支持在初始化时添加用户 #7

Merged
zeekling merged 2 commits from auth_test into master 2023-05-28 13:25:23 +00:00
3 changed files with 385 additions and 171 deletions

213
.clang-format Normal file
View File

@ -0,0 +1,213 @@
# 语言: None, Cpp, Java, JavaScript, ObjC, Proto, TableGen, TextProto
Language: Cpp
# BasedOnStyle: LLVM
# 访问说明符(public、private等)的偏移
AccessModifierOffset: -4
# 开括号(开圆括号、开尖括号、开方括号)后的对齐: Align, DontAlign, AlwaysBreak(总是在开括号后换行)
AlignAfterOpenBracket: Align
# 连续赋值时,对齐所有等号
AlignConsecutiveAssignments: false
# 连续声明时,对齐所有声明的变量名
AlignConsecutiveDeclarations: false
# 右对齐逃脱换行(使用反斜杠换行)的反斜杠
AlignEscapedNewlines: Right
# 水平对齐二元和三元表达式的操作数
AlignOperands: true
# 对齐连续的尾随的注释
AlignTrailingComments: true
# 不允许函数声明的所有参数在放在下一行
AllowAllParametersOfDeclarationOnNextLine: false
# 不允许短的块放在同一行
AllowShortBlocksOnASingleLine: true
# 允许短的case标签放在同一行
AllowShortCaseLabelsOnASingleLine: true
# 允许短的函数放在同一行: None, InlineOnly(定义在类中), Empty(空函数), Inline(定义在类中,空函数), All
AllowShortFunctionsOnASingleLine: None
# 允许短的if语句保持在同一行
AllowShortIfStatementsOnASingleLine: true
# 允许短的循环保持在同一行
AllowShortLoopsOnASingleLine: true
# 总是在返回类型后换行: None, All, TopLevel(顶级函数,不包括在类中的函数),
# AllDefinitions(所有的定义,不包括声明), TopLevelDefinitions(所有的顶级函数的定义)
AlwaysBreakAfterReturnType: None
# 总是在多行string字面量前换行
AlwaysBreakBeforeMultilineStrings: false
# 总是在template声明后换行
AlwaysBreakTemplateDeclarations: true
# false表示函数实参要么都在同一行要么都各自一行
BinPackArguments: true
# false表示所有形参要么都在同一行要么都各自一行
BinPackParameters: true
# 大括号换行只有当BreakBeforeBraces设置为Custom时才有效
BraceWrapping:
# class定义后面
AfterClass: false
# 控制语句后面
AfterControlStatement: false
# enum定义后面
AfterEnum: false
# 函数定义后面
AfterFunction: false
# 命名空间定义后面
AfterNamespace: false
# struct定义后面
AfterStruct: false
# union定义后面
AfterUnion: false
# extern之后
AfterExternBlock: false
# catch之前
BeforeCatch: false
# else之前
BeforeElse: false
# 缩进大括号
IndentBraces: false
# 分离空函数
SplitEmptyFunction: false
# 分离空语句
SplitEmptyRecord: false
# 分离空命名空间
SplitEmptyNamespace: false
# 在二元运算符前换行: None(在操作符后换行), NonAssignment(在非赋值的操作符前换行), All(在操作符前换行)
BreakBeforeBinaryOperators: NonAssignment
# 在大括号前换行: Attach(始终将大括号附加到周围的上下文), Linux(除函数、命名空间和类定义与Attach类似),
# Mozilla(除枚举、函数、记录定义与Attach类似), Stroustrup(除函数定义、catch、else与Attach类似),
# Allman(总是在大括号前换行), GNU(总是在大括号前换行,并对于控制语句的大括号增加额外的缩进), WebKit(在函数前换行), Custom
# 注:这里认为语句块也属于函数
BreakBeforeBraces: Custom
# 在三元运算符前换行
BreakBeforeTernaryOperators: false
# 在构造函数的初始化列表的冒号后换行
BreakConstructorInitializers: AfterColon
#BreakInheritanceList: AfterColon
BreakStringLiterals: false
# 每行字符的限制0表示没有限制
ColumnLimit: 0
CompactNamespaces: true
# 构造函数的初始化列表要么都在同一行,要么都各自一行
ConstructorInitializerAllOnOneLineOrOnePerLine: false
# 构造函数的初始化列表的缩进宽度
ConstructorInitializerIndentWidth: 4
# 延续的行的缩进宽度
ContinuationIndentWidth: 4
# 去除C++11的列表初始化的大括号{后和}前的空格
Cpp11BracedListStyle: true
# 继承最常用的指针和引用的对齐方式
DerivePointerAlignment: false
# 固定命名空间注释
FixNamespaceComments: true
# 缩进case标签
IndentCaseLabels: false
IndentPPDirectives: None
# 缩进宽度
IndentWidth: 4
# 函数返回类型换行时,缩进函数声明或函数定义的函数名
IndentWrappedFunctionNames: false
# 保留在块开始处的空行
KeepEmptyLinesAtTheStartOfBlocks: false
# 连续空行的最大数量
MaxEmptyLinesToKeep: 1
# 命名空间的缩进: None, Inner(缩进嵌套的命名空间中的内容), All
NamespaceIndentation: None
# 指针和引用的对齐: Left, Right, Middle
PointerAlignment: Right
# 允许重新排版注释
ReflowComments: true
# 允许排序#include
SortIncludes: false
# 允许排序 using 声明
SortUsingDeclarations: false
# 在C风格类型转换后添加空格
SpaceAfterCStyleCast: false
# 在Template 关键字后面添加空格
SpaceAfterTemplateKeyword: true
