diff options
| author | Oran Agra <oran@redislabs.com> | 2021-10-25 13:01:25 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-25 13:01:25 +0300 |
| commit | 085615af97c658530153e0040b35d8e65a384379 (patch) | |
| tree | 2c1dd33b77b4c5fb59b9249b9b27748773c4f016 | |
| parent | 6cf6c36937ab276dba3f8a23fc16b2f10c0bc072 (diff) | |
| download | redis-085615af97c658530153e0040b35d8e65a384379.tar.gz | |
Improve code doc of allowed_firstargs following #9504 (#9674)
Improve code doc for allowed_firstargs (used to be allowed_commands before #9504.
I don't think the text in the code needs to refer to the history (it's not there just for backwards compatibility).
instead it should just describe what it does.
| -rw-r--r-- | src/server.h | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/src/server.h b/src/server.h index 21d5fcd65..569702c52 100644 --- a/src/server.h +++ b/src/server.h @@ -930,21 +930,17 @@ typedef struct { * understand if the command can be executed. */ uint64_t allowed_commands[USER_COMMAND_BITS_COUNT/64]; - /* NOTE: allowed_firstargs is a transformation of the old mechanism for allowing - * subcommands (now, subcommands are actually commands, with their own - * ACL ID) - * We had to keep allowed_firstargs (previously called allowed_subcommands) - * in order to support the widespread abuse of ACL rules to block a command - * with a specific argv[1] (which is not a subcommand at all). + /* allowed_firstargs is used by ACL rules to block access to a command unless a + * specific argv[1] is given (or argv[2] in case it is applied on a sub-command). * For example, a user can use the rule "-select +select|0" to block all * SELECT commands, except "SELECT 0". - * It can also be applied for subcommands: "+config -config|set +config|set|loglevel" + * And for a sub-command: "+config -config|set +config|set|loglevel" * - * This array points, for each command ID (corresponding to the command - * bit set in allowed_commands), to an array of SDS strings, terminated by - * a NULL pointer, with all the first-args that are allowed for - * this command. When no first-arg matching is used, the field is just - * set to NULL to avoid allocating USER_COMMAND_BITS_COUNT pointers. */ + * For each command ID (corresponding to the command bit set in allowed_commands), + * This array points to an array of SDS strings, terminated by a NULL pointer, + * with all the first-args that are allowed for this command. When no first-arg + * matching is used, the field is just set to NULL to avoid allocating + * USER_COMMAND_BITS_COUNT pointers. */ sds **allowed_firstargs; list *passwords; /* A list of SDS valid passwords for this user. */ list *patterns; /* A list of allowed key patterns. If this field is NULL |