From a351dbebb1e3dfea7258464c1c491c43e1fce525 Mon Sep 17 00:00:00 2001 From: "Tejas Kulkarni (from Dev Box)" Date: Fri, 6 Sep 2024 13:02:11 +0530 Subject: [PATCH 1/9] Added custom authenticator to support MISE. --- libs/host/Configuration/Options.cs | 14 +++++++++++--- libs/host/GarnetServer.cs | 5 +++-- .../server/Auth/Settings/AuthenticationSettings.cs | 7 ++++++- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/libs/host/Configuration/Options.cs b/libs/host/Configuration/Options.cs index 85c7b62782..4fc12db06c 100644 --- a/libs/host/Configuration/Options.cs +++ b/libs/host/Configuration/Options.cs @@ -493,7 +493,7 @@ public bool IsValid(out List invalidOptions, ILogger logger) return isValid; } - public GarnetServerOptions GetServerOptions(ILogger logger = null) + public GarnetServerOptions GetServerOptions(IAuthenticationSettings authenticationSettings = null, ILogger logger = null) { var useAzureStorage = UseAzureStorage.GetValueOrDefault(); var enableStorageTier = EnableStorageTier.GetValueOrDefault(); @@ -582,7 +582,7 @@ public GarnetServerOptions GetServerOptions(ILogger logger = null) DisableObjects = DisableObjects.GetValueOrDefault(), EnableCluster = EnableCluster.GetValueOrDefault(), CleanClusterConfig = CleanClusterConfig.GetValueOrDefault(), - AuthSettings = GetAuthenticationSettings(logger), + AuthSettings = GetAuthenticationSettings(authenticationSettings, logger), EnableAOF = EnableAOF.GetValueOrDefault(), EnableLua = EnableLua.GetValueOrDefault(), LuaTransactionMode = LuaTransactionMode.GetValueOrDefault(), @@ -648,7 +648,7 @@ public GarnetServerOptions GetServerOptions(ILogger logger = null) }; } - private IAuthenticationSettings GetAuthenticationSettings(ILogger logger = null) + private IAuthenticationSettings GetAuthenticationSettings(IAuthenticationSettings authenticationSettings = null, ILogger logger = null) { switch (AuthenticationMode) { @@ -663,6 +663,14 @@ private IAuthenticationSettings GetAuthenticationSettings(ILogger logger = null) case GarnetAuthenticationMode.AclWithAad: var aadAuthSettings = new AadAuthenticationSettings(AuthorizedAadApplicationIds?.Split(','), AadAudiences?.Split(','), AadIssuers?.Split(','), IssuerSigningTokenProvider.Create(AadAuthority, logger), AadValidateUsername.GetValueOrDefault()); return new AclAuthenticationAadSettings(AclFile, Password, aadAuthSettings); + case GarnetAuthenticationMode.Custom: + if (authenticationSettings == null) + { + logger?.LogError("Custom authentication mode requires an instance of IAuthenticationSettings to be provided."); + throw new Exception("Custom authentication mode requires an instance of IAuthenticationSettings to be provided."); + } + + return authenticationSettings; default: logger?.LogError("Unsupported authentication mode: {mode}", AuthenticationMode); throw new Exception($"Authentication mode {AuthenticationMode} is not supported."); diff --git a/libs/host/GarnetServer.cs b/libs/host/GarnetServer.cs index 6af117b109..d574b3b06d 100644 --- a/libs/host/GarnetServer.cs +++ b/libs/host/GarnetServer.cs @@ -9,6 +9,7 @@ using Garnet.common; using Garnet.networking; using Garnet.server; +using Garnet.server.Auth.Settings; using Microsoft.Extensions.Logging; using Tsavorite.core; @@ -77,7 +78,7 @@ public class GarnetServer : IDisposable /// /// Command line arguments /// Logger factory - public GarnetServer(string[] commandLineArgs, ILoggerFactory loggerFactory = null, bool cleanupDir = false) + public GarnetServer(string[] commandLineArgs, IAuthenticationSettings