Fix #833: [FR] Ability to set the Redis password.

2025-12-20 23:00:56 -05:00 · 2023-01-23 11:38:57 +01:00 · 2023-01-23 11:38:57 +01:00 · 6bf677e7de
commit 6bf677e7de
parent d666e9bd13
11 changed files with 2920 additions and 2891 deletions
--- a/cachedb/redis.c
+++ b/cachedb/redis.c
@ -57,6 +57,7 @@ struct redis_moddata {
 	const char* server_host; /* server's IP address or host name */
 	int server_port;	 /* server's TCP port */
 	const char* server_path; /* server's unix path, or "", NULL if unused */
 	const char* server_password; /* server's AUTH password, or "", NULL if unused */
 	struct timeval timeout;	 /* timeout for connection setup and commands */
 };
@ -86,6 +87,16 @@ redis_connect(const struct redis_moddata* moddata)
 		log_err("failed to set redis timeout");
 		goto fail;
 	}
 	if(moddata->server_password && moddata->server_password[0]!=0) {
 		redisReply* rep;
 		rep = redisCommand(ctx, "AUTH %s", moddata->server_password);
 		if(!rep || rep->type == REDIS_REPLY_ERROR) {
 			log_err("failed to authenticate with password");
 			freeReplyObject(rep);
 			goto fail;
 		}
 		freeReplyObject(rep);
 	}
 	return ctx;
  fail:
@ -119,6 +130,7 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 	moddata->server_host = env->cfg->redis_server_host;
 	moddata->server_port = env->cfg->redis_server_port;
 	moddata->server_path = env->cfg->redis_server_path;
 	moddata->server_password = env->cfg->redis_server_password;
 	moddata->timeout.tv_sec = env->cfg->redis_timeout / 1000;
 	moddata->timeout.tv_usec = (env->cfg->redis_timeout % 1000) * 1000;
 	for(i = 0; i < moddata->numctxs; i++)
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,6 @@
 23 January 2023: George
 	- Fix #833: [FR] Ability to set the Redis password.
 23 January 2023: Wouter
 	- Fix #835: [FR] Ability to use Redis unix sockets.
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@ -1214,6 +1214,8 @@ remote-control:
 #     redis-server-port: 6379
 #     # if the server uses a unix socket, set its path, or "" when not used.
 #     # redis-server-path: "/var/lib/redis/redis-server.sock"
 #     # if the server uses an AUTH password, specify here, or "" when not used.
 #     # redis-server-password: ""
 #     # timeout (in ms) for communication with the redis server
 #     redis-timeout: 100
 #     # set timeout on redis records based on DNS response TTL
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@ -2604,6 +2604,11 @@ The unix socket path to connect to the redis server. Off by default, and it
 can be set to "" to turn this off. Unix sockets may have better throughput
 than the IP address option.
 .TP
 .B redis-server-password: \fI"<password>"\fR
 The Redis AUTH password to use for the redis server.
 Only relevant if Redis is configured for client password authorisation.
 Off by default, and it can be set to "" to turn this off.
 .TP
 .B redis-timeout: \fI<msec>\fR
 The period until when Unbound waits for a response from the Redis sever.
