gvsafronov/futriix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,869 Commits 1 Branch 0 Tags
Commit Graph

792 Commits

Author SHA1 Message Date
zhaozhao.zz
de0f42bff3 ACL: add masteruser configuration for replication 
In mostly production environment, normal user's behavior should be
limited.

Now in redis ACL mechanism we can do it like that:

    user default on +@all ~* -@dangerous nopass
    user admin on +@all ~* >someSeriousPassword

Then the default normal user can not execute dangerous commands like
FLUSHALL/KEYS.

But some admin commands are in dangerous category too like PSYNC,
and the configurations above will forbid replica from sync with master.

Finally I think we could add a new configuration for replication,
it is masteruser option, like this:

    masteruser admin
    masterauth someSeriousPassword

Then replica will try AUTH admin someSeriousPassword and get privilege
to execute PSYNC. If masteruser is NULL, replica would AUTH with only
masterauth like before.
 2019-02-12 17:12:37 +08:00
John Sully
6059bc7e67 Initial work of multithreaded key-db. Note: Fails tests 2019-02-11 03:36:18 -05:00
John Sully
5be3566838 Performance enhancements! 2019-02-09 13:05:06 -05:00
John Sully
f6736cd713 Reduce memory usage for in place strings by 8 bytes 2019-02-09 13:04:18 -05:00
John Sully
dac1213462 complete rebranding with tests passing 2019-02-09 10:11:46 -05:00
antirez
87ce87e68c ACL: load ACL file at startup. Prevent silly configurations. 2019-02-07 17:20:03 +01:00
John Sully
ef310bc7f8 Merge branch 'unstable' of https://github.com/antirez/redis into unstable 2019-02-06 00:09:39 -05:00
John Sully
cd8145e314 Make main headers C++ safe, and change rdb to use file descriptor instead of FILE pointer 2019-02-05 23:36:40 -05:00
antirez
1bdc63cc01 ACL: implement rewriting of users in redis.conf. 2019-02-05 10:48:17 +01:00
antirez
e3c8db819b ACL: implement ACLLoadConfiguredUsers(). 2019-02-04 16:35:15 +01:00
antirez
7e4b4cd327 ACL: better error reporting in users configuration errors. 2019-02-04 13:04:35 +01:00
antirez
8dce634f5c ACL: make ACLAppendUserForLoading() able to report bad argument. 2019-02-04 13:00:58 +01:00
antirez
73efcef7cb ACL: initial appending of users in user loading list. 2019-02-04 12:55:48 +01:00
antirez
2e2796f4ff ACL: flags refactoring, function to describe user. 2019-01-31 16:49:22 +01:00
antirez
c9cdbbad7f ACL: populate category flags from command table. 2019-01-23 16:59:09 +01:00
antirez
aad7757fd3 ACL: define category names and flags. 2019-01-23 16:47:29 +01:00
antirez
75f40e77b0 ACL: better define name, and the idea of reserved ID. 2019-01-23 08:10:57 +01:00
antirez
646e020891 ACL: update comments in command flags. 2019-01-22 19:02:50 +01:00
antirez
da54f1fd3f Refactoring: always kill AOF/RDB child via helper functions. 2019-01-21 11:28:44 +01:00
antirez
a5e69e6729 ACL: remove server.requirepass + some refactoring. 2019-01-18 11:49:30 +01:00
antirez
5d1069e881 ACL: reimplement requirepass option in term of ACLs. 2019-01-17 18:05:43 +01:00
antirez
9f666e4710 ACL: fix and improve ACL key checking. 2019-01-16 18:31:05 +01:00
antirez
770a284a8c ACL: AUTH uses users. ACL WHOAMI implemented. 2019-01-15 18:16:20 +01:00
antirez
2977505cc1 ACL: nopass user setting. 
This is needed in order to model the current behavior of authenticating
the connection directly when no password is set. Now with ACLs this will
be obtained by setting the default user as "nopass" user. Moreover this
flag can be used in order to create other users that do not require any
password but will work with "AUTH username <any-password>".
 2019-01-15 13:16:31 +01:00
antirez
efd8fa754f ACL: initial implementation of the ACL command. 2019-01-15 09:36:12 +01:00
antirez
5fe83f2a9b ACL: ACLCheckCommandPerm() implementation WIP. 2019-01-14 18:35:21 +01:00
antirez
c17fa9ba7b ACL: Fix compilation by adding prototype and c->cmd fix. 2019-01-14 13:22:56 +01:00
antirez
15748e1fe0 ACL: ACLLCOMMAND flags. 2019-01-14 13:21:21 +01:00
antirez
8df5007346 ACL: avoid a radix tree lookup for the default user. 2019-01-11 11:32:41 +01:00
antirez
b532a16298 ACL: implement ACLCreateUser(). 2019-01-10 17:01:12 +01:00
antirez
1d176f0f0e ACL: initialization function. 2019-01-10 16:39:32 +01:00
antirez
33ff2b2f35 ACL: add a reference to the user in each client. 2019-01-10 16:34:13 +01:00
antirez
4a3b37a7a7 ACL: improved version of the user structure. 2019-01-10 12:47:52 +01:00
antirez
6f25143af6 ACL: use a fixed table for command IDs. 2019-01-09 21:31:29 +01:00
antirez
5151f74fe1 ACL: introduce the concept of command ID. 2019-01-09 17:20:47 +01:00
antirez
4d33fe81cd ACL: refactoring of the original authentication code. 2019-01-09 17:00:30 +01:00
antirez
89b7b6a917 RESP3: addReplyString() -> addReplyProto(). 
The function naming was totally nuts. Let's fix it as we break PRs
anyway with RESP3 refactoring and changes.
 2019-01-09 17:00:30 +01:00
antirez
78a3a19b2c RESP3: verbatim reply API + DEBUG PROTOCOL support. 2019-01-09 17:00:30 +01:00
antirez
a6ead03510 RESP3: addReplyBool() implemented. 2019-01-09 17:00:29 +01:00
antirez
bf3d7bbf31 RESP3: initial implementation of the HELLO command. 2019-01-09 17:00:29 +01:00
antirez
f47004f589 RESP3: restore the concept of null array for RESP2 compat. 2019-01-09 17:00:29 +01:00
antirez
83ad63732e RESP3: add shared.nullarray for better RESP2 compat. 2019-01-09 17:00:29 +01:00
antirez
8ecf7693bf RESP3: addReplyNullArray() added for better RESP2 compat. 2019-01-09 17:00:29 +01:00
antirez
c8304b099d RESP3: most null replies converted. 2019-01-09 17:00:29 +01:00
antirez
29bbe91392 RESP3: addReplyNull() added. 2019-01-09 17:00:29 +01:00
antirez
e30fef5d8a RESP3: remove other pointless shared object. 2019-01-09 17:00:29 +01:00
antirez
5ebe3268ed RESP3: remove certain constants to spot places to fix. 2019-01-09 17:00:29 +01:00
antirez
56c95799a3 RESP3: bring RESP2 compatibility to previous changes. 2019-01-09 17:00:29 +01:00
antirez
e6a467814a RESP3: addReply*Len() support for RESP2 backward comp. 2019-01-09 17:00:29 +01:00
antirez
9325d288f6 RESP3: put RESP version in the client structure. 2019-01-09 17:00:29 +01:00