authenticationSettings = null, ILoggerFactory loggerFactory = null, bool cleanupDir = false) { Trace.Listeners.Add(new ConsoleTraceListener()); @@ -125,7 +126,7 @@ public GarnetServer(string[] commandLineArgs, ILoggerFactory loggerFactory = nul }); // Assign values to GarnetServerOptions - this.opts = serverSettings.GetServerOptions(this.loggerFactory.CreateLogger("Options")); + this.opts = serverSettings.GetServerOptions(authenticationSettings, this.loggerFactory.CreateLogger("Options")); this.cleanupDir = cleanupDir; this.InitializeServer(); } diff --git a/libs/server/Auth/Settings/AuthenticationSettings.cs b/libs/server/Auth/Settings/AuthenticationSettings.cs index d247bc0743..4ae000e749 100644 --- a/libs/server/Auth/Settings/AuthenticationSettings.cs +++ b/libs/server/Auth/Settings/AuthenticationSettings.cs @@ -34,7 +34,12 @@ public enum GarnetAuthenticationMode /// /// ACL mode using Aad token instead of password. Here username is expected to be ObjectId or a valid Group's Object Id and token will be validated for claims. /// - AclWithAad + AclWithAad, + + /// + /// Custom authentication mode. Requires a custom authenticator to be implemented and passed during Garnet server instantiation. + /// + Custom } /// From b09bf822c45141223c007246d8595759031c88a9 Mon Sep 17 00:00:00 2001 From: "Tejas Kulkarni (from Dev Box)" Date: Wed, 11 Sep 2024 09:28:20 +0530 Subject: [PATCH 2/9] Need to extend GarnetAclAuthenticator while creating custom authenticator. Making it public --- libs/server/Auth/GarnetACLAuthenticator.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/server/Auth/GarnetACLAuthenticator.cs b/libs/server/Auth/GarnetACLAuthenticator.cs index 32636d6184..05fa6ee01c 100644 --- a/libs/server/Auth/GarnetACLAuthenticator.cs +++ b/libs/server/Auth/GarnetACLAuthenticator.cs @@ -8,7 +8,7 @@ namespace Garnet.server.Auth { - abstract class GarnetACLAuthenticator : IGarnetAuthenticator + public abstract class GarnetACLAuthenticator : IGarnetAuthenticator { /// /// The Access Control List to authenticate users against From 68ca6bc4a48a743f2fc11b2be5bd4a364f36b9b8 Mon Sep 17 00:00:00 2001 From: "Tejas Kulkarni (from Dev Box)" Date: Fri, 13 Sep 2024 22:07:14 +0530 Subject: [PATCH 3/9] Reverting public for GarnetAclAuthenticator --- libs/server/Auth/GarnetACLAuthenticator.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/server/Auth/GarnetACLAuthenticator.cs b/libs/server/Auth/GarnetACLAuthenticator.cs index 05fa6ee01c..32636d6184 100644 --- a/libs/server/Auth/GarnetACLAuthenticator.cs +++ b/libs/server/Auth/GarnetACLAuthenticator.cs @@ -8,7 +8,7 @@ namespace Garnet.server.Auth { - public abstract class GarnetACLAuthenticator : IGarnetAuthenticator + abstract class GarnetACLAuthenticator : IGarnetAuthenticator { /// /// The Access Control List to authenticate users against From 88258a0ac447565d8ecd974bedc5259f31a66f38 Mon Sep 17 00:00:00 2001 From: "Tejas Kulkarni (from Dev Box)" Date: Fri, 13 Sep 2024 22:45:41 +0530 Subject: [PATCH 4/9] Updated param name with Override suffix. Setting AuthSetting during Garnet server intiialization and removed custom auth enum --- libs/host/Configuration/Options.cs | 18 +++++------------- libs/host/GarnetServer.cs | 5 +++-- .../Auth/Settings/AuthenticationSettings.cs | 7 +------ 3 files changed, 9 insertions(+), 21 deletions(-) diff --git a/libs/host/Configuration/Options.cs b/libs/host/Configuration/Options.cs index 5c94f33caa..0a77be6586 100644 --- a/libs/host/Configuration/Options.cs +++ b/libs/host/Configuration/Options.cs @@ -493,7 +493,7 @@ public bool IsValid(out List invalidOptions, ILogger logger) return isValid; } - public GarnetServerOptions GetServerOptions(IAuthenticationSettings authenticationSettings = null, ILogger logger = null) + public GarnetServerOptions GetServerOptions(ILogger logger = null) { var useAzureStorage = UseAzureStorage.GetValueOrDefault(); var enableStorageTier = EnableStorageTier.GetValueOrDefault(); @@ -582,7 +582,7 @@ public GarnetServerOptions GetServerOptions(IAuthenticationSettings authenticati DisableObjects = DisableObjects.GetValueOrDefault(), EnableCluster = EnableCluster.GetValueOrDefault(), CleanClusterConfig = CleanClusterConfig.GetValueOrDefault(), - AuthSettings = GetAuthenticationSettings(authenticationSettings, logger), + AuthSettings = GetAuthenticationSettings(logger), EnableAOF = EnableAOF.GetValueOrDefault(), EnableLua = EnableLua.GetValueOrDefault(), LuaTransactionMode = LuaTransactionMode.GetValueOrDefault(), @@ -648,7 +648,7 @@ public GarnetServerOptions GetServerOptions(IAuthenticationSettings authenticati }; } - private IAuthenticationSettings GetAuthenticationSettings(IAuthenticationSettings authenticationSettings = null, ILogger logger = null) + private IAuthenticationSettings GetAuthenticationSettings(ILogger logger = null) { switch (AuthenticationMode) { @@ -663,17 +663,9 @@ private IAuthenticationSettings GetAuthenticationSettings(IAuthenticationSetting case GarnetAuthenticationMode.AclWithAad: var aadAuthSettings = new AadAuthenticationSettings(AuthorizedAadApplicationIds?.Split(','), AadAudiences?.Split(','), AadIssuers?.Split(','), IssuerSigningTokenProvider.Create(AadAuthority, logger), AadValidateUsername.GetValueOrDefault()); return new AclAuthenticationAadSettings(AclFile, Password, aadAuthSettings); - case GarnetAuthenticationMode.Custom: - if (authenticationSettings == null) - { - logger?.LogError("Custom authentication mode requires an instance of IAuthenticationSettings to be provided."); - throw new Exception("Custom authentication mode requires an instance of IAuthenticationSettings to be provided."); - } - - return authenticationSettings; default: - logger?.LogError("Unsupported authentication mode: {mode}", AuthenticationMode); - throw new Exception($"Authentication mode {AuthenticationMode} is not supported."); + logger?.LogWarning("Defaulting to NoAuth if authenticationSettingsOverride is not provided."); + return new NoAuthSettings(); } } } diff --git a/libs/host/GarnetServer.cs b/libs/host/GarnetServer.cs index c1f0b5d2a6..365f9eb66b 100644 --- a/libs/host/GarnetServer.cs +++ b/libs/host/GarnetServer.cs @@ -77,7 +77,7 @@ public class GarnetServer : IDisposable /// /// Command line arguments /// Logger factory - public GarnetServer(string[] commandLineArgs, IAuthenticationSettings authenticationSettings = null, ILoggerFactory loggerFactory = null, bool cleanupDir = false) + public GarnetServer(string[] commandLineArgs, IAuthenticationSettings authenticationSettingsOverride = null, ILoggerFactory loggerFactory = null, bool cleanupDir = false) { Trace.Listeners.Add(new ConsoleTraceListener()); @@ -125,7 +125,8 @@ public GarnetServer(string[] commandLineArgs, IAuthenticationSettings authentica }); // Assign values to GarnetServerOptions - this.opts = serverSettings.GetServerOptions(authenticationSettings, this.loggerFactory.CreateLogger("Options")); + this.opts = serverSettings.GetServerOptions(this.loggerFactory.CreateLogger("Options")); + this.opts.AuthSettings = authenticationSettingsOverride ?? this.opts.AuthSettings; this.cleanupDir = cleanupDir; this.InitializeServer(); } diff --git a/libs/server/Auth/Settings/AuthenticationSettings.cs b/libs/server/Auth/Settings/AuthenticationSettings.cs index 4ae000e749..d247bc0743 100644 --- a/libs/server/Auth/Settings/AuthenticationSettings.cs +++ b/libs/server/Auth/Settings/AuthenticationSettings.cs @@ -34,12 +34,7 @@ public enum GarnetAuthenticationMode /// /// ACL mode using Aad token instead of password. Here username is expected to be ObjectId or a valid Group's Object Id and token will be validated for claims. /// - AclWithAad, - - /// - /// Custom authentication mode. Requires a custom authenticator to be implemented and passed during Garnet server instantiation. - /// - Custom + AclWithAad } /// From 4452fe5535ca35dec056f08f90669fec4cfda129 Mon Sep 17 00:00:00 2001 From: "Tejas Kulkarni (from Dev Box)" Date: Mon, 16 Sep 2024 09:49:32 +0530 Subject: [PATCH 5/9] Keeping default to throw exception. --- libs/host/Configuration/Options.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/host/Configuration/Options.cs b/libs/host/Configuration/Options.cs index 0a77be6586..419e1fd119 100644 --- a/libs/host/Configuration/Options.cs +++ b/libs/host/Configuration/Options.cs @@ -664,8 +664,8 @@ private IAuthenticationSettings GetAuthenticationSettings(ILogger logger = null) var aadAuthSettings = new AadAuthenticationSettings(AuthorizedAadApplicationIds?.Split(','), AadAudiences?.Split(','), AadIssuers?.Split(','), IssuerSigningTokenProvider.Create(AadAuthority, logger), AadValidateUsername.GetValueOrDefault()); return new AclAuthenticationAadSettings(AclFile, Password, aadAuthSettings); default: - logger?.LogWarning("Defaulting to NoAuth if authenticationSettingsOverride is not provided."); - return new NoAuthSettings(); + logger?.LogError("Unsupported authentication mode: {mode}", AuthenticationMode); + throw new Exception($"Authentication mode {AuthenticationMode} is not supported."); } } } From da7ae74cf77a31d67febce6ea5dd46dacea72ad5 Mon Sep 17 00:00:00 2001 From: "Tejas Kulkarni (from Dev Box)" Date: Mon, 16 Sep 2024 12:11:00 +0530 Subject: [PATCH 6/9] Moved new parameter to last for backward compatibility --- libs/host/GarnetServer.cs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libs/host/GarnetServer.cs b/libs/host/GarnetServer.cs index 95deb73210..3b45be5f00 100644 --- a/libs/host/GarnetServer.cs +++ b/libs/host/GarnetServer.cs @@ -77,7 +77,9 @@ public class GarnetServer : IDisposable /// /// Command line arguments /// Logger factory - public GarnetServer(string[] commandLineArgs, IAuthenticationSettings authenticationSettingsOverride = null, ILoggerFactory loggerFactory = null, bool cleanupDir = false) + /// Clean up directory. + /// Override for custom authentication settings. + public GarnetServer(string[] commandLineArgs, ILoggerFactory loggerFactory = null, bool cleanupDir = false, IAuthenticationSettings authenticationSettingsOverride = null) { Trace.Listeners.Add(new ConsoleTraceListener()); From a2322fabcb7806d54fb8505d35d4474ddae6f124 Mon Sep 17 00:00:00 2001 From: "Tejas Kulkarni (from Dev Box)" Date: Wed, 18 Sep 2024 13:30:06 +0530 Subject: [PATCH 7/9] Adding IGarnetAclAuthenticator interface and updated corresponding references --- libs/server/Auth/GarnetACLAuthenticator.cs | 2 +- libs/server/Auth/IGarnetAclAuthenticator.cs | 45 +++++++++++++++++++++ libs/server/Resp/ACLCommands.cs | 12 +++--- libs/server/Resp/RespServerSession.cs | 2 +- 4 files changed, 53 insertions(+), 8 deletions(-) create mode 100644 