 If this timeout expires Unbound closes the connection, treats it as
--- a/util/config_file.c
+++ b/util/config_file.c
@ -374,6 +374,7 @@ config_create(void)
 #ifdef USE_REDIS
 	if(!(cfg->redis_server_host = strdup("127.0.0.1"))) goto error_exit;
 	cfg->redis_server_path = NULL;
 	cfg->redis_server_password = NULL;
 	cfg->redis_timeout = 100;
 	cfg->redis_server_port = 6379;
 	cfg->redis_expire_records = 0;
@ -1292,6 +1293,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 	else O_STR(opt, "redis-server-host", redis_server_host)
 	else O_DEC(opt, "redis-server-port", redis_server_port)
 	else O_STR(opt, "redis-server-path", redis_server_path)
 	else O_STR(opt, "redis-server-password", redis_server_password)
 	else O_DEC(opt, "redis-timeout", redis_timeout)
 	else O_YNO(opt, "redis-expire-records", redis_expire_records)
 #endif  /* USE_REDIS */
@ -1669,6 +1671,7 @@ config_delete(struct config_file* cfg)
 #ifdef USE_REDIS
 	free(cfg->redis_server_host);
 	free(cfg->redis_server_path);
 	free(cfg->redis_server_password);
 #endif  /* USE_REDIS */
 #endif  /* USE_CACHEDB */
 #ifdef USE_IPSET
--- a/util/config_file.h
+++ b/util/config_file.h
@ -696,6 +696,8 @@ struct config_file {
 	int redis_server_port;
 	/** redis server's unix path. Or "", NULL if unused */
 	char* redis_server_path;
 	/** redis server's AUTH password. Or "", NULL if unused */
 	char* redis_server_password;
 	/** timeout (in ms) for communication with the redis server */
 	int redis_timeout;
 	/** set timeout on redis records based on DNS response ttl */
--- a/util/configlexer.c
+++ b/util/configlexer.c
--- a/util/configlexer.lex
+++ b/util/configlexer.lex
@ -556,6 +556,7 @@ secret-seed{COLON}		{ YDVAR(1, VAR_CACHEDB_SECRETSEED) }
 redis-server-host{COLON}	{ YDVAR(1, VAR_CACHEDB_REDISHOST) }
 redis-server-port{COLON}	{ YDVAR(1, VAR_CACHEDB_REDISPORT) }
 redis-server-path{COLON}	{ YDVAR(1, VAR_CACHEDB_REDISPATH) }
 redis-server-password{COLON}	{ YDVAR(1, VAR_CACHEDB_REDISPASSWORD) }
 redis-timeout{COLON}		{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) }
 redis-expire-records{COLON}	{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) }
 ipset{COLON}			{ YDVAR(0, VAR_IPSET) }
--- a/util/configparser.c
+++ b/util/configparser.c
--- a/util/configparser.h
+++ b/util/configparser.h
@ -1,4 +1,4 @@
-/* A Bison parser, made by GNU Bison 3.7.6.  */
+/* A Bison parser, made by GNU Bison 3.8.2.  */
 /* Bison interface for Yacc-like parsers in C
@ -335,61 +335,62 @@ extern int yydebug;
    VAR_CACHEDB_REDISTIMEOUT = 536, /* VAR_CACHEDB_REDISTIMEOUT  */
    VAR_CACHEDB_REDISEXPIRERECORDS = 537, /* VAR_CACHEDB_REDISEXPIRERECORDS  */
    VAR_CACHEDB_REDISPATH = 538,   /* VAR_CACHEDB_REDISPATH  */
-    VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 539, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM  */
+    VAR_CACHEDB_REDISPASSWORD = 539, /* VAR_CACHEDB_REDISPASSWORD  */
-    VAR_FOR_UPSTREAM = 540,        /* VAR_FOR_UPSTREAM  */
+    VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 540, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM  */
