2012-11-08 12:25:23 -05:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2009-2012, Salvatore Sanfilippo <antirez at gmail dot com>
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions are met:
|
|
|
|
|
*
|
|
|
|
|
* * Redistributions of source code must retain the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer.
|
|
|
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
* * Neither the name of Redis nor the names of its contributors may be used
|
|
|
|
|
* to endorse or promote products derived from this software without
|
|
|
|
|
* specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
|
|
|
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*/
|
|
|
|
|
|
2015-07-26 09:14:57 -04:00
|
|
|
#include "server.h"
|
2010-06-21 18:07:48 -04:00
|
|
|
|
2018-12-18 06:33:51 -05:00
|
|
|
int clientSubscriptionsCount(client *c);
|
|
|
|
|
|
|
|
|
|
/*-----------------------------------------------------------------------------
|
|
|
|
|
* Pubsub client replies API
|
|
|
|
|
*----------------------------------------------------------------------------*/
|
|
|
|
|
|
2020-02-10 07:42:18 -05:00
|
|
|
/* Send a pubsub message of type "message" to the client.
|
|
|
|
|
* Normally 'msg' is a Redis object containing the string to send as
|
|
|
|
|
* message. However if the caller sets 'msg' as NULL, it will be able
|
|
|
|
|
* to send a special message (for instance an Array type) by using the
|
|
|
|
|
* addReply*() API family. */
|
2018-12-18 06:33:51 -05:00
|
|
|
void addReplyPubsubMessage(client *c, robj *channel, robj *msg) {
|
2018-12-19 11:41:15 -05:00
|
|
|
if (c->resp == 2)
|
|
|
|
|
addReply(c,shared.mbulkhdr[3]);
|
|
|
|
|
else
|
|
|
|
|
addReplyPushLen(c,3);
|
2018-12-18 06:33:51 -05:00
|
|
|
addReply(c,shared.messagebulk);
|
|
|
|
|
addReplyBulk(c,channel);
|
2020-02-10 07:42:18 -05:00
|
|
|
if (msg) addReplyBulk(c,msg);
|
2018-12-18 06:33:51 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Send a pubsub message of type "pmessage" to the client. The difference
|
|
|
|
|
* with the "message" type delivered by addReplyPubsubMessage() is that
|
|
|
|
|
* this message format also includes the pattern that matched the message. */
|
|
|
|
|
void addReplyPubsubPatMessage(client *c, robj *pat, robj *channel, robj *msg) {
|
2018-12-19 11:41:15 -05:00
|
|
|
if (c->resp == 2)
|
|
|
|
|
addReply(c,shared.mbulkhdr[4]);
|
|
|
|
|
else
|
|
|
|
|
addReplyPushLen(c,4);
|
2018-12-18 06:33:51 -05:00
|
|
|
addReply(c,shared.pmessagebulk);
|
|
|
|
|
addReplyBulk(c,pat);
|
|
|
|
|
addReplyBulk(c,channel);
|
|
|
|
|
addReplyBulk(c,msg);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Send the pubsub subscription notification to the client. */
|
|
|
|
|
void addReplyPubsubSubscribed(client *c, robj *channel) {
|
2018-12-19 11:41:15 -05:00
|
|
|
if (c->resp == 2)
|
|
|
|
|
addReply(c,shared.mbulkhdr[3]);
|
|
|
|
|
else
|
|
|
|
|
addReplyPushLen(c,3);
|
2018-12-18 06:33:51 -05:00
|
|
|
addReply(c,shared.subscribebulk);
|
|
|
|
|
addReplyBulk(c,channel);
|
|
|
|
|
addReplyLongLong(c,clientSubscriptionsCount(c));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Send the pubsub unsubscription notification to the client.
|
|
|
|
|
* Channel can be NULL: this is useful when the client sends a mass
|
|
|
|
|
* unsubscribe command but there are no channels to unsubscribe from: we
|
|
|
|
|
* still send a notification. */
|
|
|
|
|
void addReplyPubsubUnsubscribed(client *c, robj *channel) {
|
2018-12-19 11:41:15 -05:00
|
|
|
if (c->resp == 2)
|
|
|
|
|
addReply(c,shared.mbulkhdr[3]);
|
|
|
|
|
else
|
|
|
|
|
addReplyPushLen(c,3);
|
2018-12-18 06:33:51 -05:00
|
|
|
addReply(c,shared.unsubscribebulk);
|
|
|
|
|
if (channel)
|
|
|
|
|
addReplyBulk(c,channel);
|
|
|
|
|
else
|
|
|
|
|
addReplyNull(c);
|
|
|
|
|
addReplyLongLong(c,clientSubscriptionsCount(c));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Send the pubsub pattern subscription notification to the client. */
|
|
|
|
|
void addReplyPubsubPatSubscribed(client *c, robj *pattern) {
|
2018-12-19 11:41:15 -05:00
|
|
|
if (c->resp == 2)
|
|
|
|
|
addReply(c,shared.mbulkhdr[3]);
|
|
|
|
|
else
|
|
|
|
|
addReplyPushLen(c,3);
|
2018-12-18 06:33:51 -05:00
|
|
|
addReply(c,shared.psubscribebulk);
|
|
|
|
|
addReplyBulk(c,pattern);
|
|
|
|
|
addReplyLongLong(c,clientSubscriptionsCount(c));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Send the pubsub pattern unsubscription notification to the client.
|
|
|
|
|
* Pattern can be NULL: this is useful when the client sends a mass
|
|
|
|
|
* punsubscribe command but there are no pattern to unsubscribe from: we
|
|
|
|
|
* still send a notification. */
|
|
|
|
|
void addReplyPubsubPatUnsubscribed(client *c, robj *pattern) {
|
2018-12-19 11:41:15 -05:00
|
|
|
if (c->resp == 2)
|
|
|
|
|
addReply(c,shared.mbulkhdr[3]);
|
|
|
|
|
else
|
|
|
|
|
addReplyPushLen(c,3);
|
2018-12-18 06:33:51 -05:00
|
|
|
addReply(c,shared.punsubscribebulk);
|
|
|
|
|
if (pattern)
|
|
|
|
|
addReplyBulk(c,pattern);
|
|
|
|
|
else
|
|
|
|
|
addReplyNull(c);
|
|
|
|
|
addReplyLongLong(c,clientSubscriptionsCount(c));
|
|
|
|
|
}
|
|
|
|
|
|
2010-07-01 09:14:25 -04:00
|
|
|
/*-----------------------------------------------------------------------------
|
|
|
|
|
* Pubsub low level API
|
|
|
|
|
*----------------------------------------------------------------------------*/
|
|
|
|
|
|
2010-06-21 18:07:48 -04:00
|
|
|
void freePubsubPattern(void *p) {
|
|
|
|
|
pubsubPattern *pat = p;
|
|
|
|
|
|
|
|
|
|
decrRefCount(pat->pattern);
|
|
|
|
|
zfree(pat);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int listMatchPubsubPattern(void *a, void *b) {
|
|
|
|
|
pubsubPattern *pa = a, *pb = b;
|
|
|
|
|
|
|
|
|
|
return (pa->client == pb->client) &&
|
|
|
|
|
(equalStringObjects(pa->pattern,pb->pattern));
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-16 11:34:07 -04:00
|
|
|
