Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
Turbo码先生
redis
提交
70e541b7
R
redis
项目概览
Turbo码先生
/
redis
与 Fork 源项目一致
从无法访问的项目Fork
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
redis
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
70e541b7
编写于
1月 23, 2019
作者:
A
antirez
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
ACL: better define name, and the idea of reserved ID.
上级
711e514e
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
20 addition
and
7 deletion
+20
-7
src/acl.c
src/acl.c
+14
-3
src/server.h
src/server.h
+6
-4
未找到文件。
src/acl.c
浏览文件 @
70e541b7
...
...
@@ -122,7 +122,7 @@ user *ACLCreateUser(const char *name, size_t namelen) {
* bit. The function returns C_ERR in case the specified ID overflows
* the bitmap in the user representation. */
int
ACLGetCommandBitCoordinates
(
unsigned
long
id
,
uint64_t
*
word
,
uint64_t
*
bit
)
{
if
(
id
>=
USER_
MAX_COMMAND_BI
T
)
return
C_ERR
;
if
(
id
>=
USER_
COMMAND_BITS_COUN
T
)
return
C_ERR
;
*
word
=
id
/
sizeof
(
uint64_t
)
/
8
;
*
bit
=
1
<<
(
id
%
(
sizeof
(
uint64_t
)
*
8
));
return
C_OK
;
...
...
@@ -317,7 +317,7 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) {
/* If this is the first subcommand to be configured for
* this user, we have to allocate the subcommands array. */
if
(
u
->
allowed_subcommands
==
NULL
)
{
u
->
allowed_subcommands
=
zcalloc
(
USER_
MAX_COMMAND_BI
T
*
u
->
allowed_subcommands
=
zcalloc
(
USER_
COMMAND_BITS_COUN
T
*
sizeof
(
sds
*
));
}
...
...
@@ -439,7 +439,18 @@ unsigned long ACLGetCommandID(const char *cmdname) {
raxInsert
(
map
,(
unsigned
char
*
)
lowername
,
strlen
(
lowername
),
(
void
*
)
nextid
,
NULL
);
sdsfree
(
lowername
);
return
nextid
++
;
nextid
++
;
/* We never assign the last bit in the user commands bitmap structure,
* this way we can later check if this bit is set, understanding if the
* current ACL for the user was created starting with a +@all to add all
* the possible commands and just subtracting other single commands or
* categories, or if, instead, the ACL was created just adding commands
* and command categories from scratch, not allowing future commands by
* default (loaded via modules). This is useful when rewriting the ACLs
* with ACL SAVE. */
if
(
nextid
==
USER_COMMAND_BITS_COUNT
-
1
)
nextid
++
;
return
nextid
;
}
/* Return an username by its name, or NULL if the user does not exist. */
...
...
src/server.h
浏览文件 @
70e541b7
...
...
@@ -712,8 +712,10 @@ typedef struct readyList {
/* This structure represents a Redis user. This is useful for ACLs, the
* user is associated to the connection after the connection is authenticated.
* If there is no associated user, the connection uses the default user. */
#define USER_MAX_COMMAND_BIT 1024
/* The first *not valid* bit that
would overflow. So check for >= */
#define USER_COMMAND_BITS_COUNT 1024
/* The total number of command bits
in the user structure. The last valid
command ID we can set in the user
is USER_COMMAND_BITS_COUNT-1. */
#define USER_FLAG_ENABLED (1<<0)
/* The user is active. */
#define USER_FLAG_ALLKEYS (1<<1)
/* The user can mention any key. */
#define USER_FLAG_ALLCOMMANDS (1<<2)
/* The user can run all commands. */
...
...
@@ -734,13 +736,13 @@ typedef struct user {
* If the bit for a given command is NOT set and the command has
* subcommands, Redis will also check allowed_subcommands in order to
* understand if the command can be executed. */
uint64_t
allowed_commands
[
USER_
MAX_COMMAND_BI
T
/
64
];
uint64_t
allowed_commands
[
USER_
COMMAND_BITS_COUN
T
/
64
];
/* This array points, for each command ID (corresponding to the command
* bit set in allowed_commands), to an array of SDS strings, terminated by
* a NULL pointer, with all the sub commands that can be executed for
* this command. When no subcommands matching is used, the field is just
* set to NULL to avoid allocating USER_
MAX_COMMAND_BI
T pointers. */
* set to NULL to avoid allocating USER_
COMMAND_BITS_COUN
T pointers. */
sds
**
allowed_subcommands
;
list
*
passwords
;
/* A list of SDS valid passwords for this user. */
list
*
patterns
;
/* A list of allowed key patterns. If this field is NULL
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录