From d4c6acacd6fb0e4db0a087cdccfd643f6e411513 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Sat, 5 May 2018 14:42:12 +0000 Subject: [PATCH] Bug 4847 pt1: regression in proxy_auth ACL flags (#191) r15058 "Support for --long-acl-options" in Squid-4.0.21 unintentionally removed the proxy_auth ACL support for -i/+i flags. See bug report for details. Fix proxy_auth ACL -i and +i flags no longer working by copying RegexData flags registration, since ACLs for UserData all use the same names and meanings. Add documentation to indicate that ident and ext_user ACLs do support -i/+i just like proxy_auth ACLs. TODO: fix server_cert_fingerprint ACL which is still broken. --- src/acl/UserData.cc | 7 +++++++ src/acl/UserData.h | 1 + src/cf.data.pre | 4 ++-- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/acl/UserData.cc b/src/acl/UserData.cc index 775117c9e0..10d6f56eaa 100644 --- a/src/acl/UserData.cc +++ b/src/acl/UserData.cc @@ -17,6 +17,13 @@ #include "sbuf/Algorithms.h" #include "util.h" +const Acl::ParameterFlags & +ACLUserData::supportedFlags() const +{ + static const Acl::ParameterFlags flagNames = { "-i", "+i" }; + return flagNames; +} + bool ACLUserData::match(char const *user) { diff --git a/src/acl/UserData.h b/src/acl/UserData.h index 057fa7a450..bfee1c925f 100644 --- a/src/acl/UserData.h +++ b/src/acl/UserData.h @@ -25,6 +25,7 @@ public: bool match(char const *user); virtual SBufList dump() const; void parse(); + virtual const Acl::ParameterFlags &supportedFlags() const; bool empty() const; virtual ACLData *clone() const; diff --git a/src/cf.data.pre b/src/cf.data.pre index bae7a4718e..4286716e60 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1142,7 +1142,7 @@ endif # pattern match on Referer header [fast] # Referer is highly unreliable, so use with care - acl aclname ident username ... + acl aclname ident [-i] username ... acl aclname ident_regex [-i] pattern ... # string match on ident output [slow] # use REQUIRED to accept any non-null ident. @@ -1237,7 +1237,7 @@ endif # match against attributes a users issuing CA SSL certificate # attribute is one of DN/C/O/CN/L/ST or a numerical OID [fast] - acl aclname ext_user username ... + acl aclname ext_user [-i] username ... acl aclname ext_user_regex [-i] pattern ... # string match on username returned by external acl helper [slow] # use REQUIRED to accept any non-null user name. -- 2.47.2