libs/server/Auth/IGarnetAclAuthenticator.cs diff --git a/libs/server/Auth/GarnetACLAuthenticator.cs b/libs/server/Auth/GarnetACLAuthenticator.cs index 32636d6184..82ccc61419 100644 --- a/libs/server/Auth/GarnetACLAuthenticator.cs +++ b/libs/server/Auth/GarnetACLAuthenticator.cs @@ -8,7 +8,7 @@ namespace Garnet.server.Auth { - abstract class GarnetACLAuthenticator : IGarnetAuthenticator + abstract class GarnetACLAuthenticator : IGarnetAclAuthenticator { /// /// The Access Control List to authenticate users against diff --git a/libs/server/Auth/IGarnetAclAuthenticator.cs b/libs/server/Auth/IGarnetAclAuthenticator.cs new file mode 100644 index 0000000000..4c71b739b0 --- /dev/null +++ b/libs/server/Auth/IGarnetAclAuthenticator.cs @@ -0,0 +1,45 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT license. + +using System; +using Garnet.server.ACL; + +namespace Garnet.server.Auth +{ + public interface IGarnetAclAuthenticator : IGarnetAuthenticator + { + /// + /// Indicates that this user can authenticate with passed credentials. + /// + bool CanAuthenticate { get; } + + /// + /// Check if the user is authorized to execute commands. + /// + bool IsAuthenticated { get; } + + /// + /// ACL authenticator is can use ACL. + /// + bool HasACLSupport { get; } + + /// + /// Authenticate the given user/password combination. + /// + /// Password to authenticate with. + /// Username to authenticate with. If empty, will authenticate default user. + /// true if authentication was successful + bool Authenticate(ReadOnlySpan password, ReadOnlySpan username); + + /// + /// Returns the currently authorized user. + /// + /// Authorized user or null if not authorized + User GetUser(); + + /// + /// The Access Control List to authenticate users against + /// + AccessControlList GetAccessControlList(); + } +} diff --git a/libs/server/Resp/ACLCommands.cs b/libs/server/Resp/ACLCommands.cs index 61c4f6e8c5..4bb7179a00 100644 --- a/libs/server/Resp/ACLCommands.cs +++ b/libs/server/Resp/ACLCommands.cs @@ -18,7 +18,7 @@ internal sealed unsafe partial class RespServerSession : ServerSessionBase { private bool ValidateACLAuthenticator() { - if (_authenticator is null or not GarnetACLAuthenticator) + if (_authenticator is null or not IGarnetAclAuthenticator) { while (!RespWriteUtils.WriteError(CmdStrings.RESP_ERR_ACL_AUTH_DISABLED, ref dcurr, dend)) SendAndReset(); @@ -64,7 +64,7 @@ private bool NetworkAclList() if (!ValidateACLAuthenticator()) return true; - var aclAuthenticator = (GarnetACLAuthenticator)_authenticator; + var aclAuthenticator = (IGarnetAclAuthenticator)_authenticator; var users = aclAuthenticator.GetAccessControlList().GetUsers(); while (!RespWriteUtils.WriteArrayLength(users.Count, ref dcurr, dend)) SendAndReset(); @@ -96,7 +96,7 @@ private bool NetworkAclUsers() if (!ValidateACLAuthenticator()) return true; - var aclAuthenticator = (GarnetACLAuthenticator)_authenticator; + var aclAuthenticator = (IGarnetAclAuthenticator)_authenticator; var users = aclAuthenticator.GetAccessControlList().GetUsers(); while (!RespWriteUtils.WriteArrayLength(users.Count, ref dcurr, dend)) SendAndReset(); @@ -158,7 +158,7 @@ private bool NetworkAclSetUser() if (!ValidateACLAuthenticator()) return true; - var aclAuthenticator = (GarnetACLAuthenticator)_authenticator; + var aclAuthenticator = (IGarnetAclAuthenticator)_authenticator; // REQUIRED: username var username = parseState.GetString(0); @@ -216,7 +216,7 @@ private bool NetworkAclDelUser() if (!ValidateACLAuthenticator()) return true; - var