diff options
author | Madelyn Olson <34459052+madolson@users.noreply.github.com> | 2020-10-07 22:09:09 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-07 22:09:09 -0700 |
commit | 2127f7c8ebc1d8638eb0c99764f698cebcdb6513 (patch) | |
tree | 4ae8dbbb4a09d46568f56cd78b16c0dc0933948b /src/acl.c | |
parent | f659d236196ec57b02148031f425cf8864ed77ad (diff) | |
download | redis-2127f7c8ebc1d8638eb0c99764f698cebcdb6513.tar.gz |
Fixed excessive categories being displayed from acls (#7889)
Diffstat (limited to 'src/acl.c')
-rw-r--r-- | src/acl.c | 17 |
1 files changed, 15 insertions, 2 deletions
@@ -478,17 +478,30 @@ sds ACLDescribeUserCommandRules(user *u) { /* Try to add or subtract each category one after the other. Often a * single category will not perfectly match the set of commands into * it, so at the end we do a final pass adding/removing the single commands - * needed to make the bitmap exactly match. */ + * needed to make the bitmap exactly match. A temp user is maintained to + * keep track of categories already applied. */ + user tu = {0}; + user *tempuser = &tu; + memcpy(tempuser->allowed_commands, + u->allowed_commands, + sizeof(u->allowed_commands)); + for (int j = 0; ACLCommandCategories[j].flag != 0; j++) { unsigned long on, off; - ACLCountCategoryBitsForUser(u,&on,&off,ACLCommandCategories[j].name); + ACLCountCategoryBitsForUser(tempuser,&on,&off,ACLCommandCategories[j].name); if ((additive && on > off) || (!additive && off > on)) { sds op = sdsnewlen(additive ? "+@" : "-@", 2); op = sdscat(op,ACLCommandCategories[j].name); ACLSetUser(fakeuser,op,-1); + + sds invop = sdsnewlen(additive ? "-@" : "+@", 2); + invop = sdscat(invop,ACLCommandCategories[j].name); + ACLSetUser(tempuser,invop,-1); + rules = sdscatsds(rules,op); rules = sdscatlen(rules," ",1); sdsfree(op); + sdsfree(invop); } } |