diff --git a/include/proto/auth.h b/include/proto/auth.h index 980862168..7385ab0d8 100644 --- a/include/proto/auth.h +++ b/include/proto/auth.h @@ -20,7 +20,7 @@ extern struct userlist *userlist; struct userlist *auth_find_userlist(char *name); unsigned int auth_resolve_groups(struct userlist *l, char *groups); -struct req_acl_rule *parse_auth_cond(const char **args, const char *file, int linenum, struct list *known_acl, int *acl_requires); +struct req_acl_rule *parse_auth_cond(const char **args, const char *file, int linenum, struct proxy *proxy); void userlist_free(struct userlist *ul); void req_acl_free(struct list *r); int acl_match_auth(struct acl_test *test, struct acl_pattern *pattern); diff --git a/src/auth.c b/src/auth.c index 3bce7c183..4740ca436 100644 --- a/src/auth.c +++ b/src/auth.c @@ -78,7 +78,7 @@ auth_resolve_groups(struct userlist *l, char *groups) } struct req_acl_rule * -parse_auth_cond(const char **args, const char *file, int linenum, struct list *known_acl, int *acl_requires) +parse_auth_cond(const char **args, const char *file, int linenum, struct proxy *proxy) { struct req_acl_rule *req_acl; int cur_arg; @@ -116,32 +116,22 @@ req_error_parsing: return NULL; } - if (*args[cur_arg]) { - int pol = ACL_COND_NONE; + if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) { struct acl_cond *cond; - if (!strcmp(args[cur_arg], "if")) - pol = ACL_COND_IF; - else if (!strcmp(args[cur_arg], "unless")) - pol = ACL_COND_UNLESS; - else { - Alert("parsing [%s:%d]: '%s' expects 'realm' for 'auth' or" - " either 'if' or 'unless' followed by a condition but found '%s'.\n", - file, linenum, args[0], args[cur_arg]); + if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg)) == NULL) { + Alert("parsing [%s:%d] : error detected while parsing an 'http-request %s' condition.\n", + file, linenum, args[0]); return NULL; } - - if ((cond = parse_acl_cond((const char **)args + cur_arg + 1, known_acl, pol)) == NULL) { - Alert("parsing [%s:%d]: error detected while parsing 'req' condition.\n", - file, linenum); - return NULL; - } - - cond->file = file; - cond->line = linenum; - *acl_requires |= cond->requires; req_acl->cond = cond; } + else if (*args[cur_arg]) { + Alert("parsing [%s:%d]: 'http-request %s' expects 'realm' for 'auth' or" + " either 'if' or 'unless' followed by a condition but found '%s'.\n", + file, linenum, args[0], args[cur_arg]); + return NULL; + } return req_acl; } diff --git a/src/cfgparse.c b/src/cfgparse.c index 17bd5eaea..a57f1bf9a 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -1944,13 +1944,14 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) err_code |= ERR_WARN; } - req_acl = parse_auth_cond((const char **)args + 1, file, linenum, &curproxy->acl, &curproxy->acl_requires); + req_acl = parse_auth_cond((const char **)args + 1, file, linenum, curproxy); if (!req_acl) { err_code |= ERR_ALERT | ERR_ABORT; goto out; } + err_code |= warnif_cond_requires_resp(req_acl->cond, file, linenum); LIST_ADDQ(&curproxy->req_acl, &req_acl->list); } else if (!strcmp(args[0], "block")) { /* early blocking based on ACLs */ @@ -2436,13 +2437,14 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) err_code |= ERR_WARN; } - req_acl = parse_auth_cond((const char **)args + 2, file, linenum, &curproxy->acl, &curproxy->acl_requires); + req_acl = parse_auth_cond((const char **)args + 2, file, linenum, curproxy); if (!req_acl) { err_code |= ERR_ALERT | ERR_ABORT; goto out; } + err_code |= warnif_cond_requires_resp(req_acl->cond, file, linenum); LIST_ADDQ(&curproxy->uri_auth->req_acl, &req_acl->list); } else if (!strcmp(args[1], "auth")) { @@ -4753,8 +4755,7 @@ int check_config_validity() uri_auth_compat_req[1][1] = ""; for (i = 0; *uri_auth_compat_req[i]; i++) { - req_acl = parse_auth_cond(uri_auth_compat_req[i], "internal-stats-auth-compat", i, - &curproxy->acl, &curproxy->acl_requires); + req_acl = parse_auth_cond(uri_auth_compat_req[i], "internal-stats-auth-compat", i, curproxy); if (!req_acl) { cfgerr++; break;