From edc1f7b176af202794a23dbb679128d09f16740a Mon Sep 17 00:00:00 2001 From: hujie Date: Tue, 19 May 2020 00:58:58 +0800 Subject: [PATCH] fix clear USER_FLAG_ALLCOMMANDS flag in acl in ACLSetUserCommandBit, when the command bit overflows, no operation is performed, so no need clear the USER_FLAG_ALLCOMMANDS flag. in ACLSetUser, when adding subcommand, we don't need to call ACLGetCommandID ahead since subcommand may be empty. --- src/acl.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/acl.c b/src/acl.c index bcca116bb..c3a724c33 100644 --- a/src/acl.c +++ b/src/acl.c @@ -375,12 +375,13 @@ int ACLUserCanExecuteFutureCommands(user *u) { * to skip the command bit explicit test. */ void ACLSetUserCommandBit(user *u, unsigned long id, int value) { uint64_t word, bit; - if (value == 0) u->flags &= ~USER_FLAG_ALLCOMMANDS; if (ACLGetCommandBitCoordinates(id,&word,&bit) == C_ERR) return; - if (value) + if (value) { u->allowed_commands[word] |= bit; - else + } else { u->allowed_commands[word] &= ~bit; + u->flags &= ~USER_FLAG_ALLCOMMANDS; + } } /* This is like ACLSetUserCommandBit(), but instead of setting the specified @@ -845,7 +846,6 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) { errno = ENOENT; return C_ERR; } - unsigned long id = ACLGetCommandID(copy); /* The subcommand cannot be empty, so things like DEBUG| * are syntax errors of course. */ @@ -858,6 +858,7 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) { /* The command should not be set right now in the command * bitmap, because adding a subcommand of a fully added * command is probably an error on the user side. */ + unsigned long id = ACLGetCommandID(copy); if (ACLGetUserCommandBit(u,id) == 1) { zfree(copy); errno = EBUSY;