From 0078e422b11001d25e8a1da79e3233b9a5aa8799 Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 11 Aug 2020 15:37:34 +0800 Subject: [PATCH 01/28] refactor: handle list mechanism --- include/dsn/tool-api/network.h | 3 + include/dsn/utility/strings.h | 21 ++++++- src/runtime/rpc/asio_rpc_session.cpp | 10 ---- src/runtime/rpc/asio_rpc_session.h | 1 - src/runtime/rpc/network.cpp | 24 ++++++++ src/runtime/security/negotiation.cpp | 4 ++ src/runtime/security/negotiation_service.cpp | 60 ++++++++++++++++++++ src/runtime/security/negotiation_service.h | 39 +++++++++++++ src/runtime/security/negotiation_utils.h | 31 ++++++++++ src/runtime/security/server_negotiation.cpp | 55 ++++++++++++++++++ src/runtime/security/server_negotiation.h | 7 +++ src/runtime/service_api_c.cpp | 14 ++++- src/utils/strings.cpp | 5 +- 13 files changed, 259 insertions(+), 15 deletions(-) create mode 100644 src/runtime/security/negotiation_service.cpp create mode 100644 src/runtime/security/negotiation_service.h diff --git a/include/dsn/tool-api/network.h b/include/dsn/tool-api/network.h index 8e630b1af6..104d70e9c9 100644 --- a/include/dsn/tool-api/network.h +++ b/include/dsn/tool-api/network.h @@ -234,6 +234,8 @@ class rpc_session : public ref_counter /// for negotiation void start_negotiation(); + void complete_negotiation(bool succ); + security::negotiation *get_negotiation() const; public: /// @@ -300,6 +302,7 @@ class rpc_session : public ref_counter void clear_send_queue(bool resend_msgs); bool on_disconnected(bool is_write); + void on_failure(bool is_write = false); protected: // constant info diff --git a/include/dsn/utility/strings.h b/include/dsn/utility/strings.h index 175ce3561e..cd19112bc9 100644 --- a/include/dsn/utility/strings.h +++ b/include/dsn/utility/strings.h @@ -5,6 +5,7 @@ #include #include #include +#include namespace dsn { namespace utils { @@ -49,5 +50,23 @@ char *trim_string(char *s); // calculate the md5 checksum of buffer std::string string_md5(const char *buffer, unsigned int length); + +// combine strings with comma delimiter +template +std::string combine(ForwardIterator begin, ForwardIterator end, const std::string &delimiter) +{ + std::stringstream result; + if (begin != end) { + result << std::string(begin->data(), begin->size()); + ++begin; + } + while (begin != end) { + result << delimiter; + result << std::string(begin->data(), begin->size()); + ++begin; + } + return result.str(); } -} + +} // namespace utils +} // namespace dsn diff --git a/src/runtime/rpc/asio_rpc_session.cpp b/src/runtime/rpc/asio_rpc_session.cpp index b18122f985..91d7637eb4 100644 --- a/src/runtime/rpc/asio_rpc_session.cpp +++ b/src/runtime/rpc/asio_rpc_session.cpp @@ -167,13 +167,6 @@ asio_rpc_session::asio_rpc_session(asio_network_provider &net, set_options(); } -void asio_rpc_session::on_failure(bool is_write) -{ - if (on_disconnected(is_write)) { - close(); - } -} - void asio_rpc_session::close() { utils::auto_write_lock socket_guard(_socket_lock); @@ -202,9 +195,6 @@ void asio_rpc_session::connect() // start auth negotiation when client is connecting to server start_negotiation(); - - set_connected(); - on_send_completed(); start_read_next(); } else { derror("client session connect to %s failed, error = %s", diff --git a/src/runtime/rpc/asio_rpc_session.h b/src/runtime/rpc/asio_rpc_session.h index 574eb23054..6b76ee6bd1 100644 --- a/src/runtime/rpc/asio_rpc_session.h +++ b/src/runtime/rpc/asio_rpc_session.h @@ -56,7 +56,6 @@ class asio_rpc_session : public rpc_session private: void do_read(int read_next) override; - void on_failure(bool is_write = false); void set_options(); void on_message_read(message_ex *msg) { diff --git a/src/runtime/rpc/network.cpp b/src/runtime/rpc/network.cpp index 5e047790ee..1ee5e7eacc 100644 --- a/src/runtime/rpc/network.cpp +++ b/src/runtime/rpc/network.cpp @@ -391,6 +391,13 @@ bool rpc_session::on_disconnected(bool is_write) return ret; } +void rpc_session::on_failure(bool is_write) +{ + if (on_disconnected(is_write)) { + close(); + } +} + bool rpc_session::on_recv_message(message_ex *msg, int delay_ms) { if (msg->header->from_address.is_invalid()) @@ -442,6 +449,21 @@ void rpc_session::start_negotiation() } auth_negotiation(); + } else { + // set negotiation success if auth is disabled + complete_negotiation(true); + } +} + +void rpc_session::complete_negotiation(bool succ) +{ + if (succ) { + if (is_client()) { + set_connected(); + on_send_completed(); + } + } else { + on_failure(true); } } @@ -451,6 +473,8 @@ void rpc_session::auth_negotiation() _negotiation->start(); } +security::negotiation *rpc_session::get_negotiation() const { return _negotiation.get(); } + //////////////////////////////////////////////////////////////////////////////////////////////// network::network(rpc_engine *srv, network *inner_provider) : _engine(srv), _client_hdr_format(NET_HDR_DSN), _unknown_msg_header_format(NET_HDR_INVALID) diff --git a/src/runtime/security/negotiation.cpp b/src/runtime/security/negotiation.cpp index 2cf8f16c3b..6adeb0d4ff 100644 --- a/src/runtime/security/negotiation.cpp +++ b/src/runtime/security/negotiation.cpp @@ -25,6 +25,10 @@ namespace dsn { namespace security { +/// TODO(zlw):we can't get string list from cflags now, +/// so we should get supported mechanisms from config in the later +const std::set supported_mechanisms{"GSSAPI"}; + DSN_DEFINE_bool("security", enable_auth, false, "whether open auth or not"); negotiation::~negotiation() {} diff --git a/src/runtime/security/negotiation_service.cpp b/src/runtime/security/negotiation_service.cpp new file mode 100644 index 0000000000..f46060412a --- /dev/null +++ b/src/runtime/security/negotiation_service.cpp @@ -0,0 +1,60 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#include "negotiation_service.h" +#include "negotiation_utils.h" +#include "server_negotiation.h" + +namespace dsn { +namespace security { +extern bool FLAGS_enable_auth; + +negotiation_service::negotiation_service() : serverlet("negotiation_service") {} + +void negotiation_service::open_service() +{ + register_rpc_handler( + RPC_NEGOTIATION, "Negotiation", &negotiation_service::on_negotiation_request); +} + +void negotiation_service::on_negotiation_request(message_ex *req) +{ + dassert(!req->io_session->is_client(), "only server session receive negotiation request"); + + // return SASL_AUTH_DISABLE if auth is not enable + if (!security::FLAGS_enable_auth) { + reply_auth_disable(req); + return; + } + + server_negotiation *s_negotiation = + dynamic_cast(req->io_session->get_negotiation()); + s_negotiation->handle_request(req); +} + +void negotiation_service::reply_auth_disable(message_ex *req) +{ + auto resp = req->create_response(); + + negotiation_response response; + response.status = negotiation_status::type::SASL_AUTH_DISABLE; + marshall(resp, response); + dsn_rpc_reply(resp); +} + +} // namespace security +} // namespace dsn diff --git a/src/runtime/security/negotiation_service.h b/src/runtime/security/negotiation_service.h new file mode 100644 index 0000000000..79712fb1e1 --- /dev/null +++ b/src/runtime/security/negotiation_service.h @@ -0,0 +1,39 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#pragma once + +#include + +namespace dsn { +namespace security { + +class negotiation_service : public serverlet, + public utils::singleton +{ +public: + negotiation_service(); + void open_service(); + void on_negotiation_request(message_ex *proposal); + +private: + void reply_auth_disable(message_ex *req); + friend class serverlet; +}; + +} // namespace security +} // namespace dsn diff --git a/src/runtime/security/negotiation_utils.h b/src/runtime/security/negotiation_utils.h index 0c6a145646..24e6f89793 100644 --- a/src/runtime/security/negotiation_utils.h +++ b/src/runtime/security/negotiation_utils.h @@ -17,8 +17,39 @@ #pragma once +#include "security_types.h" + namespace dsn { namespace security { +inline const char *enum_to_string(negotiation_status::type s) +{ + switch (s) { + case negotiation_status::type::SASL_LIST_MECHANISMS: + return "negotiation_list_mechanisms"; + case negotiation_status::type::SASL_LIST_MECHANISMS_RESP: + return "negotiation_list_mechanisms_resp"; + case negotiation_status::type::SASL_SELECT_MECHANISMS: + return "negotiation_select_mechanisms"; + case negotiation_status::type::SASL_SELECT_MECHANISMS_OK: + return "negotiation_select_mechanisms_ok"; + case negotiation_status::type::SASL_SUCC: + return "negotiation_succ"; + case negotiation_status::type::SASL_AUTH_FAIL: + return "negotiation_auth_fail"; + case negotiation_status::type::SASL_INITIATE: + return "negotiation_initiate"; + case negotiation_status::type::SASL_CHALLENGE: + return "negotiation_challenge"; + case negotiation_status::type::SASL_CHANLLENGE_RESP: + return "negotiation_chanllenge_response"; + case negotiation_status::type::SASL_AUTH_DISABLE: + return "negotiation_auth_disable"; + case negotiation_status::type::INVALID: + return "negotiation_invalid"; + default: + return "negotiation-unkown"; + } +} DEFINE_TASK_CODE_RPC(RPC_NEGOTIATION, TASK_PRIORITY_COMMON, dsn::THREAD_POOL_DEFAULT) diff --git a/src/runtime/security/server_negotiation.cpp b/src/runtime/security/server_negotiation.cpp index 53f1f11052..b9f454778e 100644 --- a/src/runtime/security/server_negotiation.cpp +++ b/src/runtime/security/server_negotiation.cpp @@ -16,7 +16,9 @@ // under the License. #include "server_negotiation.h" +#include "negotiation_utils.h" +#include #include namespace dsn { @@ -33,5 +35,58 @@ void server_negotiation::start() ddebug_f("{}: start negotiation", _name); } +void server_negotiation::handle_request(message_ptr req) +{ + negotiation_request request; + dsn::unmarshall(req, request); + if (_status == negotiation_status::type::SASL_LIST_MECHANISMS) { + on_list_mechanisms(req, request); + return; + } +} + +void server_negotiation::on_list_mechanisms(const message_ptr &msg, + const negotiation_request &request) +{ + if (request.status == negotiation_status::type::SASL_LIST_MECHANISMS) { + std::string mech_list = + utils::combine(supported_mechanisms.begin(), supported_mechanisms.end(), ","); + ddebug_f("{}: reply server mechs({})", _name, mech_list); + negotiation_response response; + _status = response.status = negotiation_status::type::SASL_LIST_MECHANISMS_RESP; + response.msg = std::move(mech_list); + reply(msg, response); + } else { + dwarn_f("{}: got message({}) while expect({})", + _name, + enum_to_string(request.status), + negotiation_status::type::SASL_LIST_MECHANISMS); + fail_negotiation(msg, "invalid_client_message_status"); + } +} + +void server_negotiation::reply(const message_ptr &req, const negotiation_response &response) +{ + message_ptr resp = req->create_response(); + strncpy(resp->header->server.error_name, + ERR_OK.to_string(), + sizeof(resp->header->server.error_name)); + resp->header->server.error_code.local_code = ERR_OK; // rpc is ok + resp->header->server.error_code.local_hash = message_ex::s_local_hash; + dsn::marshall(resp, response); + + _session->send_message(resp); +} + +void server_negotiation::fail_negotiation(const message_ptr &req, const std::string &reason) +{ + negotiation_response response; + _status = response.status = negotiation_status::type::SASL_AUTH_FAIL; + response.msg = reason; + reply(req, response); + + _session->complete_negotiation(false); +} + } // namespace security } // namespace dsn diff --git a/src/runtime/security/server_negotiation.h b/src/runtime/security/server_negotiation.h index ef6dc97211..4dc226b3c9 100644 --- a/src/runtime/security/server_negotiation.h +++ b/src/runtime/security/server_negotiation.h @@ -21,6 +21,7 @@ namespace dsn { namespace security { +extern const std::set supported_mechanisms; class server_negotiation : public negotiation { @@ -28,6 +29,12 @@ class server_negotiation : public negotiation server_negotiation(rpc_session *session); void start(); + void handle_request(message_ptr msg); + +private: + void on_list_mechanisms(const message_ptr &msg, const negotiation_request &request); + void reply(const message_ptr &req, const negotiation_response &response); + void fail_negotiation(const message_ptr &req, const std::string &reason); }; } // namespace security diff --git a/src/runtime/service_api_c.cpp b/src/runtime/service_api_c.cpp index 194f3a8c40..12842914cb 100644 --- a/src/runtime/service_api_c.cpp +++ b/src/runtime/service_api_c.cpp @@ -42,6 +42,13 @@ #include "runtime/rpc/rpc_engine.h" #include "runtime/task/task_engine.h" #include "utils/coredump.h" +#include "runtime/security/negotiation_service.h" + +namespace dsn { +namespace security { +extern bool FLAGS_enable_auth; +} // namespace security +} // namespace dsn // // global state @@ -543,7 +550,12 @@ service_app *service_app::new_service_app(const std::string &type, type.c_str(), dsn::PROVIDER_TYPE_MAIN, info); } -service_app::service_app(const dsn::service_app_info *info) : _info(info), _started(false) {} +service_app::service_app(const dsn::service_app_info *info) : _info(info), _started(false) +{ + if (security::FLAGS_enable_auth) { + security::negotiation_service::instance().open_service(); + } +} const service_app_info &service_app::info() const { return *_info; } diff --git a/src/utils/strings.cpp b/src/utils/strings.cpp index a53ff2698c..2ad29e81b7 100644 --- a/src/utils/strings.cpp +++ b/src/utils/strings.cpp @@ -183,5 +183,6 @@ std::string string_md5(const char *buffer, unsigned length) return result; } -} -} + +} // namespace utils +} // namespace dsn From 299fdc48b6c7e907628a7022938cceb624717744 Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 11 Aug 2020 16:12:48 +0800 Subject: [PATCH 02/28] fix --- src/runtime/security/client_negotiation.cpp | 16 +++++++++++++--- src/runtime/security/client_negotiation.h | 2 +- src/runtime/security/server_negotiation.cpp | 1 + 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index f3cb6684fa..eb7c5f3c8b 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -19,6 +19,7 @@ #include "negotiation_utils.h" #include +#include namespace dsn { namespace security { @@ -34,6 +35,10 @@ void client_negotiation::start() list_mechanisms(); } +void client_negotiation::handle_response(message_ex *resp) { + ddebug("server_negotiation::handle_response"); +} + void client_negotiation::list_mechanisms() { negotiation_request request; @@ -43,9 +48,14 @@ void client_negotiation::list_mechanisms() void client_negotiation::send(const negotiation_request &request) { - message_ptr req = message_ex::create_request(RPC_NEGOTIATION); - dsn::marshall(req, request); - _session->send_message(req); + message_ptr msg = message_ex::create_request(RPC_NEGOTIATION); + dsn::marshall(msg.get(), request); + + rpc_response_task_ptr t = rpc::create_rpc_response_task( + msg, nullptr, [this](error_code err, dsn::message_ex *request, dsn::message_ex *response) { + handle_response(response); + }); + dsn_rpc_call(_session->remote_address(), t); } } // namespace security diff --git a/src/runtime/security/client_negotiation.h b/src/runtime/security/client_negotiation.h index 244bf542d8..5c018a2911 100644 --- a/src/runtime/security/client_negotiation.h +++ b/src/runtime/security/client_negotiation.h @@ -26,10 +26,10 @@ class client_negotiation : public negotiation { public: client_negotiation(rpc_session *session); - void start(); private: + void handle_response(message_ex *resp); void list_mechanisms(); void send(const negotiation_request &request); }; diff --git a/src/runtime/security/server_negotiation.cpp b/src/runtime/security/server_negotiation.cpp index b9f454778e..c3b73ef9e7 100644 --- a/src/runtime/security/server_negotiation.cpp +++ b/src/runtime/security/server_negotiation.cpp @@ -37,6 +37,7 @@ void server_negotiation::start() void server_negotiation::handle_request(message_ptr req) { + ddebug("server_negotiation::handle_request"); negotiation_request request; dsn::unmarshall(req, request); if (_status == negotiation_status::type::SASL_LIST_MECHANISMS) { From 43c248f8f3ed9f41a9bbde09d666630ec8fe6b2b Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 11 Aug 2020 17:48:06 +0800 Subject: [PATCH 03/28] refactor --- include/dsn/utility/strings.h | 2 +- src/runtime/security/client_negotiation.cpp | 4 +- src/runtime/security/negotiation.cpp | 2 - src/runtime/security/negotiation.h | 1 + src/runtime/security/negotiation_service.cpp | 23 +++------- src/runtime/security/negotiation_service.h | 4 +- src/runtime/security/negotiation_utils.h | 2 - src/runtime/security/server_negotiation.cpp | 45 ++++++-------------- src/runtime/security/server_negotiation.h | 10 +++-- 9 files changed, 31 insertions(+), 62 deletions(-) diff --git a/include/dsn/utility/strings.h b/include/dsn/utility/strings.h index cd19112bc9..d218884a23 100644 --- a/include/dsn/utility/strings.h +++ b/include/dsn/utility/strings.h @@ -53,7 +53,7 @@ std::string string_md5(const char *buffer, unsigned int length); // combine strings with comma delimiter template -std::string combine(ForwardIterator begin, ForwardIterator end, const std::string &delimiter) +std::string merge(ForwardIterator begin, ForwardIterator end, const std::string &delimiter) { std::stringstream result; if (begin != end) { diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index eb7c5f3c8b..42a1f358eb 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -35,9 +35,7 @@ void client_negotiation::start() list_mechanisms(); } -void client_negotiation::handle_response(message_ex *resp) { - ddebug("server_negotiation::handle_response"); -} +void client_negotiation::handle_response(message_ex *resp) {} void client_negotiation::list_mechanisms() { diff --git a/src/runtime/security/negotiation.cpp b/src/runtime/security/negotiation.cpp index 6adeb0d4ff..5315ce13a8 100644 --- a/src/runtime/security/negotiation.cpp +++ b/src/runtime/security/negotiation.cpp @@ -24,11 +24,9 @@ namespace dsn { namespace security { - /// TODO(zlw):we can't get string list from cflags now, /// so we should get supported mechanisms from config in the later const std::set supported_mechanisms{"GSSAPI"}; - DSN_DEFINE_bool("security", enable_auth, false, "whether open auth or not"); negotiation::~negotiation() {} diff --git a/src/runtime/security/negotiation.h b/src/runtime/security/negotiation.h index cd8db56e60..21ca60084d 100644 --- a/src/runtime/security/negotiation.h +++ b/src/runtime/security/negotiation.h @@ -24,6 +24,7 @@ namespace dsn { class rpc_session; namespace security { +DEFINE_TASK_CODE_RPC(RPC_NEGOTIATION, TASK_PRIORITY_COMMON, dsn::THREAD_POOL_DEFAULT) class negotiation { diff --git a/src/runtime/security/negotiation_service.cpp b/src/runtime/security/negotiation_service.cpp index f46060412a..63f3cd7244 100644 --- a/src/runtime/security/negotiation_service.cpp +++ b/src/runtime/security/negotiation_service.cpp @@ -27,33 +27,24 @@ negotiation_service::negotiation_service() : serverlet("negotiation_service") {} void negotiation_service::open_service() { - register_rpc_handler( + register_rpc_handler_with_rpc_holder( RPC_NEGOTIATION, "Negotiation", &negotiation_service::on_negotiation_request); } -void negotiation_service::on_negotiation_request(message_ex *req) +void negotiation_service::on_negotiation_request(negotiation_rpc rpc) { - dassert(!req->io_session->is_client(), "only server session receive negotiation request"); + dassert(!rpc.dsn_request()->io_session->is_client(), + "only server session receive negotiation request"); // return SASL_AUTH_DISABLE if auth is not enable if (!security::FLAGS_enable_auth) { - reply_auth_disable(req); + rpc.response().status = negotiation_status::type::SASL_AUTH_DISABLE; return; } server_negotiation *s_negotiation = - dynamic_cast(req->io_session->get_negotiation()); - s_negotiation->handle_request(req); -} - -void negotiation_service::reply_auth_disable(message_ex *req) -{ - auto resp = req->create_response(); - - negotiation_response response; - response.status = negotiation_status::type::SASL_AUTH_DISABLE; - marshall(resp, response); - dsn_rpc_reply(resp); + dynamic_cast(rpc.dsn_request()->io_session->get_negotiation()); + s_negotiation->handle_request(rpc); } } // namespace security diff --git a/src/runtime/security/negotiation_service.h b/src/runtime/security/negotiation_service.h index 79712fb1e1..df9cec5cd4 100644 --- a/src/runtime/security/negotiation_service.h +++ b/src/runtime/security/negotiation_service.h @@ -18,6 +18,7 @@ #pragma once #include +#include "server_negotiation.h" namespace dsn { namespace security { @@ -28,10 +29,9 @@ class negotiation_service : public serverlet, public: negotiation_service(); void open_service(); - void on_negotiation_request(message_ex *proposal); + void on_negotiation_request(negotiation_rpc rpc); private: - void reply_auth_disable(message_ex *req); friend class serverlet; }; diff --git a/src/runtime/security/negotiation_utils.h b/src/runtime/security/negotiation_utils.h index 24e6f89793..265607bbee 100644 --- a/src/runtime/security/negotiation_utils.h +++ b/src/runtime/security/negotiation_utils.h @@ -51,7 +51,5 @@ inline const char *enum_to_string(negotiation_status::type s) } } -DEFINE_TASK_CODE_RPC(RPC_NEGOTIATION, TASK_PRIORITY_COMMON, dsn::THREAD_POOL_DEFAULT) - } // namespace security } // namespace dsn diff --git a/src/runtime/security/server_negotiation.cpp b/src/runtime/security/server_negotiation.cpp index c3b73ef9e7..b8c72e348c 100644 --- a/src/runtime/security/server_negotiation.cpp +++ b/src/runtime/security/server_negotiation.cpp @@ -35,58 +35,39 @@ void server_negotiation::start() ddebug_f("{}: start negotiation", _name); } -void server_negotiation::handle_request(message_ptr req) +void server_negotiation::handle_request(negotiation_rpc rpc) { - ddebug("server_negotiation::handle_request"); - negotiation_request request; - dsn::unmarshall(req, request); if (_status == negotiation_status::type::SASL_LIST_MECHANISMS) { - on_list_mechanisms(req, request); + on_list_mechanisms(rpc); return; } } -void server_negotiation::on_list_mechanisms(const message_ptr &msg, - const negotiation_request &request) +void server_negotiation::on_list_mechanisms(negotiation_rpc rpc) { - if (request.status == negotiation_status::type::SASL_LIST_MECHANISMS) { + if (rpc.request().status == negotiation_status::type::SASL_LIST_MECHANISMS) { std::string mech_list = - utils::combine(supported_mechanisms.begin(), supported_mechanisms.end(), ","); + utils::merge(supported_mechanisms.begin(), supported_mechanisms.end(), ","); ddebug_f("{}: reply server mechs({})", _name, mech_list); - negotiation_response response; + negotiation_response &response = rpc.response(); _status = response.status = negotiation_status::type::SASL_LIST_MECHANISMS_RESP; response.msg = std::move(mech_list); - reply(msg, response); + return; } else { dwarn_f("{}: got message({}) while expect({})", _name, - enum_to_string(request.status), - negotiation_status::type::SASL_LIST_MECHANISMS); - fail_negotiation(msg, "invalid_client_message_status"); + enum_to_string(rpc.request().status), + enum_to_string(negotiation_status::type::SASL_LIST_MECHANISMS)); + fail_negotiation(rpc, "invalid_client_message_status"); + return; } } -void server_negotiation::reply(const message_ptr &req, const negotiation_response &response) +void server_negotiation::fail_negotiation(negotiation_rpc rpc, const std::string &reason) { - message_ptr resp = req->create_response(); - strncpy(resp->header->server.error_name, - ERR_OK.to_string(), - sizeof(resp->header->server.error_name)); - resp->header->server.error_code.local_code = ERR_OK; // rpc is ok - resp->header->server.error_code.local_hash = message_ex::s_local_hash; - dsn::marshall(resp, response); - - _session->send_message(resp); -} - -void server_negotiation::fail_negotiation(const message_ptr &req, const std::string &reason) -{ - negotiation_response response; + negotiation_response &response = rpc.response(); _status = response.status = negotiation_status::type::SASL_AUTH_FAIL; response.msg = reason; - reply(req, response); - - _session->complete_negotiation(false); } } // namespace security diff --git a/src/runtime/security/server_negotiation.h b/src/runtime/security/server_negotiation.h index 4dc226b3c9..3a305d621f 100644 --- a/src/runtime/security/server_negotiation.h +++ b/src/runtime/security/server_negotiation.h @@ -19,9 +19,12 @@ #include "negotiation.h" +#include + namespace dsn { namespace security { extern const std::set supported_mechanisms; +typedef rpc_holder negotiation_rpc; class server_negotiation : public negotiation { @@ -29,12 +32,11 @@ class server_negotiation : public negotiation server_negotiation(rpc_session *session); void start(); - void handle_request(message_ptr msg); + void handle_request(negotiation_rpc rpc); private: - void on_list_mechanisms(const message_ptr &msg, const negotiation_request &request); - void reply(const message_ptr &req, const negotiation_response &response); - void fail_negotiation(const message_ptr &req, const std::string &reason); + void on_list_mechanisms(negotiation_rpc rpc); + void fail_negotiation(negotiation_rpc rpc, const std::string &reason); }; } // namespace security From e706de93425e42d1ceb4463b2181bbc9b9947bf6 Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 11 Aug 2020 17:49:23 +0800 Subject: [PATCH 04/28] fix --- src/runtime/security/negotiation.h | 2 -- src/runtime/security/negotiation_utils.h | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/runtime/security/negotiation.h b/src/runtime/security/negotiation.h index 21ca60084d..70eb4f6504 100644 --- a/src/runtime/security/negotiation.h +++ b/src/runtime/security/negotiation.h @@ -24,8 +24,6 @@ namespace dsn { class rpc_session; namespace security { -DEFINE_TASK_CODE_RPC(RPC_NEGOTIATION, TASK_PRIORITY_COMMON, dsn::THREAD_POOL_DEFAULT) - class negotiation { public: diff --git a/src/runtime/security/negotiation_utils.h b/src/runtime/security/negotiation_utils.h index 265607bbee..7891db63bb 100644 --- a/src/runtime/security/negotiation_utils.h +++ b/src/runtime/security/negotiation_utils.h @@ -51,5 +51,6 @@ inline const char *enum_to_string(negotiation_status::type s) } } +DEFINE_TASK_CODE_RPC(RPC_NEGOTIATION, TASK_PRIORITY_COMMON, dsn::THREAD_POOL_DEFAULT) } // namespace security } // namespace dsn From 42c31ab889a66f3f2a5f516e1c6a14d268c6d05c Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 11 Aug 2020 17:50:42 +0800 Subject: [PATCH 05/28] fix --- src/runtime/security/client_negotiation.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/runtime/security/client_negotiation.h b/src/runtime/security/client_negotiation.h index 5c018a2911..3b2481d462 100644 --- a/src/runtime/security/client_negotiation.h +++ b/src/runtime/security/client_negotiation.h @@ -26,6 +26,7 @@ class client_negotiation : public negotiation { public: client_negotiation(rpc_session *session); + void start(); private: From 98ea35bda9d7f5a505aab87ace4b8529f78fb522 Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 11 Aug 2020 17:52:37 +0800 Subject: [PATCH 06/28] refactor --- src/runtime/security/server_negotiation.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/runtime/security/server_negotiation.cpp b/src/runtime/security/server_negotiation.cpp index b8c72e348c..eb71f4e75a 100644 --- a/src/runtime/security/server_negotiation.cpp +++ b/src/runtime/security/server_negotiation.cpp @@ -54,10 +54,10 @@ void server_negotiation::on_list_mechanisms(negotiation_rpc rpc) response.msg = std::move(mech_list); return; } else { - dwarn_f("{}: got message({}) while expect({})", - _name, - enum_to_string(rpc.request().status), - enum_to_string(negotiation_status::type::SASL_LIST_MECHANISMS)); + ddebug_f("{}: got message({}) while expect({})", + _name, + enum_to_string(rpc.request().status), + enum_to_string(negotiation_status::type::SASL_LIST_MECHANISMS)); fail_negotiation(rpc, "invalid_client_message_status"); return; } From 6c7550c3bc3dd5762f19241e196b703aba320187 Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 11 Aug 2020 17:59:17 +0800 Subject: [PATCH 07/28] fix --- include/dsn/utility/strings.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/dsn/utility/strings.h b/include/dsn/utility/strings.h index d218884a23..78842928b0 100644 --- a/include/dsn/utility/strings.h +++ b/include/dsn/utility/strings.h @@ -51,7 +51,7 @@ char *trim_string(char *s); // calculate the md5 checksum of buffer std::string string_md5(const char *buffer, unsigned int length); -// combine strings with comma delimiter +// merge strings with comma delimiter template std::string merge(ForwardIterator begin, ForwardIterator end, const std::string &delimiter) { From e0a9e8fa0a4b1c94747047f73a02ba1b7fbe40cc Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 11 Aug 2020 18:26:23 +0800 Subject: [PATCH 08/28] refactor --- src/runtime/security/client_negotiation.cpp | 9 ++++++--- src/runtime/security/client_negotiation.h | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index 42a1f358eb..a9b2822b03 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -35,7 +35,10 @@ void client_negotiation::start() list_mechanisms(); } -void client_negotiation::handle_response(message_ex *resp) {} +void client_negotiation::handle_response(error_code err, const negotiation_response &&response) +{ + // TBD(zlw) +} void client_negotiation::list_mechanisms() { @@ -50,8 +53,8 @@ void client_negotiation::send(const negotiation_request &request) dsn::marshall(msg.get(), request); rpc_response_task_ptr t = rpc::create_rpc_response_task( - msg, nullptr, [this](error_code err, dsn::message_ex *request, dsn::message_ex *response) { - handle_response(response); + msg, nullptr, [this](error_code err, negotiation_response response) { + handle_response(err, std::move(response)); }); dsn_rpc_call(_session->remote_address(), t); } diff --git a/src/runtime/security/client_negotiation.h b/src/runtime/security/client_negotiation.h index 3b2481d462..bbc107621e 100644 --- a/src/runtime/security/client_negotiation.h +++ b/src/runtime/security/client_negotiation.h @@ -30,7 +30,7 @@ class client_negotiation : public negotiation void start(); private: - void handle_response(message_ex *resp); + void handle_response(error_code err, const negotiation_response &&response); void list_mechanisms(); void send(const negotiation_request &request); }; From 27e075b0a0f554b9683c175ca7351095cec7e243 Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 11 Aug 2020 18:46:42 +0800 Subject: [PATCH 09/28] refactor --- src/runtime/security/negotiation_service.