ACL: the AUTH command can be always executed.

author: antirez <antirez@gmail.com> 2019-01-15 18:26:44 +0100
committer: antirez <antirez@gmail.com> 2019-01-15 18:26:44 +0100
commit: c79b01f4baf8948a22fdca96a73710466b4fcd41 (patch)
tree: d8639780379b532b7569ac41de12c0fa5871df86
parent: cca64672f418aa793ed36fcb6da8977ea11b240a (diff)
download: redis-c79b01f4baf8948a22fdca96a73710466b4fcd41.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/src/acl.c b/src/acl.c
index 3191ebc6b..38c4f89b3 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -298,7 +298,9 @@ int ACLCheckCommandPerm(client *c) {
     if (c->cmd->id >= USER_MAX_COMMAND_BIT) return C_ERR;
 
     /* Check if the user can execute this command. */
-    if (!(u->flags & USER_FLAG_ALLCOMMANDS)) {
+    if (!(u->flags & USER_FLAG_ALLCOMMANDS) &&
+        c->cmd->proc != authCommand)
+    {
         uint64_t wordid = id / sizeof(u->allowed_commands[0]) / 8;
         uint64_t bit = 1 << (id % (sizeof(u->allowed_commands[0] * 8)));
         /* If the bit is not set we have to check further, in case the
author	antirez <antirez@gmail.com>	2019-01-15 18:26:44 +0100
committer	antirez <antirez@gmail.com>	2019-01-15 18:26:44 +0100
commit	c79b01f4baf8948a22fdca96a73710466b4fcd41 (patch)
tree	d8639780379b532b7569ac41de12c0fa5871df86
parent	cca64672f418aa793ed36fcb6da8977ea11b240a (diff)
download	redis-c79b01f4baf8948a22fdca96a73710466b4fcd41.tar.gz