From: Patrick Hemmer <patrick.hemmer@gmail.com>
Date: Tue, 1 Aug 2023 14:43:02 +0000 (-0400)
Subject: BUG/MINOR: acl: support built-in ACLs with acl() sample
X-Git-Tag: v3.0-dev11~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=93d4e99714d5788d7627f64fd02cae09ecd07b20;p=thirdparty%2Fhaproxy.git

BUG/MINOR: acl: support built-in ACLs with acl() sample

Built-in ACLs were not being searched by the acl() sample fetch. This
fixes that so they are searched if no other match is found.
---

diff --git a/reg-tests/sample_fetches/acl.vtc b/reg-tests/sample_fetches/acl.vtc
index 8f4f8fb247..21e6f4b524 100644
--- a/reg-tests/sample_fetches/acl.vtc
+++ b/reg-tests/sample_fetches/acl.vtc
@@ -18,7 +18,7 @@ haproxy h1 -conf {
         acl ACL3 acl(!ACL2)
         acl ACL4 acl(ACL2,!ACL3)
 
-        http-request return status 200 hdr x-acl "ACL1=%[acl(ACL1)] ACL2=%[acl(ACL2)] ACL3=%[acl(ACL3)] ACL4=%[acl(ACL4)]"
+        http-request return status 200 hdr x-acl "ACL1=%[acl(ACL1)] ACL2=%[acl(ACL2)] ACL3=%[acl(ACL3)] ACL4=%[acl(ACL4)] TRUE=%[acl(TRUE)]"
 } -start
 
 client c1 -connect ${h1_fe1_sock} {
@@ -29,4 +29,5 @@ client c1 -connect ${h1_fe1_sock} {
     expect resp.http.x-acl ~ "ACL2=1"
     expect resp.http.x-acl ~ "ACL3=0"
     expect resp.http.x-acl ~ "ACL4=1"
+    expect resp.http.x-acl ~ "TRUE=1"
 } -run
diff --git a/src/acl.c b/src/acl.c
index 52a71f38e6..c1f4edd1c7 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -1350,7 +1350,11 @@ int smp_fetch_acl_parse(struct arg *args, char **err_msg)
 			name++;
 		}
 
-		if (!(acl_sample->terms[i].acl = find_acl_by_name(name, &curproxy->acl))) {
+
+		if (
+			!(acl_sample->terms[i].acl = find_acl_by_name(name, &curproxy->acl)) &&
+			!(acl_sample->terms[i].acl = find_acl_default(name, &curproxy->acl, err_msg, NULL, NULL, 0))
+			) {
 			memprintf(err_msg, "ACL '%s' not found", name);
 			goto err;
 		}