mirrors
/
redis
mirror of https://mirror.osredm.com/root/redis.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve code doc of allowed_firstargs following #9504 (#9674) 

Improve code doc for allowed_firstargs (used to be allowed_commands before #9504.
I don't think the text in the code needs to refer to the history (it's not there just for backwards compatibility).
instead it should just describe what it does.
This commit is contained in:
Oran Agra 2021-10-25 13:01:25 +03:00 committed by GitHub
parent 6cf6c36937
commit 085615af97
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/server.h
View File

@ -930,21 +930,17 @@ typedef struct {
* understand if the command can be executed. */ * understand if the command can be executed. */
uint64_t allowed_commands[USER_COMMAND_BITS_COUNT/64]; uint64_t allowed_commands[USER_COMMAND_BITS_COUNT/64];
/* NOTE: allowed_firstargs is a transformation of the old mechanism for allowing /* allowed_firstargs is used by ACL rules to block access to a command unless a
* subcommands (now, subcommands are actually commands, with their own * specific argv[1] is given (or argv[2] in case it is applied on a sub-command).
* ACL ID)
* We had to keep allowed_firstargs (previously called allowed_subcommands)
* in order to support the widespread abuse of ACL rules to block a command
* with a specific argv[1] (which is not a subcommand at all).
* For example, a user can use the rule "-select +select|0" to block all * For example, a user can use the rule "-select +select|0" to block all
* SELECT commands, except "SELECT 0". * SELECT commands, except "SELECT 0".
* It can also be applied for subcommands: "+config -config|set +config|set|loglevel" * And for a sub-command: "+config -config|set +config|set|loglevel"
* *
* This array points, for each command ID (corresponding to the command * For each command ID (corresponding to the command bit set in allowed_commands),
* bit set in allowed_commands), to an array of SDS strings, terminated by * This array points to an array of SDS strings, terminated by a NULL pointer,
* a NULL pointer, with all the first-args that are allowed for * with all the first-args that are allowed for this command. When no first-arg
* this command. When no first-arg matching is used, the field is just * matching is used, the field is just set to NULL to avoid allocating
* set to NULL to avoid allocating USER_COMMAND_BITS_COUNT pointers. */ * USER_COMMAND_BITS_COUNT pointers. */
sds **allowed_firstargs; sds **allowed_firstargs;
list *passwords; /* A list of SDS valid passwords for this user. */ list *passwords; /* A list of SDS valid passwords for this user. */
list *patterns; /* A list of allowed key patterns. If this field is NULL list *patterns; /* A list of allowed key patterns. If this field is NULL