From de57a578ba79f37092025ccf571e388a23ce679c Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 23 Nov 2016 17:01:39 +0100 Subject: [PATCH] MINOR: cli: create new function cli_has_level() to validate permissions This function is used to check that the CLI features the appropriate level of permissions or to prepare the adequate error message. --- include/proto/cli.h | 2 ++ src/cli.c | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/include/proto/cli.h b/include/proto/cli.h index 25c2ee022..d5feb862a 100644 --- a/include/proto/cli.h +++ b/include/proto/cli.h @@ -27,5 +27,7 @@ struct cli_kw* cli_find_kw(char **args); void cli_register_kw(struct cli_kw_list *kw_list); +int cli_has_level(struct appctx *appctx, int level); + #endif /* _PROTO_CLI_H */ diff --git a/src/cli.c b/src/cli.c index c00fc865d..0a6a68dc1 100644 --- a/src/cli.c +++ b/src/cli.c @@ -472,6 +472,24 @@ static int stats_parse_global(char **args, int section_type, struct proxy *curpx return 0; } +/* Verifies that the CLI at least has a level at least as high as + * (typically ACCESS_LVL_ADMIN). Returns 1 if OK, otherwise 0. In case of + * failure, an error message is prepared and the appctx's state is adjusted + * to print it so that a return 1 is enough to abort any processing. + */ +int cli_has_level(struct appctx *appctx, int level) +{ + struct stream_interface *si = appctx->owner; + struct stream *s = si_strm(si); + + if (strm_li(s)->bind_conf->level < level) { + appctx->ctx.cli.msg = stats_permission_denied_msg; + appctx->st0 = STAT_CLI_PRINT; + return 0; + } + return 1; +} + /* print a string of text buffer to . The format is : * Non-printable chars \t, \n, \r and \e are * encoded in C format.