fix(acl): authentication with UDS socket (#2895)

* disable authentication on UDS socket * add a test so the bug won't happen again
2025-05-10 18:05:44 +02:00 · 2024-04-12 16:01:12 +03:00 · 2024-04-12 16:01:12 +03:00 · c2f13993d9
commit c2f13993d9
parent 0f613d8f85
2 changed files with 13 additions and 1 deletions
--- a/src/server/main_service.cc
+++ b/src/server/main_service.cc
@ -1506,7 +1506,9 @@ facade::ConnectionContext* Service::CreateContext(util::FiberSocketBase* peer,
                                                  facade::Connection* owner) {
  ConnectionContext* res = new ConnectionContext{peer, owner};

-  if (owner->IsPrivileged() && RequirePrivilegedAuth()) {
+  if (peer->IsUDS()) {
+    res->req_auth = false;
+  } else if (owner->IsPrivileged() && RequirePrivilegedAuth()) {
    res->req_auth = !GetPassword().empty();
  } else if (!owner->IsPrivileged()) {
    res->req_auth = !user_registry_.AuthUser("default", "");
--- a/tests/dragonfly/connection_test.py
+++ b/tests/dragonfly/connection_test.py
@ -658,6 +658,16 @@ async def test_unix_domain_socket(df_local_factory, tmp_dir):
    assert await r.ping()


+async def test_unix_socket_only(df_local_factory, tmp_dir):
+    server = df_local_factory.create(proactor_threads=1, port=0, unixsocket="./df.sock")
+    server._start()
+
+    await asyncio.sleep(1)
+
+    r = aioredis.Redis(unix_socket_path=tmp_dir / "df.sock")
+    assert await r.ping()
+
+
 """
 Test nested pauses. Executing CLIENT PAUSE should be possible even if another write-pause is active.
 It should prolong the pause for all current commands.