aclAuthenticator = (GarnetACLAuthenticator)_authenticator; + var aclAuthenticator = (IGarnetAclAuthenticator)_authenticator; var successfulDeletes = 0; try @@ -268,7 +268,7 @@ private bool NetworkAclWhoAmI() if (!ValidateACLAuthenticator()) return true; - var aclAuthenticator = (GarnetACLAuthenticator)_authenticator; + var aclAuthenticator = (IGarnetAclAuthenticator)_authenticator; // Return the name of the currently authenticated user. Debug.Assert(aclAuthenticator.GetUser() != null); diff --git a/libs/server/Resp/RespServerSession.cs b/libs/server/Resp/RespServerSession.cs index c0ffdce91c..b14ecc97fa 100644 --- a/libs/server/Resp/RespServerSession.cs +++ b/libs/server/Resp/RespServerSession.cs @@ -281,7 +281,7 @@ public override void Dispose() { // Set authenticated user or fall back to default user, if separate users are not supported // NOTE: Currently only GarnetACLAuthenticator supports multiple users - if (_authenticator is GarnetACLAuthenticator aclAuthenticator) + if (_authenticator is IGarnetAclAuthenticator aclAuthenticator) { this._user = aclAuthenticator.GetUser(); } From e945ea837798d1cab26fbecc7055deac59c0db58 Mon Sep 17 00:00:00 2001 From: "Tejas Kulkarni (from Dev Box)" Date: Wed, 18 Sep 2024 21:13:45 +0530 Subject: [PATCH 8/9] Revert "Adding IGarnetAclAuthenticator interface and updated corresponding references" This reverts commit a2322fabcb7806d54fb8505d35d4474ddae6f124. --- libs/server/Auth/GarnetACLAuthenticator.cs | 2 +- libs/server/Auth/IGarnetAclAuthenticator.cs | 45 --------------------- libs/server/Resp/ACLCommands.cs | 12 +++--- libs/server/Resp/RespServerSession.cs | 2 +- 4 files changed, 8 insertions(+), 53 deletions(-) delete mode 100644 libs/server/Auth/IGarnetAclAuthenticator.cs diff --git a/libs/server/Auth/GarnetACLAuthenticator.cs b/libs/server/Auth/GarnetACLAuthenticator.cs index 82ccc61419..32636d6184 100644 --- a/libs/server/Auth/GarnetACLAuthenticator.cs +++ b/libs/server/Auth/GarnetACLAuthenticator.cs @@ -8,7 +8,7 @@ namespace Garnet.server.Auth { - abstract class GarnetACLAuthenticator : IGarnetAclAuthenticator + abstract class GarnetACLAuthenticator : IGarnetAuthenticator { /// /// The Access Control List to authenticate users against diff --git a/libs/server/Auth/IGarnetAclAuthenticator.cs b/libs/server/Auth/IGarnetAclAuthenticator.cs deleted file mode 100644 index 4c71b739b0..0000000000 --- a/libs/server/Auth/IGarnetAclAuthenticator.cs +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT license. - -using System; -using Garnet.server.ACL; - -namespace Garnet.server.Auth -{ - public interface IGarnetAclAuthenticator : IGarnetAuthenticator - { - /// - /// Indicates that this user can authenticate with passed credentials. - /// - bool CanAuthenticate { get; } - - /// - /// Check if the user is authorized to execute commands. - /// - bool IsAuthenticated { get; } - - /// - /// ACL authenticator is can use ACL. - /// - bool HasACLSupport { get; } - - /// - /// Authenticate the given user/password combination. - /// - /// Password to authenticate with. - /// Username to authenticate with. If empty, will authenticate default user. - /// true if authentication was successful - bool Authenticate(ReadOnlySpan password, ReadOnlySpan username); - - /// - /// Returns the currently authorized user. - /// - /// Authorized user or null if not authorized - User GetUser(); - - /// - /// The Access Control List to authenticate users against - /// - AccessControlList GetAccessControlList(); - } -} diff --git a/libs/server/Resp/ACLCommands.cs