fluencelabs/redis
1
0
Fork 0
mirror of https://github.com/fluencelabs/redis synced 2025-04-25 10:32:14 +00:00
Code Issues Projects Releases Wiki Activity

ACL: now ACLLoadFromFile() validates against fake user.

Browse Source
This commit is contained in:
antirez 2019-02-06 16:44:55 +01:00
parent 0d3fb9f7f1
commit bbdf02338d
1 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/acl.c
View File

@ -1065,6 +1065,10 @@ sds ACLLoadFromFile(const char *filename) {
sds *lines, errors = sdsempty(); sds *lines, errors = sdsempty();
lines = sdssplitlen(acls,strlen(acls),"\n",1,&totlines); lines = sdssplitlen(acls,strlen(acls),"\n",1,&totlines);
/* We need a fake user to validate the rules before making changes
* to the real user mentioned in the ACL line. */
user *fakeuser = ACLCreateUnlinkedUser();
for (int i = 0; i < totlines; i++) { for (int i = 0; i < totlines; i++) {
sds *argv; sds *argv;
int argc; int argc;
@ -1079,8 +1083,8 @@ sds ACLLoadFromFile(const char *filename) {
argv = sdssplitargs(lines[i],&argc); argv = sdssplitargs(lines[i],&argc);
if (argv == NULL) { if (argv == NULL) {
errors = sdscatprintf(errors, errors = sdscatprintf(errors,
"%d: unbalanced quotes in acl line.", "%d: unbalanced quotes in acl line. ",
linenum); linenum);
continue; continue;
} }
@ -1090,15 +1094,40 @@ sds ACLLoadFromFile(const char *filename) {
continue; continue;
} }
/* Try to process the line. */ /* The line should start with the "user" keyword. */
if (strcmp(argv[0],"user")) {
errors = sdscatprintf(errors,
"%d: line should start with user keyword. ",
linenum);
continue;
}
/* Try to process the line using the fake user to validate iif
* the rules are able to apply cleanly. */
ACLSetUser(fakeuser,"reset",-1);
int j;
for (j = 2; j < argc; j++) {
if (ACLSetUser(fakeuser,argv[j],sdslen(argv[j])) != C_OK) {
char *errmsg = ACLSetUserStringError();
errors = sdscatprintf(errors,
"%d: error in ACL: %s. ",
linenum, errmsg);
continue;
}
}
if (j != argc) continue; /* Error in ACL rules, don't apply. */
/* We can finally lookup the user and apply the rule. */
} }
ACLFreeUser(fakeuser);
sdsfreesplitres(lines,totlines); sdsfreesplitres(lines,totlines);
if (sdslen(errors) == 0) { if (sdslen(errors) == 0) {
sdsfree(errors); sdsfree(errors);
errors = NULL; return NULL;
} else {
return sdstrim(errors," ");
} }
return errors;
} }
/* ============================================================================= /* =============================================================================