BUG/MINOR: ssl/cli: 'ssl cert' cmd only usable w/ admin rights

The 3 commands 'set ssl cert', 'abort ssl cert' and 'commit ssl cert' must be only usable with admin rights over the CLI. Must be backported in 2.1.
2025-04-18 04:55:37 +00:00 · 2019-12-03 13:32:54 +01:00 · 2019-12-03 13:32:54 +01:00 · 230662a0dd
commit 230662a0dd
parent d96f1126fe
1 changed files with 9 additions and 0 deletions
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -10371,6 +10371,9 @@ static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appc
 {
 	char *err = NULL;

+	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+		return 1;
+
 	if (!*args[3])
 		return cli_err(appctx, "'commit ssl cert expects a filename\n");

@ -10423,6 +10426,9 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx,
 	struct cert_key_and_chain *ckch;
 	struct buffer *buf;

+	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+		return 1;
+
 	if ((buf = alloc_trash_chunk()) == NULL)
 		return cli_err(appctx, "Can't allocate memory\n");

@ -10645,6 +10651,9 @@ static int cli_parse_abort_cert(char **args, char *payload, struct appctx *appct
 {
 	char *err = NULL;

+	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+		return 1;
+
 	if (!*args[3])
 		return cli_err(appctx, "'abort ssl cert' expects a filename\n");