/* Return the number of channels + patterns a client is subscribed to. */
|
2015-07-26 09:20:46 -04:00
|
|
|
int clientSubscriptionsCount(client *c) {
|
2014-07-16 11:34:07 -04:00
|
|
|
return dictSize(c->pubsub_channels)+
|
|
|
|
|
listLength(c->pubsub_patterns);
|
|
|
|
|
}
|
|
|
|
|
|
2010-06-21 18:07:48 -04:00
|
|
|
/* Subscribe a client to a channel. Returns 1 if the operation succeeded, or
|
|
|
|
|
* 0 if the client was already subscribed to that channel. */
|
2015-07-26 09:20:46 -04:00
|
|
|
int pubsubSubscribeChannel(client *c, robj *channel) {
|
2014-03-20 11:20:37 -04:00
|
|
|
dictEntry *de;
|
2010-06-21 18:07:48 -04:00
|
|
|
list *clients = NULL;
|
|
|
|
|
int retval = 0;
|
|
|
|
|
|
|
|
|
|
/* Add the channel to the client -> channels hash table */
|
|
|
|
|
if (dictAdd(c->pubsub_channels,channel,NULL) == DICT_OK) {
|
|
|
|
|
retval = 1;
|
|
|
|
|
incrRefCount(channel);
|
|
|
|
|
/* Add the client to the channel -> list of clients hash table */
|
|
|
|
|
de = dictFind(server.pubsub_channels,channel);
|
|
|
|
|
if (de == NULL) {
|
|
|
|
|
clients = listCreate();
|
|
|
|
|
dictAdd(server.pubsub_channels,channel,clients);
|
|
|
|
|
incrRefCount(channel);
|
|
|
|
|
} else {
|
2011-11-08 11:07:55 -05:00
|
|
|
clients = dictGetVal(de);
|
2010-06-21 18:07:48 -04:00
|
|
|
}
|
|
|
|
|
listAddNodeTail(clients,c);
|
|
|
|
|
}
|
|
|
|
|
/* Notify the client */
|
2018-12-18 06:33:51 -05:00
|
|
|
addReplyPubsubSubscribed(c,channel);
|
2010-06-21 18:07:48 -04:00
|
|
|
return retval;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Unsubscribe a client from a channel. Returns 1 if the operation succeeded, or
|
|
|
|
|
* 0 if the client was not subscribed to the specified channel. */
|
2015-07-26 09:20:46 -04:00
|
|
|
int pubsubUnsubscribeChannel(client *c, robj *channel, int notify) {
|
2014-03-20 11:20:37 -04:00
|
|
|
dictEntry *de;
|
2010-06-21 18:07:48 -04:00
|
|
|
list *clients;
|
|
|
|
|
listNode *ln;
|
|
|
|
|
int retval = 0;
|
|
|
|
|
|
|
|
|
|
/* Remove the channel from the client -> channels hash table */
|
|
|
|
|
incrRefCount(channel); /* channel may be just a pointer to the same object
|
|
|
|
|
we have in the hash tables. Protect it... */
|
|
|
|
|
if (dictDelete(c->pubsub_channels,channel) == DICT_OK) {
|
|
|
|
|
retval = 1;
|
|
|
|
|
/* Remove the client from the channel -> clients list hash table */
|
|
|
|
|
de = dictFind(server.pubsub_channels,channel);
|
2015-07-26 09:29:53 -04:00
|
|
|
serverAssertWithInfo(c,NULL,de != NULL);
|
2011-11-08 11:07:55 -05:00
|
|
|
clients = dictGetVal(de);
|
2010-06-21 18:07:48 -04:00
|
|
|
ln = listSearchKey(clients,c);
|
2015-07-26 09:29:53 -04:00
|
|
|
serverAssertWithInfo(c,NULL,ln != NULL);
|
2010-06-21 18:07:48 -04:00
|
|
|
listDelNode(clients,ln);
|
|
|
|
|
if (listLength(clients) == 0) {
|
|
|
|
|
/* Free the list and associated hash entry at all if this was
|
|
|
|
|
* the latest client, so that it will be possible to abuse
|
|
|
|
|
* Redis PUBSUB creating millions of channels. */
|
|
|
|
|
dictDelete(server.pubsub_channels,channel);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/* Notify the client */
|
2018-12-18 06:33:51 -05:00
|
|
|
if (notify) addReplyPubsubUnsubscribed(c,channel);
|
2010-06-21 18:07:48 -04:00
|
|
|
decrRefCount(channel); /* it is finally safe to release it */
|
|
|
|
|
return retval;
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-16 12:00:20 -05:00
|
|
|
/* Subscribe a client to a pattern. Returns 1 if the operation succeeded, or 0 if the client was already subscribed to that pattern. */
|
2015-07-26 09:20:46 -04:00
|
|
|
int pubsubSubscribePattern(client *c, robj *pattern) {
|
2018-02-28 22:46:56 -05:00
|
|
|
dictEntry *de;
|
|
|
|
|
list *clients;
|
2010-06-21 18:07:48 -04:00
|
|
|
int retval = 0;
|
|
|
|
|
|
|
|
|
|
if (listSearchKey(c->pubsub_patterns,pattern) == NULL) {
|
|
|
|
|
retval = 1;
|
|
|
|
|
pubsubPattern *pat;
|
|
|
|
|
listAddNodeTail(c->pubsub_patterns,pattern);
|
|
|
|
|
incrRefCount(pattern);
|
|
|
|
|
pat = zmalloc(sizeof(*pat));
|
|
|
|
|
pat->pattern = getDecodedObject(pattern);
|
|
|
|
|
pat->client = c;
|
|
|
|
|
listAddNodeTail(server.pubsub_patterns,pat);
|
2018-02-28 22:46:56 -05:00
|
|
|
/* Add the client to the pattern -> list of clients hash table */
|
|
|
|
|
de = dictFind(server.pubsub_patterns_dict,pattern);
|
|
|
|
|
if (de == NULL) {
|
|
|
|
|
clients = listCreate();
|
|
|
|
|
dictAdd(server.pubsub_patterns_dict,pattern,clients);
|
|
|
|
|
incrRefCount(pattern);
|
|
|
|
|
} else {
|
|
|
|
|
clients = dictGetVal(de);
|
|
|
|
|
}
|
|
|
|
|
listAddNodeTail(clients,c);
|
2010-06-21 18:07:48 -04:00
|
|
|
}
|
|
|
|
|
/* Notify the client */
|
2018-12-18 06:33:51 -05:00
|
|
|
addReplyPubsubPatSubscribed(c,pattern);
|
2010-06-21 18:07:48 -04:00
|
|
|
return retval;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Unsubscribe a client from a channel. Returns 1 if the operation succeeded, or
|
|
|
|
|
* 0 if the client was not subscribed to the specified channel. */
|
2015-07-26 09:20:46 -04:00
|
|
|
int pubsubUnsubscribePattern(client *c, robj *pattern, int notify) {
|
2018-02-28 22:46:56 -05:00
|
|
|
dictEntry *de;
|
|
|
|
|
list *clients;
|
2010-06-21 18:07:48 -04:00
|
|
|
listNode *ln;
|
|
|
|
|
pubsubPattern pat;
|
|
|
|
|
int retval = 0;
|
|
|
|
|
|
|
|
|
|
incrRefCount(pattern); /* Protect the object. May be the same we remove */
|
|
|
|
|
if ((ln = listSearchKey(c->pubsub_patterns,pattern)) != NULL) {
|
|
|
|
|
retval = 1;
|
|
|
|
|
listDelNode(c->pubsub_patterns,ln);
|
|
|
|
|
pat.client = c;
|
|
|
|
|
pat.pattern = pattern;
|
|
|
|
|
ln = listSearchKey(server.pubsub_patterns,&pat);
|
|
|
|
|
listDelNode(server.pubsub_patterns,ln);
|
2018-02-28 22:46:56 -05:00
|
|
|
/* Remove the client from the pattern -> clients list hash table */
|
|
|
|
|
de = dictFind(server.pubsub_patterns_dict,pattern);
|
|
|
|
|
serverAssertWithInfo(c,NULL,de != NULL);
|
|
|
|
|
clients = dictGetVal(de);
|
|
|