-    VAR_AUTH_ZONE = 541,           /* VAR_AUTH_ZONE  */
+    VAR_FOR_UPSTREAM = 541,        /* VAR_FOR_UPSTREAM  */
-    VAR_ZONEFILE = 542,            /* VAR_ZONEFILE  */
+    VAR_AUTH_ZONE = 542,           /* VAR_AUTH_ZONE  */
-    VAR_MASTER = 543,              /* VAR_MASTER  */
+    VAR_ZONEFILE = 543,            /* VAR_ZONEFILE  */
-    VAR_URL = 544,                 /* VAR_URL  */
+    VAR_MASTER = 544,              /* VAR_MASTER  */
-    VAR_FOR_DOWNSTREAM = 545,      /* VAR_FOR_DOWNSTREAM  */
+    VAR_URL = 545,                 /* VAR_URL  */
-    VAR_FALLBACK_ENABLED = 546,    /* VAR_FALLBACK_ENABLED  */
+    VAR_FOR_DOWNSTREAM = 546,      /* VAR_FOR_DOWNSTREAM  */
-    VAR_TLS_ADDITIONAL_PORT = 547, /* VAR_TLS_ADDITIONAL_PORT  */
+    VAR_FALLBACK_ENABLED = 547,    /* VAR_FALLBACK_ENABLED  */
-    VAR_LOW_RTT = 548,             /* VAR_LOW_RTT  */
+    VAR_TLS_ADDITIONAL_PORT = 548, /* VAR_TLS_ADDITIONAL_PORT  */
-    VAR_LOW_RTT_PERMIL = 549,      /* VAR_LOW_RTT_PERMIL  */
+    VAR_LOW_RTT = 549,             /* VAR_LOW_RTT  */
-    VAR_FAST_SERVER_PERMIL = 550,  /* VAR_FAST_SERVER_PERMIL  */
+    VAR_LOW_RTT_PERMIL = 550,      /* VAR_LOW_RTT_PERMIL  */
-    VAR_FAST_SERVER_NUM = 551,     /* VAR_FAST_SERVER_NUM  */
+    VAR_FAST_SERVER_PERMIL = 551,  /* VAR_FAST_SERVER_PERMIL  */
-    VAR_ALLOW_NOTIFY = 552,        /* VAR_ALLOW_NOTIFY  */
+    VAR_FAST_SERVER_NUM = 552,     /* VAR_FAST_SERVER_NUM  */
-    VAR_TLS_WIN_CERT = 553,        /* VAR_TLS_WIN_CERT  */
+    VAR_ALLOW_NOTIFY = 553,        /* VAR_ALLOW_NOTIFY  */
-    VAR_TCP_CONNECTION_LIMIT = 554, /* VAR_TCP_CONNECTION_LIMIT  */
+    VAR_TLS_WIN_CERT = 554,        /* VAR_TLS_WIN_CERT  */
-    VAR_FORWARD_NO_CACHE = 555,    /* VAR_FORWARD_NO_CACHE  */
+    VAR_TCP_CONNECTION_LIMIT = 555, /* VAR_TCP_CONNECTION_LIMIT  */
-    VAR_STUB_NO_CACHE = 556,       /* VAR_STUB_NO_CACHE  */
+    VAR_FORWARD_NO_CACHE = 556,    /* VAR_FORWARD_NO_CACHE  */
-    VAR_LOG_SERVFAIL = 557,        /* VAR_LOG_SERVFAIL  */
+    VAR_STUB_NO_CACHE = 557,       /* VAR_STUB_NO_CACHE  */
-    VAR_DENY_ANY = 558,            /* VAR_DENY_ANY  */
+    VAR_LOG_SERVFAIL = 558,        /* VAR_LOG_SERVFAIL  */
-    VAR_UNKNOWN_SERVER_TIME_LIMIT = 559, /* VAR_UNKNOWN_SERVER_TIME_LIMIT  */
+    VAR_DENY_ANY = 559,            /* VAR_DENY_ANY  */
-    VAR_LOG_TAG_QUERYREPLY = 560,  /* VAR_LOG_TAG_QUERYREPLY  */
+    VAR_UNKNOWN_SERVER_TIME_LIMIT = 560, /* VAR_UNKNOWN_SERVER_TIME_LIMIT  */
-    VAR_STREAM_WAIT_SIZE = 561,    /* VAR_STREAM_WAIT_SIZE  */
+    VAR_LOG_TAG_QUERYREPLY = 561,  /* VAR_LOG_TAG_QUERYREPLY  */
-    VAR_TLS_CIPHERS = 562,         /* VAR_TLS_CIPHERS  */
+    VAR_STREAM_WAIT_SIZE = 562,    /* VAR_STREAM_WAIT_SIZE  */
-    VAR_TLS_CIPHERSUITES = 563,    /* VAR_TLS_CIPHERSUITES  */
+    VAR_TLS_CIPHERS = 563,         /* VAR_TLS_CIPHERS  */
-    VAR_TLS_USE_SNI = 564,         /* VAR_TLS_USE_SNI  */
+    VAR_TLS_CIPHERSUITES = 564,    /* VAR_TLS_CIPHERSUITES  */
-    VAR_IPSET = 565,               /* VAR_IPSET  */
+    VAR_TLS_USE_SNI = 565,         /* VAR_TLS_USE_SNI  */
