MINOR: cli: add ACCESS_LVL_MASK to store the access level

The current level variable use only 2 bits for storing the 3 access
level (user, oper and admin).

This patch add a bitmask which allows to use the remaining bits for
other usage.

diff --git a/include/types/global.h b/include/types/global.h
index 57b969dd14675ba9e8ee6e59bcf9fe28d712f8ca..cd5fda3c32ea523c0836f895685a13ea20299f0e 100644 (file)
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -69,6 +69,8 @@
 #define ACCESS_LVL_USER     1
 #define ACCESS_LVL_OPER     2
 #define ACCESS_LVL_ADMIN    3
+#define ACCESS_LVL_MASK     0x3
+
 
 /* SSL server verify mode */
 enum {

diff --git a/src/cli.c b/src/cli.c
index 55baee3928378ed5c2fda44d256e424f4bbcf688..cdbaf2b4d3ac741b35439a8df0b153ef80ec14a3 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -217,7 +217,8 @@ static int stats_parse_global(char **args, int section_type, struct proxy *curpx
                }
 
                bind_conf = bind_conf_alloc(global.stats_fe, file, line, args[2], xprt_get(XPRT_RAW));
-               bind_conf->level = ACCESS_LVL_OPER; /* default access level */
+               bind_conf->level &= ~ACCESS_LVL_MASK;
+               bind_conf->level |= ACCESS_LVL_OPER; /* default access level */
 
                if (!str2listener(args[2], global.stats_fe, bind_conf, file, line, err)) {
                        memprintf(err, "parsing [%s:%d] : '%s %s' : %s\n",
@@ -383,7 +384,7 @@ int cli_has_level(struct appctx *appctx, int level)
        struct stream_interface *si = appctx->owner;
        struct stream *s = si_strm(si);
 
-       if (strm_li(s)->bind_conf->level < level) {
+       if ((strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) < level) {
                appctx->ctx.cli.msg = stats_permission_denied_msg;
                appctx->st0 = CLI_ST_PRINT;
                return 0;
@@ -790,12 +791,12 @@ static int cli_io_handler_show_cli_sock(struct appctx *appctx)
                                                } else
                                                        continue;
 
-                                               if (bind_conf->level == ACCESS_LVL_USER)
-                                                       chunk_appendf(&trash, "user ");
-                                               else if (bind_conf->level == ACCESS_LVL_OPER)
-                                                       chunk_appendf(&trash, "operator ");
-                                               else if (bind_conf->level == ACCESS_LVL_ADMIN)
+                                               if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_ADMIN)
                                                        chunk_appendf(&trash, "admin ");
+                                               else if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_OPER)
+                                                       chunk_appendf(&trash, "operator ");
+                                               else if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_USER)
+                                                       chunk_appendf(&trash, "user ");
                                                else
                                                        chunk_appendf(&trash, "  ");
 
@@ -1000,13 +1001,16 @@ static int bind_parse_level(char **args, int cur_arg, struct proxy *px, struct b
                return ERR_ALERT | ERR_FATAL;
        }
 
-       if (!strcmp(args[cur_arg+1], "user"))
-               conf->level = ACCESS_LVL_USER;
-       else if (!strcmp(args[cur_arg+1], "operator"))
-               conf->level = ACCESS_LVL_OPER;
-       else if (!strcmp(args[cur_arg+1], "admin"))
-               conf->level = ACCESS_LVL_ADMIN;
-       else {
+       if (!strcmp(args[cur_arg+1], "user")) {
+               conf->level &= ~ACCESS_LVL_MASK;
+               conf->level |= ACCESS_LVL_USER;
+       } else if (!strcmp(args[cur_arg+1], "operator")) {
+               conf->level &= ~ACCESS_LVL_MASK;
+               conf->level |= ACCESS_LVL_OPER;
+       } else if (!strcmp(args[cur_arg+1], "admin")) {
+               conf->level &= ~ACCESS_LVL_MASK;
+               conf->level |= ACCESS_LVL_ADMIN;
+       } else {
                memprintf(err, "'%s' only supports 'user', 'operator', and 'admin' (got '%s')",
                          args[cur_arg], args[cur_arg+1]);
                return ERR_ALERT | ERR_FATAL;

diff --git a/src/stats.c b/src/stats.c
index 8f73b7d4df1e8039bbba9612e74ec1d027e7319d..71230d0cef6c1f9a9040fe8cd085503c19fbfef6 100644 (file)
--- a/src/stats.c
+++ b/src/stats.c
@@ -1957,7 +1957,7 @@ int stats_dump_proxy_to_buffer(struct stream_interface *si, struct proxy *px, st
 
        if (uri)
                flags = uri->flags;
-       else if (strm_li(s)->bind_conf->level >= ACCESS_LVL_OPER)
+       else if ((strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) >= ACCESS_LVL_OPER)
                flags = ST_SHLGNDS | ST_SHNODE | ST_SHDESC;
        else
                flags = ST_SHNODE | ST_SHDESC;

diff --git a/src/stick_table.c b/src/stick_table.c
index a03a824659c90cdd28d493e3e8f641733f6e9832..8cc7dd20b4a35e28aa59f7422256583399579503 100644 (file)
--- a/src/stick_table.c
+++ b/src/stick_table.c
@@ -2253,7 +2253,7 @@ static int table_dump_head_to_buffer(struct chunk *msg, struct stream_interface
 
        /* any other information should be dumped here */
 
-       if (target && strm_li(s)->bind_conf->level < ACCESS_LVL_OPER)
+       if (target && (strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) < ACCESS_LVL_OPER)
                chunk_appendf(msg, "# contents not dumped due to insufficient privileges\n");
 
        if (bi_putchk(si_ic(si), msg) == -1) {
@@ -2667,7 +2667,7 @@ static int cli_io_handler_table(struct appctx *appctx)
                                        return 0;
 
                                if (appctx->ctx.table.target &&
-                                   strm_li(s)->bind_conf->level >= ACCESS_LVL_OPER) {
+                                   (strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) >= ACCESS_LVL_OPER) {
                                        /* dump entries only if table explicitly requested */
                                        eb = ebmb_first(&appctx->ctx.table.proxy->table.keys);
                                        if (eb) {