diff options
author | antirez <antirez@gmail.com> | 2019-01-17 18:30:23 +0100 |
---|---|---|
committer | antirez <antirez@gmail.com> | 2019-01-17 18:30:23 +0100 |
commit | b87815c1f800690c90bbc6c50bbe62878841d0b9 (patch) | |
tree | 7b574c78874504b00fdd3e37cff4784e23fc74d7 | |
parent | 636424c0ce6d162e13c4b00b01ad43bba06c580b (diff) | |
download | redis-b87815c1f800690c90bbc6c50bbe62878841d0b9.tar.gz |
ACL: AUTH + no default user password raises an error.
This way the behavior is very similar to the past one.
This is useful in order to remember the user she probably failed to
configure a password correctly.
-rw-r--r-- | src/server.c | 17 | ||||
-rw-r--r-- | tests/unit/auth.tcl | 4 |
2 files changed, 15 insertions, 6 deletions
diff --git a/src/server.c b/src/server.c index 541d41075..37757b211 100644 --- a/src/server.c +++ b/src/server.c @@ -2901,6 +2901,15 @@ void authCommand(client *c) { * will just use "default" as username. */ robj *username, *password; if (c->argc == 2) { + /* Mimic the old behavior of giving an error for the two commands + * from if no password is configured. */ + if (DefaultUser->flags & USER_FLAG_NOPASS) { + addReplyError(c,"AUTH <password> called without any password " + "configured for the default user. Are you sure " + "your configuration is correct?"); + return; + } + username = createStringObject("default",7); password = c->argv[1]; } else { @@ -2909,11 +2918,11 @@ void authCommand(client *c) { } if (ACLCheckUserCredentials(username,password) == C_OK) { - c->authenticated = 1; - c->user = ACLGetUserByName(username->ptr,sdslen(username->ptr)); - addReply(c,shared.ok); + c->authenticated = 1; + c->user = ACLGetUserByName(username->ptr,sdslen(username->ptr)); + addReply(c,shared.ok); } else { - addReplyError(c,"-WRONGPASS invalid username-password pair"); + addReplyError(c,"-WRONGPASS invalid username-password pair"); } /* Free the "default" string object we created for the two diff --git a/tests/unit/auth.tcl b/tests/unit/auth.tcl index 633cda95c..9080d4bf7 100644 --- a/tests/unit/auth.tcl +++ b/tests/unit/auth.tcl @@ -2,14 +2,14 @@ start_server {tags {"auth"}} { test {AUTH fails if there is no password configured server side} { catch {r auth foo} err set _ $err - } {ERR*no password*} + } {ERR*any password*} } start_server {tags {"auth"} overrides {requirepass foobar}} { test {AUTH fails when a wrong password is given} { catch {r auth wrong!} err set _ $err - } {ERR*invalid password} + } {WRONGPASS*} test {Arbitrary command gives an error when AUTH is required} { catch {r set foo bar} err |