MCPcopy Create free account
hub / github.com/Snapchat/KeyDB / clientAcceptHandler

Function clientAcceptHandler

src/networking.cpp:1176–1243  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

1174}
1175
1176void clientAcceptHandler(connection *conn) {
1177 client *c = (client*)connGetPrivateData(conn);
1178
1179 if (conn->flags & CONN_FLAG_AUDIT_LOGGING_REQUIRED) {
1180 c->flags |= CLIENT_AUDIT_LOGGING;
1181 c->fprint = conn->fprint;
1182 }
1183
1184 if (connGetState(conn) != CONN_STATE_CONNECTED) {
1185 serverLog(LL_WARNING,
1186 "Error accepting a client connection: %s",
1187 connGetLastError(conn));
1188 freeClientAsync(c);
1189 return;
1190 }
1191
1192 // Set thread affinity
1193 if (cserver.fThreadAffinity)
1194 connSetThreadAffinity(conn, c->iel);
1195
1196 /* If the server is running in protected mode (the default) and there
1197 * is no password set, nor a specific interface is bound, we don't accept
1198 * requests from non loopback interfaces. Instead we try to explain the
1199 * user what to do to fix it if needed. */
1200 if (g_pserver->protected_mode &&
1201 g_pserver->bindaddr_count == 0 &&
1202 DefaultUser->flags & USER_FLAG_NOPASS &&
1203 !(c->flags & CLIENT_UNIX_SOCKET))
1204 {
1205 char cip[NET_IP_STR_LEN+1] = { 0 };
1206 connPeerToString(conn, cip, sizeof(cip)-1, NULL);
1207
1208 if (strcmp(cip,"127.0.0.1") && strcmp(cip,"::1")) {
1209 const char *err =
1210 "-DENIED KeyDB is running in protected mode because protected "
1211 "mode is enabled, no bind address was specified, no "
1212 "authentication password is requested to clients. In this mode "
1213 "connections are only accepted from the loopback interface. "
1214 "If you want to connect from external computers to KeyDB you "
1215 "may adopt one of the following solutions: "
1216 "1) Just disable protected mode sending the command "
1217 "'CONFIG SET protected-mode no' from the loopback interface "
1218 "by connecting to KeyDB from the same host the server is "
1219 "running, however MAKE SURE KeyDB is not publicly accessible "
1220 "from internet if you do so. Use CONFIG REWRITE to make this "
1221 "change permanent. "
1222 "2) Alternatively you can just disable the protected mode by "
1223 "editing the KeyDB configuration file, and setting the protected "
1224 "mode option to 'no', and then restarting the server "
1225 "3) If you started the server manually just for testing, restart "
1226 "it with the '--protected-mode no' option. "
1227 "4) Setup a bind address or an authentication password. "
1228 "NOTE: You only need to do one of the above things in order for "
1229 "the server to start accepting connections from the outside.\r\n";
1230 if (connWrite(c->conn,err,strlen(err)) == -1) {
1231 /* Nothing to do, Just to avoid the warning... */
1232 }
1233 g_pserver->stat_rejected_conn++;

Callers

nothing calls this directly

Calls 9

connGetPrivateDataFunction · 0.85
connGetStateFunction · 0.85
serverLogFunction · 0.85
connGetLastErrorFunction · 0.85
freeClientAsyncFunction · 0.85
connSetThreadAffinityFunction · 0.85
connPeerToStringFunction · 0.85
connWriteFunction · 0.85
moduleFireServerEventFunction · 0.85

Tested by

no test coverage detected