From 07a62f7a7ee1caf24283ba73df1467be2517ae88 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 24 May 2017 00:57:40 +0200
Subject: [PATCH] MINOR: cli: add ACCESS_LVL_MASK to store the access level

The current level variable use only 2 bits for storing the 3 access
level (user, oper and admin).

This patch add a bitmask which allows to use the remaining bits for
other usage.
---
 include/types/global.h |  2 ++
 src/cli.c              | 32 ++++++++++++++++++--------------
 src/stats.c            |  2 +-
 src/stick_table.c      |  4 ++--
 4 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/include/types/global.h b/include/types/global.h
index 57b969dd1..cd5fda3c3 100644
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -69,6 +69,8 @@
 #define ACCESS_LVL_USER     1
 #define ACCESS_LVL_OPER     2
 #define ACCESS_LVL_ADMIN    3
+#define ACCESS_LVL_MASK     0x3
+
 
 /* SSL server verify mode */
 enum {
diff --git a/src/cli.c b/src/cli.c
index 55baee392..cdbaf2b4d 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -217,7 +217,8 @@ static int stats_parse_global(char **args, int section_type, struct proxy *curpx
 		}
 
 		bind_conf = bind_conf_alloc(global.stats_fe, file, line, args[2], xprt_get(XPRT_RAW));
-		bind_conf->level = ACCESS_LVL_OPER; /* default access level */
+		bind_conf->level &= ~ACCESS_LVL_MASK;
+		bind_conf->level |= ACCESS_LVL_OPER; /* default access level */
 
 		if (!str2listener(args[2], global.stats_fe, bind_conf, file, line, err)) {
 			memprintf(err, "parsing [%s:%d] : '%s %s' : %s\n",
@@ -383,7 +384,7 @@ int cli_has_level(struct appctx *appctx, int level)
 	struct stream_interface *si = appctx->owner;
 	struct stream *s = si_strm(si);
 
-	if (strm_li(s)->bind_conf->level < level) {
+	if ((strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) < level) {
 		appctx->ctx.cli.msg = stats_permission_denied_msg;
 		appctx->st0 = CLI_ST_PRINT;
 		return 0;
@@ -790,12 +791,12 @@ static int cli_io_handler_show_cli_sock(struct appctx *appctx)
 						} else
 							continue;
 
-						if (bind_conf->level == ACCESS_LVL_USER)
-							chunk_appendf(&trash, "user ");
-						else if (bind_conf->level == ACCESS_LVL_OPER)
-							chunk_appendf(&trash, "operator ");
-						else if (bind_conf->level == ACCESS_LVL_ADMIN)
+						if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_ADMIN)
 							chunk_appendf(&trash, "admin ");
+						else if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_OPER)
+							chunk_appendf(&trash, "operator ");
+						else if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_USER)
+							chunk_appendf(&trash, "user ");
 						else
 							chunk_appendf(&trash, "  ");
 
@@ -1000,13 +1001,16 @@ static int bind_parse_level(char **args, int cur_arg, struct proxy *px, struct b
 		return ERR_ALERT | ERR_FATAL;
 	}
 
-	if (!strcmp(args[cur_arg+1], "user"))
-		conf->level = ACCESS_LVL_USER;
-	else if (!strcmp(args[cur_arg+1], "operator"))
-		conf->level = ACCESS_LVL_OPER;
-	else if (!strcmp(args[cur_arg+1], "admin"))
-		conf->level = ACCESS_LVL_ADMIN;
-	else {
+	if (!strcmp(args[cur_arg+1], "user")) {
+		conf->level &= ~ACCESS_LVL_MASK;
+		conf->level |= ACCESS_LVL_USER;
+	} else if (!strcmp(args[cur_arg+1], "operator")) {
+		conf->level &= ~ACCESS_LVL_MASK;
+		conf->level |= ACCESS_LVL_OPER;
+	} else if (!strcmp(args[cur_arg+1], "admin")) {
+		conf->level &= ~ACCESS_LVL_MASK;
+		conf->level |= ACCESS_LVL_ADMIN;
+	} else {
 		memprintf(err, "'%s' only supports 'user', 'operator', and 'admin' (got '%s')",
 			  args[cur_arg], args[cur_arg+1]);
 		return ERR_ALERT | ERR_FATAL;
diff --git a/src/stats.c b/src/stats.c
index 8f73b7d4d..71230d0ce 100644
--- a/src/stats.c
+++ b/src/stats.c
@@ -1957,7 +1957,7 @@ int stats_dump_proxy_to_buffer(struct stream_interface *si, struct proxy *px, st
 
 	if (uri)
 		flags = uri->flags;
-	else if (strm_li(s)->bind_conf->level >= ACCESS_LVL_OPER)
+	else if ((strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) >= ACCESS_LVL_OPER)
 		flags = ST_SHLGNDS | ST_SHNODE | ST_SHDESC;
 	else
 		flags = ST_SHNODE | ST_SHDESC;
diff --git a/src/stick_table.c b/src/stick_table.c
index a03a82465..8cc7dd20b 100644
--- a/src/stick_table.c
+++ b/src/stick_table.c
@@ -2253,7 +2253,7 @@ static int table_dump_head_to_buffer(struct chunk *msg, struct stream_interface
 
 	/* any other information should be dumped here */
 
-	if (target && strm_li(s)->bind_conf->level < ACCESS_LVL_OPER)
+	if (target && (strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) < ACCESS_LVL_OPER)
 		chunk_appendf(msg, "# contents not dumped due to insufficient privileges\n");
 
 	if (bi_putchk(si_ic(si), msg) == -1) {
@@ -2667,7 +2667,7 @@ static int cli_io_handler_table(struct appctx *appctx)
 					return 0;
 
 				if (appctx->ctx.table.target &&
-				    strm_li(s)->bind_conf->level >= ACCESS_LVL_OPER) {
+				    (strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) >= ACCESS_LVL_OPER) {
 					/* dump entries only if table explicitly requested */
 					eb = ebmb_first(&appctx->ctx.table.proxy->table.keys);
 					if (eb) {