-    VAR_IPSET_NAME_V4 = 566,       /* VAR_IPSET_NAME_V4  */
+    VAR_IPSET = 566,               /* VAR_IPSET  */
-    VAR_IPSET_NAME_V6 = 567,       /* VAR_IPSET_NAME_V6  */
+    VAR_IPSET_NAME_V4 = 567,       /* VAR_IPSET_NAME_V4  */
-    VAR_TLS_SESSION_TICKET_KEYS = 568, /* VAR_TLS_SESSION_TICKET_KEYS  */
+    VAR_IPSET_NAME_V6 = 568,       /* VAR_IPSET_NAME_V6  */
-    VAR_RPZ = 569,                 /* VAR_RPZ  */
+    VAR_TLS_SESSION_TICKET_KEYS = 569, /* VAR_TLS_SESSION_TICKET_KEYS  */
-    VAR_TAGS = 570,                /* VAR_TAGS  */
+    VAR_RPZ = 570,                 /* VAR_RPZ  */
-    VAR_RPZ_ACTION_OVERRIDE = 571, /* VAR_RPZ_ACTION_OVERRIDE  */
+    VAR_TAGS = 571,                /* VAR_TAGS  */
-    VAR_RPZ_CNAME_OVERRIDE = 572,  /* VAR_RPZ_CNAME_OVERRIDE  */
+    VAR_RPZ_ACTION_OVERRIDE = 572, /* VAR_RPZ_ACTION_OVERRIDE  */
-    VAR_RPZ_LOG = 573,             /* VAR_RPZ_LOG  */
+    VAR_RPZ_CNAME_OVERRIDE = 573,  /* VAR_RPZ_CNAME_OVERRIDE  */
-    VAR_RPZ_LOG_NAME = 574,        /* VAR_RPZ_LOG_NAME  */
+    VAR_RPZ_LOG = 574,             /* VAR_RPZ_LOG  */
-    VAR_DYNLIB = 575,              /* VAR_DYNLIB  */
+    VAR_RPZ_LOG_NAME = 575,        /* VAR_RPZ_LOG_NAME  */
-    VAR_DYNLIB_FILE = 576,         /* VAR_DYNLIB_FILE  */
+    VAR_DYNLIB = 576,              /* VAR_DYNLIB  */
-    VAR_EDNS_CLIENT_STRING = 577,  /* VAR_EDNS_CLIENT_STRING  */
+    VAR_DYNLIB_FILE = 577,         /* VAR_DYNLIB_FILE  */
-    VAR_EDNS_CLIENT_STRING_OPCODE = 578, /* VAR_EDNS_CLIENT_STRING_OPCODE  */
+    VAR_EDNS_CLIENT_STRING = 578,  /* VAR_EDNS_CLIENT_STRING  */
-    VAR_NSID = 579,                /* VAR_NSID  */
+    VAR_EDNS_CLIENT_STRING_OPCODE = 579, /* VAR_EDNS_CLIENT_STRING_OPCODE  */
-    VAR_ZONEMD_PERMISSIVE_MODE = 580, /* VAR_ZONEMD_PERMISSIVE_MODE  */
+    VAR_NSID = 580,                /* VAR_NSID  */
-    VAR_ZONEMD_CHECK = 581,        /* VAR_ZONEMD_CHECK  */
+    VAR_ZONEMD_PERMISSIVE_MODE = 581, /* VAR_ZONEMD_PERMISSIVE_MODE  */
-    VAR_ZONEMD_REJECT_ABSENCE = 582, /* VAR_ZONEMD_REJECT_ABSENCE  */
+    VAR_ZONEMD_CHECK = 582,        /* VAR_ZONEMD_CHECK  */
-    VAR_RPZ_SIGNAL_NXDOMAIN_RA = 583, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA  */
+    VAR_ZONEMD_REJECT_ABSENCE = 583, /* VAR_ZONEMD_REJECT_ABSENCE  */
-    VAR_INTERFACE_AUTOMATIC_PORTS = 584, /* VAR_INTERFACE_AUTOMATIC_PORTS  */
+    VAR_RPZ_SIGNAL_NXDOMAIN_RA = 584, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA  */
-    VAR_EDE = 585,                 /* VAR_EDE  */
+    VAR_INTERFACE_AUTOMATIC_PORTS = 585, /* VAR_INTERFACE_AUTOMATIC_PORTS  */
-    VAR_INTERFACE_ACTION = 586,    /* VAR_INTERFACE_ACTION  */
+    VAR_EDE = 586,                 /* VAR_EDE  */
-    VAR_INTERFACE_VIEW = 587,      /* VAR_INTERFACE_VIEW  */
+    VAR_INTERFACE_ACTION = 587,    /* VAR_INTERFACE_ACTION  */
-    VAR_INTERFACE_TAG = 588,       /* VAR_INTERFACE_TAG  */
+    VAR_INTERFACE_VIEW = 588,      /* VAR_INTERFACE_VIEW  */
-    VAR_INTERFACE_TAG_ACTION = 589, /* VAR_INTERFACE_TAG_ACTION  */
+    VAR_INTERFACE_TAG = 589,       /* VAR_INTERFACE_TAG  */
