feat(security): treat negotiation succeed if server is old version (#145

)
XiaoMi · Dec 29, 2020 · 55f7893 · 55f7893
1 parent d427496
commit 55f7893
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java b/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java
@@ -71,6 +71,13 @@ private class RecvHandler implements Runnable {
     public void run() {
       try {
         if (op.rpc_error.errno != error_code.error_types.ERR_OK) {
+          // ERR_HANDLER_NOT_FOUND means server is old version, which doesn't support authentication
+          // In this case we consider this session will expose no privacy at all, so we can just
+          // go on without negotiation.
+          if (op.rpc_error.errno == error_code.error_types.ERR_HANDLER_NOT_FOUND) {
+            negotiationSucceed();
+            return;
+          }
           throw new ReplicationException(op.rpc_error.errno);
         }
         handleResponse();
@@ -86,6 +93,12 @@ private void handleResponse() throws Exception {
         throw new Exception("RecvHandler received a null response, abandon it");
       }
 
+      // make the negotiation succeed if server doesn't enable auth
+      if (resp.status == negotiation_status.SASL_AUTH_DISABLE) {
+        negotiationSucceed();
+        return;
+      }
+
       switch (status) {
         case SASL_LIST_MECHANISMS:
           onRecvMechanisms(resp);