Add protected mode.

Author: prvyk

Dockerfile

@@ -52,4 +52,4 @@ USER $APP_UID
 # For inter-container communication.
 EXPOSE 6379
 
-ENTRYPOINT ["/app/GarnetServer"]
+ENTRYPOINT ["/app/GarnetServer", "--protected-mode no"]

Dockerfile.alpine

@@ -50,4 +50,4 @@ USER $APP_UID
 # For inter-container communication.
 EXPOSE 6379
 
-ENTRYPOINT ["/app/GarnetServer"]
+ENTRYPOINT ["/app/GarnetServer", "--protected-mode no"]

Dockerfile.cbl-mariner

@@ -50,4 +50,4 @@ USER $APP_UID
 # For inter-container communication.
 EXPOSE 6379
 
-ENTRYPOINT ["/app/GarnetServer"]
+ENTRYPOINT ["/app/GarnetServer", "--protected-mode no"]

Dockerfile.chiseled

@@ -46,4 +46,4 @@ VOLUME /data
 # For inter-container communication.
 EXPOSE 6379
 
-ENTRYPOINT ["/app/GarnetServer"]
+ENTRYPOINT ["/app/GarnetServer", "--protected-mode no"]

Dockerfile.nanoserver

@@ -22,4 +22,4 @@ COPY --from=build /app .
 # For inter-container communication.
 EXPOSE 6379
 
-ENTRYPOINT ["/app/GarnetServer.exe"]
+ENTRYPOINT ["/app/GarnetServer.exe", "--protected-mode no"]

Dockerfile.ubuntu

@@ -54,4 +54,4 @@ USER $APP_UID
 # For inter-container communication.
 EXPOSE 6379
 
-ENTRYPOINT ["/app/GarnetServer"]
+ENTRYPOINT ["/app/GarnetServer", "--protected-mode no"]

libs/common/Format.cs

@@ -46,16 +46,18 @@ static EndPoint[] defaultBindLoopBack(int port)
         /// <param name="port">Endpoint Port</param>
         /// <param name="endpoints">List of endpoints generated from the input IPs</param>
         /// <param name="errorHostnameOrAddress">Output error if any</param>
+        /// <param name="protectedMode">Is protected mode enabled?</param>
         /// <param name="logger">Logger</param>
         /// <returns>True if parse and address validation was successful, otherwise false</returns>
-        public static bool TryParseAddressList(string addressList, int port, out EndPoint[] endpoints, out string errorHostnameOrAddress, ILogger logger = null)
+        public static bool TryParseAddressList(string addressList, int port, out EndPoint[] endpoints, out string errorHostnameOrAddress,
+                                               bool protectedMode = false, ILogger logger = null)
         {
             endpoints = null;
             errorHostnameOrAddress = null;
             // Check if input null or empty
             if (string.IsNullOrEmpty(addressList) || string.IsNullOrWhiteSpace(addressList))
             {
-                endpoints = defaultBindAny(port);
+                endpoints = protectedMode ? defaultBindLoopBack(port) : defaultBindAny(port);
                 return true;
             }
 

libs/host/Configuration/CommandLineTypes.cs

@@ -0,0 +1,16 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+namespace Garnet
+{
+    /// <summary>
+    /// Enum to specify boolean variable over command line.
+    /// </summary>
+    public enum CommandLineBooleanOption
+    {
+        False = 0,
+        No = 0,
+        True = 1,
+        Yes = 1
+    }
+}

libs/host/Configuration/Options.cs

@@ -533,6 +533,10 @@ internal sealed class Options
         [Option("enable-debug-command", Required = false, HelpText = "Enable DEBUG command for 'no', 'local' or 'all' connections")]
         public ConnectionProtectionOption EnableDebugCommand { get; set; }
 
