7907 Commits

Author SHA1 Message Date
antirez
d4890c20c1 ACL: ignore modules commands when adding categories.
We can't trust modules commands flagging, so module commands must be
always explicitly added, with the exception of +@all that will include
everything. However something like +@readonly should not include command
from modules that may be potentially dangerous: our categories must be
safe and reliable and modules may not be like that.
2019-02-08 11:50:39 +01:00
antirez
af8761e4f2 ACL: some documentation inside redis.conf. 2019-02-08 09:52:07 +01:00
antirez
80f987726d ACL: load ACL file at startup. Prevent silly configurations. 2019-02-07 17:20:03 +01:00
antirez
db30727547 ACL: ACLLoadFromFile(): several errors fixed to make it work. 2019-02-07 17:07:51 +01:00
antirez
d26c9b5307 ACL: ACLLoadFromFile(), restore DefaultUser global. 2019-02-07 17:00:35 +01:00
antirez
6a7545e4d4 ACL: fix fgets wrong buffer size. 2019-02-07 16:53:41 +01:00
antirez
cbed35efd3 ACL: add assertion and fix comment typo. 2019-02-07 16:47:14 +01:00
antirez
7a86ba22e0 ACL: fix a few ACLLoadFromFile() errors and finish ACLFreeUsersSet(). 2019-02-07 16:20:49 +01:00
antirez
1790be1496 ACL: WIP: preserve the old config on loading errors. 2019-02-07 12:57:21 +01:00
antirez
0f0240b526 ACL: implement LOAD subcommand plus some minor rafactoring. 2019-02-07 12:20:30 +01:00
antirez
72e8a080c2 ACL: fix and complete ACLLoadFromFile() loading step. 2019-02-07 12:04:25 +01:00
antirez
bbdf02338d ACL: now ACLLoadFromFile() validates against fake user. 2019-02-06 16:44:55 +01:00
antirez
0d3fb9f7f1 ACL: refactoring creation of unlinked users. 2019-02-06 16:19:17 +01:00
antirez
e1e0f993d8 ACL: initial design for ACLLoadFromFile() function. 2019-02-06 12:39:11 +01:00
antirez
7604ab7118 ACL: redis.conf: mark old ACL-alike stuff as deprecated. 2019-02-05 17:59:05 +01:00
antirez
cc116736c1 ACL: ability to configure an external ACL file. 2019-02-05 17:49:52 +01:00
antirez
416c640156 ACL: change behavior of redefined user. Last line counts. 2019-02-05 10:52:05 +01:00
antirez
775bf6193d ACL: implement rewriting of users in redis.conf. 2019-02-05 10:48:17 +01:00
antirez
2262dd184d ACL: fix user/rule inverted error message. 2019-02-04 16:58:35 +01:00
antirez
623b17425e ACL: load the defined users at server startup. 2019-02-04 16:39:07 +01:00
antirez
500b3e128f ACL: implement ACLLoadConfiguredUsers(). 2019-02-04 16:35:15 +01:00
antirez
68fd4a97fa ACL: better error reporting in users configuration errors. 2019-02-04 13:04:35 +01:00
antirez
b166c41edd ACL: make ACLAppendUserForLoading() able to report bad argument. 2019-02-04 13:00:58 +01:00
antirez
21e84cdae2 ACL: initial appending of users in user loading list. 2019-02-04 12:55:48 +01:00
antirez
8f16e1ea91 ACL: implement ACLAppendUserForLoading(). 2019-02-01 13:02:59 +01:00
antirez
b8323d98e9 ACL: skeleton and first ideas for postponed user loading. 2019-02-01 12:20:09 +01:00
antirez
1769c22248 ACL: set modules help clients to the root user.
It does not make much sense to limit what modules can do: the admin
should instead limit what module commnads an user may call. So
RedisModule_Call() and other module operations should be able to execute
everything they want: the limitation should be posed by the API exported
by the module itself.
2019-02-01 11:37:28 +01:00
antirez
b6372f16c4 ACL: assign ACL command ID to modules commands. 2019-02-01 08:17:24 +01:00
antirez
ec1aee031c ACL: implement DELUSER. 2019-01-31 18:33:14 +01:00
antirez
74b7afdf71 ACL: check arity of LIST / USERS subcommand. 2019-01-31 18:32:49 +01:00
antirez
bc9b118e05 ACL: don't emit useless flags in ACLDescribeUser(). 2019-01-31 17:04:42 +01:00
antirez
0f1b06aa40 ACL: implement LIST and USERS subcommands. 2019-01-31 17:01:32 +01:00
antirez
c7cd10dfe9 ACL: flags refactoring, function to describe user. 2019-01-31 16:49:22 +01:00
antirez
479f7f7af4 ACL: add function to return ACLSetUser() string errors. 2019-01-30 16:02:25 +01:00
antirez
0960259835 ACL: don't allow patterns after the * pattern. 2019-01-30 15:59:45 +01:00
antirez
77471dfe86 ACL: implement keys field in ACL GETUSER. 2019-01-30 15:52:36 +01:00
antirez
f021da5e30 Acl: Test: check command rules synthesis. 2019-01-30 12:01:37 +01:00
antirez
9db2c84984 ACL: free memory leak when freeing subcommands array. 2019-01-30 11:50:30 +01:00
antirez
36a0168cfd ACL: return error when adding subcommands of fully added commands.
It's almost certainly an error from the user side.
2019-01-30 08:25:12 +01:00
antirez
9c2e64db9c ACL: remove leak in ACLSetUser(). 2019-01-30 08:20:31 +01:00
antirez
efce73a001 ACL: ACLDescribeUserCommandRules(): emit subcommands. 2019-01-30 08:17:33 +01:00
antirez
9ae8e3fefa ACL: clear the subcommands array when setting category bits. 2019-01-30 08:09:05 +01:00
antirez
feba39d318 ACL: finish/fix ACLDescribeUserCommandRules() first version. 2019-01-29 18:54:21 +01:00
antirez
4db92e5928 ACL: ACLDescribeUserCommandRules(): add final commands. 2019-01-29 18:41:11 +01:00
antirez
11f64c6886 ACL: initial design for ACLDescribeUserCommandRules() and helpers. 2019-01-29 17:25:05 +01:00
antirez
4380423d40 ACL: enforce ACLs in Lua scripts as well. 2019-01-29 10:12:22 +01:00
antirez
acd168a70b ACL: refactoring and fix of adding subcommands to users. 2019-01-28 18:40:54 +01:00
antirez
e103fd4208 ACL: Test: check subcommands (test fails). 2019-01-28 18:29:22 +01:00
antirez
7fb9e2b4ce ACL: reset the subcommands table on +@all / -@all.
This also is a bugfix because after -@all the previously enabled
subcommands would remain valid.
2019-01-28 18:27:42 +01:00
antirez
097d57f56e ACL: fix crash when checking for subcommands. 2019-01-28 18:15:59 +01:00