MINOR: spoe: add force-set-var option in spoe-agent configuration

For security reasons, the spoe filter was only able to change values of
existing variables. In specific cases (ex : with LUA code), the name of
variables are unknown at the configuration parsing phase.
The force-set-var option can be enabled to register all variables.

doc/SPOE.txt

@@ -239,6 +239,15 @@ option continue-on-error
   When set, this option bypass this behaviour and only the current event will
   be ignored.
 
+option force-set-var
+  By default, SPOE filter only register already known variables (mainly from
+  parsing of the configuration). If you want that haproxy trusts the agent and
+  registers all variables (ex: can be useful for LUA workload), activate this
+  option.
+
+  Caution : this option opens to a variety of attacks such as a rogue SPOA that
+  asks to register too many variables.
+
 
 option pipelining
 no option pipelining
@@ -310,8 +319,9 @@ option var-prefix <prefix>
   "myvar" in the "txn" scope, with the prefix "my_spoe_pfx", then you should
   use "txn.my_spoe_pfx.myvar" name in your HAProxy configuration.
 
-  An agent will never set new variables at runtime. It can only set new value
+  By default, an agent will never set new variables at runtime: It can only set
-  for existing ones.
+  new value for existing ones. If you want a different behaviour, see
+  force-set-var option
 
 
 timeout hello <timeout>

include/types/spoe.h

@@ -43,6 +43,7 @@
 #define SPOE_FL_ASYNC             0x00000004 /* Set when SPOE agent supports async (set by default) */
 #define SPOE_FL_SND_FRAGMENTATION 0x00000008 /* Set when SPOE agent supports sending fragmented payload */
 #define SPOE_FL_RCV_FRAGMENTATION 0x00000010 /* Set when SPOE agent supports receiving fragmented payload */
+#define SPOE_FL_FORCE_SET_VAR     0x00000020 /* Set when SPOE agent will set all variables from agent (and not only known variables) */
 
 /* Flags set on the SPOE context */
 #define SPOE_CTX_FL_CLI_CONNECTED 0x00000001 /* Set after that on-client-session event was processed */

src/flt_spoe.c

@@ -2307,7 +2307,10 @@ spoe_set_var(struct spoe_context *ctx, char *scope, char *name, int len,
 	memset(varname, 0, sizeof(varname));
 	len = snprintf(varname, sizeof(varname), "%s.%s.%.*s",
 		       scope, agent->var_pfx, len, name);
-	vars_set_by_name_ifexist(varname, len, smp);
+	if (agent->flags & SPOE_FL_FORCE_SET_VAR)
+		vars_set_by_name(varname, len, smp);
+	else
+		vars_set_by_name_ifexist(varname, len, smp);
 }
 
 /* Helper function to unset a variable */
@@ -3399,6 +3402,11 @@ cfg_parse_spoe_agent(const char *file, int linenum, char **args, int kwm)
 			}
 			curagent->var_pfx = strdup(args[2]);
 		}
+		else if (!strcmp(args[1], "force-set-var")) {
+			if (alertif_too_many_args(1, file, linenum, args, &err_code))
+				goto out;
+			curagent->flags |= SPOE_FL_FORCE_SET_VAR;
+		}
 		else if (!strcmp(args[1], "continue-on-error")) {
 			if (alertif_too_many_args(1, file, linenum, args, &err_code))
 				goto out;