From ee4f5f83d3159d8dc0f0eef3894b86abb1f10cf2 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 9 Oct 2019 09:59:22 +0200 Subject: [PATCH] MINOR: stats: get rid of the ST_CONVDONE flag This flag was added in 1.4-rc1 by commit 329f74d463 ("[BUG] uri_auth: do not attemp to convert uri_auth -> http-request more than once") to address the case where two proxies inherit the stats settings from the defaults instance, and the first one compiles the expression while the second one uses it. In this case since they use the exact same uri_auth pointer, only the first one should compile and the second one must not fail the check. This was addressed by adding an ST_CONVDONE flag indicating that the expression conversion was completed and didn't need to be done again. But this is a hack and it becomes cumbersome in the middle of the other flags which are all relevant to the stats applet. Let's instead fix it by checking if we're dealing with an alias of the defaults instance and refrain from compiling this twice. This allows us to remove the ST_CONVDONE flag. A typical config requiring this check is : defaults mode http stats auth foo:bar listen l1 bind :8080 listen l2 bind :8181 Without this (or previous) check it would cmoplain when checking l2's validity since the rule was already built. --- include/common/uri_auth.h | 2 +- src/cfgparse.c | 9 ++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/include/common/uri_auth.h b/include/common/uri_auth.h index e80722d4eb..46f1bc653d 100644 --- a/include/common/uri_auth.h +++ b/include/common/uri_auth.h @@ -30,7 +30,7 @@ struct stat_scope { #define ST_SHNODE 0x00000002 /* show node name */ #define ST_SHDESC 0x00000004 /* show description */ #define ST_SHLGNDS 0x00000008 /* show legends */ -#define ST_CONVDONE 0x00000010 /* req_acl conversion done */ +/* unused: 0x00000010 */ #define ST_SHOWADMIN 0x00000020 /* show the admin column */ /* later we may link them to support multiple URI matching */ diff --git a/src/cfgparse.c b/src/cfgparse.c index 05a64a8ef4..e8538f87cc 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -2875,7 +2875,7 @@ int check_config_validity() } } - if (curproxy->uri_auth && !(curproxy->uri_auth->flags & ST_CONVDONE) && + if (curproxy->uri_auth && curproxy->uri_auth != defproxy.uri_auth && !LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules) && (curproxy->uri_auth->userlist || curproxy->uri_auth->auth_realm )) { ha_alert("%s '%s': stats 'auth'/'realm' and 'http-request' can't be used at the same time.\n", @@ -2884,11 +2884,12 @@ int check_config_validity() goto out_uri_auth_compat; } - if (curproxy->uri_auth && curproxy->uri_auth->userlist && !(curproxy->uri_auth->flags & ST_CONVDONE)) { + if (curproxy->uri_auth && curproxy->uri_auth->userlist && + (curproxy->uri_auth != defproxy.uri_auth || + LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules))) { const char *uri_auth_compat_req[10]; struct act_rule *rule; int i = 0; - /* build the ACL condition from scratch. We're relying on anonymous ACLs for that */ uri_auth_compat_req[i++] = "auth"; @@ -2915,8 +2916,6 @@ int check_config_validity() free(curproxy->uri_auth->auth_realm); curproxy->uri_auth->auth_realm = NULL; } - - curproxy->uri_auth->flags |= ST_CONVDONE; } out_uri_auth_compat: -- 2.39.5