detect: make multi tenancy a global switch

At start up we will set this flag based on "multi-detect.enabled".

src/detect-engine.c

@@ -103,7 +103,7 @@ static DetectEngineThreadCtx *DetectEngineThreadCtxInitForReload(
 
 static uint8_t DetectEngineCtxLoadConf(DetectEngineCtx *);
 
-static DetectEngineMasterCtx g_master_de_ctx = { SCMUTEX_INITIALIZER, NULL, NULL, };
+static DetectEngineMasterCtx g_master_de_ctx = { SCMUTEX_INITIALIZER, 0, NULL, NULL, };
 
 static DetectEngineThreadCtx *DetectEngineThreadCtxInitForMT(ThreadVars *tv);
 
@@ -1658,6 +1658,25 @@ DetectEngineCtx *DetectEngineReference(DetectEngineCtx *de_ctx)
     return de_ctx;
 }
 
+/** TODO locking? Not needed if this is a one time setting at startup */
+int DetectEngineMultiTenantEnabled(void)
+{
+    DetectEngineMasterCtx *master = &g_master_de_ctx;
+    return (master->multi_tenant_enabled);
+}
+
+void DetectEngineMultiTenantSetup(void)
+{
+    DetectEngineMasterCtx *master = &g_master_de_ctx;
+    int enabled = 0;
+    (void)ConfGetBool("multi-detect.enabled", &enabled);
+    if (enabled == 1) {
+        master->multi_tenant_enabled = 1;
+    }
+    SCLogInfo("multi-detect is %s (multi tenancy)",
+            master->multi_tenant_enabled ? "enabled" : "disabled");
+}
+
 DetectEngineCtx *DetectEngineGetByTenantId(int tenant_id)
 {
     DetectEngineMasterCtx *master = &g_master_de_ctx;

src/detect-engine.h

@@ -78,6 +78,8 @@ void DetectEngineDeReference(DetectEngineCtx **de_ctx);
 int DetectEngineReload(const char *filename);
 int DetectEngineEnabled(void);
 int DetectEngineMTApply(void);
+int DetectEngineMultiTenantEnabled(void);
+void DetectEngineMultiTenantSetup(void);
 
 int DetectEngineReloadStart(void);
 int DetectEngineReloadIsStart(void);

src/detect.h

@@ -1047,6 +1047,9 @@ typedef struct SigGroupHead_ {
 typedef struct DetectEngineMasterCtx_ {
     SCMutex lock;
 
+    /** enable multi tenant mode */
+    int multi_tenant_enabled;
+
     /** list of active detection engines. This list is used to generate the
      *  threads det_ctx's */
     DetectEngineCtx *list;

src/runmode-unix-socket.c

@@ -418,6 +418,12 @@ TmEcode UnixSocketRegisterTenant(json_t *cmd, json_t* answer, void *data)
     struct stat st;
 #endif /* OS_WIN32 */
 
+    if (!(DetectEngineMultiTenantEnabled())) {
+        SCLogInfo("error: multi-tenant support not enabled");
+        json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
+        return TM_ECODE_FAILED;
+    }
+
     /* 1 get tenant id */
     json_t *jarg = json_object_get(cmd, "id");
     if (!json_is_integer(jarg)) {
@@ -498,6 +504,12 @@ TmEcode UnixSocketRegisterTenant(json_t *cmd, json_t* answer, void *data)
  */
 TmEcode UnixSocketUnregisterTenant(json_t *cmd, json_t* answer, void *data)
 {
+    if (!(DetectEngineMultiTenantEnabled())) {
+        SCLogInfo("error: multi-tenant support not enabled");
+        json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
+        return TM_ECODE_FAILED;
+    }
+
     /* 1 get tenant id */
     json_t *jarg = json_object_get(cmd, "id");
     if (!json_is_integer(jarg)) {

src/suricata.c

@@ -2270,6 +2270,7 @@ int main(int argc, char **argv)
     if (!suri.disabled_detect) {
         SCClassConfInit();
         SCReferenceConfInit();
+        DetectEngineMultiTenantSetup();
         SetupDelayedDetect(&suri);
         if (!suri.delayed_detect) {
             de_ctx = DetectEngineCtxInit();