mirror of
https://github.com/haproxy/haproxy.git
synced 2026-04-01 15:16:17 -04:00
BUG/MEDIUM: map/cli: CLI commands lack admin permission checks
The CLI commands (get|add|del|clear|commit|set) | (acl|map) does not contain a permission check on admin level. Must be backported to 3.3. This can be a breaking change for some users. Initially reported by Cameron Brown.
This commit is contained in:
William Lallemand
parent
66965a60ba
commit
94d2f69b93
1 changed files with 16 additions and 16 deletions
32
src/map.c
32
src/map.c
|
|
@ -621,8 +621,8 @@ static int cli_parse_get_map(char **args, char *payload, struct appctx *appctx,
|
|||
{
|
||||
struct show_map_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
|
||||
|
||||
if ((appctx->cli_ctx.level & ACCESS_LVL_MASK) < ACCESS_LVL_ADMIN)
|
||||
ha_warning("'%s %s' accessed without admin rights, this won't be supported anymore starting from haproxy 3.3\n", args[0], args[1]);
|
||||
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
|
||||
return 1;
|
||||
|
||||
if (strcmp(args[1], "map") == 0 || strcmp(args[1], "acl") == 0) {
|
||||
/* Set flags. */
|
||||
|
|
@ -667,8 +667,8 @@ static int cli_parse_prepare_map(char **args, char *payload, struct appctx *appc
|
|||
{
|
||||
struct show_map_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
|
||||
|
||||
if ((appctx->cli_ctx.level & ACCESS_LVL_MASK) < ACCESS_LVL_ADMIN)
|
||||
ha_warning("'%s %s' accessed without admin rights, this won't be supported anymore starting from haproxy 3.3\n", args[0], args[1]);
|
||||
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
|
||||
return 1;
|
||||
|
||||
if (strcmp(args[1], "map") == 0 ||
|
||||
strcmp(args[1], "acl") == 0) {
|
||||
|
|
@ -712,8 +712,8 @@ static int cli_parse_show_map(char **args, char *payload, struct appctx *appctx,
|
|||
{
|
||||
struct show_map_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
|
||||
|
||||
if ((appctx->cli_ctx.level & ACCESS_LVL_MASK) < ACCESS_LVL_ADMIN)
|
||||
ha_warning("'%s %s' accessed without admin rights, this won't be supported anymore starting from haproxy 3.3\n", args[0], args[1]);
|
||||
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
|
||||
return 1;
|
||||
|
||||
if (strcmp(args[1], "map") == 0 ||
|
||||
strcmp(args[1], "acl") == 0) {
|
||||
|
|
@ -769,8 +769,8 @@ static int cli_parse_set_map(char **args, char *payload, struct appctx *appctx,
|
|||
{
|
||||
struct show_map_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
|
||||
|
||||
if ((appctx->cli_ctx.level & ACCESS_LVL_MASK) < ACCESS_LVL_ADMIN)
|
||||
ha_warning("'%s %s' accessed without admin rights, this won't be supported anymore starting from haproxy 3.3\n", args[0], args[1]);
|
||||
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
|
||||
return 1;
|
||||
|
||||
if (strcmp(args[1], "map") == 0) {
|
||||
char *err;
|
||||
|
|
@ -844,8 +844,8 @@ static int cli_parse_add_map(char **args, char *payload, struct appctx *appctx,
|
|||
{
|
||||
struct show_map_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
|
||||
|
||||
if ((appctx->cli_ctx.level & ACCESS_LVL_MASK) < ACCESS_LVL_ADMIN)
|
||||
ha_warning("'%s %s' accessed without admin rights, this won't be supported anymore starting from haproxy 3.3\n", args[0], args[1]);
|
||||
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
|
||||
return 1;
|
||||
|
||||
if (strcmp(args[1], "map") == 0 ||
|
||||
strcmp(args[1], "acl") == 0) {
|
||||
|
|
@ -977,8 +977,8 @@ static int cli_parse_del_map(char **args, char *payload, struct appctx *appctx,
|
|||
{
|
||||
struct show_map_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
|
||||
|
||||
if ((appctx->cli_ctx.level & ACCESS_LVL_MASK) < ACCESS_LVL_ADMIN)
|
||||
ha_warning("'%s %s' accessed without admin rights, this won't be supported anymore starting from haproxy 3.3\n", args[0], args[1]);
|
||||
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
|
||||
return 1;
|
||||
|
||||
if (args[1][0] == 'm')
|
||||
ctx->display_flags = PAT_REF_MAP;
|
||||
|
|
@ -1075,8 +1075,8 @@ static int cli_parse_clear_map(char **args, char *payload, struct appctx *appctx
|
|||
{
|
||||
struct show_map_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
|
||||
|
||||
if ((appctx->cli_ctx.level & ACCESS_LVL_MASK) < ACCESS_LVL_ADMIN)
|
||||
ha_warning("'%s %s' accessed without admin rights, this won't be supported anymore starting from haproxy 3.3\n", args[0], args[1]);
|
||||
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
|
||||
return 1;
|
||||
|
||||
if (strcmp(args[1], "map") == 0 || strcmp(args[1], "acl") == 0) {
|
||||
const char *gen = NULL;
|
||||
|
|
@ -1134,8 +1134,8 @@ static int cli_parse_commit_map(char **args, char *payload, struct appctx *appct
|
|||
{
|
||||
struct show_map_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));
|
||||
|
||||
if ((appctx->cli_ctx.level & ACCESS_LVL_MASK) < ACCESS_LVL_ADMIN)
|
||||
ha_warning("'%s %s' accessed without admin rights, this won't be supported anymore starting from haproxy 3.3\n", args[0], args[1]);
|
||||
if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
|
||||
return 1;
|
||||
|
||||
if (strcmp(args[1], "map") == 0 || strcmp(args[1], "acl") == 0) {
|
||||
const char *gen = NULL;
|
||||
|
|
|
|||
Loading…
Reference in a new issue