# 在赋值运算符之前添加空格
SpaceBeforeAssignmentOperators: true
# SpaceBeforeCpp11BracedList: true
# SpaceBeforeCtorInitializerColon: true
# SpaceBeforeInheritanceColon: true
# 开圆括号之前添加一个空格: Never, ControlStatements, Always
SpaceBeforeParens: ControlStatements
# SpaceBeforeRangeBasedForLoopColon: true
# 在空的圆括号中添加空格
SpaceInEmptyParentheses: false
# 在尾随的评论前添加的空格数(只适用于//)
SpacesBeforeTrailingComments: 1
# 在尖括号的<后和>前添加空格
SpacesInAngles: false
# 在C风格类型转换的括号中添加空格
SpacesInCStyleCastParentheses: false
# 在容器(ObjC和JavaScript的数组和字典等)字面量中添加空格
SpacesInContainerLiterals: true
# 在圆括号的(后和)前添加空格
SpacesInParentheses: false
# 在方括号的[后和]前添加空格lamda表达式和未指明大小的数组的声明不受影响
SpacesInSquareBrackets: false
# 标准: Cpp03, Cpp11, Auto
Standard: Cpp11
# tab宽度
TabWidth: 4
# 使用tab字符: Never, ForIndentation, ForContinuationAndIndentation, Always
UseTab: Never

View File

@ -1,43 +1,16 @@
#include <pthread.h> #include <pthread.h>
#include <stdio.h> #include <stdio.h>
#include <string.h>
#include "redis-acl.h" #include "redis-acl.h"
#include "redismodule.h" #include "redismodule.h"
static RedisModuleCommandFilter *filter;
static int times = 1; static int times = 1;
static int MAX_TIME = 1000; static int MAX_TIME = 1000;
static RedisModuleDict *userDict = NULL;
void AuthFilter_CommandFilter(RedisModuleCommandFilter *filter) {
int pos = 0;
RedisModule_Log(NULL, LOG_LEVEL_NOTICE, "command filter");
while (pos < RedisModule_CommandFilterArgsCount(filter)) {
const RedisModuleString *arg = RedisModule_CommandFilterArgGet(filter, pos);
size_t arg_len;
const char *arg_str = RedisModule_StringPtrLen(arg, &arg_len);
// RedisModule_Log(NULL, LOG_LEVEL_NOTICE, "str=%s,len=%ld", arg_str, arg_len);
// if (strcmp(arg_str, "auth") == 0) {
// RedisModule_Log(NULL, LOG_LEVEL_NOTICE, "command is auth");
// RedisModule_CommandFilterArgReplace(filter, pos,
// RedisModule_CreateString(NULL, "acl.auth", 9));
//}
// 解密
pos++;
}
RedisModule_Log(NULL, LOG_LEVEL_NOTICE, "filter finished");
}
int AuthCommand_RedisCommand(RedisModuleCtx *ctx, RedisModuleString **argv,
int argc) {
REDISMODULE_NOT_USED(ctx);
REDISMODULE_NOT_USED(argc);
REDISMODULE_NOT_USED(argv);
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "acl.auth begin");
RedisModule_ReplyWithCString(ctx, "ok");
return REDISMODULE_OK;
}
RedisModuleUser *createUser(RedisModuleCtx *ctx, const char *name) { RedisModuleUser *createUser(RedisModuleCtx *ctx, const char *name) {
REDISMODULE_NOT_USED(ctx);
RedisModuleUser *user = RedisModule_CreateModuleUser(name); RedisModuleUser *user = RedisModule_CreateModuleUser(name);
RedisModule_SetModuleUserACL(user, "allcommands"); RedisModule_SetModuleUserACL(user, "allcommands");
RedisModule_SetModuleUserACL(user, "allkeys"); RedisModule_SetModuleUserACL(user, "allkeys");
@ -45,8 +18,9 @@ RedisModuleUser* createUser(RedisModuleCtx *ctx, const char *name) {
return user; return user;
} }
int module_auth_reply(RedisModuleCtx *ctx, RedisModuleString *username, int authReply(RedisModuleCtx *ctx, RedisModuleString *username,
RedisModuleString *password, RedisModuleString **err) { RedisModuleString *password, RedisModuleString **err) {
REDISMODULE_NOT_USED(password);
void **targ = RedisModule_GetBlockedClientPrivateData(ctx); void **targ = RedisModule_GetBlockedClientPrivateData(ctx);
int result = (uintptr_t)targ[0]; int result = (uintptr_t)targ[0];
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "auth reply"); RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "auth reply");
