ACL: define category names and flags.

2025-03-17 16:10:50 +00:00 · 2019-01-23 16:47:29 +01:00 · 2019-01-23 16:47:29 +01:00 · 91ec53ed13
commit 91ec53ed13
parent c5e717c637
2 changed files with 68 additions and 18 deletions
--- a/src/acl.c
+++ b/src/acl.c
@ -39,6 +39,33 @@ user *DefaultUser;   /* Global reference to the default user.
                        AUTH or HELLO is used to authenticate with a
                        different user. */

+struct ACLCategoryItem {
+    const char *name;
+    uint64_t flag;
+} ACLCommandCategories[] = {
+    {"keyspace", CMD_CATEGORY_KEYSPACE},
+    {"read", CMD_CATEGORY_READ},
+    {"write", CMD_CATEGORY_WRITE},
+    {"set", CMD_CATEGORY_SET},
+    {"sortedset", CMD_CATEGORY_SORTEDSET},
+    {"list", CMD_CATEGORY_LIST},
+    {"hash", CMD_CATEGORY_HASH},
+    {"string", CMD_CATEGORY_STRING},
+    {"bitmap", CMD_CATEGORY_BITMAP},
+    {"hyperloglog", CMD_CATEGORY_HYPERLOGLOG},
+    {"geo", CMD_CATEGORY_GEO},
+    {"stream", CMD_CATEGORY_STREAM},
+    {"pubsub", CMD_CATEGORY_PUBSUB},
+    {"admin", CMD_CATEGORY_ADMIN},
+    {"fast", CMD_CATEGORY_FAST},
+    {"slow", CMD_CATEGORY_SLOW},
+    {"blocking", CMD_CATEGORY_BLOCKING},
+    {"dangerous", CMD_CATEGORY_DANGEROUS},
+    {"connection", CMD_CATEGORY_CONNECTION},
+    {"transaction", CMD_CATEGORY_TRANSACTION},
+    {"scripting", CMD_CATEGORY_SCRIPTING}
+};
+
 /* =============================================================================
 * Helper functions for the rest of the ACL implementation
 * ==========================================================================*/
--- a/src/server.h
+++ b/src/server.h
@ -202,24 +202,47 @@ typedef long long mstime_t; /* millisecond time type. */

 /* Command flags. Please check the command table defined in the redis.c file
 * for more information about the meaning of every flag. */
-#define CMD_WRITE (1<<0)            /* "write" flag */
-#define CMD_READONLY (1<<1)         /* "read-only" flag */
-#define CMD_DENYOOM (1<<2)          /* "use-memory" flag */
-#define CMD_MODULE (1<<3)           /* Command exported by module. */
-#define CMD_ADMIN (1<<4)            /* "admin" flag */
-#define CMD_PUBSUB (1<<5)           /* "pub-sub" flag */
-#define CMD_NOSCRIPT (1<<6)         /* "no-script" flag */
-#define CMD_RANDOM (1<<7)           /* "random" flag */
-#define CMD_SORT_FOR_SCRIPT (1<<8)  /* "to-sort" flag */
-#define CMD_LOADING (1<<9)          /* "ok-loading" flag */
-#define CMD_STALE (1<<10)           /* "ok-stale" flag */
-#define CMD_SKIP_MONITOR (1<<11)    /* "no-monitor" flag */
-#define CMD_ASKING (1<<12)          /* "cluster-asking" flag */
-#define CMD_FAST (1<<13)            /* "fast" flag */
+#define CMD_WRITE (1ULL<<0)            /* "write" flag */
+#define CMD_READONLY (1ULL<<1)         /* "read-only" flag */
+#define CMD_DENYOOM (1ULL<<2)          /* "use-memory" flag */
+#define CMD_MODULE (1ULL<<3)           /* Command exported by module. */
+#define CMD_ADMIN (1ULL<<4)            /* "admin" flag */
+#define CMD_PUBSUB (1ULL<<5)           /* "pub-sub" flag */
+#define CMD_NOSCRIPT (1ULL<<6)         /* "no-script" flag */
+#define CMD_RANDOM (1ULL<<7)           /* "random" flag */
+#define CMD_SORT_FOR_SCRIPT (1ULL<<8)  /* "to-sort" flag */
+#define CMD_LOADING (1ULL<<9)          /* "ok-loading" flag */
+#define CMD_STALE (1ULL<<10)           /* "ok-stale" flag */
+#define CMD_SKIP_MONITOR (1ULL<<11)    /* "no-monitor" flag */
+#define CMD_ASKING (1ULL<<12)          /* "cluster-asking" flag */
+#define CMD_FAST (1ULL<<13)            /* "fast" flag */

 /* Command flags used by the module system. */
-#define CMD_MODULE_GETKEYS (1<<14)  /* Use the modules getkeys interface. */
-#define CMD_MODULE_NO_CLUSTER (1<<15) /* Deny on Redis Cluster. */
+#define CMD_MODULE_GETKEYS (1ULL<<14)  /* Use the modules getkeys interface. */
+#define CMD_MODULE_NO_CLUSTER (1ULL<<15) /* Deny on Redis Cluster. */
+
+/* Command flags that describe ACLs categories. */
+#define CMD_CATEGORY_KEYSPACE (1ULL<<16)
+#define CMD_CATEGORY_READ (1ULL<<17)
+#define CMD_CATEGORY_WRITE (1ULL<<18)
+#define CMD_CATEGORY_SET (1ULL<<19)
+#define CMD_CATEGORY_SORTEDSET (1ULL<<20)
+#define CMD_CATEGORY_LIST (1ULL<<21)
+#define CMD_CATEGORY_HASH (1ULL<<22)
+#define CMD_CATEGORY_STRING (1ULL<<23)
+#define CMD_CATEGORY_BITMAP (1ULL<<24)
+#define CMD_CATEGORY_HYPERLOGLOG (1ULL<<25)
+#define CMD_CATEGORY_GEO (1ULL<<26)
+#define CMD_CATEGORY_STREAM (1ULL<<27)
+#define CMD_CATEGORY_PUBSUB (1ULL<<28)
+#define CMD_CATEGORY_ADMIN (1ULL<<29)
+#define CMD_CATEGORY_FAST (1ULL<<30)
+#define CMD_CATEGORY_SLOW (1ULL<<31)
+#define CMD_CATEGORY_BLOCKING (1ULL<<32)
+#define CMD_CATEGORY_DANGEROUS (1ULL<<33)
+#define CMD_CATEGORY_CONNECTION (1ULL<<34)
+#define CMD_CATEGORY_TRANSACTION (1ULL<<35)
+#define CMD_CATEGORY_SCRIPTING (1ULL<<36)

 /* AOF states */
 #define AOF_OFF 0             /* AOF is off */
@ -1340,8 +1363,8 @@ struct redisCommand {
    char *name;
    redisCommandProc *proc;
    int arity;
-    char *sflags; /* Flags as string representation, one char per flag. */
-    int flags;    /* The actual flags, obtained from the 'sflags' field. */
+    char *sflags;   /* Flags as string representation, one char per flag. */
+    uint64_t flags; /* The actual flags, obtained from the 'sflags' field. */
    /* Use a function to determine keys arguments in a command line.
     * Used for Redis Cluster redirect. */
    redisGetKeysProc *getkeys_proc;