BUG/MINOR: ech: permission checks on the CLI

Permission checks on the CLI for ECH are missing. This patch adds a check for "(add|set|del|show) ssl ech" commands so they can only be run in admin mode. ECH is stil a feature in experimental-mode and is not compiled by default. Initial report by Cameron Brown. Must be backported to 3.3.
2026-03-27 11:01:05 +01:00 · 2026-03-25 11:20:24 +01:00 · 2026-03-25 11:20:24 +01:00 · 47987ccbd9
commit 47987ccbd9
parent 33041fe91f
1 changed files with 13 additions and 0 deletions
--- a/src/ech.c
+++ b/src/ech.c
@ -136,6 +136,10 @@ static int cli_parse_show_ech(char **args, char *payload,
 {
 	struct show_ech_ctx *ctx = applet_reserve_svcctx(appctx, sizeof(*ctx));

+	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+		return 1;
+
+
 	/* no parameter, shows only file list */
 	if (*args[3]) {
 		SSL_CTX *sctx = NULL;
@ -297,6 +301,9 @@ static int cli_parse_add_ech(char **args, char *payload, struct appctx *appctx,
 	OSSL_ECHSTORE *es = NULL;
 	BIO *es_in = NULL;

+	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+		return 1;
+
 	if (!*args[3] || !payload)
 		return cli_err(appctx, "syntax: add ssl ech <name> <PEM file content>");
 	if (cli_find_ech_specific_ctx(args[3], &sctx) != 1)
@ -324,6 +331,9 @@ static int cli_parse_set_ech(char **args, char *payload, struct appctx *appctx,
 	OSSL_ECHSTORE *es = NULL;
 	BIO *es_in = NULL;

+	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+		return 1;
+
 	if (!*args[3] || !payload)
 		return cli_err(appctx, "syntax: set ssl ech <name> <PEM file content>");
 	if (cli_find_ech_specific_ctx(args[3], &sctx) != 1)
@ -351,6 +361,9 @@ static int cli_parse_del_ech(char **args, char *payload, struct appctx *appctx,
 	char success_message[ECH_SUCCESS_MSG_MAX];
 	OSSL_ECHSTORE *es = NULL;

+	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
+		return 1;
+
 	if (!*args[3])
 		return cli_err(appctx, "syntax: del ssl ech <name>");
 	if (*args[4])