From: Max Khon Date: Wed, 14 Jun 2023 19:20:14 +0000 (+0100) Subject: redis: Add "use_cluster_map = no": when redis server is configured for TLS X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=322b7770183256f431b153bbd793c1ca22a777b2;p=thirdparty%2Ffreeradius-server.git redis: Add "use_cluster_map = no": when redis server is configured for TLS and freeradius TLS is implemented using stunnel, freeradius connects to redis (stunnel) using plaintext, then tries to open plaintext connection to cluster nodes which only accept TLS --- diff --git a/src/lib/redis/base.h b/src/lib/redis/base.h index 65214cc6985..e8de377e4be 100644 --- a/src/lib/redis/base.h +++ b/src/lib/redis/base.h @@ -106,6 +106,7 @@ typedef struct { uint16_t port; //!< of Redis daemon. uint32_t database; //!< number on Redis server. bool use_tls; //!< use TLS. + bool use_cluster_map;//!< use cluster map. char const *username; //!< for acls. char const *password; //!< to authenticate to Redis. @@ -129,6 +130,7 @@ typedef struct { { FR_CONF_OFFSET("port", FR_TYPE_UINT16, fr_redis_conf_t, port), .dflt = "6379" }, \ { FR_CONF_OFFSET("database", FR_TYPE_UINT32, fr_redis_conf_t, database), .dflt = "0" }, \ { FR_CONF_OFFSET("use_tls", FR_TYPE_BOOL, fr_redis_conf_t, use_tls), .dflt = "no" }, \ + { FR_CONF_OFFSET("use_cluster_map", FR_TYPE_BOOL, fr_redis_conf_t, use_cluster_map), .dflt = "yes" }, \ { FR_CONF_OFFSET("username", FR_TYPE_STRING, fr_redis_conf_t, username) }, \ { FR_CONF_OFFSET("password", FR_TYPE_STRING | FR_TYPE_SECRET, fr_redis_conf_t, password) }, \ { FR_CONF_OFFSET("max_nodes", FR_TYPE_UINT8, fr_redis_conf_t, max_nodes), .dflt = "20" }, \ diff --git a/src/lib/redis/cluster.c b/src/lib/redis/cluster.c index dd989aaf1fb..33d19d82047 100644 --- a/src/lib/redis/cluster.c +++ b/src/lib/redis/cluster.c @@ -2486,6 +2486,11 @@ fr_redis_cluster_t *fr_redis_cluster_alloc(TALLOC_CTX *ctx, break; } + if (!cluster->conf->use_cluster_map) { + fr_pool_connection_release(node->pool, NULL, conn); + continue; + } + switch (cluster_map_get(&map, conn)) { /* * We got a valid map! See if we can apply it...