Index: squid/src/acl.c diff -c squid/src/acl.c:1.270.2.14 squid/src/acl.c:1.270.2.15 *** squid/src/acl.c:1.270.2.14 Tue May 6 13:54:28 2003 --- squid/src/acl.c Wed May 7 13:55:00 2003 *************** *** 1424,1434 **** case AUTH_ACL_HELPER: debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n"); checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED; ! return 0; case AUTH_ACL_CHALLENGE: debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n"); checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED; ! return 0; default: fatal("unexpected authenticateAuthenticate reply\n"); return -1; --- 1424,1434 ---- case AUTH_ACL_HELPER: debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n"); checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED; ! return -1; case AUTH_ACL_CHALLENGE: debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n"); checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED; ! return -1; default: fatal("unexpected authenticateAuthenticate reply\n"); return -1; *************** *** 1692,1702 **** aclMatchAclList(const acl_list * list, aclCheck_t * checklist) { while (list) { AclMatchedName = list->acl->name; debug(28, 3) ("aclMatchAclList: checking %s%s\n", list->op ? null_string : "!", list->acl->name); ! if (aclMatchAcl(list->acl, checklist) != list->op) { ! debug(28, 3) ("aclMatchAclList: returning 0\n"); return 0; } list = list->next; --- 1692,1708 ---- aclMatchAclList(const acl_list * list, aclCheck_t * checklist) { while (list) { + int answer; AclMatchedName = list->acl->name; debug(28, 3) ("aclMatchAclList: checking %s%s\n", list->op ? null_string : "!", list->acl->name); ! answer = aclMatchAcl(list->acl, checklist); ! if (answer < 0) { ! debug(28, 3) ("aclMatchAclList: failure. returning -1\n"); ! return -1; ! } ! if (answer != list->op) { ! debug(28, 3) ("aclMatchAclList: no match, returning 0\n"); return 0; } list = list->next; *************** *** 1719,1728 **** aclCheckFast(const acl_access * A, aclCheck_t * checklist) { allow_t allow = ACCESS_DENIED; debug(28, 5) ("aclCheckFast: list: %p\n", A); while (A) { allow = A->allow; ! if (aclMatchAclList(A->acl_list, checklist)) { aclCheckCleanup(checklist); return allow == ACCESS_ALLOWED; } --- 1725,1738 ---- aclCheckFast(const acl_access * A, aclCheck_t * checklist) { allow_t allow = ACCESS_DENIED; + int answer; debug(28, 5) ("aclCheckFast: list: %p\n", A); while (A) { allow = A->allow; ! answer = aclMatchAclList(A->acl_list, checklist); ! if (answer) { ! if (answer < 0) ! return ACCESS_DENIED; aclCheckCleanup(checklist); return allow == ACCESS_ALLOWED; } *************** *** 1754,1759 **** --- 1764,1771 ---- debug(28, 3) ("aclCheck: checking '%s'\n", A->cfgline); allow = A->allow; match = aclMatchAclList(A->acl_list, checklist); + if (match == -1) + allow = ACCESS_DENIED; if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_NEEDED) { checklist->state[ACL_DST_IP] = ACL_LOOKUP_PENDING; ipcache_nbgethostbyname(checklist->request->host, *************** *** 1807,1813 **** debug(28, 1) ("aclCheck: Can't start ident lookup. No client connection\n"); cbdataUnlock(checklist->conn); checklist->conn = NULL; ! allow = 0; match = -1; } } --- 1819,1825 ---- debug(28, 1) ("aclCheck: Can't start ident lookup. No client connection\n"); cbdataUnlock(checklist->conn); checklist->conn = NULL; ! allow = ACCESS_DENIED; match = -1; } }