diff --git a/doc/management.txt b/doc/management.txt index 890f26058..1a2e1322d 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -1459,10 +1459,14 @@ clear table [ data. ] | [ key ] >>> # table: http_proxy, type: ip, size:204800, used:1 debug dev [args]* - Call a developer-specific command. Only supported when haproxy is built with - DEBUG_DEV defined. Supported commands are then listed in the help message. - All of these commands require admin privileges, and must never appear on a - production system as most of them are unsafe and dangerous. + Call a developer-specific command. Only supported on a CLI connection running + in expert mode (see "expert-mode on"). Such commands are extremely dangerous + and not forgiving, any misuse may result in a crash of the process. They are + intended for experts only, and must really not be used unless told to do so. + Some of them are only available when haproxy is built with DEBUG_DEV defined + because they may have security implications. All of these commands require + admin privileges, and are purposely not documented to avoid encouraging their + use by people who are not at ease with the source code. del acl [|#] Delete all the acl entries from the acl corresponding to the key . diff --git a/src/debug.c b/src/debug.c index ebb95c7e0..ae788e12f 100644 --- a/src/debug.c +++ b/src/debug.c @@ -206,7 +206,6 @@ void ha_panic() abort(); } -#if defined(DEBUG_DEV) /* parse a "debug dev exit" command. It always returns 1, though it should never return. */ static int debug_parse_cli_exit(char **args, char *payload, struct appctx *appctx, void *private) { @@ -301,6 +300,7 @@ static int debug_parse_cli_panic(char **args, char *payload, struct appctx *appc } /* parse a "debug dev exec" command. It always returns 1. */ +#if defined(DEBUG_DEV) static int debug_parse_cli_exec(char **args, char *payload, struct appctx *appctx, void *private) { FILE *f; @@ -336,6 +336,7 @@ static int debug_parse_cli_exec(char **args, char *payload, struct appctx *appct trash.area[trash.data] = 0; return cli_msg(appctx, LOG_INFO, trash.area); } +#endif /* parse a "debug dev hex" command. It always returns 1. */ static int debug_parse_cli_hex(char **args, char *payload, struct appctx *appctx, void *private) @@ -539,8 +540,6 @@ static int debug_parse_cli_stream(char **args, char *payload, struct appctx *app return 1; } -#endif - #ifndef USE_THREAD_DUMP /* This function dumps all threads' state to the trash. This version is the @@ -661,19 +660,19 @@ REGISTER_PER_THREAD_INIT(init_debug_per_thread); /* register cli keywords */ static struct cli_kw_list cli_kws = {{ },{ + {{ "debug", "dev", "close", NULL }, "debug dev close : close this file descriptor", debug_parse_cli_close, NULL, NULL, NULL, ACCESS_EXPERT }, + {{ "debug", "dev", "delay", NULL }, "debug dev delay [ms] : sleep this long", debug_parse_cli_delay, NULL, NULL, NULL, ACCESS_EXPERT }, #if defined(DEBUG_DEV) - {{ "debug", "dev", "close", NULL }, "debug dev close : close this file descriptor", debug_parse_cli_close, NULL }, - {{ "debug", "dev", "delay", NULL }, "debug dev delay [ms] : sleep this long", debug_parse_cli_delay, NULL }, - {{ "debug", "dev", "exec", NULL }, "debug dev exec [cmd] ... : show this command's output", debug_parse_cli_exec, NULL }, - {{ "debug", "dev", "exit", NULL }, "debug dev exit [code] : immediately exit the process", debug_parse_cli_exit, NULL }, - {{ "debug", "dev", "hex", NULL }, "debug dev hex [len]: dump a memory area", debug_parse_cli_hex, NULL }, - {{ "debug", "dev", "log", NULL }, "debug dev log [msg] ... : send this msg to global logs", debug_parse_cli_log, NULL }, - {{ "debug", "dev", "loop", NULL }, "debug dev loop [ms] : loop this long", debug_parse_cli_loop, NULL }, - {{ "debug", "dev", "panic", NULL }, "debug dev panic : immediately trigger a panic", debug_parse_cli_panic, NULL }, - {{ "debug", "dev", "stream",NULL }, "debug dev stream ... : show/manipulate stream flags", debug_parse_cli_stream,NULL }, - {{ "debug", "dev", "tkill", NULL }, "debug dev tkill [thr] [sig] : send signal to thread", debug_parse_cli_tkill, NULL }, + {{ "debug", "dev", "exec", NULL }, "debug dev exec [cmd] ... : show this command's output", debug_parse_cli_exec, NULL, NULL, NULL, ACCESS_EXPERT }, #endif - { { "show", "threads", NULL }, "show threads : show some threads debugging information", NULL, cli_io_handler_show_threads, NULL }, + {{ "debug", "dev", "exit", NULL }, "debug dev exit [code] : immediately exit the process", debug_parse_cli_exit, NULL, NULL, NULL, ACCESS_EXPERT }, + {{ "debug", "dev", "hex", NULL }, "debug dev hex [len]: dump a memory area", debug_parse_cli_hex, NULL, NULL, NULL, ACCESS_EXPERT }, + {{ "debug", "dev", "log", NULL }, "debug dev log [msg] ... : send this msg to global logs", debug_parse_cli_log, NULL, NULL, NULL, ACCESS_EXPERT }, + {{ "debug", "dev", "loop", NULL }, "debug dev loop [ms] : loop this long", debug_parse_cli_loop, NULL, NULL, NULL, ACCESS_EXPERT }, + {{ "debug", "dev", "panic", NULL }, "debug dev panic : immediately trigger a panic", debug_parse_cli_panic, NULL, NULL, NULL, ACCESS_EXPERT }, + {{ "debug", "dev", "stream",NULL }, "debug dev stream ... : show/manipulate stream flags", debug_parse_cli_stream,NULL, NULL, NULL, ACCESS_EXPERT }, + {{ "debug", "dev", "tkill", NULL }, "debug dev tkill [thr] [sig] : send signal to thread", debug_parse_cli_tkill, NULL, NULL, NULL, ACCESS_EXPERT }, + {{ "show", "threads", NULL, NULL }, "show threads : show some threads debugging information", NULL, cli_io_handler_show_threads, NULL }, {{},} }};