|
|
ln = listSearchKey(clients,c);
|
|
|
|
|
serverAssertWithInfo(c,NULL,ln != NULL);
|
|
|
|
|
listDelNode(clients,ln);
|
|
|
|
|
if (listLength(clients) == 0) {
|
|
|
|
|
/* Free the list and associated hash entry at all if this was
|
|
|
|
|
* the latest client. */
|
|
|
|
|
dictDelete(server.pubsub_patterns_dict,pattern);
|
|
|
|
|
}
|
2010-06-21 18:07:48 -04:00
|
|
|
}
|
|
|
|
|
/* Notify the client */
|
2018-12-18 06:33:51 -05:00
|
|
|
if (notify) addReplyPubsubPatUnsubscribed(c,pattern);
|
2010-06-21 18:07:48 -04:00
|
|
|
decrRefCount(pattern);
|
|
|
|
|
return retval;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Unsubscribe from all the channels. Return the number of channels the
|
2014-07-16 11:34:07 -04:00
|
|
|
* client was subscribed to. */
|
2015-07-26 09:20:46 -04:00
|
|
|
int pubsubUnsubscribeAllChannels(client *c, int notify) {
|
2011-05-25 06:29:14 -04:00
|
|
|
dictIterator *di = dictGetSafeIterator(c->pubsub_channels);
|
2010-06-21 18:07:48 -04:00
|
|
|
dictEntry *de;
|
|
|
|
|
int count = 0;
|
|
|
|
|
|
|
|
|
|
while((de = dictNext(di)) != NULL) {
|
2011-11-08 11:07:55 -05:00
|
|
|
robj *channel = dictGetKey(de);
|
2010-06-21 18:07:48 -04:00
|
|
|
|
|
|
|
|
count += pubsubUnsubscribeChannel(c,channel,notify);
|
|
|
|
|
}
|
2013-01-21 12:50:16 -05:00
|
|
|
/* We were subscribed to nothing? Still reply to the client. */
|
2018-12-18 06:33:51 -05:00
|
|
|
if (notify && count == 0) addReplyPubsubUnsubscribed(c,NULL);
|
2010-06-21 18:07:48 -04:00
|
|
|
dictReleaseIterator(di);
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Unsubscribe from all the patterns. Return the number of patterns the
|
|
|
|
|
* client was subscribed from. */
|
2015-07-26 09:20:46 -04:00
|
|
|
int pubsubUnsubscribeAllPatterns(client *c, int notify) {
|
2010-06-21 18:07:48 -04:00
|
|
|
listNode *ln;
|
|
|
|
|
listIter li;
|
|
|
|
|
int count = 0;
|
|
|
|
|
|
|
|
|
|
listRewind(c->pubsub_patterns,&li);
|
|
|
|
|
while ((ln = listNext(&li)) != NULL) {
|
|
|
|
|
robj *pattern = ln->value;
|
|
|
|
|
|
|
|
|
|
count += pubsubUnsubscribePattern(c,pattern,notify);
|
|
|
|
|
}
|
2018-12-18 06:33:51 -05:00
|
|
|
if (notify && count == 0) addReplyPubsubPatUnsubscribed(c,NULL);
|
2010-06-21 18:07:48 -04:00
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Publish a message */
|
|
|
|
|
int pubsubPublishMessage(robj *channel, robj *message) {
|
|
|
|
|
int receivers = 0;
|
2014-03-20 11:20:37 -04:00
|
|
|
dictEntry *de;
|
2018-02-28 22:46:56 -05:00
|
|
|
dictIterator *di;
|
2010-06-21 18:07:48 -04:00
|
|
|
listNode *ln;
|
|
|
|
|
listIter li;
|
|
|
|
|
|
|
|
|
|
/* Send to clients listening for that channel */
|
|
|
|
|
de = dictFind(server.pubsub_channels,channel);
|
|
|
|
|
if (de) {
|
2011-11-08 11:07:55 -05:00
|
|
|
list *list = dictGetVal(de);
|
2010-06-21 18:07:48 -04:00
|
|
|
listNode *ln;
|
|
|
|
|
listIter li;
|
|
|
|
|
|
|
|
|
|
listRewind(list,&li);
|
|
|
|
|
while ((ln = listNext(&li)) != NULL) {
|
2015-07-26 09:20:46 -04:00
|
|
|
client *c = ln->value;
|
2018-12-18 06:19:24 -05:00
|
|
|
addReplyPubsubMessage(c,channel,message);
|
2010-06-21 18:07:48 -04:00
|
|
|
receivers++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/* Send to clients listening to matching channels */
|
2018-02-28 22:46:56 -05:00
|
|
|
di = dictGetIterator(server.pubsub_patterns_dict);
|
|
|
|
|
if (di) {
|
2010-06-21 18:07:48 -04:00
|
|
|
channel = getDecodedObject(channel);
|
2018-02-28 22:46:56 -05:00
|
|
|
while((de = dictNext(di)) != NULL) {
|
|
|
|
|
robj *pattern = dictGetKey(de);
|
|
|
|
|
list *clients = dictGetVal(de);
|
|
|
|
|
if (!stringmatchlen((char*)pattern->ptr,
|
|
|
|
|
sdslen(pattern->ptr),
|
2010-06-21 18:07:48 -04:00
|
|
|
(char*)channel->ptr,
|
2020-03-31 06:40:08 -04:00
|
|
|
sdslen(channel->ptr),0)) continue;
|
|
|
|
|
|
2018-02-28 22:46:56 -05:00
|
|
|
listRewind(clients,&li);
|
|
|
|
|
while ((ln = listNext(&li)) != NULL) {
|
|
|
|
|
client *c = listNodeValue(ln);
|
2020-03-31 06:40:08 -04:00
|
|
|
addReplyPubsubPatMessage(c,pattern,channel,message);
|
2010-06-21 18:07:48 -04:00
|
|
|
receivers++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
decrRefCount(channel);
|
2018-02-28 22:46:56 -05:00
|
|
|
dictReleaseIterator(di);
|
2010-06-21 18:07:48 -04:00
|
|
|
}
|
|
|
|
|
return receivers;
|
|
|
|
|
}
|
|
|
|
|
|
Adds pub/sub channel patterns to ACL (#7993)
Fixes #7923.
This PR appropriates the special `&` symbol (because `@` and `*` are taken),
followed by a literal value or pattern for describing the Pub/Sub patterns that
an ACL user can interact with. It is similar to the existing key patterns
mechanism in function (additive) and implementation (copy-pasta). It also adds
the allchannels and resetchannels ACL keywords, naturally.
The default user is given allchannels permissions, whereas new users get
whatever is defined by the acl-pubsub-default configuration directive. For
backward compatibility in 6.2, the default of this directive is allchannels but
this is likely to be changed to resetchannels in the next major version for
stronger default security settings.
Unless allchannels is set for the user, channel access permissions are checked
as follows :
* Calls to both PUBLISH and SUBSCRIBE will fail unless a pattern matching the
argumentative channel name(s) exists for the user.
* Calls to PSUBSCRIBE will fail unless the pattern(s) provided as an argument
literally exist(s) in the user's list.
Such failures are logged to the ACL log.
Runtime changes to channel permissions for a user with existing subscribing
clients cause said clients to disconnect unless the new permissions permit the
connections to continue. Note, however, that PSUBSCRIBErs' patterns are matched
literally, so given the change bar:* -> b*, pattern subscribers to bar:* will be
disconnected.
Notes/questions:
* UNSUBSCRIBE, PUNSUBSCRIBE and PUBSUB remain unprotected due to lack of reasons
for touching them.
