diff options
author | antirez <antirez@gmail.com> | 2020-03-20 12:45:48 +0100 |
---|---|---|
committer | antirez <antirez@gmail.com> | 2020-03-20 12:45:48 +0100 |
commit | f9c56dbb09fca67e2b82e5aa789cfb7af0b123be (patch) | |
tree | c23351f8043b439962291674ca163b5ae3bcace3 | |
parent | b3a97004f4c5555158f774279e5e2131cf909a6d (diff) | |
download | redis-f9c56dbb09fca67e2b82e5aa789cfb7af0b123be.tar.gz |
ACL: default user off should not allow automatic authentication.
This fixes issue #7011.
-rw-r--r-- | src/networking.c | 3 | ||||
-rw-r--r-- | src/server.c | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/src/networking.c b/src/networking.c index 0690bbdf6..69d59a59b 100644 --- a/src/networking.c +++ b/src/networking.c @@ -124,7 +124,8 @@ client *createClient(connection *conn) { c->ctime = c->lastinteraction = server.unixtime; /* If the default user does not require authentication, the user is * directly authenticated. */ - c->authenticated = (c->user->flags & USER_FLAG_NOPASS) != 0; + c->authenticated = (c->user->flags & USER_FLAG_NOPASS) && + !(c->user->flags & USER_FLAG_DISABLED); c->replstate = REPL_STATE_NONE; c->repl_put_online_on_ack = 0; c->reploff = 0; diff --git a/src/server.c b/src/server.c index f702da94a..612805ce5 100644 --- a/src/server.c +++ b/src/server.c @@ -3380,7 +3380,7 @@ int processCommand(client *c) { /* Check if the user is authenticated. This check is skipped in case * the default user is flagged as "nopass" and is active. */ int auth_required = (!(DefaultUser->flags & USER_FLAG_NOPASS) || - DefaultUser->flags & USER_FLAG_DISABLED) && + (DefaultUser->flags & USER_FLAG_DISABLED)) && !c->authenticated; if (auth_required) { /* AUTH and HELLO and no auth modules are valid even in |