From b70d81f60b29b1137d6644da1c609dcf45d9e4bc Mon Sep 17 00:00:00 2001 From: Harkrishn Patro <30795839+hpatro@users.noreply.github.com> Date: Thu, 11 Mar 2021 06:19:35 +0100 Subject: [PATCH] Process hello command even if the default user has no permissions. (#8633) Co-authored-by: Harkrishn Patro --- src/acl.c | 6 +++--- tests/unit/acl.tcl | 8 ++++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/acl.c b/src/acl.c index 445409ecd..f48fb405e 100644 --- a/src/acl.c +++ b/src/acl.c @@ -1180,9 +1180,9 @@ int ACLCheckCommandPerm(client *c, int *keyidxptr) { /* If there is no associated user, the connection can run anything. */ if (u == NULL) return ACL_OK; - /* Check if the user can execute this command. */ - if (!(u->flags & USER_FLAG_ALLCOMMANDS) && - c->cmd->proc != authCommand) + /* Check if the user can execute this command or if the command + * doesn't need to be authenticated (hello, auth). */ + if (!(u->flags & USER_FLAG_ALLCOMMANDS) && !(c->cmd->flags & CMD_NO_AUTH)) { /* If the bit is not set we have to check further, in case the * command is allowed just with that specific subcommand. */ diff --git a/tests/unit/acl.tcl b/tests/unit/acl.tcl index 7c09195a1..a6afd3f9e 100644 --- a/tests/unit/acl.tcl +++ b/tests/unit/acl.tcl @@ -409,6 +409,14 @@ start_server {tags {"acl"}} { set e } {*NOAUTH*} + test {When default user has no command permission, hello command still works for other users} { + r ACL setuser secure-user >supass on +@all + r ACL setuser default -@all + r HELLO 2 AUTH secure-user supass + r ACL setuser default nopass +@all + r AUTH default "" + } + test {ACL HELP should not have unexpected options} { catch {r ACL help xxx} e assert_match "*Unknown subcommand or wrong number of arguments*" $e