[packages/squid.git] / squid-2.5.STABLE2-acl_lookup_loop.patch

Index: squid/src/acl.c
diff -c squid/src/acl.c:1.270.2.14 squid/src/acl.c:1.270.2.15
*** squid/src/acl.c:1.270.2.14	Tue May  6 13:54:28 2003
--- squid/src/acl.c	Wed May  7 13:55:00 2003
***************
*** 1424,1434 ****
      case AUTH_ACL_HELPER:
  	debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n");
  	checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED;
! 	return 0;
      case AUTH_ACL_CHALLENGE:
  	debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n");
  	checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED;
! 	return 0;
      default:
  	fatal("unexpected authenticateAuthenticate reply\n");
  	return -1;
--- 1424,1434 ----
      case AUTH_ACL_HELPER:
  	debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n");
  	checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED;
! 	return -1;
      case AUTH_ACL_CHALLENGE:
  	debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n");
  	checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED;
! 	return -1;
      default:
  	fatal("unexpected authenticateAuthenticate reply\n");
  	return -1;
***************
*** 1692,1702 ****
  aclMatchAclList(const acl_list * list, aclCheck_t * checklist)
  {
      while (list) {
  	AclMatchedName = list->acl->name;
  	debug(28, 3) ("aclMatchAclList: checking %s%s\n",
  	    list->op ? null_string : "!", list->acl->name);
! 	if (aclMatchAcl(list->acl, checklist) != list->op) {
! 	    debug(28, 3) ("aclMatchAclList: returning 0\n");
  	    return 0;
  	}
  	list = list->next;
--- 1692,1708 ----
  aclMatchAclList(const acl_list * list, aclCheck_t * checklist)
  {
      while (list) {
+ 	int answer;
  	AclMatchedName = list->acl->name;
  	debug(28, 3) ("aclMatchAclList: checking %s%s\n",
  	    list->op ? null_string : "!", list->acl->name);
! 	answer = aclMatchAcl(list->acl, checklist);
! 	if (answer < 0) {
! 	    debug(28, 3) ("aclMatchAclList: failure. returning -1\n");
! 	    return -1;
! 	}
! 	if (answer != list->op) {
! 	    debug(28, 3) ("aclMatchAclList: no match, returning 0\n");
  	    return 0;
  	}
  	list = list->next;
***************
*** 1719,1728 ****
  aclCheckFast(const acl_access * A, aclCheck_t * checklist)
  {
      allow_t allow = ACCESS_DENIED;
      debug(28, 5) ("aclCheckFast: list: %p\n", A);
      while (A) {
  	allow = A->allow;
! 	if (aclMatchAclList(A->acl_list, checklist)) {
  	    aclCheckCleanup(checklist);
  	    return allow == ACCESS_ALLOWED;
  	}
--- 1725,1738 ----
  aclCheckFast(const acl_access * A, aclCheck_t * checklist)
  {
      allow_t allow = ACCESS_DENIED;
+     int answer;
      debug(28, 5) ("aclCheckFast: list: %p\n", A);
      while (A) {
  	allow = A->allow;
! 	answer = aclMatchAclList(A->acl_list, checklist);
! 	if (answer) {
! 	    if (answer < 0)
! 		return ACCESS_DENIED;
  	    aclCheckCleanup(checklist);
  	    return allow == ACCESS_ALLOWED;
  	}
***************
*** 1754,1759 ****
--- 1764,1771 ----
  	debug(28, 3) ("aclCheck: checking '%s'\n", A->cfgline);
  	allow = A->allow;
  	match = aclMatchAclList(A->acl_list, checklist);
+ 	if (match == -1)
+ 	    allow = ACCESS_DENIED;
  	if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_NEEDED) {
  	    checklist->state[ACL_DST_IP] = ACL_LOOKUP_PENDING;
  	    ipcache_nbgethostbyname(checklist->request->host,
***************
*** 1807,1813 ****
  		debug(28, 1) ("aclCheck: Can't start ident lookup. No client connection\n");
  		cbdataUnlock(checklist->conn);
  		checklist->conn = NULL;
! 		allow = 0;
  		match = -1;
  	    }
  	}
--- 1819,1825 ----
  		debug(28, 1) ("aclCheck: Can't start ident lookup. No client connection\n");
  		cbdataUnlock(checklist->conn);
  		checklist->conn = NULL;
! 		allow = ACCESS_DENIED;
  		match = -1;
  	    }
  	}
