From 4b0f5de8653310c14d9adbccdd27ae8de543d088 Mon Sep 17 00:00:00 2001 From: hno <> Date: Fri, 6 May 2005 07:57:55 +0000 Subject: [PATCH] Bug #1166: Configuration confusing when empty acls are encountered Bug #1255: http_access line with unknown acls This patch makes Squid very strict about access configuration errors. Previously Squid ignored most errors, now it rejects the configuraiton with an description of the error seen. --- src/ACL.h | 5 +++-- src/ACLARP.cc | 4 ++-- src/ACLARP.h | 4 ++-- src/ACLDestinationDomain.cc | 4 ++-- src/ACLDestinationDomain.h | 4 ++-- src/ACLExtUser.cc | 4 ++-- src/ACLExtUser.h | 4 ++-- src/ACLIP.cc | 34 +++++++++++++++++----------------- src/ACLIP.h | 2 +- src/ACLIdent.cc | 2 +- src/ACLIdent.h | 2 +- src/ACLMaxConnection.cc | 23 +++++++++++++++++------ src/ACLMaxConnection.h | 3 ++- src/ACLMaxUserIP.cc | 16 +++++++++++----- src/ACLMaxUserIP.h | 4 ++-- src/ACLProxyAuth.cc | 30 +++++++++++++++++------------- src/ACLProxyAuth.h | 1 + src/ACLStrategised.h | 8 ++++---- src/ACLTimeData.cc | 12 +++++------- src/AuthUserRequest.cc | 4 ++-- src/AuthUserRequest.h | 4 ++-- src/ExternalACL.h | 3 ++- src/acl.cc | 35 +++++++++++++++++++---------------- src/cache_cf.cc | 3 ++- src/external_acl.cc | 33 ++++++++++++++++++++++++++------- src/tools.cc | 10 ++++++---- 26 files changed, 153 insertions(+), 105 deletions(-) diff --git a/src/ACL.h b/src/ACL.h index b7909cc689..2136d8b44a 100644 --- a/src/ACL.h +++ b/src/ACL.h @@ -1,6 +1,6 @@ /* - * $Id: ACL.h,v 1.12 2004/08/30 05:12:30 robertc Exp $ + * $Id: ACL.h,v 1.13 2005/05/06 01:57:55 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -78,7 +78,8 @@ public: virtual int match(ACLChecklist * checklist) = 0; virtual wordlist *dumpGeneric() const; virtual wordlist *dump() const = 0; - virtual bool valid () const =0; + virtual bool empty () const = 0; + virtual bool valid () const; int checklistMatches(ACLChecklist *); int cacheMatchAcl(dlink_list * cache, ACLChecklist *); diff --git a/src/ACLARP.cc b/src/ACLARP.cc index bee7ef9cf1..8d0b96d467 100644 --- a/src/ACLARP.cc +++ b/src/ACLARP.cc @@ -1,5 +1,5 @@ /* - * $Id: ACLARP.cc,v 1.12 2005/04/18 21:52:41 hno Exp $ + * $Id: ACLARP.cc,v 1.13 2005/05/06 01:57:55 hno Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -118,7 +118,7 @@ ACLARP::typeString() const } bool -ACLARP::valid () const +ACLARP::empty () const { return data != NULL; } diff --git a/src/ACLARP.h b/src/ACLARP.h index 050e464380..daa3e58e34 100644 --- a/src/ACLARP.h +++ b/src/ACLARP.h @@ -1,6 +1,6 @@ /* - * $Id: ACLARP.h,v 1.3 2004/08/30 05:12:31 robertc Exp $ + * $Id: ACLARP.h,v 1.4 2005/05/06 01:57:55 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -60,7 +60,7 @@ public: virtual void parse(); virtual int match(ACLChecklist *checklist); virtual wordlist *dump() const; - virtual bool valid () const; + virtual bool empty () const; protected: static Prototype RegistryProtoype; diff --git a/src/ACLDestinationDomain.cc b/src/ACLDestinationDomain.cc index 32b30072e9..5feddcb474 100644 --- a/src/ACLDestinationDomain.cc +++ b/src/ACLDestinationDomain.cc @@ -1,5 +1,5 @@ /* - * $Id: ACLDestinationDomain.cc,v 1.7 2004/08/30 05:12:31 robertc Exp $ + * $Id: ACLDestinationDomain.cc,v 1.8 2005/05/06 01:57:55 hno Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -104,7 +104,7 @@ ACLDestinationDomain::dump() const } bool -ACLDestinationDomain::valid () const +ACLDestinationDomain::empty () const { return data != NULL; } diff --git a/src/ACLDestinationDomain.h b/src/ACLDestinationDomain.h index 9cc1c5a616..f35edc38e3 100644 --- a/src/ACLDestinationDomain.h +++ b/src/ACLDestinationDomain.h @@ -1,6 +1,6 @@ /* - * $Id: ACLDestinationDomain.h,v 1.6 2004/08/30 05:12:31 robertc Exp $ + * $Id: ACLDestinationDomain.h,v 1.7 2005/05/06 01:57:55 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -66,7 +66,7 @@ public: virtual void parse(); virtual int match(ACLChecklist *checklist); virtual wordlist *dump() const; - virtual bool valid () const; + virtual bool empty () const; virtual bool requiresRequest() const {return true;} virtual ACL *clone()const; diff --git a/src/ACLExtUser.cc b/src/ACLExtUser.cc index 01adcd77bd..065f0f68aa 100644 --- a/src/ACLExtUser.cc +++ b/src/ACLExtUser.cc @@ -1,5 +1,5 @@ /* - * $Id: ACLExtUser.cc,v 1.5 2004/08/30 05:12:31 robertc Exp $ + * $Id: ACLExtUser.cc,v 1.6 2005/05/06 01:57:55 hno Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -92,7 +92,7 @@ ACLExtUser::dump() const } bool -ACLExtUser::valid () const +ACLExtUser::empty () const { return data != NULL; } diff --git a/src/ACLExtUser.h b/src/ACLExtUser.h index 99b9fee5d3..89e6002fb6 100644 --- a/src/ACLExtUser.h +++ b/src/ACLExtUser.h @@ -1,6 +1,6 @@ /* - * $Id: ACLExtUser.h,v 1.4 2005/03/30 23:04:09 hno Exp $ + * $Id: ACLExtUser.h,v 1.5 2005/05/06 01:57:55 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -55,7 +55,7 @@ public: virtual int match(ACLChecklist *checklist); virtual wordlist *dump() const; - virtual bool valid () const; + virtual bool empty () const; virtual ACL *clone()const; private: diff --git a/src/ACLIP.cc b/src/ACLIP.cc index a252612bb2..db73250a70 100644 --- a/src/ACLIP.cc +++ b/src/ACLIP.cc @@ -202,8 +202,6 @@ acl_ip_data::DecodeMask(const char *asc, struct IN_ADDR *mask) if (safe_inet_addr(asc, mask)) return 1; - debug(28, 0) ("DecodeAddress: Invalid IP address: '%s'\n", asc); - return 0; } @@ -255,8 +253,7 @@ acl_ip_data::FactoryParse(const char *t) if ((hp = gethostbyname(addr1)) == NULL) { debug(28, 0) ("aclParseIpData: Bad host/IP: '%s'\n", t); - delete q; - return NULL; + self_destruct(); } Q = &q; @@ -269,7 +266,14 @@ acl_ip_data::FactoryParse(const char *t) r->addr2.s_addr = 0; - DecodeMask(mask, &r->mask); + if (!DecodeMask(mask, &r->mask)) { + debug(28, 0) ("aclParseIpData: unknown netmask '%s' in '%s'\n", mask, t); + delete r; + *Q = NULL; + self_destruct(); + continue; + } + Q = &r->next; @@ -278,8 +282,7 @@ acl_ip_data::FactoryParse(const char *t) if (*Q != NULL) { debug(28, 0) ("aclParseIpData: Bad host/IP: '%s'\n", t); - delete q; - return NULL; + self_destruct(); } return q; @@ -287,28 +290,25 @@ acl_ip_data::FactoryParse(const char *t) /* Decode addr1 */ if (!safe_inet_addr(addr1, &q->addr1)) { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); - debug(28, 0) ("aclParseIpData: Ignoring invalid IP acl entry: unknown first address '%s'\n", addr1); + debug(28, 0) ("aclParseIpData: unknown first address in '%s'\n", t); delete q; + self_destruct(); return NULL; } /* Decode addr2 */ if (!safe_inet_addr(addr2, &q->addr2)) { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); - debug(28, 0) ("aclParseIpData: Ignoring invalid IP acl entry: unknown second address '%s'\n", addr2); + debug(28, 0) ("aclParseIpData: unknown second address in '%s'\n", t); delete q; + self_desctruct(); return NULL; } /* Decode mask */ if (!DecodeMask(mask, &q->mask)) { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); - debug(28, 0) ("aclParseIpData: Ignoring invalid IP acl entry: unknown netmask '%s'\n", mask); + debug(28, 0) ("aclParseIpData: unknown netmask '%s' in '%s'\n", mask, t); delete q; + self_destruct(); return NULL; } @@ -353,7 +353,7 @@ ACLIP::dump() const } bool -ACLIP::valid () const +ACLIP::empty () const { return data != NULL; } diff --git a/src/ACLIP.h b/src/ACLIP.h index 7de38af0d5..891b30073d 100644 --- a/src/ACLIP.h +++ b/src/ACLIP.h @@ -83,7 +83,7 @@ public: // virtual bool isProxyAuth() const {return true;} virtual int match(ACLChecklist *checklist) = 0; virtual wordlist *dump() const; - virtual bool valid () const; + virtual bool empty () const; protected: diff --git a/src/ACLIdent.cc b/src/ACLIdent.cc index 8f00cf1ded..edf2cc3f68 100644 --- a/src/ACLIdent.cc +++ b/src/ACLIdent.cc @@ -98,7 +98,7 @@ ACLIdent::dump() const } bool -ACLIdent::valid () const +ACLIdent::empty () const { return data != NULL; } diff --git a/src/ACLIdent.h b/src/ACLIdent.h index cb035a4c7f..ebaf97e548 100644 --- a/src/ACLIdent.h +++ b/src/ACLIdent.h @@ -68,7 +68,7 @@ public: virtual int match(ACLChecklist *checklist); virtual wordlist *dump() const; - virtual bool valid () const; + virtual bool empty () const; virtual ACL *clone()const; private: diff --git a/src/ACLMaxConnection.cc b/src/ACLMaxConnection.cc index e54726c3bc..d8306a2aec 100644 --- a/src/ACLMaxConnection.cc +++ b/src/ACLMaxConnection.cc @@ -1,5 +1,5 @@ /* - * $Id: ACLMaxConnection.cc,v 1.4 2004/08/30 05:12:31 robertc Exp $ + * $Id: ACLMaxConnection.cc,v 1.5 2005/05/06 01:57:55 hno Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -47,7 +47,7 @@ ACLMaxConnection::clone() const return new ACLMaxConnection(*this); } -ACLMaxConnection::ACLMaxConnection (char const *theClass) : class_ (theClass), limit(0) +ACLMaxConnection::ACLMaxConnection (char const *theClass) : class_ (theClass), limit(-1) {} ACLMaxConnection::ACLMaxConnection (ACLMaxConnection const & old) :class_ (old.class_), limit (old.limit) @@ -62,22 +62,33 @@ ACLMaxConnection::typeString() const return class_; } +bool +ACLMaxConnection::empty () const +{ + return false; +} + bool ACLMaxConnection::valid () const { - return limit != 0; + return limit > 0; } void ACLMaxConnection::parse() { char *t = strtokFile(); + + if (!t) + return; + limit = (atoi (t)); - /* suck out file contents */ - while ((t = strtokFile())) + /* suck out file contents */ - ; + while ((t = strtokFile())) { + limit = 0; + } } int diff --git a/src/ACLMaxConnection.h b/src/ACLMaxConnection.h index 384df07b41..c28464c605 100644 --- a/src/ACLMaxConnection.h +++ b/src/ACLMaxConnection.h @@ -1,6 +1,6 @@ /* - * $Id: ACLMaxConnection.h,v 1.3 2004/08/30 05:12:31 robertc Exp $ + * $Id: ACLMaxConnection.h,v 1.4 2005/05/06 01:57:55 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -54,6 +54,7 @@ public: virtual void parse(); virtual int match(ACLChecklist *checklist); virtual wordlist *dump() const; + virtual bool empty () const; virtual bool valid () const; virtual void prepareForUse(); diff --git a/src/ACLMaxUserIP.cc b/src/ACLMaxUserIP.cc index 1f85f7a3a7..de60c90163 100644 --- a/src/ACLMaxUserIP.cc +++ b/src/ACLMaxUserIP.cc @@ -1,5 +1,5 @@ /* - * $Id: ACLMaxUserIP.cc,v 1.7 2005/04/18 21:52:41 hno Exp $ + * $Id: ACLMaxUserIP.cc,v 1.8 2005/05/06 01:57:55 hno Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -49,7 +49,7 @@ ACLMaxUserIP::clone() const return new ACLMaxUserIP(*this); } -ACLMaxUserIP::ACLMaxUserIP (char const *theClass) : class_ (theClass), maximum(0) +ACLMaxUserIP::ACLMaxUserIP (char const *theClass) : class_ (theClass), maximum(-1) {} ACLMaxUserIP::ACLMaxUserIP (ACLMaxUserIP const & old) :class_ (old.class_), maximum (old.maximum), flags (old.flags) @@ -64,10 +64,16 @@ ACLMaxUserIP::typeString() const return class_; } +bool +ACLMaxUserIP::empty () const +{ + return false; +} + bool ACLMaxUserIP::valid () const { - return maximum != 0; + return maximum > 0; } void @@ -81,7 +87,7 @@ ACLMaxUserIP::parse() char *t = strtokFile(); if (!t) - fatal("aclParseUserMaxIP: Malformed ACL\n"); + return; debug(28, 5) ("aclParseUserMaxIP: First token is %s\n", t); @@ -92,7 +98,7 @@ ACLMaxUserIP::parse() } if (!t) - fatal("aclParseUserMaxIP: Malformed ACL\n"); + return; maximum = atoi(t); diff --git a/src/ACLMaxUserIP.h b/src/ACLMaxUserIP.h index 30870b817d..02630368da 100644 --- a/src/ACLMaxUserIP.h +++ b/src/ACLMaxUserIP.h @@ -1,6 +1,6 @@ /* - * $Id: ACLMaxUserIP.h,v 1.5 2005/04/18 21:52:41 hno Exp $ + * $Id: ACLMaxUserIP.h,v 1.6 2005/05/06 01:57:55 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -63,7 +63,7 @@ private: int match(auth_user_request_t *, struct IN_ADDR const &); char const *class_; - size_t maximum; + int maximum; struct Flags { diff --git a/src/ACLProxyAuth.cc b/src/ACLProxyAuth.cc index 40d2bd1faf..707a41735d 100644 --- a/src/ACLProxyAuth.cc +++ b/src/ACLProxyAuth.cc @@ -72,18 +72,6 @@ ACLProxyAuth::typeString() const void ACLProxyAuth::parse() { - if (authenticateSchemeCount() == 0) { - debug(28, 0) ("aclProxyAuth::parse: IGNORING: Proxy Auth ACL '%s' " - "because no authentication schemes were compiled.\n", cfgline); - return; - } - - if (authenticateActiveSchemeCount() == 0) { - debug(28, 0) ("aclProxyAuth::parse: IGNORING: Proxy Auth ACL '%s' " - "because no authentication schemes are fully configured.