RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MINOR: stats: get rid of the ST_CONVDONE flag 

This flag was added in 1.4-rc1 by commit 329f74d463 ("[BUG] uri_auth: do
not attemp to convert uri_auth -> http-request more than once") to
address the case where two proxies inherit the stats settings from
the defaults instance, and the first one compiles the expression while
the second one uses it. In this case since they use the exact same
uri_auth pointer, only the first one should compile and the second one
must not fail the check. This was addressed by adding an ST_CONVDONE
flag indicating that the expression conversion was completed and didn't
need to be done again. But this is a hack and it becomes cumbersome in
the middle of the other flags which are all relevant to the stats
applet. Let's instead fix it by checking if we're dealing with an
alias of the defaults instance and refrain from compiling this twice.
This allows us to remove the ST_CONVDONE flag.

A typical config requiring this check is :

   defaults
        mode http
        stats auth foo:bar

   listen l1
        bind :8080

   listen l2
        bind :8181

Without this (or previous) check it would cmoplain when checking l2's
validity since the rule was already built.
This commit is contained in:
Willy Tarreau 2019-10-09 09:59:22 +02:00
parent 6103836315
commit ee4f5f83d3
2 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/common/uri_auth.h
View File

@ -30,7 +30,7 @@ struct stat_scope {
#define ST_SHNODE 0x00000002 /* show node name */
#define ST_SHDESC 0x00000004 /* show description */
#define ST_SHLGNDS 0x00000008 /* show legends */
#define ST_CONVDONE 0x00000010 /* req_acl conversion done */
/* unused: 0x00000010 */
#define ST_SHOWADMIN 0x00000020 /* show the admin column */
/* later we may link them to support multiple URI matching */

9
src/cfgparse.c
View File

@ -2875,7 +2875,7 @@ int check_config_validity()
}
}
if (curproxy->uri_auth && !(curproxy->uri_auth->flags & ST_CONVDONE) &&
if (curproxy->uri_auth && curproxy->uri_auth != defproxy.uri_auth &&
!LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules) &&
(curproxy->uri_auth->userlist || curproxy->uri_auth->auth_realm )) {
ha_alert("%s '%s': stats 'auth'/'realm' and 'http-request' can't be used at the same time.\n",
@ -2884,11 +2884,12 @@ int check_config_validity()
goto out_uri_auth_compat;
}
if (curproxy->uri_auth && curproxy->uri_auth->userlist && !(curproxy->uri_auth->flags & ST_CONVDONE)) {
if (curproxy->uri_auth && curproxy->uri_auth->userlist &&
(curproxy->uri_auth != defproxy.uri_auth ||
LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules))) {
const char *uri_auth_compat_req[10];
struct act_rule *rule;
int i = 0;
/* build the ACL condition from scratch. We're relying on anonymous ACLs for that */
uri_auth_compat_req[i++] = "auth";
@ -2915,8 +2916,6 @@ int check_config_validity()
free(curproxy->uri_auth->auth_realm);
curproxy->uri_auth->auth_realm = NULL;
}
curproxy->uri_auth->flags |= ST_CONVDONE;
}
out_uri_auth_compat: