caleb-brown/redict
1
0
Fork 0
mirror of https://codeberg.org/redict/redict.git synced 2025-01-22 16:18:28 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,874 Commits 4 Branches 5 Tags 115 MiB
a65094dae8
Commit Graph

283 Commits

Author SHA1 Message Date
zhaozhao.zz
ea9d3aefec ACL: add masteruser configuration for replication 
In mostly production environment, normal user's behavior should be
limited.

Now in redis ACL mechanism we can do it like that:

    user default on +@all ~* -@dangerous nopass
    user admin on +@all ~* >someSeriousPassword

Then the default normal user can not execute dangerous commands like
FLUSHALL/KEYS.

But some admin commands are in dangerous category too like PSYNC,
and the configurations above will forbid replica from sync with master.

Finally I think we could add a new configuration for replication,
it is masteruser option, like this:

    masteruser admin
    masterauth someSeriousPassword

Then replica will try AUTH admin someSeriousPassword and get privilege
to execute PSYNC. If masteruser is NULL, replica would AUTH with only
masterauth like before.
 2019-02-12 17:12:37 +08:00
antirez
80f987726d ACL: load ACL file at startup. Prevent silly configurations. 2019-02-07 17:20:03 +01:00
antirez
775bf6193d ACL: implement rewriting of users in redis.conf. 2019-02-05 10:48:17 +01:00
antirez
500b3e128f ACL: implement ACLLoadConfiguredUsers(). 2019-02-04 16:35:15 +01:00
antirez
68fd4a97fa ACL: better error reporting in users configuration errors. 2019-02-04 13:04:35 +01:00
antirez
b166c41edd ACL: make ACLAppendUserForLoading() able to report bad argument. 2019-02-04 13:00:58 +01:00
antirez
21e84cdae2 ACL: initial appending of users in user loading list. 2019-02-04 12:55:48 +01:00
antirez
c7cd10dfe9 ACL: flags refactoring, function to describe user. 2019-01-31 16:49:22 +01:00
antirez
f99e0f59ef ACL: populate category flags from command table. 2019-01-23 16:59:09 +01:00
antirez
91ec53ed13 ACL: define category names and flags. 2019-01-23 16:47:29 +01:00
antirez
70e541b7bc ACL: better define name, and the idea of reserved ID. 2019-01-23 08:10:57 +01:00
antirez
711e514ea4 ACL: update comments in command flags. 2019-01-22 19:02:50 +01:00
antirez
4dc69497f5 Refactoring: always kill AOF/RDB child via helper functions. 2019-01-21 11:28:44 +01:00
antirez
c8391388c2 ACL: remove server.requirepass + some refactoring. 2019-01-18 11:49:30 +01:00
antirez
7b65605ab2 ACL: reimplement requirepass option in term of ACLs. 2019-01-17 18:05:43 +01:00
antirez
4a3419acfc ACL: fix and improve ACL key checking. 2019-01-16 18:31:05 +01:00
antirez
cca64672f4 ACL: AUTH uses users. ACL WHOAMI implemented. 2019-01-15 18:16:20 +01:00
antirez
b39409bcf8 ACL: nopass user setting. 
This is needed in order to model the current behavior of authenticating
the connection directly when no password is set. Now with ACLs this will
be obtained by setting the default user as "nopass" user. Moreover this
flag can be used in order to create other users that do not require any
password but will work with "AUTH username <any-password>".
 2019-01-15 13:16:31 +01:00
antirez
7aea02fa87 ACL: initial implementation of the ACL command. 2019-01-15 09:36:12 +01:00
antirez
a2e376ba52 ACL: ACLCheckCommandPerm() implementation WIP. 2019-01-14 18:35:21 +01:00
antirez
a0a4fb85ff ACL: Fix compilation by adding prototype and c->cmd fix. 2019-01-14 13:22:56 +01:00