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/runtime/security/negotiation_service.h b/src/runtime/security/negotiation_service.h index df9cec5cd4..cf21f7ae2a 100644 --- a/src/runtime/security/negotiation_service.h +++ b/src/runtime/security/negotiation_service.h @@ -27,12 +27,12 @@ class negotiation_service : public serverlet, public utils::singleton { public: - negotiation_service(); void open_service(); - void on_negotiation_request(negotiation_rpc rpc); private: - friend class serverlet; + negotiation_service(); + void on_negotiation_request(negotiation_rpc rpc); + friend class utils::singleton; }; } // namespace security From 7cc56133a40d82b5c29dc883f2db382787b0389e Mon Sep 17 00:00:00 2001 From: levy Date: Wed, 12 Aug 2020 12:19:30 +0800 Subject: [PATCH 10/28] fix by review --- include/dsn/tool-api/network.h | 1 + include/dsn/utility/strings.h | 2 +- src/runtime/rpc/network.cpp | 8 ++++++-- src/runtime/security/negotiation_service.cpp | 6 +++--- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/include/dsn/tool-api/network.h b/include/dsn/tool-api/network.h index 104d70e9c9..b3cc3a6403 100644 --- a/include/dsn/tool-api/network.h +++ b/include/dsn/tool-api/network.h @@ -303,6 +303,7 @@ class rpc_session : public ref_counter void clear_send_queue(bool resend_msgs); bool on_disconnected(bool is_write); void on_failure(bool is_write = false); + void on_client_success(); protected: // constant info diff --git a/include/dsn/utility/strings.h b/include/dsn/utility/strings.h index 78842928b0..9a1e04b1ce 100644 --- a/include/dsn/utility/strings.h +++ b/include/dsn/utility/strings.h @@ -51,7 +51,7 @@ char *trim_string(char *s); // calculate the md5 checksum of buffer std::string string_md5(const char *buffer, unsigned int length); -// merge strings with comma delimiter +// merge strings with specified delimiter template std::string merge(ForwardIterator begin, ForwardIterator end, const std::string &delimiter) { diff --git a/src/runtime/rpc/network.cpp b/src/runtime/rpc/network.cpp index 1ee5e7eacc..ddaa14236e 100644 --- a/src/runtime/rpc/network.cpp +++ b/src/runtime/rpc/network.cpp @@ -398,6 +398,11 @@ void rpc_session::on_failure(bool is_write) } } +void rpc_session::on_client_success() { + set_connected(); + on_send_completed(); +} + bool rpc_session::on_recv_message(message_ex *msg, int delay_ms) { if (msg->header->from_address.is_invalid()) @@ -459,8 +464,7 @@ void rpc_session::complete_negotiation(bool succ) { if (succ) { if (is_client()) { - set_connected(); - on_send_completed(); + on_client_success(); } } else { on_failure(true); diff --git a/src/runtime/security/negotiation_service.cpp b/src/runtime/security/negotiation_service.cpp index 63f3cd7244..044b66ffd0 100644 --- a/src/runtime/security/negotiation_service.cpp +++ b/src/runtime/security/negotiation_service.cpp @@ -36,15 +36,15 @@ void negotiation_service::on_negotiation_request(negotiation_rpc rpc) dassert(!rpc.dsn_request()->io_session->is_client(), "only server session receive negotiation request"); - // return SASL_AUTH_DISABLE if auth is not enable + // reply SASL_AUTH_DISABLE if auth is not enable if (!security::FLAGS_enable_auth) { rpc.response().status = negotiation_status::type::SASL_AUTH_DISABLE; return; } - server_negotiation *s_negotiation = + server_negotiation *srv_negotiation = dynamic_cast(rpc.dsn_request()->io_session->get_negotiation()); - s_negotiation->handle_request(rpc); + srv_negotiation->handle_request(rpc); } } // namespace security From 6d72531c1708e56a56de486485042e89da4d4689 Mon Sep 17 00:00:00 2001 From: levy5307 Date: Wed, 12 Aug 2020 23:17:46 +0800 Subject: [PATCH 11/28] refactor --- include/dsn/tool-api/network.h | 2 +- src/runtime/rpc/network.cpp | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/include/dsn/tool-api/network.h b/include/dsn/tool-api/network.h index b3cc3a6403..c8c012247d 100644 --- a/include/dsn/tool-api/network.h +++ b/include/dsn/tool-api/network.h @@ -303,7 +303,7 @@ class rpc_session : public ref_counter void clear_send_queue(bool resend_msgs); bool on_disconnected(bool is_write); void on_failure(bool is_write = false); - void on_client_success(); + void on_success(); protected: // constant info diff --git a/src/runtime/rpc/network.cpp b/src/runtime/rpc/network.cpp index ddaa14236e..b6673ef585 100644 --- a/src/runtime/rpc/network.cpp +++ b/src/runtime/rpc/network.cpp @@ -398,9 +398,12 @@ void rpc_session::on_failure(bool is_write) } } -void rpc_session::on_client_success() { - set_connected(); - on_send_completed(); +void rpc_session::on_success() +{ + if (is_client()) { + set_connected(); + on_send_completed(); + } } bool rpc_session::on_recv_message(message_ex *msg, int delay_ms) @@ -463,9 +466,7 @@ void rpc_session::start_negotiation() void rpc_session::complete_negotiation(bool succ) { if (succ) { - if (is_client()) { - on_client_success(); - } + on_success(); } else { on_failure(true); } From 125e6ac3699591452fb860dce41dc4a1cd635e01 Mon Sep 17 00:00:00 2001 From: levy Date: Thu, 13 Aug 2020 18:50:55 +0800 Subject: [PATCH 12/28] fix --- src/runtime/service_api_c.cpp | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/src/runtime/service_api_c.cpp b/src/runtime/service_api_c.cpp index 12842914cb..026120fa0c 100644 --- a/src/runtime/service_api_c.cpp +++ b/src/runtime/service_api_c.cpp @@ -44,12 +44,6 @@ #include "utils/coredump.h" #include "runtime/security/negotiation_service.h" -namespace dsn { -namespace security { -extern bool FLAGS_enable_auth; -} // namespace security -} // namespace dsn - // // global state // @@ -552,9 +546,7 @@ service_app *service_app::new_service_app(const std::string &type, service_app::service_app(const dsn::service_app_info *info) : _info(info), _started(false) { - if (security::FLAGS_enable_auth) { - security::negotiation_service::instance().open_service(); - } + security::negotiation_service::instance().open_service(); } const service_app_info &service_app::info() const { return *_info; } From 9780183f4f28284e770b693e664cd1e07fe144ff Mon Sep 17 00:00:00 2001 From: levy Date: Thu, 13 Aug 2020 18:52:38 +0800 Subject: [PATCH 13/28] fix --- src/runtime/security/negotiation.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/runtime/security/negotiation.h b/src/runtime/security/negotiation.h index 70eb4f6504..cd8db56e60 100644 --- a/src/runtime/security/negotiation.h +++ b/src/runtime/security/negotiation.h @@ -24,6 +24,7 @@ namespace dsn { class rpc_session; namespace security { + class negotiation { public: From b333d68ad8801a3bf01ce21cb019b3265ca7fcc9 Mon Sep 17 00:00:00 2001 From: levy Date: Thu, 13 Aug 2020 19:03:41 +0800 Subject: [PATCH 14/28] fix by review --- include/dsn/utility/strings.h | 17 ----------------- src/runtime/security/server_negotiation.cpp | 7 +++---- 2 files changed, 3 insertions(+), 21 deletions(-) diff --git a/include/dsn/utility/strings.h b/include/dsn/utility/strings.h index 9a1e04b1ce..1848dca47d 100644 --- a/include/dsn/utility/strings.h +++ b/include/dsn/utility/strings.h @@ -51,22 +51,5 @@ char *trim_string(char *s); // calculate the md5 checksum of buffer std::string string_md5(const char *buffer, unsigned int length); -// merge strings with specified delimiter -template -std::string merge(ForwardIterator begin, ForwardIterator end, const std::string &delimiter) -{ - std::stringstream result; - if (begin != end) { - result << std::string(begin->data(), begin->size()); - ++begin; - } - while (begin != end) { - result << delimiter; - result << std::string(begin->data(), begin->size()); - ++begin; - } - return result.str(); -} - } // namespace utils } // namespace dsn diff --git a/src/runtime/security/server_negotiation.cpp b/src/runtime/security/server_negotiation.cpp index eb71f4e75a..ad434f00a3 100644 --- a/src/runtime/security/server_negotiation.cpp +++ b/src/runtime/security/server_negotiation.cpp @@ -20,6 +20,7 @@ #include #include +#include namespace dsn { namespace security { @@ -46,21 +47,19 @@ void server_negotiation::handle_request(negotiation_rpc rpc) void server_negotiation::on_list_mechanisms(negotiation_rpc rpc) { if (rpc.request().status == negotiation_status::type::SASL_LIST_MECHANISMS) { - std::string mech_list = - utils::merge(supported_mechanisms.begin(), supported_mechanisms.end(), ","); + std::string mech_list = boost::join(supported_mechanisms.begin(), ","); ddebug_f("{}: reply server mechs({})", _name, mech_list); negotiation_response &response = rpc.response(); _status = response.status = negotiation_status::type::SASL_LIST_MECHANISMS_RESP; response.msg = std::move(mech_list); - return; } else { ddebug_f("{}: got message({}) while expect({})", _name, enum_to_string(rpc.request().status), enum_to_string(negotiation_status::type::SASL_LIST_MECHANISMS)); fail_negotiation(rpc, "invalid_client_message_status"); - return; } + return; } void