-    VAR_INTERFACE_TAG_DATA = 590,  /* VAR_INTERFACE_TAG_DATA  */
+    VAR_INTERFACE_TAG_ACTION = 590, /* VAR_INTERFACE_TAG_ACTION  */
-    VAR_PROXY_PROTOCOL_PORT = 591, /* VAR_PROXY_PROTOCOL_PORT  */
+    VAR_INTERFACE_TAG_DATA = 591,  /* VAR_INTERFACE_TAG_DATA  */
-    VAR_STATISTICS_INHIBIT_ZERO = 592, /* VAR_STATISTICS_INHIBIT_ZERO  */
+    VAR_PROXY_PROTOCOL_PORT = 592, /* VAR_PROXY_PROTOCOL_PORT  */
-    VAR_HARDEN_UNKNOWN_ADDITIONAL = 593 /* VAR_HARDEN_UNKNOWN_ADDITIONAL  */
+    VAR_STATISTICS_INHIBIT_ZERO = 593, /* VAR_STATISTICS_INHIBIT_ZERO  */
    VAR_HARDEN_UNKNOWN_ADDITIONAL = 594 /* VAR_HARDEN_UNKNOWN_ADDITIONAL  */
  };
  typedef enum yytokentype yytoken_kind_t;
 #endif
@ -679,61 +680,62 @@ extern int yydebug;
 #define VAR_CACHEDB_REDISTIMEOUT 536
 #define VAR_CACHEDB_REDISEXPIRERECORDS 537
 #define VAR_CACHEDB_REDISPATH 538
-#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 539
+#define VAR_CACHEDB_REDISPASSWORD 539
-#define VAR_FOR_UPSTREAM 540
+#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 540
-#define VAR_AUTH_ZONE 541
+#define VAR_FOR_UPSTREAM 541
-#define VAR_ZONEFILE 542
+#define VAR_AUTH_ZONE 542
-#define VAR_MASTER 543
+#define VAR_ZONEFILE 543
-#define VAR_URL 544
+#define VAR_MASTER 544
-#define VAR_FOR_DOWNSTREAM 545
+#define VAR_URL 545
-#define VAR_FALLBACK_ENABLED 546
+#define VAR_FOR_DOWNSTREAM 546
-#define VAR_TLS_ADDITIONAL_PORT 547
+#define VAR_FALLBACK_ENABLED 547
-#define VAR_LOW_RTT 548
+#define VAR_TLS_ADDITIONAL_PORT 548
-#define VAR_LOW_RTT_PERMIL 549
+#define VAR_LOW_RTT 549
-#define VAR_FAST_SERVER_PERMIL 550
+#define VAR_LOW_RTT_PERMIL 550
-#define VAR_FAST_SERVER_NUM 551
+#define VAR_FAST_SERVER_PERMIL 551
-#define VAR_ALLOW_NOTIFY 552
+#define VAR_FAST_SERVER_NUM 552
-#define VAR_TLS_WIN_CERT 553
+#define VAR_ALLOW_NOTIFY 553
-#define VAR_TCP_CONNECTION_LIMIT 554
+#define VAR_TLS_WIN_CERT 554
-#define VAR_FORWARD_NO_CACHE 555
+#define VAR_TCP_CONNECTION_LIMIT 555
-#define VAR_STUB_NO_CACHE 556
+#define VAR_FORWARD_NO_CACHE 556
-#define VAR_LOG_SERVFAIL 557
+#define VAR_STUB_NO_CACHE 557
-#define VAR_DENY_ANY 558
+#define VAR_LOG_SERVFAIL 558
-#define VAR_UNKNOWN_SERVER_TIME_LIMIT 559
+#define VAR_DENY_ANY 559
-#define VAR_LOG_TAG_QUERYREPLY 560
+#define VAR_UNKNOWN_SERVER_TIME_LIMIT 560
-#define VAR_STREAM_WAIT_SIZE 561
+#define VAR_LOG_TAG_QUERYREPLY 561
-#define VAR_TLS_CIPHERS 562
+#define VAR_STREAM_WAIT_SIZE 562
-#define VAR_TLS_CIPHERSUITES 563
+#define VAR_TLS_CIPHERS 563
-#define VAR_TLS_USE_SNI 564
+#define VAR_TLS_CIPHERSUITES 564
-#define VAR_IPSET 565
+#define VAR_TLS_USE_SNI 565
-#define VAR_IPSET_NAME_V4 566
+#define VAR_IPSET 566
-#define VAR_IPSET_NAME_V6 567
+#define VAR_IPSET_NAME_V4 567
-#define VAR_TLS_SESSION_TICKET_KEYS 568
+#define VAR_IPSET_NAME_V6 568
-#define VAR_RPZ 569
+#define VAR_TLS_SESSION_TICKET_KEYS 569
-#define VAR_TAGS 570
+#define VAR_RPZ 570
-#define VAR_RPZ_ACTION_OVERRIDE 571
+#define VAR_TAGS 571
-#define VAR_RPZ_CNAME_OVERRIDE 572
+#define VAR_RPZ_ACTION_OVERRIDE 572
-#define VAR_RPZ_LOG 573
+#define VAR_RPZ_CNAME_OVERRIDE 573
