| 1174 | } |
| 1175 | |
| 1176 | void clientAcceptHandler(connection *conn) { |
| 1177 | client *c = (client*)connGetPrivateData(conn); |
| 1178 | |
| 1179 | if (conn->flags & CONN_FLAG_AUDIT_LOGGING_REQUIRED) { |
| 1180 | c->flags |= CLIENT_AUDIT_LOGGING; |
| 1181 | c->fprint = conn->fprint; |
| 1182 | } |
| 1183 | |
| 1184 | if (connGetState(conn) != CONN_STATE_CONNECTED) { |
| 1185 | serverLog(LL_WARNING, |
| 1186 | "Error accepting a client connection: %s", |
| 1187 | connGetLastError(conn)); |
| 1188 | freeClientAsync(c); |
| 1189 | return; |
| 1190 | } |
| 1191 | |
| 1192 | // Set thread affinity |
| 1193 | if (cserver.fThreadAffinity) |
| 1194 | connSetThreadAffinity(conn, c->iel); |
| 1195 | |
| 1196 | /* If the server is running in protected mode (the default) and there |
| 1197 | * is no password set, nor a specific interface is bound, we don't accept |
| 1198 | * requests from non loopback interfaces. Instead we try to explain the |
| 1199 | * user what to do to fix it if needed. */ |
| 1200 | if (g_pserver->protected_mode && |
| 1201 | g_pserver->bindaddr_count == 0 && |
| 1202 | DefaultUser->flags & USER_FLAG_NOPASS && |
| 1203 | !(c->flags & CLIENT_UNIX_SOCKET)) |
| 1204 | { |
| 1205 | char cip[NET_IP_STR_LEN+1] = { 0 }; |
| 1206 | connPeerToString(conn, cip, sizeof(cip)-1, NULL); |
| 1207 | |
| 1208 | if (strcmp(cip,"127.0.0.1") && strcmp(cip,"::1")) { |
| 1209 | const char *err = |
| 1210 | "-DENIED KeyDB is running in protected mode because protected " |
| 1211 | "mode is enabled, no bind address was specified, no " |
| 1212 | "authentication password is requested to clients. In this mode " |
| 1213 | "connections are only accepted from the loopback interface. " |
| 1214 | "If you want to connect from external computers to KeyDB you " |
| 1215 | "may adopt one of the following solutions: " |
| 1216 | "1) Just disable protected mode sending the command " |
| 1217 | "'CONFIG SET protected-mode no' from the loopback interface " |
| 1218 | "by connecting to KeyDB from the same host the server is " |
| 1219 | "running, however MAKE SURE KeyDB is not publicly accessible " |
| 1220 | "from internet if you do so. Use CONFIG REWRITE to make this " |
| 1221 | "change permanent. " |
| 1222 | "2) Alternatively you can just disable the protected mode by " |
| 1223 | "editing the KeyDB configuration file, and setting the protected " |
| 1224 | "mode option to 'no', and then restarting the server " |
| 1225 | "3) If you started the server manually just for testing, restart " |
| 1226 | "it with the '--protected-mode no' option. " |
| 1227 | "4) Setup a bind address or an authentication password. " |
| 1228 | "NOTE: You only need to do one of the above things in order for " |
| 1229 | "the server to start accepting connections from the outside.\r\n"; |
| 1230 | if (connWrite(c->conn,err,strlen(err)) == -1) { |
| 1231 | /* Nothing to do, Just to avoid the warning... */ |
| 1232 | } |
| 1233 | g_pserver->stat_rejected_conn++; |
nothing calls this directly
no test coverage detected