From 7fb9e2b4ce0f29fe0eeeb5f74b1310e54144f63a Mon Sep 17 00:00:00 2001 From: antirez Date: Mon, 28 Jan 2019 18:27:41 +0100 Subject: [PATCH] ACL: reset the subcommands table on +@all / -@all. This also is a bugfix because after -@all the previously enabled subcommands would remain valid. --- src/acl.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/acl.c b/src/acl.c index 132ad79a..5d264f1d 100644 --- a/src/acl.c +++ b/src/acl.c @@ -248,6 +248,17 @@ void ACLResetSubcommandsForCommand(user *u, unsigned long id) { } } +/* Flush the entire table of subcommands. This is useful on +@all, -@all + * or similar to return back to the minimal memory usage (and checks to do) + * for the user. */ +void ACLResetSubcommands(user *u) { + if (u->allowed_subcommands == NULL) return; + for (int j = 0; j < USER_COMMAND_BITS_COUNT; j++) + if (u->allowed_subcommands[j]) zfree(u->allowed_subcommands[j]); + zfree(u->allowed_subcommands); + u->allowed_subcommands = NULL; +} + /* Set user properties according to the string "op". The following * is a description of what different strings will do: * @@ -330,11 +341,13 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) { { memset(u->allowed_commands,255,sizeof(u->allowed_commands)); u->flags |= USER_FLAG_ALLCOMMANDS; + ACLResetSubcommands(u); } else if (!strcasecmp(op,"nocommands") || !strcasecmp(op,"-@all")) { memset(u->allowed_commands,0,sizeof(u->allowed_commands)); u->flags &= ~USER_FLAG_ALLCOMMANDS; + ACLResetSubcommands(u); } else if (!strcasecmp(op,"nopass")) { u->flags |= USER_FLAG_NOPASS; listEmpty(u->passwords);