Sentinel: implement auth-user directive for ACLs.
This commit is contained in:
antirez
parent
bce9a68b39
commit
9321c7871f
@ -205,7 +205,8 @@ typedef struct sentinelRedisInstance {
|
|||||||
dict *slaves; /* Slaves for this master instance. */
|
dict *slaves; /* Slaves for this master instance. */
|
||||||
unsigned int quorum;/* Number of sentinels that need to agree on failure. */
|
unsigned int quorum;/* Number of sentinels that need to agree on failure. */
|
||||||
int parallel_syncs; /* How many slaves to reconfigure at same time. */
|
int parallel_syncs; /* How many slaves to reconfigure at same time. */
|
||||||
char *auth_pass; /* Password to use for AUTH against master & slaves. */
|
char *auth_pass; /* Password to use for AUTH against master & replica. */
|
||||||
|
char *auth_user; /* Username for ACLs AUTH against master & replica. */
|
||||||
|
|
||||||
/* Slave specific. */
|
/* Slave specific. */
|
||||||
mstime_t master_link_down_time; /* Slave replication link down time. */
|
mstime_t master_link_down_time; /* Slave replication link down time. */
|
||||||
@ -1231,6 +1232,7 @@ sentinelRedisInstance *createSentinelRedisInstance(char *name, int flags, char *
|
|||||||
SENTINEL_DEFAULT_DOWN_AFTER;
|
SENTINEL_DEFAULT_DOWN_AFTER;
|
||||||
ri->master_link_down_time = 0;
|
ri->master_link_down_time = 0;
|
||||||
ri->auth_pass = NULL;
|
ri->auth_pass = NULL;
|
||||||
|
ri->auth_user = NULL;
|
||||||
ri->slave_priority = SENTINEL_DEFAULT_SLAVE_PRIORITY;
|
ri->slave_priority = SENTINEL_DEFAULT_SLAVE_PRIORITY;
|
||||||
ri->slave_reconf_sent_time = 0;
|
ri->slave_reconf_sent_time = 0;
|
||||||
ri->slave_master_host = NULL;
|
ri->slave_master_host = NULL;
|
||||||
@ -1289,6 +1291,7 @@ void releaseSentinelRedisInstance(sentinelRedisInstance *ri) {
|
|||||||
sdsfree(ri->slave_master_host);
|
sdsfree(ri->slave_master_host);
|
||||||
sdsfree(ri->leader);
|
sdsfree(ri->leader);
|
||||||
sdsfree(ri->auth_pass);
|
sdsfree(ri->auth_pass);
|
||||||
|
sdsfree(ri->auth_user);
|
||||||
sdsfree(ri->info);
|
sdsfree(ri->info);
|
||||||
releaseSentinelAddr(ri->addr);
|
releaseSentinelAddr(ri->addr);
|
||||||
dictRelease(ri->renamed_commands);
|
dictRelease(ri->renamed_commands);
|
||||||
@ -1679,6 +1682,11 @@ char *sentinelHandleConfiguration(char **argv, int argc) {
|
|||||||
ri = sentinelGetMasterByName(argv[1]);
|
ri = sentinelGetMasterByName(argv[1]);
|
||||||
if (!ri) return "No such master with specified name.";
|
if (!ri) return "No such master with specified name.";
|
||||||
ri->auth_pass = sdsnew(argv[2]);
|
ri->auth_pass = sdsnew(argv[2]);
|
||||||
|
} else if (!strcasecmp(argv[0],"auth-user") && argc == 3) {
|
||||||
|
/* auth-user <name> <username> */
|
||||||
|
ri = sentinelGetMasterByName(argv[1]);
|
||||||
|
if (!ri) return "No such master with specified name.";
|
||||||
|
ri->auth_user = sdsnew(argv[2]);
|
||||||
} else if (!strcasecmp(argv[0],"current-epoch") && argc == 2) {
|
} else if (!strcasecmp(argv[0],"current-epoch") && argc == 2) {
|
||||||
/* current-epoch <epoch> */
|
/* current-epoch <epoch> */
|
||||||
unsigned long long current_epoch = strtoull(argv[1],NULL,10);
|
unsigned long long current_epoch = strtoull(argv[1],NULL,10);
|
||||||
@ -1836,7 +1844,7 @@ void rewriteConfigSentinelOption(struct rewriteConfigState *state) {
|
|||||||
rewriteConfigRewriteLine(state,"sentinel",line,1);
|
rewriteConfigRewriteLine(state,"sentinel",line,1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* sentinel auth-pass */
|
/* sentinel auth-pass & auth-user */
|
||||||
if (master->auth_pass) {
|
if (master->auth_pass) {
|
||||||
