关键词搜索

源码搜索 ×
×

漫话Redis源码之八十七

发布2022-02-20浏览765次

详情内容

这个文件的函数比较杂,大致看看就行,以第一个为例,就是一下哈希相关的操作,为了密码安全。其余的函数了解用途就行。

  1. /* Given an SDS string, returns the SHA256 hex representation as a
  2.  * new SDS string. */
  3. sds ACLHashPassword(unsigned char *cleartext, size_t len) {
  4.     SHA256_CTX ctx;
  5.     unsigned char hash[SHA256_BLOCK_SIZE];
  6.     char hex[HASH_PASSWORD_LEN];
  7.     char *cset = "0123456789abcdef";
  8.  
  9.     sha256_init(&ctx);
  10.     sha256_update(&ctx,(unsigned char*)cleartext,len);
  11.     sha256_final(&ctx,hash);
  12.  
  13.     for (int j = 0; j < SHA256_BLOCK_SIZE; j++) {
  14.         hex[j*2] = cset[((hash[j]&0xF0)>>4)];
  15.         hex[j*2+1] = cset[(hash[j]&0xF)];
  16.     }
  17.     return sdsnewlen(hex,HASH_PASSWORD_LEN);
  18. }
  19.  
  20. /* Given a hash and the hash length, returns C_OK if it is a valid password
  21.  * hash, or C_ERR otherwise. */
  22. int ACLCheckPasswordHash(unsigned char *hash, int hashlen) {
  23.     if (hashlen != HASH_PASSWORD_LEN) {
  24.         return C_ERR;
  25.     }
  26.  
  27.     /* Password hashes can only be characters that represent
  28.      * hexadecimal values, which are numbers and lowercase
  29.      * characters 'a' through 'f'. */
  30.     for(int i = 0; i < HASH_PASSWORD_LEN; i++) {
  31.         char c = hash[i];
  32.         if ((c < 'a' || c > 'f') && (c < '0' || c > '9')) {
  33.             return C_ERR;
  34.         }
  35.     }
  36.     return C_OK;
  37. }
  38.  
  39. /* =============================================================================
  40.  * Low level ACL API
  41.  * ==========================================================================*/
  42.  
  43. /* Return 1 if the specified string contains spaces or null characters.
  44.  * We do this for usernames and key patterns for simpler rewriting of
  45.  * ACL rules, presentation on ACL list, and to avoid subtle security bugs
  46.  * that may arise from parsing the rules in presence of escapes.
  47.  * The function returns 0 if the string has no spaces. */
  48. int ACLStringHasSpaces(const char *s, size_t len) {
  49.     for (size_t i = 0; i < len; i++) {
  50.         if (isspace(s[i]) || s[i] == 0) return 1;
  51.     }
  52.     return 0;
  53. }
  54.  
  55. /* Given the category name the command returns the corresponding flag, or
  56.  * zero if there is no match. */
  57. uint64_t ACLGetCommandCategoryFlagByName(const char *name) {
  58.     for (int j = 0; ACLCommandCategories[j].flag != 0; j++) {
  59.         if (!strcasecmp(name,ACLCommandCategories[j].name)) {
  60.             return ACLCommandCategories[j].flag;
  61.         }
  62.     }
  63.     return 0; /* No match. */
  64. }
  65.  
  66. /* Method for passwords/pattern comparison used for the user->passwords list
  67.  * so that we can search for items with listSearchKey(). */
  68. int ACLListMatchSds(void *a, void *b) {
  69.     return sdscmp(a,b) == 0;
  70. }
  71.  
  72. /* Method to free list elements from ACL users password/patterns lists. */
  73. void ACLListFreeSds(void *item) {
  74.     sdsfree(item);
  75. }
  76.  
  77. /* Method to duplicate list elements from ACL users password/patterns lists. */
  78. void *ACLListDupSds(void *item) {
  79.     return sdsdup(item);
  80. }
  81.  
  82. /* Create a new user with the specified name, store it in the list
  83.  * of users (the Users global radix tree), and returns a reference to
  84.  * the structure representing the user.
  85.  *
  86.  * If the user with such name already exists NULL is returned. */
  87. user *ACLCreateUser(const char *name, size_t namelen) {
  88.     if (raxFind(Users,(unsigned char*)name,namelen) != raxNotFound) return NULL;
  89.     user *u = zmalloc(sizeof(*u));
  90.     u->name = sdsnewlen(name,namelen);
  91.     u->flags = USER_FLAG_DISABLED | server.acl_pubsub_default;
  92.     u->allowed_subcommands = NULL;
  93.     u->passwords = listCreate();
