BUG/MINOR: ssl/cli: 'ssl cert' cmd only usable w/ admin rights
The 3 commands 'set ssl cert', 'abort ssl cert' and 'commit ssl cert'
must be only usable with admin rights over the CLI.
Must be backported in 2.1.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e36c03e..e0d3f10 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -10371,6 +10371,9 @@
{
char *err = NULL;
+ if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+ return 1;
+
if (!*args[3])
return cli_err(appctx, "'commit ssl cert expects a filename\n");
@@ -10423,6 +10426,9 @@
struct cert_key_and_chain *ckch;
struct buffer *buf;
+ if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+ return 1;
+
if ((buf = alloc_trash_chunk()) == NULL)
return cli_err(appctx, "Can't allocate memory\n");
@@ -10645,6 +10651,9 @@
{
char *err = NULL;
+ if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+ return 1;
+
if (!*args[3])
return cli_err(appctx, "'abort ssl cert' expects a filename\n");