ACL: key matching implemented.

author: antirez <antirez@gmail.com> 2019-01-16 13:39:04 +0100
committer: antirez <antirez@gmail.com> 2019-01-16 13:39:04 +0100
commit: f78b3ede2735397704fd452619efcbdac37254f6 (patch)
tree: d3c4c5299903f92f24bdfc36edac8cab260632d0
parent: 0db42d4ba8148a1e493f2da208d4bcf509716870 (diff)
download: redis-f78b3ede2735397704fd452619efcbdac37254f6.tar.gz
1 files changed, 23 insertions, 0 deletions
diff --git a/src/acl.c b/src/acl.c
index e03c2a1b6..edc75de6d 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -330,6 +330,29 @@ int ACLCheckCommandPerm(client *c) {
     if (!(c->user->flags & USER_FLAG_ALLKEYS) &&
         (c->cmd->getkeys_proc || c->cmd->firstkey))
     {
+        int numkeys;
+        int *keyidx = getKeysFromCommand(c->cmd,c->argv,c->argc,&numkeys);
+        for (int j = 0; j < numkeys; j++) {
+            listIter li;
+            listNode *ln;
+            listRewind(u->passwords,&li);
+
+            /* Test this key against every pattern. */
+            match = 0;
+            while((ln = listNext(&li))) {
+                sds pattern = listNodeValue(ln);
+                size_t plen = sdslen(pattern);
+                int idx = keyidx[j];
+                if (stringmatchlen(pattern,plen,c->argv[idx]->ptr,
+                                   sdslen(c->argv[idx]->ptr),0))
+                {
+                    match = 1;
+                    break;
+                }
+            }
+            if (!match) return C_ERR;
+        }
+        getKeysFreeResult(keyidx);
     }
 
     /* If we survived all the above checks, the user can execute the
author	antirez <antirez@gmail.com>	2019-01-16 13:39:04 +0100
committer	antirez <antirez@gmail.com>	2019-01-16 13:39:04 +0100
commit	f78b3ede2735397704fd452619efcbdac37254f6 (patch)
tree	d3c4c5299903f92f24bdfc36edac8cab260632d0
parent	0db42d4ba8148a1e493f2da208d4bcf509716870 (diff)
download	redis-f78b3ede2735397704fd452619efcbdac37254f6.tar.gz