diff --git a/program/include/cert_conf.h b/program/include/cert_conf.h index 160af03..5ae7bda 100644 --- a/program/include/cert_conf.h +++ b/program/include/cert_conf.h @@ -58,8 +58,9 @@ struct _initer_addr_t{ char maat_ip[16]; /*maat redis ip */ int dbindex; /*maat redis dbindex*/ - uint16_t store_port; /*store redis port */ - char store_ip[16]; /*store redis ip*/ + uint16_t local_redis_port; /*store redis port */ + char local_redis_ip[16]; /*store redis ip*/ + char local_redis_passwd[128]; uint16_t statsd_port; char statsd_server[16]; diff --git a/program/src/cert_conf.cpp b/program/src/cert_conf.cpp index c4816ff..1ba1866 100644 --- a/program/src/cert_conf.cpp +++ b/program/src/cert_conf.cpp @@ -100,17 +100,21 @@ static int load_module_config(const char *config) goto finish; } - xret = MESA_load_profile_string_nodef(config, "CERTSTORE_REDIS", "ip", rte->addr_t.store_ip, 16); + xret = MESA_load_profile_string_nodef(config, "CERTSTORE_REDIS", "ip", rte->addr_t.local_redis_ip, 16); if (xret < 0){ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Certsotre redis ip invalid"); goto finish; } - - xret = MESA_load_profile_short_nodef(config, "CERTSTORE_REDIS", "port", (short *)&(rte->addr_t.store_port)); + xret = MESA_load_profile_short_nodef(config, "CERTSTORE_REDIS", "port", (short *)&(rte->addr_t.local_redis_port)); if (xret < 0){ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Certsotre redis port invalid"); goto finish; } + xret = MESA_load_profile_string_nodef(config, "CERTSTORE_REDIS", "password", rte->addr_t.local_redis_passwd, 128); + if (xret < 0){ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Certsotre redis passwd invalid"); + goto finish; + } xret = MESA_load_profile_string_nodef(config, "stat", "statsd_server", rte->addr_t.statsd_server, 16); if (xret < 0){ diff --git a/program/src/cert_session.cpp b/program/src/cert_session.cpp index f541dfb..4e1818d 100644 --- a/program/src/cert_session.cpp +++ b/program/src/cert_session.cpp @@ -958,13 +958,23 @@ void request_destroy(struct tfe_http_request *request) request = NULL; } -static -int redis_rsync_init(struct event_base *base, struct redisAsyncContext **cl_ctx) +static void redis_conn_aunth_callback(redisAsyncContext *cl_ctx, void *r, void *privdata) +{ + redisReply *reply = (redisReply*)r; + if (reply->type == REDIS_REPLY_ERROR) + { + redisAsyncDisconnect(cl_ctx); + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Redis async authentication failed ..."); + } + return; +} + +static int redis_rsync_init(struct event_base *base, struct redisAsyncContext **cl_ctx) { int xret = -1; struct config_bucket_t *redis = cfg_instanec(); - *cl_ctx = redisAsyncConnect(redis->addr_t.store_ip, redis->addr_t.store_port); + *cl_ctx = redisAsyncConnect(redis->addr_t.local_redis_ip, redis->addr_t.local_redis_port); if((*cl_ctx)->err ) { mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Redis Connect error : %s", (*cl_ctx)->errstr); goto finish; @@ -972,6 +982,7 @@ int redis_rsync_init(struct event_base *base, struct redisAsyncContext **cl_ctx) redisLibeventAttach((*cl_ctx), base); redisAsyncSetConnectCallback((*cl_ctx), connectCallback); redisAsyncSetDisconnectCallback((*cl_ctx), disconnectCallback); + redisAsyncCommand(*cl_ctx, redis_conn_aunth_callback, NULL, "AUTH %s", redis->addr_t.local_redis_passwd); xret = 0; @@ -1460,6 +1471,8 @@ void redis_get_callback(redisAsyncContext __attribute__((__unused__))*c, void *r xret = redis_clnt_pdu_send(request); break; default: + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "%s", reply->str); + xret = redis_clnt_send(request, reply); break; } return; @@ -1792,11 +1805,12 @@ finish: int redis_sync_init(struct redisContext **c) { int xret = -1; + redisReply *reply; struct config_bucket_t *redis = cfg_instanec(); struct timeval timeout = { 1, 500000 }; // 1.5 seconds - *c = redisConnectWithTimeout(redis->addr_t.store_ip, redis->addr_t.store_port, timeout); + *c = redisConnectWithTimeout(redis->addr_t.local_redis_ip, redis->addr_t.local_redis_port, timeout); if (*c == NULL || (*c)->err) { if (*c) { mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Sync connection error: %s", (*c)->errstr); @@ -1807,6 +1821,20 @@ int redis_sync_init(struct redisContext **c) } goto finish; } + + reply= (redisReply *)redisCommand(*c, "AUTH %s", redis->addr_t.local_redis_passwd); + if (reply->type == REDIS_REPLY_ERROR) + { + redisFree(*c); + *c=NULL; + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Redis authentication failed ..."); + } + else + { + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Redis authentication succeeded ..."); + } + freeReplyObject(reply); + xret = 0; finish: return xret; diff --git a/program/src/cert_store.cpp b/program/src/cert_store.cpp index 223dac3..a20bcaa 100644 --- a/program/src/cert_store.cpp +++ b/program/src/cert_store.cpp @@ -47,8 +47,8 @@ void cert_store_preview () printf("\r\nBasic Configuration of CertStore \n"); printf("%30s:%45s\n", "Run Mode", (rte->mode == 1)?"async":"sync"); printf("%30s:%45d\n", "The Threads", rte->thread_nu); - printf("%30s:%45s\n", "Store Redis Ip", rte->addr_t.store_ip); - printf("%30s:%45d\n", "Store Redis Port", rte->addr_t.store_port); + printf("%30s:%45s\n", "Store Redis Ip", rte->addr_t.local_redis_ip); + printf("%30s:%45d\n", "Store Redis Port", rte->addr_t.local_redis_port); printf("%30s:%45s\n", "Maat Redis Ip", rte->addr_t.maat_ip); printf("%30s:%45d\n", "Maat Redis Port", rte->addr_t.maat_port); printf("%30s:%45d\n", "Maat Redis index", rte->addr_t.dbindex); diff --git a/resource/conf/cert_store.ini b/resource/conf/cert_store.ini index 336c430..7772b5f 100644 --- a/resource/conf/cert_store.ini +++ b/resource/conf/cert_store.ini @@ -47,6 +47,7 @@ port = 9991 #The Redis server IP address and port number where the certificate is stored locally ip = 127.0.0.1 port = 6379 +passwd=123456 [MAAT_REDIS] #Maat monitors the Redsi server IP address and port number