2020-12-01 07:21:39 -05:00
|
|
|
/* This wraps handling ACL channel permissions for the given client. */
|
|
|
|
|
int pubsubCheckACLPermissionsOrReply(client *c, int idx, int count, int literal) {
|
|
|
|
|
/* Check if the user can run the command according to the current
|
|
|
|
|
* ACLs. */
|
|
|
|
|
int acl_chanpos;
|
|
|
|
|
int acl_retval = ACLCheckPubsubPerm(c,idx,count,literal,&acl_chanpos);
|
|
|
|
|
if (acl_retval == ACL_DENIED_CHANNEL) {
|
|
|
|
|
addACLLogEntry(c,acl_retval,acl_chanpos,NULL);
|
|
|
|
|
addReplyError(c,
|
|
|
|
|
"-NOPERM this user has no permissions to access "
|
|
|
|
|
"one of the channels used as arguments");
|
|
|
|
|
}
|
|
|
|
|
return acl_retval;
|
|
|
|
|
}
|
|
|
|
|
|
2010-07-01 09:14:25 -04:00
|
|
|
/*-----------------------------------------------------------------------------
|
|
|
|
|
* Pubsub commands implementation
|
|
|
|
|
*----------------------------------------------------------------------------*/
|
|
|
|
|
|
Adds pub/sub channel patterns to ACL (#7993)
Fixes #7923.
This PR appropriates the special `&` symbol (because `@` and `*` are taken),
followed by a literal value or pattern for describing the Pub/Sub patterns that
an ACL user can interact with. It is similar to the existing key patterns
mechanism in function (additive) and implementation (copy-pasta). It also adds
the allchannels and resetchannels ACL keywords, naturally.
The default user is given allchannels permissions, whereas new users get
whatever is defined by the acl-pubsub-default configuration directive. For
backward compatibility in 6.2, the default of this directive is allchannels but
this is likely to be changed to resetchannels in the next major version for
stronger default security settings.
Unless allchannels is set for the user, channel access permissions are checked
as follows :
* Calls to both PUBLISH and SUBSCRIBE will fail unless a pattern matching the
argumentative channel name(s) exists for the user.
* Calls to PSUBSCRIBE will fail unless the pattern(s) provided as an argument
literally exist(s) in the user's list.
Such failures are logged to the ACL log.
Runtime changes to channel permissions for a user with existing subscribing
clients cause said clients to disconnect unless the new permissions permit the
connections to continue. Note, however, that PSUBSCRIBErs' patterns are matched
literally, so given the change bar:* -> b*, pattern subscribers to bar:* will be
disconnected.
Notes/questions:
* UNSUBSCRIBE, PUNSUBSCRIBE and PUBSUB remain unprotected due to lack of reasons
for touching them.
2020-12-01 07:21:39 -05:00
|
|
|
/* SUBSCRIBE channel [channel ...] */
|
2015-07-26 09:20:46 -04:00
|
|
|
void subscribeCommand(client *c) {
|
2010-06-21 18:07:48 -04:00
|
|
|
int j;
|
Adds pub/sub channel patterns to ACL (#7993)
Fixes #7923.
This PR appropriates the special `&` symbol (because `@` and `*` are taken),
followed by a literal value or pattern for describing the Pub/Sub patterns that
an ACL user can interact with. It is similar to the existing key patterns
mechanism in function (additive) and implementation (copy-pasta). It also adds
the allchannels and resetchannels ACL keywords, naturally.
The default user is given allchannels permissions, whereas new users get
whatever is defined by the acl-pubsub-default configuration directive. For
backward compatibility in 6.2, the default of this directive is allchannels but
this is likely to be changed to resetchannels in the next major version for
stronger default security settings.
Unless allchannels is set for the user, channel access permissions are checked
as follows :
* Calls to both PUBLISH and SUBSCRIBE will fail unless a pattern matching the
argumentative channel name(s) exists for the user.
* Calls to PSUBSCRIBE will fail unless the pattern(s) provided as an argument
literally exist(s) in the user's list.
Such failures are logged to the ACL log.
Runtime changes to channel permissions for a user with existing subscribing
clients cause said clients to disconnect unless the new permissions permit the
connections to continue. Note, however, that PSUBSCRIBErs' patterns are matched
literally, so given the change bar:* -> b*, pattern subscribers to bar:* will be
disconnected.
Notes/questions:
* UNSUBSCRIBE, PUNSUBSCRIBE and PUBSUB remain unprotected due to lack of reasons
for touching them.
2020-12-01 07:21:39 -05:00
|
|
|
if (pubsubCheckACLPermissionsOrReply(c,1,c->argc-1,0) != ACL_OK) return;
|
Unified MULTI, LUA, and RM_Call with respect to blocking commands (#8025)
Blocking command should not be used with MULTI, LUA, and RM_Call. This is because,
the caller, who executes the command in this context, expects a reply.
Today, LUA and MULTI have a special (and different) treatment to blocking commands:
LUA - Most commands are marked with no-script flag which are checked when executing
and command from LUA, commands that are not marked (like XREAD) verify that their
blocking mode is not used inside LUA (by checking the CLIENT_LUA client flag).
MULTI - Command that is going to block, first verify that the client is not inside
multi (by checking the CLIENT_MULTI client flag). If the client is inside multi, they
return a result which is a match to the empty key with no timeout (for example blpop
inside MULTI will act as lpop)
For modules that perform RM_Call with blocking command, the returned results type is
REDISMODULE_REPLY_UNKNOWN and the caller can not really know what happened.
Disadvantages of the current state are:
No unified approach, LUA, MULTI, and RM_Call, each has a different treatment
Module can not safely execute blocking command (and get reply or error).
Though It is true that modules are not like LUA or MULTI and should be smarter not
to execute blocking commands on RM_Call, sometimes you want to execute a command base
on client input (for example if you create a module that provides a new scripting
language like javascript or python).
While modules (on modules command) can check for REDISMODULE_CTX_FLAGS_LUA or
REDISMODULE_CTX_FLAGS_MULTI to know not to block the client, there is no way to
check if the command came from another module using RM_Call. So there is no way
for a module to know not to block another module RM_Call execution.
This commit adds a way to unify the treatment for blocking clients by introducing
a new CLIENT_DENY_BLOCKING client flag. On LUA, MULTI, and RM_Call the new flag
turned on to signify that the client should not be blocked. A blocking command
verifies that the flag is turned off before blocking. If a blocking command sees
that the CLIENT_DENY_BLOCKING flag is on, it's not blocking and return results
which are matches to empty key with no timeout (as MULTI does today).
The new flag is checked on the following commands:
List blocking commands: BLPOP, BRPOP, BRPOPLPUSH, BLMOVE,
Zset blocking commands: BZPOPMIN, BZPOPMAX
Stream blocking commands: XREAD, XREADGROUP
SUBSCRIBE, PSUBSCRIBE, MONITOR
In addition, the new flag is turned on inside the AOF client, we do not want to
block the AOF client to prevent deadlocks and commands ordering issues (and there
is also an existing assert in the code that verifies it).
To keep backward compatibility on LUA, all the no-script flags on existing commands
were kept untouched. In addition, a LUA special treatment on XREAD and XREADGROUP was kept.
To keep backward compatibility on MULTI (which today allows SUBSCRIBE, and PSUBSCRIBE).
We added a special treatment on those commands to allow executing them on MULTI.
The only backward compatibility issue that this PR introduces is that now MONITOR
is not allowed inside MULTI.
Tests were added to verify blocking commands are not blocking the client on LUA, MULTI,
or RM_Call. Tests were added to verify the module can check for CLIENT_DENY_BLOCKING flag.
