mirror of
https://github.com/fluencelabs/redis
synced 2025-03-30 22:31:03 +00:00
ACL: remove server.requirepass + some refactoring.
This commit is contained in:
antirez
parent
7de6e30241
commit
c8391388c2
10
src/acl.c
10
src/acl.c
@ -216,6 +216,16 @@ int ACLSetUser(user *u, const char *op, ssize_t oplen) {
|
|||||||
return C_OK;
|
return C_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Return the first password of the default user or NULL.
|
||||||
|
* This function is needed for backward compatibility with the old
|
||||||
|
* directive "requirepass" when Redis supported a single global
|
||||||
|
* password. */
|
||||||
|
sds ACLDefaultUserFirstPassword(void) {
|
||||||
|
if (listLength(DefaultUser->passwords) == 0) return NULL;
|
||||||
|
listNode *first = listFirst(DefaultUser->passwords);
|
||||||
|
return listNodeValue(first);
|
||||||
|
}
|
||||||
|
|
||||||
/* Initialization of the ACL subsystem. */
|
/* Initialization of the ACL subsystem. */
|
||||||
void ACLInit(void) {
|
void ACLInit(void) {
|
||||||
Users = raxNew();
|
Users = raxNew();
|
||||||
|
|||||||
10
src/config.c
10
src/config.c
@ -1581,9 +1581,8 @@ void configGetCommand(client *c) {
|
|||||||
}
|
}
|
||||||
if (stringmatch(pattern,"requirepass",1)) {
|
if (stringmatch(pattern,"requirepass",1)) {
|
||||||
addReplyBulkCString(c,"requirepass");
|
addReplyBulkCString(c,"requirepass");
|
||||||
if (listLength(DefaultUser->passwords)) {
|
sds password = ACLDefaultUserFirstPassword();
|
||||||
listNode *first = listFirst(DefaultUser->passwords);
|
if (password) {
|
||||||
sds password = listNodeValue(first);
|
|
||||||
addReplyBulkCBuffer(c,password,sdslen(password));
|
addReplyBulkCBuffer(c,password,sdslen(password));
|
||||||
} else {
|
} else {
|
||||||
addReplyBulkCString(c,"");
|
addReplyBulkCString(c,"");
|
||||||
@ -2004,18 +2003,17 @@ void rewriteConfigBindOption(struct rewriteConfigState *state) {
|
|||||||
void rewriteConfigRequirepassOption(struct rewriteConfigState *state, char *option) {
|
void rewriteConfigRequirepassOption(struct rewriteConfigState *state, char *option) {
|
||||||
int force = 1;
|
int force = 1;
|
||||||
sds line;
|
sds line;
|
||||||
|
sds password = ACLDefaultUserFirstPassword();
|
||||||
|
|
||||||
/* If there is no password set, we don't want the requirepass option
|
/* If there is no password set, we don't want the requirepass option
|
||||||
* to be present in the configuration at all. */
|
* to be present in the configuration at all. */
|
||||||
if (listLength(DefaultUser->passwords) == 0) {
|
if (password == NULL) {
|
||||||
rewriteConfigMarkAsProcessed(state,option);
|
rewriteConfigMarkAsProcessed(state,option);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
line = sdsnew(option);
|
line = sdsnew(option);
|
||||||
line = sdscatlen(line, " ", 1);
|
line = sdscatlen(line, " ", 1);
|
||||||
listNode *first = listFirst(DefaultUser->passwords);
|
|
||||||
sds password = listNodeValue(first);
|
|
||||||
line = sdscatsds(line, password);
|
line = sdscatsds(line, password);
|
||||||
|
|
||||||
rewriteConfigRewriteLine(state,option,line,force);
|
rewriteConfigRewriteLine(state,option,line,force);
|
||||||
|
|||||||
@ -810,7 +810,7 @@ static void acceptCommonHandler(int fd, int flags, char *ip) {
|
|||||||
* user what to do to fix it if needed. */
|
* user what to do to fix it if needed. */
|
||||||
if (server.protected_mode &&
|
if (server.protected_mode &&
|
||||||
server.bindaddr_count == 0 &&
|
server.bindaddr_count == 0 &&
|
||||||
server.requirepass == NULL &&
|
DefaultUser->flags & USER_FLAG_NOPASS &&
|
||||||
!(flags & CLIENT_UNIX_SOCKET) &&
|
!(flags & CLIENT_UNIX_SOCKET) &&
|
||||||
ip != NULL)
|
ip != NULL)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -1961,7 +1961,7 @@ void sentinelSendAuthIfNeeded(sentinelRedisInstance *ri, redisAsyncContext *c) {
