From c2f13993d96a406b69f74042d1f51d7d5ebe973a Mon Sep 17 00:00:00 2001 From: Kostas Kyrimis Date: Fri, 12 Apr 2024 16:01:12 +0300 Subject: [PATCH] fix(acl): authentication with UDS socket (#2895) * disable authentication on UDS socket * add a test so the bug won't happen again --- src/server/main_service.cc | 4 +++- tests/dragonfly/connection_test.py | 10 ++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/server/main_service.cc b/src/server/main_service.cc index 922edb487..dd1bb86bc 100644 --- a/src/server/main_service.cc +++ b/src/server/main_service.cc @@ -1506,7 +1506,9 @@ facade::ConnectionContext* Service::CreateContext(util::FiberSocketBase* peer, facade::Connection* owner) { ConnectionContext* res = new ConnectionContext{peer, owner}; - if (owner->IsPrivileged() && RequirePrivilegedAuth()) { + if (peer->IsUDS()) { + res->req_auth = false; + } else if (owner->IsPrivileged() && RequirePrivilegedAuth()) { res->req_auth = !GetPassword().empty(); } else if (!owner->IsPrivileged()) { res->req_auth = !user_registry_.AuthUser("default", ""); diff --git a/tests/dragonfly/connection_test.py b/tests/dragonfly/connection_test.py index 2ecbdfbf6..cc04f91a9 100755 --- a/tests/dragonfly/connection_test.py +++ b/tests/dragonfly/connection_test.py @@ -658,6 +658,16 @@ async def test_unix_domain_socket(df_local_factory, tmp_dir): assert await r.ping() +async def test_unix_socket_only(df_local_factory, tmp_dir): + server = df_local_factory.create(proactor_threads=1, port=0, unixsocket="./df.sock") + server._start() + + await asyncio.sleep(1) + + r = aioredis.Redis(unix_socket_path=tmp_dir / "df.sock") + assert await r.ping() + + """ Test nested pauses. Executing CLIENT PAUSE should be possible even if another write-pause is active. It should prolong the pause for all current commands.