-       acl aclname ext_user username ...
+       acl aclname ext_user [-i] username ...
        acl aclname ext_user_regex [-i] pattern ...
          # string match on username returned by external acl helper [slow]
          # use REQUIRED to accept any non-null user name.