@ -56,9 +30,11 @@ int module_auth_reply(RedisModuleCtx *ctx, RedisModuleString *username,
// auth success // auth success
RedisModuleUser *moduleUser = createUser(ctx, user); RedisModuleUser *moduleUser = createUser(ctx, user);
uint64_t client_id; uint64_t client_id;
int auth_result = RedisModule_AuthenticateClientWithUser(ctx, moduleUser, NULL, NULL, &client_id); int authResult = RedisModule_AuthenticateClientWithUser(
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "auth success user=%s, %lu", user, client_id); ctx, moduleUser, NULL, NULL, &client_id);
if (auth_result == REDISMODULE_ERR) { RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "auth success user=%s, %lu", user,
client_id);
if (authResult == REDISMODULE_ERR) {
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "user not exits user=%s", user); RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "user not exits user=%s", user);
} }
return REDISMODULE_AUTH_HANDLED; return REDISMODULE_AUTH_HANDLED;
@ -72,49 +48,50 @@ int module_auth_reply(RedisModuleCtx *ctx, RedisModuleString *username,
return REDISMODULE_AUTH_HANDLED; return REDISMODULE_AUTH_HANDLED;
} }
void free_auth_data(RedisModuleCtx *ctx, void *privdata) { void freeAuthData(RedisModuleCtx *ctx, void *privdata) {
REDISMODULE_NOT_USED(ctx); REDISMODULE_NOT_USED(ctx);
RedisModule_Free(privdata); RedisModule_Free(privdata);
} }
void *AuthBlock_ThreadMain(void *arg) { void *AuthBlockThreadMain(void *arg) {
void **targ = arg; void **targ = arg;
RedisModuleBlockedClient *bc = targ[0]; RedisModuleBlockedClient *bc = targ[0];
RedisModuleCtx *ctx = targ[1]; RedisModuleCtx *ctx = targ[1];
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "begin auth "); RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "begin auth ");
const char *user = RedisModule_StringPtrLen(targ[2], NULL); const char *user = RedisModule_StringPtrLen(targ[2], NULL);
const char *pwd = RedisModule_StringPtrLen(targ[3], NULL); const char *pwd = RedisModule_StringPtrLen(targ[3], NULL);
void **replyarg = RedisModule_Alloc(sizeof(void *));
int result = 2; int result = 2;
if (!strcmp(user, "foo") && !strcmp(pwd, "block_allow")) { struct redisAcl *acl = (struct redisAcl *)RedisModule_DictGetC(userDict, user, strlen(user), NULL);
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "auth success"); if (!acl) {
result = 1; RedisModule_Log(ctx, LOG_LEVEL_WARNING, "auth failed");
} else if (!strcmp(user, "foo") && !strcmp(pwd, "block_deny")) {
result = 0; result = 0;
} else if (!strcmp(user, "foo") && !strcmp(pwd, "block_abort")) { goto returnResult;
RedisModule_BlockedClientMeasureTimeEnd(bc); }
RedisModule_AbortBlock(bc); const char *passwdInModule = RedisModule_StringPtrLen(acl->password, NULL);
goto cleanup; if (!strcmp(pwd, passwdInModule)) {
result = 1;
} else { } else {
result = 0; result = 0;
} }
void **replyarg = RedisModule_Alloc(sizeof(void *)); returnResult:
replyarg[0] = (void *)(uintptr_t)result; replyarg[0] = (void *)(uintptr_t)result;
RedisModule_BlockedClientMeasureTimeEnd(bc); RedisModule_BlockedClientMeasureTimeEnd(bc);
RedisModule_UnblockClient(bc, replyarg); RedisModule_UnblockClient(bc, replyarg);
cleanup:
RedisModule_FreeString(NULL, targ[2]); RedisModule_FreeString(NULL, targ[2]);
RedisModule_FreeString(NULL, targ[3]); RedisModule_FreeString(NULL, targ[3]);
RedisModule_Free(targ); RedisModule_Free(targ);
return NULL; return NULL;
} }
int module_auth(RedisModuleCtx *ctx, RedisModuleString *username, int moduleBlockAuth(RedisModuleCtx *ctx, RedisModuleString *username,
