gvsafronov/futriix
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

Moving client->authenticated to a flag instead of an int (#592)

Browse Source 
Moving client->authenticated to a flag

Fix #589 

Signed-off-by: artikell <739609084@qq.com>
This commit is contained in:
skyfirelee 2024-06-10 02:49:05 +08:00 committed by GitHub
parent d28ae52004
commit 09b5825b26
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/acl.c
View File

@ -506,7 +506,7 @@ void ACLFreeUserAndKillClients(user *u) {
* more defensive to set the default user and put
* it in non authenticated mode. */
c->user = DefaultUser;
c->authenticated = 0;
c->flags &= ~CLIENT_AUTHENTICATED;
/* We will write replies to this client later, so we can't
* close it directly even if async. */
if (c == server.current_client) {
@ -1494,7 +1494,7 @@ void addAuthErrReply(client *c, robj *err) {
* The return value is AUTH_OK on success (valid username / password pair) & AUTH_ERR otherwise. */
int checkPasswordBasedAuth(client *c, robj *username, robj *password) {
if (ACLCheckUserCredentials(username, password) == C_OK) {
c->authenticated = 1;
c->flags |= CLIENT_AUTHENTICATED;
c->user = ACLGetUserByName(username->ptr, sdslen(username->ptr));
moduleNotifyUserChanged(c);
return AUTH_OK;

6
src/module.c
View File

@ -7917,7 +7917,7 @@ int checkModuleAuthentication(client *c, robj *username, robj *password, robj **
}
if (c->flags & CLIENT_MODULE_AUTH_HAS_RESULT) {
c->flags &= ~CLIENT_MODULE_AUTH_HAS_RESULT;
if (c->authenticated) return AUTH_OK;
if (c->flags & CLIENT_AUTHENTICATED) return AUTH_OK;
}
return AUTH_ERR;
}
@ -9465,7 +9465,7 @@ void revokeClientAuthentication(client *c) {
moduleNotifyUserChanged(c);
c->user = DefaultUser;
c->authenticated = 0;
c->flags &= ~CLIENT_AUTHENTICATED;
/* We will write replies to this client later, so we can't close it
* directly even if async. */
if (c == server.current_client) {
@ -9787,7 +9787,7 @@ static int authenticateClientWithUser(ValkeyModuleCtx *ctx,
moduleNotifyUserChanged(ctx->client);
ctx->client->user = user;
ctx->client->authenticated = 1;
ctx->client->flags |= CLIENT_AUTHENTICATED;
if (clientHasModuleAuthInProgress(ctx->client)) {
ctx->client->flags |= CLIENT_MODULE_AUTH_HAS_RESULT;

12
src/networking.c
View File

@ -104,14 +104,18 @@ static void clientSetDefaultAuth(client *c) {
/* If the default user does not require authentication, the user is
* directly authenticated. */
c->user = DefaultUser;
c->authenticated = (c->user->flags & USER_FLAG_NOPASS) && !(c->user->flags & USER_FLAG_DISABLED);
if ((c->user->flags & USER_FLAG_NOPASS) && !(c->user->flags & USER_FLAG_DISABLED)) {
c->flags |= CLIENT_AUTHENTICATED;
} else {
c->flags &= ~CLIENT_AUTHENTICATED;
}
}
int authRequired(client *c) {
/* Check if the user is authenticated. This check is skipped in case
* the default user is flagged as "nopass" and is active. */
int auth_required =
(!(DefaultUser->flags & USER_FLAG_NOPASS) || (DefaultUser->flags & USER_FLAG_DISABLED)) && !c->authenticated;
int auth_required = (!(DefaultUser->flags & USER_FLAG_NOPASS) || (DefaultUser->flags & USER_FLAG_DISABLED)) &&
!(c->flags & CLIENT_AUTHENTICATED);
return auth_required;
}
@ -3642,7 +3646,7 @@ void helloCommand(client *c) {
}
/* At this point we need to be authenticated to continue. */
if (!c->authenticated) {
if (!(c->flags & CLIENT_AUTHENTICATED)) {
addReplyError(c, "-NOAUTH HELLO must be called with the client already "
"authenticated, otherwise the HELLO <proto> AUTH <user> <pass> "
"option can be used to authenticate the client and "

5
src/replication.c
View File

@ -1721,12 +1721,11 @@ void replicationCreateMasterClient(connection *conn, int dbid) {
* to pass the execution to a background thread and unblock after the
* execution is done. This is the reason why we allow blocking the replication
* connection. */
server.primary->flags |= CLIENT_PRIMARY;
server.primary->flags |= (CLIENT_PRIMARY | CLIENT_AUTHENTICATED);
/* Allocate a private query buffer for the primary client instead of using the shared query buffer.
* This is done because the primary's query buffer data needs to be preserved for my sub-replicas to use. */
server.primary->querybuf = sdsempty();
server.primary->authenticated = 1;
server.primary->reploff = server.primary_initial_offset;
server.primary->read_reploff = server.primary->reploff;
server.primary->user = NULL; /* This client can do everything. */
@ -3306,7 +3305,7 @@ void replicationResurrectCachedMaster(connection *conn) {
server.primary->conn = conn;
connSetPrivateData(server.primary->conn, server.primary);
server.primary->flags &= ~(CLIENT_CLOSE_AFTER_REPLY | CLIENT_CLOSE_ASAP);
server.primary->authenticated = 1;
server.primary->flags |= CLIENT_AUTHENTICATED;
server.primary->last_interaction = server.unixtime;
server.repl_state = REPL_STATE_CONNECTED;
server.repl_down_since = 0;

2
src/server.h
View File

@ -427,6 +427,7 @@ extern int configOOMScoreAdjValuesDefaults[CONFIG_OOM_COUNT];
#define CLIENT_MODULE_PREVENT_REPL_PROP (1ULL << 49) /* Module client do not want to propagate to replica */
#define CLIENT_REPROCESSING_COMMAND (1ULL << 50) /* The client is re-processing the command. */
#define CLIENT_REPLICATION_DONE (1ULL << 51) /* Indicate that replication has been done on the client */
#define CLIENT_AUTHENTICATED (1ULL << 52) /* Indicate a client has successfully authenticated */
/* Client block type (btype field in client structure)
* if CLIENT_BLOCKED flag is set. */
@ -1238,7 +1239,6 @@ typedef struct client {
dictEntry *cur_script; /* Cached pointer to the dictEntry of the script being executed. */
time_t last_interaction; /* Time of the last interaction, used for timeout */
time_t obuf_soft_limit_reached_time;
int authenticated; /* Needed when the default user requires auth. */
int repl_state; /* Replication state if this is a replica. */
int repl_start_cmd_stream_on_ack; /* Install replica write handler on first ACK. */
int repldbfd; /* Replication DB file descriptor. */