Skip to content
This repository has been archived by the owner on May 10, 2022. It is now read-only.

Commit

Permalink
feat(security): implement start negotiation (#134)
Browse files Browse the repository at this point in the history
  • Loading branch information
levy5307 authored Sep 18, 2020
1 parent 4cf307c commit a79ea8c
Show file tree
Hide file tree
Showing 11 changed files with 2,238 additions and 6 deletions.
1 change: 1 addition & 0 deletions idl/recompile_thrift.sh
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ rm -rf $TMP_DIR
mkdir -p $TMP_DIR
$thrift --gen java rrdb.thrift
$thrift --gen java replication.thrift
$thrift --gen java security.thrift

for gen_file in `find $TMP_DIR -name "*.java"`; do
cat apache-licence-template $gen_file > $gen_file.tmp
Expand Down
61 changes: 61 additions & 0 deletions idl/security.thrift
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
include "base.thrift"

namespace cpp dsn.apps
namespace java com.xiaomi.infra.pegasus.apps
namespace py pypegasus.rrdb

// negotiation process:
//
// client server
// | --- SASL_LIST_MECHANISMS --> |
// | <-- SASL_LIST_MECHANISMS_RESP --- |
// | -- SASL_SELECT_MECHANISMS --> |
// | <-- SASL_SELECT_MECHANISMS_RESP --- |
// | |
// | --- SASL_INITIATE --> |
// | |
// | <-- SASL_CHALLENGE --- |
// | --- SASL_CHALLENGE_RESP --> |
// | |
// | ..... |
// | |
// | <-- SASL_CHALLENGE --- |
// | --- SASL_CHALLENGE_RESP --> |
// | | (authentication will succeed
// | | if all challenges passed)
// | <-- SASL_SUCC --- |
// (client won't response | |
// if servers says ok) | |
// | --- RPC_CALL ---> |
// | <-- RPC_RESP ---- |

enum negotiation_status {
INVALID
SASL_LIST_MECHANISMS
SASL_LIST_MECHANISMS_RESP
SASL_SELECT_MECHANISMS
SASL_SELECT_MECHANISMS_RESP
SASL_INITIATE
SASL_CHALLENGE
SASL_CHALLENGE_RESP
SASL_SUCC
SASL_AUTH_DISABLE
SASL_AUTH_FAIL
}

struct negotiation_request
{
1: negotiation_status status;
2: base.blob msg;
}

struct negotiation_response
{
1: negotiation_status status;
2: base.blob msg;
}

service security
{
negotiation_response negotiate(1:negotiation_request request);
}
Loading

0 comments on commit a79ea8c

Please sign in to comment.