  94.     u->patterns = listCreate();
  95.     u->channels = listCreate();
  96.     listSetMatchMethod(u->passwords,ACLListMatchSds);
  97.     listSetFreeMethod(u->passwords,ACLListFreeSds);
  98.     listSetDupMethod(u->passwords,ACLListDupSds);
  99.     listSetMatchMethod(u->patterns,ACLListMatchSds);
  100.     listSetFreeMethod(u->patterns,ACLListFreeSds);
  101.     listSetDupMethod(u->patterns,ACLListDupSds);
  102.     listSetMatchMethod(u->channels,ACLListMatchSds);
  103.     listSetFreeMethod(u->channels,ACLListFreeSds);
  104.     listSetDupMethod(u->channels,ACLListDupSds);
  105.     memset(u->allowed_commands,0,sizeof(u->allowed_commands));
  106.     raxInsert(Users,(unsigned char*)name,namelen,u,NULL);
  107.     return u;
  108. }
  109.  
  110. /* This function should be called when we need an unlinked "fake" user
  111.  * we can use in order to validate ACL rules or for other similar reasons.
  112.  * The user will not get linked to the Users radix tree. The returned
  113.  * user should be released with ACLFreeUser() as usually. */
  114. user *ACLCreateUnlinkedUser(void) {
  115.     char username[64];
  116.     for (int j = 0; ; j++) {
  117.         snprintf(username,sizeof(username),"__fakeuser:%d__",j);
  118.         user *fakeuser = ACLCreateUser(username,strlen(username));
  119.         if (fakeuser == NULL) continue;
  120.         int retval = raxRemove(Users,(unsigned char*) username,
  121.                                strlen(username),NULL);
  122.         serverAssert(retval != 0);
  123.         return fakeuser;
  124.     }
  125. }
  126.  
  127. /* Release the memory used by the user structure. Note that this function
  128.  * will not remove the user from the Users global radix tree. */
  129. void ACLFreeUser(user *u) {
  130.     sdsfree(u->name);
  131.     listRelease(u->passwords);
  132.     listRelease(u->patterns);
  133.     listRelease(u->channels);
  134.     ACLResetSubcommands(u);
  135.     zfree(u);
  136. }
  137.  
  138. /* When a user is deleted we need to cycle the active
  139.  * connections in order to kill all the pending ones that
  140.  * are authenticated with such user. */
  141. void ACLFreeUserAndKillClients(user *u) {
  142.     listIter li;
  143.     listNode *ln;
  144.     listRewind(server.clients,&li);
  145.     while ((ln = listNext(&li)) != NULL) {
  146.         client *c = listNodeValue(ln);
  147.         if (c->user == u) {
  148.             /* We'll free the connection asynchronously, so
  149.              * in theory to set a different user is not needed.
  150.              * However if there are bugs in Redis, soon or later
  151.              * this may result in some security hole: it's much
  152.              * more defensive to set the default user and put
  153.              * it in non authenticated mode. */
  154.             c->user = DefaultUser;
  155.             c->authenticated = 0;
  156.             /* We will write replies to this client later, so we can't
  157.              * close it directly even if async. */
  158.             if (c == server.current_client) {
  159.                 c->flags |= CLIENT_CLOSE_AFTER_COMMAND;
  160.             } else {
  161.                 freeClientAsync(c);
  162.             }
  163.         }
  164.     }
  165.     ACLFreeUser(u);
  166. }
  167.  
  168. /* Copy the user ACL rules from the source user 'src' to the destination
  169.  * user 'dst' so that at the end of the process they'll have exactly the
  170.  * same rules (but the names will continue to be the original ones). */
  171. void ACLCopyUser(user *dst, user *src) {
  172.     listRelease(dst->passwords);
  173.     listRelease(dst->patterns);
  174.     listRelease(dst->channels);
  175.     dst->passwords = listDup(src->passwords);
  176.     dst->patterns = listDup(src->patterns);
  177.     dst->channels = listDup(src->channels);
  178.     memcpy(dst->allowed_commands,src->allowed_commands,
