Skip to content

Commit

Permalink
refactor: fix typo and add comments to security (#699)
Browse files Browse the repository at this point in the history
  • Loading branch information
Wu Tao authored Dec 26, 2020
1 parent 2abd68a commit f27decf
Show file tree
Hide file tree
Showing 12 changed files with 47 additions and 29 deletions.
5 changes: 3 additions & 2 deletions src/runtime/security/client_negotiation.h
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,13 @@
namespace dsn {
namespace security {

// client_negotiation negotiates a session on client side.
class client_negotiation : public negotiation
{
public:
client_negotiation(rpc_session_ptr session);
explicit client_negotiation(rpc_session_ptr session);

void start();
void start() override;
void handle_response(error_code err, const negotiation_response &&response);

private:
Expand Down
5 changes: 3 additions & 2 deletions src/runtime/security/negotiation.h
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,12 @@ typedef rpc_holder<negotiation_request, negotiation_response> negotiation_rpc;
class negotiation
{
public:
negotiation(rpc_session_ptr session)
: _session(session), _status(negotiation_status::type::INVALID)
explicit negotiation(rpc_session_ptr session)
: _session(std::move(session)), _status(negotiation_status::type::INVALID)
{
_sasl = create_sasl_wrapper(_session->is_client());
}

virtual ~negotiation() = 0;

virtual void start() = 0;
Expand Down
9 changes: 5 additions & 4 deletions src/runtime/security/negotiation_manager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,15 @@ inline bool is_negotiation_message(dsn::task_code code)
return code == RPC_NEGOTIATION || code == RPC_NEGOTIATION_ACK;
}

// in_white_list returns if the rpc code can be allowed to bypass negotiation.
inline bool in_white_list(task_code code)
{
return is_negotiation_message(code) || fd::is_failure_detector_message(code) ||
is_http_message(code);
}

negotiation_map negotiation_manager::_negotiations;
utils::rw_lock_nr negotiation_manager::_lock;
/*static*/ negotiation_map negotiation_manager::_negotiations;
/*static*/ utils::rw_lock_nr negotiation_manager::_lock;

negotiation_manager::negotiation_manager() : serverlet("negotiation_manager") {}

Expand All @@ -66,7 +67,7 @@ void negotiation_manager::on_negotiation_request(negotiation_rpc rpc)

std::shared_ptr<negotiation> nego = get_negotiation(rpc);
if (nullptr != nego) {
server_negotiation *srv_negotiation = static_cast<server_negotiation *>(nego.get());
auto srv_negotiation = static_cast<server_negotiation *>(nego.get());
srv_negotiation->handle_request(rpc);
}
}
Expand All @@ -78,7 +79,7 @@ void negotiation_manager::on_negotiation_response(error_code err, negotiation_rp

std::shared_ptr<negotiation> nego = get_negotiation(rpc);
if (nullptr != nego) {
client_negotiation *cli_negotiation = static_cast<client_negotiation *>(nego.get());
auto cli_negotiation = static_cast<client_negotiation *>(nego.get());
cli_negotiation->handle_response(err, std::move(rpc.response()));
}
}
Expand Down
2 changes: 2 additions & 0 deletions src/runtime/security/negotiation_utils.h
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@

namespace dsn {
namespace security {

// TODO(wutao): rename to negotiation_status_to_string
inline const char *enum_to_string(negotiation_status::type s)
{
switch (s) {
Expand Down
6 changes: 3 additions & 3 deletions src/runtime/security/replica_access_controller.h
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,9 @@ namespace security {
class replica_access_controller : public access_controller
{
public:
replica_access_controller(const std::string &name);
bool allowed(message_ex *msg);
void update(const std::string &users);
explicit replica_access_controller(const std::string &name);
bool allowed(message_ex *msg) override;
void update(const std::string &users) override;

private:
utils::rw_lock_nr _lock; // [
Expand Down
5 changes: 4 additions & 1 deletion src/runtime/security/sasl_client_wrapper.h
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,18 @@

namespace dsn {
namespace security {

// sasl_client_wrapper is a simple wrapper over cyrus-sasl's sasl_client_xxx API.
class sasl_client_wrapper : public sasl_wrapper
{
public:
sasl_client_wrapper() = default;
~sasl_client_wrapper() = default;
~sasl_client_wrapper() override = default;

error_s init();
error_s start(const std::string &mechanism, const blob &input, blob &output);
error_s step(const blob &input, blob &output);
};

} // namespace security
} // namespace dsn
9 changes: 4 additions & 5 deletions src/runtime/security/sasl_wrapper.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,8 @@ const char *sasl_err_desc(int status, sasl_conn_t *conn)
{
if (conn != nullptr) {
return sasl_errdetail(conn);
} else {
return sasl_errstring(status, nullptr, nullptr);
}
return sasl_errstring(status, nullptr, nullptr);
}

sasl_wrapper::~sasl_wrapper()
Expand All @@ -40,14 +39,14 @@ sasl_wrapper::~sasl_wrapper()
}
}

error_s sasl_wrapper::retrive_username(std::string &output)
error_s sasl_wrapper::retrieve_username(std::string &output)
{
FAIL_POINT_INJECT_F("sasl_wrapper_retrive_username", [](dsn::string_view str) {
FAIL_POINT_INJECT_F("sasl_wrapper_retrieve_username", [](dsn::string_view str) {
error_code err = error_code::try_get(str.data(), ERR_UNKNOWN);
return error_s::make(err);
});

