From 83ba6762cc43d9db581b979bb5e3445669e46cc2 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 25 Nov 2024 18:33:56 +0100 Subject: Merging upstream version 2.0.3+dfsg (Closes: #923993, #1042533, #1045145). Signed-off-by: Daniel Baumann --- src/libnetdata/http/content_type.c | 20 +++++++-------- src/libnetdata/http/http_access.c | 32 +++++++++++------------ src/libnetdata/http/http_access.h | 52 ++++++++++++++++++++++++++------------ 3 files changed, 62 insertions(+), 42 deletions(-) (limited to 'src/libnetdata/http') diff --git a/src/libnetdata/http/content_type.c b/src/libnetdata/http/content_type.c index 3e388a1da..e8f273912 100644 --- a/src/libnetdata/http/content_type.c +++ b/src/libnetdata/http/content_type.c @@ -10,14 +10,14 @@ static struct { const char *options; } content_types[] = { // primary - preferred during id-to-string conversions - { .format = "text/html", CT_TEXT_HTML, true }, + { .format = "application/json", CT_APPLICATION_JSON, true }, { .format = "text/plain", CT_TEXT_PLAIN, true }, + { .format = "text/html", CT_TEXT_HTML, true }, { .format = "text/css", CT_TEXT_CSS, true }, { .format = "text/yaml", CT_TEXT_YAML, true }, { .format = "application/yaml", CT_APPLICATION_YAML, true }, { .format = "text/xml", CT_TEXT_XML, true }, { .format = "text/xsl", CT_TEXT_XSL, true }, - { .format = "application/json", CT_APPLICATION_JSON, true }, { .format = "application/xml", CT_APPLICATION_XML, true }, { .format = "application/javascript", CT_APPLICATION_X_JAVASCRIPT, true }, { .format = "application/octet-stream", CT_APPLICATION_OCTET_STREAM, false }, @@ -42,16 +42,16 @@ static struct { // secondary - overlapping with primary - { .format = "text/plain", CT_PROMETHEUS, false, "version=0.0.4" }, - { .format = "prometheus", CT_PROMETHEUS }, - { .format = "text", CT_TEXT_PLAIN }, - { .format = "txt", CT_TEXT_PLAIN }, - { .format = "json", CT_APPLICATION_JSON }, - { .format = "html", CT_TEXT_HTML }, - { .format = "xml", CT_APPLICATION_XML }, + { .format = "text/plain", CT_PROMETHEUS, true, "version=0.0.4" }, + { .format = "prometheus", CT_PROMETHEUS, true }, + { .format = "text", CT_TEXT_PLAIN, true }, + { .format = "txt", CT_TEXT_PLAIN, true }, + { .format = "json", CT_APPLICATION_JSON, true }, + { .format = "html", CT_TEXT_HTML, true }, + { .format = "xml", CT_APPLICATION_XML, true }, // terminator - { .format = NULL, CT_TEXT_PLAIN }, + { .format = NULL, CT_TEXT_PLAIN, true }, }; HTTP_CONTENT_TYPE content_type_string2id(const char *format) { diff --git a/src/libnetdata/http/http_access.c b/src/libnetdata/http/http_access.c index 5be63bb19..398015cd3 100644 --- a/src/libnetdata/http/http_access.c +++ b/src/libnetdata/http/http_access.c @@ -3,24 +3,24 @@ #include "../libnetdata.h" static