Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / ee4f5f83d3159d8dc0f0eef3894b86abb1f10cf2^! / . / src / cfgparse.c
commitee4f5f83d3159d8dc0f0eef3894b86abb1f10cf2[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Wed Oct 09 09:59:22 2019 +0200
committerWilly Tarreau <w@1wt.eu>Thu Oct 10 11:30:07 2019 +0200
tree6e28fbafbdda56020c10d3ba3ef19f06c9e2204f
parent6103836315fd31418e1a09e820dfaf1cdd0abd98 [diff] [blame]
MINOR: stats: get rid of the ST_CONVDONE flag

This flag was added in 1.4-rc1 by commit 329f74d463 ("[BUG] uri_auth: do
not attemp to convert uri_auth -> http-request more than once") to
address the case where two proxies inherit the stats settings from
the defaults instance, and the first one compiles the expression while
the second one uses it. In this case since they use the exact same
uri_auth pointer, only the first one should compile and the second one
must not fail the check. This was addressed by adding an ST_CONVDONE
flag indicating that the expression conversion was completed and didn't
need to be done again. But this is a hack and it becomes cumbersome in
the middle of the other flags which are all relevant to the stats
applet. Let's instead fix it by checking if we're dealing with an
alias of the defaults instance and refrain from compiling this twice.
This allows us to remove the ST_CONVDONE flag.

A typical config requiring this check is :

   defaults
        mode http
        stats auth foo:bar

   listen l1
        bind :8080

   listen l2
        bind :8181

Without this (or previous) check it would cmoplain when checking l2's
validity since the rule was already built.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 05a64a8..e8538f8 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c

@@ -2875,7 +2875,7 @@
 			}
 		}
 
-		if (curproxy->uri_auth && !(curproxy->uri_auth->flags & ST_CONVDONE) &&
+		if (curproxy->uri_auth && curproxy->uri_auth != defproxy.uri_auth &&
 		    !LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules) &&
 		    (curproxy->uri_auth->userlist || curproxy->uri_auth->auth_realm )) {
 			ha_alert("%s '%s': stats 'auth'/'realm' and 'http-request' can't be used at the same time.\n",
@@ -2884,11 +2884,12 @@
 			goto out_uri_auth_compat;
 		}
 
-		if (curproxy->uri_auth && curproxy->uri_auth->userlist && !(curproxy->uri_auth->flags & ST_CONVDONE)) {
+		if (curproxy->uri_auth && curproxy->uri_auth->userlist &&
+		    (curproxy->uri_auth != defproxy.uri_auth ||
+		     LIST_ISEMPTY(&curproxy->uri_auth->http_req_rules))) {
 			const char *uri_auth_compat_req[10];
 			struct act_rule *rule;
 			int i = 0;
-
 			/* build the ACL condition from scratch. We're relying on anonymous ACLs for that */
 			uri_auth_compat_req[i++] = "auth";
 
@@ -2915,8 +2916,6 @@
 				free(curproxy->uri_auth->auth_realm);
 				curproxy->uri_auth->auth_realm = NULL;
 			}
-
-			curproxy->uri_auth->flags |= ST_CONVDONE;
 		}
 out_uri_auth_compat: