From 994aa65ded717c08317a27b0e4854491bcb3152d Mon Sep 17 00:00:00 2001 From: levy Date: Wed, 19 Aug 2020 11:27:41 +0800 Subject: [PATCH 01/13] feat(security): receive mechanism from server_negotiation --- include/dsn/tool-api/network.h | 4 +- src/runtime/security/client_negotiation.cpp | 67 ++++++++++++++++++++- src/runtime/security/client_negotiation.h | 4 ++ src/runtime/security/negotiation.cpp | 2 + 4 files changed, 74 insertions(+), 3 deletions(-) diff --git a/include/dsn/tool-api/network.h b/include/dsn/tool-api/network.h index ca90a2390c..0772bfd262 100644 --- a/include/dsn/tool-api/network.h +++ b/include/dsn/tool-api/network.h @@ -257,6 +257,8 @@ class rpc_session : public ref_counter bool unlink_message_for_send(); virtual void send(uint64_t signature) = 0; void on_send_completed(uint64_t signature = 0); + void on_failure(bool is_write = false); + void on_success(); protected: /// @@ -301,8 +303,6 @@ class rpc_session : public ref_counter void clear_send_queue(bool resend_msgs); bool on_disconnected(bool is_write); - void on_failure(bool is_write = false); - void on_success(); protected: // constant info diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index 5cd31b2231..43c1d097f1 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -18,12 +18,14 @@ #include "client_negotiation.h" #include "negotiation_utils.h" +#include #include #include #include namespace dsn { namespace security { +extern bool FLAGS_mandatory_auth; client_negotiation::client_negotiation(rpc_session *session) : negotiation(session) { @@ -38,7 +40,24 @@ void client_negotiation::start() void client_negotiation::handle_response(error_code err, const negotiation_response &&response) { - // TBD(zlw) + if (err != ERR_OK) { + fail_negotiation(); + return; + } + + // if server doesn't enable auth and the auth is not mandantory, make the negotiation success + if (negotiation_status::type::SASL_AUTH_DISABLE == response.status && !FLAGS_mandatory_auth) { + ddebug_f("{}: treat negotiation succeed as server doesn't enable it, user_name in later " + "messages aren't trustable", + _name); + succ_negotiation(); + return; + } + + if (_status == negotiation_status::type::SASL_LIST_MECHANISMS) { + recv_mechanisms(response); + return; + } } void client_negotiation::list_mechanisms() @@ -48,6 +67,41 @@ void client_negotiation::list_mechanisms() send(std::move(request)); } +void client_negotiation::recv_mechanisms(const negotiation_response &resp) +{ + if (resp.status != negotiation_status::type::SASL_LIST_MECHANISMS_RESP) { + dwarn_f("{}: got message({}) while expect({})", + _name, + enum_to_string(resp.status), + enum_to_string(negotiation_status::type::SASL_LIST_MECHANISMS_RESP)); + fail_negotiation(); + return; + } + + std::string match_mechanism = ""; + std::vector server_support_mechanisms; + std::string resp_string = resp.msg; + utils::split_args(resp_string.c_str(), server_support_mechanisms, ','); + + for (const std::string &server_support_mechanism : server_support_mechanisms) { + if (supported_mechanisms.find(server_support_mechanism) != supported_mechanisms.end()) { + ddebug_f("{}: found {} mechanism in server, use it", _name, server_support_mechanism); + match_mechanism = server_support_mechanism; + break; + } + } + + if (match_mechanism.empty()) { + dwarn_f("server only support mechanisms of ({}), can't find expected ({})", + resp_string, + boost::join(supported_mechanisms, ",")); + fail_negotiation(); + return; + } + + // TODO(zlw): select mechanism +} + void client_negotiation::send(std::unique_ptr request) { negotiation_rpc rpc(std::move(request), RPC_NEGOTIATION); @@ -56,5 +110,16 @@ void client_negotiation::send(std::unique_ptr request) }); } +void client_negotiation::fail_negotiation() +{ + _status = negotiation_status::type::SASL_AUTH_FAIL; + _session->on_failure(true); +} + +void client_negotiation::succ_negotiation() +{ + _status = negotiation_status::type::SASL_SUCC; + _session->on_success(); +} } // namespace security } // namespace dsn diff --git a/src/runtime/security/client_negotiation.h b/src/runtime/security/client_negotiation.h index 2db368f522..9cf1cfe4da 100644 --- a/src/runtime/security/client_negotiation.h +++ b/src/runtime/security/client_negotiation.h @@ -21,6 +21,7 @@ namespace dsn { namespace security { +extern const std::set supported_mechanisms; class client_negotiation : public negotiation { @@ -32,7 +33,10 @@ class client_negotiation : public negotiation private: void handle_response(error_code err, const negotiation_response &&response); void list_mechanisms(); + void recv_mechanisms(const negotiation_response &resp); void send(std::unique_ptr request); + void fail_negotiation(); + void succ_negotiation(); }; } // namespace security diff --git a/src/runtime/security/negotiation.cpp b/src/runtime/security/negotiation.cpp index 5315ce13a8..d9f59b1074 100644 --- a/src/runtime/security/negotiation.cpp +++ b/src/runtime/security/negotiation.cpp @@ -27,7 +27,9 @@ namespace security { /// TODO(zlw):we can't get string list from cflags now, /// so we should get supported mechanisms from config in the later const std::set supported_mechanisms{"GSSAPI"}; + DSN_DEFINE_bool("security", enable_auth, false, "whether open auth or not"); +DSN_DEFINE_bool("security", mandatory_auth, false, "wheter to do authertication mandatorily"); negotiation::~negotiation() {} From 7af436efbf8cc9a0bcdd98220614a4bd6de4d504 Mon Sep 17 00:00:00 2001 From: levy Date: Wed, 19 Aug 2020 11:39:34 +0800 Subject: [PATCH 02/13] fix --- src/runtime/security/client_negotiation.cpp | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index 43c1d097f1..890bc72255 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -38,6 +38,13 @@ void client_negotiation::start() list_mechanisms(); } +void client_negotiation::list_mechanisms() +{ + auto request = dsn::make_unique(); + _status = request->status = negotiation_status::type::SASL_LIST_MECHANISMS; + send(std::move(request)); +} + void client_negotiation::handle_response(error_code err, const negotiation_response &&response) { if (err != ERR_OK) { @@ -45,11 +52,9 @@ void client_negotiation::handle_response(error_code err, const negotiation_respo return; } - // if server doesn't enable auth and the auth is not mandantory, make the negotiation success + // make the negotiation succeed if server doesn't enable auth and the auth is not mandantory if (negotiation_status::type::SASL_AUTH_DISABLE == response.status && !FLAGS_mandatory_auth) { - ddebug_f("{}: treat negotiation succeed as server doesn't enable it, user_name in later " - "messages aren't trustable", - _name); + ddebug_f("{}: treat negotiation succeed as server doesn't enable it", _name); succ_negotiation(); return; } @@ -60,13 +65,6 @@ void client_negotiation::handle_response(error_code err, const negotiation_respo } } -void client_negotiation::list_mechanisms() -{ - auto request = dsn::make_unique(); - _status = request->status = negotiation_status::type::SASL_LIST_MECHANISMS; - send(std::move(request)); -} - void client_negotiation::recv_mechanisms(const negotiation_response &resp) { if (resp.status != negotiation_status::type::SASL_LIST_MECHANISMS_RESP) { From 96f0296c2cdfb95de208c9238041262ce4a18a0f Mon Sep 17 00:00:00 2001 From: levy Date: Wed, 19 Aug 2020 11:48:19 +0800 Subject: [PATCH 03/13] fix --- src/runtime/security/client_negotiation.