Co-authored-by: Oran Agra <oran@redislabs.com>
Co-authored-by: Itamar Haber <itamar@redislabs.com>
2020-11-17 11:58:55 -05:00
|
|
|
if ((c->flags & CLIENT_DENY_BLOCKING) && !(c->flags & CLIENT_MULTI)) {
|
|
|
|
|
/**
|
|
|
|
|
* A client that has CLIENT_DENY_BLOCKING flag on
|
|
|
|
|
* expect a reply per command and so can not execute subscribe.
|
|
|
|
|
*
|
|
|
|
|
* Notice that we have a special treatment for multi because of
|
|
|
|
|
* backword compatibility
|
|
|
|
|
*/
|
Adds pub/sub channel patterns to ACL (#7993)
Fixes #7923.
This PR appropriates the special `&` symbol (because `@` and `*` are taken),
followed by a literal value or pattern for describing the Pub/Sub patterns that
an ACL user can interact with. It is similar to the existing key patterns
mechanism in function (additive) and implementation (copy-pasta). It also adds
the allchannels and resetchannels ACL keywords, naturally.
The default user is given allchannels permissions, whereas new users get
whatever is defined by the acl-pubsub-default configuration directive. For
backward compatibility in 6.2, the default of this directive is allchannels but
this is likely to be changed to resetchannels in the next major version for
stronger default security settings.
Unless allchannels is set for the user, channel access permissions are checked
as follows :
* Calls to both PUBLISH and SUBSCRIBE will fail unless a pattern matching the
argumentative channel name(s) exists for the user.
* Calls to PSUBSCRIBE will fail unless the pattern(s) provided as an argument
literally exist(s) in the user's list.
Such failures are logged to the ACL log.
Runtime changes to channel permissions for a user with existing subscribing
clients cause said clients to disconnect unless the new permissions permit the
connections to continue. Note, however, that PSUBSCRIBErs' patterns are matched
literally, so given the change bar:* -> b*, pattern subscribers to bar:* will be
disconnected.
Notes/questions:
* UNSUBSCRIBE, PUNSUBSCRIBE and PUBSUB remain unprotected due to lack of reasons
for touching them.
2020-12-01 07:21:39 -05:00
|
|
|
addReplyError(c, "SUBSCRIBE isn't allowed for a DENY BLOCKING client");
|
Unified MULTI, LUA, and RM_Call with respect to blocking commands (#8025)
Blocking command should not be used with MULTI, LUA, and RM_Call. This is because,
the caller, who executes the command in this context, expects a reply.
Today, LUA and MULTI have a special (and different) treatment to blocking commands:
LUA - Most commands are marked with no-script flag which are checked when executing
and command from LUA, commands that are not marked (like XREAD) verify that their
blocking mode is not used inside LUA (by checking the CLIENT_LUA client flag).
MULTI - Command that is going to block, first verify that the client is not inside
multi (by checking the CLIENT_MULTI client flag). If the client is inside multi, they
return a result which is a match to the empty key with no timeout (for example blpop
inside MULTI will act as lpop)
For modules that perform RM_Call with blocking command, the returned results type is
REDISMODULE_REPLY_UNKNOWN and the caller can not really know what happened.
Disadvantages of the current state are:
No unified approach, LUA, MULTI, and RM_Call, each has a different treatment
Module can not safely execute blocking command (and get reply or error).
Though It is true that modules are not like LUA or MULTI and should be smarter not
to execute blocking commands on RM_Call, sometimes you want to execute a command base
on client input (for example if you create a module that provides a new scripting
language like javascript or python).
While modules (on modules command) can check for REDISMODULE_CTX_FLAGS_LUA or
REDISMODULE_CTX_FLAGS_MULTI to know not to block the client, there is no way to
check if the command came from another module using RM_Call. So there is no way
for a module to know not to block another module RM_Call execution.
This commit adds a way to unify the treatment for blocking clients by introducing
a new CLIENT_DENY_BLOCKING client flag. On LUA, MULTI, and RM_Call the new flag
turned on to signify that the client should not be blocked. A blocking command
verifies that the flag is turned off before blocking. If a blocking command sees
that the CLIENT_DENY_BLOCKING flag is on, it's not blocking and return results
which are matches to empty key with no timeout (as MULTI does today).
The new flag is checked on the following commands:
List blocking commands: BLPOP, BRPOP, BRPOPLPUSH, BLMOVE,
Zset blocking commands: BZPOPMIN, BZPOPMAX
Stream blocking commands: XREAD, XREADGROUP
SUBSCRIBE, PSUBSCRIBE, MONITOR
In addition, the new flag is turned on inside the AOF client, we do not want to
block the AOF client to prevent deadlocks and commands ordering issues (and there
is also an existing assert in the code that verifies it).
To keep backward compatibility on LUA, all the no-script flags on existing commands
were kept untouched. In addition, a LUA special treatment on XREAD and XREADGROUP was kept.
To keep backward compatibility on MULTI (which today allows SUBSCRIBE, and PSUBSCRIBE).
We added a special treatment on those commands to allow executing them on MULTI.
The only backward compatibility issue that this PR introduces is that now MONITOR
is not allowed inside MULTI.
Tests were added to verify blocking commands are not blocking the client on LUA, MULTI,
or RM_Call. Tests were added to verify the module can check for CLIENT_DENY_BLOCKING flag.
Co-authored-by: Oran Agra <oran@redislabs.com>
Co-authored-by: Itamar Haber <itamar@redislabs.com>
2020-11-17 11:58:55 -05:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2010-06-21 18:07:48 -04:00
|
|
|
for (j = 1; j < c->argc; j++)
|
|
|
|
|
pubsubSubscribeChannel(c,c->argv[j]);
|
2015-07-27 03:41:48 -04:00
|
|
|
c->flags |= CLIENT_PUBSUB;
|
2010-06-21 18:07:48 -04:00
|
|
|
}
|
|
|
|
|
|
Adds pub/sub channel patterns to ACL (#7993)
Fixes #7923.
This PR appropriates the special `&` symbol (because `@` and `*` are taken),
followed by a literal value or pattern for describing the Pub/Sub patterns that
an ACL user can interact with. It is similar to the existing key patterns
mechanism in function (additive) and implementation (copy-pasta). It also adds
the allchannels and resetchannels ACL keywords, naturally.
The default user is given allchannels permissions, whereas new users get
whatever is defined by the acl-pubsub-default configuration directive. For
backward compatibility in 6.2, the default of this directive is allchannels but
this is likely to be changed to resetchannels in the next major version for
stronger default security settings.
Unless allchannels is set for the user, channel access permissions are checked
as follows :
* Calls to both PUBLISH and SUBSCRIBE will fail unless a pattern matching the
argumentative channel name(s) exists for the user.
* Calls to PSUBSCRIBE will fail unless the pattern(s) provided as an argument
literally exist(s) in the user's list.
Such failures are logged to the ACL log.
Runtime changes to channel permissions for a user with existing subscribing
clients cause said clients to disconnect unless the new permissions permit the
connections to continue. Note, however, that PSUBSCRIBErs' patterns are matched
literally, so given the change bar:* -> b*, pattern subscribers to bar:* will be
disconnected.
Notes/questions:
* UNSUBSCRIBE, PUNSUBSCRIBE and PUBSUB remain unprotected due to lack of reasons
for touching them.
