From 4a474843fbd018cd323971b57dec976d7ad0278d Mon Sep 17 00:00:00 2001 From: Madelyn Olson <34459052+madolson@users.noreply.github.com> Date: Thu, 25 Feb 2021 21:00:27 -0800 Subject: [PATCH] Moved requirepass and querybuf length to generic configs (#8557) Moved additional configs to generic infrastructure. --- src/acl.c | 13 +++++++- src/config.c | 92 +++++++++------------------------------------------- src/server.c | 4 ++- src/server.h | 2 +- 4 files changed, 31 insertions(+), 80 deletions(-) diff --git a/src/acl.c b/src/acl.c index e120b36fc..445409ecd 100644 --- a/src/acl.c +++ b/src/acl.c @@ -1054,7 +1054,6 @@ void ACLInit(void) { UsersToLoad = listCreate(); ACLLog = listCreate(); ACLInitDefaultUser(); - server.requirepass = NULL; /* Only used for backward compatibility. */ } /* Check the username and password pair and return C_OK if they are valid, @@ -2251,3 +2250,15 @@ void authCommand(client *c) { } } +/* Set the password for the "default" ACL user. This implements supports for + * requirepass config, so passing in NULL will set the user to be nopass. */ +void ACLUpdateDefaultUserPassword(sds password) { + ACLSetUser(DefaultUser,"resetpass",-1); + if (password) { + sds aclop = sdscatlen(sdsnew(">"), password, sdslen(password)); + ACLSetUser(DefaultUser,aclop,sdslen(aclop)); + sdsfree(aclop); + } else { + ACLSetUser(DefaultUser,"nopass",-1); + } +} diff --git a/src/config.c b/src/config.c index 9081d0312..13a6dee14 100644 --- a/src/config.c +++ b/src/config.c @@ -504,8 +504,6 @@ void loadServerConfigFromString(char *config) { } } else if (!strcasecmp(argv[0],"include") && argc == 2) { loadServerConfig(argv[1], 0, NULL); - } else if ((!strcasecmp(argv[0],"client-query-buffer-limit")) && argc == 2) { - server.client_max_querybuf_len = memtoll(argv[1],NULL); } else if ((!strcasecmp(argv[0],"slaveof") || !strcasecmp(argv[0],"replicaof")) && argc == 3) { slaveof_linenum = linenum; @@ -521,26 +519,6 @@ void loadServerConfigFromString(char *config) { err = "Invalid master port"; goto loaderr; } server.repl_state = REPL_STATE_CONNECT; - } else if (!strcasecmp(argv[0],"requirepass") && argc == 2) { - if (sdslen(argv[1]) > CONFIG_AUTHPASS_MAX_LEN) { - err = "Password is longer than CONFIG_AUTHPASS_MAX_LEN"; - goto loaderr; - } - /* The old "requirepass" directive just translates to setting - * a password to the default user. The only thing we do - * additionally is to remember the cleartext password in this - * case, for backward compatibility with Redis <= 5. */ - ACLSetUser(DefaultUser,"resetpass",-1); - sdsfree(server.requirepass); - server.requirepass = NULL; - if (sdslen(argv[1])) { - sds aclop = sdscatlen(sdsnew(">"), argv[1], sdslen(argv[1])); - ACLSetUser(DefaultUser,aclop,sdslen(aclop)); - sdsfree(aclop); - server.requirepass = sdsdup(argv[1]); - } else { - ACLSetUser(DefaultUser,"nopass",-1); - } } else if (!strcasecmp(argv[0],"list-max-ziplist-entries") && argc == 2){ /* DEAD OPTION */ } else if (!strcasecmp(argv[0],"list-max-ziplist-value") && argc == 2) { @@ -750,24 +728,7 @@ void configSetCommand(client *c) { if (0) { /* this starts the config_set macros else-if chain. */ /* Special fields that can't be handled with general macros. */ - config_set_special_field("requirepass") { - if (sdslen(o->ptr) > CONFIG_AUTHPASS_MAX_LEN) goto badfmt; - /* The old "requirepass" directive just translates to setting - * a password