From 6bb6a6d3a8fb017e6b2e981c76d44ebe56b25b65 Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Thu, 10 Jan 2019 17:01:12 +0100
Subject: [PATCH] ACL: implement ACLCreateUser().

---
 src/acl.c    | 20 ++++++++++++++++++++
 src/server.h |  5 ++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/acl.c b/src/acl.c
index 7550b22b5..2dafcbea9 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -85,6 +85,26 @@ int time_independent_strcmp(char *a, char *b) {
  * Low level ACL API
  * ==========================================================================*/
 
+/* Create a new user with the specified name, store it in the list
+ * of users (the Users global radix tree), and returns a reference to
+ * the structure representing the user.
+ *
+ * If the user with such name already exists NULL is returned. */
+user *ACLcreateUser(const char *name, size_t namelen) {
+    if (raxFind(Users,(unsigned char*)name,namelen) != raxNotFound) return NULL;
+    user *u = zmalloc(sizeof(*u));
+    u->flags = 0;
+    u->allowed_subcommands = NULL;
+    u->passwords = listCreate();
+    u->patterns = NULL; /* Just created users cannot access to any key, however
+                           if the "~*" directive was enabled to match all the
+                           keys, the user will be flagged with the ALLKEYS
+                           flag. */
+    memset(u->allowed_commands,0,sizeof(u->allowed_commands));
+    raxInsert(Users,(unsigned char*)name,namelen,u,NULL);
+    return u;
+}
+
 /* Initialization of the ACL subsystem. */
 void ACLInit(void) {
     Users = raxNew();
diff --git a/src/server.h b/src/server.h
index e120e9894..c09019390 100644
--- a/src/server.h
+++ b/src/server.h
@@ -712,6 +712,7 @@ typedef struct readyList {
  * If there is no associated user, the connection uses the default user. */
 #define USER_MAX_COMMAND_BIT 1024
 #define USER_FLAG_ENABLED (1<<0)        /* The user is active. */
+#define USER_FLAG_ALLKEYS (1<<1)        /* The user can mention any key. */
 typedef struct user {
     uint64_t flags; /* See USER_FLAG_* */
 
@@ -731,7 +732,9 @@ typedef struct user {
      * set to NULL to avoid allocating USER_MAX_COMMAND_BIT pointers. */
     sds **allowed_subcommands;
     list *passwords; /* A list of SDS valid passwords for this user. */
-    list *patterns;  /* A list of allowed key patterns. */
+    list *patterns;  /* A list of allowed key patterns. If this field is NULL
+                        the user cannot mention any key in a command, unless
+                        the flag ALLKEYS is set in the user. */
 } user;
 
 /* With multiplexing we need to take per-client state.