Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] A client blocked on authentication through a module can't log into a cluster when it is down #619

Closed
jdork0 opened this issue Jun 10, 2024 · 2 comments · Fixed by #693
Closed

[BUG] A client blocked on authentication through a module can't log into a cluster when it is down #619

jdork0 opened this issue Jun 10, 2024 · 2 comments · Fixed by #693
Assignees
@KarthikSubbarao
Labels
bug Something isn't working

Comments

@jdork0
Copy link

jdork0 commented Jun 10, 2024

Describe the bug

I raised this issue against the redis project (redis/redis#13330), but I've re-created it with valkey as well.

I'm developing an authentication module that takes advantage of the authentication module features to block the client during authentication.

When the server is configured for cluster mode and the cluster is down, such as when it is first being created, any client that attempts to login gets the message "AUTH failed: CLUSTERDOWN The cluster is down". My code is authenticating the user with RedisModule_AuthenticateClientWithACLUser and returning REDISMODULE_AUTH_HANDLED in the same way that the test code under test/modules/auth.c is doing.

To reproduce

Attached is the minimal code from tests/modules/auth.c to create a module to expose the problem.
auth.c.gz

valkey.conf file:

loadmodule auth.so
cluster-enabled yes
cluster-config-file cluster.nodes.conf
user foo on ~* +@all
user default off

Steps to re-create:

  • Compile the module with gcc -shared auth.c -o auth.so
  • Start redis the attached config file
  • login with the user foo, password blocking.
$ valkey-cli --user foo --pass blocking
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
AUTH failed: CLUSTERDOWN The cluster is down

Expected behavior

A client blocked for auth module authentication should be able to login even if the cluster is down.

Additional information

In the 7.2 code, I believe the fix is to exclude clients that are blocked for module authentication in:

cluster.c -> clusterRedirectBlockedClientIfNeeded

int clusterRedirectBlockedClientIfNeeded(client *c) {
if (c->flags & CLIENT_BLOCKED &&
(c->bstate.btype == BLOCKED_LIST ||
c->bstate.btype == BLOCKED_ZSET ||
c->bstate.btype == BLOCKED_STREAM ||
c->bstate.btype == BLOCKED_MODULE)
&& !clientHasModuleAuthInProgress(c))
{
...
@KarthikSubbarao
Copy link
Member

KarthikSubbarao commented Jun 10, 2024
edited
Loading

Hello - I will take a look into this issue later today and work on a fix

@madolson madolson added the bug Something isn't working label Jun 10, 2024
@madolson
Copy link
Member

@KarthikSubbarao Are you still planning on working on this?

@KarthikSubbarao KarthikSubbarao mentioned this issue Jun 25, 2024
Merged
@madolson madolson linked a pull request Jul 1, 2024 that will close this issue
Allow Module blocking operations (not blocked on keys) to succeed when cluster is down #693
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KarthikSubbarao KarthikSubbarao

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
3 participants
@madolson @KarthikSubbarao @jdork0