Merge pull request #62 from marcantonio/redis_auth

Add authentication option to ndb_redis

modules/ndb_redis/doc/ndb_redis_admin.xml

@@ -62,14 +62,13 @@
 	<section id="ndb_redis.p.server">
 		<title><varname>server</varname> (str)</title>
 		<para>
-			Specify the details to connect to REDIS server. It takes a list of
-			attribute=value separated by semicolon, the attributes can be
-			name, unix, addr, port and db. Name is a generic identifier to be used
-			with module functions. unix is the path to the unix domain socket provided
-			by redis server. addr and port are the IP address and the port to
-			connect to REDIS server. unix and (addr, port) are mutually exclusive.
-			If both appear in same server settings unix domain socket is configured.
-			db is the DB number to use (defaults to 0 if not specified).
+			Specify the details to connect to REDIS server. It takes a list of attribute=value
+			separated by semicolon, the attributes can be name, unix, addr, port, db and pass. Name
+			is a generic identifier to be used with module functions. unix is the path to the unix
+			domain socket provided by redis server. addr and port are the IP address and the port to
+			connect to REDIS server. pass is the server password. unix and (addr, port) are mutually
+			exclusive.  If both appear in same server settings unix domain socket is configured.  db
+			is the DB number to use (defaults to 0 if not specified).
 		</para>
 		<para>
 			You can set this parameter many times, in case you want to connect to
@@ -86,7 +85,7 @@
 		<programlisting format="linespecific">
 ...
 modparam("ndb_redis", "server", "name=srvN;addr=127.0.0.1;port=6379;db=1")
-modparam("ndb_redis", "server", "name=srvX;addr=127.0.0.2;port=6379;db=4")
+modparam("ndb_redis", "server", "name=srvX;addr=127.0.0.2;port=6379;db=4;pass=mypassword")
 
 # Unix domain socket
 modparam("ndb_redis", "server", "name=srvY;unix=/tmp/redis.sock;db=3")

modules/ndb_redis/redis_client.c

@@ -46,7 +46,7 @@ static redisc_reply_t *_redisc_rpl_list=NULL;
  */
 int redisc_init(void)
 {
-	char *addr, *unix_sock_path = NULL;
+	char *addr, *pass, *unix_sock_path = NULL;
 	unsigned int port, db;
 	redisc_server_t *rsrv=NULL;
 	param_t *pit = NULL;
@@ -66,6 +66,8 @@ int redisc_init(void)
 		addr = "127.0.0.1";
 		port = 6379;
 		db = 0;
+		pass = NULL;
+
 		for (pit = rsrv->attrs; pit; pit=pit->next)
 		{
 			if(pit->name.len==4 && strncmp(pit->name.s, "unix", 4)==0) {
@@ -80,6 +82,9 @@ int redisc_init(void)
 			} else if(pit->name.len==2 && strncmp(pit->name.s, "db", 2)==0) {
 				if(str2int(&pit->body, &db) < 0)
 					db = 0;
+			} else if(pit->name.len==4 && strncmp(pit->name.s, "pass", 4)==0) {
+				pass = pit->body.s;
+				pass[pit->body.len] = '\0';
 			}
 		}
 
@@ -94,6 +99,8 @@ int redisc_init(void)
 			goto err;
 		if (rsrv->ctxRedis->err)
 			goto err2;
+		if ((pass != NULL) && redisc_check_auth(rsrv, pass))
+			goto err2;
 		if (redisCommandNR(rsrv->ctxRedis, "PING"))
 			goto err2;
 		if (redisCommandNR(rsrv->ctxRedis, "SELECT %i", db))
@@ -515,3 +522,17 @@ int redisc_free_reply(str *name)
 	/* reply entry not found. */
 	return -1;
 }
+
+int redisc_check_auth(redisc_server_t *rsrv, char *pass)
+{
+	redisReply *reply;
+	int retval = 0;
+
+	reply = redisCommand(rsrv->ctxRedis, "AUTH %s", pass);
+	if (reply->type == REDIS_REPLY_ERROR) {
+		LM_ERR("Redis authentication error\n");
+		retval = -1;
+	}
+	freeReplyObject(reply);
+	return retval;
+}

modules/ndb_redis/redis_client.h

@@ -67,4 +67,5 @@ int redisc_exec(str *srv, str *res, str *cmd, ...);
 void* redisc_exec_argv(redisc_server_t *rsrv, int argc, const char **argv, const size_t *argvlen);
 redisc_reply_t *redisc_get_reply(str *name);
 int redisc_free_reply(str *name);
+int redisc_check_auth(redisc_server_t *rsrv, char *pass);
 #endif