b/libs/server/Resp/ACLCommands.cs index 4bb7179a00..61c4f6e8c5 100644 --- a/libs/server/Resp/ACLCommands.cs +++ b/libs/server/Resp/ACLCommands.cs @@ -18,7 +18,7 @@ internal sealed unsafe partial class RespServerSession : ServerSessionBase { private bool ValidateACLAuthenticator() { - if (_authenticator is null or not IGarnetAclAuthenticator) + if (_authenticator is null or not GarnetACLAuthenticator) { while (!RespWriteUtils.WriteError(CmdStrings.RESP_ERR_ACL_AUTH_DISABLED, ref dcurr, dend)) SendAndReset(); @@ -64,7 +64,7 @@ private bool NetworkAclList() if (!ValidateACLAuthenticator()) return true; - var aclAuthenticator = (IGarnetAclAuthenticator)_authenticator; + var aclAuthenticator = (GarnetACLAuthenticator)_authenticator; var users = aclAuthenticator.GetAccessControlList().GetUsers(); while (!RespWriteUtils.WriteArrayLength(users.Count, ref dcurr, dend)) SendAndReset(); @@ -96,7 +96,7 @@ private bool NetworkAclUsers() if (!ValidateACLAuthenticator()) return true; - var aclAuthenticator = (IGarnetAclAuthenticator)_authenticator; + var aclAuthenticator = (GarnetACLAuthenticator)_authenticator; var users = aclAuthenticator.GetAccessControlList().GetUsers(); while (!RespWriteUtils.WriteArrayLength(users.Count, ref dcurr, dend)) SendAndReset(); @@ -158,7 +158,7 @@ private bool NetworkAclSetUser() if (!ValidateACLAuthenticator()) return true; - var aclAuthenticator = (IGarnetAclAuthenticator)_authenticator; + var aclAuthenticator = (GarnetACLAuthenticator)_authenticator; // REQUIRED: username var username = parseState.GetString(0); @@ -216,7 +216,7 @@ private bool NetworkAclDelUser() if (!ValidateACLAuthenticator()) return true; - var aclAuthenticator = (IGarnetAclAuthenticator)_authenticator; + var aclAuthenticator = (GarnetACLAuthenticator)_authenticator; var successfulDeletes = 0; try @@ -268,7 +268,7 @@ private bool NetworkAclWhoAmI() if (!ValidateACLAuthenticator()) return true; - var aclAuthenticator = (IGarnetAclAuthenticator)_authenticator; + var aclAuthenticator = (GarnetACLAuthenticator)_authenticator; // Return the name of the currently authenticated user. Debug.Assert(aclAuthenticator.GetUser() != null); diff --git a/libs/server/Resp/RespServerSession.cs b/libs/server/Resp/RespServerSession.cs index f8106f24f2..0cc8df973f 100644 --- a/libs/server/Resp/RespServerSession.cs +++ b/libs/server/Resp/RespServerSession.cs @@ -280,7 +280,7 @@ public override void Dispose() { // Set authenticated user or fall back to default user, if separate users are not supported // NOTE: Currently only GarnetACLAuthenticator supports multiple users - if (_authenticator is IGarnetAclAuthenticator aclAuthenticator) + if (_authenticator is GarnetACLAuthenticator aclAuthenticator) { this._user = aclAuthenticator.GetUser(); } From a6b8f36bc73de67725cc3995cb1c6fd86d605ef6 Mon Sep 17 00:00:00 2001 From: "Tejas Kulkarni (from Dev Box)" Date: Wed, 18 Sep 2024 21:22:47 +0530 Subject: [PATCH 9/9] Made GarnetAclAuthenticator public --- libs/server/Auth/GarnetACLAuthenticator.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/server/Auth/GarnetACLAuthenticator.cs b/libs/server/Auth/GarnetACLAuthenticator.cs index 32636d6184..05fa6ee01c 100644 --- a/libs/server/Auth/GarnetACLAuthenticator.cs +++ b/libs/server/Auth/GarnetACLAuthenticator.cs @@ -8,7 +8,7 @@ namespace Garnet.server.Auth { - abstract class GarnetACLAuthenticator : IGarnetAuthenticator + public abstract class GarnetACLAuthenticator : IGarnetAuthenticator { /// /// The Access Control List to authenticate users against