From b553de840ffccf23309cba3d9ae9fccfdd2a90ae Mon Sep 17 00:00:00 2001 From: levy Date: Fri, 18 Dec 2020 18:37:42 +0800 Subject: [PATCH 1/3] feat(security): treat negotiation succeed if server is old version --- .../xiaomi/infra/pegasus/security/Negotiation.java | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java b/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java index bb41ba6a..fc299f7a 100644 --- a/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java +++ b/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java @@ -71,7 +71,13 @@ private class RecvHandler implements Runnable { public void run() { try { if (op.rpc_error.errno != error_code.error_types.ERR_OK) { - throw new ReplicationException(op.rpc_error.errno); + // ERR_HANDLER_NOT_FOUND means server is old version, which doesn't support authentication + if (op.rpc_error.errno == error_code.error_types.ERR_HANDLER_NOT_FOUND) { + negotiationSucceed(); + return; + } else { + throw new ReplicationException(op.rpc_error.errno); + } } handleResponse(); } catch (Exception e) { @@ -86,6 +92,12 @@ private void handleResponse() throws Exception { throw new Exception("RecvHandler received a null response, abandon it"); } + // make the negotiation succeed if server doesn't enable auth + if (resp.status == negotiation_status.SASL_AUTH_DISABLE) { + negotiationSucceed(); + return; + } + switch (status) { case SASL_LIST_MECHANISMS: onRecvMechanisms(resp); From c3a8673c045e234ee2bd7943eb5945c6e94618cf Mon Sep 17 00:00:00 2001 From: levy Date: Fri, 18 Dec 2020 19:08:00 +0800 Subject: [PATCH 2/3] fix --- .../java/com/xiaomi/infra/pegasus/security/Negotiation.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java b/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java index fc299f7a..389647c0 100644 --- a/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java +++ b/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java @@ -72,12 +72,14 @@ public void run() { try { if (op.rpc_error.errno != error_code.error_types.ERR_OK) { // ERR_HANDLER_NOT_FOUND means server is old version, which doesn't support authentication + // In this case we consider this session will expose no privacy at all, so we can just + // go on without negotiation. if (op.rpc_error.errno == error_code.error_types.ERR_HANDLER_NOT_FOUND) { negotiationSucceed(); return; - } else { - throw new ReplicationException(op.rpc_error.errno); } + + throw new ReplicationException(op.rpc_error.errno); } handleResponse(); } catch (Exception e) { From 85e537608a6edf2890131e7655ccf0e41b44d84c Mon Sep 17 00:00:00 2001 From: levy Date: Fri, 18 Dec 2020 19:08:38 +0800 Subject: [PATCH 3/3] fix --- src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java b/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java index 389647c0..25eb6c5e 100644 --- a/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java +++ b/src/main/java/com/xiaomi/infra/pegasus/security/Negotiation.java @@ -78,7 +78,6 @@ public void run() { negotiationSucceed(); return; } - throw new ReplicationException(op.rpc_error.errno); } handleResponse();