struct { - HTTP_USER_ROLE access; + HTTP_USER_ROLE role; const char *name; } user_roles[] = { - { .access = HTTP_USER_ROLE_NONE, .name = "none" }, - { .access = HTTP_USER_ROLE_ADMIN, .name = "admin" }, - { .access = HTTP_USER_ROLE_MANAGER, .name = "manager" }, - { .access = HTTP_USER_ROLE_TROUBLESHOOTER, .name = "troubleshooter" }, - { .access = HTTP_USER_ROLE_OBSERVER, .name = "observer" }, - { .access = HTTP_USER_ROLE_MEMBER, .name = "member" }, - { .access = HTTP_USER_ROLE_BILLING, .name = "billing" }, - { .access = HTTP_USER_ROLE_ANY, .name = "any" }, - - { .access = HTTP_USER_ROLE_MEMBER, .name = "members" }, - { .access = HTTP_USER_ROLE_ADMIN, .name = "admins" }, - { .access = HTTP_USER_ROLE_ANY, .name = "all" }, + { .role = HTTP_USER_ROLE_NONE, .name = "none" }, + { .role = HTTP_USER_ROLE_ADMIN, .name = "admin" }, + { .role = HTTP_USER_ROLE_MANAGER, .name = "manager" }, + { .role = HTTP_USER_ROLE_TROUBLESHOOTER, .name = "troubleshooter" }, + { .role = HTTP_USER_ROLE_OBSERVER, .name = "observer" }, + { .role = HTTP_USER_ROLE_MEMBER, .name = "member" }, + { .role = HTTP_USER_ROLE_BILLING, .name = "billing" }, + { .role = HTTP_USER_ROLE_ANY, .name = "any" }, + + { .role = HTTP_USER_ROLE_MEMBER, .name = "members" }, + { .role = HTTP_USER_ROLE_ADMIN, .name = "admins" }, + { .role = HTTP_USER_ROLE_ANY, .name = "all" }, // terminator - { .access = 0, .name = NULL }, + { .role = 0, .name = NULL }, }; HTTP_USER_ROLE http_user_role2id(const char *role) { @@ -29,7 +29,7 @@ HTTP_USER_ROLE http_user_role2id(const char *role) { for(size_t i = 0; user_roles[i].name ;i++) { if(strcmp(user_roles[i].name, role) == 0) - return user_roles[i].access; + return user_roles[i].role; } nd_log(NDLS_DAEMON, NDLP_WARNING, "HTTP user role '%s' is not valid", role); @@ -38,7 +38,7 @@ HTTP_USER_ROLE http_user_role2id(const char *role) { const char *http_id2user_role(HTTP_USER_ROLE role) { for(size_t i = 0; user_roles[i].name ;i++) { - if(role == user_roles[i].access) + if(role == user_roles[i].role) return user_roles[i].name; } diff --git a/src/libnetdata/http/http_access.h b/src/libnetdata/http/http_access.h index afc2e1dc7..00929f9b4 100644 --- a/src/libnetdata/http/http_access.h +++ b/src/libnetdata/http/http_access.h @@ -93,12 +93,16 @@ typedef enum __attribute__((packed)) { HTTP_ACL_WEBRTC = (1 << 6), // from WebRTC // HTTP_ACL_API takes the following additional ACLs, based on pattern matching of the client IP - HTTP_ACL_DASHBOARD = (1 << 10), - HTTP_ACL_REGISTRY = (1 << 11), - HTTP_ACL_BADGES = (1 << 12), - HTTP_ACL_MANAGEMENT = (1 << 13), - HTTP_ACL_STREAMING = (1 << 14), - HTTP_ACL_NETDATACONF = (1 << 15), + HTTP_ACL_METRICS = (1 << 10), + HTTP_ACL_FUNCTIONS = (1 << 11), + HTTP_ACL_NODES = (1 << 