[CLEANUP] config: use build_acl_cond() to simplify http-request ACL parsing

Now that we have this new function to make your life better, use it.

include/proto/auth.h

@@ -20,7 +20,7 @@ extern struct userlist *userlist;
 
 struct userlist *auth_find_userlist(char *name);
 unsigned int auth_resolve_groups(struct userlist *l, char *groups);
-struct req_acl_rule *parse_auth_cond(const char **args, const char *file, int linenum, struct list *known_acl, int *acl_requires);
+struct req_acl_rule *parse_auth_cond(const char **args, const char *file, int linenum, struct proxy *proxy);
 void userlist_free(struct userlist *ul);
 void req_acl_free(struct list *r);
 int acl_match_auth(struct acl_test *test, struct acl_pattern *pattern);

src/auth.c

@@ -78,7 +78,7 @@ auth_resolve_groups(struct userlist *l, char *groups)
 }
 
 struct req_acl_rule *
-parse_auth_cond(const char **args, const char *file, int linenum, struct list *known_acl, int *acl_requires)
+parse_auth_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
 {
 	struct req_acl_rule *req_acl;
 	int cur_arg;
@@ -116,33 +116,23 @@ req_error_parsing:
 		return NULL;
 	}
 
-	if (*args[cur_arg]) {
+	if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
-		int pol = ACL_COND_NONE;
 		struct acl_cond *cond;
 
-		if (!strcmp(args[cur_arg], "if"))
+		if ((cond = build_acl_cond(file, linenum, proxy, args+cur_arg)) == NULL) {
-			pol = ACL_COND_IF;
+			Alert("parsing [%s:%d] : error detected while parsing an 'http-request %s' condition.\n",
-		else if (!strcmp(args[cur_arg], "unless"))
+			      file, linenum, args[0]);
-			pol = ACL_COND_UNLESS;
+			return NULL;
-		else {
+		}
-			Alert("parsing [%s:%d]: '%s' expects 'realm' for 'auth' or"
+		req_acl->cond = cond;
+	}
+	else if (*args[cur_arg]) {
+		Alert("parsing [%s:%d]: 'http-request %s' expects 'realm' for 'auth' or"
 		      " either 'if' or 'unless' followed by a condition but found '%s'.\n",
 		      file, linenum, args[0], args[cur_arg]);
 		return NULL;
 	}
 
-		if ((cond = parse_acl_cond((const char **)args + cur_arg + 1, known_acl, pol)) == NULL) {
-			Alert("parsing [%s:%d]: error detected while parsing 'req' condition.\n",
-			      file, linenum);
-			return NULL;
-		}
-
-		cond->file = file;
-		cond->line = linenum;
-		*acl_requires |= cond->requires;
-		req_acl->cond = cond;
-	}
-
 	return req_acl;
 }
 

src/cfgparse.c

@@ -1944,13 +1944,14 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
 			err_code |= ERR_WARN;
 		}
 
-		req_acl = parse_auth_cond((const char **)args + 1, file, linenum, &curproxy->acl, &curproxy->acl_requires);
+		req_acl = parse_auth_cond((const char **)args + 1, file, linenum, curproxy);
 
 		if (!req_acl) {
 			err_code |= ERR_ALERT | ERR_ABORT;
 			goto out;
 		}
 
+		err_code |= warnif_cond_requires_resp(req_acl->cond, file, linenum);
 		LIST_ADDQ(&curproxy->req_acl, &req_acl->list);
 	}
 	else if (!strcmp(args[0], "block")) {  /* early blocking based on ACLs */
@@ -2436,13 +2437,14 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
 				err_code |= ERR_WARN;
 			}
 
-			req_acl = parse_auth_cond((const char **)args + 2, file, linenum, &curproxy->acl, &curproxy->acl_requires);
+			req_acl = parse_auth_cond((const char **)args + 2, file, linenum, curproxy);
 
 			if (!req_acl) {
 				err_code |= ERR_ALERT | ERR_ABORT;
 				goto out;
 			}
 
+			err_code |= warnif_cond_requires_resp(req_acl->cond, file, linenum);
 			LIST_ADDQ(&curproxy->uri_auth->req_acl, &req_acl->list);
 
 		} else if (!strcmp(args[1], "auth")) {
@@ -4753,8 +4755,7 @@ int check_config_validity()
 				uri_auth_compat_req[1][1] = "";
 
 			for (i = 0; *uri_auth_compat_req[i]; i++) {
-				req_acl = parse_auth_cond(uri_auth_compat_req[i], "internal-stats-auth-compat", i,
+				req_acl = parse_auth_cond(uri_auth_compat_req[i], "internal-stats-auth-compat", i, curproxy);
-							  &curproxy->acl, &curproxy->acl_requires);
 				if (!req_acl) {
 					cfgerr++;
 					break;