antirez
2da2e452ab ACL: ACLLCOMMAND flags. 2019-01-14 13:21:21 +01:00
antirez
aced0328e3 ACL: avoid a radix tree lookup for the default user. 2019-01-11 11:32:41 +01:00
antirez
6bb6a6d3a8 ACL: implement ACLCreateUser(). 2019-01-10 17:01:12 +01:00
antirez
29c88a9ce5 ACL: initialization function. 2019-01-10 16:39:32 +01:00
antirez
4278104acc ACL: add a reference to the user in each client. 2019-01-10 16:34:13 +01:00
antirez
4729f71495 ACL: improved version of the user structure. 2019-01-10 12:47:52 +01:00
antirez
7fc882c578 ACL: use a fixed table for command IDs. 2019-01-09 21:31:29 +01:00
antirez
91f1d8026b ACL: introduce the concept of command ID. 2019-01-09 17:20:47 +01:00
antirez
b43d70df56 ACL: refactoring of the original authentication code. 2019-01-09 17:00:30 +01:00
antirez
709a6612eb RESP3: addReplyString() -> addReplyProto(). 
The function naming was totally nuts. Let's fix it as we break PRs
anyway with RESP3 refactoring and changes.
 2019-01-09 17:00:30 +01:00
antirez
e291170385 RESP3: verbatim reply API + DEBUG PROTOCOL support. 2019-01-09 17:00:30 +01:00
antirez
809e3a44a7 RESP3: addReplyBool() implemented. 2019-01-09 17:00:29 +01:00
antirez
4f0860cbfd RESP3: initial implementation of the HELLO command. 2019-01-09 17:00:29 +01:00
antirez
3fd78f41e8 RESP3: restore the concept of null array for RESP2 compat. 2019-01-09 17:00:29 +01:00
antirez
2ad6e875ba RESP3: add shared.nullarray for better RESP2 compat. 2019-01-09 17:00:29 +01:00
antirez
1a17cdfadf RESP3: addReplyNullArray() added for better RESP2 compat. 2019-01-09 17:00:29 +01:00
antirez
317f8b9d38 RESP3: most null replies converted. 2019-01-09 17:00:29 +01:00
antirez
1b7298e66a RESP3: addReplyNull() added. 2019-01-09 17:00:29 +01:00
antirez
fc9a3de97d RESP3: remove other pointless shared object. 2019-01-09 17:00:29 +01:00
antirez
b7e8b734c9 RESP3: remove certain constants to spot places to fix. 2019-01-09 17:00:29 +01:00
antirez
13966522ea RESP3: bring RESP2 compatibility to previous changes. 2019-01-09 17:00:29 +01:00
antirez
e14aabf936 RESP3: addReply*Len() support for RESP2 backward comp. 2019-01-09 17:00:29 +01:00
antirez
1ac6926647 RESP3: put RESP version in the client structure. 2019-01-09 17:00:29 +01:00
antirez
073293693e RESP3: Use new deferred len API in server.c. 2019-01-09 17:00:29 +01:00
antirez
57c5a766a2 RESP3: Aggregate deferred lengths functions. 2019-01-09 17:00:29 +01:00
antirez
129f2d2746 freeMemoryIfNeeded() small refactoring. 
Related to issue #5686 and PR #5689.
 2018-12-12 11:37:15 +01:00
antirez
274531396c Reject EXEC containing write commands against RO replica. 
Thanks to @soloestoy for discovering this issue in #5667.
This is an alternative fix in order to avoid both cycling the clients
and also disconnecting clients just having valid read-only transactions
pending.
 2018-12-11 11:39:21 +01:00
Oran Agra
b587c54c24 fix #5580, display fragmentation and rss overhead bytes as signed 
these metrics become negative when RSS is smaller than the used_memory.
This can easily happen when the program allocated a lot of memory and haven't
written to it yet, in which case the kernel doesn't allocate any pages to the process
 2018-12-02 15:29:20 +02:00
antirez
e3446fea9e Streams: XSTREAM SETID -> XSETID. 
Keep vanilla stream commands at toplevel, see #5426.
 2018-10-16 13:17:14 +02:00