diff options
author | antirez <antirez@gmail.com> | 2020-02-04 13:19:40 +0100 |
---|---|---|
committer | antirez <antirez@gmail.com> | 2020-02-04 13:19:40 +0100 |
commit | 90fae58b49cbc0bf0be76fe889952a81f4c3aed1 (patch) | |
tree | 9d9a7b87b98191ed2ed70add82051594bf295eca | |
parent | 64a73e9293154482977cd530a2adc05f1fcc92f6 (diff) | |
download | redis-acl-log.tar.gz |
ACL LOG: make max log entries configurable.acl-log
-rw-r--r-- | src/acl.c | 6 | ||||
-rw-r--r-- | src/config.c | 1 | ||||
-rw-r--r-- | src/server.h | 1 | ||||
-rw-r--r-- | tests/unit/acl.tcl | 11 |
4 files changed, 19 insertions, 0 deletions
@@ -1576,6 +1576,12 @@ void addACLLogEntry(client *c, int reason, int keypos, sds username) { /* Add it to our list of entires. We'll have to trim the list * to its maximum size. */ listAddNodeHead(ACLLog, le); + while(listLength(ACLLog) > server.acllog_max_len) { + listNode *ln = listLast(ACLLog); + ACLLogEntry *le = listNodeValue(ln); + ACLFreeLogEntry(le); + listDelNode(ACLLog,ln); + } } } diff --git a/src/config.c b/src/config.c index 0526de84d..68a9b0c0d 100644 --- a/src/config.c +++ b/src/config.c @@ -2233,6 +2233,7 @@ standardConfig configs[] = { /* Unsigned Long configs */ createULongConfig("active-defrag-max-scan-fields", NULL, MODIFIABLE_CONFIG, 1, LONG_MAX, server.active_defrag_max_scan_fields, 1000, INTEGER_CONFIG, NULL, NULL), /* Default: keys with more than 1000 fields will be processed separately */ createULongConfig("slowlog-max-len", NULL, MODIFIABLE_CONFIG, 0, LONG_MAX, server.slowlog_max_len, 128, INTEGER_CONFIG, NULL, NULL), + createULongConfig("acllog-max-len", NULL, MODIFIABLE_CONFIG, 0, LONG_MAX, server.acllog_max_len, 128, INTEGER_CONFIG, NULL, NULL), /* Long Long configs */ createLongLongConfig("lua-time-limit", NULL, MODIFIABLE_CONFIG, 0, LONG_MAX, server.lua_time_limit, 5000, INTEGER_CONFIG, NULL, NULL),/* milliseconds */ diff --git a/src/server.h b/src/server.h index 637ceec1e..f2040436c 100644 --- a/src/server.h +++ b/src/server.h @@ -1385,6 +1385,7 @@ struct redisServer { dict *latency_events; /* ACLs */ char *acl_filename; /* ACL Users file. NULL if not configured. */ + unsigned long acllog_max_len; /* Maximum length of the ACL LOG list. */ /* Assert & bug reporting */ const char *assert_failed; const char *assert_file; diff --git a/tests/unit/acl.tcl b/tests/unit/acl.tcl index 0e6d5c66a..fc1664a75 100644 --- a/tests/unit/acl.tcl +++ b/tests/unit/acl.tcl @@ -237,4 +237,15 @@ start_server {tags {"acl"}} { assert {[dict get $entry object] eq {AUTH}} assert {[dict get $entry username] eq {antirez}} } + + test {ACL LOG entries are limited to a maximum amount} { + r ACL LOG RESET + r CONFIG SET acllog-max-len 5 + r AUTH antirez foo + for {set j 0} {$j < 10} {incr j} { + catch {r SET obj:$j 123} + } + r AUTH default "" + assert {[llength [r ACL LOG]] == 5} + } } |