Skip to content

Commit

Permalink
security: Refactor gssapi_authenticator 4/x
Browse files Browse the repository at this point in the history
Eliminate the race condition between `thread_worker` and the
`gssapi_authenticator` shard over the shared `_principal`.

Make most of the members of `impl` private.

Signed-off-by: Ben Pope <[email protected]>
  • Loading branch information
BenPope committed Jan 26, 2023
1 parent 835ff30 commit e7e76f1
Showing 1 changed file with 11 additions and 9 deletions.
20 changes: 11 additions & 9 deletions src/v/security/gssapi_authenticator.cc
Original file line number Diff line number Diff line change
Expand Up @@ -124,16 +124,15 @@ class gssapi_authenticator::impl {
};

impl(
ss::sstring primary,
ss::sstring keytab,
std::vector<gssapi_rule> rules,
security::acl_principal& principal)
ss::sstring primary, ss::sstring keytab, std::vector<gssapi_rule> rules)
: _primary{std::move(primary)}
, _keytab{std::move(keytab)}
, _rules{std::move(rules)}
, _principal(principal) {}
, _rules{std::move(rules)} {}

state_result<bytes> authenticate(bytes auth_bytes);
const security::acl_principal& principal() const { return _principal; }

private:
state_result<void> init();
state_result<bytes> more(bytes_view);
state_result<bytes> ssfcap(bytes_view);
Expand All @@ -156,7 +155,7 @@ class gssapi_authenticator::impl {
ss::sstring _primary;
ss::sstring _keytab;
const std::vector<gssapi_rule> _rules;
security::acl_principal& _principal;
security::acl_principal _principal;
state _state{state::init};
gss::cred_id _server_creds;
gss::ctx_id _context;
Expand All @@ -168,8 +167,7 @@ gssapi_authenticator::gssapi_authenticator(
, _impl{std::make_unique<impl>(
config::shard_local_cfg().sasl_kerberos_principal(),
config::shard_local_cfg().sasl_kerberos_keytab(),
std::move(rules),
_principal)} {}
std::move(rules))} {}

gssapi_authenticator::~gssapi_authenticator() = default;

Expand All @@ -186,6 +184,10 @@ ss::future<result<bytes>> gssapi_authenticator::authenticate(bytes auth_bytes) {
});

_state = res.state;
if (_state == state::complete) {
_principal = co_await _worker.submit(
[this]() { return _impl->principal(); });
}
co_return std::move(res.result);
}

Expand Down

0 comments on commit e7e76f1

Please sign in to comment.