CLI reworking in the manager process.

Use the new cli_serve stuff, as ammended.

Give cli's an "auth level" and only allow the commands with lower
auth levels than what the cli has collected.  Use this to implement
the -S handling.  In the future, we can also use it to do "R/O" vs. "R/W"
command separation.

Add a param (syslog_cli_traffic) to control if all CLI traffic is syslog'ed.

Everything should work the same, as far as I know.



git-svn-id: http://www.varnish-cache.org/svn/trunk/varnish-cache@4473 d4fa192b-c00b-0410-8231-f00ffab90ce4

bin/varnishd/cache_cli.c

@@ -94,11 +94,9 @@ CLI_AddFuncs(enum cli_set_e which, struct cli_proto *p)
 }
 
 static void
-cli_cb_before(void *priv)
+cli_cb_before(struct cli *cli)
 {
-	struct cli *cli;
 
-	cli = priv;
 	VSL(SLT_CLI, 0, "Rd %s", cli->cmd);
 	VCL_Poll();
 	VBE_Poll();
@@ -106,12 +104,9 @@ cli_cb_before(void *priv)
 }
 
 static void
-cli_cb_after(void *priv)
+cli_cb_after(struct cli *cli)
 {
-	struct cli *cli;
-
 	Lck_Unlock(&cli_mtx);
-	cli = priv;
 	VSL(SLT_CLI, 0, "Wr %03u %s", cli->result, vsb_data(cli->sb));
 }
 
@@ -123,11 +118,12 @@ CLI_Run(void)
 
 	add_check = 1;
 
-	cls = CLS_New(cli_cb_before, cli_cb_after, NULL, params->cli_buffer);
-	AZ(CLS_AddFd(cls, heritage.cli_in, heritage.cli_out, NULL, NULL));
-	AZ(CLS_AddFunc(cls, ccf_master_cli));
-	AZ(CLS_AddFunc(cls, ccf_public_cli));
-	AZ(CLS_AddFunc(cls, ccf_debug_cli));
+	cls = CLS_New(cli_cb_before, cli_cb_after, params->cli_buffer);
+	AN(cls);
+	AN(CLS_AddFd(cls, heritage.cli_in, heritage.cli_out, NULL, NULL));
+	AZ(CLS_AddFunc(cls, 0, ccf_master_cli));
+	AZ(CLS_AddFunc(cls, 0, ccf_public_cli));
+	AZ(CLS_AddFunc(cls, 0, ccf_debug_cli));
 
 	do {
 		i = CLS_Poll(cls, -1);

bin/varnishd/heritage.h

@@ -193,14 +193,13 @@ struct params {
 	/* Get rid of duplicate purges */
 	unsigned		purge_dups;
 
-	/* CLI banner */
-	unsigned		cli_banner;
-
 	/* How long time does the ban lurker sleep */
 	double			ban_lurker_sleep;
 
 	/* Max size of the saintmode list. 0 == no saint mode. */
 	unsigned		saintmode_threshold;
+
+	unsigned		syslog_cli_traffic;
 };
 
 extern volatile struct params *params;

bin/varnishd/mgt_param.c

@@ -756,9 +756,8 @@ static const struct parspec input_parspec[] = {
 		"Detect and eliminate duplicate purges.\n",
 		0,
 		"on", "bool" },
-	{ "cli_banner", tweak_bool, &master.cli_banner, 0, 0,
-		"Emit CLI banner on connect.\n"
-		"Set to off for compatibility with pre 2.1 versions.\n",
+	{ "syslog_cli_traffic", tweak_bool, &master.syslog_cli_traffic, 0, 0,
+		"Log all CLI traffic to syslog(LOG_INFO).\n",
 		0,
 		"on", "bool" },
 	{ "ban_lurker_sleep", tweak_timeout_double,

bin/varnishtest/vtc_varnish.c

@@ -247,6 +247,8 @@ varnish_launch(struct varnish *v)
 	struct vss_addr **ap;
 	char abuf[128],pbuf[128];
 	struct pollfd fd;
+	unsigned retval;
+	char *r;
 