server_negotiation::fail_negotiation(negotiation_rpc rpc, const std::string &reason) From e1168f8d25edb588ccd5f7e6c01ad4c9461f7169 Mon Sep 17 00:00:00 2001 From: levy Date: Thu, 13 Aug 2020 19:15:07 +0800 Subject: [PATCH 15/28] fix by review --- src/runtime/security/client_negotiation.cpp | 21 +++++++++------------ src/runtime/security/client_negotiation.h | 2 +- src/runtime/security/negotiation.h | 3 +++ src/runtime/security/negotiation_service.h | 3 ++- src/runtime/security/server_negotiation.h | 3 --- 5 files changed, 15 insertions(+), 17 deletions(-) diff --git a/src/runtime/security/client_negotiation.cpp b/src/runtime/security/client_negotiation.cpp index a9b2822b03..5cd31b2231 100644 --- a/src/runtime/security/client_negotiation.cpp +++ b/src/runtime/security/client_negotiation.cpp @@ -20,6 +20,7 @@ #include #include +#include namespace dsn { namespace security { @@ -42,21 +43,17 @@ void client_negotiation::handle_response(error_code err, const negotiation_respo void client_negotiation::list_mechanisms() { - negotiation_request request; - _status = request.status = negotiation_status::type::SASL_LIST_MECHANISMS; - send(request); + auto request = dsn::make_unique(); + _status = request->status = negotiation_status::type::SASL_LIST_MECHANISMS; + send(std::move(request)); } -void client_negotiation::send(const negotiation_request &request) +void client_negotiation::send(std::unique_ptr request) { - message_ptr msg = message_ex::create_request(RPC_NEGOTIATION); - dsn::marshall(msg.get(), request); - - rpc_response_task_ptr t = rpc::create_rpc_response_task( - msg, nullptr, [this](error_code err, negotiation_response response) { - handle_response(err, std::move(response)); - }); - dsn_rpc_call(_session->remote_address(), t); + negotiation_rpc rpc(std::move(request), RPC_NEGOTIATION); + rpc.call(_session->remote_address(), nullptr, [this, rpc](error_code err) mutable { + handle_response(err, std::move(rpc.response())); + }); } } // namespace security diff --git a/src/runtime/security/client_negotiation.h b/src/runtime/security/client_negotiation.h index bbc107621e..2db368f522 100644 --- a/src/runtime/security/client_negotiation.h +++ b/src/runtime/security/client_negotiation.h @@ -32,7 +32,7 @@ class client_negotiation : public negotiation private: void handle_response(error_code err, const negotiation_response &&response); void list_mechanisms(); - void send(const negotiation_request &request); + void send(std::unique_ptr request); }; } // namespace security diff --git a/src/runtime/security/negotiation.h b/src/runtime/security/negotiation.h index cd8db56e60..25492c80e0 100644 --- a/src/runtime/security/negotiation.h +++ b/src/runtime/security/negotiation.h @@ -18,12 +18,15 @@ #pragma once #include "security_types.h" + #include +#include namespace dsn { class rpc_session; namespace security { +typedef rpc_holder negotiation_rpc; class negotiation { diff --git a/src/runtime/security/negotiation_service.h b/src/runtime/security/negotiation_service.h index cf21f7ae2a..fcc4d587d9 100644 --- a/src/runtime/security/negotiation_service.h +++ b/src/runtime/security/negotiation_service.h @@ -17,9 +17,10 @@ #pragma once -#include #include "server_negotiation.h" +#include + namespace dsn { namespace security { diff --git a/src/runtime/security/server_negotiation.h b/src/runtime/security/server_negotiation.h index 3a305d621f..9337efc28a 100644 --- a/src/runtime/security/server_negotiation.h +++ b/src/runtime/security/server_negotiation.h @@ -19,12 +19,9 @@ #include "negotiation.h" -#include - namespace dsn { namespace security { extern const std::set supported_mechanisms; -typedef rpc_holder negotiation_rpc; class server_negotiation : public negotiation { From db64bc5601d49cf7608c691d67a732565c4b1215 Mon Sep 17 00:00:00 2001 From: levy Date: Thu, 13 Aug 2020 19:23:44 +0800 Subject: [PATCH 16/28] fix --- src/runtime/security/server_negotiation.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/security/server_negotiation.cpp b/src/runtime/security/server_negotiation.cpp index ad434f00a3..1ef76e394f 100644 --- a/src/runtime/security/server_negotiation.cpp +++ b/src/runtime/security/server_negotiation.cpp @@ -47,7 +47,7 @@ void server_negotiation::handle_request(negotiation_rpc rpc) void server_negotiation::on_list_mechanisms(negotiation_rpc rpc) { if (rpc.request().status == negotiation_status::type::SASL_LIST_MECHANISMS) { - std::string mech_list = boost::join(supported_mechanisms.begin(), ","); + std::string mech_list = boost::join(supported_mechanisms, ","); ddebug_f("{}: reply server mechs({})", _name, mech_list); negotiation_response &response = rpc.response(); _status = response.status = negotiation_status::type::SASL_LIST_MECHANISMS_RESP; From 8f61406fabf22d22d0d76ab16a91aaf12af0da5a Mon Sep 17 00:00:00 2001 From: levy Date: Fri, 14 Aug 2020 10:32:11 +0800 Subject: [PATCH 17/28] fix --- include/dsn/utility/strings.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/dsn/utility/strings.h b/include/dsn/utility/strings.h index cd19112bc9..3da2495238 100644 --- a/include/dsn/utility/strings.h +++ b/include/dsn/utility/strings.h @@ -5,7 +5,6 @@ #include #include #include -#include namespace dsn { namespace utils { From f6c885436cbcf737f135f7d5cd858126a3d2961d Mon Sep 17 00:00:00 2001 From: levy Date: Fri, 14 Aug 2020 10:37:27 +0800 Subject: [PATCH 18/28] fix --- src/runtime/security/server_negotiation.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/security/server_negotiation.cpp b/src/runtime/security/server_negotiation.cpp index 1ef76e394f..4f81fd7742 100644 --- a/src/runtime/security/server_negotiation.cpp +++ b/src/runtime/security/server_negotiation.cpp @@ -18,9 +18,9 @@ #include "server_negotiation.h" #include "negotiation_utils.h" +#include #include #include -#include namespace dsn { namespace security { From 9640e9df47c16f516532cab258bda3a4a87b8b0e Mon Sep 17 00:00:00 2001 From: levy Date: Fri, 14 Aug 2020 10:46:53 +0800 Subject: [PATCH 19/28] fix --- include/dsn/tool-api/network.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/dsn/tool-api/network.h b/include/dsn/tool-api/network.h index c8c012247d..dedca6534e 100644 --- a/include/dsn/tool-api/network.h +++ b/include/dsn/tool-api/network.h @@ -234,6 +234,10 @@ class rpc_session : public ref_counter /// for negotiation void start_negotiation(); + /** + * complete the security negotiation: + * \param succ whether the negotiation is success or not. + **/ void complete_negotiation(bool succ); security::negotiation *get_negotiation() const; From 6c27335a205c7feebf3a05505a1879f71a8ab776 Mon Sep 17 00:00:00 2001 From: levy Date: Fri, 14 Aug 2020 11:07:10 +0800 Subject: [PATCH 20/28] fix --- include/dsn/tool-api/network.