diff --git a/src/acl.c b/src/acl.c index 7550b22b5..2dafcbea9 100644 --- a/src/acl.c +++ b/src/acl.c @@ -85,6 +85,26 @@ int time_independent_strcmp(char *a, char *b) { * Low level ACL API * ==========================================================================*/ +/* Create a new user with the specified name, store it in the list + * of users (the Users global radix tree), and returns a reference to + * the structure representing the user. + * + * If the user with such name already exists NULL is returned. */ +user *ACLcreateUser(const char *name, size_t namelen) { + if (raxFind(Users,(unsigned char*)name,namelen) != raxNotFound) return NULL; + user *u = zmalloc(sizeof(*u)); + u->flags = 0; + u->allowed_subcommands = NULL; + u->passwords = listCreate(); + u->patterns = NULL; /* Just created users cannot access to any key, however + if the "~*" directive was enabled to match all the + keys, the user will be flagged with the ALLKEYS + flag. */ + memset(u->allowed_commands,0,sizeof(u->allowed_commands)); + raxInsert(Users,(unsigned char*)name,namelen,u,NULL); + return u; +} + /* Initialization of the ACL subsystem. */ void ACLInit(void) { Users = raxNew(); diff --git a/src/server.h b/src/server.h index e120e9894..c09019390 100644 --- a/src/server.h +++ b/src/server.h @@ -712,6 +712,7 @@ typedef struct readyList { * If there is no associated user, the connection uses the default user. */ #define USER_MAX_COMMAND_BIT 1024 #define USER_FLAG_ENABLED (1<<0) /* The user is active. */ +#define USER_FLAG_ALLKEYS (1<<1) /* The user can mention any key. */ typedef struct user { uint64_t flags; /* See USER_FLAG_* */ @@ -731,7 +732,9 @@ typedef struct user { * set to NULL to avoid allocating USER_MAX_COMMAND_BIT pointers. */ sds **allowed_subcommands; list *passwords; /* A list of SDS valid passwords for this user. */ - list *patterns; /* A list of allowed key patterns. */ + list *patterns; /* A list of allowed key patterns. If this field is NULL + the user cannot mention any key in a command, unless + the flag ALLKEYS is set in the user. */ } user; /* With multiplexing we need to take per-client state.