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index 890bc72255..ef5f44bf53 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -68,7 +68,7 @@ void client_negotiation::handle_response(error_code err, const negotiation_respo void client_negotiation::recv_mechanisms(const negotiation_response &resp) { if (resp.status != negotiation_status::type::SASL_LIST_MECHANISMS_RESP) { - dwarn_f("{}: got message({}) while expect({})", + dwarn_f("{}: get message({}) while expect({})", _name, enum_to_string(resp.status), enum_to_string(negotiation_status::type::SASL_LIST_MECHANISMS_RESP)); @@ -83,7 +83,7 @@ void client_negotiation::recv_mechanisms(const negotiation_response &resp) for (const std::string &server_support_mechanism : server_support_mechanisms) { if (supported_mechanisms.find(server_support_mechanism) != supported_mechanisms.end()) { - ddebug_f("{}: found {} mechanism in server, use it", _name, server_support_mechanism); + ddebug_f("{}: find {} mechanism in server, use it", _name, server_support_mechanism); match_mechanism = server_support_mechanism; break; } From 9c955de8158624c997eedbcd880b9f9e2bcec65f Mon Sep 17 00:00:00 2001 From: levy Date: Wed, 19 Aug 2020 14:42:23 +0800 Subject: [PATCH 04/13] refactor --- src/runtime/security/client_negotiation.cpp | 27 ++++++++++++++------- src/runtime/security/client_negotiation.h | 1 + src/runtime/security/negotiation.h | 1 + 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index ef5f44bf53..c2f8194980 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -68,10 +68,10 @@ void client_negotiation::handle_response(error_code err, const negotiation_respo void client_negotiation::recv_mechanisms(const negotiation_response &resp) { if (resp.status != negotiation_status::type::SASL_LIST_MECHANISMS_RESP) { - dwarn_f("{}: get message({}) while expect({})", - _name, - enum_to_string(resp.status), - enum_to_string(negotiation_status::type::SASL_LIST_MECHANISMS_RESP)); + ddebug_f("{}: get message({}) while expect({})", + _name, + enum_to_string(resp.status), + enum_to_string(negotiation_status::type::SASL_LIST_MECHANISMS_RESP)); fail_negotiation(); return; } @@ -83,21 +83,30 @@ void client_negotiation::recv_mechanisms(const negotiation_response &resp) for (const std::string &server_support_mechanism : server_support_mechanisms) { if (supported_mechanisms.find(server_support_mechanism) != supported_mechanisms.end()) { - ddebug_f("{}: find {} mechanism in server, use it", _name, server_support_mechanism); match_mechanism = server_support_mechanism; break; } } if (match_mechanism.empty()) { - dwarn_f("server only support mechanisms of ({}), can't find expected ({})", - resp_string, - boost::join(supported_mechanisms, ",")); + ddebug_f("server only support mechanisms of ({}), can't find expected ({})", + resp_string, + boost::join(supported_mechanisms, ",")); fail_negotiation(); return; } - // TODO(zlw): select mechanism + select_mechanism(match_mechanism); +} + +void client_negotiation::select_mechanism(const std::string &mechanism) +{ + _selected_mechanism = mechanism; + + auto req = dsn::make_unique(); + _status = req->status = negotiation_status::type::SASL_SELECT_MECHANISMS; + req->msg = mechanism; + send(std::move(req)); } void client_negotiation::send(std::unique_ptr request) diff --git a/src/runtime/security/client_negotiation.h b/src/runtime/security/client_negotiation.h index 9cf1cfe4da..7624a2eeb8 100644 --- a/src/runtime/security/client_negotiation.h +++ b/src/runtime/security/client_negotiation.h @@ -34,6 +34,7 @@ class client_negotiation : public negotiation void handle_response(error_code err, const negotiation_response &&response); void list_mechanisms(); void recv_mechanisms(const negotiation_response &resp); + void select_mechanism(const std::string &mechanism); void send(std::unique_ptr