[master] 0b00877 Add a -r ("read-only") argument which can protect parameters from subsequent changes.

Poul-Henning Kamp phk at varnish-cache.org
Sat Apr 28 11:20:07 CEST 2012 

commit 0b00877030e426e9ed3b867772074fc2e0b9df63
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Sat Apr 28 09:19:35 2012 +0000

    Add a -r ("read-only") argument which can protect parameters from
    subsequent changes.

diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h
index ffaef56..c319e57 100644
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -69,6 +69,7 @@ const void *pick(const struct choice *cp, const char *which, const char *kind);
 /* mgt_param.c */
 void MCF_ParamInit(struct cli *);
 void MCF_ParamSet(struct cli *, const char *param, const char *val);
+void MCF_ParamProtect(struct cli *, const char *arg);
 void MCF_DumpRst(void);
 extern struct params mgt_param;
 
diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c
index 6ad7454..13799f9 100644
--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -127,6 +127,7 @@ usage(void)
 	fprintf(stderr, FMT, "-n dir", "varnishd working directory");
 	fprintf(stderr, FMT, "-P file", "PID file");
 	fprintf(stderr, FMT, "-p param=value", "set parameter");
+	fprintf(stderr, FMT, "-r param[,param...]", "make parameter read-only");
 	fprintf(stderr, FMT,
 	    "-s kind[,storageoptions]", "Backend storage specification");
 	fprintf(stderr, FMT, "", "  -s malloc");
@@ -369,7 +370,7 @@ main(int argc, char * const *argv)
 	cli_check(cli);
 
 	while ((o = getopt(argc, argv,
-	    "a:b:Cdf:Fg:h:i:l:L:M:n:P:p:S:s:T:t:u:Vx:w:")) != -1)
+	    "a:b:Cdf:Fg:h:i:l:L:M:n:P:p:r:S:s:T:t:u:Vx:w:")) != -1)
 		switch (o) {
 		case 'a':
 			MCF_ParamSet(cli, "listen_address", optarg);
@@ -432,6 +433,10 @@ main(int argc, char * const *argv)
 			MCF_ParamSet(cli, optarg, p);
 			cli_check(cli);
 			break;
+		case 'r':
+			MCF_ParamProtect(cli, optarg);
+			cli_check(cli);
+			break;
 		case 's':
 			s_arg_given = 1;
 			STV_Config(optarg);
diff --git a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c
index 7f63e2f..e79b7e9 100644
--- a/bin/varnishd/mgt/mgt_param.c
+++ b/bin/varnishd/mgt/mgt_param.c
@@ -668,6 +668,9 @@ tweak_poolparam(struct cli *cli, const struct parspec *par, const char *arg)
 	"\nNB: Do not change this parameter, unless a developer tell " \
 	"you to do so."
 
+#define PROTECTED_TEXT \
+	"\nNB: This parameter is protected and can not be changed."
+
 #define MEMPOOL_TEXT							\
 	"The three numbers are:\n"					\
 	"   min_pool -- minimum size of free pool.\n"			\
@@ -1319,6 +1322,8 @@ mcf_param_show(struct cli *cli, const char * const *av, void *priv)
 				mcf_wrap(cli, MUST_RESTART_TEXT);
 			if (pp->flags & WIZARD)
 				mcf_wrap(cli, WIZARD_TEXT);
+			if (pp->flags & PROTECTED)
+				mcf_wrap(cli, PROTECTED_TEXT);
 			if (!lfmt)
 				return;
 			else
@@ -1331,6 +1336,43 @@ mcf_param_show(struct cli *cli, const char * const *av, void *priv)
 	}
 }
 
+/*--------------------------------------------------------------------
+ * Mark paramters as protected
+ */
+
+void
+MCF_ParamProtect(struct cli *cli, const char *args)
+{
+	char **av;
+	struct parspec *pp;
+	int i, j;
+
+	av = VAV_Parse(args, NULL, ARGV_COMMA);
+	if (av[0] != NULL) {
+		VCLI_Out(cli, "Parse error: %s", av[0]);
+		VCLI_SetResult(cli, CLIS_PARAM);
+		VAV_Free(av);
+		return;
+	}
+	for (i = 1; av[i] != NULL; i++) {
+		for (j = 0; j < nparspec; j++)
+			if (!strcmp(parspecs[j]->name, av[i]))
+				break;
+		if (j == nparspec) {
+			VCLI_Out(cli, "Unknown parameter %s", av[i]);
+			VCLI_SetResult(cli, CLIS_PARAM);
+			VAV_Free(av);
+			return;
+		}
+		pp = calloc(sizeof *pp, 1L);
+		XXXAN(pp);
+		memcpy(pp, parspecs[j], sizeof *pp);
+		pp->flags |= PROTECTED;
+		parspecs[j] = pp;
+	}
+	VAV_Free(av);
+}
+
 /*--------------------------------------------------------------------*/
 
 void
@@ -1344,6 +1386,11 @@ MCF_ParamSet(struct cli *cli, const char *param, const char *val)
 		VCLI_Out(cli, "Unknown parameter \"%s\".", param);
 		return;
 	}
+	if (pp->flags & PROTECTED) {
+		VCLI_SetResult(cli, CLIS_AUTH);
+		VCLI_Out(cli, "parameter \"%s\" is protected.", param);
+		return;
+	}
 	pp->func(cli, pp, val);
 
 	if (cli->result == CLIS_OK && heritage.param != NULL)
diff --git a/bin/varnishd/mgt/mgt_param.h b/bin/varnishd/mgt/mgt_param.h
index a5d4d75..b4538d2 100644
--- a/bin/varnishd/mgt/mgt_param.h
+++ b/bin/varnishd/mgt/mgt_param.h
@@ -45,6 +45,7 @@ struct parspec {
 #define MUST_RESTART	(1<<2)
 #define MUST_RELOAD	(1<<3)
 #define WIZARD		(1<<4)
+#define PROTECTED	(1<<5)
 	const char	*def;
 	const char	*units;
 };
diff --git a/bin/varnishtest/tests/c00051.vtc b/bin/varnishtest/tests/c00051.vtc
new file mode 100644
index 0000000..78fdc81
--- /dev/null
+++ b/bin/varnishtest/tests/c00051.vtc
@@ -0,0 +1,6 @@
+varnishtest "test parameter protection"
+
+varnish v1 -arg "-r cli_timeout" 
+
+varnish v1 -cliok "param.show cli_timeout"
+varnish v1 -clierr 107 "param.set cli_timeout 1m"

More information about the varnish-commit mailing list