line = sdscatprintf(sdsempty(),
|
line = sdscatprintf(sdsempty(),
|
||||||
"sentinel auth-pass %s %s",
|
"sentinel auth-pass %s %s",
|
||||||
@ -1844,6 +1852,13 @@ void rewriteConfigSentinelOption(struct rewriteConfigState *state) {
|
|||||||
rewriteConfigRewriteLine(state,"sentinel",line,1);
|
rewriteConfigRewriteLine(state,"sentinel",line,1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (master->auth_user) {
|
||||||
|
line = sdscatprintf(sdsempty(),
|
||||||
|
"sentinel auth-user %s %s",
|
||||||
|
master->name, master->auth_user);
|
||||||
|
rewriteConfigRewriteLine(state,"sentinel",line,1);
|
||||||
|
}
|
||||||
|
|
||||||
/* sentinel config-epoch */
|
/* sentinel config-epoch */
|
||||||
line = sdscatprintf(sdsempty(),
|
line = sdscatprintf(sdsempty(),
|
||||||
"sentinel config-epoch %s %llu",
|
"sentinel config-epoch %s %llu",
|
||||||
@ -1968,19 +1983,29 @@ werr:
|
|||||||
* will disconnect and reconnect the link and so forth. */
|
* will disconnect and reconnect the link and so forth. */
|
||||||
void sentinelSendAuthIfNeeded(sentinelRedisInstance *ri, redisAsyncContext *c) {
|
void sentinelSendAuthIfNeeded(sentinelRedisInstance *ri, redisAsyncContext *c) {
|
||||||
char *auth_pass = NULL;
|
char *auth_pass = NULL;
|
||||||
|
char *auth_user = NULL;
|
||||||
|
|
||||||
if (ri->flags & SRI_MASTER) {
|
if (ri->flags & SRI_MASTER) {
|
||||||
auth_pass = ri->auth_pass;
|
auth_pass = ri->auth_pass;
|
||||||
|
auth_user = ri->auth_user;
|
||||||
} else if (ri->flags & SRI_SLAVE) {
|
} else if (ri->flags & SRI_SLAVE) {
|
||||||
auth_pass = ri->master->auth_pass;
|
auth_pass = ri->master->auth_pass;
|
||||||
|
auth_user = ri->master->auth_user;
|
||||||
} else if (ri->flags & SRI_SENTINEL) {
|
} else if (ri->flags & SRI_SENTINEL) {
|
||||||
auth_pass = ACLDefaultUserFirstPassword();
|
auth_pass = ACLDefaultUserFirstPassword();
|
||||||
|
auth_user = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (auth_pass) {
|
if (auth_pass && auth_user == NULL) {
|
||||||
if (redisAsyncCommand(c, sentinelDiscardReplyCallback, ri, "%s %s",
|
if (redisAsyncCommand(c, sentinelDiscardReplyCallback, ri, "%s %s",
|
||||||
sentinelInstanceMapCommand(ri,"AUTH"),
|
sentinelInstanceMapCommand(ri,"AUTH"),
|
||||||
auth_pass) == C_OK) ri->link->pending_commands++;
|
auth_pass) == C_OK) ri->link->pending_commands++;
|
||||||
|
} else if (auth_pass && auth_user) {
|
||||||
|
/* If we also have an username, use the ACL-style AUTH command
|
||||||
|
* with two arguments, username and password. */
|
||||||
|
if (redisAsyncCommand(c, sentinelDiscardReplyCallback, ri, "%s %s %s",
|
||||||
|
sentinelInstanceMapCommand(ri,"AUTH"),
|
||||||
|
auth_user, auth_pass) == C_OK) ri->link->pending_commands++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3522,6 +3547,12 @@ void sentinelSetCommand(client *c) {
|
|||||||
sdsfree(ri->auth_pass);
|
sdsfree(ri->auth_pass);
|
||||||
ri->auth_pass = strlen(value) ? sdsnew(value) : NULL;
|
ri->auth_pass = strlen(value) ? sdsnew(value) : NULL;
|
||||||
changes++;
|
changes++;
|
||||||
|
} else if (!strcasecmp(option,"auth-user") && moreargs > 0) {
|
||||||
|
/* auth-user <username> */
|
||||||
|
char *value = c->argv[++j]->ptr;
|
||||||
|
sdsfree(ri->auth_user);
|
||||||
|
ri->auth_user = strlen(value) ? sdsnew(value) : NULL;
|
||||||
|
changes++;
|
||||||
} else if (!strcasecmp(option,"quorum") && moreargs > 0) {
|
} else if (!strcasecmp(option,"quorum") && moreargs > 0) {
|
||||||
/* quorum <count> */
|
/* quorum <count> */
|
||||||
robj *o = c->argv[++j];
|
robj *o = c->argv[++j];
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user