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/dsn/tool-api/network.h b/include/dsn/tool-api/network.h index dedca6534e..64f1befe43 100644 --- a/include/dsn/tool-api/network.h +++ b/include/dsn/tool-api/network.h @@ -237,6 +237,11 @@ class rpc_session : public ref_counter /** * complete the security negotiation: * \param succ whether the negotiation is success or not. + * + * If negotiation is success, this func will set the connect state to SS_CONNECTED, and start to + * send message. + * If negotiation is fail, this func will clear the send queue and close the + * connection **/ void complete_negotiation(bool succ); security::negotiation *get_negotiation() const; From b460bcb77c590bd4f5e206d44c3510764b06ed4b Mon Sep 17 00:00:00 2001 From: levy Date: Fri, 14 Aug 2020 14:49:13 +0800 Subject: [PATCH 21/28] fix --- include/dsn/tool-api/network.h | 10 ---------- src/runtime/rpc/network.cpp | 9 --------- 2 files changed, 19 deletions(-) diff --git a/include/dsn/tool-api/network.h b/include/dsn/tool-api/network.h index 64f1befe43..ca90a2390c 100644 --- a/include/dsn/tool-api/network.h +++ b/include/dsn/tool-api/network.h @@ -234,16 +234,6 @@ class rpc_session : public ref_counter /// for negotiation void start_negotiation(); - /** - * complete the security negotiation: - * \param succ whether the negotiation is success or not. - * - * If negotiation is success, this func will set the connect state to SS_CONNECTED, and start to - * send message. - * If negotiation is fail, this func will clear the send queue and close the - * connection - **/ - void complete_negotiation(bool succ); security::negotiation *get_negotiation() const; public: diff --git a/src/runtime/rpc/network.cpp b/src/runtime/rpc/network.cpp index b6673ef585..7cf2293f50 100644 --- a/src/runtime/rpc/network.cpp +++ b/src/runtime/rpc/network.cpp @@ -459,16 +459,7 @@ void rpc_session::start_negotiation() auth_negotiation(); } else { // set negotiation success if auth is disabled - complete_negotiation(true); - } -} - -void rpc_session::complete_negotiation(bool succ) -{ - if (succ) { on_success(); - } else { - on_failure(true); } } From b524c308912b31ae1517e34f83460ac205aade30 Mon Sep 17 00:00:00 2001 From: levy Date: Fri, 14 Aug 2020 14:52:24 +0800 Subject: [PATCH 22/28] fix --- include/dsn/utility/strings.h | 1 - src/utils/strings.cpp | 1 - 2 files changed, 2 deletions(-) diff --git a/include/dsn/utility/strings.h b/include/dsn/utility/strings.h index 5ffca76849..92eb64cbd4 100644 --- a/include/dsn/utility/strings.h +++ b/include/dsn/utility/strings.h @@ -49,6 +49,5 @@ char *trim_string(char *s); // calculate the md5 checksum of buffer std::string string_md5(const char *buffer, unsigned int length); - } // namespace utils } // namespace dsn diff --git a/src/utils/strings.cpp b/src/utils/strings.cpp index 2ad29e81b7..83f6a4dbbd 100644 --- a/src/utils/strings.cpp +++ b/src/utils/strings.cpp @@ -183,6 +183,5 @@ std::string string_md5(const char *buffer, unsigned length) return result; } - } // namespace utils } // namespace dsn From 7a6fc8f7b5ff4fc9789cd262f9496a6cbae32d8a Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 18 Aug 2020 11:00:39 +0800 Subject: [PATCH 23/28] fix --- src/runtime/security/negotiation_utils.h | 6 +- src/runtime/security/security.thrift | 82 +++++++++++------------- src/runtime/security/security_types.cpp | 4 +- src/runtime/security/security_types.h | 2 +- 4 files changed, 44 insertions(+), 50 deletions(-) diff --git a/src/runtime/security/negotiation_utils.h b/src/runtime/security/negotiation_utils.h index 7891db63bb..d695d085f5 100644 --- a/src/runtime/security/negotiation_utils.h +++ b/src/runtime/security/negotiation_utils.h @@ -40,14 +40,14 @@ inline const char *enum_to_string(negotiation_status::type s) return "negotiation_initiate"; case negotiation_status::type::SASL_CHALLENGE: return "negotiation_challenge"; - case negotiation_status::type::SASL_CHANLLENGE_RESP: - return "negotiation_chanllenge_response"; + case negotiation_status::type::SASL_CHALLENGE_RESP: + return "negotiation_challenge_response"; case negotiation_status::type::SASL_AUTH_DISABLE: return "negotiation_auth_disable"; case negotiation_status::type::INVALID: return "negotiation_invalid"; default: - return "negotiation-unkown"; + return "negotiation-unknown"; } } diff --git a/src/runtime/security/security.thrift b/src/runtime/security/security.thrift index 174b09efb1..8c6a3513d0 100644 --- a/src/runtime/security/security.thrift +++ b/src/runtime/security/security.thrift @@ -1,52 +1,46 @@ include "../../dsn.thrift" -namespace cpp dsn.security + namespace cpp dsn.security -// negotiation process: -// -// client server -// | --- SASL_LIST_MECHANISMS --> | -// | <-- SASL_LIST_MECHANISMS_RESP --- | -// | -- SASL_SELECT_MECHANISMS --> | -// | <-- SASL_SELECT_MECHANISMS_OK --- | -// | | -// | --- SASL_INITIATE --> | -// | | -// | <-- SASL_CHALLENGE --- | -// | --- SASL_CHALLENGE_RESP --> | -// | | -// | ..... | -// | | -// | <-- SASL_CHALLENGE --- | -// | --- SASL_CHALLENGE_RESP --> | -// | | (authentication will succeed -// | | if all chanllenges passed) -// | <-- SASL_SUCC --- | -// (client won't response | | -// if servers says ok) | | -// | --- RPC_CALL ---> | -// | <-- RPC_RESP ---- | + // negotiation process: + // + // client server + // | --- SASL_LIST_MECHANISMS --> | + // | <-- SASL_LIST_MECHANISMS_RESP --- | + // | -- SASL_SELECT_MECHANISMS --> | + // | <-- SASL_SELECT_MECHANISMS_OK --- | + // | | + // | --- SASL_INITIATE --> | + // | | + // | <-- SASL_CHALLENGE --- | + // | --- SASL_CHALLENGE_RESP --> | + // | | + // | ..... | + // | | + // | <-- SASL_CHALLENGE --- | + // | --- SASL_CHALLENGE_RESP --> | + // | | (authentication will succeed + // | | if all chanllenges passed) + // | <-- SASL_SUCC --- | + // (client won't response | | + // if servers says ok) | | + // | --- RPC_CALL ---> | + // | <-- RPC_RESP ---- | -enum negotiation_status { - INVALID - SASL_LIST_MECHANISMS - SASL_LIST_MECHANISMS_RESP - SASL_SELECT_MECHANISMS - SASL_SELECT_MECHANISMS_OK - SASL_INITIATE - SASL_CHALLENGE - SASL_CHANLLENGE_RESP - SASL_SUCC - SASL_AUTH_DISABLE - SASL_AUTH_FAIL -} + enum negotiation_status { + INVALID SASL_LIST_MECHANISMS SASL_LIST_MECHANISMS_RESP SASL_SELECT_MECHANISMS + SASL_SELECT_MECHANISMS_OK SASL_INITIATE SASL_CHALLENGE SASL_CHALLENGE_RESP SASL_SUCC + SASL_AUTH_DISABLE SASL_AUTH_FAIL + } -struct negotiation_request { - 1: negotiation_status status; - 2: string msg; +struct negotiation_request +{ + 1 : negotiation_status status; + 2 : string msg; } -struct negotiation_response { - 1: negotiation_status status; - 2: string msg; +struct negotiation_response +{ + 1 : negotiation_status status; + 2 : string msg; } diff --git a/src/runtime/security/security_types.cpp b/src/runtime/security/security_types.cpp index 580fe642fe..af31d13fc8 100644 --- a/src/runtime/security/security_types.cpp +++ b/src/runtime/security/security_types.cpp @@ -21,7 +21,7 @@ int _knegotiation_statusValues[] = {negotiation_status::INVALID, negotiation_status::SASL_SELECT_MECHANISMS_OK, negotiation_status::SASL_INITIATE, negotiation_status::SASL_CHALLENGE, - negotiation_status::SASL_CHANLLENGE_RESP, + negotiation_status::SASL_CHALLENGE_RESP, negotiation_status::SASL_SUCC, negotiation_status::SASL_AUTH_DISABLE, negotiation_status::SASL_AUTH_FAIL}; @@ -32,7 +32,7 @@ const char *_knegotiation_statusNames[] = {"INVALID", "SASL_SELECT_MECHANISMS_OK", "SASL_INITIATE", "SASL_CHALLENGE", - "SASL_CHANLLENGE_RESP", + "SASL_CHALLENGE_RESP", "SASL_SUCC", "SASL_AUTH_DISABLE", "SASL_AUTH_FAIL"}; diff --git a/src/runtime/security/security_types.h b/src/runtime/security/security_types.h index 5cda590bcc..cb339df0d7 100644 --- a/src/runtime/security/security_types.h +++ b/src/runtime/security/security_types.h @@ -31,7 +31,7 @@ struct negotiation_status SASL_SELECT_MECHANISMS_OK = 4, SASL_INITIATE = 5, SASL_CHALLENGE = 6, - SASL_CHANLLENGE_RESP = 7, + SASL_CHALLENGE_RESP = 7, SASL_SUCC = 8, SASL_AUTH_DISABLE = 9, SASL_AUTH_FAIL = 10 From e9c329d3c8706259212478c8d5f3ad365c25b1f5 Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 18 Aug 2020 11:50:28 +0800 Subject: [PATCH 24/28] fix --- src/runtime/security/security.thrift | 82 +++++++++++++------------ src/runtime/security/security_types.cpp | 4 +- src/runtime/security/security_types.h | 2 +- 3 files changed, 47 insertions(+), 41 deletions(-) diff --git a/src/runtime/security/security.thrift b/src/runtime/security/security.thrift index 8c6a3513d0..174b09efb1 100644 --- a/src/runtime/security/security.thrift +++ b/src/runtime/security/security.thrift @@ -1,46 +1,52 @@ include "../../dsn.thrift" - namespace cpp dsn.security +namespace cpp dsn.security - // negotiation process: - // - // client server - // | --- SASL_LIST_MECHANISMS --> | - // | <-- SASL_LIST_MECHANISMS_RESP --- | - // | -- SASL_SELECT_MECHANISMS --> | - // | <-- SASL_SELECT_MECHANISMS_OK --- | - // | | - // | --- SASL_INITIATE --> | - // | | - // | <-- SASL_CHALLENGE --- | - // | --- SASL_CHALLENGE_RESP --> | - // | | - // | ..... | - // | | - // | <-- SASL_CHALLENGE --- | - // | --- SASL_CHALLENGE_RESP --> | - // | | (authentication will succeed - // | | if all chanllenges passed) - // | <-- SASL_SUCC --- | - // (client won't response | | - // if servers says ok) | | - // | --- RPC_CALL ---> | - // | <-- RPC_RESP ---- | +// negotiation process: +// +// client server +// | --- SASL_LIST_MECHANISMS --> | +// | <-- SASL_LIST_MECHANISMS_RESP --- | +// | -- SASL_SELECT_MECHANISMS --> | +// | <-- SASL_SELECT_MECHANISMS_OK --- | +// | | +// | --- SASL_INITIATE --> | +// | | +// | <-- SASL_CHALLENGE --- | +// | --- SASL_CHALLENGE_RESP --> | +// | | +// | ..... | +// | | +// | <-- SASL_CHALLENGE --- | +// | --- SASL_CHALLENGE_RESP --> | +// | | (authentication will succeed +// | | if all chanllenges passed) +// | <-- SASL_SUCC --- | +// (client won't response | | +// if servers says ok) | | +// | --- RPC_CALL ---> | +// | <-- RPC_RESP ---- | - enum negotiation_status { - INVALID SASL_LIST_MECHANISMS SASL_LIST_MECHANISMS_RESP SASL_SELECT_MECHANISMS - SASL_SELECT_MECHANISMS_OK SASL_INITIATE SASL_CHALLENGE SASL_CHALLENGE_RESP SASL_SUCC - SASL_AUTH_DISABLE SASL_AUTH_FAIL - } +enum negotiation_status { + INVALID + SASL_LIST_MECHANISMS + SASL_LIST_MECHANISMS_RESP + SASL_SELECT_MECHANISMS + SASL_SELECT_MECHANISMS_OK + SASL_INITIATE + SASL_CHALLENGE + SASL_CHANLLENGE_RESP + SASL_SUCC + SASL_AUTH_DISABLE + SASL_AUTH_FAIL +} -struct negotiation_request -{ - 1 : negotiation_status status; - 2 : string msg; +struct negotiation_request { + 1: negotiation_status status; + 2: string msg; } -struct negotiation_response -{ - 1 : negotiation_status status; - 2 : string msg; +struct negotiation_response { + 1: negotiation_status status; + 2: string msg; } diff --git a/src/runtime/security/security_types.cpp b/src/runtime/security/security_types.cpp index af31d13fc8..580fe642fe 100644 --- a/src/runtime/security/security_types.cpp +++ b/src/runtime/security/security_types.cpp @@ -21,7 +21,7 @@ int _knegotiation_statusValues[] = {negotiation_status::INVALID, negotiation_status::SASL_SELECT_MECHANISMS_OK, negotiation_status::SASL_INITIATE, negotiation_status::SASL_CHALLENGE, - negotiation_status::SASL_CHALLENGE_RESP, + negotiation_status::SASL_CHANLLENGE_RESP, negotiation_status::SASL_SUCC, negotiation_status::SASL_AUTH_DISABLE, negotiation_status::SASL_AUTH_FAIL}; @@ -32,7 +32,7 @@ const char *_knegotiation_statusNames[] = {"INVALID", "SASL_SELECT_MECHANISMS_OK", "SASL_INITIATE", "SASL_CHALLENGE", - "SASL_CHALLENGE_RESP", + "SASL_CHANLLENGE_RESP", "SASL_SUCC", "SASL_AUTH_DISABLE", "SASL_AUTH_FAIL"}; diff --git a/src/runtime/security/security_types.h b/src/runtime/security/security_types.h index cb339df0d7..5cda590bcc 100644 --- a/src/runtime/security/security_types.h +++ b/src/runtime/security/security_types.h @@ -31,7 +31,7 @@ struct negotiation_status SASL_SELECT_MECHANISMS_OK = 4, SASL_INITIATE = 5, SASL_CHALLENGE = 6, - SASL_CHALLENGE_RESP = 7, + SASL_CHANLLENGE_RESP = 7, SASL_SUCC = 8, SASL_AUTH_DISABLE = 9, SASL_AUTH_FAIL = 10 From 555f1d9bff7982078706fcf261296f166a414db3 Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 18 Aug 2020 13:50:58 +0800 Subject: [PATCH 25/28] fix --- src/runtime/security/security.thrift | 2 +- src/runtime/security/security_types.cpp | 4 ++-- src/runtime/security/security_types.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/runtime/security/security.thrift b/src/runtime/security/security.thrift index 174b09efb1..c30b47c418 100644 --- a/src/runtime/security/security.thrift +++ b/src/runtime/security/security.thrift @@ -35,7 +35,7 @@ enum negotiation_status { SASL_SELECT_MECHANISMS_OK SASL_INITIATE SASL_CHALLENGE - SASL_CHANLLENGE_RESP + SASL_CHALLENGE_RESP SASL_SUCC SASL_AUTH_DISABLE SASL_AUTH_FAIL diff --git a/src/runtime/security/security_types.cpp b/src/runtime/security/security_types.cpp index 580fe642fe..af31d13fc8 100644 --- a/src/runtime/security/security_types.cpp +++ b/src/runtime/security/security_types.cpp @@ -21,7 +21,7 @@ int _knegotiation_statusValues[] = {negotiation_status::INVALID, negotiation_status::SASL_SELECT_MECHANISMS_OK, negotiation_status::SASL_INITIATE, negotiation_status::SASL_CHALLENGE, - negotiation_status::SASL_CHANLLENGE_RESP, + negotiation_status::SASL_CHALLENGE_RESP, negotiation_status::SASL_SUCC, negotiation_status::SASL_AUTH_DISABLE, negotiation_status::SASL_AUTH_FAIL}; @@ -32,7 +32,7 @@ const char *_knegotiation_statusNames[] = {"INVALID", "SASL_SELECT_MECHANISMS_OK", "SASL_INITIATE", "SASL_CHALLENGE", - "SASL_CHANLLENGE_RESP", + "SASL_CHALLENGE_RESP", "SASL_SUCC", "SASL_AUTH_DISABLE", "SASL_AUTH_FAIL"}; diff --git a/src/runtime/security/security_types.h b/src/runtime/security/security_types.h index 5cda590bcc..cb339df0d7 100644 --- a/src/runtime/security/security_types.h +++ b/src/runtime/security/security_types.h @@ -31,7 +31,7 @@ struct negotiation_status SASL_SELECT_MECHANISMS_OK = 4, SASL_INITIATE = 5, SASL_CHALLENGE = 6, - SASL_CHANLLENGE_RESP = 7, + SASL_CHALLENGE_RESP = 7, SASL_SUCC = 8, SASL_AUTH_DISABLE = 9, SASL_AUTH_FAIL = 10 From 885c2f585718feacf3ada7e81cee7091da8e7536 Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 18 Aug 2020 14:11:57 +0800 Subject: [PATCH 26/28] fix --- src/runtime/security/server_negotiation.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/src/runtime/security/server_negotiation.cpp b/src/runtime/security/server_negotiation.cpp index 4f81fd7742..f7044d06d9 100644 --- a/src/runtime/security/server_negotiation.cpp +++ b/src/runtime/security/server_negotiation.cpp @@ -48,7 +48,6 @@ void server_negotiation::on_list_mechanisms(negotiation_rpc rpc) { if (rpc.request().status == negotiation_status::type::SASL_LIST_MECHANISMS) { std::string mech_list = boost::join(supported_mechanisms, ","); - ddebug_f("{}: reply server mechs({})", _name, mech_list); negotiation_response &response = rpc.response(); _status = response.status = negotiation_status::type::SASL_LIST_MECHANISMS_RESP; response.msg = std::move(mech_list); From 31c96bc25fcf02f2aef0dbe4e1af732afa00d38a Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 18 Aug 2020 14:31:26 +0800 Subject: [PATCH 27/28] fix --- src/runtime/security/negotiation_service.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/runtime/security/negotiation_service.cpp b/src/runtime/security/negotiation_service.cpp index 044b66ffd0..d74670d9b3 100644 --- a/src/runtime/security/negotiation_service.cpp +++ b/src/runtime/security/negotiation_service.cpp @@ -44,6 +44,11 @@ void negotiation_service::on_negotiation_request(negotiation_rpc rpc) server_negotiation *srv_negotiation = dynamic_cast(rpc.dsn_request()->io_session->get_negotiation()); + if (nullptr == srv_negotiation) { + rpc.response().status = negotiation_status::type::SASL_AUTH_FAIL; + return; + } + srv_negotiation->handle_request(rpc); } From a0f994cb56d081b9040637a8149ce2e0c641c1d9 Mon Sep 17 00:00:00 2001 From: levy Date: Tue, 18 Aug 2020 19:49:14 +0800 Subject: [PATCH 28/28] fix --- src/runtime/security/negotiation_service.cpp | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/runtime/security/negotiation_service.cpp b/src/runtime/security/negotiation_service.cpp index d74670d9b3..eef8bd3b32 100644 --- a/src/runtime/security/negotiation_service.cpp +++ b/src/runtime/security/negotiation_service.cpp @@ -43,12 +43,7 @@ void negotiation_service::on_negotiation_request(negotiation_rpc rpc) } server_negotiation *srv_negotiation = - dynamic_cast(rpc.dsn_request()->io_session->get_negotiation()); - if (nullptr == srv_negotiation) { - rpc.response().status = negotiation_status::type::SASL_AUTH_FAIL; - return; - } - + static_cast(rpc.dsn_request()->io_session->get_negotiation()); srv_negotiation->handle_request(rpc); }