  179.            sizeof(dst->allowed_commands));
  180.     dst->flags = src->flags;
  181.     ACLResetSubcommands(dst);
  182.     /* Copy the allowed subcommands array of array of SDS strings. */
  183.     if (src->allowed_subcommands) {
  184.         for (int j = 0; j < USER_COMMAND_BITS_COUNT; j++) {
  185.             if (src->allowed_subcommands[j]) {
  186.                 for (int i = 0; src->allowed_subcommands[j][i]; i++)
  187.                 {
  188.                     ACLAddAllowedSubcommand(dst, j,
  189.                         src->allowed_subcommands[j][i]);
  190.                 }
  191.             }
  192.         }
  193.     }
  194. }
  195.  
  196. /* Free all the users registered in the radix tree 'users' and free the
  197.  * radix tree itself. */
  198. void ACLFreeUsersSet(rax *users) {
  199.     raxFreeWithCallback(users,(void(*)(void*))ACLFreeUserAndKillClients);
  200. }
  201.  
  202. /* Given a command ID, this function set by reference 'word' and 'bit'
  203.  * so that user->allowed_commands[word] will address the right word
  204.  * where the corresponding bit for the provided ID is stored, and
  205.  * so that user->allowed_commands[word]&bit will identify that specific
  206.  * bit. The function returns C_ERR in case the specified ID overflows
  207.  * the bitmap in the user representation. */
  208. int ACLGetCommandBitCoordinates(uint64_t id, uint64_t *word, uint64_t *bit) {
  209.     if (id >= USER_COMMAND_BITS_COUNT) return C_ERR;
  210.     *word = id / sizeof(uint64_t) / 8;
  211.     *bit = 1ULL << (id % (sizeof(uint64_t) * 8));
  212.     return C_OK;
  213. }
  214.  
  215. /* Check if the specified command bit is set for the specified user.
  216.  * The function returns 1 is the bit is set or 0 if it is not.
  217.  * Note that this function does not check the ALLCOMMANDS flag of the user
  218.  * but just the lowlevel bitmask.
  219.  *
  220.  * If the bit overflows the user internal representation, zero is returned
  221.  * in order to disallow the execution of the command in such edge case. */
  222. int ACLGetUserCommandBit(user *u, unsigned long id) {
  223.     uint64_t word, bit;
  224.     if (ACLGetCommandBitCoordinates(id,&word,&bit) == C_ERR) return 0;
  225.     return (u->allowed_commands[word] & bit) != 0;
  226. }
  227.  
  228. /* When +@all or allcommands is given, we set a reserved bit as well that we
  229.  * can later test, to see if the user has the right to execute "future commands",
  230.  * that is, commands loaded later via modules. */
  231. int ACLUserCanExecuteFutureCommands(user *u) {
  232.     return ACLGetUserCommandBit(u,USER_COMMAND_BITS_COUNT-1);
  233. }
  234.  
  235. /* Set the specified command bit for the specified user to 'value' (0 or 1).
  236.  * If the bit overflows the user internal representation, no operation
  237.  * is performed. As a side effect of calling this function with a value of
  238.  * zero, the user flag ALLCOMMANDS is cleared since it is no longer possible
  239.  * to skip the command bit explicit test. */
  240. void ACLSetUserCommandBit(user *u, unsigned long id, int value) {
  241.     uint64_t word, bit;
  242.     if (ACLGetCommandBitCoordinates(id,&word,&bit) == C_ERR) return;
  243.     if (value) {
  244.         u->allowed_commands[word] |= bit;
  245.     } else {
  246.         u->allowed_commands[word] &= ~bit;
  247.         u->flags &= ~USER_FLAG_ALLCOMMANDS;
  248.     }
  249. }
  250.  
  251. /* This is like ACLSetUserCommandBit(), but instead of setting the specified
  252.  * ID, it will check all the commands in the category specified as argument,
  253.  * and will set all the bits corresponding to such commands to the specified
  254.  * value. Since the category passed by the user may be non existing, the
  255.  * function returns C_ERR if the category was not found, or C_OK if it was
  256.  * found and the operation was performed. */
