Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 474be415af796956a887e3fb7e93656bdacc2091^! / . / include
commit474be415af796956a887e3fb7e93656bdacc2091[log] [tgz]
authorCyril Bonté <cyril.bonte@free.fr>Tue Oct 12 00:14:36 2010 +0200
committerWilly Tarreau <w@1wt.eu>Sat Oct 30 19:04:34 2010 +0200
tree0ad4ecc9054175d4452c376de1e33e26870df7d3
parent70be45dbdfb4edb26d7fee9b704ca71483134459 [diff]
[MEDIUM] stats: add an admin level

The stats web interface must be read-only by default to prevent security
holes. As it is now allowed to enable/disable servers, a new keyword
"stats admin" is introduced to activate this admin level, conditioned by ACLs.
(cherry picked from commit 5334bab92ca7debe36df69983c19c21b6dc63f78)

diff --git a/include/common/uri_auth.h b/include/common/uri_auth.h
index bffd694..906cb2c 100644
--- a/include/common/uri_auth.h
+++ b/include/common/uri_auth.h

@@ -43,6 +43,7 @@
 	struct stat_scope *scope;	/* linked list of authorized proxies */
 	struct userlist *userlist;	/* private userlist to emulate legacy "stats auth user:password" */
 	struct list req_acl; 		/* http stats ACL: allow/deny/auth */
+	struct list admin_rules;	/* 'stats admin' rules (chained) */
 	struct uri_auth *next;		/* Used at deinit() to build a list of unique elements */
 };
 
@@ -61,6 +62,12 @@
 #endif
 
 
+struct stats_admin_rule {
+	struct list list;	/* list linked to from the proxy */
+	struct acl_cond *cond;	/* acl condition to meet */
+};
+
+
 /* Various functions used to set the fields during the configuration parsing.
  * Please that all those function can initialize the root entry in order not to
  * force the user to respect a certain order in the configuration file.

diff --git a/include/proto/dumpstats.h b/include/proto/dumpstats.h
index 7038f46..9cf5eec 100644
--- a/include/proto/dumpstats.h
+++ b/include/proto/dumpstats.h

@@ -33,6 +33,7 @@
 #define STAT_SHOW_INFO  0x00000004	/* dump the info part */
 #define STAT_HIDE_DOWN  0x00000008	/* hide 'down' servers in the stats page */
 #define STAT_NO_REFRESH 0x00000010	/* do not automatically refresh the stats page */
+#define STAT_ADMIN      0x00000020	/* indicate a stats admin level */
 #define STAT_BOUND      0x00800000	/* bound statistics to selected proxies/types/services */
 
 #define STATS_TYPE_FE  0
@@ -58,6 +59,7 @@
 #define STAT_STATUS_DONE "DONE"	/* the action is successful */
 #define STAT_STATUS_NONE "NONE"	/* nothing happened (no action chosen or servers state didn't change) */
 #define STAT_STATUS_EXCD "EXCD"	/* an error occured becayse the buffer couldn't store all data */
+#define STAT_STATUS_DENY "DENY"	/* action denied */
 
 
 int stats_accept(struct session *s);