Master does not authenticate to slaves before replication.

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Create a master & slave redis node.
2. Add requirepassword to slave.
3. Run master & slave, add values to master.

What is the expected output? What do you see instead?
Master should replicate to slave, but it doesn't auth first so replication 
fails.

What version of the product are you using? On what operating system?
1.02 Linux

Please provide any additional information below.

Patch for github version fee803ba3eeb9a902e3e8ac27812cc9b2eba970b attached.
Adds a slaveauth parameter to the config.

Original issue reported on code.google.com by anthony....@gmail.com on 11 Nov 2009 at 8:34

Attachments:

• redis.c.slaveauth.patch

[GoogleCodeExporter]

Hello Anthony, I think this is not a good idea, I mean, isn't it just 
simpler/better than 
Redis does not require authentication in a connection that is known to be a 
mastetr? 
After all it's the slave that asks for replication.

Cheers,
Salvatore

Original comment by anti...@gmail.com on 12 Dec 2009 at 7:46

[GoogleCodeExporter]

Only on startup or when disconnected does a slave issue a SYNC to the master.  
After
the sync, slaves are added to the master's slave list.  The master then 
replicates to
the connected slaves via replicationFeedSlaves, which doesn't auth to the slaves
before attempting operations.  This causes all replicationFeedSlaves operations 
to
fail when run against secured slaves.

Anthony

Original comment by anthony....@gmail.com on 12 Dec 2009 at 5:49

[GoogleCodeExporter]

Anthony sorry I was not clear enough. What I mean is that the slave does the 
SYNC, and 
set the 'authenticated' field of the client structure to 1. So the server will 
not need to 
AUTH against the slave to send the strem of commands.

Original comment by anti...@gmail.com on 12 Dec 2009 at 6:03

[GoogleCodeExporter]

Maybe I am misunderstanding something.  My undersanding is basically the 
following:

The authenticated int is set for the slave's client struct on the server on 
SYNC. 
But it is not set for the master's client struct on the slave.  When the master
issues a replicationFeedSlaves command to the slave for the first time, it is
unauthenticated.  So its slave-side client struct still requires authentication.

If this is wrong please let me know.

Original comment by anthony....@gmail.com on 18 Dec 2009 at 10:40

[GoogleCodeExporter]

Hello Anthony, note that I merged the first patch you provided, that is 
"masterauth". I 
did't merged the other one because it is not needed.

So this is how this works.

A is a MASTER with a password set
B is a SLAVE with a password set

B connects to A, since the user configured it with "masterauth <password>" it 
uses 
AUTH before to send SYNC. Also "B" will set the this client as authenticated.

A receives AUTH + SYNC, starts the synchronization, and after the first 
synchronization is done it uses the same socket to send new commands to the 
client 
(the replicationFeedSlaves() stuff). Even if the slave B requires  password for 
normal 
connections, it already sent this connection as authenticated, so all the 
commands 
will be accepted without problems.

Just to be sure I just tried and it's working perfectly.

Cheers,
Salvatore

Original comment by anti...@gmail.com on 18 Dec 2009 at 10:58

[GoogleCodeExporter]

I use masterauth and auth and this appears to work for me now.  I think you can 
flag 
this issue as resolved.

Original comment by russr...@gmail.com on 1 Mar 2010 at 12:43

[GoogleCodeExporter]

Original comment by anti...@gmail.com on 23 Aug 2010 at 3:33

• Changed state: Verified