2020-12-01 07:21:39 -05:00
|
|
|
/* UNSUBSCRIBE [channel [channel ...]] */
|
2015-07-26 09:20:46 -04:00
|
|
|
void unsubscribeCommand(client *c) {
|
2010-06-21 18:07:48 -04:00
|
|
|
if (c->argc == 1) {
|
|
|
|
|
pubsubUnsubscribeAllChannels(c,1);
|
|
|
|
|
} else {
|
|
|
|
|
int j;
|
|
|
|
|
|
|
|
|
|
for (j = 1; j < c->argc; j++)
|
|
|
|
|
pubsubUnsubscribeChannel(c,c->argv[j],1);
|
|
|
|
|
}
|
2015-07-27 03:41:48 -04:00
|
|
|
if (clientSubscriptionsCount(c) == 0) c->flags &= ~CLIENT_PUBSUB;
|
2010-06-21 18:07:48 -04:00
|
|
|
}
|
|
|
|
|
|
Adds pub/sub channel patterns to ACL (#7993)
Fixes #7923.
This PR appropriates the special `&` symbol (because `@` and `*` are taken),
followed by a literal value or pattern for describing the Pub/Sub patterns that
an ACL user can interact with. It is similar to the existing key patterns
mechanism in function (additive) and implementation (copy-pasta). It also adds
the allchannels and resetchannels ACL keywords, naturally.
The default user is given allchannels permissions, whereas new users get
whatever is defined by the acl-pubsub-default configuration directive. For
backward compatibility in 6.2, the default of this directive is allchannels but
this is likely to be changed to resetchannels in the next major version for
stronger default security settings.
Unless allchannels is set for the user, channel access permissions are checked
as follows :
* Calls to both PUBLISH and SUBSCRIBE will fail unless a pattern matching the
argumentative channel name(s) exists for the user.
* Calls to PSUBSCRIBE will fail unless the pattern(s) provided as an argument
literally exist(s) in the user's list.
Such failures are logged to the ACL log.
Runtime changes to channel permissions for a user with existing subscribing
clients cause said clients to disconnect unless the new permissions permit the
connections to continue. Note, however, that PSUBSCRIBErs' patterns are matched
literally, so given the change bar:* -> b*, pattern subscribers to bar:* will be
disconnected.
Notes/questions:
* UNSUBSCRIBE, PUNSUBSCRIBE and PUBSUB remain unprotected due to lack of reasons
for touching them.
2020-12-01 07:21:39 -05:00
|
|
|
/* PSUBSCRIBE pattern [pattern ...] */
|
2015-07-26 09:20:46 -04:00
|
|
|
void psubscribeCommand(client *c) {
|
2010-06-21 18:07:48 -04:00
|
|
|
int j;
|
Adds pub/sub channel patterns to ACL (#7993)
Fixes #7923.
This PR appropriates the special `&` symbol (because `@` and `*` are taken),
followed by a literal value or pattern for describing the Pub/Sub patterns that
an ACL user can interact with. It is similar to the existing key patterns
mechanism in function (additive) and implementation (copy-pasta). It also adds
the allchannels and resetchannels ACL keywords, naturally.
The default user is given allchannels permissions, whereas new users get
whatever is defined by the acl-pubsub-default configuration directive. For
backward compatibility in 6.2, the default of this directive is allchannels but
this is likely to be changed to resetchannels in the next major version for
stronger default security settings.
Unless allchannels is set for the user, channel access permissions are checked
as follows :
* Calls to both PUBLISH and SUBSCRIBE will fail unless a pattern matching the
argumentative channel name(s) exists for the user.
* Calls to PSUBSCRIBE will fail unless the pattern(s) provided as an argument
literally exist(s) in the user's list.
Such failures are logged to the ACL log.
Runtime changes to channel permissions for a user with existing subscribing
clients cause said clients to disconnect unless the new permissions permit the
connections to continue. Note, however, that PSUBSCRIBErs' patterns are matched
literally, so given the change bar:* -> b*, pattern subscribers to bar:* will be
disconnected.
Notes/questions:
* UNSUBSCRIBE, PUNSUBSCRIBE and PUBSUB remain unprotected due to lack of reasons
for touching them.
2020-12-01 07:21:39 -05:00
|
|
|
if (pubsubCheckACLPermissionsOrReply(c,1,c->argc-1,1) != ACL_OK) return;
|
Unified MULTI, LUA, and RM_Call with respect to blocking commands (#8025)
Blocking command should not be used with MULTI, LUA, and RM_Call. This is because,
the caller, who executes the command in this context, expects a reply.
Today, LUA and MULTI have a special (and different) treatment to blocking commands:
LUA - Most commands are marked with no-script flag which are checked when executing
and command from LUA, commands that are not marked (like XREAD) verify that their
blocking mode is not used inside LUA (by checking the CLIENT_LUA client flag).
MULTI - Command that is going to block, first verify that the client is not inside
multi (by checking the CLIENT_MULTI client flag). If the client is inside multi, they
return a result which is a match to the empty key with no timeout (for example blpop
inside MULTI will act as lpop)
For modules that perform RM_Call with blocking command, the returned results type is
REDISMODULE_REPLY_UNKNOWN and the caller can not really know what happened.
Disadvantages of the current state are:
No unified approach, LUA, MULTI, and RM_Call, each has a different treatment
Module can not safely execute blocking command (and get reply or error).
Though It is true that modules are not like LUA or MULTI and should be smarter not
to execute blocking commands on RM_Call, sometimes you want to execute a command base
on client input (for example if you create a module that provides a new scripting
language like javascript or python).
While modules (on modules command) can check for REDISMODULE_CTX_FLAGS_LUA or
REDISMODULE_CTX_FLAGS_MULTI to know not to block the client, there is no way to
check if the command came from another module using RM_Call. So there is no way
for a module to know not to block another module RM_Call execution.
This commit adds a way to unify the treatment for blocking clients by introducing
a new CLIENT_DENY_BLOCKING client flag. On LUA, MULTI, and RM_Call the new flag
turned on to signify that the client should not be blocked. A blocking command
verifies that the flag is turned off before blocking. If a blocking command sees
that the CLIENT_DENY_BLOCKING flag is on, it's not blocking and return results
which are matches to empty key with no timeout (as MULTI does today).
The new flag is checked on the following commands:
List blocking commands: BLPOP, BRPOP, BRPOPLPUSH, BLMOVE,
Zset blocking commands: BZPOPMIN, BZPOPMAX
Stream blocking commands: XREAD, XREADGROUP
SUBSCRIBE, PSUBSCRIBE, MONITOR
In addition, the new flag is turned on inside the AOF client, we do not want to
block the AOF client to prevent deadlocks and commands ordering issues (and there
is also an existing assert in the code that verifies it).
To keep backward compatibility on LUA, all the no-script flags on existing commands
were kept untouched. In addition, a LUA special treatment on XREAD and XREADGROUP was kept.
To keep backward compatibility on MULTI (which today allows SUBSCRIBE, and PSUBSCRIBE).
We added a special treatment on those commands to allow executing them on MULTI.
The only backward compatibility issue that this PR introduces is that now MONITOR
is not allowed inside MULTI.
Tests were added to verify blocking commands are not blocking the client on LUA, MULTI,
or RM_Call. Tests were added to verify the module can check for CLIENT_DENY_BLOCKING flag.
Co-authored-by: Oran Agra <oran@redislabs.com>
Co-authored-by: Itamar Haber <itamar@redislabs.com>
2020-11-17 11:58:55 -05:00
|
|
|
if ((c->flags & CLIENT_DENY_BLOCKING) && !(c->flags & CLIENT_MULTI)) {
|
|
|
|
|
/**
|
|
|
|
|
* A client that has CLIENT_DENY_BLOCKING flag on
|
|
|
|
|
* expect a reply per command and so can not execute subscribe.
|
|
|
|
|
*
|
|
|
|
|
* Notice that we have a special treatment for multi because of
|
|
|
|
|
* backword compatibility
|
|
|
|
|
*/
|
Adds pub/sub channel patterns to ACL (#7993)
Fixes #7923.