 	/* Create listener socket */
 	nap = VSS_resolve("127.0.0.1", "0", &ap);
@@ -261,8 +263,8 @@ varnish_launch(struct varnish *v)
 	AN(vsb);
 	vsb_printf(vsb, "cd ../varnishd &&");
 	vsb_printf(vsb, " ./varnishd -d -d -n %s", v->workdir);
-	vsb_printf(vsb, " -p cli_banner=off");
 	vsb_printf(vsb, " -p auto_restart=off");
+	vsb_printf(vsb, " -p syslog_cli_traffic=off");
 	vsb_printf(vsb, " -a '%s'", "127.0.0.1:0");
 	vsb_printf(vsb, " -M %s:%s", abuf, pbuf);
 	vsb_printf(vsb, " -P %s/varnishd.pid", v->workdir);
@@ -317,6 +319,13 @@ varnish_launch(struct varnish *v)
 	
 	vtc_log(v->vl, 3, "CLI connection fd = %d", v->cli_fd);
 	assert(v->cli_fd >= 0);
+
+	i = cli_readres(v->cli_fd, &retval, &r, 20.0);
+	if (i != 0 || retval != CLIS_OK)
+		vtc_log(v->vl, 0, "CLI banner fail", v->cli_fd);
+	vtc_log(v->vl, 4, "CLI banner %03u", retval);
+	free(r);
+
 	if (v->stats != NULL)
 		VSL_Close();
 	v->stats = VSL_OpenStats(v->workdir);

include/cli_common.h

@@ -29,12 +29,17 @@
  * $Id$
  */
 
+struct vlu;
+
 struct cli {
 	/* XXX: should be MINI_OBJ */
 	struct vsb		*sb;
 	enum cli_status_e	result;
-	void			*priv;
 	const char		*cmd;
+	unsigned		auth;
+	char			challenge[34];
+	char			*ident;
+	struct vlu		*vlu;
 };
 
 int cli_writeres(int fd, const struct cli *cli);

include/cli_serve.h

@@ -31,8 +31,12 @@
 
 struct cls;
 typedef void cls_cb_f(void *priv);
-struct cls *CLS_New(cls_cb_f *before, cls_cb_f *after, void *priv, unsigned maxlen);
-int CLS_AddFd(struct cls *cs, int fdi, int fdo, cls_cb_f *closefunc,
+typedef void cls_cbc_f(struct cli*);
+struct cls *CLS_New(cls_cbc_f *before, cls_cbc_f *after, unsigned maxlen);
+struct cli *CLS_AddFd(struct cls *cs, int fdi, int fdo, cls_cb_f *closefunc,
     void *priv);
-int CLS_AddFunc(struct cls *cs, struct cli_proto *clp);
+int CLS_AddFunc(struct cls *cs, unsigned auth, struct cli_proto *clp);
 int CLS_Poll(struct cls *cs, int timeout);
+int CLS_PollFd(struct cls *cs, int fd, int timeout);
+void CLS_Destroy(struct cls **);
+

lib/libvarnish/cli_serve.c

@@ -55,6 +55,7 @@ struct cls_func {
 	unsigned			magic;
 #define CLS_FUNC_MAGIC			0x7d280c9b
 	VTAILQ_ENTRY(cls_func)		list;
+	unsigned			auth;
 	struct cli_proto		*clp;
 };
 
