cli: pass auth through REDISCLI_AUTH

This adds support for passing a password through a REDISCLI_AUTH
environment variable (which is safer than the CLI), which might often be
safer than passing it through a CLI argument.

Passing a password this way does not trigger the warning about passing a
password through CLI arguments, and CLI arguments take precedence over
it.
This commit is contained in:
Thomas Orozco 2018-10-17 21:04:35 +02:00
parent 144832ee67
commit f24ad5d831

View File

@ -67,6 +67,7 @@
#define REDIS_CLI_HISTFILE_DEFAULT ".rediscli_history" #define REDIS_CLI_HISTFILE_DEFAULT ".rediscli_history"
#define REDIS_CLI_RCFILE_ENV "REDISCLI_RCFILE" #define REDIS_CLI_RCFILE_ENV "REDISCLI_RCFILE"
#define REDIS_CLI_RCFILE_DEFAULT ".redisclirc" #define REDIS_CLI_RCFILE_DEFAULT ".redisclirc"
#define REDIS_CLI_AUTH_ENV "REDISCLI_AUTH"
#define CLUSTER_MANAGER_SLOTS 16384 #define CLUSTER_MANAGER_SLOTS 16384
#define CLUSTER_MANAGER_MIGRATE_TIMEOUT 60000 #define CLUSTER_MANAGER_MIGRATE_TIMEOUT 60000
@ -1419,6 +1420,14 @@ static int parseOptions(int argc, char **argv) {
return i; return i;
} }
static void parseEnv() {
/* Set auth from env, but do not overwrite CLI arguments if passed */
char *auth = getenv(REDIS_CLI_AUTH_ENV);
if (auth != NULL && config.auth == NULL) {
config.auth = auth;
}
}
static sds readArgFromStdin(void) { static sds readArgFromStdin(void) {
char buf[1024]; char buf[1024];
sds arg = sdsempty(); sds arg = sdsempty();
@ -1446,6 +1455,9 @@ static void usage(void) {
" -p <port> Server port (default: 6379).\n" " -p <port> Server port (default: 6379).\n"
" -s <socket> Server socket (overrides hostname and port).\n" " -s <socket> Server socket (overrides hostname and port).\n"
" -a <password> Password to use when connecting to the server.\n" " -a <password> Password to use when connecting to the server.\n"
" You can also use the " REDIS_CLI_AUTH_ENV " environment\n"
" variable to pass this password more safely\n"
" (if both are used, this argument takes predecence).\n"
" -u <uri> Server URI.\n" " -u <uri> Server URI.\n"
" -r <repeat> Execute specified command N times.\n" " -r <repeat> Execute specified command N times.\n"
" -i <interval> When -r is used, waits <interval> seconds per command.\n" " -i <interval> When -r is used, waits <interval> seconds per command.\n"
@ -6657,6 +6669,8 @@ int main(int argc, char **argv) {
argc -= firstarg; argc -= firstarg;
argv += firstarg; argv += firstarg;
parseEnv();
/* Cluster Manager mode */ /* Cluster Manager mode */
if (CLUSTER_MANAGER_MODE()) { if (CLUSTER_MANAGER_MODE()) {
clusterManagerCommandProc *proc = validateClusterManagerCommand(); clusterManagerCommandProc *proc = validateClusterManagerCommand();