From: Willy Tarreau <w@1wt.eu>
Date: Mon, 1 Feb 2010 09:40:19 +0000 (+0100)
Subject: [MINOR] http-auth: make the 'unless' keyword work as expected
X-Git-Tag: v1.4-rc1~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5142594dea58a8898bae859960a03e5db6f709c5;p=thirdparty%2Fhaproxy.git

[MINOR] http-auth: make the 'unless' keyword work as expected

One check was missing for the 'polarity' of the test. Now 'unless'
works. BTW, 'unless' provides a nice way to perform one-line auth :

    acl valid-user http_auth(user-list)
    http-request auth unless valid-user
---

diff --git a/src/proto_http.c b/src/proto_http.c
index 1b59c68f5f..692bb9f109 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -2862,8 +2862,13 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s
 			continue;
 
 		/* check condition, but only if attached */
-		if (req_acl->cond)
-			ret = acl_exec_cond(req_acl->cond, px, s, txn, ACL_DIR_REQ);
+		if (!req_acl->cond)
+			continue;
+
+		ret = acl_exec_cond(req_acl->cond, px, s, txn, ACL_DIR_REQ);
+		ret = acl_pass(ret);
+		if (req_acl->cond->pol == ACL_COND_UNLESS)
+			ret = !ret;
 
 		if (ret) {
 			req_acl_final = req_acl;