[master] 0b00877 Add a -r ("read-only") argument which can protect parameters from subsequent changes.
Poul-Henning Kamp
phk at varnish-cache.org
Sat Apr 28 11:20:07 CEST 2012
commit 0b00877030e426e9ed3b867772074fc2e0b9df63
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Sat Apr 28 09:19:35 2012 +0000
Add a -r ("read-only") argument which can protect parameters from
subsequent changes.
diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h
index ffaef56..c319e57 100644
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -69,6 +69,7 @@ const void *pick(const struct choice *cp, const char *which, const char *kind);
/* mgt_param.c */
void MCF_ParamInit(struct cli *);
void MCF_ParamSet(struct cli *, const char *param, const char *val);
+void MCF_ParamProtect(struct cli *, const char *arg);
void MCF_DumpRst(void);
extern struct params mgt_param;
diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c
index 6ad7454..13799f9 100644
--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -127,6 +127,7 @@ usage(void)
fprintf(stderr, FMT, "-n dir", "varnishd working directory");
fprintf(stderr, FMT, "-P file", "PID file");
fprintf(stderr, FMT, "-p param=value", "set parameter");
+ fprintf(stderr, FMT, "-r param[,param...]", "make parameter read-only");
fprintf(stderr, FMT,
"-s kind[,storageoptions]", "Backend storage specification");
fprintf(stderr, FMT, "", " -s malloc");
@@ -369,7 +370,7 @@ main(int argc, char * const *argv)
cli_check(cli);
while ((o = getopt(argc, argv,
- "a:b:Cdf:Fg:h:i:l:L:M:n:P:p:S:s:T:t:u:Vx:w:")) != -1)
+ "a:b:Cdf:Fg:h:i:l:L:M:n:P:p:r:S:s:T:t:u:Vx:w:")) != -1)
switch (o) {
case 'a':
MCF_ParamSet(cli, "listen_address", optarg);
@@ -432,6 +433,10 @@ main(int argc, char * const *argv)
MCF_ParamSet(cli, optarg, p);
cli_check(cli);
break;
+ case 'r':
+ MCF_ParamProtect(cli, optarg);
+ cli_check(cli);
+ break;
case 's':
s_arg_given = 1;
STV_Config(optarg);
diff --git a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c
index 7f63e2f..e79b7e9 100644
--- a/bin/varnishd/mgt/mgt_param.c
+++ b/bin/varnishd/mgt/mgt_param.c
@@ -668,6 +668,9 @@ tweak_poolparam(struct cli *cli, const struct parspec *par, const char *arg)
"\nNB: Do not change this parameter, unless a developer tell " \
"you to do so."
+#define PROTECTED_TEXT \
+ "\nNB: This parameter is protected and can not be changed."
+
#define MEMPOOL_TEXT \
"The three numbers are:\n" \
" min_pool -- minimum size of free pool.\n" \
@@ -1319,6 +1322,8 @@ mcf_param_show(struct cli *cli, const char * const *av, void *priv)
mcf_wrap(cli, MUST_RESTART_TEXT);
if (pp->flags & WIZARD)
mcf_wrap(cli, WIZARD_TEXT);
+ if (pp->flags & PROTECTED)
+ mcf_wrap(cli, PROTECTED_TEXT);
if (!lfmt)
return;
else
@@ -1331,6 +1336,43 @@ mcf_param_show(struct cli *cli, const char * const *av, void *priv)
}
}
+/*--------------------------------------------------------------------
+ * Mark paramters as protected
+ */
+
+void
+MCF_ParamProtect(struct cli *cli, const char *args)
+{
+ char **av;
+ struct parspec *pp;
+ int i, j;
+
+ av = VAV_Parse(args, NULL, ARGV_COMMA);
+ if (av[0] != NULL) {
+ VCLI_Out(cli, "Parse error: %s", av[0]);
+ VCLI_SetResult(cli, CLIS_PARAM);
+ VAV_Free(av);
+ return;
+ }
+ for (i = 1; av[i] != NULL; i++) {
+ for (j = 0; j < nparspec; j++)
+ if (!strcmp(parspecs[j]->name, av[i]))
+ break;
+ if (j == nparspec) {
+ VCLI_Out(cli, "Unknown parameter %s", av[i]);
+ VCLI_SetResult(cli, CLIS_PARAM);
+ VAV_Free(av);
+ return;
+ }
+ pp = calloc(sizeof *pp, 1L);
+ XXXAN(pp);
+ memcpy(pp, parspecs[j], sizeof *pp);
+ pp->flags |= PROTECTED;
+ parspecs[j] = pp;
+ }
+ VAV_Free(av);
+}
+
/*--------------------------------------------------------------------*/
void
@@ -1344,6 +1386,11 @@ MCF_ParamSet(struct cli *cli, const char *param, const char *val)
VCLI_Out(cli, "Unknown parameter \"%s\".", param);
return;
}
+ if (pp->flags & PROTECTED) {
+ VCLI_SetResult(cli, CLIS_AUTH);
+ VCLI_Out(cli, "parameter \"%s\" is protected.", param);
+ return;
+ }
pp->func(cli, pp, val);
if (cli->result == CLIS_OK && heritage.param != NULL)
diff --git a/bin/varnishd/mgt/mgt_param.h b/bin/varnishd/mgt/mgt_param.h
index a5d4d75..b4538d2 100644
--- a/bin/varnishd/mgt/mgt_param.h
+++ b/bin/varnishd/mgt/mgt_param.h
@@ -45,6 +45,7 @@ struct parspec {
#define MUST_RESTART (1<<2)
#define MUST_RELOAD (1<<3)
#define WIZARD (1<<4)
+#define PROTECTED (1<<5)
const char *def;
const char *units;
};
diff --git a/bin/varnishtest/tests/c00051.vtc b/bin/varnishtest/tests/c00051.vtc
new file mode 100644
index 0000000..78fdc81
--- /dev/null
+++ b/bin/varnishtest/tests/c00051.vtc
@@ -0,0 +1,6 @@
+varnishtest "test parameter protection"
+
+varnish v1 -arg "-r cli_timeout"
+
+varnish v1 -cliok "param.show cli_timeout"
+varnish v1 -clierr 107 "param.set cli_timeout 1m"
More information about the varnish-commit
mailing list