[master] 8d15ec9 Give CLS_AddFd() an argument for initial authority for this CLI connection, the child needs it since we do not accept CLI here documents on unauthorized CLI connections.
Poul-Henning Kamp
phk at varnish-cache.org
Mon May 16 11:21:56 CEST 2011
commit 8d15ec9f4ed5a3089fb287db20643b41051f657e
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Mon May 16 09:20:33 2011 +0000
Give CLS_AddFd() an argument for initial authority for this CLI
connection, the child needs it since we do not accept CLI here
documents on unauthorized CLI connections.
Make the mgr-child CLI connection authorized in the child so we
accept CLI here documents.
Add testcase for this.
Fixes #917
diff --git a/bin/varnishd/cache_cli.c b/bin/varnishd/cache_cli.c
index 0ea5ba7..9592b6e 100644
--- a/bin/varnishd/cache_cli.c
+++ b/bin/varnishd/cache_cli.c
@@ -107,7 +107,7 @@ CLI_Run(void)
add_check = 1;
- AN(CLS_AddFd(cls, heritage.cli_in, heritage.cli_out, NULL, NULL));
+ AN(CLS_AddFd(cls, heritage.cli_in, heritage.cli_out, NULL, NULL, 1));
do {
i = CLS_Poll(cls, -1);
diff --git a/bin/varnishd/mgt_cli.c b/bin/varnishd/mgt_cli.c
index 4390866..4b380e2 100644
--- a/bin/varnishd/mgt_cli.c
+++ b/bin/varnishd/mgt_cli.c
@@ -404,7 +404,7 @@ mgt_cli_setup(int fdi, int fdo, int verbose, const char *ident, mgt_cli_close_f
if (cls == NULL)
mgt_cli_init_cls();
- cli = CLS_AddFd(cls, fdi, fdo, closefunc, priv);
+ cli = CLS_AddFd(cls, fdi, fdo, closefunc, priv, MCF_NOAUTH);
cli->ident = strdup(ident);
diff --git a/bin/varnishtest/tests/r00917.vtc b/bin/varnishtest/tests/r00917.vtc
new file mode 100644
index 0000000..6591079
--- /dev/null
+++ b/bin/varnishtest/tests/r00917.vtc
@@ -0,0 +1,24 @@
+varnishtest "test here documents for bans"
+
+server s1 {
+ rxreq
+ expect req.url == "/bar"
+ txresp -body "foobar"
+} -start
+
+varnish v1 -vcl+backend { } -start
+
+client c1 {
+ txreq -url /bar
+ rxresp
+ expect resp.http.content-length == 6
+} -run
+
+varnish v1 -cliok {ban req.url ~ << foo
+\.bar
+foo
+}
+
+varnish v1 -cliok ban.list
+
+varnish v1 -expect n_ban_add == 2
diff --git a/include/cli_serve.h b/include/cli_serve.h
index d834b4d..0f5d047 100644
--- a/include/cli_serve.h
+++ b/include/cli_serve.h
@@ -32,7 +32,7 @@ typedef void cls_cb_f(void *priv);
typedef void cls_cbc_f(const struct cli*);
struct cls *CLS_New(cls_cbc_f *before, cls_cbc_f *after, unsigned maxlen);
struct cli *CLS_AddFd(struct cls *cs, int fdi, int fdo, cls_cb_f *closefunc,
- void *priv);
+ void *priv, unsigned auth);
int CLS_AddFunc(struct cls *cs, unsigned auth, struct cli_proto *clp);
int CLS_Poll(struct cls *cs, int timeout);
int CLS_PollFd(struct cls *cs, int fd, int timeout);
diff --git a/lib/libvarnish/cli_serve.c b/lib/libvarnish/cli_serve.c
index a666654..36197b0 100644
--- a/lib/libvarnish/cli_serve.c
+++ b/lib/libvarnish/cli_serve.c
@@ -390,7 +390,8 @@ CLS_New(cls_cbc_f *before, cls_cbc_f *after, unsigned maxlen)
}
struct cli *
-CLS_AddFd(struct cls *cs, int fdi, int fdo, cls_cb_f *closefunc, void *priv)
+CLS_AddFd(struct cls *cs, int fdi, int fdo, cls_cb_f *closefunc, void *priv,
+ unsigned auth)
{
struct cls_fd *cfd;
@@ -406,6 +407,7 @@ CLS_AddFd(struct cls *cs, int fdi, int fdo, cls_cb_f *closefunc, void *priv)
cfd->cli->magic = CLI_MAGIC;
cfd->cli->vlu = VLU_New(cfd, cls_vlu, cs->maxlen);
cfd->cli->sb = vsb_new_auto();
+ cfd->cli->auth = auth;
cfd->closefunc = closefunc;
cfd->priv = priv;
AN(cfd->cli->sb);
More information about the varnish-commit
mailing list