Merge pull request #2 from luky116/new-xiaoshuai-blackList

fix:black list

include/acl.h

@@ -382,7 +382,7 @@ class Acl {
   static std::vector<std::string> GetAllCategoryName();
 
   static const std::string DefaultUser;
-  static const std::string Limit;
+  static const std::string DefaultLimitUser;
   static const int64_t LogGroupingMaxTimeDelta;
 
   // Adds a new entry in the ACL log, making sure to delete the old entry

src/acl.cc

@@ -296,10 +296,10 @@ pstd::Status Acl::Initialization() {
   UpdateDefaultUserPassword(g_pika_conf->requirepass());
 
   auto status = LoadUsersAtStartup();
-  auto u = GetUser(Limit);
+  auto u = GetUser(DefaultLimitUser);
   bool limit_exist = true;
   if (nullptr == u) {
-    AddUser(CreatedUser(Limit));
+    AddUser(CreatedUser(DefaultLimitUser));
     limit_exist = false;
   }
   InitLimitUser(g_pika_conf->GetUserBlackList(), limit_exist);
@@ -486,13 +486,16 @@ void Acl::InitLimitUser(const std::string& bl, bool limit_exist) {
   std::vector<std::string> blacklist;
   pstd::StringSplit(bl, ',', blacklist);
   std::unique_lock wl(mutex_);
-  auto u = GetUser(Limit);
+  auto u = GetUser(DefaultLimitUser);
   if (limit_exist) {
     if (!bl.empty()) {
       u->SetUser("+@all");
       for(auto& i : blacklist) {
         u->SetUser("-"+i);
       }
+      if (!pass.empty()) {
+        u->SetUser(">"+pass);
+      }
     }
   } else {
     if (pass.empty()) {
@@ -505,8 +508,9 @@ void Acl::InitLimitUser(const std::string& bl, bool limit_exist) {
     u->SetUser("~*");
     u->SetUser("&*");
 
-    for(auto& i : blacklist) {
-      u->SetUser("-"+i);
+    for(auto& cmd : blacklist) {
+      cmd = pstd::StringTrim(cmd, " ");
+      u->SetUser("-" + cmd);
     }
   }
 }
@@ -763,7 +767,7 @@ std::array<std::pair<std::string, uint32_t>, 3> Acl::SelectorFlags = {{
 }};
 
 const std::string Acl::DefaultUser = "default";
-const std::string Acl::Limit = "limit";
+const std::string Acl::DefaultLimitUser = "limit";
 const int64_t Acl::LogGroupingMaxTimeDelta = 60000;
 
 void Acl::AddLogEntry(int32_t reason, int32_t context, const std::string& username, const std::string& object,

src/pika_admin.cc

@@ -282,7 +282,7 @@ void AuthCmd::Do() {
     authResult = AuthenticateUser(name(), Acl::DefaultUser, pwd, conn, true);
     if (authResult != AuthResult::OK) {
       //  Limit
-      authResult = AuthenticateUser(name(), Acl::Limit, pwd, conn, defaultAuth);
+      authResult = AuthenticateUser(name(), Acl::DefaultLimitUser, pwd, conn, defaultAuth);
     }
   } else {
     authResult = AuthenticateUser(name(), userName, pwd, conn, defaultAuth);
@@ -1587,7 +1587,11 @@ void ConfigCmd::ConfigGet(std::string& ret) {
     EncodeString(&config_body, "slow-cmd-thread-pool-size");
     EncodeNumber(&config_body, g_pika_conf->slow_cmd_thread_pool_size());
   }
-
+  if (pstd::stringmatch(pattern.data(), "userblacklist", 1) != 0) {
+    elements += 2;
+    EncodeString(&config_body, "userblacklist");
+    EncodeString(&config_body, g_pika_conf -> GetUserBlackList());
+  }
   if (pstd::stringmatch(pattern.data(), "slow-cmd-list", 1) != 0) {
     elements += 2;
     EncodeString(&config_body, "slow-cmd-list");

src/pika_conf.cc

@@ -645,7 +645,7 @@ int PikaConf::ConfigRewrite() {
   SetConfStr("requirepass", requirepass_);
   SetConfStr("masterauth", masterauth_);
   SetConfStr("userpass", userpass_);
-//    SetConfStr("userblacklist", userblacklist_);
+  SetConfStr("userblacklist", userblacklist_);
   SetConfStr("dump-prefix", bgsave_prefix_);
   SetConfInt("maxclients", maxclients_);
   SetConfInt("dump-expire", expire_dump_days_);

tests/unit/acl.tcl

@@ -9,7 +9,7 @@ start_server {tags {"acl external:skip"}} {
 
     test {Coverage: ACL USERS} {
         r ACL USERS
-    } {default newuser}
+    } {default limit newuser}
 
     test {Usernames can not contain spaces or null characters} {
         catch {r ACL setuser "a a"} err