Give CLS_AddFd() an argument for initial authority for this CLI

connection, the child needs it since we do not accept CLI here documents on unauthorized CLI connections. Make the mgr-child CLI connection authorized in the child so we accept CLI here documents. Add testcase for this. Fixes #917

Give CLS_AddFd() an argument for initial authority for this CLI
connection, the child needs it since we do not accept CLI here documents on unauthorized CLI connections. Make the mgr-child CLI connection authorized in the child so we accept CLI here documents. Add testcase for this. Fixes #917
8d15ec9f · Poul-Henning Kamp · 5698533c · 8d15ec9f · 8d15ec9f · 8d15ec9f
Commit 8d15ec9f authored May 16, 2011 by Poul-Henning Kamp
5 changed files
--- a/bin/varnishd/cache_cli.c
+++ b/bin/varnishd/cache_cli.c
@@ -107,7 +107,7 @@ CLI_Run(void)

 	add_check = 1;

-	AN(CLS_AddFd(cls, heritage.cli_in, heritage.cli_out, NULL, NULL));
+	AN(CLS_AddFd(cls, heritage.cli_in, heritage.cli_out, NULL, NULL, 1));

 	do {
 		i = CLS_Poll(cls, -1);

--- a/bin/varnishd/mgt_cli.c
+++ b/bin/varnishd/mgt_cli.c
@@ -404,7 +404,7 @@ mgt_cli_setup(int fdi, int fdo, int verbose, const char *ident, mgt_cli_close_f
 	if (cls == NULL)
 		mgt_cli_init_cls();

-	cli = CLS_AddFd(cls, fdi, fdo, closefunc, priv);
+	cli = CLS_AddFd(cls, fdi, fdo, closefunc, priv, MCF_NOAUTH);

 	cli->ident = strdup(ident);


--- a/bin/varnishtest/tests/r00917.vtc
+++ b/bin/varnishtest/tests/r00917.vtc
+varnishtest "test here documents for bans"
+
+server s1 {
+	rxreq
+	expect req.url == "/bar"
+	txresp -body "foobar"
+} -start
+
+varnish v1 -vcl+backend { } -start
+
+client c1 {
+	txreq  -url /bar
+	rxresp 
+	expect resp.http.content-length == 6
+} -run
+
+varnish v1 -cliok {ban req.url ~ << foo
+\.bar
+foo
+}
+
+varnish v1 -cliok ban.list
+
+varnish v1 -expect n_ban_add == 2
--- a/include/cli_serve.h
+++ b/include/cli_serve.h
@@ -32,7 +32,7 @@ typedef void cls_cb_f(void *priv);
 typedef void cls_cbc_f(const struct cli*);
 struct cls *CLS_New(cls_cbc_f *before, cls_cbc_f *after, unsigned maxlen);
 struct cli *CLS_AddFd(struct cls *cs, int fdi, int fdo, cls_cb_f *closefunc,
-    void *priv);
+    void *priv, unsigned auth);
 int CLS_AddFunc(struct cls *cs, unsigned auth, struct cli_proto *clp);
 int CLS_Poll(struct cls *cs, int timeout);
 int CLS_PollFd(struct cls *cs, int fd, int timeout);

--- a/lib/libvarnish/cli_serve.c
+++ b/lib/libvarnish/cli_serve.c
@@ -390,7 +390,8 @@ CLS_New(cls_cbc_f *before, cls_cbc_f *after, unsigned maxlen)
 }

 struct cli *
-CLS_AddFd(struct cls *cs, int fdi, int fdo, cls_cb_f *closefunc, void *priv)
+CLS_AddFd(struct cls *cs, int fdi, int fdo, cls_cb_f *closefunc, void *priv,
+    unsigned auth)
 {
 	struct cls_fd *cfd;

@@ -406,6 +407,7 @@ CLS_AddFd(struct cls *cs, int fdi, int fdo, cls_cb_f *closefunc, void *priv)
 	cfd->cli->magic = CLI_MAGIC;
 	cfd->cli->vlu = VLU_New(cfd, cls_vlu, cs->maxlen);
 	cfd->cli->sb = vsb_new_auto();
+	cfd->cli->auth = auth;
 	cfd->closefunc = closefunc;
 	cfd->priv = priv;
 	AN(cfd->cli->sb);