ACL: skeleton and first ideas for postponed user loading.
This commit is contained in:
antirez
parent
38c6030278
commit
816f2fce08
31
src/acl.c
31
src/acl.c
@ -34,11 +34,20 @@
|
|||||||
* ==========================================================================*/
|
* ==========================================================================*/
|
||||||
|
|
||||||
rax *Users; /* Table mapping usernames to user structures. */
|
rax *Users; /* Table mapping usernames to user structures. */
|
||||||
|
|
||||||
user *DefaultUser; /* Global reference to the default user.
|
user *DefaultUser; /* Global reference to the default user.
|
||||||
Every new connection is associated to it, if no
|
Every new connection is associated to it, if no
|
||||||
AUTH or HELLO is used to authenticate with a
|
AUTH or HELLO is used to authenticate with a
|
||||||
different user. */
|
different user. */
|
||||||
|
|
||||||
|
list *UsersToLoad; /* This is a list of users found in the configuration file
|
||||||
|
that we'll need to load in the final stage of Redis
|
||||||
|
initialization, after all the modules are already
|
||||||
|
loaded. Every list element is a NULL terminated
|
||||||
|
array of SDS pointers: the first is the user name,
|
||||||
|
all the remaining pointers are ACL rules in the same
|
||||||
|
format as ACLSetUser(). */
|
||||||
|
|
||||||
struct ACLCategoryItem {
|
struct ACLCategoryItem {
|
||||||
const char *name;
|
const char *name;
|
||||||
uint64_t flag;
|
uint64_t flag;
|
||||||
@ -735,6 +744,7 @@ sds ACLDefaultUserFirstPassword(void) {
|
|||||||
/* Initialization of the ACL subsystem. */
|
/* Initialization of the ACL subsystem. */
|
||||||
void ACLInit(void) {
|
void ACLInit(void) {
|
||||||
Users = raxNew();
|
Users = raxNew();
|
||||||
|
UsersToLoad = listCreate();
|
||||||
DefaultUser = ACLCreateUser("default",7);
|
DefaultUser = ACLCreateUser("default",7);
|
||||||
ACLSetUser(DefaultUser,"+@all",-1);
|
ACLSetUser(DefaultUser,"+@all",-1);
|
||||||
ACLSetUser(DefaultUser,"~*",-1);
|
ACLSetUser(DefaultUser,"~*",-1);
|
||||||
@ -904,6 +914,27 @@ int ACLCheckCommandPerm(client *c) {
|
|||||||
return ACL_OK;
|
return ACL_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* =============================================================================
|
||||||
|
* ACL loading / saving functions
|
||||||
|
* ==========================================================================*/
|
||||||
|
|
||||||
|
/* Given an argument vector describing a user in the form:
|
||||||
|
*
|
||||||
|
* user <username> ... ACL rules and flags ...
|
||||||
|
*
|
||||||
|
* this function validates, and if the syntax is valid, appends
|
||||||
|
* the user definition to a list for later loading.
|
||||||
|
*
|
||||||
|
* The rules are tested for validity and if there obvious syntax errors
|
||||||
|
* the function returns C_ERR and does nothing, otherwise C_OK is returned
|
||||||
|
* and the user is appended to the list.
|
||||||
|
*
|
||||||
|
* Note that this function cannot stop in case of commands that are not found
|
||||||
|
* and, in that case, the error will be emitted later, because certain
|
||||||
|
* commands may be defined later once modules are loaded. */
|
||||||
|
int ACLAppendUserForLoading(sds *argv, int argc) {
|
||||||
|
}
|
||||||
|
|
||||||
/* =============================================================================
|
/* =============================================================================
|
||||||
* ACL related commands
|
* ACL related commands
|
||||||
* ==========================================================================*/
|
* ==========================================================================*/
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user