This PR appropriates the special `&` symbol (because `@` and `*` are taken),
followed by a literal value or pattern for describing the Pub/Sub patterns that
an ACL user can interact with. It is similar to the existing key patterns
mechanism in function (additive) and implementation (copy-pasta). It also adds
the allchannels and resetchannels ACL keywords, naturally.
The default user is given allchannels permissions, whereas new users get
whatever is defined by the acl-pubsub-default configuration directive. For
backward compatibility in 6.2, the default of this directive is allchannels but
this is likely to be changed to resetchannels in the next major version for
stronger default security settings.
Unless allchannels is set for the user, channel access permissions are checked
as follows :
* Calls to both PUBLISH and SUBSCRIBE will fail unless a pattern matching the
argumentative channel name(s) exists for the user.
* Calls to PSUBSCRIBE will fail unless the pattern(s) provided as an argument
literally exist(s) in the user's list.
Such failures are logged to the ACL log.
Runtime changes to channel permissions for a user with existing subscribing
clients cause said clients to disconnect unless the new permissions permit the
connections to continue. Note, however, that PSUBSCRIBErs' patterns are matched
literally, so given the change bar:* -> b*, pattern subscribers to bar:* will be
disconnected.
Notes/questions:
* UNSUBSCRIBE, PUNSUBSCRIBE and PUBSUB remain unprotected due to lack of reasons
for touching them.
2020-12-01 07:21:39 -05:00
|
|
|
addReplyError(c, "PSUBSCRIBE isn't allowed for a DENY BLOCKING client");
|
Unified MULTI, LUA, and RM_Call with respect to blocking commands (#8025)
Blocking command should not be used with MULTI, LUA, and RM_Call. This is because,
the caller, who executes the command in this context, expects a reply.
Today, LUA and MULTI have a special (and different) treatment to blocking commands:
LUA - Most commands are marked with no-script flag which are checked when executing
and command from LUA, commands that are not marked (like XREAD) verify that their
blocking mode is not used inside LUA (by checking the CLIENT_LUA client flag).
MULTI - Command that is going to block, first verify that the client is not inside
multi (by checking the CLIENT_MULTI client flag). If the client is inside multi, they
return a result which is a match to the empty key with no timeout (for example blpop
inside MULTI will act as lpop)
For modules that perform RM_Call with blocking command, the returned results type is
REDISMODULE_REPLY_UNKNOWN and the caller can not really know what happened.
Disadvantages of the current state are:
No unified approach, LUA, MULTI, and RM_Call, each has a different treatment
Module can not safely execute blocking command (and get reply or error).
Though It is true that modules are not like LUA or MULTI and should be smarter not
to execute blocking commands on RM_Call, sometimes you want to execute a command base
on client input (for example if you create a module that provides a new scripting
language like javascript or python).
While modules (on modules command) can check for REDISMODULE_CTX_FLAGS_LUA or
REDISMODULE_CTX_FLAGS_MULTI to know not to block the client, there is no way to
check if the command came from another module using RM_Call. So there is no way
for a module to know not to block another module RM_Call execution.
This commit adds a way to unify the treatment for blocking clients by introducing
a new CLIENT_DENY_BLOCKING client flag. On LUA, MULTI, and RM_Call the new flag
turned on to signify that the client should not be blocked. A blocking command
verifies that the flag is turned off before blocking. If a blocking command sees
that the CLIENT_DENY_BLOCKING flag is on, it's not blocking and return results
which are matches to empty key with no timeout (as MULTI does today).
The new flag is checked on the following commands:
List blocking commands: BLPOP, BRPOP, BRPOPLPUSH, BLMOVE,
Zset blocking commands: BZPOPMIN, BZPOPMAX
Stream blocking commands: XREAD, XREADGROUP
SUBSCRIBE, PSUBSCRIBE, MONITOR
In addition, the new flag is turned on inside the AOF client, we do not want to
block the AOF client to prevent deadlocks and commands ordering issues (and there
is also an existing assert in the code that verifies it).
To keep backward compatibility on LUA, all the no-script flags on existing commands
were kept untouched. In addition, a LUA special treatment on XREAD and XREADGROUP was kept.
To keep backward compatibility on MULTI (which today allows SUBSCRIBE, and PSUBSCRIBE).
We added a special treatment on those commands to allow executing them on MULTI.
The only backward compatibility issue that this PR introduces is that now MONITOR
is not allowed inside MULTI.
Tests were added to verify blocking commands are not blocking the client on LUA, MULTI,
or RM_Call. Tests were added to verify the module can check for CLIENT_DENY_BLOCKING flag.
Co-authored-by: Oran Agra <oran@redislabs.com>
Co-authored-by: Itamar Haber <itamar@redislabs.com>
2020-11-17 11:58:55 -05:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2010-06-21 18:07:48 -04:00
|
|
|
for (j = 1; j < c->argc; j++)
|
|
|
|
|
pubsubSubscribePattern(c,c->argv[j]);
|
2015-07-27 03:41:48 -04:00
|
|
|
c->flags |= CLIENT_PUBSUB;
|
2010-06-21 18:07:48 -04:00
|
|
|
}
|
|
|
|
|
|
Adds pub/sub channel patterns to ACL (#7993)
Fixes #7923.
This PR appropriates the special `&` symbol (because `@` and `*` are taken),
followed by a literal value or pattern for describing the Pub/Sub patterns that
an ACL user can interact with. It is similar to the existing key patterns
mechanism in function (additive) and implementation (copy-pasta). It also adds
the allchannels and resetchannels ACL keywords, naturally.
The default user is given allchannels permissions, whereas new users get
whatever is defined by the acl-pubsub-default configuration directive. For
backward compatibility in 6.2, the default of this directive is allchannels but
this is likely to be changed to resetchannels in the next major version for
stronger default security settings.
Unless allchannels is set for the user, channel access permissions are checked
as follows :
* Calls to both PUBLISH and SUBSCRIBE will fail unless a pattern matching the
argumentative channel name(s) exists for the user.
* Calls to PSUBSCRIBE will fail unless the pattern(s) provided as an argument
literally exist(s) in the user's list.
Such failures are logged to the ACL log.
Runtime changes to channel permissions for a user with existing subscribing
clients cause said clients to disconnect unless the new permissions permit the
connections to continue. Note, however, that PSUBSCRIBErs' patterns are matched
literally, so given the change bar:* -> b*, pattern subscribers to bar:* will be
disconnected.
Notes/questions:
* UNSUBSCRIBE, PUNSUBSCRIBE and PUBSUB remain unprotected due to lack of reasons
for touching them.
2020-12-01 07:21:39 -05:00
|
|
|
/* PUNSUBSCRIBE [pattern [pattern ...]] */
|
2015-07-26 09:20:46 -04:00
|
|
|
void punsubscribeCommand(client *c) {
|
2010-06-21 18:07:48 -04:00
|
|
|
if (c->argc == 1) {
|
|
|
|
|
pubsubUnsubscribeAllPatterns(c,1);
|
|
|
|
|
} else {
|
|
|
|
|
int j;
|
|
|
|
|
|
|
|
|
|
for (j = 1; j < c->argc; j++)
|
|
|
|
|
pubsubUnsubscribePattern(c,c->argv[j],1);
|
|
|
|
|
}
|
2015-07-27 03:41:48 -04:00
|
|
|
if (clientSubscriptionsCount(c) == 0) c->flags &= ~CLIENT_PUBSUB;
|
2010-06-21 18:07:48 -04:00
|
|
|
}
|
|
|
|
|
|
Adds pub/sub channel patterns to ACL (#7993)
Fixes #7923.
This PR appropriates the special `&` symbol (because `@` and `*` are taken),
followed by a literal value or pattern for describing the Pub/Sub patterns that
an ACL user can interact with. It is similar to the existing key patterns
mechanism in function (additive) and implementation (copy-pasta). It also adds
the allchannels and resetchannels ACL keywords, naturally.
The default user is given allchannels permissions, whereas new users get
whatever is defined by the acl-pubsub-default configuration directive. For
backward compatibility in 6.2, the default of this directive is allchannels but
this is likely to be changed to resetchannels in the next major version for
stronger default security settings.
Unless allchannels is set for the user, channel access permissions are checked
as follows :
* Calls to both PUBLISH and SUBSCRIBE will fail unless a pattern matching the
argumentative channel name(s) exists for the user.
* Calls to PSUBSCRIBE will fail unless the pattern(s) provided as an argument
literally exist(s) in the user's list.
Such failures are logged to the ACL log.
Runtime changes to channel permissions for a user with existing subscribing
clients cause said clients to disconnect unless the new permissions permit the
connections to continue. Note, however, that PSUBSCRIBErs' patterns are matched
literally, so given the change bar:* -> b*, pattern subscribers to bar:* will be
disconnected.
Notes/questions:
* UNSUBSCRIBE, PUNSUBSCRIBE and PUBSUB remain unprotected due to lack of reasons
for touching them.
2020-12-01 07:21:39 -05:00
|
|
|
/* PUBLISH <channel> <message> */
|
2015-07-26 09:20:46 -04:00
|
|
|
void publishCommand(client *c) {
|
Adds pub/sub channel patterns to ACL (#7993)
Fixes #7923.
This PR appropriates the special `&` symbol (because `@` and `*` are taken),
followed by a literal value or pattern for describing the Pub/Sub patterns that
an ACL user can interact with. It is similar to the existing key patterns
mechanism in function (additive) and implementation (copy-pasta). It also adds
the allchannels and resetchannels ACL keywords, naturally.
The default user is given allchannels permissions, whereas new users get
whatever is defined by the acl-pubsub-default configuration directive. For
backward compatibility in 6.2, the default of this directive is allchannels but
this is likely to be changed to resetchannels in the next major version for
stronger default security settings.
Unless allchannels is set for the user, channel access permissions are checked
as follows :
* Calls to both PUBLISH and SUBSCRIBE will fail unless a pattern matching the
argumentative channel name(s) exists for the user.
* Calls to PSUBSCRIBE will fail unless the pattern(s) provided as an argument
literally exist(s) in the user's list.
Such failures are logged to the ACL log.
Runtime changes to channel permissions for a user with existing subscribing
clients cause said clients to disconnect unless the new permissions permit the
connections to continue. Note, however, that PSUBSCRIBErs' patterns are matched
literally, so given the change bar:* -> b*, pattern subscribers to bar:* will be
disconnected.
Notes/questions:
* UNSUBSCRIBE, PUNSUBSCRIBE and PUBSUB remain unprotected due to lack of reasons
for touching them.
2020-12-01 07:21:39 -05:00
|
|
|
if (pubsubCheckACLPermissionsOrReply(c,1,1,0) != ACL_OK) return;
|
2010-06-21 18:07:48 -04:00
|
|
|
int receivers = pubsubPublishMessage(c->argv[1],c->argv[2]);
|
2014-02-10 10:00:27 -05:00
|
|
|
if (server.cluster_enabled)
|
|
|
|
|
clusterPropagatePublish(c->argv[1],c->argv[2]);
|
|
|
|
|
else
|
2015-07-27 03:41:48 -04:00
|
|
|
forceCommandPropagation(c,PROPAGATE_REPL);
|
2010-06-21 18:07:48 -04:00
|
|
|
addReplyLongLong(c,receivers);
|
|
|
|
|
}
|
2013-06-20 09:32:00 -04:00
|
|
|
|
|
|
|
|
/* PUBSUB command for Pub/Sub introspection. */
|
2015-07-26 09:20:46 -04:00
|
|
|
void pubsubCommand(client *c) {
|
2017-11-27 10:57:44 -05:00
|
|
|
if (c->argc == 2 && !strcasecmp(c->argv[1]->ptr,"help")) {
|
|
|
|
|
const char *help[] = {
|
2018-06-09 14:03:52 -04:00
|
|
|
"CHANNELS [<pattern>] -- Return the currently active channels matching a pattern (default: all).",
|
|
|
|
|
"NUMPAT -- Return number of subscriptions to patterns.",
|
|
|
|
|
"NUMSUB [channel-1 .. channel-N] -- Returns the number of subscribers for the specified channels (excluding patterns, default: none).",
|
2017-12-06 06:05:11 -05:00
|
|
|
NULL
|
2017-11-27 10:57:44 -05:00
|
|
|
};
|
|
|
|
|
addReplyHelp(c, help);
|
|
|
|
|
} else if (!strcasecmp(c->argv[1]->ptr,"channels") &&
|
|
|
|
|
(c->argc == 2 || c->argc == 3))
|
2013-06-20 09:32:00 -04:00
|
|
|
{
|
|
|
|
|
/* PUBSUB CHANNELS [<pattern>] */
|
|
|
|
|
sds pat = (c->argc == 2) ? NULL : c->argv[2]->ptr;
|
|
|
|
|
dictIterator *di = dictGetIterator(server.pubsub_channels);
|
|
|
|
|
dictEntry *de;
|
|
|
|
|
long mblen = 0;
|
|
|
|
|
void *replylen;
|
|
|
|
|
|
2018-11-23 06:40:01 -05:00
|
|
|
replylen = addReplyDeferredLen(c);
|
2013-06-20 09:32:00 -04:00
|
|
|
while((de = dictNext(di)) != NULL) {
|
|
|
|
|
robj *cobj = dictGetKey(de);
|
|
|
|
|
sds channel = cobj->ptr;
|
|
|
|
|
|
|
|
|
|
if (!pat || stringmatchlen(pat, sdslen(pat),
|
|
|
|
|
channel, sdslen(channel),0))
|
|
|
|
|
{
|
|
|
|
|
addReplyBulk(c,cobj);
|
|
|
|
|
mblen++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
dictReleaseIterator(di);
|
2018-11-23 06:40:01 -05:00
|
|
|
setDeferredArrayLen(c,replylen,mblen);
|
2013-06-20 09:34:56 -04:00
|
|
|
} else if (!strcasecmp(c->argv[1]->ptr,"numsub") && c->argc >= 2) {
|
|
|
|
|
/* PUBSUB NUMSUB [Channel_1 ... Channel_N] */
|
2013-06-20 09:32:00 -04:00
|
|
|
int j;
|
|
|
|
|
|
2018-11-23 06:40:01 -05:00
|
|
|
addReplyArrayLen(c,(c->argc-2)*2);
|
2013-06-20 09:32:00 -04:00
|
|
|
for (j = 2; j < c->argc; j++) {
|
|
|
|
|
list *l = dictFetchValue(server.pubsub_channels,c->argv[j]);
|
|
|
|
|
|
|
|
|
|
addReplyBulk(c,c->argv[j]);
|
2014-08-01 13:57:30 -04:00
|
|
|
addReplyLongLong(c,l ? listLength(l) : 0);
|
2013-06-20 09:32:00 -04:00
|
|
|
}
|
|
|
|
|
} else if (!strcasecmp(c->argv[1]->ptr,"numpat") && c->argc == 2) {
|
|
|
|
|
/* PUBSUB NUMPAT */
|
|
|
|
|
addReplyLongLong(c,listLength(server.pubsub_patterns));
|
|
|
|
|
} else {
|
2018-07-02 12:49:34 -04:00
|
|
|
addReplySubcommandSyntaxError(c);
|
2013-06-20 09:32:00 -04:00
|
|
|
}
|
|
|
|
|
}
|
