mirror of
https://github.com/fluencelabs/redis
synced 2025-03-19 00:50:50 +00:00
ACL: don't allow patterns after the * pattern.
This commit is contained in:
parent
77471dfe86
commit
0960259835
11
src/acl.c
11
src/acl.c
@ -493,6 +493,8 @@ void ACLAddAllowedSubcommand(user *u, unsigned long id, const char *sub) {
|
|||||||
* known.
|
* known.
|
||||||
* EBUSY: The subcommand you want to add is about a command that is currently
|
* EBUSY: The subcommand you want to add is about a command that is currently
|
||||||
* fully added.
|
* fully added.
|
||||||
|
* EEXIST: You are adding a key pattern after "*" was already added. This is
|
||||||
|
* almost surely an error on the user side.
|
||||||
*/
|
*/
|
||||||
int ACLSetUser(user *u, const char *op, ssize_t oplen) {
|
int ACLSetUser(user *u, const char *op, ssize_t oplen) {
|
||||||
if (oplen == -1) oplen = strlen(op);
|
if (oplen == -1) oplen = strlen(op);
|
||||||
@ -538,6 +540,10 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) {
|
|||||||
if (ln) listDelNode(u->passwords,ln);
|
if (ln) listDelNode(u->passwords,ln);
|
||||||
sdsfree(delpass);
|
sdsfree(delpass);
|
||||||
} else if (op[0] == '~') {
|
} else if (op[0] == '~') {
|
||||||
|
if (u->flags & USER_FLAG_ALLKEYS) {
|
||||||
|
errno = EEXIST;
|
||||||
|
return C_ERR;
|
||||||
|
}
|
||||||
sds newpat = sdsnewlen(op+1,oplen-1);
|
sds newpat = sdsnewlen(op+1,oplen-1);
|
||||||
listNode *ln = listSearchKey(u->patterns,newpat);
|
listNode *ln = listSearchKey(u->patterns,newpat);
|
||||||
/* Avoid re-adding the same pattern multiple times. */
|
/* Avoid re-adding the same pattern multiple times. */
|
||||||
@ -830,6 +836,11 @@ void aclCommand(client *c) {
|
|||||||
errmsg = "adding a subcommand of a command already fully "
|
errmsg = "adding a subcommand of a command already fully "
|
||||||
"added is not allowed. Remove the command to start. "
|
"added is not allowed. Remove the command to start. "
|
||||||
"Example: -DEBUG +DEBUG|DIGEST";
|
"Example: -DEBUG +DEBUG|DIGEST";
|
||||||
|
else if (errno == EEXIST)
|
||||||
|
errmsg = "adding a pattern after the * pattern (or the "
|
||||||
|
"'allkeys' flag) is not valid and does not have any "
|
||||||
|
"effect. Try 'resetkeys' to start with an empty "
|
||||||
|
"list of patterns";
|
||||||
addReplyErrorFormat(c,
|
addReplyErrorFormat(c,
|
||||||
"Error in ACL SETUSER modifier '%s': %s",
|
"Error in ACL SETUSER modifier '%s': %s",
|
||||||
(char*)c->argv[j]->ptr, errmsg);
|
(char*)c->argv[j]->ptr, errmsg);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user