Commit	Line	Data
b99c048a MW	1	Index: squid/src/acl.c
	2	diff -c squid/src/acl.c:1.270.2.14 squid/src/acl.c:1.270.2.15
	3	*** squid/src/acl.c:1.270.2.14 Tue May 6 13:54:28 2003
	4	--- squid/src/acl.c Wed May 7 13:55:00 2003
	5	***************
	6	* 1424,1434 **
	7	case AUTH_ACL_HELPER:
	8	debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n");
	9	checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED;
	10	! return 0;
	11	case AUTH_ACL_CHALLENGE:
	12	debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n");
	13	checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED;
	14	! return 0;
	15	default:
	16	fatal("unexpected authenticateAuthenticate reply\n");
	17	return -1;
	18	--- 1424,1434 ----
	19	case AUTH_ACL_HELPER:
	20	debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n");
	21	checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED;
	22	! return -1;
	23	case AUTH_ACL_CHALLENGE:
	24	debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n");
	25	checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED;
	26	! return -1;
	27	default:
	28	fatal("unexpected authenticateAuthenticate reply\n");
	29	return -1;
	30	***************
	31	* 1692,1702 **
	32	aclMatchAclList(const acl_list * list, aclCheck_t * checklist)
	33	{
	34	while (list) {
	35	AclMatchedName = list->acl->name;
	36	debug(28, 3) ("aclMatchAclList: checking %s%s\n",
	37	list->op ? null_string : "!", list->acl->name);
	38	! if (aclMatchAcl(list->acl, checklist) != list->op) {
	39	! debug(28, 3) ("aclMatchAclList: returning 0\n");
	40	return 0;
	41	}
	42	list = list->next;
	43	--- 1692,1708 ----
	44	aclMatchAclList(const acl_list * list, aclCheck_t * checklist)
	45	{
	46	while (list) {
	47	+ int answer;
	48	AclMatchedName = list->acl->name;
	49	debug(28, 3) ("aclMatchAclList: checking %s%s\n",
	50	list->op ? null_string : "!", list->acl->name);
	51	! answer = aclMatchAcl(list->acl, checklist);
	52	! if (answer < 0) {
	53	! debug(28, 3) ("aclMatchAclList: failure. returning -1\n");
	54	! return -1;
	55	! }
	56	! if (answer != list->op) {
	57	! debug(28, 3) ("aclMatchAclList: no match, returning 0\n");
	58	return 0;
	59	}
	60	list = list->next;
	61	***************
	62	* 1719,1728 **
	63	aclCheckFast(const acl_access * A, aclCheck_t * checklist)
	64	{
65	allow_t allow = ACCESS_DENIED;
66	debug(28, 5) ("aclCheckFast: list: %p\n", A);
67	while (A) {
68	allow = A->allow;
69	! if (aclMatchAclList(A->acl_list, checklist)) {
70	aclCheckCleanup(checklist);
71	return allow == ACCESS_ALLOWED;
72	}
73	--- 1725,1738 ----
74	aclCheckFast(const acl_access * A, aclCheck_t * checklist)
75	{
76	allow_t allow = ACCESS_DENIED;
77	+ int answer;
78	debug(28, 5) ("aclCheckFast: list: %p\n", A);
79	while (A) {
80	allow = A->allow;
81	! answer = aclMatchAclList(A->acl_list, checklist);
82	! if (answer) {
83	! if (answer < 0)
84	! return ACCESS_DENIED;
85	aclCheckCleanup(checklist);
86	return allow == ACCESS_ALLOWED;
87	}
88	***************
89	* 1754,1759 **
90	--- 1764,1771 ----
91	debug(28, 3) ("aclCheck: checking '%s'\n", A->cfgline);
92	allow = A->allow;
93	match = aclMatchAclList(A->acl_list, checklist);
94	+ if (match == -1)
95	+ allow = ACCESS_DENIED;
96	if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_NEEDED) {
97	checklist->state[ACL_DST_IP] = ACL_LOOKUP_PENDING;
98	ipcache_nbgethostbyname(checklist->request->host,
99	***************
100	* 1807,1813 **
101	debug(28, 1) ("aclCheck: Can't start ident lookup. No client connection\n");
102	cbdataUnlock(checklist->conn);
103	checklist->conn = NULL;
104	! allow = 0;
105	match = -1;
106	}
107	}
108	--- 1819,1825 ----
109	debug(28, 1) ("aclCheck: Can't start ident lookup. No client connection\n");
110	cbdataUnlock(checklist->conn);
111	checklist->conn = NULL;
112	! allow = ACCESS_DENIED;
113	match = -1;
114	}
115	}