\n", cfgline); - return; - } - data->parse(); } @@ -107,11 +95,27 @@ ACLProxyAuth::dump() const } bool -ACLProxyAuth::valid () const +ACLProxyAuth::empty () const { return data != NULL; } +bool +ACLProxyAuth::valid () const +{ + if (authenticateSchemeCount() == 0) { + debug(28, 0) ("Can't use proxy auth because no authentication schemes were compiled.\n"); + return false; + } + + if (authenticateActiveSchemeCount() == 0) { + debug(28, 0) ("Can't use proxy auth because no authentication schemes are fully configured.\n"); + return false; + } + + return true; +} + ProxyAuthNeeded ProxyAuthNeeded::instance_; ProxyAuthNeeded * diff --git a/src/ACLProxyAuth.h b/src/ACLProxyAuth.h index bb5ee60561..e26490386c 100644 --- a/src/ACLProxyAuth.h +++ b/src/ACLProxyAuth.h @@ -80,6 +80,7 @@ public: virtual int match(ACLChecklist *checklist); virtual wordlist *dump() const; virtual bool valid () const; + virtual bool empty () const; virtual bool requiresRequest() const {return true;} virtual ACL *clone()const; diff --git a/src/ACLStrategised.h b/src/ACLStrategised.h index 35f975f4b8..f9c5ca9fb8 100644 --- a/src/ACLStrategised.h +++ b/src/ACLStrategised.h @@ -1,6 +1,6 @@ /* - * $Id: ACLStrategised.h,v 1.8 2004/12/24 08:57:59 robertc Exp $ + * $Id: ACLStrategised.h,v 1.9 2005/05/06 01:57:55 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -65,7 +65,7 @@ public: virtual int match(ACLChecklist *checklist); virtual int match (M const &); virtual wordlist *dump() const; - virtual bool valid () const; + virtual bool empty () const; virtual ACL *clone()const; private: @@ -160,9 +160,9 @@ ACLStrategised::dump() const template bool -ACLStrategised::valid () const +ACLStrategised::empty () const { - return data != NULL; + return data == NULL; } template diff --git a/src/ACLTimeData.cc b/src/ACLTimeData.cc index 80c96e075d..53876927ea 100644 --- a/src/ACLTimeData.cc +++ b/src/ACLTimeData.cc @@ -1,5 +1,5 @@ /* - * $Id: ACLTimeData.cc,v 1.8 2004/12/20 16:30:32 robertc Exp $ + * $Id: ACLTimeData.cc,v 1.9 2005/05/06 01:57:55 hno Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -190,9 +190,8 @@ ACLTimeData::parse() /* assume its time-of-day spec */ if (sscanf(t, "%d:%d-%d:%d", &h1, &m1, &h2, &m2) < 4) { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); - debug(28, 0) ("aclParseTimeSpec: IGNORING Bad time range\n"); + debug(28, 0) ("aclParseTimeSpec: Bad time range '%s'\n", t); + self_destruct(); if (q != this) delete q; @@ -214,9 +213,8 @@ ACLTimeData::parse() weekbits = 0; if (q->start > q->stop) { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); - debug(28, 0) ("aclParseTimeSpec: IGNORING Reversed time range\n"); + debug(28, 0) ("aclParseTimeSpec: Reversed time range\n"); + self_destruct(); if (q != this) delete q; diff --git a/src/AuthUserRequest.cc b/src/AuthUserRequest.cc index f9e3f4133b..c337197dd0 100644 --- a/src/AuthUserRequest.cc +++ b/src/AuthUserRequest.cc @@ -1,6 +1,6 @@ /* - * $Id: AuthUserRequest.cc,v 1.3 2005/04/18 21:52:41 hno Exp $ + * $Id: AuthUserRequest.cc,v 1.4 2005/05/06 01:57:55 hno Exp $ * * DO NOT MODIFY NEXT 2 LINES: * arch-tag: 6803fde1-d5a2-4c29-9034-1c0c9f650eb4 @@ -304,7 +304,7 @@ authenticateAuthUserRequestClearIp(auth_user_request_t * auth_user_request) auth_user_request->user()->clearIp(); } -size_t +int authenticateAuthUserRequestIPCount(auth_user_request_t * auth_user_request) { assert(auth_user_request); diff --git a/src/AuthUserRequest.h b/src/AuthUserRequest.h index f93352ce3a..f1fffeb7e1 100644 --- a/src/AuthUserRequest.h +++ b/src/AuthUserRequest.h @@ -1,6 +1,6 @@ /* - * $Id: AuthUserRequest.h,v 1.2 2005/04/18 21:52:41 hno Exp $ + * $Id: AuthUserRequest.h,v 1.3 2005/05/06 01:57:55 hno Exp $ * * DO NOT MODIFY NEXT 2 LINES: * arch-tag: 674533af-8b21-4641-b71a-74c4639072a0 @@ -133,7 +133,7 @@ extern void authenticateAddTrailer(HttpReply *, auth_user_request_t *, HttpReque extern void authenticateAuthUserRequestRemoveIp(auth_user_request_t *, struct IN_ADDR); extern void authenticateAuthUserRequestClearIp(auth_user_request_t *); -extern size_t authenticateAuthUserRequestIPCount(auth_user_request_t *); +extern int authenticateAuthUserRequestIPCount(auth_user_request_t *); extern int authenticateDirection(auth_user_request_t *); extern int authenticateUserAuthenticated(auth_user_request_t *); diff --git a/src/ExternalACL.h b/src/ExternalACL.h index 54c34a90dd..3a06392214 100644 --- a/src/ExternalACL.h +++ b/src/ExternalACL.h @@ -1,6 +1,6 @@ /* - * $Id: ExternalACL.h,v 1.7 2005/03/30 23:08:19 hno Exp $ + * $Id: ExternalACL.h,v 1.8 2005/05/06 01:57:55 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -80,6 +80,7 @@ public: virtual bool isProxyAuth() const; virtual wordlist *dump() const; virtual bool valid () const; + virtual bool empty () const; protected: static Prototype RegistryProtoype; diff --git a/src/acl.cc b/src/acl.cc index d97d46b0e0..08904ac62d 100644 --- a/src/acl.cc +++ b/src/acl.cc @@ -1,5 +1,5 @@ /* - * $Id: acl.cc,v 1.314 2004/08/30 05:12:31 robertc Exp $ + * $Id: acl.cc,v 1.315 2005/05/06 01:57:55 hno Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -77,6 +77,11 @@ ACL::Factory (char const *type) ACL::ACL () {} +bool ACL::valid () const +{ + return true; +} + void ACL::ParseAclLine(ACL ** head) { @@ -89,9 +94,8 @@ ACL::ParseAclLine(ACL ** head) /* snarf the ACL name */ if ((t = strtok(NULL, w_space)) == NULL) { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); debug(28, 0) ("aclParseAclLine: missing ACL name.\n"); + self_destruct(); return; } @@ -100,16 +104,14 @@ ACL::ParseAclLine(ACL ** head) char *theType; if ((theType = strtok(NULL, w_space)) == NULL) { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); debug(28, 0) ("aclParseAclLine: missing ACL type.\n"); + self_destruct(); return; } if (!Prototype::Registered (theType)) { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); debug(28, 0) ("aclParseAclLine: Invalid ACL type '%s'\n", theType); + self_destruct(); return; } @@ -121,7 +123,8 @@ ACL::ParseAclLine(ACL ** head) new_acl = 1; } else { if (strcmp (A->typeString(),theType) ) { - debug(28, 0) ("aclParseAclLine: ACL '%s' already exists with different type, skipping.\n", A->name); + debug(28, 0) ("aclParseAclLine: ACL '%s' already exists with different type.