From: Krzysztof Olędzki <ole@ans.pl>
Date: Mon, 1 Feb 2010 11:36:53 +0000 (+0100)
Subject: [MINOR] http-auth: last fix was wrong
X-Git-Tag: v1.4-rc1~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=711ad9eb270c0f9151f94c667b7506733f5e3d65;p=thirdparty%2Fhaproxy.git

[MINOR] http-auth: last fix was wrong

I'm not sure if the fix is correct:

- if (req_acl->cond)
-         ret = acl_exec_cond(req_acl->cond, px, s, txn, ACL_DIR_REQ);
+ if (!req_acl->cond)
+         continue;

Doesn't it ignore rules with no condition attached? I think that the
proper solution would be the following.
---

diff --git a/src/proto_http.c b/src/proto_http.c
index 692bb9f109..b4ec788150 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -2862,13 +2862,13 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s
 			continue;
 
 		/* check condition, but only if attached */
-		if (!req_acl->cond)
-			continue;
+		if (req_acl->cond) {
+			ret = acl_exec_cond(req_acl->cond, px, s, txn, ACL_DIR_REQ);
+			ret = acl_pass(ret);
 
-		ret = acl_exec_cond(req_acl->cond, px, s, txn, ACL_DIR_REQ);
-		ret = acl_pass(ret);
-		if (req_acl->cond->pol == ACL_COND_UNLESS)
-			ret = !ret;
+			if (req_acl->cond->pol == ACL_COND_UNLESS)
+				ret = !ret;
+		}
 
 		if (ret) {
 			req_acl_final = req_acl;