From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 13 Dec 2018 08:05:44 +0000 (+0100)
Subject: MEDIUM: cli: store CLI level in the appctx
X-Git-Tag: v1.9-dev11~76
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f630d01c9fbfdbacc8a98e818328c14287733922;p=thirdparty%2Fhaproxy.git

MEDIUM: cli: store CLI level in the appctx

Store and check the level in the appctx in order to allow dynamic
permission changes over the CLI.
---

diff --git a/include/types/applet.h b/include/types/applet.h
index d9cd6a026e..9fc9ec8f45 100644
--- a/include/types/applet.h
+++ b/include/types/applet.h
@@ -66,6 +66,7 @@ struct appctx {
 	void (*io_release)(struct appctx *appctx);  /* used within the cli_io_handler when st0 = CLI_ST_CALLBACK,
 	                                               if the command is terminated or the session released */
 	int cli_severity_output;        /* used within the cli_io_handler to format severity output of informational feedback */
+	int cli_level;              /* the level of CLI which can be lowered dynamically */
 	struct buffer_wait buffer_wait; /* position in the list of objects waiting for a buffer */
 	unsigned long thread_mask;      /* mask of thread IDs authorized to process the applet */
 	struct task *t;                  /* task associated to the applet */
diff --git a/src/cli.c b/src/cli.c
index 0bb5bb0187..adefcfa1d4 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -381,10 +381,8 @@ static int stats_parse_global(char **args, int section_type, struct proxy *curpx
  */
 int cli_has_level(struct appctx *appctx, int level)
 {
-	struct stream_interface *si = appctx->owner;
-	struct stream *s = si_strm(si);
 
-	if ((strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) < level) {
+	if ((appctx->cli_level & ACCESS_LVL_MASK) < level) {
 		appctx->ctx.cli.severity = LOG_ERR;
 		appctx->ctx.cli.msg = stats_permission_denied_msg;
 		appctx->st0 = CLI_ST_PRINT;
@@ -563,6 +561,7 @@ static void cli_io_handler(struct appctx *appctx)
 			/* reset severity to default at init */
 			appctx->cli_severity_output = bind_conf->severity_output;
 			appctx->st0 = CLI_ST_GETREQ;
+			appctx->cli_level = bind_conf->level;
 		}
 		else if (appctx->st0 == CLI_ST_END) {
 			/* Let's close for real now. We just close the request