diff options
| author | antirez <antirez@gmail.com> | 2020-03-20 12:45:48 +0100 |
|---|---|---|
| committer | antirez <antirez@gmail.com> | 2020-03-20 12:45:48 +0100 |
| commit | f9c56dbb09fca67e2b82e5aa789cfb7af0b123be (patch) | |
| tree | c23351f8043b439962291674ca163b5ae3bcace3 | |
| parent | b3a97004f4c5555158f774279e5e2131cf909a6d (diff) | |
| download | redis-f9c56dbb09fca67e2b82e5aa789cfb7af0b123be.tar.gz | |
ACL: default user off should not allow automatic authentication.
This fixes issue #7011.
| -rw-r--r-- | src/networking.c | 3 | ||||
| -rw-r--r-- | src/server.c | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/src/networking.c b/src/networking.c index 0690bbdf6..69d59a59b 100644 --- a/src/networking.c +++ b/src/networking.c @@ -124,7 +124,8 @@ client *createClient(connection *conn) { c->ctime = c->lastinteraction = server.unixtime; /* If the default user does not require authentication, the user is * directly authenticated. */ - c->authenticated = (c->user->flags & USER_FLAG_NOPASS) != 0; + c->authenticated = (c->user->flags & USER_FLAG_NOPASS) && + !(c->user->flags & USER_FLAG_DISABLED); c->replstate = REPL_STATE_NONE; c->repl_put_online_on_ack = 0; c->reploff = 0; diff --git a/src/server.c b/src/server.c index f702da94a..612805ce5 100644 --- a/src/server.c +++ b/src/server.c @@ -3380,7 +3380,7 @@ int processCommand(client *c) { /* Check if the user is authenticated. This check is skipped in case * the default user is flagged as "nopass" and is active. */ int auth_required = (!(DefaultUser->flags & USER_FLAG_NOPASS) || - DefaultUser->flags & USER_FLAG_DISABLED) && + (DefaultUser->flags & USER_FLAG_DISABLED)) && !c->authenticated; if (auth_required) { /* AUTH and HELLO and no auth modules are valid even in |