12), + HTTP_ACL_ALERTS = (1 << 13), + HTTP_ACL_DYNCFG = (1 << 14), + HTTP_ACL_REGISTRY = (1 << 15), + HTTP_ACL_BADGES = (1 << 16), + HTTP_ACL_MANAGEMENT = (1 << 17), + HTTP_ACL_STREAMING = (1 << 18), + HTTP_ACL_NETDATACONF = (1 << 19), // SSL related HTTP_ACL_SSL_OPTIONAL = (1 << 28), @@ -106,6 +110,14 @@ typedef enum __attribute__((packed)) { HTTP_ACL_SSL_DEFAULT = (1 << 30), } HTTP_ACL; +#define HTTP_ACL_DASHBOARD (HTTP_ACL)( \ + HTTP_ACL_METRICS \ + | HTTP_ACL_FUNCTIONS \ + | HTTP_ACL_ALERTS \ + | HTTP_ACL_NODES \ + | HTTP_ACL_DYNCFG \ + ) + #define HTTP_ACL_TRANSPORTS (HTTP_ACL)( \ HTTP_ACL_API \ | HTTP_ACL_API_UDP \ @@ -121,7 +133,11 @@ typedef enum __attribute__((packed)) { ) #define HTTP_ACL_ALL_FEATURES (HTTP_ACL)( \ - HTTP_ACL_DASHBOARD \ + HTTP_ACL_METRICS \ + | HTTP_ACL_FUNCTIONS \ + | HTTP_ACL_NODES \ + | HTTP_ACL_ALERTS \ + | HTTP_ACL_DYNCFG \ | HTTP_ACL_REGISTRY \ | HTTP_ACL_BADGES \ | HTTP_ACL_MANAGEMENT \ @@ -129,20 +145,24 @@ typedef enum __attribute__((packed)) { | HTTP_ACL_NETDATACONF \ ) +#define HTTP_ACL_ACLK_LICENSE_MANAGER (HTTP_ACL)( \ + HTTP_ACL_NODES \ +) + #ifdef NETDATA_DEV_MODE #define ACL_DEV_OPEN_ACCESS HTTP_ACL_NOCHECK #else #define ACL_DEV_OPEN_ACCESS 0 #endif -#define http_can_access_dashboard(w) ((w)->acl & HTTP_ACL_DASHBOARD) -#define http_can_access_registry(w) ((w)->acl & HTTP_ACL_REGISTRY) -#define http_can_access_badges(w) ((w)->acl & HTTP_ACL_BADGES) -#define http_can_access_mgmt(w) ((w)->acl & HTTP_ACL_MANAGEMENT) -#define http_can_access_stream(w) ((w)->acl & HTTP_ACL_STREAMING) -#define http_can_access_netdataconf(w) ((w)->acl & HTTP_ACL_NETDATACONF) -#define http_is_using_ssl_optional(w) ((w)->port_acl & HTTP_ACL_SSL_OPTIONAL) -#define http_is_using_ssl_force(w) ((w)->port_acl & HTTP_ACL_SSL_FORCE) -#define http_is_using_ssl_default(w) ((w)->port_acl & HTTP_ACL_SSL_DEFAULT) +#define http_can_access_dashboard(w) (((w)->acl & HTTP_ACL_DASHBOARD) == HTTP_ACL_DASHBOARD) +#define http_can_access_registry(w) (((w)->acl & HTTP_ACL_REGISTRY) == HTTP_ACL_REGISTRY) +#define http_can_access_badges(w) (((w)->acl & HTTP_ACL_BADGES) == HTTP_ACL_BADGES) +#define http_can_access_mgmt(w) (((w)->acl & HTTP_ACL_MANAGEMENT) == HTTP_ACL_MANAGEMENT) +#define http_can_access_stream(w) (((w)->acl & HTTP_ACL_STREAMING) == HTTP_ACL_STREAMING) +#define http_can_access_netdataconf(w) (((w)->acl & HTTP_ACL_NETDATACONF) == HTTP_ACL_NETDATACONF) +#define http_is_using_ssl_optional(w) (((w)->port_acl & HTTP_ACL_SSL_OPTIONAL) == HTTP_ACL_SSL_OPTIONAL) +#define http_is_using_ssl_force(w) (((w)->port_acl & HTTP_ACL_SSL_FORCE) == HTTP_ACL_SSL_FORCE) +#define http_is_using_ssl_default(w) (((w)->port_acl & HTTP_ACL_SSL_DEFAULT) == HTTP_ACL_SSL_DEFAULT) #endif //NETDATA_HTTP_ACCESS_H -- cgit v1.2.3