request); void fail_negotiation(); void succ_negotiation(); diff --git a/src/runtime/security/negotiation.h b/src/runtime/security/negotiation.h index 25492c80e0..9f45f562e3 100644 --- a/src/runtime/security/negotiation.h +++ b/src/runtime/security/negotiation.h @@ -45,6 +45,7 @@ class negotiation rpc_session *_session; std::string _name; negotiation_status::type _status; + std::string _selected_mechanism; }; std::unique_ptr create_negotiation(bool is_client, rpc_session *session); From 2d8f23843c1f45ed9e0e2949be58f65b9f3325ee Mon Sep 17 00:00:00 2001 From: levy Date: Wed, 19 Aug 2020 14:45:11 +0800 Subject: [PATCH 05/13] refactor --- src/runtime/security/client_negotiation.cpp | 1 + src/runtime/security/client_negotiation.h | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index c2f8194980..ce887d7e6c 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -26,6 +26,7 @@ namespace dsn { namespace security { extern bool FLAGS_mandatory_auth; +extern const std::set supported_mechanisms; client_negotiation::client_negotiation(rpc_session *session) : negotiation(session) { diff --git a/src/runtime/security/client_negotiation.h b/src/runtime/security/client_negotiation.h index 7624a2eeb8..8366931e4b 100644 --- a/src/runtime/security/client_negotiation.h +++ b/src/runtime/security/client_negotiation.h @@ -21,7 +21,6 @@ namespace dsn { namespace security { -extern const std::set supported_mechanisms; class client_negotiation : public negotiation { From d1ced1504efe333badc69e9491facadcb9e647cd Mon Sep 17 00:00:00 2001 From: levy Date: Wed, 19 Aug 2020 15:07:06 +0800 Subject: [PATCH 06/13] fix --- src/runtime/security/client_negotiation.cpp | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index ce887d7e6c..bad7a9f801 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -60,9 +60,18 @@ void client_negotiation::handle_response(error_code err, const negotiation_respo return; } - if (_status == negotiation_status::type::SASL_LIST_MECHANISMS) { + switch (_status) { + case negotiation_status::type::SASL_LIST_MECHANISMS: recv_mechanisms(response); - return; + break; + case negotiation_status::type::SASL_SELECT_MECHANISMS: + // TBD(zlw) + break; + case negotiation_status::type::SASL_INITIATE: + // TBD(zlw) + break; + default: + fail_negotiation(); } } From 9554cc9c77087cac1fbdcf70a26501e348710c47 Mon Sep 17 00:00:00 2001 From: levy Date: Wed, 19 Aug 2020 15:14:31 +0800 Subject: [PATCH 07/13] refactor --- src/runtime/security/client_negotiation.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index bad7a9f801..99a36bc888 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -68,6 +68,7 @@ void client_negotiation::handle_response(error_code err, const negotiation_respo // TBD(zlw) break; case negotiation_status::type::SASL_INITIATE: + case negotiation_status::type::SASL_CHALLENGE_RESP: // TBD(zlw) break; default: From 91684b9cc639690f4fc900f06ee57614a24f39ab Mon Sep 17 00:00:00 2001 From: levy Date: Wed, 19 Aug 2020 15:32:15 +0800 Subject: [PATCH 08/13] fix --- src/runtime/security/security.thrift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/security/security.thrift b/src/runtime/security/security.thrift index c30b47c418..ad45769cda 100644 --- a/src/runtime/security/security.thrift +++ b/src/runtime/security/security.thrift @@ -20,7 +20,7 @@ namespace cpp dsn.security // | <-- SASL_CHALLENGE --- | // | --- SASL_CHALLENGE_RESP --> | // | | (authentication will succeed -// | | if all chanllenges passed) +// | | if all challenges passed) // | <-- SASL_SUCC --- | // (client won't response | | // if servers says ok) | | From b3b07b340461c6755655d590f53da7158d158c57 Mon Sep 17 00:00:00 2001 From: levy Date: Wed, 19 Aug 2020 15:40:29 +0800 Subject: [PATCH 