diff options
| author | Binbin <binloveplay1314@qq.com> | 2022-09-22 14:13:39 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-22 09:13:39 +0300 |
| commit | bb6513cbba972c4932c17ba8188030ec2cfc0aa5 (patch) | |
| tree | eab9bc256b00fb25094f9f4f27ac99a6233c4720 /src/acl.c | |
| parent | eedb8b172474dd7776d9bbb0f2954a1394027289 (diff) | |
| download | redis-bb6513cbba972c4932c17ba8188030ec2cfc0aa5.tar.gz | |
ACL default newly created user set USER_FLAG_SANITIZE_PAYLOAD flag (#11279)
Starting from 6.2, after ACL SETUSER user reset, the user
will carry the sanitize-payload flag. It was added in #7807,
and then ACL SETUSER reset is inconsistent with default
newly created user which missing sanitize-payload flag.
Same as `off` and `on` these two bits are mutually exclusive,
the default created user needs to have sanitize-payload flag.
Adds USER_FLAG_SANITIZE_PAYLOAD flag to ACLCreateUser.
Note that the bug don't have any real implications,
since the code in rdb.c (rdbLoadObject) checks for
`USER_FLAG_SANITIZE_PAYLOAD_SKIP`, so the fact that
`USER_FLAG_SANITIZE_PAYLOAD` is missing doesn't really matters.
Added tests to make sure it won't be broken in the future,
and updated the comment in ACLSetUser and redis.conf
Diffstat (limited to 'src/acl.c')
| -rw-r--r-- | src/acl.c | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -384,6 +384,7 @@ user *ACLCreateUser(const char *name, size_t namelen) { user *u = zmalloc(sizeof(*u)); u->name = sdsnewlen(name,namelen); u->flags = USER_FLAG_DISABLED; + u->flags |= USER_FLAG_SANITIZE_PAYLOAD; u->passwords = listCreate(); listSetMatchMethod(u->passwords,ACLListMatchSds); listSetFreeMethod(u->passwords,ACLListFreeSds); @@ -1146,6 +1147,8 @@ int ACLSetSelector(aclSelector *selector, const char* op, size_t oplen) { * off Disable the user: it's no longer possible to authenticate * with this user, however the already authenticated connections * will still work. + * skip-sanitize-payload RESTORE dump-payload sanitization is skipped. + * sanitize-payload RESTORE dump-payload is sanitized (default). * ><password> Add this password to the list of valid password for the user. * For example >mypass will add "mypass" to the list. * This directive clears the "nopass" flag (see later). @@ -1168,9 +1171,9 @@ int ACLSetSelector(aclSelector *selector, const char* op, size_t oplen) { * "nopass" status. After "resetpass" the user has no associated * passwords and there is no way to authenticate without adding * some password (or setting it as "nopass" later). - * reset Performs the following actions: resetpass, resetkeys, off, - * -@all. The user returns to the same state it has immediately - * after its creation. + * reset Performs the following actions: resetpass, resetkeys, resetchannels, + * allchannels (if acl-pubsub-default is set), off, clearselectors, -@all. + * The user returns to the same state it has immediately after its creation. * (<options>) Create a new selector with the options specified within the * parentheses and attach it to the user. Each option should be * space separated. The first character must be ( and the last |