From: William Lallemand Date: Thu, 5 Nov 2020 09:28:53 +0000 (+0100) Subject: MINOR: mworker/cli: the master CLI use its own applet X-Git-Tag: v2.3.0~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=99e0bb997fad11b0f8598dd46d3a3b1bbb19c485;p=thirdparty%2Fhaproxy.git MINOR: mworker/cli: the master CLI use its own applet Following the patch b4daee ("MINOR: sock: add a check against cross worker<->master socket activities"), this patch adds a dedicated applet for the master CLI. It ensures that the CLI connection can't be used with the master rights in the case of bugs. --- diff --git a/src/cli.c b/src/cli.c index e39ef68b35..135b6b216f 100644 --- a/src/cli.c +++ b/src/cli.c @@ -66,6 +66,7 @@ #define PAYLOAD_PATTERN "<<" static struct applet cli_applet; +static struct applet mcli_applet; static const char stats_sock_usage_msg[] = "Unknown command. Please enter one of the following commands only :\n" @@ -110,11 +111,11 @@ static char *cli_gen_usage_msg(struct appctx *appctx) while (kw->str_kw[0]) { /* in a worker or normal process, don't display master only commands */ - if (master == 0 && (kw->level & ACCESS_MASTER_ONLY)) + if (appctx->applet == &cli_applet && (kw->level & ACCESS_MASTER_ONLY)) goto next_kw; /* in master don't displays if we don't have the master bits */ - if (master == 1 && !(kw->level & (ACCESS_MASTER_ONLY|ACCESS_MASTER))) + if (appctx->applet == &mcli_applet && !(kw->level & (ACCESS_MASTER_ONLY|ACCESS_MASTER))) goto next_kw; /* only show expert commands in expert mode */ @@ -566,11 +567,11 @@ static int cli_parse_request(struct appctx *appctx) return 0; /* in a worker or normal process, don't display master only commands */ - if (master == 0 && (kw->level & ACCESS_MASTER_ONLY)) + if (appctx->applet == &cli_applet && (kw->level & ACCESS_MASTER_ONLY)) return 0; /* in master don't displays if we don't have the master bits */ - if (master == 1 && !(kw->level & (ACCESS_MASTER_ONLY|ACCESS_MASTER))) + if (appctx->applet == &mcli_applet && !(kw->level & (ACCESS_MASTER_ONLY|ACCESS_MASTER))) return 0; /* only accept expert commands in expert mode */ @@ -1837,9 +1838,9 @@ static enum obj_type *pcli_pid_to_server(int proc_pid) { struct mworker_proc *child; - /* return the CLI applet of the master */ + /* return the mCLI applet of the master */ if (proc_pid == 0) - return &cli_applet.obj_type; + return &mcli_applet.obj_type; list_for_each_entry(child, &proc_list, list) { if (child->pid == proc_pid){ @@ -2695,6 +2696,14 @@ static struct applet cli_applet = { .release = cli_release_handler, }; +/* master CLI */ +static struct applet mcli_applet = { + .obj_type = OBJ_TYPE_APPLET, + .name = "", /* used for logging */ + .fct = cli_io_handler, + .release = cli_release_handler, +}; + /* register cli keywords */ static struct cli_kw_list cli_kws = {{ },{ { { "help", NULL }, NULL, cli_parse_simple, NULL },