  257. int ACLSetUserCommandBitsForCategory(user *u, const char *category, int value) {
  258.     uint64_t cflag = ACLGetCommandCategoryFlagByName(category);
  259.     if (!cflag) return C_ERR;
  260.     dictIterator *di = dictGetIterator(server.orig_commands);
  261.     dictEntry *de;
  262.     while ((de = dictNext(di)) != NULL) {
  263.         struct redisCommand *cmd = dictGetVal(de);
  264.         if (cmd->flags & CMD_MODULE) continue; /* Ignore modules commands. */
  265.         if (cmd->flags & cflag) {
  266.             ACLSetUserCommandBit(u,cmd->id,value);
  267.             ACLResetSubcommandsForCommand(u,cmd->id);
  268.         }
  269.     }
  270.     dictReleaseIterator(di);
  271.     return C_OK;
  272. }
  273.  
  274. /* Return the number of commands allowed (on) and denied (off) for the user 'u'
  275.  * in the subset of commands flagged with the specified category name.
  276.  * If the category name is not valid, C_ERR is returned, otherwise C_OK is
  277.  * returned and on and off are populated by reference. */
  278. int ACLCountCategoryBitsForUser(user *u, unsigned long *on, unsigned long *off,
  279.                                 const char *category)
  280. {
  281.     uint64_t cflag = ACLGetCommandCategoryFlagByName(category);
  282.     if (!cflag) return C_ERR;
  283.  
  284.     *on = *off = 0;
  285.     dictIterator *di = dictGetIterator(server.orig_commands);
  286.     dictEntry *de;
  287.     while ((de = dictNext(di)) != NULL) {
  288.         struct redisCommand *cmd = dictGetVal(de);
  289.         if (cmd->flags & cflag) {
  290.             if (ACLGetUserCommandBit(u,cmd->id))
  291.                 (*on)++;
  292.             else
  293.                 (*off)++;
  294.         }
  295.     }
  296.     dictReleaseIterator(di);
  297.     return C_OK;
  298. }
  299.  
  300. /* This function returns an SDS string representing the specified user ACL
  301.  * rules related to command execution, in the same format you could set them
  302.  * back using ACL SETUSER. The function will return just the set of rules needed
  303.  * to recreate the user commands bitmap, without including other user flags such
  304.  * as on/off, passwords and so forth. The returned string always starts with
  305.  * the +@all or -@all rule, depending on the user bitmap, and is followed, if
  306.  * needed, by the other rules needed to narrow or extend what the user can do. */
  307. sds ACLDescribeUserCommandRules(user *u) {
  308.     sds rules = sdsempty();
  309.     int additive;   /* If true we start from -@all and add, otherwise if
  310.                        false we start from +@all and remove. */
  311.  
  312.     /* This code is based on a trick: as we generate the rules, we apply
  313.      * them to a fake user, so that as we go we still know what are the
  314.      * bit differences we should try to address by emitting more rules. */
  315.     user fu = {0};
  316.     user *fakeuser = &fu;
  317.  
  318.     /* Here we want to understand if we should start with +@all and remove
  319.      * the commands corresponding to the bits that are not set in the user
  320.      * commands bitmap, or the contrary. Note that semantically the two are
  321.      * different. For instance starting with +@all and subtracting, the user
  322.      * will be able to execute future commands, while -@all and adding will just
  323.      * allow the user the run the selected commands and/or categories.
  324.      * How do we test for that? We use the trick of a reserved command ID bit
  325.      * that is set only by +@all (and its alias "allcommands"). */
  326.     if (ACLUserCanExecuteFutureCommands(u)) {
  327.         additive = 0;
  328.         rules = sdscat(rules,"+@all ");
  329.         ACLSetUser(fakeuser,"+@all",-1);
  330.     } else {
  331.         additive = 1;
  332.         rules = sdscat(rules,"-@all ");
  333.         ACLSetUser(fakeuser,"-@all",-1);
  334.     }
  335.  
