mpls_label_stack *mls;
const struct adata *bs;
struct aggr_item_node *ai;
- struct cli_config *cli;
}
%token END CLI_MARKER INVALID_TOKEN ELSECOL DDOT
the additional sockets get removed immediately and only the main socket stays
until the very end.
+<p>The remote control socket can be also set as restricted by
+<cf/cli "name" { restrict; };/ instead of sending the <cf/restrict/ command
+after connecting. The user may still overload the daemon by requesting insanely
+complex filters so you shouldn't expose this socket to public anyway.
+
<sect>Usage
<label id="remote-control-usage">
}
cli *
-cli_new(void *priv)
+cli_new(void *priv, struct cli_config *cf)
{
pool *p = rp_new(cli_pool, "CLI");
cli *c = mb_alloc(p, sizeof(cli));
c->parser_pool = lp_new_default(c->pool);
c->show_pool = lp_new_default(c->pool);
c->rx_buf = mb_alloc(c->pool, CLI_RX_BUF_SIZE);
+
+ if (cf->restricted)
+ c->restricted = 1;
+
ev_schedule(c->event);
return c;
}
const char *name;
struct config *config;
uint uid, gid, mode;
+ _Bool restricted;
};
#include "lib/tlists.h"
/* Functions provided to sysdep layer */
-cli *cli_new(void *);
+cli *cli_new(void *, struct cli_config *);
void cli_init(void);
void cli_free(cli *);
void cli_kick(cli *);
CF_DEFINES
static struct log_config *this_log;
+static struct cli_config *this_cli_config;
CF_DECLS
CF_KEYWORDS(ALL, DEBUG, TRACE, INFO, REMOTE, WARNING, ERROR, AUTH, FATAL, BUG)
CF_KEYWORDS(DEBUG, LATENCY, LIMIT, WATCHDOG, WARNING, TIMEOUT, THREADS)
-%type <cli> cli_opts
%type <i> log_mask log_mask_list log_cat cfg_timeout
%type <t> cfg_name
%type <tf> timeformat_which
conf: cli ;
cli: CLI text cli_opts {
- $3->name = $2;
- cli_config_add_tail(&new_config->cli, $3);
+ this_cli_config->name = $2;
+ cli_config_add_tail(&new_config->cli, this_cli_config);
+ this_cli_config = NULL;
} ;
-cli_opts: ';' {
- $$ = cfg_alloc(sizeof *$$);
- *$$ = (typeof (*$$)) {
+cli_opts: cli_opts_begin '{' cli_opts_block '}' ';' | cli_opts_begin ';' ;
+
+cli_opts_begin: {
+ this_cli_config = cfg_alloc(sizeof *this_cli_config);
+ *this_cli_config = (typeof (*this_cli_config)) {
.config = new_config,
.mode = 0660,
};
};
+cli_opts_block:
+ /* EMPTY */ |
+ cli_opts_block RESTRICT { this_cli_config->restricted = 1; }
+;
+
conf: debug_unix ;
debug_unix:
s->rx_hook = cli_rx;
s->tx_hook = cli_tx;
s->err_hook = cli_err;
- s->data = c = cli_new(s);
+ s->data = c = cli_new(s, ((struct cli_listener *) s->data)->config);
s->pool = c->pool; /* We need to have all the socket buffers allocated in the cli pool */
s->fast_rx = 1;
c->rx_pos = c->rx_buf;
s->type = SK_UNIX_PASSIVE;
s->rx_hook = cli_connect;
s->err_hook = cli_connect_err;
- s->data = cf;
+ s->data = l;
s->rbsize = 1024;
s->fast_rx = 1;
projects / thirdparty / bird.git / commitdiff
