Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement authentication (AUTH) #17

Closed
hltbra opened this issue Feb 20, 2019 · 0 comments
Closed

Implement authentication (AUTH) #17

hltbra opened this issue Feb 20, 2019 · 0 comments
Labels
feature-request New feature

Comments

@hltbra
Copy link
Contributor

hltbra commented Feb 20, 2019

Redis's clientObject struct has the field authenticated indicating if the client is authenticated or not.

Before each command is processed, Redis checks if the user is authenticated. Relevant snippets:

    /* Check if the user is authenticated */
    if (!(DefaultUser->flags & USER_FLAG_NOPASS) &&
        !c->authenticated &&
        (c->cmd->proc != authCommand || c->cmd->proc == helloCommand))
    {
        flagTransaction(c);
        addReply(c,shared.noautherr);
        return C_OK;
    }
/* AUTH <passowrd>
 * AUTH <username> <password> (Redis >= 6.0 form)
 *
 * When the user is omitted it means that we are trying to authenticate
 * against the default user. */
void authCommand(client *c) {
    /* Only two or three argument forms are allowed. */
    if (c->argc > 3) {
        addReply(c,shared.syntaxerr);
        return;
    }

    /* Handle the two different forms here. The form with two arguments
     * will just use "default" as username. */
    robj *username, *password;
    if (c->argc == 2) {
        /* Mimic the old behavior of giving an error for the two commands
         * from if no password is configured. */
        if (DefaultUser->flags & USER_FLAG_NOPASS) {
            addReplyError(c,"AUTH <password> called without any password "
                            "configured for the default user. Are you sure "
                            "your configuration is correct?");
            return;
        }

        username = createStringObject("default",7);
        password = c->argv[1];
    } else {
        username = c->argv[1];
        password = c->argv[2];
    }

    if (ACLCheckUserCredentials(username,password) == C_OK) {
        c->authenticated = 1;
        c->user = ACLGetUserByName(username->ptr,sdslen(username->ptr));
        addReply(c,shared.ok);
    } else {
        addReplyError(c,"-WRONGPASS invalid username-password pair");
    }

    /* Free the "default" string object we created for the two
     * arguments form. */
    if (c->argc == 2) decrRefCount(username);
}
    shared.noautherr = createObject(OBJ_STRING,sdsnew(
        "-NOAUTH Authentication required.\r\n"));

Authentication was much simpler in the 2.8 branch:

void authCommand(redisClient *c) {
    if (!server.requirepass) {
        addReplyError(c,"Client sent AUTH, but no password is set");
    } else if (!time_independent_strcmp(c->argv[1]->ptr, server.requirepass)) {
      c->authenticated = 1;
      addReply(c,shared.ok);
    } else {
      c->authenticated = 0;
      addReplyError(c,"invalid password");
    }
}
@hltbra hltbra added the feature-request New feature label Feb 20, 2019
hltbra added a commit that referenced this issue Jun 27, 2019
@hltbra
Add AUTH support (fix #17)
7b6d83e
@hltbra hltbra closed this as completed in a44df0a Jun 28, 2019
hltbra added a commit that referenced this issue Jun 28, 2019
@hltbra
Merge pull request #37 from Yipit/feature/auth
848a4a9 
Add AUTH support (fix #17)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request New feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hltbra