// retrive username from _conn.
// retrieve username from _conn.
// If this is a sasl server, it gets the name of the corresponding sasl client.
// But if this is a sasl client, it gets the name of itself
char *username = nullptr;
Expand Down
7 changes: 5 additions & 2 deletions src/runtime/security/sasl_wrapper.h
Original file line number Diff line number Diff line change
Expand Up @@ -32,15 +32,18 @@ class sasl_wrapper
virtual error_s start(const std::string &mechanism, const blob &input, blob &output) = 0;
virtual error_s step(const blob &input, blob &output) = 0;
/**
* retrive username from sasl connection.
* retrieve username from sasl connection.
* If this is a sasl server, it gets the name of the corresponding sasl client.
* But if this is a sasl client, it gets the name of itself
**/
error_s retrive_username(/*out*/ std::string &output);
error_s retrieve_username(/*out*/ std::string &output);

protected:
sasl_wrapper() = default;

// wrap_error wraps a sasl error with full description.
error_s wrap_error(int sasl_err);

sasl_conn_t *_conn = nullptr;
};

Expand Down
2 changes: 1 addition & 1 deletion src/runtime/security/server_negotiation.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ void server_negotiation::do_challenge(negotiation_rpc rpc, error_s err_s, const

if (err_s.is_ok()) {
std::string user_name;
auto retrive_err = _sasl->retrive_username(user_name);
auto retrive_err = _sasl->retrieve_username(user_name);
if (retrive_err.is_ok()) {
succ_negotiation(rpc, user_name);
} else {
Expand Down
7 changes: 5 additions & 2 deletions src/runtime/security/server_negotiation.h
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,15 @@ namespace dsn {
namespace security {
extern const std::set<std::string> supported_mechanisms;

// server_negotiation negotiates a session on server side.
class server_negotiation : public negotiation
{
public:
server_negotiation(rpc_session_ptr session);
explicit server_negotiation(rpc_session_ptr session);

void start();
void start() override;

// handle_request handles negotiate_request from the session.
void handle_request(negotiation_rpc rpc);

private:
Expand Down
12 changes: 6 additions & 6 deletions src/runtime/test/server_negotiation_test.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ TEST_F(server_negotiation_test, on_initiate)
struct
{
std::string sasl_start_result;
std::string sasl_retrive_username_result;
std::string sasl_retrieve_username_result;
negotiation_status::type req_status;
negotiation_status::type resp_status;
negotiation_status::type nego_status;
Expand Down Expand Up @@ -180,8 +180,8 @@ TEST_F(server_negotiation_test, on_initiate)
for (const auto &test : tests) {
fail::setup();
fail::cfg("sasl_server_wrapper_start", "return(" + test.sasl_start_result + ")");
fail::cfg("sasl_wrapper_retrive_username",
"return(" + test.sasl_retrive_username_result + ")");
fail::cfg("sasl_wrapper_retrieve_username",
"return(" + test.sasl_retrieve_username_result + ")");

auto rpc = create_negotiation_rpc(test.req_status, "");
on_initiate(rpc);
Expand All @@ -198,7 +198,7 @@ TEST_F(server_negotiation_test, on_challenge_resp)
struct
{
std::string sasl_step_result;
std::string sasl_retrive_username_result;
std::string sasl_retrieve_username_result;
negotiation_status::type req_status;
negotiation_status::type resp_status;
negotiation_status::type nego_status;
Expand Down Expand Up @@ -233,8 +233,8 @@ TEST_F(server_negotiation_test, on_challenge_resp)
for (const auto &test : tests) {
fail::setup();
fail::cfg("sasl_server_wrapper_step", "return(" + test.sasl_step_result + ")");
fail::cfg("sasl_wrapper_retrive_username",
"return(" + test.sasl_retrive_username_result + ")");
fail::cfg("sasl_wrapper_retrieve_username",
"return(" + test.sasl_retrieve_username_result + ")");

auto rpc = create_negotiation_rpc(test.req_status, "");
on_challenge_resp(rpc);
Expand Down
7 changes: 6 additions & 1 deletion thirdparty/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ if ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU")
endif ()

include(ExternalProject)
include(CheckCXXCompilerFlag)

set(TP_DIR ${PROJECT_SOURCE_DIR})
set(TP_OUTPUT ${PROJECT_SOURCE_DIR}/output)
Expand Down Expand Up @@ -128,11 +129,15 @@ ExternalProject_Add(thrift
DEPENDS boost
)

check_cxx_compiler_flag(-Wformat-overflow COMPILER_SUPPORTS_FORMAT_OVERFLOW)
if (COMPILER_SUPPORTS_FORMAT_OVERFLOW)
set(ZOOKEEPER_CFLAGS -Wno-error=format-overflow)
endif ()
ExternalProject_Add(zookeeper
URL ${OSS_URL_PREFIX}/zookeeper-3.4.10.tar.gz
http://ftp.jaist.ac.jp/pub/apache/zookeeper/zookeeper-3.4.10/zookeeper-3.4.10.tar.gz
URL_MD5 e4cf1b1593ca870bf1c7a75188f09678
CONFIGURE_COMMAND cd src/c && CFLAGS=-Wno-error=format ./configure --enable-static=yes --enable-shared=no --prefix=${TP_OUTPUT} --with-pic=yes
CONFIGURE_COMMAND cd src/c && CFLAGS=${ZOOKEEPER_CFLAGS} ./configure --enable-static=yes --enable-shared=no --prefix=${TP_OUTPUT} --with-pic=yes
BUILD_COMMAND cd src/c && make
INSTALL_COMMAND cd src/c && make install
BUILD_IN_SOURCE 1
Expand Down

0 comments on commit f27decf

Please sign in to comment.