  336.     /* Attempt to find a good approximation for categories and commands
  337.      * based on the current bits used, by looping over the category list
  338.      * and applying the best fit each time. Often a set of categories will not 
  339.      * perfectly match the set of commands into it, so at the end we do a 
  340.      * final pass adding/removing the single commands needed to make the bitmap
  341.      * exactly match. A temp user is maintained to keep track of categories 
  342.      * already applied. */
  343.     user tu = {0};
  344.     user *tempuser = &tu;
  345.     
  346.     /* Keep track of the categories that have been applied, to prevent
  347.      * applying them twice.  */
  348.     char applied[sizeof(ACLCommandCategories)/sizeof(ACLCommandCategories[0])];
  349.     memset(applied, 0, sizeof(applied));
  350.  
  351.     memcpy(tempuser->allowed_commands,
  352.         u->allowed_commands, 
  353.         sizeof(u->allowed_commands));
  354.     while (1) {
  355.         int best = -1;
  356.         unsigned long mindiff = INT_MAX, maxsame = 0;
  357.         for (int j = 0; ACLCommandCategories[j].flag != 0; j++) {
  358.             if (applied[j]) continue;
  359.  
  360.             unsigned long on, off, diff, same;
  361.             ACLCountCategoryBitsForUser(tempuser,&on,&off,ACLCommandCategories[j].name);
  362.             /* Check if the current category is the best this loop:
  363.              * * It has more commands in common with the user than commands
  364.              *   that are different.
  365.              * AND EITHER
  366.              * * It has the fewest number of differences
  367.              *    than the best match we have found so far. 
  368.              * * OR it matches the fewest number of differences
  369.              *   that we've seen but it has more in common. */
  370.             diff = additive ? off : on;
  371.             same = additive ? on : off;
  372.             if (same > diff && 
  373.                 ((diff < mindiff) || (diff == mindiff && same > maxsame)))
  374.             {
  375.                 best = j;
  376.                 mindiff = diff;
  377.                 maxsame = same;
  378.             }
  379.         }
  380.  
  381.         /* We didn't find a match */
  382.         if (best == -1) break;
  383.  
  384.         sds op = sdsnewlen(additive ? "+@" : "-@", 2);
  385.         op = sdscat(op,ACLCommandCategories[best].name);
  386.         ACLSetUser(fakeuser,op,-1);
  387.  
  388.         sds invop = sdsnewlen(additive ? "-@" : "+@", 2);
  389.         invop = sdscat(invop,ACLCommandCategories[best].name);
  390.         ACLSetUser(tempuser,invop,-1);
  391.  
  392.         rules = sdscatsds(rules,op);
  393.         rules = sdscatlen(rules," ",1);
  394.         sdsfree(op);
  395.         sdsfree(invop);
  396.  
  397.         applied[best] = 1;
  398.     }
  399.  
  400.     /* Fix the final ACLs with single commands differences. */
  401.     dictIterator *di = dictGetIterator(server.orig_commands);
  402.     dictEntry *de;
  403.     while ((de = dictNext(di)) != NULL) {
  404.         struct redisCommand *cmd = dictGetVal(de);
  405.         int userbit = ACLGetUserCommandBit(u,cmd->id);
  406.         int fakebit = ACLGetUserCommandBit(fakeuser,cmd->id);
  407.         if (userbit != fakebit) {
  408.             rules = sdscatlen(rules, userbit ? "+" : "-", 1);
  409.             rules = sdscat(rules,cmd->name);
  410.             rules = sdscatlen(rules," ",1);
  411.             ACLSetUserCommandBit(fakeuser,cmd->id,userbit);
  412.         }
  413.  
  414.         /* Emit the subcommands if there are any. */
  415.         if (userbit == 0 && u->allowed_subcommands &&
  416.             u->allowed_subcommands[cmd->id])
  417.         {
  418.             for (int j = 0; u->allowed_subcommands[cmd->id][j]; j++) {
  419.                 rules = sdscatlen(rules,"+",1);
