diff options
| author | Oran Agra <oran@redislabs.com> | 2021-07-20 21:48:43 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-20 21:48:43 +0300 |
| commit | 32e61ee295beb8a45b66c4488937f17d0cd0fca7 (patch) | |
| tree | 8354b99dfbd8b27ca38a94319bdf8b8cdf962820 /src | |
| parent | 1895e134a77efd789b1a6daee76a6ba5ec90e516 (diff) | |
| download | redis-32e61ee295beb8a45b66c4488937f17d0cd0fca7.tar.gz | |
Fix ACL category for SELECT, WAIT, ROLE, LASTSAVE, READONLY, READWRITE, ASKING (#9208)
- SELECT and WAIT don't read or write from the keyspace (unlike DEL, EXISTS, EXPIRE, DBSIZE, KEYS, etc).
they're more similar to AUTH and HELLO (and maybe PING and COMMAND).
they only affect the current connection, not the server state, so they should be `@connection`, not `@keyspace`
- ROLE, like LASTSAVE is `@admin` (and `@dangerous` like INFO)
- ASKING, READONLY, READWRITE are `@connection` too (not `@keyspace`)
- Additionally, i'm now documenting the exact meaning of each ACL category so it's clearer which commands belong where.
Diffstat (limited to 'src')
| -rw-r--r-- | src/acl.c | 2 | ||||
| -rw-r--r-- | src/server.c | 13 |
2 files changed, 8 insertions, 7 deletions
@@ -60,7 +60,7 @@ static unsigned long nextid = 0; /* Next command id that has not been assigned * struct ACLCategoryItem { const char *name; uint64_t flag; -} ACLCommandCategories[] = { +} ACLCommandCategories[] = { /* See redis.conf for details on each category. */ {"keyspace", CMD_CATEGORY_KEYSPACE}, {"read", CMD_CATEGORY_READ}, {"write", CMD_CATEGORY_WRITE}, diff --git a/src/server.c b/src/server.c index b3988794f..aeed6584a 100644 --- a/src/server.c +++ b/src/server.c @@ -173,6 +173,7 @@ struct redisServer server; /* Server global state */ * * The following additional flags are only used in order to put commands * in a specific ACL category. Commands can have multiple ACL categories. + * See redis.conf for the exact meaning of each. * * @keyspace, @read, @write, @set, @sortedset, @list, @hash, @string, @bitmap, * @hyperloglog, @stream, @admin, @fast, @slow, @pubsub, @blocking, @dangerous, @@ -652,7 +653,7 @@ struct redisCommand redisCommandTable[] = { 0,NULL,0,0,0,0,0,0}, {"select",selectCommand,2, - "ok-loading fast ok-stale @keyspace", + "ok-loading fast ok-stale @connection", 0,NULL,0,0,0,0,0,0}, {"swapdb",swapdbCommand,3, @@ -821,7 +822,7 @@ struct redisCommand redisCommandTable[] = { 0,NULL,0,0,0,0,0,0}, {"role",roleCommand,1, - "ok-loading ok-stale no-script fast @dangerous", + "ok-loading ok-stale no-script fast @admin @dangerous", 0,NULL,0,0,0,0,0,0}, {"debug",debugCommand,-2, @@ -881,15 +882,15 @@ struct redisCommand redisCommandTable[] = { 0,migrateGetKeys,0,0,0,0,0,0}, {"asking",askingCommand,1, - "fast @keyspace", + "fast @connection", 0,NULL,0,0,0,0,0,0}, {"readonly",readonlyCommand,1, - "fast @keyspace", + "fast @connection", 0,NULL,0,0,0,0,0,0}, {"readwrite",readwriteCommand,1, - "fast @keyspace", + "fast @connection", 0,NULL,0,0,0,0,0,0}, {"dump",dumpCommand,2, @@ -959,7 +960,7 @@ struct redisCommand redisCommandTable[] = { 0,NULL,1,1,1,0,0,0}, {"wait",waitCommand,3, - "no-script @keyspace", + "no-script @connection", 0,NULL,0,0,0,0,0,0}, {"command",commandCommand,-1, |