+        [OptionValidation]
+        [Option("protected-mode", Required = false, HelpText = "Enable protected mode.")]
+        public CommandLineBooleanOption ProtectedMode { get; set; }
+
         [DirectoryPathsValidation(true, false)]
         [Option("extension-bin-paths", Separator = ',', Required = false, HelpText = "List of directories on server from which custom command binaries can be loaded by admin users")]
         public IEnumerable<string> ExtensionBinPaths { get; set; }
@@ -682,7 +686,8 @@ public GarnetServerOptions GetServerOptions(ILogger logger = null)
             var checkpointDir = CheckpointDir;
             if (!useAzureStorage) checkpointDir = new DirectoryInfo(string.IsNullOrEmpty(checkpointDir) ? (string.IsNullOrEmpty(logDir) ? "." : logDir) : checkpointDir).FullName;
 
-            if (!Format.TryParseAddressList(Address, Port, out var endpoints, out _) || endpoints.Length == 0)
+            if (!Format.TryParseAddressList(Address, Port, out var endpoints, out _, ProtectedMode == CommandLineBooleanOption.True)
+              || endpoints.Length == 0)
                 throw new GarnetException($"Invalid endpoint format {Address} {Port}.");
 
             EndPoint[] clusterAnnounceEndpoint = null;

libs/host/Configuration/Redis/RedisOptions.cs

@@ -27,6 +27,9 @@ internal class RedisOptions
         [RedisOption("bind", nameof(Options.Address), BindWarning)]
         public Option<string> Bind { get; set; }
 
+        [RedisOption("protected-mode", nameof(Options.ProtectedMode))]
+        public Option<CommandLineBooleanOption> ProtectedMode { get; set; }
+
         [RedisOption("enable-debug-command", nameof(Options.EnableDebugCommand))]
         public Option<RedisConnectionProtectionOption> EnableDebugCommand { get; set; }
 

libs/host/Configuration/TypeConverters.cs

@@ -21,7 +21,8 @@ public override bool CanConvertFrom(ITypeDescriptorContext context, Type sourceT
 
         public override bool CanConvertTo(ITypeDescriptorContext context, Type destinationType)
         {
-            return destinationType == typeof(string) || destinationType == typeof(bool) || destinationType == typeof(bool?);
+            return destinationType == typeof(bool) || destinationType == typeof(bool?) ||
+                   destinationType == typeof(string) || destinationType == typeof(CommandLineBooleanOption);
         }
 
         public override object ConvertFrom(ITypeDescriptorContext context, CultureInfo culture, object value)
@@ -57,6 +58,11 @@ public override object ConvertTo(ITypeDescriptorContext context, CultureInfo cul
                 return rbValue.ToString().ToLowerInvariant();
             }
 
+            if (destinationType == typeof(CommandLineBooleanOption))
+            {
+                return rbValue == RedisBoolean.Yes ? CommandLineBooleanOption.Yes : CommandLineBooleanOption.No;
+            }
+
             throw new NotImplementedException();
         }
     }

libs/host/defaults.conf

@@ -359,6 +359,9 @@
 	/* Enable DEBUG command for clients - no/local/yes */
 	"EnableDebugCommand": "no",
 
+	/* Protected mode */
+	"ProtectedMode": "yes",
+
 	/* List of directories on server from which custom command binaries can be loaded by admin users */
 	"ExtensionBinPaths": null,
 

test/Garnet.test/GarnetServerConfigTests.cs

@@ -167,6 +167,7 @@ public void ImportExportRedisConfigLocal()
             ClassicAssert.IsTrue(parseSuccessful);
             ClassicAssert.AreEqual(invalidOptions.Count, 0);
             ClassicAssert.AreEqual("127.0.0.1 -::1", options.Address);
+            ClassicAssert.AreEqual(CommandLineBooleanOption.No, options.ProtectedMode);
             ClassicAssert.AreEqual(ConnectionProtectionOption.Local, options.EnableDebugCommand);
             ClassicAssert.AreEqual(6379, options.Port);
             ClassicAssert.AreEqual("20gb", options.MemorySize);

test/Garnet.test/redis.conf

@@ -108,7 +108,7 @@ bind 127.0.0.1 -::1
 # By default protected mode is enabled. You should disable it only if
 # you are sure you want clients from other hosts to connect to Redis
 # even if no authentication is configured.
-# protected-mode yes
+protected-mode no
 
 # Redis uses default hardened security configuration directives to reduce the
 # attack surface on innocent users. Therefore, several sensitive configuration