\n", A->name); + self_destruct(); return; } @@ -146,13 +149,14 @@ ACL::ParseAclLine(ACL ** head) if (!new_acl) return; - if (!A->valid()) { - debug(28, 0) ("aclParseAclLine: IGNORING invalid ACL: %s\n", + if (A->empty()) { + debug(28, 0) ("Warning: empty ACL: %s\n", A->cfgline); - delete A; - /* Do we need this? */ - A = NULL; - return; + } + + if (!A->valid()) { + fatalf("ERROR: Invalid ACL: %s\n", + A->cfgline); } /* append */ @@ -356,10 +360,9 @@ aclParseAclList(acl_list ** head) a = ACL::FindByName(t); if (a == NULL) { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); debug(28, 0) ("aclParseAccessLine: ACL name '%s' not found.\n", t); delete L; + self_destruct(); continue; } diff --git a/src/cache_cf.cc b/src/cache_cf.cc index 6b82af4288..87daacc88d 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.cc,v 1.472 2005/05/01 08:11:47 serassio Exp $ + * $Id: cache_cf.cc,v 1.473 2005/05/06 01:57:55 hno Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -133,6 +133,7 @@ static void parse_b_size_t(size_t * var); void self_destruct(void) { + shutting_down = 1; fatalf("Bungled %s line %d: %s", cfg_filename, config_lineno, config_input_line); } diff --git a/src/external_acl.cc b/src/external_acl.cc index 0a9b5b7a67..9141e756d6 100644 --- a/src/external_acl.cc +++ b/src/external_acl.cc @@ -1,6 +1,6 @@ /* - * $Id: external_acl.cc,v 1.62 2005/03/30 23:08:19 hno Exp $ + * $Id: external_acl.cc,v 1.63 2005/05/06 01:57:55 hno Exp $ * * DEBUG: section 82 External ACL * AUTHOR: Henrik Nordstrom, MARA Systems AB @@ -53,6 +53,7 @@ #endif #include "client_side.h" #include "HttpRequest.h" +#include "authenticate.h" #ifndef DEFAULT_EXTERNAL_ACL_TTL #define DEFAULT_EXTERNAL_ACL_TTL 1 * 60 * 60 @@ -575,6 +576,30 @@ ACLExternal::parse() } } +bool +ACLExternal::valid () const +{ + if (data->def->require_auth) { + if (authenticateSchemeCount() == 0) { + debug(28, 0) ("Can't use proxy auth because no authentication schemes were compiled.\n"); + return false; + } + + if (authenticateActiveSchemeCount() == 0) { + debug(28, 0) ("Can't use proxy auth because no authentication schemes are fully configured.\n"); + return false; + } + } + + return true; +} + +bool +ACLExternal::empty () const +{ + return false; +} + ACLExternal::~ACLExternal() { cbdataFree(data); @@ -1306,12 +1331,6 @@ ACLExternal::typeString() const return class_; } -bool -ACLExternal::valid () const -{ - return data != NULL; -} - bool ACLExternal::isProxyAuth() const { diff --git a/src/tools.cc b/src/tools.cc index 1babe74926..4a4c3c76ad 100644 --- a/src/tools.cc +++ b/src/tools.cc @@ -1,6 +1,6 @@ /* - * $Id: tools.cc,v 1.255 2005/04/25 18:43:00 serassio Exp $ + * $Id: tools.cc,v 1.256 2005/05/06 01:57:55 hno Exp $ * * DEBUG: section 21 Misc Functions * AUTHOR: Harvest Derived @@ -359,9 +359,11 @@ death(int sig) storeDirWriteCleanLogs(0); - PrintRusage(); + if (!shutting_down) { + PrintRusage(); - dumpMallocStats(); + dumpMallocStats(); + } if (squid_curtime - SQUID_RELEASE_TIME < 864000) { /* skip if more than 10 days old */ @@ -452,7 +454,7 @@ fatal(const char *message) fatal_common(message); if (shutting_down) - exit(0); + exit(1); else abort(); } -- 2.47.2