From b4c5a694c1cd99b5940f3a425523eef2c430b03a Mon Sep 17 00:00:00 2001 From: levy Date: Mon, 24 Aug 2020 14:44:19 +0800 Subject: [PATCH 1/3] feat(security): select mechanism --- src/runtime/security/server_negotiation.cpp | 58 ++++++++++++++++++++- src/runtime/security/server_negotiation.h | 3 ++ 2 files changed, 59 insertions(+), 2 deletions(-) diff --git a/src/runtime/security/server_negotiation.cpp b/src/runtime/security/server_negotiation.cpp index f7044d06d9..85f1c238a6 100644 --- a/src/runtime/security/server_negotiation.cpp +++ b/src/runtime/security/server_negotiation.cpp @@ -38,9 +38,19 @@ void server_negotiation::start() void server_negotiation::handle_request(negotiation_rpc rpc) { - if (_status == negotiation_status::type::SASL_LIST_MECHANISMS) { + switch (_status) { + case negotiation_status::type::SASL_LIST_MECHANISMS: on_list_mechanisms(rpc); - return; + break; + case negotiation_status::type::SASL_LIST_MECHANISMS_RESP: + on_select_mechanism(rpc); + break; + case negotiation_status::type::SASL_SELECT_MECHANISMS_RESP: + case negotiation_status::type::SASL_CHALLENGE: + // TBD(zlw) + break; + default: + fail_negotiation(rpc, "wrong status"); } } @@ -61,6 +71,50 @@ void server_negotiation::on_list_mechanisms(negotiation_rpc rpc) return; } +void server_negotiation::on_select_mechanism(negotiation_rpc rpc) +{ + ddebug("test point"); + const negotiation_request &request = rpc.request(); + if (request.status == negotiation_status::type::SASL_SELECT_MECHANISMS) { + _selected_mechanism = request.msg; + if (supported_mechanisms.find(_selected_mechanism) == supported_mechanisms.end()) { + std::string error_msg = + fmt::format("the mechanism of {} is not supported", _selected_mechanism); + dwarn_f("{}", error_msg); + fail_negotiation(rpc, error_msg); + return; + } + + ddebug_f("test point, select_mechanism = {}", _selected_mechanism); + + error_s err_s = do_sasl_server_init(); + if (!err_s.is_ok()) { + dwarn_f("{}: server initialize sasl failed, error = {}, msg = {}", + _name, + err_s.code().to_string(), + err_s.description()); + fail_negotiation(rpc, err_s.description()); + return; + } + + negotiation_response &response = rpc.response(); + _status = response.status = negotiation_status::type::SASL_SELECT_MECHANISMS_RESP; + } else { + dwarn_f("{}: got message({}) while expect({})", + _name, + enum_to_string(request.status), + negotiation_status::type::SASL_SELECT_MECHANISMS); + fail_negotiation(rpc, "invalid_client_message_status"); + return; + } +} + +error_s server_negotiation::do_sasl_server_init() +{ + // TBD(zlw) + return error_s::make(ERR_OK); +} + void server_negotiation::fail_negotiation(negotiation_rpc rpc, const std::string &reason) { negotiation_response &response = rpc.response(); diff --git a/src/runtime/security/server_negotiation.h b/src/runtime/security/server_negotiation.h index 9337efc28a..7ecaf1bbe0 100644 --- a/src/runtime/security/server_negotiation.h +++ b/src/runtime/security/server_negotiation.h @@ -17,6 +17,7 @@ #pragma once +#include #include "negotiation.h" namespace dsn { @@ -33,6 +34,8 @@ class server_negotiation : public negotiation private: void on_list_mechanisms(negotiation_rpc rpc); + void on_select_mechanism(negotiation_rpc rpc); + error_s do_sasl_server_init(); void fail_negotiation(negotiation_rpc rpc, const std::string &reason); }; From 396568e4acd5f80422c815b1b2277f2dc6653c86 Mon Sep 17 00:00:00 2001 From: levy Date: Mon, 24 Aug 2020 15:16:56 +0800 Subject: [PATCH 2/3] fix --- src/runtime/security/server_negotiation.cpp | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/runtime/security/server_negotiation.cpp b/src/runtime/security/server_negotiation.cpp index 85f1c238a6..3268386bbf 100644 --- a/src/runtime/security/server_negotiation.cpp +++ b/src/runtime/security/server_negotiation.cpp @@ -73,7 +73,6 @@ void server_negotiation::on_list_mechanisms(negotiation_rpc rpc) void server_negotiation::on_select_mechanism(negotiation_rpc rpc) { - ddebug("test point"); const negotiation_request &request = rpc.request(); if (request.status == negotiation_status::type::SASL_SELECT_MECHANISMS) { _selected_mechanism = request.msg; @@ -85,8 +84,6 @@ void server_negotiation::on_select_mechanism(negotiation_rpc rpc) return; } - ddebug_f("test point, select_mechanism = {}", _selected_mechanism); - error_s err_s = do_sasl_server_init(); if (!err_s.is_ok()) { dwarn_f("{}: server initialize sasl failed, error = {}, msg = {}", From a4ffdc5efd156de3d0fb0f824cb44c1dceead1b8 Mon Sep 17 00:00:00 2001 From: levy Date: Mon, 24 Aug 2020 16:44:01 +0800 Subject: [PATCH 3/3] fix --- src/runtime/security/server_negotiation.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/runtime/security/server_negotiation.h b/src/runtime/security/server_negotiation.h index 7ecaf1bbe0..928bb22c34 100644 --- a/src/runtime/security/server_negotiation.h +++ b/src/runtime/security/server_negotiation.h @@ -17,9 +17,10 @@ #pragma once -#include #include "negotiation.h" +#include + namespace dsn { namespace security { extern const std::set supported_mechanisms;