to the default user. The only thing we do - * additionally is to remember the cleartext password in this - * case, for backward compatibility with Redis <= 5. */ - ACLSetUser(DefaultUser,"resetpass",-1); - sdsfree(server.requirepass); - server.requirepass = NULL; - if (sdslen(o->ptr)) { - sds aclop = sdscatlen(sdsnew(">"), o->ptr, sdslen(o->ptr)); - ACLSetUser(DefaultUser,aclop,sdslen(aclop)); - sdsfree(aclop); - server.requirepass = sdsdup(o->ptr); - } else { - ACLSetUser(DefaultUser,"nopass",-1); - } - } config_set_special_field("save") { + config_set_special_field("save") { int vlen, j; sds *v = sdssplitlen(o->ptr,sdslen(o->ptr)," ",1,&vlen); @@ -876,10 +837,6 @@ void configSetCommand(client *c) { enableWatchdog(ll); else disableWatchdog(); - /* Memory fields. - * config_set_memory_field(name,var) */ - } config_set_memory_field( - "client-query-buffer-limit",server.client_max_querybuf_len) { /* Everything else is an error... */ } config_set_else { addReplyErrorFormat(c,"Unsupported CONFIG parameter: %s", @@ -959,7 +916,6 @@ void configGetCommand(client *c) { config_get_string_field("logfile",server.logfile); /* Numerical values */ - config_get_numerical_field("client-query-buffer-limit",server.client_max_querybuf_len); config_get_numerical_field("watchdog-period",server.watchdog_period); /* Everything we can't handle with macros follows. */ @@ -1046,16 +1002,6 @@ void configGetCommand(client *c) { sdsfree(aux); matches++; } - if (stringmatch(pattern,"requirepass",1)) { - addReplyBulkCString(c,"requirepass"); - sds password = server.requirepass; - if (password) { - addReplyBulkCBuffer(c,password,sdslen(password)); - } else { - addReplyBulkCString(c,""); - } - matches++; - } if (stringmatch(pattern,"oom-score-adj-values",0)) { sds buf = sdsempty(); @@ -1564,26 +1510,6 @@ void rewriteConfigBindOption(struct rewriteConfigState *state) { rewriteConfigRewriteLine(state,option,line,force); } -/* Rewrite the requirepass option. */ -void rewriteConfigRequirepassOption(struct rewriteConfigState *state, char *option) { - int force = 1; - sds line; - sds password = server.requirepass; - - /* If there is no password set, we don't want the requirepass option - * to be present in the configuration at all. */ - if (password == NULL) { - rewriteConfigMarkAsProcessed(state,option); - return; - } - - line = sdsnew(option); - line = sdscatlen(line, " ", 1); - line = sdscatsds(line, password); - - rewriteConfigRewriteLine(state,option,line,force); -} - /* Glue together the configuration lines in the current configuration * rewrite state into a single string, stripping multiple empty lines. */ sds rewriteConfigGetContentFromState(struct rewriteConfigState *state) { @@ -1740,8 +1666,6 @@ int rewriteConfig(char *path, int force_all) { rewriteConfigUserOption(state); rewriteConfigDirOption(state); rewriteConfigSlaveofOption(state,"replicaof"); - rewriteConfigRequirepassOption(state,"requirepass"); - rewriteConfigBytesOption(state,"client-query-buffer-limit",server.client_max_querybuf_len,PROTO_MAX_QUERYBUF_LEN); rewriteConfigStringOption(state,"cluster-config-file",server.cluster_configfile,CONFIG_DEFAULT_CLUSTER_CONFIG_FILE); rewriteConfigNotifykeyspaceeventsOption(state); rewriteConfigClientoutputbufferlimitOption(state); @@ -2368,6 +2292,18 @@ static int updateOOMScoreAdj(int val, int prev, const char **err) { return 1; } + +int