@@ -63,7 +64,6 @@ struct cls_fd {
 #define CLS_FD_MAGIC			0x010dbd1e
 	VTAILQ_ENTRY(cls_fd)		list;
 	int				fdi, fdo;
-	struct vlu			*vlu;
 	struct cls			*cls;
 	struct cli			*cli, clis;
 	cls_cb_f			*closefunc;
@@ -76,8 +76,7 @@ struct cls {
 	VTAILQ_HEAD(,cls_fd)		fds;
 	unsigned			nfd;
 	VTAILQ_HEAD(,cls_func)		funcs;
-	cls_cb_f			*before, *after;
-	void				*priv;
+	cls_cbc_f			*before, *after;
 	unsigned			maxlen;
 };
 
@@ -92,10 +91,22 @@ cls_vlu(void *priv, const char *p)
 	cs = cfd->cls;
 	CHECK_OBJ_NOTNULL(cs, CLS_MAGIC);
 
+	/* Skip whitespace */
+	for (; isspace(*p); p++)
+		continue;
+
+	/* Ignore empty lines */
+	if (*p == '\0')
+		return (0);
+
 	cfd->cli->cmd = p;
 	if (cs->before != NULL)
-		cs->before(cs->priv != NULL ? cs->priv : cfd->cli);
+		cs->before(cfd->cli);
+	vsb_clear(cfd->cli->sb);
+	cfd->cli->result = CLIS_UNKNOWN; 
 	VTAILQ_FOREACH(cfn, &cs->funcs, list) {
+		if (cfn->auth > cfd->cli->auth)
+			continue;
 		vsb_clear(cfd->cli->sb);
 		cfd->cli->result = CLIS_OK;
 		cli_dispatch(cfd->cli, cfn->clp, p);
@@ -105,7 +116,7 @@ cls_vlu(void *priv, const char *p)
 	vsb_finish(cfd->cli->sb);
 	AZ(vsb_overflowed(cfd->cli->sb));
 	if (cs->after != NULL)
-		cs->after(cs->priv != NULL ? cs->priv : cfd->cli);
+		cs->after(cfd->cli);
 	if (cli_writeres(cfd->fdo, cfd->cli) || cfd->cli->result == CLIS_CLOSE)
 		return (1);
 	cfd->cli->cmd = NULL;
@@ -113,7 +124,7 @@ cls_vlu(void *priv, const char *p)
 }
 
 struct cls *
-CLS_New(cls_cb_f *before, cls_cb_f *after, void *priv, unsigned maxlen)
+CLS_New(cls_cbc_f *before, cls_cbc_f *after, unsigned maxlen)
 {
 	struct cls *cs;
 
@@ -123,12 +134,11 @@ CLS_New(cls_cb_f *before, cls_cb_f *after, void *priv, unsigned maxlen)
 	VTAILQ_INIT(&cs->funcs);
 	cs->before = before;
 	cs->after = after;
-	cs->priv = priv;
 	cs->maxlen = maxlen;
 	return (cs);
 }
 
-int
+struct cli *
 CLS_AddFd(struct cls *cs, int fdi, int fdo, cls_cb_f *closefunc, void *priv)
 {
 	struct cls_fd *cfd;
@@ -141,15 +151,15 @@ CLS_AddFd(struct cls *cs, int fdi, int fdo, cls_cb_f *closefunc, void *priv)
 	cfd->cls = cs;
 	cfd->fdi = fdi;
 	cfd->fdo = fdo;
-	cfd->vlu = VLU_New(cfd, cls_vlu, cs->maxlen);
 	cfd->cli = &cfd->clis;
+	cfd->cli->vlu = VLU_New(cfd, cls_vlu, cs->maxlen);
 	cfd->cli->sb = vsb_newauto();
 	cfd->closefunc = closefunc;
 	cfd->priv = priv;
 	AN(cfd->cli->sb);
 	VTAILQ_INSERT_TAIL(&cs->fds, cfd, list);
 	cs->nfd++;
-	return (0);
+	return (cfd->cli);
 }
 
 static void
@@ -161,7 +171,7 @@ cls_close_fd(struct cls *cs, struct cls_fd *cfd)
 
