From: Willy Tarreau Date: Fri, 23 Nov 2012 22:47:36 +0000 (+0100) Subject: BUG/MEDIUM: acl: correctly resolve all args, not just the first one X-Git-Tag: v1.5-dev14~17 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7d1df411711ff7aa2943847fdb606a6d1b9966c4;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: acl: correctly resolve all args, not just the first one Since 1.5-dev9, ACLs support multiple args. The changes performed in acl_find_targets() were bogus as they were not always applied to the current argument being processed, but sometimes to the first one only. Fortunately till now, all ACLs which support resolvable arguments have it in the first place only, so there was no impact. --- diff --git a/src/acl.c b/src/acl.c index adc89f3c69..a10e8aeea9 100644 --- a/src/acl.c +++ b/src/acl.c @@ -2091,14 +2091,14 @@ acl_find_targets(struct proxy *p) struct server *srv; char *pname, *sname; - if (!expr->args->data.str.len) { + if (!arg->data.str.len) { Alert("proxy %s: acl '%s' %s(): missing server name.\n", p->id, acl->name, expr->kw->kw); cfgerr++; continue; } - pname = expr->args->data.str.str; + pname = arg->data.str.str; sname = strrchr(pname, '/'); if (sname) @@ -2127,17 +2127,17 @@ acl_find_targets(struct proxy *p) continue; } - free(expr->args->data.str.str); - expr->args->data.str.str = NULL; + free(arg->data.str.str); + arg->data.str.str = NULL; arg->unresolved = 0; - expr->args->data.srv = srv; + arg->data.srv = srv; } else if (arg->type == ARGT_FE) { struct proxy *prx = p; char *pname = p->id; - if (expr->args->data.str.len) { - pname = expr->args->data.str.str; + if (arg->data.str.len) { + pname = arg->data.str.str; prx = findproxy(pname, PR_CAP_FE); } @@ -2155,17 +2155,17 @@ acl_find_targets(struct proxy *p) continue; } - free(expr->args->data.str.str); - expr->args->data.str.str = NULL; + free(arg->data.str.str); + arg->data.str.str = NULL; arg->unresolved = 0; - expr->args->data.prx = prx; + arg->data.prx = prx; } else if (arg->type == ARGT_BE) { struct proxy *prx = p; char *pname = p->id; - if (expr->args->data.str.len) { - pname = expr->args->data.str.str; + if (arg->data.str.len) { + pname = arg->data.str.str; prx = findproxy(pname, PR_CAP_BE); } @@ -2183,17 +2183,17 @@ acl_find_targets(struct proxy *p) continue; } - free(expr->args->data.str.str); - expr->args->data.str.str = NULL; + free(arg->data.str.str); + arg->data.str.str = NULL; arg->unresolved = 0; - expr->args->data.prx = prx; + arg->data.prx = prx; } else if (arg->type == ARGT_TAB) { struct proxy *prx = p; char *pname = p->id; - if (expr->args->data.str.len) { - pname = expr->args->data.str.str; + if (arg->data.str.len) { + pname = arg->data.str.str; prx = find_stktable(pname); } @@ -2212,13 +2212,13 @@ acl_find_targets(struct proxy *p) continue; } - free(expr->args->data.str.str); - expr->args->data.str.str = NULL; + free(arg->data.str.str); + arg->data.str.str = NULL; arg->unresolved = 0; - expr->args->data.prx = prx; + arg->data.prx = prx; } else if (arg->type == ARGT_USR) { - if (!expr->args->data.str.len) { + if (!arg->data.str.len) { Alert("proxy %s: acl '%s' %s(): missing userlist name.\n", p->id, acl->name, expr->kw->kw); cfgerr++; @@ -2226,22 +2226,22 @@ acl_find_targets(struct proxy *p) } if (p->uri_auth && p->uri_auth->userlist && - !strcmp(p->uri_auth->userlist->name, expr->args->data.str.str)) + !strcmp(p->uri_auth->userlist->name, arg->data.str.str)) ul = p->uri_auth->userlist; else - ul = auth_find_userlist(expr->args->data.str.str); + ul = auth_find_userlist(arg->data.str.str); if (!ul) { Alert("proxy %s: acl '%s' %s(%s): unable to find userlist.\n", - p->id, acl->name, expr->kw->kw, expr->args->data.str.str); + p->id, acl->name, expr->kw->kw, arg->data.str.str); cfgerr++; continue; } - free(expr->args->data.str.str); - expr->args->data.str.str = NULL; + free(arg->data.str.str); + arg->data.str.str = NULL; arg->unresolved = 0; - expr->args->data.usr = ul; + arg->data.usr = ul; } } /* end of args processing */ @@ -2262,6 +2262,7 @@ acl_find_targets(struct proxy *p) } list_for_each_entry(pattern, &expr->patterns, list) { + /* this keyword only has one argument */ pattern->val.group_mask = auth_resolve_groups(expr->args->data.usr, pattern->ptr.str); free(pattern->ptr.str);