RedisModuleString *password, RedisModuleString **err) { RedisModuleString *password, RedisModuleString **err) {
REDISMODULE_NOT_USED(password);
REDISMODULE_NOT_USED(err);
RedisModuleBlockedClient *bc = RedisModuleBlockedClient *bc =
RedisModule_BlockClientOnAuth(ctx, module_auth_reply, free_auth_data); RedisModule_BlockClientOnAuth(ctx, authReply, freeAuthData);
int ctx_flags = RedisModule_GetContextFlags(ctx); int ctx_flags = RedisModule_GetContextFlags(ctx);
if (ctx_flags & REDISMODULE_CTX_FLAGS_MULTI || if (ctx_flags & REDISMODULE_CTX_FLAGS_MULTI || ctx_flags & REDISMODULE_CTX_FLAGS_LUA) {
ctx_flags & REDISMODULE_CTX_FLAGS_LUA) {
RedisModule_UnblockClient(bc, NULL); RedisModule_UnblockClient(bc, NULL);
return REDISMODULE_AUTH_HANDLED; return REDISMODULE_AUTH_HANDLED;
} }
@ -125,23 +102,31 @@ int module_auth(RedisModuleCtx *ctx, RedisModuleString *username,
targ[1] = ctx; targ[1] = ctx;
targ[2] = RedisModule_CreateStringFromString(NULL, username); targ[2] = RedisModule_CreateStringFromString(NULL, username);
targ[3] = RedisModule_CreateStringFromString(NULL, password); targ[3] = RedisModule_CreateStringFromString(NULL, password);
/* Create bg thread and pass the blockedclient, username and password to it. if (pthread_create(&tid, NULL, AuthBlockThreadMain, targ) != 0) {
*/
if (pthread_create(&tid, NULL, AuthBlock_ThreadMain, targ) != 0) {
RedisModule_AbortBlock(bc); RedisModule_AbortBlock(bc);
} }
return REDISMODULE_AUTH_HANDLED; return REDISMODULE_AUTH_HANDLED;
} }
int auth_cb(RedisModuleCtx *ctx, RedisModuleString *username, int moduleAuth(RedisModuleCtx *ctx, RedisModuleString *username,
RedisModuleString *password, RedisModuleString **err) { RedisModuleString *password, RedisModuleString **err) {
const char *user = RedisModule_StringPtrLen(username, NULL); const char *user = RedisModule_StringPtrLen(username, NULL);
const char *pwd = RedisModule_StringPtrLen(password, NULL); const char *pwd = RedisModule_StringPtrLen(password, NULL);
if (!strcmp(user, "foo") && !strcmp(pwd, "allow")) { struct redisAcl *acl = (struct redisAcl *)RedisModule_DictGetC(userDict, user, strlen(user), NULL);
RedisModuleUser *user = createUser(ctx, "foo"); if (!acl) {
RedisModule_AuthenticateClientWithACLUser(ctx, "foo", 3, NULL, NULL, NULL); const char *err_msg = "Auth denied by Misc Module.";
*err = RedisModule_CreateString(ctx, err_msg, strlen(err_msg));
return REDISMODULE_AUTH_HANDLED; return REDISMODULE_AUTH_HANDLED;
} else if (!strcmp(user, "foo") && !strcmp(pwd, "deny")) { }
const char *userInModule = RedisModule_StringPtrLen(acl->username, NULL);
const char *userInPass = RedisModule_StringPtrLen(acl->password, NULL);
if (!strcmp(pwd, userInPass)) {
RedisModuleUser *moduleUser = createUser(ctx, userInModule);
uint64_t client_id;
RedisModule_AuthenticateClientWithUser(ctx, moduleUser, NULL, NULL, &client_id);
return REDISMODULE_AUTH_HANDLED;
} else {
const char *err_msg = "Auth denied by Misc Module."; const char *err_msg = "Auth denied by Misc Module.";
*err = RedisModule_CreateString(ctx, err_msg, strlen(err_msg)); *err = RedisModule_CreateString(ctx, err_msg, strlen(err_msg));
return REDISMODULE_AUTH_HANDLED; return REDISMODULE_AUTH_HANDLED;
@ -163,35 +148,38 @@ void cronLoopCallBack(RedisModuleCtx *ctx, RedisModuleEvent *e, uint64_t sub,
times = 0; times = 0;
} }
int initUsers(RedisModuleCtx *ctx, const char *user, const char *passwd) {
REDISMODULE_NOT_USED(ctx);