09/13] refactor --- src/runtime/security/negotiation_utils.h | 4 +-- src/runtime/security/security.thrift | 44 ++++++++++++------------ src/runtime/security/security_types.cpp | 4 +-- src/runtime/security/security_types.h | 2 +- 4 files changed, 27 insertions(+), 27 deletions(-) diff --git a/src/runtime/security/negotiation_utils.h b/src/runtime/security/negotiation_utils.h index d695d085f5..27b8e59bf3 100644 --- a/src/runtime/security/negotiation_utils.h +++ b/src/runtime/security/negotiation_utils.h @@ -30,8 +30,8 @@ inline const char *enum_to_string(negotiation_status::type s) return "negotiation_list_mechanisms_resp"; case negotiation_status::type::SASL_SELECT_MECHANISMS: return "negotiation_select_mechanisms"; - case negotiation_status::type::SASL_SELECT_MECHANISMS_OK: - return "negotiation_select_mechanisms_ok"; + case negotiation_status::type::SASL_SELECT_MECHANISMS_RESP: + return "negotiation_select_mechanisms_resp"; case negotiation_status::type::SASL_SUCC: return "negotiation_succ"; case negotiation_status::type::SASL_AUTH_FAIL: diff --git a/src/runtime/security/security.thrift b/src/runtime/security/security.thrift index ad45769cda..b5d6f0c601 100644 --- a/src/runtime/security/security.thrift +++ b/src/runtime/security/security.thrift @@ -5,34 +5,34 @@ namespace cpp dsn.security // negotiation process: // // client server -// | --- SASL_LIST_MECHANISMS --> | -// | <-- SASL_LIST_MECHANISMS_RESP --- | -// | -- SASL_SELECT_MECHANISMS --> | -// | <-- SASL_SELECT_MECHANISMS_OK --- | -// | | -// | --- SASL_INITIATE --> | -// | | -// | <-- SASL_CHALLENGE --- | -// | --- SASL_CHALLENGE_RESP --> | -// | | -// | ..... | -// | | -// | <-- SASL_CHALLENGE --- | -// | --- SASL_CHALLENGE_RESP --> | -// | | (authentication will succeed -// | | if all challenges passed) -// | <-- SASL_SUCC --- | -// (client won't response | | -// if servers says ok) | | -// | --- RPC_CALL ---> | -// | <-- RPC_RESP ---- | +// | --- SASL_LIST_MECHANISMS --> | +// | <-- SASL_LIST_MECHANISMS_RESP --- | +// | -- SASL_SELECT_MECHANISMS --> | +// | <-- SASL_SELECT_MECHANISMS_RESP --- | +// | | +// | --- SASL_INITIATE --> | +// | | +// | <-- SASL_CHALLENGE --- | +// | --- SASL_CHALLENGE_RESP --> | +// | | +// | ..... | +// | | +// | <-- SASL_CHALLENGE --- | +// | --- SASL_CHALLENGE_RESP --> | +// | | (authentication will succeed +// | | if all challenges passed) +// | <-- SASL_SUCC --- | +// (client won't response | | +// if servers says ok) | | +// | --- RPC_CALL ---> | +// | <-- RPC_RESP ---- | enum negotiation_status { INVALID SASL_LIST_MECHANISMS SASL_LIST_MECHANISMS_RESP SASL_SELECT_MECHANISMS - SASL_SELECT_MECHANISMS_OK + SASL_SELECT_MECHANISMS_RESP SASL_INITIATE SASL_CHALLENGE SASL_CHALLENGE_RESP diff --git a/src/runtime/security/security_types.cpp b/src/runtime/security/security_types.cpp index af31d13fc8..d5ccd188f0 100644 --- a/src/runtime/security/security_types.cpp +++ b/src/runtime/security/security_types.cpp @@ -18,7 +18,7 @@ int _knegotiation_statusValues[] = {negotiation_status::INVALID, negotiation_status::SASL_LIST_MECHANISMS, negotiation_status::SASL_LIST_MECHANISMS_RESP, negotiation_status::SASL_SELECT_MECHANISMS, - negotiation_status::SASL_SELECT_MECHANISMS_OK, + negotiation_status::SASL_SELECT_MECHANISMS_RESP, negotiation_status::SASL_INITIATE, negotiation_status::SASL_CHALLENGE, negotiation_status::SASL_CHALLENGE_RESP, @@ -29,7 +29,7 @@ const char *_knegotiation_statusNames[] = {"INVALID", "SASL_LIST_MECHANISMS", "SASL_LIST_MECHANISMS_RESP", "SASL_SELECT_MECHANISMS", - "SASL_SELECT_MECHANISMS_OK", + "SASL_SELECT_MECHANISMS_RESP", "SASL_INITIATE", "SASL_CHALLENGE", "SASL_CHALLENGE_RESP", diff --git a/src/runtime/security/security_types.h b/src/runtime/security/security_types.h