|
|||||||
} else if (ri->flags & SRI_SLAVE) {
|
} else if (ri->flags & SRI_SLAVE) {
|
||||||
auth_pass = ri->master->auth_pass;
|
auth_pass = ri->master->auth_pass;
|
||||||
} else if (ri->flags & SRI_SENTINEL) {
|
} else if (ri->flags & SRI_SENTINEL) {
|
||||||
if (server.requirepass) auth_pass = server.requirepass;
|
auth_pass = ACLDefaultUserFirstPassword();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (auth_pass) {
|
if (auth_pass) {
|
||||||
|
|||||||
@ -1596,7 +1596,6 @@ void initServerConfig(void) {
|
|||||||
server.pidfile = NULL;
|
server.pidfile = NULL;
|
||||||
server.rdb_filename = zstrdup(CONFIG_DEFAULT_RDB_FILENAME);
|
server.rdb_filename = zstrdup(CONFIG_DEFAULT_RDB_FILENAME);
|
||||||
server.aof_filename = zstrdup(CONFIG_DEFAULT_AOF_FILENAME);
|
server.aof_filename = zstrdup(CONFIG_DEFAULT_AOF_FILENAME);
|
||||||
server.requirepass = NULL;
|
|
||||||
server.rdb_compression = CONFIG_DEFAULT_RDB_COMPRESSION;
|
server.rdb_compression = CONFIG_DEFAULT_RDB_COMPRESSION;
|
||||||
server.rdb_checksum = CONFIG_DEFAULT_RDB_CHECKSUM;
|
server.rdb_checksum = CONFIG_DEFAULT_RDB_CHECKSUM;
|
||||||
server.stop_writes_on_bgsave_err = CONFIG_DEFAULT_STOP_WRITES_ON_BGSAVE_ERROR;
|
server.stop_writes_on_bgsave_err = CONFIG_DEFAULT_STOP_WRITES_ON_BGSAVE_ERROR;
|
||||||
|
|||||||
@ -778,7 +778,7 @@ typedef struct client {
|
|||||||
time_t lastinteraction; /* Time of the last interaction, used for timeout */
|
time_t lastinteraction; /* Time of the last interaction, used for timeout */
|
||||||
time_t obuf_soft_limit_reached_time;
|
time_t obuf_soft_limit_reached_time;
|
||||||
int flags; /* Client flags: CLIENT_* macros. */
|
int flags; /* Client flags: CLIENT_* macros. */
|
||||||
int authenticated; /* When requirepass is non-NULL. */
|
int authenticated; /* Needed when the default user requires auth. */
|
||||||
int replstate; /* Replication state if this is a slave. */
|
int replstate; /* Replication state if this is a slave. */
|
||||||
int repl_put_online_on_ack; /* Install slave write handler on ACK. */
|
int repl_put_online_on_ack; /* Install slave write handler on ACK. */
|
||||||
int repldbfd; /* Replication DB file descriptor. */
|
int repldbfd; /* Replication DB file descriptor. */
|
||||||
@ -988,7 +988,6 @@ struct redisServer {
|
|||||||
int shutdown_asap; /* SHUTDOWN needed ASAP */
|
int shutdown_asap; /* SHUTDOWN needed ASAP */
|
||||||
int activerehashing; /* Incremental rehash in serverCron() */
|
int activerehashing; /* Incremental rehash in serverCron() */
|
||||||
int active_defrag_running; /* Active defragmentation running (holds current scan aggressiveness) */
|
int active_defrag_running; /* Active defragmentation running (holds current scan aggressiveness) */
|
||||||
char *requirepass; /* Pass for AUTH command, or NULL */
|
|
||||||
char *pidfile; /* PID file path */
|
char *pidfile; /* PID file path */
|
||||||
int arch_bits; /* 32 or 64 depending on sizeof(long) */
|
int arch_bits; /* 32 or 64 depending on sizeof(long) */
|
||||||
int cronloops; /* Number of times the cron function run */
|
int cronloops; /* Number of times the cron function run */
|
||||||
@ -1707,6 +1706,7 @@ unsigned long ACLGetCommandID(const char *cmdname);
|
|||||||
user *ACLGetUserByName(const char *name, size_t namelen);
|
user *ACLGetUserByName(const char *name, size_t namelen);
|
||||||
int ACLCheckCommandPerm(client *c);
|
int ACLCheckCommandPerm(client *c);
|
||||||
int ACLSetUser(user *u, const char *op, ssize_t oplen);
|
int ACLSetUser(user *u, const char *op, ssize_t oplen);
|
||||||
|
sds ACLDefaultUserFirstPassword(void);
|
||||||
|
|
||||||
/* Sorted sets data type */
|
/* Sorted sets data type */
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user