Now that we have this new function to make your life better, use it.
struct userlist *auth_find_userlist(char *name);
unsigned int auth_resolve_groups(struct userlist *l, char *groups);
-struct req_acl_rule *parse_auth_cond(const char **args, const char *file, int linenum, struct list *known_acl, int *acl_requires);
+struct req_acl_rule *parse_auth_cond(const char **args, const char *file, int linenum, struct proxy *proxy);
void userlist_free(struct userlist *ul);
void req_acl_free(struct list *r);
int acl_match_auth(struct acl_test *test, struct acl_pattern *pattern);
}
struct req_acl_rule *
-parse_auth_cond(const char **args, const char *file, int linenum, struct list *known_acl, int *acl_requires)
+parse_auth_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
{
struct req_acl_rule *req_acl;
int cur_arg;
return NULL;
}
- if (*args[cur_arg]) {
- int pol = ACL_COND_NONE;
+ if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
struct acl_cond *cond;
- if (!strcmp(args[cur_arg], "if"))
- pol = ACL_COND_IF;
- else if (!strcmp(args[cur_arg], "unless"))
- pol = ACL_COND_UNLESS;
- else {
- Alert("parsing [%s:%d]: '%s' expects 'realm' for 'auth' or"
- " either 'if' or 'unless' followed by a condition but found '%s'.\n",
- file, linenum, args[0], args[cur_arg]);
+ if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg)) == NULL) {
+ Alert("parsing [%s:%d] : error detected while parsing an 'http-request %s' condition.\n",
+ file, linenum, args[0]);
return NULL;
}
-
- if ((cond = parse_acl_cond((const char **)args + cur_arg + 1, known_acl, pol)) == NULL) {
- Alert("parsing [%s:%d]: error detected while parsing 'req' condition.\n",
- file, linenum);
- return NULL;
- }
-
- cond->file = file;
- cond->line = linenum;
- *acl_requires |= cond->requires;
req_acl->cond = cond;
}
+ else if (*args[cur_arg]) {
+ Alert("parsing [%s:%d]: 'http-request %s' expects 'realm' for 'auth' or"
+ " either 'if' or 'unless' followed by a condition but found '%s'.\n",
+ file, linenum, args[0], args[cur_arg]);
+ return NULL;
+ }
return req_acl;
}
err_code |= ERR_WARN;
}
- req_acl = parse_auth_cond((const char **)args + 1, file, linenum, &curproxy->acl, &curproxy->acl_requires);
+ req_acl = parse_auth_cond((const char **)args + 1, file, linenum, curproxy);
if (!req_acl) {
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
+ err_code |= warnif_cond_requires_resp(req_acl->cond, file, linenum);
LIST_ADDQ(&curproxy->req_acl, &req_acl->list);
}
else if (!strcmp(args[0], "block")) { /* early blocking based on ACLs */
err_code |= ERR_WARN;
}
- req_acl = parse_auth_cond((const char **)args + 2, file, linenum, &curproxy->acl, &curproxy->acl_requires);
+ req_acl = parse_auth_cond((const char **)args + 2, file, linenum, curproxy);
if (!req_acl) {
err_code |= ERR_ALERT | ERR_ABORT;
goto out;
}
+ err_code |= warnif_cond_requires_resp(req_acl->cond, file, linenum);
LIST_ADDQ(&curproxy->uri_auth->req_acl, &req_acl->list);
} else if (!strcmp(args[1], "auth")) {
uri_auth_compat_req[1][1] = "";
for (i = 0; *uri_auth_compat_req[i]; i++) {
- req_acl = parse_auth_cond(uri_auth_compat_req[i], "internal-stats-auth-compat", i,
- &curproxy->acl, &curproxy->acl_requires);
+ req_acl = parse_auth_cond(uri_auth_compat_req[i], "internal-stats-auth-compat", i, curproxy);
if (!req_acl) {
cfgerr++;
break;
projects / thirdparty / haproxy.git / commitdiff