-#define VAR_RPZ_LOG_NAME 574
+#define VAR_RPZ_LOG 574
-#define VAR_DYNLIB 575
+#define VAR_RPZ_LOG_NAME 575
-#define VAR_DYNLIB_FILE 576
+#define VAR_DYNLIB 576
-#define VAR_EDNS_CLIENT_STRING 577
+#define VAR_DYNLIB_FILE 577
-#define VAR_EDNS_CLIENT_STRING_OPCODE 578
+#define VAR_EDNS_CLIENT_STRING 578
-#define VAR_NSID 579
+#define VAR_EDNS_CLIENT_STRING_OPCODE 579
-#define VAR_ZONEMD_PERMISSIVE_MODE 580
+#define VAR_NSID 580
-#define VAR_ZONEMD_CHECK 581
+#define VAR_ZONEMD_PERMISSIVE_MODE 581
-#define VAR_ZONEMD_REJECT_ABSENCE 582
+#define VAR_ZONEMD_CHECK 582
-#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 583
+#define VAR_ZONEMD_REJECT_ABSENCE 583
-#define VAR_INTERFACE_AUTOMATIC_PORTS 584
+#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 584
-#define VAR_EDE 585
+#define VAR_INTERFACE_AUTOMATIC_PORTS 585
-#define VAR_INTERFACE_ACTION 586
+#define VAR_EDE 586
-#define VAR_INTERFACE_VIEW 587
+#define VAR_INTERFACE_ACTION 587
-#define VAR_INTERFACE_TAG 588
+#define VAR_INTERFACE_VIEW 588
-#define VAR_INTERFACE_TAG_ACTION 589
+#define VAR_INTERFACE_TAG 589
-#define VAR_INTERFACE_TAG_DATA 590
+#define VAR_INTERFACE_TAG_ACTION 590
-#define VAR_PROXY_PROTOCOL_PORT 591
+#define VAR_INTERFACE_TAG_DATA 591
-#define VAR_STATISTICS_INHIBIT_ZERO 592
+#define VAR_PROXY_PROTOCOL_PORT 592
-#define VAR_HARDEN_UNKNOWN_ADDITIONAL 593
+#define VAR_STATISTICS_INHIBIT_ZERO 593
 #define VAR_HARDEN_UNKNOWN_ADDITIONAL 594
 /* Value type.  */
 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@ -743,7 +745,7 @@ union YYSTYPE
 	char*	str;
-#line 747 "util/configparser.h"
+#line 749 "util/configparser.h"
 };
 typedef union YYSTYPE YYSTYPE;
@ -754,6 +756,8 @@ typedef union YYSTYPE YYSTYPE;
 extern YYSTYPE yylval;
 int yyparse (void);
 #endif /* !YY_YY_UTIL_CONFIGPARSER_H_INCLUDED  */
--- a/util/configparser.y
+++ b/util/configparser.y
@ -175,7 +175,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
-%token VAR_CACHEDB_REDISEXPIRERECORDS VAR_CACHEDB_REDISPATH
+%token VAR_CACHEDB_REDISEXPIRERECORDS VAR_CACHEDB_REDISPATH VAR_CACHEDB_REDISPASSWORD
 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
@ -3654,7 +3654,7 @@ contents_cachedb: contents_cachedb content_cachedb
 	| ;
 content_cachedb: cachedb_backend_name | cachedb_secret_seed |
 	redis_server_host | redis_server_port | redis_timeout |
-	redis_expire_records | redis_server_path
+	redis_expire_records | redis_server_path | redis_server_password
 	;
 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
 	{
@ -3719,6 +3719,18 @@ redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG
 	#endif
 	}
 	;
 redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG
 	{
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_server_password:%s)\n", $2));
 		free(cfg_parser->cfg->redis_server_password);
 		cfg_parser->cfg->redis_server_password = $2;
 	#else
 		OUTYY(("P(Compiled without cachedb or redis, ignoring)\n"));
 		free($2);
 	#endif
 	}
 	;
 redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG
 	{
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)