  420.                 rules = sdscat(rules,cmd->name);
  421.                 rules = sdscatlen(rules,"|",1);
  422.                 rules = sdscatsds(rules,u->allowed_subcommands[cmd->id][j]);
  423.                 rules = sdscatlen(rules," ",1);
  424.             }
  425.         }
  426.     }
  427.     dictReleaseIterator(di);
  428.  
  429.     /* Trim the final useless space. */
  430.     sdsrange(rules,0,-2);
  431.  
  432.     /* This is technically not needed, but we want to verify that now the
  433.      * predicted bitmap is exactly the same as the user bitmap, and abort
  434.      * otherwise, because aborting is better than a security risk in this
  435.      * code path. */
  436.     if (memcmp(fakeuser->allowed_commands,
  437.                         u->allowed_commands,
  438.                         sizeof(u->allowed_commands)) != 0)
  439.     {
  440.         serverLog(LL_WARNING,
  441.             "CRITICAL ERROR: User ACLs don't match final bitmap: '%s'",
  442.             rules);
  443.         serverPanic("No bitmap match in ACLDescribeUserCommandRules()");
  444.     }
  445.     return rules;
  446. }
  447.  
  448. /* This is similar to ACLDescribeUserCommandRules(), however instead of
  449.  * describing just the user command rules, everything is described: user
  450.  * flags, keys, passwords and finally the command rules obtained via
  451.  * the ACLDescribeUserCommandRules() function. This is the function we call
  452.  * when we want to rewrite the configuration files describing ACLs and
  453.  * in order to show users with ACL LIST. */
  454. sds ACLDescribeUser(user *u) {
  455.     sds res = sdsempty();
  456.  
  457.     /* Flags. */
  458.     for (int j = 0; ACLUserFlags[j].flag; j++) {
  459.         /* Skip the allcommands, allkeys and allchannels flags because they'll
  460.          * be emitted later as +@all, ~* and &*. */
  461.         if (ACLUserFlags[j].flag == USER_FLAG_ALLKEYS ||
  462.             ACLUserFlags[j].flag == USER_FLAG_ALLCHANNELS ||
  463.             ACLUserFlags[j].flag == USER_FLAG_ALLCOMMANDS) continue;
  464.         if (u->flags & ACLUserFlags[j].flag) {
  465.             res = sdscat(res,ACLUserFlags[j].name);
  466.             res = sdscatlen(res," ",1);
  467.         }
  468.     }
  469.  
  470.     /* Passwords. */
  471.     listIter li;
  472.     listNode *ln;
  473.     listRewind(u->passwords,&li);
  474.     while((ln = listNext(&li))) {
  475.         sds thispass = listNodeValue(ln);
  476.         res = sdscatlen(res,"#",1);
  477.         res = sdscatsds(res,thispass);
  478.         res = sdscatlen(res," ",1);
  479.     }
  480.  
  481.     /* Key patterns. */
  482.     if (u->flags & USER_FLAG_ALLKEYS) {
  483.         res = sdscatlen(res,"~* ",3);
  484.     } else {
  485.         listRewind(u->patterns,&li);
  486.         while((ln = listNext(&li))) {
  487.             sds thispat = listNodeValue(ln);
  488.             res = sdscatlen(res,"~",1);
  489.             res = sdscatsds(res,thispat);
  490.             res = sdscatlen(res," ",1);
  491.         }
  492.     }
  493.  
  494.     /* Pub/sub channel patterns. */
  495.     if (u->flags & USER_FLAG_ALLCHANNELS) {
  496.         res = sdscatlen(res,"&* ",3);
  497.     } else {
  498.         res = sdscatlen(res,"resetchannels ",14);
  499.         listRewind(u->channels,&li);
  500.         while((ln = listNext(&li))) {
  501.             sds thispat = listNodeValue(ln);
  502.             res = sdscatlen(res,"&",1);
  503.             res = sdscatsds(res,thispat);
  504.             res = sdscatlen(res," ",1);
  505.         }
  506.     }
  507.  
  508.     /* Command rules. */
  509.     sds rules = ACLDescribeUserCommandRules(u);
  510.     res = sdscatsds(res,rules);
  511.     sdsfree(rules);
  512.     return res;
  513. }

相关技术文章

最新源码

下载排行榜
点击QQ咨询
开通会员
返回顶部
×
微信扫码支付
微信扫码支付
确定支付下载
请使用微信描二维码支付
×

提示信息

×

选择支付方式

  • 微信支付
  • 支付宝付款
确定支付下载