ACL: ignore modules commands when adding categories.

We can't trust modules commands flagging, so module commands must be
always explicitly added, with the exception of +@all that will include
everything. However something like +@readonly should not include command
from modules that may be potentially dangerous: our categories must be
safe and reliable and modules may not be like that.
This commit is contained in:
antirez 2019-02-08 11:50:39 +01:00
parent af8761e4f2
commit d4890c20c1

View File

@ -313,6 +313,7 @@ int ACLSetUserCommandBitsForCategory(user *u, const char *category, int value) {
dictEntry *de; dictEntry *de;
while ((de = dictNext(di)) != NULL) { while ((de = dictNext(di)) != NULL) {
struct redisCommand *cmd = dictGetVal(de); struct redisCommand *cmd = dictGetVal(de);
if (cmd->flags & CMD_MODULE) continue; /* Ignore modules commands. */
if (cmd->flags & cflag) { if (cmd->flags & cflag) {
ACLSetUserCommandBit(u,cmd->id,value); ACLSetUserCommandBit(u,cmd->id,value);
ACLResetSubcommandsForCommand(u,cmd->id); ACLResetSubcommandsForCommand(u,cmd->id);