Hello,
The attached work-in-progress patch attempts to fix most of the bugs
discussed in recent ACL-related squid-dev threads ("DUNNO state and
implicit ACLs" and "Handle ACLs that are neither denied nor allowed").
Comments welcomed!
Done:
* Removed ACLChecklist::lastACLResult(). It was doing nothing but
duplicating nodeMatched value as far as I could tell.
* Move away from setting the "default" (and usually wrong) "current"
answer and then sometimes adjusting it. Set the answer only when
we know what it is.
* Correctly handle cases where no rules were matched and, hence, the
keyword/action of the last seen rule (if any) has to be "reversed".
* Do not ignore non-allow/deny outcomes of rules in fastCheck().
* Streamline and better document ACLChecklist::matchAclList()
interface. Use it in a more consistent fashion.
* Better document and restrict ACLChecklist::matches() outcomes;
list the ones we actually support. Assert on unsupported outcomes
(for now).
TODO:
* Remove ProxyAuthNeeded class. It is an async state that does not
perform async operations and, hence, is not needed.
* Move IdentLookup::checkForAsync() connection check into
ACLIdent::match() to avoid creating an async state that is not
needed.
* Rename currentAnswer() to finalAnswer(). We probably never change the
"current" answer any more.
* Testing, trunk port, and polishing.
* Detail all patch changes.
Cheers,
Alex.
This archive was generated by hypermail 2.2.0 : Thu May 24 2012 - 12:00:07 MDT