From 321acea038a32b95cce3b379ff189cc832bed08a Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Wed, 22 Apr 2020 17:14:15 +0200
Subject: [PATCH] ACL: deny commands execution of disabled users.

---
 src/acl.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/acl.c b/src/acl.c
index 75b954c5e..9e2ed6af7 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -1055,6 +1055,10 @@ int ACLCheckCommandPerm(client *c, int *keyidxptr) {
     /* If there is no associated user, the connection can run anything. */
     if (u == NULL) return ACL_OK;
 
+    /* If the user is disabled we don't allow the execution of any
+     * command. */
+    if (!(u->flags & USER_FLAG_ENABLED)) return ACL_DENIED_CMD;
+
     /* Check if the user can execute this command. */
     if (!(u->flags & USER_FLAG_ALLCOMMANDS) &&
         c->cmd->proc != authCommand)
-- 
GitLab