 	VTAILQ_REMOVE(&cs->fds, cfd, list);
 	cs->nfd--;
-	VLU_Destroy(cfd->vlu);
+	VLU_Destroy(cfd->cli->vlu);
 	vsb_delete(cfd->cli->sb);
 	if (cfd->closefunc == NULL) {
 		(void)close(cfd->fdi);
@@ -170,12 +180,14 @@ cls_close_fd(struct cls *cs, struct cls_fd *cfd)
 	} else {
 		cfd->closefunc(cfd->priv);
 	}
+	if (cfd->cli->ident != NULL)
+		free(cfd->cli->ident);
 	FREE_OBJ(cfd);
 }
 
 
 int
-CLS_AddFunc(struct cls *cs, struct cli_proto *clp)
+CLS_AddFunc(struct cls *cs, unsigned auth, struct cli_proto *clp)
 {
 	struct cls_func *cfn;
 
@@ -183,10 +195,50 @@ CLS_AddFunc(struct cls *cs, struct cli_proto *clp)
 	ALLOC_OBJ(cfn, CLS_FUNC_MAGIC);
 	AN(cfn);
 	cfn->clp = clp;
+	cfn->auth = auth;
 	VTAILQ_INSERT_TAIL(&cs->funcs, cfn, list);
 	return (0);
 }
 
+int
+CLS_PollFd(struct cls *cs, int fd, int timeout)
+{
+	struct cls_fd *cfd;
+	struct pollfd pfd[1];
+	int i, j, k;
+
+	CHECK_OBJ_NOTNULL(cs, CLS_MAGIC);
+	if (cs->nfd == 0) {
+		errno = 0;
+		return (-1);
+	}
+	assert(cs->nfd > 0);
+
+	i = 0;
+	VTAILQ_FOREACH(cfd, &cs->fds, list) {
+		if (cfd->fdi != fd)
+			continue;
+		pfd[i].fd = cfd->fdi;
+		pfd[i].events = POLLIN;
+		pfd[i].revents = 0;
+		i++;
+		break;
+	}
+	assert(i == 1);
+	CHECK_OBJ_NOTNULL(cfd, CLS_FD_MAGIC);
+
+	j = poll(pfd, 1, timeout);
+	if (j <= 0)
+		return (j);
+	if (pfd[0].revents & POLLHUP)
+		k = 1;
+	else
+		k = VLU_Fd(cfd->fdi, cfd->cli->vlu);
+	if (k)
+		cls_close_fd(cs, cfd);
+	return (k);
+}
+
 int
 CLS_Poll(struct cls *cs, int timeout)
 {
@@ -220,7 +272,7 @@ CLS_Poll(struct cls *cs, int timeout)
 			if (pfd[i].revents & POLLHUP)
 				k = 1;
 			else
-				k = VLU_Fd(cfd->fdi, cfd->vlu);
+				k = VLU_Fd(cfd->fdi, cfd->cli->vlu);
 			if (k)
 				cls_close_fd(cs, cfd);
 			i++;
@@ -229,3 +281,25 @@ CLS_Poll(struct cls *cs, int timeout)
 	}
 	return (j);
 }
+
+void
+CLS_Destroy(struct cls **csp)
+{
+	struct cls *cs;
+	struct cls_fd *cfd, *cfd2;
+	struct cls_func *cfn;
+
+	cs = *csp;
+	*csp = NULL;
+	CHECK_OBJ_NOTNULL(cs, CLS_MAGIC);
+	VTAILQ_FOREACH_SAFE(cfd, &cs->fds, list, cfd2) 
+		cls_close_fd(cs, cfd);
+
+	while (!VTAILQ_EMPTY(&cs->funcs)) {
+		cfn = VTAILQ_FIRST(&cs->funcs);
+		VTAILQ_REMOVE(&cs->funcs, cfn, list);
+		FREE_OBJ(cfn);
+	}
+	FREE_OBJ(cs);
+}
+