BUG/MINOR: ssl/cli: 'ssl cert' cmd only usable w/ admin rights

The 3 commands 'set ssl cert', 'abort ssl cert' and 'commit ssl cert'
must be only usable with admin rights over the CLI.

Must be backported in 2.1.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e36c03e631950772e5357bb8423fedf15a52dc97..e0d3f101431b06ad075d268886008c2e4a805a5c 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -10371,6 +10371,9 @@ static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appc
 {
        char *err = NULL;
 
+       if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+               return 1;
+
        if (!*args[3])
                return cli_err(appctx, "'commit ssl cert expects a filename\n");
 
@@ -10423,6 +10426,9 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx,
        struct cert_key_and_chain *ckch;
        struct buffer *buf;
 
+       if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+               return 1;
+
        if ((buf = alloc_trash_chunk()) == NULL)
                return cli_err(appctx, "Can't allocate memory\n");
 
@@ -10645,6 +10651,9 @@ static int cli_parse_abort_cert(char **args, char *payload, struct appctx *appct
 {
        char *err = NULL;
 
+       if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+               return 1;
+
        if (!*args[3])
                return cli_err(appctx, "'abort ssl cert' expects a filename\n");