RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-19 04:07:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: cli: add ACCESS_LVL_MASK to store the access level

Browse Source 
The current level variable use only 2 bits for storing the 3 access
level (user, oper and admin).

This patch add a bitmask which allows to use the remaining bits for
other usage.
This commit is contained in:
William Lallemand 2017-05-24 00:57:40 +02:00 committed by Willy Tarreau
parent fd80df11c3
commit 07a62f7a7e
4 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/types/global.h
View File

@ -69,6 +69,8 @@
#define ACCESS_LVL_USER 1
#define ACCESS_LVL_OPER 2
#define ACCESS_LVL_ADMIN 3
#define ACCESS_LVL_MASK 0x3
/* SSL server verify mode */
enum {

32
src/cli.c
View File

@ -217,7 +217,8 @@ static int stats_parse_global(char **args, int section_type, struct proxy *curpx
}
bind_conf = bind_conf_alloc(global.stats_fe, file, line, args[2], xprt_get(XPRT_RAW));
bind_conf->level = ACCESS_LVL_OPER; /* default access level */
bind_conf->level &= ~ACCESS_LVL_MASK;
bind_conf->level |= ACCESS_LVL_OPER; /* default access level */
if (!str2listener(args[2], global.stats_fe, bind_conf, file, line, err)) {
memprintf(err, "parsing [%s:%d] : '%s %s' : %s\n",
@ -383,7 +384,7 @@ int cli_has_level(struct appctx *appctx, int level)
struct stream_interface *si = appctx->owner;
struct stream *s = si_strm(si);
if (strm_li(s)->bind_conf->level < level) {
if ((strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) < level) {
appctx->ctx.cli.msg = stats_permission_denied_msg;
appctx->st0 = CLI_ST_PRINT;
return 0;
@ -790,12 +791,12 @@ static int cli_io_handler_show_cli_sock(struct appctx *appctx)
} else
continue;
if (bind_conf->level == ACCESS_LVL_USER)
chunk_appendf(&trash, "user ");
else if (bind_conf->level == ACCESS_LVL_OPER)
chunk_appendf(&trash, "operator ");
else if (bind_conf->level == ACCESS_LVL_ADMIN)
if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_ADMIN)
chunk_appendf(&trash, "admin ");
else if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_OPER)
chunk_appendf(&trash, "operator ");
else if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_USER)
chunk_appendf(&trash, "user ");
else
chunk_appendf(&trash, " ");
@ -1000,13 +1001,16 @@ static int bind_parse_level(char **args, int cur_arg, struct proxy *px, struct b
return ERR_ALERT | ERR_FATAL;
}
if (!strcmp(args[cur_arg+1], "user"))
conf->level = ACCESS_LVL_USER;
else if (!strcmp(args[cur_arg+1], "operator"))
conf->level = ACCESS_LVL_OPER;
else if (!strcmp(args[cur_arg+1], "admin"))
conf->level = ACCESS_LVL_ADMIN;
else {
if (!strcmp(args[cur_arg+1], "user")) {
conf->level &= ~ACCESS_LVL_MASK;
conf->level |= ACCESS_LVL_USER;
} else if (!strcmp(args[cur_arg+1], "operator")) {
conf->level &= ~ACCESS_LVL_MASK;
conf->level |= ACCESS_LVL_OPER;
} else if (!strcmp(args[cur_arg+1], "admin")) {
conf->level &= ~ACCESS_LVL_MASK;
conf->level |= ACCESS_LVL_ADMIN;
} else {
memprintf(err, "'%s' only supports 'user', 'operator', and 'admin' (got '%s')",
args[cur_arg], args[cur_arg+1]);
return ERR_ALERT | ERR_FATAL;

2
src/stats.c
View File

@ -1957,7 +1957,7 @@ int stats_dump_proxy_to_buffer(struct stream_interface *si, struct proxy *px, st
if (uri)
flags = uri->flags;
else if (strm_li(s)->bind_conf->level >= ACCESS_LVL_OPER)
else if ((strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) >= ACCESS_LVL_OPER)
flags = ST_SHLGNDS | ST_SHNODE | ST_SHDESC;
else
flags = ST_SHNODE | ST_SHDESC;

4
src/stick_table.c
View File

@ -2253,7 +2253,7 @@ static int table_dump_head_to_buffer(struct chunk *msg, struct stream_interface
/* any other information should be dumped here */
if (target && strm_li(s)->bind_conf->level < ACCESS_LVL_OPER)
if (target && (strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) < ACCESS_LVL_OPER)
chunk_appendf(msg, "# contents not dumped due to insufficient privileges\n");
if (bi_putchk(si_ic(si), msg) == -1) {
@ -2667,7 +2667,7 @@ static int cli_io_handler_table(struct appctx *appctx)
return 0;
if (appctx->ctx.table.target &&
strm_li(s)->bind_conf->level >= ACCESS_LVL_OPER) {
(strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) >= ACCESS_LVL_OPER) {
/* dump entries only if table explicitly requested */
eb = ebmb_first(&appctx->ctx.table.proxy->table.keys);
if (eb) {