MINOR: cli: add ACCESS_LVL_MASK to store the access level
The current level variable use only 2 bits for storing the 3 access
level (user, oper and admin).
This patch add a bitmask which allows to use the remaining bits for
other usage.
diff --git a/include/types/global.h b/include/types/global.h
index 57b969d..cd5fda3 100644
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -69,6 +69,8 @@
#define ACCESS_LVL_USER 1
#define ACCESS_LVL_OPER 2
#define ACCESS_LVL_ADMIN 3
+#define ACCESS_LVL_MASK 0x3
+
/* SSL server verify mode */
enum {
diff --git a/src/cli.c b/src/cli.c
index 55baee3..cdbaf2b 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -217,7 +217,8 @@
}
bind_conf = bind_conf_alloc(global.stats_fe, file, line, args[2], xprt_get(XPRT_RAW));
- bind_conf->level = ACCESS_LVL_OPER; /* default access level */
+ bind_conf->level &= ~ACCESS_LVL_MASK;
+ bind_conf->level |= ACCESS_LVL_OPER; /* default access level */
if (!str2listener(args[2], global.stats_fe, bind_conf, file, line, err)) {
memprintf(err, "parsing [%s:%d] : '%s %s' : %s\n",
@@ -383,7 +384,7 @@
struct stream_interface *si = appctx->owner;
struct stream *s = si_strm(si);
- if (strm_li(s)->bind_conf->level < level) {
+ if ((strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) < level) {
appctx->ctx.cli.msg = stats_permission_denied_msg;
appctx->st0 = CLI_ST_PRINT;
return 0;
@@ -790,12 +791,12 @@
} else
continue;
- if (bind_conf->level == ACCESS_LVL_USER)
- chunk_appendf(&trash, "user ");
- else if (bind_conf->level == ACCESS_LVL_OPER)
- chunk_appendf(&trash, "operator ");
- else if (bind_conf->level == ACCESS_LVL_ADMIN)
+ if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_ADMIN)
chunk_appendf(&trash, "admin ");
+ else if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_OPER)
+ chunk_appendf(&trash, "operator ");
+ else if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_USER)
+ chunk_appendf(&trash, "user ");
else
chunk_appendf(&trash, " ");
@@ -1000,13 +1001,16 @@
return ERR_ALERT | ERR_FATAL;
}
- if (!strcmp(args[cur_arg+1], "user"))
- conf->level = ACCESS_LVL_USER;
- else if (!strcmp(args[cur_arg+1], "operator"))
- conf->level = ACCESS_LVL_OPER;
- else if (!strcmp(args[cur_arg+1], "admin"))
- conf->level = ACCESS_LVL_ADMIN;
- else {
+ if (!strcmp(args[cur_arg+1], "user")) {
+ conf->level &= ~ACCESS_LVL_MASK;
+ conf->level |= ACCESS_LVL_USER;
+ } else if (!strcmp(args[cur_arg+1], "operator")) {
+ conf->level &= ~ACCESS_LVL_MASK;
+ conf->level |= ACCESS_LVL_OPER;
+ } else if (!strcmp(args[cur_arg+1], "admin")) {
+ conf->level &= ~ACCESS_LVL_MASK;
+ conf->level |= ACCESS_LVL_ADMIN;
+ } else {
memprintf(err, "'%s' only supports 'user', 'operator', and 'admin' (got '%s')",
args[cur_arg], args[cur_arg+1]);
return ERR_ALERT | ERR_FATAL;
diff --git a/src/stats.c b/src/stats.c
index 8f73b7d..71230d0 100644
--- a/src/stats.c
+++ b/src/stats.c
@@ -1957,7 +1957,7 @@
if (uri)
flags = uri->flags;
- else if (strm_li(s)->bind_conf->level >= ACCESS_LVL_OPER)
+ else if ((strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) >= ACCESS_LVL_OPER)
flags = ST_SHLGNDS | ST_SHNODE | ST_SHDESC;
else
flags = ST_SHNODE | ST_SHDESC;
diff --git a/src/stick_table.c b/src/stick_table.c
index a03a824..8cc7dd2 100644
--- a/src/stick_table.c
+++ b/src/stick_table.c
@@ -2253,7 +2253,7 @@
/* any other information should be dumped here */
- if (target && strm_li(s)->bind_conf->level < ACCESS_LVL_OPER)
+ if (target && (strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) < ACCESS_LVL_OPER)
chunk_appendf(msg, "# contents not dumped due to insufficient privileges\n");
if (bi_putchk(si_ic(si), msg) == -1) {
@@ -2667,7 +2667,7 @@
return 0;
if (appctx->ctx.table.target &&
- strm_li(s)->bind_conf->level >= ACCESS_LVL_OPER) {
+ (strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) >= ACCESS_LVL_OPER) {
/* dump entries only if table explicitly requested */
eb = ebmb_first(&appctx->ctx.table.proxy->table.keys);
if (eb) {