ACL: load ACL file at startup. Prevent silly configurations.
This commit is contained in:
antirez
parent
db30727547
commit
80f987726d
33
src/acl.c
33
src/acl.c
@ -1227,6 +1227,39 @@ sds ACLLoadFromFile(const char *filename) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* This function is called once the server is already running, modules are
|
||||||
|
* loaded, and we are ready to start, in order to load the ACLs either from
|
||||||
|
* the pending list of users defined in redis.conf, or from the ACL file.
|
||||||
|
* The function will just exit with an error if the user is trying to mix
|
||||||
|
* both the loading methods. */
|
||||||
|
void ACLLoadUsersAtStartup(void) {
|
||||||
|
if (server.acl_filename[0] != '\0' && listLength(UsersToLoad) != 0) {
|
||||||
|
serverLog(LL_WARNING,
|
||||||
|
"Configuring Redis with users defined in redis.conf and at "
|
||||||
|
"the same setting an ACL file path is invalid. This setup "
|
||||||
|
"is very likely to lead to configuration errors and security "
|
||||||
|
"holes, please define either an ACL file or declare users "
|
||||||
|
"directly in your redis.conf, but not both.");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ACLLoadConfiguredUsers() == C_ERR) {
|
||||||
|
serverLog(LL_WARNING,
|
||||||
|
"Critical error while loading ACLs. Exiting.");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (server.acl_filename[0] != '\0') {
|
||||||
|
sds errors = ACLLoadFromFile(server.acl_filename);
|
||||||
|
if (errors) {
|
||||||
|
serverLog(LL_WARNING,
|
||||||
|
"Aborting Redis startup because of ACL errors: %s", errors);
|
||||||
|
sdsfree(errors);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* =============================================================================
|
/* =============================================================================
|
||||||
* ACL related commands
|
* ACL related commands
|
||||||
* ==========================================================================*/
|
* ==========================================================================*/
|
||||||
|
|||||||
@ -4908,11 +4908,7 @@ int main(int argc, char **argv) {
|
|||||||
linuxMemoryWarnings();
|
linuxMemoryWarnings();
|
||||||
#endif
|
#endif
|
||||||
moduleLoadFromQueue();
|
moduleLoadFromQueue();
|
||||||
if (ACLLoadConfiguredUsers() == C_ERR) {
|
ACLLoadUsersAtStartup();
|
||||||
serverLog(LL_WARNING,
|
|
||||||
"Critical error while loading ACLs. Exiting.");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
loadDataFromDisk();
|
loadDataFromDisk();
|
||||||
if (server.cluster_enabled) {
|
if (server.cluster_enabled) {
|
||||||
if (verifyClusterConfigWithData() == C_ERR) {
|
if (verifyClusterConfigWithData() == C_ERR) {
|
||||||
|
|||||||
@ -1746,6 +1746,7 @@ int ACLAppendUserForLoading(sds *argv, int argc, int *argc_err);
|
|||||||
char *ACLSetUserStringError(void);
|
char *ACLSetUserStringError(void);
|
||||||
int ACLLoadConfiguredUsers(void);
|
int ACLLoadConfiguredUsers(void);
|
||||||
sds ACLDescribeUser(user *u);
|
sds ACLDescribeUser(user *u);
|
||||||
|
void ACLLoadUsersAtStartup(void);
|
||||||
|
|
||||||
/* Sorted sets data type */
|
/* Sorted sets data type */
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user