-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow authenticating with a username to redis #1488
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -49,6 +49,7 @@ | |
struct _Ryconninfo { | ||
char *host; | ||
char *dbname; | ||
char *user; | ||
char *password; | ||
unsigned int connect_timeout; | ||
unsigned int port; | ||
|
@@ -64,6 +65,9 @@ | |
if (co->dbname) { | ||
free(co->dbname); | ||
} | ||
if (co->user) { | ||
free(co->user); | ||
} | ||
if (co->password) { | ||
free(co->password); | ||
} | ||
|
@@ -118,13 +122,13 @@ | |
} else if (!strcmp(s, "database")) { | ||
co->dbname = strdup(seq + 1); | ||
} else if (!strcmp(s, "user")) { | ||
; | ||
co->user = strdup(seq + 1); | ||
} else if (!strcmp(s, "uname")) { | ||
; | ||
co->user = strdup(seq + 1); | ||
} else if (!strcmp(s, "name")) { | ||
; | ||
co->user = strdup(seq + 1); | ||
} else if (!strcmp(s, "username")) { | ||
; | ||
co->user = strdup(seq + 1); | ||
} else if (!strcmp(s, "password")) { | ||
co->password = strdup(seq + 1); | ||
} else if (!strcmp(s, "pwd")) { | ||
|
@@ -163,9 +167,6 @@ | |
if (!(co->host)) { | ||
co->host = strdup("127.0.0.1"); | ||
} | ||
if (!(co->password)) { | ||
co->password = strdup(""); | ||
} | ||
} | ||
|
||
return co; | ||
|
@@ -225,8 +226,12 @@ | |
if (!rc) { | ||
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot initialize Redis DB async connection\n"); | ||
} else { | ||
if (co->password) { | ||
turnFreeRedisReply(redisCommand(rc, "AUTH %s", co->password)); | ||
if (co->password && strlen(co->password)) { | ||
if (co->user && strlen(co->user)) { | ||
turnFreeRedisReply(redisCommand(rc, "AUTH %s %s", co->user, co->password)); | ||
} else { | ||
turnFreeRedisReply(redisCommand(rc, "AUTH %s", co->password)); | ||
} | ||
} | ||
if (co->dbname) { | ||
turnFreeRedisReply(redisCommand(rc, "select %s", co->dbname)); | ||
|
@@ -268,7 +273,7 @@ | |
} | ||
} | ||
|
||
ret = redisLibeventAttach(base, co->host, co->port, co->password, atoi(co->dbname)); | ||
ret = redisLibeventAttach(base, co->host, co->port, co->user, co->password, atoi(co->dbname)); | ||
Check warning Code scanning / PREfast 'co->dbname' could be '0': this does not adhere to the specification for the function 'atoi'. Warning
'co->dbname' could be '0': this does not adhere to the specification for the function 'atoi'.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
|
||
if (!ret) { | ||
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot initialize Redis DB connection\n"); | ||
|
@@ -348,8 +353,13 @@ | |
} | ||
redisFree(redisconnection); | ||
redisconnection = NULL; | ||
} else if (co->password) { | ||
void *reply = redisCommand(redisconnection, "AUTH %s", co->password); | ||
} else if (co->password && strlen(co->password)) { | ||
void *reply; | ||
if (co->user && strlen(co->user)) { | ||
reply = redisCommand(redisconnection, "AUTH %s %s", co->user, co->password); | ||
} else { | ||
reply = redisCommand(redisconnection, "AUTH %s", co->password); | ||
} | ||
if (!reply) { | ||
if (redisconnection->err && redisconnection->errstr[0]) { | ||
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Redis: %s\n", redisconnection->errstr); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why this change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Originally during testing I created an extra branch
if (!(co->user)) { co->user = strdup(""); }
.However, I found out that it made coturn always authenticate with a username and password, which would break for redis servers that don't have the ACL feature.
That's because the branches using password (which I ended up copying for username branches) checked if the pointer to password was set, which it always was with the statement I just removed, rather than if password contained a useful value. So the password conditionals haven't been working for a while, coturn just discarded the error that redis threw out and continued on (which is fine, but not ideal).
Hence also changes to make those branches
co->password && strlen(co->password)
rather than justco->password
, just in case. I could effectively change them toco->password && co->password[0]
but strlen felt nicer.Error handling of missing auth doesn't seem to be handled fully correctly from what I grasp, but happens moreso as a side effect, the side effect of using the side effect is it never warns about if the password is needed which is why there are no logs complaining about use of
AUTH
when wasn't needed.