diff options
| author | Madelyn Olson <madelyneolson@gmail.com> | 2020-10-27 12:47:02 -0700 |
|---|---|---|
| committer | Oran Agra <oran@redislabs.com> | 2021-01-12 16:25:37 +0200 |
| commit | 8119259bb6ff3ab75995ba2f51ca4884dabb0540 (patch) | |
| tree | ceb2a9e167ee229b6f4fbab60a1f08232d74ae61 | |
| parent | e664f38170f2205f3c23822d527208590b5071c5 (diff) | |
| download | redis-8119259bb6ff3ab75995ba2f51ca4884dabb0540.tar.gz | |
White space tweaks and skip categories already applied
(cherry picked from commit d310beb4170ebbc8985ae120ee301f9213d33e39)
| -rw-r--r-- | src/acl.c | 15 |
1 files changed, 12 insertions, 3 deletions
@@ -484,6 +484,12 @@ sds ACLDescribeUserCommandRules(user *u) { * already applied. */ user tu = {0}; user *tempuser = &tu; + + /* Keep track of the categories that have been applied, to prevent + * applying them twice. */ + char applied[sizeof(ACLCommandCategories)/sizeof(ACLCommandCategories[0])]; + memset(applied, 0, sizeof(applied)); + memcpy(tempuser->allowed_commands, u->allowed_commands, sizeof(u->allowed_commands)); @@ -491,9 +497,10 @@ sds ACLDescribeUserCommandRules(user *u) { int best = -1; unsigned long mindiff = INT_MAX, maxsame = 0; for (int j = 0; ACLCommandCategories[j].flag != 0; j++) { + if (applied[j]) continue; + unsigned long on, off, diff, same; ACLCountCategoryBitsForUser(tempuser,&on,&off,ACLCommandCategories[j].name); - /* Check if the current category is the best this loop: * * It has more commands in common with the user than commands * that are different. @@ -505,7 +512,8 @@ sds ACLDescribeUserCommandRules(user *u) { diff = additive ? off : on; same = additive ? on : off; if (same > diff && - ((diff < mindiff) || (diff == mindiff && same > maxsame))) { + ((diff < mindiff) || (diff == mindiff && same > maxsame))) + { best = j; mindiff = diff; maxsame = same; @@ -527,8 +535,9 @@ sds ACLDescribeUserCommandRules(user *u) { rules = sdscatlen(rules," ",1); sdsfree(op); sdsfree(invop); - } + applied[best] = 1; + } /* Fix the final ACLs with single commands differences. */ dictIterator *di = dictGetIterator(server.orig_commands); |