Skip to content
This repository has been archived by the owner on Jun 23, 2022. It is now read-only.

feat(security): receive mechanisms which are supported by server_negotiation #595

Merged
merged 15 commits into from
Aug 24, 2020
Merged

feat(security): receive mechanisms which are supported by server_negotiation #595

merged 15 commits into from
Aug 24, 2020

Conversation

levy5307
Copy link
Contributor

@levy5307 levy5307 commented Aug 19, 2020
edited by neverchanje
Loading

In pr #588 , server_negotiation receives SASL_LIST_MECHANISMS request, and reply the mechanism that it supports. This pr is implemented to handle the SASL_LIST_MECHANISMS_RESP to get the mechanism supported by server_negotiation. And then select a mechanism which is supported by both client_negotiation and server_negotiation.

 negotiation process:

                                                  client                             server
                                                     |---    SASL_LIST_MECHANISMS     -->|
                                                     |<--  SASL_LIST_MECHANISMS_RESP  ---|
                                                     |---   SASL_SELECT_MECHANISMS   --->|
                                                     |<-- SASL_SELECT_MECHANISMS_RESP ---|
                                                     |                                   |
                                                     |------     SASL_INITIATE    ------>|
                                                     |                                   |
                                                     |<----      SASL_CHALLENGE     -----|
                                                     |-----       SASL_RESPONSE     ---->|
                                                     |                                   |
                                                     |               .....               |
                                                     |                                   |
                                                     |<----      SASL_CHALLENGE     -----|
                                                     |-----       SASL_RESPONSE     ---->|
                                                     |                                   |        (authentication will succeed
                                                     |                                   |        if all chanllenges passed)
                                                     | <---         SASL_SUCC       -----|
    (client won't response                           |                                   |
     if servers says ok)                             |                                   |
                                                     | ----          RPC_CALL       ---> |
                                                     | <---          RPC_RESP        ----|

New configuration added

[security]
+  mandatory_auth = false

neverchanje
neverchanje previously approved these changes Aug 20, 2020
View reviewed changes
acelyc111
acelyc111 reviewed Aug 20, 2020
View reviewed changes
src/runtime/security/client_negotiation.cpp Outdated Show resolved Hide resolved
src/runtime/security/client_negotiation.cpp Outdated Show resolved Hide resolved
src/runtime/security/client_negotiation.cpp Outdated Show resolved Hide resolved
acelyc111
acelyc111 previously approved these changes Aug 22, 2020
View reviewed changes
@levy5307 levy5307 merged commit 9d2c78c into XiaoMi:master Aug 24, 2020
@levy5307 levy5307 deleted the recv-mechanism branch August 24, 2020 06:09
@levy5307 levy5307 added the type/config-change PR that made modification on configs, which should be noted in release note. label Oct 30, 2020
levy5307 added a commit to levy5307/rdsn that referenced this pull request Dec 21, 2020
@levy5307
feat(security): receive mechanisms which are supported by server_nego…
c03d9ab 
…tiation (XiaoMi#595)
@neverchanje neverchanje mentioned this pull request Mar 1, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@acelyc111 acelyc111 acelyc111 approved these changes

@neverchanje neverchanje neverchanje approved these changes

Assignees
No one assigned
Labels
component/security type/config-change PR that made modification on configs, which should be noted in release note.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@levy5307 @neverchanje @acelyc111