diff options
author | hujie <hujiecs@qq.com> | 2020-05-19 00:58:58 +0800 |
---|---|---|
committer | hujie <hujiecs@qq.com> | 2020-05-19 00:58:58 +0800 |
commit | edc1f7b176af202794a23dbb679128d09f16740a (patch) | |
tree | 1d8bb30f0f327ca3e88df0ded225cdfa0ba6c917 | |
parent | bf3a67be437e6a3cd5189116d9ad628492db0c4d (diff) | |
download | redis-edc1f7b176af202794a23dbb679128d09f16740a.tar.gz |
fix clear USER_FLAG_ALLCOMMANDS flag in acl
in ACLSetUserCommandBit, when the command bit overflows, no operation
is performed, so no need clear the USER_FLAG_ALLCOMMANDS flag.
in ACLSetUser, when adding subcommand, we don't need to call
ACLGetCommandID ahead since subcommand may be empty.
-rw-r--r-- | src/acl.c | 9 |
1 files changed, 5 insertions, 4 deletions
@@ -375,12 +375,13 @@ int ACLUserCanExecuteFutureCommands(user *u) { * to skip the command bit explicit test. */ void ACLSetUserCommandBit(user *u, unsigned long id, int value) { uint64_t word, bit; - if (value == 0) u->flags &= ~USER_FLAG_ALLCOMMANDS; if (ACLGetCommandBitCoordinates(id,&word,&bit) == C_ERR) return; - if (value) + if (value) { u->allowed_commands[word] |= bit; - else + } else { u->allowed_commands[word] &= ~bit; + u->flags &= ~USER_FLAG_ALLCOMMANDS; + } } /* This is like ACLSetUserCommandBit(), but instead of setting the specified @@ -845,7 +846,6 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) { errno = ENOENT; return C_ERR; } - unsigned long id = ACLGetCommandID(copy); /* The subcommand cannot be empty, so things like DEBUG| * are syntax errors of course. */ @@ -858,6 +858,7 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) { /* The command should not be set right now in the command * bitmap, because adding a subcommand of a fully added * command is probably an error on the user side. */ + unsigned long id = ACLGetCommandID(copy); if (ACLGetUserCommandBit(u,id) == 1) { zfree(copy); errno = EBUSY; |