updateRequirePass(sds val, sds prev, const char **err) { + UNUSED(prev); + UNUSED(err); + /* The old "requirepass" directive just translates to setting + * a password to the default user. The only thing we do + * additionally is to remember the cleartext password in this + * case, for backward compatibility with Redis <= 5. */ + ACLUpdateDefaultUserPassword(val); + return 1; +} + #ifdef USE_OPENSSL static int updateTlsCfg(char *val, char *prev, const char **err) { UNUSED(val); @@ -2458,6 +2394,7 @@ standardConfig configs[] = { /* SDS Configs */ createSDSConfig("masterauth", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.masterauth, NULL, NULL, NULL), + createSDSConfig("requirepass", NULL, MODIFIABLE_CONFIG, EMPTY_STRING_IS_NULL, server.requirepass, NULL, NULL, updateRequirePass), /* Enum Configs */ createEnumConfig("supervised", NULL, IMMUTABLE_CONFIG, supervised_mode_enum, server.supervised_mode, SUPERVISED_NONE, NULL, NULL), @@ -2534,6 +2471,7 @@ standardConfig configs[] = { createSizeTConfig("zset-max-ziplist-value", NULL, MODIFIABLE_CONFIG, 0, LONG_MAX, server.zset_max_ziplist_value, 64, MEMORY_CONFIG, NULL, NULL), createSizeTConfig("hll-sparse-max-bytes", NULL, MODIFIABLE_CONFIG, 0, LONG_MAX, server.hll_sparse_max_bytes, 3000, MEMORY_CONFIG, NULL, NULL), createSizeTConfig("tracking-table-max-keys", NULL, MODIFIABLE_CONFIG, 0, LONG_MAX, server.tracking_table_max_keys, 1000000, INTEGER_CONFIG, NULL, NULL), /* Default: 1 million keys max. */ + createSizeTConfig("client-query-buffer-limit", NULL, MODIFIABLE_CONFIG, 1024*1024, LONG_MAX, server.client_max_querybuf_len, 1024*1024*1024, MEMORY_CONFIG, NULL, NULL), /* Default: 1GB max query buffer. */ /* Other configs */ createTimeTConfig("repl-backlog-ttl", NULL, MODIFIABLE_CONFIG, 0, LONG_MAX, server.repl_backlog_time_limit, 60*60, INTEGER_CONFIG, NULL, NULL), /* Default: 1 hour */ diff --git a/src/server.c b/src/server.c index f4dff6b0e..6e9dca3bc 100644 --- a/src/server.c +++ b/src/server.c @@ -2653,7 +2653,6 @@ void initServerConfig(void) { server.sofd = -1; server.active_expire_enabled = 1; server.skip_checksum_validation = 0; - server.client_max_querybuf_len = PROTO_MAX_QUERYBUF_LEN; server.saveparams = NULL; server.loading = 0; server.loading_rdb_used_mem = 0; @@ -3324,6 +3323,9 @@ void initServer(void) { scriptingInit(1); slowlogInit(); latencyMonitorInit(); + + /* Initialize ACL default password if it exists */ + ACLUpdateDefaultUserPassword(server.requirepass); } /* Some steps in server initialization need to be done last (after modules diff --git a/src/server.h b/src/server.h index 55f718111..5bdcaae64 100644 --- a/src/server.h +++ b/src/server.h @@ -138,7 +138,6 @@ typedef long long ustime_t; /* microsecond time type. */ #define STATS_METRIC_COUNT 3 /* Protocol and I/O related defines */ -#define PROTO_MAX_QUERYBUF_LEN (1024*1024*1024) /* 1GB max query buffer. */ #define PROTO_IOBUF_LEN (1024*16) /* Generic I/O buffer size */ #define PROTO_REPLY_CHUNK_BYTES (16*1024) /* 16k output buffer */ #define PROTO_INLINE_MAX_SIZE (1024*64) /* Max size of inline reads */ @@ -2106,6 +2105,7 @@ void addReplyCommandCategories(client *c, struct redisCommand *cmd); user *ACLCreateUnlinkedUser(); void ACLFreeUserAndKillClients(user *u); void addACLLogEntry(client *c, int reason, int keypos, sds username); +void ACLUpdateDefaultUserPassword(sds password); /* Sorted sets data type */