Actually I think it is the proxy_auth ACL doing the inconsistent thing
here.. but sure what you propose makes sense and would simplify
aclCheck() a bit (no need to investigate if lookups are required unless
aclMatchAclList() said it is)
-- Henrik Robert Collins wrote: > > Some of the ACL tests that need lookups - such as dst ip tests, where we > need to do the name->ip lookup, return 0 for no match, rather than -1 > for can't compare. > > Is this correct? It means that we will get false passes/misses on the > first test. > > Any objection to these pausing the request until the lookup is done? It > will make some of the modular code a little easier (because we won't be > overloading the meaning of the response codes). > > (The response codes are basically > 0 - no match > 1 - match > -1 - can't test. > > -1 is currently only used by the auth code, IMO it should be used by any > acl match routine that needs to do a lookup. > > RobReceived on Sat Apr 28 2001 - 19:10:12 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:51 MST