commit 07a62f7a7ee1caf24283ba73df1467be2517ae88
author William Lallemand <wlallemand@haproxy.com> Wed May 24 00:57:40 2017 +0200
committer Willy Tarreau <w@1wt.eu> Sat May 27 07:02:06 2017 +0200
tree a36eabf1132a5a827dca3ac73e7e2322c2533304
parent fd80df11c37af2d5d3c9a8659d45905638de717c

MINOR: cli: add ACCESS_LVL_MASK to store the access level

The current level variable use only 2 bits for storing the 3 access
level (user, oper and admin).

This patch add a bitmask which allows to use the remaining bits for
other usage.

src/cli.c

diff --git a/src/cli.c b/src/cli.c
index 55baee3..cdbaf2b 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -217,7 +217,8 @@
 		}
 
 		bind_conf = bind_conf_alloc(global.stats_fe, file, line, args[2], xprt_get(XPRT_RAW));
-		bind_conf->level = ACCESS_LVL_OPER; /* default access level */
+		bind_conf->level &= ~ACCESS_LVL_MASK;
+		bind_conf->level |= ACCESS_LVL_OPER; /* default access level */
 
 		if (!str2listener(args[2], global.stats_fe, bind_conf, file, line, err)) {
 			memprintf(err, "parsing [%s:%d] : '%s %s' : %s\n",
@@ -383,7 +384,7 @@
 	struct stream_interface *si = appctx->owner;
 	struct stream *s = si_strm(si);
 
-	if (strm_li(s)->bind_conf->level < level) {
+	if ((strm_li(s)->bind_conf->level & ACCESS_LVL_MASK) < level) {
 		appctx->ctx.cli.msg = stats_permission_denied_msg;
 		appctx->st0 = CLI_ST_PRINT;
 		return 0;
@@ -790,12 +791,12 @@
 						} else
 							continue;
 
-						if (bind_conf->level == ACCESS_LVL_USER)
-							chunk_appendf(&trash, "user ");
-						else if (bind_conf->level == ACCESS_LVL_OPER)
-							chunk_appendf(&trash, "operator ");
-						else if (bind_conf->level == ACCESS_LVL_ADMIN)
+						if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_ADMIN)
 							chunk_appendf(&trash, "admin ");
+						else if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_OPER)
+							chunk_appendf(&trash, "operator ");
+						else if ((bind_conf->level & ACCESS_LVL_MASK) == ACCESS_LVL_USER)
+							chunk_appendf(&trash, "user ");
 						else
 							chunk_appendf(&trash, "  ");
 
@@ -1000,13 +1001,16 @@
 		return ERR_ALERT | ERR_FATAL;
 	}
 
-	if (!strcmp(args[cur_arg+1], "user"))
-		conf->level = ACCESS_LVL_USER;
-	else if (!strcmp(args[cur_arg+1], "operator"))
-		conf->level = ACCESS_LVL_OPER;
-	else if (!strcmp(args[cur_arg+1], "admin"))
-		conf->level = ACCESS_LVL_ADMIN;
-	else {
+	if (!strcmp(args[cur_arg+1], "user")) {
+		conf->level &= ~ACCESS_LVL_MASK;
+		conf->level |= ACCESS_LVL_USER;
+	} else if (!strcmp(args[cur_arg+1], "operator")) {
+		conf->level &= ~ACCESS_LVL_MASK;
+		conf->level |= ACCESS_LVL_OPER;
+	} else if (!strcmp(args[cur_arg+1], "admin")) {
+		conf->level &= ~ACCESS_LVL_MASK;
+		conf->level |= ACCESS_LVL_ADMIN;
+	} else {
 		memprintf(err, "'%s' only supports 'user', 'operator', and 'admin' (got '%s')",
 			  args[cur_arg], args[cur_arg+1]);
 		return ERR_ALERT | ERR_FATAL;