ACL: AUTH + no default user password raises an error.

This way the behavior is very similar to the past one.
This is useful in order to remember the user she probably failed to
configure a password correctly.
This commit is contained in:
antirez 2019-01-17 18:30:23 +01:00
parent 636424c0ce
commit b87815c1f8
2 changed files with 15 additions and 6 deletions

View File

@ -2901,6 +2901,15 @@ void authCommand(client *c) {
* will just use "default" as username. */
robj *username, *password;
if (c->argc == 2) {
/* Mimic the old behavior of giving an error for the two commands
* from if no password is configured. */
if (DefaultUser->flags & USER_FLAG_NOPASS) {
addReplyError(c,"AUTH <password> called without any password "
"configured for the default user. Are you sure "
"your configuration is correct?");
return;
}
username = createStringObject("default",7);
password = c->argv[1];
} else {
@ -2909,11 +2918,11 @@ void authCommand(client *c) {
}
if (ACLCheckUserCredentials(username,password) == C_OK) {
c->authenticated = 1;
c->user = ACLGetUserByName(username->ptr,sdslen(username->ptr));
addReply(c,shared.ok);
c->authenticated = 1;
c->user = ACLGetUserByName(username->ptr,sdslen(username->ptr));
addReply(c,shared.ok);
} else {
addReplyError(c,"-WRONGPASS invalid username-password pair");
addReplyError(c,"-WRONGPASS invalid username-password pair");
}
/* Free the "default" string object we created for the two

View File

@ -2,14 +2,14 @@ start_server {tags {"auth"}} {
test {AUTH fails if there is no password configured server side} {
catch {r auth foo} err
set _ $err
} {ERR*no password*}
} {ERR*any password*}
}
start_server {tags {"auth"} overrides {requirepass foobar}} {
test {AUTH fails when a wrong password is given} {
catch {r auth wrong!} err
set _ $err
} {ERR*invalid password}
} {WRONGPASS*}
test {Arbitrary command gives an error when AUTH is required} {
catch {r set foo bar} err