index cb339df0d7..e9ed7f354c 100644 --- a/src/runtime/security/security_types.h +++ b/src/runtime/security/security_types.h @@ -28,7 +28,7 @@ struct negotiation_status SASL_LIST_MECHANISMS = 1, SASL_LIST_MECHANISMS_RESP = 2, SASL_SELECT_MECHANISMS = 3, - SASL_SELECT_MECHANISMS_OK = 4, + SASL_SELECT_MECHANISMS_RESP = 4, SASL_INITIATE = 5, SASL_CHALLENGE = 6, SASL_CHALLENGE_RESP = 7, From 25b8aad70e5118f44ef2a2d91cf4d6e50fe713df Mon Sep 17 00:00:00 2001 From: levy Date: Wed, 19 Aug 2020 16:20:51 +0800 Subject: [PATCH 10/13] fix --- src/runtime/security/client_negotiation.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index 99a36bc888..fa3e248d3c 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -22,10 +22,11 @@ #include #include #include +#include namespace dsn { namespace security { -extern bool FLAGS_mandatory_auth; +DSN_DECLARE_bool(mandatory_auth); extern const std::set supported_mechanisms; client_negotiation::client_negotiation(rpc_session *session) : negotiation(session) From bb1fed24f3981c396a252a87d5e948c31a539463 Mon Sep 17 00:00:00 2001 From: levy Date: Thu, 20 Aug 2020 18:55:40 +0800 Subject: [PATCH 11/13] ddebug_f -> dwarn_f --- src/runtime/security/client_negotiation.cpp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index fa3e248d3c..586c14a526 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -80,10 +80,10 @@ void client_negotiation::handle_response(error_code err, const negotiation_respo void client_negotiation::recv_mechanisms(const negotiation_response &resp) { if (resp.status != negotiation_status::type::SASL_LIST_MECHANISMS_RESP) { - ddebug_f("{}: get message({}) while expect({})", - _name, - enum_to_string(resp.status), - enum_to_string(negotiation_status::type::SASL_LIST_MECHANISMS_RESP)); + dwarn_f("{}: get message({}) while expect({})", + _name, + enum_to_string(resp.status), + enum_to_string(negotiation_status::type::SASL_LIST_MECHANISMS_RESP)); fail_negotiation(); return; } @@ -101,9 +101,9 @@ void client_negotiation::recv_mechanisms(const negotiation_response &resp) } if (match_mechanism.empty()) { - ddebug_f("server only support mechanisms of ({}), can't find expected ({})", - resp_string, - boost::join(supported_mechanisms, ",")); + dwarn_f("server only support mechanisms of ({}), can't find expected ({})", + resp_string, + boost::join(supported_mechanisms, ",")); fail_negotiation(); return; } From 3707a99e57bfa1c21caf7ab2fc71078009e56fd1 Mon Sep 17 00:00:00 2001 From: levy Date: Fri, 21 Aug 2020 14:44:03 +0800 Subject: [PATCH 12/13] fix --- src/runtime/security/client_negotiation.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index 586c14a526..9326fa8562 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -88,7 +88,7 @@ void client_negotiation::recv_mechanisms(const negotiation_response &resp) return; } - std::string match_mechanism = ""; + std::string match_mechanism; std::vector server_support_mechanisms; std::string resp_string = resp.msg; utils::split_args(resp_string.c_str(), server_support_mechanisms, ','); From 912122a676ff720d0f56b02471f7223339251d16 Mon Sep 17 00:00:00 2001 From: levy Date: Mon, 24 Aug 2020 11:04:40 +0800 Subject: [PATCH 13/13] resolve conflict --- include/dsn/tool-api/network.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/dsn/tool-api/network.h b/include/dsn/tool-api/network.h index d9fc8a90b7..645afc8c76 100644 --- a/include/dsn/tool-api/network.h +++ b/include/dsn/tool-api/network.h @@ -304,8 +304,6 @@ class rpc_session : public ref_counter void clear_send_queue(bool resend_msgs); bool on_disconnected(bool is_write); bool is_auth_success(message_ex *msg); - void on_failure(bool is_write = false); - void on_success(); protected: // constant info