if (userDict == NULL) {
userDict = RedisModule_CreateDict(ctx);
}
struct redisAcl *acl;
acl = RedisModule_Alloc(sizeof(*acl));
memset(acl, 0, sizeof(*acl));
acl->username = RedisModule_CreateString(ctx, user, strlen(user));
acl->password = RedisModule_CreateString(ctx, passwd, strlen(passwd));
int result = RedisModule_DictSetC(userDict, user, strlen(user), acl);
if (result == REDISMODULE_OK) {
char *userModule = RedisModule_StringPtrLen(acl->username, NULL);
char *passwdModule = RedisModule_StringPtrLen(acl->password, NULL);
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "user add success, username=%s, password=%s", userModule, passwdModule);
}
return REDISMODULE_OK;
}
int RedisModule_OnLoad(RedisModuleCtx *ctx, RedisModuleString **argv, int RedisModule_OnLoad(RedisModuleCtx *ctx, RedisModuleString **argv,
int argc) { int argc) {
REDISMODULE_NOT_USED(argv); REDISMODULE_NOT_USED(argv);
REDISMODULE_NOT_USED(argc); REDISMODULE_NOT_USED(argc);
if (RedisModule_Init(ctx, "redis-auth", 1, REDISMODULE_APIVER_1) == if (RedisModule_Init(ctx, "redis-auth", 1, REDISMODULE_APIVER_1) == REDISMODULE_ERR) {
REDISMODULE_ERR) {
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "init redis-auth failed"); RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "init redis-auth failed");
return REDISMODULE_ERR; return REDISMODULE_ERR;
} }
filter = RedisModule_RegisterCommandFilter(ctx, AuthFilter_CommandFilter, 0); RedisModule_RegisterAuthCallback(ctx, moduleBlockAuth);
if (filter == NULL) { RedisModule_RegisterAuthCallback(ctx, moduleAuth);
RedisModule_Log(ctx, LOG_LEVEL_WARNING, "init filter failed");
return REDISMODULE_ERR;
}
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "init filter success");
if (RedisModule_CreateCommand(ctx, "acl.auth", AuthCommand_RedisCommand, initUsers(ctx, "foo", "block_allow");
"no-auth", 0, 0, 0) == REDISMODULE_ERR) {
RedisModule_Log(ctx, LOG_LEVEL_WARNING, "init acl.auth failed");
return REDISMODULE_ERR;
}
RedisModule_RegisterAuthCallback(ctx, module_auth);
RedisModule_RegisterAuthCallback(ctx, auth_cb);
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "init command success");
// RedisModule_SubscribeToServerEvent(ctx, RedisModuleEvent_CronLoop,
// cronLoopCallBack);
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "init redis-auth success!"); RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "init redis-auth success!");
return REDISMODULE_OK; return REDISMODULE_OK;

View File

@ -10,12 +10,25 @@
#define UNUSED(V) ((void) V) #define UNUSED(V) ((void) V)
/* * struct redisAcl {
* Redis Auth command RedisModuleString *username;
* */ RedisModuleString *password;
int AuthCommand_RedisCommand(RedisModuleCtx *ctx, RedisModuleString **argv, int argc); } redisAcl;
void AuthFilter_CommandFilter(RedisModuleCommandFilter *filter);
RedisModuleUser *createUser(RedisModuleCtx *ctx, const char *name);
int authReply(RedisModuleCtx *ctx, RedisModuleString *username, RedisModuleString *password, RedisModuleString **err);
void freeAuthData(RedisModuleCtx *ctx, void *privdata);
void *AuthBlockThreadMain(void *arg);
int moduleBlockAuth(RedisModuleCtx *ctx, RedisModuleString *username, RedisModuleString *password, RedisModuleString **err);
int moduleAuth(RedisModuleCtx *ctx, RedisModuleString *username, RedisModuleString *password, RedisModuleString **err);
void cronLoopCallBack(RedisModuleCtx *ctx, RedisModuleEvent *e, uint64_t sub, void *data);
#endif // REDISAUTH_H #endif // REDISAUTH_H